Analyzing a Cyber Attack

Starter

§Your phone freezes 📱

§Ads pop up everywhere 😡

§Battery drains fast 🔋

§Messages are sent without you 😱”

welcome to the world of Cyber Attack !!!!

​Types of Malware

By

Malware

Cybercriminals:

•use many different types of malicious software, or malware, to carry out their activities. The use of malware is any code that can steal data, bypass access controls, or cause harm to or compromise a system. Knowing the different types and how they spread is key to containing and removing them. 

spyware

•Spyware monitors your online activity and can log every key you press on your keyboard and capture almost any of your data, including sensitive personal information such as your online banking details. Its design is to track and spy on you. Spyware does this by modifying the security settings on your devices. 

Adware

•Often, adware installs with some software versions, and its design is to automatically deliver advertisements to a user, most often on a web browser. You know it when you see it! It’s hard to ignore when facing constant pop-up ads on your screen. 

•It is common for adware to come with spyware. 

Backdoor

•This malware gains unauthorized access by bypassing the normal authentication procedures to access a system. As a result, hackers can access resources within an application and issue remote system commands. 

•A backdoor works in the background and is difficult to detect.

Ransomware

•The design of this malware is to hold a computer system or the data it contains captive until it makes a payment. Ransomware usually encrypts your information so you can't access it. 

•Some versions of ransomware can take advantage of specific system vulnerabilities to lock it down. Ransomware is often spread through phishing emails that encourage you to download a malicious attachment or through a software vulnerability. 

scareware

•This type of malware uses 'scare' tactics to trick you into taking a specific action. Scareware mainly consists of operating system-style windows that warn you that your system is at risk and needs to run a specific program to return to normal operation. 

•If you agree to execute the specific program, your system will become infected with malware.

Rootkit

•The design of this malware is to modify the operating system to create a backdoor, which attackers can then use to access your computer remotely. Most rootkits use software vulnerabilities to access resources that shouldn’t be accessible (privilege escalation) and modify system files. 

•Rootkits can also modify system forensics and monitoring tools, making them very hard to detect. If a rootkit infected a computer, wipe the computer and reinstall any required software. 

​Viruses

•A virus is a computer program that, when executed, replicates and attaches itself to other executable files, such as a document, by inserting its code. Most viruses require end-user interaction to initiate activation and can act on a specific date or time. 

•Viruses, such as those that display a funny image, can be relatively harmless. Or they can be destructive, such as those that modify or delete data. 

•Viruses can also be programmed to mutate to avoid detection. USB drives, optical disks, network shares, or email spreads most viruses. 

Trojan horse

•This malware carries out malicious operations by masking its true intent. It appears legitimate but is very dangerous. Trojans exploit your user privileges, and image files are where you find them, audio files or games. 

•Unlike viruses, Trojans do not self-replicate but act as decoys to sneak malicious software past unsuspecting users.

Worms

•This type of malware replicates itself to spread from one computer to another. Unlike a virus, which requires a host program, worms can run alone. Other than the initial infection of the host, they do not require user participation and can spread very quickly over the network. 

•Worms share similar patterns: They exploit system vulnerabilities, have a way to propagate themselves, and all contain malicious code (payload) to cause damage to computer systems or networks. 

•Worms are responsible for some of the most devastating attacks on the Internet. In 2001, the Code Red worm infected over 300,000 servers in just 19 hours.

"Malware always leaves clues"

Symptoms of Malware

Regardless of the type of malware that infects a system, you can look out for some common symptoms. These include: 

•an increase in central processing unit (CPU) usage, which slows down your device 

•your computer freezing or crashing often 

•a decrease in your web browsing speed 

•unexplainable problems with your network connections 

•modified or deleted files 

•the presence of unknown files, programs, or desktop icons 

•unknown processes running 

•programs turning off or reconfiguring themselves 

sending emails without your knowledge or consent

Methods of infiltration

​Replace with sub-header

Replace this with your body text. Duplicate this text as many times as you would like. All provided templates can be reused multiple times. Wish you a good day.

Happy teaching!

social Engineering

•Social engineering is manipulating people into performing actions or divulging confidential information. Social engineers often rely on people’s willingness to be helpful but also prey on their weaknesses. 

Social Engineering

Pretexting

•This is when an attacker calls an individual and lies to them to gain access to confidential data. 

For example, pretending to need a person’s personal or financial data to confirm their identity

Social Engineering

Tailgating

•This is when an attacker quickly follows an authorized person into a secure, physical location. 

Happy teaching!

Social Engineering

Something for something (quid pro quo) 

•This is when an attacker requests personal information from someone in exchange for something, like a gift.

Dos Vs DDos

one student blocks the door -> Dos
Many students block the door -> DDos

Denial-of-Service(DoS)

Denial-of-Service (DoS) A Denial-of-Service (DoS) attack happens when a computer, website, or app gets too many requests at once and cannot handle them.
Result:

• Website becomes slow

• App freezes

• Service crashes

Distributed Dos

A Distributed DoS (DDoS) attack is similar to a DoS attack but originates from multiple coordinated sources. For example: 

•A Distributed Denial-of-Service (DDoS) attack is when many computers attack one website or system at the same time, causing it to crash.

Distributed Dos

Hackers infect normal computers by:

• Unsafe websites

• Infected emails

• Fake downloads

Those infected computers become:

🧟 ZOMBIES (they still look normal!)

"Hackers control thousands of computers like zombies

Botnet

•A botnet is a zombie army controlled by one hacker.
A bot computer is a normal computer that becomes infected after visiting unsafe websites or opening infected emails or files.

• A botnet is a large group of these infected computers (bots) connected through the internet and secretly controlled by hackers.

• Botnets can contain thousands or even millions of computers.

" Someone secretly listens to your message in between

On-Path attacks

•On-path attacks happen when an attacker secretly places themselves between two devices (like your browser and a website).

• The attacker can listen to, change, or steal information being sent.

• This type of attack is called a Man-in-the-Middle (MitM) or Man-in-the-Mobile attack.

• In a MitM attack, the attacker takes control without the user knowing.

" You Google homework help...
First result is fake and dangerous " 

SEO Poisoning

•SEO (Search Engine Optimization) is normally used to help websites appear higher in search results.

• Search engines like Google show results based on how relevant a website is to what you search.

• SEO poisoning happens when attackers misuse SEO techniques to push malicious websites to the top of search results.

Password Attacks

write passwords:

• 123456

• password

• A7#pL!9

​Which one would hackers love?

Password Attacks

Password Spraying

• Password spraying is when a hacker tries one common password (like Password123) on many different accounts.

• Then they try another common password (like qwerty) on those accounts.

• This method avoids account lockouts, so it is harder to detect.

Dictionary Attack

• A dictionary attack is when a hacker tries many different passwords from a dictionary or common password liston one account.

• The goal is to guess the correct password by testing common words people often use.

Password Attack

• Brute-force = try all password combinations

• Rainbow attack = match password hashes using tables

• Traffic interception = steal passwords while they are being sent

Security Vulnerability and Exploits

" Even Strong systems fail if there's a crack. " 

Hardware Vulnerabilities/Meltdown and Spectre

Hardware vulnerabilities are weaknesses caused by flaws in the design of physical computer parts.

• One example is RAM (memory), which is made of many tiny components called capacitors.

• These capacitors are placed very close together.

• Because they are so close, changing one capacitor can accidentally affect nearby capacitors.

• Attackers can take advantage of this behavior to access or change data they should not be able to.

Software Vulnerabilities

•Errors in the operating system or application code usually introduce software vulnerabilities. 
Most software security vulnerabilities fall into several main categories
Buffer Overflow: 
Non-validated input: 
Race conditions: 
Weaknesses in security practices: 
Access Control problems: 

Software Updates

•The goal of software updates is to stay current and avoid exploiting vulnerabilities. Microsoft, Apple, and other operating system producers release patches and updates daily. The companies or organizations responsible for them update applications such as web browsers, mobile apps, and web servers. 

The cybersecurity Landscape

Cryptocurrency

“Digital money locked by math 🔐”

•Cryptocurrency is digital money used to buy goods and services, using strong encryption techniques to secure online transactions. Banks, governments, and even companies like Microsoft and AT&T are very aware of its importance and are jumping on the cryptocurrency bandwagon! 

Cryptojacking

•Cryptojacking is an emerging threat that hides on a user's computer, mobile phone, tablet, laptop, or server, using that machine's resources to 'mine' cryptocurrencies without the user's consent or knowledge.