Cyber Crime & Cyber Security

Questions and Answers

Which of the following best describes cyber crime?

• Crimes related to the sale of physical goods online.
• Crimes that involve physical harm to individuals.
• Crimes committed using computers, phones, or the internet. (correct)
• Crimes that occur in a virtual reality environment.

Cyber security primarily focuses on protecting physical infrastructure from damage.

False (B)

Name three of the five key principles of cyber security.

Confidentiality, Integrity, Availability

The cyber security principle of __________ ensures that information is trustworthy and accurate.

integrity

Match the following cyber security principles with their definitions:

Confidentiality = Limiting access to information Integrity = Information is trustworthy and accurate Availability = Reliable access to information by authorized people Accountability = Evaluating performance related to responsibilities

What is the primary goal of a cyber threat?

To gain unauthorized access to a computer network (D)

A cyber threat only originates from external sources outside of an organization.

False (B)

List three potential sources of cyber threats.

National governments, Terrorists, Hackers

Cyber threats can be classified based on attacker's resources, organization, and ___________.

funding

Match the cyber threat classification with its description:

Unstructured Threats = Individual or small group with negligible funding Structured Threats = Well-trained individual or group with available funding Highly Structured Threats = Extensive organization, resources, and planning

What is a key characteristic of unstructured cyber threats?

Negligible funding and little to no organization (B)

Structured cyber threats are characterized by the limited funds available to the attackers.

False (B)

What are the typical characteristics of Highly Structured Cyber Threats?

Extensive organization, resources, and planning

The Cyber Threat Unit evaluates cyber threats daily and assigns a threat __________ level.

index

Match the threat index level with its description:

Level 1 = Guarded Level 2 = Elevated Level 3 = High Level 4 = Critical

Which of the following is an example of a cyber attack where an unauthorized person stays undetected on a network for a long period?

Advanced Persistent Threat (APT) (A)

A backdoor is a type of cyber attack that improves network authentication processes.

False (B)

Describe the main purpose of a 'Man-in-the-middle' attack.

Intercept and relay messages between two parties.

A ___________ attack occurs when attackers attempt to prevent authorized users from accessing a service.

denial of service

Match the type of cyber attack with its description:

Cross-Site Scripting (XSS) = Allows attacker to execute malicious JavaScript in another user's browser SQL Injection = Allows hacker to steal and alter data in a website's database Zero-day exploit = Targets a vulnerability that is disclosed but not patched

Which of the following is not a potential result of a successful cyber attack?

Improved system performance (A)

Malicious code is designed to enhance the performance and security of a computer system.

False (B)

How can we describe a computer virus?

Malicious program replicating itself by modifying programs.

A ____________ is a standalone malware that replicates itself to spread to other computers.

network worm

Match the type of malicious code with its description:

Trojan Horse = Introduces viruses onto your system while claiming to remove them. Botnet = Used for DDoS attacks, data theft, and spam distribution Keylogger = Monitors and records keystrokes on a keyboard Rootkit = Enables administrator-level access to a computer or network

What is NOT a capability of a Botnet?

Removing malware completely from devices (B)

A keylogger is a software that enhances the graphics display on a computer.

False (B)

Give two examples of Malicious Code.

Spyware and Adware

___________ is designed to display advertisements and redirect search requests to collect marketing data.

adware

What is required to define 'Vulnerability'?

A flaw in a system, attacker access, and capability to carry out the exploit (D)

A vulnerability is classified only according to hardware assets.

False (B)

Name three potential causes of vulnerabilities in a system.

Missing patches, Cleartext credentials, Unencrypted channels

One cause of security vulnerabilities is the use of ___________ credentials instead of stronger encrypted ones.

cleartext

Match the following terms with their descriptions.

Algorithm = Set of well defined instructions accomplishing tasks Cipher = Core algorithm used to encrypt data Ciphertext = Text in encrypted form

What is the main function of a Cipher?

Transform plaintext into ciphertext. (C)

The process of decryption involves converting ciphertext back into plaintext without a key.

False (B)

What does encypt/encipher mean?

To alter plaintext so it is unintelligible to unauthorized parties

____________ allows the substitution of meaningful text for innocuous phrases.

codes

What is the Caesar Cipher?

A letter-shifting code. (A)

The Enigma Machine is considered a basic method of encryption.

False (B)

Name three real-world applications of cryptography.

Banking, Emails, VPNs.

____________ ensures the integrity of data and can be just as important as keeping them confidential.

integrity

Flashcards

What is Cyber Crime?

Crimes committed using computers, phones or the internet.

What is Cyber Security?

Technologies, processes, and practices protecting individuals/organizations from cyber crime.

What is Confidentiality?

Limiting access or restrictions on certain types of information.

What is Integrity?

Assurance that information is trustworthy and accurate.

What is Availability?

Guarantee of reliable access to information by authorized people.

What is Accountability?

Assurance that performance is evaluated for actions they are responsible for.

What is Auditability?

Systematic evaluation measuring conformity to security criteria.

What is a Cyber Threat?

Malicious act to gain unauthorized access.

What is an Algorithm?

Well-defined instructions to accomplish a task.

What is a Cipher?

Algorithm used to encrypt data, transforming plaintext into ciphertext.

What is Ciphertext?

Text in encrypted form.

What is a Key?

A secret word or system for solving a cipher.

What is Plaintext

Original message to be encoded.

What is Encryption?

Transforming data for authorized persons.

What is Hashing?

Mathematical process converting data to fixed-length string to verify integrity.

What is a Digital Signature?

Cryptographic method using a private key to sign a digital document.

What is a Certificate?

Document by a trusted authority verifying identity of an entity.

What is Symmetric Encryption?

Uses a single key for both encryption and decryption.

What is Asymmetric Encryption?

Uses a public key for encryption and a private key for decryption.

What Defines Confidentiality?

A set of rules that limits access or places restrictions on information.

What Defines Intergrity?

Assurance that information is accurate and trustworthy.

What Defines Avaibility?

Granting reliable access to information by only authorized people.

What Defines Accountability?

Evaluating performance or behaviour related to something for which one is responsible.

What Defines Auditability?

Systematic evaluation of a company's information system, conformity evaluation of established criteria.

What Is A Cyber Threat?

Malicious activities that attempts to gain access to a computer network without any authorization.

What are Unstructured Cyber Threats?

Individual or small groups with litte to no organization and negligible founding.

What are Structured Cyber Threats?

Well trained individuals or group with well founded and planned attacks.

What are Highly Structured Threats?

Extensive organization, resources and planning over time, long terms attacks.

What is Advanced Persistent Threat (APT)?

A network attack in which an unauthorized person gains access to network and stays there undetected.

What is a Backdoor Vulnerability?

Method of bypassing normal authentication and gaining access in OS or application.

What is Buffer Overflow?

An exploit that takes advantage of the program that is waiting for a user's input.

What is a Man-In-The-Middle Attack?

Intercepts and relays messages between two parties who are communicating directly

What is Denial-Of-Service Attack (DOS)?

Attackers attempt to prevent the authorized users from accessing the service.

What is SQL Injection??

A very common exploited web application vulnerability that allows malicious hacker to steal data.

What is Spyware?

Software that is hidden from the user in order to gather information about internet interaction.

What is Ransomware?

Malware that prevents users from accessing their system unless a ransom is paid.

Study Notes

Cyber Crime

• Crimes are committed using computers, phones, or the internet
• Types include illegal interception of data, system interferences, copyrights infringements, and sale of illegal items

Cyber Security

• Technologies, processes, and practices protect individuals and organizations from cybercrimes
• Designed to safeguard the integrity of networks, computers, programs, and data from attack, damage, or unauthorized access

Cyber Security Principles

• There are five key principles in cyber security:
  • Confidentiality: A set of rules that limits access or places restrictions on certain types of information
  • Integrity: Assurance that information is trustworthy and accurate
  • Availability: A guarantee of reliable access to information by authorized people
  • Accountability: An assurance that an individual or organization is evaluated on performance or behavior related to responsibility
  • Auditability: Security audit is a systematic evaluation of a company's information system via measuring conformance to established criteria

Cyber Threats

• Any malicious act that attempts to gain unauthorized access to a computer network
• Encompasses a wide range of malicious activities that can damage or disrupt computer systems, networks, or the information they contain
• Common examples include social engineered Trojans, unpatched software, phishing, and network worms
• Cyber Threats: Their Sources
  • Cyber threats can originate from various sources, including national governments, terrorists, industrial secret agents, rogue employees, hackers, business competitors, and organization insiders
  • Anyone with a motive and the necessary technology can pose a cyber threat
  • Cyber Threat Classifications
    • Threats classified by attacker's resources, organization, and funding
    • 3 types: unstructured, structured, and highly structured

Unstructured Cyber Threats

• Resources: Individual or small group
• Organization: Little to no organization
• Funding: Negligible
• Attack: Easy to detect with freely available cyberattack tools
• Exploitation: Based on documented vulnerabilities

Structured Cyber Threats

• Resources: Well-trained individuals or groups
• Organization: Well-planned
• Funding: Available
• Attack: Targeted against specific individuals or organizations
• Exploitation: Based on information gathering

Highly Structured Cyber Threats

• Organization: Extensive organization with planning over time
• Attack: Long-term attacks on particular machines or data
• Exploitation: Utilizes multiple methods, including technical, social, and insider help

Cyber Security Threat Index Level

• Cyber threats are evaluated daily by the Counter Threat Unit (CTU) and assigned a threat index level
• The threat index levels are:
  • Level 1: Guarded
  • Level 2: Elevated
  • Level 3: High
  • Level 4: Critical

Types of Cyber Attacks

• Advanced Persistent Threat (APT): Unauthorized access to a network that remains undetected for a long period
• Backdoor: Bypassing normal authentication methods to gain access in an OS or application
• Buffer Overflow: Exploiting a program waiting for user input
• Man-in-the-Middle Attack: Interception and relay of messages between communicating parties
• Cross-Site Scripting (XSS): Code injection attack to execute malicious JavaScript in another user's browser
• Denial of Service Attack: Preventing authorized users from accessing a service
• SQL injection: Exploiting web application vulnerabilities to steal or alter data in a website's database
• Zero-day Exploit: Exploiting an undisclosed and unpatched vulnerability in a system or device

Impacts of Cyber Attacks

• Cause major damage to organizations or systems as well as to business reputation and consumer trust
• Results can include financial loss, reputational damage, and legal consequences

Types of Malicious Code

• Virus: Replicates itself by modifying other computer programs and inserting its own code
• Network Worm: Standalone malware that replicates to spread to other computers
• Trojan Horse: Claims to free your computer from viruses but introduces them instead
• Botnet: Used for DDoS attacks, data theft, spamming, and gaining attacker access to a device
• Keylogger: Surveillance technology to monitor and record keystrokes on a computer's keyboard
• Rootkit: Collection of tools to enable administrator-level access to a computer or network
• Spyware: Hidden software to gather information about internet interaction, keystrokes, passwords, and valuable data
• Adware: Displays advertisements and redirects search requests to advertising websites to collect marketing data
• Ransomware: Malware that prevents or limits access to a system by locking the screen or files, demanding a ransom

Cyber Security Vulnerabilities

• Cyber-security term for a flaw in a system that can be exploited
• Vulnerability: Is the composition of 3 elements:
  • Flaw in system
  • Access of attacker to that flaw
  • Capability of attacker to exploit the flaw
• Vulnerabilities are Classified According to the Asset:
  • Hardware.
  • Software.
  • Network.
  • Personal.
  • Physical site.
  • Organizational.

Causes of Vulnerabilities

• Missing patches
• Cleartext credentials
• Using unencrypted channels
• RF Emanation

Cryptography

• Kathleen Richards describes Cryptography to be a method of protecting information and communications, only allowing those for whom the information intended to be able to read and process
• The prefix "crypt-" means "hidden" or "vault," and the suffix "-graphy" stands for "writing."
• Algorithm: Instructions to accomplish a task that terminates in a defined end state
• Cipher: Core algorithm used to encrypt data, transforming plaintext into ciphertext that requires a key for reversal
• Ciphertext: Text in encrypted form
• Codes: Equivalence table (codebook) allowing substitution of meaningful text for innocuous messages
• Decrypt/Decipher: Process of retrieving plaintext from ciphertext
• Encrypt/Encipher: Altering plaintext with a secret code to be unintelligible to unauthorized parties
• Key: Word or system for solving a cipher or code
• Plaintext: Original message before encoding or enciphering
• Encryption: Transforms data intended for authorized persons
  • Crucial for file encryption, message scrambling, authentication and internet transactions
• Encrypting/Deciphering: Uses a key to scramble the contents of a file
• Key space: Total keys for an encryption algorithm affected by the key's length
• History of cryptology goes back many millennia in ancient Egyptian India etc.

Caesar Cipher

• Basic encryption where letters shift fixed places down the alphabet

Enigma Machine

• Device to encrypt messages used during World War II.

Applying Cryptography to Computer Security

• Data gets exposed unlike files residing in the office

• Confidentiality: Encryption which defines encryption

• Integrity: Data is often as important as protection

• Authentication: Ability to confirm the identity of the user

• Not a defense against distraction of data

• Security: Valuable asset for computer data

• Symmetric Encryption

  • A single key is used for both encryption and decryption
  • Common Algorithms: AES, DES, 3DES, Blowfish
  • How it Works:
    • Sender encrypts plaintext with a key
    • Use Cases: Secure file storage, VPNs, database encryption
    • Pros: Fast, efficient. Cons: Key distribution problem.

• Asymmetric Encryption Uses public key for encryption and private key decryption

  • Common Algorithms: RSA, ECC, Diffie-Hellman.
  • How it Works:
    • Public key encrypts the data
    • Private key decrypts the data
    • Use Digital signatures, secure communications (SSL/TLS), cryptocurrency transactions.
  • Pros Secure key exchange, digital authentication

• Cons Slower than symmetric encryption

Hashing, Digital Signatures, and Certificates

• Mathematical function that converts data into a fixed-length string ("fingerprint") to verify integrity
• Digital signature: Uses a private key to "sign" a document, helping authenticity plus tampering
• Certificate: Issued by a trusted 3rd party verifying the identity of an entity
• Digital SignaturesEncrypting to verify document's authenticity/Integrity
• Digital Signatures
  • Secures communication
  • Provides non repudiation
  • Prevents the sender to deny the document
  • Verifies to trusted CA (certificate authority)
  • Secures communication via HTTPS
• Hashing - Creates unique string to verify integrity, password storage,
• "One way Function"- process to get original data from a hash that is one way.

Description

Overview of cybercrimes committed using digital devices like computers and phones. Focus on the technologies, processes, and practices designed to protect data and networks from cyberattacks, emphasizing key principles like confidentiality, integrity and availability.