Methods of securing information

is a program that appears legitimate, but executes an unwanted activity when activated. Trojans are commonly used by hackers to gain access to systems and devices. Trojans are designed using some sort of social engineering tactic that tricks the users into loading and executing the Trojan. Once the Trojan has been deployed, hackers have the ability to create a backdoor to the user's system that allows them to spy on computer activities and steal sensitive data.

A Trojan, sometimes called a Trojan horse

Watch out for drive-by downloads

A drive-by download occurs when you visit an illegitimate website that automatically downloads malware onto a device. Hackers have also been known to implant code into a legitimate website that can then execute an automatic download. Norton says the best way to avoid a drive-by download issue is to make sure your software is frequently updated.

Phishing attacks are quite common, but what do you do if you received a suspected phishing message? Here is some advice with how to best deal with a phishing message.

Banks and credit card companies will never ask you to provide personal information via email messages. If you receive a suspicious message, contact the institution that the message was allegedly sent from. Contact US-CERT using these preferred methods:

are used to automate hacking and threat/infiltration analysis. These technologies execute thousands of attack techniques continuously, thus allowing for a more realistic analysis of the threats and weaknesses of IT infrastructure.

Breach and attack simulation technologies

The Federal Emergency Management Agency (FEMA) recommends that organizations have well-designed business continuity plans in place. This plan outlines the steps that should be taken if a cyberattack occurs.

Business continuity plan

Four Steps to Protect Computers and Networks from Natural Disasters

Business continuity plan offsite cloud storage Geographic data redundancy

including an increase in cybercrime. Interpol (International Criminal Police Organization) is an inter-governmental organization of 194 member countries.

COVID-19 has caused a number of issues and hardships for many individuals,

is a software that infects computers and is created using computer code. Computer viruses typically must be run to attack and do damage. Viruses can destroy programs or alter the operations of a computer or network.

Computer virus

works in much the same way as a biological virus infects people. A biological virus is spread from host to host, and the virus has the ability to replicate itself. A computer virus works in much the same way. Due to the nature of our always connected world, it is very easy for viruses to spread. Be aware that viruses do not only attack laptops and desktops. Viruses can also attack mobile devices including smartphones and tablet computers.

Computer virus

According to a recent press release, a new security portal created by the U.S. Cyber Command and the National Guard provides a two-way interface to share information about malware and to assist in gaining better insights into how the programs are designed and work. The Cyber 9-Line portal allows National Guard units from all 50 states to share cybersecurity incidents with national Cyber Command. This will help to better address cybersecurity issues when they arise.

Cyber 9-Line

a crime in which a computer is the object of the crime or is used to commit a crime or offense. Most cybercrimes are committed by individuals (usually cyber criminals or hackers).

CyberCrime

_____ can be committed by highly skilled individuals or by novice hackers.

Cybercrimes

can consist of a single event or an ongoing series of events.

Cybercrimes

A Trojan horse can be used to:

Delete data Block data Copy data Modify data Disrupt computer performance

two types of cyberaattacks

Designed to disable a target computer or prevent it from accessing a network or the Internet. Designed to gain access to data stored on a device or to gain administrative privileges to a device.

Norton recommends taking the following steps to defend against rootkits.

Don't ignore software updates. Be aware of phishing emails. Watch out for drive-by downloads.

How Packet Sniffers Work

Every time you view a web page, send an email, or share a file, your data is sent across the Internet in many small manageable pieces known as data packets.

In 2019, TechJury compiled a list of cybersecurity statistics that show the impact of different malware and network attacks.

Forty-three percent of all cyberattacks are aimed at small businesses. Ninety-one percent of attacks launch with a phishing email. Eighty-five percent of all attachments emailed daily are harmful for their intended recipients. Thirty-eight percent of malicious attachments are masked as one Microsoft Office type of file or another.

a USC student, created a program that could take over an operating system. He called this a computer virus, thus coining the phrase.

Frederick Cohen

The replication and storage of data in separate locations. If a business's primary data storage location is in Seattle, that business may opt to store backup data in St. Louis in case a natural disaster occurs in Seattle.

Geographic data redundancy

In June of 2020

Honda Motors in Japan was hit by a malware attack. The attack was designed to shut down factories and cause network service disruptions. One of Honda Motors servers was infected with Ekans malware, which targets control systems used for operating factories.

It is estimated that natural disasters have cost the United States more than $1.7 trillion since 1980. These disasters include wildfires, floods, hurricanes, tornados, and earthquakes. Regardless of the area in the United States where businesses operate, there is the potential for a natural disaster to occur. Businesses need to take steps to protect computer systems, data, and information from natural disasters.

How Are Computer Systems and Data Protected from Natural Disasters?

Phishing is commonly executed through email messages. Illegitimate file attachments are included in what appears to be a legitimate email message. Built-in social engineering software that tricks a user into allowing administrative access to crucial data. Some ransomware attacks are designed to take advantages of poor security controls and do not require a user to give administrative access.

How Are Ransomware Attacks Launched? Methods of attack

Ransomware typically encrypts the victim's data files. A message offers to decrypt the files if the victim makes a ransom payment to the perpetrator. Payment is made via a means that is difficult to trace such as Bitcoin or with prepaid credit cards. Once payment is made, the perpetrator may or may not send a decrypting code that allows the victim to open the data files again.

How Ransomware Works

An email arrives in your inbox and appears to be from the bank where you got your car loan. You open the message, which prompts you to visit a bogus site that appears to be your bank. You fail to identify the site as bogus and enter your username and password to access your account. This information is recorded and can now be used by the attacker. It's that simple. Unfortunately, many security programs fail to catch these attacks because they are skillfully designed to appear to be legitimate.

How Spear Phishing Works

Contact US-CERT using these preferred methods:

In Outlook, you can create a new message and drag and drop the phishing email into the new message. Address the message to [email protected] and send it. If you cannot forward the email message, at least send the URL of the phishing website. You can also call the number on the US-CERT website.

Costs While white hat hacking can be very effective, there are some limitations.

It can be very expensive. The cost of hiring these teams or individuals makes it difficult for some companies to utilize them. Often the focus is on infiltration that makes the analysis one dimensional. The cybersecurity environment is ever-changing. Findings that result from penetration testing can become quickly outdated.

Don't ignore software updates.

It is important to make sure that your operating system and antivirus software are up to date.

In October 2018, there was an indictment of ten Chinese intelligence officers and recruits for allegedly conspiring to steal sensitive commercial aerospace information from U.S. companies.

It was widely reported that in 2010 the intelligence agencies from the United States and Israel launched the Stuxnet worm on the Natanz nuclear facility in Iran. This attack damaged over 1,000 centrifuges and caused significant delays and interruptions of the Iranian nuclear program.

is a form of spyware that records all actions typed on a keyboard. It may consist of hardware devices and/or software applications, designed to record passwords and confidential information.

Keystroke logger

The whereabouts of data should be documented.

Maintenance of data inventory

is short for malicious software and is designed to steal information, destroy data, impact the operations of a computer or network, or frustrate the user. Common types of malware include viruses, worms, and Trojans.

Malware

Used to protect data. It was developed by Cisco and is used by firewalls, routers, and computers that are part of a network and are connected to the Internet. Provides a type of firewall protection by hiding internal IP addresses. Used to prevent many types of network attacks, but in order to maximize security it must be used in conjunction with the firewall built into the router or by the firewall provided by the OS. NAT can be packet filters, which inspect each packet leaving or entering a network and either accept or reject a packet based on a predetermined set of rules.

Network Access Translation

Banks and credit card companies will never ask you to provide personal information via email messages.

Never give personal information out through email messages or over the phone.

Occur when victims endure multiple events such as: Cyberstalking Child predation Extortion or blackmail Terrorist activities

Ongoing series of events

(or packet analyzers) are specialized hardware or software that capture packets transmitted over a network. Unauthorized sniffers are used to steal information. Illegitimate packet sniffers can be very difficult to detect and can lead to data breaches.%0D%0A%0D%0ALegitimate sniffers are used for routine examination and problem detection.

Packet Sniffer

Data packets are transmitted across the Internet using the Transmission Control Protocol/Internet Protocol (TCP/IP). Packet sniffers record the data packets as they are sent over a network and copy the information to a designated file. This process is known as

Packet capture

is the illegitimate use of an email message that appears to be from an established organization such as a bank, financial institution, or insurance company. In order to appear legitimate, the message often contains the company's logo and identifying information.

Phishing

Be aware of phishing emails.

Phishing messages are designed to trick the user into providing sensitive information or downloading illegitimate software. Be cautious of email messages and file attachments.

is malware that makes a computer's data inaccessible until a ransom is paid. It usually invades a computer in a Trojan horse, in a legitimate-looking email, or with a worm in a networked computer.

Ransomware

is malware that makes a computer's data inaccessible until a ransom is paid. It usually invades a computer in a Trojan horse, in a legitimate-looking email, or with a worm in a networked computer. Ransomware typically encrypts the victim's data files. There are a variety of methods that allows ransomware to take over a computer.

Ransomware

Occur when victims endure a single event such as: Unknowingly downloading a Trojan horse virus Installing a keystroke logger, Responding to a phishing request Experiencing theft or manipulation of data Falling victim to identity theft and/or e-commerce fraud

Single Event

is a type of email scam that is directed toward a specific person or organization. Unlike phishing, which does not have a specific target and is designed to reach the maximum amount of people, spear phishing is a precise type of attack. Spear phishing attacks are designed to steal data, and some attacks may also be designed to install malicious software on a device.

Spear phishing

Attacks are relatively inexpensive when compared to traditional warfare, difficult to trace and identify, and can cause widespread damage to IT infrastructure. Can be utilized to send warnings, to intentionally harm resources, or to create conflict between countries. The United States has faced state-sponsored cyberwarfare attacks from a number of countries including China, North Korea, and Russia.

State-Sponsored Cyberwarfare keys points

Viruses can be harmful to your computer. There are many symptoms your computer may exhibit when it has been infected with a virus. The operating system may not launch properly and the user may need to reboot the computer frequently to ensure all programs are starting and working fine. Critical files may get deleted automatically; this can happen periodically or all at once. Error messages will become prevalent; it may become difficult to save documents, and the computer may run slower than usual.

Symptoms of a Computer Virus

The virus arrives via email attachment, file download, or by visiting a website that has been infected.

The Virus arrives

A computer virus attacks a digital device using a series of actions.

The virus arrives Virus activation The virus spreads The virus payload is released

The payload, the component of a virus that executes the malicious activity, hits the computer and other infected devices. These actions are repeated over and over, resulting in a full-blown virus attack. Due to the nature of our always connected world, it is very easy for viruses to spread.

The virus payload is released

If you receive a suspicious message, contact the institution that the message was allegedly sent from.

This will allow you to confirm the legitimacy of the message and also allow you to make the organization aware of an issue if it is present.

was a real problem for infected systems with this malware. It was found to have infected more than two dozen major banking institutions in the United States, and at its core, is based on a a modified and scaled-down version of another virus known as Banker Trojans.

Tiny Banker Trojan (TBT)

is a program that appears legitimate but executes an unwanted activity when activated.

Trojan horse

commonly used by cyberthieves and hackers to gain unauthorized access to a user's device or systems. They are often used to find passwords, destroy data, or bypass firewalls. Trojan horses are similar to viruses, but do not replicate themselves and are often found attached to free downloads and apps.

Trojan horse uses

A software-based keystroke logger is often a Trojan that is installed without the user's knowledge. A hardware-based keystroke logger often takes the form of a USB device that can be attached to a computer to record keystrokes. Cloud-based keystroke loggers are available for use by parents, organizations, and others and are designed to record most computer activities that take place via a web browser including gaming, chatting, and website visits.

Types of keystroke loggers

An action such as running or opening a file activates the virus. Once activated, the virus copies itself into files and other locations on your computer.

Virus activation

are nonmalicious computer security experts who test the security measures of an organization's information systems to ensure they are protected against malicious intrusions. These ethical hackers execute a variety of tasks designed to test the security of an organization's IT infrastructure. are often hired as consultants to expose weaknesses in a network's firewalls.

WHITE HAT HACKERS

Questions to Answer during an Information Security Risk Assessment

What data breach would have a major impact on our business whether from malware, cyberattack, or human error? Consider customer information. What are the relevant threats and the threat sources to our organization? What are the internal and external vulnerabilities? What is the impact if those vulnerabilities are exploited? What is the likelihood of exploitation? What cyberattacks, cyberthreats, or security incidents could impact the ability of the business to function? What is the level of risk our organization is comfortable taking? What are our organization's most important information technology assets?

Before IT security control development can occur, the following questions must be answered:

What is the risk I am reducing? Is this the highest priority security risk? Am I reducing the risk in the most cost-effective way? Once these questions have been answered, an organization can begin the process of determining the best policies and procedures for threat mitigation.

Penetration testing and vulnerability testing (testing the vulnerability of networks and systems to intrusions and attacks) Testing in-place security systems (testing current systems and processes against security threats).

White hacker tasks

once the computers are infected, they act as zombies (bots) and work together to send messages and site requests, thus creating huge volumes of network traffic that result in a network crash.

a distributed denial of service

According to the National Institute for Standards Technology, once a cybersecurity risk assessment has been conducted and the various questions in the risk assessment have been answered,

an organization will be able to decide what to protect. This means IT security controls can be investigated and developed, and then data security strategies to mitigate risk can be employed.

State-sponsored cyberwarfare

are cyberattacks that originate and are executed by foreign governments. These attacks can be directly launched by a foreign government or by a group or individuals who have been paid to execute the attack.

Proxy servers intercept all messages between client and server and help avert a hacker or other intruder from

attacking a network.

break into computer systems with the intent of causing damage or stealing data. Black hat hackers are also known as hackers or crackers. Most black hat hackers learned how to hack computers and systems using scripts that are available on the Internet. Novice hackers are often referred to as script kiddies.

black hat hackers

A group of computers under the control of a hacker is referred to as a

botnet

California-based company that protects websites from DDoS attacks, reported that after the death of George Floyd and the following protests across the United States, cyberattacks on advocacy groups for social justice and Black Lives Matter rose by 1,120 times. "Those groups went from having almost no attacks at all in April to attacks peaking at 20,000 requests per second on a single site," the company's CEO, Matthew Prince, and its chief technology officer, John Graham-Cumming, wrote in a blog post.

cloudfare

is a deliberate misuse of computers and networks via the Internet. Cyberattacks use malicious code to modify the normal operations of a computer or network. Pharming and phishing Spamming and spoofing Trojans and viruses Identity theft DoS and DDoS attacks

cyberattack

Malware can be used for a variety of purposes including

cyberextortion, cyberterrorism, protest, or cyberstalking.

According to NIST (National Institute of Standards Technology), cybersecurity personnel can take steps to ensure data and systems are protected. The first thing that should take place is a _____

cybersecurity risk assesment

takes place when a hacker gains unauthorized access and control of a network of computers that are connected to the Internet. is an attack on a network that is designed to interrupt or stop network traffic by flooding it with too many requests. A DoS attack is carried out by one device whereas a DDoS attack uses many devices to slow down or crash a network

denial of service attack

Malware programs are often

developed by hackers or teams of hackers who are looking to make money by launching the malware on their own or by selling it on the Dark Web.

Packet sniffers, rootkits, and DoS attacks can have a major impact on MIS systems. These types of attacks can cause

financial losses, lost productivity, and downtime.

is hardware or software used to keep a computer secure from outside threats such as hackers and viruses. Firewalls allow or block Internet traffic in and out of a network or computer. The most ideal firewall configuration consists of both hardware and software.

firewall

Traditional methods of securing networks and systems are no longer enough to ensure data and system security. These methods include

firewalls, two-factor authentication, and passwords.

It is important that organizations conduct proper training to

help their employees spot these types of messages to ensure that data and systems are not compromised.

The primary purpose of a cybersecurity risk assessment is to help inform decision makers and support proper risk responses. The assessment also provides an executive summary to help executives and directors make

informed decisions about security. Risk can be calculated using the following calculation: Risk = Threat x Vulnerability x Asset.

Among other things, Interpol investigates and prosecutes cybercrime and emerging crimes and has conducted research on the spike of cybercrime as a result of COVID-19. They learned that in mid-April Google reported that

it saw more than 18 million daily malware and phishing emails related to COVID-19 that were sent via Gmail in just one week. Additionally, Google reported over 240 million daily COVID-19 related spam email messages.

Phishing uses

legitimate-looking email messages to con a user into giving up private information such as account numbers, Social Security numbers, and personal information. Phishing scams direct users to a fake website where they are asked to enter or update personal information

is a key logger that can be downloaded and used to monitor activities on smartphones, tablets, and laptops.

mSpy

It is important that the risk of these threats be analyzed by an organization and that proper plans for

monitoring, detection, and remediation are in place.

Mac computers are not susceptible to computer virus attacks. According to many cybersecurity experts, this is a ____ Computer viruses can attack both Mac and PCs, although PCs are more widely targeted.

myth

Data is stored outside an organization and thus increases the likelihood that data can be retrieved, should a natural disaster occur

off site cloud storage

Firewalls are designed for small, medium, and large businesses. Due to the complexities and importance of firewalls in the overall IT infrastructure, many firms opt to have their firewalls created and maintained by

outside firms

Another version of ransomware threatens to make the victim's personal files public unless the ransom is

paid On one day in 2017, the WannaCry attack infected nearly 250,000 computers in over 100 different countries.

involves activities where white hat hackers are paid to hack into private networks and applications. Their goal is to find gaps in network security and to test security defenses. After the penetration activities conclude, reports are submitted that identify weaknesses and remediation.

penetration testing

TBT infects the system and the browser using various methods,

proceeds to archive the data that is sent between you and the banking site, and after you login into the website, it generates a fraudulent pop-up requesting for the login credentials using the original logo and the name of the real site."

is a type of malicious computer program that is designed to operate secretly in a device and allow unauthorized access by cybercriminals, enabling them to remotely control a computer. Rootkits are used to steal passwords and credit card and banking information.

rootkit

Many rootkits are designed to bypass security software that has been installed on a device, which makes them extremely difficult to detect. Security software often can catch and disable a rootkit when it has been installed

security bypass

When an illegitimate file containing ransomware is downloaded and opened, the ransomware can

take over the computer

When a botnet has been established,

the hacker is able to direct each device via remote access.

Personal software firewalls are typically included with

the operating system and can be configured based on user preference. Hardware-based firewalls can be purchased as a stand-alone product but are often also included in broadband routers.

Cisco ASA firewalls have virtually everything you need to protect your business. Since Cloud systems are not part of an organization's internal network, they are often not protected by the network firewall. Because of this, companies that use Cloud-based file sharing services such as Microsoft Teams or Google Drive often require

the use of a dedicated firewall for Cloud sharing.

The infection spreads to other computers via infected email, files, or contact with infected web sites

the virus spreads

Many Trojans are designed to give hackers the ability to

to delete, block, modify, and copy data. Trojans can also be used to interrupt network communication and to negatively affect computer performance.

Large organizations often utilize a system of complex firewalls to protect their networks. These firewalls can be configured to prevent

unauthorized access to networks from outside the organization and to prevent employees from sending or transmitting sensitive data. Typical firewall programs or hardware devices filter all information coming through the Internet to your network or computer system.

NIST states that a cybersecurity risk assessment is about

understanding, managing, controlling, and mitigating cyber risk across your organization. It is a crucial part of any organization's risk management strategy and data protection efforts.

Some rootkits go undetected for long periods of time. When this occurs often the only remedy is to uninstall the computer's operating system and then reload it.

undetected

White hat hackers

use the same techniques and tools that are used by illegitimate hackers. These tools include rootkits, social engineering, spoofing, and back door programs. are paid based on the hours they spend testing security. This can range from hours to days or even weeks, depending on the complexity of the network and the scope of testing.

DOS Example

when an IP address is targeted by a botnet, each zombie computer will simultaneously send requests to that IP address, which then can potentially cause the targeted server to slow down or even shut down resulting in a denial of service.

Andrei Ene reported that the Tiny Banker Trojan (TBT) is one of the

worst Trojan malware attacks in the last ten years.

A hacker uses software to infect computers, including laptops, desktops, tablets, and Internet of Things (IoT) devices, turning each computer into a

zombie also knaown as a bot