Business Law Civil Litigation Legal Topics Practice of Law

Cyberattacks 101

Unfortunately, we have all had to become somewhat knowledgeable about cyberattacks, even if only to be sure our anti-viral software is up-to-date. But do you really know what the different cyberattack terms mean? Here’s a quick overview of cyberattack language and what it all means.

As with everything in this technological age, there is particular language used to describe different types of cyberattacks. As we all struggle to protect ourselves, our businesses, and our clients from these potentially disastrous events, we need at least a minimal amount of literacy in the area.

Here’s your beginner’s glossary of the major threats to computer systems and networks:

Computer virus: A virus is a program or piece of code that is loaded onto a computer or server and runs without the owner’s knowledge or consent. A virus cannot enter a computer on its own. It is carried through a host program downloaded from the Internet or copied from another computer, disk, or other storage medium. A worm is a type of virus that spreads on its own without human assistance. It resides in a computer’s memory and uses that memory to replicate itself and travel to other computer hosts. Worms can be contained in very small files; for example, the widely destructive Sapphire worm consisted of only 376 bytes of code.

Trojan horse: A Trojan horse is a malevolent program masked within another program that appears benign. A computer or network accepts a Trojan horse because the program is read and recognized as beneficial to the system. Once accepted, however, the hidden program runs and can cause damage or allow a third party to take over the computer or system remotely. The term “Trojan horse” does not normally refer to programs like viruses or worms that replicate and spread themselves using the host computer as a base.

Bomb: A bomb will lie dormant and then “detonate” on a specific predetermined event. A logic bomb can be triggered by a date, the number of times a program is executed, a random number, or a specific event such as accessing an employee’s payroll record. Bombs have been programmed to change random bytes of data on a disk or to wipe out an entire hard drive. The protesters against BART recently called for the use of “email bombs” against the transit agency.

Denial of Service attacks (“DoS” attacks): DoS attacks do not actually yield any information or provide access to a company’s systems; instead, they are intended to put the targeted Internet service offline and disrupt its operations. There are various types of DoS attacks, but they generally fall into three categories:

  1. Operating system attacks: Attacks against a certain known fault or weakness of the target computer’s operating system. The objective of these attacks is to cause the system to freeze or completely restart. Installing software updates or patches that are released by software manufacturers or independent developers can help prevent against operating system attacks.
  2. Networking attacks: Attacks that attempt to take advantage of built-in aspects of the networking functions of a system, causing it to shut down. The most common type of networking attack directs such a large quantity of data at the network interfaces of the targeted system that it closes down completely or resets the network interface. One version of this tactic is to send incomplete or malicious data packets to computers on a network. Consuming valuable network resources, connected computers become unusable as they attempt to process the corrupted information sent to them.
  3. Distributed Denial of Service Attacks (DDoS): Hackers use this method by gaining unauthorized access to other computers through various weaknesses and vulnerabilities. Once the machines are accessed, the hacker is able to seize control of them to mount a coordinated denial of service attack on an increased scale because of the use of multiple computers.

The likelihood of these different types of cyberattacks being directed at you or your business varies, but one thing they all have in common is that they are designed to occur without warning. It won’t help to underestimate the enemy or bury your head in your keyboard; everyone should have basic protections in place and a response plan if you do become a victim. The US Department of Justice has put out a document of Best Practices for Victim Response and Reporting of Cyber Incidents.

For more on computer viruses and other network disruptions, go to CEB’s Internet Law and Practice in California, chap 18. Also check out the cybersecurity chapter in CEB’s Financing and Protecting California Businesses, chap 13.

© The Regents of the University of California, 2011. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited.

8 replies on “Cyberattacks 101”

“..and a response plan if you do become a victim.”

The biggest and primary challenge for any organization these days is realizing that it is a victim. Many people do not realize that they have been hacked (hacker has come and gone) or a hacker is camping on their network. The ability to detect a compromise is equally, or of greater importance, than basic or advanced protection mechanisms.


Add your comment to the blog post

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s