Motives, Goals, and Objectives of Information Security Attacks & Attack Vectors

In the information security world, an attacker attacks the target system with the three main components behind it. “Motive or Objective” of an attack makes an attacker focus on attacking a particular system. Another major component is “Method” that is used by an attacker to gain access to a target system. Vulnerability also helps the attacker to fulfill his intentions. These three components are the major blocks on which an attack depends.

Motive and Objective of an attacker to attack a system may depend upon something valuable stored in that specific system. The reason might be ethical or non-ethical. However, there must be a goal to achieve for the hacker, which leads to the threat to the system. Some typical motives of behind attacks are information theft, Manipulation of data, Disruption, propagation of political or religious beliefs, attack on target’s reputation or taking revenge. Method of attack & Vulnerability runs side by side. Intruder applies various tools and number of advanced & older techniques to exploit a vulnerability within a system, or security policy to breach & achieve their motives.

Information Security Attacks

Top Information Security Attack Vectors

Cloud Computing Threats

Cloud Computing is the most common trend & popularly in use nowadays. It does not mean that threats to cloud computing or cloud security are fewer. Mostly, the same issues as in traditionally hosted environments also exist in the cloud computing. It is very important to secure Cloud computing to protect services and important data.

Cloud Computing Threats

The following are some threats that exist in the Cloud Security:

  • In the Cloud Computing Environment, a major threat to cloud security is a single data breach that can to result loss. Additionally, it allows the hacker to further have access to the records which allows the hacker to have access to multiple records over the cloud. It is the extremely worst situation where compromising of single entity leads to compromise multiple records.
  • Data Loss is one of the most common potential threats that is vulnerable to Cloud security as well. Data loss may be due to intended or accidental means. It may be large scales or small scale; however massive data loss is catastrophic & costly.
  • Another Major threat to Cloud computing is the hijacking of Account over cloud and Services. Applications running on a cloud having software flaws, weak encryption, loopholes, and vulnerabilities allows the intruder to control.

Furthermore, there are several more threats to Cloud computing which are:

  • Insecure APIs
  • Denial of Services
  • Malicious Insiders
  • Poor Security
  • Multi-Tenancy

Advanced Persistent Threats

An advanced persistent threat (APT) is the process of stealing information by a continuous process. An Advanced Persistent Threat usually focuses on private organizations or for political motives. The APT process relies upon advanced, sophisticated techniques to exploit vulnerabilities within a system. The “persistent” term defines the process of an external command and controlling system that is continuously monitoring and fetching data from a target. The “threat” process indicates the involvement attacker with potentially harmful intentions.

ObjectivesMotive or Goal of threat
TimelinessTime spend in probing & accessing the target
ResourcesLevel of Knowledge & tools
Risk tolerancetolerance to remain undetected
Skills & MethodsTools & Techniques used throughout the event
ActionsPrecise Action of threat
Attack origination pointsNumber of origination points
Numbers involved in attackNumber of Internal & External System involved
Knowledge SourceDiscern information regarding threats

Viruses and :Worms

Term “Virus” in Network and Information security describes malicious software. This malicious software is developed to spread, replicate themselves, and attach themselves to other files. Attaching with other files helps to transfer onto other systems. These viruses require user interaction to trigger and initiate malicious activities on the resident system.

Unlike Viruses, Worms are capable of replicating themselves. This capability of worms makes them spread on a resident system very quickly. Worms are propagating in different forms since the 1980s. Some types of emerging worms are very destructive, responsible for devastating DoS attacks.

Mobile Threats

Emerging mobile phone technology, especially Smartphones has raised the focus of attacker over mobile devices. As Smartphones are popularly used all over the world, it has shifted the focus of attackers to steal business and personal information through mobile devices. The most common threat to mobile devices are:

  • Data leakage
  • Unsecured Wi-Fi Network
  • Spoofing
  • Phishing Attacks
  • Spyware
  • Broken Cryptography
  • Improper Session Handling

Insider Attack

An insider attack is the type of attack that is performed on a system, within a corporate network, by a trusted person. Trusted User is termed as Insider because Insider has privileges and it is authorized to access the network resources.

Insider Threats


Combination of the functionality of Robot and Network develop a continuously working Botnet on a repetitive task. It is the basic fundamental of a bot. They are known as the workhorses of the Internet. These botnets perform repetitive tasks. The most often of botnets are in connection with Internet Relay Chat. These types of botnets are legal and beneficial.

A botnet may use for positive intentions but there also some botnets which are illegal and intended for malicious activities. These malicious botnets can gain access to the systems using malicious scripts and codes either by directly hacking the system or through “Spider.” Spider program crawls over the internet and searches for holes in security. Bots introduce the system on the hacker’s web by contacting the master computer. It alerts the master computer when the system is under control. Attacker remotely controls all bots from Master computer.

Leave a Reply

Your email address will not be published.

Related Posts