Cyber Security

List 8 Cyber Security roles that you know

  •  Application Security
  •  Network Security
  •  Data Loss Prevention
  • Forensics
  • Incident Response
  • Security Architecture
  • Threat Intelligence
  • Vulnerability Management
  • Identity Management
  • Operational Security
  • Mobile Security
  • Cloud Security

List and explain the three types of Cyber Attackers

  • Amateurs: AKA Script Kiddies – These are attackers with little or no skills who typically use existing tools or instructions found online to attacks
  • Hackers: These are attackers who break into computers or networks to gain access. They are often divided into 3 types namely 1) The White Hats 2) The Gray Hats and 3) The Black Hats
  • Organized Hackers: These are organizations of cyber criminals, hacktivists, terrorists, and state-sponsored hackers.

List and explain the three types of Hackers that we have

  • White hats: These are hackers who break into a system with given permission in order to discover weaknesses within the systems so that the security of these systems can be improved.
  • Gray Hats: These are hackers that compromise a system or break into a system without the permissions of the owners of the system but do not have malicious intents towards the system.
  • Black Hats: These are hackers that take advantage of vulnerabilities in a system to break into the system for illegal personal, financial or political gain. These types of hackers have malicious intents towards the system.

What are Security Threats? Mention and Explain two types of Security Threats

  • White hats: These are hackers who break into a system with given permission in order to discover weaknesses within the systems so that the security of these systems can be improved.
  • Gray Hats: These are hackers that compromise a system or break into a system without the permissions of the owners of the system but do not have malicious intents towards the system.
  • Black Hats: These are hackers that take advantage of vulnerabilities in a system to break into the system for illegal personal, financial or political gain. These types of hackers have malicious intents towards the system.

What are Script Kiddies or Skiddies or Skids?

  • These are relatively unskilled individuals who use scripts or programs such as web shells, developed by others to attack a computer system and/or network and/or deface websites according to programming and hacking cultures.
  • This is someone who lacks programming knowledge and uses existing software to launch attacks on computers or computer networks.

What are Cyber Security Threats?

  • Cyber Security Threats are possible malicious attacks that seek to unlawfully acces data, disrupt digital operations or damage information. They can originate from various actors including corporate spies, hacktivists, terrorist groups, hostile nation-states, criminal organizations, lone hackers or even disgruntled employees.
  • Cyber Security Threats or Cyber Threats are any circumstance or event with the potential or possibility to harm an information system through unauthorized access, destruction, disclosure, modificaiton of data, and/or denial of service. Threats arise from human actions and natural events.

What is Cybercrime?

  • Carrying out illegal activities by means of using a computer or the internet.

What is the current estimated annual cost of cybercrime worldwide?

  •  $445 Billion per year the internet.

What is the average number of cyber-attacks on an organization every week?

  • 1400 per week

What is the average cost of a successful cyberattack on an organization?

  • $11 million

What is the average length of time a cyberattack goes undetected?

  • 8months

List the different cyberattacks, cybercrimes or cyber threats that you are familiar with.

  • (Advanced) Phishing
  • Spam
  •  Hacking
  • Malware
  • Data leaks
  • Phishing
  • Identity theft
  • Business Email Compromise (BEC) / Email Account Compromise (EAC)
  • Password Attacks
  • Brute Force-Remote Access Systems
  • Insider Threat
  • Man in the middle
  • Drive-dy downloads
  • Ransomware
  • Denial of Service (DOS) or Distributed Denial of Service (DDoS)

List the different cyberattacks, cybercrimes or cyber threats that you are familiar with.

  • (Advanced) Phishing
  • Spam
  •  Hacking
  • Malware
  • Data leaks
  • Phishing
  • Identity theft
  • Business Email Compromise (BEC) / Email Account Compromise (EAC)
  • Password Attacks
  • Brute Force-Remote Access Systems
  • Insider Threat
  • Man in the middle
  • Drive-dy downloads
  • Ransomware
  • Denial of Service (DOS) or Distributed Denial of Service (DDoS)

What is Spam?

  • Spam is unwanted ‘junk’ mail that can be used to trick you into revealing information or clicking a harmful link. Spamming is the act of sending mail to a large number of email addresses .

List ways to identify a Phishing email.

  • Email sender uses an alias name that is typically familiar but the sender email behind it is from an unassociated source to the alias name being used.
  • Message in the email includes instructions demanding sensitive

What is hacking?

  • Hacking is when someone (with illicit intent) gains unauthorized access to your computer or computer network security system and personal data.
  • Hacking is a process of finding weakness in computer or private networks to exploit its weaknesses and gain access

Who are hackers?

  •  A Hacker is a person who finds and exploits the weakness in computer systems, smartphones, tablets, or networks to gain access. Hackers are well experienced computer programmers with knowledge of computer security.

What is a Denial of Service Attack?

  • These are attacks that flood a target with traffic or information in order to trigger a crash.

What is Business Email Compromise (BEC) / Email Account Compromise (EAC)?

  •  BEC is an attack on organizations where emails are made to appear as though it was sent from the organization. In 2020 the FBI Internet Crime Complaint Center (IC3) received 19,369 Business Email Compromise (BEC)/Email Account Compromise (EAC) complaints with adjusted losses of over $1.8 billion.

What is Brute Force – Remote Access Systems

  • This is a threat that attacks (Virtual Private Networks (VPNs), remote logon systems, or network in general) using trial-and-error to obtain user credentials or use credentials purchased on the dark web marketplaces to gain unauthorized access to systems.

     

  • This can also be called exhaustive search. It is a cryptographic hack that relies on guessing possible combinations of a targeted password until the correct password is discovered. The longer the password, the more combinations that will need to be tested.

What is Insider Threats?

  • Insider threats are threats to an organization’s information, resources, or assets coming from inside the company. This includes fraud, sabotage, espionage and theft.
  • Insider threat actors could be employees, ex-employees, contractors, vendors, and business associates who are familiar with a company’s procedures , controls and who may have access to systems and information.
  • Largest insider threat activity is data exfiltration but isnider threat also includes privilege misuse, data snooping and sabotage.
  • An insider threat is a security risk that originates within an organization. It could come from current or former employees, contractors, or other business associates who have – or have had – access to an organization’s data and computer systems. Because an insider threat originates from within and may or may not be intentional, it is one of the most expensive and difficult to detect attack types.

What is Ransomeware?

  • Ransomware is a type of malware from crytovirology that threatens to publish the victim’s personal data or perpetually block access to it unless a ransom is paid.
  • Ransomware is a type of malicous software that employs encryption to hold a a victim’s information at ransome. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications until a demanded ransom is paid.

How do you know if you have been hacked?

  •  Antivirus triggers an alert
  • A pop up message appears saying that your computer has been encrypted and you must pay ransom to recover it
  • A pop up message appears saying that your computer is infected and you must call a text support phone number to fix it
  • There are new accounts on your computer or device that you did not create or new programs running that you did not install
  • Your browser is taking you to unwanted websites and you cannot close them

What is Identity Theft?

  • Identity theft is the illegal use of someone else’s personal information in order to obtain money or credit.

Why do criminals want your identity?

  • Long term profits
  • Medical benefits
  • To file fake tax returns
  • To open credit card accounts or obtain some sort of loan

What are cookies and how can they be exploited?

  • Cookies are small files that web servers send to web browsers when browsing a site, that stores information about the user such as their username and password, and the server can retrieve at a later time to identify the user.
  • Cookies are bits of texts stored on your computer by websites that you visit. They enable the site know you and save any preferences you may have set with respect to their site. Cookies can contain your name, address, password, payment information and preferences.
  •  Cookies are data that servers send to a browser to keep track of your visits.
  • Cookies can be exploited by ad-trackers to track the sites that you visit.

What is an IP Address?

  • An IP Address is the address the computer has when it connects to the internet. An IP Address is assigned to every device that is connected to the internet and they are given to them by the ISPs.
  • Public IPs have things like your location and browsing history stored.

Why are organizations investing in IT Infrastructure?

  • IT Infrastructure helps organizations improve the speed and efficiency of their operations
  • To remain competitive
  • To increase their profitability
  • To improve their customer service
  • To improve the efficiency of internal controls and communications
  • To meet government regulations

What is Internet of Things (IOT)?

  • IOT (Internet of Things) refer to physical devices that have been enhanced with sensing, communication, and data storage technologies and are connected together via the internet. These are also known as “smart” devices and they allow for seamless integration of physical and digital worlds resulting in efficient services and processes with minimal human intervention.
  1.  Unintentional External Threats: These are threats to an organization that accidentally result from an organization’s relations to external actors.
  2. Malicious External Threats: These are deliberate attempts by outsiders to gain unauthorized access to an organization’s critical information systems.
  3. Unintentional Internal Threats: These are accidental acts by insiders that may negatively affect an organization’s systems, networks or data, usually resulting from negligence or human error.
  4. Malicious Internal Threats: These are deliberate acts perpetrated by insiders intending to gain unauthorized access to an organization’s critical information system.
 Cyber Risks are the potential negative impacts that cyber threats can have on an organization in event that there is a successful breach in the organization’s network infrastructure. These iclude the risk of financial loss, disruption of operations, and damage to the reputation of the oranization.
 Cyber Risk is what happens when a threat exploits a vulnerability. It’s the damage that could be caused by the open vulnerability being exploited by a threat.

 

 The NIST Cybersecurity Framework is a set of guidelines for mitigating organizational cybersecurity risks, published by the US National Institute of Standards and Technology based on existing standards, guidelines and practices. The NIST Framework Core has 5 functions that apply to (Cybersecurity) Risk Management and address the Cybersecurity objectives of an organization:
 1) IDENTIFY
 2) PROTECT
 3) DETECT
 4) RESPOND 
 5) RECOVER 
  1.  The Framework Core
  2.  The Implementation Tiers
  3.  The Profiles
 The Five Functions of the NIST Framework Core are:

1) IDENTIFY:
AM: Asset Management
BE: Business Environment
GV: Governance
RA: Risk Assessment
RM: Risk Management

2) PROTECT:
AC: Access Control
AT: Awareness Training
DS: Data Security
IP: Information Protection Processs and Control
PT: Protective Technology

3) DETECT:
AE: Anomalies and Events
CM: Security Continuous Monitoring
DP: Detection Process

4) RESPOND:
RP: Response Planning
CO: Communications
AN: Analysis
MI: Mitigation
IM: Improvements

5) RECOVER:
RP: Recovery Planning
IM: Improvements
CO: Communications

 

  1. Geico (Data Theft): Geico reported that between Jan 21 and March 1, 2021, a threat actor (or hackers) gained unauthorized access to driver license numbers, names and dates of birth through the online sales system.  The toal number of affected insured drivers is unknown.
  2. Colonial Pipeline (Ransomware): Colonial Pipeline was attacked with ransomware using a compromised operational technology, remote logon account. This account was old and not secured. The ransomware affected mechanical systems tha managed pipeline. The result was a diruption of oil distribution on the east coast of the United States, a ransom payout of >$4 million and a potential international political discourse between nation states.
  3. CNA Financial (Ransomware): CNA was hit by a novel ransomware which caused significant data loss and prevented the company from accessing their networks. It also affected 1500 endpoints and the company paid a $40 million ransom to regain access.

 Zero Trust Security is a security framework that requires all users, whether internal or external to an organization’s network, to be authenticated, approved, and continually checked for security configuration and posture prior to being permitted or maintaining access to applications and data. Zero Trust assumes the absence of a typical network edge, networks can be local, in the cloud, or a combination or hybrid of both, with resources and people located anywhere.

Zero Trust Security refers to the principle that perimiter authentication is not enough to ensure that a user is who they say they are for the duration of their work session. Over the course of their work session, the elements used to authenticate a user can grow stale and less useful. Verifying a user’s identitiy over time is critical to protecting against various risks and is particularly important with remote workers.

Zero Trust Security is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction.

The Zero Trust Model (based on NIST 800-207) includes 3 core principles:

  1.    Continuous verification: Always verify access, all the time, for all resources
  2.    Limit the “blast radius.” Minimize impact if an external or insider breach occurs
  3.    Automate context collection and response

 Zero Trust Model can be explained to executives as a way to:
1. Ensure that all resources are accessed securely, regardless of location.
2. Adopt a least-priviledged strategy and strictly enforce access control.
3. Inspect and log all traffic.

Zero Trust Network Access (ZTNA) changes the typical netwrok architecture paradigm, where users are authenticated at the perimeter. ZTNA shifts the focus from location and interface, and ownership to distributed parameters that can be applied at the point of access.

The network edge is generally defined as the place where a device or local area network (LAN) connects to the Internet. It is called the “edge,” because this is the entry point to the network where devices themselves are communicating with the Internet.
The network edge is the physical point at which the enterprise-owned network connects to a third party network

Principles of ZTNA:
– Any user or devide requesting access to a resource is assumed to be hostile
– Threats to the network exists internally and externally
– Every resource and device requesting access should be authenticated and authorized for that specific resource
– Network policies should be distributed within a network at the point of access (resource, data, etc.) and not centrally located (but are centrally managed).

ZTNA Technologies and Processes:
– Multi-factor authentication at the pont of resource or data consumption
– Least privilege access to data
– Closely coupled identity and access managment systems
– Network visibility and monitoring of user behavior
– Endpoint Management and device health
– Micro-segmentation
– Next-gen firewalls
 Adware is an advertising-supported software that generates reveneu for it’s developer by automatically generating online advertisments in the user interface of the software or aon a screen presented to the user during the insatallation process.
Adware is a software that automatically displays or downloads (often unwanted) advertising materials when a user is online.
Adwares can become malicious or collect your data without your permission or slow down your computer, highjack your browser or install viruses or malware.
 A Backup is an extra copy of data from a computer that is stored separately. It is avaliable for use if the device or original data becomes compromised or if you experience a loss of the original data.

Next Page