Chapter 20 - 01 - Understand the Fundamentals of Computer Forensics - 02_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Computer Forensics

Types of Cybercrimes
@ Cybercrime is defined as any illegal act involving
Q a computing device, network, its systems, or its
applications

Cyberxcrime can be categorized into two
Cybezxcrime
types based on the line of attack

Internal/Insider Attack External Attack

Q Itis an attack performed on a corporate OQO This type of attack occurs when an
network or on a single computer by an attacker from outside the organization
entrusted person (insider) who has tries to gain unauthorized access to its
authorized access to the network computing systems or informational
assets
O Such insiders can be former or current
employees, business partners, or O These attackers exploit security
contractors loopholes or use social engineering
techniques to infiltrate the network

Types of Cybercrimes
Cybercrime refers to “any illegal act that involves a computer, its systems, or its applications.”
Once investigators start investigating a crime scene, they must remember that cybercrimes are
mostly intentional in nature. The type of cybercrime committed depends on the tools of the
crime and its target.
The tools of the crime refer to various hacking tools used to commit the crime. They include the
computer or workstation used for the crime and the associated software and hardware. When
possible, forensic investigators usually take the available tools into custody to use them as
evidence.
The target of the crime refers to the victim, which can be a corporate organization, website,
consulting agency, or a government body. Targets can also mean a virtual environment that can
act as digital evidence because of an incident that occurred on it. A system becomes the target
for reasons such as stealing, modifying, or destroying data; unauthorized access; a Denial-of-
Service attack; or a Man-in-the-Middle attack. Based on the line of attack, cybercrimes can be
classified as internal/insider attacks and external attacks.
= Internal/Insider attacks

These attacks originate from people within the organization such as disgruntled
employees, current or terminated employees, business associates, contractors, and/or
undertrained staff. These insiders have legitimate access to computer systems and the
organization’s data and use such access negatively to harm the organization. As they
occur within the organizational network and utilize authorized access, insider attacks
can be quite difficult to detect. Examples of internal attacks include espionage, theft of
intellectual property, manipulation of records, and Trojan horse attack.

Module 20 Page 2172 Certified Cybersecurity Technician Copyright © by EG-Council
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Computer Forensics

External attacks

External attacks refer to attacks that originate from outside sources. Such attacks occur
when the information security policies and procedures are inadequate. Attackers from
outside the organization attempt to gain unauthorized access to the organization's
computing systems, network, or informational assets. External attacks are often
performed by cybercriminals and hackers who target protected corporate information
by either exploiting security vulnerabilities or using other social engineering techniques.
Examples of external attacks include SQL attack, brute-force cracking, identity theft,
phishing/spoofing, denial of service attack, cyber defamation etc.

Cybercriminals can launch external attacks on any corporate network with various goals
and objectives. They might manipulate or destroy confidential information, sabotage
systems, steal credentials of trusted users, or demand ransoms. This can severely
disrupt business continuity, tarnish the market reputation of the organization, and cause
loss of data and financial resources.

Module 20 Page 2173 Certified Cybersecurity Technician Copyright © by EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Computer Forensics

Examples of Cybercrimes. Espionage. Phishing/Spoofing

z2 Intellectual Property Theft 8 Privilege
Privilege Escalation Attacks. Data Manipulation ‘ Denial of Service Attack. Trojan Horse Attack. Cyber Defamation. Structured Query Language Attack. Cyberterrorism

‘ Brute-force Attack ‘ Cyberwarfare

Examples of Cybercrimes
Espionage: Corporate espionage is a central threat to organizations, as competitors
often aim to attempt to secure sensitive data through open source intelligence
gathering. Through this approach, competitors can launch similar products in the
market, alter prices, and generally undermine the market position of a target
organization.

Intellectual property theft: It is the process of stealing trade secrets, copyrights, or
patent rights of an asset or a material belonging to individuals or entities. The stolen
property is generally handed over to rivals or other competitors, resulting in huge losses
to the organization that developed or owned it.
Data manipulation: It is a malicious activity in which attackers modify, change, or alter
valuable digital content or sensitive data during transmission, instead of directly stealing
the data from the company. Data-manipulation attacks can lead to the loss of trust and
integrity.

Trojan horse attack: A computer Trojan is a program in which malicious or harmful code
is contained inside an apparently harmless program or data, which can later gain control
and cause damage, such as ruining the file allocation table on your hard disk. Attackers
use computer Trojans to trick the victim into performing a predefined action. Trojans
are activated upon users’ specific predefined actions such as unintentionally installing a
malicious software, clicking on a malicious link, etc., and upon activation, they can grant
attackers unrestricted access to all the data stored on the compromised information
system and potentially cause severe damage.

Module 20 Page 2174 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Computer Forensics

= Structured query language attack: SQL injection/attack is a technique used to take
advantage of unsanitized input vulnerabilities to pass SQL commands through a web
application for execution by a backend database. In this technique, the attacker injects
malicious SQL queries into the user input from either to gain unauthorized access to a
database or to retrieve information directly from the database.

= Brute-force attack: It is the process of using a software tool or script to guess the login
credentials or keys or discover hidden applications or webpages through a trial-and-
error method. A brute-force attack is performed by attempting all possible
combinations of usernames and passwords to determine valid credentials.
* Phishing/spoofing: Phishing is a technique in which an attacker sends an email or
provides a link falsely claiming to be from a legitimate site to acquire a user’s personal
or account information.
= Privilege escalation attacks: Privileges are a security role assigned to users for using
specific programs, features, OSs, functions, files, or codes, etc., to limit their access by
different types of users. If a user is assigned more privileges, he/she can modify or
interact with more restricted parts of the system or application than less privileged
users. Attackers initially gain system access with low privilege and then try to gain more
privileges to perform activities restricted from less privileged users

= Denial of service attack: A DoS attack is an attack on a computer or network that
reduces, restricts, or prevents access to system resources for legitimate users. In a DoS
attack, attackers flood a victim’s system with nonlegitimate service requests or traffic to
overload its resources and bring down the system, leading to the unavailability of the
victim’s website or at least significantly reducing the victim’s system or network
performance.

= Cyber defamation: It an offensive activity wherein a computer or device connected to
the web is employed as a tool or source point to damage the reputation of an
organization or individual. Sending defamatory emails or posting defamatory
statements on social media can damage the reputation of the target organization or
entity to a great extent.

= Cyberterrorism: It involves the use of the Internet or web resources for threatening,
intimidating, or performing violent activities to gain ideological or political advantages
over individuals or groups. It can be performed using computer worms, viruses,
malicious scripts, or malicious tools with a personal agenda.

= Cyberwarfare: Libicki defines cyber warfare as the use of information systems against
the virtual personas of individuals or groups. It is the broadest of all information
warfare. It includes information terrorism, semantic attacks (similar to Hacker warfare,
but instead of harming a system, it takes over the system while maintaining the
perception that it is operating correctly), and simula-warfare (simulated war, for
example, acquiring weapons for mere demonstration rather than actual use).

Module 20 Page 2175 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Computer Forensics

Impact of
Cybercrimes at the
Organizational. :
Loss of confidentiality, integrity and availability of information
Level stored in organizational systems

Theft of sensitive data

03 Sudden disruption of business activities

04 Loss of customer and stakeholder trust

05 Substantial reputational damage

06 Huge financial losses

07 Penalties arising from the failure to comply with regulations

Copyright © by EC-{ cll.
Bll. All Rights Reserved.
Reserved, ReproductionIsis Strictly Prohibited.
Prohibited

Impact of Cybercrimes at the Organizational Level
Most businesses are reliant on the Internet and digital economy today, which has also led to
their phenomenal growth on a global scale. However, such complete digitalization of business
processes also poses new cybersecurity risks and threats. New methods of cyberattacks and
inadequate cybersecurity protocols have resulted in massive data breaches in organizations in
recent times. The major consequences of cybercrimes in organizations include theft of sensitive
information, disruption of normal business operations, and substantial reputational damage.
These breaches further lead to the loss of confidentiality, integrity, and availability of
information stored in organizational systems as well as the loss of customer and stakeholder
trust.

The nature of cybercrime is evolving with malicious insider attacks and increased phishing
attempts with maximum organizational impact. With the growing number of security breaches,
the cost associated with the mitigation of cyberattacks is also rising.

With such an ever-expanding threat landscape, organizations need to take appropriate
measures for the investigation, containment, and eradication of cyber threats. They must also
make targeted investments to strengthen their IT security framework in compliance with the
relevant policies, standards, and regulations.

Module 20 Page 2176 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.