Cybersecurity: CIA Triad and Attack Types

Questions and Answers

What aspect of information security ensures timely and reliable access to data for authorized users?

• Confidentiality
• Availability (correct)
• Integrity
• Maintainability

Which attack type involves a criminal taking small amounts of money that are unlikely to be noticed by individual victims?

• Salami Attack (correct)
• DoS Attack
• Ransomware
• Phishing

What type of attack floods a targeted network with traffic, rendering it inaccessible to legitimate users?

• DoS (Denial-of-Service) attack (correct)
• Salami Attack
• Malware
• Phishing

What general term is used for malicious software?

Malware (C)

What is the term for unsolicited bulk email?

SPAM (D)

What is a network of compromised computers used for illegal activities called?

Botnet (D)

What is the term for threatening to release sensitive information if a ransom is not paid?

Extortion (D)

What is the process of converting a password into a string of characters using a hash function called?

Hashing (A)

What adds a random string to each password before hashing?

Salting (A)

What is a cyber-enabled crime that involves the unauthorized release of personal information with the intent to harass called?

Doxing (B)

Flashcards

Confidentiality

Restricting access to sensitive information or data to authorized individuals only.

Integrity

Guarding against improper modification or destruction of information or data.

Availability

Ensuring timely and reliable access to data, information & resources for authorized users.

Salami Attack

A financial cyber attack where small amounts are taken to go unnoticed.

DoS (Denial-of-Service) attack

Attack that makes legitimate users unable to access information systems or network resources.

Malware

A broad term for malicious software, including viruses and spyware.

Grayware

Software that may negatively impact the user in terms of privacy, performance, and efficiency, bundled with downloads.

SPAM

Unsolicited bulk email with financial, political, or sexual incentives.

Extortion

Threatening to release sensitive information unless a ransom is paid.

Doxing

Cyber-enabled crime is the unauthorized release of personal information to harass.

Study Notes

Information/Cybersecurity

• Confidentiality restricts access to sensitive information or data to authorized individuals only
• Integrity guards against improper modification or destruction of information or data
• Availability ensures timely and reliable access to data, information, and resources for authorized users

Attack Rules

• ISO 27000 covers any attempt to expose, alter, disable, destroy, steal, or gain unauthorized access to an asset
• CNSS addresses any malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources
• IETF considers an assault on system security that attempts to evade security services and violate security policy

Specific Attack Types

• Salami Attack is a financial cyber attack involving small, unnoticed amounts of money from many cases
  • Its effectiveness stems from victims not noticing or reporting the small losses
• DoS (Denial-of-Service) attack prevents legitimate users from accessing systems by flooding the target with traffic, causing crashes

Malware and Grayware

• Malware ("Malicious Software") is a broad term for malicious software, including computer viruses and spyware
  • Spyware harvests user information for profit, including selling data or stealing user credentials
• Grayware negatively impacts user privacy, performance, and efficiency, often bundled with free software
  • Adware aggressively displays ads post-installation
  • Scareware uses false alerts from anti-malware software
  • Rooting Tools attempt to gain root privileges on a user's device
  • Tracking/Spyware tracks activities and collects data without consent
  • Remote Access Tools enable remote administration of a device
    • Droppers install unwanted apps in the background without consent
  • Hijackers change settings to reroute users

SPAM, Botnets, Social Link Farming, and Ransomware

• SPAM is unsolicited bulk email with financial, political, sexual, or ideological incentives
• Botnets are networks of compromised computers engaging in illegal activities like distributing spam and launching DDoS attacks
• Social Link Farming involves creating fake online profiles with artificial followers
• Ransomware involves:
  • Extortion: Threatening to release sensitive information unless a ransom is paid
  • Encryption: Blocking access to critical information until ransom payment
  • Double Extortion: Auctioning victim data on criminal markets

Phishing and IoT Security

• Phishing asks for money, installs malware, and obtains user credentials
• Securing IoT Devices:
  • The best solution is to avoid using or block network access entirely
  • Consider strict access control, regular software updates, changing default passwords, using WPA# encryption, and VPN routers

Digital Transformation of Crime

• Cybercrimes are driven by readily available tools and often require minimal technical skills

Advanced Persistent Threat (APT)

• APTs employ complex strategies, are well-resourced, and maintain unauthorized network access for extended periods

APTs vs Cybercrime Organizations vs Intelligence Services

• APTs focus on espionage and strategic data gathering, are state-sponsored, and target governments/corporations with a stealthy, long-term approach
• Cybercrime Organizations focus on financial gain, operate independently, target direct, oriented targets to make money fast with a direct, money-focused approach
• Intelligence Services focus on national security and surveillance, are government-affiliated, and target stealthy covert targets (NSA, FSB) with covert and highly advanced techniques

Hack-for-Hire, Data Brokers, and Backdoors

• Hack-for-hire allows outsourcing risky activities to avoid detection
• Data Brokers obtain and sell user information
• Backdoors bypass authentication for unauthorized access and can be found in cryptographic algorithms, OS, software, or hardware
• Crypto Wars involve government attempts to weaken encryption

NDA Violations and Cookies

• 70% of software professionals admit they might violate NDAs from previous employers
• Ethical culture and reporting mechanisms can limit NDA violations
• Cookies are information stored on user's devices
  • First-party cookies are from the visited website
  • Third-party cookies are from services other than the visited website
  • Supercookies are purposefully difficult to remove

Cryptography

• Cryptography involves the mathematics of encrypting/decrypting communications
  • Public key (asymmetric) uses key pairs for encryption/decryption
  • Private key (symmetric ) uses the same secret key for all parties
  • Zero-Access Encryption ensures data encryption prevents server operators from accessing unencrypted data

Hashing and Salting

• Hashing converts a password into a string of characters using a hash function
• Salting enhances security by adding a random string to each password before hashing

Cryptographic Accelerator

• Cryptographic Accelerators are hardware components on the motherboard that speed up encryption/decryption

Full-Disk Encryption and SS7

• Full-disk encryption secures data by encrypting the entire disk, requiring a password upon reset, shutdown, or sleep
• Signaling System No. 7 (SS7) facilitates voice calls, SMS, and other services on telephone networks

IMSI-Catchers, SIM Swap Attack, and Doxing

• IMSI-Catchers are fake cell towers that capture International Mobile Subscriber Identity
• SIM Swap Attacks involve attackers getting a new SIM card linked to the victim's number
• Doxing is the unauthorized release of personal information to harass, threaten, or cause harm

Sha Zhu Pan and Acoustic Cryptanalysis

• Sha Zhu Pan is a pig-butchering scam that involves fraudulent dating tactics to trick victims into investing into crypto websites
• Acoustic Cryptanalysis analyzes sounds from devices like CPUs or keyboards
  • Timing Attacks measure the time for cryptographic operations, remote
  • Power Analysis Attacks measure power consumption, physical access needed
  • Electromagnetic Attacks capture emissions, requires specialized equipment
  • Fault Injection Attacks induce device errors to reveal information

Firewalls and VPNs

• Firewalls filter network traffic between internal and external networks
• Device-based VPNs are software programs installed on devices to encrypt internet traffic
• VPN Routers function similarly to device-based VPNs but encrypt at the router level

Sanctions and Cybersecurity Policies

• Sanctions are penalties for law violations and can be for cybersecurity policy violations
• Cybersecurity Policies are normative documents requiring justifications and are communicative documents
• Normative Documents outline what the organization should do regarding cybersecurity and information security
• Communicative Documents aim to clearly communicate cybersecurity norms to employees

CISO Duties

• Oversee cybersecurity policy management by developing strategies, updating policies, participating in design, and developing standards
• Manage day-to-day operations by leading teams, assigning tasks, coordinating efforts, and making trade-offs
• Provide cybersecurity education by SETA's development and maintenance
• Maintain currency and threat awareness by understanding cybersecurity protection mechanisms
• Maintain relationships with vendors, consultants, and auditors
• Recovery planning involves developing, disseminating, and enforcing business continuity and disaster recovery plans with simulations
• Investigate cybersecurity breaches by performing IT forensics

Integration Steps

• Risk Identification: Using abuse cases to highlight potential security breaches and undesirable actions that could harm the system
• Risk Assessment: Analyzing identified risks to evaluate severity and likelihood
• Risk Control Measures: Designing and implementing controls to mitigate identified risks, involving countermeasures for abuse cases
• Continuous Monitoring: Regularly reviewing and updating risk assessments and controls for new threats