Rise of the Bots and Cybersecurity Essentials

Lesson Overview: Cybersecurity and Hacking

Learning Objectives for Lesson 3: Script Kiddies

  • Define the term "hacking" within the context of cybersecurity.
  • Explain how a Distributed Denial of Service (DDoS) attack can impact users of online services.
  • Identify strategies to reduce the chance of a brute force attack being successful.
  • Explain the necessity for the Computer Misuse Act.

Learning Objectives for Lesson 4: Rise of the Bots

  • List common malware threats.
  • Examine how different types of malware cause problems for computer systems.
  • Question how malicious bots can have an impact on societal issues.

Hacking and Hackers

Definition of Hacking

  • In the context of cybersecurity, hacking is defined as: Gaining unauthorised access to or control of a computer system.

Motivations for Hacking

  • People may want to hack for several reasons:     * To steal data.     * To disrupt services.     * For financial gain.     * For political reasons (includes espionage and activism).     * For fun (often referred to as "planting the flag").     * For ethical reasons.

Unethical versus Ethical Hacking

  • Case Study 1: Is it ethical to hack into a company's systems to find data that will expose their practice of harming animals for cosmetic testing to the whole world?
  • Case Study 2: A company wants to employ hackers to see if they can find any weaknesses in their system. Is it ethical for a hacker to do this to help the company improve their security?
  • Penetration Testers (Pen Testers): These are people who are paid to legally hack into computer systems with the sole purpose of helping a company identify weaknesses in their system.

Types of Hackers and Attacks

Script Kiddies
  • Script kiddies are hackers (not necessarily children) who use tools downloaded from the internet that allow them to hack with little technical knowledge.
  • It is thought that the 20162016 Dyn cyberattack was performed by script kiddies using a DDoS attack.
Hacktivism
  • Hacktivists are rarely motivated by theft.
  • They are interested in creating disruption to cause public embarrassment or to promote a specific cause.
  • Motives include:     * Political reasons.     * Protesting (e.g., for civil liberties or against climate change).     * Targeting major corporations they feel are doing something wrong.
  • Note on Dyn Cyberattack: It was initially thought that the 20162016 Dyn attack was the work of "New World Hackers," but it later emerged that script kiddies were likely responsible.

Methods of Attack

Denial of Service (DoS)
  • A cyberattack in which the criminal makes a network resource unavailable to its intended users.
  • This is achieved by flooding the targeted machine or website with numerous requests in an attempt to overload the system.
Distributed Denial of Service (DDoS)
  • Uses the same concept as a DoS attack, but utilizes multiple computers to make the attacks at the same time.
  • A DDoS attack is significantly harder to stop or identify because:     * It cannot be stopped by simply blocking a single source.     * Identifying the responsible party is difficult as many machines are making requests, many of which are infected by malware without their owners' knowledge.
Brute Force Attack
  • A form of attack that makes multiple attempts to discover something, such as a password.

The Computer Misuse Act (1990)

  • This Act was passed by Parliament and established three specific new offences:

Section 1: Unauthorised Access to Computer Material

  • Focuses on unauthorized access to data.

Section 2: Unauthorised Access with Intent to Commit or Facilitate the Commission of Further Offences

  • Relates to unauthorized use of a computer to commit or facilitate another offence.

Section 3: Unauthorised Acts with Intent to Impair (or with Recklessness as to Impairing) the Operation of a Computer

  • Covers actions intended to impair computer operations.

Malware (Malicious Software)

Definition and Intent

  • Malware is software designed to gain access to a computer with malicious intent.
  • Common malicious intents include:     * Disabling hardware.     * Data theft.     * Forced advertising.     * Sending email spam.     * Extorting money.

Common Types of Malware

1. Viruses
  • Malicious forms of self-replicating software.
  • A virus replicates by maliciously modifying other computer programs and inserting its own code.
  • Crucially, for a virus to infect a system, it must be initiated or executed by a user.
  • Common ways to catch a virus:     * Downloading an email attachment.     * Clicking a confirmation button on a pop-up without reading it.     * Downloading files (movies, games) from illegal websites or peer-to-peer file-sharing platforms.
2. Worms
  • Worms replicate themselves but, unlike viruses, they do not attach themselves to files.
  • Worms spread through the network and consume system resources.
  • They typically cause problems by using up network bandwidth, which slows the network down significantly.
3. Trojans
  • Software that appears to perform a useful function (such as a game) but performs malicious actions unbeknownst to the user.
  • Example: Opening a "back door" to give an attacker remote access to the computer.
  • The name derives from the historical story of the Trojan Horse.
4. Spyware
  • Unwanted software that monitors and gathers information on a person and how they use their computer.
  • Keyloggers: A sinister form of spyware that records every keystroke made by a user. This data can be used to steal credentials or sensitive personal information.
5. Adware
  • Adware can be a worm, virus, or Trojan.
  • It infects a computer and causes it to download or display malicious adverts or pop-ups when the victim is online.
  • Indicators of infection include a large number of adverts while online or receiving pop-ups when offline.
6. Ransomware
  • A form of virus that is self-replicating.
  • It specifically locks a computer and encrypts files, preventing the user from accessing their data.
  • The attacker demands a ransom payment before decrypting files and unlocking the computer.
  • Case Study: Wana Decryptor 2.0 (WannaCry):     * Interface Message: "Ooops, your files have been encrypted!"     * Payment Details: Payment is accepted in Bitcoin only ($300 worth of Bitcoin).     * Wallet Address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw     * Deadlines: Users are given 33 days to pay before the price doubles. After 77 days, files are permanently lost.     * Exceptions: Claims to have "free events" for users too poor to pay after 66 months.

Internet Bots

Overview

  • Bots are automated programs that perform tasks repeatedly.
  • They are a crucial part of internet infrastructure and perform useful tasks, such as:     * Search Engine Indexing: Finding new websites for indexing.     * Chatbots: Providing online customer service.     * Shopbots: Monitoring prices of items to help find the best deals.

Malicious Use of Bots

  • Social Media Manipulation: Creating accounts and following users to increase the perceived influence of certain individuals.
  • Vulnerability Scanning: Scouring the web to look for and report on vulnerabilities in internet-connected devices.
  • Botnets: A large collection of malware-infected devices, known as "zombies."     * Bot Herder: The attacker who chooses when to "wake" the zombies to perform an attack.     * DDoS Attack: Sending multiple requests to a single server from the botnet.

Statistics on Bot Traffic

  • According to Cloudflare.com (20192019), it is believed that over 50%50\% of all internet traffic is bot traffic.
  • A significant portion of that bot traffic is categorized as malicious bots.