Unit 2: Cybercrime

Questions and Answers

The most common type of access credential are the username and ______.

passwords

Compromised credentials refer to cases where user credentials are exposed to ______.

unauthorized entities

Usernames and passwords are examples of access ______.

credentials

The exposure of user credentials can lead to ______ breaches.

security

When credentials are compromised, they are vulnerable to ______ exploitation.

unauthorized

Recent malware attacks such as ______ highlight this threat.

Mirai

Malware attacks pose a significant security threat for both managed devices and ______ connected devices.

IoT

Keep an eye out for disgruntled ______

employees

Apps and protocols sending ______ credentials over your network pose a significant security threat.

login

______ connected devices are at risk from recent malware attacks.

IoT

Monitor data and network ______ for every device and user

access

The threat from malware is not limited to traditional devices, but also affects ______ devices.

IoT

This vigilance is necessary to ______ insider risk

expose

Disgruntled employees can pose a significant ______ to an organization

risk

Every ______ and user should be monitored to ensure security

device

In this section, we look at famous examples of different types of ______ attack used by cybercriminals.

cybercrime

Read on to understand what counts as ______.

cybercrime

Cybercriminals use various methods in their ______ attacks.

cybercrime

Famous examples help illustrate different types of ______ committed online.

cybercrime

Understanding cybercrime is crucial to develop effective ______ strategies.

defense

Human detection is when a user notices some unusual or suspect ______ during their normal occupations.

activity

Technical detection happens thanks to an automated analysis of all the data collected about the Information system and its ______.

activity

There are two main ways to detect a security ______: technical and human.

incident

Technical detection happens thanks to an automated analysis of data from servers, firewalls, proxies, and ______.

antivirus

The two main ways to detect security incidents are ______ and human.

technical

All equipment linked to the information systems of a company transmits data about their activity to a tool named ______.

SIEM

SIEM is considered the heart of ______ performance.

SOC

The full form of SIEM is Security Incident and Event ______.

Manager

Companies utilize SIEM to gather data about their ______.

activity

The function of a SOC relies on data transmitted by ______ to the SIEM.

equipment

Flashcards

Cybercrime examples

Illustrative cases of cyberattacks used by criminals.

Cybercrime

Illegitimate activities conducted using computer systems.

Cyberattacks

Actions aimed at disrupting or damaging computer systems.

Cybercriminals

Individuals engaged in illegal online activities.

Types of cybercrime

Various forms of online criminal behavior.

Compromised Credentials

A situation where user login information (like usernames and passwords) is accessed by someone who shouldn't have that access.

User Credentials

Usernames and passwords used to access accounts.

Unauthorized Entities

People or systems who don't have permission to access something.

Access Credential

The information needed to get into something, like an account.

Most Common Access

Usernames and passwords are the most frequent way to log into an account.

Malware threats

Malicious software designed to harm or disrupt systems.

IoT devices

Internet-connected devices, often vulnerable to attacks.

Login credentials

Usernames and passwords used for accessing systems.

Network security threats

Risks to networks, sometimes related to login info.

Mirai malware

A type of malware targeting IoT devices.

Disgruntled Employee

A former or current employee who is unhappy with their job or company and may pose a security threat.

Insider Risk

The potential threat posed by individuals within an organization who have access to sensitive information or systems and may misuse them.

Data Access Monitoring

Continuously tracking and logging who accesses what data and when, to detect potential security breaches.

Network Access Monitoring

Monitoring and logging all network activity, including devices and users, to identify suspicious behavior.

Device Security

Implementing security measures on all devices used for work, including laptops, phones, and tablets, to protect against unauthorized access and data breaches.

Security Operations Center (SOC)

A team that monitors and responds to security threats in an organization's IT systems.

Technical Detection

Using automated tools and systems to analyze data and identify security incidents.

Human Detection

When an individual notices suspicious activity while working, indicating a possible security breach.

Data Sources for SOCs

SOCs gather data from various sources like servers, firewalls, proxies, and antivirus systems to detect security threats.

How SOCs Work

SOCs continuously analyze data, identify potential threats, and respond to security incidents to protect IT systems.

SIEM

A tool that collects and analyzes data from all equipment connected to a company's information systems to detect security threats. It's like a central security hub for the company.

SOC

Security Operations Center; a team responsible for monitoring and responding to security threats. They use tools like SIEM to protect the company's systems.

What does SIEM do?

SIEM gathers information from various equipment connected to a company's systems, analyzes that data for suspicious activity, and alerts the SOC team to potential threats.

Why is SIEM important?

SIEM helps quickly identify and respond to security incidents, allowing security teams to protect systems, minimize damage, and prevent future attacks.

What's the relationship between SIEM and SOC?

SIEM is a tool used by the SOC team. The SOC analyzes data gathered by SIEM to make informed decisions about responding to security threats.

Study Notes

Unit 2: Cybercrime

• Agenda
  • Cybercrime organization (2.1)
  • Main attack vectors (2.2)
  • Classification of cyber threats and cybercrimes (2.3)
  • Agencies for combating cybercrime (2.4)
  • SOC/CERT/CSIRT concept and major agencies (2.5)
• What is Cybercrime?
  • Criminal activity targeting or using computers, networks, or devices
  • Primarily for financial gain, but occasionally due to political or personal motives
  • Committed by organized individuals with advanced skills, or novice hackers
• Types of Cybercrime
  • Email and Internet fraud
  • Identity fraud (stealing and using personal information)
  • Theft of financial/card payment data
  • Theft and sale of corporate data
  • Cyber-extortion (demanding money to prevent attacks)
  • Ransomware attacks (a type of cyber-extortion)
  • Cryptojacking (mining cryptocurrency using resources not owned)
  • Cyber espionage (accessing government or company data)
• Cybercrime that targets computers
  • Involves viruses and malware
  • Used to damage devices, stop them from working, delete data
  • Denial-of-Service (DoS) attack (stops users using a machine or network, or prevents a business from providing a service to customers)
  • Can be used to spread malware, illegal information, or illegal images
• Distributed Denial-of-Service (DDoS) attack
  • Similar to a DoS but uses numerous compromised computers
• Malware Attacks:
  • Attack where a computer system or network is infected with malware
  • Used by cybercriminals for various purposes, including stealing data, carrying out other crimes, damaging data
  • WannaCry ransomware attack (2017)
    • Global cybercrime
    • Targeted a vulnerability in Microsoft Windows on 230,000 computers across 150 countries
    • Users were locked out of their files and demanded a Bitcoin ransom
    • Estimated to have caused $4 billion in financial losses
• Phishing
  • Spam emails or other communication to trick recipients
  • Objective is to perform actions that undermine security
  • Can contain infected attachments or malicious links to websites
  • Often used to obtain confidential information
• Main attack vectors
  • Attack surface: Sum of points on networks where unauthorized users can manipulate, extract data
  • Attack vectors: Methods used to breach the network, such as weak and default passwords, phishing, social engineering, etc.
• Security Breach
  • Any incident where sensitive data is accessed by unauthorized parties
  • Incidents include DDoS attacks, Bitcoin mining and others
  • Data breaches are most common but not all security incidents involve data theft.
• 8 Common Cyber Attack Vectors and How to Avoid:
  • Compromised Credentials:
    • Phishing attacks can expose user credentials
    • Stolen/lost credentials can allow intruders access
  • Weak and Stolen Credentials:
    • Weak passwords allow attacker access
    • Attackers can steal and exploit credentials
  • Malicious Insiders:
    • Unhappy employees can expose company information/exploit vulnerabilities
  • Missing / Poor Encryption:
    • Sensitive data is vulnerable without adequate encryption
  • Misconfiguration:
    • Default usernames & passwords, enabled setup pages may create vulnerabilities
    • Attackers can take advantage of these
  • Ransomware:
    • Users unable to access their data until a ransom is paid
  • Phishing:
    • Deception to gain sensitive user information
• Trust Relationships:
  • A trust relationship exists between two domains or users
  • A breach can allow attacker access
• SOC/CERT/CSIRT
  • SOC (Security Operations Center)
    • Manages security incidents
    • Tracks activity on a system and notifies CSIRT of abnormalities
    • Uses SIEM (security incident and event manager) Centralizes and correlates log data
  • CERT (Computer Emergency Response Team)
    • Responds to security incidents within an organization
  • CSIRT (Community Emergency Response Team)
    • Responds to security incidents within community.
• Cybercrime Classification (Additional note)
  • Detailed taxonomy of threats
  • Used for better threat identification and prevention