Module 1: Intro to Security
the primary attributes of threat actors
- level of capability/sophistication - internal vs. external - resources and funding - intent/motivation
IT resources are protected by what 3 layers?
1. products 2. people 3. policies and procedures
advanced persistent threat (APT)
A class of attacks that use innovative attack tools to infect and silently extract data over an extended period of time. - commonly carried out by/associated with state actors
hacktivist
A group of attackers that is strongly motivated by ideology (for the sake of their principles or beliefs) - usually motivated by political beliefs
lack of vendor support
A lack of expertise to handle system integration.
supply chain
A network that moves a product from the supplier to the customer and is made up of vendors that supply raw material, manufacturers who convert the material into products, warehouses that store products, distribution centers that deliver them to the retailers, and retailers who bring the product to the consumer. - The fact that products move through many steps in the supply chain—and that some steps are not closely supervised—has opened the door for malware to be injected into products during their manufacturing or storage (called supply chain infections). - Supply chains also serve as third-party vulnerabilities.
attack vector
A pathway or avenue used by a threat actor to penetrate a system. - email - wireless - removable media - direct access - social media - supply chain - cloud
cloud platform
A pay-per-use computing model in which customers pay only for the online computing resources they need. - vulnerabilities are most often based on misconfigurations by the company personnel responsible for securing the cloud platform - are, by definition, accessible from virtually anywhere, putting cloud computing platforms constantly under attack from threat actors probing for vulnerabilities. - platform vulnerability
legacy platform
A platform that is no longer in widespread use, often because it has been supplanted or replaced by an updated version of that earlier technology. - ex. an old OS is not updated, which creates security vulnerabilities - platform vulnerability
urgency
A social engineering principle that demands immediate action. - "My meeting with the board starts in five minutes."
consensus
A social engineering principle that involves being influenced by what others do. - "I called last week, and your colleague reset my password."
authority
A social engineering principle that involves directing others by impersonating an authority figure or falsely citing their authority. - "I'm the CEO calling."
familiarity
A social engineering principle that portrays the victim as well known and well received. - "I remember reading a good evaluation on you."
trust
A social engineering principle to inspire confidence in a victim. - "You know who I am."
zero day vulnerability
A vulnerability that is exploited by attackers before anyone else even knows it exists. - are considered extremely serious: systems are open to attack with no specific patches available
white hat hackers
Also known as ethical attackers, a class of hackers that probe a system with an organization's permission for weaknesses and then privately provide that information to the organization.
direct access attack vector
An attack vector in which a threat actor can gain direct physical access to the computer.
social media influence campaign
An influence campaign exclusively used on social media.
patch
An officially released software security update intended to repair a vulnerability.
gray hat hackers
Attackers who attempt to break into a computer system without the organization's permission (an illegal activity) but not for their own advantage; instead, they publicly disclose the attack in order to shame the organization into taking action.
Insider threat
Attackers who manipulate data from the position of a trusted employee. - harder to recognize because they come from within the enterprise, yet they may be costlier than attacks from the outside. - focus on intellectual property, theft, sabotage, espionage
CIA triad
Confidentiality, Integrity, Availability
system integration
Connectivity between the systems of an organization and its third parties. - However, the organization's systems are often not compatible with the third party's systems, requiring "workarounds," which can create vulnerabilities
data loss
Destroying data so that it cannot be recovered - ex. Maliciously erasing patient data used for cancer research - impact of cyberattacks
open ports and services
Devices and services that are often configured to allow the most access so that the user can then close those ports that are specific to that organization. - weak configuration vulnerability - ex. firewall coming with FTP ports 20 and 21 open
shadow IT
Employees who become frustrated with the slow pace of acquiring technology, so they purchase and install their own equipment or resources in violation of company policies. - Installing personal equipment, unauthorized software, or using external cloud resources can create a weakness or expose sensitive corporate data.
pharming
Exploiting how a URL is converted into its corresponding IP address to redirect traffic away from its intended target to a fake website instead. - attempts to exploit how a URL such as www.cengage.com is converted into its corresponding IP address 69.32.308.75. A threat actor may install malware on a user's computer that redirects traffic away from its intended target to a fake website instead - redirection attack
third parties
External entities outside of the organization - Many enterprises also use IT-related third parties due to their elevated level of expertise. - Also, many organizations rely on third-party data storage facilities for storing important data. This helps to reduce the capital expenditures - With the sheer number of third parties used, it can be difficult to coordinate their diverse activities with the organization - Almost all third parties today require access to the organization's computer network (system integration) - However, the organization's systems are often not compatible with the third party's systems, requiring "workarounds," which can create vulnerabilities - can pose security vulnerabilities
tailgating
Following an authorized user through a door - once an authorized person opens the door, one or more individuals can follow behind and also enter. - ex. a person waits at the end of the sidewalk until an authorized user opens the door. She then calls out to him to "Please hold the door!" as she hurries to enter. In most cases, good etiquette wins out over good security practices
eliciting information
Gathering data
social engineering attack
Gathering data (eliciting information) by relying on the weaknesses of individuals. - usually rely on psychological principles. - They also can involve physical procedures. - relies on an attacker's clever manipulation of human nature to persuade the victim to provide information or take actions.
state actors
Government-sponsored attackers who launch cyberattacks against the foes of the state. - foes may be foreign governments or even citizens of their own nation that the government considers hostile or threatening - many security researchers consider them the deadliest threat actor - these actors have specific target and keep working until they are successful - highly skilled and have govt. resources - often involved in multiyear intrusion campaigns targeting highly sensitive economic, proprietary, or national security information.
threat actor (malicious actor)
Individuals or entities who are responsible for cyber incidents against the technology equipment of enterprises and users. - also known as attacker
script kiddie
Individuals who want to perform attacks yet lack the technical knowledge to carry them out. - do their work by downloading freely available automated attack software (scripts) and use it to perform malicious acts - may end up causing damage to systems and data instead of stealing the data.
hybrid warfare influence campaign
Influence campaigns used on social media and other sources.
Availability
Information has value if the authorized parties who are assured of its integrity can access the information - ensures that data is accessible to only authorized users and not to unapproved individuals.
confidentiality
Only approved individuals should be able to access sensitive information - ensures that only authorized parties can view the information - ranging from software to encrypt the credit card number stored on the web server to door locks to prevent access to those servers.
level of capability/sophistication
Power and complexity capabilities of threat actors.
typo squatting
Purchasing the domain names of sites that are spelled similarly to actual sites. - user is often directed to a fake lookalike site filled with ads for which the attacker receives money for traffic generated to the site.
Which of the following is true regarding the relationship between security and convenience? a. Security and convenience are inversely proportional. b. Security and convenience have no relationship. c. Security is less important than convenience. d. Security and convenience are equal in importance.
Security and convenience are inversely proportional. - as security is increased, convenience is decreased
phishing
Sending an email or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information or taking action. - one of the most common forms of social engineering - considered to be one of the largest and most consequential cyber threats facing both businesses and consumers. - Users are asked to respond to an email message or are directed to a website where they are requested to update personal information, such as passwords, credit card numbers, Social Security numbers, bank account numbers - spear (targets specific users) - whaling (one major user) - vishing (done with voice over phone) - smishing (phishing with sms messages)
on-premise platforms
Software and technology located within the physical confines of an enterprise, which is usually consolidated in the company's data center. - platform vulnerability
firmware
Software that is embedded into hardware to provide low-level controls and instructions. - In most cases, no automated process can identify which computers have installed the application, alert users to a patch, or to distribute the patch.
spim
Spam delivered through instant messaging (IM) instead of email. - can have even more impact than spam. The immediacy of instant messages makes users more likely to reflexively click embedded links - may bypass some antimalware defenses, allowing easier distribution of malware
data breach
Stealing data to disclose it in an unauthorized fashion. - ex. Stealing credit card numbers to sell to other threat actors - impact of cyberattacks
data exfiltration
Stealing data to distribute it to other parties. - ex. taking a list of current customers and selling it to a competitor - impact of cyberattacks
identity theft
Taking personally identifiable information to impersonate someone. - ex. Stealing a Social Security number to secure a bank loan in the victim's name - impact of cyberattacks
black hat hackers
Threat actors who violate computer security for personal gain or to inflict malicious damage. - steal credit card numbers - corrupt a hard drive
spam
Unsolicited email that is sent to a large number of recipients.
open permissions
User access over files that should have been restricted. - Ex. A user could be given Read, Write, and Execute privileges when she should have only Read privileges. - weak configuration vulnerability
pretexting
Using impersonation (identity fraud) to obtain private information.
influence campaigns
Using social engineering to sway attention and sympathy in a particular direction.
shoulder surfing
Watching an individual enter a security code on a keypad. - this technique can be used in any setting that allows an attacker to casually observe someone entering secret information, such as the security codes on a door keypad - attackers today also using webcams and smartphone cameras
information security
a broad term encompassing the protection of information from accidental or intentional harm by persons inside or outside an organization - that which protects the integrity, confidentiality, and availability of information through products, people, and procedures on the devices that store, manipulate, and transmit the information.
platform
a system that consists of the hardware device and an operating system (OS) that runs software such as applications, programs, or processes
Integrity
ensures that the information is correct and no unauthorized person or malicious software has altered the data.
impersonation (identity fraud)
social engineering attack involving masquerading as a real or fictitious character and then playing out the role of that person with a victim.
scarcity
social engineering principle referring to when something is in short supply. - "I can't waste time here."
intimidation
social engineering principle with the goal to frighten and coerce by threat. - "If you don't reset my password, I will call your supervisor."
prepending
social engineering technique that involves influencing a subject before an event occurs. - such as including the desired outcome in a statement that uses the urgency principle, as in "You need to reset my password immediately because my meeting with the board starts in five minutes."
vulnerability
the state of being exposed to the possibility of being attacked or harmed. - can be categorized into platforms, configurations, third parties, patches, and zero-day
spim and spam are particularly dangerous because:
they can be used to distribute malware.
goal of information security
to ensure that protective measures are properly implemented to ward off attacks, prevent the total collapse of the system when a successful attack does occur, and recover as quickly as possible
