Glossary_Sidebar_Cyber Sec - AinsleyPlayer/Journal Wiki

APT1- Advanced Persistent Threat https://www.mandiant.com/resources/apt1-exposing-one-of-chinas-cyber-espionage-units

DDoS- distributed denial of service; shutting down websites/ blocking your access

Stuxnet- Stuxnet, as it came to be known, was unlike any other virus or worm that came before. Rather than simply hijacking targeted computers or stealing information from them, it escaped the digital realm to wreak physical destruction on equipment the computers controlled. https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/

Fraud Popup- Basically one giant button, click anywhere and you download malware; Scareware; Grey area; malicious that was selling you software but was just a huge scam/money maker for scammers (2009-11)

CryptoLocker- Did actually work and was reason for alarm; incentive for attackers to actually decrypt your files and take advantage of the fear and concern for this; they would give you the key because they wanted more people to do it; credit cards were used, so they had to open a merchant account and therefor were easy to find (2013)

Wana Cry Decrypt0r 2.0- Used bitcoin so banks couldn't trace it, and no one knew who held they wallet/was getting the money(2017)

Petya- Got people to download Tor{dark web} to pay in bitcoin; could have been close to 30k; had their own support; they are running as a proper company; gave step by step instructions for Tor/Bitcoin; they really try to get you to pay and believe the threat is real(2019)

****A lot of companies are paying the ransom because of the content of the information that is on the line

Cyber Attack Motives + Cyber-Crime +Intellectual Property +Espionage (Personal, State, Corporate) +Terrorism +"Hacktivism" Hacking as a weapon for activism ;Example would be hacking a company that tests on animals +Messing around; doing it for shits and gigs

Economic Impact- Huge

C.I.A- +Confidentially(Only those who should have access to data do) +Integrity(Ensures the data has not been changed) +Availability(Data is accessible when needed)

Hacktivism- +Denial of Service +Defacement +Information disclosure

6 Cybersecurity "Concepts"- +Keep it simple +Defense in depth +Think like an adversary +Integrity +Availability

Logic Bomb - a type of malware that stays low until the timer runs out, then sets off the attack, making it a lot harder to identify and to trace back to the attackers.

** Threat Defined** - A threat is anything that can exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset. +Any circumstance or event with the potential to adversely impact: +Organizational operations (including mission, functions, image, or reputation) +Organizational assets +Individuals +Other organizations +The Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. (NIST) Not all threats have malicious intent, such as end users that accidentally click on a phishing link.

Threats can be- Natural events such as floods, wildfires, hurricanes, earthquakes. Environmental events such as climate change, global pandemic, power outage/brownouts. Unintentional events, human error (misconfiguration, lack of awareness, complacency) – non-malicious threats. Intentional acts by an adversary.

Threats +Intentional +Unintentional +Acts of Nature +Environmental

Attacks Defined- Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself (NIST). An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity, availability, or confidentiality (NIST)

Attackers can be - A curious teenager, a disgruntled worker, hacktivists, sophisticated criminal organizations, terrorists, a nation-state or affiliated group. Motivated by theft, disclosure, disruption, destruction and/or subversion. Inside or outside of an organization.

Attacks +Theft +Disclosure +Disruption +Destruction and/or +Subversion

Vulnerability Defined - Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. (NIST) A vulnerability is exploited (used).

Vulnerabilities can be - Human (errors due to lack of awareness, carelessness). Physical (unlocked doors, shoulder surfing, dumpster diving, lost or stolen hardware). Network (mobile use). Hardware (evil hardware, design flaws). Software (lack of secure coding practices). A combination of these into a system might create vulnerabilities that the individual components do not have on their own.

Vulnerability + A threat requires a vulnerability, +Weakness or Flaw

Software Vulnerability- A security flaw, glitch, or weakness found in software that can be exploited by an attacker.

Importance of securing software- Some examples where insecure software could lead to loss of CIA +Do you want private information (your grades) to be viewed or stolen? (Loss of confidential data) +What if you couldn’t access a timed online exam? (Loss of Availability) +What if someone changed your homework scores – decreasing them all by 1-5 points? (Loss of data integrity)

Cyber Threat- A cyber threat is an attempt to damage or disrupt a computer network or system. +Cyber threats can become a reality if there are vulnerabilities present within +A network +Hardware, or +Software which allow an attacker to reduce a system's information assurance

Intentional Threat Sources and Motivations- National Governments (State actors or APTs) – disruption, destruction +Terrorists – theft, destruction, disruption +Industrial Spies and Organized Crime Groups – theft and fraud for monetary gain +Hacktivists – motivated by ideology to disrupt, disclose to gain attention +Hackers – disruption, disclosure +Bot-net operators – take control of systems to disrupt +Phishers and Spammers – identity theft, theft of information for monetary gain +Insiders – can use unrestricted access for theft, disruption, or destruction

Threat Modeling-Works to identify, communicate, and understand threats and mitigations within the context of protecting something of value. Most of the time, a threat model includes: +A description / design / model of what you’re worried about +A list of assumptions that can be checked or challenged in the future as the threat landscape changes +A list of potential threats to the system +A list of actions to be taken for each threat +A way of validating the model and threats, and verification of success of actions taken

Risk- How likely is something to happen, and what the damage could occur if it happened +Risk = Likelihood x Consequences +Risks can target organizational operations such as the mission, function, image, or reputation, as well as risk to data, hardware and software.

https://www.youtube.com/watch?v=hzC6BONJgsQ

OSINT- Open Source Intelligence + Our personal information is stored in public databases, on social medias, and plenty of other places across the internet + Open source places can store information on the public and cause harm to a person or organization (OSINT) + mainly starts at the OSINT website

image

SHA-2(or SHA-256) https://en.wikipedia.org/wiki/SHA-2 https://md5calc.com/hash

Hashing - Can allow you to decrypt a password, keeps information as it is - secures original data/info and keeps it safe and untampered

Rainbow Table Attack - A rainbow table attack is a password cracking method that uses a special table (a “rainbow table”) to crack the password hashes in a database. Applications don’t store passwords in plaintext, but instead encrypt passwords using hashes. After the user enters their password to login, it is converted to hashes, and the result is compared with the stored hashes on the server to look for a match. If they match, the user is authenticated and able to login to the application.

Can two passwords have the same hash? +Yes, called a Hash Collision +Passwords with the same hash - compromise of integrity +Hash collision attacks: find a password that will result in the same hash from a reported breach and try to use that password to login

Can you guess a password by just looking at a hash? +No. Hashes are designed to prevent guessing. Hashing algorithms are a one-way process. +Adversaries may check a hash in a pre-computed list, also known as a rainbow table. https://youtu.be/cczlpiiu42M

DNS- +Hierarchical distributed naming system for any resource connected to an IP network +Translates easy to remember host names to IP address +eg: my.champlain.edu is 216.93.150.217

image

image

Wireshark - +Popular tool for “capturing” network traffic +Also called “sniffing” +Captures all traffic to and from local host +Will parse packet “headers” and display the info in an organized way +Can filter results to show specific sessions, protocols, hosts etc.