BITH101/BSIT101

FUNDAMENTALS OF IT
6. Cybersecurity Basics
6.1 Common cyber threats & vulnerabilities
6.2 Introduction to security measures
Introduction

Cybersecurity has evolved from a specialized
technical domain to a fundamental business
requirement and societal concern

As our digital dependence grows, so does our
vulnerability to cyber threats.
The CIA Triad: Core Principles of
Information Security

The CIA triad helps us understand the fundamental goals of information security

Confidentiality: Ensuring that information is accessible only to those authorised
to access it. Confidentiality measures prevent sensitive information from
reaching the wrong people while making sure the right people can access it.

Integrity: Maintaining the accuracy, consistency, and trustworthiness of data
throughout its lifecycle. Data must remain unaltered during transit and not be
changed by unauthorised entities.

Availability: Ensuring that information and resources are available to authorised
users when needed. Systems, networks, and applications must function as
expected and provide access to the information they contain.

Understanding these principles helps frame our approach to cybersecurity—each
security measure we implement should serve one or more of these goals.
The Evolving Threat Landscape
The cybersecurity landscape is constantly changing, driven by several factors:

Expanding attack surface: The proliferation of connected devices, cloud services, and
remote work arrangements has dramatically increased potential entry points for attackers.

Democratisation of hacking tools: Advanced attack tools once available only to nation-
states are now accessible to less sophisticated actors, lowering the barrier to entry for
cybercrime.

Financial motivation: The rise of cryptocurrency has made cybercrime more profitable
and less traceable, incentivising criminal activity.

Geopolitical factors: Nation-state actors increasingly use cyberspace for espionage,
sabotage, and influence operations.

Security skills gap: Organisations struggle to find and retain qualified cybersecurity
professionals, leaving vulnerabilities unaddressed.

This dynamic environment requires constant vigilance and adaptation of security strategies.
Common Cyber Threats and
Vulnerabilities
Malware:

Software with Malicious Intent

Malware (malicious software) encompasses
various programs designed to infiltrate and damage
computers without user consent.

Major categories include:
Viruses

Computer viruses attach themselves to clean files and
spread throughout a computer system, infecting files
with malicious code.

Key characteristics include:
-Requires human action to spread (opening infected
files or running infected programs)
-Often damages the functionality of the infected system
-May delete or corrupt files
Worms

Unlike viruses, worms are standalone software that
replicate themselves to spread to other computers.
Distinctive features include:
-Self-replicating without requiring human
intervention
-Often spreads through network connections
-Can consume significant bandwidth, slowing
network performance
Trojans

Named after the Greek myth, Trojan horses
masquerade as legitimate software while
concealing malicious functionality:
-Appears helpful or harmless to trick users into
installation
-Does not self-replicate like viruses or worms
-Often creates "backdoors" allowing unauthorised
access to the system
Ransomware

One of the most damaging forms of malware in
recent years
-Encrypts victim's files, making them inaccessible
-Demands payment (usually in cryptocurrency) for
the decryption key
-Often targets organisations with critical data needs
(healthcare, government, education)
-Examples include WannaCry, NotPetya, and Ryuk
Spyware

This category of malware focuses on gathering
information without user knowledge:
-Monitors user activities (keystrokes, browsing
habits, etc.)
-May steal sensitive data like passwords or credit
card information
-Often difficult to detect as it's designed to operate
silently
Adware

Though sometimes less harmful than other
malware forms, adware:
-Displays unwanted advertisements
-May track browsing habits for targeted advertising
-Often bundled with free software in a practice
called "bundleware"
Rootkits

Advanced malware that:
-Modifies operating system functionality to hide its
presence
-Provides persistent privileged access to a computer
-Extremely difficult to detect and remove
-May require reinstallation of the operating system
to remediate fully
Social Engineering Attacks

Rather than exploiting technical vulnerabilities,
social engineering targets human psychology.

These attacks manipulate individuals into breaking
security protocols or revealing sensitive
information.
Phishing

Phishing represents one of the most common and effective attack
vectors:
-Impersonates trusted entities (banks, colleagues, service providers)
-Usually delivered via email, text messages, or social media
-Creates a sense of urgency or curiosity to prompt immediate action
-Often directs victims to fraudulent websites that steal credentials
-Variants include spear phishing (targeting specific individuals) and
whaling (targeting executives)
Pretexting

This technique involves creating a fabricated scenario
(pretext) to obtain information:
-Attacker creates a false identity or scenario to build trust
-May impersonate co-workers, police, bank officials, or
other trusted parties
-Often conducted via phone calls or in-person interactions
-Frequently targets help desk or customer service
employees
Baiting

Similar to real-world traps, baiting offers
something enticing to victims:
-Physical baiting: leaving infected USB drives in
public locations
-Digital baiting: offering free downloads that
contain malware
-Exploits human curiosity and desire for free items
Quid Pro Quo

These attacks promise a benefit in exchange for
information:
-Often impersonates IT support offering assistance
-Requests access credentials to "solve" a non-
existent problem
-May target multiple employees until finding one
experiencing actual issues
Tailgating/Piggybacking

This physical security breach involves:
-Following authorised personnel into secured areas
-Often accomplished by pretending to be a delivery
person or new employee
-Exploits social conventions against letting doors
close on people
Hacking Techniques and Attack
Vectors

Beyond malware and social engineering, attackers
employ various technical methods to compromise
systems and networks.
Brute Force Attacks

These attacks attempt to:
-Systematically check all possible passwords until
finding the correct one
-May use automated tools that try thousands of
combinations per second
-Often target weak or default passwords
-Can be mitigated by account lockout policies and
strong password requirements
SQL Injection

This technique targets database-driven applications:
-Inserts malicious SQL code into input fields
-Exploits improper validation of user inputs
-Can extract, modify, or delete database information
-In severe cases, may provide command execution
on the database server
Cross-Site Scripting (XSS)

XSS attacks inject malicious scripts into trusted websites:
-Scripts execute when victims visit the compromised
website
-Can steal cookies, session tokens, or other sensitive
information
-May redirect users to malicious sites or modify webpage
content
-Categories include reflected XSS, stored XSS, and DOM-
based XSS
Man-in-the-Middle (MitM)
Attacks

These attacks intercept communications between two
parties:
-Attacker secretly relays and possibly alters communication
-Can occur on unsecured Wi-Fi networks or compromised
routers
-Often used to steal login credentials or personal
information
-May be conducted via techniques like ARP spoofing or
DNS spoofing
Denial of Service (DoS) and
Distributed Denial of Service
(DDoS)

These attacks aim to make resources unavailable to intended
users:
-Floods target with traffic, overwhelming its capacity
-DDoS uses multiple compromised computers (botnets)
-Can target websites, services, networks, or specific
applications
-Often used for extortion, hacktivism, or competitive
disadvantage
-Modern attacks can exceed 1 Tbps in volume
Zero-day Exploits

These particularly dangerous attacks target:
-Previously unknown vulnerabilities
-Flaws with no available patches or mitigations
-Often sold on dark web markets for significant
sums
-Frequently used in advanced persistent threats
(APTs)
Common Vulnerabilities

Security vulnerabilities often arise from predictable
sources:
Unpatched Systems

Failure to update software creates significant risk:
-Known vulnerabilities remain unaddressed
-Patch management challenges in large
organisations
-Legacy systems that can no longer be updated
-Examples include EternalBlue vulnerability
exploited by WannaCry
Weak Authentication

Authentication weaknesses remain pervasive:
-Password reuse across multiple services
-Simple, easily guessed passwords
-Default credentials left unchanged
-Single-factor authentication for sensitive systems
Misconfiguration

Security misconfigurations represent a leading
cause of breaches:
-Insecure default settings
-Unnecessary services running
-Excessive permissions
-Inadequate access controls
-Exposed sensitive data in cloud storage
Insider Threats

Not all threats come from outside the organisation:
-Disgruntled employees with access to sensitive
systems
-Accidental exposure through negligence or error
-Third-party vendors with network access
-Compromised employee credentials
Introduction to Security Measures
Defense in Depth Strategy

Modern cybersecurity employs a layered approach
called "defense in depth":
-Multiple defensive mechanisms throughout the system
-No single point of failure
-Combination of technical, operational, and
administrative controls
-Assumes some controls will fail and builds
redundancy
Perimeter Security - Firewalls

Firewalls serve as a first line of defense for networks:
-Monitors and filters incoming and outgoing network traffic
-Enforces access control policies between trusted and untrusted
networks
Types include:

Packet filtering firewalls: Examines packets in isolation

Stateful inspection firewalls: Tracks active connections

Application firewalls: Operates at the application layer

Next-generation firewalls (NGFW): Combines traditional firewall with
additional functionality
Intrusion Detection and
Prevention Systems (IDS/IPS)

These systems provide advanced monitoring capabilities:
-IDS: Detects and alerts on suspicious activity
-IPS: Actively blocks or prevents detected threats
Detection methods include:

Signature-based: Matches patterns against known threats

Anomaly-based: Identifies deviations from normal behaviour

Heuristic: Uses rules to identify potentially malicious activity
Network Segmentation

This practice limits lateral movement within
networks:
-Divides network into separate zones with different
security levels
-Implements controls between segments
-Restricts sensitive data to secure segments
-Limit damage potential if perimeter is breached
Data Protection
Encryption

Encryption transforms readable data into encoded format:
-Protects confidentiality of data at rest and in transit

Symmetric encryption: Same key for encryption and decryption
Examples: AES, DES, 3DES
Faster but key distribution is challenging

Asymmetric encryption: Different keys for encryption and decryption
Examples: RSA, ECC
Public key can be freely shared; private key must be protected
Computationally intensive but solves key distribution problem

Transport Layer Security (TLS): Secures internet communications
Uses certificates to verify identity
Combines symmetric and asymmetric encryption
Data Loss Prevention (DLP)

DLP systems help organisations:
-Identify sensitive data through content inspection
-Monitor and control data transfers
-Prevent unauthorised transmission of sensitive
information
-Create alerts for potential data exfiltration
Backup and Recovery

Critical for maintaining data availability:
-Regular backups of critical systems and data

3-2-1 backup strategy:
- 3 copies of data
- 2 different media types
- 1 copy offsite

Immutable backups resistant to ransomware

Tested recovery procedures
Endpoint Security
Antivirus/Anti-malware

These traditional endpoint protections:
-Scan files for known malware signatures
-Monitor system for suspicious behavior
-Quarantine or remove detected threats
-Require regular updates to remain effective
Endpoint Detection and Response
(EDR)

Modern endpoint solutions that:
-Monitor endpoints for suspicious activities
-Record endpoint activities for investigation
-Provide response capabilities for security teams
-Use behavioural analysis and machine learning
Host-based Firewalls

These complement network firewalls by:
-Operating on individual devices
-Controlling inbound and outbound connections
-Providing protection on untrusted networks
-Often included in operating systems
Patch Management

Systematic approach to keeping systems updated:
-Identifying applicable updates
-Testing patches before deployment
-Deploying updates according to prioritisation
-Verifying successful installation
Security Awareness and Training

Technical controls alone cannot secure an
organisation:
-Regular security awareness training for all
employees
-Simulated phishing exercises
-Clear security policies and procedures
-Culture of security consciousness
Bibliography for Reference and
Further Study
Andress, J. (2022). The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice (3rd ed.). Syngress.
Antoniewicz, B., & Kaplan, J. (2021). The Art of Computer Virus Research and Defense. Addison-Wesley Professional.
Conklin, W. A., White, G., Williams, D., Davis, R., & Cothren, C. (2022). Principles of Computer Security (6th ed.). McGraw-Hill Education.
Easttom, C. (2021). Computer Security Fundamentals (4th ed.). Pearson IT Certification.
Goodrich, M., & Tamassia, R. (2022). Introduction to Computer Security (2nd ed.). Pearson.
Gordon, A. (2022). Official (ISC)² Guide to the CISSP CBK (5th ed.). Sybex.
Harris, S., & Maymi, F. (2023). CISSP All-in-One Exam Guide (9th ed.). McGraw-Hill Education.
Kim, P. (2021). The Hacker Playbook 3: Practical Guide to Penetration Testing. Secure Planet LLC.
Kizza, J. M. (2022). Guide to Computer Network Security (5th ed.). Springer.
National Institute of Standards and Technology. (2023). Framework for Improving Critical Infrastructure Cybersecurity (Version 1.1).
https://www.nist.gov/cyberframework
National Institute of Standards and Technology. (2020). Special Publication 800-53: Security and Privacy Controls for Information Systems and
Organizations (Rev. 5). https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
OWASP Foundation. (2021). OWASP Top Ten. https://owasp.org/www-project-top-ten/
Pfleeger, C. P., Pfleeger, S. L., & Margulies, J. (2021). Security in Computing (6th ed.). Prentice Hall.
Mitnick, K. D., & Simon, W. L. (2011). Ghost in the Wires: My Adventures as the World's Most Wanted Hacker. Little, Brown and Company.
Stallings, W., & Brown, L. (2021). Computer Security: Principles and Practice (4th ed.). Pearson.
Stewart, J. M., Chapple, M., & Gibson, D. (2021). CISSP Certified Information Systems Security Professional Study Guide (9th ed.). Sybex.
Whitman, M. E., & Mattord, H. J. (2022). Principles of Information Security (7th ed.). Cengage Learning.
 This work is licensed under
a Creative Commons Attribution-ShareAlike 3.0 Unported License.
It makes use of the works of
Kelly Loves Whales and Nick Merritt.