Cyber Crime and Cyber Security

Questions and Answers

Which of the following is NOT a primary goal of cyber security?

• Availability
• Auditability
• Confidentiality
• Obscurity (correct)

A cyber threat refers exclusively to attacks initiated by external entities, such as hackers or foreign governments.

False (B)

A __________ attack involves an unauthorized party intercepting and relaying messages between two parties who are communicating directly with each other.

man-in-the-middle

Which type of cyber threat is characterized by extensive organization, resources, and long-term planning?

Highly Structured Threats (D)

Which of the following best describes a 'zero-day exploit'?

A vulnerability that has been disclosed but not yet patched (D)

Match the cyber security principle with its description:

Confidentiality = A set of rules that limits access or places restrictions on certain types of information. Integrity = Assurance that the information is trustworthy and accurate. Availability = The guarantee of reliable access to the information by authorized people. Accountability = Assurance that an individual or organization will be evaluated on their performance or behaviour related to something for which they are responsible. Auditability = A security audit is a systematic evaluation of the security of a company's information system by measuring how well it conforms to a set of established criteria.

In the context of cryptography, what is the primary purpose of hashing?

To create a unique 'fingerprint' of the data for integrity verification (C)

Explain the difference between Symmetric and Asymmetric encryption.

Symmetric encryption uses a single key for both encryption and decryption, while asymmetric encryption uses a pair of keys (public and private) for encryption and decryption.

Which type of malicious code replicates itself to spread to other computers?

Network Worm (C)

What is the primary characteristic that differentiates a Caesar Cipher from an Enigma machine in the context of cryptography?

The complexity in encrypting messages; where Caesar Cipher employs basic letter-shifting and Enigma employs multifaceted electromechanical encryption. (C)

Flashcards

What is Cyber Crime?

Crimes committed using computers, phones, or the internet, including illegal data interception, system interference, copyright infringement, and the illegal item sales.

What is Cyber Security?

It is the body of technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access.

What is Confidentiality?

A set of rules that limit access or place restrictions on certain types of information.

What is Integrity?

Assurance that information is trustworthy and accurate.

What is Availability?

Guarantee of reliable access to information by authorized people.

What is Accountability?

Assurance that an individual or organization will be evaluated on their performance or behavior related to what they're responsible for.

What is Auditability?

A systematic evaluation of the security of an information system, measuring how well it conforms to established criteria.

What is a Cyber Threat?

Any malicious act attempting to gain unauthorized access to a computer network, damage or disrupt a system, or steal information.

Advanced Persistent Threat (APT)

A network attack where an unauthorized person gains access and remains undetected for a long time.

What is a Backdoor Attack?

Method of bypassing normal authentication to gain access to an operating system or application.

Study Notes

Cyber Crime

• Cyber crimes involve using computers, phones, or the internet to commit illegal acts.
• Illegal interception of data is a cyber crime.
• System interferences is a cyber crime.
• Copyrights infringements is a cyber crime.
• Sale of illegal items is a cyber crime.

Cyber Security

• Cyber security is the body of technologies, processes, and practices involved in protecting individuals and organizations from cyber crime.
• Cyber security is designed to protect the integrity of networks, computers, programs, and data from attack, damage, or unauthorized access.

Cyber Security Principles

• There are five key principles in cyber security which are: confidentiality, integrity, availability, accountability and auditability.

Cyber Security Principle Definitions

• Confidentiality is a set of rules that limits access or places restrictions on certain types of information.
• Integrity is the assurance that information is trustworthy and accurate.
• Availability is defined as the guarantee of reliable access to information by authorized people.
• Accountability is an assurance that an individual or an organization will be evaluated on their performance or behavior related to something for which they are responsible.
• Auditability is a security audit as a systematic evaluation of the security of a company's information system, by measuring how well it conforms to a set of established criteria.

Cyber Threat

• A cyber threat is any malicious act that attempts to gain access to a computer network without authorization or permission from the owners.
• A cyber threat refers to the wide range of malicious activities that can damage or disrupt a computer system, a network, or the information it contains.
• Common cyber threats are social engineered trojans, unpatched software, phishing, network worms, etc.

Sources of Cyber Threats

• Cyber threats can come from a wide variety of sources.
• Notable sources of threats include national governments, terrorists, industrial secret agents, rogue employees and hackers.
• Further sources of threats involve business competitors and organization insiders.

Cyber Threat Classifications

• Threats can be classified by multiple criteria.
• The criteria for classification are: attacker's resources, attacker's organization and attacker's funding.
• On the basis of these criteria, threats are of 3 types which are: unstructured threats, structured threats, and highly structured threats.

Unstructured Cyber Threats

• Unstructured cyber threats include the following parameters: resources, organization, funding, and attack.
• Resources involve individual or small groups.
• Organization shows little or no organization.
• Funding is negligible.
• Attack is easy to detect and makes use of freely available cyberattack tools.
• Exploitation is based on documented vulnerabilities.

Structured Cyber Threats

• Structured cyber threats include the following parameters: resources, organization, funding and attack.
• Resources involve well trained individual and group attack.
• Organization is well-planned attack.
• Funding is available for attack.
• Attack is against a particular individual or organization.
• Exploitation is based on information Gathering.

Highly Structured Cyber Threats

• Highly structured cyber threats demonstrate: extensive organization, resources, and planning over time, and attack.
• The attack is a long term attack on particular machine or data.
• Exploitation uses multiple methods that include technical, social, and insider help.

Cyber Security Threat Index Level

• Cyber threats are evaluated daily by the CTU (counter threat unit)
• Threat index levels are: Level 1: Guarded, Level 2: Elevated, Level 3: High, Level 4: Critical.

Types of Cyber Attacks

• Advanced Persistent Threat (APT): Is a network attack in which an unauthorized person gains access to networks undetected for a long period of time.
• Backdoor: is used as a method of bypassing normal authentication and gaining access in OS or application.
• Buffer Overflow: Is an Exploit that takes advantage of a program.
• Man-in-the-middle Attack: intercepts messaging between two directly communicative parties.
• Cross-Site Scripting (XSS): Is a code injection attack allowing hackers to use malicious JavaScript in another user’s browser.
• Denial of Service Attack: Attack where the attempters try and keep service unavailable to authorize users.
• SQL injection: A very common exploited web application where hackers can steal or alter database data.
• Zero-day exploit: A vulnerability disclosed that doesn’t have a patch.

Impacts of Cyber Attacks

• A successful cyber attack, can cause major damage to organizations or systems, as well as to business reputation and consumer trust.
• Some potential results of attacks include: Financial Loss, Reputational Damage and Legal Consequences.

Types of Malicious Code

• Virus: Is a malicious software program executing, that replicates itself via, modifying or inserting other self-code.
• Network Worm: Is standalone malware which copies itself to spread.
• Trojan Horse: Program claiming to rid a computer of viruses, but spreads its own.
• Botnet: Performs DDoS, stealing data, sending spam, and allowing device hacking.
• Keylogger: Surveillance technology which monitors and records keystrokes.
• Rootkit: Is a collection of administrator tools enabling high access.
• Spyware: Software for data collection, like passwords and more.
• Adware: A platform displaying ads and requests, for more data.
• Ransomware: Limits user access unless requirements have been met, like paying for a ransom.

What is a Vulnerability?

• Vulnerability refers to a flaw in a system that can leave it open to attack.
• Vulnerability is the composition of three elements: a flaw in system, access of attacker to that flaw and capability of attacker to exploit the flaw.

Classification of Vulnerabilities

• Vulnerabilities are classified according to the asset.
• The classifications are: hardware, software, network, personal, physical site and organizational.

Causes of Vulnerabilities

• Causes for system vulnerability:
• Missing Patches
• Cleartext Credentials
• Using Unencrypted Channels
• RF Emanation

Cryptography

• Cryptography is a method of protecting information and communications through the use of codes, so that only those for who the information is intended can read and process it.
• The prefix "crypt-" means "hidden" or "vault"
• The suffix "-graphy" stands for "writing."
• Cryptography helps to understand basic encryption concepts.
• Cryptography helps to differentiate between symmetric and asymmetric encryption and to explain the advantages and disadvantages of both.
• Cryptography helps to demonstrate encryption and decryption using basic tools or programming.

Terminology

• Algorithm: List of instructions accomplishing a task.
• Cipher: Algorithm used to encrypt data.
• Ciphertext: Is text in encrypted form, not plain text.
• Codes: Substitutes text for substitutions in equivalences,
• Decrypt/Decipher: Retrieves plain text from ciphertext.
• Encrypt/Encipher: Alters plain text using a code otherwise it can be unintelligible to unauthorized parties
• Key: System or code, used to solve cipher code.
• Plain text: Is an original message for encoding.

Encryption

• Encryption has the ability to transform data.
• Encryption has authorized users as the only individuals who can access performed processes.
• Encryption technology has basic terms used to describe its applications, such as file encryption, message scrambling, authentication, and securing internet transactions to communicate safely and store information securely.
• Encryption encodes key through shared coding.
• It also hides data and cannot be decrypted without being "unscrambled".
• Total number of possible algorithm keys are used for encryption and functions of the value placements.

Importance of Cryptography in Cybersecurity

• Caesar Cipher is simple, where each letter is moved to a specific position throughout the alphabet.
• Enigma Machines create variable complex ciphers with rotors for WWII encrypting which can be hard to break
• Enigma utilizes much more complexity compared to Caesar with letter-shifting.
• Files and messages relate to substitutions which can add or transfer computer files.
• Banking, emails, SSL/TLS, and VPNs can be used in real world transactions
• Data is transferred and exposed to computer office threats, with integrity. However the role of encryption can show encryption and confidentiality. As security confirms user identity and confidential integrity.
• One role that cryptography cannot fill is defense against data destruction.
• Even with a lack of availability, cryptography ensures extra defense versus computer information.

Symmetric Encryption

• Symmetric encryption uses a single key for encryption and decryption.
• Common algorithms are: AES, DES, 3DES, Blowfish.
• The way symmetric encryption works are: a sender encrypts plaintext through a key and a receiver decrypts the text using the same key.
• Encryption can securely store files, through VPNS and database.
• Symmetric encryption cons and pros are: efficiency, speed, but suffer issues with distributor keys.

Asymmetric Encryption

• Asymmetric encryption is a type of cryptography the uses: a public key for encryption and a private key for decryption. Common Algorithms are: RSA, ECC, DIffie-Hellman.
• Encryption public encrypts through data, only to have a private key access the data.
• Encryption can be secured through SSL/TLS, digital signatures and other cryptocurrency, while also delivering authentications as a whole. Encryption cons are being slower than asymmetric encryption.

Comparison of Encryption

• Symmetric encryption utilizes fast algorithms for encryption.
• Asymmetric encryption uses a public and private key, which are slower than symmetric algorithms.
• Encryptions range in exchanges from lower secure keys, to higher authentic secured measures to verify the exchange.
• Use cases are: File encryption (symmetric), VPNS, and digital signatures. It transmits both small and large data.

Hashing

• Hashing is a mathematical process that converts any size of data into a fixed string to verify that data is used in an algorithm.
• A "digital signature" utilizes encoding to safe keep documents.
• A "certificate" authenticates by verifying certain digital signatures, of websites and people to create reliability!
• Hashing creates unique short stings, and is utilized for password safeguards.
• Signature is a verified way for secure transfers.
• All keys are encrypted to trust communications.

Description

Explore cyber crime and cyber security, including illegal interception of data, system interferences, and copyright infringements. Learn about the principles of cyber security: confidentiality, integrity, and availability. Understand how these concepts protect networks and data from unauthorized access and damage.