Introduction To Cyber Security

What Is Cyber Security?

Definition

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.

The term applies in a variety of contexts, from business to mobile computing, and can be divided into a few common categories.

  1. Network security: is the practice of securing a computer network from intruders, whether targeted attackers or opportunistic malware.
  2. Application Security: focuses on keeping software and devices free of threats. A compromised application could provide access to the data its designed to protect. Successful security begins in the design stage, well before a program or device is deployed.
  3. Information Security: protects the integrity and privacy of data, both in storage and in transit.
  4. Operational security: includes the processes and decisions for handling and protecting data assets. The permissions users have when accessing a network and the procedures that determine how and where data may be stored or shared all fall under this umbrella.
  5. End-user education: addresses the most unpredictable cyber-security factor: people. Anyone can accidentally introduce a virus to an otherwise secure system by failing to follow good security practices. Teaching users to delete suspicious email attachments, not plug in unidentified USB drives, and various other important lessons is vital for the security of any organization.

Understanding Cyber Security Roles

Anything that relies on the internet for communication, or is connected to a computer or other smart device, can be affected by a breach in security. This includes:

  • Communication systems – like email, phones and text messages
  • Transportation systems – including traffic control, car engines, airplane navigation systems
  • Government databases – including Social Security numbers, licenses, tax records
  • Financial system – including bank accounts, loans and paychecks
  • Medical system – including equipment and medical records
  • Educational system – including grades, report cards and research information

Why Is Cyber Security Important?

There are at least three main principles behind cyber security: confidentiality, integrity and availability.

Confidentiality

Confidentiality involves any information that is sensitive and should only be shared with a limited number of people. If your credit card information, for example, was shared with a few criminals, your credit rating and your reputation could suffer very quickly.

Integrity

Integrity involves keeping information from being altered. When malware hits a hospital’s computer systems, it can scramble patient records, lab results and can prevent staff from accessing a patient’s allergy or drug information.

Availability

Availability involves ensuring those who rely on accurate information are able to access it. Availability is often related to integrity, but can also involve things like a cyber attack preventing people from accessing specific computers, or from accessing the internet.

Types Of Cyber Security Threats

Common methods attackers use to control computers or networks include viruses, worms, spyware, Trojans, and ransomware. Viruses and worms can self-replicate and damage files or systems, while spyware and Trojans are often used for surreptitious data collection.

Ransomware waits for an opportunity to encrypt all the user’s information and demands payment to return access to the user. Malicious code often spreads via an unsolicited email attachment or a legitimate-looking download that actually carries a malware payload.

1) Phishing

Phishing is the practice of sending fraudulent emails that resemble emails from reputable sources. The aim is to steal sensitive data like credit card numbers and login information.

Hackers use email to spread spam, malware and other threats. It is important to understand the terminology used in Social Engineering and cyber attacks:

  • Vishing

This is Phishing that takes the form of Voice Phishing. Someone will contact you over the phone, pretending to be from a Bank or an Insurance Company, for example.

  • Smishing

This is a new form of Phishing that has taken the form of SMS Phishing, where you will receive a text message that looks like it is from your bank, which will ask you to phone a number to verify your identity, or for other personal information.

  • Whaling

This form of Phishing is where a social engineer will target a CEO or similar role in a business to get financial information or other business information.

  • Spear Phishing

Spear phishing (similar to the Moby Dick story) is where a social engineer will target a specific person or business and try to gain information from them.

Protection: Cisco Email Security is your defense against phishing, business email compromise, and ransomware. Get threat intelligence updates every three to five minutes through Cisco Talos for the most up-to-date protection.

Cisco Advanced Malware Protection protects against stealthy malware in attachments, and industry-leading URL intelligence combats malicious links. Cisco Email Security also enhances Office 365 email security.

Protecting outgoing email is important too. Cisco Email Security has robust data loss prevention and content encryption capabilities to safeguard sensitive information. This helps you comply with government and industry regulations.

2) Ransomware

Ransomware is malicious software (malware) used in a cyberattack to encrypt a victim’s data with an encryption key that is known only to the attacker. The data becomes unusable until the victim pays a ransom to decrypt the data (usually in cryptocurrency).

Protectionn: Cisco Umbrella

Cisco Umbrella can proactively block requests to malicious destinations before a connection is even established or a malicious file downloaded, which makes it a great first line of defense against ransomware.

3) Malware

Malware is a type of software designed to gain unauthorized access or to cause damage to a computer. Examples of malware include the following:

  • Worm

A worm is computer code that spreads without user interaction. Most worms begin as email attachments that infect a computer when they're opened. 

The worm scans the infected computer for files, such as address books or temporary webpages, that contain email addresses. The worm uses the addresses to send infected email messages, and frequently mimics (or spoofs) the “From” addresses in later email messages so that those infected messages seem to be from someone you know.

  • Trojan Horse

A trojan horse is a malicious software program that hides inside other programs. It enters a computer hidden inside a legitimate program, such as a screen saver. Then it puts code into the operating system that enables a hacker to access the infected computer.

Trojan horses do not usually spread by themselves. They are spread by viruses, worms, or downloaded software.

  • Spyware

Spyware can install on your computer without your knowledge. These programs can change your computer’s configuration or collect advertising data and personal information. Spyware can track Internet search habits and can also redirect your web browser to a different website than you intend to go to.

  • Rogue Security Software

A rogue security software program tries to make you think that your computer is infected by a virus and usually prompts you to download or buy a product that removes the virus. 

The names of these products frequently contain words like Antivirus, Shield, Security, Protection, or Fixer. This makes them sound legitimate. They frequently run right after you download them, or the next time that your computer starts. 

Rogue security software can prevent applications, such as Internet Explorer, from opening. Rogue security software might also display legitimate and important Windows files as infections. Typical error messages or pop-up messages might contain the following phrases:

Warning!
Your computer is infected!
This computer is infected by spyware and adware.

Note If you receive a message in a popup dialog box that resembles this warning, press ALT + F4 on your keyboard to close the dialog box. Do not click anything inside the dialog box.

If a warning, such as the one here, keeps appearing when you try to close the dialog box, it’s a good indication that the message is malicious.

3 Ways To Remove Malware

Removing a computer virus or spyware can be difficult without the help of malicious software removal tools. Some computer viruses and other unwanted software reinstall themselves after the viruses and spyware are detected and removed.

Fortunately, by updating the computer and by using malicious software removal tools, you can help permanently remove unwanted software

1) Power off the phone and reboot in safe mode

Press the power button to access the Power Off options. Most Android phones come with the option to restart in Safe Mode. Here’s how, according to Google, although Safe Mode can vary by phone: Press your phone's power button. When the animation starts, press and hold your phone's volume down button. Hold it until the animation ends and your phone restarts. You'll see “Safe mode” at the bottom of your screen.

2) Uninstall the suspicious app

Find the app in Settings and uninstall or force close it. This may not completely remove the malware, but it could prevent further damage to your device, or from it transmitting the malware to other devices on your network.

3) Install a robust mobile security app on your phone.

Tips on How to Prevent Malware From Infecting Your Computer and Your Livelihood

There are also some initial steps to prevent malware infection, including:

1) Protect vulnerabilities

One of the most ingenious delivery methods for malware today is by exploit kit. Exploit kits are sneaky little suckers that rummage around in your computer and look for weaknesses in the system, whether that’s an unprotected operating system, a software program that hasn’t been updated in months, or a browser whose security protocols aren’t up to snuff (we’re looking at you, Internet Explorer).

  • Update your operating system, browsers, and plugins. 
  • Enable click-to-play plugins
  • Remove software you don't use (especially legacy programs) such as Adobe Reader

2) Watch out for social engineering

Another top method for infection is to scam users through social engineering. Whether that’s an email that looks like it’s coming from your bank, a tech support scam, or a fishy social media campaign, cybercriminals have gotten rather deft at tricking even tech-savvy surfers. By being aware of the following top tactics, you can fend off uninvited malware guests:

  • Install Anti-Virus/Malware Software.
  • Keep your antivirus software up to date
  • Run regularly scheduled scans with your antivirus software
  • Keep your operating system current
  • Secure your network
  • Think before you click
  • Keep your personal information safe
  • Dont use open wifi
  • Back up your files

Cyber Security Challenges

1) Attacks via Compromised IoT devices

Three most common security problems that the IoT world will face are:

Botnet – Cybercriminals no longer need to develop difficult malware solutions since they can easily purchase a ready-to-use botnet kit from the dark web instead.

DDoS Attacks – Compromised IoT devices may be used for performing massive DDoS attacks. Cybercriminalstry to exploit poor security setting in both, home and workplace IoT devices, making them generate enormous amounts of traffic.

Ransomware Attacks – Even though most IoT devices don’t store valuable data, cybercriminals may choose some critical systems, such as power grids, factory lines, or smart cars as their target to make the victim pay.

2) Cloud Security Issues

In contrast to IoT devices, cloud platforms store large amounts of sensitive and valuable data. While cloud providers put a lot of effort into ensuring the security of their services, there are still too many security issues you can’t ignore.

A few issues that need special attention include:

  • Cloud Misconfigurations
  • Spectre and Meltdown Vulnerabilities

Some attackers try to exploit Spectre and Meltdown vulnerabilities and focus their attacks on the CPUs used by cloud providers. The best way you can handle this situation is by keeping your hardware updated 

  • Insecure APIs

In many cloud systems, APIs (Application Programming Interfaces) are the only facets outside the trusted organizational boundary with a public IP address. Thus, insecure APIs may give an attacker considerable access to cloud applications and put the entire system at risk.

  • Data Loss

One risk that should never be ignored is losing the company’s data due to some non-malicious causes, such as a natural disaster or human error. The only way to mitigate such risks is by creating lots of backups of valuable information and storing them at physical sites located in different parts of the globe.

3) Attacks Based On Machine Learning And AI

Artificial Intelligence (AI) and Machine Learning (ML) software can “learn” from the consequences of past events to reach the set goal. While many cybersecurity professionals use AI/ML tools for preventing cyber attacks, there is a chance that hackers will also use these innovative solutions for performing more sophisticated attacks.

AI and ML may be used for performing different types of attacks – from sending vast amounts of spam/fraud/phishing messages via chatbots to AI-powered password guessing to performing cryptographic attacks.

4) Attacks Against Cryptocurrencies And Blockchain Systems

Many companies adopting cryptocurrency technology don’t implement appropriate security controls. As a result, they will only continue to experience financial losses, predicts Bill Weber, principal security strategist at eSentire.

When working with cryptocurrencies and blockchain systems, there are three main types of attacks you need to be prepared to deal with:

  • Eclipse Atack

A network-level attack on a blockchain system, where an attacker gains full control over all the connections going to and from the victim’s node. This type of attack may be used for hiding information about the usage of cryptocurrencies within the network and performing double-spend attacks.

  • Sybil Attack

An attack where one node in the network acquires several identities

  • DDoS Attack

While many popular cryptocurrencies, such as Bitcoin have built-in protection against DDoS attacks; the risk is still very high for all the unprotected cryptocurrencies.

5) Sandbox-evading Malware

As sandboxing becomes more and more popular as a malware detection and prevention method, cybercriminals will come up with new ways to evade this technology. For instance, there are new strains of malware that can recognize if they are inside a sandbox. These malware infections do not execute their malicious code until they are outside of the sandbox.

There are two main techniques that attackers use for evading sandbox solutions:

  • Core Count

Malware tries to spot sandboxes using discrepancies in hardware, such as the number of CPU cores. This is why many sandbox vendors hide their actual configuration, trying to make such discoveries more difficult for the attackers.

  • Lack Of User Input

Malware can analyze the level of user input for detecting a sandbox. In contrast to a sandbox, different types of user activity, such as mouse or keyboard activity frequently occur in a real machine.

6) Fileless Malware

Another significant problem is the increasing popularity of non-malware attacks. Many organizations still lack in preparation for this type of cyber threats, which only encourages the attackers to use fileless malware even more. The more common memory-only non-malware attacks exploit Windows vulnerabilities and execute their payload in the memory. Such infection can be deleted by rebooting the system.

However, there are more complex types of non-malware attacks. Some attacks can use the existing Windows tools for malicious purposes, while the others can continue to run their malicious code even after the system reboot. Two main reasons why fileless malware is harder to detect are:

  • They have fewer Indicators of Compromise (IoC) than the traditional malware.
  • They can use their victim’s tools, pretending to be a legitimate process within the system.
     

As a result, traditional anti-malware software cannot detect non-malware threats effectively, and new solutions are called up.

Share this article

shares