Academia.eduAcademia.edu

state of cyber security:Emerging trends landscape

2015

Computer Security has become a major challenge in the present years due to the continuous global technological development and the different possibilities for the use of computer. Cyber threats are growing at an alarming rate and at the same pace with the online use of Personal Computers and mobile devices. This work surveys the state of Cyber Security emerging threats landscape, through the overview of related works reported between 2011 and 2013 in the literature by stakeholders and experts in Information Technology (IT) industry. Different type of Cyber emerging threats such as malicious attack, network attack and network abuse have been identified with specific interest on virus, Phishing, Spam and insider abuse to mention but a few. It has been established that these Cybercriminals tools are exhibiting common level of sophistication and advancement as the advances in Computer and mobile technologies. The available countermeasures are found to be satisfactorily effective, yet Cyber criminals are creating new measures to overcome Security mechanism. It is also envisaged that as the technologies advances, a resultant proliferation of cyber threats will be witnessed. Thus, a few government and Information Technology (IT) stakeholders’ strategic policies to help in combating cyber threats were presented

ISSN : 2347 - 8446 (Online) ISSN : 2347 - 9817 (Print) Vol. 3, Issue 1 (Jan. - Mar. 2015) International Journal of Advanced Research in Computer Science & Technology (IJARCST 2015) State of Cyber Security: Emerging Threats Landscape Alhaji Idi Babate, IIMaryam Abdullahi Musa, IIIAliyu Musa Kida, IVMusa Kalla Saidu I F.C.E. ( Tech), Potiskum, Yobe Nigeria II ATBU, Bauchi Nigeria III Middlesex University London, United Kingdom IV F.C.E. ( T ) Potiskum, Yobe Nigeria I Abstract Computer Security has become a major challenge in the present years due to the continuous global technological development and the different possibilities for the use of computer. Cyber threats are growing at an alarming rate and at the same pace with the online use of Personal Computers and mobile devices. This work surveys the state of Cyber Security emerging threats landscape, through the overview of related works reported between 2011 and 2013 in the literature by stakeholders and experts in Information Technology (IT) industry. Different type of Cyber emerging threats such as malicious attack, network attack and network abuse have been identiied with speciic interest on virus, Phishing, Spam and insider abuse to mention but a few. It has been established that these Cybercriminals tools are exhibiting common level of sophistication and advancement as the advances in Computer and mobile technologies. The available countermeasures are found to be satisfactorily effective, yet Cyber criminals are creating new measures to overcome Security mechanism. It is also envisaged that as the technologies advances, a resultant proliferation of cyber threats will be witnessed. Thus, a few government and Information Technology (IT) stakeholders’ strategic policies to help in combating cyber threats were presented. Keywords Cybercrime; Attack; Landscape; Threat; Malware I. Introduction The perceived beneits of Computer technology were affected greatly by the increasing concern with internet crime today. This truly presents a major challenge to Security of the internet world. Cyber Security can essentially be deined ‘as the body of technologies, practice with coordinated series of actions, designed to defend Networks, Computers, System Application Programs and data from an Attack, Damage or Unauthorized Access’ [20]. Cyber Security experts classiied Cyber Emerging threats as malicious attacks, network attacks, and network abuse. Malicious attack is any effort to exploit another person computer and infect the system resources through Virus, Trojan horses, Spyware etc. Network attacks are intended actions meant to damage or disturb data information low of the Computer System on a Network Service account, which causes effects such as Denial of Service (Dos), Session Hijacking, Email Spooing etc. [5]. Network abuse is fundamentally an exploit to the point of interaction of a network, and it could be utilized by actions such as spam, phishing, pharming etc. [17]. Cyber-attacks are widely, viewed as criminal action led by means of the Web. These exploits can incorporate taking an Organization’s intelligent property, seizing online bank accounts, designing and circulating Viruses on different Computers, posting secret Business Data on the Web and destroy a nation’s basic national Infrastructure. Internet threats are seen as the highest failure to business and revenue loses of all Organizations [27]. As put on by Tatum, Cyber Attack can be deined as… “An attempt to undermine or compromise the function of a computer-based system, or attempt to track the online movements of individuals without their permission; Attacks of this type may be undetectable to the end user... or lead to such a total disruption of the network that none of the users can perform even the most rudimentary of tasks” [35]. This deinition clearly described the manifestation of how serious of the problem with Cyber Attacks, and because of the increasing sophistication of these kinds of network attacks, a research by International Telecommunications Union (ITU) reveals an estimated survey report of about $1trillion was lost to Cyber www.ijarcst.com 113 related frauds globally in 2012, out of which $390billion was accounted for justiication [16].The initial phase of this research will encompass an extensive literature review on the increasing sophistication and maliciousness of Cyber Security emerging threats that create unique challenges to federal information systems and government wide cyber security efforts. The review will critically discusses the current state and future forecast of States of cyber Security, the existence of internet threats landscape in administering government agencies. It will also put down some recommendations needed to combat the threats. An administrative and IT Stakeholder’s Policies which if completely executed will work ind in the ight against internet crime. These policies were recommended as a tool in ighting against the current and future risen cases of Cyber related crime. II. Research Methodology The data for this research were derived from secondary sources: previous researches and analyses of scholars; books, Journals, Conference proceedings, white papers and Government publications on cyber security that are related to the current trend of cyber emerging threats. As the study involved an extensive literature review which critically analysed the present state of cyber security: emerging threats landscape. It lays down the policy to enhance cyber-Security and the critical steps to acquiring the know-how on how to deal with the emerging cyber threats; and the content analysis approach was utilized for analysis. Threat Landscape The Persistent growth of internet threats in the world today standout amongst the greatest challenges to Cyber Security in the 21st Century; this research inds out that the dissemination of threats in the 21st century is from a wide number of sources. These emerging threats show themselves and get to be extremely destructive focusing on Government intellectual property, Financial Organizations, and Industries etc. Crafting from this explanation threat actors can speciically be viewed as ‘element that cause or help in attaining digital incident’ (Verizon, 2013). The work of © All Rights Reserved, IJARCST 2014 International Journal of Advanced Research in Computer Science & Technology (IJARCST 2015) Vol. 3, Issue 1 (Jan. - Mar. 2015) ISSN : 2347 - 8446 (Online) ISSN : 2347 - 9817 (Print) Djambazova and his Colleagues further explain the meaning of threats and inally, point out the following deinition as: “A threat is any indication, circumstance, or event with the potential to cause harm to an ICT Infrastructure and the assets that depend on this infrastructure” [10] The literature of ISO/IEU (2012) and EU green paper also support this deinition. This deinition is a description on the dynamic approach to threats landscape that develops with increasing sophistication in technology. According to September, 2012 report by ENISA threat landscape, the report deines Threats landscape as a rundown of threats holding data about threat risk and attacking vectors that might results in taken over valuable resources or asset of a Computer System when an attacker exploits the system weakness [22]. It is important to control our system asset against threats, because our asset is what we value when dealing with the technology. The scenario here describes the destructive danger of threats landscape for example threats for Smartphones, threats for PCs and threats for app-Stores [3]. Building on this Conception by describing the effect and level of threat landscape with respect to its exploitable priority on a Computer System, ENISA reports point out how different Combination of threat information were identiied based on precedence, with regards to threat agents, exploits, vulnerabilities and in some cases made the online clients come very close to the risk landscape. Threats are actually dangerous for open security of the online community and this is due to its unpredictable behaviour globally. Covering malicious use of information technology wasn’t dificult; this means threat actors can operate with signiicant exemption from essentially anywhere (Verizon, 2013). A summary of threat infection was also reported by Microsoft (2009, 2010) which reveals that threat landscape in developing countries such as Nigeria was dominated by Malware, as it was reported of bout 75.1 and 76.2 percent of all threats discovered on most affected computers as of early and towards end of year 2009 in a separate independent research [7]. Generally, the fundamental reason for destruction differs generally from the expertise being showed, to the theft of cash or information etc. The real sources of these threats incorporate criminals, terrorist and people supporting the attacks. The inception of malicious Code and strategies are from attackers and criminals. Phishing and email Spamming This can be deined as a type of threat through the internet, or looding of the Internet or any unwanted online correspondences. The requests gathers client’s credentials using a deception technique. In order way phishing could be described as an Internet fraud in such a way that the attacker will acquire details like, stealing of passwords, bank account details, credit card numbers and other private information [1]. In recent times, law enforcement agencies and the judiciary appear to be taking cyber-crime more seriously. As in the case of July 2011, an individual was evidently ‘sentenced to more than twelve years in federal prison for his conduct in an international phishing and email spamming ring that stole the identities of more than 38,000 people’ [28]. III. Emerging Cyber Security Threats Each nation over the globe is encountering different sort of threats. Essentially, any task of Securing the Web and staying ahead of emerging threats could be a daunting Job; even for PC clients who are freely at ease with the technology and language of security specialist. There is not a week that passes without reports of a Virus infection, Hacking attempt or ‘Phishing scam’. Consequently, various PC clients, even those people who have installed security software such as Firewalls, anti-virus and precise iltering software could be at risk to security threats and software breaks [21]. Ordinarily these threats could be identiied into malicious, network attacks and network abuse. Malicious include computer viruses, spyware, Trojan horses, key loggers and BOTS. Network attacks include session hijacking, denial of service (DOS), and spooing and web defacement. Likewise Network abuses include SPAM, phishing, and pharming and basically some of these threats are explained below with respect to their Network related forgery cases: Key loggers Key loggers are programs that can screen and record the client keyboard information while typing into Computer System for later access. Key loggers store the data or send the information secretly to the other programs. They can record usernames, massages and secret key for remote systems and computer application. Some key loggers oblige the right to gain access of the criminal invader or attacker to get the data from the machine while other forcefully transfers the data to different machines by means of email; ile transfers etc. [29]. Sagiroglu and his Colleagues further ind out that the personal use of keyloggers can be beneicial, because the use of keylogger may assist private computer owner to enhance his daily routine with much privacy. With keylogger is possible to recuperate content wrote into word processors, spreadsheets, and computer programming environment after an application or system crash [29]. © 2014, IJARCST All Rights Reserved 114 Botnet A Botnet is a guard of compromised Systems, sometimes called “zombies,” that are under the command and control of a solitary “Botmaster.” [1, 6]. A botnet are accumulation of computers networked together that are no doubt regulated by Cybercriminals for malicious and unlawful purposes. Botnets are currently turning into a key threat for the cybercrime since they are designed deliberately to disturb targeted computer systems in so many different ways. Many infected computers can igure out how to disturb and disseminate malicious code, virus and spam [6, 25]. Figure 1 describes the life cycle and approaches for detecting botnets, and how to combat the growing concern of Bots. As Banday argue ‘the process of building a Botnet requires least and technical programming skills’ [2]. Malware and Spyware These are malicious program designed to gather computer information without the awareness of the client [8]. [34] reportedly identiied Malware as one of the key threats to Businesses, Governments and people [7]. For instance, in 2009 the number of new malware signatures was accounted to be just under 2.9 million, a 71 percent increase over 2008 [34], yet more than 286 million new malware variants were discovered by Symantec in 2010 [34]. The movement in motivation from interest and fame looking to illegal budgetary increase has been marked by a growing sophistication in the evolution of malware [7]. Social Engineering ‘Social Engineering (SE) is a developing Science that plays on the trust Component of the human intelligent’ [30]. Social engineering www.ijarcst.com ISSN : 2347 - 8446 (Online) ISSN : 2347 - 9817 (Print) Vol. 3, Issue 1 (Jan. - Mar. 2015) is a kind of technique in which it traps or tricks the client to reveal valuable information. The user will think the reason is honest to goodness yet the aim is truly criminal. Okenyi and Gaudin, further explains that SE relies on the trusting nature of individuals as it depends after getting unapproved secret information through mimicking people by means of Nontechnical means; Consequently SE can be viewed as “the human side of breaking into a corporate network” [26, 15 and 30]. Denial of Service (DOS) This is an attack that upsets the ordinary function of the computer system and thus prevents access to authorized users. Karthik, deine DoS attack as an incident in which a Client or organization is deprived of the services of a resource they would regularly expect to have [19]. DoS is legitimately a resource overloading attacks that may have the likelihood of either smashing the host such that it can’t communicate properly with the rest of the System, in this way the services may remain inaccessible to customer clients. Virus A virus is a program that spreads itself from one computer to another computer without the users’ authorization to do so, and they distribute themselves to the infected iles or programs of a PC. Viruses cause negative and unforeseen event when the machine runs. Different kind of viruses has distinctive purpose. Some are designed to trap clients and some are designed to destruct Machine programs. They can harm computer programs and they are actually presented through email attachments [31, 38]. Consequently computer virus can additionally be spreads by connecting itself to executable iles of systems areas, on external storage devices such as USB plash drives. Worm A worm is usually a computer Program that moves itself from one machine environment then onto the next machine environment often keeping record of the last environment it has entered. Worms are self-duplicating programs towards oneself which essentially implies that they don’t require a host program to attack a victim. When a worm moves to another environment it can do whatever it needs as per the obligatory access controls [37]. In the case of Virus it requires human intervention but worms do not and it moves round via the internet connection. International Journal of Advanced Research in Computer Science & Technology (IJARCST 2015) powerful threat Vector [36]. At this section the research discusses and overview of the threats landscape challenges and the growing concern that has evolved in the internet for malicious activity. However, based on the analysis of the identiied Vulnerabilities of the threat landscape the research observed that malicious techniques and technology continued to grow more sophisticated. And this growing concern is now a challenge to Cyber security experts. Protecting against these attacks will be the next challenge this literature review is out to address. Consequently, because of the complexity of the subject matter the research will only discuss an overview based on a collection of threats landscape starting from 2010- 2013. These periods were chosen because the emerging threat discusses the current concern of today’s cyber security age. As pointed out by Symantec study ‘threat landscape is dynamically changing’ [34]. This assertion truly supports the current proliferation of internet technology. Landscapes in 2010 The continued progressions of emerging threats are getting to be more alarming. Malicious attacks continue targeting developing countries, where the primary targets are inancial Companies, and Industries. Web based attacks are increasing and all of this affects the online underground economy which are beneitting in the global economy. Threats landscape in 2010 creates a road for Cyber criminals iniltrating social Networking sites, Industrial infrastructures, health/medical and banks with spam and malware [36] It is at this instance that Spam and malware pick up a high momentum penetrating social networks such as Facebook and twitter; additionally Spam utilizes a HTML technique and plain text to achieve its aim. V. Attacks on Industrial Infrastructures Stuxnet worm was found to be the most popular malware threat in recent histories. It has been designed to target critical Commercial enterprises. It’s a complex worm which it spreads itself through USB devices, likewise it can duplicate itself and be shared across the network. Stuxnet was found to be one of sophisticated worm which can easily adjust complex system Coniguration for example adjusting motors; stopping factory and can cause things to explode [12]. Attack on banks Threats landscape 2010 as it was nicknamed ‘the year of Spam distribution’. It was in 2010 that a threat called ‘ZEUS’ was designed to steal internet banking details for Customers. ZEUS is a standout amongst the most widely recognized Malware. The year 2010 experienced the most high proile incidents which creates greatest impacts on customers and Security Industry. The spam distribution of 2010 were listed as: Stuxnet worm, ZEUS, ZBOT, the IE and other zero day attacks, Mariposa Botnet users, FAKEAV etc. [36]. Figure 2 describes the spam type distribution threats charts in 2010. Figure 1: A typical Botnet life Cycle IV. Historical Threat Situations The way at which Cyber-security is threatened by threats actors is different across the board; the target could be local or general and as a consequence of these the system is currently growing as a www.ijarcst.com 115 © All Rights Reserved, IJARCST 2014 International Journal of Advanced Research in Computer Science & Technology (IJARCST 2015) Vol. 3, Issue 1 (Jan. - Mar. 2015) ISSN : 2347 - 8446 (Online) ISSN : 2347 - 9817 (Print) more chances for Cybercriminals and thefts, with Cybercriminals moving their target toward mobile users and far from the accepted PC environment (Techtarget, 2013). In fact, 2012 threats landscape is a move by Cybercriminals speciically targeting users of mobile devices; on the grounds that mobile devices are presently more powerful than the computer alone; and the assumptions were they are no longer just phones, they can actually be seen as our Assistance, Advisers, or closest companions. Fig. 2: Spam type distribution Sectors Chart Landscapes in 2011 2011 denoted the fast development of threats which comprises data breaches, Social Networking scams, Android Malware, Malicious Spam, and Phishing Attacks. Malware threats for Android Platform kept on increasing all around the year despite the fact that there is an increasing visibility and media consideration on Mobile Malware, the most focused devices are desktop Computers. Desktop Computers stay to be the most widespread PC based Malware threats. Threats landscape 2011 witnesses’ major growth forces in online threats and online Cybercriminals [13]. Phishing earmarks the most focused attack in 2011, targeting on a selected group of users rather than spreading messages to random addresses. Phishing attempt is a technique used to trick people certiications and have access to their accounts. However, the increase popularity of the social networking sites particularly Facebook has been focused by online Phishing. Usually Facebook users encountered spammed messages to persuade users to act in numerous way; these are all malicious threats that put users at risk [34]. Aattackers normally spread Malicious Spam using Social Engineering techniques by attracting Clients to open an attachment or direct them to click a connection [13]. Landscapes in 2012 As pointed out earlier that emerging threats landscape are challenges in the ield of Cyber security we may observed that during 2011, Cyber Security incidents included theft of intellectual property and government data, Hackivism, Malware targeting Mobile devices and a recurring target to inancial information [34]. So what is in store for 2012 will be a concise roundup of Cyber Security threat landscape migrating to Mobile Application devices. Consequently, as the utilization of mobile devices continues to grow, the volume of attacks focused to these devices will also grow (William and Pelgrin, 2012). Every new smart phone, tablet or other portable device gives another window for a potential Cyber-attack. The dangers include access to data, such as physical location or contacts records, and the capacity for the Apps to download Malware, such as keyloggers or programs that spy on phone calls and quick messages. Attackers are quickly iguring out how to collect legitimate applications and repackage them with malicious code before selling them on different channels to the unsuspecting client [22]. The situation here is not a prediction is a warning because smartphone compromise is a reality, and a compromise phone can release information about you or your business, and this kind of abuse can have serious consequences. Analysing on this situation we will understand from a report by TechTarget, which shows that the worldwide transformation of mobile devices, smartphones speciically, is opening considerably © 2014, IJARCST All Rights Reserved 116 Landscapes in 2013 The year 2013 has conveyed big news, important changes and accomplishment in the Cyber threat landscape. But yet the moral force between defenders and attackers will continue to exist and the projection is that it will continue even far in the future [23]. But as the technology evolves, so too do the techniques used by Hackers and Cybercriminals to iniltrate our information system, this could be understood from the perception of Browning which says “….Every progress we make, someone else is making their own leaps and bounds in terms of their ability to attack and iniltrate our system”(TechTarget, 2013). These current challenges in technology forces cyber-security experts to always stay one step ahead of these threats to protect the integrity of our information system. Digesting from an overview of ENISA threat landscape 2013, the report is a collection of analysis of over 250 different sources of Cybercriminals cases; and the perspective of the research shows that 2013 has brought good and bad developments [23]. The two perspective of threats landscape of 2013 can be viewed as follows: Bad developments (Negative) • Development of Cyber criminal’s activities has grown maturely focusing mostly on Government and Private Commercial Institutions. • Cyber-crime goes Mobile: Cyber criminals are now experts in social engineering with attack patterns and tools targeting and compromising our mobile devices. • The two emerging digital battle ields: big data and the internet of things a concern to Cloud Storage Security services [23]. Good developments (Positive) • Law enforcement agent had succeeded in binding up a strong international Cyber policy as this lead to the arrest of gang responsible for the spread of Police Virus. • Because of the risen cases of Cyber-crime threat analysis was encouraged and this provides valuable information to Cyber experts. • Vendors had now constantly updates there products for security patches. • Cooperation among organisations was achieved all in an effort to ight Cyber-crime. The report of ENISA 2013 concluded with recommendation to train and involve end-users strongly with the view to assist in ighting cyber-crime [23]. VI. Assessment of Current Day Situations Cyber security has been called one of the best constraining national security issues facing the information age of the 21st century. Because the current situation shows that attackers were against information infrastructures and the perpetrators have ended up becoming more expert and likewise attacks get to be more www.ijarcst.com ISSN : 2347 - 8446 (Online) ISSN : 2347 - 9817 (Print) Vol. 3, Issue 1 (Jan. - Mar. 2015) continuous and complicated. Cyber-Criminals utilize the internet as a medium for their exercises and managed covert attacks. The likelihood of retracing and reacting to the attacks are fairly restricted. The primary inspirations of such attacks are mostly by inancial concerns, which in a manner involve new vulnerabilities. Speciically, looking at the cyber threats environment and the complexity of the sophistication of vulnerability of information infrastructures, the Cyber security situation will remain basic even in future. However comparing 2010-2011 all in all, there are few progressions of the way of DOS attacks. In 2011 the amount of attacks expanded marginally by 2% compared to 2010. The previous years the attacks were scarcely consistent with a slight difference. [36]. It has been found out from the survey research of Kaspersky that the attacks in 2012 will increase and packet per second volume will continue to ramp up [18]. It is also said the DOS attacks are really changing and are dramatically becoming more damaging. The study showed that in 2012 online businesses experiences a very big challenge in developing effective countermeasures that act toward enhancing the devastation of DOS attacks [5]. Key threats and Countermeasures According to [33] he proposes that security experts might as well put countermeasures in place and they must be so vigilant in mitigating such kind of threats. As new countermeasures are being created new threats are really uncovered. However the key threats are Malware, Spam and Phishing. A few countermeasures that ought to be taken are; organization might as well establish a secure policy foundation, Strong authentication should be used, avoiding storing sensitive passwords as simple text, securing protocols during sessions, educating and creating awareness to clients on proper security protocols, strong authorization ought to be utilized, international co-operation should put hands together and battle threats etc. A collection of literature from the evidence of survey by ‘Australia’s National research and knowledge centre on crime and equity’ [7], in the study Choo speaks out his perception on the best strategy to be adopted in battling with all issues relating to Cyber-attacks, even though he began with the assumption that ‘currently no single technology could totally eliminate cyber security threats’ but however, some few existing internet vulnerabilities could in due course be removed by effectively utilizing good security practice and tools. Building on this idea the Defence Signals Directorate (DSD), argue that no less than 70% of the targeted Cyber intrusions that DSD uncovered in 2009 could no doubt be controlled if organizations strictly adhered to the four methodologies already prescribed by DSD, and the recommendations goes as follows: 1. Organizations should ensure the use of an updated latest patching of windows platforms. 2. All used applications as well as third party applications must be properly patched before installation. 3. Organization must consider limiting the administrative rights of user logon; and 4. Ensure the use of whitelisting blog on application software’s properly licensed, this is all in an effort to controlled unwanted applications from running at the background which at the end be a security threats to the system in use (DSD, 2010). Considering the increasing growth of internet technology and the increasing concern of internet related criminal activity which in every way becoming more complex, this however, made it easy for Cybercriminals to have known systems security vulnerabilities, www.ijarcst.com 117 International Journal of Advanced Research in Computer Science & Technology (IJARCST 2015) which if in anyway left un-patched, such a vulnerability can easily be exploited thereby compromising the system and build malware infections which at the end will have serious consequences on organizational activities (DSD, 2010; Choo, 2011). VII. Government and Industrial Policies The gravity of the growing online emerging threats posed by Cyber-attacks especially when measured against the particular vulnerabilities of the current global trend landscape; these gravity critically challenges the foundation of our national security and demands a concerted response by the government in establishing a well comprehensive security policy that will at the end address the challenge of the states of our Cyber security efforts. As Thio argue with growing security threats, we will require new approaches in dealing with cyber threats. “The traditional ‘Whack-a-mole’ and ‘Block the World’ is no longer effective; It is important to focus on the technique and not the tool” (Adli and Thio, 2012). This was a discussion on the analysis on how to tackle advance persistent threats, system vulnerability, remediation techniques and strategy implementation. This describes adoption of a good security policy; thus a Security policy in the concept of Cyber Security can be viewed as a guideline of action adopted or proposed by a government, which igure out how organization treats Computational resources (Jansen and Scarface, 2008). This deinition made it necessary for all organizations to have Security policies for Computer systems and handheld devices as this might help in addressing the risen concern of Cyber-criminals. A report on National plan to combat cybercrime by Australian Government suggests that the best way to protect against cyber security emerging issues, four key ideas should be taken as a general philosophy toward combatting cybercrime. These includes Understanding the problem, Partnerships and shared responsibility, focusing on prevention and Balancing security, freedom and privacy [9]. This describes the internet is built upon the freedom, creativity and innovation of users, the scenario here is that implementing these integrated strategies should represents a national plan, a techniques that if it could be technically addressed it will no doubt work out to be the most effective way of achieving a safer and more secure digital society. In view of these Government must rise and join hand in establishing a well comprehensive security strategic policy that go hand in hand with the global Cyber challenges as suggested by [24]. Finally, the literature concluded by recommending the following policy as the best effort to put in place in ighting Cyber-crime: • International co-operation and Collaboration with industries: to address the emerging threats need collaboration among nations as only by such measure can absolute Cyber security be improved [24]. • Policies that entails the Deployment of technical measures, implement best security practices in government and critical sectors. A well comprehensive security plan and periodic IT security risk assessments [24]. • Ensure Continuous testing and evaluating the capability and effectiveness of technical Security control measures as applied for IT systems and networks [24]. • Government should authorize strong Security laws, and ensure it makes ighting Cybercrime a top priority by training prosecutors, law enforcement, and judges [4]. • Educating clients on the use and utilization of IT equipment must be encouraged because rules won’t be followed if nobody knows it does exist. © All Rights Reserved, IJARCST 2014 International Journal of Advanced Research in Computer Science & Technology (IJARCST 2015) Vol. 3, Issue 1 (Jan. - Mar. 2015) VIII. Conclusion This paper has outlined the reasons for widespread of different types of threats thereby affecting the states of Cyber security. The aim of this survey is to assess and evaluate the state of Cyber security emerging threats and the best approach needed to mitigate Cyber security breaches. The accompanying conclusions might be drawn from the present study that shows governments and large cooperation all over the world should be wary of the growing danger of cybercrime in the near future. This study has reported and envisaged a dramatic increase in the amount of targeted attacks on institutions and large government cooperation around the globe. This is based on the prediction that Cybercriminals tactics in the near future is focused to be more complicated and dificult to prevent, detect and address compared to the current known ones. However companies and state organizations at the moment are inluenced by the principal attacks, because today the more Security is reactive the more Cybercriminals are keen in exploiting that weakness. In particular, it could be deducted from the relevant studies that, what is store in 2012 was a brief roundup of the threats landscape migrating to our mobile devices and Apps (William and Pelgrin, 2012). As the uses of mobile devices continue to grow, the volume of attacks targeted to these devices will grow proportionately. The research point out the year 2013 which carried big news both in positive and negative development as an achievement in the Cyber threats landscape, but yet the dynamic race between defenders and attacker has continued and the projection is that it will continue even far spreading beyond western Europe and the US and actually affecting Eastern Europe, the middle East and Africa [23; 5]. Having a better understanding of how cybercrime affects our businesses will play a greater role in addressing it; we need to know who it targets how and why? Who are the perpetrators and how much harm are they causing. Taken together, these indings suggest a role for the government take absolute countermeasures against Security threats. Unless governments adopt this measure to mitigate threats, security threats will continue to manifest unabated. References [1] Ahamad, M., Amster, D., Barrett, M., Cross, T., Heron, G., Jackson, D., & Traynor, P. (2008). Emerging cyber threats report for 2009. [2] Banday, M. T., Qadri, J. A., & Shah, N. A. (2009). Study of Botnets and their threats to Internet Security. Sprouts: working papers on Information Systems, 9(24) [3] Brahme, A. M., Mundhe, S., Chavan, A., Joshi, S. B., & Sawant, P. (2013). International Journal of Computer Engineering & Technology (ijcet). 4(3), 324-330. [4] BSA, 2010. Global Cyber security Framework. [Pdf] USA: Business software alliance. Available at < http://www.bsa. org/~/media/Files/Policy/Security/CyberSecure/ [5] Canty, D., 2012. Digital Danger Zone: tackling cyber security. Arabian Oil and Gas, [online] 19 January. Available at < http://www.arabianoilandgas.com/article-9868-digitaldanger-zone-tackling-cyber-security/4/ > [accessed 28 December 2013] [6] Cooke, E., Jahanian, F., & McPherson, D. (2005, July). The zombie roundup: Understanding, detecting, and disrupting botnets. In Proceedings of the USENIX SRUTI Workshop (Vol. 39, p. 44). [7] Choo, K. K. R. (2011). The cyber threat landscape: Challenges © 2014, IJARCST All Rights Reserved 118 ISSN : 2347 - 8446 (Online) ISSN : 2347 - 9817 (Print) and future research directions. Computers & Security, 30(8), 719-731. [8] Creeger, M. (2010). CTO Roundtable: Malware Defense. Communication. ACM, 53(4), 43-49. [9] Dreyfus, Mark QC, (2013) National plan to combat cybercrime, Australia: Australian Government. [10] Djambazova, E., Almgren, M., Dimitrov, K., & Jonsson, E. (2011). Emerging and future cyber threats to critical systems. In Open Research Problems in Network Security Springer Berlin Heidelberg Pp 29-46 [11] Ehimen O.R., Bola A. - Cybercrime in Nigeria (2010) Cybercrime in Nigeria Business Intelligence Journal January, 2010 Vol.3 No.1 Pp93-98 [12] F secures, 2010. Threat summaries: 2012 security Wrapup. Finland: Available at < http://www.f-secure.com/en/ web/labs_global/2010/q4-threat-summary > (accessed 6 January 2014) [13] F secures, 2011. Threat Summaries. Finland: Available at: < http://www.f-secure.com/en/web/labs_global/about/ history> (accessed 6 January 2014) [14] Feily, M., Shahrestani, A., & Ramadass, S. (2009, June) A survey of botnet and botnet detection In Emerging Security Information Systems. Information Systems and Technologies, 2009; SECURWARE’09 IEEE Third International Conference on Pp268-273 [15] Gaudin, S. (2008)“Social engineering: the human side of hacking”, http://itmanagement.earthweb.com/secu/article. php/10408 1,2002, (24 January, 2014). [16] Gerke M., (2012) Understanding cybercrime: Phenomena, Challenges and legal response ITU Telecommunication Sector Sept, 2012. Is a new edition of a report previously entitled Publication Understanding Cybercrime: A Guide for Developing Countries? Online available at: www.itu. int/ITU-D/cyb/cybersecurity/legislation.html [17] Justin, M. Rao (2011) the economics of spam email metric MAAWG report Microsoft research. Available at: http:// www.maawg.org/system/_les/news/MAAWG 2013 [18] Kaspersky, 2011. Cyber threat Forecast for 2012 [pdf] Russia: Available at: <http://www.kaspersky.com/images/ Kaspersky%20report-10-134377.pdf > (accessed 5 December 2013) [19] Karthik, S.; Bhavadharini, R. M.and Arunachalam, V.P. (2008) “Analysing interaction between Denial of Service (DoS) attacks and threats,” International Conference on Computing, Communication and Networking, 2008. ICCCn Dec. 2008. , vol., no., pp.1,9, 18-20 [20] Kosutic, D 2007, what is Cybersecurity and how can iso 271001 help? Blog. Accessed 25 January 2014 < http://blog. iso27001standard.com/2011/10/25/what-is-cybersecurityand-how-can-iso-27001-help/# [21] Kruger, R. C. (2008). Investigating the possible introduction of managed broadband internet security: a pilot study (Doctoral dissertation, Stellenbosch: Stellenbosch University). [22] Marinos, L., and Sfakianakis A., (2012) ENISA Threat landscape responding to the Evolving Threat Environment. Report by European network and Information Security Agency, September, 2012 Available at: http://www.enisa. europa.eu [23] Marinos, L. (2013) ENISA Threat Landscape Overview of current and emerging cyber-threats European Union Agency for Network and Information Security December, 2013. www.ijarcst.com ISSN : 2347 - 8446 (Online) ISSN : 2347 - 9817 (Print) Vol. 3, Issue 1 (Jan. - Mar. 2015) Available at: www.enisa.europa.eu [24] MIT, 2011.National Cyber security policy. [Pdf] INDIA: Ministry of Communication and information Technology. < http://mit.gov.in/sites/upload_iles/dit/iles/ncsp_060411. pdf> [25] Mielke, C. J., & Chen, H. (2008, June). Botnets, and the cybercriminal underground. In Intelligence and Security Informatics, 2008. ISI 2008. IEEE International Conference on (pp. 206-211). [26] Okenyi, P. O., & Owens, T. J. (2007). On the anatomy of human hacking. Information Systems Security, 16(6), 302314. [27] Ponemon, (2012) Cost of Cyber Crime Study: United Kingdom benchmark Study of UK Organisations, Ponemon Intstitute Research Report October, 2012 [28] Raymond. K., (2011) the cyber threat landscape: Challenges and future research directionsJournals of Computers & Security 3 0 (2 0 1 1): Pp719-731 [29] Sagiroglu, S., & Canbek, G. (2009). Keyloggers. Technology and Society Magazine, IEEE, 28(3), 10-17. [30] Sandouka, H. Cullen, A. J., and Mann, I., (2009) Social Engineering Detection Using Neural Networks; International Conference on Cyber Worlds, pp.273-278. [31] Szor, P. (2005) the art of Computer Virus research and Defence Published February, 2005 Addison Wesley Pearson Education; ISBN: 0-321-30454-3. [32] Sesan, G., Soremi, B., and Oluwafemi, B., (2012) Economic Cost of Cybercrime in Nigeria Paradigm Initiative Nigeria, report on the output for the Cyber Stewards Network project of the Citizen Lab, Munk School of Global Affairs, University of Toronto, and supported by IDRC. September, 2012: http:// www.pinigeria.org/download/cybercrimecost.pdf (Accessed 28th November, 2013) [33] Swan, D. 2011. Cyber security vulnerabilities facing IT managers today. [Pdf]: < http://umuc.academia. edu/DarinSwan/Papers/1464664/Cybersecurity_ Vulnerabilities_Facing_IT_Managers_Today> (accessed 23 Dec. 2013) [34] Symantec, 2011. Threat Activity Trends. USA: Available at < http://www.symantec.com/threatreport/topic.jsp?id=threat_ activity_trends&aid=malicious_shortened_urls > (accessed 4 January, 2014) [35] Tatum, Malcolm (2010) “What Is a Cyber-attack?” Available on-line from: http://www.wisegeek.com/what-isa-cyberattack.htm (Accessed 29th January, 2014) [36] Trend Micro (2011) Issues Monitor Cyber Crime – A Growing Challenge for Governments KPMG International Cooperative (“KPMG International”) July 2011, V (8). [37] Weaver, N., Paxson, V., Staniford, S., & Cunningham, R. (2003, October) A taxonomy of computer worms In Proceedings of the 2003 ACM workshop on Rapid malcode Pp11-18 [38] Zuo,Z. Zhu,Q. and Zhou, M., (2006) Infection, imitation and a hierarchy of computer viruses, Computers & Security, Volume 25, Issue 6, September 2006, Pages 469- www.ijarcst.com 119 International Journal of Advanced Research in Computer Science & Technology (IJARCST 2015) Author’s Profile Alhaji Idi Babate has obtained his MSc from the University of South Whales UK, and had worked in many International and local project in the ield of cyber security. The author had published several International Journals and currently a lecturer in the department of Computer Science Federal College of Education (technical) Yobe state Nigeria. © All Rights Reserved, IJARCST 2014