Cyber Security Essentials & Threats

Cyber security

Cyber security

Practice of protecting systems, networks, and programs from digital attacks to ensure confidentiality, integrity, and availability of data.

Malware

Malicious software disrupting, damaging, or gaining unauthorized access to computer systems. Types include viruses, worms, trojans, spyware, and adware.

Phishing

Fraudulent attempts to obtain sensitive information by posing as a trustworthy entity in electronic communications. Types include email phishing, spear phishing, smishing, and vishing.

Ransomware

Type of malware encrypting victim's files and demanding payment for decryption key. Examples include WannaCry, CryptoLocker, and NotPetya.

Insider Threats

Security risks from within the organization, involving malicious insiders, negligent insiders, and compromised insiders.

Vulnerabilities

Weaknesses in a system that can be exploited by threats, such as software bugs like buffer overflows, code injection, privilege escalation, weak passwords, and unpatched software.

Buffer Overflows

Errors occurring when a program writes more data to a buffer than it can hold, potentially allowing execution of arbitrary code.

Code Injection

Flaws enabling attackers to inject malicious code into a program, often through input fields.

Privilege Escalation

Vulnerabilities allowing attackers to gain elevated access to resources that are normally protected.

Weak Passwords

Easily guessable passwords providing an easy entry point for attackers due to common words or phrases, short length, and lack of complexity.

Unpatched Software

Outdated software lacking the latest security patches, making it vulnerable to attacks by exploiting known vulnerabilities.

Types of Cyber Attacks

Include malware (viruses, worms, trojans, spyware), which disrupt, damage, or gain unauthorized access to computer systems.

Viruses

Attach to legitimate programs or files, spread between computers, and can cause damage by deleting files, corrupting data, or slowing down system performance.

Worms

Self-replicating malware spreading without user intervention, exploiting network vulnerabilities to infect systems and cause disruption.

Trojans

Disguised as legitimate software but contain malicious code to create backdoors, steal information, or install additional malware.

Spyware

Secretly monitors and collects user information, tracking online activities, capturing keystrokes, and harvesting personal data for identity theft or espionage.

Adware

Automatically displays or downloads advertising material. Can track user behavior to deliver targeted ads. Can degrade system performance and invade privacy.

Email Phishing

Deceptive emails that appear to come from a legitimate source, requesting personal information or prompting the user to click on a malicious link.

Spear Phishing

Targeted phishing attempts aimed at specific individuals or organizations. Use personalized information to increase credibility and likelihood of success.

Smishing

Phishing attacks conducted through SMS text messages. Messages often contain links to malicious websites or prompt users to provide personal information.

Vishing

Phishing attacks conducted through voice calls. Attackers impersonate trusted entities to extract sensitive information, such as bank details.

Man-in-the-Middle (MitM)

Attacks where the attacker intercepts and potentially alters communication between two parties who believe they are directly communicating with each other.

Eavesdropping

Attacker secretly listens to communication between two parties. Can capture sensitive information, such as login credentials or personal data.

Session Hijacking

Attacker takes over a valid session between a user and a server. Can impersonate the user, steal information, or perform unauthorized actions.

SSL Stripping

Attacker downgrades a secure HTTPS connection to an unencrypted HTTP connection. Can intercept and modify data transmitted between the user and the website.

Denial-of-Service (DoS)

Attacks intended to make a system or network resource unavailable to its intended users by overwhelming it with traffic.

Basic DoS

Overloads the target with excessive traffic, causing it to crash or become unresponsive. Can be launched from a single source.

Distributed Denial-of-Service (DDoS)

Similar to DoS but launched from multiple sources, often using a botnet. Harder to mitigate due to the distributed nature of the attack.

Application Layer DoS

Targets specific applications or services rather than the entire network. Can exhaust resources by sending a high volume of requests to a particular application.

SQL Injection

Code injection technique that exploits vulnerabilities in an application's software to execute malicious SQL statements.

Cyber Security Measures

Various controls and practices implemented to enhance security in digital environments.

Firewalls

Devices or software that block unauthorized access to a network.

Antivirus Software

Programs that detect and remove malicious software.

Encryption

The process of converting data into a code to prevent unauthorized access.

Intrusion Detection Systems (IDS)

Systems that monitor network traffic for suspicious activity.

Multi-Factor Authentication (MFA)

Requires more than one method of authentication to verify the user's identity.

Security Policies and Procedures

Formalized rules and guidelines that govern the organization's security practices.

Securing Hardware

Physical security measures to protect computer hardware from theft or damage.

Access Control

Restricting physical access to facilities and sensitive areas to authorized personnel only.

Regular Updates and Patch Management

Ensuring all systems and software are up-to-date with the latest security patches.

Strong Password Policies

Using complex and unique passwords and changing them regularly.

User Education and Awareness

Training employees to recognize and respond to potential threats like phishing.

Regular Data Backups

Ensuring that data is regularly backed up and can be restored in case of an attack.

Incident Response Planning

Having a structured approach to handle and manage the aftermath of a security breach or cyberattack.