Cybersecurity

Cyberattacks will cost >$8T in 2023

There are only two types of companies: those that have been hacked and those that will be hacked
— Robert Mueller. Former FBI Director

Top 5 Skills to get into cybersecurity

  1. VMs (Building and using Virtual Machines)
  2. Learn Command line interface, Shell (Bash)
  3. System Administration
  4. Computer networking (OSI)
  5. Personal digital security
  6. Read IBM XForce Threat Intelligence Index 2024

Check if your web application is vulnerable

Glossary

Cybersecurity (or security): The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation

Cloud security: The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users

Internal threat: A current or former employee, external vendor, or trusted partner who poses a security risk

Network security: The practice of keeping an organization's network infrastructure secure from unauthorized access

Personally identifiable information (PII): Any information used to infer an individual’s identity

Security posture: An organization’s ability to manage its defense of critical assets and data and react to change

Sensitive personally identifiable information (SPII): A specific type of PII that falls under stricter handling guidelines

Technical skills: Skills that require knowledge of specific tools, procedures, and policies

Threat: Any circumstance or event that can negatively impact assets

Threat actor: Any person or group who presents a security risk

Transferable skills: Skills from other areas that can apply to different careers

Adversarial artificial intelligence (AI): A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently

Business Email Compromise (BEC): A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage

CISSP: Certified Information Systems Security Professional is a globally recognized and highly sought-after information security certification, awarded by the International Information Systems Security Certification Consortium

Computer virus: Malicious code written to interfere with computer operations and cause damage to data and software

Cryptographic attack: An attack that affects secure forms of communication between a sender and intended recipient

Hacker: Any person who uses computers to gain access to computer systems, networks, or data

Malware: Software designed to harm devices or networks

Password attack: An attempt to access password secured devices, systems, networks, or data

Phishing: The use of digital communications to trick people into revealing sensitive data or deploying malicious software

Physical attack: A security incident that affects not only digital but also physical environments where the incident is deployed

Physical social engineering: An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

Social engineering: A manipulation technique that exploits human error to gain private information, access, or valuables

Social media phishing: A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack

Spear phishing: A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source

Supply-chain attack: An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

USB baiting: An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network

Virus: refer to “computer virus”

Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Watering hole attack: A type of attack when a threat actor compromises a website frequently visited by a specific group of users

Asset: An item perceived as having value to an organization

Availability: The idea that data is accessible to those who are authorized to access it

Compliance: The process of adhering to internal standards and external regulations

Confidentiality: The idea that only authorized users can access specific assets or data

Confidentiality, integrity, availability (CIA) triad: A model that helps inform how organizations consider risk when setting up systems and security policies

Hacktivist: A person who uses hacking to achieve a political goal

Health Insurance Portability and Accountability Act (HIPAA): A U.S. federal law established to protect patients' health information

Integrity: The idea that the data is correct, authentic, and reliable

National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF): A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

Privacy protection: The act of safeguarding personal information from unauthorized use

Protected health information (PHI): Information that relates to the past, present, or future physical or mental health or condition of an individual

Security architecture: A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats

Security controls: Safeguards designed to reduce specific security risks

Security ethics: Guidelines for making appropriate decisions as a security professional

Security frameworks: Guidelines used for building plans to help mitigate risk and threats to data and privacy

Security governance: Practices that help support, define, and direct security efforts of an organization

Sensitive personally identifiable information (SPII): A specific type of PII that falls under stricter handling guidelines

Antivirus software: A software program used to prevent, detect, and eliminate malware and viruses

Database: An organized collection of information or data

Data point: A specific piece of information

Intrusion detection system (IDS): An application that monitors system activity and alerts on possible intrusions

Linux: An open-source operating system

Log: A record of events that occur within an organization’s systems

Network protocol analyzer (packet sniffer): A tool designed to capture and analyze data traffic within a network

Order of volatility: A sequence outlining the order of data that must be preserved from first to last

Programming: A process that can be used to create a specific set of instructions for a computer to execute tasks

Protecting and preserving evidence: The process of properly working with fragile and volatile digital evidence

Security information and event management (SIEM): An application that collects and analyzes log data to monitor critical activities in an organization

SQL (Structured Query Language): A query language used to create, interact with, and request information from a database

Attacks by industry

Attacks by industry

API security

API security

6 most common API Security issues

  1. Broken Authentication
  2. Sensitive Data/Key Exposure
  3. Injection Attacks
  4. Man in the Middle Attack
  5. DoS/DDoS Attack
  6. Insecure Communication

Hidden sites that hackers use

Privacy.com: Fake bank card
Privnote: Send ephemeral message
Tempmail: Disposable Temporary Email
Virus Total: Know if file infected
NoMoreRansom: decrypt encrypted file
Tunnel Bear: Free VPN
Anti Spam: RSPAMD
watermarkly: free watermark (single-use doc)
Filigrane.gouv: free watermark (single-use doc, French 🇫🇷)

Market predictions

Article: https://mck.co/3Zw68Sc

Security-related data concerns keep CEOs up at night:
While 54% of government/regulators are demanding more data transparency and accountability around data security and privacy
Only 55% of CEOs are confident their organization has the ability to accurately and completely report the information stakeholders demand around data security and privacy

94% of executives say it is important to secure AI solutions before deployment.
Yet only 24% of their generative AI projects will include a cybersecurity component within the next six months.

Organizations with fully deployed security AI and automation have experienced an average reduction of $3M in data breach costs.

cybersecurity market

Common cybersecurity careers

Entry-level:
· Cybersecurity specialist (Perform essential duties, such as network security, vulnerability assessments and intrusion detection)
· Cybercrime analyst (Understand how malware compromises a system and the methodologies behind digital forensics)
· Incident analyst (Understand security operations and a range of technical and communication skills)
· IT auditor (Understand internal auditing procedures, risk assessments and compliance requirements).

Mid-level:
· Cybersecurity analyst (Implement more complex aspects of security, including security operations, cyber threat analysis and cryptography)
· Cybersecurity consultant (Evaluate and communicate an organization's cybersecurity risk and how it relates to security standards and frameworks)
· Penetration tester (Understand pentesting methodologies and vulnerability assessments, exploiting systems and communicating findings)

Advanced:
· Cybersecurity manager (Advanced understanding of information security concepts, security operations and information assurance as well as project and risk management)
· Cybersecurity engineer (Advanced understanding of information security principles, including network security, authentication, cryptography, and project and risk management)
· Cybersecurity architect (Advanced understanding of technical security as well as a thorough understanding of systems development and project and risk management).

Best Cyber Security Certifications

  1. CEH: Certified Ethical Hacker
  2. CISM (Certified Information Security Manager)
  3. COmpTIA Security+
  4. CISSP (Certified Information Systems Security Professional)
  5. GSEC: GIAC Security Essentials
  6. ECSA: EC-Council Certified Security Analyst
  7. GPEN: GIAC Penetration Tester
  8. SSCP: Systems Security
  9. Certified Practitioner
  10. CRISC: Certified in Risk and Information System Control
  11. CISA: Certified Information Systems Auditor

Common attacks and their effectiveness

Previously, you learned about past and present attacks that helped shape the cybersecurity industry. These included the LoveLetter attack, also called the ILOVEYOU virus, and the Morris worm. One outcome was the establishment of response teams, which are now commonly referred to as computer security incident response teams (CSIRTs). In this reading, you will learn more about common methods of attack. Becoming familiar with different attack methods, and the evolving tactics and techniques threat actors use, will help you better protect organizations and people. Phishing

Phishing is the use of digital communications to trick people into revealing sensitive data or deploying malicious software.

Some of the most common types of phishing attacks today include:

Business Email Compromise (BEC): A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage.

Spear phishing: A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source.

Whaling: A form of spear phishing. Threat actors target company executives to gain access to sensitive data.

Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.

Smishing: The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source.

Malware

Malware is software designed to harm devices or networks. There are many types of malware. The primary purpose of malware is to obtain money, or in some cases, an intelligence advantage that can be used against a person, an organization, or a territory.

Some of the most common types of malware attacks today include:

Viruses: Malicious code written to interfere with computer operations and cause damage to data and software. A virus needs to be initiated by a user (i.e., a threat actor), who transmits the virus via a malicious attachment or file download. When someone opens the malicious attachment or download, the virus hides itself in other files in the now infected system. When the infected files are opened, it allows the virus to insert its own code to damage and/or destroy data in the system.

Worms: Malware that can duplicate and spread itself across systems on its own. In contrast to a virus, a worm does not need to be downloaded by a user. Instead, it self-replicates and spreads from an already infected computer to other devices on the same network.

Ransomware: A malicious attack where threat actors encrypt an organization's data and demand payment to restore access.

Spyware: Malware that’s used to gather and sell information without consent. Spyware can be used to access devices. This allows threat actors to collect personal data, such as private emails, texts, voice and image recordings, and locations.

Social Engineering

Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. Human error is usually a result of trusting someone without question. It’s the mission of a threat actor, acting as a social engineer, to create an environment of false trust and lies to exploit as many people as possible.

Some of the most common types of social engineering attacks today include:

Social media phishing: A threat actor collects detailed information about their target from social media sites. Then, they initiate an attack.

Watering hole attack: A threat actor attacks a website frequently visited by a specific group of users.

USB baiting: A threat actor strategically leaves a malware USB stick for an employee to find and install, to unknowingly infect a network.

Physical social engineering: A threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.

Social engineering principles

Social engineering is incredibly effective. This is because people are generally trusting and conditioned to respect authority. The number of social engineering attacks is increasing with every new social media application that allows public access to people's data. Although sharing personal data—such as your location or photos—can be convenient, it’s also a risk.

Reasons why social engineering attacks are effective include:

Authority: Threat actors impersonate individuals with power. This is because people, in general, have been conditioned to respect and follow authority figures.

Intimidation: Threat actors use bullying tactics. This includes persuading and intimidating victims into doing what they’re told.

Consensus/Social proof: Because people sometimes do things that they believe many others are doing, threat actors use others’ trust to pretend they are legitimate. For example, a threat actor might try to gain access to private data by telling an employee that other people at the company have given them access to that data in the past.

Scarcity: A tactic used to imply that goods or services are in limited supply.

Familiarity: Threat actors establish a fake emotional connection with users that can be exploited.

Trust: Threat actors establish an emotional relationship with users that can be exploited over time. They use this relationship to develop trust and gain personal information.

Urgency: A threat actor persuades others to respond quickly and without questioning.

Common types of Wireless Attacks

  • Packet Sniffing
  • Rogue Access Point
  • Jamming
  • Evil Twin
  • War Driving
  • Bluejacking
  • Bluesnarfing
  • War chalking
  • WPS Attack

As data from the open-access database of the European Repository of Cyber Incidents shows, the sector most targeted by malevolent actors with a political agenda, is critical infrastructure.

Critical infrastructure

Social Engineering Attacks

Phishing: Ransomware, Shoulder Surfing, Reverse Social Engineering, Fake Software
Baiting: Impersonation on Help Desk, Quid Pro Quo, Online Social Engineering, Pharming
Pretexting: Diversion Theft, Pop-Up windows, Phone Social Engineering, SMSishing
Tailgating: Dumpster Diving, Robocalls, Stealing Important Documents, Whitelisting flow

Threat Exposure Management

Threat Exposure Management helps reduce risk by providing actioned visibility into the organizational security posture, preventing attacks, and quickly communicating potential threats. A well-implemented TEM strategy can help businesses and governments stay ahead of cybercriminals while optimizing their security investments based on real-time threat intelligence

Key Components of TEM
※ Continuous Monitoring: Regularly assessing your organization's external attack surface to identify potential vulnerabilities and validate exposure to digital risk.
※ Vulnerability Prioritization: Analyzing existing security controls and determining which ones need improvement or replacement based on the potential impact they have on your overall security posture.
※ Mobilization & Remediation Planning: Developing strategies for addressing identified risks through targeted remediation efforts or proactive measures such as simulated or emulated attacks.
※ Risk Communication: Ensuring all stakeholders are aware of current threats and understand how they affect the organization's expanding attack surface so that everyone can contribute to maintaining robust cybersecurity practices.

Security and Privacy Controls

Management: Awareness Training, Personnal security, Planning, Risk Assessment, System and Services Acquisition
Privacy: Authority, Data Accountability, Audit and Risk Management, Data Minimization, Data quality & Integrity, Data security, Data Use Limitation, Individual Participation
Operational: Certification, accreditation and security assessment, Contingency Planning, Contingency Planning, Incident Response, Maintenance, Media Protection, Physical Protection and Environmental
Technical Controls: Access Control, Audit & Accountability, Configuration Management, Identification & Authentification, System and communication protection, System and Information Integrity

Top Web Application Security Risks

  • Injection
  • Broken authentication
  • Sensitive data exposure
  • XML external entities (XXE)
  • Broken access control
  • Security misconfiguration
  • Cross-site scripting (XSS)
  • Insecure deserialization
  • Using components with known vulnerabilities
  • Insufficient logging & monitoring

Abbreviations Used in IT security

  • XSS - Cross-site Scripting
  • DOS - Denial of Services
  • DoS - Distributed Denial Of Services
  • IPSec - Internet Protocol Security
  • SSE - Server Side Encryption
  • TLS - Transport Layer Security
  • CSP - Content Security Policy
  • CBSP - Cloud-based Security Providers
  • AES - Advanced Encryption System
  • MFA - Multi-Factor Authentication
  • WAF - Web Application Firewall
  • STS - Security Token Service
  • RAT - Remote Administration Tool
  • SPF - Sender Policy Framework
  • CVSS - Common Vulnerability Scoring System
  • SAST - Static Application Security Testing
  • DAST - Dynamic Application Security Testing
  • WAP - Web Application Protection
  • SCD - Source Code Disclosure
  • DSA - Digital Signature Algorithm
  • DES - Data Encryption Standard

How does HTTPS work?

Port used by HTTPS by default => 443.

How HTTPS works
HTTPSHTTP
SecureUnsecure
SSL CertifiedNot certified
Transport LayerApplication Layer
RecommendedNot recommended

Password cracking techniques

  • Phishing
  • Social Engineering
  • Rainbow table
  • Malware
  • Shoulder Surfing
  • Spidering
  • Dictionary
  • Brute force
  • Guessing

Password

Type of Computer Viruses

  • File-infecting virus
  • Macro virus
  • Browser hijacker
  • Web Scripting virus
  • Boot sector
  • Polymorphic virus
  • Resident virus
  • Multipartite virus

Types Of Malware

Malware is malicious software intentionally created to cause harm or damage to a person or organisation. It can be delivered through different means, such as email attachments, fake links, and ads, and can be found on various websites. Malware has the objective of compromising computer systems and networks, for the purpose of stealing valuable information or money. A single mistaken click from an employee can allow malware to infiltrate a system and activate its harmful program.

  • Virus (spreads with your action)
  • Trojan (disguised as legitimate software)
  • Worms (spreads automatically)
  • Spyware (monitors your activity)
  • Rootkit (hides deep within your computer)
  • Adware (maliciously serves you ads)
  • Exploit Kit / Fileless malware (hunts software vulnerabilities)
  • Ransomware (blocks access to your files/ computer)
  • Malvertising
  • Bots or Botnets
Sources Of Malware
  • Email attachments
  • Malicious websites
  • Clicking fake pop-ups
  • Social engineering
  • Unpatched software
  • Free / pirated software
Prevention and mitigation
  • Antivirus software
  • Employee training and awareness
  • Regular backups
  • Keep computer and software updated
The effects of malware
  • Loss of sensitive information
  • Disruption of operations
  • Damage to reputation
  • Financial losses

Tools to be anonymous

Virtual Box, Tor Browser, Proxy Servers, DuckDuck Go, VPN, Telegram

OSI layers and attacks

  • Application: Exploit
  • Presentation: Phishing
  • Session: Hijacking
  • Transport: reconnaissance
  • Network: MITM
  • Data Link: Spoofing
  • Physical: Sniffing

Massive Cyber Attacks

  • DDoS Attack
  • Phishing
  • Backdoor
  • MITM
  • SQL Injection
  • Ransomware

Types of cyber attacks

How to prevent DoS and DDoS attacks

Network Monitoring: test your network with a few packets before launching the full attack.
Test Run DoS attacks: simulate DDoS attacks against your own network.
Post-attack response: create a plan

WHAT IS DoS?WHAT IS DDoS?
In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network.A DDoS attack is one of the most common types of DoS attack in use today. During a DoS attack, multiple systems target a single system with malicious traffic. By using multiple locations to attack the system the attacker can put the system offline more easily.

Top Open Source intelligence tools used in cybersecurity

  1. OSINT Framework
  2. CheckUserNames
  3. HavelbeenPwned
  4. BeenVerified
  5. Censys
  6. Built With
  7. Google Dorks
  8. Maltego
  9. Recon-Ng
  10. theHarvester
  11. Shodan
  12. Jigsaw
  13. SpiderFoot
  14. Creepy
  15. Nmap
  16. WebShag
  17. OpenVAS
  18. Fierce
  19. Unicornscan
  20. Foca
  21. ZoomEve
  22. Spyse
  23. IVRE
  24. Metagoofil
  25. Exiftool

Cybersecurity for the IoT

How trust can unlock value.

cybersecurity for IOT

2-factor authenticators

How does 𝐆𝐨𝐨𝐠𝐥𝐞 𝐀𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐨𝐫 (or other types of 2-factor authenticators) work?

Google authenticator is commonly used for logging into our accounts when 2-factor authentication is enabled. How does it guarantee security?

Google Authenticator is a software-based authenticator that implements a two-step verification service. The diagram below provides detail.

There are two stages involved:

🔹 Stage 1 - The user enables Google two-step verification
🔹 Stage 2 - The user uses the authenticator for logging in, etc…

Let’s take a look at these stages:

STAGE 1

Steps 1 and 2: Bob opens the web page to enable two-step verification. The front end requests a secret key. The authentication service generates the secret key for Bob and stores it in the database.

Step 3: The authentication service returns a URI to the front end. The URI is composed of a key issuer, username, and secret key. The URI is displayed in the form of a QR code on the web page.

Step 4: Bob then uses Google Authenticator to scan the generated QR code. The secret key is stored in the authenticator.

STAGE 2

Steps 1 and 2: Bob wants to log into a website with Google two-step verification. For this, he needs the password. Every 30 seconds, Google Authenticator generates a 6-digit password using TOTP (Time-based One Time Password) algorithm. Bob uses the password to enter the website.

STAGE 3 and 4

The front end sends Bob's password to the backend for authentication. The authentication service reads the secret key from the database and generates a 6-digit password using the same TOTP algorithm as the client.

STAGE 5

The authentication service compares the two passwords generated by the client and the server, and returns the comparison result to the front. Bob can proceed with the login process only if the two passwords match.

Is this authentication mechanism safe?

🔹 Can the secret key be obtained by others?
We need to make sure the secret key is transmitted using HTTPS. The authenticator client and the database store the secret key, and we need to ensure the secret keys are encrypted.

🔹 Can the 6-digit password be guessed by hackers?
No. The password has 6 digits, so the generated password has 1 million potential combinations. Plus, the password changes every 30 seconds. If hackers want to guess the password in 30 seconds, they need to enter 30,000 combinations per second.

2-factor authenticators

Best Youtube Channels to learn

@NetworkChuck
@davidbombal
@LoiLiangYang

Thanks for reading!
Back to Curriculum-vitæ ←