Cybersecurity (Module 2)

Technical notes

Social Engineering Attacks

Social engineering is a manipulation technique where attackers exploit human
error to gain access to sensitive information, systems, or valuables. Instead of
attacking systems directly, they target people using psychological tricks.
Types of Social Engineering Attacks:
1. Social Media Phishing:
Attackers gather detailed information about a person from their social
media profiles and use it to create personalized attacks.
Example: Sending fake messages pretending to be someone the person
knows.
2. Waterhole Attack:
Attackers target websites frequently used by specific groups. When
people visit these websites, their systems get infected.
Example: A popular forum or company website being infected with
malware.
3. USB Baiting:
Attackers leave malware-infected USB drives in places like offices or
parking lots, hoping someone will pick them up and plug them into their
devices.
Example: A USB labelled "Confidential Salary Details" left in the office.
4. Physical Social Engineering:
Attackers pretend to be employees, customers, or vendors to gain access
to restricted physical areas.
Example: Pretending to be a delivery person to enter a secure building.

Phishing Attacks
Phishing is a type of cyberattack where attackers use fake digital
communication, like emails, messages, or calls, to trick people into revealing
sensitive information or installing malicious software.
Types of Phishing Attacks:
1. Business Email Compromise (BEC):
Attackers send fake emails pretending to be from trusted sources like a
boss or a company, asking for financial information or money transfers.
Example: An email that looks like it's from your manager asking you to
transfer funds.
 2. Spear Phishing:
A targeted attack on a specific person or group where the attacker uses
personal details to make the email look trustworthy.
Example: An email saying, "Hey [Your Name], here’s the file you asked
for," with a malicious attachment.
3. Whaling:
A type of spear phishing where high-profile individuals like CEOs or
executives are targeted.
Example: An email to a CEO asking to confirm sensitive financial details.
4. Vishing (Voice Phishing):
Attackers use phone calls to trick victims into revealing sensitive
information.
Example: A fake bank call asking for your card details.
5. Smishing (SMS Phishing):
Attackers send text messages with malicious links or requests for
sensitive details.
Example: "Your account is locked. Click here to verify your credentials."

Malware
Malware, short for malicious software, is any software designed to harm,
exploit, or disrupt devices, networks, or systems. It can steal data, slow down
devices, or even take control of systems.
Types of Malware:
1. Viruses:
Malicious code that attaches itself to files or programs and spreads when
the file is opened. A virus needs human action to activate.
Example: Downloading a fake attachment that corrupts your files.
2. Worms:
Malware that spreads on its own without user interaction. Worms move
across devices in the same network and replicate themselves.
Example: A worm infecting all devices in an office network.
3. Ransomware:
Locks or encrypts your data and demands a ransom to restore access.
Attackers aim to make money, not harm the data.
Example: An attack where your files are encrypted, and a payment is
demanded for decryption.
4. Spyware:
Secretly tracks your activities to collect sensitive data like passwords,
browsing history, or location.
Example: A program monitoring your keystrokes to steal login
credentials.
 5. Trojan Horses:
Disguises itself as legitimate software but performs malicious activities
once installed.
Example: A fake antivirus program that steals your data.

Brain Virus (1986):

 What it is:
The first PC virus, created by two brothers (Basit and Amjad Farooq Alvi)
in Pakistan.
 How it worked:
o It infected floppy disks by overwriting their boot sectors.

o When an infected floppy disk was inserted, the virus activated and
spread to other floppies.
o It displayed a message with the brothers’ contact info, claiming
they wanted to prevent piracy.
 Impact: It slowed down systems but wasn’t highly destructive

2. Morris Worm (1988):

 What it is:
One of the first internet worms, created by Robert Tappan Morris.
 How it worked:
o Exploited vulnerabilities in Unix systems like weak passwords and
software flaws.
o It replicated itself and consumed system resources, causing
slowdowns and crashes.
 Impact:
o Infected over 6,000 machines (10% of the internet at that time).

o Estimated cost of recovery: $10M–$100M.

o Resulted in the creation of the Computer Fraud and Abuse Act.

3. LOVELETTER ATTACK Virus (2000):

 What it is:
A malware disguised as a love letter sent via email.
 How it worked:
 o The subject line said "ILOVEYOU" and had an attachment named
LOVE-LETTER-FOR-YOU.TXT.vbs.
o Once opened, it spread by emailing itself to all contacts and
overwriting image/music files.
 Impact:
o Infected 10% of the world’s computers within hours.

o Caused damage worth $5.5 billion.

4.Equifax Data Breach (2017):

 What it is:
A massive data breach affecting the U.S. credit bureau Equifax.
 How it worked:
o Exploited an unpatched vulnerability in Apache Struts (web
application framework).
o Attackers accessed sensitive information of 147 million people,
including Social Security Numbers, addresses, and birth dates.
 Impact:
o One of the biggest breaches in history.

o Damaged trust in Equifax, with over $700M paid in fines and

settlements.

 CISSP EIGHT SECUIRTY DOMAINS

The CISSP (Certified Information Systems Security Professional) defines eight

security domains that help security professionals organize their work. These
domains are interconnected, meaning gaps in one area can negatively affect the
entire organization. The eight domains are split into two sets, and we’ll cover
the first four here:
1. Security and Risk Management:
o Focuses on defining security goals, risk mitigation, and compliance
with regulations.
o Includes business continuity and understanding laws (e.g., HIPAA
in healthcare).
o Example: A company must update policies for handling private
health information whenever HIPAA regulations change.
 2. Asset Security:
o Involves securing both digital and physical assets and handling
data securely.
o Covers storage, retention, and proper destruction of data.

o Example: A security analyst ensures that old, unused equipment is

properly wiped and disposed of to prevent data leakage.
3. Security Architecture and Engineering:
o Ensures the security of data through proper tools, systems, and
processes.
o Example: A security analyst configures firewalls to filter traffic and
block unauthorized access.
4. Communication and Network Security:
o Focuses on securing physical networks and wireless
communications.
o Example: A security analyst might notice that users are connecting
to unsecured public Wi-Fi and then create a policy to prevent it,
ensuring secure communications.
These domains are vital to understanding the different aspects of cybersecurity,
and while you don't need to be an expert in each one, a solid understanding of
these areas will help you grow in your career.

The next four security domains are critical in ensuring the protection of an
organization’s data and operations. Here’s a breakdown of each domain:
1. Identity and Access Management (IAM):
o Focuses on authenticating users and managing their access to
physical and logical assets (e.g., networks, applications).
o Ensures only authorized individuals have access to sensitive data
and systems.
o Example: As a security analyst, you might be tasked with setting up
keycard access for employees to ensure they can only access the
areas they are authorized for.
2. Security Assessment and Testing:
o Involves testing security controls and regularly auditing systems
to find risks and vulnerabilities.
o Analysts conduct security audits and assess user permissions to
ensure there is no unauthorized access.
 o Example: An analyst might audit access to payroll information to
ensure only authorized personnel can view it.
3. Security Operations:
o Focuses on incident response and investigation when a
potential threat is detected.
o Security analysts monitor for attacks, investigate suspicious
activity, and ensure preventive measures are in place.
o Example: If an unknown device is connected to the company
network, the security analyst would investigate and stop the
potential threat.
4. Software Development Security:
o Ensures secure coding practices are used during the
development of software and applications.
o Analysts collaborate with software teams to incorporate security
measures during the software development life cycle.
o Example: When a new mobile app is being developed, a security
analyst might advise on password policies or ensure that user
data is securely managed.