cceexam.pdf

Full Transcript

Cybercrime
and
Cyberattacks
Objective:

Explain the effects of various
cybercrimes in the IT industry,
Identify types of Cybercrimes
and the importance of the types
and perpetrators
of cybersecurity as protection
against cyberattacks.
What is cybercrime?

Cybercrime “also called computer crime, the use
of a computer as an instrument to fur ther illegal
ends, such as committing fraud, traff icking in
child pornography
and intellectual proper ty, stealing identities, or
violating privacy
Cyberattack

Cyberattack is “an attempt to gain illegal access
to a computer system for the purpose or causing
damage or harm“.
Types of Cyberattack

C yb era tta c k is def ined a s “ an at t ac k l aunc he d fr o m o ne o r m o r e
c o m p ut e r s ag ai ns t ano t he r c o m p ut e r, m ul t i p l e c o m p ut e r s o r ne t wo r k s ”.

Ther e a r e tw o ( 2 ) ty p es of a tta c ks tha t c a n ha p p en:

( 1 ) the g oa l is to dis a ble the c omputer or ma ke it g o of f the g r id;

( 2 ) g a in a c c es s to the ta r g et ʼs d a ta a nd in mos t c a s es , c ontr ol the us er ʼs
c omp uter ( g a in a d min p r iv ileg es ).
Eight (8) types of Cyberattacks
(Fruhlinger, 2020):

M a lwa r e

Phis hing

Ra ns omwa r e

D enia l- of- s er v ic e

M a n in the mid d le

C r y ptoja c king

SQL injec tion

Zer o- d ay ex p loits
Malware

Malware refers to sof tware that damages devices, steals
data, and causes chaos. There are many types of malware ̶
viruses, Trojans, spyware, ransomware, and more.
Virus
A ty pe of ma lic ious s of twa r e tha t is loa ded
onto the us er ʼs c omp uter w ithout his / her
knowledg e.

It c a n per for m ma lic ious a c tions s uc h
c or r up ting your f ile, hid ing your f ile or even
d es tr oy ing your c omp uter ʼs ha r d wa r e.

A c omputer v ir us a tta c hes its elf to a f ile or a
p r og ra m a nd s p r ea d s fr om c omp uter to
c omp uter leav ing infec tions a s it travel.
Worms

Worms donʼ t need other programs they propel
themselves through the Internet.

Worms spread from computer to computer and
has the capability to self-replicate without human
intervention.

Because of its ability to self-replicate, it can
deplete system resources such as memory, hard
disk space and bandwidth, thus, causing your
computer system to slow down.
Trojan Horse

A Trojan horse appears to be a legitimate program
designed to gain access to a computer without the
user ʼs knowledge thereby getting access on
important files on the user ʼs computer.
Bots /Botnets

A malicious bot is self-propagating. It infects a
host computer and connects back to its control
host. The control host has now control over the
infected computer. These infected computers are
now called botnets and can be used for various
cybercrime attacks such as Denial-of-Service
(DoS) Attack.
Phishing

Ø Ph i s h i n g is a c y ber c r ime in whic h s c a mmer s a ttempt to
ob ta in s ens itive p er s ona l infor ma tion s uc h a s us er na me,
p a s s w or d s , a c c ount numb er, c r ed it c a r d numb er a nd the
like fr om the ta r g et or ta r g ets by pos ing a s s omeone
fr om a leg itima te ins titution.

Ø In Phis hing , the v ic tim is s ent a c ommunic a tion tha t
p r etend s to b e fr om a n of f ic ia l w eb s ite of a r ep uta b le
c omp a ny. The v ic tim is then lur ed into op ening a
w eb s ite tha t is r outed to the p er p etra tor s.
Shared Features of Phishing Emails
(Phishing.org)

1. To o G o o d To B e Tr u e – S c a m m e r s m i g h t o f f e r u n b e l i e va b l e o f f e r s t h a t a r e
i n t e n d e d t o a t t ra c t t h e t a r g e t ʼs a t t e n t i o n.

2. Sense of Urgency – In some cases, emails seem to look like from a
r e p u t a b l e b a n k a n d t e l l i n g yo u t h a t t h e y a r e c u r r e n t l y u p d a t i n g t h e i r s y s t e m a n d
t h a t yo u r a c c o u n t w i l l b e d e l e t e d i f yo u d o nʼ t u p d a t e yo u r p e r s o n a l i n f o r m a t i o n
i m m e d i a t e l y.

3. H y p e r l i n k s – I n P h i s h i n g , p e r p e t ra t o r s w i l l p r o v i d e a l i n k t h a t l o o k s a l m o s t
t h e s a m e w i t h t h e l e g i t i m a t e s i t e. H o w e ve r, i f yo u e x a m i n e c a r e f u l l y, t h e y m i g h t
replace some letters like m for n.
Shared Features of Phishing Emails
(Phishing.org)

4. Attachments - If an email is sent to you with attachments
from someone or from a company you do not recognize, do not
open it. It might contain malicious sof tware that might harm
your computer.

5. Unfamiliar Sender – When the sender does not seem like
someone you know or unfamiliar to you, do not open it.
Ransomware

Ransomware is another form of malicious sof tware that prevents
the user from accessing his /her files by encrypting it.

The attacker then demands “ransom payment” from the victim to
decrypt the files and regain access.

Users are provided with instructions on how to deliver the
“ransom payment” in exchange of the decryption key
How Ransomware works

One common delivery of ransomware is through email, usually
done through Phishing.

Once the victim opens the link, the perpetrator can now access
the victimʼs computer.

Perpetrators can gain administrative access on the victimʼs
computer using social engineering tools.
Best Security Practices to prevent
Ransomware attack

1. E n s u r e f r e q u e n t u p d a t e o f yo u r c o m p u t e r ʼs o p e ra t i n g s y s t e m. U p d a t e s a r e
i m p o r t a n t a s t h e y p r o v i d e p a t c h e s t o s e c u r i ty h o l e s m a k i n g yo u r c o m p u t e r l e s s
v u l n e ra b l e t o c y b e r-a t t a c k s.

2. N e ve r i n s t a l l s o f t wa r e o r p r o v i d e a d m i n i s t ra t i ve p r i v i l e g e s t o i t u n l e s s yo u
know what is and what it does.

3. I n s t a l l a n a n t i -v i r u s s o f t wa r e a n d k e e p i t u p d a t e d a s i t c a n d e t e c t m a l i c i o u s
p r o g ra m s s u c h a s ra n s o mwa r e a s e a r l y a s t h e m o m e n t i t e n t e r s yo u r c o m p u t e r.
I n a d d i t i o n , i n s t a l l a w h i t e l i s t i n g s o f t wa r e a s i t c a n p r e ve n t u n a u t h o r i z e d
applications from running.

4. F r e q u e n t l y b a c k- u p yo u r f i l e s u s i n g a c l o u d o r e x t e r n a l s t o ra g e. I n c a s e , yo u
b e c o m e t h e v i c t i m , t h e a t t a c k w o u l d b e i n s i g n i f i c a n t a s yo u h a ve a b a c k u p c o p y
o f yo u r f i l e s.
Denial of Service Attack

According to the website paloaltonetworks.com, a Denial-of-
Service (DoS) attack is “an attack meant to shut down a
machine or network, making it inaccessible to its intended users.

DoS attacks accomplish this by f looding the target with traff ic, or
sending it information that triggers a crash”.
Denial of Service Attack

It denies the legitimate users from accessing the websites
depriving them of the services or resources they expect to get.
Banks and high-profile organizations are the common victims of
this attack.
Denial of Service Attack

In 2000, Michael Calce (photo above), a 15-year-old boy who
used the online name “Mafiaboy,” launched one of the first
recorded DDoS attacks. Calce hacked into the computer networks
of a number of universities. He used their servers to operate a
DDoS attack that crashed several major websites, including CNN,
E-Trade, eBay, and Yahoo.

Calce was convicted of his crimes in the Montreal Youth Court.
As an adult, he became a “white-hat hacker ” identifying
vulnerabilities in the computer systems of major companies.
Michael Calce
Victims of DOS Attack

In 2016, Dyn, a major domain name system
provider ̶ or DNS ̶ was hit with a massive DDoS
attack that took down major websites and
services, including AirBnB, CNN, Netflix, PayPal,
Spotify, Visa, Amazon, The New York Times,
Reddit, and GitHub.

The gaming industry has also been a target of
DDoS attacks, along with sof tware and media
companies
Man-in-the-Middle (MitM)
Attack

A man-in-the-middle attack is a type of
cyberattack where a malicious actor inserts
him /herself into a conversation between two
parties, impersonates both parties and gains
access to information that the two parties were
trying to send to each other.
Man-in-the-Middle (MitM) Attack

A man-in-the-middle attack allows a malicious actor to intercept,
send and receive data meant for someone else, or not meant to
be sent at all, without either outside party knowing until it is too
late (DuPaul, n.d.).

A Man-in-the-Middle attack is another type of cyberattack where
the malicious person intercepts or eavesdrop in
Cryptojacking

Cryptojacking is the unauthorized use of someone elseʼs
computer which may include tablets, laptops or desktop
computers to mine cryptocurrency.
Cryptojacking

A common way of cryptojacking is by either getting the victim to
click on a malicious link in an email that
loads cryptomining code on the computer, or by infecting a
website or online ad with JavaScript code that auto-executes
once loaded in the victimʼs browser.
SQL Injection

SQL injection (SQLi) is a type of attack where a malicious SQL
statements will be inserted and executed on data-driven
applications (database servers) to manipulate data stored in any
type of SQL databases.
SQL Injection

SQL injection attacks allow attackers to bypass application
security measures. They can go around authentication and
authorization of a web page or web application and retrieve the
content of the entire SQL database. They can also use SQL
Injection to add, modify, and delete records in the database
Zero Day Exploits

According to Kaspersky.com website, a zero day exploit is “a
cyberattack that occurs on the same day a weakness is
discovered in sof tware. At that point, it's exploited before a f ix
becomes available from its creator ”.
Zero Day Exploits

When a vulnerability or security risk is discovered by a
user, the user would initially report this to the sof tware
developers. The developers would then create a patch or update
to fix the error or flaw.
Types of Cybercriminals

Hackers

Crackers

Hacktivist

Cyberterrorist

Industrial spies
Hackers

As defined under Internet Usersʼ Glossary under RFC 1392, a
hacker is “A person who delights in having an intimate
understanding of the internal workings of a system, computers
and computer networks in par ticular. The term is of ten misused
in a pejorative context, where ʻcracker ʼ would be the correct
term.”
Hackers

Hackers use their knowledge and skills in programming, and
general computer security to study how the computer system
and networks work and find flaws, or security issues in it. They
help improve and patch vulnerabilities within the computer
system and networks.

Hackers are of ten referred to as “white hat” or “ethical hackers”.
They are what we call “the good guys”.
Crackers

As defined under Internet Usersʼ Glossary under RFC 1392, a
cracker “is an individual who attempts to access computer
systems without authorization. These individuals are of ten
malicious, as opposed to hackers, and have many means at their
disposal for breaking into a system.”
Crackers

Crackers are also called “black hats.” They look for backdoors in
programs and systems, exploit those backdoors, and steal
private information for use in a malicious way.
Hacktivist

According to Oxford Online Dictionary, a hacktivist is defined as
“a person who gains unauthorized access to computer f iles or
networks in order to fur ther social or political ends”.

A hacktivist cracks the computer system and destroys or alters
data as way to express their opposition to a certain issue.
Majority of the hacktivists works anonymously.
Hacktivist

A cyber-terrorist is a criminal who uses computer technology
and the Internet, especially to cause fear and disruption.

Some cyber-terrorists spread computer viruses, and others
threaten people electronically
COMELEC Website Hacked in 2016

The Anonymous Philippines hacked the website of Commission on
Elections (Comelec) on March 27, 2016.

The hacktivist group defaced the website by posting a message,
asking the Comelec to make sure that the machines to be used
on election should have strong security features (CNN
Philippines, Anonymous PH hacks Comelec website 2016).
Industrial Spies

Industrial spies use illegal means to obtain trade
secrets from competitors (Reynolds, 2019). An
industrial spy may have gained an employment
with the company. The primary purpose is to spy
and gather information in order to obtain relevant
information from the company.

An industrial spy may also be a disgruntled
employee who wants to obtain revenge or use the
obtained information for personal gain.
Assignment:

Please watch the documentary this documentary in Youtube:

https://www.youtube.com /watch?v=qsKS6fwXTwg&t=23s
Cybersecurity
What is Cybersecurity?

Cybersecurity is the practice of defending computers, servers,
mobile devices, electronic systems, networks, and data from
malicious attacks.

When companies become a victim of any cybercrime, client trust
and reputation is at stake.
Kaspersky.com (2020) enumerates the
various categories of Cyber security:

Network security

Application security

Information Security

Operational Security

Disaster recovery and business continuity
Google Data Center Security: 6 layers
Protection against Internet Attacks

A firewall is hardware and /or sof tware that protects a networkʼs
resources from intrusion by users on another network such as
the Internet.

All networked and online computer users should implement a
firewall solution.
Protection against Internet Attacks

A personal f irewall is a utility program that detects and protects a
personal computer and its data from unauthorized intrusions.

Some operating systems, such as Windows, include personal f irewalls.
Protection against Internet Attacks

Intrusion Detection Sof tware. Intrusion detection sof tware
automatically analyzes all network traffic, assesses system
vulnerabilities, identifies any unauthorized access (intrusions),
and notifies network administrators of suspicious behavior
patterns or system breaches.
Firewall