BSINFO ITEP 310 SLM2 2024-2025 PDF
Document Details
Uploaded by Deleted User
Laguna State Polytechnic University
2025
Tags
Summary
This self-paced learning module (SLM) for ITEP 310 at Laguna State Polytechnic University covers social and professional issues, focusing on cyberattacks, cybercrime, legal perspectives, privacy, and data protection, including freedom of expression.
Full Transcript
Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited...
Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited LSPU Self-Paced Learning Module (SLM) ITEP 310 - SOCIAL AND PROFESSIONAL ISSUES Course ITEP 310 – SOCIAL AND PROFESSIONAL ISSUES Sem/AY First Semester/2024-2025 Module No. 2 Lesson Title CYBERATTACKS, CYBERCRIME, LEGAL PERSPECTIVES, PRIVACY AND DATA PROTECTION Week 6-9 Duration Description This topic discusses different cyberattacks and cybersecurity, legal perspectives, privacy of the and data protection. This topic also explains the basic concepts of freedom of expression. Lesson This lesson will also provide activities and exercises that will practice the students’ competence in understanding freedom of expression. Learning Outcomes Intended Students should be able to meet the following intended learning outcomes: Learning Prepared to navigate the intricate web of cybersecurity challenges while Outcomes considering legal, ethical, and societal implications. Understand the legislative and regulatory obligations and standards as they relate to IT environments in organizations, including freedom of speech and intellectual property, and an appreciation of their impact on the work of the IT professional. Learn the basis for the protection of freedom of expression, types of expressions, laws under online freedom of expression and how they impact organization and importance of freedom of expression issues to the use of IT. Targets/ At the end of the lesson, students should be able to: Objectives Learn about different types of technology related crime and cyber attacks Learn about the different types of cybercriminals and the prominent reasons perpetrators commit cybercrimes Learn about the best practices for prevention and detection against cybercrimes. Learn about the concept of privacy policies and principles. Learn about the concept of data protection and the concept of CI or Confidentiality, Integrity, and Availability triad. 1 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited Learn about the adequacy of current privacy laws and data protection plans and strategies of an individual or company adopts in social networking sites, internet of things, health care and in general. Understand what is freedom of expression. Identify different issues in freedom of expression. Student Learning Strategies CYBERATTACKS AND CYBERCRIME What is Cyber Attack? A cyberattack is any intentional effort to steal, expose, alter, disable, or destroy data, applications or other assets through unauthorized access to a network, computer system or digital device. A cyber-attack happens when cybercriminals try to gain illegal access to electronic data stored on a computer or a network. The intent might be to inflict reputational damage or harm to a business or person, or theft of valuable data. Cyber-attacks can target individuals, groups, organizations, or governments. Types of Cybercrime Crime has evolved with the advancements of the internet and social media. The parallel between technology and the types of crimes that are committed is astonishing. As technology became more readily available to the masses, Lecture Guide the types of crimes committed shifted over time. A clear distinction has been formed based on the involvement of cybertechnology in crime. Crimes that would not exist or be possible without the existence of cybertechnology are true Cybercrimes. To be most accurate, these crimes can be classified as cyber-specific crimes. Crimes that can be committed that do not necessarily need cybertechnology to be possible, but are made easier by its existence, are known as cyber-related crimes. Of Cyber-related crimes, there are two distinct categories that can be identified. The first are Cyber-assisted crimes. These are crimes in which cybertechnology is simply used to aid a crime, such as committing tax fraud or being assaulted with a computer. The other category is known as Cyber exacerbated crimes, which are crimes that have increased significantly due to cybertechnology. Cyber-assisted Crimes Cyber-assisted crimes are the most basic crimes that can be committed with the use of cybertechnology. Put simply, these are essentially normal crimes 2 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited that have occurred throughout time on a regular basis. The only difference is that cybertechnology has played some small part in the crime. Property damage, for example, is one kind of cyber-assisted crime. If someone destroys your computer or cell-phone, it constitutes as property damage but can also be classified as a cyber-assisted crime. Similarly, if you are assaulted with a phone, printer computer or other device, the attack constitutes as assault but can also be classified as a Cyber- assisted crime. The most common type of cyber-assisted crime that you will see is fraud. Fraud typically is a crime that does not require much thought to actually commit. As a crime, it has always been relatively easy to commit. With the use of cybertechnology, it only becomes much easier to actually carry out from start to finish. Cyberexacerbated Crimes Cyberexacerbated crimes are a type of cyber-related crime, but they are much worse than cyber-assisted crimes. These crimes have increased significantly due to cybertechnology. Most crimes have evolved to maintain their own categories due to the sheer volume of crimes and their slight uniqueness due to their ease with the use of cybertechnology. Cyberbullying is defined as the “intentional and repeated harm inflicted on people through the use of computers, cellular telephones, and other electronic devices.” Previously something that happened offline only, cyberbullying is a huge crime that leads to victims suffering from low self- esteem, depression, and sometimes even driving them to commit suicide. With the use of the internet, it is possible for people to receive thousands of hateful comments from individuals at a single time. Cyberstalking is exactly what one would think, except occurring in a digital space. Cybertechnology allows for criminals to keep tabs on people, watching all of their online activity and making it very uncomfortable for victims to even want to utilize things such as their own personal social media. Perhaps the most disconcerting thing is that the perpetrator can always be online. Internet pedophilia and pornography are some of the more disturbing cyberexacerbated crimes. Due to the ability for communities of like-minded individuals to be easily formed online, pedophiles are able to form online communities and facilitate the creation and dissemination of child pornography. 3 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited Cyberspecific Crimes Cyberspecific crimes don’t exist without the internet as we know it. Because of that, these are the most unique cybercrimes and could be considered as the only “true” cybercrimes. Cybertrespassing is one of these crimes. At its core, cybertrespassing takes its roots from actual trespassing. Essentially, perpetrators gain access to stores of information that they otherwise should not have access to because of the lack of permissions. The reason why this is so dangerous is because it opens the door for cybertrespassing to easily become a data breach if information is taken. Cybervandalism is another form cyberspecific crime. Taking its roots from actual vandalism, cybervandalism began harmlessly with the defacing of websites on the internet. While annoying, it didn’t necessarily present any damage. It wasn’t until cyberattacks with the intent of harming computers were created that cybervandalism became a huge issue. Types of Cyber Attacks Viruses are pieces of computer programming code that causes a computer to behave in an undesirable way. Viruses can be attached to files or stored in the computer’s memory. Viruses may be programmed to different things such when they are downloaded or activated by a specific action for example viruses attached to file will infect that computer and any file created or modified on that machine. Viruses may also have programmed to display a message when certain activities are performed to execute the virus. Worms like viruses bury themselves in the memory of a machine and then duplicates itself with help from any help. It can send itself through emails and other connections. Phishing is when hackers try to obtain financial or other confidential information from Internet users, typically by sending an e-mail that looks as if it is from a legitimate organization, usually a financial institution, but contains a link to a fake Web site that replicates the real one. These con-artists urge the recipient of such emails to take action for rewards or avoid consequences. Hackers may use a backdoor within a computer system that is vulnerable, this allows them to remain undetected while they access important information. Key-logger programs allow attackers to view information that has been logged into a particular machine undetected. Botnets are a collection of computers that could be spread around the world they are connected to the internet; they are controlled by one single computer. 4 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited Malware Malware is a term denoted for malicious software that spreads from computers and interferes with computer operations. Malware may be destructive, for example, deleting files or causing system ‘crashes’, but may also be used to steal personal data. Below is an outline of the most common forms of malware. Viruses Viruses are a standout amongst the most surely understood sorts of malware. A computer virus is like a flu virus designed to spread from host to host by replicating itself. They require a host, (for example, a document, file or spreadsheet) in a computer to go about as a 'carrier', yet they can't contaminate a computer without human activity to run or open the tainted record. In more technical term, a computer virus is a malicious code programmed to alter the way the computer operates and designed to spread form one system to another. A virus operates by inserting or attaching itself to a legitimate program or document that supports macros in orders to execute the code. In this process, virus can cause damaging effects and cripple the host entirely after it made copies of itself. Once a virus has successfully attached to a program, file, or document, the virus will lie dormant until circumstances cause the computer or device to execute its code. For a virus to infect your computer, you have to run the infected program, which in turn causes the virus code to be executed. This means that a virus can remain dormant on your computer, without showing major signs or symptoms. However, once the virus infects your computer, the virus can infect other computers on the same network. Stealing passwords or data, logging keystrokes, corrupting files, spamming your email contacts, and even taking over your machine are just some of the devastating and irritating things a virus can do. Worms Worms are also self-replicating programs, yet they can spread independently, inside and between computers, without requiring a host or any human activity. The effect of worms can therefore be more extreme than viruses, creating destruction across entire networks. Worms can also be utilized to drop trojans into the network. Before the widespread use of networks, computer worms were spread through infected storage media, such as floppy diskettes. When mounted on a system, these floppies would infect other storage devices connected to the victim system. USB drives are still a common vector for computer worms. Computer worms often rely on the actions of, and vulnerabilities in, networking protocols to propagate. For example, the WannaCry ransomware worm 5 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited exploited a vulnerability in the first version of the Server Message Block (SMBv1) resource sharing protocol implemented in the Windows operating system. Once active on a newly infected computer, the WannaCry malware initiates a network search for new potential victims: systems that respond to SMBv1 requests made by the worm. The worm can continue to propagate within an organization in this way. When a bring your own device is infected, the worm can spread to other networks. Difference between Worms and Viruses: As defined in the "Security of the Internet" report, released in 1996 by the CERT Division of the Software Engineering Institute at Carnegie Mellon University, Computer Worms "are self- replicating programs that spread with no human intervention after they are started." In contrast, "Viruses are also self-replicating programs, but usually, require some action on the part of the user to spread inadvertently to other programs or systems." After a computer worm loads and begins running on a newly infected system, it will typically follow its prime directive: to remain active on an infected system for as long as possible and to spread to as many other vulnerable systems as possible. Trojans Trojans are a type of malware that gives off an impression of being genuine projects yet encourage illicit access to a computer. They can perform capacities, for example, taking information, without the client's learning and may trap clients by undertaking a normal errand while really undertaking covered up, unapproved activities. Unlike a computer virus, a Trojan horse is not able to replicate itself, nor can it propagate without an end user's assistance. This is why attackers must use social engineering tactics to trick the end user into executing the Trojan. Typically, the malware programming is hidden in an innocent- looking email attachment or free download. When the user clicks on the email attachment or downloads the free program, the malware that is hidden inside is transferred to the user's computing device. Once inside, the malicious code can execute whatever task the attacker designed it to carry out. The term Trojan horse stems from Greek mythology. According to legend, the Greeks built a large wooden horse that the people of Troy pulled into the city. During the night, soldiers who had been hiding inside the horse emerged, opened the city's gates to let their fellow soldiers in and overran the city. Here is one example of how a Trojan horse might be used to infect a personal computer, the victim receives an official-looking email with an attachment. The attachment contains malicious code that is executed as soon as the victim clicks on the attachment. Because nothing bad happens and the computer continues to work as expected, the victim does not suspect that the attachment is a Trojan horse 6 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited and his computing device is now infected. The malicious code resides undetected until a specific date or until the victim carries out a specific action, such as visiting a banking website. At that time, the trigger activates the malicious code and carries out its intended action. Depending upon how the Trojan has been created, it may delete itself after it has carried out its intended function, it may return to a dormant state or it may continue to be active. Some notable trojans 1. Netbus – 1998 (published) 2. Sub7 by Mobman – 1999 (published) 3. Back Orifice – 1998 (published) 4. Y3K Remote Administration Tool by E&K Tselentis – 2000 (published) 5. Beast – 2002 (published) 6. Bifrost Trojan – 2004 (published) 7. DarkComet – 2008 (published) 8. Blackhole exploit kit – 2012 (published) 9. Gh0st RAT – 2009 (published) 10. MegaPanzer BundesTrojaner – 2009 (published) Spyware Spyware is programming that attacks clients' security by get-together touchy or individual data from tainted frameworks and observing the sites went by. This data may then be transmitted to outsiders. Spyware can now and again be covered up inside adware (free and here and there undesirable programming that obliges you to watch commercials keeping in mind the end goal to utilize it). One case of spyware is key-logging programming, which catches, and advances keystrokes made on a computer, empowering gathering of touchy information, for example, passwords or ledger points of interest. Another sort of spyware catches screenshots of the casualty's computer. Spyware is thought to be a standout amongst the most perilous types of malware as its goal is simply to attack protection. Adware Adware (short for advertising-supported software) is a type of malware that automatically delivers advertisements. Common examples of adware include pop-up ads on websites and advertisements that are displayed by software. Often times software and applications offer “free” versions that come bundled with adware. Most adware is sponsored or authored by advertisers and serves as a revenue generating tool. While some adware is solely designed to deliver advertisements, it is not uncommon for adware to come bundled with spyware 7 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited (see below) that is capable of tracking user activity and stealing information. Due to the added capabilities of spyware, adware/spyware bundles are significantly more dangerous than adware on its own. Rootkit A rootkit is a type of malicious software designed to remotely access or control a computer without being detected by users or security programs. Once a rootkit has been installed it is possible for the malicious party behind the rootkit to remotely execute files, access/steal information, modify system configurations, alter software (especially any security software that could detect the rootkit), install concealed malware, or control the computer as part of a botnet. Rootkit prevention, detection, and removal can be difficult due to their stealthy operation. Because a rootkit continually hides its presence, typical security products are not effective in detecting and removing rootkits. As a result, rootkit detection relies on manual methods such as monitoring computer behavior for irregular activity, signature scanning, and storage dump analysis. Organizations and users can protect themselves from rootkits by regularly patching vulnerabilities in software, applications, and operating systems, updating virus definitions, avoiding suspicious downloads, and performing static analysis scans. Phishing Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. There are various forms of phishing attacks on channels such as emails, social software, websites, portable storage devices and cell phones. There are several different ways of trying to drive users to a fake website: Types of phishing attacks Spam e-mail, a spoof email which will distract customers to look similar to a bank email, or from any financial institution. o Hostile profiling, a targeted version of the above method: the cybercriminal exploits web sites that use e-mail addresses for user registration or secret key reminders and directs the phishing trick at specific users (requesting that they affirm passwords, etc.). Introduce a Trojan that edits 8 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited the hosts file, so that when the casualty tries to browse to their bank’s web site, they are redirected to the fake site. ‘Spear phishing’, an attack on a specific organization in which the phisher simply asks for one employee’s details and uses them to gain wider access to the rest of the network. 'Whale Fishing' is a type of spear phishing where the target of the attack is someone with a high profile within a company or organization. These individuals are usually the CEO, CFO, COO, etc., because they will have sensitive information that once stolen, will be used for a malicious reason such as ransom. Traditional type of phishing attack is Not all phishing attacks work in the manner just described. The “rock-phish" gang3 has adapted its attack strategy to evade detection and maximize phishing site accessibility. It has separated out the elements of the attack while including redundancy in the face of take-down requests. The pack first purchases a number of area names with short, generally meaningless, names, for example, lof80.info. The email spam then contains a long URL, for example, http://www.bank.com.id123.lof80.info/vr where the main part of the URL is intended to make the site appear genuine and a mechanism, for example, `wildcard DNS‟ can be used to resolve every single such variation to a specific IP address. It then maps each of the space names to a dynamic pool of compromised machines as per a pack-controlled name server. Each compromised machine runs an intermediary system that relays requests to a backend server system. This server is loaded with a large number (up to 20 at a time) of fake bank websites, all of which are available from any of the stone phish machines. However, which bank site is reached depends solely upon the URLpath, after the main „/‟. (Because the group uses proxies, the real servers – that hold all the web pages and collate the stolen data – can be located anywhere.) 9 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited Password Attacks Password attacks are when an entity tries to gain access to any particular systems by cracking or guessing the user’s password. These attacks are very prominent since, weak and easily known terms can be guessed as well as methods such as brute force can be carried out as raw processing power is readily available from high power computers available in the market. This type of attack works without any type of malicious software or code to run on the user’s system. These attacks are typically run on the hacker’s computers utilizing specialized software, hardware (such as GPUs), and methodologies to crack the end user’s password in order to gain access to said accounts. Types of Password Attacks o Dictionary Attacks Dictionary attacks are primarily based in two methodologies: generally common passwords and user specific keywords. Generally common passwords are passwords which people tend to use commonly. Due to the fact that many people reuse passwords and use generally simple passwords, lists of plaintext passwords have accrued over the course of decades of leaks. These plaintext passwords can then be hashed (and perhaps salted first) and compared to a password hash which was generated with an unknown password. Due to the likelihood that one has utilized an existing, common password, comparing the hashes of common passwords with unknown hashes can be quite effective. Among the plaintext dictionaries of passwords on the internet, rockyou.txt is perhaps one of the most famous. It originates from when the social application site RockYou was hacked in 2009, when the hacker leaked 32 million user accounts. In the case of a hash not using a salt, one may use a dictionary of hashed passwords called a "rainbow table" in place of hashing common passwords themselves. This is much faster than dealing with plaintext dictionaries, but does not permit for any form of hybrid or combination attack. One may also use a plaintext wordlist which is made from targeted information about a victim such as their social security number, name, or date of birth. This information may be gathered from social engineering through phishing or vishing, open source intelligence techniques, or previous data breaches (including old plaintext passwords and personal details). 10 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited o Brute Force Attacks A brute force attack checks all of the permutations of a string of certain length, made of certain types of characters. Thus, these types of attacks require an enormous amount of time to complete as well as a lot of processing power. In addition to time and capability constraints, brute force attacks being done directly to a software system (such as brute forcing a website with hydra) are easily detectable and easy to mitigate. While uncomplicated passwords with a length of less than 8 are generally weak to brute force attacks, longer passwords become unmanageable, even for expensive password cracking rigs. Beyond this, it is uncommon to know exactly the length or characters that have gone into a password, so it is usually necessary to cycle through different password lengths. o Hybrid/Combinatorial Attacks One of the most effective forms of password cracking is a hybrid or combinatorial attack. It is referred to as such due to its approach of combining wordlists and reasonable brute forcing techniques together to create likely, targeted hashes. Rather than utilizing only brute force or a single wordlist, it is possible with many advanced password cracking utilities, such as HashCat, to apply complex sets of rules and combinations to given input in order to create a likely password output. For example, by knowing that users typically add numbers or special characters to the very end of a password, or replace certain letters with numbers (such as o with zero), it is possible to take a given wordlist and apply rules to it to create likely alternatives to known, popular passwords. On top of this, it is possible to combine wordlists together to create wordlists with multiple words in each entry, such as cool and dog becoming cooldog. An example of combining complex, realistic rulesets with a targeted wordlist in popular media is demonstrated in the very first episode of Mr Robot, when the main character cracks the password of another character in the show. It ends up with the password being "Dylan_2791", the name of the character's favorite artist and the year of the character's birth backwards. By adding capitalization, reversing, and special character placement to a strong wordlist, one can form a deadly attack, obvious from the 24 second crack time of the aforementioned password. 11 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited Denial-of-Service(DOS) Attacks A Denial-of-Service (DoS) attack inhibits the authorized users from accessing the system mostly by flooding the existing system with huge amounts of gibberish data/requests resulting in a blockage in the system. This attack overloads the system with an overwhelming quantity of data packets which is not anticipated by the server which results into a slowdown or a block. This may result in a slow internet connection which may hamper the authorized user to access critical data like emails or files over FTP, etc. This may cause huge losses in both time and money. Such attacks are rarely used to hack systems from authorized users but there have been cases where such DoS attacks were deployed to lock down the network and gain access to the vulnerable firewalls. These attacks are not easy to identify as they may be easily be confused with a slower internet connection, etc. and may persist in an environment for as long as months. Along with the regular DoS attacks, there is a different type of DoS attack called a Distributed Denial-ofService(DDoS). This attack is very similar to a regular DoS attack in the sense that even they act as a slowdown by throwing an overwhelming amount of data packets at the target. But, the basic distinction is that DDoS is much more efficient and dangerous since they operate from an entire affected network rather than from a single affected user. Hence, the DDoS is very difficult to dodge for any system since there is data coming in from multiple sources at the same time. Unlike other kinds of cyberattacks, DDoS assaults don't attempt to breach your security perimeter. Rather, they aim to make your website and servers unavailable to legitimate users. DDoS can also be used as a smokescreen for other malicious activities and to take down security appliances, breaching the target’s security perimeter. DDoS assaults often last for days, weeks, and even months at a time, making them extremely destructive to any online organization. Amongst other things, DDoS attacks can lead to loss of revenues, erode consumer trust, force businesses to spend fortunes in compensations, and cause long-term reputation damage. The differences between DoS and DDoS are substantive and worth noting. In a DoS attack, a perpetrator uses a single Internet connection to either exploit a software vulnerability or flood a target with fake requests—usually to exhaust server resources (e.g., RAM and CPU). On the other hand, distributed denial of service (DDoS) attacks are launched from multiple connected devices that are distributed across the Internet. These multi-person, multi-device barrages are generally harder to deflect, mostly due 12 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited to the sheer volume of devices involved. Unlike single-source DoS attacks, DDoS assaults tend to target the network infrastructure in an attempt to saturate it with huge volumes of traffic. DDoS attacks also differ in the manner of their execution. Broadly speaking, DoS attacks are launched using home-brewed scripts or DoS tools (e.g., Low Orbit Ion Canon), while DDoS attacks are launched from botnets — large clusters of connected devices (e.g., cell phones, PCs or routers) infected with malware that allows remote control by an attacker. DoS Attack Categories DoS attacks can be divided into two general categories: 1. Application layer attacks (a.k.a., layer 7 attacks) can be either DoS or DDoS threats that seek to overload a server by sending a large number of requests requiring resource-intensive handling and processing. Among other attack vectors, this category includes HTTP floods, slow attacks (e.g., Slowloris or RUDY) and DNS query flood attacks. Gaming website hit with a massive DNS flood, peaking at over 25 million packets per second The size of application- layer attacks is typically measured in requests per second (RPS), with no more than 50 to 100 RPS being required to cripple most mid-sized websites. 2. Network layer attacks (a.k.a., layer 3–4 attacks) are almost always DDoS assaults set up to clog the “pipelines” connecting your network. Attack vectors in this category include UDP flood, SYN flood, NTP amplification and amplification attacks, and more. Any of these can be used to prevent access to your servers, while also causing severe operational damages, such as account suspension and massive overage charges. DDoS attacks are almost always high- traffic events, commonly measured in gigabits per second (Gbps) or packets per second (PPS). The largest network layer assaults can exceed 200 Gbps; however, 20 to 40 Gbps are enough to completely shut down most network infrastructures. HTTP Attack What is an HTTP attack? HTTP flood attack is when an attacker overwhelms a server by sending in a huge number of requests to the target server. Once the server is saturated and unable to respond to any more requests, DoS will occur when a user sends in an additional request. 13 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited HTTP flood attack is the OSI model layer 7 attacks. That is the application layer and this layer deals with internet protocols like HTTP. HTTP is commonly used to load browser website, and it is nerve-breaking to mitigate application-layer attacks since it is difficult to differentiate between normal user traffic versus malicious traffic. To maximize the effect of this attack, attackers usually create bots to leverage their timing of sending in the request at the same time. This results in overloading the server. Working of HTTP Attacks There are two types of HTTP flood attacks: 1. HTTP GET attack - Multiple users or bots tend to send a tremendous amount of requests to access some form of an asset from the target server. The request could be regarding accessing images, files, music, reports, and many more. Denial-of-Service is successful when the target server is inundated with the incoming traffic and is unable to process any more requests. 2. 2. HTTP POST attack - Unlike the HTTP GET attack, the users send in forms in large quantities. The incoming forms are usually login or data forms that need to be pushed into a persistence layer. That persistence layer is usually a database where all the queries to run to process the data. That process is relatively intense compared to the bandwidth through which the forms are sent. This results in Denial-of-Services when the target website/server is unable to process any more forms. Mitigating HTTP Attacks HTTP attacks, as mentioned above, are dealt with in layer 7 of the OSI model. The application layer is complex and with that tremendous amount of traffic, it gets nerve-breaking to differentiate between normal users and the bots. Many attacks can be stopped by setting up JavaScript computational challenges such as captcha. These could be set up at login pages, sign- ups, and other kinds of forms too. Other way to mitigate HTTP attacks is to use a Web Application Firewall (WAF). WAF manages IP reputation and blocks the incoming malicious traffic on-the-fly. 14 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited Man in the Middle (MITM) A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway. The goal of an attack is to steal personal information, such as login credentials, account details and credit card numbers. Targets are typically the users of financial applications, SaaS businesses, e- commerce sites and other websites where logging in is required. Information obtained during an attack could be used for many purposes, including identity theft, unapproved fund transfers or an illicit password change. Additionally, it can be used to gain a foothold inside a secured perimeter during the infiltration stage of an advanced persistent attack (APT) assault. Broadly speaking, a MITM attack is an equivalent of a mailman opening your bank statement, writing down your account details and then resealing the envelope and delivering it to your door. Man in the Middle Attack Progression Successful MITM execution has two distinct phases: interception and decryption. Figure1. A Standard Man in the Middle Attack Interception The first step intercepts user traffic through the attacker’s network before it reaches its intended destination. The most common (and simplest) way of doing this is a passive attack in which an attacker makes free, malicious WiFi hotspots available to the public. Typically named in a way that corresponds to their location, they aren’t password protected. Once a victim connects to such a hotspot, the attacker gains full visibility to any online data 15 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited exchange. Attackers wishing to take a more active approach to interception may launch one of the following attacks: IP spoofing involves an attacker disguising himself as an application by altering packet headers in an IP address. As a result, users attempting to access a URL connected to the application are sent to the attacker’s website. ARP spoofing is the process of linking an attacker’s MAC address with the IP address of a legitimate user on a local area network using fake ARP messages. As a result, data sent by the user to the host IP address is instead transmitted to the attacker. DNS spoofing, also known as DNS cache poisoning, involves infiltrating a DNS server and altering a website’s address record. As a result, users attempting to access the site are sent by the altered DNS record to the attacker’s site. Eavesdropping attacks are when an attacker intercepts a victim’s network traffic as their sensitive data travels from the victim’s device to their intended destination. This is usually done through software that monitors the network traffic of the victim while they are connected to a weakly encrypted or unencrypted network like a public WI-FI hotspot. Decryption After the interception, any two-way SSL traffic needs to be decrypted without alerting the user or application. A number of methods exist to achieve this: HTTPS spoofing sends a phony certificate to the victim’s browser once the initial connection request to a secure site is made. It holds a digital thumbprint associated with the compromised application, which the browser verifies according to an existing list of trusted sites. The attacker is then able to access any data entered by the victim before it’s passed to the application. 16 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited SSL BEAST (browser exploit against SSL/TLS) targets a TLS version 1.0 vulnerability in SSL. Here, the victim’s computer is infected with malicious JavaScript that intercepts encrypted cookies sent by a web application. Then the app’s cipher block chaining (CBC) is compromised so as to decrypt its cookies and authentication tokens. SSL hijacking occurs when an attacker passes forged authentication keys to both the user and application during a TCP handshake. This sets up what appears to be a secure connection when, in fact, the man in the middle controls the entire session. SSL stripping downgrades a HTTPS connection to HTTP by intercepting the TLS authentication sent from the application to the user. The attacker sends an unencrypted version of the application's site to the user while maintaining the secured session with the application. Meanwhile, the user’s entire session is visible to the attacker. Man in the Middle Attack Prevention Blocking MITM attacks requires several practical steps on the part of users, as well as a combination of encryption and verification methods for applications. For users, this means: Avoiding WiFi connections that aren’t password protected. Paying attention to browser notifications reporting a website as being unsecured. Immediately logging out of a secure application when it’s not in use. Not using public networks (e.g., coffee shops, hotels) when conducting sensitive transactions. For website operators, secure communication protocols, including TLS and HTTPS, help mitigate spoofing attacks by robustly encrypting and authenticating transmitted data. Doing so prevents 17 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited the interception of site traffic and blocks the decryption of sensitive data, such as authentication tokens. It is considered best practice for applications to use SSL/TLS to secure every page of their site and not just the pages that require users to log in. Doing so helps decreases the chance of an attacker stealing session cookies from a user browsing on an unsecured section of a website while logged in.' Ransomware Ransomware is a type of malicious software from crypto virology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called crypto viral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. The earliest variants of ransomware were developed in the late 1980s, and payment was to be sent via snail mail. Today, ransomware authors order that payment be sent via cryptocurrency or credit card. There are several different ways that ransomware can infect your computer. One of the most common methods today is through malicious spam, or malspam, which is unsolicited email that is used to deliver malware. The email might include booby-trapped attachments, such as PDFs or Word documents. It might also contain links to malicious websites. Malspam uses social engineering in order to trick people into opening attachments or clicking on links by appearing as legitimate—whether that’s by seeming to be from a trusted institution or a friend. Cybercriminals use social engineering in other types of ransomware attacks, such as posing as the FBI in order to scare users into paying them a sum of money to unlock their files. Another popular infection method, which reached its peak in 2016, is Malvertising. Malvertising, or malicious advertising, is the use of online advertising to distribute malware with little to no user interaction required. While browsing the web, even legitimate sites, users can be directed to criminal servers without ever clicking on an ad. These servers catalog details about victim computers and their locations, and then select the malware best suited to deliver. Often, that malware is ransomware. 18 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited Types of Ransomware There are three main types of ransomware, ranging in severity from mildly off-putting to Cuban Missile Crisis dangerous. They are as follows: o Scareware Scareware, as it turns out, is not that scary. It includes rogue security software and tech support scams. You might receive a pop- up message claiming that malware was discovered and the only way to get rid of it is to pay up. If you do nothing, you’ll likely continue to be bombarded with pop-ups, but your files are essentially safe. A legitimate cybersecurity software program would not solicit customers in this way. If you don’t already have this company’s software on your computer, then they would not be monitoring you for ransomware infection. If you do have security software, you wouldn’t need to pay to have the infection removed—you’ve already paid for the software to do that very job. o Screen lockers Upgrade to terror alert orange for these guys. When lock-screen ransomware gets on your computer, it means you’re frozen out of your PC entirely. Upon starting up your computer, a full-size window will appear, often accompanied by an official-looking FBI or US Department of Justice seal saying illegal activity has been detected on your computer and you must pay a fine. However, the FBI would not freeze you out of your computer or demand payment for illegal activity. If they suspected you of piracy, child pornography, or other cybercrimes, they would go through the appropriate legal channels. o Encrypting ransomware This is the truly nasty stuff. These are the guys who snatch up your files and encrypt them, demanding payment in order to decrypt and redeliver. The reason why this type of ransomware is so dangerous is because once cybercriminals get ahold of your files, no security software or system restore can return them to you. Unless you pay the ransom—for the most part, they’re gone. And even if you do pay 19 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited up, there’s no guarantee the cybercriminals will give you those files back. Notable Example of Ransomware: 1. Reveton 2. CryptoLocker 3. Cryptowall 4. Fusob 5. WannaCry 6. Petya 7. Bad Rabbit Drive-by Downloads The term drive-by download gives us all the insights as to how a malware can infect the whole system when a user simply clicks on a website that runs the malicious code. There are various stages as to how this malware infects the system. The first stage is called the entry point as explained above. The second stage is called the distribution where some of the most trusted sites are compromised to redirect to the sites controlled by the hackers. The third stage is called the exploit stage where the browser succumbs to the exploit kit which lets the hackers know about the security vulnerability that it can easily attack. The following stage is the infection stage where the hacker is well aware of the vulnerability point and it downloads the payload package which installs itself into the computer. The final stage is the execution of the downloaded program which is designed to make money for the masters. Website Application Attacks Web Attacks - Better known as Web application attacks in which an attacker exploits the vulnerabilities of a website’s code to steal personal or sensitive information from the website’s own databases through various methods. SQL Injection Attacks SQL or Structured Query Language is used in programming to allow the user to create, manipulate, and delete databases. Attackers usually take try to take advantage of a website that has a data input field, web form, or even a search bar. Normal users would generally input data like their name, phone, or identification number while on the other hand, an attacker uses the same input field and try to gain access to the website’s database by entering SQL prompts or 20 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited queries. If the input field is not tested properly, this allows an attacker to execute specific SQL commands that can retrieve, change, or delete any information within the compromised database. Types of SQL Injection Attacks SQLi vulnerability is one of the oldest and most common types of web security issues. There are several types of SQL Injection Attacks: 1. In-band SQLi - This is the simplest and common type of SQL Injection. Through this, an attacker can use the same communication channel to execute the attack and gather information. In-bank SQLi is further categorized in two common types of In- band SQLi attacks: (1) Error-based SQLi, and (2) Union-based SQLi 2. Inferential SQLi (Blind SQLi) - This attack is time- consuming and dangerous compared to the other SQL Injections. In this attack, an attacker is not able to see results on the web application but can rather communicate directly with the database and make changes to the database structure. Those changes are made using payloads and the results are seen as the web application responses to the database. This attack is further categorized into two attacks: (1) Content-based Blind SQL Injection and (2) Time-based Blind SQL Injection 3. Out-of-Band SQLi - This is not a very common type of SQL Injection. This attack depends on the features of the database server that the web application is using. Cross-Site Scripting Attacks Cross-Site Scripting (XSS) - Cross-Site Scripting is another web attack in which a potential attacker exploits the vulnerabilities of the website or web application. While SQL Injection is an attack that targets the website’s database, an XSS attack targets the users who visit these websites directly. Attackers achieve this by embedding malicious code or scripts on the website where a user will most likely interact with; the most common choice would be an input field. Once compromised, an attacker will have control over the victim’s browser. With it they can view the browser history, cookies could be stolen, impart trojans, remote control the victim’s computer, etc. 21 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited Cyber Security in the Philippines The Department of Information and Communications Technology (DICT) is the primary policy, planning, coordinating, implementing, and administrative entity of the Executive Branch of the government that will plan, develop, and promote the national ICT development agenda. Their function includes the formulation, recommendation and implementation of national policies, plans, programs and guidelines that will promote the development and use of ICT with due consideration to the advantages of convergence and emerging technologies. The Philippines has several policies and laws and standards in force to cyber/information security, and these are as follow: 2011-2016 National Security Policy R.A. 8792 (E-Commerce Act) R.A. 9775 (Anti-Child Pornography Act of 2009) R.A. 9995 (Anti-Photo and Video Voyeurism Act of 2009) R.A. 10173 (Data Privacy Act of 2012) R.A. 10175 (Cybercrime Prevention Act of 2012) M.O. 37, s2001 (Providing for the Fourteen Pillars of Policy and Action of the Government Against Terrorism – critical infrastructure is defined in this document and requires the preparation of a comprehensive security plan [a] above) E.O. 810, s2009 (Institutionalizing the Certification Scheme for Digital Signature) A.O. 39, s2013 (Government Web hosting Service of DOST ICT Office) PNS ISO/IEC 270001:2005 (Information technology — Security techniques — Information security management systems – Requirements) PNS ISO/IEC 27002:2005 (Information technology — Security techniques — Code of practice for information security management) Few Safeguards We live in an era, where cyber security is a momentous issue. Cybercrimes are becoming the new normal nowadays.so what makes you think that you will be spared by cyber criminals? we have suggested some steps to remember for the rest of your life to safe guard yourself from very common cyber-attacks. so, let’s get back to the original question? How to protect yourself from cyber-attacks? or how to protect yourself online? 22 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited 1. Instead of ‘Passwords’, Use ‘Passphrases’ for Different websites Use different user ID/password combinations for different accounts and avoid writing them down. you can create more complicated passwords by combining letters, numbers, special characters (minimum 8 characters in total) and change them on a regular basis. Using pass- phrases is a wonderful idea, sentences such as ILoveFacebookSoMuch are very hard to crack! You probably don’t want to remember too many passwords for too many websites. You can create your own format for passwords. for example: yourname(xx)@websitename, where xx is any 2 digits’ random number. 2. Secure your computer/laptop physically and by Activating your firewall A Firewall works exactly as the name suggests. it monitors all the incoming and outgoing traffic towards your computer. If your antivirus doesn’t include a firewall, make sure you have windows firewall ‘Activated’. 3. Never upload your personal data ‘unencrypted’ to dropbox, google drive or any online file sharing services It takes not more than 5 minutes to encrypt a zip file or any single file such as a photo, video or a document with AES-256-bit encryption. But it saves you from getting your personal data leaked. And you can relax even if these big companies face a data breach. If using windows, use bit locker to encrypt hard disk drives with important data! You may use this software to encrypt your files: https://www.aescrypt.com/download/ 4. Crosscheck your Social-Media security settings Make sure your social networking profiles (e.g. Facebook, Twitter, YouTube, google+ etc.) are set to private. Check your security settings. never post sensitive information about you online. Once it is on the Internet, it is there forever commenting on various website may show up after 2 years in google search result of your name try a google search for your name with double quotes. for example: http://bfy.tw/mnR 5. Do not procrastinate update installations (even the “installing 127 of 1204” ones) 23 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited Keep your applications and operating system (e.g. Windows, Mac, Linux) updated with the latest security updates. These updates are not just limited to adding new features to your system, but it comes with security patches for vulnerabilities in your operating system. keep common software’s /plugins such as flash player, Microsoft Office ‘up to date’ as they are widely used, hackers are always finding ways to exploit their vulnerabilities. Additional safeguards include… 6. Wi-Fi-The most vulnerable network ever! 7. Encrypt your data (Important) 8. Secure your Mobile Devices Physically and Digitally 9. Protect your e-identity, look for https:// 10. Do not store your card details on websites 11. Got hacked??Call the right person/ lawyer for help 12. Never Trust E-mails 13. Do not share a code received accidentally via 2 step verifications 14. Ignore pop-ups, drive-by downloads while Surfing 15. Review your credit card statements Types of Cyber Criminals Before diving into the types of cybercriminals, we must be able to recognize who are they? A cybercriminal could be groups or individuals who commit crimes which means they break the law. Many people would think that all hackers are criminals, that is not true. There are two general types of hackers, good hackers who work with the originations in order to detect vulnerabilities that exist in their systems and improve their protection, an example of good hackers is White Hat. The other type of hackers is individuals who are breaking into a computer or devises without any permission from the owner to cause harm, an example of bad hackers Black Hat. After understanding the different types of crimes and attacks. In this section, we will introduce the most common types of cybercriminals. Black Hat The most popular type of cybercriminals is Black Hat. Black Hat is the group responsible for bad images about hackers. This group exploits to any system for a negative intention. They have different reasons for attacking such as change public databases, stealing credit card information, this group is looking for fame 24 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited or gain money through exploiting the vulnerability in the internet framework This group committed many cybercrimes such as robbed banks and invaluable private data. Identity Thieves Identity thieves could be individuals or groups of people who are trying to steal personal information such as address, phone numbers, social security numbers, and credit card numbers. They utilize this data to impersonating their victims in order to make a money transaction. This kind of cybercriminals is one of the oldest cybercrimes. Cyber Terrorism Cyber Terrorism is a cyberattack that has been developed for a political reason in order to steal or/and corrupt government or corporate computers and network data. As a result, this attack could make damage businesses, countries, and organizations. The fundamental difference between a cyber-attack and cyber terrorism is that cyber terrorism is politically supported while cyber- attack is just a group of people who attempt to gain money utilizing illegal methodology Internet Stalkers Internet Stalkers are individuals who are monitoring their victims’ activities on the internet in order to terrorize and/or acquire personal information. This kind of cybercrime occurs by utilizing social network platforms and malware. There are many different reasons for doing this kind of cybercrimes, the main two reasons are bribery, slander, or both. Script Kiddies These kinds of hackers can be anyone who is encouraged by the urge of immaturity to become a wannabe hacker. They have less technical knowledge and urge to run the scripts which have been pre-compiled so that there will be disturbances in the software. They lack the technical expertise to even understand what the software was meant to work for which lets them hack the systems which are very weakly secured. Scammers These are the daily scamming emails that we come across. Whenever we have to login to our email inbox we receive probably more emails from the scammers 25 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited which offer different proposals for discounted trips or medicines, timeshares or personal ads. Spammers They are not direct criminals but commit the crime of wasting one's time. Spammers flood the email inbox with ads and everything gibberish possible. They are not dangerous in any particular way but they are always considered to be annoying and time-consuming. Spammers are even responsible for bringing in a real financial cost by bringing in the necessity to install expensive and unstable anti-spam technologies. Hacker Activist Groups They are often called as the 'Hacktivists'. They can be considered as petty criminals who always are on the try to prove their destructive behavior wherein they steal confidential information and release it publicly. They generally work anonymously and are responsible for creating tools that makes the hacking easier. Phishers The most prominent example of such activities are when we receive notification about our account expiring and where we have to update our information. This is not really the case. It's all the activities of the phisher to extract personal information or the identity. There has been survey about this which says that there are around 20,000 to 30,000 phishing websites found every month. Political/Religious/Commercial groups These groups can be categorized into the ones which do not aim at financial gain. They generally aim at developing malware for political success. One of the finest examples of such a malware is Stuxnet! This malware was found in Iran’s atomic program but it was believed to be originated from some foreign government. These cannot be thought as harmless as they can have losses on the political, religion or commercial level. Professional Cybercriminals These kinds of people are the most dangerous ones as they have the proper technical expertise and know what they want to harm and how to harm. These are a group which can consist of technologists who have turned themselves into cybercriminals. They do the most damage to government, financial institutions 26 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited or e-commerce businesses. They can be responsible for the greatest number of crimes than the rest combined. Reason for Attacks Traditionally, mitigation efforts for cyber-attacks have been focused on securing systems and monitoring network traffic for malicious activity; recently, however, researchers have recognized that understanding the social, political, economic, and cultural (SPEC) conflicts that motivate cyber-attacks may enhance mitigation strategies. 1. Political Political cyber-attacks can be committed by an individual actor, political group — e.g., extremist groups —, or a state. The motivations for these attacks can be diverse and complicated but can be broken down into basic categories. Researchers out of the University of Nebraska have created the following categories for politically motivated attacks not committed by a state: protests against political actions, protests against laws or public documents, and outrage against acts related to physical violence. Protests Against Political Actions: This category is primarily comprised of attacks in response to certain political actions or positions taken by governments, politicians, corporations, or special interest groups. A common example of this kind of attack is the defacing of political candidates’ websites by individuals or groups that disagree with the candidates’ policy stances, but these attacks may be as serious as the 1998 attack on India’s Bhabha Atomic Research Center(BARC) by anti-nuclear activists. Protests Against Laws or Public Documents: These attacks are typically a response to the passing of an unpopular law. Upon the passing of the Communications Decency Act in 1996, several protesters were involved in repeatedly deleting the content of the law off the United States Department of Justice's website. Outrage Against Acts Related to Physical Violence: This is the largest and most common category of politically-motivated cyber- attacks, and is closely associated with extremist groups. These attacks are motivated by acts of violence — typically committed by a 27 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited government — and are meant to be retaliatory. Attacks on military infrastructure by anti-war protestors, attacks on government infrastructure by extremist groups such as ISIL, etc. all fall into this category. In 1990, Chinese hackers attacked U.S. government. 2. Social and Cultural Socially-motivated cyber-attacks typically stem from socio-cultural conflict, which within a culture tends to stem from competition between individuals or groups over incompatible goals, scarce resources, or power. Conflicts between different cultures — cross- cultural conflict — such as the Israeli-Palestinian or Taiwanese-Chinese conflicts can also spawn socially motivated cyber-attacks. 3. Economic Economically-motivated attacks can be motivated by the economic situation of the attacker — in the same capacity that someone may rob a gas station if they are broke — or by individuals', nations', or groups' frustration with governments or perceived corporate greed. The former includes attacks on financial institutions, ransom-ware attacks, or phishing for individual consumers' banking information, and typically aims to leverage some form of economic gain for the attacker, while the latter includes attacks on stock markets, corporations, and other global financial institutions for the sake of doing damage. The former is more common amongst individuals, while the latter is commonly perpetrated by groups or governments. Espionage attacks are often split between the political and economic categories, but tend to be grouped with the latter. These attacks are typically committed by states, with the target being other states, and garner useful Political Social and Cultural. Impact on Business The downtime caused by attacks may harm the business's productivity, revenue, financial performance, and damage the company’s reputation. The impact on business may range from low to extreme impact. For example, downtime that has a minor impact on business may mean that a minimal number of systems are affected. While on the other side of the coin is the 28 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited extreme impact on business, the company's future is at stake, and the cost of recovery is inconsequential. The following is a list of the costs of downtime: Cash flow: The day-to-day cash flow would come to a halt if the company is heavily reliant on computer systems to perform business processes. Loss of reputation: For companies that provide critical services, downtime of their services can significantly damage their relationship with their customers and supporters. Stock price: A prolonged downtime can have a negative effect on a company’s stock prices especially if this downtime is frequent. Loss of future earnings: A halt on production along with an unfavorable reputation can affect potential customers as well as current customers which then leads to a loss of future earnings. Legal Impacts: Some companies may have legal and regulatory responsibilities tied to their services. A breach can inadvertently cause a company to become uncompliant with some of these regulations. Industry Specific: In some industries such as the healthcare industry, downtime can affect something as crucial as patient lives. A company can perform a Business Impact Analysis (BIA) to determine and evaluate these risks in the case of an attack and be better prepared for them. While downtime can become the main priority for a company, the next steps are to ensure that their system's security are more robust than they were before. The response and repairs of attacks can become costly for companies. This is the case regardless of how major or minor the attack is. If any vulnerabilities are found it is expected to have these vulnerabilities mitigated. The following is a list of possible costs of attack response: Hiring third-party businesses to identify risks and create security protocols or customizable solutions. Regular testing and monitoring. Buying protective software/hardware (eg. Antivirus). Upgrading systems or overhauling procedures. 29 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited Prevention and Detection Prevention - There are many tools to prevent a cybercrime from happening. A firewall guards the company's network from outside intrusion, and prevents employees from accessing prohibited sites. Intrusion prevention systems prevent attacks by blocking viruses and other threats from getting into the network. Antivirus software prevents viruses from infecting a computer by scanning for virus signatures. For antivirus to be effective it must be up-to-date and uniformly deployed across the enterprise. Detection - Intrusion protection system is software or hardware that monitors system resources. It identifies possible intrusions into the system from either within or outside of the organization. There are three types of intrusion systems: NIDS (Network Intrusion Detection System) identifies intrusions through network traffic and monitors multiple hosts. HIDS (Host-based Intrusion Detection System) identifies intrusions by reviewing host activities. SIDS (Stack-based Intrusion System) examines packets as they pass through the TCP/IP stack. Security Audit - A company's network is a means of communication and sharing of information. However, it comes under attack everyday by professional or novice hackers with intention to use company information or databases for their own fortune. But it is not compromised only by external individuals but also sometimes by personnel present in the company. There are a number of steps that need to be performed in order to complete a security audit. For example: 1. Define audit 2. Define possible threats 3. Discussion (interviews) 4. Technical Investigation 5. Report Presentation 6. Post Audit Actions and Recommendations Types of Audits Self Audit (Informal Audit) - Every company has few servers providing services to the company. To monitor these processes every company develops some type of self-audit process to follow on a regular basis. Some companies have software 30 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited to monitor all the process and then register entire logs to be evaluated later by professionals. Based on these audit results if a bad or incorrect event is detected, you can even have the event undone and the initiator’s account even locked out. The collectors will send all the daily logs to a consolidator once a day where you will be able to create numerous reports and graphs surrounding your security events. You can also use this for trends and analysis. Information Technology Audits - The purpose of an internal audit is to provide operations management with an independent review of the adequacy and effectiveness of the operations’ internal controls. The IT audit is basically external auditing in which external auditors will be hired to perform all the required auditing operations. These auditors contact the internal auditing department and make their auditing requirements known to the company. At the conclusion of the audit, an oral and written report are conducted with the management. At this time the company must plan actions to take in response to the report or decide whether they wish to assume the risks involved. Once auditing is done and the report is presented, all the concerned individuals should meet to discuss what next steps are required to ensure the safety of the company's assets. LEGAL PERSPECTIVES, PRIVACY AND DATA PROTECTION Introduction The use of information technology in both government and business requires balancing the needs of those who use the information that is collected against the rights and desires of the people whose information is being used. Information about people is gathered, stored, analyzed, and reported because organizations can use it to make better decisions. Some of these decisions, including whether or not to hire a job candidate, approve a loan, or offer a scholarship, can profoundly affect people’s lives. In addition, the global marketplace and intensified competition have increased the importance of knowing consumers’ purchasing habits and financial condition. Companies use this information to target marketing efforts to consumers who are most likely to buy their products and services. Organizations also need basic information about customers to serve them better. It is hard to imagine an organization having productive relationships with its customers without having data about 31 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited them. Thus, organizations want systems that collect and store key data from every interaction they have with a customer. However, many people object to the data collection policies of governments and businesses on the grounds that they strip individuals of the power to control their own personal information. Data Privacy Privacy, in just layman terms, means to keep a piece of information that is special to oneself and not disclose it willingly to anyone. In terms of information technology, this means protection of personal/sensitive information that is not accessible to anyone other than the individual self. There are various types of privacy in general. But the most relevant ones for this module are: Internet privacy - Privacy related to any activity being carried out online via internet. Informational privacy - privacy specifically related to an individual or companies’ information. Privacy Policies/Principles In this section we will be covering the five core principles that the FTC (Federal Trade Commission) of the United States has established to be important in order to keep everyone’s right to privacy intact. 1. Notice/Awareness - Giving people notice and keeping people aware of what will happen to their data. Some major components to this principle include: identification of entity collecting data, identification of the uses to which the data will be put, identification of any potential recipients of the data, the nature of the data collected and the means by which it is collected if not obvious, whether the provision of the requested data is voluntary or required, and the consequences of a refusal to provide the requested information, and the steps taken by the data collector to ensure the confidentiality, integrity and quality of the data. 2. Choice/Consent - Consent is necessary when it comes to collecting people’s personal data. Consumers need to have the choice if they want their personal data being collected. This could be as simple as having a checkbox asking the user if they consent to the multiplication of personal data. 32 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited 3. Access/Participation - This principle wants to allow people to access their personal data that is collected and to give them the ability to contest the data if it is not accurate information. This principle is critical in today’s world since so much data is being collected just as important to have accurate data as it is to have mass amounts of data. 4. Integrity/Security - Security is so important to privacy, without a huge investment into security privacy falls out the window. You could follow all of the principles but not secure your data properly and it would all be for nothing. This includes sending, receiving, and storing the data. 5. Enforcement/Redress - This principle is in essence the simplest of the five to enforce all four of the principles above. This doesn’t mean it's any less important or impactful to privacy. Without enforcement of the four principles there is no point in having them. That's all five policies that the FTC created for keeping personal privacy. The next section will cover some of the ways social media platforms went against some if not all of these principles. Privacy and Social Networking sites Social media alludes to websites and applications that are designed to allow people to share content quickly, efficiently and in real-time. It can also be said that social media are apps on smartphones or tablets, but the truth is, this communication platform started with the use of internet in computers. It started with just being part of groups, and went on to online chat rooms to fully functional websites and apps that people use to share videos, pictures and thoughts, marketing, dating as well as influencing others. So then arises the question of what is the difference between social media and social network? Social media means the content that one posts online. It could be a blog, slideshow, podcast etc. Whereas social networking site is the medium via which a person can create relationships, communities, followers etc. Furthermore, one can also say that social networking is just a subset of social media. History A look into the background can help widen the horizon for understanding how social media got so relevant in the first place. Backing up all the way to 1978, BBS was created which is Bulletin Board System accessible via dial up model and was used primarily for communities which had specific interests. Next came 33 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited along CompuServe which became popular where people could share files, access new and other events. They could interact via email. AOL and Yahoo Groups in 1994 was the very first originator to social networking sites, where one could be part of communities and the members had a profile. Fast forwarding to 2002, where came Friendster, which encouraged people to bond with common interests. Also, in the same year, LinkedIn launched with an aim of career networking but did not gain much traction until 2010. In 2003, Myspace came into existence, where youngsters could see each other's activity as long as they were part of each other's networks. In 2004, came the biggest game changer and that is Facebook which connected people with their friends and a lot of other features that were enabled along with posting videos, pictures and content sharing among friends and also other people who could search you online. Then came in 2005, YouTube which was exclusively a video upload and sharing platform and still is the number 1. In 2006, Twitter came into existence which limited interactions in the form of comments and posting tweets. Instagram made its debut in 2010 with the focus of being the sole photo sharing/editing app and then came Snapchat in 2011 which allowed to share moments with friends. As one can see this is how social media started gaining momentum and with different websites/apps offering unique features on their platform it became essential for every youngster/general public to become a part of this to keep up with the times and stay connected to everyone as much possible. Social networking sites which are the most popular today are Facebook, Messenger, Instagram, Snapchat, Twitter, Whatsapp and TikTok. That being said, the advent of social networks brought on a host of various concerns and the biggest concern for social media is privacy. But for a long time, very few people were actually aware of privacy. In fact, since it was so new and the young generation as well as the older ones who got connected to a lot of acquaintance and new friends, they did not realize that their conversations in a lot of social network platforms could be viewed by other people as well. That is just the way the social network platform algorithms were built that allowed people outside of connections to view content and also follow/stalk other people including the activities of a person on that particular social networking site. According to a 2014 survey, 91% of Americans “agree” or “strongly agree” that "people felt that they lost control over how personal information is collected and used by all kinds of institutions". 80% of social media users said they were 34 Republic of the Philippines Laguna State Polytechnic University Province of Laguna ISO 9001:2015 Certified Level I Institutionally Accredited uneasy about advertisers and organizations having a way to use the data that was posted on social media platforms and 64% were of the opinion that government should be more proactive on data handling, as this data was being used by marketers. Individual privacy as a concept In an independent study, according to CPO magazine it was found that the privacy cannot be completely possible as friends always make it a likelihood of sharing the user's information to other people outside the network as well. There is also something known as a concept of choice of individual privacy that is completely dependent on an individual as to how much information they want to share with the world. Looking at the above statement, an advocate of the individual privacy will say that one cannot completely obscure information from everybody. So, it is better to not put it online at all. Some who do not agree with it say that one should not expect privacy to be a big factor if they are sharing personal information on social media as they are doing it by choice and leave it to be viewed by friends and those who wish to see their information. Privacy concerns Some of the major privacy concerns faced today are: Privacy settings of major platforms - These settings are built in a way that if a user is not vigilant, they might end up sharing not only their personal data but also their activity unintentionally to companies and other third party who are always looking towards improving their own websites accessibility and marketing. Location stealing - Enabling GPS location of the user's taking the data from the cell phone, this "can be used to build up a picture of your everyday movements. Location data can be coupled with other data and aggregated to create a very specific picture of an individual’s