Who performed the attack? What did they want to achieve? How did they do it? What damage did they cause?

Introduction and Overview

The integration of information technology (IT) in our daily lives has created an environment where individuals, businesses and governments are highly dependent on reliable and secure operation of these systems. This dependence on computer systems and networks has created an environment where compromise, loss or damage of these IT systems can lead to massive financial, environmental, social, political or personal damage. For this paper, any offensive manoeuvre performed against an IT system by an internal or external party is considered to be a cyber attack. As the rapid growth of technology exceeds the development of proper legislation relating to cyber crime, security systems and awareness, individuals, businesses and governments are vulnerable to cyber attacks. Cyber attackers perform malicious acts which target computer information systems, network infrastructure, computer networks or personal devices in order to infect, damage or control the system. Thereafter, the attacker can steal, alter or destroy information accessible via the compromised system.

These attacks can have a massive impact (varying from a slow network connection to destroying critical infrastructure). This paper provides an overview of the diverse impacts of cyber attacks in South Africa through the use of a new classification model. This model enables the user to make comparisons and find trends in a visual manner. The usefulness of the model is illustrated by using it to analyse twelve South African cyber attacks. In the next section, the classification scheme is introduced. Thereafter, a timeline is provided where twelve of South Africa’s largest cyber attacks are discussed. In section 4, the attack examples are categorised according to the provided cyber attack classifications. We then conclude with a discussion (presenting two use cases) and summary of the paper.

Discussion

In this paper, twelve cyber attacks were classified to identify the impact of the attacks. These classifications considered the goal, target, motivation and other factors relating to cyber attacks in general. Through the classification of each cyber attack, the impact of an attack can be determined, trends can be analysed and the incidents can be compared in a logical manner. These classifications can be used for any type of attack to answer questions such as:

  1. Who performed the attack?
  2. What did they want to achieve?
  3. How did they do it?
  4. What damage did they cause?
  5. Who did they target?
  6. What did they exploit?
  7. Finally, in what category can this attack be categorised?

This classification scheme is useful as incidents and attacks can be classified according to various characteristics. The division into various classes and sub-classes enables the user to compare various incidents with other incidents from his/her team or other response teams.

Abstract:

This paper introduces a classification scheme for the visual classification of cyber attacks. Through the use of the scheme, the impact of various cyber attacks throughout the history of South Africa are investigated and classified. The goal of this paper is to introduce a classification scheme that arranges attacks into different classes and sub-classes, which is presented visually. To enhance the visual description, each class has a maximum of three sub-classes, which can overlap. This classification scheme helps to show the diverse impacts of cyber attacks in South Africa. This method of classification can be used for the assessment of any cyber attack and to find similarities between attacks.

WhatsApp icon