Accounting Information Systems - Chapter 16

Encompasses the measures a company takes to protect a computer or system—including those on the internet—against unauthorized access or attacks

Cybersecurity

Whose responsibility is it to ensure that their company adopts a proactive cybersecurity plan

1. Management

2. Executives

A type of cyberattack that takes a system hostage until a ransom is paid

Ransomware

What are some examples of recent cybersecurity threats

1. Colonial Pipeline

2. Florida Water Supply

3. Equifax

Attacked with ransomware and caused economic disruption

Colonial Pipeline

A hacker accessed the water treatment levels in the system, and increased the sodium hydroxide levels to fatal amounts

Florida Water Supply

Names, Social Security numbers, birth dates, addresses, and even driver's license information were stolen during a data breach

Equifax

A U.S. Department of Commerce agency that promotes innovation in science, standards, and technology to improve the quality of life in the United States

National Institute of Standards and Technology (NIST)

What are the 5 functions in NIST's Cybersecurity Framework that companies should adopt to address cybersecurity risks? (In Order)

1. Recover

2. Identify

3. Protect

4. Detect

5. Respond

How many control families does NIST have?

18

What are the top 4 NIST control families that have the most number of related internal controls? (In Order)

1. Systems and Communications Protection (SC) - 44

2. Access Control (AC) - 25

3. System and Services Acquisition (SA) - 22

4. Physical and Environmental Protection (PE) - 20

The life cycle of a cyberattack from early stages of information gathering through final steps of damaging the network

Cyber-Kill Chain

What are the three steps in the cyber-kill chain?

1. Gathering information about the network - (Plan)

2. Accessing the network - (Enter)

3. Disrupting, damaging, or destroying the network - (Damage)

Finding vulnerabilities in the network and gaining information about its contents (Plan)

Reconnaissance Attacks

Accessing the network and its contents (Enter)

Access Attacks

Causing damage to, disrupting the services of, or destroying the network and its contents (Damage)

Disruptive Attacks

What are the 2 categories of cyberattacks

1. Physical Attacks

2. Logical Attacks

Attackers threaten elements a network administrator has no control over, such as physical security, hardware, and people

Physical Attacks

Attacks occur on a fully digital spectrum and require no human interaction other than the attacker instigating the attack.

Logical Attacks

Uses human interaction—on the part of the target, the attacker, or both—to generate information about the network

Physical Reconnaissance Attack

- Involves persuading people to perform acts that would give the hackers access to confidential information, such as birth dates, passwords, and user IDs

- One of the most robust categories of cyberattacks

- Always Physical Attacks

Social Engineering (Phishing)

A deceptive request designed to trick victims into sharing private information

Email Phishing

Sending text messages

Mobile Phishing

Leaving voicemails with urgency to provide info before something bad happens

Voice Phishing

Looking through someone else's physical trash

Dumpster Diving

- The unauthorized interception of communication

- Listening to phone calls

- Intercepting emails, text messages, and other forms of communication

Eavesdropping (Sniffing)

How do businesses mitigate the risk of attackers gaining information by intercepting communications?

1. Encrypt data

2. Use secure communication lines

A standard network protocol that allows users to transfer files between the company network and outside parties (Securely Send Files)

File Transfer Protocol (FTP)

- Uses digital attacks and does not require a human target

- Target is a network vulnerability

Logical Reconnaissance Attack

Used to identify which hosts are active in the network by sending a communication to each IP address to see if there is a response packet, which is a small portion of the full message being sent over the network

Ping Sweep (IP Probe)

The next step is for hackers to narrow their results using ______, which indicate which ports are open and sending or receiving data on the network

Port Scans

NIST recommends that companies perform ______ to detect and classify security loopholes in their infrastructure

Vulnerability Scans

Companies commonly perform _____ by attempting to hack their own systems

Penetration Testing (Pen Testing)

A company should ensure that systems are running up-to-date security by applying ______ as soon as they are available

Patches

- Result in access to either hardware or people

- That access can be gained with the assistance of an unknowing victim or through force

Physical Access Attacks

Is the physical act of gaining unauthorized entry by closely following someone else through a physical security checkpoint and using that person's credentials to gain access

Tailgating (Piggybacking)

What are the 2 types of tailgating?

1. Accidental Tailgating

2. Polite Tailgating

Seek unauthorized access to a system or an application by either exploiting a network vulnerability unveiled during reconnaissance attacks or attempting to use force to get through network security

Logical Access Attacks

Attackers force access to the network by attempting many passwords or phrases until finding the correct one

Brute-Force Attack

Using lists of commonly used words and combinations of words and letters to guess passwords

Dictionary Attacks

Attempt to gain access to an ongoing communication between two endpoints by pretending to be each of the parties

On-Path Attacks

An attacker creates IP packets with modified source addresses to disguise their identity and impersonate a legitimate computer on the network

IP Spoofing

What is the primary way devices on the network communicate?

Sending and receiving IP packets

The source address is the IP address of the packet sender

Normal Packets

A packet that has a forged source (IP) address

Spoofed Packets

- Prohibit users from using resources such as computers, websites, servers, or an entire network

- Attackers continuously send fake requests to the business to consume the system's capacity, resulting in loss of availability for "real" users

- Brute-force attack is the most common

Denial-of-Service (DoS) Attacks

- Computers that are programmed to do whatever attackers want, such as flooding a specific host with repetitive requests to consume the target system's capacity

- These computers are infected with malware

Botnets

A cyber attacker who wants to perform a large-scale DoS attack can carry out a ______ that uses multiple machines or IP addresses to force the target to shut down

Distributed Denial-of-Service (DDoS) Attack

What are the 2 reasons that Distributed Denial-of-Service (DDoS) Attacks are difficult to stop

1. The hacker uses multiple originating points of attack so the company has to identify each source

2. Difficult for a company to differentiate between an attack and legitimate business traffic

Software specifically designed to damage, disrupt, or gain unauthorized access to systems

Malware

Written to cause harm and attack the target system

Malicious Code

What are the 4 types of malware

1. Virus

2. Worms

3. Logic Bomb

4. Trojan Horse

A type of malware that replicates itself in a system through user interaction and spreads quickly, causing damage to core system functions

Virus

Replicate without the assistance of human interaction

Worms

A piece of malicious code that is programmed into a system and remains dormant until certain conditions are met

Logic Bomb

- Disguised as benign software but carries malicious code that may be activated via a logic bomb

- Nonreplicating

- Used to obtain back door access to a target system

Trojan Horse