Threats

This article discusses threats, explaining what they are and how they can affect network traffic.

A threat is any circumstance or event with the potential to adversely impact data or systems via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service. Threats may involve intentional actors (e.g., attacker who wants to access information on a server) or unintentional actors (e.g., administrator who forgets to disable user accounts of a former employee.)  Threats can be local, such as a disgruntled employee, or remote, such as an attacker in another geographical area.

A threat source is the cause of a threat, such as a hostile cyber or physical attack, a human error of omission or commission, a failure of organization-controlled hardware or software, or other failure beyond the control of the organization. A threat event is an event or situation initiated or caused by a threat source that has the potential for causing adverse impact.

Many threats against data and resources are possible because of mistakes—either bugs in operating system and applications that create exploitable vulnerabilities, or errors made by end users and administrators.  

Network traffic typically passes through intermediate computers, such as routers, or is carried over unsecured networks, such as wireless hotspots. Because of this, it can be intercepted by a third party. Threats against network traffic include the following:

  • Eavesdropping. Information remains intact, but its privacy is compromised. For example, someone could learn your credit card number, record a sensitive conversation, or intercept classified information.
  • Tampering. Information in transit is changed or replaced and then sent on to the recipient. For example, someone could alter an order for goods or change a person's resume.
  • Impersonation. Information passes to a person who poses as the intended recipient. Impersonation can take two forms:
    • Spoofing. A person can pretend to be someone else. For example, a person can pretend to have the email address jdoe@example.net, or a computer can identify itself as a site called www.example.net when it is not. This type of impersonation is known as spoofing.
    • Misrepresentation. A person or organization can misrepresent itself. For example, suppose the site www.example.net pretends to be a furniture store when it is really just a site that takes credit-card payments but never sends any goods.
  • Malware. Website malware is a growing problem. Business needs have changed the way websites store sensistive data, with more usage of cloud services. But hackers may make out money, data and confidential information from your website by infecting website with malware. For example, Site can be infected with a malware redirect hack in which a legitimate redirects to spam site or a phishing page. This kind of malware is widespread on wordpress websites. For more detailed look on this you can refer to this detailed post on wordpress malware redirect.
  • Phishing. Phishing is a method of a social engineering with the goal of obtaining sensitive data such as passwords, usernames, credit card numbers. The attacks often comes in form of instant messages or phishing emails which appear to be legitimate but they are used to obtain personal information. For example, a mail which appears to be to be sent from a bank, asking to verify your identity by giving away your private information.
  • DDOS Network attack. The volume and strength of DDoS attacks are growing as hackers try to bring organizations offline or steal their data by flooding websites and networks with spurious traffic.

Original Document Information

Original Document Information

  • Author(s): Joint Task Force Transformation Initiative
  • Title: National Institute of Standards and Technology (NIST) Special Publication 800-30 Revision 1, Guide for Conducting Risk Assessments
  • Last Updated Date: September 2012
  • Copyright Information: This document is not subject to copyright.

Original Document Information

  • Author(s): Karen Scarfone, Wayne Jansen, and Miles Tracy
  • Title: National Institute of Standards and Technology (NIST) Special Publication 800-123, Guide to General Server Security
  • Last Updated Date: July 2008
  • Copyright Information: This document is not subject to copyright.