Book Notes CBIS Methods of Securing Information

Limitations of White Hat Hacking

- Can be very expensive - The focus is often on infiltration that makes the analysis one dimensional - The cybersecurity environment is always changing - Penetration testing can become quickly outdated

Malware can be used for:

- Cyberextortion - Cyberterrorism - Protest - Cyberstalking

Cybercrime - Ongoing Series of Events

- Cyberstalking - Child predation - Extortion or blackmail - Terrorist activities

Breach and Attack Simulation Technologies

- Execute thousands of attack techniques continuously - Allowing for more realistic analysis of the threats and weaknesses of IT infrastructure

Trojan Horse Use Examples

- Find passwords - Destroy data - Bypass Firewalls - Disrupt computer performance

White Hat Hackers Job

- Paid based on the hours they spend testing security - - Can spend hours, days, or weeks depending on the complexity of the network and the scope of testing

White Hat Hackers Tasks

- Penetration Testing - Vulnerability Testing - Testing in-place security systems

Examples of Cyberattacks

- Pharming and phishing - Spamming and spoofing - Trojans and viruses - Identity theft - DoS and DDoS attacks

Ransomware Methods of Attack

- Phishing through email messages with illegitimate file attachments - Built-in social engineering software that tricks a user into allowing admin access to crucial data - Some attacks are designed to take advantage of poor security controls and don't require admin access

State-Sponsored Cyberwarfare Attack Traits

- Relatively inexpensive when compared to traditional warfare - Difficult to trace and identify - Can cause widespread damage to IT infrastructure

State-Sponsored Cyberwarfare attacks can be utilized to:

- Send warnings - Intentionally hard resources - Create conflict between countries

Types of Keystroke Loggers

- Software-Based: usually a Trojan - Hardware-Based: USB decice - Cloud-Based: available for use by parents, organizations and others and are designed to record computer activities that take place via a web browser (gaming, chatting, and website visits)

Symptoms of a Computer Virus

- The operating system may not launch properly - User may need to reboot the computer frequently - Critical files may get deleted automatically (periodically or all at once) - Error message will become prevalent - Difficult to save documents - Computer may run slower than usual

4. The virus payload is released

- The payload hits the computer and other infected devices. - These actions are repeated over and over, resulting in a full-blown virus attack

Cybercrime - A Single Event

- Unknowingly downloading a Trojan horse virus - Installing a keystroke logger - Responding to a phishing request - Experiencing theft or manipulation of data - Falling victim to identity theft and/or e-commerce fraud

Breach and Attack Simulation Technologies

- Used to automate hacking and threat/infiltration analysis. - Execute thousands of attack techniques continuously, thus allowing for a more realistic analysis of the threats and weaknesses of the IT infrastructure - Used white hat hackers

Network Access Translation (NAT)

- Used to protect data - Hides internal IP addresses - Must be used in conjunction with the firewall built into the router or by the firewall provided by the OS - NAT can be packet filters

Common Types of Malware

- Viruses - Worms - Trojans

Questions to Answer During an Information Security Risk Assessment

- What data breach would have a major impact on our business? - What are the relevant threats & threat sources to our organization? - What are the internal and external vulnerabilities? - What is the impact if those vulnerabilities are exploited? - What is the likelihood of exploitation? - What could impact the ability of the business to function? - What is the level of risk our organization is comfortable taking? - What are our organization's most important IT assets?

Questions to Answer Before IT Security Control Development Can Occur

- What is the risk I am reducing? - Is this the highest priority security risk? - Am I reducing the risk in the most cost-effective way?

Illegitimate Packet Sniffers

- used to steal info - can be hard to detect - can lead to data breaches

4 Steps to Protect Computers and Networks from Natural Disasters

1. Business Continuity Plan 2. Off-site Cloud Storage 3. Maintenance of Data Inventory 4. Geographic Data Redundancy

How Spear Phishing Works

1. Email arrives 2. You open the message 3. You visit a bogus site and enter your username and password to access your account 4. This info is recorded and can now be used by the hacker

A Computer Virus Attacks a Digital Device Using a Series of Actions

1. The virus arrives 2. Virus activation 3. The virus spreads 4. The virus payload is released

Two Types of Cyberattack Designs

1. To disable a target computer or prevent it from accessing a network or the Internet 2. To gain access to data stored on a device or to gain administrative privileges to a device

Cybercrime

A crime in which computer is the object of the crime or is used to commit a crime or offense

Keystroke Logger

A form of spyware that records all actions typed on a keyboard - hardware and software applications - designed to record passwords and confidential info

Trojan Horse

A program that appears legitimate but executes an unwanted activity when activated

Computer Virus

A software that infects computers and is created using computer code - Typically must be RUN to attack and do damage - Can destroy programs or alter the operations of a computer or network - Name came from Frederick Cohen

Rootkit

A type of malicious computer program that is designed to operate secretly in a device - Allow unauthorized access by cybercriminals, enabling them to remotely control a computer - Used to steal passwords and credit card/banking info

2. Virus activation

An action such as running or opening a file activates the virus. Once activated, the virus copies itself into files and other locations o your computer.

White Hat Hackers Use a New Type of Technology to Test Security

Breach and attack simulation technologies are used to automate hacking and threat/infiltration analysis

Black Hat Hackers

Break into computer systems with the intent of causing damage or stealing data - AKA hackers or crackers - Most learned how to hack using scripts available on the Internet

The Dark Web

Content posted on the Internet that is not indexed by popular search engines like Google - Specific web browser is required (usually Tor)

Off-site Cloud Storage

Data is stored outside an organization and thus increases the likelihood that data can be retrieved

What a Trojan Horse does to data

Delete Block Copy Modify

Malware (Malicious Software) is

Designed to: - steal info - destroy data - impact the operations of a computer or network - frustrate the user

Ransomware Step 1

Encrypts the victim's data files - A message offers to decrypt the files if the victim makes a ransom payment to the perpetrator

Firewall

Hardware or software used to keep a computer secure from outside threats such as hackers and viruses - allow or block Internet traffic in and out of a network or computer - ideally consist of both hardware and software

Packet Filters

Inspect each packet leaving or entering a network and either accept or reject a packet based on a predetermined set of rules

Distributed Denial of Service (DDoS)

Launches a virus on a computer - uses many devices to slow down or crash a network - zombies/bots work together to send messages and site requests - creating huge volumes of network traffic that result in a network crash

Myth About Computer Virus Attacks

Mac computers ARE susceptible to computer virus attacks - although PCs are more widely targeted

Ransomware

Malware that makes a computer's data inaccessible until a random is paid - or another version threatens to make the victims personal files public unless the ransom is paid

White Hat Hackers Definition

Non-malicious computer security experts who test the security measures of an organization's information systems to ensure they are protected against malicious intrusions - ethical hackers to test security of IT infrastructure

Drive-By Download

Occurs when you visit an illegitimate website that automatically downloads malware onto a device - make sure your software is frequently updated

Ransomware Step 3

Once payment is made, the perp may or may not send a decrypting code that allows the victim to open the data files again

Behavior Science

One method organizations are using to deal with the increase in cybersecurity threats and the decrease in the effectiveness of traditional security

Ransomware Step 2

Payment is made via a means that is difficult to trace - ex: with Bitcoin or prepaid credit cards

Packet Capture

Record the data packets as they are sent over a network and copy the information to a designated file

Packet Sniffers/Analyzers

Specialized hardware/software that capture packets transmitted over a network

Business Continuity Plan

The FEMA recommends these as a plan that outlines the steps that should be taken if a cyberattack occurs

3. The virus spreads

The infection spreads to other computers via infected email, files, or contact with infected web sites

Geographic Data Redundancy

The replication and storage of data in separate locations

White Hat Hackers Techniques

The same techniques and tools that are used by illegitimate hackers: - rootkits - social engineering - spoofing - back door program

Risk =

Threat x Vulnerability x Asset

Penetration (Pen) Testing Goal

To find gaps in network security and to test security defenses

Trojan Horse Uses

To gain unauthorized access to a user's device or systems

Trojan Horses vs. Viruses

Trojan horses do not replicate themselves and are often found attached to free downloads and apps

Cloudfare

a Cali-based company that protects websites from DDoS attacks

Ransomware usually invades with

a Trojan horse, in a legitimate-looking email, or with a worm in a networked computer

Cyberattack

a deliberate misuse of computers and networks via the Internet

Botnet

a group of computers under the control of a hacker - when established, the hacker is able to direct each device via remote access

Zombie/Bot

a hacker uses software to infect computers (laptops, desktops, tablets, and Internet of Things (IOT) devices)

mSPy

a key logger that can be downloaded and used to monitor activities o smartphones, tablets, and laptops

Spear Phishing

a type of email scam that tis directed toward a specific person or organization - precise type of attack - to steal data - install malicious software on a device

Cybersecurity Risk Assessment

about understanding, managing, controlling, and mitigating cyber risk across your organization

A Trojan (horse) is a program that

appears legitimate, but executes an unwanted activity when activated

Legitimate Packet Sniffers

are used for routine examination and problem detection

Black hat malware kits are

available for purchase on the Dark Web

Packet Sniffers are used on

both wired and wireless networks

White Hack Hackers are often hired as

consultants to expose weaknesses in a network's firewalls

State-Sponsored Cyberwarfare

cyberattacks that originate and are executed by foreign government - can be directly launched by foreign gov - or individuals who have been paid to execute the attack

Typical Firewall Programs or Hardware Devices

filter all information coming through the Internet to your network or computer system

Traditional Security Methods

firewalls, two-factor authentication, and passwords

Trojans are commonly used by hackers to

gain access to systems and devices

Once the Trojan is deployed,

hackers have the ability to create a backdoor to the user's system that allows them to spy on computer activities and steal sensitive data

Malware Programs are Often Developed By

hackers who are looking t make money by launching the malware on their own or by selling it on the Dark Web

Data packets are transmitted across the Internet using

he Transmission Control Protocol (TCP/IP)

Most cybercrimes are committed by

individuals (usually cyber criminals or hackers)i

Proxy Servers

intercept all messages between client and server and help avert a hacker or other intruder from attacking a network

Penetration (Pen) Testing

involves activities where white hat hackers are paid to hack into private networks and applications

Due to the nature of our always connected world,

it is very easy for viruses to spread

Cyberattacks use

malicious code to modify the normal operations of a computer or network

Tiny Banker Trojan (TBT)

one of the worst Trojan malware attacks in the last 10 years - 24 major banking institutions in the US

After the penetration activities,

reports are submitted that identify weaknesses and remediation

Novice hackers are often referred to as

script kiddies

Every time you view a web page, send an email, or share a file, your data is

sent across the internet in many small manageable pieces known as data packets

Firewalls are designed for

small, medium, and large businesses - many firms opt to have their firewalls created and maintained by outside firms

Trojans are designed using

some sort of social engineering tactic that tricks the users into loading and executing the Trojan

Denial of Service (DoS) Attack

takes place when a hacker gains unauthorized access and control of a network of computer that are connected to the internet - carried out by one device

Testing in-place security systems

testing current systems and processes against security threats

Vulnerability Testing

testing the vulnerability of networks and systems to intrusions and attacks

Payload

the component of a virus that executes the malicious activity

Phishing

the illegitimate use of an email message that appears to be from an established organization (bank/financial institution/insurance company) - account numbers, SS numbers, and personal info - quite common - doesn't have a specific target, just wants to reach the max amount of people

Maintenance of Data Inventory

the whereabouts of data should be documented

Primary Purpose of Cybersecurity Risk Assessment

to help inform decision makers and support proper risk responses

1. The virus arrives

via email attachment, file download, or by visiting a website that has been infected

The effectiveness of packet sniffers depends on

what network security protocols are being used and how much they prevent data from being "seen"

Impact of Different Malware and Network Attacks

• 43% of all cyberattacks are aimed at small businesses • 91% of attacks launched with a phishing email • 85% of all attachments emailed daily are harmful for their intended recipients • 38% of malicious attachments are masked as one Microsoft Office type of file or another

Steps to Defend Against Rootkits

• Don't ignore software updates • Be aware of phishing emails • Watch out for drive-by downloads