Cybersecurity Awareness Learner's Guide PDF

Summary

A learner's guide on cybersecurity and cyber crimes. It covers introduction to cyber security and basic terminology, common cyber security threats, and cyber criminals. The guide explores the Internet, routers, IP and MAC addresses, and servers. The cybersecurity awareness program (SF) is for learners.

Full Transcript

NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

SECTION 2:

INTRODUCTION TO CYBER SECURITY AND CYBER
CRIMES

In this section, you will learn the following:

Introduction to Cyber Security and Basic Terminology

Common Cyber Security Threats

Cyber Criminals

Famous Attacks

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 36 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

INTRODUCTION TO CYBER SECURITY AND BASIC
TERMINOLOGY

Before diving into the dark world of cyber criminals and their
malicious attack methods, it is first important to go over some
basic terms related to computer networks and the cyber space.

The Internet

Most of our daily actions are performed 'online' or through the
Internet – working, communicating with friends and family,
entertainment and services, but what is the Internet?

The internet is not a place or a space, but a set of connection
between devices – computers, mobile phones, servers and
other physical devices we will learn about soon. This set of
connections is called a 'network'.

Think of the internet as a massive set of highways where
information can travel from one device to another.

ISP

A connection to the internet is needed before any type of data
can be sent or received through it. The entity that establishes
connections is called an ISP – internet service provider, such
as Singtel or Starhub.

But how does the ISP know where to send the picture to?

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 37 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

Router Notes

The router is one of the most important devices in a network –
it directs traffic to the right place. So, when you send a
message through the network (e.g. – an email or a picture), it
does not go directly to your recipient’s computer, but first is
'routed' the right way by router.

However, the problem from before still stands, because the
router does not know what computer or email address belongs
to your recipient. How do devices identify themselves online?

IP and MAC Address

Each device in a computer network has a ‘name’. These
‘names’ are mostly comprised of numbers. These names are
used to identify the computers in cyberspace (another way to
say the internet).

There are two main ways to identify a device in a network – IP
address and MAC address. Each one has a different use and
name format.

IP stands for internet protocol, and it is the main way to
communicate with a device online.

The IP number is comprised of 4 sets of numbers between 0-
255.

Whenever a computer connects to a new network through the
router, it receives a new IP address, that's how the router
knows which computer has which set of numbers.

MAC stands for media access control, and it is a unique
identifier for a device. A MAC address is comprised of 12 digits
which can be either a number from 0-9 or a letter from A-F.

The MAC address is given to the device by it's manufacturer.

IP addresses are used for trafficking information between
networks while MAC addresses are used Inside a local
network (LAN).

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 38 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

With the IP address we can understand how your device
identifies itself to the router, and how the router knows what
device to send the picture to.

But think of this, you probably never typed an IP address, you
usually type in a website, or a name. How do the things you
send reach the right place?

Servers

When we use the internet most of us only see it from the
perspective of our own personal devices. However, much of
the traffic happens between personal devices and servers.

Servers are computer programs and not a type of hardware.

Servers, like their name implies, provide essential services to
other programs, commonly known as client programs. For
instance, a service can be a web site

Servers can run on computers along with client programs or
special machines. Computers that run servers are often
referred to as servers; thus, the confusion...

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 39 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

DNS Servers

DNS stands for “Domain Name System”. A DNS is a server
that translates domain names to IP addresses. A router
doesn’t know what www.google.com means, but it does know
how to reach 74.125.127.99 (type this in the search bar, see
what happens). The DNS server does the translation from
what we type, to an IP address.

WLAN

WLAN stands for of Wireless Local Area Network. A WLAN is
a wireless computer network that links two or more devices
using a wireless medium for communication. Basically, a
WLAN serves the same purpose as a normal wired computer
network (LAN), such as data sharing and Internet connections,
but its wireless.

WiFi

Most of the modern WLANs are based on the IEEE 802.11
protocol, commonly known as WiFi. WiFi allows electronic
devices to connect to a WLAN within a range of up to 20
meters.

WiFi networks are distinguished by many parameters, but one
of the most important parameters is the network’s SSID, which
is basically the network’s name as shown to other devices.

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 40 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

Common Cyber Security Threats

Cyber Crimes

Cyber-crimes are a real, substantial threat and are no different from theft or
robbery. The only difference is that cybercrimes involve a computer and/or a
computer network.

If we are aware of the threats we can take steps to protect ourselves from
these attacks in the same manner that we take precautions when locking and
securing our homes or securing our cars to prevent theft.

So who is threatened by cyber-crime? Actually, we all are.
Computers have gradually taken over every aspect of our life. Financial
systems, public services, and national infrastructures use computers.

The motives behind cyber-crimes vary: profit, commercial espionage and
politics. Today there is even cyber-terrorism with the main purpose of causing
alarm and panic.

Cyber Crimes – Main Players

Cyber-crime, also called computer crime, is any illegal activity that involves a
computer or network-connected device such as a mobile phone.

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 41 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

Subcategories of cyber-crime include the following:
Fraud and financial crimes
Cyber terrorism
Hacktivism
Cyber extortion
Cyber warfare
Crimes that target computers
Crimes that use computers as tools to target an individual
Countries conducting cyber intrusions

Cyber criminals can be either an individual or an organized group that commits
offenses involving computers and computer networks.

Cyber criminals usually get a direct benefit from committing an offense, mainly
financial.

Other motives for committing cyber-crimes might be the desire to harm
someone’s reputation or even their actual assets, revenge, and, sometimes,
even boredom.

Cyber Crimes – Unique Characteristics

Financial profit is a major motivation for cyber-criminals, and these crimes are
relatively easy to execute and harder to trace.

A cyber-crime is ‘safer’ than robbing a bank.

Sometimes they are executed from a foreign country, adding legal complexity.

Many hacking tools and methods are available online, and not all of them
require an advanced programming experience.

Even if the first attacks fails - there are millions of other targets that can be
attacked - eventually the attack will succeed.

What do Cyber Criminals Want?

Data sets: medical records, credit card listings, etc.
Information: private/ legal information, business plans and secrets,
classified military information, etc.
Credentials: user names and passwords, IP addresses, bank accounts,
etc.

These can later be used to extort, shame and blackmail for profit.

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 42 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

Cyber Crime Examples

A common and easy way to steal your money is by pretending to be someone
in financial difficulties.

A good example is the Nigerian scam in which the scammer presents himself
to be a person in need and asks you to transfer cash into his account to help
him out of trouble. You take pity…and follow through.

Ransom is another common way to get others money. There are two main
ways to do it.

The first involves installing a computer program that blocks access to all your
data – a Ransomware, the only way to open it is with a encryption key, which
costs a lot of money.

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 43 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

Another way is online shaming - collecting sensitive information and then
blackmailing by threatening to publish the information. A relevant example of
this was the Ashley Madison breach which occurred in 2015.

Identity theft is another way to extract money.
Hackers assume a fake identity to convince others they are a legitimate entity.
This could mean using someone's bank account details to withdraw money or
to issue credit.

Another form, called Phishing, is when a criminal masquerades as a legitimate
business, such as PayPal, so that you log in by inserting a password and
username. Instead of logging in, you send them your details.

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 44 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

FAMOUS ATTACKS

Famous Data Breaches - 533 million Facebook users' phone numbers and
personal data have been leaked online (2021)
A user in a low-level hacking forum published the phone numbers and personal
data of hundreds of millions of Facebook users for free. The exposed data
includes the personal information of over 533 million Facebook users from 106
countries, including over 32 million records on users in the US, 11 million on
users in the UK, and 6 million on users in India. It includes their phone
numbers, Facebook IDs, full names, locations, birthdates, bios, and, in some
cases, email addresses.

https://www.businessinsider.com/stolen-data-of-533-million-facebook-users-
leaked-online-2021-4
https://youtu.be/-aTVZsUDdZM

Famous Data Breaches - Massive data leak exposes 700 million LinkedIn
users’ information (2021)
Personal data for 700 million LinkedIn users—nearly 93% of the company’s
members—has been put up for sale online with recent samples from 2020 and
2021.

The data examined by the site did not include login credentials or financial
information, but it did include a wealth of personal information that could be
used to assume someone’s identity, including:
Full names
Phone numbers
Physical addresses
Email addresses
Geolocation records
LinkedIn usernames and profile URLs
Personal and professional experiences and backgrounds
Genders
Other social media accounts and usernames

https://fortune.com/2021/06/30/linkedin-data-theft-700-million-users-personal-
information-cybersecurity/

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 45 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

Famous Data Breaches - Chinese start-up leaked 400GB of scraped data
exposing 200+ million Facebook, Instagram and LinkedIn users (2021)
High-flying and rapidly growing Chinese social media management company
Socialarks has suffered a huge data leak leading to the exposure of over
400GB of personal data including several high-profile celebrities and social
media influencers. The company’s unsecured ElasticSearch database
contained personally identifiable information (PII) from at least 214 million
social media users from around the world, using both populist consumer
platforms such as Facebook and Instagram, as well as professional networks
such as LinkedIn.
Data exposed includes
Full name
Phone numbers
Email addresses
Profile link
Username
Profile picture
Profile description
Average comment count
Number of followers and following count
Country of location
Specific locality in some cases
Frequently used hashtags

Across Instagram, Facebook and LinkedIn.

https://www.safetydetectives.com/blog/socialarks-leak-report/

Famous Data Breaches - Twitch Data Breach exposes 7 million users
(2021)
Twitch, an Amazon-owned company, suffered a breach of almost its entire
code base. The exact impact of the incidents hasn’t been confirmed, but given
its depth of compromise, it has the potential of impacting all of Twitch’s users.
125GB of sensitive data was posted via a torrent link on the anonymous forum
4chan.
The sensitive data leaks include:

The entirety of Twitch’s source code.
Three years of payout reports for creators (including high-profile
creators.
Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 46 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

All of Twitch’s properties (including IGDB and CurseForge).
Code related to proprietary SDKs and internal AWS services used by
Twitch.
The identity of an unreleased steam competitor from Amazon Game
Studios - “Vapor”
Twitch’s internal ‘red teaming tools’, used by internal security teams for
cyberattack training exercises.

https://www.upguard.com/blog/biggest-data-breaches
https://www.cpomagazine.com/cyber-security/twitch-data-breach-exposes-
everything-source-code-confidential-company-information-and-user-payouts-
hacker-promises-more-is-on-the-way/

Indicators of Attack vs. Indicators of Compromise

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 47 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

What is an Indicator of Compromise (IOC)?

An IOC is described as evidence on a computer that indicates that the security
of the network has been breached. Investigators usually gather this data after
being informed of a suspicious incident, on a scheduled basis, or after the
discovery of unusual call-outs from the network. Ideally, this information is
gathered to create “smarter” tools that can detect and quarantine suspicious
files in the future.

What is an Indicator of Attack (IOA)?
Unlike Indicators of Compromise (IOCs) used by legacy endpoint detection
solutions, indicators of attack (IOA) focus on detecting the intent of what an
attacker is trying to accomplish, regardless of the malware or exploit used in an
attack. Just like AV signatures, an IOC-based detection approach cannot
detect the increasing threats from malware-free intrusions and zero-day
exploits. As a result, next-generation security solutions are moving to an IOA-
based approach.

Indicator of Attack – example
An IOA represents a series of actions that an adversary must conduct to
succeed.

The series of actions are:

Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command Control
Lateral movement

A successful phishing email must persuade the target to click on a link or open
a document that will infect the machine. Once compromised, the attacker will
silently execute another process, hide in memory or on disk and maintain
Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 48 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

persistence across reboots of the system. The next step is to make contact
with a command and control site, informing his handlers that he awaits further
instructions.

IOAs are concerned with the execution of these steps, the intent of the
adversary and the outcomes he is trying to achieve. IOA’s are not focused on
the specific tools he uses to accomplish his objectives.

By monitoring these execution points, gathering the indicators and consuming
them via a Stateful Execution Inspection Engine, we can determine how an
actor successfully gains access to the network and we can infer intent. No
advance knowledge of the tools or malware (aka: Indicators of Compromise) is
required.

Comparing an IOA to an IOC

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 49 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

INTRODUCTION TO CYBER SECURITY AND CYBER CRIMES QUIZ

Answer the following questions:

1. You found a router outside your house. There is no tag or label on it. You
would like to know what type of router it is and what brand produced it in order
to understand its value. What can help you to identify the brand?
A. The router’s IP address
B. The router’s MAC address
C. The DNS
D. None of the above

2. Which of the following statements about DNS is correct?
A. DNS is a very large server with high capacity.
B. DNS is a protocol that translates a website name or a URL to an IP
address.
C. DNS is an address that is uniquely dedicated to a certain network device
which specifically identifies it.
D. DNS is an IP address that is assigned to your traffic every time you try to
communicate with users from other networks via the internet.

3. What is the main and most essential function of routers?
A. Providing advanced security features
B. Forwarding data between end-devices
C. Creating WLANs
D. Forwarding data between computer networks

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 50 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

4. Is WLAN a synonym for WiFi?
A. No, a WLAN is a LAN with no wired connection, while a WiFi is a certain
protocol or technology used to establish a WLAN.
B. Yes, they both represent a Local Area Network with a wired connection.
C. No, a WiFi is a LAN with no wired connection, while a WLAN is a certain
protocol or technology used to establish a Local Area Network with no
wired connections.
D. Yes, they both represent a protocol used to establish a certain type of
Local Area Network.

5. What are the differences between IP and MAC?
A. MAC is necessary for directing messages inside the network, whereas the
IP address is needed for directing messages between networks.
B. An IP address contains 4 numbers between 0-255, while a MAC address
contains only 12 digits.
C. A computer can have only one MAC address, but it can have several
different IP addresses.
D. All of the above.

6. Identity theft
A. Is the tool for conducting money theft.
B. Is done by using ransomware.
C. Is necessary to conduct fraud.
D. Has many possible motives, including money theft.

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 51 of 126
LHUB_ver1.1