5.1: Description and Objectives
Description
In cybersecurity, a threat is the potential for a negative security event to occur. This module examines common attacks against critical infrastructure including hijacking, denial-of-service attacks, malicious software, SMTP spam engines, Man-in-the-Middle (MITM) attacks, and social engineering. It explores how attacks are being conducted through users, and the different kinds of attacks that target server-side and client-side applications. The module also explores some of the common attacks that are launched against networks, CI and SCADA/Control Systems, and other CI devices today. There is a discussion of how malware is designed and configured, how it works, and the current and future impact of malware on SCADA systems. An overview of how malware like Stuxnet impacts SCADA systems serves as an example.
Objectives
- Define threats and threat agents, and explain how risk assessment relates to understanding threats.
- Identify how different threats—including hijacking, denial-of-service attacks, malicious software, SMTP spam engines, Man-in-the-Middle (MITM) attacks, and social engineering—would apply to critical infrastructure.
- Identify different types of malware and their intended payloads.
- Describe social engineering psychological attacks.
- List and explain the different types of server-side web application and client-side attacks relevant to critical infrastructure.
- Describe overflow attacks and provide examples of the impact on CI systems.
- Provide examples of malware attacks, such as Flame, Stuxnet, BlackEnergy, Havex, and Duqu, and discuss their functionality and impact on critical infrastructure systems.