‫وزارة الكهرباء والطاقة المتجددة‬

‫الشركة القابضة لكهرباء مصر‬

‫‪Cyber Security‬‬
Introduction and objectives of the training program
Learning about the importance of securing electronic or cyberspace, includ-
ing protecting electronic computers.

Identifying the risks that threaten information technology and computer sys-
tems, such as:

Viruses, Worms, Trojans, Fishing, Denial of Services (DOS), Attacks

and unauthorized access such as theft of intellectual property or
confidential information, control system attacks, etc.

Learning and training on protection methods such as setting up firewalls, an-

ti-virus software, encryption, and passwords in login processes.

An introduction to the world of cybersecurity and its most

important terms
Cybersecurity is an important issue for both IT departments and executives.
However, security should be a concern for every employee in the organi-
zation, not just IT professionals and senior managers. One effective way
to educate employees about the importance of security is a cyber securi-
ty policy that explains each person's responsibilities for protecting IT sys-
tems and data. The cyber security policy sets standards of conduct for
activities such as encryption of email attachments and restrictions on the
use of social media.

Cyber security policies are important because cyber attacks and data
breaches can be costly. At the same time, employees are often the weak
links in an organization's security. Employees share passwords, click on
malicious URLs and attachments, use unapproved cloud applications,
and neglect to encrypt sensitive files.
Cyber security and information security
It’s easy to confuse information security and cybersecurity, as the two areas
overlap in many ways. In fact, cybersecurity is a subset of information security.
However, the fields are not quite the same, with each featuring distinct special-
ties and requiring different skill sets.

One way to understand infosec as compared to cybersecurity is to view the in-

formation security as an umbrella term that includes all data, not just data
stored within cyberspace.

What Is Information Security?

To some degree, nearly everyone wants their personal information to be se-
cured, meaning it can only be accessed and used by authorized individuals.
This is the goal of information security (INFOSEC).

According to the NIST (National Institute of Standards and Technology), IN-

FOSEC involves the protection of data and information systems against unau-
thorized use. The field aims to provide availability, integrity and confidentiality
of information.

Information security teams create and implement policies and systems to pro-
tect information. For large organizations, strict security systems are required to
protect customers.

What Is Cybersecurity?
Living in the 21st century means much of data is stored in computer systems
and networks. This is the case for nearly every industry.

The NIST defines cybersecurity as protecting, preventing damage to and re-

storing electronic communications data, services and systems.

Within the field of cybersecurity are subcategories that entail further speciali-
zation. These include cloud, network, and critical infrastructure security.

Cyber security, focuses on protecting information from cyberattacks such as

ransomware and spyware.
The importance and benefits of cyber security
The importance of cyber security in the digital world cannot be understated. A
single security breach can have far-reaching consequences in today's intercon-
nected world. For example, the 2017 Equifax breach exposed the personal infor-
mation of over 145 million people, and the 2018 Marriott breach exposed the
personal information of over 500 million people.

These breaches had a significant financial impact on the companies involved

and also resulted in a loss of customer trust. Therefore, cyber security is essen-
tial to protect businesses and individuals from the potentially devastating conse-
quences of a security breach.

To understand why it is important to learn about cybersecurity, you must first

know how a solid cybersecurity system helps and protects businesses and or-
ganizations.

Importance of Cyber Security in Business / Organizations

The importance of Cyber Security for businesses and organizations can be seen
in the case of the target data breach. In this case, hackers were able to gain ac-
cess to the target's customer data, including credit and debit card information. It
led to target having to pay out millions of dollars in damages and losing custom-
er trust. Target's data breach is just one example of how cyber security is im-
portant for businesses and organizations.
 Cyber security components: Availability – Integrity – Con-
fidentiality
Confidentiality, Integrity and Availability, also known as the CIA triad, is a mod-
el designed to guide policies for information security within an organization.
The model is also sometimes referred to as the AIC triad (availability, integrity
and confidentiality) to avoid confusion with the Central Intelligence Agency. Alt-
hough elements of the triad are three of the most foundational and crucial cy-
bersecurity needs, experts believe the CIA triad needs an upgrade to stay ef-
fective.

Confidentiality is a set of rules that limits access to information, Integrity is the

assurance that the information is trustworthy and accurate, and Availability is a
guarantee of reliable access to the information by authorized people.

The following is a breakdown of the three key concepts that form the CIA triad:

Confidentiality is roughly equivalent to privacy. Confidentiality measures are

designed to prevent sensitive information from unauthorized access at-
tempts. It is common for data to be categorized according to the amount
and type of damage that could be done if it fell into the wrong hands.
More or less stringent measures can then be implemented according to
those categories.

Integrity involves maintaining the consistency, accuracy and trustworthiness

of data over its entire lifecycle. Data must not be changed in transit, and
steps must be taken to ensure data cannot be altered by unauthorized
people (for example, in a breach of confidentiality).

Availability means information should be consistently and readily accessible

for authorized parties. This involves properly maintaining hardware and
technical infrastructure and systems that hold and display the infor-
mation.
Malware (Malicious Software)
Malware is a type of software program designed to harm or exploit computer
systems or a device.
Malware can take many forms that include any type of malicious software.
These may include:
1. Computer Virus
2. Worms
3. Trojan horses
4. Spyware
5. Ransomware
6. RootKit
7. Key loggers
8. Logic bombs
9. Adware
10. Botnet
11. Armoured viruses
Computer virus:
What is the virus ?
The computer virus is a type of software that is:
• An executable malware attached to anoth-
er executable (host) file.
• A virus cannot automatically spread to an-
other computer, it depends on user action
to spread.
• The virus is run when the host program is
running.
• The virus must have two helpers:
• The file that is attached - host
• user to transfer it to other computers

Virus has the capabilities of:

• Replicating itself and spreading from one computer to another.
• Spread through: email, file downloads, or other online content.
• Installed when a user opens an infected file.
• Destroy computers.
• Reformat hard drives
• Delete files
• Turn off computer security settings
Problem: deleting files, stealing data, or sending spam emails.
Types of computer viruses:
Boot sector virus. These viruses infect the boot sector of the hard
drive which is the first sector that is read when the computer boots
up, that means that the virus is loaded into memory every time a
computer starts up. Boot sector viruses are very difficult to remove
and they can cause serious damage to a computer system.
File viruses. These viruses infect executable files. When the user run
the infected file, the virus will be loaded into memory and execut-
ed.
Macro viruses. These viruses infect files that contain macros which
are small programs that can be run within a program such as Mi-
crosoft Excel macro.
Virus carriers:
Viruses can’t be automatically spread to another computer, they rely on user
action to spread.
Viruses are attached to files
Viruses are spread by transferring infected files
Biological virus VS. computer virus
They are very similar.
Both must be on the correct host. for example, a virus affecting horses
may not affect chicken. Also viruses affecting windows system may
not affect MAC or Linux system.
Both may remain dominant ‫مسيطر‬for some time
Both are self-replicating.
Both replicate at the expense of the host.

Worms
The computer worm is a type of software that has the capabilities of:
Replicating itself and spreading from one computer to another without the
need of human interaction.
Spreading over networks – network viruses
Spreading in many ways including:
Email attachments in email messages. When a recipient opens the
email, the worm is installed into the computer.
File downloads.
Network shares. Worms can be downloaded from malicious websites
or file sharing networks.
USB drives. Worms can be downloaded when a user plugs an infected
USB drive into the computer, the worm is installed into the comput-
er.
Once worms are installed, they can:
Steal data
Damage files
Take control of a computer system
Trojan horses
Trojan horse is a type of malware that has the capabilities of:
Disguised ‫مقنعة‬as a legitimate file or program
Spreading through email attachments, file downloads, social media, or physi-
cal media. Such as USB drives
Installed when a user opens the file or runs the program
Once worms are installed, they can:
Steal personal information
Damage files or programs
Take control of the computer
Spread to other computers on the network
Spyware:
Spyware is a type of malware that has the capabilities of:
Spying on your online activities and stealing data.
Spyware can be installed on your computer without your knowledge or consent
‫موافقة‬in several ways such as:
Opening an email attachment from an unknown sender.
Clicking on a malicious link in an email or a website
Downloading a file from an unknown source
Installing software from an unknown source
Spyware can cause many problems such as:
Tracking your online activity, such as the web sites you visit, or download, any
emails you send
Stealing your data
Ransomware
Ransomware is a type of malware that has the capabilities of:
Encrypting a victim’s files or blocking access to their computer system until
the ransom is paid. The ransom demand usually comes with a threat
that the files will be permanently deleted or the system will remain inac-
cessible if the ransom is not paid within specified time
Ransomware is a distributed through phishing emails, attachments, or
compromised ‫مساومة‬websites.
Once the malware infects the system, it will:
Encrypt the victim files making them inaccessible
The victim will then receive Ransom demand note that explains the situa-
tion and it demands payment in exchange for the decryption key that will
allow them regain access to their files or system
The ransom is usually demanded in crypto currency like bitcoins which
makes difficult to treat the perpetrator ‫مرتكب الجريمة‬
However, paying the ransom does not guarantee the victim will receive the
decryption key or that their files will be restored. It also not recommended that
this encourages attackers to continue their activities.
.1 RootKit
RootKit is a malicious software that is:
Designed to gain access to a computer system. The term RootKit is derived
from the fact that the software is
installed at the root level of the system which provides it with a com-
plete control over the entire system
it is installed through vulnerabilities in software, social engineering or soft-
ware downloads.
Once RootKit is installed in the system, they are:
very difficult to detect and remove, this is because RootKit is designed to
hide from operating system and other security software which allows
them to bypass security measures and remain undetected.
Some RootKit are acceptable of modifying the operating system itself
Purposes:
RootKit can be very dangerous and can cause a variety of problems, includ-
ing:
Data theft
System crashes
Network intrusions
prevention
To protect against the RootKit, it is important to practice safe computing habits
such as, avoiding suspicious downloads, and keeping software patched and
updated.
Keylogger
A keyloger is:
a type of software or hardware device that is designed to record every key-
stroke made on computer or mobile device, this can include sensitive in-
formation such as usernames, passwords, credit card numbers and other
confidential data.
They can be installed through email attachments, software downloads, or
physical installation by an attacker.
I want to emphasize important matter, exercises caution when using a pub-
lic computer, take a moment to verify whether there’s a USB type flash drive
connect to a machine. Key loggers have a potential to capture and retrieve
all the information you input
Purposes:
Key loggers are often stealing data such as personal information or
monitoring a user’s activity without their knowledge
Prevention:
To protect against key loggers, it is important to use up to date security soft-
ware and practicing safe computer habits such as avoiding suspicious
loads. It is also a good idea to be cautious when using public computers or
accessing sensitive information over public networks as it is a common tar-
gets for hackers or attackers.
Logical bombs
Logical bomb is a type of malicious code that is
designed to execute a specific action when certain conditions are met.
The code is typically hidden within legitimate software or script. The same
policy type of logical bomb is a: once a logic bomb is triggered, it can
cause a lot of problems such as:
Deleting or computing data, disrupting network operations, or carry-
ing out other malicious activities.
Logic bombs are often installed by a trusted insider (employee or contrac-
tor who has access to the sensitive information or systems)
Purposes
Common use of the logic bomb is to carry out an actual revenge against
the employer for example, a system manager or administrator who is
angry about being fired- my installed logic bomb will delete information
or disrupt network operations at a later time. This happened in the past
Another usable logic bomb is cyber espionage . ‫تجسس‬The logic bomb can
be triggered at later time when certain conditions are met giving the at-
tacker back door to get information, or carry out other malicious activi-
ties.
Prevention
To protect against the logic bombs is important to implement strict access
controls and monitoring of sensitive systems and data, and suspicious
activities or behavior by insiders who might be motivated to carry out
actual revenge or cyber espionage..
Certain companies Grant some employees a vacation, the reason is not
being nice, but giving the company time to conduct investigations and
forensic ‫الطب الشرعي‬analysis on the employees systems devices and
network activities just to prevent something like logic bombs
Adware
Adware, short for advertising supported software, is a type of software that
displays advertising on a user’s computer or mobile device.
Adware can come in many different forms: pop-ups, banners, and other
types of advertising
Purpose
The main purpose of Adware is to generate revenue ‫ربح‬for its developers by
displaying advertisements to users.
Problems:
While some Adware is legitimate, some can be malicious and may collect sensi-
tive data or even install other types of malware potentially malicious and harm
your device by slowing down, hijacking your browser, and possibly installing vi-
ruses or spyware. And possibly installing virus and spyware.
To sum it up, Adware can be good, bad, and ugly
Botnet
A botnet is a collection of internet-connected devices (zombies) that has
been infected with malware and are under the control of a single attacker
known as Bot Master
The devices in a botnet, known as bots or zombies are typically com-
promised ‫مساومة‬without knowledge or consent of their owners and it
can be used to carry out variety malicious activities.
Botnets: created by infecting devices with malware, such as a Trojan horse,
or a virus, through a variety of means including officially email software
downloads, or exploiting vulnerabilities in software or operating systems
Once infected, the devices become part of a botnet and it can be controlled re-
motely by Bot Master
Purposes:
Once this malware is installed, it can do a lot of problems, such as:
Distributed Denial Of Service or DDOS attacks
Sending spam emails
Stealing sensitive information
Cary out other types of cyber attacks
Because botnets are made up of many individual devices and they can be very
difficult to detect and shutdown.
To protect against botnet,
it is important to use up-to-date security software and keep all software up
and operating systems patched and updated to prevent vulnerabilities ‫نقاط‬
‫الضعف‬that could be exploited by botnets and other types of malware.
Users should also be cautious , never opening email attachments or clicking
on links from unknown sources
armored virus
•They are viruses that do their best to avoid detection
•There are three ways to inject armored viruses:
•Appender virus injection in addition
•Split virus injection
•Swiss cheese virus injection by distribution (or the Swiss cheese method)

Appender virus infection

•It is very simple in terms of structure.
•Replaces the beginning of the file
with a jump instruction pointing to the
virus code.
•appends itself to the end of the file.
•As soon as the program starts, it
goes to the virus code

Split infection
•It breaks the malicious code itself into
several parts.
•It also contains jump instructions at the
start of the program.
•All pieces of virus code are placed at ran-
dom locations throughout the host pro-
gram.
•The virus also contains one master code
•The virus may contain incorrect code to
hide its purpose
•The virus code is recompiled to initiate in-
fection
Swiss cheese virus infection
•It consists of two parts:
•encrypted virus code
•The decrypted code which is divided into different parts and hidden in various
places throughout the infected program. When the program starts, the decrypt-
ed code fragments are strung together to start the encrypted virus code.
•The upper part contains the infected program
•The lower part contains the encrypted virus code
•The jump instructions refer to the decoding of Part 1
•Part1 indicates the decoding of part2
•Part2 refers to part3
•Part3 refers to part4
•All of these decryption parts are put back together to open and start the en-
crypted virus
Armored viruses share some common features
•Malicious code is located in different parts of the infected program (host)
•It may contain some incorrect or confusing code to hide the virus.
•The virus code may be encrypted
•Bad news: They are hard to detect and remove
•Good news: They are large in size so they can be detected more easily
Cyber attacks and electronic crime
Cybercrime is criminal activity that either targets or uses a computer, a comput-
er network or a networked device. Most cybercrime is committed by cybercrimi-
nals or hackers who want to make money. However, occasionally cybercrime
aims to damage computers or networks for reasons other than profit. These
could be political or personal.

Cybercrime can be carried out by individuals or organizations. Some cybercrim-

inals are organized, use advanced techniques and are highly technically skilled.
Others are novice hackers.

What are the types of cybercrime?

Types of cybercrime include:

• Email and internet fraud.

• Identity fraud (where personal information is stolen and used).

• Theft of financial or card payment data.

• Theft and sale of corporate data.

• Cyberextortion (demanding money to prevent a threatened attack).

Ransomware attacks (a type of cyberextortion).

• Cyberespionage (where hackers access government or company data).

• Interfering with systems in a way that compromises a network.

• Infringing copyright.

Selling illegal items online.

Cybercrime involves one or both of the following:

Criminal activity targeting computers using viruses and other types of mal-
ware.
Criminal activity using computers to commit other crimes.

Cybercriminals that target computers may infect them with malware to damage
devices or stop them working. They may also use malware to delete or steal da-
ta. Or cybercriminals may stop users from using a website or network or prevent
a business providing a software service to its customers, which is called a Deni-
al-of-Service (DoS) attack.

Cybercrime that uses computers to commit other crimes may involve using
computers or networks to spread malware, illegal information or illegal images.

Cybercriminals are often doing both at once. They may target computers with
viruses first and then use them to spread malware to other machines or
throughout a network. Some jurisdictions recognize a third category of cyber-
crime which is where a computer is used as an accessory to crime. An example
of this is using a computer to store stolen data.
Types of cyber attacks
1- dictionary attack and brute force attack
• In any huge commercial database like google, amazon or E pay, all pass-
words used are stored in digest encoded form, never stored as plain text.
• However, hackers and cybercriminals can still steal these files and hack our
passwords.
• They use many methods and strategies, there are two types of this attack:
• Dictionary attack
• brute forceattack

dictionary attack
•It is a simple and fast attack
•By dictionary we mean any digital
resources that contain words, such
as Wikipedia.
1.Step 1: From the dictionary, hack-
ers create a table containing thou-
sands of words and then encrypt
these words with known custom
tools.
2.Step 2: Hackers compare these
encrypted words to those in the sto-
len file, if there is a match, they will
get the password.
Although such an approach might seem impossible by hand, computers can do it
very quickly and run millions of words in a few hours.
Brute force attack
•Here hackers use their computers to systematically cycle through every charac-
ter in the character set.
•The character set can be letters, symbols, numbers, or whatever the hackers
want.
hybrid attack
A brute force attack is a trial and error method that tries all combinations of a
password. This method is very effective for short passwords, but cracking all
possible passwords is only a matter of time.
Dictionary attack and brute force attack, or a combination of these two methods
we call a hybrid attack

We need to do at least three things to protect passwords

1. Strong password: It is at least 12 characters long, contains letters
(uppercase/lowercase), numbers, and special symbols.
2. Unique password: Use a unique password for each account. Never use
the same password for all accounts.
3. Change passwords at least every three months and do not reuse old pass-
words.
2- Phishing attacks
Phishing is a type of social engineering when a hacker sends a message
to trick victims into handing over sensitive information to hackers or into
installing viruses, trojans, or ransomware.
There are several common types of phishing attacks.

Email phishing
Most phishing attacks are phishing emails.
The target is broad: an indefinite individual, you and me and everyone else.
Hackers also receive phishing email attacks from other hackers.
There are some warning signs or alert signals of phishing email, such as the
salutation in the email and some personal cues that may seem inappropriate.
The messages give a sense of urgency, with tense language.
Phishing emails usually include suspicious links and attachments, and many
others.
The goal of email phishing or any type of phishing is to obtain sensitive infor-
mation and harm your computer.
Spare phishing
Phishing here is more personal and targeted
than phishing.
Target at a specific individual
The usual scenario is for the hacker to know in-
formation about the victim, such as their name,
job, family, or even hobbies. A hacker can easi-
ly get this information from social media plat-
forms.
The email is coming from a legitimate and trust-
worthy source.
The email is carefully designed, very profes-
sional in look and content.
Each recipient's email is tailored very personal-
ly, thus spear phishing can be hard to spot if
you're not careful.

Whaling
They are more targeted than spear phishing.
Aimed at very important people, senior executives,
CEO or CFO.
It is professionally designed, and is usually designed
with a strong understanding of business language
and tone of voice.
Expedited emails look believable when they come
from trusted vendors and partners.
They are hard to spot when a company has many
suppliers and partners.
Hackers obtain confidential information or money by
deceiving victims, such as:
Click a link or download/open attachments.
Submit all employee information
money transfer
Angler phishing
It is also called social media phishing.
It comes in different forms, for example, a hacker sends emails that appear to
come directly from a social media, or a hacker posts a message on your social
media with a link or attachment.
By posing as a customer service agent, a hacker lures victims into handing over
confidential information, for example:
You are complaining about a commercial product or service on Facebook.
The hacker pretends to be a customer service company and tries to help you.
Time after time, he reveals your personal information or financial secrets.
Thus, never believe anyone who contacts you to help you through social media
and never post or share any sensitive information via social media.
Smishing
Smishing attacks are also called SMS phishing attacks.
It uses text messages on your smartphone to get your
information.
SMS stands for Short Message Service, or simply – text
messaging.
By disguising ‫تمويه‬themselves as a trustworthy
organization in a text message, smishing hackers try to
get your personal and financial information.
Smishing attacks have increased dramatically since
2019.
Smishing is similar to email phishing, SMS hackers trick
victims, such as:
• Clicking a link,
• Hand over confidential information.
• Download malicious software on their smartphones

Here are some examples of Smishing attacks

This one uses Amazon.
The text says we found that there’s a suspecious logging attempt on your ac-
count , they use scare yiu tactics to get you to click the link or download the at-
tachment or both
The second example uses Amazon
too, but this time they use the ship-
ping address as a debate ‫موضوع‬
‫للمناقشه‬if you click the link and you
will see Amazon login page which is
debate and it looks real, if you enter
your login information like user
name and password and then sub-
mit the login page, all information
will go to the hackers computer.

This one uses the same tricks, but

uses the U.S post services instead

This one uses same tricks but

more general, thus tricking more
people.
 And this one I got it from
Wells Fargo bank as a matter
of fact, I got nothing in the
bank and joke is on the hack-
er.

Beside there is many other of smishing attacks like you are qualified for coordi-
nating stimulous checks or you got a big prize or you got a scary notice, a law-
suit fighting against you. And you name it just like any other type of phishing at-
tacks
Smishing hackers or scammers use the same sort of engineer trickers, either too
exciting or too good to be true, or very scary, very urgent and you want to ad-
dress or solve the problem immediately. That’s the hackers want you to do.
Four never tips to help defend against smishing
1. Never respond to texts from unknown numbers.
2. Never share sensitive personal or financial information by text.
3. Never click any links in a text message.
4. Never expect any government agencies to text you.
To help your cellphone company to fight against scam text messages, you can
forward smishing scams to 7726
Vishing
Using telephone conversations to steal confidential information.
Using increasingly sophisticated scare tactics and emotional manipulation to get
employees to hand over sensitive information.
Common phishing scams involve a hacker.
Impersonate a fraud investigator from your bank or credit card company.
Appearing as a manager from the company's headquarters.
Impersonating a health insurance representative
The security threat comes in different shapes and sizes. Hackers use all kinds of
tactics on different platforms and devices to hunt down the victim to steal their
confidential information and install malware on their system.
Phishing Emails
Phishing email is one of the most common ways hackers use to access your
confidential information, now we will talk about how to detect a phishing email.
This is an example email. We will use it as an example to learn about the na-
ture of email by examining the symptoms, alerts, or warning signs.
First, check the day and time.
It's Friday, fine, but Friday at 6pm is fishy. Usually no one works after 5pm on a
Friday. Thus, when you receive an email about your work during normal busi-
ness hours, so you need to be vigilant.

The second thing to look at is the sender

If the sender of the email is a stranger. This raises a red alert.
However, even if you do recognize the sender's name, we'll go one step further
by checking their email address, especially the part of the domain that appears
to the right of the @ symbol.
Keep in mind that any public domain such as gmail.com and yahoo.com will be
an indication of a phishing email.
Now look at the subject line
He says: within 24 hours your account will be closed. This is one of the signs of
a phishing email.
Hackers try to create a sense of urgency, any urgent or scary subject line will be
a strong indication that you have received a phishing email.
A common phishing email message is something like this:
Password change is required immediately.
Your Twitter / Facebook / LinkedIn account has been locked
Your bank account has been closed.
Importance ! Please solve the problem
Your credit card has been hacked
Some people panic when they see something urgent or scary like this, they tend
to respond quickly without thinking twice. This is exactly what hackers want the
recipient to do. Keep in mind that legitimate companies and organizations do not
solicit your sensitive information via email.
Logo
The correct tagline is not proof that the email is not a scam. Be aware of the fact
that hackers do their best to trick you. They can use valid logos to make emails
look trustworthy.

Salutation
A phishing email salutation is often an impersonal address, such as Dear Cus-
tomer.
Legitimate companies or organizations address you by name, and if the email
is for a group of people, an informal greeting is Hello everyone, Hello fellows.
A more formal greeting could be: Dear Coworkers, or Dear Colleagues.
the message
There are a lot of grammatical errors. Many phishing emails can be written very
professionally without any grammatical or spelling errors. Not all hackers are
non-native speakers of English. The best hackers are English speakers.

Suspicious link
One of the most important signs of a phishing email is a suspicious link. These
links are often formatted to look like legitimate links.
If you suspect a link, hover your mouse over it but don't click it to see if the URL
leads to a website that matches what is written in the email. If you weren't care-
ful and clicked the link, here's what might happen to you:
It may take you to a legitimate-looking page that asks for a username and pass-
word for login information.
It leads you to download malware to your computer
Look at the email signature
An email signature is impersonal, and is typical of a department or organization
with a specific name.
The signature here is: university without specifying the name of the university. If
the email is from a university, it should be an address for a specific university.

Phishing emails come in various forms and increasingly sophisticated methods.

Oftentimes, they are hard to detect, but with some training it is not an impossible
task
 Scam, hoax, computer prank, spam,
SPIM, SPIT
SCAM
• It is a fraudulent scheme that attempts to obtain sensitive data or money
from people.
• Scammers take advantage of people's desire to get quick money, or for
anything important.
• Scammers may present themselves as someone with skills or authority,
such as lawyers, investors, or doctors.
• There are many types of SCAM operations that perform certain opera-
tions, such as
• Quick win / lottery scam
• Debt collection, relief and settlement scam
• Mortgage/foreclosure scam
• Online job application scam
• Tech support scam
To protect yourself from scams
• Never share passwords, credit cards, or Social Security with anyone
online.
• Do not pay in advance for the promised prize
• Remember, no one wants to share wealth with you. No matter how hard
they try to convince you
• Remember, there is no easy money.
• Remember, never trust people you meet online.
• If it's too good to be true, it probably isn't, a scam.
 Computer virus hoaxes
• A computer virus hoax is an email message that warns the recipient of a
non-existent computer virus threat.
• Email Thread - Well-meaning recipients send it to friends, family, and
colleagues. It spreads quickly.
• Virus hoaxes are usually harmless but annoying.
• Most hoaxes are annoying in nature, for example
• Your computer will be destroyed.
• Your computer will be burned.
• Your computer files will be deleted

Computer pranks
Computer pranks are funny, harm-
less, but annoying actions.
Usually performed by nerdy co-
workers or classmates, e.g
Move the mouse randomly
Fake Desktop - Window blue screen
of death, frozen desktop
Reverse mouse scroll wheel
 Spam
• Spam refers to unsolicited commercial ad-
vertisements sent through emails, text
messages or Internet postings to a large
number of recipients in a large number of
places.
• Spamming is the use of messaging sys-
tems to send spam to large numbers of
recipients.
• The term spam originated from a British
Monty Python sketch about a restaurant
that had spam on almost every dish.
• It is also a brand of canned cooked meat
in the United States

SPIM & SPIT

SPIM is an acronym for Spam Instant Messaging - Spam Advertising in Instant
Messages.
SPIT SPAM VIA IP TELEPHONE OR INTERNET PHONE.
Two types of spam are increasing via the instant messaging system and the in-
ternet phone
Kill chain methodology
The US military uses the Kill Chain concept to define the steps of launching a
successful attack.
An electronic attack from seven stages, and a defense model used to deter-
mine and prevent electronic attacks on the computer network.

The series consists of four stages

1- Detect
Detecting target definition to find the enemy's goal using radar, satellites and
other survey means
2 Deliver
Sending power to the target, which may include sending soldiers, equipment,
and other necessary resources to the target for the next stage.

3 Decide
Issuing an order to attack the goal

4 Destruction
Destroy the target
The Cyber Kill Chain methodology
Inspired by the Kill Chain model, established Look Heed Martin, an American
defense and technology company, Cyber Kill Chain as an electronic defense
framework.
The Cyber Kill Chain series consists of seven stages, each stage shows a spe-
cific goal along the attacker's path. Each stage is required to achieve the next
stage.

1. Reconnaissance
This is the starting point, the information collection stage. At this stage, the at-
tacker chooses his goal, then he is searching a deep search on the goal to de-
termine the weaknesses.
2. Weaponization
At this stage, the attacker creates a malicious weapon like the virus, Worms or
other tools to exploit the weaknesses in the target. In general, armament de-
pends on the targeted weaknesses.

3. Delivery
This stage includes sending weapons to the target. The attacker can use differ-
ent ways such as deceptive emails, social engineering methods, web sites that
have been hacked, user accounts and USB drives.
4. Exploitation
At this stage, the harmful program is run to exploit the weak goal

5. Installation
At this stage, attackers can install harmful software instructions, adjust the Se-
curity Circuits or install time bombs in the system.
Everything that is installed at this stage depends on the attacker's purpose
and weak system points
6. Command and control
At this stage, the attacker controls the goal and manipulates it from a distance.
The affected system is located in the hands of the bad guys

7. Actions on objectives
This is the last stage of the Cyber Kill Chain series. The attacker achieves
his goals such as data encryption, ransom, data theft, or data damage.
breaking cyber kill chain
To launch a successful electronic attack, infiltrators must pass every stage in a
serial order.
If we can stop them at any special stage in the early stages, we can break the
series or endanger their attacks.
If they cannot reach our network and systems for example, they will not be able
to install harmful programs, then they cannot control our network and systems,
and therefore they cannot steal our data or destroy it.
We must take steps at every stage to repel attacks. Keep in mind that the early
stage in which we take action is the best stage of their defeat.
1. Stopping reconnaissance
• Perform a continuous examination of Scan Network.
• Monitor and stop suspicious traffic using protection walls, IDS and IPS.
• Correctly manage devices, for example, fixed drives.
• Restricting the access of the user to databases and sensitive documents.
• Training users in all forms of social engineering attacks, such as hunting at-
tack.
• Training users to restrict what they can publish on social media, emails or
shared tablets.
2. Stopping weaponization.
Stopping the survey will disrupt this stage, otherwise there will be much that we
can do at this stage.
3. Stopping delivery.
Forming the walls, routers, and control control menu to prohibit harmful pro-
grams and risky web sites.
Installing the control of malware on both devices and network.
Training users on the correct use of USB drives
Restricting users to download and install programs and programs
4. Stopping exploitation
Maintaining systems and devices is corrected and updated
Training users to identify the signs of harmful programs.
5. Stopping installation
Restricting the powers of the user account
Separate the powers of the user
Implementing strong passwords and imposing password changes.
Implementing the authenticity of workers

6. Stopping command and control

Blocking the leadership and control communications issued
Banning well -known malicious sites through the URL titles
Attack the attacks to Honey Pots, Honey Net
7. Stopping actions on objectives
monitoring electronic attack indicators on the network
Immediate response