IntScription()
← Back to Notes Home

Computer Virus

Malicious code written to interfere with the computer operations and cause damage to data and software.

  • The virus attaches itself to programs and documents in the computer and spreads one or more computer in a network

Malware

Software designed to harm devices or networks

There are many types of malware. The primary purpose of malware is to obtain money, or in some cases, an intelligence advantage that can be used against a person, an organization, or a territory.  

Some of the most common types of malware attacks today include: 

  • Viruses: Malicious code written to interfere with computer operations and cause damage to data and software. A virus needs to be initiated by a user (i.e., a threat actor), who transmits the virus via a malicious attachment or file download. When someone opens the malicious attachment or download, the virus hides itself in other files in the now infected system. When the infected files are opened, it allows the virus to insert its own code to damage and/or destroy data in the system.
  • Worms: Malware that can duplicate and spread itself across systems on its own. In contrast to a virus, a worm does not need to be downloaded by a user. Instead, it self-replicates and spreads from an already infected computer to other devices on the same network.
  • Ransomware: A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access. 
  • Spyware: Malware that’s used to gather and sell information without consent. Spyware can be used to access devices. This allows threat actors to collect personal data, such as private emails, texts, voice and image recordings, and locations.

Social Engineering

A manipulation technique that exploits human error to gain private information, access, or valuables Eg: Love letter attack

Some of the most common types of social engineering attacks today include:

  • Social media phishing: A threat actor collects detailed information about their target from social media sites. Then, they initiate an attack.
  • Watering hole attack: A threat actor attacks a website frequently visited by a specific group of users.
  • USB baiting: A threat actor strategically leaves a malware USB stick for an employee to find and install, to unknowingly infect a network. 
  • Physical social engineering: A threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.

Social engineering principles 

Social engineering is incredibly effective. This is because people are generally trusting and conditioned to respect authority. The number of social engineering attacks is increasing with every new social media application that allows public access to people’s data. Although sharing personal data—such as your location or photos—can be convenient, it’s also a risk.

Reasons why social engineering attacks are effective include:

  • Authority: Threat actors impersonate individuals with power. This is because people, in general, have been conditioned to respect and follow authority figures.
  • Intimidation: Threat actors use bullying tactics. This includes persuading and intimidating victims into doing what they’re told. 
  • Consensus/Social proof: Because people sometimes do things that they believe many others are doing, threat actors use others’ trust to pretend they are legitimate. For example, a threat actor might try to gain access to private data by telling an employee that other people at the company have given them access to that data in the past. 
  • Scarcity: A tactic used to imply that goods or services are in limited supply. 
  • Familiarity: Threat actors establish a fake emotional connection with users that can be exploited.  
  • Trust: Threat actors establish an emotional relationship with users that can be exploited over time. They use this relationship to develop trust and gain personal information.
  • Urgency: A threat actor persuades others to respond quickly and without questioning.

Phishing

The use of digital communications to trick people into revealing sensitive data or deploying malicious software.

Some of the most common types of phishing attacks today include: 

  • Business Email Compromise (BEC): A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage.
  • Spear phishing: A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source.
  • Whaling: A form of spear phishing. Threat actors target company executives to gain access to sensitive data.
  • Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.
  • Smishing: The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source.

Certified Information Systems Security Professional (CISSP)

CSSIP.png

  • It is an autonomous data security certification given by the International Information System Security Certification Consortium, which is also known as the (ISC)².

1. Security and Risk Management

Focuses on defining security goals and objectives, risk mitigation, compliance, business continuity, and the law. For example, security analysts may need to update company policies related to private health information if a change is made to a federal compliance regulation such as the Health Insurance Portability and Accountability Act, also known as HIPAA.

2. Asset Security

This domain focuses on optimizing data security by ensuring effective tools, systems, and processes are in place. As a security analyst, you may be tasked with configuring a firewall. A firewall is a device used to monitor and filter incoming and outgoing computer network traffic. Setting up a firewall correctly helps prevent attacks that could affect productivity.

3. Security Architecture and Engineering

This domain focuses on optimizing data security by ensuring effective tools, systems, and processes are in place. As a security analyst, you may be tasked with configuring a firewall. A firewall is a device used to monitor and filter incoming and outgoing computer network traffic. Setting up a firewall correctly helps prevent attacks that could affect productivity.

4. Communication and Network Security

This domain focuses on managing and securing physical networks and wireless communications. As a security analyst, you may be asked to analyze user behaviour within your organization.

5. Identity and Access Management

Focuses on keeping data secure, by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications. Validating the identities of employees and documenting access roles are essential to maintaining the organization’s physical and digital security. For example, as a security analyst, you may be tasked with setting up employees’ keycard access to buildings.

6. Security Assessment and Testing

This domain focuses on conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities. Security analysts may conduct regular audits of user permissions, to make sure that users have the correct level of access. For example, access to payroll information is often limited to certain employees, so analysts may be asked to regularly audit permissions to ensure that no unauthorized person can view employee salaries.

7. Security Operations

This domain focuses on conducting investigations and implementing preventative measures. Imagine that you, as a security analyst, receive an alert that an unknown device has been connected to your internal network. You would need to follow the organization’s policies and procedures to quickly stop the potential threat.

8. Software Development Security

This domain focuses on using secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services. A security analyst may work with software development teams to ensure security practices are incorporated into the software development life-cycle. If, for example, one of your partner teams is creating a new mobile app, then you may be asked to advise on the password policies or ensure that any user data is properly secured and managed

Attack types

Password attack

A password attack is an attempt to access password-secured devices, systems, networks, or data. Some forms of password attacks that you’ll learn about later in the certificate program are:  

  • Brute force
  • Rainbow table

Password attacks fall under the communication and network security domain. 

Social engineering attack

Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. Some forms of social engineering attacks that you will continue to learn about throughout the program are:

  • Phishing
  • Smishing
  • Vishing
  • Spear phishing
  • Whaling
  • Social media phishing
  • Business Email Compromise (BEC)
  • Watering hole attack
  • A type of attack when a threat actor compromises a website frequently visited by a specific group of users
  • USB (Universal Serial Bus) baiting
  • Physical social engineering 

Social engineering attacks are related to the security and risk management domain.

Physical attack

A physical attack is a security incident that affects not only digital but also physical environments where the incident is deployed. Some forms of physical attacks are:

  • Malicious USB cable
  • Malicious flash drive
  • Card cloning and skimming

Physical attacks fall under the asset security domain.

Adversarial artificial intelligence

Adversarial artificial intelligence is a technique that manipulates artificial intelligence and machine learning technology to conduct attacks more efficiently. Adversarial artificial intelligence falls under both the communication and network security and the identity and access management domains.

Supply-chain attack

A supply-chain attack targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed. Because every item sold undergoes a process that involves third parties, this means that the security breach can occur at any point in the supply chain. These attacks are costly because they can affect multiple organizations and the individuals who work for them. Supply-chain attacks can fall under several domains, including but not limited to the security and risk management, security architecture and engineering, and security operations domains.

Cryptographic attack

A cryptographic attack affects secure forms of communication between a sender and intended recipient. Some forms of cryptographic attacks are: 

  • Birthday
  • Collision
  • Downgrade

Cryptographic attacks fall under the communication and network security domain.

Threat actor types

Advanced persistent threats

Advanced persistent threats (APTs) have significant expertise accessing an organization’s network without authorization. APTs tend to research their targets (e.g., large corporations or government entities)  in advance and can remain undetected for an extended period of time. Their intentions and motivations can include:

  • Damaging critical infrastructure, such as the power grid and natural resources
  • Gaining access to intellectual property, such as trade secrets or patents

Insider threats

Insider threats abuse their authorized access to obtain data that may harm an organization. Their intentions and motivations can include: 

  • Sabotage
  • Corruption
  • Espionage
  • Unauthorized data access or leaks 

Hacktivists

Hacktivists are threat actors that are driven by a political agenda. They abuse digital technology to accomplish their goals, which may include: 

  • Demonstrations
  • Propaganda
  • Social change campaigns
  • Fame

Hacker

A hacker is any person who uses computers to gain access to computer systems, networks, or data. They can be beginner or advanced technology professionals who use their skills for a variety of reasons. There are three main categories of hackers:

  • Authorized hackers are also called ethical hackers. They follow a code of ethics and adhere to the law to conduct organizational risk evaluations. They are motivated to safeguard people and organizations from malicious threat actors.
  • Semi-authorized hackers are considered researchers. They search for vulnerabilities but don’t take advantage of the vulnerabilities they find.
  • Unauthorized hackers are also called unethical hackers. They are malicious threat actors who do not follow or respect the law. Their goal is to collect and sell confidential data for financial gain. 

Note: There are multiple hacker types that fall into one or more of these three categories.

New and unskilled threat actors have various goals, including: 

  • To learn and enhance their hacking skills
  • To seek revenge
  • To exploit security weaknesses by using existing malware, programming scripts, and other tactics 

Other types of hackers are not motivated by any particular agenda other than completing the job they were contracted to do. These types of hackers can be considered unethical or ethical hackers. They have been known to work on both illegal and legal tasks for pay.

There are also hackers who consider themselves vigilantes. Their main goal is to protect the world from unethical hackers.