Understanding Cybersecurity Strategies

Questions and Answers

What do skimmers specifically target to steal?

Bank account passwords

Online login credentials

Credit card data (correct)

Personal identification numbers

Techno-criminals are known for their serious technical skills.

False

What technology do new skimmers use to send captured data?

Wireless technologies or text messages

Skimmers are typically placed on top of __________ machines to capture credit card information.

ATM

Match the following terms with their descriptions:

Techno-Criminals = Use technology to commit crimes Cyber-Criminals = Use computers or the internet for crime Skimmers = Devices for stealing credit card data PIN Cameras = Capture the user's PIN during transactions

Which type of data does ATP use to form their understanding of compromises?

News stories, data dumps from attackers, and reports from security researchers

Most compromised organizations report the details of their security breaches.

False

What is a major reason organizations choose not to report security incidents?

Fear of bad publicity

An ATP hacker prefers to use _____ methods when compromising targets.

stealthy

Match the following terms with their descriptions:

Empirical Data = Information derived from observation or experience ATP = Advanced Persistent Threat attacker Compromised organization = An organization whose security has been breached Stealthy methods = Techniques to avoid detection during an attack

What has contributed to an increase in organizations reporting compromises?

Improved detection capabilities

All compromises that are discovered are reported by the organizations.

False

Name one reason why the facts of a breach may not be fully uncovered.

Misleading information

What is the primary function of skimmers?

To steal credit card data

Techno-criminals are skilled in advanced computer technology.

False

What type of establishments commonly use skimmers to steal credit card data?

Restaurants, coffee shops, and retail establishments

ATM skimmers are typically placed in front of or on top of __________ for capturing data.

ATM machines

Match the following descriptions with the relevant terms:

Skimmer = Device that steals credit card data Techno-Criminals = Criminals using technology for crime ATM Skimmers = Skimmers specifically designed for ATMs PIN Capture = Use of cameras to capture user PINs

What is one reason organizations may choose not to report security incidents?

Fear of legal action

All compromises discovered by organizations are always reported.

False

Name two sources from which ATP compiles example data on breaches.

News stories, data dumps from attackers

ATP finds and uses __________ methods to compromise targets.

stealthy

Match each term related to compromises with its description:

Empirical Knowledge = Knowledge gained from real-world examples and data Undiscovered Compromises = Compromises that have not been detected Stealthy Methods = Techniques used to avoid detection during hacking Reporting Compromises = The act of disclosing security breaches to relevant parties

What is a significant challenge when analyzing breach data?

Incomplete information may lead to assumptions

Organizations today feel more compelled to report compromises due to increasing detection capabilities.

True

What motivates attackers to change their strategies and techniques?

To take advantage of new vulnerabilities and create new attacks.

What is the primary method used by skimmers to capture credit card information?

Physical swiping of cards

Techno-criminals possess serious technical skills to commit crimes.

False

Explain one common location where skimmers are used to steal credit card data.

Restaurants or coffee shops

ATM skimmers can send captured data through __________ technologies.

wireless

Match the following terms with their descriptions:

Skimmers = Devices that steal credit card data Techno-Criminals = Use technology to commit traditional crimes ATM Skimmers = Placed on ATM card slots to capture data Wireless Technologies = Used by skimmers to send stolen information

What is a significant reason many organizations choose not to report security breaches?

Fear of bad publicity

All compromises discovered by organizations are reported.

False

Why do attackers change their strategies and techniques?

To take advantage of new vulnerabilities and create new attacks.

ATP prefers to use __________ methods when compromising targets.

stealthy

Match the following types of data with their sources:

News stories = Examples of breaches reported in media Data dumps = Information collected by attackers Security researchers = Experts compiling data on breaches Talented organizations = Groups assessing security incidents

Which of the following is a common misconception about compromised organizations?

They often report all breaches

ATP will leave artifacts on compromised systems if it is necessary.

True

Name one limitation organizations face regarding reporting breaches.

Not all compromises are discovered.

Study Notes

Understanding the Big Picture

• Organizations need to understand how their environment has been compromised through empirical knowledge.
• This knowledge is crucial to develop effective security strategies.

Sources of Empirical Data

• News stories provide insights into real-world breaches.
• Data dumps from attackers offer valuable insights into attacker methodologies.
• Reports from security researchers and organizations compile and analyze breach data.

Challenges with Data Availability

• Many compromises are unreported due to various factors, including fear of negative publicity and legal repercussions.
• Discovering all compromises can be difficult, and not all discovered compromises are reported.
• The extent of a compromise may not be fully uncovered, and some reported facts can be misleading or inaccurate.

The Problem of Stealthy Attackers

• Advanced Persistent Threats (APTs) often employ stealthy methods to compromise targets.
• Attackers avoid leaving traces on compromised systems unless necessary for maintaining access.

Reporting Compromises & Evolving Threats

• Organizations are increasingly reporting compromises due to the rising frequency of attacks and the development of better detection capabilities.
• Attackers constantly adapt their techniques to exploit new vulnerabilities and create innovative attacks.
• Defenders counter these attacks by developing new defensive technologies.

Techno-Criminals vs Cyber-Criminals

• Techno-criminals use technology to commit traditional crimes, while cyber-criminals exploit computers and the internet.

Skimmers: A Case Study

• Skimmers are physical devices designed to steal credit card data by swiping cards and storing the data internally.
• Skimmers are commonly used in restaurants, coffee shops, and other retail outlets.
• ATM skimmers have become increasingly popular, typically placed on top of ATM machines.
• Modern skimmers can transmit captured data wirelessly, often incorporating tiny cameras to record PINs.
• The components for building skimmers are readily available online and in the criminal underground.

Empirical Data

• Understanding the “Big Picture” is crucial for organizations to analyze how they are compromised, especially regarding the understanding of the “why” rather than just the “how”.
• This chapter offers a few concrete examples to illustrate the reality of hacking and counter-hacking, along with assumptions about how these events unfolded.
• The data is compiled from real-world sources, such as:
  • News reports
  • Data leaks from attackers
  • Information shared by cybersecurity researchers and organizations
• There are several hurdles in obtaining accurate data:
  • Many incidents are undetected, unreported, or reported with limited information.
  • Some facts about compromises might be inaccurate or misleading.

The Problem with Our Data Set

• Advanced Persistent Threats (APTs) primarily prioritize stealth while compromising organizations, leaving few traces behind unless absolutely necessary for maintaining access to target systems.
• Many organizations choose not to report compromises due to factors like fear of:
  • Negative publicity
  • Loss of customer confidence
  • Potential legal ramifications
• This pattern is shifting:
  • The increasing frequency of attacks is encouraging organizations to report incidents.
  • A greater ability to detect breaches is also prompting more reporting.
• The strategies and techniques employed by attackers are consistently evolving.
• They capitalize on newly discovered vulnerabilities and create innovative attack methods.
  • Defenders in turn develop new defensive measures to counteract these attacks.

Techno-Criminals and Skimmers

• A distinction is made between "techno-criminals" and "cyber-criminals".
  • Techno-criminals use technology as a tool to commit traditional crimes.
  • Cyber-criminals utilize computers and the internet as the primary tools for their criminal activities.
• Skimmers are physical devices that capture credit card data.
  • Designed to be physically attached to credit card readers and store card information.
  • Commonly found in places like restaurants, coffee shops, and retail establishments.
• Recent developments:
  • Skimmers are now found in ATMs, often placed over the card slot.
  • New skimmers can transmit stolen data through text messages or other wireless channels.
  • Many skimmers come equipped with tiny cameras to capture user PINs.
  • These tools are easily accessible for purchase on the internet and through criminal networks.

Evolution of Skimmers

• ATM skimmers are now commonly seen, and their design has evolved.
  • Often found placed on top of or in front of ATM card slots.
  • New skimmers can transmit data via text messages or wireless technologies.
  • Many skimmers include mini-cameras to capture PIN data.
  • These sophisticated tools are readily available for purchase online and through criminal networks.

Understanding Compromises with Empirical Data

• The text argues that organizations need to understand the "big picture" of how their environment may be compromised.
• The text uses anecdotal evidence and real-world examples to highlight the challenges of understanding cyber attacks.
• Examples for data come from various sources like news reports, data dumps from attackers, and security researchers.

Imperfect and Limited Data

• There are numerous challenges to collecting and analyzing data related to cyberattacks:
  • Many compromises aren't reported.
  • Even if discovered, compromises aren't always reported.
  • Full details or correct information aren't always available for every compromise.

Attacker Tactics

• Adversaries often use stealthy methods to maintain access without leaving behind traces on compromised systems.
• Organizations may be hesitant to report compromises due to concerns about reputation damage, legal consequences, and financial losses.
• The report states that attackers use a "constantly changing" set of strategies and techniques to exploit new weaknesses and create new attacks.

Techno-Criminals vs. Cyber-Criminals

• A distinction is made between techno-criminals and cyber-criminals, with techno-criminals relying on technology to enhance traditional crime, while cyber-criminals use computers or the internet for criminal activities.

Emergence of Skimmers

• Physical devices called skimmers are used to steal credit card data by capturing and storing data during a card swipe at retail locations.
• Advanced skimmers can transmit captured data via wireless technologies, with some even equipped with small cameras to capture user PIN data.
• Skimmers are easily accessible through online marketplaces and criminal underground channels.

Description

This quiz explores the importance of empirical knowledge in understanding organizational security compromises. It discusses various sources of empirical data, challenges faced with data availability, and the stealthy tactics used by Advanced Persistent Threats (APTs). Equip yourself with the insights needed to develop effective security strategies.