Welcome back! When it
comes to security, there is so much
to learn, and I’m thrilled to be part of
your career journey. This is such an exciting time to be learning about security! When I learned about
international hacks that impacted both private companies and government organizations, I was inspired to want to
work in security because I realized how dynamic and
important this field is. One reason there are so many jobs in the
security field today, is because of attacks
that happened in the 1980s and 1990s. Decades later,
security professionals are still actively working to protect organizations and people from variations of these
early computer attacks. In this section of the course, we’ll discuss viruses and malware, and introduce the
concept of social engineering. Then, we’ll discuss how the digital age ushered in
a new era of threat actors. Knowing the evolution
of each attack is key to protecting
against future attacks. Lastly, we’ll provide an overview of eight
security domains. Next up, we’ll
travel back in time, to explore some of the viruses, data breaches, and
malware attacks that have helped shape the
industry as we know it today.

The security industry
is constantly evolving, but many present-day attacks
are not entirely new. Attackers often alter or
enhance previous methods. Understanding past attacks can provide direction
for how to handle or investigate incidents in your job as a security analyst. First, let’s go over
a couple of key terms that will support
your understanding of the attacks we’ll discuss. A computer virus is malicious code written
to interfere with computer operations and cause damage to data and software. The virus attaches itself to programs or documents
on a computer, then spreads and infects one or more computers
in a network. Today, viruses are more commonly
referred to as malware, which is software designed
to harm devices or networks. Two examples of early
malware attacks that we’ll cover are the Brain virus
and the Morris worm. They were created by malware developers to
accomplish specific tasks. However, the developers
underestimated the impact their malware would
have and the amount of infected computers
there would be. Let’s take a closer look
at these attacks and discuss how they helped shape security as we know it today. In 1986, the Alvi brothers
created the Brain virus, although the intention of
the virus was to track illegal copies of
medical software and prevent pirated licenses, what the virus actually
did was unexpected. Once a person used a pirated
copy of the software, the virus-infected that computer. Then, any disk that was inserted into the computer
was also infected. The virus spread
to a new computer every time someone used
one of the infected disks. Undetected, the virus spread globally within
a couple of months. Although the
intention was not to destroy data or hardware, the virus slowed down
productivity and significantly impacted
business operations. The Brain virus fundamentally altered the computing industry, emphasizing the
need for a plan to maintain security
and productivity. As a security analyst, you will follow and maintain strategies put in
place to ensure your organization has a plan to keep their data
and people safe. Another influential computer
attack was the Morris worm. In 1988, Robert Morris developed a program to assess the
size of the internet. The program crawled the web
and installed itself onto other computers to
tally the number of computers that were
connected to the internet. Sounds simple, right? The program, however, failed to keep track of the
computers it had already compromised and
continued to re-install itself until the computers ran
out of memory and crashed. About 6,000 computers
were affected, representing 10% of the
internet at the time. This attack cost millions of
dollars in damages due to business disruptions
and the efforts required to remove the worm. After the Morris worm, Computer Emergency
Response Teams, known as CERTs®, were established to respond to
computer security incidents. CERTs still exist today, but their place in the
security industry has expanded to include
more responsibilities. Later in this program, you’ll learn more about the core functions of
these security teams and gain hands-on practice with detection and
response tools. Early attacks played a key role in shaping the current
security industry. And coming up, we’ll discuss how attacks evolved in
the digital age.

Introduction

Cybersecurity attacks have been around since the early days of computing. In this tutorial, we will discuss some of the most famous and impactful cybersecurity attacks that have occurred over the years. By understanding these attacks, we can learn from the mistakes of the past and better protect ourselves from future attacks.

The Brain Virus

The Brain virus is considered to be the first computer virus. It was created in 1986 by two brothers in Pakistan. The virus spread through floppy disks and infected the Master Boot Record (MBR) of the infected computer. This prevented the computer from booting up normally. The Brain virus caused significant damage and is estimated to have infected millions of computers worldwide.

The Morris Worm

The Morris worm is considered to be the first internet worm. It was created in 1988 by Robert Morris, a graduate student at Cornell University. The worm spread through the internet and infected computers that were running the Unix operating system. The worm caused a denial-of-service attack that disrupted thousands of computers. The Morris worm is estimated to have caused millions of dollars in damage.

The Melissa Virus

The Melissa virus is a macro virus that was created in 1999. The virus spread through email attachments and infected Microsoft Word documents. The virus would then send itself to the first 50 people in the victim’s address book. The Melissa virus caused significant damage and is estimated to have infected over 100,000 computers worldwide.

The Code Red Worm

The Code Red worm is a computer worm that was created in 2001. The worm spread through the internet and infected computers that were running Microsoft Windows. The worm would then deface the infected computer’s web page with the message “Hacked by Chinese!” The Code Red worm is estimated to have infected over 250,000 computers worldwide.

The SQL Slammer Worm

The SQL Slammer worm is a computer worm that was created in 2003. The worm spread through the internet and infected computers that were running Microsoft SQL Server. The worm would then crash the infected computer’s database server. The SQL Slammer worm is estimated to have infected over 75,000 computers in under 10 minutes.

The Stuxnet Worm

The Stuxnet worm is a computer worm that was created in 2010. The worm was specifically designed to target industrial control systems. Stuxnet is believed to have been created by the United States and Israel to disrupt Iran’s nuclear program. The Stuxnet worm is considered to be one of the most sophisticated cyberattacks ever created.

The WannaCry Ransomware

The WannaCry ransomware is a type of malware that encrypts the victim’s files and demands a ransom payment in order to decrypt them. WannaCry was created in 2017 and spread through a vulnerability in Microsoft Windows. The WannaCry ransomware infected over 200,000 computers worldwide.

The NotPetya Ransomware

The NotPetya ransomware is a type of malware that is similar to WannaCry. NotPetya was created in 2017 and spread through a vulnerability in Microsoft Windows. However, NotPetya was not designed to encrypt the victim’s files. Instead, NotPetya was designed to destroy the victim’s computer. NotPetya infected over 300,000 computers worldwide.

Conclusion

These are just a few of the many cybersecurity attacks that have occurred over the years. By understanding these attacks, we can learn from the mistakes of the past and better protect ourselves from future attacks.

How to Protect Yourself from Cybersecurity Attacks

There are a number of things you can do to protect yourself from cybersecurity attacks. Here are a few tips:

• Keep your software up to date. Software updates often include security patches that can help to protect you from known vulnerabilities.
• Use strong passwords and don’t reuse them across different websites and accounts.
• Be careful about what links you click on and what attachments you open in emails.
• Use a firewall and antivirus software.
• Be aware of the latest cybersecurity threats and best practices.

Introduction

The digital age has ushered in a new era of cybersecurity threats. With the increasing reliance on technology, criminals have found new ways to exploit vulnerabilities and steal data.

Types of Attacks

There are many different types of cyberattacks, but some of the most common include:

• Malware: Malware is software that is designed to harm a computer system. It can be spread through email attachments, malicious websites, or USB drives.
• Phishing: Phishing is a type of social engineering attack that involves sending emails or text messages that appear to be from a legitimate source. The emails or text messages often contain a link that, when clicked, will take the victim to a fake website that looks like the real website. Once the victim enters their personal information on the fake website, the attacker can steal it.
• Data breaches: A data breach is an incident in which sensitive data is stolen from a computer system. This data can include personal information, financial information, or intellectual property.
• Denial-of-service (DoS) attacks: A DoS attack is an attempt to make a computer system unavailable to its intended users. This can be done by flooding the system with traffic or by sending it malicious commands.
• Cyberwarfare: Cyberwarfare is an attack that is carried out by a nation-state against another nation-state. These attacks can be used to disrupt critical infrastructure, steal sensitive information, or sow discord among the population.

How to Protect Yourself

There are a number of things you can do to protect yourself from cyberattacks:

• Be careful about what emails and text messages you open. If you’re not sure if an email or text message is from a legitimate source, don’t open it.
• Keep your software up to date. Software updates often include security patches that can help to protect you from known vulnerabilities.
• Use strong passwords and don’t reuse them across different websites and accounts. A strong password is at least 12 characters long and includes a mix of uppercase and lowercase letters, numbers, and symbols.
• Be careful about what information you share online. Don’t share your personal information, financial information, or passwords on social media or other public websites.
• Use a firewall and antivirus software. A firewall can help to protect your computer from unauthorized access, and antivirus software can help to detect and remove malware.
• Be aware of the latest cybersecurity threats. Stay up-to-date on the latest cybersecurity threats so that you can take steps to protect yourself.

Conclusion

The digital age has made our lives easier in many ways, but it has also made us more vulnerable to cyberattacks. By taking the necessary precautions, you can help to protect yourself from these threats.

Here are some additional tips for protecting yourself from cyberattacks:

• Use a VPN when connecting to public Wi-Fi.
• Be careful about what websites you visit.
• Don’t click on links in emails or text messages from people you don’t know.
• Back up your data regularly.
• Be aware of the signs of a cyberattack, such as unusual activity on your computer or strange emails or text messages.

What type of manipulation technique was the LoveLetter attack?

Social engineering

The LoveLetter attack was an example of social engineering. Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables.

With the expansion of
reliable high-speed internet, the number of computers connected to
the internet increased dramatically. Because malware could spread
through the internet, threat actors no longer needed to use
physical disks to spread viruses. To better understand
attacks in the digital age, we’ll discuss two notable attacks
that relied on the internet: the LoveLetter attack and
the Equifax breach. In the year 2000,
Onel De Guzman created the LoveLetter malware to steal
internet login credentials. This attack spread rapidly and
took advantage of people who had not developed a healthy suspicion for
unsolicited emails. Users received an email with
the subject line, “I Love You.” Each email contained an attachment
labeled, “Love Letter For You.” When the attachment was opened,
the malware scanned a user’s address book. Then, it automatically sent itself
to each person on the list and installed a program to collect
user information and passwords. Recipients would think they were
receiving an email from a friend, but it was actually malware. The LoveLetter ended up infecting
45 million computers globally and is believed to have caused over
$10 billion dollars in damages. The LoveLetter attack is the first
example of social engineering. Social engineering is a manipulation
technique that exploits human error to gain private information,
access, or valuables. After the LoveLetter, attackers understood the power
of social engineering. The number of social engineering
attacks is increasing with every new social media application that allows
public access to people’s data. Many people are now prioritizing
convenience over privacy. The trade-off of this evolving shift
is that these tools may lead to increased vulnerability, if people
do not use them appropriately. As a security professional,
your role is to identify and manage inappropriate use of technology
that may place your organization and all the people associated with it at risk. One way to safeguard your organization is
to conduct regular internal trainings, which you as a future security analyst
may be asked to lead or participate in. Today, it’s common for employees to receive training on how
to identify social engineering attacks. Specifically, phishing through
the emails they receive. Phishing is the use of digital
communications to trick people into revealing sensitive data or
deploying malicious software. Now, let’s discuss the Equifax breach. In 2017, attackers successfully infiltrated
the credit reporting agency, Equifax. This resulted in one of the largest known
data breaches of sensitive information. Over 143 million customer
records were stolen, and the breach affected approximately
40% of all Americans. The records included personally
identifiable information including social security numbers, birth dates,
driver’s license numbers, home addresses, and credit card numbers. From a security standpoint, the breach occurred due to multiple
failures on Equifax’s part. It wasn’t just one vulnerability that
the attackers took advantage of, there were several. The company failed to take the actions
needed to fix multiple known vulnerabilities in the months
leading up to the data breach. In the end,
Equifax settled with the U.S. government and paid over $575 million dollars to resolve customer
complaints and cover required fines. While there have been other data breaches
before and after the Equifax breach, the large settlement with the U.S.
government alerted companies to the financial impact of a breach and the
need to implement preventative measures. These are just a couple of well-known
incidents that have shaped the security industry. Knowing about them will help
you in your security career. Understanding different types of malware
and social engineering attacks will allow you to communicate about security
risks during future job interviews. As a future security professional,
constantly adapting and educating yourself on threat actors’ tactics and
techniques will be a part of your job. By noticing similar trends,
patterns, and methodologies, you may be able to identify a potential
breach and limit future damage. Finally, understanding how
security affects people’s lives is a good reminder of why the work
you will do is so important!

Hi, my name is Sean. I’m a Technical Program
Manager in Google workspace. I am a 30 year security veteran within the security space across six different industries. During your first data breach, the most important
thing that you can do is keep your cool. Everyone around is going
to be freaking out. If you are on the security team and you
are managing the incident, you have to legitimately be
the cool guy in the room. Be that person that has the
pause in the conversation. Somebody might be like, do
you know what’s going on? I absolutely do. I think the biggest
breach I’ve ever had was a phone call. An engineer for
another financial, bought a server off eBay. That server fired it
up hadn’t been wiped. Twenty million credit
card records were on it. That triggered a whole review of we had not been controlling for how do third parties because we were now outsourcing
data centers. How do third parties wipe the servers that
we no longer use? The first thing
you’re going to do is to contain the breach. If you are still
hemorrhaging data, you go through your progressions to stop hemorrhaging data. So if that means shutting
down a server, shutting down a data
center, shutting down comms, whatever, stopping the data loss is that is your number
one priority. Your job as an incident manager
or as somebody working a breach is to stop the breach and then
investigate the breach. So executing your incident
management by plan is the most important thing that an entry level person
can keep in mind.

The CISSP (Certified Information Systems Security Professional) is a widely recognized security certification that is held by security professionals around the world. The CISSP certification covers eight domains of security:

1. Security and Risk Management
2. Asset Security
3. Security Architecture and Engineering
4. Communication and Network Security
5. Identity and Access Management
6. Security Assessment and Testing
7. Security Operations
8. Software Development Security

This tutorial will provide an introduction to each of the eight domains.

Security and Risk Management

The security and risk management domain covers the identification, assessment, and mitigation of risks to an organization’s information assets. This includes understanding the threats and vulnerabilities that an organization faces, as well as developing and implementing security controls to mitigate those risks.

Asset Security

The asset security domain covers the protection of an organization’s information assets, both physical and digital. This includes securing data, hardware, software, and other assets from unauthorized access, use, disclosure, modification, or destruction.

Security Architecture and Engineering

The security architecture and engineering domain covers the design, implementation, and maintenance of an organization’s security infrastructure. This includes designing and implementing security controls, such as firewalls, intrusion detection systems, and access control lists.

Communication and Network Security

The communication and network security domain covers the protection of an organization’s networks and communications systems. This includes securing wired and wireless networks, as well as email, voice, and video communications.

Identity and Access Management

The identity and access management domain covers the management of user identities and access to systems and resources. This includes creating and managing user accounts, as well as assigning permissions to users and groups.

Security Assessment and Testing

The security assessment and testing domain covers the testing of an organization’s security controls to ensure that they are effective. This includes penetration testing, vulnerability scanning, and security audits.

Security Operations

The security operations domain covers the day-to-day operation of an organization’s security infrastructure. This includes monitoring and responding to security incidents, as well as performing routine security tasks such as patch management.

Software Development Security

The software development security domain covers the security of software development processes and products. This includes developing secure software, as well as testing software for security vulnerabilities.

These are just a brief introduction to the eight CISSP security domains. For more information, please refer to the CISSP Common Body of Knowledge (CBK).

As the tactics of threat actors evolve, so
do the roles of security professionals. Having a solid understanding of core
security concepts will support your growth in this field. One way to better understand
these core concepts is by organizing them into categories,
called security domains. As of 2022, CISSP has defined eight domains to organize the work of
security professionals. It’s important to understand that these
domains are related and that gaps in one domain can result in negative
consequences to an entire organization. It’s also important to understand
the domains because it may help you better understand your career goals
and your role within an organization. As you learn more about
the elements of each domain, the work involved in one may appeal
to you more than the others. This domain may become a career path for
you to explore further. CISSP defines eight domains in total, and we’ll discuss all eight between
this video and the next. In this video, we’re going to
cover the first four: security and risk management,
asset security, security architecture and engineering,
and communication and network security. Let’s start with the first domain,
security and risk management. Security and risk management focuses on
defining security goals and objectives, risk mitigation, compliance,
business continuity, and the law. For example, security analysts may
need to update company policies related to private health information if a change is made to a federal
compliance regulation such as the Health Insurance Portability and
Accountability Act, also known as HIPAA. The second domain is asset security. This domain focuses on securing
digital and physical assets. It’s also related to the storage,
maintenance, retention, and destruction of data. When working with this domain,
security analysts may be tasked with making sure that old equipment
is properly disposed of and destroyed, including any type
of confidential information. The third domain is security
architecture and engineering. This domain focuses on optimizing data
security by ensuring effective tools, systems, and processes are in place. As a security analyst, you may be
tasked with configuring a firewall. A firewall is a device used to monitor and
filter incoming and outgoing computer network traffic. Setting up a firewall correctly helps
prevent attacks that could affect productivity. The fourth security domain is
communication and network security. This domain focuses on managing and
securing physical networks and wireless communications. As a security analyst, you may be asked to analyze user
behavior within your organization. Imagine discovering that users are
connecting to unsecured wireless hotspots. This could leave the organization and
its employees vulnerable to attacks. To ensure communications are secure,
you would create a network policy to prevent and mitigate exposure. Maintaining an organization’s
security is a team effort, and there are many moving parts. As an entry-level analyst, you will
continue to develop your skills by learning how to mitigate risks
to keep people and data safe. You don’t need to be an expert in all
domains. But, having a basic understanding of them will aid you in your
journey as a security professional. You’re doing great! We have just
introduced the first four security domains, and
in the next video, we’ll discuss four more! See you soon!

Welcome back. In the last video, we introduced you to the
first four security domains. In this video, we’ll introduce you to the next four
security domains: identity and access management, security assessment and testing, security operations, and
software development security. Familiarizing yourself
with these domains will allow you to navigate the
complex world of security. The domains outline and organize how a team of security
professionals work together. Depending on the organization, analyst roles may sit
at the intersection of multiple domains or focus
on one specific domain. Knowing where a particular role fits within the
security landscape will help you prepare
for job interviews and work as part of a
full security team. Let’s move into
the fifth domain: identity and access management. Identity and access management focuses on keeping
data secure, by ensuring users follow
established policies to control and manage
physical assets, like office spaces, and logical assets, such as
networks and applications. Validating the identities of employees and
documenting access roles are essential to maintaining the organization’s physical
and digital security. For example, as a
security analyst, you may be tasked
with setting up employees’ keycard
access to buildings. The sixth domain is security
assessment and testing. This domain focuses on conducting security
control testing, collecting and analyzing
data, and conducting security audits to monitor for risks, threats, and
vulnerabilities. Security analysts may
conduct regular audits of user permissions,
to make sure that users have the correct
level of access. For example, access to payroll information is often limited to certain employees, so analysts may be asked to
regularly audit permissions to ensure that no
unauthorized person can view employee salaries. The seventh domain is
security operations. This domain focuses
on conducting investigations and implementing
preventative measures. Imagine that you, as
a security analyst, receive an alert that an unknown device has been connected to your
internal network. You would need to follow
the organization’s policies and procedures to quickly
stop the potential threat. The final, eighth domain is
software development security. This domain focuses on using
secure coding practices, which are a set of recommended
guidelines that are used to create secure
applications and services. A security analyst may work with software development
teams to ensure security practices
are incorporated into the software
development life-cycle. If, for example, one of your partner teams is
creating a new mobile app, then you may be asked to advise on the
password policies or ensure that any user data is properly secured and managed. That ends our introduction to CISSP’s eight security domains. Challenge yourself to
better understand each of these domains and
how they affect the overall security
of an organization. While they may still be a bit unclear to you this
early in the program, these domains will
be discussed in greater detail in the next
course. See you there!

This concludes our brief introduction
to some of the most influential security attacks throughout history and
CISSP’s eight security domains. Let’s review what we’ve discussed. First, we covered viruses, including
the Brain virus and the Morris worm, and discussed how these early forms of
malware shaped the security industry. We also discussed how many attacks today
are variants of these early examples. Understanding previous attacks is
critical for security professionals who are working to protect organizations and
people from possible future variants. We also discussed social engineering and
threat actor motives by learning about the LoveLetter
attack and the Equifax data breach. These incidents showed
the widespread impacts and associated costs of more recent
security breaches in the digital age. Finally, we introduced CISSP’s eight
security domains and how they can be used to categorize different areas of
focus within the security profession. I hope you’re feeling confident about
your foundational security knowledge! Learning the history of security can allow
you to better understand the current industry. CISSP’s eight security domains
provide a way to organize the work of security professionals. Remember, every security
professional is essential. Your unique point of view, professional
background, and knowledge are valuable. So, the diversity you bring
to the field will further improve the security industry as you work
to keep organizations and people safe.