Book Notes CBIS Methods of Securing Information
Limitations of White Hat Hacking
- Can be very expensive - The focus is often on infiltration that makes the analysis one dimensional - The cybersecurity environment is always changing - Penetration testing can become quickly outdated
Malware can be used for:
- Cyberextortion - Cyberterrorism - Protest - Cyberstalking
Cybercrime - Ongoing Series of Events
- Cyberstalking - Child predation - Extortion or blackmail - Terrorist activities
Breach and Attack Simulation Technologies
- Execute thousands of attack techniques continuously - Allowing for more realistic analysis of the threats and weaknesses of IT infrastructure
Trojan Horse Use Examples
- Find passwords - Destroy data - Bypass Firewalls - Disrupt computer performance
White Hat Hackers Job
- Paid based on the hours they spend testing security - - Can spend hours, days, or weeks depending on the complexity of the network and the scope of testing
White Hat Hackers Tasks
- Penetration Testing - Vulnerability Testing - Testing in-place security systems
Examples of Cyberattacks
- Pharming and phishing - Spamming and spoofing - Trojans and viruses - Identity theft - DoS and DDoS attacks
Ransomware Methods of Attack
- Phishing through email messages with illegitimate file attachments - Built-in social engineering software that tricks a user into allowing admin access to crucial data - Some attacks are designed to take advantage of poor security controls and don't require admin access
State-Sponsored Cyberwarfare Attack Traits
- Relatively inexpensive when compared to traditional warfare - Difficult to trace and identify - Can cause widespread damage to IT infrastructure
State-Sponsored Cyberwarfare attacks can be utilized to:
- Send warnings - Intentionally hard resources - Create conflict between countries
Types of Keystroke Loggers
- Software-Based: usually a Trojan - Hardware-Based: USB decice - Cloud-Based: available for use by parents, organizations and others and are designed to record computer activities that take place via a web browser (gaming, chatting, and website visits)
Symptoms of a Computer Virus
- The operating system may not launch properly - User may need to reboot the computer frequently - Critical files may get deleted automatically (periodically or all at once) - Error message will become prevalent - Difficult to save documents - Computer may run slower than usual
4. The virus payload is released
- The payload hits the computer and other infected devices. - These actions are repeated over and over, resulting in a full-blown virus attack
Cybercrime - A Single Event
- Unknowingly downloading a Trojan horse virus - Installing a keystroke logger - Responding to a phishing request - Experiencing theft or manipulation of data - Falling victim to identity theft and/or e-commerce fraud
Breach and Attack Simulation Technologies
- Used to automate hacking and threat/infiltration analysis. - Execute thousands of attack techniques continuously, thus allowing for a more realistic analysis of the threats and weaknesses of the IT infrastructure - Used white hat hackers
Network Access Translation (NAT)
- Used to protect data - Hides internal IP addresses - Must be used in conjunction with the firewall built into the router or by the firewall provided by the OS - NAT can be packet filters
Common Types of Malware
- Viruses - Worms - Trojans
Questions to Answer During an Information Security Risk Assessment
- What data breach would have a major impact on our business? - What are the relevant threats & threat sources to our organization? - What are the internal and external vulnerabilities? - What is the impact if those vulnerabilities are exploited? - What is the likelihood of exploitation? - What could impact the ability of the business to function? - What is the level of risk our organization is comfortable taking? - What are our organization's most important IT assets?
Questions to Answer Before IT Security Control Development Can Occur
- What is the risk I am reducing? - Is this the highest priority security risk? - Am I reducing the risk in the most cost-effective way?
Illegitimate Packet Sniffers
- used to steal info - can be hard to detect - can lead to data breaches
4 Steps to Protect Computers and Networks from Natural Disasters
1. Business Continuity Plan 2. Off-site Cloud Storage 3. Maintenance of Data Inventory 4. Geographic Data Redundancy
How Spear Phishing Works
1. Email arrives 2. You open the message 3. You visit a bogus site and enter your username and password to access your account 4. This info is recorded and can now be used by the hacker
A Computer Virus Attacks a Digital Device Using a Series of Actions
1. The virus arrives 2. Virus activation 3. The virus spreads 4. The virus payload is released
Two Types of Cyberattack Designs
1. To disable a target computer or prevent it from accessing a network or the Internet 2. To gain access to data stored on a device or to gain administrative privileges to a device
Cybercrime
A crime in which computer is the object of the crime or is used to commit a crime or offense
Keystroke Logger
A form of spyware that records all actions typed on a keyboard - hardware and software applications - designed to record passwords and confidential info
Trojan Horse
A program that appears legitimate but executes an unwanted activity when activated
Computer Virus
A software that infects computers and is created using computer code - Typically must be RUN to attack and do damage - Can destroy programs or alter the operations of a computer or network - Name came from Frederick Cohen
Rootkit
A type of malicious computer program that is designed to operate secretly in a device - Allow unauthorized access by cybercriminals, enabling them to remotely control a computer - Used to steal passwords and credit card/banking info
2. Virus activation
An action such as running or opening a file activates the virus. Once activated, the virus copies itself into files and other locations o your computer.
White Hat Hackers Use a New Type of Technology to Test Security
Breach and attack simulation technologies are used to automate hacking and threat/infiltration analysis
Black Hat Hackers
Break into computer systems with the intent of causing damage or stealing data - AKA hackers or crackers - Most learned how to hack using scripts available on the Internet
The Dark Web
Content posted on the Internet that is not indexed by popular search engines like Google - Specific web browser is required (usually Tor)
Off-site Cloud Storage
Data is stored outside an organization and thus increases the likelihood that data can be retrieved
What a Trojan Horse does to data
Delete Block Copy Modify
Malware (Malicious Software) is
Designed to: - steal info - destroy data - impact the operations of a computer or network - frustrate the user
Ransomware Step 1
Encrypts the victim's data files - A message offers to decrypt the files if the victim makes a ransom payment to the perpetrator
Firewall
Hardware or software used to keep a computer secure from outside threats such as hackers and viruses - allow or block Internet traffic in and out of a network or computer - ideally consist of both hardware and software
Packet Filters
Inspect each packet leaving or entering a network and either accept or reject a packet based on a predetermined set of rules
Distributed Denial of Service (DDoS)
Launches a virus on a computer - uses many devices to slow down or crash a network - zombies/bots work together to send messages and site requests - creating huge volumes of network traffic that result in a network crash
Myth About Computer Virus Attacks
Mac computers ARE susceptible to computer virus attacks - although PCs are more widely targeted
Ransomware
Malware that makes a computer's data inaccessible until a random is paid - or another version threatens to make the victims personal files public unless the ransom is paid
White Hat Hackers Definition
Non-malicious computer security experts who test the security measures of an organization's information systems to ensure they are protected against malicious intrusions - ethical hackers to test security of IT infrastructure
Drive-By Download
Occurs when you visit an illegitimate website that automatically downloads malware onto a device - make sure your software is frequently updated
Ransomware Step 3
Once payment is made, the perp may or may not send a decrypting code that allows the victim to open the data files again
Behavior Science
One method organizations are using to deal with the increase in cybersecurity threats and the decrease in the effectiveness of traditional security
Ransomware Step 2
Payment is made via a means that is difficult to trace - ex: with Bitcoin or prepaid credit cards
Packet Capture
Record the data packets as they are sent over a network and copy the information to a designated file
Packet Sniffers/Analyzers
Specialized hardware/software that capture packets transmitted over a network
Business Continuity Plan
The FEMA recommends these as a plan that outlines the steps that should be taken if a cyberattack occurs
3. The virus spreads
The infection spreads to other computers via infected email, files, or contact with infected web sites
Geographic Data Redundancy
The replication and storage of data in separate locations
White Hat Hackers Techniques
The same techniques and tools that are used by illegitimate hackers: - rootkits - social engineering - spoofing - back door program
Risk =
Threat x Vulnerability x Asset
Penetration (Pen) Testing Goal
To find gaps in network security and to test security defenses
Trojan Horse Uses
To gain unauthorized access to a user's device or systems
Trojan Horses vs. Viruses
Trojan horses do not replicate themselves and are often found attached to free downloads and apps
Cloudfare
a Cali-based company that protects websites from DDoS attacks
Ransomware usually invades with
a Trojan horse, in a legitimate-looking email, or with a worm in a networked computer
Cyberattack
a deliberate misuse of computers and networks via the Internet
Botnet
a group of computers under the control of a hacker - when established, the hacker is able to direct each device via remote access
Zombie/Bot
a hacker uses software to infect computers (laptops, desktops, tablets, and Internet of Things (IOT) devices)
mSPy
a key logger that can be downloaded and used to monitor activities o smartphones, tablets, and laptops
Spear Phishing
a type of email scam that tis directed toward a specific person or organization - precise type of attack - to steal data - install malicious software on a device
Cybersecurity Risk Assessment
about understanding, managing, controlling, and mitigating cyber risk across your organization
A Trojan (horse) is a program that
appears legitimate, but executes an unwanted activity when activated
Legitimate Packet Sniffers
are used for routine examination and problem detection
Black hat malware kits are
available for purchase on the Dark Web
Packet Sniffers are used on
both wired and wireless networks
White Hack Hackers are often hired as
consultants to expose weaknesses in a network's firewalls
State-Sponsored Cyberwarfare
cyberattacks that originate and are executed by foreign government - can be directly launched by foreign gov - or individuals who have been paid to execute the attack
Typical Firewall Programs or Hardware Devices
filter all information coming through the Internet to your network or computer system
Traditional Security Methods
firewalls, two-factor authentication, and passwords
Trojans are commonly used by hackers to
gain access to systems and devices
Once the Trojan is deployed,
hackers have the ability to create a backdoor to the user's system that allows them to spy on computer activities and steal sensitive data
Malware Programs are Often Developed By
hackers who are looking t make money by launching the malware on their own or by selling it on the Dark Web
Data packets are transmitted across the Internet using
he Transmission Control Protocol (TCP/IP)
Most cybercrimes are committed by
individuals (usually cyber criminals or hackers)i
Proxy Servers
intercept all messages between client and server and help avert a hacker or other intruder from attacking a network
Penetration (Pen) Testing
involves activities where white hat hackers are paid to hack into private networks and applications
Due to the nature of our always connected world,
it is very easy for viruses to spread
Cyberattacks use
malicious code to modify the normal operations of a computer or network
Tiny Banker Trojan (TBT)
one of the worst Trojan malware attacks in the last 10 years - 24 major banking institutions in the US
After the penetration activities,
reports are submitted that identify weaknesses and remediation
Novice hackers are often referred to as
script kiddies
Every time you view a web page, send an email, or share a file, your data is
sent across the internet in many small manageable pieces known as data packets
Firewalls are designed for
small, medium, and large businesses - many firms opt to have their firewalls created and maintained by outside firms
Trojans are designed using
some sort of social engineering tactic that tricks the users into loading and executing the Trojan
Denial of Service (DoS) Attack
takes place when a hacker gains unauthorized access and control of a network of computer that are connected to the internet - carried out by one device
Testing in-place security systems
testing current systems and processes against security threats
Vulnerability Testing
testing the vulnerability of networks and systems to intrusions and attacks
Payload
the component of a virus that executes the malicious activity
Phishing
the illegitimate use of an email message that appears to be from an established organization (bank/financial institution/insurance company) - account numbers, SS numbers, and personal info - quite common - doesn't have a specific target, just wants to reach the max amount of people
Maintenance of Data Inventory
the whereabouts of data should be documented
Primary Purpose of Cybersecurity Risk Assessment
to help inform decision makers and support proper risk responses
1. The virus arrives
via email attachment, file download, or by visiting a website that has been infected
The effectiveness of packet sniffers depends on
what network security protocols are being used and how much they prevent data from being "seen"
Impact of Different Malware and Network Attacks
• 43% of all cyberattacks are aimed at small businesses • 91% of attacks launched with a phishing email • 85% of all attachments emailed daily are harmful for their intended recipients • 38% of malicious attachments are masked as one Microsoft Office type of file or another
Steps to Defend Against Rootkits
• Don't ignore software updates • Be aware of phishing emails • Watch out for drive-by downloads