IBMSec course 1 Introduction to Cybersecurity Tools & Cyber Attacks

Posted Sep 17, 2020 Updated Jan 2, 2023

By Grace L

4 min read

Introduction to Cybersecurity Tools & Cyber Attacks

[toc]

Week 1

Security Threats

Vulnerability Assessments

Roles in Security

Cybersecurity Introduction

Beyond Technology: Critical Thinking in Cybersecurity

week 2 Security Attacks, Actors and their Motive

type of attack

Syrian Electronic Army

Website defacement and electronic surveillance against Syrian rebels and other opposition
Defacement attacks against Western websites that it contends spread news hostile to the Syrian government
Spamming popular Facebook pages with pro-regime comments:[19] The Facebook pages of President Barack Obama and former French President Nicolas Sarkozy have been targeted by such spam campaigns.

attack	result
2011
Guccifer	exposed the existence of Hillary Clinton’s private email server,
Sony attack	The Lutz group on 2011 goes to Sony and hack their PlayStation network system and they leak a lot of information regarding credit cards, regarding accounts on their PlayStation network.
Singapore attacks	lot of hackers that send attacks into websites, not just government websites, but also banks and companies on Singapore to protest for some policies, some laws that the Singapore government are passing.
2014
LinkedIn attack	leak was something pretty important.
2015
Target	At least 100 million of credit cards was leaked.
2016	US election attack, CNN attack
Dyn attack	using something called Mirai attack. First attack using IoC to perform a DDoS attack in 2016 service, DNS servers.
2017, 2018	Shadow Brokers, EternalBlue, WannaCry, Emotet, we have NSA leaks.
ASUS attack	supply chain attacks. Somebody or a group of hackers or somebody hack into ASUS. And on their supply chain for their computers, especially for the operating systems and software on their computers install a malware.

tools | note —|— CyberBears for the US election hacks | used two tools called SeaDaddy and SeaDuke. Those tools were used to generate backdoors into the committee of the party BlackEnergy Russian hackers | exploit vulnerabilities on SCADA or PLCs or ICS systems that those systems are normally used on power plants, on nuclear plants, on water plants, things like that. And Ukraine was part of that Shamoon Duqu Flame DarkSeoul WannaCry | for criminals and sponsor hackers from governments to exploit, not just infrastructure, but also data and other information from businesses, personal information and Internet and all.

Security Attack Definition

Security services

Security Mechanisms

Network Security Model

Organizational Threats

Attacks

Security Architecture Attacks

Malware and Ransomware

virus: a piece of malicious code that spreads from one computer to another by attaching itself to other files using self replication. Note that they’d require human interaction to self replicate. Do to its self replicating nature, they are quite difficult to remove from a system. They also use tactics to hide on the system, like polymorphic code which encrypts and duplicates itself which makes it a little bit harder for the antivirus to find. This is known as a polymorphic virus. Other category of a Malware virus which threatens to shield itself by obscuring the true location in the system. And its code make it harder to reverse engineer to create signatures for it.
Worms： self-replicating Malware that does not require human interaction. main goal is spread and cripple resources or turn computers into zombies.
Trojans: hidden Malware that causes damage to a system or gives an attack access to the host. They are usually introduced into the environment to a computer by posing as a vending package, such as a game, wallpaper, or any kind of download.
Spyware, the main goal of spyware is to track and report the usage of the host or to collect data that the attacker desires to obtain. It can include web browsing history, personal information, marketing information, any kind of files the attacker wants to chase.
Adware, code that automatically displays or downloads unsolicited advertisements, usually seen on a browser pop up.
RATs remote access tool/trojans. allow the attacker to gain unauthorized access and control the computer.
rootkit: piece of software that is intended to take full or partial control of a system at the lowest level. Now we have Ransomeware.