Introduction to Cyber Security

Questions and Answers

What is the primary intent of cyber criminals when targeting computer systems?

To improve user experience

To enhance network security

To invade privacy (correct)

To provide technical support

Which of the following is NOT classified as malware?

Trojan

Ransomware

Spyware

Phishing (correct)

What characterizes a phishing attack?

Injection of malicious SQL code

False communications to acquire personal information (correct)

Installation of unwanted programs

Use of remote-controlled malware-infected devices

What type of cyber threat involves politically motivated attacks aimed at social disruption?

Cyberterrorism

How does an SQL injection attack operate?

By inserting malicious code into SQL statements

Which type of malware automatically generates unwanted online advertisements?

Adware

What is a defining feature of a botnet attack?

Utilizes a network of infected devices

Which type of cyber crime includes computer-assisted crimes and incidental crimes?

Cybercrime

What is the main goal of spear phishing attacks?

To steal login credentials of a specific individual

Which type of cyber attack involves pretending to be a trusted person over the phone?

Vishing

What does a pharming attack typically involve?

Installing malicious code to redirect users to a fake website

What defines a whaling attack in the context of phishing?

Attacking senior executives for sensitive information

In what way does a man-in-the-middle (MITM) attack typically occur?

By intercepting transactions during online interactions

Which of the following tactics is often used in social engineering attacks?

Pressuring individuals psychologically to reveal information

What is the primary method used in smishing attacks?

Text messages or SMS to trick users into giving data

What common factor contributes to the success of many phishing attacks?

All of the above

What is the primary motivation for criminal hacker groups?

Economic benefit

Which type of hacker is known for targeting organizations with various attack techniques for personal or financial gain?

Black Hat hacker

What does hacktivism primarily focus on?

Social or political motives

How should users ensure their passwords are secure?

Do not be lethargic with your passwords

What is one of the main roles of malicious insiders in cybersecurity threats?

To steal information or damage systems

What is a common technique used by hackers to gather sensitive information?

Phishing

What is the role of white hat hackers?

To test system vulnerabilities for organizations

Which security technology can help keep your internet connection private?

VPN usage

Study Notes

University of Wollongong in Dubai

• The University of Wollongong is located in Dubai.

Learning Objectives

• Define Cyber Security
• Importance of Cyber Security
• Nature of Cyber Attacks
• Different types of attacks, Cyber Threats
• Common Sources of Cyber Threats
• Prevention of cyber attacks
• Attacks repair and Detection Techniques

Cyber Security

• Cybersecurity is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks
• Also known as information technology security or electronic information security
• The term "cybersecurity" applies in a variety of contexts, from business to mobile computing, and can be divided into a few common categories

Types of Cyber Security

• Network security is the practice of securing a computer network from intruders, whether targeted attackers or opportunistic malware
• Application security focuses on keeping software and devices free of threats
• Information security protects the integrity and privacy of data, both in storage and in transit
• Operational security includes the processes and decisions for handling and protecting data assets
• Disaster recovery and business continuity define how an organization responds to a cyber-security incident or any other event that causes the loss of operations or data

Why is Cybersecurity Important?

• In today's digital world, one cannot ignore cybersecurity
• One single security breach can lead to exposing the personal information of millions of people
• These breaches have a strong financial impact on the companies and also loss of the trust of customers
• Cyber security is very essential to protect businesses and individuals from spammers and cyber criminals
• According to Cybercrime Magazine, cybercrime will cost the world $10.5 trillion annually by 2025!
• Global cybercrime costs are predicted to rise by almost 15 percent yearly over the next four years
• Concepts like the pandemic, cryptocurrency, and the rise in remote working are creating a target-rich environment for criminals

Cyber Threats

• Cybercrime is defined as any unauthorized activity involving a computer, device, or network
• Cyber criminals typically target systems for three reasons:
  • To invade privacy
  • To compromise the trustworthiness of data
  • To deny access to information
• In some threats (like computer-assisted crimes), the computer itself is a target, while in others, the computer is incidental
• Common Cyber Threats include:
  • Cyberterrorism
  • Malware (ransomware, spyware, viruses, worms)
  • Botnets
  • Adware
  • SQL injection
  • Phishing
  • Man-in-the-middle attack
  • Denial of Service
  • Social Engineering Based Attacks

Other Cyber Threats

• Cyberterrorism: politically-based attacks on computers and information technology to harm and disrupt society
• Malware: encompasses harmful software, including ransomware, spyware, viruses, and worms
• Trojan: tricks users into downloading a harmless file, but then allows access to cybercriminals
• Botnets: large-scale cyberattacks conducted via remotely controlled malware-infected devices
• Adware: a form of malware that displays unwanted advertisements
• SQL injection: a code injection technique inserted into SQL-using servers
• Spear phishing: targeting specific individuals in an organization to steal credentials; attackers gather information beforehand
• Vishing: voice phishing - someone uses the phone to steal information
• Email phishing: attackers send emails that appear legitimate to trick recipients into entering information
• Pharming: malicious code installs on a computer and redirects the victim to a fake website
• Evil twin attack: hacker sets up a false Wi-Fi network to capture sensitive data
• Watering hole phishing: a hacker identifies a frequented site to infect visitor computers
• Whaling attack: phishing attack targeting senior executives
• Social engineering attacks: manipulating individuals psychologically to reveal sensitive information
• Smishing: phishing via text messages

Common Sources of Cyber Threats

• Nation states
• Terrorist organizations
• Criminal groups
• Hackers/Hacktivists
• Malicious Insiders

Further information on Cyber Threats

• Nation states: hostile countries that conduct cyberattacks to interfere in communications, cause disorder, and inflict damage
• Terrorist organizations: abuse critical infrastructure, threaten national security, disrupt economies, and cause harm
• Criminal groups: organized hackers who break into systems for economic gain, using methods like phishing, spam, spyware, and malware to extort, steal information, or carry out online fraud
• Hackers/Hacktivists: individual hackers who target organizations for personal gain, revenge, or political reasons, often creating new threats and improving their standing
• Malicious Insiders: employees, suppliers, or partners who have legitimate access to company assets but abuse privileges to steal information or damage systems for personal or economic gain

Key Cybersecurity Technologies

• VPN connections for improved privacy
• Double-checking HTTPS on websites
• Removing adware from computers
• Disabling Bluetooth when not in use and avoiding public networks
• Investing in security upgrades
• Employing white hat hackers
• Password managers
• Multi-factor authentication
• Installing anti-virus software
• Secure devices via passwords/gestures/fingerprints
• Ensuring up-to-date software updates

Common Strategies for Cyber Attack Prevention

• Self-training
• Anti-malware and spam filter software
• Vulnerability assessments
• Routine penetration testing
• Ensuring up-to-date software and systems
• Managing Endpoint Protection
• Installing a Firewall
• Backing up data
• Controlling system access

Attacks repair and Detection Techniques

• Enhancing security features such as passwords, multi-factor authentication, and secure email gateways
• Maintaining a watchful spam email folder
• Update software regularly
• Create a culture of cyber security awareness
• Security awareness training for client organizations
• Act quickly and efficiently if a cyberattack is detected, implementing a data breach response plan
• Notify relevant parties (victims and authorities)
• Restore/replace data—potentially using an IT forensic team
• Adapt to prevent future attacks; identifying vulnerabilities, seeking training, evaluating software updates
• Locate source and actively block malicious activity

Attack Detection Techniques

• Intrusion Detection Systems (IDS)
• Intrusion Prevention Systems (IPS) which builds on the former by proactively preventing attacks
• Firewalls that scrutinize incoming and outgoing network traffic
• Security Information and Event Management (SIEM) for centralized monitoring
• Endpoint Detection and Response (EDR) solutions monitoring and responding to cyberattacks
• Advanced Detection such as anomaly detection
• Threat Intelligence by gathering data from various sources
• Security Assessment using penetration testing to identify and exploit vulnerabilities

References

• URLs provided in the slides are included for referencing

Description

This quiz dives into the fundamental aspects of cyber security, covering definitions, types of cyber attacks, and prevention techniques. Understand the importance of safeguarding digital assets against threats and learn about common sources of cyber threats. Explore different categories of cybersecurity to enhance your knowledge in this essential field.