Week 2 Assignment

Security Architecture & Design (ISOL – 536)

Divyansh Mathur

May 16, 2020

University of the Cumberlands

Dr. Philip Schall

Page 1
Week 2 Assignment

Human Attackers

Threat agents are gateways through which the attacks are planned and executed. Referred

to as an individual, an organization, or a group capable enough of inflicting damage to

company’s assets with the intent to conduct detrimental activities; threat agents pose a serious

security risk. Their goal is to breach security and gain access into company’s underlying systems

for numerous reasons. One of these agents is human attackers who possess a unique set of goals

and carry out activities through their own methods and capabilities. Working individually or as a

single group, these attackers are bound to target different types of systems through numerous

ways by their own methods, for reasons such as money, extortion, personal gain etc. (Bugeja et

al., 2017). The textbook describes the human attackers having three key attributes viz.

Intelligence, Adaptivity, and Creativity. The article talks about these attributes in detail in the

section outlined below.

Intelligence

In computer security, it is often said that an attacker needs only point of entry to exploit

the underlying systems. The security team has to win all the times, but an attacker needs a single

win. The statement is completely true because attackers are becoming increasingly intelligent

and use various mechanisms to exploit the systems by gaining entry though one hole that was left

unplugged by the security team (Moisan & Gonzalez, 2017). A good attacker is highly skilled,

quick-witted, and has the capacity for logical understanding and learning the systems through

materials available in public. They apply methods of problem solving, reasoning and critical

thinking before executing their carefully planned action plan.

Attackers are not only using traditional methods for stealing credentials to access systems

but are relying on latest software easily available in the market. Through artificial intelligence,

Page 2
Week 2 Assignment

attackers are tampering with datasets and tweak data to trick a neural network and fool systems

into evaluating information that isn’t present, thereby ignoring the obvious objects entirely.

Furthermore, with methods applied by the attackers, the defense against intelligent and

unauthorized trespassing in the cyber world has become even more challenging (Moisan &

Gonzalez, 2017). The stakes have never been higher given the environment’s hyper-

dimensionality characteristics, the tools used, and the presence of large number of access control

systems that serve to protect against the high volume of potential attacks by human attackers.

Adaptivity

With the constantly changing tech savvy climate, attackers are always on the offense

while the security architecture team on the defense. With their aggressive behavior, attackers

possess habits, developed over a period of time through repetitive attacks which has enabled

them with confidence or desperateness. Seeking a position of strength, attackers are adapting and

changing their methods for a successful intrusion into the systems (Ali, 2019). They do so by

employing various tactics such as the element of surprise or the use of an overwhelming force

such as sending data in huge amounts from various sources towards the intended target system.

By doing so they tend to gain some sort of a strategic high ground against their target leaving

them prone to extortion in exchange for enabling access or not making the data public.

Human attackers are adapting to the evolving security landscape and employ numerous

tools and tactics to achieve their desired goals. By executing undetectable attacks by blending in

with the company’s security environment, replicating user access through bots, sending phishing

and spam emails in bulk designed to dupe customers into paying huge sums of money in

exchange for keeping their not releasing their personal and confidential information, are one of

many ways that the attackers have adapted (Moisan & Gonzalez, 2017). With malwares

Page 3
Week 2 Assignment

becoming harder to detect and Denial-of-Service (DoS) attacks on the rise, attackers are also

using social platforms as a new means of exploiting vulnerable profiles and compromising

systems.

Creativity

Security architecture teams are dealing with a substantial increase in the number of

attacks targeted towards their systems. Whether it is a credit bureau, a health industry, financial

institution, or even government agencies; attackers are getting creative int their attacks and the

ways they pick on their targets. Unlike the traditional methodology, where attacks were limited

to accessing controls or extracting money, the attackers are now employing sophisticated

techniques that are designed to have significant impacts on the economy or even the industrial

sectors for a country. The cyber criminals have become increasingly inventive in their

methodology, looking for ways to infiltrate and abuse systems that are decades old and often

overlooked by most companies (Ali, 2019).

Hackers these days are bend on causing disruption at places that almost go unnoticed

such as public utilities. By exploiting open networks most commonly employed at public places

such as broadcast networks, airplanes, automated vehicles, and home routers; the perpetuators

inject malware infections thereby causing mass disruption to normal services (Moisan &

Gonzalez, 2017). Moreover, even though threats to software always persist, vulnerabilities in

web apps are being heavily exploited and have proven just as dangerous.

Page 4
Week 2 Assignment

References

Ali, L. (2019). Cyber Crimes-A Constant Threat for the Business Sectors and Its Growth (A
Study of the Online Banking Sectors in Gcc). Journal of Developing Areas, 53(1), 267
279. https://doi.org/10.1353/jda.2019.0016

Bugeja, J., Jacobsson, A., & Davidsson, P. (2017). An analysis of malicious threat agents for the
smart connected home. 2017 IEEE International Conference on Pervasive Computing
and Communications Workshops (PerCom Workshops), Pervasive Computing and
Communications Workshops (PerCom Workshops), 2017 IEEE International Conference
On, 557–562. https://doi.org/10.1109/percomw.2017.7917623

Moisan, F., & Gonzalez, C. (2017). Security under Uncertainty: Adaptive Attackers Are More
Challenging to Human Defenders than Random Attackers. Frontiers in Psychology, 8,
982. https://doi.org/10.3389/fpsyg.2017.00982

Page 5