Cyber Security Fundamentals (Data Breaches (Hacking Team : company that…
Cyber Security Fundamentals
: Keeping the data safe from outside reads
: Making data accessible to certain group of people or subjects
: Keeping the data in its original form without any changes whether willingly or maliciously
Rising Cybersecurity Threats
: computing devices are locked and encrypted. Usually thru a clicked link, or installed malware. Users are threatened that if they do not pay, the files will start being deleted.
: 4000 ransomeware attacks were unleashed each day of 2016. That is more than 4 times than 2015
: Sabotaging data is also being hailed as a major source of cybersecurity problems in 2017
Example of hack of toilet flushing system in Japan
Bug Bounty Program
: reward hackers for finding and fixing security issues (United Airlines)
Example hack of Hospital's wired refrigerators with Blood Tests
Example of hack of baby monitor
: identify and exploit vulnerabilities
: service provider was attacked by DDoS
was brought down by 100,000 DVRs, security cameras, webcams, thermostats, refrigerators, coffee makers, and other IoT devices in homes across the world. These devices were hijacked through malware and were instructed to attack
Default username and password, un-updated software, or flaws in the software
: links previous attacks on current attacks
Who are the hackers?
Someone who thinks outside the box, is technologically inclined. Finds unconventional solutions to problems. Focusing on what is important.
" original term for malicious hacker
Identified by their Hat colors
Black Hat Hacker
: Malicious hacker or Cracker
White Hat Hacker
: does what black hat hacker does, breaking into companies and systems with permissions in order to exploit vulnerabilities
Gray Hat Hacker
: somewhere in the middle of White and Black Hat Hackers
: inexperienced crackers, who use scripts and programs developed by others.
: finding vulnerabilities anywhere
: finding vulnerabilities within certain company
: building systems and processes to establish cyber security presence.
defined the motivation of individuals who commit espionage against the country with the acronym
Compromise or Coercion
Ego or Extortion
According to researcher
, hackers motivations are based on MEECES
: 70 million customers affected. Breach started when credentials were stolen from their HVAC company.
: 83 million customers affected. Breach started because JP Morgan's Security Team did not upgrade the server with two-factor authentication.
: 56 million customers affected. Like Target, breach started when credentials were stolen from 3rd party vendor. Unpatched Windows systems were the other cause.
: confidential data from Sony Pictures, including personal information of employees and their families, salary information and unreleased films were released.
OPM - Office of Personnel Management
: 25 millions users affected. Security clearance information as well as fingerprints. Secret Agents even if they changed their names were now no longer safe.
: a password management service
: cybersecurity and anti-virus provider
: company that sells hacking tools to governments and law enforcement
Excellus Blue Cross Blue Shield
: had 10.5 million affected customers.
Ukraine Power Grid
: first attack started when workers clicked on attachment enabling macros in Microsoft Word document
: exposed info of 427 million users
Gmail, Yahoo and Hotmail
: dumps of emails affected 273 million users
: 117 million users.
Interesting FACT! Mark Zuckerberg
: his Twitter and Pinterest were hacked because his password for his accounts were the same as the one revealed in LinkedIn breach
: announced 500 million users were hacked and later announced 1 billion users were affected . Greatest hack of all the time
: requires proof. Something you know like a password. Something you have like a key fob. Something you are like a biometrics.
Combining any of these is called
2FA - Two Factor Authentication
- Examples would be Gmail, Yahoo, etc. When they ask you to enter code from your phone, in addition to your password.
: National Institute of Standards and Technology : denounced 2FA with SMS. They stated that it should be deprecated due to that SMS can be redirected. It recommended to use Google Authenticator or similar tools.
: permissions and accesses after user logs in
Principle of Least Privilege
: keeping track of who is doing what. For instance,
actions while the
is on vacation. Checks and Balances. Examining Log Entries.
Security vs Availability
: needs to be balanced. Like a scale. If one side goes down, other side goes up.
Company Trade Secrets
: famous exploit from 2008 that allows hackers to gain access to Windows XP or Windows Server 2003
Probability of an Impact
What can be done?