Unit 1: F2F learning – Threats in the cyber world
In recent years, the rapid development of the world and the increasing integration of the Internet in people’s lives, contributed to the expansion of a new type of crime – cybercrime, which has increased with the digitalization of society and all its spheres. Cyber threats refer to any illegal attempt to damage or disrupt an information system through unauthorised access, destruction, disclosure, and/or modification of data. Therefore, cyber threats are a major issue that humans encounter and must face.
History of cyber threats
Variety of information can be found in the literature regarding the origins of cyber threats. According to one source, cyber threats firstly appeared in 1834, when the French telegraph system was hacked by a pair of thieves who stole financial market information, by effectively conducting the world’s first cyberattack. Since then, cybersecurity has become a top priority for national security, and we’ve witnessed some of the largest, and most destructive cyber-attacks in history. Thenceforth, many cyber incidents took place (Forrester, 2021 & Morgan, 2019).
Here is the Dateline Cybercrime presented by Forrester (2021) & Morgan (2019):
Current state in cybersecurity
In January 2022, the European Parliament addressed the issue of cybersecurity and the status in the digital society and media, through an infographic comprising the main and emerging threats in 2021 and the Covid-19 pandemic’s impact on them.
Basically, the progress of digital transformation has inevitably led to new cybersecurity threats, as cybercriminals take advantage of the Covid-19 pandemic, by targeting organisations and companies working remotely. For this reason, Parliament has adopted its position on a new EU directive that reflects how cybersecurity threats have evolved and introduces harmonised measures across the EU, including the protection of essential sectors.
Cybersecurity threats in the European Union are affecting sectors that are vital for society. As observed by the European Union Agency for Cybersecurity (ENISA), between April 2020 and July 2021, the top five sectors affected were public administration/government (198 incidents reported), digital service providers (152), general public (151), healthcare/medical (143) and finance/banking (97) sectors.
During the pandemic, companies had to quickly adapt to new working conditions – thus opening new doors and more possibilities for cybercriminals. According to the European Union Agency for Cybersecurity (ENISA), there are nine prime threat groups; Ransomware – attackers that encrypt an organization’s data and require payment to restore access; Cryptojacking – when cybercriminals secretly use a victim’s computing power to generate cryptocurrency; Threats against data – data breaches/leaks; Malware – a software which triggers a process that affects a system; Disinformation/misinformation – the spread of misleading information; Non-malicious threats – human errors and misconfigurations of a system; Threats against availability and integrity – attacks that prevent the users of a system from accessing their information; Email-related threats – aims at manipulating people to fall victims to an email attack; Supply chain threats – attacking, for example a service provider, in order to gain access to a customer’s data.
At the moment, the most worrying threat is considered to be Ransomware. Ransomware is a malicious software, designed to prevent a user or organisation from accessing files on their computer. The attackers demand a ransom payment to re-establish access. (European Parliament, 2022).
According to Kost (2022), digital risk refers to all unexpected consequences resulting from digital transformation that disrupts the achievement of business objectives. When a business scales, its attack surface expands, increasing its exposure to cyber threats, so this makes digital risk an unavoidable by-product of digital transformation. For this reason, many strategies for digital risk protection have been developed to mitigate digital risk, so that organisations can confidently continue scaling their operations.
Digital risks are divided into 9 primary categories. The provocative complexity of the digital risk landscape can be simplified through the division of risks into those different categories, in order to help organisations, identify the most vulnerable areas of their ecosystems, and support highly targeted risk protection efforts. Types of Digital Risks are Cloud technology, Cybersecurity, Data Leaks, Compliance, Process Automation, Resilience, Data Privacy, Third-Party Risk, Workforce Talent.
How to manage digital risk(s) effectively?
Kost (2022) emphasises that cyber-attacks have the greatest impact across all categories of digital risk. By focusing digital protection efforts on cybersecurity and data leak risks, all other categories of digital risk can be mitigated. Further on, “digital risk protection has a more proactive approach to cybersecurity by detecting threats before they become data breaches.
Digital risk protection efforts monitor for:
According to Cobb (2022), “a cybersecurity risk assessment requires an organization to determine its key business objectives and identify the information technology assets that are essential to realizing those objectives.”
Threat intelligence (TI), or cyber threat intelligence (CTI), is information an organisation uses to understand the threats that had, will, or are currently targeting the organisation. This information is used to prepare, prevent, and identify cyber threats looking to take advantage of valuable resources.
There are three subcategories in which threat intelligence is often broken down into; Strategic — Broader trends typically meant for a non-technical audience; Tactical — Outlines of the tactics, techniques, and procedures of threat actors for a more technical audience; Operational — Technical details about specific attacks and campaigns. Such mechanisms can help organisations gain valuable knowledge about these threats, build effective defence mechanisms, and mitigate the risks that could damage their bottom line and reputation, by focusing on threat prevention and planning. They continuously scan the ecosystem for vulnerabilities and manage remediation efforts for all discovered risks. The end-goal is to strengthen security postures both internally and throughout the vendor network to improve resilience to cyberattack attempts. (Forcepoint, n.d., Kost, 2022, & Recorded Future, n.d.)
Types of threats in cyber world
As Cyber threats change at a rapid pace and tactics and attack methods are changing and improving daily, this section provides information on what types of cyber threats an institution or organisation should be aware of.
- Credit card fraud (CC Frauds)
It is a form of identity theft in which criminals make purchases or obtain cash advances using a credit card account assigned to someone else. (Commonwealth of Massachusetts, n.d.)
It includes unwanted, unsolicited, or undesirable messages and emails. (Commonwealth of Massachusetts, n.d.)
- Scams/ threats in social/ digital media:
Scams and threats in social and digital media occur when people give too much personal information about them on their social media platforms. Attackers can easily collect these data and use them for their benefit. Some social media threats come in the form of phishing scams. This means that the attacker has successfully collected personal information through social media and used this knowledge to send their victim an email. Messages like these usually trick the person into clicking an attached link that could send the attacker sensitive information, which the attackers can subsequently use for blackmail. (FRAUDWATCH, n.d.)
Likejacking/clickjacking refers to when users are tricked into clicking items on a webpage and/or liking something (e.g., a Facebook page) without their knowledge (Commonwealth of Massachusetts, n.d.). A frequent way in which internet users are tricked into clickjacking is through the exploitation of a compelling video and/or image that users can only access after they follow the page or click the ‘like’ button. (Techopedia, 2022)
- Fake giveaways
Giveaways are widely popular and create lots of interaction – but they can come with a sting in the tail in the form of fake giveaways specifically created with the intention of tricking people into handing over precious information. (Commonwealth of Massachusetts, n.d.)
Malware (short for malicious software) mainly refers to intrusive files or software which intend to damage and/or destroy computer systems. Common examples of malware are viruses and spyware (Cisco, 2022). A common form in which malware’s appear is through the form of a video with an outrageous title. Titles range from recent shocking worldwide events and explicit videos. Morbid curiosity kicks in and people hit the link, compromising their account or computer, or driving money to scammers via affiliate scams. (Commonwealth of Massachusetts, n.d.)
According to Cybersecurity and Infrastructure Security Agency (CISA), Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans.
- Ransomware attacks
Ransomware attack is a type of malware attack in which the attacker locks and encrypts the victim’s data and important files, and then demands a payment to unlock and decrypt the data. This type of attack takes advantage of human, system, network, and software vulnerabilities to infect the victim’s device—which can be a computer, printer, smartphone, wearable, point-of-sale (POS) terminal, or another endpoint. (Imperva, n.d.)
- Affiliate scams
Affiliate scams are incentive programs where companies pay to drive traffic or new subscribers to their site. (Norton, n.d.)
- Fake friends or followers (Norton, n.d.)
Fake social media friend requests can represent ploy by scammers or hackers attempting to gain more access to your personal information or looking to discover personal information about you that can be used in a phishing attack. You might also get requests from fake friends sharing links to e.g., viral videos – those can host malicious links to malware or phishing sites that can enter your personal information into their databases or embed themselves on your Facebook newsfeed, luring your friends and family to click and get infected.
If you receive a fake request, report it to Facebook, LinkedIn, or another social platform. It is important that the security experts are informed about these hacking attempts, so they can use and deploy proactive monitoring, anti-spam, and anti-malware solutions.
Phishing is a form of social engineering, including attempts to get sensitive information. Phishing attempts will appear to be from a trustworthy person or business. In other words, it happens when someone sends a message pretending to be a reputable company/contact to get their victim to reveal personal information like passwords or credit card numbers. Phishing attacks use fake communication, i.e., an email, to trick the recipient into opening it and following the instructions, by giving a credit card number to steal sensitive data and login information or install malware on the victim’s computer. (Commonwealth of Massachusetts, n.d.)
- Catfishing/dating scams
When a person sets up a false personal profile on a social networking site for fraudulent or deceptive purposes. (Commonwealth of Massachusetts, n.d.)
- Cyberbullying and abuse
Anonymity, hateful comments, mean remarks against a person or a group of people. (Norton, n.d.)
- Identity theft
When too much information is shared on social media platforms, hackers are eased to steal personal information, crack passwords and/or steal identities. (Norton, n.d.)
- Apps threat
Fake apps loaded with viruses or real apps that will sell your data. (Norton, n.d
- Private messages with dodgy links/worms (Norton, n.d.)
Worms are a type of malware that replicate itself to spread to as many computers as possible. (Norton, n.d.)
- Man-in-the-Middle (MitM) Attacks
MitM attacks happen when a perpetrator positions themselves in a conversation between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway, to steal personal information, such as login credentials, account details and credit card numbers. (Imperva, n.d.)
- Denial-of-Service (DOS) Attack
DoS attack is a way of cyber-attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending information to it, that triggers a crash. (Paloalto Networks, n.d.)
- SQL Injections
SQL Injection Is a common web hacking and code injection technique that results from inserting malicious code into a server that uses SQL. When infected, the server releases information that might destroy a database. It usually occurs when you ask a user for input, like their username, and instead of a name/id, the user gives you an SQL statement that will unknowingly run on your database. (W3Schools, n.d.)
- Zero-day Exploit
Zero-day Exploit is an unknown exploit on the internet that exposes a vulnerability in software or hardware, and can create complicated problems well before anyone realises something is wrong. In fact, a zero-day exploit leaves no opportunity for detection. (FIREEYE, n.d.)
- Password Attack
Password attacks refer to any of the various methods used to maliciously authenticate into password-protected accounts, such as social engineering, accessing a password database or outright guessing, brute forcing, dictionary attacks, password spraying, and credential stuffing. These examples are considered as strategies cyber attackers use, that rely on human interaction, and often involve tricking people into breaking standard security practices. They are typically facilitated using software that expedites cracking or guessing passwords. The most common attack methods include brute forcing, dictionary attacks, password spraying, and credential stuffing. (CIS, n.d.)
- Cross-site Scripting
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. (Kirsten, n.d.)
- Social engineering
Social engineering is a term used for a broad range of malicious activities accomplished through human interactions. This means that it relies on human error rather than vulnerabilities in software and operating systems. Thus, social engineering uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.