CHAPTER 2 INFORMATION SECURITY

SECURITY THREATS ELECTRONIC CRIMES COMP 2410

OUTLINE
➢ Security Threats
➢Mitigating Threats
➢Types of Hackers
➢Threat Actors
➢Threat Intelligence and Sources
➢Threat Hunting
 Security Threats
❑ Malware : Short-hand term for malicious software

❑ Unauthorized Access : Occurs when access to computer resources and

data occurs without the consent of the owner

❑ System Failure :Occurs when a computer crashes or an individual

application fails

❑ Social Engineering : Act of manipulating users into revealing

confidential information or performing other detrimental actions
 Mitigating Threats
o Physical Controls
Alarm systems, locks, surveillance cameras, identification cards, and security guards .

o Technical Controls
Smart cards, encryption, access control lists (ACLs), intrusion
detection systems (IDS), and network authentication

o Administrative Controls
Policies, procedures, security awareness training, contingency
planning, and disaster recovery plans .
User training is the most cost-effective security control to use
 Types of Hackers
❑ White Hats : Non-malicious hackers who attempt to break into a company’s systems at
their request

❑ Black Hats : Malicious hackers who break into computer systems and networks without
authorization or permission

❑ Gray Hats :Hackers without any affiliation to a company who attempt to break into a
company’s network for the purpose of challenge or vulnerability discovery, but risk the
law by doing so.

❑ Blue Hats : Hackers who attempt to hack into a network with permission of the company
but are not employed by the company .

❑ Elite :Hackers who find and exploit vulnerabilities before anyone else does , 1 in 10,000
are elite
 Threat Actors
❑ Script Kiddies :Hackers with little to no skill who only use the tools and exploits written
by others .

❑ Hacktivists :Hackers who are driven by a cause like social change, political agendas, or
terrorism .

❑ Organized Crime : Hackers who are part of a crime group that is well-funded and highly
sophisticated .

❑ Advanced Persistent Threats : Highly trained and funded groups of hackers (often by
nation states) with covert and open-source intelligence at their disposal .
Threat Actors
 Threat Intelligence and Sources
• Open-Source
▪ Data that is available to use without subscription, which may include threat
feeds similar to the commercial providers and may contain reputation lists and
malware signature databases .

• Open-Source Intelligence (OSINT)

▪ Methods of obtaining information about a person or organization through
public records, websites, and social media .
 Threat Hunting
❑ A cyber security technique designed to detect presence of threat that have not been
discovered by a normal security monitoring Threat Hunting is potentially less
disruptive that penetration testing

❑ Establishing a hypothesis, a hypothesis is derived from the threat modelling and is

based on potential events with higher likelihood and higher impact.

❑ Profiling Threat Actors and Activities Involves the creation of scenario that show how
a prospective attacker might attempt an intrusion and what their objectives might be
 Threat Hunting
❑ Threat hunting relies on the usage of the tools developed for regular security
monitoring and incident response
➢ Analyze network traffic
➢ Analyze the executable process list
➢ Analyze other infected host
➢ Identify how the malicious process was executed

❑ Threat hunting consumes a lot of resources and time to conduct, but can yield a lot of
benefits
➢ improve detection capabilities
➢ integrate intelligence
➢ reduces attack surface
➢ Block attack vectors
➢ identify critical assets
Chapter 3 Malware
INFORMATION SECURITY
COMP 2410
Outline

Malware

Viruses

Worms

Trojan horses

Ransomware

Spyware

Rootkits

Spam

Keylogger
Malware & Viruses

Malware

Software designed to infiltrate a computer system and

possibly damage it without the user's knowledge or consent

Viruses
Malicious code that runs on a machine without the user's
knowledge and infects the computer when executed

Viruses require a user action in order to reproduce and

spread

Boot sector

Macro

Program

Multipartite

Encrypted

Polymorphic
Worms & Trojans

Worms Trojans
Malicious software, like a virus, but is able to replicate itself Trojan Horse: Malicious software that is disguised as a piece
without user interaction of harmless or desirable software

Worms self-replicate and spread without a user's consent or Trojans perform desired functions and malicious functions
action
Remote Access Trojan (RAT): Provides the attacker with
Worms can cause disruption to normal network traffic and remote control of a victim computer and is the most
computing activities commonly used type of Trojan

Example: 2009: 9-15 million computers infected with conficker

Ransomware & Spyware

Ransomware Spyware
Malware that restricts access to a victim's computer system Malware that secretly gathers information about the user
until a ransom is received without their consent

Ransomware uses a vulnerability in your software to gain Captures keystrokes made by the victim and takes
access and then encrypts your files screenshots that are sent to the attacker

Adware: Displays advertisements based upon its spying on you

Example: $17 million: SamSam cost the City of Atlanta
Grayware: Software that isn't benign nor malicious and tends to behave
improperly without serious consequences
Rootkits

Rootkit
Software designed to gain administrative level control over a
system without detection

DLL Injection

Malicious code is inserted into a running process on a Windows machine by

taking advantage of Dynamic Link Libraries that are loaded at runtime

Driver Manipulation

An attack that relies on compromising the kernel-mode device drivers that

operate at a privileged or system level

Rootkits are activated before booting the operating system

and are difficult to detect
Spam & Keyloggers

Spam Keyloggers
Activity that abuses electronic messaging systems, most Keyloggers are programs that capture keystrokes from
commonly through email keyboards, although keylogger applications may also capture
other input like:
Spammers often exploit a company's open mail relays to send their
messages Mouse movement

Touchscreen inputs

Credit card swipes from attached devices

Malware Infections

Malware Infection
Threat Vector
Method used by an attacker to access a victim's machine

Attack Vector
Method used by an attacker to gain access to a victim's machine in order to
infect it with malware

Common Delivery Methods

Malware infections usually start within software, messaging,
and media

Watering Holes: Malware is placed on a website that you know your

potential victims will access

Botnet: A collection of compromised computers under the control of a master node

Botnets can be utilized in other processor intensive functions and

activities
Malware Infections

Phishing Examples: Real vs. Fake URLs

[Link] [Link] [Link]

[Link] [Link] [Link]

Missing letter 't' Extra letter 's' Missing letter 'e'

Important: Always verify the URL in your browser's address bar before entering sensitive information or downloading
files. Look for subtle misspellings, extra letters, or unusual domain extensions.
 CHAPTER 1 INFORMATION SECURITY
INTRODUCTION TO COMPUTER SECURITY COMP 2410
OUTLINE
➢ Computer Security
➢ Understanding Core Security Principles
➢ How to Ensure Confidentiality
➢ How to Provide Integrity
➢ How to Increase Availability
➢ Computer Security Terminology
➢ Network security
➢ Classification of Security Attacks
Computer Security
Computer Security: The protection afforded to an automated information system in
order to attain the applicable objectives of preserving the integrity, availability, and
confidentiality of information system resources (includes hardware, software,
firmware, information/data, and telecommunications).
This definition introduces three core security principles that are at the heart of
computer security:
 Confidentiality
 Integrity
 Availability
Understanding Core Security Principles
Security is based on several principles,
understanding these basic principles will
help to create a solid foundation in
security.
The basic principles of security are
confidentiality, integrity, and
availability, together they are called the
CIA Triad.
1. Confidentiality
This term covers two related concepts:
1. Data Confidentiality: Assures that private or confidential information is not made
available or disclosed to unauthorized individuals.
2. Privacy : Assures that individuals control or influence what information related to
them may be collected and stored and by whom and to whom that information
may be disclosed.
2. Integrity
This term covers two related concepts:
1. Data integrity: Assures that information has not changed or modification or
destruction.
2. System integrity: Assures that a system performs its intended function in an
unimpaired manner, free from deliberate or inadvertent unauthorized
manipulation of the system.
3. Availability
Availability: means that data and services are available when they are needed and
not denied to authorized users.
A. A loss of confidentiality is the unauthorized disclosure of
information.

B. A loss of integrity is the unauthorized modification or destruction of

information.

C. A loss of availability is the disruption of access to or use of

information or an information system.
How to Ensure Confidentiality
You can ensure confidentiality using several different methods:
1. Encryption: securing data confidentiality by making data unreadable,
along with a key used to encrypt/decrypt the data.
There are two types of encryption:
- Symmetric encryption
- Asymmetric encryption.
Ensure Confidentiality
2. Access Controls: Identification, authentication, and authorization combined provide access
controls and help ensure that only authorized personnel can access data.
• Identification: Users claim an identity with a unique username.
• Authentication: Users prove their identity with authentication, such as with a password.
• Authorization Grant or restrict access to resources.

3. Obfuscation: make something unclear or difficult to understand.

4. Steganography: hiding data within data. For example, you can embed a hidden
message in an image.
How to PROVIDE INTEGRITY
Hashing: hash is simply a number created by executing a hashing algorithm to data,
such as a file or message.
a. If the data never changes, the resulting hash will always be the same.
b. By comparing hashes created at two different times, you can determine if the original data is still the
same.
c. If the hashes are the same, the data is the same. If the hashes are different, the data has changed.

- Hashing algorithm: such as MD5

How to Increase Availability
Redundancy: allows the service to continue without interruption by duplicate the
systems.
Computer Security Terminology
1. Attack: any intentional effort to steal, expose, alter, disable, or destroy data, applications or
other assets through unauthorized access to a network, computer system or digital device.
2. Vulnerabilities: is a weakness.
• It can be a weakness in the hardware, the software, the configuration, or even the users operating the
system.
3. Threat: probability that a specific type of attack may occur by exploits a Vulnerability.
NETWORK SECURITY
Network security consists of the policies, processes and practices adopted to prevent,
detect and monitor unauthorized access, misuse, modification, or denial of a computer
network and network-accessible resources.
Classification of Security Attacks
Network security attacks can be classified passive attacks and active attacks.
1. Passive attack attempts to learn or make use of information from the system
but does not affect system resources.
➢ are difficult to detect because they don’t involve any alteration of data.

2. Active attack attempts to alter system resources or affect their operation.