Cyber Attacks and Cyber Crime Flashcards
What is cyber security
body of
- technologies
- processes
- practices
designed to protect
- networks
- computers
- data
- programs
from
- attack
- damage
- unauthorized access
What are the key cyber security topics/ branches
application info network disaster recovery/business contuinity planning end-user education
What is cyber crime
criminal activities
facilitated or committed by
use of computer or against a computer
What is cyberspace? What are the terms
global computer network
links people, machines,sources of info in the world
one can move and navigate as through virtual space
pervasive computing = Internet of things!
ubiquitous computing = always on, anytime anywhere
when there is money, the criminals come
What are the impact of cyber crime?
losses
- money (some and lots)
- time
- reputation
- privacy
- secrets
- war
What are the schemes of cyber attack
criminal attacks
- scams (email scam, bogus auction)
- fraud (eCommerce fraud)
- extortion (ransomeware, scareware)
- intellectual property attack (piracy, unauthorized copying from another site)
- identity theft
- brand theft
- digital forgery (fake emails, fake university)
privacy violation
- targeted (stalking, industrial espionage)
- data harvesting (massive data collected without authorization —-> use coorelation —> derive behavioural information)
- surveillance
- traffic analysis (comm patterns)
publicity attacks: tarnish a person/org reputation
- web defacement
- DOS attack
- slander mass emails
internet banking attack wifi attack APT (advanced persistent threat) attacks Lost or stolen USB, notebooks, smart phones spam server breach espionage, wikileaks ATM attack, power failure
What are the tools of cyber crime?
malware (crimeware)
- worms
- virus (logic bomb (timed virus)
- trojan horse –> RAT
- ransomware
SQL URL manipulation Trojan (Spyeye) spyware spearphising USB attack man in the middle
disguise it as (game, porn, email, fake anti-virus software)
cold boot attack
USB
Gadgets pre installed with bugs
Why is malware so strong now?
anti-virus signature not working (freeware ones just as good)
- encryption
- zero day attack
- trick you to install
rapid creation of new malware
- built each day, designed for you (automated customization via Crimeware
What is an USB attack?
USB/ dvd etc.
victim plug into computer
infection starts
how?
- malicious content (bad pdf)
- CDFS autostart (no longer)
- exe renamed as image file
- infected exectuable
- web content that take you to malicious website
What is a virus
self replicating program
spreads by inserting copies of itself into other executable code or documents.
What is a trojan horse. What is a RAT
computer program
leave infected computer open for hackers to gain access. (backdoor)
RAT: embedded in normal software (fool user it is benign)
hidden and insidious (tool to steal your information)
NOT A VIRUS (does not proliferate)
What can a RAT do
Manipulate stuff
- download webcode
- turn off anti virus
- modify data
- exploits known vulnerabilities
Steal info
- allows other access –> drop more malware
- steals info
- keylogging
What are the eCommerce risks?
RISK TO VISITORS
Malicious/ false websites
- steal visitor ID and passwords
- credit card info
- monitor visitor activity (man in the middle)
- hard drive spying
internet vendors and ISP sell without authorisation
- customer data
- personal data (credit card, bank accounts, email add), underground economy servers
- Data harvesting and behavioural tracking using cookies
RISK TO VENDORS
- Customer impersonation (get product without paying, create negative publicity )
- DOS
- web defacement
Where do Insider Risk come from
former employees who were fired or laid off
current employees: angry frustrated, want to dmg
mistake of employee
industrial espionage
Who are the bad guys/adversaries
hackers and crackers lone criminals/ organised crime terrorist national intelligence agencies military cyber units information warriors malicious insiders and disgruntled employees industrial espionage press (online/ offline) pranksters extortionist
What is a ransomware? How is it downloaded?
malware which holds computer system/ data
hostage against its user
demand ransom for restoration
files get encrypted/system will not boot corretly
What are the motivations for cyber attacks?
money (ransomware)
political goals
for a cause
