CSIT123 Week 8 Lecture - Cybersecurity (PDF)

University of Wollongong in Dubai Learning objectives  Define Cyber Security  Importance of Cyber Security  Nature of Cyber Attacks.  Different types of attacks, Cyber Threats.  Common Sources of Cyber Threats  Prevention of cyber attacks.  Attacks repair and Detection Techniques Cyber Security  Cybersecurity is the practice of defending computers,  servers,  mobile devices,  electronic systems,  networks, and data  from malicious attacks.  It's also known as information technology security or electronic information security  The term "cybersecurity" applies in a variety of contexts, from business to mobile computing, and can be divided into a few common categories. Cyber Security  Network security is the practice of securing a computer network from intruders, whether targeted attackers or opportunistic malware  Application security focuses on keeping software and devices free of threats.  Information security protects the integrity and privacy of data, both in storage and in transit.  Operational security includes the processes and decisions for handling and protecting data assets  Disaster recovery and business continuity define how an organization responds to a cyber-security incident or any other event that causes the loss of operations or data. Why is Cybersecurity Important?  In today’s digital world, one cannot ignore cybersecurity  One single security breach can lead to exposing the personal information of millions of people.  These breaches have a strong financial impact on the companies and also loss of the trust of customers.  Therefore, cyber security is very essential to protect businesses and individuals from spammers and cyber criminals https://www.simplilearn.com/tutorials/cyber-security-tutorial/what-is-cyber-security Why is Cybersecurity Important?  According to Cybercrime Magazine, cybercrime will cost the world $10.5 trillion annually by 2025!  Furthermore, global cybercrime costs are predicted to rise by almost 15 percent yearly over the next four years.  Concepts such as the pandemic, cryptocurrency, and the rise in remote working are coming together to create a target-rich environment for criminals to take advantage of.  Therefore, Cyber security is important to protect the technologies, processes, and methods to defend computer systems, data, and networks from attacks. Cyber Threats  Cybercrime is defined as any unauthorized activity involving a computer, device, or network.  Cyber criminals typically target your systems for three reasons: 1. To invade your privacy 2. To compromise the trustworthiness of your data 3. To deny access to information  In some of the threats like computer-assisted crimes, crimes where the computer itself is a target, and crimes where the computer is incidental to the crime rather than directly related. Common Cyber Threats  Common Cyber Threats:  Cyberterrorism  Malware  Botnets  Adware  SQL injection Cyber Threats Contd..  Common Cyber Threats:  Phishing  Man-in-the-middle attack  Denial of Service  Social Engineering Based Attacks Cyber Threats Contd..  Cyberterrorism: This threat is a politically-based attack on computers and information technology to cause harm and create widespread social disruption.  Malware: This threat encompasses ransomware, spyware, viruses, and worms.  It can install harmful software, block access to your computer resources, disrupt the system, or covertly transmit information from your data storage  Trojan: this attack tricks users into thinking they're opening a harmless file. Instead, once the trojan is in place, it attacks the system, typically establishing a backdoor that allows access to cybercriminals. Cyber Threats Contd..  Botnets: This especially hideous attack involves large-scale cyberattacks conducted by remotely controlled malware-infected devices.  Think of it as a string of computers under the control of one coordinating cybercriminal.  Adware: This threat is a form of malware.  It's often called advertisement-supported software.  The adware virus is a potentially unwanted program (PUP) installed without your permission and automatically generates unwanted online advertisements. Cyber Threats Contd..  SQL injection: A Structured Query Language attack inserts malicious code into a SQL-using server  SQL injection is a code injection technique that might destroy your database.  SQL injection is one of the most common web hacking techniques.  SQL injection is the placement of malicious code in SQL statements, via web page input. Cyber Threats Contd..  Phishing: Hackers use false communications, especially e-mail, to fool the recipient into opening it and following instructions that typically ask for personal information. Some phishing attacks also install malware.  Types are:  Spear phishing involves targeting a specific individual in an organization to try to steal their login credentials.  The attacker often first gathers information about the person before starting the attack, such as their name, position, and contact details. Cyber Threats Contd..  Vishing, which is short for "voice phishing," is when someone uses the phone to try to steal information.  The attacker may pretend to be a trusted friend or relative or to represent them.  Email phishing scam, the attacker sends an email that looks legitimate, designed to trick the recipient into entering information in reply or on a site that the hacker can use to steal or sell their data. Cyber Threats Contd..  Pharming attack, the victim gets malicious code installed on their computer. This code then sends the victim to a fake website designed to gather their login credentials.  Evil twin attack, the hacker sets up a false Wi-Fi network that looks real.  If someone logs in to it and enters sensitive details, the hacker captures their info.  Watering hole phishing attack, a hacker figures out a site a group of users tends to visit.  They then use it to infect the users’ computers in an attempt to penetrate the network. Cyber Threats Contd..  A whaling attack is a phishing attack that targets a senior executive.  These individuals often have deep access to sensitive areas of the network, so a successful attack can result in access to valuable info.  Social engineering attacks pressure someone into revealing sensitive information by manipulating them psychologically.  Smishing is phishing through some form of a text message or SMS. Cyber Threats Contd..  Man-in-the-middle attack: MITM attacks involve hackers inserting themselves into a two- person online transaction.  Once in, the hackers can filter and steal desired data. MITM attacks often happen on unsecured public Wi-Fi networks.  Well known example- In 2017, Equifax, the popular credit score company, was targeted by man-in-the-middle attacks that victimized users who used the Equifax app without using HTTPS, which is a secure way to browse the internet. As the users accessed their accounts, the hackers intercepted their transmissions, stealing their Cyber Threats Contd..  Denial of Service: DoS is a cyber attack that floods a network or computer with an overwhelming amount of “handshake” processes, effectively overloading the system and making it incapable of responding to user requests.  DoS attacks typically function by overwhelming or flooding a targeted machine with requests until normal traffic is unable to be processed, resulting in denial-of- service to addition users.  A DoS attack is characterized by using a single computer to launch the attack.  A distributed denial-of-service (DDoS) attack is a type of DoS attack that comes from many distributed sources, such as a botnet DDoS attack. Cyber Threats Contd..  A few common historic DoS attacks:  Smurf attack - a previously exploited DoS attack in which a malicious actor utilizes the broadcast address of vulnerable network by sending spoofed packets, resulting in the flooding of a targeted IP address.  Ping flood - this simple denial-of-service attack is based on overwhelming a target with ICMP (ping) packets. By inundating a target with more pings than it is able to respond to efficiently, denial-of- service can occur. This attack can also be used as a DDoS attack. https://www.cloudflare.com/learning/ddos/glossary/denial-of-service/ Cyber Threats Contd..  A few common historic DoS attacks:  Ping of Death - often conflated with a ping flood attack, a ping of death attack involves sending a malformed packet to a targeted machine, resulting in deleterious behavior such as system crashes.  Indicators of a DoS attack include: A typically slow network performance such as long load times for files or websites The inability to load a particular website such as your web property A sudden loss of connectivity across devices on the same network https://www.cloudflare.com/learning/ddos/glossary/denial-of-service/ DoS vs DDoS Common Sources of Cyber Threats  Nation states  Terrorist organizations  Criminal groups  Hackers/ Hacktivist  Malicious insiders Common Sources of Cyber Threats  Nation states—hostile countries can launch cyber attacks against local companies and institutions, aiming to interfere with communications, cause disorder, and inflict damage.  Terrorist organizations—terrorists conduct cyber attacks aimed at destroying or abusing critical infrastructure, threaten national security, disrupt economies, and cause bodily harm to citizens.  Criminal groups—organized groups of hackers aim to break into computing systems for economic benefit.  These groups use phishing, spam, spyware and malware for extortion, theft of private information, and online scams. Common Sources of Cyber Threats  Hackers—individual hackers target organizations using a variety of attack techniques.  They are usually motivated by personal gain, revenge, financial gain, or political activity.  Hackers often develop new threats, to advance their criminal ability and improve their personal standing in the hacker community.  Types of attackers are: White Hat, Grey Hat and Black hat hacker  Hacktivist: Hacktivism is the act of misusing a computer system or network for a socially or politically motivated reason. Individuals who perform hacktivism are known as hacktivists. Hackers https://www.techtarget.com/searchsecurity/definition/white-hat Common Sources of Cyber Threats  Malicious insiders—an employee who has legitimate access to company assets, and abuses their privileges to steal information or damage computing systems for economic or personal gain.  Insiders may be employees, contractors, suppliers, or partners of the target organization. They can also be outsiders who have compromised a privileged account and are impersonating its owner. Classification of Threats https://www.imperva.com/ learn/application-security/cyber- security-threats/ Key Cybersecurity Technologies Use VPN to privatize your connections Before clicking on links check the links Do not be lethargic with your passwords Scan external devices for viruses Store sensitive information in a secure place Enable two-factor authentication Key Cybersecurity Technologies Contd.. Double-check the HTTPS on websites Remove adware from the computer Disable Bluetooth connection when you are not using it. Avoid using public networks Invest in security upgrades Employ white hat hacker Cyber Attack Prevention  A few security tools commonly deployed by organizations to prevent cyber attacks.  Of course, tools are not enough to prevent attacks—every organization needs trained IT and security staff, or outsourced security services, to manage the tools and effectively use them to mitigate threats.  Some of the common strategies are:  Web Application Firewall – Prevent attacks with world-class web traffic analysis to your applications. Cyber Attack Prevention Contd..  API Security – Automated API protection ensures your API endpoints are protected as they are published, shielding your applications from exploitation.  APIs are increasing exponentially with digital transformation projects creating the newest attack surface that security teams struggle to stay on top of.  Eliminate data leakage and API abuse with comprehensive API discovery of all endpoints and classification of sensitive data. Cyber Attack Prevention Contd..  DDoS Protection – Block attack traffic at the edge to ensure business continuity with guaranteed uptime and no performance impact.  Secure your on-premises or cloud-based assets – whether you’re hosted in AWS, Microsoft Azure, or Google Public Cloud  Client-Side Protection – Gain visibility and control over third-party JavaScript code to reduce the risk of supply chain fraud, prevent data breaches, and client-side attacks. https://www.imperva.com/learn/application-security/cyber-security-threats/ Cyber Attack Prevention Contd..  Cloud Data Security – Simplify securing your cloud databases to catch up and keep up with DevOps.  Use a password manager: Sick of trying to remember all your passwords, or having to change them every time you login?  Use multi-factor authentication: For an extra layer of security, consider using multi-factor authentication.  Also known as two factor authentication, MFA and https://www.vu.edu.au/about-vu/news-events/study-space/5-easy-ways-to-protect-yourself- 2FA, it adds an extra layer of security for from-cyber-attacks websites, so you can confirm who you say you Cyber Attack Prevention Contd..  Trust no one (on emails, phone or text): don't open email from unknown email addresses trash attachments in unexpected emails avoid risky clicks – instead type the address into your browser.  Secure your device by: installing anti-virus software setting a password, gesture or fingerprint that must be entered to unlock setting the device to require a password before applications are installed leaving Bluetooth hidden when not in use and disabling automatic connection to networks enabling remote locking and/or wiping functions, if your device supports them. https://www.vu.edu.au/about-vu/news-events/study-space/5-easy-ways-to-protect-yourself- from-cyber-attacks Cyber Attack Prevention Contd..  Update your software: Make sure you routinely update the software system on your devices – your phone, tablet and laptop.  In fact, consider turning on automatic updates, so the work is done for you in the background.  Use a secure web browser: Keep to sites that use the green padlock and ‘HTTPS’. https://www.vu.edu.au/about-vu/news-events/study-space/5-easy-ways-to-protect-yourself- from-cyber-attacks Cyber Attack Prevention Contd..  Common Strategies: Attacks repair and Detection Techniques  Today, every organization that uses technology is at risk of a cyber event.  If you have clients who are at risk of a cyber attack, help them protect their businesses with these three steps: 1. Prevent  Enhance Your Security Features  Many cybercriminals will aim for the easy targets first.  Implementing security features such as complex passwords, Multi- factor authentication, and a Secure Email Gateway (SEG) are simple but crucial steps in intercepting thousands of cyber attacks that are launched daily.  The spam folder of your email can demonstrate just how common these attacks are. Attacks repair and Detection Techniques 1. Prevent  Update Your Software Regularly  Create a Culture of Cyber-Security Awareness  Human error is often an organization’s biggest vulnerability.  With thousands of social engineering attacks launched at businesses every day (largely to email addresses), hackers can easily gain unauthorized access to networks via unknowing employees.  Security awareness training should be a regular and recurring part of your clients’ cyber security plan and company culture. https://prowritersins.com/services/risk-management/how-to-deal-with-cyber-attacks/ Attacks repair and Detection Techniques 2. Respond  Act Quickly and Efficiently  Once it has become clear that a cyber attack has taken place or sensitive information leaked, it’s important that business owners act immediately. A proactively set data breach response plan is one of the best ways to mitigate the damages of an attack once it has occurred.  Notify the Appropriate Parties: This includes both victims of the cyber event and the authorities. Transparency is key in responding to a cyber attack. Attacks repair and Detection Techniques 3. Recover or repair  Restore or Replace All Possible Data:  With the help of an IT forensic team, it may be possible to recover lost data.  In cases where this data may be lost, your clients will be forced to rebuild.  Backing up electronically-stored data regularly is recommended to reduce the amount of potential data that could be lost. Attacks repair and Detection Techniques 3. Recover or repair  Adapt to Prevent Another Attack:  Following a potential breach, your clients should take a step back and review what vulnerability may have led to this hacker’s successful attack.  Was there a lack of training?  Or software that was outdated? Attacks repair and Detection Techniques 3. Recover or repair  Locate the source: Tracing activity back to the root cause will help you identify both the vulnerabilities being exploited and next steps for mitigating the incident.  Isolate and contain: Blocking a malicious cybercriminal or virus from accessing additional resources is essential.  This ensures that damage is minimal and that their tactics can’t do any more harm than they already have. https://managedmethods.com/blog/cyber-attack-recovery/ Attack Detection Techniques Cybersecurity Measures to Detect Potential Cyber Attacks 1. Foundational Tools: Intrusion Detection Systems (IDS): These monitor network traffic or system activities for malicious behavior or policy violations. IDS can be categorized into network-based IDS (NIDS) and host-based IDS (HIDS). NIDS passively monitors network traffic and analyzes packets to identify suspicious patterns or signatures of known attacks. While, HIDS are deployed on individual hosts or endpoints to monitor activities such as file integrity changes, registry modifications, or unauthorized access attempts. https://www.eccu.edu/blog/methods-technologies-detect-cyber-attacks/ Attack Detection Techniques Cybersecurity Measures to Detect Potential Cyber Attacks 1. Foundational Tools: Intrusion Prevention Systems (IPS): It builds upon the capabilities of IDS by not only detecting but also actively preventing the latest cyber attacks. IPS sits in line with network traffic and can block or drop malicious packets or connections based on predefined security policies. IPS can proactively defend against various cyber threats by leveraging real-time threat intelligence and attack signatures, including malware, denial-of-service (DoS) attacks, and intrusion attempts Attack Detection Techniques Cybersecurity Measures to Detect Potential Cyber Attacks 2. Network Security Mechanisms: Firewalls: By scrutinizing and managing incoming and outgoing network traffic based on predetermined security regulations, firewalls act as an essential defense device for network security. Security Information and Event Management (SIEM): It accumulates, analyzes, and correlates log data from diverse sources within an organization’s IT infrastructure, including network devices, servers, applications, and endpoints. SIEM enables centralized monitoring and detection of any cyberattack by aggregating and analyzing security events in real-time. Attack Detection Techniques Cybersecurity Measures to Detect Potential Cyber Attacks 3. Endpoint Detection and Response (EDR): Endpoint Detection and Response (EDR) solutions are designed to protect individual endpoints, such as computers, laptops, and mobile devices, from advanced cyber threats. EDR combines continuous monitoring of endpoint activities with advanced threat detection capabilities to identify and respond to the latest cyber attack examples in real time. Attack Detection Techniques Cybersecurity Measures to Detect Potential Cyber Attacks 4. Advanced Detection Techniques: Anomaly Detection: Anomaly detection involves monitoring system behavior and user activities to identify deviations from standard patterns that may indicate potential cyber attacks5. 5. Threat Intelligence: One of the key elements to detecting any cyber attack is threat intelligence Threat intelligence encompasses various information sources, including open-source intelligence (OSINT), commercial threat feeds, and information-sharing partnerships with industry peers and government agencies Attack Detection Techniques Cybersecurity Measures to Detect Potential Cyber Attacks 6. Security Assessment: Penetration Testing: simulates real-world cyber attacks to identify and exploit security vulnerabilities in an organization’s systems, networks, and applications. It helps organizations detect potential cyber attacks by uncovering weaknesses that malicious actors could exploit. By conducting regular penetration tests internally or by engaging security experts, organizations can assess their security posture, validate the effectiveness of defensive measures, and prioritize remediation efforts. Attack Detection Techniques Cybersecurity Measures to Detect Potential Cyber Attacks 7. User Training and Awareness: User training and awareness are essential for an effective cybersecurity strategy to detect potential cyber attacks. Familiarizing employees with the best cybersecurity techniques, such as recognizing phishing emails, avoiding suspicious links, and practicing good password hygiene, can help prevent successful cyber attacks. 8. Behavioral Analysis: Behavioral analysis involves monitoring user behaviors and system activities to detect potential cyber-attacks based on deviations from standard patterns. Behavioral analysis solutions use machine learning algorithms and behavioral modeling techniques to establish baseline behavior profiles for users, systems, and applications. References  https://www.simplilearn.com/tutorials/cyber-security- tutorial/what-is-cyber-security  https://www.cloudflare.com/learning/ddos/glossary/ denial-of-service/  https://www.techtarget.com/searchsecurity/ definition/white-hat  https://www.imperva.com/learn/application- security/cyber-security-threats/  https://www.imperva.com/learn/application- security/cyber-security-threats/  https://www.vu.edu.au/about-vu/news-events/study- space/5-easy-ways-to-protect-yourself-from-cyber- attacks  https://managedmethods.com/blog/cyber-attack- recovery/

CSIT123 Week 8 Lecture - Cybersecurity (PDF)

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue