China
Africa
Explore chapters and articles related to this topic
IoT Security Frameworks and Countermeasures
Published in Stavros Shiaeles, Nicholas Kolokotronis, Internet of Things, Threats, Landscape, and Countermeasures, 2021
G. Bendiab, B. Saridou, L. Barlow, N. Savage, S. Shiaeles
Attackers and malicious actors continuously search for vulnerabilities by using automated scanning tools that examine the web for weak spots they could exploit. After identifying a vulnerability, attackers use an exploit, which could be a piece of software, or a sequence of commands, specifically designed to leverage the detected vulnerability for malicious activities [67]. Exploits depend on failures and mistakes, such as unpatched systems and out-of-date software, to achieve their goals [19, 67]. Exploit kits are one of the most popular methods, to automatically launch exploits against installed vulnerable applications such as Adobe Flash Player and Java Runtime environment.
An Overview about the Cyberattacks in Grid and Like Systems
Published in Fadi Al-Turjman, Smart Grid in IoT-Enabled Spaces, 2020
Exploit kits are a bundle of ready-made exploits used to infect websites or as part of a malicious advertising campaign. The kits identify vulnerabilities on web browsers and web apps and then exploit automatically, an example of click-less attacks. The payload may be ransomware. Common targets are Java and Adobe Flash add-ons. Exploit kits were in fourth place in the top fifteen threats in 2012, and increased in rank constantly until it exited the list in 2018. The scaling up of an exploit kit attack can lead to its detection which perhaps explains the trend. Mitigation is the detection and patching of vulnerabilities [16].
Crypto Mining Attacks in Information Systems: An Emerging Threat to Cyber Security
Published in Journal of Computer Information Systems, 2020
Aaron Zimba, Zhaoshun Wang, Mwenge Mulenga, Nickson Herbert Odongo
The nodes of the attack tree represents the resources which the attacker seeks to attain after execution of specific logical actions. Figure 2 depicts an attack tree for the model. The nodes of the above graph are denoted as follows: – the root node, – acquisition of administrative privileges, – webserver password acquisition, – exploitation of webserver software vulnerability, – password brute-forcing, – password acquisition via social engineering, – malware-less intrusion,24 – zero-day exploit, – known CVE exploit, – spear-phishing, – phishing, – Usage of exploit kit, – malicious insider, – other social engineering attack vectors, – other webserver software exploit attack vectors. The nodes of the graph share a Boolean OR relationship implying that the pursuance of any of the attack paths could lead to accessing the targeted webserver. The graph divides mainly in two categories; attack paths software vulnerabilities to gain access to the server and those that do not technically use software vulnerabilities. Regardless of the pursued attack path, the success thereof is largely dependent on the exploitation of the upper nodes. This implies that nodes in the graph share some dependencies. To capture these dependencies, we deduce the reachability matrix. The resultant is an adjacency matrix of the 13th order as shown in Equation (1).