Workshop 1 - Cybersecurity Awareness - De Montfort University Kazakhstan PDF

CSEC1001K : Foundation of Computing and Cyber Security Week – 1 Workshop 1: Cyber Security Awareness Outline Cybersecurity Awareness Personal Data – Characteristics and value of personal data. – Explain why personal data is profitable to hackers. The Profile of a Cyber Attacker Cyberwarfare – Characteristics and purpose of cyberwarfare Cybersecurity Awareness Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, the term security implies cybersecurity. Your information, devices, and networks are valuable and need to be protected from others who have malicious intent. Attacks can happen beyond the screen through social means, and it is important to identify different types of attacks. This is why cybersecurity is important. 4% Surface web Target personal data Stolen credit or debit card $20 - $35 96% Deep web Bank account login $200 PayPal login $20 - $300 Amazon or Netflix $1 Medical record $350 Source: Technical Press Personal Data: Introduction to Personal Data Your Online and Offline Identity – Offline Identity Your identity that interacts on a regular basis at home, school or work – Online Identity Your identity while you are in cyberspace Should only reveal a limited amount of information about you Username or alias – Should not include any personal information – Should be appropriate and respectful – Should not attract unwanted attention Why Would a Hacker Target Me or my Organization? What Motivates Hackers? There are many motivations for hackers including: Financial gain Reputation Damage Activism and Political Revenge Pride and challenges Fun or because they can Your Information is Worth Money Regardless of how much money you have, cybercriminals can still profit from hacking you. Personal information, email addresses, financial information, passwords, and account information are all worth money on the dark web. Your computer can be utilized for cryptocurrency mining. When hackers can compromise hundreds or thousands of people with the same attack, they can make a lot of money selling collections of information. Introduction to Personal Data Your Data – Medical Records electronic health records (EHR) – physical, mental, and other personal information prescriptions – Education Records Grades, test scores, courses taken, awards and degrees rewarded Attendance Disciplinary reports – Employment and Financial Records Income and expenditures Tax records – paycheck stubs, credit card statements, credit rating and banking statement Past employment and performance Personal Data Where is Your Data? – Medical records: doctor’s office, insurance company – Store loyalty cards Stores compile your purchases Marketing partner uses the profiles for target advertisement – Online pictures: friends, strangers may also have a copy Your Computer Devices – Data storage and your portal to your online data – List some example of your computing devices It is Often Not Personal A lot of attacks are low effort attempts on thousands of users at a time. These types of attacks include phishing emails, fake social media giveaways, and unsecure websites full of malware. The idea behind these attacks if they target enough people, someone will fall for it eventually. Ransomware Normally loaded onto a computer via a download/attachment/link from an email or website. Will either lock the screen or encrypt your data. Wannacry attack 2017 - One of the biggest cyber attacks to occur. Is said to have hit 300,000 computers in 150 countries. Companies affected include; NHS, Renault, FedEx, Spanish telecoms and gas companies, German railways. How to tackle Ransomware Back up - Keep a backed up copy of your data. Ensure its not permanently connected to the network. Patch - Keep your software up to date. Wannacry was successful as those affected computers hadn’t updated. The update contained a fix for the problem. Attachments - Don’t click on links from emails/SMS as this could easily be from an untrusted source and contain malware like Ransomware Phishing Is the attempt to obtain sensitive information by deception. They will be after your login credentials, payment card details or to upload malware to your computer The email will normally impersonate a genuine company or person. How to tackle the problem Don’t click any links on an email unless you can guarantee who its from. Use a trusted method of contacting the company via a phone number, app or website. Mark the email as spam and contact the organisation. What to look out for when visiting a website? Ensure you’re on the correct website HTTPS and the padlock- The ‘S’ stands for secure, this means you have a secure connection to the website. This should prevent a ‘man in the middle’ attack. It encrypts your data and the receiver will be able to decrypt it but if it is a fraudulent website they will still obtain your information. Use a credit card / PayPal when conducting online transactions. Find the problem on this web page! Type of breach or attack in the Businesses Charities last 12 months Phishing attacks 79% 83% Others impersonating 31% 29% organisation in emails or online Viruses, spyware or malware 11% 9% (excluding ransomware) Hacking or attempted hacking of 11% 6% online bank accounts Takeovers of organisation’s or 9% 5% users’ accounts Denial of service attacks 7% 7% Ransomware 4% 4% Unauthorised accessing of files or 2% 4% networks by staff Unauthorised accessing of files or 2% 2% networks by outsiders Unauthorised listening into video 0.5% 1% conferences or instant messages* Any other breaches or attacks 4% 4% Department for Science, Innovation & Technology : Cyber security breaches survey 2023 https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 The Profile of a Cyber Attacker Internal and External Threats Internal Security Threats – Can be an employee or contract partner Mishandle confidential data Threaten the operations of internal servers or network infrastructure devices Facilitate outside attacks by connecting infected USB media into the corporate computer system Accidentally invite malware onto the network through malicious email or websites Can cause great damage because of direct access External Security Threats – exploit vulnerabilities in network or computing devices – use social engineering to gain access When Cars Attack… FBI most wanted criminal & expert hacker is on the run from US federal law enforcement in Manhattan To slow-down the authorities, she hacks passenger cars across Manhattan, remotely disabling their safety systems and overriding their controls to force them to crash into one another. Fact or Fiction? FACT: The Jeep Hacking Duo Team of hackers pool their money to buy a 2014 Jeep Cherokee After months of research, they discover how to remotely takeover all Jeeps via the onboard internet connection and can crash them at will. They use the vulnerability to attack a journalist who is doing an investigative report on their research https://www.youtube.com/watch?v=MK0SrxBC1xs What is Flipper Zero? Flipper Zero is like a remote control that can interact with various electronic devices, allowing you to explore how they work and even control some of them. The buzz around Flipper Zero grew, especially on TikTok, where it was featured in numerous videos of hackers and aspiring script kiddies playing mischief in public places. https://www.youtube.com/watch?v=T2yOh_SbPs0&ab_channel=InterestingEngineering What is Cyberwarfare What is Cyberwarfare? – Conflict using cyberspace – Stuxnet malware Designed to damage Iran’s nuclear enrichment plant Used modular coding Used stolen digital certificates The Purpose of Cyberwarfare Use to gain advantage over adversaries, nations or competitors – Can sabotage the infrastructure of other nations – Give the attackers the ability to blackmail governmental personnel – Citizens may lose confidence in the government’s ability to protect them. – Affect the citizens’ faith in their government without ever physically invading the targeted nation. The Stuxnet Worm Written to subvert SCADA for Siemens centrifuge programmable logic controllers (PLCs) – Damaged Uranium-enrichment centrifuges in Iran – Spun too fast – crashed physically 60% of Stuxnet infections were in Iran Speculations that US & Israel wrote Stuxnet Worm – No direct proof – Circumstantial evidence includes codes and dates that might be related to Israel – Documents supporting view that US involved were released by Edward Snowden in July 2013 You can read more about it here: https://en.wikipedia.org/wiki/Stuxnet Questions

Workshop 1 - Cybersecurity Awareness - De Montfort University Kazakhstan PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue