IT
Distributed Denial of Service (DDoS) – This is when multiple systems simultaneously connect
or utilise the entire bandwidth of another (victim) system. This overloading of traffic restricts
other bonafide users from interacting with the targeted victim and may even cause the closing
down of the target leading to loss of business.
Website Defacement – As the name suggests, this is when an unauthorised actor alters
the appearance of your website with their own content. This may be motivated for political
reasons or just for misadventure and nuisance, however it may also be used to place online
advertising and click through channels so that the bad characters can reap financial rewards
off the back of your reputation.
Website Impersonation – Once again, straightforward in meaning, this is when a bad
character creates a website that mirrors that of a legitimate business. The motivation is
usually financial gain and may be used for payment interception or for the harvesting of
financial and personal details. These websites often contain malicious code ready to infect
any system that interacts with them and the reputational damage associated with that
infection will be proportioned to the legitimate business.
Social Media Hijacking – This is when false social media accounts are created or legitimate
accounts are compromised. The motivation and rewards mirror those of website defacement
and Impersonation, however exploit the added bonus of a much greater reach.
Ransomware – This refers to malicious code placed on a target’s system that blocks or
encrypts all data held on that target system. This means that the computer system of the
target organisation is rendered inoperable. The bad character then extorts a ransom payment
which is usually to be paid in the Japanese virtual currency Bitcoin, (which is legitimately used
for gaming) to provide an encryption key or to unblock your system.
Other Cyber Crimes
Click-Thru and online advertising fraud - this is commonly achieved when a search engine
result is manipulated so that the user clicks on a search result only to be taken to a totally
un-related website, i.e. a user clicks on a search result for mechanical information only to
see that a page selling frozen turkeys is displayed. The online advertising agency engaged
by the frozen turkey merchant pays a small fee to the search result that drove the traffic to
their client, and when this process is repeated many times over it can be a viable deception
to undertake. To enhance the deception once on the frozen turkey website, you may become
mousetrapped meaning that by clicking the “back arrow” icon you actually reload the page
and are not returned to the search results.
Unauthorised control of a computer system – bad characters gain unauthorised access
to take control of a target system used to control an offline service. Think the Ukrainian
Electricity grid and the Iranian Nuclear Programme, both of which were compromised and
shut down by cyber adversaries. A variation of this type of attack is to take control of webcam
or CCTV and utilise footage for corporate espionage, extortion or sexual gratification.
GOVLINK » ISSUE 2 2017
41