Chapter 1 Introduction 202401.pdf

Full Transcript

Chapter 1: Introduction
 Topics

1.1 Security Problems
1.2 Computer Security Concepts
1.3 Vulnerabilities, Threats and Attacks
1.4 Computer Security Trends
1.1 Security Problems
Lack of
cybersecurity
awareness
among
employees/
users Lack of
Attack
security
techniques are
mindset
getting more
among IT
sophisticated
professionals
Security
Increasing
Problems
number of
insecure Insecure
network applications/
devices (eg systems
mobile, IoTs,
etc)
Misconfigurations

Note: The list shown above is not exhaustive
1.2 Computer Security Concepts

Computer Security
The protection afforded to an automated
information system in order to attain the
applicable objectives of preserving the
integrity, availability and confidentiality
of information system resources
(includes hardware, software, firmware,
information/data, and telecommunications).
Source: https://csrc.nist.rip/publications/nistpubs/800-12/800-12-html/chapter1.html
1.2 Computer Security Concepts

SIX PRINCIPLES OF SECURITY
Confidentiality
Authentication
Integrity
Non-Repudiation
Access Control
Availability
1.2 Computer Security Concepts
Confidentiality
Only the sender and the intended recipient(s) should
be able to access the content of a message
Confidentiality gets compromised if an unauthorized
person is able to access a message. Example of an
attack is interception.

4
1.2 Computer Security Concepts
Authentication
Help establish proof of identities.
Ensures that the origin of an electronic message or
document is correctly identified.
Authentication is compromised via fabrication.
1.2 Computer Security Concepts
Integrity
Integrity is lost when the contents of a message are
changed during the transmission from sender to
receiver. This type of attack is called modification.
1.2 Computer Security Concepts

Non-Repudiation
Situations where users deny or repudiate sending
messages to recipients.
The principle of non-repudiation defeats the
possibility of denying something after having done it.
 1.2 Computer Security Concepts
Access Control
Determines who should be able to access what.
Access control is broadly related to two areas:
Role management
Concentrates on the user side (which user can do what)
Rule management
Focuses on the resource side (which resource is
available)
Access control matrix which list users against list of items that
they can access. An Access Control List (ACL) is a subset of an
access control matrix.
 1.2 Computer Security Concepts
Access Control
Example of an Access Control Matrix

Source: https://oktatas.iit.uni-
miskolc.hu/lib/exe/fetch.php?media=tanszek:oktatas:w2_software_system_security.p
df
 1.2 Computer Security Concepts
Access Control
Example of an Access Control List within an Access Control
Matrix

Source: https://oktatas.iit.uni-
miskolc.hu/lib/exe/fetch.php?media=tanszek:oktatas:w2_software_system_security.p
df
 1.2 Computer Security Concepts
Availability
Resources should be available to authorized parties at all
times.
Attack called interruption will defeat the principle of
availability.
 1.3 Vulnerabilities, Threats and
Attacks
Vulnerability
Defined as the state of being exposed to the possibility of
being attacked or harmed.
Cybersecurity vulnerabilities can be categorized into:
Platforms
Configurations
Third parties
Patches
Zero-day vulnerabilities
 1.3 Vulnerabilities, Threats and
Attacks
Vulnerability → 1) Platforms
A computer platform is a system that consists of the hardware
device and an operation system (OS) that runs software such
as applications, programs, or processes.
Examples of platforms with serious vulnerabilities:
Legacy Platforms
On-Premises Platforms
Cloud Platforms
 1.3 Vulnerabilities, Threats and
Attacks
Vulnerability → 1) Platforms
Examples of platforms with serious vulnerabilities:
Legacy Platforms
No longer in widespread use
Vulnerabilities often found from legacy software, such
as an OS or program
Example, Microsoft Windows, Apple macOS, Linux
which are not updated with the latest version, ie
depriving it of security fixes.
 1.3 Vulnerabilities, Threats and
Vulnerability → 1) Platforms
Attacks
Examples of platforms with serious vulnerabilities:

On-Premises (On-Prem) Platforms

Software and technology located within the physical confines of an
enterprise, which is usually consolidated in the company’s data center.

Security concern: more servers, network resources, support for remote
access, new software to be added to support emerging business process
and user needs which resulted inadequate configuration for security over
time.

Numerous entry points from outside into the on-prem platform (through
USB flash drives, wireless network transmissions, mobile devices, and
email messages) creates more vulnerabilities.
 1.3 Vulnerabilities, Threats and
Attacks
Vulnerability → 1) Platforms
Examples of platforms with serious vulnerabilities:
Cloud Platforms

this is a pay-per-use computing model in which customers pay only for
the online computing resources they need. Cloud computing resources
can be scaled up or scaled back based on needs.

Vulnerabilities of cloud platforms are related to misconfigurations by the
company personnel responsible for securing the cloud platform. Cloud
resources are accessible from virtually anywhere, putting cloud
computing platforms constantly under attack from threat actors probing
for vulnerabilities.
 1.3 Vulnerabilities, Threats and
Attacks
Vulnerability → 2) Configurations
Modern hardware and software platforms provide an array of
features and security settings that must be properly
configured to repel attacks.
However, the configuration settings are often not properly
implemented, resulting in weak configurations.
 1.3 Vulnerabilities, Threats and
Attacks
Vulnerability → 2) Configurations
 1.3 Vulnerabilities, Threats and
Attacks
Vulnerability → 2) Configurations
 1.3 Vulnerabilities, Threats and
Attacks
Vulnerability → 3) Third Parties
Most businesses use external entities known as third parties,
to assist in providing services that the businesses lack the
expertise. Example, contract with third parties to assist them
in developing and writing a software program or app.
Organizations rely on third-party data storage facilities for
storing important data.
Almost all third parties require access to the organization’s
company network. Connectivity between the organization and
the third party is known as system integration.
 1.3 Vulnerabilities, Threats and
Attacks
Vulnerability → 3) Third Parties
The major risk of third-party system integration involves the
principle of the weakest link. That is, if the security of the third
party has any weaknesses, it can provide an opening for
attackers to infiltrate the organization’s computer network.
Example: attack to third-party vulnerable integration between
Target retail chain and a refrigeration, heating and air-
conditioning third party, happened in 2013, where 40 million
credit card numbers are stolen.
 1.3 Vulnerabilities, Threats and
Attacks
Vulnerability → 4) Patches
To address the vulnerabilities in OSs that are uncovered after
the software has been released, software developers usually
deploy a software “fix”. A security patch is an officially
released software security update intended to repair a
vulnerability.
However, they can also create vulnerabilities although it is
important:
Difficulty patching firmware
Few patches for application software
Delays in patching OSs
 1.3 Vulnerabilities, Threats and
Attacks
Vulnerability → 5) Zero Day
Vulnerabilities that can be exploited by attackers before anyone else
knows it exists are called as Zero Day, because it provides zero day of
warning.
Zero-day vulnerabilities are considered extremely serious. Systems are
opened to attack with no specific patches available.
Example of protections that can mitigate zero-day attack using machine
learning to collect data from previously detected exploits and create a
baseline of safe system behavior that may help detect an attack based on a
zero-day vulnerability.
 1.3 Vulnerabilities, Threats and
Attacks
Threats
A threat is a potentially dangerous event that has not
occurred but has the potential to cause damage if it does.

Cybersecurity threats are the actual means by which cyber
attackers exploit vulnerabilities. Example of threats:
Gain unauthorized access to servers
Ransomware
Denial of Service (DoS) attack
Source: https://www.simplilearn.com/vulnerability-in-security-article
 1.3 Vulnerabilities, Threats and
Attacks
Threat Actors
Threat actors are individuals or entities
responsible for cyber incidents against
the technology equipment of enterprises
and users. Threat actors are also known
as attackers or hackers.
Targets by threat actors:
Individual users
Enterprises
Governments
 1.3 Vulnerabilities, Threats and
Attacks
Threat Actors

Today, threat actors are classified in more distinct categories,
such as script kiddies, hacktivists, state actors, insiders and
others.
1.3 Vulnerabilities, Threats and
Attacks
Threat Actors → 1) Script Kiddies
Individuals who want to perform attacks, yet lack the
technical knowledge to carry them out.
Use freely available automated attack software (scripts) and
use it to perform malicious acts.
Attack may not be always successful due to lack of technical
knowledge.
 1.3 Vulnerabilities, Threats and
Attacks
Threat Actors → 2) Hacktivists
Individuals who are stongly motivated by ideology (for the sake of their principles
or activism)
Examples of attacks by hacktivists:
Breaking into a website and changing its contents as a means of making a
political statement.
Work through disinformation campaigns by spreading fake news and
supporting conspiracy theories.
Demand in exchange of stolen data. “Hacktivists Release Iran Nuclear
Documents After Deadline” https://www.iranintl.com/en/202210225387
Motivation: Political, social, or ideological
Affiliation: Non-governmental individuals or organizations
Common TTPs: DDoS attacks, doxing, website defacements

Source: https://www.cisecurity.org/insights/spotlight/cybersecurity-spotlight-cyber-
threat-actors
 1.3 Vulnerabilities, Threats and
Attacks
Threat Actors → 3) State Actors
Governments are employing their own state-sponsored
attackers for launching cyberattacks against their foes, known
as state actors.
Foes may be foreign governments or even citizens of their
own nation that government considers hostile or threatening.
A growing number of attacks from state actors are directed
toward businesses in foreign countries with the goal of
causing financial harm or damage to the enterprise’s
reputation.
State actors might be the deadliest of all threat actors as they
are highly skilled and have enough government resources to
breach almost any security defense.
 1.3 Vulnerabilities, Threats and
Attacks
Threat Actors → 3) Nation-State Actors
Nation-State actors are often involved in multiyear intrusion campaign
targeting highly sensitive economic, proprietary or national security
information.
The campaign have created a new class of attacks called advanced
persistent threat (APT).
The attacks use innovative tools (advanced) and once a system is
infected, they silently extract data over an extended period of time
(persistent).
APTs are most commonly associated with state actors
Motivation: Espionage, political, economic, or military
Affiliation: Nation-states or organizations with nation-state ties
Common TTPs: Spear-phishing password attacks, social engineering,
direct compromise, data exfiltration, remote access trojans, and
destructive malware.
Source: https://www.cisecurity.org/insights/spotlight/cybersecurity-spotlight-cyber-threat-actors
 1.3 Vulnerabilities, Threats and
Attacks
Threat Actors → 4) Insiders
Serious threat to an enterprise comes from its own employees,
contractors, and business partners, called insiders, who pose as insider
threat of manipulating data from the position of a trusted employee.
Six of out 10 enterprises reported being a victim of at least one insider
attack during 2019. The focus of the insiders are intellectual property (IP)
theft (43%), sabotage (41%), and espionage (32%).
Motivation: Financial gain or to seek revenge
Affiliation: Current or former employee, contractor, or other partner who
has authorized access.
Common TTPs: data exfiltration or privilege misuse

Source: https://www.cisecurity.org/insights/spotlight/cybersecurity-spotlight-cyber-
threat-actors
 1.3 Vulnerabilities, Threats and
Attacks
Threat Actors → 5) Cybercriminals
Cybercriminals are largely profit-driven and represent a long-term, global, and
common threat. They target data to sell, hold for ransom, or otherwise exploit
for monetary gain. Cybercriminals may work individually or in groups to
achieve their purposes.

Motivation: Financial gain or reputation enhancement

Affiliation: Individuals or with collaborators

Common TTPs: Phishing, social engineering, business email compromise (BEC)
scams, botnets, password attacks, exploit kits, malware, ransomware

Source: https://www.cisecurity.org/insights/spotlight/cybersecurity-spotlight-cyber-threat-actors
 1.3 Vulnerabilities, Threats and
Attacks
Attacks – Theoretical Concepts
The principle of security faces threats from various attacks.
These attacks are generally classified into four categories. They
are:
Interception → compromising confidentiality
Fabrication → compromising authentication
Modification→ compromising integrity
Interruption → compromising availability
These attacks are further grouped into two types: passive
attacks and active attacks.
 1.3 Vulnerabilities, Threats and
Attacks
Attacks – Theoretical Concepts
Passive Attack Active Attack
Attempts to alter system
Attempts to learn or make use of
resources or affect their
information from the system but does not
operation
affect system resources
Involve some modification of
Eavesdropping on, or monitoring of the data stream or the creation
data transmissions of a false stream
Goal of attacker is to obtain Three categories:
information that is being transmitted Fabrication (Masquerade)
Two types of passive attacks Modification
(interception): Replay attacks
Alterations
Release of message contents
Interruption (DoS attacks)
Traffic analysis
 1.3 Vulnerabilities, Threats and
Attacks
Attack Vectors
An attack vector is a pathway or avenue used by a threat actor to penetrate a
system.
Attack vectors categories:
Email
Wireless
Removable Media
Direct Access
Social Media
Supply Chain
Cloud
 1.3 Vulnerabilities, Threats and
Attacks
Attack Vectors → 1) Email
Almost 94 percent of all malware is delivered through email to an
unsuspecting user. The goal is to trick the user to open an
attachment that contains malware or click a hyperlink that takes
the user to a fictitious website.
Attack Vectors → 2) Wireless
Because wireless data transmissions “float” through the airwaves,
they can be intercepted and read or altered by a threat actor if
the transmission is not properly protected.
 1.3 Vulnerabilities, Threats and
Attacks
Attack Vectors → 3) Removable Media
A removable media device, such as a USB flash
drive, is a common attack vector. Threat actors
have been known to infect USB flash drives with
malware and leave them scattered in a parking
lot or cafeteria. A well-intentioned employee will
find the drive and insert it into his computer to
determine its owner. However, once inserted,
the USB flash drive will infect the computer.
 1.3 Vulnerabilities, Threats and
Attacks
Attack Vectors → 4) Direct Access
A direct access vector occurs when a threat actor
can gain direct physical access to the computer.
Once the attacker can “touch” the machine, she
can insert a USB flash drive with an alternative
operating system and reboot the computer under
the alternate OS to bypass the security on the
computer.
 1.3 Vulnerabilities, Threats and
Attacks
Attack Vectors → 5) Social Media
Threat actors often use social media as a vector
for attacks. For example, an attacker may read
social media posts to determine when an
employee will be on vacation and then call the
organization’s help desk pretending to be that
employee to ask for “emergency” access to an
account.
 1.3 Vulnerabilities, Threats and
Attacks
Attack Vectors → 6) Supply Chain
A supply chain is a network that moves a product from the
supplier to the customer and is made up of vendors that supply
raw material, manufacturers who convert the material into
products, warehouses that store products, distribution centers
that deliver them to the retailers, and retailers who bring the
product to the consumer.
Today’s supply chains are global in scope: manufacturers are
usually thousands of miles away overseas and not under the
direct supervision of the enterprise selling the product.
 1.3 Vulnerabilities, Threats and
Attacks
Attack Vectors → 6) Supply Chain
The fact that products move through many steps
in the supply chain—and that some steps are not
closely supervised—has opened the door for
malware to be injected into products during their
manufacturing or storage (called supply chain
infections).
Supply chains also serve as third-party
vulnerabilities
 1.3 Vulnerabilities, Threats and
Attacks
Attack Vectors → 7) Cloud
As enterprises move their computing resources
to remote cloud servers and storage devices,
threat actors take advantage of the complexity
of these systems to find security weaknesses
1.4 Computer Security Trends

The cost of cybercrime is ever increasing.

Source:
https://www.riskiq.c
om/wp-
content/uploads/20
20/07/Evil-Internet-
Minute-RiskIQ-
Infographic-
2019.pdf
1.4 Computer Security Trends

The cyber attack will never stop.

Source: https://www.cisco.com/c/en/us/solutions/collateral/executive-
perspectives/annual-internet-report/white-paper-c11-741490.html
1.4 Computer Security Trends

The cyber attack will never stop.

Source: https://www.statista.com/chart/28878/expected-cost-of-cybercrime-until-
2027/
1.4 Computer Security Trends

Live Cyber Attack Maps.
https://threatmap.checkpoint.com/
https://livethreatmap.radware.com/
https://threatmap.bitdefender.com/
https://cybermap.kaspersky.com/
1.4 Computer Security Trends

New Targets for Attacks
Banks, e-commerce and databases will continue to be attacked
with new targets as shown below:
Critical Infrastructure
Digital Assets
Higher Education
Online Gambling
Supply Chain

Source: https://www.purdueglobal.edu/blog/information-technology/cybersecurity-trends/
1.4 Computer Security Trends

New Types of Attacks
Phishing and Social Engineering 🡨 top causes of breaches
85% of attacks involved a human element, such as responding
to a scam email or clicking on a link
Due to remote work during the Covid-19 pandemic, cybercrime
has gone up to 600%
Attacks are getting more sophisticated
Phishing emails and malicious URLs are more specific,
personalized, and geo-targeted.
Focus on mobile users, exploiting their vulnerabilities to
access other platforms
Source: https://www.purdueglobal.edu/blog/information-technology/cybersecurity-trends/
1.4 Computer Security Trends

New Tactics in Security
More companies are adopting “assume breach” mindset,
meaning not trusting anything on or off the company network.
This will encourage businesses to emphasize compliance with
security policies, including how to spot a phishing attempt or
how to respond to ransomware.
More companies will adopt security solutions related to
artificial intelligence (AI). With the adoption of AI and machine
learning, less human effort is needed to anticipate and respond
to attacks quickly.

Source: https://www.purdueglobal.edu/blog/information-technology/cybersecurity-trends/
1.4 Computer Security Trends
New Regulations to Come
Governments will continue to tighten cybersecurity.
Modern privacy laws will cover personal digital information of
75% of the world’s population by the end of 2023.
30% of the world’s governments are expected to pass
legislation to regulate ransomware payments, fines, and
negotiation by end of 2025.
Organizations will have to demonstrate a high level of
cybersecurity to obtain cyberinsurance coverage. Challenge:
77% of organizations do not have a cybersecurity incident
response plan.
New cryptocurrency regulation in several countries will
discourage ransomware.
Source: https://www.purdueglobal.edu/blog/information-technology/cybersecurity-trends/
Main References

Chauhan, S. R., and Jangra S., 2020, Computer Security and
Encryption: An Introduction, Mercury Learning & Information.
https://tarc.idm.oclc.org/login?url=https://ebookcentral.proquest.co
m/lib/tarc-ebooks/detail.action?docID=6404902
Mark Ciampa. 2022. CompTIA Security+ Guide To
Network Security Fundamentals. Cengage Learning.