• Title/Summary/Keyword: Cyber-Attacks

Search Result 529, Processing Time 0.026 seconds

A Study On the Effects of Recognition Structure Change of Organization According to the BCMS Introduction in Smart Industry (Focused on Manufacturing Industries of Automobile Parts) (스마트 기업의 BCMS 도입이 조직 인식구조 변화에 미친 영향에 관한 연구 (자동차 부품 제조업 중심으로))

  • Cho, Ki Hoon;Kim, Dong Heon;Jang, Ho Jin
    • Journal of Korean Society of Disaster and Security
    • /
    • v.11 no.2
    • /
    • pp.9-15
    • /
    • 2018
  • From natural disasters such as floods, heavy rains, and strong winds and social disasters such as 911 U.S. terrorism and cyber attacks that could have a fatal impact on corporate continuity, it is necessary to introduce and implement a Business Continuity Management System (BCMS) within a firm to maintain continuity of business and to change the organizational structure for an emergency state in order to operate and manage it systematically and efficiently. therefore, this study analyzed and verified the impact of introducing a Business Continuity Management System (BCMS) on the change in the recognition structure of an organization in four categories, including personal recognition, organizational culture, organizational structure, and organizational strategy, in order to analyse the impact and effect of introducing a Business Continuity Management System (BCMS) on the change in the recognition structure of each category. through this study, we believe that the introduction of a Business Continuity Management System (BCMS) within a firm could effectively change the organization's perception of an emergency state and help it maintain its continuity as well as improve its value.

A Study on the Vulnerability Management of Internet Connection Devices based on Internet-Wide Scan (인터넷 와이드 스캔 기술 기반 인터넷 연결 디바이스의 취약점 관리 구조 연구)

  • Kim, Taeeun;Jung, Yong Hoon;Jun, Moon-Seog
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.20 no.9
    • /
    • pp.504-509
    • /
    • 2019
  • Recently, both wireless communications technology and the performance of small devices have developed exponentially, while the number of services using various types of Internet of Things (IoT) devices has also massively increased in line with the ongoing technological and environmental changes. Furthermore, ever more devices that were previously used in the offline environment-including small-size sensors and CCTV-are being connected to the Internet due to the huge increase in IoT services. However, many IoT devices are not equipped with security functions, and use vulnerable open source software as it is. In addition, conventional network equipment, such as switches and gateways, operates with vulnerabilities, because users tend not to update the equipment on a regular basis. Recently, the simple vulnerability of IoT devices has been exploited through the distributed denial of service (DDoS) from attackers creating a large number of botnets. This paper proposes a system that is capable of identifying Internet-connected devices quickly, analyzing and managing the vulnerability of such devices using Internet-wide scan technology. In addition, the vulnerability analysis rate of the proposed technology was verified through collected banner information. In the future, the company plans to automate and upgrade the proposed system so that it can be used as a technology to prevent cyber attacks.

An Efficient ECU Analysis Technology through Non-Random CAN Fuzzing (Non-Random CAN Fuzzing을 통한 효율적인 ECU 분석 기술)

  • Kim, Hyunghoon;Jeong, Yeonseon;Choi, Wonsuk;Jo, Hyo Jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.6
    • /
    • pp.1115-1130
    • /
    • 2020
  • Modern vehicles are equipped with a number of ECUs(Electronic Control Units), and ECUs can control vehicles efficiently by communicating each other through CAN(Controller Area Network). However, CAN bus is known to be vulnerable to cyber attacks because of the lack of message authentication and message encryption, and access control. To find these security issues related to vehicle hacking, CAN Fuzzing methods, that analyze the vulnerabilities of ECUs, have been studied. In the existing CAN Fuzzing methods, fuzzing inputs are randomly generated without considering the structure of CAN messages transmitted by ECUs, which results in the non-negligible fuzzing time. In addition, the existing fuzzing solutions have limitations in how to monitor fuzzing results. To deal with the limitations of CAN Fuzzing, in this paper, we propose a Non-Random CAN Fuzzing, which consider the structure of CAN messages and systematically generates fuzzing input values that can cause malfunctions to ECUs. The proposed Non-Random CAN Fuzzing takes less time than the existing CAN Fuzzing solutions, so it can quickly find CAN messages related to malfunctions of ECUs that could be originated from SW implementation errors or CAN DBC(Database CAN) design errors. We evaluated the performance of Non-Random CAN Fuzzing by conducting an experiment in a real vehicle, and proved that the proposed method can find CAN messages related to malfunctions faster than the existing fuzzing solutions.

Construction of an Audio Steganography Botnet Based on Telegram Messenger (텔레그램 메신저 기반의 오디오 스테가노그래피 봇넷 구축)

  • Jeon, Jin;Cho, Youngho
    • Journal of Internet Computing and Services
    • /
    • v.23 no.5
    • /
    • pp.127-134
    • /
    • 2022
  • Steganography is a hidden technique in which secret messages are hidden in various multimedia files, and it is widely exploited for cyber crime and attacks because it is very difficult for third parties other than senders and receivers to identify the presence of hidden information in communication messages. Botnet typically consists of botmasters, bots, and C&C (Command & Control) servers, and is a botmasters-controlled network with various structures such as centralized, distributed (P2P), and hybrid. Recently, in order to enhance the concealment of botnets, research on Stego Botnet, which uses SNS platforms instead of C&C servers and performs C&C communication by applying steganography techniques, has been actively conducted, but image or video media-oriented stego botnet techniques have been studied. On the other hand, audio files such as various sound sources and recording files are also actively shared on SNS, so research on stego botnet based on audio steganography is needed. Therefore, in this study, we present the results of comparative analysis on hidden capacity by file type and tool through experiments, using a stego botnet that performs C&C hidden communication using audio files as a cover medium in Telegram Messenger.

Analyze Virtual Private Network Vulnerabilities and Derive Security Guidelines Based on STRIDE Threat Modeling (STRIDE 위협 모델링 기반 가상 사설망 취약점 분석 및 보안 요구사항 도출)

  • Kim, Da-hyeon;Min, Ji-young;Ahn, Jun-ho
    • Journal of Internet Computing and Services
    • /
    • v.23 no.6
    • /
    • pp.27-37
    • /
    • 2022
  • Virtual private network (VPN) services are used in various environments related to national security, such as defense companies and defense-related institutions where digital communication environment technologies are diversified and access to network use is increasing. However, the number of cyber attacks that target vulnerable points of the VPN has annually increased through technological advancement. Thus, this study identified security requirements by performing STRIDE threat modeling to prevent potential and new vulnerable points that can occur in the VPN. STRIDE threat modeling classifies threats into six categories to systematically identify threats. To apply the proposed security requirements, this study analyzed functions of the VPN and formed a data flow diagram in the VPN service process. Then, it collected threats that can take place in the VPN and analyzed the STRIDE threat model based on data of the collected threats. The data flow diagram in the VPN service process, which was established by this study, included 96 STRIDE threats. This study formed a threat scenario to analyze attack routes of the classified threats and derived 30 security requirements for each element of the VPN based on the formed scenario. This study has significance in that it presented a security guideline for enhancing security stability of the VPN used in facilities that require high-level security, such as the Ministry of National Defense (MND).

Malicious Packet Detection Technology Using Machine Learning and Deep Learning (머신러닝과 딥러닝을 활용한 악성 패킷 탐지 기술 연구)

  • Byounguk An;JongChan Lee;JeSung Chi;Wonhyung Park
    • Convergence Security Journal
    • /
    • v.21 no.4
    • /
    • pp.109-115
    • /
    • 2021
  • Currently, with the development of 5G and IoT technology, it is being used in connection with the things used in real life through a network. However, attempts to use networked computers for malicious purposes are increasing, and attacks using malicious codes that infringe the confidentiality and integrity of user information are becoming more intelligent. As a countermeasure to this, research is being conducted on a method of detecting malicious packets using a security control system and AI technology, supervised learning. The cyber security control system is being operated inefficiently in terms of manpower and cost. In addition, in the era of the COVID-19 pandemic, remote work has increased, making it difficult to respond immediately. In addition, malicious code detection using the existing AI technology, supervised learning, does not detect variant malicious code, and has an inaccurate malicious code detection rate depending on the quantity and quality of data. Therefore, in this study, by converging malicious packet detection technologies through various machine learning and deep learning models, the accuracy of malicious packet detection is increased, the false positive rate and the false positive rate are reduced, and a new type of malicious packet can be efficiently detected when intrusion. We propose a malicious packet detection technology.

Design of Comprehensive Security Vulnerability Analysis System through Efficient Inspection Method according to Necessity of Upgrading System Vulnerability (시스템 취약점 개선의 필요성에 따른 효율적인 점검 방법을 통한 종합 보안 취약성 분석 시스템 설계)

  • Min, So-Yeon;Jung, Chan-Suk;Lee, Kwang-Hyong;Cho, Eun-Sook;Yoon, Tae-Bok;You, Seung-Ho
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.18 no.7
    • /
    • pp.1-8
    • /
    • 2017
  • As the IT environment becomes more sophisticated, various threats and their associated serious risks are increasing. Threats such as DDoS attacks, malware, worms, and APT attacks can be a very serious risk to enterprises and must be efficiently managed in a timely manner. Therefore, the government has designated the important system as the main information communication infrastructure in consideration of the impact on the national security and the economic society according to the 'Information and Communication Infrastructure Protection Act', which, in particular, protects the main information communication infrastructure from cyber infringement. In addition, it conducts management supervision such as analysis and evaluation of vulnerability, establishment of protection measures, implementation of protection measures, and distribution of technology guides. Even now, security consulting is proceeding on the basis of 'Guidance for Evaluation of Technical Vulnerability Analysis of Major IT Infrastructure Facilities'. There are neglected inspection items in the applied items, and the vulnerability of APT attack, malicious code, and risk are present issues that are neglected. In order to eliminate the actual security risk, the security manager has arranged the inspection and ordered the special company. In other words, it is difficult to check against current hacking or vulnerability through current system vulnerability checking method. In this paper, we propose an efficient method for extracting diagnostic data regarding the necessity of upgrading system vulnerability check, a check item that does not reflect recent trends, a technical check case for latest intrusion technique, a related study on security threats and requirements. Based on this, we investigate the security vulnerability management system and vulnerability list of domestic and foreign countries, propose effective security vulnerability management system, and propose further study to improve overseas vulnerability diagnosis items so that they can be related to domestic vulnerability items.

The Trend of Aviation Terrorism in the 4th Industrial Revolution Period and the Development Direction for Domestic Counter Terrorism of Aviation (제4차 산업혁명 시대의 항공 테러리즘 양상 및 국내 항공테러 대응체계 발전방향)

  • Hwang, Ho-Won;Kim, Seung-Woo
    • The Korean Journal of Air & Space Law and Policy
    • /
    • v.32 no.2
    • /
    • pp.155-188
    • /
    • 2017
  • On the one hand, the 4th Industrial Revolution provides a positive opportunity to build a new civilization paradigm for mankind. However, on the other hand, due to the 4th Industrial Revolution, artificial intelligence such as 'Goggle Alpha Go' revolutionized and even the human ability was replaced with a 'Silicon Chip' as the opportunity to communicate decreases, the existence of human beings is weakened. And there is a growing concern that the number of violent crimes, such as psychopath, which hunts humans as games, will increase. Moreover, recent international terrorism is being developed in a form similar to 'Psychopathic Violent-Crime' that indiscriminately attacks innocent people. So, the probability that terrorist organizations abuse the positive effects provided by the Fourth Industrial Revolution as means of terrorism is increasing. Therefore, the paradigm of aviation terrorism is expected to change in a way that attacks airport facilities and users rather than aircraft. Because airport facilities are crowded, and psychopathic terrorists are easily accessible. From this point of view, our counter terrorism system of aviation has many weak points in various aspects such as: (1) limitations of counter-terrorism center (2) inefficient on-site command and control system (3) separated organization for aviation security consultation (4) dispersed information collection function in government (5) vulnerable to cyber attack (6) lack of international cooperation network for aviation terrorism. Consequently, it is necessary to improve the domestic counter terrorism system of aviation so as to preemptively respond to the international terrorism. This study propose the following measures to improve the aviation security system by (1) create 'Aviation Special Judicial Police' (2) revise the anti-terrorism law and aviation security law (3) Strengthening the ability respond to terrorism in cyberspace (4) building an international cooperation network for aviation terrorism.

  • PDF

Trends and Prospects of N. Korea Military Provocations After the Sinking of ROKS Cheon-an (천안함 폭침 이후 북한의 군사도발 양상과 전망)

  • Kim, Sung-Man
    • Strategy21
    • /
    • s.34
    • /
    • pp.58-92
    • /
    • 2014
  • Even after S. Korea took 5.24 Measure(24 May 2014), N. Korea has not stopped raising provocations such as the shelling of Yeonpyeong Island, electronic and cyber attacks. To make matters worse, the communist country lunched long-range missiles(twice) and conducted 3rd nuclear test, escalating tensions which could possibly lead to an all-out war. Korean Government failed to respond properly. However, escalation into an all-out war was deterred by the CFC immediately carrying out its peacetime duty(CODA). The US made a rapid dispatch of its augmentation forces(Aircraft carrier, nuclear-powered submarine, strategic bomber, F-22) to the Korean Peninsula. In recognition of the importance of the Combined Forces Command, since May 2013 the Park Geun-Hye Administration has been pushing ahead with re-postponement of Wartime Operational Control Transfer(which initially meant the disassembling of the CFC as of 1 December 2015) More recently, there has been a series of unusual indicators from the North. Judging from its inventory of 20 nuclear weapons, 1,000 ballistic missiles and biochemical weapons, it is safe to say that N. Korea has gained at least war deterrence against S. Korea. Normally a nation with nuclear weapons shrink its size of conventional forces, but the North is pursuing the opposite, rather increasing them. In addition, there was a change of war plan by N. Korea in 2010, changing 'Conquering the Korean Peninsula' to 'Negotiation after the seizure of the Greater Seoul Metropolitan Area(GSMA)' and establishing detailed plans for wartime projects. The change reflects the chain reaction in which requests from pro-north groups within the South will lead to the proclamation of war. Kim, Jeong-Un, leader of N. Korean regime, sent threatening messages using words such as 'exercising a nuclear preemptive strike right' and 'burning of Seoul'. Nam, Jae-June, Director of National Intelligence Service, stated that Kim, Jung-Un is throwing big talks, saying communization of the entire Korean Peninsula will come within the time frame of 3 years. Kim, Gwan-Jin, Defense Minister, shared an alarming message that there is a high possibility that the North will raise local provocations or a full-fledged war whenever while putting much emphasis on defense posture. As for the response concept of the Korean Government, it has been decided that 'ROK·US Combined Local Provocation Counter-Measure' will be adopted to act against local provocations from the North. Major provocation types include ▲ violation of the Northern Limit Line(NLL) with mobilization of military ships ▲ artillery provocations on Northwestern Islands ▲ low altitude airborne intrusion ▲ rear infiltration of SOF ▲ local conflicts within the Military Demarcation Line(MDL) ▲ attacking friendly ships by submarines. Counter-measures currently established by the US involves the support from USFK and USFJ. In order to keep the sworn promise, the US is reinforcing both USFK and USFJ. An all-out war situation will be met by 'CFC OPLAN5027' and 'Tailored Expansion Deterrence Forces' with the CFC playing a central role. The US augmentation forces stands at 690,000 troops, some 160 ships, 2,000 aircraft and this comprise 50% of US total forces, which is estimated to be ninefold of Korean forces. The CFC needs to be in center in handling both local provocations and an all-out war situation. However, the combat power of S. Korean conventional forces is approximately around 80% of that of N. Korea, which has been confirmed from comments made by Kim, Gwan-Jin, Defense Minister, during an interpellation session at the National Assembly. This means that S. Korean forces are not much growing. In particular, asymmetric capabilities of the North is posing a serious threat to the South including WMD, cyber warfare forces, SOF, forces targeting 5 Northwestern Islands, sub-surface and amphibious assault forces. The presence of such threats urgently requires immediate complementary efforts. For complementary efforts, the Korean Government should consider ① reinforcement of Korean forces; putting a stoppage to shrinking military, acquisition of adequate defense budget, building a missile defense and military leadership structure validity review, ② implementation of military tasks against the North; disciplinary measures on the sinking of ROKS Cheon-an/shelling of Yeonpyeong Islands, arrangement of inter-Korean military agreements, drawing lessons from studies on the correlation between aid for N. Korea, execution of inter-Korean Summit and provocations from the North, and ③ bolstering the ROK·US alliance; disregarding wartime operational control transfer plan(disassembling of CFC) and creation of a combined division.