CyberSecurity

Introduction
 What is Cybersecurity?
● Cybersecurity is the way to prevent servers, devices, electronic
systems, and networks from digital attacks, and damage. It is
essential for the integrity of data and systems in every field where
data is present. Various forms of cybersecurity threats includes
virus, worms, malware, ransomware, phishing attacks, and hacking.

● Organizations and Individuals uses modern technologies to protect

the systems and data from the upcoming threats and damage. This
includes measures such as firewalls, antivirus software, encryption,
strong passwords, and user authentication.
 Importance of Cybersecurity

Cybersecurity is important because it focuses on protecting and

securing all categories of data from theft, damage, and unauthorized
access. The increasing dependence on technology and the internet have
made digital assets and information more vulnerable to cyber threats.
When large amounts of sensitive information and valuable assets are
stored and transmitted online, they become high-value targets for
cybercriminals.
Examples of the most commonly targeted informations

● Personal information, including names, addresses, and emails

● Biometric Data
● Social Security Numbers
● Banking & Payment Information
● Healthcare data and patient records
● Student loan Informations
● Confidential Government communications
● Employee or Customer details
● Intellectual Property
● Insurance policy informations

And So on…
● Without a proper cybersecurity program, organizations cannot defend themselves from
targeted attacks, and the cost of a cyber attack can be extremely detrimental to the
organization itself. As the world continues to move towards global connectivity and widespread
use of cloud-based services, the level of cyber risk increases along with it.

● More importantly, cyber attack methods are quickly growing in sophistication, which means the
attack scope of cybercriminals also drastically increases. Even governments and large
corporations are no longer safe and require a thorough review of existing policies to stay
ahead of potential hackers.

● Unfortunately, as a relatively new field, many businesses and organizations have yet to
recognize the importance of cybersecurity until after they have experienced a security breach.
Our goal is to help unsuspecting businesses and individuals learn more about cybersecurity so
that they can begin to secure their most valuable digital assets and systems.
 Darker Side of CyberSecurity

https://www.youtube.com/watch?v=mMMKJg4eX-8&pp=ygUXZGF0YSBzZWN1cml0eSBhbmltYXRpb24%3D
 What is Cybersecurity Risk?

Cybersecurity risk is the probability that critical data or information will

become compromised, exposed, or stolen due to a cyber attack. The risk itself is
measured by the potential impact or damage that the loss of data can cause,
including financial, reputational, and operational loss. Cybersecurity programs and
risk management strategies are focused on mitigating cyber risks at all levels of
the organization.
 Types of Cybersecurity Risks
● Cyber threats
Any potential method of cyber attack that can lead to the theft,
unauthorized access, damage, or disruption of a digital asset, network, or device.

● Vulnerabilities
A vulnerability is any weakness or flaw within a system that
cybercriminals can exploit to steal data or gain unauthorized access.
● Understanding your organization’s complete cyber risk profile (attack surface + third-party risk)
is critical to securing and protecting systems and networks against imminent threats.
Organizations can conduct risk assessments using external auditors to determine their cyber
resiliency and establish new procedures, such as incident response or business continuity
plans, and begin building up their cybersecurity posture. Over time, it’s up to the organization
to continue improving its cyber maturity and stay protected against evolving threats.

● Cyber risks exist in every industry as long as there are digital assets and technology involved.
Because technology is used in every facet of business and government, regardless of size or
type, cyber protections, and policies must be implemented to reduce the inherent risks
involved.
 Examples of the common Cybersecurity risks
● Human Error
● Poor or Lack of cybersecurity education
● Insider Threats
● Third party or Supply chain risks
● Lack of Regulatory compliance measures
● Software misconfigurations
● Improperly stored data
● Malware and Ransomware attacks
● Social Engineering or Phishing Attacks
● Physical device theft
● Ddos attacks and Brute-force password hacking
 Most common types of Cyber Threats
● A cyber threat is any potential form of cyber attack that threatens to gain unauthorized
access, disrupt business operations, or steal sensitive data. Cyber threats can originate from
any party with malicious intent, including foreign governments, terrorist groups, corporate
spies, disgruntled employees, independent hackers, criminal organizations, or cyber thieves.

● The current cyber threat landscape continues to evolve as attacks become more
sophisticated and complex, so it’s important for organizations to quickly identify their biggest
threats and close their security gaps by patching vulnerabilities and remediating risks. If a
threat actor successfully carries out a cyber attack, it could mean millions of dollars in
financial damages, data recovery costs, legal costs, and reputational repair.
Some of the biggest threats in today’s cyber Landscape

Phishing
Phishing attacks are one of the most common forms of cyber attacks that aim
to trick users into giving up sensitive information by posing as a trusted party.
It is a type of social engineering attack that is typically carried out through
emails, texts, voice calls, or social media messaging platforms using a variety
of malicious methods such as spoofing, identity theft, typosquatting, or spam.
https://www.youtube.com/watch?
v=sS3mZVCARZg&pp=ygUgY3J5cHRvZ3JhcGh5IGFuaW1hdGlvbiBpbmNpZGVudHM%3D
Malware
Malware attacks are another common type of cyber attack that uses malicious
software such as viruses, spyware, rootkits, Trojans, bots, or botnets to
compromise systems, networks, or computers and steal valuable data. Most
malware attacks are used to launch other types of cyber attacks once systems
and networks have been compromised.
Ransomware
Ransomware attacks are a type of malware attack that has been increasingly
deployed in recent years. Most attacks involve tricking an unsuspecting user
to open an infected email attachment or click on a malicious link leading to a
compromised website. Once the user or organization has been compromised,
malware is installed

on the systems, rendering it useless and inaccessible until a ransom payment

is made.

https://www.youtube.com/watch?
Code Injection Attacks
Code injection attacks are highly effective cyber attacks, in which a hacker
injects malicious code into a website, application, or database to steal critical
data. Common forms of code injection attacks include SQL injection, cross-
site scripting (XSS), and command injection. Code injection attacks allow
hackers to bypass security controls and gain unauthorized access to systems
and networks.
Distributed Denial of Services (Ddos) Attacks
DDoS attacks are designed to overload a website or server with
disproportionate amounts of fake traffic, causing the website to crash and
preventing it from loading correctly. DDoS attacks are often carried out using a
network of compromised computers (botnet) for the purpose of sabotage or
extortion.
Third Party Vendor Attacks
Third-party attacks usually occur when a threat actor attacks a third-party
service or vendor with the aim to compromise one or more of its business
partners. Many third parties have fewer security requirements or poor cyber
protections, which allows hackers to gain access and have an easier time
hacking other businesses.
Insider Threats
There are two types of insider threats: Intentional and Unintentional.

Intentional insider attacks are from disgruntled employees aiming to

purposefully expose or misuse sensitive information as a form of retaliation.

Unintentional insider threats are due to poor employee training and a lack of
cybersecurity awareness, which can lead to accidental data exposure or leak.
Supply Chain Attacks
Supply chain attacks are cyber attacks that look for unsecured networks,
unprotected IT infrastructures, and poor coding practices to hack into and
change the source codes. Hackers can hide malware and malicious code
within legitimate software to infect all users and vendors within the supply
chain. Successful supply chain attacks can potentially infect millions of people,
highlighting the dangers of open-source software (OSS).
DNS Tunneling
In DNS tunneling, hackers use DNS (domain name systems) queries to
transmit malicious data through a compromised domain and server completely
undetected. Because DNS is typically a trusted protocol, DNS queries can
usually bypass traditional security controls, such as firewalls or IDS (intrusion
detection systems), which do not monitor DNS traffic.
Brute-force Attacks
Brute-force attacks use a trial and error system to correctly guess user
credentials. Cybercriminals can use password-cracking software to guess
login information, which typically has a high success rate because many users
choose weak and easily guessable passwords.

https://www.youtube.com/watch?
v=SaAwW-6wV_Q
IoT Attacks
Attacks on IoT (internet of things) devices are increasingly popular because
many IoT devices are unsecured, unencrypted, and often not updated.
Although these devices do not connect to the internet directly, they are
typically connected to the networks through Wi-Fi, which opens up a potential
entry point for hackers to access.
Botnet Attacks
Botnet attacks use a network of compromised computers to carry out
malicious attacks, such as DDoS, spam, phishing, or malware attacks.
Botnets are typically controlled by a single individual or group of attackers to
carry out large-scale cyber attacks.
Man-in-the-Middle Attacks
MITM attacks are a type of cyber attack where the hacker intercepts and
alters communication between two parties without their knowledge. The user
assumes communication with the application or website is safe, which allows
the hacker to steal sensitive information or impersonate a party.
https://www.youtube.com/watch?v=KAWTASF4DfQ&pp=ygUgbWl0bSBhdHRhY2sgcHJldmVudGlvbiBhbmltYX
Rpb24%3D
Backdoor Attacks
A backdoor attack exploits an opening in an operating system, application or
computer system that is not protected by an organization's cybersecurity
measures. Sometimes, the backdoor is created by the software developer or
hardware manufacturer to enable upgrades, bug fixes or (ironically) security
patches; other times, threat actors create backdoors of their own using
malware or by hacking the system. Backdoors allow threat actors to enter and
exit computer systems undetected.
 Awareness Video
Link

https://www.youtube.com/watch?v=HbXRtU-
HEC8
Zero-Day Vulnerabilities
Zero-day vulnerabilities or zero-day exploits are unpatched security
vulnerabilities that were previously unknown to the software developers.
Hackers that learn of the zero-day can target and exploit organizations using
that software before the developers release a patch or fix.
Best Practices for Effective Cybersecurity Programs

In order to maintain an effective cybersecurity program, here are the top

core skills and best practices to implement to minimize the risk of cyber threats
and practice good cyber hygiene:

● Create Incident Response plans for every cyber threat

● Upgrade outdated hardware and technology
● Keep all software,hardware and applications up to date
● Report all suspicious activities
● Avoid opening suspicious emails and attachments
● Avoid non-HTTPS websites
● Never leave physical devices unattended
● Avoid connecting to public unsecured Wi-Fi networks
● Create unique, strong passwords
● Implement two-factor (2FA) or Multi-Factor Authentication (MFA)
● Conduct regular business risk assessments
● Provide cybersecurity training and education
● Conduct regular security audits
● Maintain regular data backups
● Implement network segmentation
● Use role based access control or privileged access management
● Implement data encryption process
● Use VPNs (Virtual Private Network) whenever possible
● Install basic network and device security software
● Perform regular security tests
● Hire a cybersecurity analyst or expert or a leader
● Utilize third-party risk management tools and services
● Utilize attack surface management tools and services

And this goes on..

Some of the Real-Time Cyber
attacks
 The Melissa Virus
One of the earliest cyberattacks to highlight the importance of digital security in the tech-driven
world was caused by the Melissa Virus. In 1999, a programmer called David Lee Smith hacked an
AOL account and used it to publish a file on the internet. The file promised access to dozens of
free passwords to fee-based adult websites. When users downloaded the document, it set a virus
free on their computers.

The virus resulted in significant damage to a huge range of users and companies, including
Microsoft. While cyber security managed to contain the spread of the virus within a relatively short
space of time, it took a while to remove the infections entirely. The collective damage of the attack
was estimated to equal around $80 million, making the attack one of the biggest and most
notable cyber attacks of all time.
 MOVEit
In May 2023, Progress Software disclosed a zero-day vulnerability in its MOVEit Transfer file
transfer software that allowed attackers to gain access to MOVEit servers and steal customer
data. In the months that followed, the vulnerability was exploited by several hacker groups,
including the notorious Cl0p ransomware gang. The Clop gang targeted a wide range of
organizations, including multiple government agencies, healthcare providers and businesses
including British Airways, Boots and the BBC.

By September, the MOVEit cyber attack had affected over 2000 organisations and exposed the
data of 60 million people – and this number keeps growing. The breach is considered to be one of
the largest and most damaging cyber attacks in history, not only due to the number of
individuals impacted but also its financial damages and long-lasting impact.
 The NASA Cyber Attack
Another major cyber security event to take place in 1999, the NASA cyber attack involved the
breach and subsequent shutdown of NASA’s crucial computers for around 21 days. Around 1.7
million pieces of software were also downloaded during the attack, which cost the space company
around $41,000 (Approx. 34,00,000 INR) on repairs. What made this attack so famous wasn’t the
expense associated with the crime, but the criminal responsible for the action.

Soon after the attack took place, a fifteen-year-old computer hacker pleaded guilty to the issue
and was sentenced to six months in jail. As part of his sentence, the boy was required to write
letters of apology to both the NASA administrators and the secretary of defence.
 Estonia Cyber Attack
During 2007, Estonia became the host of the first cyber attack launched on an entire company.
During this time, around 58 Estonian websites were taken offline, which included the websites of
government official groups, media outlets, and banks. The issue was caused by a DDOS attack
which overloaded Estonian servers, and used “zombie” computers to amplify the effects.

According to some studies into the major digital event, the attack followed a political argument in
retaliation to the relocation of a specific group into the outskirts of the city. The event is said to
have resulted in around $1 million in costs.
 The PlayStation network attack
Sony is one of the better-known companies in the digital landscape, but its no stranger to cyber
threats. The 2011 PlayStation Outage, sometimes referred to as the PSN Hack, was the result of
an external intrusion into the PlayStation Network, in which personal user details from
approximately 77 million accounts were compromised. A huge number of accounts and consoles
were also prevented from further accessing the network.

In May 2011, Sony admitted the personally identifiable information from all of the accounts had
been exposed. What’s more, the outage caused by the event lasted for a total of 23 days. At the
time, it was one of the largest cyber attacks of all time and the longest PlayStation outage in
history. The event led to around $1781 million in costs for Sony and caused multiple lawsuits.
 Adobe Cyber Attack
In 2013, Adobe, one of the world’s leading software developers, confirmed a cyber attack had
compromised around 38 million accounts among active users. Originally, the firm had believed
around 2.9 million accounts had been affected. Adobe further announced the hackers had stolen
parts of the source code of Photoshop, its picture-editing technology.

Following news about the attack, a spokeswoman for Adobe revealed the initial statement made
by the brand did not reveal the full scale of the problem. Adobe was fined over $1 million in a
multi-state suite over the breach. What’s more, the reputation of the company was significantly
damaged.
 The Yahoo Attack
In 2014, Yahoo became the victim of one of the biggest data breaches in history. Approximately
500 million accounts were hacked by a state-sponsored actor. The theft was the biggest known
cyber breach recorded at the time, and criminals were said to have stolen everything from names
and email addresses to telephone numbers, passwords, and date of birth details.

Although the attack officially took place in 2004, Yahoo only discovered the incursion after later
reports were filed relating to a secondary breach. All the reports issued turned out to be false, but
the investigation revealed significant details about the 2014 attack.
 Ukraine Power Grid Attack
Another major cyber event which ended up affecting an entire country, the Ukraine Power Grid
attack took place in 2015. The event resulted in power outages for around 2,30,000 customers
across the Ukraine for between 1 and 65 hours. The issue was attributed to an advanced
persistent threat group known as “Sandworm”, and became the first publicly-acknowledge attack
on a power grid.

The attack is considered one of the most significant threats implemented by a cyber criminal to an
entire community or country of people. At the same time as this attack, consumers of two other
energy distribution companies were also being affected by cyber issues on a smaller scale.
 WannaCry Ransomware Attack
One of the most well-known cyber attacks involving ransomware, the WannaCry Ransomware
attack was a global event which took place in 2017. Implemented by the WannaCry Ransomware
crypto worm, this attack targeted various computers running the Microsoft Windows operating
system. Users had their data encrypted, and criminals demanded Bitcoin in payment.

The event is estimated to have affected more than 2,00,000 computers in 150 countries. The total
damages of the attack ranged anywhere from hundreds of millions to potentially billions of dollars.

A new version of the WannaCry ransomware called WannaCry 2.0 attack also appeared again in
2018.
 Marriot Hotel Data Breach
The Marriot hotel group revealed in 2018 that it had been hit by a massive database breach
revealing the personally identifiable information of around 500 million guests. The issue was
apparently lurking in the background of the company’s technology for several years and didn’t
come to light until 2018. Only two years later, another data breach exposed the data of 5.2 million
guests.

The Marriott hotel chain has also been a victim of other attacks since. In 2022, the chain
confirmed it had been hit by another data issue in which hackers stole around 20GB of data,
which included customer payment information and business documents held by the brand.
 Threat Actors
Threat actors, also known as cyber threat actors or malicious actors, are individuals or groups that
intentionally cause harm to digital devices or systems. Threat actors exploit vulnerabilities in
computer systems, networks and software to perpetuate various cyberattacks, including phishing,
ransomware and malware attacks.

Today, there are many types of threat actors, all with varying attributes, motivations, skill levels
and tactics. Some of the most common types of threat actors include hacktivists, nation-state
actors, cybercriminals, thrill seekers, insider threat actors and cyberterrorists.

As the frequency and severity of cybercrimes continue to grow, understanding these different
types of threat actors is increasingly critical for improving individual and organizational
cybersecurity.
 Types of Threat Actors
Threat actors, also known as cyber threat actors or malicious actors, are individuals or groups that
intentionally cause harm to digital devices or systems. Threat actors exploit vulnerabilities in
computer systems, networks and software to perpetuate various cyberattacks, including phishing,
ransomware and malware attacks.

Today, there are many types of threat actors, all with varying attributes, motivations, skill levels
and tactics. Some of the most common types of threat actors include hacktivists, nation-state
actors, cybercriminals, thrill seekers, insider threat actors and cyberterrorists.

As the frequency and severity of cybercrimes continue to grow, understanding these different
types of threat actors is increasingly critical for improving individual and organizational
cybersecurity.
 Cyber Criminals

These individuals or groups commit cyber crimes mostly for financial gain.
Common crimes that are committed by cybercriminals include ransomware attacks
and phishing scams that trick people into making money transfers or divulging
credit card information, login credentials, intellectual property or other private or
sensitive information.
 Nation-State Actors

Nation states and governments frequently fund threat actors with the goal of
stealing sensitive data, gathering confidential information or disrupting another
government’s critical infrastructure. These malicious activities often include
espionage or cyberwarfare and tend to be highly funded, making the threats
complex and challenging to detect.
 Hacktivist

These threat actors use hacking techniques to promote political or social

agendas, such as spreading free speech or uncovering human rights violations.
Hacktivists believe that they are affecting positive social change and feel justified
in targeting individuals, organizations or government agencies to expose secrets
or other sensitive information. A well-known example of a hacktivist group is
Anonymous, an international hacking collective that claims to advocate for
freedom of speech on the internet.
 Script Kiddies or Thrill Seekers
Thrill seekers are just what they sound like: they attack computer and
information systems primarily for fun. Some want to see how much sensitive
information or data they can steal; others want to use hacking to better understand
how networks and computer systems work. One class of thrill seekers, called
script kiddies, lack advanced technical skills, but use pre-existing tools and
techniques to attack vulnerable systems, primarily for amusement or personal
satisfaction. Though they don't always seek to cause harm, thrill seekers can still
cause unintended damage by interfering with a network's cybersecurity and
opening the door to future cyberattacks.
 Insider Threats

Unlike most other actor types, insider threat actors do not always have
malicious intent. Some hurt their companies through human error, such as by
unwittingly installing malware or losing a company-issued device that a
cybercriminal finds and uses to access the network. But malicious insiders do
exist. For example, the disgruntled employee who abuses access privileges to
steal data for monetary gain or inflicts damage to data or applications in retaliation
for being passed over for promotion.
 Cyber Terrorists

Cyberterrorists start politically or ideologically motivated cyberattacks that

threaten or result in violence. Some cyberterrorists are nation-state actors; others
are actors on their own or on behalf of a nongovernment group.