CYBER ATTACKS THAT WE CAN EXPECT FROM CUBA
By Manuel Cereijo
I. Malicious Programs
Perhaps the most sophisticated types of threats to computer systems are presented by programs that exploit vulnerabilities in computing systems. In this context, we are concerned with application programs as well as utility programs, such as editors and compilers.
Malicious programs or software threats can be divided into two categories:· Those that need a host program
· Those who are independent
The former are essentially fragments of programs that cannot exist independently of some actual application program, utility, or system program. The latter are self-contained programs that can be scheduled and run by the operating system.
We can also differentiate between those software threats that do not replicate and those that do. The former are fragments of programs that are to be activated when the host program is invoked to perform a specific function. The latter consist of either a program fragment (virus) or an independent program (worm, bacterium) that, when executed, may produce one or more copies of itself to be activated later on the same system or some other system.
A trap door is a secret entry point that allows someone that is aware of the trap door to gain access without going through the usual security access procedures. Trap doors have been used legitimately for many years to debug and test programs. Trap doors becomes threats when they are used by attackers to gain unauthorized access. It is difficult to implement operating system controls for trap doors. Security measures must focus on the program development and software update activities.
II. Threats that need host programs
A. Logic bombs
One of the oldest types of program threat, predating viruses and worms, is the logic bomb. The logic bomb is code embedded in some legitimate program that is set to "explode" when certain conditions are met. Examples of conditions that can be used as triggers for a logic bomb are the presence or absence of certain files, a particular day of the week or date, or a particular user running application.
B. Trojan Horses
A Trojan horse is a useful, or apparently useful, program or command procedure containing hidden code that, when invoked, performs some unwanted or harmful function. Trojan horse programs can be used to accomplish functions indirectly that an unauthorized user could not accomplish directly. They are used for data destruction.The program appears to be performing a useful function, but is quietly deleting the user's files.
A virus is a program that can "infect" other programs by modifying them. The modification includes a copy of the virus program, which can then go on to infect other programs. Lodged in a host computer, the typical virus takes temporary control of the computer's disk operating system. Then whenever the infected computer comes into contact with an uninfected piece of hardware, a fresh copy of the virus passes into the new program. In a network environment, the ability to access applications and system services on other computers provides a perfect culture for the spread of a virus
Network worm programs use network connections to spread from system to system. Once active within a system, a network worm can behave as a computer virus or bacteria, or it could implant Trojan horse programs or perform any number of disruptive or destructive actions.
Bacteria are programs that do not explicitly damage any files. The sole purpose is to replicate themselves. Bacteria reproduce exponentially, eventually taking up all the processor capacity, memory, or disk space, denying users access to those resources.
III. Active attacks
These attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories:
These attacks are probably the most dangerous threats to the national security. They can produce unauthorized effects on command signals, affecting important infrastructure systems-power plants, 911 systems, airports, etc.