Chapter 3 Cyberattacks and Cybersecurity

Bring your own device (BYOD)

Business policy that permits employees to use their own mobile devices to access company computing resources

Exploit

An attack on an information system that takes advantage of a particular system vulnerability

Zero-day attack

Takes place before the security community or software developer becomes aware of and repairs a vulnerability

Black hat hacker

Someone who violates computer or Internet security maliciously or for illegal personal gain

Cracker

An individual who causes problems, steals data, and corrupts systems

Malicious insider

An employee or contractor who attempts to gain financially and/or disrupt a company’s information systems

Industrial spy

An individual who captures trade secrets to gain an unfair competitive advantage

Cybercriminal

Someone who attacks a computer system for financial gain

Hacktivist

An individual whose goal is to promote a political ideology

Cyberterrorist

Someone who attempts to destroy government infrastructure, financial institutions, and other corporations, utilities, and emergency response units

Ransomware

Malware that stops you from using your computer or accessing your data until you meet certain demands, such as paying a ransom

Virus

A piece of programming code, disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner

Worm

A harmful program that resides in the active memory of the computer and duplicates itself

Trojan horse

A program in which malicious code is hidden inside a seemingly harmless program

Logic bomb

Executes when triggered by a specific event

Blended threat

An attack that combines the features of a virus, worm, Trojan horse, and other malicious code into a single payload

Spam

The use of email systems to send unsolicited email to large numbers of people

Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act

Makes spam legal with certain restrictions—the email must include: a real return address, a label specifying that it is an ad or solicitation, and a way for recipients to opt out of future emails

CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart)

Software that generates and grades tests that humans can pass but computer programs cannot

Distributed denial-of-service (DDoS) attack

An attack that takes over computers via the Internet, causing them to flood a target site with demands for data and other small tasks

Rootkit

A set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge

Advanced persistent threat (APT)

An attack in which an intruder gains access to a network and stays there— undetected—with the intention of stealing data over a period of weeks or months

Phishing

The act of fraudulently using email to try to get the recipient to reveal personal data

Spear phishing

A variation of phishing in which the phisher sends fraudulent emails to an organization’s employees

Smishing

A variation of phishing in which the victims receive a legitimate-looking text message telling them to call a specific phone number or log on to a website

Vishing

A variation of phishing in which the victims receive a voice-mail message telling them to call a phone number or access a website

Cyberespionage

The deployment of malware that steals data from government agencies, military contractors, political organizations, or manufacturing firms

Cyberterrorism

The intimidation of a government or a civilian population by using IT to disable critical national infrastructure

Department of Homeland Security (DHS)

A federal agency whose goal is to provide for a safer, more secure America, resilient against terrorism and other potential threats

U.S. Computer Emergency Readiness Team (US-CERT)

A DHS and public/private sector partnership; serves as a clearinghouse for information on new security threats

Computer Fraud and Abuse Act

• Addresses fraud and related activities in association with computers, including:

-Accessing a computer without authorization

-Transmitting code that causes harm to a computer

-Trafficking of computer passwords

-Threatening to cause damage to a protected computer

Fraud and Related Activity in Connection with Access Devices Statute

Covers false claims regarding unauthorized use of credit cards

Stored Wire and Electronic Communications and Transactional Records Access Statutes

• Focuses on unlawful access to stored communications to obtain, alter, or prevent authorized access to a wire or electronic communication while it is in electronic storage

USA Patriot Act

Defines cyberterrorism and associated penalties

CIA security triad

The confidentiality, integrity, and availability of systems and data

IT security practices focus on the CIA security triad:

• Confidentiality ensures only those individuals with proper authority can access sensitive data

• Integrity ensures data can only be changed by authorized users

• Availability ensures data can be accessed when and where needed

Risk assessment

The process of assessing security related risks to an organization’s computers and networks from both internal and external threats

Disaster recovery plan

A documented process for recovering an organization’s business information system assets—including hardware, software, data, networks, and facilities—in the event of a disaster

Mission-critical processes

Business processes that are more pivotal to continued operations and goal attainment than others

Security policy

A policy that defines an organization’s security requirements, as well as the controls and sanctions needed to meet those requirements

Security audit

An audit that evaluates whether an organization has a well-considered security policy in place and if it is being followed

Bank Secrecy Law of 1970

-Requires financial institutions in the United States to assist U.S. government agencies in detecting and preventing money laundering

Federal Information Security Management Act

-Requires every federal agency to provide information security for the data and information systems that support the agency’s operations and assets

Health Insurance Portability and Accountability Act

Regulates the use and disclosure of an individual’s health information

Security dashboard software

• Provides a comprehensive display of all key performance indicators related to an organization’s security defenses, including:

-Threats-Exposures-Policy compliance-Incident alert

Authentication methods

An organization must authenticate users attempting to access its network-Username and password-Smart card and a PIN-Fingerprint-Voice pattern sample-Retina scan

Multifactor authentication schemes include:

-Biometrics

-One-time passwords

-Hardware tokens that plug into a USB port and generate a password

Firewall

A system of software and/or hardware that stands guard between an organization’s internal network and the Internet

Next-generation firewall (NGFW)

A hardware- or software based network security system that blocks attacks by filtering network traffic based on packet contents

Router

A networking device that connects multiple networks and transmits data packets between networks

Encryption

The process of scrambling messages or data in such a way that only authorized parties can read it

Encryption key

A value that is applied to unencrypted text to produce encrypted text that is unreadable by those without the encryption key

Transport Layer Security (TLS)

A communications protocol that ensures privacy between communicating applications and their users on the Internet

Proxy server

Acts as an intermediary between a web browser and another server on the Internet

Virtual private network (VPN)

Enables remote users to securely access an organization’s computing resources and share data by transmitting and receiving encrypted data over public networks, such as the Internet

Intrusion detection system (IDS)

Software and/or hardware that monitors system resources and activities and issues an alert when it detects network traffic attempting to circumvent security measures

Security education

Educate end users about the importance of security so they are motivated to understand and follow security policies.

Authentication methods

Require end users to implement a security passcode that must be entered before their device accepts further input.

Virus Signature

A specific sequence of bytes that indicates the presence of a previously identified virus

Data encryption

Full-disk encryption protects storage devices and/or hard drives so they cannot be removed from a computer and plugged into another computing device

Eradication

Before the IT security group begins eradication efforts, it must collect and log all possible criminal evidence and then verify all backups are current, complete, and free of malware.

Incident Follow-Up

An essential part of follow-up is to determine how the organization’s security was compromised so that it does not happen again.

Managed security service provider (MSSP)

A company that monitors, manages, and maintains computer and network security for other organizations

Computer forensics

Combines elements of law and computer science to collect, examine, and preserve data from computer devices and networks in a manner that preserves the integrity of the data gathered so it is admissible as evidence in court