Cyber Security

List and explain the three types of Cyber Attackers

• ·Amateurs: AKA Script Kiddies – These are attackers with little or no skills who typically use existing tools or instructions found online to launch attacks.
• ·Hackers: These are attackers who break into computers or networks to gain access. They are often divided into 3 types: White Hats, Gray Hats, and Black Hats.
• ·Organized Hackers: These are organizations of cyber criminals, hacktivists, terrorists, and state-sponsored hackers.

List and explain the three types of Hackers that we have

• ·White Hats: These are hackers who break into a system with given permission in order to discover weaknesses within the systems so that the security of these systems can be improved.
• ·Gray Hats: These are hackers that compromise a system or break into a system without the permissions of the owners of the system but do not have malicious intents towards the system.
• ·Black Hats: These are hackers that take advantage of vulnerabilities in a system to break into the system for illegal personal, financial or political gain. These types of hackers have malicious intents towards the system.

What are Security Threats? Mention and Explain two types of Security Threats

• ·Security Threats are potential dangers that can exploit vulnerabilities in a system to cause harm.
• ·Internal Threats: Threats that originate from within an organization, such as disgruntled employees or insider attacks.
• ·External Threats: Threats that originate from outside the organization, such as hackers, cybercriminals, or nation-state actors attempting to gain unauthorized access.

What are Script Kiddies or Skiddies or Skids?

• ·These are relatively unskilled individuals who use scripts or programs such as web shells, developed by others to attack a computer system and/or network and/or deface websites according to programming and hacking cultures.
• ·This is someone who lacks programming knowledge and uses existing software to launch attacks on computers or computer networks.

What are Cyber Security Threats?

• ·Cyber Security Threats are possible malicious attacks that seek to unlawfully access data, disrupt digital operations or damage information. They can originate from various actors including corporate spies, hacktivists, terrorist groups, hostile nation-states, criminal organizations, lone hackers or even disgruntled employees.
• ·Cyber Security Threats or Cyber Threats are any circumstance or event with the potential or possibility to harm an information system through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. Threats arise from human actions and natural events.

What is Cybercrime?

• ·Carrying out illegal activities by means of using a computer or the internet.

What is the current estimated annual cost of cybercrime worldwide?

• ·$445 Billion per year.

What is the average number of cyber-attacks on an organization every week?

• ·1400 per week.

What is the average cost of a successful cyberattack on an organization?

• ·$11 million.

What is the average length of time a cyberattack goes undetected?

• ·8 months.

List the different cyberattacks, cybercrimes or cyber threats that you are familiar with.

• ·(Advanced) Phishing
• ·Spam
• ·Hacking
• ·Malware
• ·Data leaks
• ·Phishing
• ·Identity theft
• ·Business Email Compromise (BEC) / Email Account Compromise (EAC)
• ·Password Attacks
• ·Brute Force - Remote Access Systems
• ·Insider Threat
• ·Man in the Middle
• ·Drive-by downloads
• ·Ransomware
• ·Denial of Service (DoS) or Distributed Denial of Service (DDoS)

What is Spam?

• ·Spam is unwanted 'junk' mail that can be used to trick you into revealing information or clicking a harmful link. Spamming is the act of sending mail to a large number of email addresses.

List ways to identify a Phishing email.

• ·Email sender uses an alias name that is typically familiar but the sender email behind it is from an unassociated source to the alias name being used.
• ·Message in the email includes instructions demanding sensitive information.

What is hacking?

• ·Hacking is when someone (with illicit intent) gains unauthorized access to your computer or computer network security system and personal data.
• ·Hacking is a process of finding weakness in computer or private networks to exploit its weaknesses and gain access.

Who are hackers?

• ·A Hacker is a person who finds and exploits the weakness in computer systems, smartphones, tablets, or networks to gain access. Hackers are well experienced computer programmers with knowledge of computer security.

What is a Denial of Service Attack?

• ·These are attacks that flood a target with traffic or information in order to trigger a crash.

What is Business Email Compromise (BEC) / Email Account Compromise (EAC)?

• ·BEC is an attack on organizations where emails are made to appear as though they were sent from the organization. In 2020 the FBI Internet Crime Complaint Center (IC3) received 19,369 Business Email Compromise (BEC)/Email Account Compromise (EAC) complaints with adjusted losses of over $1.8 billion.

What is Brute Force - Remote Access Systems?

• ·This is a threat that attacks Virtual Private Networks (VPNs), remote logon systems, or networks in general using trial-and-error to obtain user credentials or uses credentials purchased on the dark web marketplaces to gain unauthorized access to systems.
• ·This can also be called exhaustive search. It is a cryptographic hack that relies on guessing possible combinations of a targeted password until the correct password is discovered. The longer the password, the more combinations that will need to be tested.

What is Insider Threats?

• ·Insider threats are threats to an organization's information, resources, or assets coming from inside the company. This includes fraud, sabotage, espionage and theft.
• ·Insider threat actors could be employees, ex-employees, contractors, vendors, and business associates who are familiar with a company's procedures, controls and who may have access to systems and information.
• ·Largest insider threat activity is data exfiltration but insider threat also includes privilege misuse, data snooping and sabotage.
• ·An insider threat is a security risk that originates within an organization. It could come from current or former employees, contractors, or other business associates who have – or have had – access to an organization's data and computer systems. Because an insider threat originates from within and may or may not be intentional, it is one of the most expensive and difficult to detect attack types.

What is Ransomware?

• ·Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid.
• ·Ransomware is a type of malicious software that employs encryption to hold a victim's information at ransom. A user or organization's critical data is encrypted so that they cannot access files, databases, or applications until a demanded ransom is paid.

How do you know if you have been hacked?

• ·Antivirus triggers an alert.
• ·A pop up message appears saying that your computer has been encrypted and you must pay ransom to recover it.
• ·A pop up message appears saying that your computer is infected and you must call a tech support phone number to fix it.
• ·There are new accounts on your computer or device that you did not create or new programs running that you did not install.
• ·Your browser is taking you to unwanted websites and you cannot close them.

What is Identity Theft?

• ·Identity theft is the illegal use of someone else's personal information in order to obtain money or credit.

Why do criminals want your identity?

• ·Long term profits.
• ·Medical benefits.
• ·To file fake tax returns.
• ·To open credit card accounts or obtain some sort of loan.

What are cookies and how can they be exploited?

• ·Cookies are small files that web servers send to web browsers when browsing a site, that stores information about the user such as their username and password, and the server can retrieve at a later time to identify the user.
• ·Cookies are bits of texts stored on your computer by websites that you visit. They enable the site to know you and save any preferences you may have set with respect to their site. Cookies can contain your name, address, password, payment information and preferences.
• ·Cookies are data that servers send to a browser to keep track of your visits.
• ·Cookies can be exploited by ad-trackers to track the sites that you visit.

What is an IP Address?

• ·An IP Address is the address the computer has when it connects to the internet. An IP Address is assigned to every device that is connected to the internet and they are given to them by the ISPs.
• ·Public IPs have things like your location and browsing history stored.

Why are organizations investing in IT Infrastructure?

• ·IT Infrastructure helps organizations improve the speed and efficiency of their operations.
• ·To remain competitive.
• ·To increase their profitability.
• ·To improve their customer service.
• ·To improve the efficiency of internal controls and communications.
• ·To meet government regulations.

What is Internet of Things (IOT)?

• ·IOT (Internet of Things) refers to physical devices that have been enhanced with sensing, communication, and data storage technologies and are connected together via the internet. These are also known as 'smart' devices and they allow for seamless integration of physical and digital worlds resulting in efficient services and processes with minimal human intervention.

Explain 4 classifications or categories of cyber threats.

• ·Unintentional External Threats: These are threats to an organization that accidentally result from an organization's relations to external actors.
• ·Malicious External Threats: These are deliberate attempts by outsiders to gain unauthorized access to an organization's critical information systems.
• ·Unintentional Internal Threats: These are accidental acts by insiders that may negatively affect an organization's systems, networks or data, usually resulting from negligence or human error.
• ·Malicious Internal Threats: These are deliberate acts perpetrated by insiders intending to gain unauthorized access to an organization's critical information system.

What is a cyber risk?

• ·Cyber Risks are the potential negative impacts that cyber threats can have on an organization in the event that there is a successful breach in the organization's network infrastructure. These include the risk of financial loss, disruption of operations, and damage to the reputation of the organization.
• ·Cyber Risk is what happens when a threat exploits a vulnerability. It's the damage that could be caused by the open vulnerability being exploited by a threat.