Introduction to Cybersecurity and strategy

Attack strategies

Opeyemi Osanaiye
PhD Electrical Engineering
 Introduction to Cybersecurity and strategy

LEARNING OBJECTIVES

Upon the completion of this class, students should be able to:

● Understand active and passive aack strategies.

● Understand malicious software.

● Describe the dierent threats posed by malicious software.
● Describe countermeasures for dierent aacks.
 Introduction to Cybersecurity and strategy

Cybersecurity Attack
• In this lesson, we will first look at the dierent types
of aack by categorizing it into passive and active
aack
• Thereafter, we will discuss malware aacks

Therefore, let us start by defining what an aack is.

What is an aack ?
• An aack is an assault on system security that is
derived from an intelligent threat;
• That is, an intelligent act that is a deliberate aempt
to evade security services and violate the security
policy of a system.
 Introduction to Cybersecurity and strategy

Cybersecurity Attack
• A useful categorization of security aacks is
in terms of passive aacks and active aacks
• An active aack is an aempt to alter
computer network system resources or
operations.
• This is achieved by making changes to
existing data, modifying data in transit, or
inserting data into the system.
• Active aack can be more dangerous than
passive aacks, which involve simply
monitoring or eavesdropping on a system or
network.
 Introduction to Cybersecurity and strategy

Active Attack
● Examples of active aack include:
● Masquerade aack
● Modification of messages
● Repudiation
● Replay
● Denial of Service
Masquerade aack
● In this aack, the intruder pretends to be a
particular user of a system to gain access or to gain
greater privileges than they are authorized.
● A masquerade may be perpetrated through the use
of stolen login IDs and passwords, through finding
security gaps in programs or through bypassing the
authentication mechanism.
 Introduction to Cybersecurity and strategy

Active Attack
Modification of messages
• It means that some portion of a message is altered
• It also means that the message is delayed or reordered to
produce an unauthorized eect.
• Modification is an aack on the integrity of the original data.
• In this type of aack, an intruder will intercept messages
being sent from one person to another.
• The intruder can then perform three types of modifications
to the message:
• They can change existing information in the message.
• They can insert new information.
• They can remove existing information entirely.
 Introduction to Cybersecurity and strategy

Active Attack
Repudiation
• Repudiation aacks are a type of cybersecurity aack in which an
aacker aempts to deny or repudiate actions that they have taken,
such as making a transaction or sending a message.
• These aacks can be a serious problem because they can make it
diicult to track down the source of the aack or determine who is
responsible for a particular action.
• There are several types of repudiation aacks, including:
• Message repudiation aacks
• Transaction repudiation aacks
• Data repudiation aacks
 Introduction to Cybersecurity and strategy

Active Attack
Replay
• It involves the passive capture of a message and its
subsequent transmission to produce an authorized
eect.
• In this aack, the basic aim of the aacker is to
save a copy of the data originally present on that
particular network and later on use this data for
personal uses.
• Once the data is corrupted or leaked, it is insecure
and unsafe for the users.
 Introduction to Cybersecurity and strategy

Active Attack
Denial of Service
• DoS is a type of cybersecurity aack that is
designed to make a system or network
unavailable to its intended users by
overwhelming it with traic or requests.
• In a DoS aack, an aacker floods a target
system or network with traic or requests in
order to consume its resources, such as
bandwidth, CPU cycles, or memory, and
prevent legitimate users from accessing it.

There are several types of DoS aacks, including:

• Flood aack
• Amplification aacks
 Introduction to Cybersecurity and strategy

Passive Attack

• A Passive aack aempts to learn or make use of

information from the system but does not aect
system resources.
• Passive aacks involve an aacker passively
monitoring or collecting data without altering or
destroying it.
• It is diicult for the victim to detect the passive
aacks as this sort of aack is conducted in secret.
• Passive aack aims to scan open ports and
vulnerabilities of the network.
• A few of the most common examples of passive
aacks are packet sniing, traic analysis and
keystroke logging.
 Introduction to Cybersecurity and strategy

Passive Attack
Packet Sniing
• Packet sniing is the process of intercepting and
analyzing data packets as they travel in a
connected network.
• It can be used for troubleshooting network issues
or for unethical purposes such as stealing sensitive
information of a user.
• It is similar to wiretapping of a telephone network.
• It is mostly used by crackers and hackers to collect
information illegally about network
• It is also referred to as eavesdropping aack.
 Introduction to Cybersecurity and strategy

Passive Attack
Traic Analysis
• In a traic analysis aack, a hacker tries to access
the same network as you to listen (and capture) all
your network traic.
• From there, the hacker can analyze that traic to
learn something about you or your organization.
• So, unlike other more popular aacks, a hacker is
not actively trying to hack into your systems or
crack your password.
• Analyzing a person’s network traic can tell a
hacker a lot.
 Introduction to Cybersecurity and strategy

Passive Attack
Keystroke logging
• Keystroke logging is an act of tracking and
recording every keystroke entry made on a
computer, often without the permission or
knowledge of the user.
• A “keystroke” is just any interaction you make with
a buon on your keyboard.
• Keystrokes are how you “speak” to your computers.
• Each keystroke transmits a signal that tells your
computer programs what you want them to do.
• User behaviors and private data can easily be
assembled from logged keystrokes.
• Everything from online banking access to social
security numbers is entered into computers.
 Introduction to Cybersecurity and strategy

Method of defense
• Active aack can be mitigated using strong
passwords, two-factor authentication, firewalls,
intrusion detection/prevention systems,
anti-malware software, security awareness
training, and regular software updates and
patching.
• Passive aack can be mitigated using encryption,
security protocols, network segmentation,
monitoring and logging, access control, VPNs, and
physical security measures.
 Introduction to Cybersecurity and strategy

Mid-Lesson Questions
Question 1 :
Explain network sniing aack in its active and passive form.

Answer:
In active network sniing, the aacker actively participates by
modifying the content of network packets, like changing the source
or destination address. In contrast, passive network sniing is very
stealth; users can only observe the network traic or store the
packets but strictly does not modify the content of the packets.
 Introduction to Cybersecurity and strategy

Mid-Lesson Questions
Question 2: How do you distinguish between
active and passive aack?

Answer:
In active aack, the aacker aempts to
disrupt a network’s normalcy, edits data, and
alters the system resources, whereas, in a
passive aack, the hacker intercepts the
data traveling through the network,
eavesdrops but does not modify the
message.
 Introduction to Cybersecurity and strategy

Malware Attack
• Having looked at common passive and active
aacks, we will now discuss software aack.
• In discussing software aack, let us start by
defining what a malware is.
What is malware ?
• Malware is short for malicious software and refers to
any software that is designed to cause harm to
computer systems, networks, or users.
• Malware is a program designed to gain access to
computer systems, generally for the benefit of some
third party, without the user’s permission.
 Introduction to Cybersecurity and strategy

Malware Attack
• A malware aacker may want to:
• steal the information in your system;
• Cause damage to your system;
• Use your system as relay and so on.
• In essence, any program or software that is intrusive
or hostile and that is inserted into your computer
without your knowledge is malicious software.
• People often refer to malware as virus only. This is not
correct.
• A virus is not the same as malware, although a
category of malware.
 Introduction to Cybersecurity and strategy

Malware Attack
• Malware includes computer viruses, worms, trojan
horses, ransomware, spyware, and other malicious
programs.
• We will now look at each common malware one after
the other.

Worm
• A worm is one of the categories of malware.
• It is a self-contained malicious software that
propagates itself by sending a copy of itself to other
machines over a network.
• In other words, a worm does not need any document
to move from one machine to another.
 Introduction to Cybersecurity and strategy
MALWARE

Malware Attack
• Worms spread themselves typically by
exploiting existing vulnerabilities or
weaknesses in an Operating System (OS) or
application
• Worms typically go unnoticed until replication
reaches a scale that consumes significant
system resources or network bandwidth.
• Examples of famous computer worms include:
• Conficker
• CodeRed
• Morris worm
• Stuxnet
 Introduction to Cybersecurity and strategy

Malware Attack
Virus
• A computer virus is a malicious software of
executable code that propagates typically by
aaching itself to a document or a file that will
generally be an executable file.
• A virus is a software program that can copy itself
from one file to another to infect a computer.
• A virus can also be defined as a piece of software
that infects programs, modifying them to include a
copy of the virus in the programs.
• At their worst, viruses can corrupt or delete data,
use the user’s email to spread, or erase everything
on a hard disk.
 Introduction to Cybersecurity and strategy
MALWARE

Malware Attack
Trojans
• Trojans are generally a destructive program, not a
virus.
• It looks like a genuine application.
• They do not have the ability to replicate themselves,
unlike viruses.
• They are in the form of imposter files in your system.
• It can create harmful damage to your system, that
looks like legitimate software.
• They work from the backside of the system, which
allows any type of malicious virus to enter the system
and do suspicious activity.
• Some categories of Trojans are Trojan Horse,
Trojan.Gen
 Introduction to Cybersecurity and strategy

Malware Attack
Backdoor
• Backdoor aack is a malicious way to bypass the
security and infiltrate computer devices.
• Like the actual theft, a Backdoor aack allows the
cyber aackers to go in and out of the system without
being discovered by the security system of the device.
• After the backdoor entry into the system,
cybercriminals can get high-level access to the system
and control it.
• Once control is taken, the aackers can freely perform
the intended malicious tasks like gaining remote
access, introducing additional malware, hacking the
system, steal personal and financial data, and many
more.
 Introduction to Cybersecurity and strategy

Malware Attack
Ransomware
• Ransomware is a type of malware (malicious software)
used by cybercriminals.
• If a computer or network has been infected with
ransomware, the ransomware blocks access to the
system or encrypts its data.
• Cybercriminals demand ransom money from their
victims in exchange for releasing the data.
• Two types of ransomware are very popular:
• Locker ransomware. This type of malware blocks
basic computer functions. For example, you may be
denied access to the desktop, while the mouse and
keyboard are partially disabled.
 Introduction to Cybersecurity and strategy

Malware Attack
• Crypto ransomware: the aim of crypto ransomware is to
encrypt your important data, such as documents,
pictures and videos, but not to interfere with basic
computer functions.
• This spreads panic because users can see their files
but cannot access them.
• Crypto developers often add a countdown to their
ransom demand: "If you don’t pay the ransom by the
deadline, all your files will be deleted."
 Introduction to Cybersecurity and strategy

Malware Attack
Spyware
• Spyware is a malicious software that collects
information about what a user does on a computer
system and communicates it back to the aacker.
• In other words, Spyware monitors the activities being
carried out by a user of a computer system.
• Activities can be web browsing history, apps used, or
messages sent.
• Spyware can be spread like a virus, worm, or through
various other methods of delivering software such as
drive-by-download, installation of software from the
Internet, visiting a malicious website, and so on.
 Introduction to Cybersecurity and strategy

Malware Attack
Remote Administration Tools (RATs)
• Software that allows a remote operator to control a
system.
• These tools were originally built for legitimate use, but
are now used by threat actors.
• RATs enable administrative control, allowing an
aacker to do almost anything on an infected
computer.
• They are diicult to detect, as they do not typically
show up in lists of running programs or tasks, and their
actions are often mistaken for the actions of legitimate
programs.
 Introduction to Cybersecurity and strategy

Malware Attack
Logic Bomb
• In logic bomb, code is embedded in a legitimate software or
program; this code will be activated when one or more
specified condition(s) is met.
• This condition could be a particular time/date, presence of a
file, absence of a file, and so on.
• A malicious logic is embedded in a valid executable program
by its developer, integrator, distributor, or installer.
• Once triggered, a logic bomb implements a malicious code
that causes harm to a computer.
• Cybersecurity specialists recently discovered logic bombs
that aack and destroy the hardware components in a
workstation or server including the cooling fans, hard drives,
and power supplies.
 Introduction to Cybersecurity and strategy

Malware Attack
Adware
• Adware is malicious software that automatically
displays advertisement to the Internet user, resulting in
unpleasant user experience.
• In other words, Adware displays unwanted
advertisements to Internet users when browsing
without their consent.
• In most cases, the malicious software is not there to
steal data from the victim or cause damage to the
device.
• However, too much pop-up as a result of adware
annoys a computer user.
 Introduction to Cybersecurity and strategy

Malware Countermeasures
How to Prevent Malware Aacks
• Before discussing some specific preventive
approaches, we will first discuss some general
prevention methods to be adopted by organizations.
• The use of security software, strong password
practices, multi-factor authentication, employee
education, and micro segmentation technologies
should be deployed to protect the spread of malware.
• Enforce safe browsing and email client use, keep IT
systems and software up to date, and eliminate unused
programs.
• Malware prevention requires several elements working
in tandem to maximize protection.
 Introduction to Cybersecurity and strategy

Malware Attack
Use security software
• Security software is an essential part of your
malware defense.
• Anti-malware, anti-ransomware, and newer
technologies like MDR/XDR help detect threats
and protect devices.
• Your tools should safeguard browsers, endpoints,
servers, and network from compromise.
 Introduction to Cybersecurity and strategy

Malware Countermeasures
Use strong passwords and secure authentication
• Make sure you employ best practices for password
construction.
• Passwords should be longer than eight characters and
use various leers, numbers, cases, and symbols.
• Your password should be unique and refreshed
regularly.
• They also should not be recorded anywhere that is
discoverable.
• Because managing all this data can be a headache,
consider using a password manager to keep your
credentials organized.
 Introduction to Cybersecurity and strategy

Malware Attack
Educate users
• Users should learn common cyber threats, cybersecurity
best practices, important trends, warning signs, and how
to report something they find suspicious.
• By holding regular training sessions that cover these vital
topics in security, you eectively multiply the size of your
security force.

Enforce safe browsing and email

• Users should scrutinize emails they receive, looking for
unfamiliar email addresses, unusual formaing or spelling
in the text, or odd requests — like sharing confidential
information.
 Introduction to Cybersecurity and strategy

Summary
In this lesson today, we have studied:
• Dierent types of active and passive aack and their
method of defense
• Malicious Software (Malware) aacks by first defining it
and then discussing the dierent categories of
Malware aack
• Dierent countermeasures for Malware aacks
Introduction to Cybersecurity and strategy

THANK
YOU