• Title/Summary/Keyword: cyberattacks

Search Result 69, Processing Time 0.026 seconds

Analysis of National Critical Information Infrastructure (NCII) Protection Policy Promotion System Based on Modified Policy Model Theory (수정된 정책모형이론에 기반한 국가정보통신기반시설 보호정책 추진체계 분석)

  • Ji-yeon Yoo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.2
    • /
    • pp.347-363
    • /
    • 2024
  • As the number of cyberattacks against the National Critical Information Infrastructure (NCII) is steadily increasing, many countries are strengthening the protection of National Critical Information Infrastructure (NCII) through the enactment and revision of related policies and legal systems. Therefore, this paper selects countries such as the United States, the United Kingdom, Japan, Germany, and Australia, which have established National Critical Information Infrastructure (NCII) protection systems, and compares and analyzes the promotion system of each country's National Critical Information Infrastructure (NCII) protection policy. This paper compares the National Critical Information Infrastructure (NCII) protection system of each country with the cybersecurity system and analyzes the promotion structure. Based on the policy model theory, which is a modification of Allison's theory and Nakamura & Smallwood's theory, this paper analyzes the model of each country's promotion system from the perspective of policy-making and policy-execution. The United States, Japan, Germany, and Australia's policy-promotion model is a system-strengthening model in which both policy-making and policy-execution are organized around the protection of the National Critical Information Infrastructure (NCII), while the United Kingdom and South Korea's policy-promotion model is an execution-oriented model that focuses more on policy-execution.

Study on Automation of Comprehensive IT Asset Management (포괄적 IT 자산관리의 자동화에 관한 연구)

  • Wonseop Hwang;Daihwan Min;Junghwan Kim;Hanjin Lee
    • Journal of Information Technology Services
    • /
    • v.23 no.1
    • /
    • pp.1-10
    • /
    • 2024
  • The IT environment is changing due to the acceleration of digital transformation in enterprises and organizations. This expansion of the digital space makes centralized cybersecurity controls more difficult. For this reason, cyberattacks are increasing in frequency and severity and are becoming more sophisticated, such as ransomware and digital supply chain attacks. Even in large organizations with numerous security personnel and systems, security incidents continue to occur due to unmanaged and unknown threats and vulnerabilities to IT assets. It's time to move beyond the current focus on detecting and responding to security threats to managing the full range of cyber risks. This requires the implementation of asset Inventory for comprehensive management by collecting and integrating all IT assets of the enterprise and organization in a wide range. IT Asset Management(ITAM) systems exist to identify and manage various assets from a financial and administrative perspective. However, the asset information managed in this way is not complete, and there are problems with duplication of data. Also, it is insufficient to update of data-set, including Network Infrastructure, Active Directory, Virtualization Management, and Cloud Platforms. In this study, we, the researcher group propose a new framework for automated 'Comprehensive IT Asset Management(CITAM)' required for security operations by designing a process to automatically collect asset data-set. Such as the Hostname, IP, MAC address, Serial, OS, installed software information, last seen time, those are already distributed and stored in operating IT security systems. CITAM framwork could classify them into unique device units through analysis processes in term of aggregation, normalization, deduplication, validation, and integration.

How to use attack cases and intelligence of Korean-based APT groups (한국어 기반 APT 그룹의 공격사례 및 인텔리전스 활용 방안)

  • Lee Jung Hun;Choi Youn Sung
    • Convergence Security Journal
    • /
    • v.24 no.3
    • /
    • pp.153-163
    • /
    • 2024
  • Despite the increasing hacking threats and security threats as IT technology advances and many companies adopt security solutions, cyberattacks and threats still persist for years. APT attack is a technique of selecting a specific target and continuing to attack. The threat of an APT attack uses all possible means through the electronic network to perform APT for years. Zero-day attacks, malicious code distribution, and social engineering techniques are performed, and some of them directly invade companies. These techniques have been in effect since 2000, and are similarly used in voice phishing, especially for social engineering techniques. Therefore, it is necessary to study countermeasures against APT attacks. This study analyzes the attack cases of Korean-based APT groups in Korea and suggests the correct method of using intelligence to analyze APT attack groups.

Security Knowledge Classification Framework for Future Intelligent Environment (미래 융합보안 인력양성을 위한 보안교육과정 분류체계 설계)

  • Na, Onechul;Lee, Hyojik;Sung, Soyung;Chang, Hangbae
    • The Journal of Society for e-Business Studies
    • /
    • v.20 no.3
    • /
    • pp.47-58
    • /
    • 2015
  • Recently, new information security vulnerabilities have proliferated with the convergence of information security environments and information and communication technology. Accordingly, new types of cybercrime are on the rise, and security breaches and other security-related incidents are increasing rapidly because of security problems like external cyberattacks, leakage by insiders, etc. These threats will continue to multiply as industry and technology converge. Thus, the main purpose of this paper is to design and present security subjects in order to train professional security management talent who can deal with the enhanced threat to information. To achieve this, the study first set key information security topics for business settings on the basis of an analysis of preceding studies and the results of a meeting of an expert committee. The information security curriculum taxonomy is developed with reference to an information security job taxonomy for domestic conditions in South Korea. The results of this study are expected to help train skilled security talent who can address new security threats in the future environment of industrial convergence.

A Research on the Exposure Status of Cybersecurity Risk of Process Control System and Its Counterplan (공정제어시스템의 사이버보안 위험 노출 현황 및 대응방안 연구)

  • Kim, Youngse;Park, Jinhyung;Kim, Sangki;Kim, Byungjick;Lee, Joonwon;Park, Kyoshik
    • Korean Chemical Engineering Research
    • /
    • v.60 no.4
    • /
    • pp.492-498
    • /
    • 2022
  • Process control systems used in most domestic petrochemical corporates today are based on the Windows platforms. As technology leans toward opened environment, the exposure risk of control systems is increasing. However, not many companies are preparing for various cyberattacks due to lack of awareness and misunderstanding of cyber intrusion. This study investigated the extent of how much exposed the petrochemical process control system is to security threats and suggested practical measures to reduce OT cybersecurity vulnerabilities. To identify the cyber threat status of process control systems, vulnerabilities of the Windows platform, a principal cyber threat factor, have been analyzed. For research, three major DCS providers in Korea and the discontinuation of Windows platform of 635 control systems were investigated. It was confirmed that 78% of the survey subjects were still operating in the discontinued windows platforms, and those process control systems were operated in a state vulnerable to cyber intrusions. In order to actively cope with these cyber threats, legal regulations such as designation of critical infrastructure for major petrochemical facilities which is implemented in advanced countries such as the United States are needed. Additionally, it is necessary to take the initiative in eradicating security threats to the process control systems by aggressively introducing security solutions provided from existing DCS suppliers. This paper was submitted to Professor Ko JaeWook's retirement anniversary issue.

A study on machine learning-based defense system proposal through web shell collection and analysis (웹쉘 수집 및 분석을 통한 머신러닝기반 방어시스템 제안 연구)

  • Kim, Ki-hwan;Shin, Yong-tae
    • Journal of Internet Computing and Services
    • /
    • v.23 no.4
    • /
    • pp.87-94
    • /
    • 2022
  • Recently, with the development of information and communication infrastructure, the number of Internet access devices is rapidly increasing. Smartphones, laptops, computers, and even IoT devices are receiving information and communication services through Internet access. Since most of the device operating environment consists of web (WEB), it is vulnerable to web cyber attacks using web shells. When the web shell is uploaded to the web server, it is confirmed that the attack frequency is high because the control of the web server can be easily performed. As the damage caused by the web shell occurs a lot, each company is responding to attacks with various security devices such as intrusion prevention systems, firewalls, and web firewalls. In this case, it is difficult to detect, and in order to prevent and cope with web shell attacks due to these characteristics, it is difficult to respond only with the existing system and security software. Therefore, it is an automated defense system through the collection and analysis of web shells based on artificial intelligence machine learning that can cope with new cyber attacks such as detecting unknown web shells in advance by using artificial intelligence machine learning and deep learning techniques in existing security software. We would like to propose about. The machine learning-based web shell defense system model proposed in this paper quickly collects, analyzes, and detects malicious web shells, one of the cyberattacks on the web environment. I think it will be very helpful in designing and building a security system.

Detection of Signs of Hostile Cyber Activity against External Networks based on Autoencoder (오토인코더 기반의 외부망 적대적 사이버 활동 징후 감지)

  • Park, Hansol;Kim, Kookjin;Jeong, Jaeyeong;Jang, jisu;Youn, Jaepil;Shin, Dongkyoo
    • Journal of Internet Computing and Services
    • /
    • v.23 no.6
    • /
    • pp.39-48
    • /
    • 2022
  • Cyberattacks around the world continue to increase, and their damage extends beyond government facilities and affects civilians. These issues emphasized the importance of developing a system that can identify and detect cyber anomalies early. As above, in order to effectively identify cyber anomalies, several studies have been conducted to learn BGP (Border Gateway Protocol) data through a machine learning model and identify them as anomalies. However, BGP data is unbalanced data in which abnormal data is less than normal data. This causes the model to have a learning biased result, reducing the reliability of the result. In addition, there is a limit in that security personnel cannot recognize the cyber situation as a typical result of machine learning in an actual cyber situation. Therefore, in this paper, we investigate BGP (Border Gateway Protocol) that keeps network records around the world and solve the problem of unbalanced data by using SMOTE. After that, assuming a cyber range situation, an autoencoder classifies cyber anomalies and visualizes the classified data. By learning the pattern of normal data, the performance of classifying abnormal data with 92.4% accuracy was derived, and the auxiliary index also showed 90% performance, ensuring reliability of the results. In addition, it is expected to be able to effectively defend against cyber attacks because it is possible to effectively recognize the situation by visualizing the congested cyber space.

A Trend Analysis of in the U.S. Cybersecurity Strategy and Implications for Korea (미국 사이버안보 전략의 경향 분석과 한국에의 함의)

  • Sunha Bae;Minkyung Song;Dong Hee Kim
    • Convergence Security Journal
    • /
    • v.23 no.2
    • /
    • pp.11-25
    • /
    • 2023
  • Since President Biden's inauguration, significant cyberattacks have occurred several times in the United States, and cybersecurity was emphasized as a national priority. The U.S. is advancing efforts to strengthen the cybersecurity both domestically and internationally, including with allies. In particular, the Biden administration announced the National Cybersecurity Strategy in March 2023. The National Cybersecurity Strategy is the top guideline of cybersecurity and is the foundation of other cybersecurity policies. And it includes public-privates as well as international policy directions, so it is expected to affect the international order. Meanwhile, In Korea, a new administration was launched in 2022, and the revision of the National Cybersecurity Strategy is necessary. In addition, cooperation between Korea and the U.S. has recently been strengthened, and cybersecurity is being treated as a key agenda in the cooperative relationship. In this paper, we examine the cyber security strategies of the Trump and Biden administration, and analyze how the strategies have changed, their characteristics and implications in qualitative and quantitative terms. And we derive the implications of these changes for Korea's cybersecurity policy.

Study on Method to Develop Case-based Security Threat Scenario for Cybersecurity Training in ICS Environment (ICS 환경에서의 사이버보안 훈련을 위한 사례 기반 보안 위협 시나리오 개발 방법론 연구)

  • GyuHyun Jeon;Kwangsoo Kim;Jaesik Kang;Seungwoon Lee;Jung Taek Seo
    • Journal of Platform Technology
    • /
    • v.12 no.1
    • /
    • pp.91-105
    • /
    • 2024
  • As the number of cases of applying IT systems to the existing isolated ICS (Industrial Control System) network environment continues to increase, security threats in the ICS environment have rapidly increased. Security threat scenarios help to design security strategies in cybersecurity training, including analysis, prediction, and response to cyberattacks. For successful cybersecurity training, research is needed to develop valid and reliable security threat scenarios for meaningful training. Therefore, this paper proposes a case-based security threat scenario development methodology for cybersecurity training in the ICS environment. To this end, we develop a methodology consisting of five steps based on analyzing actual cybersecurity incident cases targeting ICS. Threat techniques are standardized in the same form using objective data based on the MITER ATT&CK framework, and then a list of CVEs and CWEs corresponding to the threat technique is identified. Additionally, it analyzes and identifies vulnerable functions in programming used in CWE and ICS assets. Based on the data generated up to the previous stage, develop security threat scenarios for cybersecurity training for new ICS. As a result of verification through a comparative analysis between the proposed methodology and existing research confirmed that the proposed method was more effective than the existing method regarding scenario validity, appropriateness of evidence, and development of various scenarios.

  • PDF