Cyber Security Threats PDF

Summary

This document provides an overview of cyber security threats and solutions. It covers topics such as malware attacks, social engineering, and different security solutions for protecting applications and networks.

Full Transcript

Cyber Security
Pr esented by
Dr. Shrouk Hossam Eldien

1
 Chapter 2

Cyber Security Threats

2
Cyber Security Threats
Threats?

3
Cyber Security Threats
Weaknesses – Vulnerabilities
Threats
Exploit
Vulnerabilities It is a vulnerability that the hacker exploits to enter the system,
network, website or database and reach the target.
Threats is defined as a risk that which can potentially harm computer
systems and networks and organization.
Exploit An exploit is a program, or piece of code, designed to find and take
advantage of a security flaw or vulnerability in an application or computer
system.

4
Cyber Security Threats

5
Cyber Security Threats
Cybersecurity threats are acts performed by individuals with harmful
determined, whose goal is to steal data, cause damage to or disrupt
computing systems.
Common categories of cyber threats include malware, social engineering, man
in the middle (MitM) attacks, denial of service (DoS), and injection attacks-we
describe each of these categories in more detail below.
Cyber threats can originate from a variety of sources, from hostile nation
states and terrorist groups, to individual hackers, to trusted individuals like
employees or contractors, who abuse their privileges to perform malicious acts.

6
Cyber Security Threats

7
Types of Cybersecurity Threats
Types of Cybersecurity
Threats:
1- Malware Attacks.
2- Social Engineering
Attacks.
3- Supply Chain Attacks.
4- Man-in-the-Middle
Attack.
5- Denial-of-Service Attack.
6- Injection Attacks.
7- Password Attacks.
8
Types of Cybersecurity Threats
1- Malware Attacks
Malware is an abbreviation of "malicious software", which includes viruses,
worms, trojans, spyware, and ransomware, and is the most common type of
cyberattack. Malware gain access to a system, usually via a link on an untrusted
website or email or an unwanted software download.

9
Types of Cybersecurity Threats
Malware Attacks
It deploys on the target system, collects sensitive data, manipulates and
blocks access to network components, and may destroy data or shut
down the system altogether.

10
Types of Cybersecurity Threats
1- Malware Attacks
The main types of malware attacks:
Viruses - a piece of code injects itself into an application. When the application
runs, the malicious code executes.
Worms - malware that exploits software vulnerabilities and backdoors to gain
access to an operating system. Once installed in the network, the worm can carry
out attacks such as distributed denial of service (DDoS).
Trojans - malicious code or software that poses as an innocent program, hiding
in apps, games or email attachments. An unsuspecting user downloads the
trojan, allowing it to gain control of their device.
Ransomware - a user or organization is denied access to their own systems or
data via encryption. The attacker typically demands a ransom be paid in
exchange for a decryption key to restore access, but there is no guarantee that
paying the ransom will actually restore full access or functionality.

11
Types of Cybersecurity Threats
1- Malware Attacks
Spyware - a malicious actor gains access to an unsuspecting user's data,
including sensitive information such as passwords and payment details.
Spyware can, mobile phones and desktop applications. affect desktop
browsers
Adware - a user's browsing activity is tracked to determine behavior
patterns and interests, allowing advertisers to send the user targeted
advertising.
Rootkits - software is injected into applications, firmware, operating
system kernels or hypervisors, providing remote administrative access to a
computer.
Backdoors - A backdoor disproves normal authentication required to access
a system, such as via a webserver or database. Often its installation is part of a
targeted attack; after researching a victim, social engineering is used to
steal login credentials and gain access to an application.

12
Types of Cybersecurity Threats
2- Social Engineering Attacks.
involves tricking users into providing
an entry point for malware.
The victim provides sensitive
information or unawares installs
malware on their device, because
the attacker poses as a
legitimate actor.

13
Types of Cybersecurity Threats
2- Social Engineering Attacks
Types of social engineering attacks:
Baiting - the attacker lures a user into a social engineering trap, usually with a
promise of something attractive like a free gift card. The victim provides sensitive
information such as credentials to the attacker.
Pretexting - similar to baiting, the attacker forces the target into giving up information
under false pretenses. This typically involves impersonating someone with authority,
for example an IRS or police officer, whose position will compel the victim to comply.
Phishing - the attacker sends emails pretending to come from a trusted source.
Phishing often involves sending fraudulent emails to as many users as possible but
can also be more targeted.
Vishing (voice phishing) - the imposter uses the phone to trick the target into
disclosing sensitive data or grant access to the target system. Vishing typically targets
older individuals but can be employed against anyone.
14
Types of Cybersecurity Threats
2- Social Engineering Attacks.
Smishing (SMS phishing) - the attacker uses text messages as the
means of unreliable the victim.
Piggybacking - an authorized user provides physical access to
another individual who "piggybacks" off the user's credentials. For
example, an employee may grant access to someone posing as a
new employee who misplaced their credential card.
Tailgating - an unauthorized individual follows an authorized user
into a location, for example by quickly slipping in through a protected
door after the authorized user has opened it. This technique is similar
to piggybacking except that the person being tailgated is unaware that
they are being used by another individual.

15
Types of Cybersecurity Threats
4- Man-in-the-Middle Attack
A Man-in-the-Middle (MitM) attack involves intercepting
the communication between two endpoints, such as a
user and an application.

The attacker can eavesdrop on the communication,
steal sensitive data, and impersonate each party
participating in the communication.

16
Types of Cybersecurity Threats
4- Man-in-the-Middle Attack
Examples of MitM attacks include:
Wi-Fi eavesdropping - an attacker sets up a Wi-Fi connection, posing as a
legitimate actor, such as a business, that users may connect to.
The fraudulent Wi-Fi allows the attacker to monitor the activity of connected
users and intercept data such as payment card details and login
credentials.
Email hijacking - an attacker spoofs the email address of a legitimate
organization, such as a bank, and uses it to trick users into giving up
sensitive information or transferring money to the attacker. The user follows
instructions they think come from the bank but are actually from the attacker.

17
Types of Cybersecurity Threats

18
Types of Cybersecurity Threats
4- Man-in-the-Middle Attack
DNS spoofing - a Domain Name Server
(DNS) is spoofed, directing a user to a
malicious website posing as a legitimate
site. The attacker may divert traffic from
the legitimate site or steal the user’s
credentials.
IP spoofing - an internet protocol (IP)
address connects users to a specific
website. An attacker can spoof an IP
address to pose as a website and
deceive users into thinking they are
interacting with that website.

19
Types of Cybersecurity Threats
4- Man-in-the-Middle Attack
HTTPS spoofing - HTTPS is generally considered
the more secure version of HTTP but can also be
used to trick the browser into thinking that a
malicious website is safe. The attacker uses
"HTTPS" in the URL to conceal the malicious nature
of the website.

20
Types of Cybersecurity Threats
5- Denial-of-Service Attack ATTACKED SERVER

A Denial-of-Service (DoS) attack
overloads the target system with a large
volume of traffic, delaying the ability of
the system to function normally.

An attack involving multiple devices is
known as a distributed denial-of-service
(DDoS) attack.

21
Types of Cybersecurity Threats
5- Denial-of-Service Attack
DoS attack techniques include:
HTTP flood DDoS - the attacker uses HTTP
requests that appear legitimate to
overcome an application or web server.
This technique does not require high
bandwidth or malformed packets, and
typically tries to force a target system to
allocate as many resources as possible for
each request.

22
Types of Cybersecurity Threats
5- Denial-of-Service Attack
SYN flood DDoS - initiating a Transmission
Control Protocol (TCP) connection
sequence involves sending a SYN request
that the host must respond to with a SYN-
ACK that acknowledges the request, and
then the requester must respond with an
ACK.
Attackers can exploit this sequence, tying
up server resources, by sending SYN
requests but not responding to the SYN-ACKs
from the host.

23
Types of Cybersecurity Threats
5- Denial-of-Service Attack
UDP flood DDoS - a remote host is flooded with User Datagram Protocol (UDP)
packets sent to random ports. This technique forces the host to search for
applications on the affected ports and respond with "Destination Unreachable"
packets, which uses up the host resources.

24
Types of Cybersecurity Threats
5- Denial-of-Service Attack
ICMP (Internet Control Message Protocol) flood - a barrage of ICMP Echo
Request packets overwhelms the target, consuming both inbound and
outgoing bandwidth. The servers may try to respond to each request with an
ICMP Echo Reply packet, but cannot keep up with the rate of requests, so
the system slows down.

25
Types of Cybersecurity Threats
6- Injection Attacks
Injection attacks exploit a
variety of vulnerabilities to
directly insert malicious input
into the code of a web
application.
Successful attacks may
expose sensitive
information, execute a DoS
attack or give and take the
entire system.

26
Types of Cybersecurity Threats
6- Injection Attacks
Here are some of the main vectors for
injection attacks:
SQL injection - an attacker enters an SQL query into an
end user input channel, such as a web form or comment
field. A vulnerable application will send the attacker's
data to the database and will execute any SQL
commands that have been injected into the query. Most
web applications use databases based on Structured
Query Language (SQL), making them vulnerable to SQL
injection. A new variant on this attack is NoSQL attacks,
targeted against databases that do not use a relational
data structure.

27
Types of Cybersecurity Threats
6- Injection Attacks
Code injection - an attacker can
inject code into an application if
it is vulnerable.

The web server executes the
malicious code as if it were part
of the application.

28
Types of Cybersecurity Threats
6- Injection Attacks
OS command injection - an
attacker can exploit a command
injection vulnerability to input
commands for the operating
system to execute. This allows
the attack to exfiltrate OS data or
take over the system.
29
Types of Cybersecurity Threats
6- Injection Attacks
LDAP injection - an attacker
inputs characters to change
Lightweight Directory Access
Protocol (LDAP) queries.
A system is vulnerable if it
uses unsensitized LDAP
queries. These attacks are
very severe because LDAP
servers may store user
accounts and credentials for
an entire organization.

30
Types of Cybersecurity Threats
6- Injection Attacks
XML external Entities (XXE) Injection - an attack is carried out using specially-
constructed XML documents. This differs from other attack vectors because it
exploits inherent vulnerabilities in legacy XML parsers rather than
unvalidated user inputs.
XML documents can be used to traverse paths, execute code remotely and
execute server-side request forgery (SSRF).

31
Types of Cybersecurity Threats
6- Injection Attacks
Cross-Site Scripting (XSS) - an
attacker inputs a string of text
containing malicious JavaScript. The
target's browser executes the code,
enabling the attacker to redirect
users to a malicious website or steal
session cookies to hijack a user's
session. An application is vulnerable to
XSS if it doesn't sanitize user inputs to
remove JavaScript code.

32
Types of Cybersecurity Threats
7- Password Attacks
Password attacks are
one of the most common
forms of corporate and
personal data breach.
A password attack is
simply when a hacker
tries to steal your
password.

33
Types of Cybersecurity Threats
7- Password Attacks
Six Types of Password Attacks & How to Stop Them :
Phishing - is when a hacker posing as a trustworthy party sends you a
fraudulent email, hoping you will reveal your personal information
voluntarily. Sometimes they lead you to fake "reset your password"
screens; other times, the links install malicious code on your device. We
highlight several examples on the Onelogin blog.
Man-in-the middle (MitM} attacks - are when a hacker or compromised
system sits in between two uncompromised people or systems and
deciphers the information they're passing to each other, including
passwords.

34
Types of Cybersecurity Threats
7- Password Attacks
Brute Force Attack - If a password is equivalent to using a key to open a
door, a brute force attack is using a battering ram.
Dictionary Attack - A type of brute force attack, dictionary attacks rely on
our habit of picking "basic" words as our password, the most common of
which hackers have collated into cracking dictionaries.
Credential Stuffing - If you've suffered a hack in the past, you know that
your old passwords were likely leaked onto a disreputable website.
Credential stuffing takes advantage of accounts that never had their
passwords changed after an account break-in.

35
Types of Cybersecurity Threats
7- Password Attacks
Keyloggers - Keyloggers are a type of malicious software designed to
track every keystroke and report it back to a hacker. Typically, a user will
download the software believing it to be legitimate, only for it to install a
keylogger without notice.

36
Cyber Security Solutions
Cyber Security Solutions
Cybersecurity solutions are tools that organizations use to help defend against
cybersecurity threats, as well as accidental damage, physical disasters, and
other threats.
Main types of security solutions:
Application security.
Network security.
Cloud Security.
Endpoint security.
Internet of Things (loT) security.
Threat intelligence.

37
Cyber Security Solutions
Main types of security solutions:
Application security
Application security - used to test software application vulnerabilities during
development and testing, and protect applications running in production,
from threats like network attacks, exploits of software vulnerabilities, and web
application attacks.

38
Cyber Security Solutions
Here are the most common application security tools:
Static Application Security Testing (SAST).
Dynamic Application Security Testing (DAST).
Interactive Application Security Testing (IAST).
Runtime Application Security Protection (RASP).
Mobile Application Security Testing (MAST).
Web Application Firewall (WAF).

39
Cyber Security Solutions
Network security - monitors network traffic, identifies potentially malicious
traffic, and enables organizations to block, filter or mitigate threats.
Types of network security:
Firewalls.
Intrusion prevention systems (IPS).
Network segmentation
Virtual Private Network ( VPN).
Access control.
Anti-virus and anti-malware software.
Email security.

40
Cyber Security Solutions
Cloud Security - implements security controls in public, private and hybrid cloud
environments, detecting and fixing false security configurations and vulnerabilities.
Cloud security is designed to protect the following:
Physical networks - routers, electrical power, cabling, climate controls, etc.
Data storage - hard drives, etc.
Data servers - core network computing hardware and software
Computer virtualization frameworks - virtual machine software, host machines, and guest
machines
Operating systems (OS) - software that houses
Middleware - Application Programming Interface (API) management,
Runtime environments - execution and upkeep of a running program.

41
Cyber Security Solutions
Endpoint security - deployed on endpoint devices such as servers and
employee workstations, which can prevent threats like malware,
unauthorized access, and exploitation of operating system and browser
vulnerabilities.
Different Types of Endpoint Security:
Internet-of-Things ( loT) Security.
Network Access Control (NAC).
Data Loss Prevention.
Insider Threat Protection.
Data Classification, Sandboxing.
URL Filtering, Browser Isolation.
Endpoint Encryption, Secure Email Gateways.

42
Cyber Security Solutions
Internet of Things (loT) security - connected devices are often used to
store sensitive data but are usually not protected by design. loT security
solutions help gain visibility and improve security for loT devices.
loT devices are used in multiple sectors and industries, including:
Consumer applications - loT consumer products include smartphones, smart
watches and smart homes, which control everything from air conditioning to
door locks, all from a single device.
Business applications - Businesses use a wide range of loT devices, including
smart security cameras, trackers for vehicles, ships and goods, as well as
sensors that capture data about industrial machinery.
Governmental applications - Governmental loT applications include devices
used to track wildlife, monitor traffic congestion and issue natural disaster
alerts.
43
Cyber Security Solutions
Threat intelligence
combines multiple feeds
containing data about attack
signatures and threat actors,
providing additional context for
security events.
Threat intelligence data can
help security teams detect
attacks, understand them, and
design the most appropriate
response.

44
Cyber Security Solutions

45
46