A Deep Dive into Attacker Models, From Network-Based Strikes to Application-Based Intricacies
In the ever-evolving landscape of cybersecurity, understanding the intricacies of potential threats is paramount. This article serves as an exploration into the description of primary attacker models.
Attacker models are systematically categorized based on diverse factors such as motivations, capabilities, and tactics. ENISA's Threat Landscape 2023 report, a reputable source in the field, offers a comprehensive list of common attacker models, shedding light on the dynamic nature of cybersecurity threats. This article specifically focuses on two recently frequently used attacker models: network-based attacks and application-based attacks, providing readers with valuable insights into the multifaceted dimensions of potential cyber threats. As we navigate the digital realm, an in-depth understanding of attacker models becomes an essential tool in devising effective strategies to safeguard against evolving cybersecurity challenges.
Network-based attacks are a category of cyber threats that target vulnerabilities within computer networks, aiming to compromise the confidentiality, integrity, or availability of data and systems. These attacks exploit weaknesses in the network infrastructure itself, seeking unauthorized access or disruption of network services.
Some common examples of network-based attacks include:
- Distributed Denial of Service (DDoS): Large-scale attacks flooding victim systems, impacting availability.
- DNS Attack: Exploiting domain name translation to reroute users to malicious IP addresses.
- Sniffer Attack: Intercepting and monitoring data packets on a network, potentially exposing sensitive information.
In 2023, Denial of Service (DoS) attacks proved pervasive across industries, with the public administration sector bearing the brunt at 46%. Notable attack shares also affected the media/entertainment sector (25%), transport sector (11%), and the digital infrastructures sector (5%). The prevalence of attacks on public administration stems from retaliatory actions amid ongoing conflicts, making countries expressing support vulnerable targets. The online media/entertainment sector, often an early focus in military conflicts, experiences disruptions aimed at controlling narratives and silencing opposition voices. The effectiveness of these tactics, extending beyond mere disruption to instigate fear and uncertainty, remains uncertain.
Regarding the DNS attacks, in the first half of 2023, there was a notable increase in DNS floods, raising concerns about their potential impact on digital infrastructures. DNS Floods are application-layer attacks that overwhelm a server's capacity to handle DNS requests, and their scale has been on the rise since the fourth quarter of 2022. The largest attack, recorded in Q2 2023, reached a critical rate of 1.29 million DNS queries per second. This escalation highlights the heightened sophistication and intensity of cyber threats. It emphasizes the need for increased vigilance and the implementation of robust cybersecurity measures to protect against the evolving landscape of malicious activities targeting online systems.
Lastly, wireless sniffing attacks involve the practice of eavesdropping on communications within a wireless network through the use of specialized software or hardware tools. This technique, more intrusive than wireless stumbling, extends beyond merely detecting the presence of wireless networks; it delves into intercepting and capturing data exchanged over Wi-Fi connections. The security risks are associated with wireless sniffing, citing its potential for hackers to clandestinely monitor online activities, leading to the unauthorized capture of sensitive information such as passwords and emails. Understanding these threats is the first step in fortifying one's defenses against potential cyber threats.
Application-based attacks refer to a category of cyber threats that specifically target vulnerabilities or weaknesses in software applications. These attacks aim to exploit flaws, bugs, or design weaknesses within an application to compromise the confidentiality, integrity, or availability of the targeted system or data. Unlike attacks that focus on the overall network infrastructure, application-based attacks zoom in on individual software programs or applications running on a system.
Examples of application-based attacks are:
- Cookie Tampering: Exploiting web application cookies to gain unauthorized access.
- Backdoor and Debug: Leveraging code vulnerabilities left by developers or debug options for unauthorized access.
- SQL Injection: Inserting malicious SQL code into input fields to manipulate or extract data from databases.
- Cross-Site Scripting (XSS): Injecting malicious scripts into web applications to compromise user information.
- Remote Code Execution (RCE): Executing arbitrary code on a target system from a remote location.
In 2023, a surge in sophisticated app-based hacker attacks posed significant threats to digital security. Attackers targeted web applications through various methods, leveraging code weaknesses or debug options left by developers. SQL Injection attacks aimed at manipulating databases through input fields were prevalent, along with Cross-Site Scripting (XSS) tactics that injected malicious scripts into web applications. Remote Code Execution (RCE) posed a serious risk, allowing cybercriminals to execute arbitrary code on target systems from remote locations. These diverse and advanced techniques underscored the importance of robust cybersecurity measures, urging organizations and developers to stay vigilant, update systems regularly, and employ secure coding practices to defend against such evolving threats.
Recent research reveals that, on average, applications in production have been subjected to over 13,000 attacks per month in the past year alone. The implications of application security risks and successful attacks are multifaceted, ranging from operational disruptions to critical data breaches and ransom demands, all of which can severely impact businesses. Moreover, such incidents can also lead to the erosion of brand reputation and trust among customers and stakeholders. As organizations increasingly rely on digital applications for various functions, ensuring robust security measures becomes paramount to safeguard against these threats.
In the rapidly evolving landscape of cybersecurity, a good comprehension of potential threats is imperative. In this article network-based attacks and application-based attacks are distinguished, providing valuable insights into the multifaceted dimensions of potential cyber threats. As we navigate the digital realm, understanding attacker models remains an essential tool in devising effective strategies against evolving cybersecurity challenges.
Defending against application-based and network-based attacks is important for several reasons. Firstly, attacks on applications can lead to data theft, disruption of company operations, and even loss of control over the system. Additionally, network attacks can allow hackers to access confidential information, compromise data integrity, or block access to network resources. As a result, defending against these types of attacks is crucial to ensuring security, operational continuity, and data protection for the company.
Keywords: Attacker Models, Network-Based Attacks, Application-Based Attacks, Malware, DDoS, DNS Attack, Sniffer Attack, Cookie Tampering, Backdoor and Debug, SQL Injection, Cross-Site Scripting, Remote Code Execution.
Source:
ENISA THREAT LANDSCAPE FOR DoS ATTACKS, November 2023
COREnext Deliverable 2.2 – Definition and Impact of Trustworthiness
www.radware.com/blog/ddos-protection/2023/10/dns-under-siege-real-world-dns-flood-attacks
What is Wireless Sniffing? (with pictures) (easytechjunkie.com)
Understanding Trustworthiness in the COREnext Platform: Security Aspects
Trustworthiness is a critical component in any service, and its importance is magnified in the context of the COREnext platform. To comprehend its significance, a deep understanding of potential adversaries seeking to exploit vulnerabilities is crucial.
This article delves into the multifaceted security aspects integral to trustworthiness in the COREnext platform, encompassing authentication, confidentiality, component isolation, data integrity, and service availability.
In 2024, the paramount importance of prioritizing security aspects cannot be overstated, with a particular focus on authentication. Guaranteeing secure access to platform services hinges on robust user identification processes, ensuring that only authorized individuals can interact with sensitive systems. Additionally, confidentiality remains a critical pillar in safeguarding valuable information, permitting access exclusively to authorized entities and preventing unauthorized breaches. The need to enhance security, maintainability, and reliability by segregating software and hardware components, requires to isolate components. The emphasis on component isolation further underscores the significance of enhancing security. Data integrity emerges as a pivotal concern, necessitating a commitment to ensuring the accuracy and reliability of data throughout its lifecycle while fortifying defenses against unauthorized alterations. Finally, service availability takes center stage, emphasizing the need to design systems that function sea mlessly even in the face of hardware or software faults. These security measures collectively form a robust defense strategy against evolving threats in the dynamic landscape of 2024.
In short, the COREnext platform places a premium on trustworthiness, emphasizing the above key security aspects:
- Authentication Identity: Ensuring secure access to platform services through fundamental user identification processes.
- Confidentiality: Safeguarding sensitive information, permitting access only to authorized entities.
- Component Isolation: Enhancing security, maintainability, and reliability by segregating software/hardware components.
- Data Integrity: Ensuring accuracy and reliability of data throughout its lifecycle, guarding against unauthorized changes.
- Service Availability: Designing the system to function seamlessly even in the presence of hardware or software faults.
Summarizing, trustworthiness must become a key European differentiator, and thus COREnext addresses trustworthiness also on an architectural level, where it must be balanced with efficiency goals. In summary, trustworthiness of the entire system will only be as strong as its weakest link. Thus, COREnext takes an end-to-end approach from considering trustworthy analogue components to trustworthy integration of digital components. COREnext will develop a trustworthy-by-design platform and thus answer the need for European capabilities for B5G/6G computing based on a new computing architecture for base stations. This architecture efficiently and securely integrates third-party accelerators capable of supporting even the most demanding 5G/6G processes in cloud servers, base stations, and client-side devices. The platform will be released in 2026.
Read more about the project:
https://corenext.eu/2023/10/30/vulnerabilities-lurking-in-todays-digital-world/
Interview with Manuela Neyer: Exploring the Intersection of Science and Project Management
Manuela Neyer, whose academic journey in physics has led her to a dynamic career in project management and coordination at Infineon Technologies, decided to answer a few of our questions on her professional journey. Her passion for science was ignited by childhood dreams of space exploration, inspired by the historic moon landing during the year of her birth. However, as she navigated her scientific path, Manuela discovered that while physics presented its challenges, it was the complexities of human interaction that truly tested her skills...
COREnext: What initially motivated you to pursue a career in science?
Manuela Neyer: Curiosity and the childhood dream to become an astronaut; In the year I was born, the first man was on the moon.
COREnext: Has that motivation evolved? If so, how?
Manuela Neyer: I realized life has its „new learnings every day”. Physics is the easy part, its difficult once it comes to people.
COREnext: Can you share one or more highlights of your scientific career?
Manuela Neyer: Highlight of my career was an assignment abroad in Asia for 7 years.
COREnext: As a successful woman scientist, what advice would you give to younger generations or women aspiring to enter the field of science, particularly in overcoming challenges or barriers they may face?
Manuela Neyer: Make sure the family load is shared equally with your partner/ family. You need to grow before you put your fist on the table.
COREnext: In your experience, what strategies have you found most effective in fostering diversity and inclusion within scientific communities, and how do you believe these efforts contribute to advancements in scientific research?
Manuela Neyer: Living abroad yourself makes you aware of what integration means and costs and it will make you value „the others”. We humans have always strived to understand the world, hopefully we are willing to limit ourselves where necessary; this battle (global warming) is unfortunately not yet won, and this time I don't think science will save us.
COREnext: What do you envision for the future of women in science, and what steps do you believe are essential for creating a more equitable and supportive environment for women pursuing careers in STEM fields?
Manuela Neyer: I envision, there finally will be more women in science; once we are like 30% it will feel normal, promotions of women will be normal, there will be more women in leading and decision making positions. First of all, we have to overcome traditional patterns. More girls need to study STEM subjects, the degree programmes are open to all.
Breaking Barriers and Designing the Future: An Interview with Frida Strömbeck, Pioneering Integrated Circuit Designer
We had the privilege to get to know Frida Strömbeck, a remarkable figure in the world of science and technology. As a Postdoctoral Researcher at Chalmers University of Technology, Frida's journey is a testament to her passion for integrated circuit design, particularly in the realm of high data rate millimeter wave communication.
Her career trajectory is a captivating blend of curiosity, determination, and groundbreaking achievements. In this interview, Frida shares insights into her motivations, highlights from her scientific career, and invaluable advice for aspiring scientists, especially women navigating the challenges of STEM fields. Join us as we delve into the fascinating world of science through the lens of Frida Strömbeck's remarkable experiences and perspectives.
COREnext: What initially motivated you to pursue a career in science? Has that motivation evolved? If so, how?
Frida Strömbeck: I have always liked figuring out how things work and solving problems. I studied engineering physics at university because space is really cool. Somehow, I ended up taking a course in integrated circuit design, and then I was hooked.
What motivates me today is still my passion for circuit design and the challenges we have to overcome. There is so much to do and explore in the future.
COREnext: Can you share one or more highlights of your scientific career?
Frida Strömbeck: Measuring my first integrated circuit that I had designed, waiting eight months for it to get fabricated and realising that it actually worked in real life and not only simulations.
Finally reaching data rátes above 100 Gbps over a one meter polymer microwave fiber (PMF), which was a goal that we worked towards a very long time, that almost felt impossible in the beginning.
COREnext: As a successful woman scientist, what advice would you give to younger generations or women aspiring to enter the field of science, particularly in overcoming challenges or barriers they may face?
Frida Strömbeck: Make sure you do it for the right reasons, because that will be the motivation that drives you when things are difficult. Things will fail, you will get rejected and questioned a lot. That’s part of being a researcher. If things never fails, you haven’t taken enough risks. It’s from the failures we learn.
COREnext: In your experience, what strategies have you found most effective in fostering diversity and inclusion within scientific communities, and how do you believe these efforts contribute to advancements in scientific research?
Frida Strömbeck: Expect to be treated the same as everyone else. Excluding someone due to their gender/ethnicity/sexual preference etc is extreamly stupid and narrow-minded, and we really don’t need narrow-minded people doing scientific research.
COREnext: What do you envision for the future of women in science, and what steps do you believe are essential for creating a more equitable and supportive environment for women pursuing careers in STEM fields?
Frida Strömbeck: Role models (top researchers) standing up against sexism. I am very lucky working in a great team where we trust and support each other, which is why we are succesful. Hopefully this attitude will spred to other groups.
Empowering Women in Science: Insights from Vanessa Daccache in the COREnext Project
February and March mark the celebration of both Women in Science Day and International Women’s Day, highlighting the achievements and contributions of women in various fields, including science and technology. To shed light on the remarkable journey of women scientists, we sat down with Vanessa Daccache, HW Test SW Engineer at Nokia, to discuss her experiences and insights.
COREnext: What initially motivated you to pursue a career in science, and has that motivation evolved over time?
Vanessa Daccache: Initially, as a woman, pursuing a career in science presented itself as an unusual and challenging choice. However, my motivation has evolved into a curiosity that propels me to explore the vast realm of science. This evolution led me to make the decision to relocate to Germany to pursue my master’s degree in communications technology. Along the way, I have found continuous inspiration from other women leaders in the scientific field, whether encountered in my work environment or through social media.
COREnext: Can you share one or more highlights of your scientific career?
Vanessa Daccache: There have been several standout moments in my scientific career. One highlight was the opportunity to collaborate with Nokia on my master's thesis. Delving into data transmission using cutting-edge technologies within high-speed digital systems significantly expanded my knowledge. Additionally, visiting Nokia's factory in Finland left a lasting impression and instilled in me a newfound appreciation for the industry. More recently, joining COREnext has marked a significant milestone for me. Engaging with esteemed experts in the field and participating in collaborative meetings has enriched my expertise and fostered a sense of community.
COREnext: As a successful woman scientist, what advice would you give to younger generations or women aspiring to enter the field of science, particularly in overcoming challenges or barriers they may face?
Vanessa Daccache:: My advice would be not to fear asking questions or stepping outside of one's comfort zone. It's important to recognize that each of us is on a continuous learning journey, regardless of our experience level. The field of science offers numerous opportunities for women, now more than ever. Embrace these opportunities, persevere through challenges, and let curiosity be your guiding force.
As Vanessa continues supporting and contributing to the formulation of the 6G network architecture in the COREnext project, her dedication and passion serve as a beacon of inspiration for women in science everywhere. Through her unwavering commitment to innovation and excellence, she is paving the way for future generations of women in STEM.
#CORENEXTWOMENINSCIENCE – An interview with Jian Yiyun
Our Women in Science campaign comes to its third issue with the interview with Jian Yiyun. This year International Women’s Day has the theme “DigitALL: Innovation and technology for gender equality”, and we want to celebrate it and make visible the work the women in the team are doing.
 |
After graduating from the Beijing Institute of Technology (BIT), China, in 2013, Yiyun Jian majored in instrumentation engineering, Master’s degree. She then worked as a digital hardware engineer at the Institute of Geology and Geophysics, Chinese Academy of Sciences.
Since August 2022, working at IHP in Germany as a Ph.D. student, focusing on MAC layer design of the 6G project and digital hardware implementation (FPGA based) of the 6G project. |
Interview
- WHAT IS YOUR MISSION WITHIN THE COREnext PROJECT?
My main task is to contribute to the functionality of digital components of trustworthy communication in the COREnext project.
- WHAT ARE THE MOST SIGNIFICANT CHALLENGES YOU ADDRESSED/FACED IN YOUR CAREER?
My most significant challenges are innovating advanced technologies to achieve high reliability and resilience, precise and low-latency communication and sensing.
- THIS YEAR, INTERNATIONAL WOMEN'S DAY HAS THE THEME "DIGITALL: INNOVATION AND TECHNOLOGY FOR GENDER EQUALITY", AND THE INTERNATIONAL DAY OF WOMEN AND GIRLS IN SCIENCE FOCUSED ON "DEVELOPMENT GOAL". WHAT DO YOU THINK IS THE ROLE OF SCIENCE IN SUSTAINABLE DEVELOPMENT?
Science is significant in sustainable development; we can predict, prevent and protect using the technologies.
- EVEN THOUGH WE SEE MORE WOMEN PURSUING CAREERS IN LIFE SCIENCES, WE STILL HAVE A LONG WAY TO GO, BASED ON UNESCO STATISTICS. HOW CAN WE INCREASE THE NUMBER OF WOMEN IN SCIENCE, TECHNOLOGY, ENGINEERING AND MATHEMATICS (STEM) DISCIPLINES?
To provide more opportunities and awards for women and families and parenting support.
- WHAT INSPIRES YOU IN YOUR WORK?
The achievements genuinely contribute to the new technologies that may help humanity and all lives.
#CORENEXTWOMENINSCIENCE - An interview with Anastasia Grebenyuk
On 11 February, we celebrated the International Day of Women and Girls in Science. The Day focuses on the fact that science and gender equality are vital for achieving internationally agreed development goals, including the 2030 Agenda for Sustainable Development. Regarding the upcoming International Women's Day on the 8th of March, the theme this year will be “DigitALL: Innovation and technology for gender equality”, so we will continue giving visibility to the women in the team.
 |
Dr. Grebenyuk Anastasia, is 38 years, and has a PhD in Experimental particle physics. Before Ericsson I works at the Large Hadron Collider (LHC) at CERN. She is the mother of two kids. |
Interview
- What is your mission within the COREnext project?
Develop a machine learning algorithm for radio fingerprinting. - What are the most significant challenges you addressed/faced in your career?
To perform intelligent tasks which require out-of-box thinking and deep knowledge in the relevant field, being engaged in multiple projects. - International Day of Women and Girls in Science focused on development goals this year. And International Women's Day is focused on technology. What do you think is the role of science in sustainable development?
Scientists are increasingly expanding their knowledge in areas such as climate change, increasing resource consumption, demographic trends and environmental degradation. Developments in these and other areas must be considered when designing long-term development strategies. Science must continue to play an increasingly important role in promoting the efficient use of resources and finding new methods, means and alternatives for development. - Even though we see more women pursuing careers in life sciences, we still have a long way to go, based on UNESCO statistics. How can we increase the number of women in science, technology, engineering and mathematics (STEM) disciplines?
As parents, we should make kids interested in science/technology/physics/math in their earlier childhood, independent of gender. Unfortunately, in some countries, society puts its frames on the choice of education and profession among women. We should dispel prejudices and ensure that the choice of education comes from our interests and not from society's stereotypes. - What inspires you in your work?
Challenging tasks, curiosity for knowledge, smart people