​Introduction

US $600 billion a year. That’s the estimated cost of cybercrime as of 2018. That’s a $100 billion increase since 2014, which was the last time a similar study was released by the Center for Strategic and International Studies and McAfee. This new estimate is around 0.8% of the global GDP, compared to 0.7 from 2014.

Cybercrime is never tiring, it hasn’t diminished, and there are no signs of it stopping in the near future. Why? Because cybercriminals find it easy and very much rewarding. Plus, the chances of getting caught and being punished seem low.

Now that we know cybercrime isn’t going away anytime soon, the only thing we can do is to get ourselves protected.

This is where cybersecurity steps in.

This book is aimed at people who want to gain knowledge of the essentials of cybersecurity and how it can be used to protect against cybercrimes. The knowledge from this book can be used to protect companies and individuals against cyberattacks.

​Chapter 1. Cybersecurity – A Brief History

Most people assume that the term cybersecurity has just been coined in the last decade and it’s something new. However, its history goes back to the ’70s. It’s a time when most people didn’t have a computer. There are even ‘hacking’ incidents’ that have happened before the existence of computers. But for the purpose of this book, let’s talk about what happened in an experiment in 1971.

​The Very First Computer Worm

Bob Thomas created a program in 1971 that is now considered the very first computer worm. This worm was programmed to bounce between computers, which at that time was groundbreaking. It was not even malicious, unlike the computer worms of today. What it does is display a message on the screen of the infected computer that says ‘I’m the creeper: catch me if you can.’

The dawn of this vulnerability in computers gave birth to more complex attacks that were meant to be malicious and some were downright destructive.

​The Very First Denial-of-Service Attack

Robert Morris created a special computer worm in 1989 which slowed down the Internet significantly back in those days, making connections unavailable. This was the first denial-of-service or DoS recorded in history. Morris didn’t even develop the worm to wreak havoc. The original motive behind the worm is to expose security flaws like weak passwords and Unix Sendmail. However, the worm replicated excessively which caused the Internet connection slowdown and damages amounting to somewhere between $100,000 and $10,000,000. The Internet even became partitioned for several days because of the anomaly.

​The AIDS Trojan

The same year the first DoS attack was made also marked the introduction of the first ransomware attack initiated by Joseph Popp. He developed a malware which he nicknames the AIDS Trojan. This malware was distributed via Joseph’s mailing lists and by using floppy disks. With the Trojan malware, he was expecting to extort money out of people who want to regain access to their files, which were lost due to how ransomware is programmed. Extortion is the goal of modern ransomware attack, hence the name. The AIDS Trojan wasn’t really successful because it was poorly designed and can be removed easily. It only scrambled filenames instead of the contents so infected computers were still usable and programs such as AIDS_OUT were developed to unlock the files.

​The Computer Misuse Act

With the proliferation of attacks on computers, the United Kingdom created one of the first acts or legislation in history meant to deal with cybersecurity. It was titled The Computer Misuse Act which was passed in 1990. According to the act, any unauthorized attempt to access any computer system is illegal. The Computer Misuse Act is still active though a lot of amendments have been added to modernize it.

​Security Becomes Mainstream

1999 saw the birth of Microsoft’s new operating system, Windows 98. It was highly successful and made computers easier to use for common people. This spike in the ownership and use of computers also made software security systems more common. Microsoft released a lot of patches and commercial security products developed for Windows. Third-party security vendors also joined the bandwagon and released their own anti-hacking software to be used for home computers.

​ILOVEYOU Virus

Microsoft also dominated the office applications market during the late 90s and early 2000s with its bundle called Microsoft Office. Included with Microsoft Office is the email application called Microsoft Outlook. And this application is what a virus released in 2000 exploited. The virus is attached to an email with the note saying ‘I LOVE YOU’. Once the attachment is opened it replicates the same email and attachment and sends it to all the email addresses of the recipient’s contacts list in Microsoft Outlook, propagating exponentially. This attack was so effective that it infected 45 million users in one day making it one of the most damaging viruses in the history of cybersecurity.

​The Creation of Homeland Security

The Department of Homeland Security was created by a bill filed by George W. Bush in 2002. This governing body took on the country’s IT infrastructure responsibilities. Later on, a division of the department was created specifically for cybersecurity.

​Hacktivism

Although hacking was mainly born out of extorting money or stealing data, some hackers used their knowledge and tools to bring about change and influence policies. Their goal was to increase political awareness through Internet activism which is their way of spreading their ideals. Thus, hacktivism was born. One of the more famous hacktivists groups is called Anonymous and they have initiated cyberattacks against organizations and governments.

​Wikileaks

The Wikileaks of 2016 is by far the most infamous leak of information in history done via the Internet. Documents coming from the 2016 national committee were published for the whole world to see. The whole scandal involved hackers from the Russian intelligence agency.

​The Future

The application of cybersecurity is here to stay. In 2018, we witnessed some of the most culturally notable and largest cyberattacks in recent history and we have learned a lot.  We now know that Facebook is selling our personal data. The Marriott Hotel fiasco showed that breaches in security can remain dormant and unnoticed for years.

There is more to come and we, as upholders of cybersecurity, should always be ready. Passwords are dying a slow death with the introduction of Multi-Factor Authentication systems and the rise in the use of Artificial Intelligence makes detecting and preventing cybercrimes more efficient.

​Chapter 2. Common Cybersecurity Attacks

No two battles in history are exactly alike. Yet, similar tactics and strategies have been used mainly because they are effective as time has proven.

The same way of thinking applies to hacking. When hackers are trying to infiltrate an organization, they’ll use the same time-proven tools and distribution channels. They will use the same hacking techniques that are proven to be highly effective like phishing, malware, or cross-site-scripting.

Here are some of the most common cybersecurity attacks seen today.

​Phishing

Most people now know better than to open an attachment from a random email or click any link embedded in it. There has to be a valid reason for you to take that course of action.

Unfortunately, attackers also know this. So in order to make you give out sensitive information or install malware on your system, they employ phishing strategies. Phishing is basically the sender pretending to be something or someone else to entice you to take that action that you wouldn’t, in more suspicious scenarios. Phishing relies on natural human impulses and curiosity which makes this kind of attack hard to stop.

During phishing, the attacker may send an email your way but will make it appear as though it’s coming from a person or entity you trust, such as your boss or an organization you’re doing business with. This email will, in all sense, seem legitimate and may stir some sense of urgency in you. An example would be a suspicious activity coming from your account.

Phishing emails usually contain an attachment that can be opened or a link that can be clicked. Opening the attachment installs the malware in your system and clicking the link takes you a website that may look legitimate, asking for your account and password to open an important file. But this website is actually a trap that is designed to capture your credentials after you log in.

Combatting phishing attacks requires recognizing the importance of verifying links or attachments as well as the email senders.

​Malware

You clicked a malicious attachment mistakenly and you see the antivirus alert screen pop up. You just had a close encounter with malware and luckily, your security software protected you.

The term ‘malware’ represents various forms of malicious or harmful software like viruses and ransomware. Attackers use malware to get access to computers and eventually all the computers in the office network and it can be effective.

Once the malware gets inside your computer it can do anything from getting control of the machine, to recording all your keystrokes and actions, to sending confidential data from the computer or the whole network silently to the attacker’s system.

There are a variety of methods that attackers can use to install malware on your