Simulating cyber-attacks for fun and profit
نویسندگان
چکیده
We introduce a new simulation platform called Insight, created to design and simulate cyber-attacks against large arbitrary target scenarios. Insight has surprisingly low hardware and configuration requirements, while making the simulation a realistic experience from the attacker’s standpoint. The scenarios include a crowd of simulated actors: network devices, hardware devices, software applications, protocols, users, etc. A novel characteristic of this tool is to simulate vulnerabilities (including 0-days) and exploits, allowing an attacker to compromise machines and use them as pivoting stones to continue the attack. A user can test and modify complex scenarios, with several interconnected networks, where the attacker has no initial connectivity with the objective of the attack. We give a concise description of this new technology, and its possible uses in the security research field, such as pentesting training, study of the impact of 0-days vulnerabilities, evaluation of security countermeasures, and risk assessment tool.
منابع مشابه
A Review on Cyberspace Security: Lessons for Islamic Republic of Iran
Today governments face a threat by cyber attacks capable of disrupting communicative, economic and vital services that cause severe damages and losses. It has been years that Islamic republic of Iran benefits from cyberspace in different military and civilian sectors. Sensitive national centers such as nuclear facilities and Ministry of Oil have been targeted by individuals, groups and governme...
متن کاملAnalysis of Cybercrime and Cyber Attacks during the COVID-19 Pandemic
The COVID-19 pandemic was a remarkable and unprecedented event that changed the lives of billions of citizens around the world and resulted in what is known as a new term in terms of social norms and lifestyles. In addition to the tremendous impact on society and business in general, the epidemic created a unique set of cybercrime circumstances that also affected society and business. Increased...
متن کاملThe Ethics of Cyber Conflict
At least on the surface, most cyber attacks appear to be clearly unethical as well as illegal. These include attacks performed for amusement or bragging rights, such as web defacements conducted “just for fun” and computer viruses launched out of curiosity but disregard for their consequences. They also include attacks done for personal gain, such as system intrusions to steal credit card numbe...
متن کاملResilient Configuration of Distribution System versus False Data Injection Attacks Against State Estimation
State estimation is used in power systems to estimate grid variables based on meter measurements. Unfortunately, power grids are vulnerable to cyber-attacks. Reducing cyber-attacks against state estimation is necessary to ensure power system safe and reliable operation. False data injection (FDI) is a type of cyber-attack that tampers with measurements. This paper proposes network reconfigurati...
متن کاملCyber Risk Exposure and Prospects for Cyber Insurance
This study draws attention to the ubiquitous and borderless nature of cybercrime. It examines the prospect of introducing customized cyber insurance policy in the Nigerian market. As secondary data was not available, the study conducted a survey by administering three sets of questionnaire to purposively selected top executives in four Trade Groups that rely heavily on Internet transactions for...
متن کامل