Cyber Vulnerability

Cyber vulnerability is a popular term in recent times, because people have a daily
interaction with this term on a personal and organizational level all across the developed and
developing countries. The meaning of this term helps one in understanding the risks
associated with using cyber systems for the purpose of handling business. Vulnerability is a
term used in cyber security and it refers to the presence of flaws in any system that leaves it
vulnerable and open for attack. Hackers are quick to take advantage of these cyber
vulnerabilities and could gain access of a huge amount of valuable information. There are
various cyber vulnerabilities that have popped up in the last couple of years. Three of the
most common vulnerabilities related to cyber security include missing encryption of sensitive
data.

Missing Encryption of Sensitive Data

From the point of view of an organisation, lack of encryption of data can lead to some
serious security breach attacks. Due to the lack of proper encryption of sensitive data, the
security loses the guarantee of confidentiality, integrity and accountability that can be
expected from properly encrypted data (Erkin et al, 2012). When an organisation develops its
own applications with systems but forgets to pay attention to encryption of data through
secure channels, for example SSL, it is highly likely and possible for any attacker who has
access to traffic on the network to be able to sniff packets from the connection and avail
access to the data (Nanjundiah, 2002). Such vulnerability also allows the hackers to be able to
inject data (injection) into a stream of communication between organisation and its
stakeholders. In occurrence of such an event, there is no proper way of separating valid data
from invalid data.

SQL Injection

Another cyber vulnerability for organisation and websites is the SQL injection which
is commonly used as a hacking tool (Boyd and Keromytis, 2004). In this technique, the
hackers inject malicious data into the code which destroys the organisation’s database. The
easiest way of SQL injection is when the hackers put malicious piece of codes as input for
username or password on any given website or application (Halfond, Viegas, and Orso,
2006). When the administrators run this username and password through the database, the
damage is done. This way the most commonly hacked data is usually id password of users
within any given database.
Buffer Overflow

Also known as buffer overrun, is one of the most common mistake by a coder which
leaves the software vulnerable to hacking. Buffer overflow as the name suggests happens
when more data is entered into a fixed length buffer which it fails to handle (Cowan et al,
2003). The overflowing data runs into adjacent storages spaces and can lead to a crashed
system or can create a gateway for the hackers to conduct a cyber-attack. The hackers can use
the buffer overflow to add malicious pieces of code into the system which could be designed
to set of certain actions.

Critically analysing these three common vulnerabilities, it is found that expert coders
can reduce these vulnerabilities by encrypting sensitive data in any system for their business
clients, allocate large enough buffers to prevent buffer overflow and to regularly conduct
system tests to detect for any buffer overflows. Simple mistakes at the part of the coder can
lead to exploitation of data through cyber-attacks.

Three Cyber Exploits

Exploits is the name given to the hacker’s act of taking advantage of a cyber-
vulnerability in any system. The new wave of cyber exploits include ransom-ware where the
hackers take data on systems hostage and release it against crypto-currency as ransom
(Richardson and North, 2017). Many of the cyber exploits occurred after feeding off the
vulnerabilities present in the windows XP operating system. Companies who failed to
upgrade from XP to windows 7 or 10 were at risk of cyber exploits because Microsoft
stopped providing security patches for the old window in year 2014.

WannaCry

A ransom-ware that swept through whole of United Kingdom’s National Health

Service in 2017 was able to shut off the services of various hospital and healthcare centres in
the region due to the vulnerabilities embedded in window XP operating system (Ehrenfeld,
2017). The whole healthcare service was disrupted and patient care was threatened seriously
by delaying vital lifesaving procedures (Mohurle and Patil, 2017). The hackers wanted
ransom in which they failed to gain because the malware had some vulnerabilities of its own
and was switched off through use of kill switch.

Petya exploit
 After WannaCry, Petya infected system in various regions of the world by feeding off
the windows vulnerability. The reach of this ransom-ware was spread to various
pharmaceutical companies like Merck, Russian Oil Company Ronsnoft. The hardest blow of
this ransom-ware hit Ukrainian Infrastructure by hacking and disrupting companies in various
sectors like power sector, airports, banking sectors et cetera (Perlroth, Scott and Frenkel,
2017). Upon analysis it was found that a tax preparation program has been compromised and
had a backdoor for hackers to exploit. The consequences of this cyber exploit were extreme
as compared to WannaCry.

WikiLeaks CIA Vault 7

A publication by WikiLeaks published in the year 2017 clearly stated that CIA was
using the vulnerabilities embedded in IOS, Android, operating systems as well as smart TVs
as hacking tools to spy on public. Just the statements from Edward Snowden, these tools are
aimed at spying on public using simple MacBook for their daily work. This creates a sense of
privacy breach and fear in every citizen (Shane et al, 2017). This information led to a bad
image of CIA in public and also had an impact on the operations of the agency. Also the
publication was stolen from CIA which means that CIA had a cyber-exploit of its own kind
where sensitive information was taken and exploited.

Upon critical analysis of all situations, it is found that the security patches need to be
updated regularly so that the operations of any organization shall not be disrupted. When the
updates of security patches stop releasing, it is better to invest in upgrade of the software than
risk the lives of thousands of patients and lose millions in hacking of infrastructure globally.

IDPS (Intrusion Detection and Prevention Systems)

IDPS involves the monitoring of events that are occurring in a system or network for any
abnormal activity which may lead to cyber-attacks. These events may include violation of
computer security policies and standard practices (Scheidel, 2009). The purpose of IDPS is to
not only detect the possible exploits but also take measures in an attempt to stop the possible
incidents. For large organization like those attacked by WannaCry and Petyo need to have a
number of IDPS methodologies in place to avoid any exploits and prevent them occurring.
Big companies and official government organizations should also use a variety of IDPS
methodologies to keep in check normal activity and get an alert whenever there is any
abnormal activity.
Anomaly Based Detection

The best way for being alerted is by using the Anomaly-Based Detection in
government organisations. The government organizations can keep profiles of data that are a
representation of normal activity (Garcia-Teodoro et al, 2009). These profiles include
attributes like users, hosts, network connections and applications that are usually common.
IDPS uses these profiles to compare all activity and to find out any abnormalities in activity
that can point towards a potential intrusion and prevent it before it occurs.

Components of IDPS

Sensor or Agent: All companies afraid of cyber exploits and attacks should use
sensors and agents for the purpose of monitoring and analysing the activity on their systems.
These can be used for any large scale organization be it a private firm or a government
organization for security of sensitive data. The information from sensors or agents is
forwarded to a Management Server. The management systems in the organizations will
perform analysis on the data from various sensors and correlate data. For companies larger
than normal large scale organization, there often maybe more than one management servers.
The data from all the servers is then collected into a Database Server which acts as a
repository. The components of IDPS can be used together to prevent ransom ware like
WannaCry and Petya from creating such chaos.

Research shows that intrusion deduction and prevention systems have a great
potential for offering extensive detection of various threats. In addition to just detection, the
system allows the administrators to have a chance at preventing the exploits from occurring
(Scarfone and Mell, 2007). Now a days, IDPS is popular because the cyber-attacks are
getting massive day by day. The risks of having cyber systems in place for efficient
operations have increased considerably and now companies are at constant risk of losses due
to breaches in cyber security. If countries like USA and UK are not safe from serious cyber-
attacks that threaten the lives of patients in hospital then no company that uses computer
networks is safe. For such risky cyber environment, it is important to understand the need for
IDPS that uses a set of various detection techniques. The field of cyber security is gaining
popularity due to the onset of increase cyber threats, therefore, IDPS is now available in
customised formats that can fit the need of any company.
 References

Boyd, S.W. and Keromytis, A.D., 2004, June. SQLrand: Preventing SQL injection attacks.
In International Conference on Applied Cryptography and Network Security (pp. 292-
302). Springer, Berlin, Heidelberg.

Cowan, C., Beattie, S., Johansen, J. and Wagle, P., 2003, August. Pointguard TM: protecting
pointers from buffer overflow vulnerabilities. In Proceedings of the 12th conference
on USENIX Security Symposium (Vol. 12, pp. 91-104).

Ehrenfeld, J.M., 2017. Wannacry, cybersecurity and health information technology: A time to
act. Journal of medical systems, 41(7), p.104.

Erkin, Z., Veugen, T., Toft, T. and Lagendijk, R.L., 2012. Generating private
recommendations efficiently using homomorphic encryption and data packing. IEEE
transactions on information forensics and security, 7(3), pp.1053-1066.

Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G. and Vázquez, E., 2009. Anomaly-
based network intrusion detection: Techniques, systems and challenges. computers &
security, 28(1-2), pp.18-28.

Halfond, W.G., Viegas, J. and Orso, A., 2006, March. A classification of SQL-injection
attacks and countermeasures. In Proceedings of the IEEE International Symposium
on Secure Software Engineering (Vol. 1, pp. 13-15). IEEE.

Nanjundiah, V., Intel Corp, 2002. System for selective encryption of data packets. U.S. Patent
Application 09/803,082.

Mohurle, S. and Patil, M., 2017. A brief study of wannacry threat: Ransomware attack
2017. International Journal, 8(5).

Perlroth, N., Scott, M. and Frenkel, S., 2017. Cyberattack Hits Ukraine Then Spreads
Internationally. The New York Times.

Richardson, R. and North, M., 2017. Ransomware: Evolution, mitigation and

prevention. International Management Review, 13(1), p.10.

Scarfone, K. and Mell, P., 2007. Guide to intrusion detection and prevention systems
(idps). NIST special publication, 800(2007), p.94.
Scheidell, M., SECNAP Network Security LLC, 2009. Intrusion detection system. U.S.
Patent 7,603,711.

Shane, S., Mazzetti, M. and Rosenberg, M., 2017. WikiLeaks releases trove of alleged CIA
hacking documents. The New York Times, Mar.