Cyber

Security
• Cyber security refers to the body of technologies,
processes, and practices designed to protect networks,
devices, programs, and data from attack, damage, or
unauthorized access.
 Cyber Security is
Safety
• Security: We must protect our computers and data in the
same way that we secure the doors to our homes.
• Safety: We must behave in ways that protect us against
risks and threats that come with technology.
What is a Secure System? (CIA Triad)

• Confidentiality –
restrict access to
authorized individuals
• Integrity – data has
not been altered in an
unauthorized manner
• Availability –
Availabilit
y information can be
accessed and
modified by authorized
individuals in an
appropriate timeframe
 CIA
Triad
Confidentiali Example:
Criminal steals
ty customers’
usernames,
passwords, or
credit card
information

Protecting
information
from
unauthorized
access and
disclosure
 CIA
Triad
Integrit
y
Protecting

informatio
n from
unauthoriz
ed
Example:
modificati
Someone alters
on payroll information
or a proposed
product design
 CIA
Triad
Availabilit Example:
Your
y customers
are unable
to access
your online
services
Preventing
disruption
in how
informatio
n is
accessed
 Threats and
Vulnerabilities
 Whatare we protecting our and our
stakeholders information from?
Threats: Any circumstances or events that can
potentially harm an information system by
destroying it, disclosing the information stored
on the system, adversely modifying data, or
making the system unavailable
Vulnerabilities: Weakness in an information
system or its components that could be
exploited.
 Phishin
g refers to the practice of creating fake emails or SMS that
 Phishing
appear to come from someone you trust, such as: Bank, Credit
Card Company, Popular Websites
 The email/SMS will ask you to “confirm your account details or your
vendor’s account details”, and then direct you to a website that
looks just like the real website, but whose sole purpose is for steal
information.
 Of course, if you enter your information, a cybercriminal could use
it to steal your identity and possible make fraudulent purchases
with your money.
 Phishing
Statistics
 Verizon DBIR 2020: Phishing is the biggest cyber
threat for SMBs, accounting for 30% of SMB
breaches
 KnowBe4: 37.9% of Untrained Users Fail Phishing
Tests
 84% of SMBs are targeted by Phishing attacks
 A new Phishing site launches every 20 seconds
 74% of all Phishing websites use HTTPS
 94% of Malware is delivered via email
Example of
Phishing
 Social
Engineering
 When attempting to steal information or
a person’s identity, a hacker will often
try to trick you into giving out sensitive
information rather than breaking into
your computer.
 Social Engineering can happen:
 Over the phone
 By text message
 Instant message
 Email
Malwar
e
 Malware = “malicious software”
 Malware is any kind of unwanted software
that is installed without your consent on
your computer and other digital devices.
 Viruses, Worms, Trojan horses, Bombs,
Spyware, Adware, Ransomware are
subgroups of malware.
Viruse
s
A virus tries to infect a carrier, which in
turn relies on the carrier to spread the
virus around.
A computer virus is a program that can
replicate itself and spread from one
computer to another.
 Viruses
cont.
 Direct infection: virus can infect files every time
a user opens that specific infected program,
document or file.
 Fast Infection: is when a virus infects any file
that is accessed by the program that is infected.
 Slowinfection: is when the virus infects any new
or modified program, file or document.
 Great way to trick a antivirus program!
 Sparse Infection: is the process of randomly
infecting files, etc. on the computer.
 RAM-resident infection: is when the infection
buries
itself in your Computer’s Random Access Memory.
Trojan
s
 Trojan horse: is a program or software designed to look
like a useful or legitimate file.
 Once the program is installed and opened it steals
information or deletes data.
 Trojan horses compared to other types of malware is that
it usually runs only once and then is done functioning.
 Some create back-door effects
 Another distribution of Trojans is by infecting a server that
hosts websites.
 Downfall of Trojans: very reliant on the user.
Worm
s
 Worms and viruses get interchanged commonly
in the media.
 In reality a worm is more dangerous than a
virus.
 User Propagation vs. Self Propagation
 Worm is designed to replicate itself and
disperse
throughout the user’s network.
 EmailWorms and Internet Worms are the two
most common worm.
 Adware and

Spyware
Adware is a type of malware designed to display
advertisements in the user’s software.
 They can be designed to be harmless or harmful; the
adware gathers information on what the user searches
the World Wide Web for.
 With this gathered information it displays ads
corresponding to information collected.
 Spyware is like adware it spies on the user to see what
information it can collect off the user’s computer to
display pop ads on the user’s computer.
 Spyware unlike adware likes to use memory from
programs running in the background of the computer to
keep close watch on the user.
 This most often clogs up the computer causing the
computer
program or to slow down and become un-
functional.
Exploit
Kit
COVID-19 Cyber
Threats
COVID-19 Cyber
Threats
COVID-19 Cyber
Threats
COVID-19 Cyber
Threats
 COVID-19 Cyber
Threats
• Google: 18+ Million COVID-19 emails in just the one week, in
addition to 240M daily COVID-19 spam messages
• Phishing up 667% right now
• FBI IC3: 4x complaints per day (1K before COVID-19, now 3k-4k
per day)
• 148% spike in ransomware attacks due to COVID-19
• 30%-40% increase in attacker interest relating to RDP (as
measured by Shodan)
• 26% increase in e-comm web skimming in March
• Healthcare, Financial Services, Medical Suppliers and
Manufacturing, Government and Media Outlets all seeing a
large increase in cyber threats
 Cyber Crime

Cyber Crime is a generic term that refers to all criminal activities

done using the medium of communication devices, computers,
mobile phones, tablets etc. It can be categorized in three ways:
•The computer as a target – attacking the computers of others.
•The computer as a weapon- Using a computer to commit
“traditional crime” that we see in the physical world.
•The computer as an accessory- Using a computer as a “fancy
filing cabinet” to store illegal or stolen information.
How do you look like to Bad
guys?

66.233.160.64
Hackin
g
 Financial (theft,
fraud, blackmail)
 Political/State
(state
level/military)
 Fame/Kudos
(fun/status)
 Hacktivism (cause)
 PenTesters (legal
hacking)
 Police
 Insider

Which hat you want to
wear?
Ethical
Hacking
System
Hacking System hacking is a vast subject that
consists of hacking the different
software-
based technological systems such as
laptops, desktops, etc.
 System hacking is defined as the
compromise of computer systems
and
software to access the target
computer
and steal or misuse their sensitive
information.
 Here the malicious hacker exploits the
weaknesses in a computer system or
network to gain unauthorized access to
its data or take illegal advantage.
 Hackers generally use viruses,
malware,
syste worms, phishing techniques,
Trojans,
 WHAT IS
FOOTPRINTING?
 Definition: the gathering of
information
about a potential system or network
(the fine art of gathering target
information)
 a.k.a. fingerprinting
 Attacker’s point of view
 Identify potential target systems
 Identify which types of attacks may be
useful on target systems
 Defender’s point of view
 Know
available tools
 May be able to tell if system is being
footprinted, be more prepared for possible
attack
 Vulnerability analysis: know what
information you’re giving away, what
 WHAT IS
FOOTPRINTING?
 System (Local or Remote)  Networks / Enterprises
 IPAddress, Name and  System information for all
Domain hosts
 Operating System  Network topology
 Type (Windows, Linux, Gateways
Solaris, Mac) Firewalls
 Version (XP/Vista/7/10, Overall topology
Redhat, Fedora, SuSe,
Ubuntu, OS X)  Network traffic
 Usernames (and their information
passwords)  Specialized servers
 File structure  Web, Database, FTP,
 Open Ports (what Email, etc.
services/programs are  Social Media
running on the system)
 Vulnerability
Scanner
 Functions of Vulnerability Scanner are far
different from firewall or intrusion detection
system.
 Vulnerability scanning tools helps you in
protecting your organization from any kind of
security risks or threats by scanning with deep
inspection of endpoints to ensure that they are
configured securely and correctly.
 The prime aim of running a vulnerability
scanner is to identify the devices that are open
for vulnerabilities.
 Types of Vulnerability
Scanner
 Port scanner
 Network vulnerability
scanner
 Web application security
scanner
 Database security scanner.
 Host based vulnerability
scanner
 ERP security scanner.
 Single vulnerability tests.
 Virus
Detection
• Simple Anti-virus Scanners
– Look for signatures (fragments of known virus code)
– Heuristics for recognizing code associated with viruses
• Example: polymorphic viruses often use decryption loops
– Integrity checking to detect file modifications
– Keep track of file sizes, checksums, keyed HMACs of contents
• Generic decryption and emulation
– Emulate CPU execution for a few hundred instructions, recognize known
virus body after it has been decrypted
– Does not work very well against viruses with mutating bodies and viruses
not located near beginning of infected executable
 Virus
Detection
• Simple Anti-virus Scanners
– Look for signatures (fragments of known virus code)
– Heuristics for recognizing code associated with viruses
• Example: polymorphic viruses often use decryption loops
– Integrity checking to detect file modifications
– Keep track of file sizes, checksums, keyed HMACs of contents
• Generic decryption and emulation
– Emulate CPU execution for a few hundred instructions, recognize known
virus body after it has been decrypted
– Does not work very well against viruses with mutating bodies and viruses
not located near beginning of infected executable
Summa
ry • Cybersecurity will require a
significant workforce with deep
domain knowledge.
• Almost everything is hooked up
to the internet in some sort of
form.
• Recent events have widened
the eyes of many security
experts.
• The ability to gain access to
high security organizations,
infrastructures or mainframes
has frightened many people.
• Could one click of the mouse
start World War III?
Thank you!
Click Here