Introduction
The advancements in technology and programming have enabled companies to adopt information systems intended to increase efficiency in operation. The use of computer applications is particularly common in financial and payment services, as well in eCommerce. However, these systems are often targeted by cyber attackers, often with remarkable success. For instance, Catota et al. (2018) reported that there were high cases of successful attacks in the USA, targeting financial institutions such as Target, Card Services, and JP Morgan. Cyber attackers exploit vulnerabilities in the security and information systems to access financial records and transactions. The attacks are conducted by threat agents, defined as an individual, organization, or group capable of performing an attack (Schoenfield, 2015, pp.35). Therefore, for a threat agent to exploit a vulnerability, there must be three factors. These factors are the capability of the agent, the motivating factor, and the opportunity to attack. There are different types of threat agents with varying abilities, and they attack a particular system based on their goals. This paper explores threat agents interested in attacking web applications that were created through AppMaker.
Possible Threats
The first aspect to consider when exploring possible threat agents should include understanding where the applications are used. In this case, the AppMaker focuses on customer applications that process financial transactions via the Internet. Therefore, the attackers snoop around the networks to identify vulnerabilities. The second issue one should know is the goals/objectives threat agents aim to accomplish by conducting an attack. With this in mind, there are three possible threat agents in this scenario.
Cyber Criminals
Web applications are open to public Internet traffic, which means that potential attackers continuously monitor them. Cyber attackers might use simple methods of snooping around the system, such as automated scripts, while trying to identify weaknesses. The cyber criminals, in this case, comprise individuals or organizations that intend to gain financial information by attacking a system (Schoenfield, 2015). The threat agents categorized under cyber criminals groups are many, such as scammers, denial of service attackers, and extortionists. The technique and motivation behind the attack may vary, but the goal is usually to profit from obtaining customers’ financial information. For instance, identity thieves might gain access to clients’ personally identifiable information that they might later sell in black markets. Another common example is card skimming, where the attackers get access to readers and illegally obtain users’ data (Catota et al., 2018). The cyber criminals then use the acquired credit or debit card information to make unauthorized purchases of goods and services.
Security Researchers
Security researchers focus on conducting vulnerability tests on different web applications. This group of threat agents is not considered as hostile as cyber criminals because they are honest people in general. The main aim of security researchers includes exploring systems to note weaknesses that might compromise customers’ data integrity (Schoenfield, 2015). They are usually motivated by the possibilities of career enhancement through improved technical mastery and security analytical skills. However, they also gain financial benefits because they get paid to work as information security agents.
The security researchers are often under constant pressure to uncover system weaknesses as this helps in boosting their career. This is the main reason most security agents are consistent in exploring web applications with hopes of identifying complicated system vulnerabilities to maintain their position in information security management. The security researchers publish the results of possible systems’ weaknesses, or they host security presentations that demonstrate their skills. They might also get in touch with companies to create ways of securing the systems against the identified vulnerabilities.
Industrial Espionage
This category of threat agents includes competitors or partners interested in stealing intellectual property, personal data, or maliciously putting a shop out of business. The web applications in this study might be an online shop focusing on electronics products. Competitors may try to steal or reveal personal information stored in their databases to ruin business reputation. Such attacks hurt a company’s ability to compete against other companies in the same category. Partners might also conduct attacks to collect intellectual property or customers’ information for their use. For instance, partners might gain access to clients’ list that they might use to market their products or sell to competitors. The main motivator for these threat agents is to acquire a competitive advantage. There are several techniques used by competitors to conduct industrial espionage. For example, a company might hire attackers to perform denial of service attacks on a web application. Such an attack might prevent shoppers from accessing products on a website. As a result, the attacked company experience losses.
Conclusion
In conclusion, threat agents are individuals willing and capable of exploiting system weaknesses for their benefits. The agents use different techniques such as automated scripts to gain access to an information system. The main goal for many threat agents is financial gain. This paper has shown how three different agents profit from web application attacks. The companies that have used AppMaker should consider investing in vulnerability risk assessment as it might help in the identification of weaknesses, and in turn, adopt security measures to safeguard their systems against cyber-attacks.
References
Catota, F. E., Morgan, M. G., & Sicker, D. C. (2018). Cybersecurity incident response capabilities in the Ecuadorian financial sector. Journal of Cybersecurity, 4(1), pp.1-20. Web.
Schoenfield, B. S. (2015). Securing systems: Applied security architecture and threat models. CRC Press.