What Could Go Wrong? Types of Information System Threats
STRIDE is a model and a mnemonic developed by Microsoft security experts to help identify potential product vulnerabilities during security analysis. It describes six categories of vulnerabilities in IT products.
Denial-of-Service (DoS) attack
Denial-of-Service (DoS) attack
Denial of Service (DoS) attacks block user services by temporarily unavailable to a web server.
Information disclosure
Information disclosure
Unauthorized access to data and violation of their privacy, subsequent use in the interests of a third party.
Repudiation
Repudiation
This type of vulnerability is associated with users who deny taking action, while other parties are unable to prove otherwise. For example, a user performs an illegal operation on a system that does not have the ability to track prohibited operations. “Non-denial” refers to the system’s ability to withstand threats of denial. For example, a user who purchases an item may be required to sign for the item upon receipt. The supplier can then use the signed receipt as proof that the user actually received the package.
Elevation of privilege
Elevation of privilege
With this type of threat, an unprivileged user gains privileged access and thus acquires the ability to compromise or destroy the entire system. Privilege escalation threats include situations in which an attacker has effectively overcome all system defenses and become part of the most trusted system, which is a really dangerous situation.
Spoofing
Spoofing
Spoofing is a method of attack in which one person or program disguises itself as another by falsifying data, which allows them to obtain illegitimate advantages. An example of identity spoofing is unauthorized access and then the use of information to authenticate another user, such as a username and password.
Tampering
Tampering
Tampering means malicious modification of data. Examples include unauthorized changes made to permanent data, such as stored in a database, and changes to data as it travels between two computers over an open network.
How Eliminating System Vulnerabilities Protects Your Business
Protecting key services operation
- A DoS attack can lead to temporary disruption or downtime at key moments in order to deprive business of profits or entice customers to move to a competitor.
- Industrial espionage, theft of commercial information for the purpose of being used by a competitor or economic gain.
- An ill-wisher can exert economic pressure by winding up commission-charged transactions with illegitimate requests from bots.
The quality of user experience
- Unauthorized access to a user’s personal account and personal data can lead to data theft for the purpose of resale or unfair use.
- Illegitimate access to customers’ bonus accounts can be used to receive goods and services within the loyalty program.
- Loss of a competitive advantage (e.g. speed of service or system availability) due to technical problems caused by systematic attacks.
System compliance with international security certifications
The systems developed by Axmor have been successfully tested for compliance with the US healthcare system standards (HIPAA), PCI DSS 2.0 Level 1 certification of payment gateways.
Common Misconceptions about Information Security
IP blocking will be enough
IP blocking will be enough
Limiting the number of requests from a single IP address does not work if the attacker uses a distributed attack (DDoS) that is carried out simultaneously from a large number of IP addresses.
Bots work on to a simple algorithm
Bots work on to a simple algorithm
Indeed, most of the cheap and widespread bots are quite primitive and easy to detect. The situation changes when someone is motivated to write a well-thought-out bot that can mimic a real user. Dealing with this type of attack is a competition not unlike a chess game between highly professional programmers both on the side of the attacker and the defender, where each tries to outsmart the other in the short and the long game alike.
AI-powered services can guarantee behavioral protection
AI-powered services can guarantee behavioral protection
Services that use machine learning rely on the accumulated knowledge base of the behavior patterns of attackers on a wide variety of different systems. The problem is that each system has unique user scenarios that the bot can adapt to in order to bypass such protection. While these services do detect attacks, their competencies are inherently limited by the uniqueness of the systems and the attackers.
Prudence and caution are equally important: prudence — in order to notice difficulties in time, and caution — in order to carefully prepare for their meeting.
Roald Amundsen
Three stages of system protection
I
Development planning
Threat modeling
Threat modeling is carried out in order to identify potential vulnerabilities and plan protection against attacks prior to the development stage, when the cost of making changes is significantly lower than in the finished product. This allows developers to approach requirements analysis and architecture development from the point of view of data security and privacy.
Individual priorities
Analysing the most critical vulnerabilities for your specific business allows us to develop a comprehensive protection by integrating optimal available components and knowledge bases with custom developed unique tools.
II
Attack detection
Behavioral Analysis
Intelligent attacks are a simulation of a real user that looks legitimate from the point of view of the system. For complex systems, unique interaction scenarios are developed that allow you to identify micro differences between the bot and the user and block malicious actions.
Pattern analysis
Based on the statistical analysis of technical parameters and traffic changes we can create an algorithm that detects anomalies typical for bots and block attacks.
The arms race
Targeted attacks are often carried out with the help of a team of professional developers who tweak the attacking bot product after each security enhancement. Defeating a new attempt requires the appropriate competence and ability to reduce the cost-benefit motivation of the attack.
III
Response and retaliation
User classification
Depending on the results of the analysis, the user can be classified as real or suspicious, in which case the system redirects them according to the established protocol.
Counterattack
When an attacker is identified, there are methods of information countermeasures that can complicate the operation of the bot, identification of deficiencies and refining of the product for the attacker.
Analytics and reporting
Automatic report generation for all incidents and the use of new data to improve the efficiency of detection algorithms.
2003
2020
70% of our clients return with new projects
19 years
on custom software
development market
development market
120+
developers with experience
across multiple industries
across multiple industries
460+
successful projects for
clients all over the world
clients all over the world
Let’s see how we can make your business stronger