Week 1 - Threat Environment

CTAINASL

Advanced Information Assurance and Security

Focuses on protecting information systems from threats, ensuring data confidentiality, integrity, and availability. It includes advanced techniques such as cryptography, risk management, intrusion detection, security policies, and compliance standards. In today’s digital age, understanding these security measures is essential for developing systems that are reliable, safe, and resistant to cyberattacks or unauthorized access.

A critical foundation for building secure, reliable, and effective systems in thesis projects and real-world applications.

Threat Environment

Refers to the external and internal conditions, factors, and entities that could pose potential risks or dangers to an individual, organization, or system. It includes the various threats, vulnerabilities, and hazards that could affect security, operations, and safety.

Refers to all possible dangers that can harm a company’s information systems—such as hackers, malware, insider threats, natural disasters, and system failures.

The Security Goal

• Confidentiality

• Integrity

• Availability

Confidentiality

• Keeping sensitive information private.

• People cannot read sensitive information, either while it is on a computer or while it is traveling across a network.

Integrity

• Means ensuring data is accurate and not altered improperly.

• Attackers cannot change or destroy information, either while it is on a computer or while itis traveling across a network.

Availability

• Means systems and data are accessible when needed.

• People who are authorized to use information are not prevented from doing so.

Thwart

Prevent someone from accomplishing something/ stopping or defeating an attempt. (block)

Compromises

• When a threat succeeds in causing harm to a business.

• Successful attacks are called an incident breach.

Countermeasures

• Tools used to thwart attacks.

• It is also called safeguards and controls.

Types of Countermeasures

1. Preventative

2. Detective

3. Corrective

Preventative

Keep attacks from succeding.

• Firewalls

• Strong passwords & multi-factor authentication

• Encryption

• Security awareness training

Detective

Identify when a threat is attacking and especially when it is succeeding.

• Intrusion Detection Systems (IDS)

• Security monitoring

• Log analysis

Corrective

Get the business process back on track after a compromise.

The faster the business process can get back on track, the more likely the business process will be to meet its goals.

• Backups and disaster recovery plans

• Incident response plans

• System patching and updates

Employees and Ex-employees Threats

• They have extensive knowledge of systems.

• They often have the credentials needed to access sensitive data.

• They know corporate control mechanisms and how to avoid detection.

• Companies tend to trust their employees.

Employee Sabotage

Happens when an employee intentionally damages the company’s systems, data, or operations.

Examples:

• Destruction of hardware, software, or data.

• Plant time bomb or logic bomb on computer

• Sabotage can also have financial motives.

  • Deleting important company files

  • Destroying equipment

  • Shutting down servers

  • Planting malicious software

Employee Hacking

Hacking is intentionally accessing a computer resource without authorization or in excess of authorization.

Occurs when an employee illegally accesses systems or data beyond their authorized permission.

Ex.

• Accessing confidential salary records

• Breaking into restricted databases

• Stealing trade secrets

• Selling company data

• Even though they work in the company, accessing unauthorized information is still considered hacking.

Employee Financial Theft

• Misappropriation of assets

• Theft of money

Theft of Intellectual Property (IP)

• Copyrights and patents (formally protected)

• Trade secrets: plans, product formulations, business processes, and other info that a company wishes to keep secret from competitors.

Misappropriation of assets

Refers to the act of illegally or unethically taking or using assets (such as money, property, or other resources) for personal gain or benefit, without the owner’s consent. This typically involves employees, management, or others in positions of trust who abuse their authority or access to company resources.

Common examples of misappropriation of assets include:

• Embezzlement

• Theft

• False billing or invoices

• Payroll fraud

• Expense reimbursement fraud

Embezzlement

Employees taking money or assets from an organization for personal use.

Theft

Taking company property or assets and using them for personal gain.

False billing or invoices

Creating fake invoices or altering legitimate invoices to divert funds for personal use.

Payroll fraud

Employees inflating their hours worked, creating fake employees, or otherwise diverting payroll funds.

Expense reimbursement fraud

Submitting false or inflated business expenses for reimbursement.

Theft of money

Specifically refers to the act of illegally taking cash (money) or funds that belong to someone else.

• Stealing cash from a cash register.

• An employee taking money directly from a safe or cash box.

• A person using a stolen credit card to withdraw money.

Employee Extortion

Perpetrator tries to obtain money or the goods by threatening to take actions that would be against the victim’s interest.

Sexu@l or R@cial Harassment

And the display of pornographic materials via email (or any other means) represent significant threats to the organization, both in terms of legal consequences and the overall work environment.

Addressing these issues proactively is key to maintaining a safe, respectful, and productive workplace.

Employee Computer and Internet Abuse

• Downloading prngraphy, which can lead to sexu@l harassment lawsuits and viruses.

• Downloading pirated software, music, and video, which can lead to copyright violation penalties.

• Excessive perosnal use of the Internet at work.

Non-Internet Computer Abuse

• Acess to sensitive personal information motivated by curiosity

• In one survey at a security conference, one in three admitted to looking at confidential or personal information in ways unrelated to their jobs.

Malware

• Malicious Software

• Generic name for any evil software.

Viruses

• Programs that attach themselves to legitimate programs on the victim’s machine.

• Spread today primarily by e-mail.

• Also by instant messaging, file transfers, etc.

• Needs a host file to run

• Requires user action (e.g., opening a file or running a program)

• Spreads when the infected file is shared

Worms

• Full programs that do not attach themselves to other programs.

• Also spread by e-mail, instant messaging, and file transfers.

• In addition, direct-propagation worms can jump to from one computer to   another without human intervention on the receiving computer.

• Direct-propagation worms can spread extremely rapidly.

• Does not need a host file

• Does not require user action

• Spreads automatically through networks

Blended Threats

• Refer to cyberattacks that combine elements of multiple types of malware and attack strategies, often exploiting both network vulnerabilities and human behaviors. These threats are designed to be more complex and sophisticated, making them harder to detect and defend against.

• Typically combine characteristics of viruses, worms, Trojan horses, spyware, phishing, and other forms of attacks to maximize damage and spread.

Payload

• Pieces of code that do damage

• Refers to the part of a malware attack that performs the malicious action once the malware has successfully infiltrated a target system. The payload is typically the part of the malware that causes the actual harm or damage after exploiting a vulnerability, delivering the malicious code, or gaining unauthorized access to the system.

• Think of the payload as the "action" part of a cyberattack, where the attacker achieves their goal – ex: delete file, steal sensitive info, encrypting file, spreading malware

Trojan Horses

A program that replaces an existing system file, taking its name

Downloaders

• Small Trojan horses that download larger Trojan horses after the downloader is installed.

• Type of malicious software designed to download and install other, more harmful malware onto a compromised system.

• These downloaders are often disguised as legitimate software or embedded in files that look harmless, such as emails, attachments, or ads. Once installed, the downloader connects to a remote server and downloads additional malicious files to the device.

Spyware

• Programs that gather information about you and make it available to the adversary.

• A type of malicious software (malware) designed to monitor and collect information about a user's activities without their knowledge or consent

• Password stealing spyware is a type of malicious software designed to secretly capture and steal passwords and other sensitive information from a victim's device.

Spware collects a variety of data including:

• Keystrokes (logging everything the user types, including passwords and personal information).

• Browsing history (websites visited, searches made).

• System information (hardware and software details).

• Login credentials, banking information, and credit card numbers.

• Personal emails and messages.

• Screen captures and webcam footage (in extreme cases).

Protection Measures

• Use strong, unique passwords for each online account.

• Enable two-factor authentication (2FA) wherever possible.

• Keep your software and antivirus programs updated to detect and block malware.

• Avoid clicking on suspicious links or downloading unknown files, especially from untrusted sources.

Rootkits

• Type of malicious software (malware) designed to gain unauthorized access to a computer system and maintain privileged control over it, often while concealing its existence.

• Take control of the super user account (root, administrator, etc.

• Can hide themselves from file system detection

• Can hide malware from detection

• Extremely difficult to detect (ordinary antivirus programs find few rootkits)

Social Engineering in Malware

Is attempting to trick users into doing something that goes against  security policies

• Several types of malware use social engineering

  • Spam (unsolicited commercial e-mail)

  • Phishing (authentic-looking e-mail and websites)

  • Spear phishing (aimed at individuals or specific groups)

  • Hoaxes

Spear Phishing

A highly targeted form of phishing attack where cybercriminals customize their deceptive messages to a specific individual or organization, usually with the intention of stealing sensitive information or gaining unauthorized access to systems or accounts.

Hoax

A type of deceptive or misleading information, often circulated through emails, social media, or other communication channels, designed to mislead, confuse, or trick people. Hoaxes usually contain false claims or exaggerated information, often in the form of rumors, pranks, or fabricated stories.

Traditional Hackers

• Motivated by thrill, validation of skills, and sense of power

• Motivated to increase reputation among other hackers

• Often do damage as a by-product

• Often engage in petty crime

Types of Traditional Hackers

• White Hat Hackers - ethical hackers

• Black Hat Hackers - malicious hackers

• Gray Hat Hackers - hack without permission

Reconnaisssance Probes

Often referred to as scanning probes or reconnaissance attacks, are activities performed by attackers or security professionals to gather information about a target system, network, or infrastructure.

Exploit

Is a tool or technique used by attackers to take advantage of vulnerabilities in systems or applications., break into the computer

IP Address Spoofing

• Attackers often use IP address spoofing to conceal their identities

• Putting false source IP addresses in reconnaissance and exploit packets

• Hiding the attacker’s identity

• However, the attacker cannot receive replies sent by the victims to the false IP address

• A technique used in cyberattacks where an attacker sends network packets that appear to come from a trusted or legitimate IP address, but in reality, the packets originate from a different, often malicious, source.

Denial of Service (DoS)

• A single computer or internet connection

Distributed Denial of Service (DDoS)

• Multiple computers usually a botnet

Social Engineering

• Call and ask for passwords and other confidential information.

• E-mail attack messages with attractive subjects.

• Piggybacking (walking through a door opened by another who has access credentials)

• Shoulder surfing (watching someone type his or her password)

• Pretexting (pretending to be someone and asking for information about that person)

• Often successful because it focuses on human weaknesses instead of technological weaknesses

Pretexting

Involves creating a fabricated scenario (a "pretext") to deceive a victim into disclosing confidential information. This can occur through phone calls, emails, or even in-person interactions.

Vishing

Voice phishing

Shoulder Surfing

The attacker typically does this by overhearing or visually observing the victim from a close distance, often without the victim's knowledge.

Expert Hackers

• Are characterized by strong technical skills and dogged persistence

• Create hacker scripts to automate some of their work

• They are very good with computers and hacking. They know how systems work inside out.

Script Kiddies

• Are also available for writing viruses and other malicious software

• Use these scripts to make attacks

• Have low technical skills

• Are dangerous because of their large numbers

• They are beginners and don’t really understand how hacking works.

Career Criminals

• They have traditional career criminal motives and many of their attack strategies are computer adaptations of traditional crimes.

• Attack to make money illegally.

Many cybercrime gangs are international

• Makes prosecution difficult.

• Dupe citizens of a country into being transhippers of fraudulently purchased goods to the attacker in another country.

Cybercriminals use black market forums

• Credit card numbers and identity information Vulnerabilities .

• Exploit software (often with update contracts)

Fraud

• The attacker deceives the victim into doing something against the victim’s financial self-interest.

• Criminals are learning to conduct traditional frauds and new frauds over networks.

• Also, new types of fraud, such as click fraud.

Click Fraud

• When a person or bot pretends to be a legitimate visitor on a webpage and clicks on an ad, a button, or some other type of hyperlink.

• A type of online fraud where a person or automated system (bot) intentionally clicks on ads (often on pay-per-click (PPC) advertising platforms) in order to generate revenue or exhaust a competitor’s advertising budget.

• The goal is to either make money by generating fake clicks or to waste the advertiser’s money, ultimately leading to financial loss for businesses running online ad campaigns.

Types of Click Fraud

1. Competitor Click Fraud

2. Bot-Driven Click Fraud

3. Click Farms

Competitor Click Fraud

A business might click on ads from a competitor’s campaign to waste their ad budget. This is done to reduce the competitor's budget, especially if they are running high-cost PPC ads.

Bot-Driven Click Fraud

Automated bots are programmed to click on ads repeatedly. These bots can mimic human behavior and generate large volumes of fraudulent clicks quickly and without detection.

Click Farms

In some cases, click fraud is carried out by groups of people, often in countries with low labor costs, who are hired to manually click on ads to generate revenue for the fraudster.

Identity Theft

Steal enough identity information to represent the victim in large transactions, such as buying a car or even a house.

Corporate Identity Theft

Theft of a corporation’s identity

Commercial Espionage

• Also known as industrial espionage or economic espionage, refers to the act of illegally or unethical gathering of confidential information, trade secrets, or proprietary data from a business or organization. This information is typically used for competitive advantage.

• Attacks on confidentiality

• Public information gathering

  • Company website and public documents

  • Facebook pages of employees, etc.

• Trade secret espionage

  • May only be litigated if a company has provided reasonable protection for those secrets

• Reasonableness reflects the sensitivity of the secret and industry security practices

Trade secret theft

• Theft through interception, hacking, and other traditional cybercrimes

• Bribe an employee

• Hire your ex-employee and solicit or accept trade secrets

Cyberwar

• Computer-based attacks by national governments

• Espionage

• Cyber-only attacks to damage financial and communication infrastructure

• To augment conventional physical attacks

  • Attack IT infrastructure along with physical attacks (or in place of physical attacks)

  • Paralyze enemy command and control

  • Engage in propaganda attacks

• Cyberwar involves state-sponsored or military-level attacks in cyberspace aimed at another country.
  

Cyberterror

• Attacks by terrorists or terrorist groups

• May attack IT resources directly

• Use the Internet for recruitment and coordination

• Use the Internet to augment physical attacks

  • Disrupt communication among first responders

  • Use cyberattacks to increase terror in physical attacks

• Turn to computer crime to fund their attacks

• Cyberterrorism is the use of digital attacks by non-state actors (terrorist groups) to cause fear, damage, or chaos, often for political, religious, or ideological motives.

• Carried out by individuals or groups, not governments