Cybersecurity: CIA Triad & Attack Types

Questions and Answers

What aspect of cybersecurity focuses on restricting access to sensitive data?

• Availability
• Utility
• Confidentiality (correct)
• Integrity

Which of the following is a primary goal of integrity in information security?

• Preventing unauthorized data modification (correct)
• Ensuring timely access
• Restricting user access
• Maximizing data storage

Ensuring reliable access to data for authorized users describes which aspect of cybersecurity?

• Confidentiality
• Integrity
• Availability (correct)
• Authentication

Which type of cyberattack involves taking small amounts of money to go unnoticed?

Salami Attack (C)

What is the main outcome of a Denial-of-Service (DoS) attack?

System inaccessibility (D)

What is the general term for malicious software?

Malware (B)

Which of these is a characteristic of grayware?

Negative impact on user experience (A)

What is unsolicited bulk email commonly known as?

SPAM (C)

What is the purpose of a firewall?

To filter network traffic (C)

Which action is an example of Risk Control Measures?

Designing and implementing controls (D)

Flashcards

Confidentiality

Restricting access to sensitive information or data to authorized individuals only.

Integrity

Guarding against improper modification or destruction of information or data.

Availability

Ensuring timely and reliable access to data, information, and resources for authorized users.

Salami Attack

A financial cyberattack where small amounts go unnoticed, but with a large number of cases.

DoS (Denial-of-Service) attack

Legitimate users are unable to access IT resources due to malicious cyber threat actor actions.

Malware

Broad umbrella term for malicious software, with malicious intent; includes viruses and spyware.

Botnets

Networks of compromised computers (bots) engaging in illegal activities, such as spam and malware distribution.

Extortion

Threatening to release sensitive information unless a ransom is paid, typically in cryptocurrency.

Zero-Access Encryption

A security principle that ensures data stored on a server is encrypted so that the server operators themselves cannot access the unencrypted data.

Risk Assessment

Analyzing identified risks to evaluate their severity and the likelihood of their occurrence.

Study Notes

Information/Cybersecurity

• Confidentiality restricts access to sensitive information or data to authorized individuals.
• Integrity guards against improper information modification or destruction.
• Availability ensures timely and reliable access to data, information, and resources for authorized users.

Attack Rules

• ISO 27000 covers any attempt to expose, alter, disable, destroy, steal, or gain unauthorized access to an asset.
• CNSS refers to any malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources.
• IETF defines system security assault from an intelligent threat as a deliberate attempt to evade security services and violate policy.

Specific Attack Types

• Salami Attack is a financial cyber attack involving small, unnoticed amounts of money taken from many cases, with victims unlikely to report.
• DoS (Denial-of-Service) attacks prevent legitimate users from accessing resources by flooding the target with traffic until it crashes.
• Malware is malicious software, including viruses and spyware, designed to steal data or user credentials.
• Grayware negatively impacts users' privacy, performance, or efficiency, often bundled with free software.
  • Adware aggressively displays advertisements after installation.
  • Scareware uses false alerts from anti-malware software.
  • Rooting Tools attempt to gain root privileges on devices.
  • Tracking/Spyware tracks activities and collects information without consent.
  • Remote Access Tools enable remote device administration.
    • Droppers install unwanted apps in the background without user's consent.
  • Hijackers change settings to reroute users, such as browser or network proxies.
• SPAM is unsolicited bulk email with financial, political, sexual, or ideological incentives, or advertising fraud.
• Botnets are networks of compromised computers engaging in illegal activities like distributing spam/malware, mining cryptocurrency, or launching DDoS attacks.
• Social Link Farming involves creating fake profiles with artificial followers.
• Ransomware involves:
  • Extortion by threatening to release sensitive information unless a ransom is paid, usually in cryptocurrency.
  • Encryption blocking the victim's access to critical information until ransom payment.
  • Double Extortion involves the attacker auctioning the victim's data in criminal underground markets to the highest bidder.
• Phishing attempts to get money, install malware, or obtain user credentials.

Managing Security of IoT Devices

• Ideal management is to block network access completely

• Strict Access Control should be used

• Regular software updates, changing default passwords, using WPA# encryption, and VPN are recommended

Digital Transformation of Crime

• Cybercrimes are enabled by readily available and often free tools.
• Many cybercrimes no longer need significant technical skills.

Advanced Persistent Threat (APT)

• APTs use advanced and complex strategies and techniques.
• APT actors are typically well-resourced.
• APTs maintain unauthorized network access for extended periods.

APTs, Cybercrime Organizations, and Intelligence Services Comparison

• Focus:
  • APTs focus on espionage and strategical data gathering.
  • Cybercrime Organizations focus on financial gain.
  • Intelligence Services focus on national security, surveillance, and "total information awareness."
• Affiliation:
  • APTs are often state-sponsored.
  • Cybercrime Organizations are independent.
  • Intelligence Services are government entities.
• Targets:
  • APTs target governments, corporations, and high-profile individuals; operate stealthily and are highly advanced.
  • Cybercrime Organizations target direct, oriented towards making money fast.
  • Intelligence Services operate covertly and are highly advanced.
• Examples:
  • APTs: APT28, APT41
  • Cybercrime Organizations: Revil, Conti
  • Intelligence Services: NSA, FSB

Hack-for-Hire

• It allows outsourcing of risky activities to avoid detection or legal penalties for individuals, companies, and governments.
• For governments this can enable payments beyond traditional government payroll.
• It uses hacking, phishing, and password recovery tactics.

Data brokers

• Data brokers obtain and sell user information to buyers.

Backdoors

• It bypasses authentication for unauthorized system access repeatedly without detection.
• It is found in cryptographic algorithms, OS, software, routers, or hardware-level chips.
• Crypto Wars is governments' attempt to weaken encryption due to national security concerns.

NDA Violations

• 70% of software professionals admit possibly violating NDAs to achieve goals.
• Ethical culture and reporting mechanisms are significant in limiting NDA violations.

Cookies

• Cookies are information stored on IT devices
  • First-party cookies are provided by the visited website
  • Third-party cookies are provided by services other than the website
  • Supercookies are purposefully difficult to remove

Cryptography

• Cryptography involves math to encrypt and decrypt
  • Public key (asymmetric) uses a pair of keys per party, with the public key for encryption and the private key for decryption.
  • Private key (symmetric) involves all communicating parties sharing the same secret key.
  • Zero-Access Encryption ensures server data is encrypted so server operators cannot access it.
• Hashing converts passwords into a string of characters with a hash function
  • "Salting" enhances security by adding a random "salt" string before hashing.
• Cryptographic Accelerator is hardware that speeds up encryption/decryption.
• Full-disk encryption secures data by encrypting the entire disk, requiring a password after shutdown or sleep.
• Signaling System No. 7 (SS7) is a global telephony signaling protocols used for calls, SMS, and other services.
• IMSI-Catchers are fake cell towers used by law enforcement, intelligence, and criminals.
• SIM Swap Attack involves attackers convincing providers to issue new SIM cards linked to victims' accounts.

Cybercrimes

• Doxing is the unauthorized release of personal information online to harass or harm the target.
• Sha Zhu Pan ("Pig-Butchering Scam") uses fraudulent dating tactics to trick victims into investing in fraudulent crypto websites.
• Acoustic Cryptanalysis analyzes sounds from devices like CPUs, hard drives, or keyboards like:
  • Timing Attacks measure time for cryptographic operations done remotely.
  • Power Analysis Attacks measures power consumption and requires physical access.
  • Electromagnetic Attacks capture electromagnetic emissions and needs specialized equipment.
  • Fault Injection Attacks induce errors to reveal information, requiring physical access.
• Firewalls filter network traffic between internal and external networks like the Internet.
• Device-based VPN encrypts internet traffic before it leaves the device.
• VPN Router encrypts traffic at the router level.
• Sanctions are law violation penalties and can be imposed on employees for violating cybersecurity policies.
• Cybersecurity Policies:
  • They are normative documents that require justifications.
  • They are communicative documents.
• Normative Documents outline what organizations should do regarding cybersecurity at corporate and employee levels.
• Communicative Documents aim to communicate cybersecurity norms successfully to employees.

CISO Duties

• Overseeing cybersecurity policy management includes:
  • Developing cybersecurity strategy and policies.
  • Updating and reviewing existing policies.
  • Participating in design, development, and deployment phases.
  • Developing standards, best practices and documenting processes.
• Management includes:
  • Managing day-to-day team operations, assigning tasks, coordinating with teams
  • Making trade-offs between cybersecurity and business objectives
• Cybersecurity Education:
  • Including SETA development and program maintenance.
• Maintain currency:
  • Includes threat awareness and understanding protection mechanisms.
• Vendors:
  • Collaborating with them, consultants and auditors.
• Recovery planning:
  • Developing, disseminating, and enforcing business continuity/disaster recovery plans.
  • Conducting simulations related to these plans.
• Investigation of cybersecurity breaches:
  • Includes IT forensics, investigation, overseeing legal issues, and interrogating suspects/witnesses.

Integration Steps

• Risk Identification uses abuse cases to highlight security breaches and undesirable actions.
• Risk Assessment analyzes risks to evaluate severity and likelihood to understand the potential impact.
• Risk Control Measures design and implement controls mitigating identified risks with developing countermeasures.
• Continuous Monitoring regularly reviews and updates risk assessments and control measures to adapt to new threats.