Introduction to basic Cybersecurity concepts

Questions and Answers

Which of the following is the MOST accurate definition of cybersecurity?

• The use of antivirus software to prevent computer viruses.
• Protecting individuals and organizations from physical harm.
• Creating strong passwords and changing them frequently.
• The ongoing effort to protect individuals, organizations, and governments from digital attacks. (correct)

An individual's offline identity is solely based on their social media presence.

False (B)

Which of the following pieces of information is considered personal data?

• Favorite sports team.
• Usual commute route.
• Preferred brand of coffee.
• Social Security number. (correct)

When visiting a doctor, personal information related to your physical and mental health is added to your ______.

EHRs

Why are store loyalty cards a potential risk to your personal data?

They can be used to track your purchasing behavior and target you with special offers. (A)

If you don't have any social media accounts, you don't have an online identity.

False (B)

According to the @Apollo content, what is the primary motivation for hackers seeking personal data?

money

What is 'medical theft' as described in the context of cybersecurity?

Stealing medical insurance to use the benefits for oneself. (B)

Match the following entities with what they do with your data:

Internet Service Provider (ISP) = Tracks your online activity and may sell the data to advertisers Advertisers = Monitor online activities to send targeted ads Search engines and social media platforms = Gather information and sell it to advertisers Websites you visit = Use cookies to track your activities

Which of the following is an example of 'traditional data' for an organization?

Transactional data related to buying and selling. (A)

Intellectual property, such as patents and trademarks, is not considered a valuable asset for an organization.

False (B)

The McCumber Cube is a model framework that helps organizations establish and evaluate ______ initiatives.

information security

According to the McCumber Cube, what does 'confidentiality' refer to?

Preventing sensitive information from being disclosed to unauthorized entities. (C)

The term 'data in transit' refers to data stored on a permanent storage device.

False (B)

A company has an incident response plan and best practice guidelines for security. According to the McCumber Cube, which security measure is in place?

Policy and procedure. (C)

A fraudulent email attempting to steal sensitive information is an example of ______.

phishing

A security consultant discovered a cloud cluster was misconfigured, exposing data. What type of breach is this?

Data Leak (D)

A Distributed Denial of Service (DDoS) attack occurs when a single device floods a targeted system with malicious requests.

False (B)

What is a potential long-term impact of a security breach on an organization?

Reputational damage that takes years to repair. (A)

Match each security breach consequence with its description:

Vandalism = Posting untrue information on an organization's website Theft = Stealing sensitive personal data Loss of revenue = Preventing organization from doing business online Damaged intellectual property = Getting hands on confidential documents

The term 'script kiddies' refers to amateur hackers who use ______ found on the Internet to launch attacks.

existing tools

What is the primary difference between a white hat hacker and a black hat hacker?

White hat hackers have permission to break into systems for improvement; black hat hackers exploit vulnerabilities for illegal gain. (D)

Cyber-attacks can only originate from outside an organization.

False (B)

What is MOST likely the goal of cyberwarfare?

To gain advantage over adversaries, whether they are nations or competitors. (B)

The use of information and communication technologies to take competitive advantages over an opponent is referred to as ______.

Information Warfare

Match the following terms with their descriptions:

Defensive Information Warfare = Defending against attacks on ICT assets Offensive Information Warfare = Involves attacks against ICT assets of an opponent

What is the primary goal of malware?

To steal data, bypass access controls, or cause harm to a system. (D)

Adware is primarily designed to steal sensitive information, such as passwords and credit card details.

False (B)

A ______ is a type of malware that uses 'scare' tactics to trick you into taking a specific action.

scareware

Which type of malware is designed to modify the operating system to create a backdoor for remote access?

Rootkit (A)

A Trojan horse replicates itself to spread from one computer to another.

False (B)

Of the following, which is the MOST common symptom to look for if a system has been infected with malware?

An increase in CPU usage, which slows down the device. (A)

[Blank] is the manipulation of people into performing actions or divulging confidential information.

Social engineering

An attacker calls an individual and lies to them to gain access to privileged data. Which type of social engineering attack is this?

Pretexting (D)

A Denial-of-Service (DoS) attack always requires a highly skilled attacker and is difficult to carry out.

False (B)

Match the following denial-of-service attacks with their descriptions:

Overwhelming Quantity of Traffic = Sending enormous amounts of data to a network Maliciously Formatted Packets = Sending packets containing errors to cause a device to crash DDoS Attacks = Using malware devices to flood resources

Which of the components are required for a botnet to be formed?

A group of bots connected through the Internet commanded by a malicious device (D)

A man-in-the-middleware attack, where a user's mobile device is targeted, is known as ______.

MitMo

Attackers use SEO to push malicious sites higher up the ranks of search results. What is this technique called?

SEO Poisoning (A)

The best response when a colleague asks for the private Wi-Fi password to check their phone is to provide it immediately.

False (B)

A hacker systematically tires every word in a dictionary or a list for a password attack. What type of password-attack is this?

Dictionary Attack (B)

Flashcards

What is Cybersecurity?

The ongoing effort to protect individuals, organizations, and governments from digital attacks.

What is Personal Data?

Any information that can be used to identify you, and it can exist both offline and online.

What is Offline Identity?

The real-life persona that you present on a daily basis; family and friends know details about your personal life.

What is Online Identity?

Who you are and how you present yourself to others online; the username or alias you use for your online accounts.

What is Transactional data?

Details relating to buying and selling, production activities, and basic organizational operations.

What is Intellectual property?

Patents, trademarks, and new product plans, which allows an organization to gain economic advantage over its competitors.

What is Financial data?

Income statements, balance sheets, and cash flow statements, which provide insight into the health of a company.

What is IoT?

A large network of physical objects (sensors, software, etc.) connected to the Internet with the ability to collect and share data.

What is Confidentiality?

A set of rules that prevents sensitive information from being disclosed to unauthorized people, resources, and processes.

What is Integrity?

Ensures that system information or processes are protected from intentional or accidental modification.

What is Availability?

Authorized users are able to access systems and data when and where needed, and those that do not meet established conditions, are not.

What is Awareness, training, and education?

Awareness, training, and education are the measures put in place by an organization to ensure that users are knowledgeable about potential security threats.

What is Technology?

Software- and hardware-based solutions to protect information systems such as Firewalls.

What is Policy and procedure?

Administrative controls that provide a foundation for how an organization implements information assurance, such as incident response plans.

What is a Security breach?

An incident that results in unauthorized access to data, applications, services, or devices, exposing private information.

What are Cyber Attackers?

Individuals or groups who attempt to exploit vulnerability for personal or financial gain.

What are Script kiddies?

Amateur or inexperienced hackers who use existing tools or instructions found on the Internet to launch attacks.

What is a White hat attacker?

They break into networks to identify weaknesses so that the security can be improved with permission.

What is a Gray hat attacker?

They find vulnerabilities and will only report their findings to the owners of a system if doing so coincides with their agenda.

What is a Black hat attacker?

They take advantage of any vulnerability for illegal personal, financial, or political gain.

Who are Organized hackers?

Organizations of cyber criminals, hacktivists, terrorists, and state-sponsored hackers.

What is Cyberwarfare?

It is the use of technology to penetrate and attack another nation's computer systems and networks.

What is a Malware?

Any code that can be used to steal data, bypass access controls, or cause harm to or compromise a system.

What is Spyware?

Monitors your online activity and can log every key you press on your keyboard, as well as capture almost any of your data.

What is Adware?

Automatically deliver advertisements to a user, most often on a web browser.

What is a Backdoor?

This type of malware is used to gain unauthorized access by bypassing the normal authentication procedures to access a system.

What is Ransomware?

Malware designed to hold a computer system or the data it contains captive until a payment is made.

What is Scareware?

A type of malware that uses 'scare' tactics to trick you into taking a specific action.

What is a Rootkit?

Malware designed to modify the operating system to create a backdoor.

What is a Virus?

A type of computer program that, when executed, replicates, and attaches itself to other executable files, such as a document.

What is a Trojan Horse?

Malware carries out malicious operations by masking its true intent.

What is a Worm?

A type of malware that replicates itself in order to spread from one computer to another.

What is Social Engineering?

Manipulation of people into performing actions or divulging confidential information.

What is Pretexting?

When an attacker calls an individual and lies to them in an attempt to gain access to privileged data.

What is Tailgating?

When an attacker quickly follows an authorized person into a secure, physical location.

What is Something for something (quid pro quo)?

When an attacker requests personal information from a person in exchange for something, like a free gift.

What is Denial-of-Service (DoS)?

A type of network attack that is relatively simple to carry out, even by an unskilled attacker, which results in some sort of interruption of network service.

What is Distributed DoS (DDoS)?

A DoS attack that originates from multiple, coordinated sources.

What is a Botnet?

A group of bots, connected through the Internet, that can be controlled by a malicious individual or group.

What is On-Path Attacks?

Used to intercept or modify communications between two devices, either to collect information from or to impersonate one of the devices.

What is Password Spraying?

This technique attempts to gain access to a system by 'spraying' a few commonly used passwords with many usernames.

What is SEO Poisoning?

Improving an organization's website so that it gains greater visibility in search engine results in malicious ways.

Study Notes

Introduction to Cybersecurity

• Cybersecurity protects individuals, organizations, and governments from digital attacks by protecting network systems and data from unauthorized use and harm.
• Three Levels of Protection; Personal, organizational, government.
• Personal Protection - Safeguarding identity, data, and computing devices on a personal level.
• Organizational Protection - Protecting reputation, data, and customers.
• Government Protection - Protecting national security, economic stability, and citizens' well-being as digital information protection becomes vital.

Protecting Personal Data

• Personal data is any information that can identify you and exists offline and online.
• Offline Identity - refers to daily life persona presented at home, school or work.
• Online Identity - refers to your representation of yourself to others online, including usernames, aliases, and social identity on online communities and website.
• Limit the amount of personal information revealed through your online identity.

Data Vulnerabilities

• Personal data includes name, social security number, driver's license, birth date/place, mother's maiden name, pictures, and messages exchanged with family/friends.
• Cybercriminals use sensitive information to impersonate individuals, intruding on privacy and causing reputational damage.

Medical Records

• Each doctor visit adds personal physical and mental health information to electronic records (EHRs), most saved online.
• Many fitness trackers' clinical data, like heart rate, blood pressure, and blood sugar, is stored and displayed via the cloud.

Education Records/Employment and Financial Records

• Educational records contain academic qualifications, contact information, attendance records, disciplinary reports, health/vaccination records, and special education records.
• Employment data, including past employment and performance reviews, is valuable to hackers.
• Financial records include income, expenditure, tax records, paychecks, credit card statements, credit rating, and bank account details.

Securing Information

• Safeguarding personal information and financial records properly prevents cybercriminals from using it for their gain.
• Sharing personal data requires security awareness, considering privacy and data protection laws applicable in specific countries.
• Store loyalty cards assist shops in building your profile of purchasing behavior to target special marketing offers to you.
• Wearable technologies collect clinical research data, patient health monitoring, and fitness/wellbeing tracking data.

Hackers

• Social media firms generate income by selling targeted advertising based on customer data, mined using algorithms/formulas.
• Cybercriminals pursue money, steal identities, and ruin lives.

Identity Theft

• Identity thieves often apply for credit cards, open bank accounts, rent an apartment, or take out loans using stolen identities.
• Medical theft arises from rising medical costs, with cybercriminals stealing insurance for personal benefit, causing medical procedures to be saved in victim's records.
• Private data theft helps cybercriminals access bank accounts, credit cards, social profiles, etc.; identity thieves file tax returns, collect refunds, take loans, and ruin credit.

Who Else Wants Your Data?

• Internet service providers (ISPs) track online activity for profit via advertisers. They are legally mandated to share user information with government surveillance agencies.
• Advertisers track online behavior, preferences, and send targeted ads.
• Search engines and social media platforms gather user information, such as geolocation, demographics, and ideologies, for sale to advertisers.
• Websites use cookies to track user activity, creating a data trail linked to online identities, shared with advertisers.

Organizational Data

• Safeguarding organizational data requires understanding its types.
• Two Primary Types of Organizational Data at eLearning company @Apollo; Traditional Data, IoT(Internet of Things) Data & Big Data

Traditional Data

• Generated and maintained by organizations involving; transactional, intellectual property and financial data.
• Transactional Data - Details relating to buying and selling, production activities and basic organizational operations.
• Intellectual Property - Patents, trademarks and new product plans, allowing market dominance; kept as trade secrets to avert potential disasters.
• Financial Data - Revenue and spending statements and cash flow statements that provides insight into organizational health.

The Internet of Things (IoT)

• IoT involves physical objects (sensors, software, etc.) connected to the Internet to collect and share data.
• Expanding storage via cloud and virtualization leads to IoT-driven data growth, creating "Big Data".

The McCumber Cube

• Founded by John McCumber in 1991 it helps establish information security initiatives by evaluating all related factors.
• Composed of three dimensions: foundational principles, information protection, and security measures.

Protecting Principles

• Confidentiality - prevents data disclosure to unauthorized entities via encryption, identity proofing, and two-factor authentication.
• Integrity - protects system data from manipulation, preventing both intentional and accidental modification.
• Availability - ensures authorized users can access systems and data when needed.

States Of Information Within The McCumber Cube

• Processing - data being used and updated.
• Storage - data stored in rest in memory or on a permanent storage device.
• Transmission - data travelling between information systems.

Security Measures To Protect Data Within The McCumber Cube

• Awareness, training, and education is implemented ensuring users are knowledgeable of security threats.
• Technology refers to the software and hardware solutions designed to protect information systems such as firewalls.
• Policy and procedure refers to the administrative controls that provide foundation for how an organization implements assurance.

Data Security Breaches

• In August 2020, Razer had a data breach of approximately 100,000 customers.
• Cloud cluster misconfiguration exposed Razer's infrastructure, leading to a data leak.
• Razer took >3 weeks to secure the cloud instance, granting cybercriminal access to customer info, usable for social engineering and fraud.
• The Persirai botnet targeted 1,000+ IP camera models in 2017 via open ports, to inject malware led to 122,000 hijacked cameras used for DDoS.

Data Breaches

• The Equifax breach involved attackers exploiting a web application, occurred in September 2017.
• Attackers gained access to the personal data of millions of customers.
• Equifax created a dedicated website for customers to determine if their personal datawas compromised, in response to the data breach.
• Cybercriminals created unauthorized websites with similar domains used to impersonate legitimacy, tricking customers into providing data.
• Consequences of a security breach include reputational damage, theft, loss of revenue, and damaged intellectual property.
• Cybercriminals are constantly finding new ways to attack, requiring cybersecurity professionals to quickly minimize impact.

Scenario 1 - Security Breaches

• A well-known global hotel chain reported a breach that exposed over 3 million guests' personal information through employee login details.
• Hackers gained access to the hotel's customer database.
• The hotel did not believe the hackers were able to access account passwords.
• Guests were encouraged to check the hotel's web portal impact.

Scenario 2

• A popular online training platform left exposed millions of students (many of them minors) personal data on a publicly accessible cloud database.
• Hackers were able to access student names, email addresses, phone numbers, and school enrollment details via the internet.

Cyber Attackers

• Cyber attackers' main goal is to exploit vulnerabilities for personal or financial gain, targeting everything from designs to credit cards.
• They are often categorized as white, grey, or black hat attackers.

Hacker Types

• Amateurs (script kiddies) - use existing tools/instructions, may cause devastating attacks.
• White hat hackers - break into systems to find weaknesses to improve, with owner approval /results reported back to the owner.
• Gray hat hackers - find vulnerabilities, report based on agenda, share publicly for exploitation.
• Black hat hackers - exploit vulnerabilities for illegal gain.

Organizational Hacker Groupings

• Organized hackers include cybercriminals, hacktivists, terrorists, and state-sponsored hackers.
• They normally provide cybercrime as a service.
• Hacktivists - Make political statements about issues.
• State-sponsored attackers - gather intelligence with specific goals beneficial to their government.

Cyber Attack Origins

• Cyber-attacks can originate internally or externally.
• Internal attacks involve mishandling confidential data and facilitating external attacks.

Cyberwarfare

• Cyberwarfare is the utilization of technology by a nation to penetrate and attack the computer systems/networks of another nation.
• Goal is to disrupting services like; shutting down power grids.

The Purpose Of Cyberwarfare

• The main reason for resorting to cyberwarfare is to gain advantage over other nations or competitors.
• To steal defense secrets and help narrow technology gaps, and leverage compromise sensitive data to blackmail personnel. Disrupt a nation's infrastructure, causing disruption and havoc by shutting down a power grid.

Types Of Malware

• Viruses, Trojans and Worms.
• Virus - replicates, attaching to executable files requiring end-user interaction.
• Trojans - masks as its true intent, often found in image/audio files or games, exploiting user privileges without self-replication.
• Worms - replicate to spread, exploiting vulnerabilities, and causing damage without a host program.

Types Of Other Malware

• Spyware - monitors online activity and logs keystrokes/data by modifying security settings.
• Adware - delivers ads, often from bundled software, often coupled with spyware.
• Backdoor - bypasses authentication for remote access and command execution.
• Ransomware - holds systems/data captive until payment by encrypting data.
• Scareware - deceives users with 'scare' tactics for specific actions to infect with malware. Rootkit - modifies the operating system to create a backdoor via exploiting vulnerabilities.

Malware Symtoms

• Increased CPU usage, computer freezing/crashing, decreased browsing speed, network connection issues, unknown files, turning off/reconfiguring, and unauthorized emails.

Social Engineering

• Social Engineering - is defined as manipulating people into divulging confidential information or performing certain tasks.
• Attacks; pretexting, tailgating, or quid pro quo.
• Pretexting - when an attacker calls an individual and lies to them in an attempt to gain access to privileged data or persona/financial data.

Denial of Service

• Denial-of-Service (DoS) attacks interrupt network services by overwhelming a server with traffic or sending malicious packets.
• Overwhelming quantity of traffic occurs when a network, host or application is sent an enormous amount of data.
• Maliciously formatted packets may be exploited by forwarding packets containing errors or improperly formatted packets.

Distributed Denial of Service

• DDoS - is similar to a DoS attack but is distributed from multiple and coordinated attacks
• A botnet is build of infected hosts called zombies which is used as handler systems.
• Infected Hosts will constant scan and infect more hosts. Hacker will instruct the bots to make DDoS attacks.

Botnets

• Botnets is a group of bots, connected through the Internet, that can be controlled by a command-and-control server, tens and thousands/hundreds of thousands of bots are involved.
• Activated to distribute malware via DDoS, spam email, launch brute-force pw attacks.

On-Path Attacks

• On-path attackers is defined as attacks that intercept or modify communications between two devices to obtain or impersonate data.
• These attacks can be called the man-in-the-middle or man-in-the-mobile attack.
• A MitM attack is when a cybercriminal take control of a device without the user knowing.
• A MitMo is a type of attacks used to take control over a user's mobile device, one example of this is Zeus.

SEO Poisoning

• Goal is to increase traffic to malicious sites.
• SEO Poisoning defined- Search engines which are manipulated to present malicious results to users.
• Many legitimate companies optimize website positions, attacks use popular terms via SEO to promote dangerous sites.

Password Attacks

• Security Attacks to Usernames and Passwords, including password spraying, dictionary attacks, brute-force attacks, rainbow attacks, traffic interception.
• Password Spraying is a technique to gain access to a system via spreading a few commonly used passwords across accounts, remains undetected.
• Dictionary Attacks- every word is tried in a hackers dictionary systemically to break into accounts.
• Brute-Force Attacks- Every letter, number/symbol combination is used in the password space to access protected sites. Pass Rainbow Attacks-Precomputed password hashes compares ones stord to rainbow tables.

Cracking Time

• Strong passwords often require hackers to try everything available to crack a WiFi Password.
• Advanced Persistent Threats a APT is characterized as multi-phase, long-term, costly and highly stealth operations.
• Complex and require the high skill set needed to carry out the attack, an APT is commonly carried out by well funded business or political leaders.

Security and Exploit Vulnerability

• It's Over to You - Hackers deploy a wide assortment of tools.

The Definition Of Security

• Security vulnerabilities are kinds of hardware and software problems, and A program is written to exploit, and An attack is aimed at an aim.

Hardware and Software Vulnerabilities

• Hardware are often the result of hardware design flaws.
• The security measures for software's updates are usually added by errors in the operating system or application code.
• Software and Hardware can be found in; systems, applications, browsers, mobile apps, web servers which organizations produce too to finding and patching. Software and Hardware can be found in; systems, applications, browsers, mobile apps, web servers which organizations produce too to finding and patching.

Types Of Validated Code

• Code including non-validated input, race conditions, weakness in securities and access controls problems.
• Buffer Overflow and data corruption are some additional security vulnerabilities.

Software Updates

• Updates that need to be performed often come from Microsoft, Apple, and other operation system producers who release patches almost every day.
• There also is a rise in applications such as web browsers and mobile apps and web servers are are usually updated by companies.
• Software bugs can cause high risk and high alert in security systems.

The Cybersecurity Landscape

• Cryptocurrency involves; Crypto jacking (emerging threat), digital money, encryption techniques, and Banks/governments.