SlideShare a Scribd company logo

Cyber security # Lec 1

Download as PPTX, PDF
Kabul Education University
Kabul Education University

This document provides an overview of a cyber security lecture at Bakhtar University. It discusses the course objectives, policies, and grading evaluation. It then defines cybersecurity and outlines the major cybersecurity challenges, including advanced persistent threats and recent cyber attacks against major organizations. The document categorizes types of cyber attackers and concludes by listing reference books.

Related slideshows

Need for cyber security
Need for cyber securityNeed for cyber security
Need for cyber security
 
Network security
Network securityNetwork security
Network security
 
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
 
1 of 40
Lec-1: Cyber Security Mr. Islahuddin Jalal MS (Cyber Security) – UKM Malaysia Research Title – 3C-CSIRT Model for Afghanistan BAKHTAR UNIVERSITY ‫باخترپوهنتون‬ ‫د‬
Outlines to be discussed…. Today • Course Objective • Class Policy • Grading Policy • What is Cybersecurity • The Cybersecurity Challenge • Defining cybersecurity challenge • Cyber attacks of Today • Types of cyberattackers • Reference Books
Class Policy • A student must reach the class-room in time. Late comers may join the class but are not entitled to be marked present. • Attendance shall be marked at the start of the class and students failing to secure 75% attendance will not be allowed to sit in final exam. • The assignment submission deadline must be observed. In case of late submission, ten percent may be deducted from each day. • Those who are absent on the announcement date of the assignment/test. Must get the topic/chapter of test/assignment confirmed through their peers. • Mobile phones must be switched-off in the class-rooms. 9/15/2017 Bakhtar University 3
Grading Evaluation for Cyber Security Internal Evaluation Midterm Exam 20% Attendance 5% Assignment/Presentations 5% Quizzes/Tests 10% Total Internal Evaluation 40% Final-term Examination Final-term Exam 60% Total Marks 100% 9/15/2017 Bakhtar University 4
Cybersecurity • Relative new discipline, • it is so new that there is no agreed upon • spelling of the term • broadly accepted definition • Many people believe • Cybersecurity is something you can buy in increments, much like a commodity • Others believe • Cybersecurity is just refers to technical measures such as: • Password protection • Installing a firewall
Continued… • Some says • Cybersecurity is an administrative and technical program solely in the realm of IT professionals. • Protection against harm
What is Cybersecurity? • Cybersecurity is the deliberate synergy of technologies, processes, and practices to protect vital information and the networks, computer systems and appliances, and programs used to collect, process, store, and transport that information from attack, damage, and unauthorized access.
Cyberattacks of Today • The major cyber threats were • Viruses • Worms • Trojan horses • The mentioned threats randomly attacked computers directly connected to internet • Now the scenario is totally changed……..
Recent Years Compromises
RSA’s Enterprise • In 2011, RSA’s enterprise was breached and the security keys for many of its customers were believed to have been stolen. • This breach prompted RSA to replace millions of its SecureID tokens to restore security for its customers. • This breach is disconcerting because RSA is one of the oldest and most established cybersecurity brands.
Target’s Point of Sale (POS) • In 2013, Target’s point of sale (POS) network was compromised, resulting in the loss of personal information and credit card numbers for over 40 million customers. • The costs of this breach, particularly when reputational damage and lawsuits are taken into account, will likely be huge.
Sony Pictures Entertainment • In 2014, Sony Pictures Entertainment reported attackers had infiltrated its environment and disabled almost every computer and server in the company. • This cyberattack brought the company to its knees and resulted in the public release of thousands of proprietary documents and e-mail messages.
German Steel Mill • In 2014, a German steel mill was affected by a hacking incident that caused one of its blast furnaces to malfunction. • This resulted in significant physical damage to the plant and its facilities.
Anthem’s IT System • In 2015, Anthem reported its IT systems had been breached and personal information on over 80 million current and former members of their healthcare network was compromised, which included the US government’s Blue Cross Blue Shield program.
These breaches are indicative of some of the major trends.
• Cyber attackers are now targeting • Personal identities • financial accounts • Healthcare information • Cyber attackers are now taking control of Industrial equipment and causing physical damage to plants and equipment
Cyber attacks of Today • Advanced Persistent Threats (APT) • Waves of Malware • Static viruses • Network-based viruses • Trojan Horse • Command and control malware • Customized malware • Polymorphic malware • Intelligent Malware • Fully automated polymorphic malware • Firmware and supply chain malware
• Advanced • – Attacker adapts to defenders’ efforts • – Can develop or buy Zero-Day exploits • – Higher level of sophistication • Persistent • – Attacks are objective and specific • – Will continue until goal is reached • – Intent to maintain long term connectivity • Threats • – Entity/s behind the attack • – Not the malware/exploit/attack alone Advanced Persistent Threats
• Key contributors to popularity of APTs • Nation States • Organized crime groups • Hactivist Groups APT Defined
Why we talk about them?
• – Gain awareness • – Constantly in the News • – Understand the Risk to your Organization • – Organizational Impact • – Prioritize Information Security investments • – Communicate Risk more effectively
• RSA • Google • Johnson & Johnson • DuPont • General Electric Walt Disney • Sony Adobe Systems Intel Corp • Baker Hughes Exxon British Petroleum • Marathon Chevron King & Spalding • CareFirst BCBS QinetiQ Alliant Techsystems • Northrup Grumman Lockheed Martin Citi Cards • Oak Ridge Labs IMF Yahoo • And many, many more ….. APT in the news
Typical Attack Map Step 1 • Reconnaissance Step 2 • Initial Intrusion into the Network Step 3 • Establish a Backdoor into the Network Step 4 • Obtain User Credentials Step 5 • Install Various Utilities Step 6 • Privilege Escalation / Lateral Movement / Data Exfiltration Step 7 • Maintain Persistence
Static viruses • Static viruses that propagated from computer to computer via floppy disks and boot sectors of hard drives. • These viruses propagated themselves, but few of them actually impacted system operations.
Network-based viruses • Network-based viruses that propagated across the open Internet from computer to computer, exploiting weaknesses in operating systems. • Computers were often directly connected to each other without firewalls or other protections in between.
Trojan Horse • Trojan malware that propagates across the Internet via e-mail and from compromised or malicious web sites. • This malware can infect large numbers of victims, but does so relatively arbitrarily since it is undirected.
Command and Control malware • Command and control features that allows the attacker to remotely control its operation within the target enterprise. • Compromised machines then become a foothold inside of the enterprise that can be manipulated by the attacker
Customized malware • Custom malware developed for a particular target. • Custom malware is sent directly to specific targets via phishing e- mails, drive-by websites, or downloadable applications such as mobile apps. • Because the malware is customized for each victim, it is not recognized by signature-based defenses.
Polymorphic malware • Polymorphic malware designed not only to take administrative control of victim networks, but also to dynamically modify itself so it can continuously evade detection and stay ahead of attempts to remediate it.
Intelligent Malware • Malware with intelligence to analyze a victim network, move laterally within it, escalate privileges to take administrative control, and extract, modify, or destroy its target data or information systems. • Intelligent malware does all of these actions autonomously, without requiring human intervention or external command and control.
Fully automated polymorphic malware • Fully automated polymorphic malware that combines the features of the polymorphic and intelligent malwares. This malware takes control autonomously and dynamically evades detection and remediation to stay one step ahead of defenders at all times.
Firmware and supply chain malware • This malware wave takes the fully automated polymorphic malware to its logical conclusion by delivering malware capabilities through the supply chain, either embedded in product firmware or within software products before they are shipped. • Such malware is embedded in products when they are built, or at such a low level in the product firmware that they are virtually undetectable. • By delivering malware in this manner, it is difficult for cyber defenders to differentiate the supply chain malware from the other features coming from the factory.
Categories of Cyber attackers • Commodity Threats • Hacktivists • Organized crimes • Espionage • Cyberwar
Commodity Threats • Random malware, viruses, Trojans, Worms, botnets, ransomware and other threats that are out propagating on the internet all the time. • Commodity threats are undirected and opportunistic • May exploit vulnerabilities or other cyber defense weaknesses. • Destructive but limited in damage • Can be the starting point for most dangerous attacks
Hacktivists • Consists of targeted attack to bolster their cause and embarrass their adversaries. • Hacktivists use hacking to make a public or political statement • Can be used against individuals, enterprises or governments, depending on the situation and the particular objectives of the hacktivists.
Organized crime • Targeted attacks like hactivists • The intention is money
Espionage • Generally focused on stealing information • Frequently use APT-style methods • To be very effective against enterprises to get the job done in any mean. • Can be conducted at the nation-state level • Cyberespionage is a serious issue and the campaigns can involve complex webs of target individuals and enterprises as the agent work their way from their starting points toward their objectives.
Cyberwar • It is about damaging the ability of enterprises or governments to operate in cyberspace. • The damage is done by overwhelming, overloading , disabling or destroying the IT systems used by the victims • Examples • In 2007, Estonian’s internet infrastructure was targeted • Notorious Stuxnet worm against Iran nuclear program and ruined nuclear centrifuges required for enriching uranium • In 2012, Saudi Aramco resulted in tens of thousands of computers having to be replace or rebuilt. • etc
Reference Books • Enterprise Cyber Security by Scott E. Donald, Stanley G. Siegel, Chris K. Williams and Abdul Aslam • Cyber Security for Executive: A practical Guide by Gregory J. Touhill and C. Joseph Touhill
Thank You For Your Patience

More Related Content

Cyber security # Lec 1

  • 1. Lec-1: Cyber Security Mr. Islahuddin Jalal MS (Cyber Security) – UKM Malaysia Research Title – 3C-CSIRT Model for Afghanistan BAKHTAR UNIVERSITY ‫باخترپوهنتون‬ ‫د‬
  • 2. Outlines to be discussed…. Today • Course Objective • Class Policy • Grading Policy • What is Cybersecurity • The Cybersecurity Challenge • Defining cybersecurity challenge • Cyber attacks of Today • Types of cyberattackers • Reference Books
  • 3. Class Policy • A student must reach the class-room in time. Late comers may join the class but are not entitled to be marked present. • Attendance shall be marked at the start of the class and students failing to secure 75% attendance will not be allowed to sit in final exam. • The assignment submission deadline must be observed. In case of late submission, ten percent may be deducted from each day. • Those who are absent on the announcement date of the assignment/test. Must get the topic/chapter of test/assignment confirmed through their peers. • Mobile phones must be switched-off in the class-rooms. 9/15/2017 Bakhtar University 3
  • 4. Grading Evaluation for Cyber Security Internal Evaluation Midterm Exam 20% Attendance 5% Assignment/Presentations 5% Quizzes/Tests 10% Total Internal Evaluation 40% Final-term Examination Final-term Exam 60% Total Marks 100% 9/15/2017 Bakhtar University 4
  • 5. Cybersecurity • Relative new discipline, • it is so new that there is no agreed upon • spelling of the term • broadly accepted definition • Many people believe • Cybersecurity is something you can buy in increments, much like a commodity • Others believe • Cybersecurity is just refers to technical measures such as: • Password protection • Installing a firewall
  • 6. Continued… • Some says • Cybersecurity is an administrative and technical program solely in the realm of IT professionals. • Protection against harm
  • 7. What is Cybersecurity? • Cybersecurity is the deliberate synergy of technologies, processes, and practices to protect vital information and the networks, computer systems and appliances, and programs used to collect, process, store, and transport that information from attack, damage, and unauthorized access.
  • 8. Cyberattacks of Today • The major cyber threats were • Viruses • Worms • Trojan horses • The mentioned threats randomly attacked computers directly connected to internet • Now the scenario is totally changed……..
  • 10. RSA’s Enterprise • In 2011, RSA’s enterprise was breached and the security keys for many of its customers were believed to have been stolen. • This breach prompted RSA to replace millions of its SecureID tokens to restore security for its customers. • This breach is disconcerting because RSA is one of the oldest and most established cybersecurity brands.
  • 11. Target’s Point of Sale (POS) • In 2013, Target’s point of sale (POS) network was compromised, resulting in the loss of personal information and credit card numbers for over 40 million customers. • The costs of this breach, particularly when reputational damage and lawsuits are taken into account, will likely be huge.
  • 12. Sony Pictures Entertainment • In 2014, Sony Pictures Entertainment reported attackers had infiltrated its environment and disabled almost every computer and server in the company. • This cyberattack brought the company to its knees and resulted in the public release of thousands of proprietary documents and e-mail messages.
  • 13. German Steel Mill • In 2014, a German steel mill was affected by a hacking incident that caused one of its blast furnaces to malfunction. • This resulted in significant physical damage to the plant and its facilities.
  • 14. Anthem’s IT System • In 2015, Anthem reported its IT systems had been breached and personal information on over 80 million current and former members of their healthcare network was compromised, which included the US government’s Blue Cross Blue Shield program.
  • 15. These breaches are indicative of some of the major trends.
  • 16. • Cyber attackers are now targeting • Personal identities • financial accounts • Healthcare information • Cyber attackers are now taking control of Industrial equipment and causing physical damage to plants and equipment
  • 17. Cyber attacks of Today • Advanced Persistent Threats (APT) • Waves of Malware • Static viruses • Network-based viruses • Trojan Horse • Command and control malware • Customized malware • Polymorphic malware • Intelligent Malware • Fully automated polymorphic malware • Firmware and supply chain malware
  • 18. • Advanced • – Attacker adapts to defenders’ efforts • – Can develop or buy Zero-Day exploits • – Higher level of sophistication • Persistent • – Attacks are objective and specific • – Will continue until goal is reached • – Intent to maintain long term connectivity • Threats • – Entity/s behind the attack • – Not the malware/exploit/attack alone Advanced Persistent Threats
  • 19. • Key contributors to popularity of APTs • Nation States • Organized crime groups • Hactivist Groups APT Defined
  • 20. Why we talk about them?
  • 21. • – Gain awareness • – Constantly in the News • – Understand the Risk to your Organization • – Organizational Impact • – Prioritize Information Security investments • – Communicate Risk more effectively
  • 22. • RSA • Google • Johnson & Johnson • DuPont • General Electric Walt Disney • Sony Adobe Systems Intel Corp • Baker Hughes Exxon British Petroleum • Marathon Chevron King & Spalding • CareFirst BCBS QinetiQ Alliant Techsystems • Northrup Grumman Lockheed Martin Citi Cards • Oak Ridge Labs IMF Yahoo • And many, many more ….. APT in the news
  • 23. Typical Attack Map Step 1 • Reconnaissance Step 2 • Initial Intrusion into the Network Step 3 • Establish a Backdoor into the Network Step 4 • Obtain User Credentials Step 5 • Install Various Utilities Step 6 • Privilege Escalation / Lateral Movement / Data Exfiltration Step 7 • Maintain Persistence
  • 24. Static viruses • Static viruses that propagated from computer to computer via floppy disks and boot sectors of hard drives. • These viruses propagated themselves, but few of them actually impacted system operations.
  • 25. Network-based viruses • Network-based viruses that propagated across the open Internet from computer to computer, exploiting weaknesses in operating systems. • Computers were often directly connected to each other without firewalls or other protections in between.
  • 26. Trojan Horse • Trojan malware that propagates across the Internet via e-mail and from compromised or malicious web sites. • This malware can infect large numbers of victims, but does so relatively arbitrarily since it is undirected.
  • 27. Command and Control malware • Command and control features that allows the attacker to remotely control its operation within the target enterprise. • Compromised machines then become a foothold inside of the enterprise that can be manipulated by the attacker
  • 28. Customized malware • Custom malware developed for a particular target. • Custom malware is sent directly to specific targets via phishing e- mails, drive-by websites, or downloadable applications such as mobile apps. • Because the malware is customized for each victim, it is not recognized by signature-based defenses.
  • 29. Polymorphic malware • Polymorphic malware designed not only to take administrative control of victim networks, but also to dynamically modify itself so it can continuously evade detection and stay ahead of attempts to remediate it.
  • 30. Intelligent Malware • Malware with intelligence to analyze a victim network, move laterally within it, escalate privileges to take administrative control, and extract, modify, or destroy its target data or information systems. • Intelligent malware does all of these actions autonomously, without requiring human intervention or external command and control.
  • 31. Fully automated polymorphic malware • Fully automated polymorphic malware that combines the features of the polymorphic and intelligent malwares. This malware takes control autonomously and dynamically evades detection and remediation to stay one step ahead of defenders at all times.
  • 32. Firmware and supply chain malware • This malware wave takes the fully automated polymorphic malware to its logical conclusion by delivering malware capabilities through the supply chain, either embedded in product firmware or within software products before they are shipped. • Such malware is embedded in products when they are built, or at such a low level in the product firmware that they are virtually undetectable. • By delivering malware in this manner, it is difficult for cyber defenders to differentiate the supply chain malware from the other features coming from the factory.
  • 33. Categories of Cyber attackers • Commodity Threats • Hacktivists • Organized crimes • Espionage • Cyberwar
  • 34. Commodity Threats • Random malware, viruses, Trojans, Worms, botnets, ransomware and other threats that are out propagating on the internet all the time. • Commodity threats are undirected and opportunistic • May exploit vulnerabilities or other cyber defense weaknesses. • Destructive but limited in damage • Can be the starting point for most dangerous attacks
  • 35. Hacktivists • Consists of targeted attack to bolster their cause and embarrass their adversaries. • Hacktivists use hacking to make a public or political statement • Can be used against individuals, enterprises or governments, depending on the situation and the particular objectives of the hacktivists.
  • 36. Organized crime • Targeted attacks like hactivists • The intention is money
  • 37. Espionage • Generally focused on stealing information • Frequently use APT-style methods • To be very effective against enterprises to get the job done in any mean. • Can be conducted at the nation-state level • Cyberespionage is a serious issue and the campaigns can involve complex webs of target individuals and enterprises as the agent work their way from their starting points toward their objectives.
  • 38. Cyberwar • It is about damaging the ability of enterprises or governments to operate in cyberspace. • The damage is done by overwhelming, overloading , disabling or destroying the IT systems used by the victims • Examples • In 2007, Estonian’s internet infrastructure was targeted • Notorious Stuxnet worm against Iran nuclear program and ruined nuclear centrifuges required for enriching uranium • In 2012, Saudi Aramco resulted in tens of thousands of computers having to be replace or rebuilt. • etc
  • 39. Reference Books • Enterprise Cyber Security by Scott E. Donald, Stanley G. Siegel, Chris K. Williams and Abdul Aslam • Cyber Security for Executive: A practical Guide by Gregory J. Touhill and C. Joseph Touhill
  • 40. Thank You For Your Patience