PGD in Cyber Security &

Cyber Threat

Module 01
Week#7
Today’s Topic:
Cyber Security Principles

“ As cyber threats evolve, we need

to evolve as well”
Cyber Security Introduction
Definitions and Principles
 Cyber Crime
• Cyber crimes are, as the name implies, crimes
committed using computers, phones or the
internet.

• Some types of cyber crime include:

• Illegal interception of data.
• System interferences.
• Copyrights infringements.
• Sale of illegal items.
 Cyber Security Kill Chain, Zero-
day attack,

• Cyber security is the body of technologies, ransomware, alert

fatigue and Man-
processes and practices involved in protecting in the middle
attack are just a
individuals and organizations from cyber crime. few examples of
common cyber
attacks.
• It is designed to protect integrity of networks,
computers, programs and data from attack,
damage or unauthorized access.
 Cyber Security Principles
 There are five key principles in cyber security:
• Confidentiality
• Integrity
• Availability
• Accountability
• Auditability
 Cyber Security Principle Definitions
• Confidentiality:
• A set of rules that limits access or place restrictions on
certain type of information.

• Integrity:
• Assurance that the information is trustworthy and
accurate.

• Availability:
• The guarantee of reliable access to the information by
authorized people.
 Cyber Security Principle Definitions
• Accountability:
• Is an assurance that an individual or an organization
will be evaluated on their performance or
behaviour related to something for which they are
responsible.

• Auditability:
• A security audit is a systematic evaluation of the
security of a company’s information system by
measuring how well it conforms to a set of
established criteria.
Cyber Threats
 Cyber Threat
• A Cyber threat is any malicious act that attempts
to gain access to a computer network without
authorization or permission from the owners.

• It refers to the wide range of malicious activities

that can damage or disrupt a computer system, a
network or the information it contain.

• Most common cyber threats: Social Engineered

Trojans, Unpatched Software, Phishing, Network
worms, etc.
 Sources of Cyber Threats Anyone with a
motive and the

• Cyber threats can come from a wide variety of needed

technology can
sources, some notable examples include: create cyber
threats.
• National governments.
• Terrorists.
• Industrial secret agents.
• Rogue employees.
• Hackers.
• Business competitors.
• Organization insiders.
 Cyber Threat Classifications
• Threats can be classified by multiple criteria:
• Attacker's Resources
• Attacker's Organization
• Attacker's Funding

• On basis of these criteria, threats are of 3 types:

• Unstructured Threats
• Structured Threats
• Highly Structured threats
 Unstructured Cyber Threats
• Resources: Individual or small group.

• Organization: Little or no organization.

• Funding: Negligible.

• Attack: Easy to detect and make use of freely available

cyberattack tool.

• Exploitation based on documented vulnerabilities.

 Structured Cyber Threats
• Resources: Well trained individual or group.

• Organization: Well planned.

• Funding: Available.

• Attack: Against particular individual or organizations.


• Exploitation based on information Gathering.
 Highly Structured Cyber Threats
• Extensive organization, resources and planning
over time.

• Attack: Long term attack on particular machine

or data.

• Exploitation with multiple methods:

• Technical, social and insider help.
 Cyber Security Threat Index Level
• Cyber threats are evaluated daily by the CTU
(counter threat unit) and associated with an
threat index level.

• The threat index levels are:

• Level 1: Guarded.
• Level 2: Elevated.
• Level 3: High.
• Level 4:Critical.
Section - 2

MAJOR CYBER SECURITY

ATTACKS
 Global Cost of Cybercrime
• McAfee and the Center for Strategic and International Studies (CSIS)
revealed that cybercrime cost the world $600 billion in one year.
 https://breachlevelindex.com/

Frequency of Security Incidents

 Bangladesh Bank

• The hackers misspelled "Foundation" in their request to transfer the funds,

spelling the word as "Fundation".
• This spelling error gained suspicion from Deutsche Bank, a routing bank which
put a halt to the transaction in question after seeking clarifications from
Bangladesh Bank
 BankIslami Security Breach

 On October 27, 2018 customers of the bank received automated

messages about transactions from their payment cards
 The money had been withdrawn from different locations in USA,
Russia and other countries.

 BankIslami issued a circular stating that, all funds withdrawn from

the accounts (i.e. Rs. 2.6 Million) of customers have been reversed.

 While we can not say with certainty, however, following may be

some reasons:
 ATM Skimming
 Social Engineering
 System breach (Hackers infiltrated into a Bank’s secure system)
 Chinese Men Caught While Trying to Install ATM
Skimming Devices

 Two Chinese men arrested by Police in Karachi on charges of installing

skimming devices in ATMs.
 This is not the first time that someone has tried to hack ATMs in Pakistan.
Last year HBL reported that over 559 customers’ accounts were
compromised by hackers and over Rs 10 million were stolen from them.
 NADRA Records of Pakistani Citizens On Sale on
Social Media Groups

 NADRA data leaked

 Being sold online for a nominal price.
 Information Security - Incidents

Iran
• Stuxnet is a computer worm discovered in June 2010
• It initially spreads via Microsoft Windows, and targets Siemens industrial
software and equipment
• Took the control of functioning of a nuclear power plant
 Sony Pictures Hack

 On November 24, 2014, a hacker group which identified itself by the name
"Guardians of Peace" (GOP) leaked a release of confidential data from the
film studio Sony Pictures. The data included personal information about
Sony Pictures employees and their families, e-mails between employees,
information about executive salaries at the company, copies of then-
unreleased Sony films
 Multiple reports suggest the attack is tied to the North Korean
government, who expressed outrage over the Sony-backed film "The
Interview," an action-comedy centered on an assassination plot against
North Korean leader Kim Jong Un.
Estonia – Cyber Riot
 The Most Notable Cybersecurity Breaches

Uber :57 million user accounts were hacked in 2016. Uber paid two hackers to
destroy the stolen data.

Damage: Uber fired chief security officer Joe Sullivan and his deputy;
Company valuation dropped by 30 percent.

Equifax (consumer credit rating agency): 143 million records of personal

information were hacked in July. The leaked data included names, Social
Security numbers, birth dates, addresses and driver’s license numbers.

Damage: CEO, CIO and CISO resigned immediately after the news broke;
Stock prices slumped by 35 percent in a week . The 2017 third-quarter profit
declined by 27 percent compared with last year; The company has incurred
$87 million in cost related to the breach.
 The Most Notable Cybersecurity Breaches

Yahoo : 3 billion user accounts were hacked in 2013. Number wasn’t disclosed
until October 2017.

Damage: Yahoo has faced 41 class action lawsuits, per CNBC.

LinkedIn: 117 million user accounts were hacked in 2012. The scale of the
breach was first reported at 6.5 million. The actual number was found when a
Russian hacker began selling 117 million emails and passwords for bitcoin on
a dark web marketplace in May 2016.

Damage: A group of LinkedIn Premium users filed a class action against

LinkedIn for failing to protect user data.
 Facebook Hack

 Facebook announced the largest breach in the company’s history

 The breach affected about 50 million users, allowing hackers to take over
their accounts.

 Watch out for imposter scams. With access to your Facebook account,
hackers can get a lot of information about you

 Consider changing your password

How much worth my Information is?
 How to check if your account has been hacked

 http://www.HaveIbeenpwned.com
Section - 3

INFORMATION STEALING
TECHNIQUES
Causes of Compromised Security

01 Lack of Security Awareness and Human Errors

Malicious/Pirated Software

02 Lost/Stolen of Computers

03 Disgruntle Employees

04 Insufficient Funding
 Recognizing Security Threats & Attacks

 Social Engineering
 Phishing
 Malware
 Wireless Access
 Identity Theft
 Ransomware
 Social Engineering

• Art of convincing people to reveal

sensitive / confidential information by
deceiving and manipulating them.
• Criminals try to trick people in a way
that they give away these types of
information:
• Passwords
• Secret Data
• Banking Credentials

It is much easier to fool someone into giving you their password rather
than for you to try hacking them.
Social Engineering
Social Engineering
 Social Engineering

Common Social Engineering Attack

Shoulder Surfing Tailgating Dumpster Diving Scareware

Protect against Social Engineering attacks

Do not share secret Pay attention to the Make good use of Foreign offers are
information URL of website shredder fake
 Phishing

• Phishing is an illegal attempt to

acquire sensitive information, such as :
• Usernames
• Passwords
• Financial Data Details (such as Debit / Credit
Card information, etc.)
• How Phishing works ?
Phishing is done for malicious reasons, by
impersonating a trustworthy entity in an
electronic communication.

Think Before you Click!

 Social Engineering: Phishing

↘ Official and Confidential

 Social Engineering: Phishing

↘ Official and Confidential

Social Engineering: Phishing
 Phishing

Types of Motivations in Phishing

• Greed
• Fear
• Curiosity
• Sympathy
• Respect for Authority
• Helpfulness

“Teach a man to phish and he’ll eat for a lifetime!”

Phishing (Greed)
Phishing (Fear)
Phishing (Curiosity)
Phishing (Sympathy)
 Phishing

How Phishing Works?

Protection against Phishing Attacks

Guard against Spam Protect with AVs Privacy

Secure Communication Beware of Malicious Links

Phishing Attacks
There is NO PATCH to Human Negligence

65
 Malware

 It is an abbreviated term meaning

“malicious software”.
 Damage a computer without the
knowledge of the owner
– Disrupts the computer operation
– Gather sensitive information
– Gain access to computer
 Malware

 How does a computer get infected?

– When a user accepts files and downloads without checking
properly for the source
– Opening infected e-mail attachments
– Installing pirated software
– Not updating or installing new versions/updates
– Not running the latest/updated anti-malware program
 Malware

 What indicates a Malware Attack?

– Unusual computer behavior
– Slow performance
– Computer freezes frequently
– Files and folders go missing
– Unknown files/folders appear
– Fake Anti-virus alerts
– Changed Drive label, Filenames, File sizes
 Malware

 How to detect Malware?

– VirusTotal.com
 Ransomware

 A malware that hackers install on your

computer or mobile device without your
consent.

 Mode of Operation.
– Lock files on your computer or mobile device
remotely.
– Communicate with user via pop-up messages.
– Restrict access to computer or mobile device until
paid.

Don’t be a victim of data and financial loss.

 Ransomware
How it works?

1) The user receives an 2) Once the user opens the 3) This malicious
email with an attached file, a malicious software blocks access
attachment. software is installed to the system, until the
unknowingly on the system. hackers receive money.
 Ransomware
How it Looks?
Corona Virus Ransomware

Office of the CISO - SBP

Corona Virus Ransomware

Office of the CISO - SBP

Corona Virus Ransomware

Office of the CISO - SBP

Identity Theft
 Identity Theft

 Identity theft is a type of fraud and it

is the deliberate use of someone
else's identity, for:
• Stealing Other Users Personal &
Financial Data
• Gaining other benefits by pretending to
be someone else

• Wrongfully obtains and uses another

person's personal or financial data in a
way that involves fraud or deception,
typically for financial gain.

A crime lawfully made in name of the victim.

 Identity Theft

 Process of stealing someone’s identity information and

misusing the information to accomplish attacker’s goals for
fraudulent purposes such as committing theft and crimes.
– E.g. using someone else’s N.I.C. to register
 Identity Theft

 How to minimize the risk?

– Secure personal information both at workplace and home
– Cross check & review financial accounts, bank statements and
credit reports regularly
– Secure or shred confidential documents
– Never provide your personal information to others
– Unsubscribe from unnecessary email services
Identity Theft: Card Skimming
Identity Theft: Card Skimming
Identity Theft: Card Skimming
Identity Theft: Card Skimming
 Identity Theft: Card Skimming

 Warning Signs
– A shop assistant takes your card out of your sight in order to
process your transaction
– You are asked to swipe your card through more than one
machine
– You notice something suspicious about the card slot on an ATM
(e.g. an attached device)
– You notice unusual or unauthorized transactions on your
account or credit card statement
 Identity Theft
How Does Identity Theft Happen?

Trash Mail Skimming Breach Phishing

Protection against Identity Theft Attacks

Don’t respond Pay attention Use Antivirus

unsolicited to billing cycles & Firewall
requests Secure sensitive Collect mail
information promptly
Cyber Attacks
 Types of Cyber Attacks

• Advanced Persistent Threat (APT):

• A network attack in which an unauthorized
person gains access to network and stays there
undetected for a long period of time.

• Backdoor:
• Method of bypassing normal authentication
and gaining access in OS or application.
 Types of Cyber Attacks Continued

• Phishing:
• Phishing is a type of cyber attack which
involves contacting someone through email,
phone, websites, or text message.

• Man-in-the-middle Attack
• This attack intercepts and relays messages
between two parties who are communicating
directly with each other.
 Types of Cyber Attacks Continued

• Cross-Site Scripting (XSS):

• A code injection attack that allows an attacker to
execute malicious JavaScript in another user’s
browser.

• Denial of Service Attack:

• Any attack where the attackers attempt to prevent
the authorized users from accessing the service.
 Types of Cyber Attacks Continued

• SQL injection:
• A very common exploited web application
vulnerability that allows malicious hacker to
steal and alter data in website’s database.

• Zero-day exploit:
• A vulnerability in a system or device that has
been disclosed but is not yet patched.
 Impacts of Cyber Attacks

• A successful cyber attack can cause major damage to

organizations or systems, as well as to business
reputation and consumer trust.

• Some potential results include:

• Financial loss.
• Reputational damage.
• Legal consequences.
Vulnerabilities
 What is a Vulnerability?

• A cyber-security term that refers to a flaw in a system

that can leave it open to attack.

• Vulnerability is the composition of three elements:

1. A flaw in system.
2. Access of attacker to that flaw.
3. Capability of attacker to exploit the flaw.
 Classification of Vulnerabilities

• Vulnerabilities are classified according to the asset:

• Hardware.
• Software.
• Network.
• Personal.
• Physical site.
• Organizational.
 Causes

• Some of the vulnerability in the system occur

due to:
• Missing patches.
• Cleartext credentials.
• Using unencrypted channels.
• RF Emanation.
 Sources and Scams
The USB drive could
have malware like
spyware or
ransomware. It could
• Imagine you receive an anonymous tip regarding a publication you do things such as steal
are writing. your personal data or
even wipe your
system clean.
• The tip claims to have additional information for you on a provided
USB flash drive.

• If you were to insert this unknown flash drive into your device, you
could cause great harm to your system and your network!

• Never connect a suspicious drive to your devices.

 Everyday Cyber
attacks are
becoming more

The Importance of Cyber Security

common and
more damaging.

• With respect to IT, security plays a crucial role in

protecting company resources from
unauthorized access.

• A company’s priority should always be the

protection of sensitive information, making
professions within the field of security more
critical and sought after.

8
 Image Credit:
Cyberseek (2018)

Career Paths in Cyber Security

• Security branches off

into many different
pathways.

• These pathways can

vary from security
monitoring to ethical
hacking.

8
 There are many
more security
positions and it is

Career Paths in Cyber Security

important to find
the one that
interests you.
 The primary areas of concern consist of the
following:
• Security Analyst
• Penetration Tester
• Bounty Hunters
• Security Architect
• Application Security Engineer

8
 Security Analyst
• Security analysts play a key role in keeping an
organization’s sensitive information secure.

• They will often spend a lot of their time monitoring

network activities within the company, checking for any
suspicious activities that may result in malicious attacks.

• When an attack does occur, security analyst have a role in

mitigating those attacks.

8
 Penetration
Testers are also
called “ethical

Penetration Tester
hackers” as they
use their talents in
hacking to secure
• The responsibilities of a Penetration Tester involve finding organizations.

any vulnerabilities or exploits with a given a target.

• These targets could be Networks, Web Applications,

Desktop, etc.

• The goal of finding vulnerabilities enables companies to

create plans to mitigate those vulnerabilities which in turn
can prevent a risk of an attack.

8
 Bug Bounty Hunter

• Bug Bounty Hunters are essentially like Penetration

testers, where their role is to find vulnerabilities.

• However, their job revolves around completing bug bounty

programs on their own time rather then being hired as an
employee.

• This program involves companies setting out rewards to

individuals that are successful in finding a vulnerability.

8
 Bug Bounty Hunter Continued
 This program is also set out to the public where
anyone could part take in the program.
– Sites like HackerOne provide an easy way to find
companies with the bug bounty program.
– Companies that are involved with HackerOne
include: Android, Buzzfeed, Facebook, etc.

8
 Security Architect
• Security Architects are responsible for designing,
testing, and implementing security systems
within an organization’s network.

• They often will review current security systems

where they will make recommendation on new
solutions to implement or upgrade.

9
 Application Security Engineer

• Application Security Engineers assist in helping secure

software applications that are developed and offered by
organizations to consumers or employees.

• This position is more on the coding side of IT as they are

expected to review code of a software product.

• Being an application security engineer you will also use

penetration testing techniques to find vulnerabilities.

9
 Application Security Engineer vs
Penetration Tester
• This position can be very similar to that of a
Penetration Tester.

• The difference is the Penetration Tester tests an

entire environment, while the Application
Security Engineer test single software products.

9
 Remember, there
are a lot of ways
to get into cyber

Skills for Cyber Security Careers

security. A lot of
people come from
both technical and
non-technical
 Skills we generally would see in these positions include: disciplines.

• Communication Skills • Security Principles

• Team Work • Risk Analysis

• Problem Solving Skills • Network Protocols

• Programming Skills • Intrusion Detection

• Ethical Hacking • Scripting

9
 Any
Questions?
Raise your hand !!!

39