Articles Data Breaches and Identity Theft | Page 10

Cyber security and the Internet of Things 73
a growing awareness that the new generation of smart-phone, computers and
other devices could be targeted with malware and vulnerable to attack.
2.2.4 Attacks
Attacks are actions taken to harm a system or disrupt normal operations by
exploiting vulnerabilities using various techniques and tools. Attackers launch
attacks to achieve goals either for personal satisfaction or recompense. The
measurement of the effort to be expended by an attacker, expressed in terms
of their expertise, resources and motivation is called attack cost [32]. Attack
actors are people who are a threat to the digital world [6]. They could be
hackers, criminals, or even governments [7]. Additional details are discussed
in Section 3.
An attack itself may come in many forms, including active network
attacks to monitor unencrypted traffic in search of sensitive information;
passive attacks such as monitoring unprotected network communications
to decrypt weakly encrypted traffic and getting authentication information;
close-in attacks; exploitation by insiders, and so on. Common cyber-attack
types are:
(a) Physical attacks: This sort of attack tampers with hardware components.
Due to the unattended and distributed nature of the IoT, most devices
typically operate in outdoor environments, which are highly susceptible
to physical attacks.
(b) Reconnaissance attacks – unauthorized discovery and mapping of sys-
tems, services, or vulnerabilities. Examples of reconnaissance attacks
are scanning network ports [41], packet sniffers [42], traffic analysis,
and sending queries about IP address information.
(c) Denial-of-service (DoS): This kind of attack is an attempt to make
a machine or network resource unavailable to its intended users.
Due to low memory capabilities and limited computation resources,
the majority of devices in IoT are vulnerable to resource enervation
attacks.
(d) Access attacks – unauthorized persons gain access to networks or devices
to which they have no right to access. There are two different types of
access attack: the first is physical access, whereby the intruder can gain
access to a physical device. The second is remote access, which is done
to IP-connected devices.
(e) Attacks on privacy: Privacy protection in IoT has become increas-
ingly challenging due to large volumes of information easily available