WK4-Cybersecurity Management PDF

Summary

This document is about cybersecurity management. It includes learning objectives, content, and details on cybersecurity and computer crime. It also provides information on how to prevent malware and dealing with deepfakes and other various cyberattacks.

Full Transcript

Cybersecurity
Management
Al Powered Crime
96641007 DIGITAL CITIZEN
 Learning Objectives

1. Students can compare and comment on cybersecurity management.
2. Students can discuss cybersecurity management using reasoning.
3. Students can solve problems and organize cybersecurity
management work systems.

1
 Content

1. Cybersecurity Management
2. Cyber Crime
3. AI Powered Crime

2
 CYBERSECURITY

Cybersecurity

The use of technology and processes to
prevent and respond to attacks that may occur
on devices, networks, information infrastructure,
systems, or programs to prevent unauthorized
access and reduce damage.

3
 CYBERSECURITY

CIA Triad
C : Confidentiality

I : Integrity A : Availability

The basics of cybersecurity best practices CIA Triad.
4
 CYBER CRIME

CYBER CRIME

Computer crime or cybercrime
is a threat that causes
damage by technological or
electronic means to destroy,
alter, or steal data, etc.

5
 CYBER CRIME

Crime Triangle 6
 CYBER CRIME

FINANCE SEXUAL

HACKING

Cyber Crime Investigation Bureau | www.ccib.go.th 7
Peer-to-Peer
Money Transfer
Criminal

Victim
A mule account
Coin Trader 9
Cyber Crime Investigation Bureau | www.ccib.go.th
 Agent of
Phone carrier
Phone carrier Prepaid SIM from
Thailand

Victim SOCIAL MEDIA INTERNET Criminal

Criminal Neighbouring
countries bordering
Mobile Bank Thailand
Banking A mule
account
Cyber Crime Investigation Bureau | www.ccib.go.th 8
 CYBER ATTACK

CYBER ATTACK

10
 CYBER ATTACK

Malware = “Malicious” + “Software“
It will disrupt operations, steal sensitive information, or grant unauthorized access to systems.

Virus
It attaches itself to legitimate files or Worms Trojans
Users are tricked into downloading
programs and spreads to other files or It will spread without user action,
and installing it, leading to
programs when executed. It requires user exploiting vulnerabilities in
unauthorized access or damage.
interaction to activate and propagate. software or networks
11
 CYBER ATTACK

Malware

Ransomware Maze
It encrypts a user’s data and Ransomware
demands payment (ransom) for
the decryption key

12
 CYBER ATTACK

Botnets Denial of Service (DOS) Password Attack Drive-by Attack
Distributed Denial of
Service (DDOS)

https://www.aura.com/learn/types-of-cyber-attacks#8.-Password-attacks
https://www.scb.co.th/th/personal-banking/fraud-fighter/update-fraud/top-10-cyber-attack.html 13
 CYBER ATTACK

How to prevent Malware
Regularly back up data so that important data can be recovered.
Always update programs and operating systems to close
vulnerabilities.
Install Antivirus and Anti-malware programs and always update
Signature.
Carefully check attachments or links in emails, such as checking
various headers.
Follow news about cyberattacks to stay informed.

12
 CYBER ATTACK

Phishing Shoulder Surfing Dumpster Diving

Social Engineering
It is a form of manipulation that exploits human psychology to trick
individuals into divulging confidential information, granting unauthorized
access, or performing actions that compromise security.
Domain Name System Fraud
(DNS) Spoofing
14
 CYBER ATTACK

Man-in-the-Middle Zero-day Internet of Things
(MitM) Attack Exploit & Attack (IoT)

15
 CYBER ATTACK

Insider threat Data breach Crypto-Jacking

16
 CYBER ATTACK

Web application attacks
Attacking a website by hacking or modifying a website with vulnerabilities.
When a victim enters that website, they will be taken to a target website
containing Malware to infect the victim's computer with additional Malware.
Most hacked websites are often CMS (Content Management System) websites.

17
 CYBER ATTACK

Web application attacks
A method of attacking a target website by exploiting various vulnerabilities such as
website code, web server, or database server.

SQL Injection Path Traversal

Cross-site Scripting (XSS)
18
 AI POWERED CRIME

AI-powered Crime
1. Creating fake images or clips of other people (AI
Deepfakes) for fraud.
2. Imitating the voices of celebrities or acquaintances (AI
Voice Covers) from voice samples for fraud.
3. Creating fake obscene clips (AI Deepfakes) to defame or
exploit others.
4. Creating fake news (Fake News) that looks credible,
causing panic or misunderstanding.

https://www.antifakenewscenter.com 19
 AI POWERED CRIME
AI Deepfakes
Creating fake images of other people
Deepfake comes from the words
Deep Learning combined with the word
Fake, meaning a technique for falsifying
data with AI through data processing,
physical movement, facial features, or even
sound, making it possible to create fake
images and sounds so realistic that they
are almost indistinguishable. https://www.timeforkids.com/g56/fakeout-2/

https://techsauce.co/tech-and-biz/how-to-counteract-deepfake
20
 AI POWERED CRIME

Deepfakes
What Deepfakes can do?
▪ Create fake videos or images
▪ Change faces
▪ Invasion of privacy
▪ Creating fake information

21
 AI POWERED CRIME

How to spot and deal with Deepfakes
to avoid being fooled?
Think before posting or sharing information, as it
may be false information. Also, when encountering
communities that develop or create Deepfakes to cause
social unrest, report or notify the relevant authorities
immediately.

22
 AI POWERED CRIME
AI Voice Covers
Imitating the voices of celebrities or acquaintances
How to check AI Scam Calls
1. The voice sounds like someone you know, but they use a
strange number or claim to have opened a new number.
2. Talk about money and ask to borrow money.
3. Ask for in-depth information to verify identity or claim to
contact back to open a channel to check with other
sources.

Reference: Ministry of Digital Economy and Society 23
 AI POWERED CRIME
AI Voice Covers
Imitating the voices of celebrities or acquaintances
Prevention methods
1. Call back to ask the person on the other end with the
original number before transferring money. Do not use the
new number or LINE received.
2. Do not transfer money if the name of the person
requesting the money does not match the bank account
name.
3. If you become a victim, report it immediately.

Reference: Ministry of Digital Economy and Society 23
 Offense:
Using AI to create
pornographic content
by using someone
else's face
ที่มา: https://www.nationtv.tv/news/social/378939182 24
 AI POWERED CRIME

Observe physical characteristics
Blinking: Blinking too much, too fast, or not blinking at all is a
point to notice because imitating real eye movement is still
Deepfakes difficult.
Mouth and teeth characteristics: Noticeable when the mouth
How to spot them? moves out of sync with speech, slower than the sound, unnatural
lip movement, no clear teeth characteristics.
Facial movements: Deepfakes often have problems with abnormal
facial structures, such as the face turning in one direction but the
nose not moving along. In addition, it may be observed that a face
that lacks emotion, is not consistent with the content being
spoken.
https://techsauce.co/tech-and-biz/how-to-counteract-deepfake 25
 AI POWERED CRIME

Observe other characteristics
Video clarity: Noticeable blurring only in certain spots, such as
between the face and neck or between the neck and torso, will
Deepfakes help to notice the unevenness of the video.
Abnormal sound: Deepfake creators don't pay as much attention
How to spot them? to inserting sound as they do to make the video smooth. Therefore,
it can be noticed from the sound that is inconsistent with the
speech, robotic sound, or abnormal pronunciation of some words.
Context and source: Consider the source and context of the
video, whether it is consistent with known information, and
whether it comes from a reliable source or an unknown entity.

https://techsauce.co/tech-and-biz/how-to-counteract-deepfake 25
 Recommendations for cybersecurity

Do not set simple passwords Pay attention to privacy settings Be aware of digital footprints

Install security software Install device tracking tools
Always back up data
on all digital devices or lock screens
27
 Recommendations for cybersecurity

Be careful when using Bluetooth Always update the operating system Be careful when using Wi-Fi.

Delete data or programs
Beware of phishing scams Use social media carefully
that are no longer in use

28
 Awareness Campaign:
How the New Gen Children
handle it safely?
29
 ACTIVITY
Awareness Campaign: How the New Gen Children handle it safely?
1. Divide into groups of 5-7 people
2. Have students discuss within their groups the topic "How the New Gen
Children handle it safely?"
1) How do students cope with scammers in all 3 case studies (next page)?
2) What other benefits do students think scammers are hoping for besides
property and money in all 3 case studies?
3) How would students warn their relatives about these 3 case studies?
3. Students present their group's work for 3-5 minutes each.

30
 ACTIVITY
Awareness Campaign: How the New Gen Children handle it safely?

Case 1 Impersonation and building trust: Scammers impersonate trustworthy
individuals, such as bank employees or government officials, to persuade users to
disclose personal information.
Case 2 Creating emergencies and using pressure: Scammers create urgent situations,
such as notifying that an account has been suspended or a computer is infected with
a virus, to persuade users to click on links or download files.
Case 3 Using emotional appeals and psychological tactics: Scammers use emotional
appeals, such as creating sympathy or fear, to persuade users to do what they want.

31
96641007 DIGITAL CITIZEN

CONCLUSION