Introduction to Cybersecurity

Questions and Answers

According to a quote presented, what is the only truly secure system configuration?

• Connected to a network with multiple firewalls.
• Protected by AI-driven security software.
• Regularly updated with the latest security patches.
• Switched off, unplugged, and heavily guarded. (correct)

According to the SANS Institute, which of the following is a top vector for vulnerabilities available to cyber criminals?

• Outdated Operating Systems
• Unencrypted Hard Drives
• Web Applications (correct)
• Weak Physical Security

What does the term 'Cybersecurity' primarily refer to?

• Methods for marketing products online.
• Software that speeds up network performance.
• Technologies that recover lost data.
• Practices to protect digital data from attack. (correct)

By which year is the global cybersecurity workforce shortage projected to reach 1.8 million unfilled positions?

2022 (D)

In the context of cybersecurity, what represents 'safety'?

Practicing behaviors that protect against tech threats. (A)

Which of the following is NOT directly represented as a Cybersecurity Domain?

Culinary Arts (A)

What does the acronym CIA stand for in the context of cybersecurity?

Confidentiality, Integrity, Availability (D)

Which concept from the CIA Triad is violated when customer information is stolen?

Confidentiality (B)

Which element of the CIA Triad is directly compromised when payroll data is altered by an unauthorized user?

Integrity (D)

If customers are unable to access an online service, which principle of the CIA Triad is being affected?

Availability (D)

In cybersecurity, what is considered a 'threat'?

Circumstances that could harm a system. (C)

What constitutes a 'vulnerability' in the context of cybersecurity?

A weakness that can be exploited. (D)

Which of the following is a type of threat?

Phishing (C)

What is the primary purpose of phishing?

To steal sensitive information. (B)

What is spear phishing?

A phishing attempt that targets a specific individual. (D)

What is 'whaling' in the context of phishing attacks?

Phishing attempts that specifically target high-profile individuals. (D)

According to Verizon's DBIR 2020, what is the biggest cyber threat for Small-to-Medium Businesses (SMBs)?

Phishing attacks. (D)

What percentage of untrained users fail phishing tests, according to KnowBe4?

37.9% (B)

Roughly how often does a new phishing site launch?

Every 20 seconds. (B)

What percentage of malware is delivered via email?

94% (A)

What is Social Engineering?

Manipulating individuals to divulge confidential information. (C)

Which of the following is NOT a common method for social engineering attacks?

Via direct integration with computer hardware. (B)

What is malware?

Malicious software. (C)

Which of the following are subgroups of malware?

Viruses, Worms, and Trojan horses. (C)

How does a computer virus typically spread?

By replicating itself and infecting other computers. (A)

What does 'Direct Infection' refer to in the context of computer viruses?

Infecting files when a user opens a specific infected file. (B)

What is a Logic Bomb?

Malicious code that detonates when certain conditions are met. (B)

What is the disguised nature of a 'Trojan horse'?

It appears as a useful or legitimate file. (A)

Which of the following is a key characteristic that differentiates Trojan horses from other types of malware?

They usually run only once and then are done functioning. (C)

How does a Worm typically propagate?

By replicating itself and dispersing throughout a network. (A)

What is a common method used by Email Worms to propagate?

By copying itself into email attachments and address books. (C)

What is the primary characteristic of an Internet Worm?

It scans for open internet ports to download itself. (B)

What is a 'botnet'?

A network of compromised computers used to launch attacks. (B)

Which activities are commonly launched using botnets?

DDoS attacks, phishing, and spamming. (B)

What is the primary function of adware?

To display advertisements. (C)

How does spyware typically affect a computer's performance?

By clogging up the computer, causing it to slow down. (D)

What is the purpose of an Exploit Kit?

To facilitate the exploitation of vulnerabilities. (B)

Which of the following is NOT a method of stealing information for identity theft?

Data encryption. (C)

High Tech Identity theft is NOT typically accomplished by

Snagging (C)

A Denial of Service (DoS) attack can best be defined as:

Preventing legitimate users from accessing a system. (A)

What is the primary action taken by ransomware after it infects a system?

It encrypts files and demands a ransom for decryption. (B)

Why do RDP or Virtual Desktop endpoints without MFA (Multi-Factor Authentication) represent a top ransomware vulnerability?

They allow attackers to bypass security measures with stolen credentials. (A)

Given what you know about cyber security threats, what is the most effective measure you can take to prevent being infected by ransomware?

Create Weapons-Grade Data Backups (B)

Flashcards

Cyber Security

Protecting networks, devices, programs, and data from attack, damage, or unauthorized access.

Confidentiality

Restricting access to authorized individuals.

Integrity

Ensuring data has not been altered in an unauthorized manner.

Availability

Ensuring information can be accessed and modified by authorized individuals in an appropriate timeframe.

Threats

Circumstances or events that can potentially harm an information system.

Vulnerabilities

Weaknesses in an information system or its components that could be exploited.

Phishing

Creating fake emails or SMS that appear to come from someone you trust to steal information

Spear Phishing

Phishing attack tailored to a specific victim or group of victims using personal details

Whaling

A specialized phishing type that targets a "big" victim within a company

Social Engineering

Tricking someone into giving out information rather than breaking into a computer.

Malware

Any kind of unwanted software that is installed on your computer without your consent.

Computer Virus

Infecting a carrier, relying on the carrier to spread around.

Logic Bomb

Programming code designed to execute when certain conditions are reached.

Trojan horse

A program designed to look like a useful or legitimate file.

Worm

Designed to replicate itself and disperse throughout the user's network.

Email Worm

Email worm goes into a user's contact/address book and chooses every user in that contact list

Botnet

Secretly takes over another networked computer by exploiting software flows

Adware

Type of malware designed to display advertisements in the user's software.

Spyware

it spies on the user to collect information off the user's computer to display pop ads on the user's computer

Ransomware

A type of malware that restricts your access to systems and files

Identity Theft

impersonate someone by private information

Denial of Service

Attackers flood a target site with phony requests, causing bandwidth saturation.

Study Notes

• Cyber security encompasses the technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access.
• $1 Trillion has been spent over the past 7 years on cybersecurity.
• The global cybersecurity workforce with a projected shortage of roughly 1.8 million unfilled positions by 2022.
• Cybersecurity costs are expected to rise up to $6 trillion by 2021.
• 46% Say they can't prevent attackers from breaking into internal networks each time it is attempted.
• 100% of CIOs believe a breach will occur through a successful phishing attack in the next 12 months.
• Enterprises have seen a 26% increase in security incidents despite increasing budgets by 9% year-over-year.
• Security involves protecting computers and data in the same way that homes are secured.
• Safety means behaving in ways that protect against technology-related risks and threats.

Thoughts from Gene Spafford

• The only truly secure system is one switched off, unplugged, locked in a titanium safe, buried in a concrete bunker, surrounded by nerve gas and highly paid armed guards.
• Absolute security is unattainable.
• Security efforts aim to build comfort levels, balancing costs and effectiveness.
• Comfort level reflects the effectiveness and limitations of security efforts.
• The accessibility afforded by the Internet means an attacker can work from anywhere.

Risks

• Identity theft
• Monetary theft
• Legal ramifications
• Sanctions/termination if policies not followed
• SANS Institute identifies top vulnerability vectors as web browsers, web applications, and excessive user rights.

Threats and Vulnerabilities

• Threats refer to any circumstances/events that can harm an information system.
• Vulnerabilities refer to weaknesses in an information system/its components that can be exploited.

CIA Triad and a Secure System

• Confidentiality: Restrict access to authorized individuals
• Integrity: Data has not been altered in an unauthorized manner
• Availability: Information can be accessed and modified by authorized individuals in an appropriate timeframe

Types of Threats

• Phishing and spear-phishing attacks
• Social engineering scams
• Common malware and ransomware
• Business email compromise
• Fake websites that steal data or infect devices
• Much more

Phishing

• Phishing involves creating fake emails/SMS messages that appear to come from a trusted source.
• Phishing attempts ask recipients to confirm account details or vendor details, directing them to a fake website designed to steal information.
• Cybercriminals can use entered information to steal identities and make fraudulent purchases.
• Statistic: In Verizon DBIR 2020, 30% of SMB breaches are phishing.
• Statistic: KnowBe4 reports 37.9% of untrained users fail phishing tests.
• Statistic: 84% of SMBs are targeted by phishing attacks.
• A new phishing site launches every 20 seconds.
• 74% of all phishing websites use HTTPS.
• 94% of malware is delivered via email.
• Mass-scale phishing attacks cast a wide net.
• Spear phishing attacks are tailored to a specific victim or group.
• Whaling is spear phishing that targets "big" company victims.

Social Engineering

• Involves tricking individuals into giving out sensitive information.
• Can occur over the phone, via text message, in instant messages, or through email.

Malware

• Malware is "malicious software" installed without consent on computers and digital devices.
• Viruses, worms, Trojan horses, bombs, spyware, adware, and ransomware are subtypes of malware.

Viruses

• A virus infects a carrier, relying on the carrier to spread.
• A computer virus is a program that replicates itself and spreads from computer to computer.
• Direct infection viruses infect files every time an infected program is opened.
• Fast infections infect any file accessed by the program.
• Slow infections infect new or modified programs / documents.
• Sparse infections randomly infect files on the computer.
• RAM-resident infections bury themselves in the computer's RAM.

Bombs

• Logic bombs involve programming code designed to execute or explode when a certain condition.
• Logic bombs activate when a certain time is reached or a program fails to execute; most common in the financial/business world.

Trojans

• Trojan horses are programs/software that appear as useful or legitimate files.
• Trojans steal information or delete data once installed and opened.
• Trojans run once and then are done functioning.
• Some create back-door effects.
• Another distribution method of Trojans is by infecting a server that hosts websites.
• The downfall of Trojans very reliant on the user

Worms

• Worms are more dangerous than viruses that replicate and disperse throughout a user's network.
• Worms and viruses get interchanged commonly in the media.
• Email worms go into a user's contact/address book and choose every user in that contact list.
• Example of Email Worm I LOVE YOU WORM
• Internet Worms are designed to be conspicuous to the user.
• The worms scan the computer for open internet ports that the worm can download itself into the computer.

Zombie & Botnet

• Secretly takes over another networked computer by exploiting software flows
• Builds the compromised computers into a zombie network or botnet
• a collection of compromised machines running programs, usually referred to as worms, Trojan horses, or backdoors, under a common command and control infrastructure.
• Uses it to indirectly launch attacks
• E.g., DDoS, phishing, spamming, cracking

Adware and Spyware

• Adware displays advertisements in the user's software, gathering information on what the user searches the World Wide Web for.
• With this gathered information it displays ads corresponding to information collected.
• Spyware spies on the user to see what information it can collect off the user's computer to display pop ads on the user's computer.
• Spyware likes to use memory from programs running in the background of the computer to keep close watch on the user.
• Spyware clogs up the computer causing the program or computer to slow down and become un-functional.

Exploit Kits

• Compromised website or malicious advertisement is used to direct traffic and exploit the machine.

Identity Theft

• Impersonation by private information
• Thieves can 'become' the victim
• Impersonation by private information
• Reported incidents are rising
• The report has methods of stealing information: Should surfing, snagging, Dumpster diving, Social engineering, and High-tech methods.

Threats to Identity Theft

• Loss of privacy
• Personal information stored electronically
• Purchases stored in a database
• Data is sold to other companies
• Public records on the Internet
• Internet use is monitored and logged

Denial of Service Attack

• Denial of Service attacks occur when an attacker uses a network of hijacked computers to flood a target site with fake server requests.
• Which leads to leaving no bandwidth for legitimate traffic.

Ransomware

• Ransomware is a type of malware that restricts access to systems and files, typically by encryption.
• The attacker demands a ransom to restore access.
• Systems are often infected by opening a link in a malicious email.
• Weapons-Grade Data Backups important
• Religious Patch Management
• Plan to Fail Well (Incident Response Plan), Know who to call!
• Training and Testing Your People helps
• Don't Open that Email Link/Attachment