Cyber Security Notes

Introduction to Cyber Security

  • Definition: Protection of information stored, transmitted, and processed in networked computer systems, digital devices, and transmission lines, including the Internet.

Importance of Cyber Security in Modern Computing

  • Growing Digital Dependency: Businesses, governments, and individuals rely heavily on digital systems.
  • Rising Cyber Threats: Increase in cyberattacks, such as ransomware, phishing, and data breaches.
  • Financial and Reputational Damage: Cyberattacks can lead to significant financial losses and harm to an organization's reputation.
  • Regulatory Compliance: Laws like GDPR, HIPAA, and CCPA require lawfully robust cybersecurity measures.

Definitions of Cyber Security Terms

  • Information Security: Preservation of confidentiality, integrity, and availability of information, including authenticity and reliability.
  • Computer Security: Tools designed to protect data and thwart hackers.
  • Network Security: Measures to protect data during transmission.
  • Internet Security: Measures to protect data during transmission over interconnected networks.

Common Sources of Threats

  • Internal Threats:
    • Malicious Insiders: Employees with harmful intent.
    • Accidental Breaches: Human error due to lack of training.
    • Impact: Data leaks, sabotage, and unauthorized access.
  • External Threats:
    • Hacker Attacks, Cybercriminals, State-sponsored Attacks.
    • Malware, Phishing, DDoS Attacks.
    • Impact: Financial loss, data theft, and system downtime.

Internal Threats in Detail

  • Malicious Insiders: Intentional harm by employees or contractors.
  • Negligent Insiders: Unintentional breaches, e.g., phishing link clicks.
  • Prevention Measures: Regular training, access control, monitoring, incident response plans.

External Threats in Detail

  • Malware: Software disrupting or damaging systems.
  • Phishing: Fraudulent attempts to gather sensitive info.
  • DDoS Attacks: Overloading systems with traffic to disrupt services.
  • Advanced Persistent Threats (APTs): Long-term targeted attacks.
  • Prevention Measures: Implement firewalls, antivirus, regular updates, employee awareness programs.

Types of Malware

  • Viruses: Infect files/programs (e.g., ILOVEYOU virus).
  • Worms: Spread through network vulnerabilities (e.g., WannaCry).
  • Trojans: Harmless appearance but create backdoors (e.g., Zeus Trojan).
  • Phishing/Social Engineering: Attempts to steal information through deception.
  • Prevention Measures: Employee training, email filtering, multi-factor authentication.

Denial of Service Attacks (DoS / DDoS)

  • DoS Attack: Overwhelms a system with traffic.
  • DDoS Attack: Multiple systems coordinate a DoS attack.
  • Impact: Service disruption, financial losses, reputation damage.
  • Example: 2016 Dyn DDoS attack affecting major websites.
  • Prevention: Traffic filtering, rate limiting, DDoS protection.

SQL Injection and Code Injection

  • SQL Injection: Targets database by injecting harmful queries.
  • Impact: Data theft or manipulation.
  • Code Injection: Executes unauthorized commands via malicious code.
  • Prevention: Input validation, secure coding practices.

Zero-day Exploits

  • Definition: Attacks exploiting unknown vulnerabilities before patches are available.
  • Impact: Severe due to unaddressed vulnerabilities.
  • Example: Stuxnet targeting industrial control systems.

Best Practices for Mitigating Cyber Threats

  • Regular Updates: Keep software patched.
  • Employee Training: Recognize and avoid threats.
  • Strong Authentication: Implement MFA and strong passwords.
  • Network Security: Use firewalls and encryption.
  • Incident Response Plan: Prepare for potential breaches.

Introduction to Malware Analysis

  • Definition: Process of studying malware to understand functionality and impact.
  • Goals: Identify behavior, understand operation, develop mitigation strategies.
  • Types of Analysis:
    • Static Analysis: Examining malware code without execution.
    • Dynamic Analysis: Observing malware behavior during execution.

Real-World Examples of Malware Incidents

  • Stuxnet (2010): Targeted Iranian nuclear facilities.
  • WannaCry (2017): Global ransomware attack exploiting vulnerabilities.
  • Emotet (2014-2021): Modular malware used in data theft and spread.

Techniques for Reverse Engineering Malware

  • Static Analysis: Analyzing code structure and behavior without running it.
  • Dynamic Analysis: Executing samples in controlled environments to observe behavior.
  • Tools Used: IDA Pro, Ghidra, Cuckoo Sandbox.