CYBERSECURITYFUNDAMENTALSCYBERSECURITYFUNDAMENTALSSITI NUR EDAYU HASHIMNOOR AISHAH ZAINIAR
CYBERSECURITYFUNDAMENTALSCYBERSECURITYFUNDAMENTALSSITI NUR EDAYU HASHIMNOOR AISHAH ZAINIARPUBLISHER:
POLITEKNIK SULTAN IDRIS SHAHKEMENTERIAN PENDIDIKAN TINGGIALL RIGHTS RESERVEDFIRST ISSUE 2025All rights reserved. No part of this publication may bereproduced, stored in a retrieval system, or transmittedin any form or by any means, including electronic,mechanical, photocopying, recording, or otherwise,without the written permission of the Owner andPublisher of Politeknik Sultan Idris Shah.e ISBN 978-629-7742-24-3Published by:Politeknik Sultan Idris Shah Sungai Lang, 45100Sungai Air Tawar, Selangor Darul Ehsan.Contact : 03-3280 6200Fax : 03-3280 6400Website : www.psis.mypolycc.edu.my
ACKNOWLEDGEMENTAlhamdulillah, all praises and thanks to Allah because ofHis Almighty for giving us the strength and His utmostblessings, we were able to complete this eBook.We would like to take this opportunity to express oursincere and heartiest gratitude to our Head ofDepartment, and reviewer panels for their constructivecomments and consultations, and guidance, thatnothing is comparable to the keen advice they providedfor us in completing this eBook.Lastly, we would to express our deepest appreciation toour family members and colleagues for theirunderstanding, supports, encouragement, cooperation,and continuous motivations throughout this journey.I
PREFACEThis eBook, Cybersecurity Fundamentals, aims to equipreaders with a thorough understanding of essentialcybersecurity concepts, including various threats, cyberattacks, effective protection measures, and thesignificance of cybersecurity awareness in everyday life.It is specifically created to enhance the learningexperience and provide flexibility, enabling polytechnicstudents to build a strong foundation in cybersecurity,which is vital for safeguarding against the growingcomplexity of cyber threats.This eBook adopts a balanced approach, integratingtheories, hands-on exercises, and practical applications.It features real-world examples, case studies, and up-todate strategies that can be utilized to strengthen digitalsecurity. Through this guide, readers will gain theknowledge and skills needed to address cybersecuritychallenges and apply effective preventive measures. It isdesigned to help readers understand core concepts,adopt best practices, and contribute to a safer digitallandscape.II
SYNOPSISCybersecurity Fundamentals is a comprehensive guidedesigned to provide readers with a solid understandingof the essential principles of cybersecurity. Aimed atpolytechnic students and anyone eager to learn thebasics of digital security, this eBook covers a wide rangeof topics, including common cyber threats, types ofcyber attacks, best practices for protection, and thecritical role of cybersecurity awareness in daily life.The book strikes a balance between theory, exercisesand quizzes, offering insights into the latest strategiesfor enhancing security in digital environments. Throughcase studies and practical examples, readers will learnhow to identify, prevent, and respond to various cyberthreats. By the end of the eBook, readers will beequipped with the knowledge and skills to protectthemselves from increasingly sophisticated attacks andcontribute to a safer digital world.This eBook serves as a valuable reference to raiseawareness, improve cybersecurity literacy, and foster amore secure digital ecosystem for individuals andorganizations alike.III
CONTENTSIVACKNOWL EDGEMENTPRE FACESYNOPS I SCONT ENT SCYBERSECURITY FUNDAMENTALSTYPES OF CYBERSECURITY STUDIESGOALS OF INFORMATION SECURITYDESCRIBE ATTACKERS AND HACKERSSECURITY THREATS AND HAZARDSTYPES OF SECURITY THREATS AND HAZARDSSOURCES OF SECURITY THREATSEXERCISESINTRODUCTION TOCYBERSECURITYII II I IIV-VI7SECURITY ATTACKSCLASSIFICATION OF SECURITY ATTACKSTYPES OF SECURITY ATTACKSTYPES OF SOCIAL ENGINEERINGIMPERSONATION-BASED SOCIAL ENGINEERINGCOMPUTER-BASED SOCIAL ENGINEERINGMOBILE-BASED SOCIAL ENGINEERINGCYBER KILL METHODOLOGYEXERCISESMETHODSOF SECURITY ATTACKS 4 1
CONTENTSSECURITY POLICYINFORMATION SECURITY POLICY GOVERNANCE AND MANAGEMENTDEFINITION OF INFORMATION CLASSSIFICATIONAPPLY USERNAME AND PASSWORD MANAGEMENTAPPLY FILE AND FOLDER PERMISSIONAPPLY PROTECTING DATASECURITY PROCEDURESSECURITY PROCEDURES AND POLICIESPRIVILEGE MANAGEMENTUSER AND GROUP MANAGEMENTSINGLE SIGN-ON (SSO)AUDITINGEXERCISESINFORMATION SECURITYGOVERNANCE PRINCIPLES 1 4 2TYPES OF IT INFRASTRUCTURESCLASSIFICATION OF INFRASTRUCTURESTYPES OF INFRASTRUCTURE SECURITYCLASSIFICATION OF INFRASTRUCTURE SECURITYCOMMON INFRASTRUCTURE SECURITYMALICIOUS SOFTWARE PROTECTION PROGRAMMALICIOUS SOFTWARE PROTECTION PROGRAMSPROTECTION FOR PHYSICAL EQUIPMENTPHYSICAL COMPUTER AND NETWORK EQUIPMENT PROTECTIONMETHODSAPPLICATION SECURITY HARDWARE HARDENINGAPPLICATION SECURITY HARDENINGTOOLS IN CYBERSECURITY AND INFORMATION SECURITYTHE TOOLS USED IN MITIGATE THE SECURITY ISSUESEXERCISESCOUNTERMEASURE IN CYBERSECURITY 97V
CONTENTSVIAUTHORS ’ BACKGROUND 2 2 6RISK IDENTIFICATION, RISK ANALYSIS, AND RISK MANAGEMENTINFORMATION ASSURANCE VS INFORMATION SECURITYIDENTIFY RISK IDENTIFICATIONINFORMATION ASSURANCE MANAGEMENTIDENTIFY THE 5 PILLARS OF INFORMATION ASSURANCEDESCRIBE PLAN DO CHECK ACT (PDCA) MODELPRACTICES, REGULATIONS AND PLAN INFORMATION ASSURANCESTRATEGYDESCRIBE LAWS AND REGULATIONSSECURITY AWARENESS AND TRAININGEXERCISESINFORMATION ASSURANCE MANAGEMENT 190T E S T 2 2 3RE F ERENCE S 2 2 5
CHAPTER 1INTRODUCTION TO CYBERSECURITY7
CHAPTER 1INTRODUCTION TO CYBERSECURITY1.1CYBERSECURITY FUNDAMENTALS1.2 SECURITY THREATS AND HAZARDS1.3 EXCERCISES8
VULNERABILITIES: Weaknesses or flaws in a system,network, or application that can be exploited by threats tocause damage or gain unauthorized access.RISK: The likelihood of a threat exploiting a vulnerability andcausing harm to a system, network, or organization. It is acombination of the probability of an attack and the potentialdamage it could cause.ATTACK: An attempt by a cybercriminal or hacker to compromise thesecurity of a system, network, or application. This could involvestealing data, damaging systems, or disrupting operations.1.1CYBERSECURITY FUNDAMENTALSDEFINITION OFCYBERSECURITYCybersecurity is the practice of protecting systems, networks, andprogramsfrom digital attacks.The act of securing and protecting individuals, businesses, organizations,and governmentsthat are connected to the internet and the web.DEFINITION OFCYBERSECURITY TERMSTHREAT: Any potential danger or event that can exploit vulnerabilities in asystem, network, or application to cause harm. Threats can be intentional(like a hacker) or unintentional (like a natural disaster).9
DEFINITIONInformation security isthepractice of protectinginformation to ensure the goalsof confidentiality, integrity, andavailability.EXAMPLEA company uses a firewall toblock unauthorized access andprotect itssensitive data fromcyber threats.ROLE IN ORGANIZATIONInformation security plays a vitalrole in an organization byprotecting its ability to function,enabling the safe operation of ITapplications,safeguarding bothorganizational and individualdata, and securing thetechnology it relies on.INFORMATIONSECURITY1.1CYBERSECURITY FUNDAMENTALSTYPES OFCYBERSECURITY STUDIES10
DEFINITIONNetwork security isthepractices, technologies, andpolicies designed to protect theintegrity, confidentiality, andavailability of computernetworks and the datatransmitted over them. Itinvolvessafeguarding both thehardware and softwarecomponents of a network fromthreatssuch ascyberattacks,unauthorized access, databreaches, and maliciousactivities.TYPEFirewallsWorkload securityNetwork security (Cisco)Network segmentationVPNAccesscontrolAnti-virus and anti-malware softwareApplication securityBehavioral analyticsCloud securityData loss preventionEmailsecurityIndustrial network securityMobile device securitySecurity information and eventmanagementWeb SecurityWirelesssecurityEXAMPLEA company uses encryption tosecure data transmitted overits network from hackers.NETWORKSECURITY1.1CYBERSECURITY FUNDAMENTALSTYPES OFCYBERSECURITY STUDIES (CONT.)11
APPLICATIONSECURITYDEFINITIONApplication security istheprocess of developing, adding,and testing security featureswithin applicationsto preventsecurity vulnerabilities againstthreatssuch as unauthorizedaccess and modification.EXAMPLEA bank securesits mobile app with two-factorauthentication to protect user accounts.TYPEAuthenticationAuthorizationEncryptionLoggingApplicationsecurity testingDEFINITIONThe process of protectingsensitive information andpreventing unauthorized accessby identifying potential threats,vulnerabilities, and risks withinan organization's operations.OPERATIONALEXAMPLE SECURITYAn organization restrictsemployee accesstosensitive files based ontheir job rolesto enhanceoperationalsecurity.1.1CYBERSECURITY FUNDAMENTALSTYPES OFCYBERSECURITY STUDIES (CONT.)12
DATA SECURITYDEFINITIONData security isthe practice ofprotecting digital informationfrom unauthorized access,corruption or theft throughoutits entire lifecycle.TYPEEncryptionData erasureData maskingData resilienceEXAMPLEA company encryptscustomer information to protect it fromunauthorized access.1.1CYBERSECURITY FUNDAMENTALSDEFINITION MOBILE SECURITYMobile device security referstobeing free from danger or risk ofan asset loss or data loss by usingmobile computers andcommunication hardware.THREATSPhishingMalware and ransomwareCryptojackingUnsecured wifiOutdated operating systemsExcessive applicationpermissionsEXAMPLEA usersets a fingerprint lock on theirsmartphoneto prevent unauthorized access.TYPES OFCYBERSECURITY STUDIES (CONT.)13
DEFINITIONCloud security is a discipline of cybersecurity dedicated to securing cloudcomputing systems.Thisincludes keeping data private and safe across online-based infrastructure,applications, and platforms. The cloud computing services may be locatedwithin the organization’s network or provided by serversthat belong to someother network and organization.Cloud computing components are secured fromtwo main viewpoints:Cloud service and Cloud environmentsEXAMPLEA cloud providerregularly updatesitssecurity patchesto fixvulnerabilities.CLOUD SECURITY PROTECTS VARIOUS COMPONENTSincluding physical networkslike routers and cables,data storage,servers, virtual machines, APIs, andruntime environments. It also safeguards data,software applications, and end-user devicessuch ascomputers, mobile phones, and IoT devices.CLOUD SECURITY1.1CYBERSECURITY FUNDAMENTALSTYPES OFCYBERSECURITY STUDIES (CONT.)14
1.1CYBERSECURITY FUNDAMENTALSGOALS OFINFORMATION SECURITYCONFIDENTIALITYDEFINITION:Confidentiality isto keep information privateorsecret. The protection of information, processes, orsystemsfrom intentional or accidental unauthorizedmodification. ONLY AUTHORIZED USERS CAN VIEWINFORMATION.METHOD: Role-Based AccessControl (RBAC)EXAMPLE: In a hospital, only assigned doctorscan accessa patient’s medical records using role-based accesscontrol.INTEGRITYDEFINITION: The validity of information or data. Theprotection of information, processes, orsystemsfromintentional or accidental unauthorized modification.ONLY AUTHORIZED USERS CAN CHANGE INFORMATION.METHOD: Integrity (Protects data) and Recovery Testing(Ensuressystemscan be restore)EXAMPLE: An accountant can edit financial records,while other employees have view-only accessto ensuredata integrity.15
1.1CYBERSECURITY FUNDAMENTALSGOALS OFINFORMATION SECURITY (CONT.)AVAILABILITYDEFINITION: The assurance thatsystems and data areaccessible by authorized users when needed. If we can’taccessthe data we need, when we need it, we are notsecure. INFORMATION IS ACCESSIBLE BY AUTHORIZEDUSERS WHENEVER THEY REQUEST THE INFORMATION.METHOD: Backup systems and redundant hardwareEXAMPLE: A company uses backup serversto keep itswebsite online during a hardware failure, ensuringavailability for users.AUTHENTICATIONDEFINITION: The processfor proving that users are whothey claim to be. The most common authenticationmethod issupplying a password.METHOD: authentication factors, One-time pins,Biometrics and Multi-factor authentication (MFA)EXAMPLE: A user logsin to their email account byentering a password and confirming a code sent to theirphone.16
AUTHORIZATIONDEFINITION: The process of giving someone permissionto do something after they've been identified. Once aperson proves who they are (authentication),authorization decides what they are allowed to do.METHOD: Role-Based AccessControl (RBAC) and AccessControlLists(ACLs).EXAMPLE: After logging in, a manager can accessemployee performance data, while regularstaff can onlyview their own records.Role-based accesscontrol (RBAC) refersto the idea ofassigning permissionsto users based on their role withinan organization. It offers a simple, manageable approachto access management that isless prone to error thanassigning permissionsto usersindividually.1.1CYBERSECURITY FUNDAMENTALSGOALS OFINFORMATION SECURITY (CONT.)17
ASPECT AUTHENTICATION AUTHORIZATIONDEFINITIONTHE PROCESS OFVERIFYING A USER'SIDENTITY (WHO THEYARE).THE PROCESS OFDETERMINING WHATACTIONS OR RESOURCES AVERIFIED USER CANACCESS.PURPOSETO CONFIRM THE USER ISWHO THEY CLAIM TO BE.TO GRANT OR RESTRICTACCESS TO RESOURCES ORFUNCTIONS.EXAMPLEA STUDENT SCANS THEIRFINGERPRINT TO ACCESSTHE UNIVERSITY PORTAL.AFTER LOGGING IN, THESTUDENT CAN ONLY VIEWTHEIR OWN GRADES, NOTOTHERS’.1.1CYBERSECURITY FUNDAMENTALSGOALS OFINFORMATION SECURITY (CONT.)18
NON-REPUDIATIONDEFINITION: To ensure that all actionscarried out in acomputersystem can be associated with a specific user,each user must have a unique identifier. Making surethatsomeone can't deny they did something.METHOD: Digitalsignatures, audit logs, and user IDs.EXAMPLE: A usersubmits an online form using theirdigitalsignature, which recordstheir identity andpreventsthem from denying the submission later.In digital forensics, non-repudiation issoimportant that digitalsignaturescan legally holdthe same weight as handwritten ones—meaninga signed email or file can be used assolidcourtroom evidence to prove who did what andwhen!1.1CYBERSECURITY FUNDAMENTALSGOALS OFINFORMATION SECURITY (CONT.)19
Did you know that AccessControlLists(ACLs) notonly control who can access a resource but alsospecify what actions,such asread, write, orexecute, each user is allowed to perform?ACCOUNTINGDEFINITION: The process of associating an action with auser for later reporting or analysis when done properly,must include non-repudiation.METHOD: Audit logs,system activity tracking, and usersession records.EXAMPLE: A system recordsthe time and actions of a userwho accessed and modified a file, providing a log forfuture review.1.1CYBERSECURITY FUNDAMENTALSGOALS OFINFORMATION SECURITY (CONT.)20
Malicious Hackers: Break intosystemsfor illegal or harmfulpurposes, like stealing data orcausing damage.Ethical Hackers: Helporganizationsfindweaknessesin theirsystemsto fix them.People who use their technicalskillsto explore,understand, or manipulate computersystems,networks, orsoftware.H A C K E R S1.1CYBERSECURITY FUNDAMENTALSDESCRIBE ATTACKERS AND HACKERS21
ASPECT ATTACKERS THREAT ACTORSDEFINITIONINDIVIDUALS WHO PERFORMMALICIOUS ACTIONS TODAMAGE, STEAL, ORDISRUPT SYSTEMSINDIVIDUALS, GROUPS, ORORGANIZATIONS THATCONDUCT OR SUPPORTMALICIOUS CYBERACTIVITIESROLEEXECUTE SPECIFIC ATTACKSON TARGETED SYSTEMS ORNETWORKSPLAN,FUND, ORGANIZE, OREXECUTE CYBER OPERATIONSTO ACHIEVE A GOALEXAMPLEA TEENAGER HACKING INTO ASCHOOL WEBSITE TO CHANGEGRADESA CYBER CRIMINAL GROUPTHAT CREATESRANSOMWARE AND SELLS ITTO OTHERSAT TA C K E R ST H R E ATA C T O R S1.1CYBERSECURITY FUNDAMENTALSDESCRIBE ATTACKERS AND HACKERS (CONT.)22
1.1CYBERSECURITY FUNDAMENTALSA WHITE HAT HACKERAlso known as an ethical hacker, is a cybersecurityprofessional who uses tools to test and fix systemweaknesses. They help protect against attacks by findingand fixing vulnerabilities before criminals do, creatingsecurity tools like firewalls and antivirus software, andworking to improve overall system security. Many areresearchers or educators who study threats to helpothersstay safe online.A BLACK HAT HACKERIndividuals or groups who engage in hacking formalicious purposes, such as stealing sensitiveinformation, impersonating others, disrupting systems,or causing harm. They exploit vulnerabilities withoutpermission and often have criminal intentions. Theydevelop and use special software to exploitvulnerabilities but do not disclose them toadministrators. They may promote free and open use ofcomputing resources oversecurity.DESCRIBE ATTACKERS AND HACKERS (CONT.)23
1.1CYBERSECURITY FUNDAMENTALSDESCRIBE ATTACKERS AND HACKERS (CONT.)A GREY HAT HACKERHackers with average abilities who might become blackhat or white-hat hackers. There is no generally agreedupon definition. They may identify but not exploitvulnerabilities, possibly expecting a reward for notopenly disclosing them. They sometimes charge a fee tofix bugs, strengthen security, or providerecommendations/toolsto patch vulnerabilities.A RED HAT HACKERAn ethical hacker who uses their skills to protect systemsand networks from malicious attacks. They focus ontaking down or stopping black hat hackers usingaggressive tactics. While their intentions are noble, theirmethods can be controversial, potentially crossingethical lines by employing techniques similar to black hathackers.24
1.1CYBERSECURITY FUNDAMENTALSA GREEN HAT HACKERAlso known as a newbie,\"noob,\" or neophyte, they aretypically young individuals seeking acceptance in thehacker world. Driven and obsessed with learning, theirintent is usually not malicious; they aim to learn aboutcybersecurity and contribute positively.A BLUE HAT HACKERAlso known as a Blue Team, these hackers have acybersecurity background and are invited byorganisations to test systems for vulnerabilities beforeproduct launches or major updates. Similar to white hathackers, they are usually external to the organisation,providing an unbiased assessment.SUICIDE HACKERThese hackers operate with a crucial purpose and areunafraid of consequences, such as legal repercussions orlong-term jail. They may act for good or bad reasons intheir own way.DESCRIBE ATTACKERS AND HACKERS (CONT.)25
SCRIPT KIDDIESAmateur hackers who lack the technical skills to createtheir own hacking programs or sophisticated attacks (e.g.,SQL injections), so they use scripts created by others.Despite being novices, they are dangerous as they oftendon't fully understand the damage their pre-createdprograms can inflict. They are unprofessional hackers whouse downloaded tools and focus on the quantity ratherthan quality of attacks.CYBERTERRORISTSUse hacking to disrupt a country’s infrastructure ornetworks to advance an ideology. They can burden criticalsystems (electricity, finance, transportation) or spreadfear, misinformation, or propaganda. They often financetheir agenda by extorting cryptocurrency.1.1CYBERSECURITY FUNDAMENTALSDESCRIBE ATTACKERS AND HACKERS (CONT.)26
HACKTIVISTHackers who engage in cyber activities to promote apolitical or social cause. They use hacking techniques toraise awareness, protest, or advocate their belief. Theiractions can range from leaking sensitive information todefacing websites, and their methods may be legal orillegal depending on the circumstances.STATE-SPONSORED HACKEREmployed by governments to hack rival governments'systems.Like soldiers in digital warfare, they may monitorthreats or steal confidential information. Althoughtechnically illegal, they operate with a degree of impunitydue to government backing.1.1CYBERSECURITY FUNDAMENTALSDESCRIBE ATTACKERS AND HACKERS (CONT.)27
TEST YOUR KNOWLEDGEIdentify the best describes the difference betweenauthentication and authorization?A. Authentication confirms who the user is, while authorization determineswhat the user can access.B. Authentication determines what the user can access, while authorizationconfirmsthe user’sidentity.C. Both authentication and authorization mean verifying the user’sidentity.D. Authentication and authorization are the same process.Select the correctstatement about hackers?A. White Hat Hackers exploitsystemsfor personal gain.B. Black Hat Hackersfix vulnerabilities with permission.C. White Hat Hackers are ethical and help improve security.D. Black Hat Hackersreport vulnerabilitiesto administrators.28
ANSWERSIdentify the best describes the difference betweenauthentication and authorization?A. Authentication confirms who the user is, while authorization determineswhat the user can access.B. Authentication determines what the user can access, while authorizationconfirmsthe user’sidentity.C. Both authentication and authorization mean verifying the user’sidentity.D. Authentication and authorization are the same process.Select the correctstatement about hackers?A. White Hat Hackers exploitsystemsfor personal gain.B. Black Hat Hackersfix vulnerabilities with permission.C. White Hat Hackers are ethical and help improve security.D. Black Hat Hackersreport vulnerabilitiesto administrators.29
In contrast to threats, a vulnerability refers to thedegree of weakness present in a network or adevice. These weaknesses can stem from variousissues, including poor design, configurationmistakes, or the use of inappropriate and insecurecoding techniques. It is important to acknowledgethat some level of vulnerability is inherentlypresent in various devices, such as routers,switches, desktops, servers, and even dedicatedsecurity devices.DEFINITION OF VULNERABILITIESDEFINITION OF THREATSA threat is defined as any potential occurrence,malicious or otherwise, that could harm an asset.Essentially, it represents any negative event that couldimpact your assets. More specifically, a threat is anevent capable of exploiting a vulnerability, leading to anegative impact on a network. To minimise the riskposed by threats, it is necessary to identify potentialthreats to the network and address relatedvulnerabilities.1.2 SECURITY THREATS AND HAZARDS30
An attack is an action that exploits a vulnerabilityor enacts a threat. Examples of attacks includesending malicious input to an application orflooding a network in an attempt to deny service.A related concept is an Attack Vector, which is amethod or technique employed by a hacker togain access to another computing device ornetwork. The purpose of an attack vector is oftento inject \"bad code,\" commonly referred to as apayload.DEFINITION OF ATTACKDEFINITION OF RISKSRisk represents the likelihood or potential for exposureor loss resulting from a cyberattack or data breach onan organisation. Managing risk involves the crucialprocess of identifying potential threats andvulnerabilities within an organisation's digital systemsand networks.1.2 SECURITY THREATS AND HAZARDS31
MALICIOUS CODEDEFINITIONSoftware written with maliciousintentEXAMPLEA computer virus.METHODInserting a selfreplicating andharmful piece of codeinto a computersystem or file.MALICIOUSSOFTWAREDEFINITIONRefersto any software orprogram that isintentionallydesigned to cause harm, exploitvulnerabilities, or performharmful actions on a computersystem, network, or deviceEXAMPLERansomware,Spyware, or aTrojan horse.METHODExploiting securityweaknesses(vulnerabilities) togain unauthorizedaccess, damage data,or disruptsystemoperations1.2 SECURITY THREATS AND HAZARDSTYPES OF SECURITY THREATS AND HAZARDS32
HACKINGDEFINITIONRefersto the misuse of deviceslike computers,smartphones, tablets, and networksto causedamage to or corruptsystems, gather informationon users,steal data and documents, or disrupt datarelated activity.EXAMPLEA network intrusion to stealcustomer records.DDoS attackKeyloggersNATURALDISASTERDEFINITIONA natural disaster is an eventcaused by natural forcesthatcan damage the environment,people, physical infrastructureand disrupt operations, posingrisksto data and systemsEXAMPLEEarthquakes, floods,hurricanes.Causes physical damageto IT infrastructure (e.g.,servers, wiring) or poweroutagesleading to dataloss/system downtime1.2 SECURITY THREATS AND HAZARDSTYPES OF SECURITY THREATS AND HAZARDS (CONT.)33
THEFTDATA THEFT DEFINITIONThe act ofstealing digital information stored oncomputers,servers, or electronic devicesto obtainconfidential information or compromise privacyEXAMPLEPhishing or unauthorized accessto databasesto steal data.CYBERTHEFT DEFINITIONWhen a criminal usesthe internet to steal thepersonal or financial data of a victim with the intentto use that information for criminal purposes1.2 SECURITY THREATS AND HAZARDSTYPES OF SECURITY THREATS AND HAZARDS (CONT.)34
1.2 SECURITY THREATS AND HAZARDSSOURCES OF SECURITY THREATSEXTERNALDEFINITION: Can arise from individuals or organizationsworking outside of a company. They do not haveauthorized accessto the computersystems or network.METHOD: Work their way into a network mainly from theInternet or dialup accessservers.EXAMPLE: Hackers, cybercriminals, or foreigngovernments trying to breach a company's network tosteal information or cause damage.INTERNALDEFINITION: Occur when someone has authorized accessto the network with either an account on a server orphysical accessto the network.METHOD: Internal Vulnerability Assessments and Audits(such as reviewing user permissions, configurations, andapplication source code) from within an organization'snetwork to uncover logical flaws that an authorized usercould exploit for malicious purposesEXAMPLE: An employee who intentionally orunintentionally exposes sensitive information orsabotages systems, or a disgruntled worker who stealsdata.35
1.2 SECURITY THREATS AND HAZARDSSOURCES OF SECURITY THREATS (CONT.)UNSTRUCTUREDDEFINITION: Unstructured threats consist of mostlyinexperienced individuals using easily available hacking toolssuch as shell scripts and password crackers. They are randomand usually the result of an attacker identifying a vulnerabilityby scanning the network looking for\"targets of opportunity.\"METHOD: Executed with the intent of testing and challenging ahacker'sskills.Can still do serious damage to a company.EXAMPLE: Script kiddies using pre-made hacking tools toattack a system without a specific target in mind, such asbreaking into a website just to cause trouble, without a wellthought-out plan.STRUCTUREDDEFINITION: Threats that are well-planned and carriedout by skilled attackers, such as organized criminalgroups. They are usually targeted, sophisticated, andplanned in detail.METHOD: Know system vulnerabilities and canunderstand and develop exploit code and scripts.EXAMPLE:A highly skilled hacker group systematicallyattacking a government network to steal classifiedinformation, or a cybercrime gang targeting a financialinstitution for a large-scale data breach.36
TEST YOUR KNOWLEDGEA specific type of Malicious Software that is designed to encrypt a victim'sfiles and demand a ransom, rather than simply being a piece of selfreplicating maliciouscode, is:A.Computer VirusB.Logic BombC. RansomwareD. Trojan HorseSkilled attackers who are highly motivated, technically competent, knowsystem vulnerabilities, and plan their attacksin detail define a threat thatis:A. UnstructuredB. InternalC. StructuredD. Non-Targeted37
ANSWERSA specific type of Malicious Software that is designed to encrypt a victim'sfiles and demand a ransom, rather than simply being a piece of selfreplicating maliciouscode, is:A.Computer VirusB.Logic BombC. RansomwareD. Trojan HorseSkilled attackers who are highly motivated, technically competent, knowsystem vulnerabilities, and plan their attacksin detail define a threat thatis:A. UnstructuredB. InternalC. StructuredD. Non-Targeted38
CHAPTER 11.3 EXERCISES39
FUN EXCERCISE40
CHAPTER 2METHODS OF SECURITY ATTACKS41
CHAPTER 22.1 SECURITY ATTACKS2.2 TYPES OF SOCIAL ENGINEERING2.3 CYBER KILL METHODOLOGY2.4 EXERCISESMETHODS OF SECURITY ATTACKS42
2.1 SECURITY ATTACKSDEFINITION OF ATTACKAn attempt by a cybercriminal or hacker to compromise the security of asystem, network, or application. This could involve stealing data, damagingsystems, or disrupting operations.DEFINITION OF AN ATTACKERIndividuals also known as a hacker whospecifically carry out harmful actions ona system or network with the intentionto cause damage, steal information, ordisruptservices.DEFINITION OF SECURITY ATTACKSecurity attacks, also known as cyber threats or cyber attacks, are deliberateattempts by hackers to breach the security of computers, networks, orsystemsto steal, alter, or destroy sensitive data.The word \"hacker\" used to mean someone who was good atcomputers and liked solving problems. But in the 1980s, itstarted to mean someone who breaks into systems to steal dataor cause damage. Now, we call bad hackers black hats, good oneswhite hats, and those in between gray hats.43
FabricationDefinition: Refers to the act of creating falseinformation or data that appearslegitimate.Example: Create fake data, messages, ortransactionsto mislead systems or users.InterceptionsDefinition: Involves capturing data orcommunications while they are beingtransmitted over a network, usually with theintent to listen in or gather sensitiveinformation.Example: A hacker intercepts unencrypted emailcommunications to steal sensitive informationsuch as passwords or financial details.InterruptionsDefinition: Refer to the disruption or stopping ofa system orservice.Example: A denial-of-service (DoS) attack thatfloods a website with traffic, causing it to crashand become unavailable to users.ModificationDefinition: Refer to unauthorized changes madeto data,software, orsystems.Example: A hacker changing the contents of afinancial transaction to redirect funds to theiraccount.2.1 SECURITY ATTACKSCATEGORIES OF ATTACK44
2.1 SECURITY ATTACKSCLASSIFICATION OF SECURITY ATTACKSA. PASSIVE ATTACKThe attacker does not make changes to the system but ratherdoes such things as eavesdropping or monitoring actual datatransmissions.B. ACTIVE ATTACKAn active attack is a physical intrusion that involvesmodifying the data stream or attempting to gainunauthorized accessto computer and networking systems.C. INSIDER ATTACKAn insider attack is an attack from inside users, who usetheir access credentials and knowledge of the network toattack the target machines.D. DISTRIBUTION ATTACKDistribution attacks happen when hackers secretly add backdoors tohardware or software during the manufacturing process. Later, whenthe device or software is used, they can use the backdoor to break inand launch attacks.45
TEST YOUR KNOWLEDGEChoose an example of a passive attack.A.Changing the contents of a message in transitB. Monitoring unencrypted data sent over the networkC. Installing a virus on a user’scomputerD. Using stolen credentialsto log into a systemIdentify the option that BEST describes an insiderattack.A. A hacker installs malware through a phishing email.B. A cybercriminal eavesdrops on network traffic without authorization.C. An employee misusestheir accessrightsto stealsensitive data.D. A virusis added to a software application during manufacturing.46