DENNIS OSADEBAY UNIVERSITY

FACULTY OF COMPUTING
DEPARTMENT OF CYBER SECURITY

COURSE TITLE: INTRODUCTION TO CYBERSECURITY AND STRATEGY (2 Units C: LH 30)

COURSE CODE: CYB 211

TOPIC: OVERVIEW OF BASIC CONCEPTS OF CYBER SECURITY

INTRODUCTION TO VULNERABILITIES, THREATS, AND ATTACKS

VULNERABILITY

Vulnerability—A weakness that is inherent in every network and device. E.g. routers, switches,
desktops, servers, and even security devices themselves.

 A feature or bug in a system or program which enables an attacker to bypass security measures.

• An aspect of a system or network that leaves it open to attack.

• Absence or weakness of a risk-reducing safeguard. It is a condition that has the potential to

allow a threat to occur with greater frequency, greater impact or both.

Vulnerabilities are the gaps or weaknesses in a system that make threats possible and tempt threat
actors to exploit them.

Primary vulnerabilities in a network:

■ Technology vulnerabilities - Examples: TCP/IP protocol weaknesses, operating system

weaknesses, and network equipment weaknesses.

■ Configuration vulnerabilities - Examples: system accounts with easily guessed passwords,

Unsecured user accounts, Misconfigured Misconfigurations of network equipment

■ Security policy vulnerabilities - Examples: nonexistent disaster recovery plan, Lack of written
security policy, etc

OWASP TOP TEN- study this again.

INTRODUCTION TO CYBER SECURITY AND STRATEGY CYB 211 Page |1

CYBER- THREATS

Threats—the people eager, willing, and qualified to take advantage of each security weakness,
and they continually search for new exploits and weaknesses.

A cyber security threat refers to any potential danger or malicious activity that can exploit
vulnerabilities in computer systems, networks, or data.

An event, the occurrence of which could have an undesirable impact on the well-being of an
asset. (ISC)2 International Information Systems Security Certification Consortium

Any circumstances or event that has the potential to cause harm to a system or network.

These may include things like vulnerabilities in software, malware, or social engineering tactics
used by attackers. Threats do not necessarily result in actual harm but instead represent possible
dangers that should be monitored and addressed to prevent future attacks.

THREAT AGENTS

– Natural---fire, floods, power failure, earth quakes, etc.

– Unintentional---insider, outsider---primarily non-hostile
– Intentional---Insider, outsider---hostile or non-hostile (curious)

CYBER - ATTACKS

A cyber-attack is an attempt by cybercriminals, hackers or other digital adversaries to access a

computer network or system, usually for the purpose of altering, stealing, destroying or exposing
information.

A cyber-attack is an intentional, malicious action carried out to exploit vulnerabilities in computer

systems, networks, or digital infrastructure. Cyber-attacks aim to compromise the confidentiality,
integrity, or availability of information.

Threats are potential risks or dangers, while attacks are active attempts to exploit those risks to
cause harm or steal sensitive information.

When a threat is successfully exploited, it becomes an attack. An attack is the execution or

realization of a cyber-threat with the intent to cause harm or gain unauthorized access.

INTRODUCTION TO CYBER SECURITY AND STRATEGY CYB 211 Page |2

CYBER ATTACK MOTIVES

Different motivations exist for those who attempt a cyber-attack. They are:

Financial -Many attackers are motivated by the potential to make money through cybercrime. This
can include stealing credit card information, extorting victims through ransom ware attacks, or
stealing and selling sensitive data on the dark web.

Social/Political “Hacktivism” - Some attackers are motivated by ideological or political reasons and
aim to use cyber-attacks to promote their cause or disrupt organizations they disagree with.

Espionage - State-sponsored attackers may engage in cyber espionage to gain access to sensitive
information, intellectual property, or government secrets. Nation-states may also launch cyber-
attacks for political reasons or to disrupt adversaries.

Revenge - Disgruntled employees or former employees are those that typically commit the lion’s
share of revenge-based cyber-attacks. The news is replete with stories of disgruntled former
employees attacking their former employees.

Disruption and Sabotage: Some attackers aim to disrupt operations, cause damage, or sabotage
critical infrastructure. This can include launching destructive malware or conducting denial-of-
service attacks to interrupt services.

Competitive Advantage/Stealing Trade Secrets: Business rivals might engage in cyber espionage
or attacks to gain a competitive edge, such as stealing proprietary information or disrupting a
competitor's operations.

Reputation damage: Some attackers aim to damage the reputation of an individual or

organization by stealing and leaking sensitive information or defacing websites.

CYBERSECURITY ATTACKS

1. Malware.

Malicious software designed to disrupt, damage, or gain unauthorized access to computer

systems.

Types of malware

 Trojan virus — is a type of malware that appears to be a legitimate program but contains
malicious code. Trojans are often disguised as useful software, such as games, utilities, or antivirus
programs, and can be downloaded from websites or email attachments. A Trojan can launch
an attack on a system and can establish a backdoor, which attackers can use.
 Ransomware — Ransomware is a type of malware that encrypts a victim's files or locks their
device, and then demands a ransom payment in exchange for restoring access.
 Worms — A computer worm is a type of malware that replicates itself and spreads to other
computers without the need for human intervention. Unlike viruses, which require a host
INTRODUCTION TO CYBER SECURITY AND STRATEGY CYB 211 Page |3
 program to replicate, worms are self-contained and can propagate through networks, email,
or removable media.
 Wiper malware — intends to destroy data or systems, by overwriting targeted files or
destroying an entire file system. Wipers are usually intended to send a political message, or
hide hacker activities after data exfiltration.
 Spyware — Spyware is a type of malware that is designed to monitor a user's activity, collect
sensitive information, and relay it to a third party without the user's knowledge or consent.
Spyware can be difficult to detect and can compromise the security and privacy of affected
individuals or organizations.
 Fileless malware — this type of malware that uses legitimate programs to infect a computer.
It does not rely on files and leaves no footprint, making it challenging to detect and remove.
It operates in a computer's memory instead of the hard drive.
 Application or website manipulation — OWASP outlines the top 10 application security
risks, ranging from broken access controls and security misconfiguration through injection
attacks and cryptographic failures. Once the vector is established through service account
acquisition, more malware, credential, or APT attacks are launched.

2. Social Engineering:

Social engineering is the act of using psychological manipulation to deceive people into
performing actions or divulging confidential information. Social engineering attacks can be used
to gain unauthorized access to sensitive data, systems, or physical locations.

Some common techniques used in social engineering attacks include:

Phishing: Sending fake emails or texts that appear to be from a legitimate source in order to trick
the recipient into providing sensitive information or downloading malware. Email phishing, spear
phishing, vishing (voice phishing), smishing (SMS phishing).

Baiting: Offering something for free, such as a free gift or a tempting link, in order to entice the
target into providing sensitive information or downloading malware.

Pretexting: Creating a plausible scenario or story in order to gain a target's trust and convince
them to provide sensitive information or take a specific action.

Tailgating: Following an authorized individual into a secure area without proper authorization,
often by pretending to be a visitor or delivery person.

Dumpster diving: Searching through a target's trash for sensitive information, such as discarded
documents or passwords.

INTRODUCTION TO CYBER SECURITY AND STRATEGY CYB 211 Page |4

3. Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks:

A distributed denial-of-service (DDoS) attack is a type of cyberattack in which a large number of

devices are used to overwhelm a target system or network with traffic, rendering it unavailable
to legitimate users. Some common types of DDoS attacks include:

Volume-based attacks: Flood the target with large amounts of traffic, such as UDP or ICMP
packets.

Protocol attacks: Overwhelm the target's resources by exploiting vulnerabilities in protocols such
as TCP or HTTP.

Application-layer attacks: Target specific vulnerabilities in the target's applications or services, such
as a web server or email server.

Multivector attacks: Use a combination of different attack methods to make the attack more
difficult to defend against.

TCP SYN flood attack: attacks flood the target system with connection requests. When the target
system attempts to complete the connection, the attacker’s device does not respond, forcing the
target system to time out. This quickly fills the connection queue, preventing legitimate users from
connecting.

4. Man-in-the-Middle (MitM) Attacks:

Intercepting and altering communications between two parties without their knowledge. A man-
in-the-middle (MITM) attack is a type of cyberattack where the attacker intercepts and relays
messages between two parties who believe they are communicating directly with each other.
Some common types of MITM attacks include:

Session hijacking: The attacker intercepts a session cookie or other authentication token and uses
it to take over a user's session.

Evil twin attacks: The attacker sets up a fake Wi-Fi access point with a legitimate-sounding name,
tricking users into connecting and revealing their credentials.

DNS spoofing: The attacker modifies DNS records to redirect traffic to a malicious server, allowing
them to intercept and modify traffic.

HTTPS stripping: The attacker intercepts an HTTPS connection and downgrades it to HTTP,
allowing them to intercept and modify the traffic.

INTRODUCTION TO CYBER SECURITY AND STRATEGY CYB 211 Page |5

5. Cross-Site Scripting (XSS):

Cross-site scripting (XSS) is a type of attack that allows an attacker to inject client-side scripts into
web pages viewed by other users.

XSS attacks occur when an attacker is able to insert malicious code, such as JavaScript, into a web
page or web application, allowing the attacker to steal cookies, hijack sessions, or perform other
malicious actions.

There are several types of XSS attacks, including:

Reflected XSS: The attacker includes the malicious code in a URL or form submission, which is
then reflected back to the victim's browser when they visit the affected page.

Stored XSS: The attacker injects the malicious code into a database or other data store, where it
is then executed when the affected page is viewed by a victim.

DOM-based XSS: The attacker injects the malicious code into the document object model (DOM)
of the web page, rather than the HTML code itself.

6. SQL Injection.

SQL injection is a type of cyber-attack that occurs when an attacker inserts or manipulates
malicious SQL (Structured Query Language) code into input fields or parameters in a web
application's database query. Types of SQL Injection:

Classic/Static SQL Injection: Involves injecting malicious SQL code directly into user input fields.

Blind SQL Injection: Exploits vulnerabilities without directly extracting data. The attacker infers
information based on the application's response.

Time-Based Blind SQL Injection: The attacker introduces delays in the SQL query to gather
information about the database.

Error-Based SQL Injection: The attacker exploits SQL errors generated by the application to extract
information about the database structure.

7. Password attacks.

Password attacks are techniques employed by attackers to gain unauthorized access to systems
or accounts by exploiting weaknesses in password security. Here are some common password
attacks:

1. Brute Force Attack: In a brute force attack, an attacker systematically tries all possible
combinations of passwords until the correct one is found.
INTRODUCTION TO CYBER SECURITY AND STRATEGY CYB 211 Page |6
2. Dictionary Attack: Attackers use a precompiled list of commonly used passwords (dictionary)
to systematically try each one against user accounts.

3. Credential Stuffing: Attackers use previously leaked username and password combinations from
one service to gain unauthorized access to other services where users reuse passwords.

4. Phishing Attacks: Attackers trick individuals into revealing their passwords by posing as a
trustworthy entity, often through deceptive emails, websites, or messages.

5. Keylogging: Malicious software or hardware records keystrokes on a user's device, capturing

passwords as they are entered.

TOPIC: CYBER SECURITY PRINCIPLES

Cyber security principles act as a set of instructions that help to safeguard networks and systems
against cyber threats.

They help us to govern and protect the data by detecting and responding to network
vulnerabilities.

The principles of cyber security assists organizations in creating robust frameworks to enforce strict
security of networks and data.

Purpose
These cyber security principles are grouped into four key activities: govern, protect, detect and
respond.

• Govern: Identifying and managing security risks.

• Protect: Implementing controls to reduce security risks.
• Detect: Detecting and understanding cyber security events to identify cyber security
incidents.
• Respond: Responding to and recovering from cyber security incidents.

INTRODUCTION TO CYBER SECURITY AND STRATEGY CYB 211 Page |7

 Cyber Security Design Principles

1. Economy of Mechanism
2. Fail-safe defaults
3. Least privilege
4. Open design
5. Separation of Privilege
6. Complete mediation
7. Least Common Mechanism
8. Work factor
9. Psychological acceptability
10. Compromise Recording
11. Principles of defense in depth

Economy of Mechanism

It states that the mechanisms employed for cyber security must be easy to design and implement.
If a security mechanism is complex, its implementation can bring a lot of challenges and at the
same time, is prone to errors.

Example of Economy of Mechanism would be the use of a single sign-on (SSO) system in an
organization. Instead of requiring separate logins for each application (email, project
management, file storage, etc.), an organization implements a single sign-on system. With SSO,
users log in once and are granted access to all approved applications. This streamlined
authentication method reduces the complexity of managing multiple passwords and access points,
which lowers the likelihood of configuration errors, reduces administrative overhead, and
minimizes security vulnerabilities across systems.

INTRODUCTION TO CYBER SECURITY AND STRATEGY CYB 211 Page |8