Grade 12 ICT Textbook PDF
Document Details
Uploaded by StunnedSun4613
Qelem Meda Technologies
Tags
Summary
This textbook covers Information Communication Technology (ICT) for grade 12 students. It includes chapters on various topics related to ICT like Relational Databases, Computer Security, Artificial Intelligence, and Machine Learning.
Full Transcript
Information Communication Technology Text Book For Grade 12 Author: Qelem Meda Technologies Relational Databases 1 Acknowledgments Author: Qelem Meda Technologies Computer Security...
Information Communication Technology Text Book For Grade 12 Author: Qelem Meda Technologies Relational Databases 1 Acknowledgments Author: Qelem Meda Technologies Computer Security 1 Table of Contents 1.1 Introduction to Computer Security.......................................................................... 3 1.2 Malware................................................................................................................ 9 1.3 Social Engineering................................................................................................ 18 1.4 Cryptography and Encryption................................................................................ 31 1.6 Web Security....................................................................................................... 36 1.8 Common Web Vulnerabilities................................................................................ 39 1.8 Protecting web application and websites................................................................ 46 2.1 Artificial Intelligence............................................................................................. 51 2.2 Artificial Intelligence ( AI ).................................................................................... 52 2.3 Machine Learning................................................................................................... 4 2.4 Machine Learning with Python.............................................................................. 11 2.5 Ethical Issues with AI........................................................................................... 34 Author: Qelem Meda Technologies Computer Security 2 Unit 1 Computer Security Learning Outcomes Students will be able to: ✓ Gain insight into various types of cyber threats, including malware, phishing and social engineering. ✓ Acknowledge about security measures like encryption, authentication, access control and firewalls. ✓ Stay updated on evolving cyber threats and trends, such as ransomware, IoT vulnerabilities, and nation-state cyber activities. ✓ Develop skills to educate individuals and users about potential security risks, encouraging them to adopt safe online behaviors. ✓ Gain insights into secure coding practices, emphasizing the importance of building security into software and applications from the beginning. ✓ Recognize that the field of computer security is dynamic and ever-evolving, requiring commitment to continuous learning and staying updated with the latest security trends and technologies. Computer Security Author: Qelem Meda Technologies Computer Security 3 1.1 Introduction to Computer Security Computer security is the practice of protecting General vocabulary computer systems, networks, data, and information Tamper: interfere with (something) from unauthorized access, attacks, damage, or any in order to cause damage or make form of exploitation. It encompasses various unauthorized alterations. technologies, processes, and practices that aim to Disclosure: reveal information not maintain the confidentiality, integrity, and availability previously known. of digital assets. Subject vocabulary The main objectives of computer security A digital asset is any piece of digital 1. Confidentiality content or data that holds value to Ensuring that sensitive information and data are an individual or organization. It can accessible only to authorized individuals or entities include files like photos, videos, and are protected from unauthorized access or documents, music, and other media, as well as digital currencies, disclosure. software, and online accounts. 2. Integrity Guaranteeing that data remains accurate and unaltered throughout its lifecycle and preventing unauthorized modifications or tampering. 3. Availability Ensuring that computer systems, networks, and data are available and accessible to authorized users when needed and protected from disruptions or denial of service attacks. 4. Authentication Verify user identities for secure access, preventing unauthorized entry. 5. Authorization Grand appropriate access rights to authorized users based on roles and responsibilities. Author: Qelem Meda Technologies Computer Security 4 6. Privacy Subject vocabulary Safe guard personal data from unauthorized access. 7. Security Awareness Vulnerability is a hole or a weakness in the application, which can be a Educate users about security risks and best practices. design flaw or an implementation bug, that allows an attacker to 8. Incident Response cause harm to the stakeholders of Develop plans to manage and recover from security an application. incidents. Cyber-criminal is an individual or a group that engages in illegal and 9. Security Testing malicious activities in the Regularly assess systems for vulnerabilities. cyberspace. 10. Secure Development Cyber threat is any potential danger or risk posed by malicious actors Implement security measures during software and their activities in the digital creation. world. Sometimes computer security might be referred to as Cybersecurity, but Cybersecurity is the broader General vocabulary discipline that encompasses the protection of digital Incident: an instance of something systems, networks, and data in the cyberspace from happening; an event or occurrence. cyber threats and attacks. It addresses the security of assess: evaluate or estimate the all digital assets and information across various nature, ability or quality of. technologies and devices, including computers, servers, mobile devices, cloud-based systems, and IoT Subject vocabulary devices. On the other hand, computer security is a Cyberspace is like a virtual world subset of cybersecurity, focusing specifically on created by the internet, where securing individual computer systems, devices, and people can communicate, share data from unauthorized access or damage. While information, and do various activities online. It's the digital cybersecurity deals with the entire digital landscape, space where everything on the computer security is concerned with safeguarding internet happens. local computer hardware, software, and network infrastructure. Author: Qelem Meda Technologies Computer Security 5 Importance of Computer Security 1. Protection of Sensitive Information Computer security ensures that sensitive information, such as personal data, financial records, intellectual property, and government secrets, remains Subject vocabulary confidential and inaccessible to unauthorized Cyberterrorism is the use of individuals or cybercriminals. Breaches in security can cyberspace and digital technologies lead to identity theft, financial loss, and reputational by individuals, groups, or damage. organizations to carry out acts of terrorism. 2. Prevention of Cyber Attacks Cybersecurity measures are designed to prevent a wide range of cyber-attacks, including malware infections, ransomware attacks, phishing scams, and denial-of-service (DoS) attacks. Preventing these attacks is vital to maintaining the integrity and functionality of computer systems and networks. 3. Business Continuity General vocabulary For organizations, computer security is essential for maintaining business continuity. Downtime due to Prevalent: widespread in a cyber incidents can result in significant financial losses particular area or at a particular and operational disruptions. By protecting against time. cyber threats, businesses can ensure their operations Espionage: the practice of spying or continue without major interruptions. of using spies, typically by governments to obtain political or 4. Protection of National Security military information. Governments and critical infrastructure systems rely heavily on computer networks and information systems. Securing these assets is crucial to safeguarding national security and defending against cyber-espionage or cyberterrorism. 5. Privacy and Trust As digital interactions become more prevalent, trust in online transactions and communication is essential. Author: Qelem Meda Technologies Computer Security 6 Computer security instills confidence in users that their History data is secure and their privacy is protected, In June 2017, a ransomware called encouraging greater adoption of digital services. Netpetya targeted thousands of organizations worldwide, primarily in 6. Intellectual Property Protection Ukraine but also affecting companies Companies invest significant resources in research and in other countries. Netpetya was initially disguised as a ransomware development to create innovative products and attack, demanding a ransom payment technologies. Computer security safeguards in Bitcoin to unlock the encrypted intellectual property from theft or unauthorized data. However, it soon become evident that the primary objective of access, helping protect a company's competitive the attack was not to generate advantage. ransom money but to cause widespread disruption and damage. 7. Preservation of Reputational Integrity Once Netpetya got into a system, it A security breach can significantly damage an will encrypt the entire hard drive, making it inaccessible. The attack individual's or organization's reputation. Maintaining affected critical infrastructure, strong computer security practices builds trust with banks, government agencies, multinational corporations, and customers, partners, and stakeholders, helping to international shipping companies. It protect a positive reputation. leads to significant financial losses and disruptions in their operations. 8. Preservation of Reputational Integrity Netpetya caused an estimated 10 A security breach can significantly damage an billion dollars in damages, making it one of the most destructive individual's or organization's reputation. Maintaining cyberattacks in history. strong computer security practices builds trust with customers, partners, and stakeholders, helping to Subject vocabulary protect a positive reputation. A nation-state actor, also known as a Cyber Threats state-sponsored actor, is a A Cyber threat refers to any potential or actual government or state that engages in malicious activity or action that aims to exploit cyber activities, including cyber vulnerabilities in computer systems, networks, data, or espionage, cyberattacks, and cyberwarfare, for political, information through the use of technology. Cyber economic, or military purposes. threats can come from various sources, including These state-sponsored actors use individuals, organized groups, or nation-state actors their nation's resources, expertise, with different motives and impacts. and capabilities. Author: Qelem Meda Technologies Computer Security 7 Cyber threat encompasses a wide range of malicious General vocabulary activities, including Fraudulent: obtained, done by 1. Malware involving deception, especially criminal deception. Software designed to harm computer systems, steal data, or gain unauthorized access. Examples include Overwhelm: have completely overcome by intense requests, viruses, worms, Trojans, ransomware, spyware, and unable to respond to a request by much more. We will cover more about malwares in the many requests for assistance. later parts of this chapter. Eavesdrop: secretly listen to a 2. Phishing conversation. Infiltrate: enter or gain access to Social engineering techniques that trick individuals (an organization, place, etc.) in way into revealing sensitive information, such as login that attempts to avoid notice or credentials or financial data, through fraudulent attention secretively and gradually, especially in order to acquire secret emails, messages, or websites. information. 3. Denial-of-Service (DoS) and Distributed Denial-of- Service (DDoS) Attacks Attempts to overwhelm computer systems or networks, rendering them unavailable to legitimate users. 4. Man-in-the-Middle (MitM) Attacks Interception of communication between two parties to eavesdrop, alter messages, or steal information without the knowledge of the communicating parties. 5. Advanced Persistent Threats (APTs) Long-term, targeted cyber-attacks by skilled and persistent opponents seeking to infiltrate systems, gather sensitive data, or cause damage. 6. Zero-Day Exploits Attacks that leverage undisclosed vulnerabilities in software or hardware before the vendor releases a patch or fix. Author: Qelem Meda Technologies Computer Security 8 7. Ransomware Malware that encrypts a victim's data, demanding a General vocabulary ransom payment for the decryption key. Undisclosed: not revealed or made 8. Insider Threats known publicly. Ransom: a consideration paid or Malicious activities initiated by individuals within an demanded for the release of organization who have authorized access to sensitive someone or something from information. captivity. 9. Data Breaches Fraud: wrongful or criminal deception intended to result in Unauthorized access and disclosure of sensitive data, financial or personal gain. often leading to potential privacy violations or identity theft. Subject vocabulary 10. Supply Chain Attacks Targeting vulnerabilities in third-party vendors or Identity theft is a form of cybercrime where someone unlawfully acquires suppliers to gain access to their systems and and uses another person’s personal compromise the target organization. information, such as name, bank 11. Internet of Things (IoT) Vulnerabilities account details or passwords, with the intent of committing fraud or Exploiting security weaknesses in IoT devices to gain other criminal activity. control or launch attacks on connected networks. Third-party vendors: also known as a 12. Social Engineering third-party service provider / supplier, or external entity or Manipulating individuals into revealing confidential company that provides goods, information or performing actions that compromise services, or supports another security through deception or psychological organization. manipulation. Cyber threats are constantly evolving, and attackers continue to develop new techniques and strategies to exploit vulnerabilities. As a result, individuals, organizations, and governments need to remain active in implementing robust cybersecurity measures to protect against potential cyber threats and safeguard their digital assets and sensitive information. Author: Qelem Meda Technologies Computer Security 9 1.2 Malware Malware is a collective term used to describe any type of malicious software designed to harm computer systems, networks, data, or users. The word "malware" General vocabulary is a combination of "malicious" and "software", and it Untrustworthy: not able to be includes a wide range of harmful programs that depend on with full trust or attackers use to carry out various cyber-attacks. confidence; not able to relied as Malware can be created by cybercriminals, hackers, or honest or truthful. even nation-state actors with the intent to exploit Corrupt: (of a text or a computer vulnerabilities and achieve their malicious objectives. data or program) made unreliable by errors or alterations. Types of malware Legitimate: conforming to the law or Malware can infect systems through various means, to rules; conforming to recognized such as malicious email attachments, infected principles or accepted rules and standards. websites, software downloads from untrustworthy sources, and compromised USB drives. There are several types of malware, each with its own specific functions and characteristics. Did you know? 1. Viruses Viruses derive their name from their Viruses are self-replicating programs that attach similarity to biological viruses, which also spread by infecting host themselves to legitimate files and spread to other files organisms. and systems when those files are executed. Viruses The self-replicating behavior and the can corrupt, modify, or delete data and program files, ability to attach themselves to causing various types of damage. legitimate files or programs were similar of how biological viruses Viruses derive their name from their similarity to multiply and attach to living cell. biological viruses, which also spread by infecting host organisms. Author: Qelem Meda Technologies Computer Security 10 Characteristics of viruses ✓ Infection Viruses infect systems by attaching themselves to Subject vocabulary executable files or documents. When a user executes Removable Media refers to a an infected file or runs an infected program, the virus physical storage device that can code becomes active and embeds itself into other files easily connected to and or programs on the system. disconnected from a computer or other digital device. Examples of ✓ Replication and propagation removable media include USB flash drives, external hard drives, Once the virus is active, it seeks to reproduce by memory cards, CDs, and DVDs. copying its code and embedding itself into other files, Trigger is a mechanism that initiates creating multiple instances of the virus. This an action when an event occurs such replication process allows the virus to spread to other as reaching a certain time or date or computers and networks, often through infected files upon receiving some type of input. Trigger generally causes a program shared over email, removable media, or network routine to be executed. connections. ✓ Payload General vocabulary The payload refers to the harmful actions a virus performs on an infected system. This could include stealth: cautious and being kept corrupting or deleting files, stealing data, displaying secret, especially if it is not approved action or movement. messages or images, or disrupting system operations. ✓ Activation Trigger Subject vocabulary Some viruses may have specific triggers or conditions Polymorphic techniques involve for their activation. For example, an on a particular frequently changing identifiable date or when the infected system connects to the characteristics like file names and internet, or when a specific event occurs. types or encryption keys to make the malware unrecognizable to many ✓ Stealth Techniques detection techniques. To avoid detection and removal, viruses often employ stealth techniques. They may encrypt their code, hide within seemingly harmless files, or use polymorphic techniques to change their appearance with each infection, making detection more challenging. Author: Qelem Meda Technologies Computer Security 11 ✓ Damage and Effects The impact of a virus can range from minor Subject vocabulary annoyances to severe disruptions. Some viruses may simply display unwanted messages, while others can Signature-based detection is a cybersecurity method that identifies corrupt or destroy files, cause system crashes, or steal and blocks known threats using sensitive information. digital fingerprints (signatures). It compares files against a database of ✓ Detection and Removal known malicious signatures to stop Antivirus software and security tools are designed to familiar threats quickly. However, it may not catch new or unknown detect and remove viruses from infected systems. threats without existing signatures. These tools use signature-based detection and behavioral analysis to identify and quarantine malicious code. General vocabulary ✓ Prevention propagate: spread and promote widely. Preventive measures against viruses include regular software updates, using reputable antivirus software, avoiding suspicious email attachments or links, and practicing safe browsing habits. 2. Worms Worms are standalone programs that self-replicate and spread across networks, exploiting vulnerabilities in computer systems. Unlike viruses, worms are standalone programs that can propagate independently, making them highly efficient in spreading and infecting multiple systems rapidly. Worms can exploit network vulnerabilities to gain access to new hosts and continue their propagation. Author: Qelem Meda Technologies Computer Security 12 Characteristic of Worms Key Point ✓ Self-Replication Having regular backups of your data is a fundamental aspect of Worms are designed to create copies of themselves responsible data management and and propagate without requiring a host file. They can cybersecurity. Backups serve as a use network resources to find and infect vulnerable safety net against various risks, such systems automatically. as hardware failures, data corruption, cyberattacks, and accidental ✓ Network Propagation deletions. Backups provide peace of mind, as they offer a means to Worms spread through computer networks, such as recover and restore your data to its the internet, local area networks (LANs), or wide area previous state before an unlucky networks (WANs). They can scan network IP addresses, accident occurred. exploit security weaknesses, and use various communication protocols to identify and infect new hosts. ✓ Exploitation of Vulnerabilities Worms often exploit known security vulnerabilities in operating systems, applications, or network protocols. These vulnerabilities may have existing patches, but if systems are not updated, worms can exploit them to gain unauthorized access. ✓ Rapid Spread Subject vocabulary Worms can propagate quickly and exponentially. They can infect multiple systems in a short period, causing A patch refers to a piece of code or significant disruptions to networks and internet software update that is released by the software vendor or developer to services. fix known issues, vulnerabilities, or ✓ Payload bugs in their software. Worms may carry a payload, which is the malicious Host is computer or device that becomes infected with the worm action they perform once they infect a host. The allowing it to propagate and payload can range from data corruption and continue its malicious activities. destruction to unauthorized access and the installation of additional malware. Author: Qelem Meda Technologies Computer Security 13 ✓ Lack of User Interaction Unlike other forms of malware, worms do not require Subject vocabulary user interaction to spread. They can automatically A botnet is a network of computers infect systems without the need for users to execute or devices that have been infected infected files or take any action. with malware and are under the control of a single malicious entity, ✓ Worm Botnets known as the "bot herder" or Some worms can turn infected systems into a botnet. "botmaster." The infected computers, also called "bots" or Botnets can be used for various malicious purposes, "zombies," are typically including launching Distributed Denial of Service compromised without the (DDoS) attacks. knowledge of their owners. Worm Detection and Mitigation Once a computer is infected and added to the botnet, it becomes a Worms can be detected and mitigated using various part of a larger network of bots, all security measures, including network firewalls, operating under the command and intrusion detection systems (IDS), and antivirus control of the botmaster. The software that can identify and block malicious worm botmaster can remotely issue commands to the bots, directing activity. them to perform various malicious Preventing worm infections requires maintaining up- activities. to-date software, applying security patches, and using network security measures. Regular system updates and user education about safe computing practices are crucial to minimizing the risk of worm attacks and their potential impact on computer networks. Brainstorming Question Think about your favorite apps or websites. How do they remember your login information or track your progress? Could databases be involved in storing this data? Author: Qelem Meda Technologies Computer Security 14 3. Trojans History Named after the legendary Trojan Horse, Trojans are According to the famous tale from deceptive software that disguises itself as legitimate Homer's epic poem, "The Iliad," the Trojan War was waged between the programs but, when executed, perform malicious Greeks and the Trojans in the city of actions without the user's knowledge. Trojans can Troy. The war had been ongoing for create backdoors, steal data, or provide remote access ten years, with the Greeks unable to breach the walls of Troy. to attackers. Desperate for victory, the Greek Named after the famous wooden horse used in Greek warrior Odysseus devised a cunning plan. He built a massive wooden horse mythology, Trojans are a form of social engineering and hid a select group of soldiers attack that tricks users into unknowingly executing or inside its hollow belly. The Greeks installing the malware. then left the wooden horse at the gates of Troy as a supposed offering to the gods, while the rest of their army appeared to sail away, leaving behind only one soldier, Sinon, to deceive the Trojans. The Trojans, believing they had won the war and the wooden horse was a symbol of Greek surrender, brought the horse inside the city walls as a trophy. However, during the night, the hidden Greek soldiers emerged from the horse and opened the city gates, allowing the entire Greek army to reenter Troy. The Greeks sacked the In modern computing, a Trojan Horse refers to a type city, putting an end to the Trojan of malicious software (malware) that disguises itself as War. legitimate software or files, tricking users into This legendary event has become the inspiration for the term "Trojan downloading and running it. Once inside a system, the Horse" in the world of cybersecurity. Trojan can open a backdoor, steal sensitive information, or cause other harm, just like the Greek General vocabulary warriors did. lure: tempt (a person or animal) to Trojans often pretend to be as harmless or beneficial do something or to go somewhere, software to lure users into downloading and executing especially by offering some form of them. They may be disguised as software updates, reward. games, multimedia files, or security tools. Author: Qelem Meda Technologies Computer Security 15 Detection and Mitigation of Trojans General vocabulary Detecting Trojans can be challenging due to their Unsolicited: not asked for; given or deceptive nature. Antivirus software and security tools done voluntarily. use signature-based detection and behavioral analysis Reputable: having a good to identify and quarantine Trojan-infected files. reputation; having a widespread Preventing Trojan infections requires exercising belief that someone or something has a particular characteristic. caution when downloading and installing software, especially from unknown or unverified sources. Users Did you know? should avoid clicking on suspicious links or opening Did you know malwares such as attachments in unsolicited emails. Regularly updating spywares are also be developed by software and using reputable antivirus software are governments? essential steps to safeguard against Trojans and other A highly sophisticated worm called forms of malware. Stuxnet was discovered in 2010 and 4. Spyware become one of the most notorious cyberattacks in history. It targeted Spy are is a type of malware designed to covertly industrial processes, particularly gather user information about user or organization those controlling Iran’s nuclear without their knowledge or consent. It can record facilities. keystrokes, capture screenshots, monitor web The worm's development is believed browsing activities, and transmit the collected data to to be a joint effort by the United the attacker. States and Israel, designed to sabotage Iran's nuclear program by The main objective of spyware is to monitor and track damaging centrifuges used in users' online activities, capture sensitive data, and uranium enrichment. relay that information back to the attacker or a Stuxnet was so advanced that it used remote server. Spyware operates stealthily in the multiple zero-day vulnerabilities, background, making it challenging for users to detect allowing it to spread through USB its presence. drives and network connections without detection. It also employed Spyware collects a wide range of information from the rootkit techniques to hide its infected system, including web browsing habits, presence and evade detection by keystrokes, login credentials, chat logs, emails, and security software. other personal or sensitive data. It manipulated their operations, causing physical damage to the centrifuges and disrupting Iran's nuclear enrichment process. Author: Qelem Meda Technologies Computer Security 16 5. Ransomware Did you know? Ransomware is a form of malware that encrypts a victim's data, rendering it inaccessible or unreadable Did you know that the WannaCry until a ransom is paid to the attackers. It is one of the ransomware attack, which occurred in May 2017, was one of the most most damaging and prevalent cyber threats in recent widespread and impactful years, targeting individuals, businesses, and even cyberattacks in history? government organizations. The group of cybercriminals exploited a vulnerability in Microsoft’s Windows operating system. They used an exploit called EternalBlue. This exploit allowed the attackers to remotely infiltrate vulnerable windows systems. Once inside a system, WannaCry encrypted the files, making them inaccessible to the user, and displayed a ransom note demanding a Bitcoin payment to decrypt the data. The attack spread rapidly across networks, Characteristics and features of a ransomware infecting computers in over 150 countries, targeting businesses, ✓ Encryption hospitals, government agencies, and individuals alike. A cybersecurity Ransomware uses strong encryption algorithms to researcher discovered a kill switch lock the victim's files and data. This encryption process within the WannaCry code, allowing converts the data into an unreadable format that can them to stop the ransomware from only be decrypted with a unique encryption key held spreading further. by the attackers. ✓ Ransom Demand Subject vocabulary After encrypting the victim's data, the ransomware A Cyrptocurrency is a type of digital or displays a ransom note on the infected system, virtual currency. Cryptocurrencies are demanding payment (often in cryptocurrency) in not controlled by any central authority, like government or central exchange for the decryption key needed to unlock the bank. Instead, they rely on a network files. of computers that validate and record ✓ Time Pressure transactions on a public ledger called the block chain. Ransomware often imposes a time limit for paying the ransom. If the victim fails to pay within the specified Author: Qelem Meda Technologies Computer Security 17 time, the attackers may threaten to permanently Subject vocabulary delete the decryption key, making file recovery nearly Bitcoin, created in 2009, was the first impossible. cryptocurrency and remains the most ✓ Payment Anonymity well-known and widely used cryptocurrency. Attackers usually prefer payment in cryptocurrencies (e.g., Bitcoin) to make it difficult to trace the Key Point transactions back to them, enhancing their anonymity. Paying the ransom does not guarantee that the A specific malware can often be categorized under more than one attackers will provide the decryption key or that they type, as many malware strains may will not attack again in the future. exhibit characteristics of multiple Prevention and Mitigation malware categories. For example, WannaCry is a Preventing ransomware attacks involves employing ransomware that combines worm-like robust security measures, keeping software up to date, propagation techniques with the using reputable antivirus software, and educating characteristics of ransomware. users about safe computing practices. It uses an exploit to spread across Ransomware attacks are continuously evolving, with networks and exploit unpatched systems, much like a worm. Once it new variants and techniques being developed by infects a system, it encrypts files and cybercriminals. Regular data backups, up-to-date demands a ransom, which is typical of software, and security awareness training are a ransomware. essential elements of a comprehensive defense The classification of malware is not strategy against ransomware. always black and white, and some strains may exhibit a combination of Activity 1.2 characteristics from different malware categories. 1. How does malware spread? 2. What are some examples of malware? 3. What should you do if you suspect a malware? 4. What lessons can we learn from real-world malware attacks? 5. Why is a regular backup important? Author: Qelem Meda Technologies Computer Security 18 1.3 Social Engineering General vocabulary Social engineering is a technique used by cyber attackers to manipulate and deceive individuals into impersonation: an act of pretending reveal sensitive information, performing specific to be another person for the purpose actions, or making decisions that compromise security. of entertainment or fraud. Unlike traditional hacking methods that focus on Deception: an act or statement that technical exploits, social engineering exploits human misleads, hides the truth, or promotes a belief, concept, or idea psychology and relies on the trust or lack of experience that is not true. of individuals to achieve its objectives. Social norms are the perceived informal, mostly unwritten, rules that define acceptable and appropriate actions within a given group or community. Did you know? Did you know that the term Phishing in cybersecurity is derived from the word fishing? The term was coined The primary goal of social engineering is to exploit by hackers and scammers in the mid- human behaviors, emotions, and social norms to gain 1990s to describe a deceptive unauthorized access to systems, networks, or practice of tricking people into revealing their sensitive information confidential information. It often involves online. Just like a fisherman lures fish impersonation, psychological manipulation, and with bait, cybercriminals used fake deception to trick individuals into taking actions that emails and messages, pretending to benefit the attacker. be from reputable sources, to deceive users into clicking on links or Social Engineering Techniques providing personal data. 1. Phishing Phishing is one of the most prevalent social engineering techniques. Attackers send fraudulent emails, messages, or websites that impersonate legitimate entities, such as banks or trusted services, to trick users into revealing sensitive information like login credentials or financial data. Author: Qelem Meda Technologies Computer Security 19 A cybercriminal may send this email to get your credential and other information. Subject: Urgent Account Verification Required Dear Customer, We have noticed unusual activity on your account and suspect a security breach. To protect your account, we require immediate verification of your login credentials. Please click on the link below to verify your account information: [Malicious Link] Failure to verify your account within 24 hours may result in the suspension of your account. Thank you for your cooperation. Sincerely, Your Bank's Customer Support Author: Qelem Meda Technologies Computer Security 20 In this example, the phishing email pretends to be from the recipient's bank, creating a sense of urgency and concern by claiming there is unusual activity on the account. The email urges the recipient to click on the provided link to verify their account information. However, the link leads to a fake website designed to steal the user's login credentials when they enter them. 2. Spear Phishing Spear phishing targets specific individuals or organizations, using personalized information to increase the credibility and success of the attack. The main difference between phishing and spear General vocabulary phishing lies in their level of targeting and convincing: capable of causing customization. someone to believe that something Phishing attacks are broad and indiscriminate. is true or real. Cybercriminals send out mass emails or messages to Salutation: a gesture or words made a large number of recipients without personalization. as a greeting or acknowledgement of another’s arrival or departure. The emails usually impersonate well-known organizations or services, using generic salutations like "Dear Customer" or "Dear User." Author: Qelem Meda Technologies Computer Security 21 History In early 2017, a large-scale phishing attack targeted Google's Gmail service. The attackers crafted sophisticated and convincing phishing emails that appeared to be from a legitimate source, such as a trusted contact or a well-known company. The emails included a link that led recipients to a fake login page designed to look exactly like the official Gmail login page. However, this fake login page was hosted on a different domain, controlled by the attackers. When unsuspecting users entered their Gmail credentials on the fake login page, the attackers harvested the information. Armed with these stolen credentials, the attackers could access the victims' Gmail accounts, read their emails, and potentially gain access to other linked services like Google Drive or Google Photos. What made this phishing attack particularly dangerous was the level of sophistication and the convincing nature of the fake login page. It closely mimicked the actual Gmail login page, making it difficult for many users to recognize it as a fake. The attack affected a significant number of users, including individuals, businesses, and even government organizations. Google took immediate action to block the malicious websites and warned its users about the phishing campaign. The goal of phishing is to cast a wide net and catch as many victims as possible. While Spear phishing attacks General vocabulary are highly targeted and individualized. Cybercriminals focus on specific individuals or organizations and Authentic: of undisputed origin and customize the content to make it look authentic and not a copy; genuine. relevant to the target. The emails address the recipient Credibility: the quality of being by name and may include personal or organization- trusted and believed in. specific information to increase credibility and trust. Spear phishing emails often appear to come from a trusted source known to the recipient, such as a colleague, manager, or business partner.it is tailored to the target's interests, role, or recent activities, making it more convincing and harder to detect. Author: Qelem Meda Technologies Computer Security 22 History In 2016, one of the most well-known spear phishing attack was occurred it was named “John Podesta Email Hack”. John Podesta was the Chairman of Hillary Clinton's 2016 presidential campaign. In March 2016, his personal Gmail account was compromised through a spear phishing attack. The attackers, believed to be associated with Russian hackers, sent a convincing spear phishing email to John Podesta's Gmail account. The email appeared to be from Google's security team, warning him of a potential security breach and asking him to change his password. Trusting the seemingly legitimate source, John Podesta clicked on the link in the email and was directed to a fake login page that closely resembled Google's login page. Unknowingly, he entered his Gmail credentials on the fake login page, which allowed the attackers to gain access to his email account. The attackers were then able to access sensitive and confidential emails, including discussions related to the presidential campaign. Subsequently, the stolen emails were leaked to the public through WikiLeaks, leading to significant media attention and controversy during the presidential election. This spear phishing attack was highly targeted and well-crafted to exploit John Podesta's position and trust in official-looking emails. It demonstrated the precision and effectiveness of spear phishing, where attackers research their targets and personalize the phishing emails to make them more convincing. Spear phishing is a highly targeted and personalized attack that requires more effort from the attacker to research and tailor the attack. Author: Qelem Meda Technologies Computer Security 23 History In 2005 one of the most notorious phishing stories occurred. It was called “MySpace Samy Worm”. The Samy Worm was created by a young hacker named Samy Kamkar, who wanted to become the most popular user on the social networking site MySpace. In November 2005, he developed a worm that exploited a vulnerability in MySpace’s website to spread rapidly and gain him thousands of friends in a matter of hours. The worm worked by injecting malicious JavaScript code into the "About Me" section of Samy's MySpace profile. When other users viewed his profile, the malicious code automatically executed, replicating itself and adding Samy as a friend on their accounts. What made the worm particularly clever was that it also added a message to the victim's profile, saying: "Samy is my hero." This caused the worm to spread even faster, as curious users wanted to find out who this "Samy" was, inadvertently spreading the worm to more profiles. Within just 20 hours, over one million MySpace profiles were infected, making Samy the most popular user on the site at that time. MySpace had to shut down temporarily to stop the worm's spread and clean up the mess. Samy Kamkar didn't use phishing directly in this case, but the technique used to exploit the MySpace vulnerability and spread the worm was similar to a phishing attack in the way it tricked users into executing malicious code. 3. Pretexting General vocabulary Pretexting involves creating a fabricated scenario or pretext to trick individuals into disclose information or Fabricated: invent (something) in performing specific actions. For example, an attacker order to deceive. might impersonate a company's IT support to request Pretext: a reason given in login credentials for a supposed system upgrade. justification of a course of action that is not the real reason. The attacker contacts the company's help desk or IT Fictitious: not real or true; imaginary support department, pretending to be the IT or fabricated. consultant. They provide the name of the reputable company they claim to represent and may even provide a fictitious employee ID or case number for legitimacy. Author: Qelem Meda Technologies Computer Security 24 Subject vocabulary Remote access to a server allows individuals to control and manage a computer or server from a different location, typically over a network or the internet. To establish trust and credibility, the attacker may mention recent security concerns or data breaches at other companies to create a sense of urgency and General vocabulary importance. exfiltration: to steal (sensitive data) The attacker then tells the help desk representative from a computer (as with a flash that they need remote access to the company's drive). servers to perform a routine security check or software Inadvertently: without intention; update to protect against potential vulnerabilities. accidentally. With access to the company's servers, the attacker Intellectual Property: Creation of the can proceed to exfiltrate sensitive data, such as mind such as inventions; literally and customer information, financial records, or intellectual artistic works; designs; and symbols, names and images used in property, for malicious purposes. commerce. Pretexting relies on social engineering tactics to Enticing: attractive or tempting. manipulate people's trust and willingness to help. In this example, the attacker successfully gained access to the company's internal network by pretending to be an external IT consultant performing routine maintenance. Employees often want to be helpful and may overlook security protocols, inadvertently granting access to someone they believe to be a legitimate authority. It highlights the importance of proper identity verification and security awareness training for employees to prevent falling victim to pretexting attacks. Author: Qelem Meda Technologies Computer Security 25 4. Baiting Baiting uses enticing offers, such as free software, music, or movies, to lure users into downloading malicious software or visiting compromised websites. Key Point Malware that automatically executes from a USB drive is often referred to as "USB-based malware" or "USB-based autorun malware." This type of malware takes advantage of the autorun or autoplay feature in operating systems, which automatically executes certain actions when a ✓ The Intentional USB Drive Drop USB drive is inserted into a computer. The purpose of this The attacker prepares several USB flash drives malware is to infect the computer containing a label that says "Confidential Payroll and potentially spread to other Data - Do Not Share" or something similarly enticing. systems when the infected USB drive is connected. These drives are infected with malware that will automatically run when inserted into a computer. ✓ Placement The attacker strategically leaves these USB drives in places where employees are likely to find them, such as the company's parking lot, common areas, or near the entrance. ✓ Employee Curiosity An unsuspecting employee finds one of the USB drives and, out of curiosity, decides to see what's on it. The label mentioning "Confidential Payroll Data" piques their interest. ✓ Insertion and Infection The employee inserts the USB drive into their computer to view its contents. Unknown to them, the Author: Qelem Meda Technologies Computer Security 26 malware on the USB drive automatically executes, infecting their computer and providing a backdoor for the attacker to gain access. Subject vocabulary ✓ Data Exfiltration A backdoor refers to a hidden or With access to the employee's computer, the attacker unauthorized method of accessing a computer system, network, or can now move laterally within the company's network, software application. It is typically searching for sensitive information, stealing data, and created by malicious actors or potentially causing further damage. attackers to gain unauthorized access to a system, even if security The attack leverages employees' natural curiosity and measures such as passwords and temptation to find out what the "Confidential authentication are in place. Payroll Data" contains. Once an employee falls for the Backdoors can have serious bait and plugs the USB drive into their computer, the implications, as they allow attacker gains a foothold into the company's network attackers to maintain persistent and can proceed with their malicious activities. access, steal sensitive information, manipulate data, or carry out other This example highlights the importance of security malicious activities. They are often awareness training for employees to be cautious used by hackers to maintain control about using unknown or unverified USB drives or other over compromised systems or external media. networks, enabling them to return even after initial security breaches 5. Quizzes and Surveys have been addressed. Attackers may create quizzes or surveys that request personal information, seemingly harmless but used to General vocabulary collect sensitive data for nefarious purposes. Survey: examine and record the An attacker creates a deceptive online quiz or survey area and features of (an area of to trick people into sharing sensitive details. land) so as to construct a map, plan or description. quiz: an informal test or examination of a student or class; a questioning. Nefarious: (typically of an action or activity) evil, morally wrong or criminal. Author: Qelem Meda Technologies Computer Security 27 After completing the quiz, participants are prompted General vocabulary to enter their email address and other personal information to receive the quiz results and legitimacy: conformity to the law or to rules; recommendations for their perfect match. impersonation: an act of pretending Without the knowledge of the participants, the quiz is to be another person for the purpose a front for gathering personal information. of entertainment or fraud. The attacker can use the collected data for various Subject vocabulary malicious purposes, such as selling it to scammers, conducting targeted phishing attacks, or engaging in Scammers are individuals or groups identity theft. who engage in fraudulent activities with the intent of deceiving and In some cases, the quiz might provide fake or generic exploiting others for financial gain or results to maintain the appearance of legitimacy and personal advantage. They employ avoid raising suspicions. various tactics to manipulate and trick individuals into providing To protect against such attacks, individuals should money, sensitive information, or exercise caution when participating in online quizzes access to resources. Scammers often and surveys, especially those that request personal exploit trust, vulnerability, and lack of information. awareness to achieve their objectives. 6. Dumpster Diving In physical social engineering, attackers may rummage through trash bins to find discarded documents containing sensitive information. General vocabulary dumpster: a very large container for waste material; dumpster diving: search through dumpsters or similar waste material containers for food or items of value. Author: Qelem Meda Technologies Computer Security 28 7. Tailgating In a tailgating attack, an attacker gains physical General vocabulary access to restricted areas by following authorized personnel without proper verification. Skepticism: a doubt as to the truth of something. How to protect and prevent social engineering Promptly: with a little or no delay; attacks. immediately; at exactly a specified Protecting against social engineering requires a time; punctually. combination of technical measures, security awareness training, and organizational policies. Subject vocabulary ✓ Security Awareness Training Multi-factor authentication (MFA), Conduct regular security awareness training for all also known as two-factor employees to educate them about social engineering authentication (2FA), is a security tactics, how to recognize suspicious emails, messages, mechanism that enhances the or phone calls, and what actions to take in response. authentication process by requiring users to provide multiple forms of Encourage skepticism and caution when receiving verification before they can access a unsolicited requests for sensitive information. system, application, or account. ✓ Phishing Simulations Use phishing simulations to test employees' ability to General vocabulary identify phishing emails and provide immediate feedback and training based on the results. Vet: make a careful and critical ✓ Multi-Factor Authentication (MFA) examination of (something). Vendor: a person or company Implement MFA for all critical accounts and systems. offering something for sale; This adds an extra layer of security and helps prevent Vigilance: the action or state of unauthorized access even if credentials are keeping careful to watch for possible compromised. danger or difficulties. ✓ Employee Verification Establish clear and standardized procedures for verifying the identities and requests of employees. ✓ Secure Communication Channels Encourage employees to use secure communication channels, when sharing sensitive information. ✓ Employee Reporting Encourage employees to report any suspicious emails, messages, or phone calls promptly. Author: Qelem Meda Technologies Computer Security 29 ✓ Least Privilege Enforce the principle of least privilege, granting employees access to only the information and systems necessary for their specific roles. ✓ Patch and Update Management Regularly update software and operating systems. Subject vocabulary ✓ Physical Security Penetration testing, often referred to as pen testing, is a systematic and controlled approach to evaluating the security of computer systems, networks, applications, and other digital assets. It involves simulating real-world attacks to identify vulnerabilities, weaknesses, and potential security risks that could be exploited by malicious actors. The primary goal of penetration testing is to uncover security gaps and provide actionable recommendations to enhance an organization's overall Implement physical security measures to prevent cybersecurity posture. unauthorized access to sensitive areas, such as requiring identification badges for entry. ✓ Incident Response Plan Develop and practice an incident response plan to handle security incidents effectively, including those involving social engineering attacks. ✓ Vendor Management Vet and regularly review third-party vendors and service providers to ensure they follow secure practices and do not become an entry point for attackers. ✓ Restrict Personal Information Sharing Advise employees not to share personal or sensitive information on social media or public forums, as attackers often use this information for social engineering attacks. Author: Qelem Meda Technologies Computer Security 30 ✓ Backups and Data Protection Regularly back up critical data and systems to prevent data loss from ransomware attacks and other social engineering incidents. ✓ Regular Security Assessments Conduct periodic security assessments and penetration tests to identify vulnerabilities and weaknesses that could be exploited by social engineering attacks. By combining these protective measures with ongoing vigilance and proactive security practices, organizations can significantly reduce the risk of falling victim to social engineering attacks and enhance overall cybersecurity posture. Author: Qelem Meda Technologies Computer Security 31 1.4 Cryptography and Encryption Cryptography is the science and practice of secure General vocabulary communication and data protection in the presence of Adversaries: one’s opponent is a adversaries. It involves techniques for encoding contest, conflict, or dispute. information in a way that makes it unreadable to Unintelligible: Impossible to unauthorized users, ensuring confidentiality, integrity, understand. and authentication of data. The process of converting plaintext (readable form) into ciphertext is known as encryption, and the reverse Subject vocabulary process of converting ciphertext back into plaintext is A ciphertext is an encrypted form of known as decryption. Encryption is widely used to plaintext data. Plaintext refers to protect sensitive information during transmission or the original human-readable data storage, making it unintelligible to unauthorized that needs to be kept secure, while ciphertext is the encrypted data parties even if intercepted or accessed. resulting from applying a An Encryption process has cryptographic algorithm to the plaintext. ✓ Encryption Algorithm ✓ Secret Key ✓ Encryption Process and, Key Point ✓ Decryption Process Encryption is a process that Encryption Algorithm transforms readable data, often An encryption algorithm is a mathematical process referred to as plaintext, into unreadable scrambled data known used to transform plaintext into ciphertext. as ciphertext. This transformation is Secret Key done using algorithms and encryption keys, with the primary Encryption relies on a secret key, which is a piece of goal of ensuring that only information used by the algorithm to perform the authorized individuals can decipher encryption and decryption. The same key must be and access the original data. known to both the sender (encryptor) and the recipient (decryptor) to securely exchange encrypted data. Author: Qelem Meda Technologies Computer Security 32 Encryption Process General vocabulary The encryptor takes the plaintext and the secret key, runs them through the encryption algorithm, and Campaign: work in an organized and produces ciphertext. The resulting ciphertext appears active way towards a particular goal, typically a political or social one. random and is unreadable without the key. Gibberish: unintelligible or Decryption Process meaningless speech or writing; non- sense. To decrypt the ciphertext and recover the original plaintext, the recipient uses the same secret key and runs it through the decryption algorithm, reversing the encryption process. History In ancient times, one of the earliest known examples of cryptography can be found in the story of Julius Caesar, the Roman military and political leader. Around 58 BC, Julius Caesar devised a simple but effective method of encryption to protect sensitive military communications during his campaigns. He used a technique known as the Caesar cipher, which is a type of substitution cipher. In the Caesar cipher, each letter in the plaintext is shifted a fixed number of positions down the alphabet. For example, if the shift value (known as the "key") is 3, then "A" would be encrypted as "D," "B" as "E," and so on. Caesar used this cipher with a specific shift value, which was only known to those involved in the communication. As a result, sensitive messages between Caesar and his generals appeared as seemingly gibberish to anyone intercepting them without knowledge of the key. The cipher provided a basic level of security, ensuring that only the intended recipients could understand the messages. Despite its limitations, Caesar's use of the cipher was an early example of employing encryption for secure communications. The technique played a role in the success of his military campaigns and demonstrated the historical significance of cryptography in safeguarding sensitive information. Author: Qelem Meda Technologies Computer Security 33 Types of Encryption General vocabulary ✓ Symmetric Encryption Symmetric: the quality of having parts that match each other; made up of exactly similar parts facing each other or around an axis; In symmetric encryption, the same secret key is used for both encryption and decryption. It is faster but requires secure key distribution. ✓ Asymmetric Encryption (Public-Key Encryption) General vocabulary Asymmetric: having parts that fail to correspond to one another in shape, size, or arrangement, lacking symmetry. Asymmetric encryption uses a pair of keys - a public key used for encryption and a private key used for decryption. Messages encrypted with the public key can only be decrypted with the corresponding private key. Asymmetric encryption allows secure key exchange and digital signatures. ✓ Hybrid Encryption Hybrid encryption combines symmetric and asymmetric encryption, using symmetric encryption for data encryption and asymmetric encryption for securely exchanging the symmetric key. Author: Qelem Meda Technologies Computer Security 34 Encryption Algorithms There are several common encryption algorithms used Did you know? in modern cryptography, each with its specific use cases and strengths. ✓ Advanced Encryption Standard (AES) AES is a symmetric encryption algorithm known for its speed and security. It uses a single secret key for both encryption and decryption. It is widely used for securing sensitive data in various applications, Did you know that, the name RSA is including online communication, file encryption, and derived from the initials of its three secure storage. inventors: Ron Rivest, Adi Shamir, and Leonard Adleman. In 1977, the ✓ RSA (Rivest-Shamir-Adleman) three mathematicians, who were RSA is a widely used asymmetric encryption algorithm. working at the Massachusetts Institute of Technology (MIT), co- It uses a pair of keys. A public key for encryption and authored a groundbreaking paper a private key for decryption. The public key is shared titled "A Method for Obtaining openly, while the private key is kept secret. RSA is Digital Signatures and Public-Key commonly used for secure data transmission, digital Cryptosystems" which introduced signatures, and key exchange protocols. the RSA algorithm. General vocabulary Users will have a pair of mathematically related keys infeasible: not possible to do easily called a public key and a private key. The public key is or conveniently; impracticable; used for encryption, while the private key is used for (of a course of action) impossible in decryption. practice to do or carry out. The RSA algorithm's security is based on the difficulty of factoring large composite numbers into their prime factors. It relies on the computational complexity of this problem to ensure that even with the knowledge of the public key, it is infeasible to compute the corresponding private key. Author: Qelem Meda Technologies Computer Security 35 Elliptic Curve Cryptography (ECC) ECC is an asymmetric encryption algorithm based on Subject vocabulary the mathematics of elliptic curves. It offers equivalent security to RSA with shorter key lengths, making it Resource-constrained devices refer more efficient for resource-constrained devices like to computing devices, such as smartphones, embedded systems, mobile phones and IoT devices. ECC is used in IoT (Internet of Things) devices, and applications that require strong security and efficient other devices with limited hardware computation, such as secure messaging and digital resources, including processing signatures. power, memory, storage, and energy capacity. These devices typically have restrictions that prevent them from performing complex tasks or running resource- intensive applications. ✓ Secure Hash Algorithm (SHA) SHA is a family of cryptographic hash functions designed to create fixed-size, unique hash values from input data. It is commonly used for data integrity verification and digital signatures. The SHA-256 and SHA-3 variants are widely used for secure data hashing in applications like blockchain, digital certificates, and password storage. Author: Qelem Meda Technologies Computer Security 36 1.6 Web Security Web security is the practice of protecting websites, General vocabulary web applications, and web services from various Resilient: (of a person or animal) security threats and vulnerabilities. It involves able to withstand or recover quickly implementing measures to safeguard the from difficult conditions. confidentiality, integrity, and availability of web Robust: strong and health. resources and data. Forge: produce a fraudulent copy or imitation of (a document, signature, banknote, or work of art). Tamper: interfere with (something) in order to cause damage or make unauthorized alterations. Eavesdrop: secretly listen to a conversation. Subject vocabulary Essential Elements of Web Security ✓ Secure Web Development Input validation is a process in software development and Ensuring secure web development practices is crucial cybersecurity that involves to building resilient and robust web applications. inspecting and validating data secure coding techniques, input validation, and proper entered by users or coming from external sources before it is used by error handling are essential to prevent common the application or system. vulnerabilities like SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF). ✓ Secure Communication Web security involves encrypting data transmitted between web browsers and web servers to prevent eavesdropping and data tampering. This is typically achieved through the use of HTTPS (Hypertext Transfer Protocol Secure) that relies on SSL/TLS encryption. Author: Qelem Meda Technologies Computer Security 37 ✓ Web Application Firewalls (WAF) A WAF is a security appliance or software that filters and monitors HTTP requests and responses. It can identify and block malicious traffic, SQL injection attempts, and other web application attacks. ✓ Authentication and Authorization Implementing strong user authentication and authorization mechanisms is essential for restricting access to sensitive parts of the web application and preventing unauthorized access. ✓ Session Management Subject vocabulary Proper session management techniques help protect Session hijacking / stealing : is a type of cyberattack where an against session hijacking attacks, ensuring that user attacker takes control of an active sessions remain secure throughout their interaction user session in a web application or with the web application. system. Author: Qelem Meda Technologies Computer Security 38 ✓ Input Validation Validating and sanitizing user input is essential to prevent code injection attacks and data manipulation through malicious inputs. ✓ Regular Updates and Patch Management Keeping web application components, such as the web server, database, and frameworks, up-to-date with security patches is crucial to protect against known vulnerabilities. ✓ Cross-Origin Resource Sharing (CORS) Subject vocabulary CORS policies help control which web domains can CORS stands for Cross-Origin access certain resources, preventing cross-origin Resource Sharing. It’s a security attacks. feature implemented in web ✓ Secure File Uploads browsers to control and manage how web pages from different Implementing secure file upload mechanisms is domains interact with each other. important to prevent attackers from uploading When a web page from one domain malicious files to the server. (origin) requests resources, such as images, scripts, or data, from another domain, CORS ensures that the browser enforces security rules to prevent potential security vulnerabilities. Author: Qelem Meda Technologies Computer Security 39 1.8 Common Web Vulnerabilities There are several common web vulnerabilities that attackers exploit to compromise web applications and websites. These vulnerabilities arise from insecure coding practices, insufficient input validation, and improper handling of user data. It is essential for web developers and organizations to be aware of these vulnerabilities and implement security measures to mitigate them. 1. SQL Injection (SQLi) SQL injection occurs when attackers insert malicious SQL code into input fields or URLs to manipulate or extract data from a website's database. This can lead to unauthorized access, data theft, and potential data loss. Let’s consider a simple web application that allows users to search for products by providing a product name in a search box. The application uses SQL to fetch products from the database based on the user’s input.
