scoresvideos
Cybersecurity for Business
Table of Contents
Unit 2 Overview: Cybersecurity Threats & Vulnerabilities
2.1 Types of Cyber Threats
2.2 Common Vulnerabilities in Business Systems
2.3 Attack Vectors and Techniques
2.4 Social Engineering and Insider Threats

Malware and targeted attacks pose significant threats to businesses. From viruses and worms to sophisticated APTs, these digital menaces can compromise systems, steal data, and disrupt operations. Understanding their characteristics and attack stages is crucial for effective cybersecurity.

Denial-of-Service and phishing attacks are prevalent cybersecurity risks. DoS and DDoS attacks can cripple business operations, while phishing exploits human vulnerabilities to gain unauthorized access. Recognizing these threats helps organizations implement robust defense strategies and protect valuable assets.

Malware and Targeted Attacks

Types of malware

  • Malware: malicious software designed to harm, disrupt, or gain unauthorized access to computer systems
    • Viruses: self-replicating malware that attaches itself to legitimate files or programs
      • Requires user interaction to spread (opening an infected email attachment)
      • Can corrupt or delete files, steal information, or harm system performance
    • Worms: self-replicating malware that spreads independently across networks
      • Exploits vulnerabilities in operating systems or software to propagate
      • Consumes network bandwidth and can cause system crashes or slowdowns
    • Trojans: malware disguised as legitimate software to trick users into installing it
      • Provides unauthorized access to the infected system
      • Can be used to steal data, install additional malware, or create backdoors
    • Ransomware: malware that encrypts a victim's files and demands payment for decryption
      • Can target individual users or entire organizations (WannaCry, NotPetya)
      • May threaten to delete or leak data if ransom is not paid

Nature of advanced persistent threats

  • Advanced Persistent Threats (APTs): sophisticated, long-term cyberattacks targeting specific organizations
    • Typically carried out by nation-states or well-funded criminal groups (Fancy Bear, Lazarus Group)
    • Involve extensive planning, intelligence gathering, and customized malware
  • APT characteristics:
    • Persistence: attackers maintain a long-term presence in the target's network
    • Stealth: use of advanced techniques to evade detection by security systems (rootkits, fileless malware)
    • Adaptability: continuously modify tactics and malware to maintain access
  • APT attack stages:
  1. Initial compromise: gaining entry through social engineering, exploiting vulnerabilities, or insider threats
  2. Establish foothold: creating backdoors and securing access for long-term operations
  3. Escalate privileges: obtaining higher-level permissions to access sensitive data and systems
  4. Lateral movement: spreading across the network to identify and compromise valuable targets
  5. Data exfiltration: stealing intellectual property, customer data, or other sensitive information
  6. Maintain presence: ensuring ongoing access for future attacks or espionage

Denial-of-Service and Phishing Attacks

Impact of DoS vs DDoS attacks

  • Denial-of-Service (DoS) attacks: attempts to make a system or network unavailable to its intended users
    • Achieved by overwhelming the target with a flood of traffic or requests (SYN flood, Ping of Death)
    • Can cause system crashes, slow performance, or complete unavailability
  • Distributed Denial-of-Service (DDoS) attacks: DoS attacks launched from multiple compromised devices
    • Attacker controls a botnet (network of infected devices) to amplify the attack
    • Harder to mitigate due to the distributed nature of the attack sources (Mirai botnet)
  • Impact on businesses:
    • Financial losses due to downtime, lost productivity, and customer dissatisfaction
    • Reputational damage from the inability to serve customers or maintain operations
    • Increased costs for mitigation, recovery, and security improvements (DDoS protection services)

Risks of phishing attacks

  • Phishing: social engineering technique that uses fraudulent emails to trick users into revealing sensitive information or installing malware
    • Emails often appear to come from legitimate sources (banks, colleagues, service providers)
    • May contain urgent requests, attractive offers, or alarming messages to pressure victims
  • Risks associated with phishing:
    • Unauthorized access to confidential data (login credentials, financial information)
    • Installation of malware that can lead to further compromises or data breaches
    • Financial fraud through stolen payment information or fraudulent transactions (wire transfer scams)
    • Reputational damage if customer data is compromised or if the company is perceived as insecure
  • Phishing attack vectors:
    • Spear phishing: targeted attacks tailored to specific individuals or organizations
    • Whaling: phishing attacks aimed at high-level executives (CEO fraud)
    • Clone phishing: using a legitimate, previously delivered email with replaced links or attachments
    • Vishing: voice phishing using phone calls to obtain sensitive information
    • Smishing: SMS phishing using text messages to deceive victims