Podcast
Questions and Answers
The most common type of access credential are the username and ______.
The most common type of access credential are the username and ______.
passwords
Compromised credentials refer to cases where user credentials are exposed to ______.
Compromised credentials refer to cases where user credentials are exposed to ______.
unauthorized entities
Usernames and passwords are examples of access ______.
Usernames and passwords are examples of access ______.
credentials
The exposure of user credentials can lead to ______ breaches.
The exposure of user credentials can lead to ______ breaches.
Signup and view all the answers
When credentials are compromised, they are vulnerable to ______ exploitation.
When credentials are compromised, they are vulnerable to ______ exploitation.
Signup and view all the answers
Recent malware attacks such as ______ highlight this threat.
Recent malware attacks such as ______ highlight this threat.
Signup and view all the answers
Malware attacks pose a significant security threat for both managed devices and ______ connected devices.
Malware attacks pose a significant security threat for both managed devices and ______ connected devices.
Signup and view all the answers
Keep an eye out for disgruntled ______
Keep an eye out for disgruntled ______
Signup and view all the answers
Apps and protocols sending ______ credentials over your network pose a significant security threat.
Apps and protocols sending ______ credentials over your network pose a significant security threat.
Signup and view all the answers
______ connected devices are at risk from recent malware attacks.
______ connected devices are at risk from recent malware attacks.
Signup and view all the answers
Monitor data and network ______ for every device and user
Monitor data and network ______ for every device and user
Signup and view all the answers
The threat from malware is not limited to traditional devices, but also affects ______ devices.
The threat from malware is not limited to traditional devices, but also affects ______ devices.
Signup and view all the answers
This vigilance is necessary to ______ insider risk
This vigilance is necessary to ______ insider risk
Signup and view all the answers
Disgruntled employees can pose a significant ______ to an organization
Disgruntled employees can pose a significant ______ to an organization
Signup and view all the answers
Every ______ and user should be monitored to ensure security
Every ______ and user should be monitored to ensure security
Signup and view all the answers
In this section, we look at famous examples of different types of ______ attack used by cybercriminals.
In this section, we look at famous examples of different types of ______ attack used by cybercriminals.
Signup and view all the answers
Read on to understand what counts as ______.
Read on to understand what counts as ______.
Signup and view all the answers
Cybercriminals use various methods in their ______ attacks.
Cybercriminals use various methods in their ______ attacks.
Signup and view all the answers
Famous examples help illustrate different types of ______ committed online.
Famous examples help illustrate different types of ______ committed online.
Signup and view all the answers
Understanding cybercrime is crucial to develop effective ______ strategies.
Understanding cybercrime is crucial to develop effective ______ strategies.
Signup and view all the answers
Human detection is when a user notices some unusual or suspect ______ during their normal occupations.
Human detection is when a user notices some unusual or suspect ______ during their normal occupations.
Signup and view all the answers
Technical detection happens thanks to an automated analysis of all the data collected about the Information system and its ______.
Technical detection happens thanks to an automated analysis of all the data collected about the Information system and its ______.
Signup and view all the answers
There are two main ways to detect a security ______: technical and human.
There are two main ways to detect a security ______: technical and human.
Signup and view all the answers
Technical detection happens thanks to an automated analysis of data from servers, firewalls, proxies, and ______.
Technical detection happens thanks to an automated analysis of data from servers, firewalls, proxies, and ______.
Signup and view all the answers
The two main ways to detect security incidents are ______ and human.
The two main ways to detect security incidents are ______ and human.
Signup and view all the answers
All equipment linked to the information systems of a company transmits data about their activity to a tool named ______.
All equipment linked to the information systems of a company transmits data about their activity to a tool named ______.
Signup and view all the answers
SIEM is considered the heart of ______ performance.
SIEM is considered the heart of ______ performance.
Signup and view all the answers
The full form of SIEM is Security Incident and Event ______.
The full form of SIEM is Security Incident and Event ______.
Signup and view all the answers
Companies utilize SIEM to gather data about their ______.
Companies utilize SIEM to gather data about their ______.
Signup and view all the answers
The function of a SOC relies on data transmitted by ______ to the SIEM.
The function of a SOC relies on data transmitted by ______ to the SIEM.
Signup and view all the answers
Study Notes
Unit 2: Cybercrime
-
Agenda
- Cybercrime organization (2.1)
- Main attack vectors (2.2)
- Classification of cyber threats and cybercrimes (2.3)
- Agencies for combating cybercrime (2.4)
- SOC/CERT/CSIRT concept and major agencies (2.5)
-
What is Cybercrime?
- Criminal activity targeting or using computers, networks, or devices
- Primarily for financial gain, but occasionally due to political or personal motives
- Committed by organized individuals with advanced skills, or novice hackers
-
Types of Cybercrime
- Email and Internet fraud
- Identity fraud (stealing and using personal information)
- Theft of financial/card payment data
- Theft and sale of corporate data
- Cyber-extortion (demanding money to prevent attacks)
- Ransomware attacks (a type of cyber-extortion)
- Cryptojacking (mining cryptocurrency using resources not owned)
- Cyber espionage (accessing government or company data)
-
Cybercrime that targets computers
- Involves viruses and malware
- Used to damage devices, stop them from working, delete data
- Denial-of-Service (DoS) attack (stops users using a machine or network, or prevents a business from providing a service to customers)
- Can be used to spread malware, illegal information, or illegal images
-
Distributed Denial-of-Service (DDoS) attack
- Similar to a DoS but uses numerous compromised computers
-
Malware Attacks:
- Attack where a computer system or network is infected with malware
- Used by cybercriminals for various purposes, including stealing data, carrying out other crimes, damaging data
-
WannaCry ransomware attack (2017)
- Global cybercrime
- Targeted a vulnerability in Microsoft Windows on 230,000 computers across 150 countries
- Users were locked out of their files and demanded a Bitcoin ransom
- Estimated to have caused $4 billion in financial losses
-
Phishing
- Spam emails or other communication to trick recipients
- Objective is to perform actions that undermine security
- Can contain infected attachments or malicious links to websites
- Often used to obtain confidential information
-
Main attack vectors
- Attack surface: Sum of points on networks where unauthorized users can manipulate, extract data
- Attack vectors: Methods used to breach the network, such as weak and default passwords, phishing, social engineering, etc.
-
Security Breach
- Any incident where sensitive data is accessed by unauthorized parties
- Incidents include DDoS attacks, Bitcoin mining and others
- Data breaches are most common but not all security incidents involve data theft.
-
8 Common Cyber Attack Vectors and How to Avoid:
-
Compromised Credentials:
- Phishing attacks can expose user credentials
- Stolen/lost credentials can allow intruders access
-
Weak and Stolen Credentials:
- Weak passwords allow attacker access
- Attackers can steal and exploit credentials
-
Malicious Insiders:
- Unhappy employees can expose company information/exploit vulnerabilities
-
Missing / Poor Encryption:
- Sensitive data is vulnerable without adequate encryption
-
Misconfiguration:
- Default usernames & passwords, enabled setup pages may create vulnerabilities
- Attackers can take advantage of these
-
Ransomware:
- Users unable to access their data until a ransom is paid
-
Phishing:
- Deception to gain sensitive user information
-
Compromised Credentials:
-
Trust Relationships:
- A trust relationship exists between two domains or users
- A breach can allow attacker access
-
SOC/CERT/CSIRT
- SOC (Security Operations Center)
- Manages security incidents
- Tracks activity on a system and notifies CSIRT of abnormalities
- Uses SIEM (security incident and event manager) Centralizes and correlates log data
- CERT (Computer Emergency Response Team)
- Responds to security incidents within an organization
- CSIRT (Community Emergency Response Team)
- Responds to security incidents within community.
- SOC (Security Operations Center)
-
Cybercrime Classification (Additional note)
- Detailed taxonomy of threats
- Used for better threat identification and prevention
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
Explore the various facets of cybercrime in this unit. Learn about the organizations involved, main attack vectors, and types of cyber threats. Examine the agencies combating these crimes and the impact on society.
