The second attack type is malware<\/strong>. Malware attacks infect systems with malicious programs and continuously perform malicious actions in the background. Attackers distribute malicious code via email attachments, malicious links, drive-by downloads, etc., and the infected devices can cause various harms such as data leakage, information collection, remote control, and keylogging. Particularly, advanced malware uses evasion techniques such as obfuscation or rootkits to bypass antivirus and security solutions, making detection and removal difficult. <\/p>\n\n The third is phishing<\/strong>. Phishing is a social-engineering attack technique that impersonates a trusted sender or service to steal personal information or authentication credentials. Attackers deceive users via email, SMS, messengers, or fake login pages to induce entry of passwords, OTPs, card information, or to install malware. Because phishing targets \u201chuman trust\u201d rather than a technical vulnerability, it is easy to be careless; targeted (spear-phishing) attacks in particular have higher success rates and larger impacts. Efforts such as applying strong authentication methods, preblocking suspicious links, regular security training, and phishing simulation drills aim to reduce user vulnerabilities, but ultimately it is impossible to completely prevent users from being deceived by attackers. <\/p>\n\n Finally, DDoS attacks<\/strong> concentrate excessive traffic on a specific server or service using many distributed devices, making normal service provision impossible. Attackers exploit botnets or cloud resources to saturate network bandwidth or consume application resources, reducing service availability. <\/p>\n\n <\/p>\n\n Among the four attack types, rather than focusing primarily on preparing for phishing attacks that deceive employees or DDoS attacks that send traffic over public networks, it is more realistic for security officers and system operators to prepare for software vulnerability attacks and malware attacks. Especially because these two types together account for more than half of all cyber attacks, strengthening defenses in these areas is the most effective way to raise overall security posture. What security officers and system operators currently use as preventive measures are constant updates to minimize software security vulnerabilities and adding network protection and endpoint protection to shield systems. However, these systems can only develop patches or block attacks if they \u201calready know about the vulnerability, malware, or intrusion behavior.\u201d A blacklist approach that blocks known attacks cannot prevent newly appearing vulnerabilities, malware, or intrusion behaviors. <\/p>\n\n Theoretically, a whitelist approach can be used so that only \u201cregistered network packets\u201d or \u201callowed programs\u201d operate, but it is practically very difficult to run a whitelist on network nodes shared across all systems or on endpoints where many pieces of software run. It is impossible to predict how a system\u2019s network packets might change, and with operating system patches being released daily, re-registering everything each time is inefficient. <\/p>\n\n Therefore, even if security officers or system administrators consistently apply updates to protected systems, keep antivirus signatures up to date, and monitor network traffic as part of a layered defense, an attacker who exploits a software vulnerability unknown to us, attacks while a patch is being prepared, develops new malware that circumvents existing antivirus inspection, or distributes malware that operates in new behavioral modes to evade behavior-based detection engines may still cause theft or encryption of valuable data.<\/p>\n\n To solve this problem, the ITU-T, an international standardization body under the UN, established a new storage protection approach as an international standard \u2014 ITU-T X.1220 \u2014 that applies whitelist access control at the storage layer where data is stored, rather than at shared network or endpoint layers. <\/p>\n\n This technology is placed between endpoints and storage; whenever a program running on an endpoint requests data, it checks whether that program is pre-registered. Registered programs can read and write the real data, while unregistered programs can only access fake data. <\/p>\n\n If an unregistered program requests data, read-only fake data is provided. In other words, even if an attacker runs an exploit or malware on a PC or server to steal or encrypt files within the storage protection system, they cannot access the real data. <\/p>\n\n Most importantly, when a security officer or system operator registers an allowed program, they must input an OTP code from the PC or server so that a malicious program cannot be arbitrarily registered. Therefore, even if an endpoint is already compromised by an attacker, any program not registered via OTP cannot encrypt or delete data. <\/p>\n\n Thus, even when attacks exploiting unknown vulnerabilities or new malware attacks occur, data stored in storage protection remains safe because only allowed programs can access it.<\/p>\n\n Given that software vulnerability and malware attacks constitute more than half of all cyber attacks, the long-standing lack of fundamental countermeasures for these attacks has been pointed out as a structural limitation of cyber security. In this context, the UN-affiliated international standardization body presenting a new alternative capable of dealing with unknown attacks represents a meaningful advance. <\/p>\n\n To prepare for the increasingly evolving nature of cyber attacks, a new perspective is needed that considers security at the storage layer in addition to defense-centric approaches at the network and endpoint layers. If storage is designed not as a simple data repository but as a final line of defense that attacks cannot pass through, it can complement data areas that conventional security systems have failed to address. <\/p>\n\n Going forward, we should continue to develop and expand this whitelist-based data access control model so it can be enhanced to block both vulnerability attacks and malware attacks at the storage level \u2014 effectively creating a new \u201csecurity genre.\u201d This will be more than the adoption of a single technology; it will be the first step toward fundamentally transforming the paradigm of cyber security. <\/p>\n","protected":false},"excerpt":{"rendered":" Jonghyun Woo Editors of ITU-T X.1220 Summary Among cyber attacks, the two that security teams and operations teams should pay the most attention to are software vulnerability attacks and malware attacks. In this article we examine how large a portion these two attack types occupy in overall cyber attacks and introduce a new international standardized […]<\/p>\n","protected":false},"author":19,"featured_media":7499,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[10],"tags":[],"class_list":["post-12900","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-industry-news"],"jetpack_featured_media_url":"https:\/\/www.filingcloud.com\/wp-content\/uploads\/4567.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.filingcloud.com\/en\/wp-json\/wp\/v2\/posts\/12900","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.filingcloud.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.filingcloud.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.filingcloud.com\/en\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/www.filingcloud.com\/en\/wp-json\/wp\/v2\/comments?post=12900"}],"version-history":[{"count":1,"href":"https:\/\/www.filingcloud.com\/en\/wp-json\/wp\/v2\/posts\/12900\/revisions"}],"predecessor-version":[{"id":12901,"href":"https:\/\/www.filingcloud.com\/en\/wp-json\/wp\/v2\/posts\/12900\/revisions\/12901"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.filingcloud.com\/en\/wp-json\/wp\/v2\/media\/7499"}],"wp:attachment":[{"href":"https:\/\/www.filingcloud.com\/en\/wp-json\/wp\/v2\/media?parent=12900"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.filingcloud.com\/en\/wp-json\/wp\/v2\/categories?post=12900"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.filingcloud.com\/en\/wp-json\/wp\/v2\/tags?post=12900"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Category<\/td> Main techniques<\/td> Main targets<\/td> Objective (Outcome)<\/td> Defense methods<\/td> Proportion<\/td><\/tr> Software vulnerabilities<\/td> Exploit vulnerability \u2192 privilege escalation<\/td> Servers \u00b7 Cloud \u00b7 Applications<\/td> Steal admin privileges \u2192 internal access<\/td> Patch \/ Update<\/td> 25%<\/td><\/tr> Malware (ransomware)<\/td> Install \/ execute malicious code<\/td> Personal PCs \u00b7 Servers \u00b7 Medical devices<\/td> Data encryption \u00b7 Data exfiltration \u00b7 Monetary demands<\/td> Anti-virus \/ EDR<\/td> 30% Phishing \u00b7 Social engineering<\/td> Deceptive emails \/ messages<\/td> Employees \u00b7 User accounts<\/td> Account takeover \u2192 internal intrusion<\/td> Phishing-resistant MFA<\/td> 40%<\/td><\/tr> DDoS<\/td> High-volume traffic attacks<\/td> Services \u00b7 Web portals<\/td> Service outage \u00b7 Business interruption<\/td> Traffic scrubbing<\/td> 5% Limitations of Existing Defense Systems and Establishment of a New Defense Standard<\/h3>\n\n
![\"\"](\"https:\/\/www.filingcloud.com\/wp-content\/uploads\/\/image-4-1024x417.png\")
<\/figure>\n\n![\"\"](\"https:\/\/www.filingcloud.com\/wp-content\/uploads\/\/image-3-1024x238.png\")
<\/figure>\n\nA New Cyber Defense Paradigm Extended by Storage Protection<\/h3>\n\n
![\"\"](\"https:\/\/www.filingcloud.com\/wp-content\/uploads\/\/image-5-1024x449.png\")
<\/figure>\n\n