Information Security Threat Categories

 

1. Introduction

With the rapid evolution of technology, security threats are increasing as attackers exploit system vulnerabilities. Organizations must balance functionality, usability, and security to ensure a safe computing environment. This document outlines various security threats, attack vectors, and types of cyberattacks that organizations face today.

2. Categories of Information Security Threats

Security threats can be broadly classified into three categories:

A. Network Threats

A network consists of interconnected devices that communicate to share resources. Attackers exploit vulnerabilities in the communication channels to intercept or manipulate data.

Common Network Threats:

  • Information Gathering – Collecting data about a target system.
  • DNS and ARP Poisoning – Manipulating network protocols to redirect traffic.
  • Sniffing & Eavesdropping – Capturing data packets in transit.
  • Password-based Attacks – Cracking or stealing user credentials.
  • Spoofing – Impersonating a trusted entity to gain access.
  • Denial-of-Service (DoS) Attacks – Overloading a network to disrupt services.
  • Session Hijacking – Intercepting user sessions to take control.
  • Compromised-Key Attacks – Using stolen encryption keys to access data.
  • Man-in-the-Middle (MitM) Attacks – Intercepting and modifying communication.
  • Firewall and IDS Attacks – Bypassing security systems to gain unauthorized access.

B. Host Threats

Host threats specifically target an individual system where valuable information is stored. Attackers attempt to breach system security and gain control.

Common Host Threats:

  • Malware Attacks – Infecting a system with malicious software.
  • Footprinting & Profiling – Gathering intelligence about the system.
  • Password Attacks – Cracking or stealing login credentials.
  • Denial-of-Service Attacks – Disrupting system availability.
  • Privilege Escalation – Gaining higher-level access than permitted.
  • Arbitrary Code Execution – Running unauthorized code on a system.
  • Backdoor Attacks – Creating hidden access points.
  • Unauthorized Access – Gaining access without proper authentication.
  • Physical Security Threats – Attacks targeting hardware or physical access.

C. Application Threats

Applications are vulnerable if security is not prioritized during development, deployment, or maintenance. Attackers exploit weaknesses to manipulate data and compromise systems.

Common Application Threats:

  • Improper Data/Input Validation – Allowing malicious inputs to bypass security.
  • Hidden-field Manipulation – Altering hidden parameters in web applications.
  • Authentication & Authorization Attacks – Exploiting weak login mechanisms.
  • Broken Session Management – Hijacking user sessions.
  • Security Misconfiguration – Leaving applications with default settings.
  • Buffer Overflow Issues – Exploiting memory vulnerabilities.
  • Improper Error Handling – Revealing sensitive system details.
  • Cryptography Attacks – Breaking encryption mechanisms.
  • SQL Injection – Injecting malicious SQL queries to manipulate databases.
  • Phishing – Deceiving users into revealing sensitive information.

3. Types of Attacks on a System

Attackers use various approaches to exploit system vulnerabilities.

A. Operating System Attacks

Modern operating systems come with numerous features and services, making them attractive targets. Attackers exploit OS vulnerabilities to gain unauthorized access.

Common OS Vulnerabilities:

  • Buffer Overflow Exploits – Overflowing memory to execute malicious code.
  • Bugs in the Operating System – Software flaws leading to security gaps.
  • Unpatched Systems – Failing to update security patches.

Attack Methods:

  • Exploiting network protocols and built-in authentication mechanisms.
  • Breaking file system security and password encryption.
  • Gaining control through privilege escalation techniques.

B. Misconfiguration Attacks

Security misconfigurations expose systems to unauthorized access, data theft, and takeovers. Misconfigurations affect web servers, databases, and network devices.

Best Practices to Prevent Misconfiguration Attacks:

  • Change default settings before deployment.
  • Remove unnecessary services and software.
  • Regularly update and patch systems.
  • Use security scanners to detect misconfigurations.

C. Application-Level Attacks

Software vulnerabilities allow attackers to exploit applications. Developers often prioritize functionality over security, leading to vulnerabilities.

Common Application-Level Attacks:

  • Session Hijacking – Stealing authentication tokens.
  • Denial-of-Service (DoS) Attacks – Overloading resources.
  • SQL Injection – Manipulating databases using malicious queries.
  • Cross-Site Scripting (XSS) – Injecting malicious scripts into web pages.
  • Phishing – Tricking users into revealing sensitive information.
  • Man-in-the-Middle Attacks – Intercepting and altering communication.
  • Directory Traversal Attacks – Accessing restricted files on a web server.

4. Information Warfare

Information warfare (InfoWar) refers to using Information and Communication Technologies (ICT) for strategic advantages over adversaries.

Types of Information Warfare:

  1. Command & Control (C2) Warfare – Controlling enemy networks.
  2. Intelligence-Based Warfare – Exploiting sensors and surveillance data.
  3. Electronic Warfare – Disrupting communication through jamming and cryptographic attacks.
  4. Psychological Warfare – Using propaganda to manipulate public perception.
  5. Hacker Warfare – Attacking computer systems to steal or corrupt data.
  6. Economic Warfare – Disrupting financial systems and data flow.
  7. Cyber Warfare – Attacking virtual infrastructures for political or military objectives.

Defensive vs. Offensive Information Warfare:

  • Defensive InfoWar – Implementing countermeasures against cyberattacks.
  • Offensive InfoWar – Targeting adversaries' ICT assets for strategic advantages.

Important notes:
✅ Security threats fall into Network, Host, and Application categories.
✅ Attackers use various attack vectors like malware, phishing, and DoS attacks.
Application vulnerabilities are a major entry point for cybercriminals.
Information warfare plays a role in cyber conflicts between nations and organizations.
✅ Regular updates, monitoring, and security policies are essential for protection.

Examples of Vulnerable code and Secure Code:

1. Session Hijacking

Attackers exploit session information when authentication tokens are passed via the URL instead of secure cookies.

Vulnerable Code (Exposes session ID in URL)

string sessionId = Request.QueryString["sessionid"];
Session["UserSession"] = sessionId;

🔴 Issue:

  • Attackers can steal the session ID if they intercept the URL (e.g., via sniffing or cross-site scripting).

Secure Code (Uses Secure Cookies)

Session["UserSession"] = Request.Cookies["sessionid"].Value;

Fix:

  • Use Cookies instead of passing session IDs in the URL.
  • Enable Secure and HttpOnly Flags to prevent JavaScript access.

2. SQL Injection

SQL Injection occurs when unsanitized input is directly inserted into an SQL query.

Vulnerable Code (Concatenating User Input in Query)

user_input = input("Enter username: ")
query = "SELECT * FROM users WHERE username = '" + user_input + "'"
cursor.execute(query)

🔴 Issue:

  • If the user enters "admin' --", it bypasses authentication by commenting out the password check.

Secure Code (Using Parameterized Queries)

query = "SELECT * FROM users WHERE username = %s"
cursor.execute(query, (user_input,))

Fix:

  • Use Prepared Statements to prevent malicious SQL execution.
  • Sanitize User Input before executing queries.

3. Cross-Site Scripting (XSS)

XSS occurs when an attacker injects malicious scripts into a webpage, allowing them to execute on a victim’s browser.

Vulnerable Code (Directly Rendering User Input)

<p>Welcome, <?php echo $_GET['name']; ?>!</p>

🔴 Issue:

  • If a user enters <script>alert('Hacked!')</script>, the browser executes the JavaScript, leading to potential data theft.

Secure Code (Escaping User Input)

<p>Welcome, <?php echo htmlspecialchars($_GET['name'], ENT_QUOTES, 'UTF-8'); ?>!</p>

Fix:

  • Escape HTML Special Characters to prevent script execution.
  • Use Content Security Policy (CSP) to restrict inline scripts.

4. Buffer Overflow

A buffer overflow occurs when a program writes more data to a buffer than it can hold, causing unpredictable behavior or system crashes.

Vulnerable Code (Unbounded String Copy)

char buffer[10];
gets(buffer);

🔴 Issue:

  • gets() does not check input length, allowing an attacker to overwrite memory and execute arbitrary code.

Secure Code (Using Safer Functions)

char buffer[10];
fgets(buffer, sizeof(buffer), stdin);

Fix:

  • Use fgets() instead of gets() to limit input size.
  • Apply Bounds Checking when handling memory.

5. Insecure File Upload

Allowing users to upload any file type without validation can lead to remote code execution.

Vulnerable Code (No File Type Validation)

move_uploaded_file($_FILES["file"]["tmp_name"], "uploads/" . $_FILES["file"]["name"]);

🔴 Issue:

  • Attackers can upload malicious scripts (e.g., .php, .exe, .jsp) and execute them on the server.

Secure Code (Validating File Type & Restricting Execution)

$allowed_types = ['jpg', 'png', 'pdf'];
$ext = pathinfo($_FILES["file"]["name"], PATHINFO_EXTENSION);

if (!in_array($ext, $allowed_types)) {
    die("Invalid file type!");
}

move_uploaded_file($_FILES["file"]["tmp_name"], "uploads/safe_" . basename($_FILES["file"]["name"]));

Fix:

  • Allow only specific file types (whitelist approach).
  • Store files outside the web root to prevent direct execution.
← Back Next →

Comments

Post a Comment

Popular posts from this blog

Wrapper Class

⋮ Mindvault360 Introduction to Java FEATURES OF JAVA OOPS Concepts Java Tokens Java statements Java Datatypes Type Casting Operators Expression, Scanner Class and Control Structures Control Statements in Java Loops in Java Functions in Java Arrays in Java Java String Java Regex Java Methods Java Constructor Java Modifiers Java Inheritance Java Abstraction Java Encapsulation Java Polymorphism Java Interface Java Recursion Java Final Class Java Keywords Java Inner Class Java Singleton Class Java Object Class Java Garbage Collection and Finalize Class Java Enumeration Multithreading Life cycle of a thread Thread Priority Thread Scheduler Thread.sleep() in Java Java join() method Daemon Thread in Java Java Thread Pool ThreadGroup in Java Java Shutdown Hook Java Runtime class Synchronization in Java Deadlock in Java Inter-thread Communication in Java Exception in Java Date and time class in Java Java FileStream Seria...
Read more

Information Security & Essential Terminology

⋮ Mindvault360 Information Security & Essential Terminology Elements of Information Security The Security, Functionality, and Usability Triangle Information Security Threats and Attack Vectors Top Information Security Attack Vectors Information Security Threat Categories Information security is the process of preventing unauthorized access, disclosures, modifications, and destructions of data and system data that use, store, and transmit data. The most important resource that enterprises must protect is information. In an effort to learn how to secure such vital information resources, the relevant business may incur significant losses in terms of money, brand reputation, customers, etc., if sensitive information ends up in the wrong hands. Various statistics, threat forecasts, key terms related to information security, information security components, and the security, functionality, and usability triangle are covered ...
Read more