Federal University of Technology, Minna

Department of Computer Engineering

CPE 524
Computer and Network Security

Week 2: Threats, Vulnerabilities, and Attacks

Lecturer: Engr. Dr. Aliyu Ahmed

Academic Session: 2024/2025
CPE 524: Computer and Network Security

Learning Objectives

By the end of this session, students will be able to:

Distinguish between threats, vulnerabilities, and attacks in cybersecurity contexts

Identify major cyber threat actors and understand their motivations

Recognize and classify different types of vulnerabilities

Understand and classify malware varieties and their behaviors

Analyze network and web application attack methods

Examine real-world case studies from

Prepare for the practical malware classification lab

Made with Genspark

CPE 524: Computer and Network Security

Lecture Outline

1 Introduction 8 Network and Web Attacks

2 Threat Landscape 9 Social Engineering

3 Key Statistics 10 Case Studies

4 Fundamental Concepts 11 Defense Strategies

5 Threats & Threat Actors 12 Lab Preview

6 Vulnerabilities 13 Q&A & Next Week

7 Malware Types

Made with Genspark

CPE 524: Computer and Network Security

Threat Landscape 2025

A snapshot of the current cybersecurity environment, including
the most significant developments and emerging trends
impacting organizations globally.

Made with Genspark

CPE 524: Computer and Network Security

Key Statistics & Trends (2025)

$4.67M 52%
Healthcare sector targeted in major
Global average cost of data breach
breaches

34% 2x
Incidents attributed to ransomware
Supply chain attacks doubled since 2024
attacks

39% Source: Global Cybersecurity Outlook 2025

of initial breach vectors are social engineering attacks World Economic Forum
CPE 524: Computer and Network Security

Fundamental Concepts: Threats, Vulnerabilities, Attacks

Threat Vulnerability Attack

Potential cause of an unwanted Weakness or flaw in a system, Deliberate action that exploits
incident that may result in harm design, implementation, or vulnerabilities to compromise
to a system or organization security controls that could be security objectives
exploited
Examples: Examples:
Malicious actors Examples: Ransomware deployment
Natural disasters Software bugs SQL injection
System failures Misconfigurations Social engineering
Internal employees Weak passwords DDoS operations
Unpatched systems

Key Relationship: Threat actors leverage attacks to exploit vulnerabilities

Risk = Threat × Vulnerability × Impact
CPE 524: Computer and Network Security

Threat Classification Framework

Frameworks to categorize cyber threats based on source, intent, method, and impact:

NIST Framework STRIDE Model

Categorizes threats by type, source, and impact Spoofing - Impersonating something/someone else

Assess threats using Identify, Protect, Detect, Tampering - Modifying data/system maliciously
Respond, Recover Repudiation - Denying responsibility for actions
Provides context for cybersecurity risk management Information disclosure - Data leaks/exposure

Denial of service - System/service unavailability

Elevation of privilege - Gaining unauthorized access

Other frameworks: MITRE ATT&CK, Cyber Kill Chain, Diamond Model (2025)

Made with Genspark

CPE 524: Computer and Network Security

Who are the Threat Actors?

Threat actors are individuals or groups who conduct or have the intent to conduct malicious activities:

Nation-State Actors Cybercriminals

Government-sponsored groups with substantial resources Financially motivated individuals or groups using
pursuing geopolitical advantages, espionage, and ransomware, fraud, and data theft for monetary gain
infrastructure disruption

Hacktivists Insider Threats

Ideologically motivated actors targeting organizations Current or former employees with legitimate access
whose actions they oppose for political or social reasons exploiting inside knowledge for personal gain, revenge, or
negligence

Script Kiddies Cyber Terrorists

Low-skilled individuals using pre-made tools for Groups seeking to cause fear or disruption targeting
opportunistic attacks, driven by curiosity, status, or critical infrastructure and essential services
challenge
CPE 524: Computer and Network Security

Nation-State Actors & APTs

Targeted, stealthy, and well-resourced attacks focused on
infrastructure, espionage, and sabotage. State-sponsored
threat actors deploy sophisticated techniques to maintain
persistent access to networks for months or years without
detection.

Made with Genspark

CPE 524: Computer and Network Security

Cybercriminals

Financially motivated threat actors operating in the cyber domain:

Primary Motivation: Financial gain through Ransomware-as-a-Service (RaaS): Criminal

extortion, theft, fraud business model offering ransomware kits for
commission
Ransomware: 34% of all cyber incidents in 2025,
average demand $4.2M Expanding Markets: Dark web marketplaces for
stolen credentials, zero-day exploits, and malware
Phishing: Business Email Compromise (BEC) caused
kits
$1.8B+ in damages in 2025
2025 Trend: Growing professionalization with
"customer service" and specialist roles

Critical Development: AI-augmented phishing and social engineering increasingly bypassing traditional security
measures
CPE 524: Computer and Network Security

Insider Threats

Security risks from individuals with legitimate access to an organization's systems and data

Malicious Insiders Negligent Insiders Compromised Insiders

Deliberately cause harm for financial Unintentional errors, policy violations, Credentials stolen through phishing or
gain, revenge, or ideology misuse of resources social engineering

Cost per incident: $715,366 in 2025 Account for 56% of all insider incidents Growing by 47% since 2023

Key Statistics (2025)

Average time to detect an insider threat: 85 days
34% of organizations experienced insider incidents in the past 12 months

Privileged users (administrators, IT staff) pose the highest risk

Made with Genspark

CPE 524: Computer and Network Security

Vulnerability Types Overview

Weaknesses or flaws in systems, networks, and applications
that can be exploited by threat actors. Understanding
vulnerability classifications is essential for effective risk
assessment and prioritization.

Made with Genspark

CPE 524: Computer and Network Security

Software Vulnerabilities

Common code-based weaknesses that can be exploited:

Buffer Overflows Injection Flaws

When data exceeds allocated memory boundaries, allowing SQL, LDAP, XPath, NoSQL, OS command, XML injections that
attackers to execute arbitrary code manipulate interpreters

Memory Safety Issues Race Conditions

Use-after-free, uninitialized memory access, memory leaks Time-of-check to time-of-use (TOCTOU) vulnerabilities in multi-
exploited in browsers and applications threaded applications

API Vulnerabilities Insecure Deserialization

Insecure API design leading to data exposure, broken function Untrusted data processed without proper validation, allowing code
level authorization execution

Impact Statistic
64% of all breaches in 2025 leverage some form of software vulnerability, with
38% specifically targeting unpatched code-based weaknesses.
CPE 524: Computer and Network Security

Network Vulnerabilities

Weaknesses in network infrastructure and protocols that attackers can exploit

Protocol Vulnerabilities Infrastructure Weaknesses

Unencrypted data transmission Improper network segmentation
DNS cache poisoning Unsecured wireless access points

TCP/IP vulnerabilities (SYN flood, session hijacking) Legacy systems with unpatched vulnerabilities

Weak Authentication 2025 Network Vulnerability Impact

Default credentials left unchanged 820,000+ daily attacks on IoT devices
Single-factor authentication 39% of breaches exploit network vulnerabilities

Weak encryption algorithms (46% of IoT devices) Average time to detect: 208 days (2025)

Made with Genspark

CPE 524: Computer and Network Security

Configuration Vulnerabilities

Security weaknesses resulting from improper setup, default settings, or misconfigurations:

System Misconfigurations Cloud Security Issues

Unpatched systems, excessive permissions, default Misconfigured S3 buckets, insecure APIs, overly permissive
credentials, unnecessary services IAM roles, missing encryption

Database Vulnerabilities Firewall Weaknesses

Public-facing databases, weak authentication, excessive Overly permissive rules, outdated policies, improper
privileges, unencrypted sensitive data network segmentation, bypassed security controls

2025 Impact: 63% of data breaches involve configuration errors, with cloud misconfigurations being the fastest growing
category (↑27% since 2024)

Made with Genspark

CPE 524: Computer and Network Security

CVSS Scoring System

Common Vulnerability Scoring System (CVSS) provides a standardized framework for rating the severity of security
vulnerabilities

CVSS Components CVSS v4.0 Metrics (2024)

Base Score: Intrinsic and unchanging qualities of Attack Vector: How vulnerability is exploited
vulnerability Attack Complexity: Conditions beyond attacker's control
Temporal Score: Characteristics that evolve over time Privileges Required, Impact Metrics
Environmental Score: Context-specific implementation
considerations

CVSS Severity Rating Scale (0-10)

Low: 0.1-3.9 Medium: 4.0-6.9 Critical: 9.0-10.0

Higher scores indicate greater severity and should be prioritized for remediation
CVSS v4.0 (2024) improved scoring for supply chain & multi-system scenarios
CPE 524: Computer and Network Security

Zero-Day Vulnerabilities

Definition: Previously unknown vulnerabilities with no available patches that attackers can exploit before
defenders have an opportunity to develop countermeasures

2025 Market Dynamics: Zero-day exploits trading for $500K-$5M on dark web markets, with premium prices
for critical infrastructure targets

Rising Trend: 432 new zero-days identified in first half of 2025 (VulnCheck data), representing 38% increase
over previous year

Notable Examples: Apple iOS/macOS (actively exploited), Microsoft Exchange, PDF-XChange Editor (CVE-
2025-6662)

"Harvest Now, Decrypt Later" Attacks: Quantum computing risks driving collection of encrypted data for
future decryption

Responsible Disclosure: Security researchers actively working with vendors via coordinated vulnerability
disclosure programs
CPE 524: Computer and Network Security

What is Malware?
Malicious software designed to damage, disrupt, or gain
unauthorized access to systems. Modern malware landscape
includes viruses, worms, trojans, ransomware, spyware, and
emerging AI-powered threats.

Made with Genspark

CPE 524: Computer and Network Security

Virus, Worm, Trojan - Classic Malware Types

Traditional malware categories that continue to evolve in 2025:

Computer Virus Computer Worm Trojan Horse

Definition: Self-replicating code Definition: Self-replicating, Definition: Malicious program
that attaches to host files standalone program disguised as legitimate

Propagation: Requires user action Propagation: Spreads Propagation: Social engineering,

to spread automatically via networks downloads

Characteristics: Infects Characteristics: Consumes Characteristics: Creates

executables, documents, boot bandwidth, crashes systems backdoors, steals data
sectors Example: IoT-targeting worms Example: RATs (Remote Access
Example: Polymorphic Trojans)
document macros

Key Differences:
Virus: Requires host file, needs user activation
Worm: Self-sufficient, autonomous propagation
Trojan: No self-replication, relies on deception
CPE 524: Computer and Network Security

Ransomware: Modern Epidemic

$4.2M 87%
Ransomware now uses double extortion
Average ransom demand in 2025
tactics

65% 73%
Surge in healthcare ransomware attacks Attacks now target cloud backups first

RaaS Major variants: BlackCat, LockBit 3.0, Royal

Ransomware-as-a-Service models now dominate the market Source: IBM X-Force 2025 Threat Report
CPE 524: Computer and Network Security

Advanced Malware Types

Fileless Malware Keyloggers

Operates entirely in memory, leaving no files on disk. Record keystrokes to capture passwords and sensitive
Uses legitimate tools like PowerShell. 67% increase in information. Now evolved to include screen capturing and
2025, evading traditional antivirus. clipboard monitoring capabilities.

Remote Access Trojans (RATs) Rootkits

Provide unauthorized remote access to infected systems. Operate at kernel or firmware level, hiding malicious
Examples: Warzone RAT, AsyncRAT, Quasar. Growing 42% activity from OS and security software. Extremely difficult
in targeted attacks. to detect and remove. Used in 23% of APT attacks.

Infostealers Cryptojackers
Designed to harvest credentials, cryptocurrency wallets, Hijack computing resources to mine cryptocurrency.
and browser data. 2025 variants: Raccoon, RedLine, Vidar. Notable 2025 increase in cloud infrastructure targeting
Major threat in credential markets. (48% growth). Causes performance degradation and
increased costs.

Trend for 2025: 78% of advanced malware now employs multiple techniques (e.g., fileless delivery + infostealing +
persistence via rootkit)
k
CPE 524: Computer and Network Security

Network Attack Methods

Techniques used by threat actors to compromise network
infrastructure, intercept data, and gain unauthorized access.
These attacks target the foundation of organizational
connectivity and communication systems.

Made with Genspark

CPE 524: Computer and Network Security

Web Application Attacks (OWASP Top 10)

The OWASP Top 10 represents the most critical web application security risks in 2025:

1. SQL Injection 4. Cross-Site Request Forgery (CSRF)

Untrusted data passed to SQL interpreter, allowing attackers to Forces authenticated users to submit unwanted requests to web
execute arbitrary SQL commands applications
2025 Impact: 23% of reported breaches involve SQL injection Exploits trust between browser and application

2. Cross-Site Scripting (XSS) 5. API Security Vulnerabilities

Injection of client-side scripts into pages viewed by other users Insecure API implementation leading to data exposure or function
Variants: Stored, Reflected, DOM-based XSS abuse
New to OWASP Top 10 in 2025 due to API-first architecture trends

3. Broken Authentication
Session management and authentication flaws allowing account 6-10. Additional Critical Risks
compromise • Insecure Deserialization
Often exploited via credential stuffing attacks • Security Misconfiguration
• XML External Entities (XXE)
• Broken Access Control
• Server-Side Request Forgery (SSRF)
CPE 524: Computer and Network Security

Social Engineering Attacks

The art of manipulating humans to breach security practices

Common Techniques 2025 Trends

Pretexting: Creating a fabricated scenario to extract AI-Enhanced: 78% increase in AI-powered
information impersonation attacks

Baiting: Offering something enticing to entrap the Voice Cloning: 442% rise in voice phishing with
victim cloned voices

Scareware: Frightening users into taking harmful Deepfakes: Executive video impersonation causing
actions $45M in losses

Quid Pro Quo: Offering a service in exchange for Target Shift: 39% of incidents now targeting mid-
information level employees

Tailgating: Unauthorized physical access by Multi-Channel: Attacks coordinated across email,

following authorized personnel SMS, and social media

Why So Effective? Nearly all (98%) social engineering attacks exploit human psychology rather than technical
vulnerabilities. Human-targeted defenses are essential in 2025.
CPE 524: Computer and Network Security

Phishing Evolution: 2025

442% 82%
Increase in voice phishing (vishing) Of enterprises report AI-enhanced
attacks phishing

53% 67%
Increase in SMS phishing (smishing) Cannot distinguish deepfakes from real
attacks people

42% Source: Human Factor 2025 Report

Overall increase in phishing incidents in 2025 Proofpoint Research
CPE 524: Computer and Network Security

Attack Vectors & Kill Chains

How attackers target systems and the methodical approach they follow

Common Attack Vectors Lockheed Martin Cyber Kill Chain

Email-Based 1 Reconnaissance
Phishing, malicious attachments, business email compromise Gathering information about the target
(BEC)
2 Weaponization
Web-Based Creating malicious payload
Drive-by downloads, watering hole attacks, malicious ads
3 Delivery
Physical/Removable Media Transmitting weapon to target
USB drops, infected devices, rogue hardware
4 Exploitation
Supply Chain Executing code on victim's system
Compromised updates, third-party dependencies, hardware
tampering 5 Installation
Installing persistent backdoor

6 Command & Control (C2)

Establishing remote access channel

7 Actions on Objectives
Achieving attacker goals (data theft, encryption)
CPE 524: Computer and Network Security

Case Studies: Major Incidents in 2025

U.S. National Guard Breach Medusind Healthcare Breach

Attack Vector: Compromised contractor credentials Attack Vector: Unpatched vulnerability exploitation
Impact: Network configurations stolen by Chinese APT Impact: 360,000 patient records compromised
Date: July 17, 2025 Date: March 2025
Lesson: Third-party access requires strict Lesson: Timely patching and HIPAA compliance
monitoring and MFA remains critical

American Express Merchant

Palo Alto/Zscaler Supply Chain
Data
Attack Vector: Salesloft Drift credential compromise
Attack Vector: API security flaw exploitation
Impact: Multiple downstream customers affected
Impact: Merchant processor confidential data exposed
Date: February 2025
Date: March 2025
Lesson: Third-party security assessments are
Lesson: API security testing must be comprehensive
essential
CPE 524: Computer and Network Security

Healthcare Ransomware Surge

52% $4.2M+
of major breaches targeted healthcare Average ransomware demand in
sector in 2025 healthcare

9 Days 67%
of affected facilities paid ransom to restore
Average systems downtime after attack
services

23.1M 45% of attacks delayed critical care

Patient records exposed in healthcare breaches Source: HIPAA Journal (May 2025)
CPE 524: Computer and Network Security

Supply Chain Attacks

22 of 24 37%
Industry sectors affected by supply chain Rise in software dependency poisoning
attacks attacks

3.2M 149%
Records exposed in Palo Alto/Zscaler Increase in open-source supply chain
incident exploits

Major Cases Average breach cost:

SolarWinds Incident, U.S. National Guard breach, Medusind supply $5.9M per supply chain
chain attack incident
CPE 524: Computer and Network Security

Defense Strategies Overview

An introduction to essential security countermeasures that
organizations implement to detect, prevent, and respond to the
threats, vulnerabilities, and attacks discussed in previous
sections.

Made with Genspark

CPE 524: Computer and Network Security

Risk Assessment Basics

A systematic process for evaluating potential security risks by identifying threats, vulnerabilities, and their potential impact.

1. Risk Identification 4. Risk Prioritization

Document assets, threats, and vulnerabilities using asset Using risk matrices and heat maps to categorize risks
inventory, vulnerability scanning, and threat intelligence based on likelihood and impact

2. Risk Analysis 5. Risk Treatment

Quantitative (financial metrics) and qualitative (descriptive Accept, mitigate, transfer, or avoid risks based on
ratings) approaches to determine risk magnitude organizational risk tolerance

3. Risk Evaluation Frameworks

Compare analysis results against risk criteria to determine NIST SP 800-30, ISO 27005, FAIR (Factor Analysis of
which risks need treatment Information Risk), OCTAVE

Made with Genspark

CPE 524: Computer and Network Security

Lab Preview: Malware Classification

In next week's Labtainers practical session, you will:

Lab Activities Tools & Prerequisites

Analyze and classify unknown malware samples Cuckoo Sandbox: Automated malware analysis
using static and dynamic analysis environment

Identify malicious behaviors and infection vectors VirusTotal: Multi-engine malware scanning platform

Create YARA rules to detect similar malware variants YARA: Pattern matching tool for malware
identification
Generate detailed analysis reports with IOCs
Prerequisites: VM with 8GB RAM, Labtainer
environment

Important: This lab will be conducted in an isolated network environment. All activities are for educational purposes
only. Lab report submission due one week after the session.
CPE 524: Computer and Network Security

Summary & Key Takeaways

Cyber threats, vulnerabilities, and attacks continue to evolve with increasing

sophistication

Sector-specific targeting and supply chain risks are rising dramatically

Hands-on skills and continuous vigilance are essential in threat landscape

Prepare for next week's lab session by reviewing the provided resources Next Steps →

Made with Genspark

CPE 524: Computer and Network Security

Questions & Discussion

Which threat actors do you think pose the greatest risk to Nigerian organizations in
2025?

Share your experiences with security incidents or social engineering attempts you've
encountered

How might AI-powered threats change our approach to defensive security in 2025-
2026?

Open Q&A: Feel free to ask questions about any topic covered in today's lecture Ask Now
CPE 524: Computer and Network Security

Next Week Preview

Week 3: Security Models & Access Control

Fundamental security models: Bell-LaPadula, Biba, Clark-Wilson, and Chinese Wall

Access control mechanisms: DAC, MAC, RBAC, and ABAC implementations

Hands-on lab: access-control using Labtainers environment

Required reading: Stallings, W. (2024) "Network Security Essentials" Prepare Lab

Chapter 4 Environment