Week 1: Threats and attacks

Introduction

So far, you’ve learned about the different types of malware such as trojans, viruses, and worms. These malicious programs can cause significant harm to your computer systems, networks, and data. But as you now know, these attacks are just one part of the broader cybersecurity landscape.

In this reading, you will focus on data breaches, which have become a major security problem in recent years. A data breach happens when information is stolen or taken from a device without the knowledge or permission of the system’s owner.

This can include:

• personal information, 
• financial data, and
• confidential business information. 

From a cybersecurity perspective, data breaches represent a serious threat; they can result in financial losses, reputational damage, and loss of trust. In this reading, you’ll explore how data breaches occur and examine some of the major data breach incidents that have taken place over the last few years. 

How it happens

Data breaches take place in various ways, whether it’s through hacking, malware, social engineering, or even human error. Hackers can also exploit vulnerabilities in computer systems and networks so that they gain unauthorized access to sensitive information.

When cybercriminals use malware, it infects a computer or a network. Which allows cybercriminals to steal data or monitor activity. Cybercriminals sometimes use social engineering, which involves manipulating individuals or employees to gain access to sensitive information, such as phishing scams or pretexting. 

In both cases, the victim thinks they are providing information to a legitimate source but in reality, they are providing sensitive information to cybercriminals. Human errors, such as accidentally sending an email to the wrong recipient or leaving a device unsecured, can also result in a data breach.

The below diagram is a representation of the steps that take place during an attack.

Step 1: Cybercriminal makes an initial scan and probe of the system defenses.

Step 2: A successful attack is accomplished.

Step 3: Once a successful attack is made, data exfiltration takes place.

Some famous data breaches in the history

In order to understand the effect that data breaches can have on businesses and individuals, let’s explore some of the larger data breach incidents that have occurred in recent times. 

Yahoo data breach

In 2013 and 2014,Yahoo was hit by two major data breaches. The initial breach, which was disclosed in 2016, impacted over 500 million user accounts. While the second breach, which was revealed in 2017, affected a staggering 3 billion user accounts. This made it the largest known data breach in history. The breaches exposed users’ names, email addresses, phone numbers, date of birth, hashed passwords, and in some cases, encrypted security questions and answers. The revelations significantly impacted Yahoo’s reputation and even led to a reduction of $350 million in Yahoo’s cost when it was bought by Verizon.

Equifax data breach

In 2017, Equifax, one of the three major credit reporting agencies in the United States, suffered a major data breach. This data breach exposed the personal information of approximately 143 million consumers, including names, Social Security numbers, birth dates, addresses, and driver’s license numbers. The far-reaching effects of this attack put millions of consumers at risk of identity theft and financial fraud. The breach and the criticism it faced for its handling of it forced several top executives to resign. It also incurred several hundred million dollar settlements with the Federal Trade Commission.

Target data breach

In 2013, Target, a retail company, suffered a significant data breach that affected around 110 million consumers. Cybercriminals hacked into the company’s point-of-sale systems, accessing customers’ names, addresses, and credit card details. In 2014 Target made a press release and confirmed that personal information for over 70 million individuals had been stolen. This was in addition to the 40 million previously disclosed. The breach had Wide-ranging effects which included a decline in the value of the company’s shares, the resignation of the CEO, and expenses of $162 million to pay breach-related liabilities. Target’s reputation was also damaged, which decreased customer confidence and sales.

The Marriott Starwood data breach

Another major data breach occurred in 2018 at the global hotel chain Marriott International. They revealed that a data breach occurred that affected their Starwood reservation system. The breach began in 2014; however, it remained undetected until 2018. It was responsible for exposing the personal information of approximately 500 million guests, including names, addresses, phone numbers, email addresses, passport numbers, and, in some cases, encrypted credit card information. The Marriott Starwood breach had severe consequences for the company. It resulted in a $23.98 million fine from the UK’s Information Commissioner’s Office and significant reputational damage. The breach also raised concerns about data security in the hospitality industry.

RockYou data breach

And lastly, RockYou, a social application and advertising platform, experienced a massive data breach in 2009 that exposed the personal information of approximately 32 million users. The compromised data included email addresses and plaintext passwords. The breach occurred due to an SQL injection vulnerability on RockYou’s website. The hacker was able to exploit this vulnerability to access the company’s database, which contained unencrypted user information. The plaintext storage of passwords was a major security lapse, making it easier for cybercriminals to misuse the exposed data. After the breach occurred, RockYou faced a class-action lawsuit and eventually settled with the Federal Trade Commission (FTC) in 2012. They agreed to implement a comprehensive data security program and undergo regular security audits for the next 20 years.

Conclusion

As you’ve learned, the impact of data breaches on individuals and businesses can be far greater than you might have realized, affecting everything from loss of confidential data to financial penalties. It can also have a massive negative impact on consumer trust. So, it’s vital that businesses and individuals continue to adapt and maintain strong cybersecurity procedures. 

In this reading, you explored what data breaches are and how they take place. You examined some notable data breaches that took place in recent history, all of which had major impacts on millions of people globally. 

By completing this reading, you should now understand how data breaches pose a major challenge in the world of cybersecurity and be able to explain why it’s essential to remain vigilant and implement the most effective measures to safeguard user data.

Stealing sensitive data.

That’s correct! A data breach occurs when sensitive or confidential information is accessed, stolen, or disclosed without authorization. This can include personal information like names, social security numbers, or financial data like credit card numbers.

True

That’s correct! The Stuxnet worm was the first of its kind to impact industrial machinery. It was designed to cause physical damage to the machinery by altering the speed of the centrifuges, making them malfunction and causing them to fail.

A malicious program that presents itself as a harmless file or software.

That’s correct. A trojan is a type of malicious program that disguises itself as a harmless file or legitimate software. Its main purpose is to create a vulnerability in the user’s system, allowing an attacker to gain control or cause damage.

Use antivirus and antimalware software.

That’s correct! Antivirus and antimalware software can help detect and remove malicious software from your computer. It is important to keep this software up to date and to run regular scans to ensure that your system is protected.

Always update your operating system.

That’s correct! Keeping your operating system up to date is an essential step in protecting your computer from trojans and viruses. Updates often include security patches that address known vulnerabilities, making it harder for attackers to exploit them.

Your computer has been infected with ransomware. 

That’s correct. Ransomware is a type of malicious software that encrypts a user’s data. The attacker then demands a ransom from the victim to restore access to the data upon payment.

Well done and congratulations on finishing another lesson!

Within this lesson, you explored several topics relating to cyberattacks. You also discovered different types of malware and examined historical data breach incidents. However, this lesson only introduced you to a comprehensive topic. If you’d like to take your knowledge to the next level, try exploring the various resources below:

• Describe what is cybersecurity: Review how the concepts of cyberattacks, cybercriminals, and cybersecurity are defined.
• Describe threat landscape: Delve into the threat landscape and explore the various means cybercriminals use to carry out cyberattacks.
• Describe malware: Explore the intricacies of malware and its different forms, including trojans, ransomware, and worms. 
• Trojans, ransomware, and worms: Take a closer look at each of these specific types of malware to understand their characteristics and impact.
• The growing threat of ransomware: Gain insights into the increasing prevalence and impact of ransomware attacks.
• Examine how phishing retrieves sensitive information: Deepen your understanding of phishing attacks and their methods of retrieving sensitive data. 
• Spoofing: Learn about the deceptive techniques used in spoofing attacks and their impact on data security. 
• Protect your data and prevent loss: Gain valuable insights on how to protect your data and prevent data loss, enhancing your knowledge of data security practices. 

By exploring these additional resources, you will further expand your understanding of cybersecurity, malware, phishing, spoofing, and data protection, equipping yourself with valuable knowledge to navigate the ever-changing landscape of cybersecurity threats.

Introduction 

Malware programs are constantly evolving, and cybercriminals are exploring new and effective ways to invade protected systems using innovative new malware programs. As a cybersecurity professional, you must be aware of the latest threats facing the digital world today. 

Therefore, in this reading, you will delve further into malware and ransomware learning how they evade detection and spread and how the cybersecurity community is learning how to detect them.

Evading detection

Before jumping into the details of evading detection techniques, let’s talk about obfuscation, this is a common practice that programmers have used for decades to intentionally make their code unreadable to protect it from being easily understood or used by others. Think about when you’ve written a secret note or used a code to communicate with your friends. You changed the message so others who saw it wouldn’t understand, right? Malware developers actively use this technique to prevent security specialists from understanding what the code is doing.

Now let’s explore some of the techniques these malware use to avoid detection, which malware authors are continually changing.

Metamorphic malware

If you can imagine a scenario where a policeman is searching for a red car that’s been stolen, and the thief knowing that the policeman is looking for a red car decides to paint the car blue instead. The policeman is likely to ignore the now blue car as they have been searching for a red car! The thief can now travel to their destination in this now-recolored car!

This is a simple analogy; however, metamorphic malware works similarly, continually changing its code while keeping its functionality the same. It does this by using obfuscation techniques to change its code. Metamorphic malware can rearrange code blocks, insert junk code, rename variables, and more – all to generate a new variant of itself that looks different on the surface but does the same thing.

Because metamorphic malware is constantly changing its code, it is difficult for traditional detection methods to spot. This obfuscation makes it hard and requires a lot of time, skill, and effort to inspect these malware programs and raises the bar for analyzing new threats. Researchers have turned to heuristic and behavioral analysis to identify these shape-shifting threats, which always remains challenging.

So, what is this heuristic analysis and behavioral analysis?

Heuristic analysis and behavioral analysis

The heuristic analysis relies on previously established rules to determine if something is a threat or not. The analysis takes advantage of all the previous analysis or experience. Imagine the heuristic engine as a security guard protecting a bank vault, and they see a van parked across the street. This van has five wheels. The security guard gets on the radio to all his security guard friends and asks about a 5-wheeled van. 8 out of 10 of his friends say that they had a big problem with a van like that.

The security guard now has heuristic or historical evidence about the van and can raise an alert. This process, however, does not work on new threats that have previously unknown components as it relies on the experience of the heuristic engine.

This is often combined with behavioral analysis, which looks at the purpose of a file and can determine if that purpose is a threat or not. If a file is studied and its only function is to delete other files, this behavior matches that of a virus, the file can be isolated, and an alert can be triggered.

Polymorphic malware

Like metamorphic malware, polymorphic malware also changes its code to evade detection. But instead of obfuscating itself, polymorphic malware encrypts its malicious code once it infects a system. It carries its encrypted code along with a decryption module to unlock it. You can think of it like a chameleon, which can quickly change the color and pattern of its skin to match its environment. Similarly, by generating a new encryption mechanism with each infection, polymorphic malware changes its code so that it constantly changes itself to match its environment, which allows it to hide in plain sight.

Countermeasures by malware programs

Malware programs incorporate measures that are designed to detect and prevent analysis attempts. However, cybersecurity analysts frequently operate these advanced malware variants within a controlled setting with the aim of understanding their functions for future identification and neutralization. This presents a fascinating scenario, as these sophisticated malware variants possess the capability to recognize when they’re being executed within virtual servers or containers. Once detected, they halt their malicious activities, thereby complicating the analysis process.

Malware programs like Rootkits hide their presence by tampering with the operating system’s core components. These stealthy tools can intercept and manipulate system calls, making it extremely difficult for security professionals and programs to detect them. 

To evade detection and maintain their command-and-control infrastructure, attackers often use fast flux or DGA (Domain Generation Algorithms) techniques. Fast flux involves rapidly changing IP addresses associated with malicious domains, while DGA generates large numbers of domain names to establish communication channels. Both techniques make it harder for security solutions to identify and block malicious traffic.

Detecting the shapeshifters

Malware that can change and evolve may appear frightening. However, there are ways to spot them, and cybersecurity experts are constantly working to strengthen defenses. Detecting these modern malware programs requires intelligent, multi-layered solutions. Signature-based detection alone is not effective against these constantly changing threats. Heuristic and behavioral analysis helps identify malware even when its appearance is shifting. Machine learning and neural networks can also learn the patterns of metamorphic and polymorphic malware to detect even their most advanced variants.

Some software solutions like antivirus software are designed to scan, detect, and remove known viruses, worms, and other types of malware from computer systems. 

There is also anti-malware software, which detects and removes malicious software, including Trojans, spyware, adware, and ransomware.

Email security solutions are also available and are designed to protect organizations and individuals from email-based threats, such as phishing, spear-phishing, and malware delivered through email attachments or links.

Organizations should ensure that they have solid security policies. These policies should include:

• Strong passwords and multi-factor authentication (MFA).
• Robust security solutions such as firewalls and specialized detection software.
• Mandatory software security updates.

Additionally, organization should educate employees on good security practices and build awareness of the latest cyberattacks.

Conclusion

In this reading, you explored the lifecycle of malware and ransomware, learning some important insights. You discovered the different techniques malware and ransomware use to evade detection and how they operate undetected. You also learned about their ability to modify their code and understand how the cybersecurity community is learning how to detect them.

Introduction 

Malware programs consistently evolve, with cybercriminals finding effective ways to exploit your devices. In this reading, you will also explore some real-world malware and ransomware incidents that have occurred recently and examine some of the alarming statistics from 2022 that these attacks caused.

Notable malware and ransomware attacks

Zeus

Let’s start with one of the most well-known and advanced types of banking malware that has infected millions of computers around the world, Zeus.

Zeus is traditionally distributed through phishing emails. After infecting computers, it uses various techniques to evade detection and communicate with the command-and-control center. Zeus is a polymorphic malware, so it changes its code while keeping the original algorithm intact and can encrypt the code simultaneously, making each new version of Zeus look different, making it evade signature-based detection. It can maintain communication with the command-and-control centers using the DGA technique. Zeus uses a technique called WebInjects to modify web pages in real-time to steal data. This is difficult to detect because the changes are only present in the user’s browser and not on the actual webpage.

Emotet

Next is Emotet, an advanced, self-propagating banking Trojan that has been active since 2014. It continues evolving and incorporating new techniques to evade detection, spread widely, and steal data from victims. Emotet is spread via spam emails that contain Microsoft Office documents with malicious macros. The macros, when enabled, download and install the Emotet payload. Emotet then unpacks its code in memory and uses polymorphic techniques to change its signature across versions; in other words, it continually changes its code to match what software version it is installed on. After running, Emotet can also delete its file from the disk to avoid file-based detection.

Locky

In 2016, another notorious ransomware virus called Locky spread via email attachments. Locky spread by attaching itself as a macro to a Microsoft Word document within an email. When the victim received the email and opened the Word document, they would only see characters on the page that made no sense. The victim would be asked to enable the macro to view the document. When the victim enabled macro, Locky would launch and load itself onto the system memory. Once this occurred, it downloaded the encryption program, which then encrypted and locked the users’ files, and similar to other attacks you studied, it would demand a ransom payment of between 0.5 to 1 bitcoin.

NotPetya

Next is NotPetya, which primarily targeted Ukrainian organizations but eventually spread globally, causing significant financial losses for major companies like Maersk, Merck, and FedEx. Unlike typical ransomware, NotPetya aimed to cause widespread damage by encrypting the Master Boot Record (MBR) of infected systems.

REvil

Another recent ransomware attack was REvil, which targeted JBS Foods. It disrupted JBS’s operations in the US, Australia, and Canada for several days. REvil demanded $11 million in ransom, which JBS allegedly paid.

Ryuk

Next is Ryuk, a ransomware that targeted several US newspapers, encrypting files and demanding large ransoms. The attack disrupted the publication of several major newspapers, like the LA Times and Chicago Tribune, for days. One of the most significant Ryuk ransomware incidents involved Universal Health Services (UHS) in 2020, disrupting healthcare operations across the United States.

Colonial Pipeline

And lastly, Colonial Pipeline was an attack that targeted the largest fuel pipeline in the US. The attack led Colonial Pipeline to shut down its pipeline for several days, causing fuel shortages and price spikes across the Southeastern US.

Ransomware statistics for 2022

Ransomware attacks have had a major impact, causing considerable damage to organizations and governments worldwide. Statista, a leading online statistic and market research company, has stated that in 2022 alone:

• There were a staggering 236.1 million ransomware attacks worldwide. (Statista)
• The number of ransomware attacks grew by 18% between the first and second quarters of 2022, increasing from nearly 106 million incidents to around 130 million incidents globally. (Statista)
• A substantial 71% of companies worldwide fell victim to ransomware attacks in 2022. (Statista)
• Of those affected by ransomware attacks, 62.9% opted to pay the ransom. (Statista)
• Austria experienced the highest rate of ransomware attacks, with over 80% of organizations reporting an attack during the year. (Statista)
• According to 54% of respondents, phishing scams were the leading cause of ransomware infections. (Statista)

Conclusion

In this reading, you explored several real-world malware and ransomware incidents that have occurred recently. You also examined statistics from 2022 that demonstrated the impact that these attacks can have.

As someone aspiring to a career in cybersecurity, it’s essential to understand these issues and remain vigilant in safeguarding your data.

Introduction 

In today’s digital age, organizations face a constant challenge to stay up-to-date and knowledgeable on the tactics used by cybercriminals, tactics that are used to take advantage of and exploit unaware people. Previously you learned what phishing and social engineering are and explored several methods used by cybercriminals.

In this reading, you will examine these methods in further detail and how cybercriminals use these various tactics to trick users into giving away sensitive data or performing unwanted actions.  

Social engineering and phishing tactics

Pretexting

Let’s start with pretexting. Earlier you learned that this is a technique where the attacker creates a false pretext or scenario to extract sensitive information from the target. So, the attacker may pretend to be someone else, like a new employee or a repairman to gain access to restricted areas or information. For example, an attacker may call a target pretending to be from the IT department to get the target to disclose their login password.

Baiting

You also learned how baiting lures victims with a seemingly genuine offer that entices them to disclose personal details or download malware. Therefore, appealing objects like USB drives or CDs with intriguing titles are placed where targets can access them. Once the target inserts the device, malware or tracking software is installed to compromise the system. Baiting takes advantage of human curiosity to deliver the payload.

For example, an attacker may drop several USB drives with an interesting label like “Confidential Salary Info” or “Layoff List” in a company’s parking lot. An unsuspecting employee may then insert the drive into their work computer, which installs malware that gives the attacker access.

Smishing and vishing

Next is smishing and vishing, this is where cybercriminals trick their victims using text messages and voice calls. Smishing refers to “SMS phishing” and involves sending malicious text messages to manipulate targets. Vishing stands for “voice phishing” and uses phone calls to scam people into giving away sensitive data or money.

For example, an attacker may call or SMS a target claiming to be from their bank’s fraud department to trick them into providing their online banking login or credit card number. The attackers may also spoof the caller ID to match the legitimate company they are impersonating.

Cold calling

Another technique that cybercriminals use is cold calling, where cybercriminals place unsolicited phone calls to targets. An example of this would be an attacker operating a fake tech support call center who calls victims claiming to need diagnostic access to their computer to fix a non-existent issue. The goal is to get the target to provide remote access and financial information.

Impersonation

Next is impersonation which involves an attacker contacting a target and pretending to be a trusted individual or authority figure to manipulate the target into providing information or access. The attacker relies on the target’s willingness to obey those in perceived authority. For example, an attacker may pretend to be a tech support specialist, police officer, or executive to get a target to follow instructions.

Tech support scams

Another strategy used by criminals is to call you directly on your phone while posing as a representative of a software firm. They might even spoof the caller ID to display a legitimate support phone number from a trusted company. They can then ask you to install applications that give them remote access to your device. They can then display normal system output as signs of a problem using remote access. Then, when you engage with scammers, they can offer fake solutions to your “problems” and ask for payment in the form of a one-time fee or subscription to a supposed support service.

Quid pro quo

Another one you explored earlier was quid pro quo which offers the target something in exchange for sensitive information. This technique can be highly effective as the ‘something’ offered could be money, access, or another resource.

An example would be an attacker sending an email claiming the target has won a $500 gift card to an electronics retailer in exchange for completing a ‘short survey.’ The survey prompts the target to enter sensitive details like social security numbers, account numbers, and passwords. In reality, there is no actual gift card. The attacker collects the information provided by the target.

Tailgating

You also learned about tailgating, also known as “piggybacking,” which involves physically following an authorized person into a restricted area. The attacker gains access by appearing to be accompanying the authorized individual or by deceiving them into holding a door for the attacker.

For example, an attacker may approach an employee entering a secure office or server room and ask them to hold the door, claiming they need to grab something or get access quickly. The attacker can then slip through the open door into the restricted space.

Spear phishing

Spear phishing targets specific individuals, usually high-profile targets, by sending phishing emails tailored to that specific target. For example, an attacker may research a company executive’s hobbies and interests to craft a personalized email. Spear phishing has a high success rate due to its tailored nature.

Whaling 

Whaling is a specialized form of spear phishing that targets high-level executives like CEOs. These targets are referred to as “big fish” hence the term whaling. For example, an attacker may send an email impersonating the CEO of a business partner organization to obtain wire fraud funds.

Dumpster diving

The next method is dumpster diving, which comprises searching through a target’s trash for data that may be utilized for identity theft or social engineering. Attackers look for documents that include personal information, such as bank statements, utility bills, tax returns, and other communications. Even though many companies and individuals shred private documents these days, this method is still employed.

Reverse social engineering

Another type is reverse social engineering which preys on the helpfulness and willingness of humans to assist others in need. The attacker poses as someone needing help, like a new employee or intern, to convince the target to grant them access to sensitive data or areas to help them do their job. The target believes they are helping the attacker out of kindness.

Shoulder surfing

Next is shoulder surfing which involves physically observing a target while they enter sensitive data or access secure systems. The attacker can see passwords, PINs, account numbers, and other details over the target’s shoulder. For example, a person withdrawing money at an ATM. This technique is very effective since targets are often oblivious to their surroundings when focused on a task.

Elicitation

Elicitation is a subtle technique where an attacker engages a target in normal conversation but steers the discussion in a direction designed to get the target to disclose sensitive details. The attacker may ask probing or intriguing questions and show an interest in the target’s responses to extract information in a casual, trusting manner. Elicitation is a highly effective way to gather data without raising the target’s suspicion.

Conclusion

Hackers continuously develop new methods to deceive and scam people and organizations into handing over sensitive data. These strategies are carefully thought out and can trick even people with a technical mindset. Because of this, it’s crucial for future cybersecurity professionals to understand how attackers operate and the strategies they employ. Which is essential for safeguarding both businesses and people and enhancing client satisfaction and long-term business success.

Introduction 

You discovered earlier that threat actors use threat vectors to gain unauthorized access to a system. Threat vectors serve as an attacker’s main entry point into a system or organization. You also explored several common threat vectors including email, watering holes, and social media. However, cybersecurity threats are increasing due to better technological advances and additional threat vectors, giving cybercriminals additional opportunities to compromise systems and organizations. 

In this reading, you will examine additional threat vectors that have yet to be covered and explore several methods to mitigate against them.  

Password cracking

Let’s dive in with password cracking. This method involves an attacker acquiring access to an application, service, or data store that enables them to test many password combinations for an account. Attackers employ sophisticated software that quickly tests hundreds of combinations. If the password is short, weak, common, or the same as another account password owned by the user, the chances are good that an attacker can guess the password and compromise the account.

Insider attack

Next is insider attack which involves someone within your organization conducting illicit activities in your office or company network. These sorts of attacks can be the most damaging. The insider usually knows a lot about your company. They also clearly understand how to maximize the negative effect on the company and its data. Motivations for a malicious insider vary, but typical ones include:

• Disgruntled employees looking for ways to make extra money.
• The insider wants to harm specific individuals or the organization as a whole.

A malicious insider may even take steps to ensure long-term access by building in backdoor accounts, going straight to exfiltration, or deleting sensitive data. Users with administrative rights are typically the most dangerous malicious insiders.

Hardware vulnerabilities

Another threat vector can be hardware vulnerabilities, which refer to weaknesses in the components of computing devices like processors, memory, and hard drives that attackers can exploit to access systems and data. These vulnerabilities are particularly dangerous because they reside in the underlying architecture of devices, allowing attackers to bypass many traditional security controls.

An example of hardware vulnerabilities includes Meltdown and Spectre, which affected processors, and a variety of flaws in hard drive firmware. For example, vulnerabilities like Checkm8 enable hacking tools to take advantage of these issues.

Meltdown and Spectre

In early 2018, critical vulnerabilities were discovered in Intel, AMD, and ARM processors. Meltdown affected Intel processors, while Spectre impacted Intel, AMD, and ARM chips. These flaws enabled attackers to access protected memory spaces and extract sensitive data, including passwords and encryption keys. Billions of devices were affected,, ranging from desktop computers to cloud servers and mobile phones. Although patches were released, they introduced performance impacts.

Meltdown and Spectre raised concerns about the susceptibility of crucial hardware components and the potential for security breaches. Fortunately, no major hacking incidents exploiting Meltdown and Spectre were reported, but they significantly undermined trust in everyday devices.

Checkm8 (Checkmate)

Checkm8 was a significant hardware vulnerability discovered in Seagate hard disk drives, allowing attackers full access to the hard drives. Although Checkm8 targets Seagate HDDs, researchers found that it could also be exploited to access iPhones and iPads. Hackers used Checkm8 to develop jailbreaking tools like Checkm8 that allow bypassing boot loaders on iPhones and iPads to run unauthorized software. Checkm8 works on most iPhones from the 4S generation through to the iPhone X.

Typosquatting

Another threat vector is typosquatting or URL hijacking. Attackers use typosquatting to create malicious websites with domain names similar to popular, trusted websites, hoping that victims mistype the URL and visit the malicious site instead. For example, using CompanyName.cm instead of CompanyCame.com. Victims then enter login credentials or personal data on the malicious site, enabling the attackers to steal that information.

You can mitigate against typosquatting by:

• being cautious when entering URLs, 
• using bookmarks for frequently visited sites, and
• watching closely for slightly misspelled domain names. 

Organizations should also monitor typosquatted domains like their own and take legal action to remove them.

SQL injection

Many databases use SQL language to process data stored in the database quickly. However, another threat vector, called SQL injections, can exploit vulnerabilities in web applications that use SQL databases.

Attackers inject malicious SQL code into forms or URLs to manipulate the database, gain access to sensitive data, or execute commands. This is a serious risk and can give the attackers full access to the database. Programmers should always properly sanitize and validate user input while developing software and web applications to prevent SQL injection attacks. 

The following image shows a timeline of events for SQL injection cyberattacks.

Rogue access points

Threat actors can compromise wireless access points to distribute malware and gain unauthorized access to networks. Using their own rogue access points, attackers can hack into existing access points in areas with Wi-Fi, for example, hotels, airports, or coffee shops. Unsuspecting victims will then connect to these access points, enabling the attackers to distribute malware, steal login credentials and data, or gain access to the network.

You can mitigate against rogue access points by using strong encryption on wireless networks, choosing unique passwords, educating users on the risks of unknown Wi-Fi networks, and monitoring for unauthorized access points.

Privilege escalation

Finally, privilege escalation refers to how unauthorized users gain access to restricted resources and elevated privileges on a system. Privilege escalation allows an attacker with limited access to expand their control over more sensitive areas and functionalities gradually. Attackers exploit privilege escalation vulnerabilities, allowing them to move from ordinary users to administrators, thus gaining full control over systems and data within an organization, allowing them to

• deploy malware, 
• install backdoors, 
• modify configurations, 
• steal information, or
• launch other malicious actions with little limitation. 

Because privilege escalation vulnerabilities abuse existing access, it often goes unnoticed until substantial harm has been done. Stopping privilege escalation and threats requires important security precautions to be taken. The core idea is limiting access and power to only users with a genuine need. This means providing minimal access privileges by default and evaluating all privileges before granting them.

Conclusion

In conclusion, threat vectors continue to adapt and increase with the technological advancements that are taking place in today’s digital world. Providing attackers with more opportunities to break into networks and businesses. 

Throughout this reading, you gained a better understanding of the various threat vectors and the growing threat landscape within organizations. You explored hardware vulnerabilities like Meltdown, Spectre, and Checkm8. You also learned how dangerous they are to the cybersecurity community and how they leave your device unprotected from threat actors. It’s vital that you continue to learn about any new threats that appear. The more you understand and educate yourself on these topics, the greater protection you can provide to your system and organization. 

It’s a cyberattack done using third-party software vendors.

That’s correct. A supply chain attack is a cyberattack that targets an organization’s supply chain by exploiting vulnerabilities in third-party software vendors. The attacker infiltrates the vendor’s software development process and inserts malicious code into the software update or release.

True

That’s correct. Phishing is a social engineering attack designed to trick victims into revealing sensitive information, such as usernames and passwords or financial data using digital media like email, SMS, or voice calls. Social engineering is a broader category of attack that encompasses a range of tactics designed to manipulate human behavior, including phishing, pretexting, baiting, and more.

Attackers exfiltrate user data before encrypting it.

That’s correct. In a double extortion ransomware attack, the attackers not only encrypt the victim’s data but also exfiltrate the data before encrypting it. They then threaten to publicly release or sell the stolen data if the ransom is not paid, in addition to demanding payment for the decryption key.

The combination of vulnerabilities, threats, and their potential impact on an organization’s assets.

That’s correct. The threat landscape in cybersecurity refers to the combination of vulnerabilities, threats, and their potential impact on an organization’s assets.

Vishing is a social engineering attack involving phone calls, while smishing involves text messages.

That’s correct. Vishing is a type of social engineering attack that involves phone calls, while smishing involves text messages. Both attacks are designed to trick victims into revealing sensitive information or performing certain actions, such as clicking on a malicious link or providing login credentials.

Well done and congratulations on finishing another exciting lesson!

Within this lesson you explored several topics relating to threat vectors, including an examination of the various types of threat vectors and some real-world examples of them. You also explored threat actors and threat landscapes and discovered some mitigation techniques you can use to protect your system and organizations networks. However, this is a comprehensive topic and there is still a huge amount to learn! To take your knowledge to the next level, try exploring the various resources below.

If you would like to explore additional information on Trojans and Worms try clicking on these links.

You explored important terms including threat landscapes, threat vectors and threat actors, an article Exploring today’s work and threat landscape describes the threat landscape on a larger scale. You learned that Fileless malware is extremely difficult to detect, this malware uses existing applications and software that is already installed on your device, it does not need to install any extra applications. This interesting article called Fileless malware goes in to greater detail of how it infects your device.

There was a variety of malware explored throughout this lesson. These articles from the Microsoft learning path, coin miners, rootkits, and exploit kits explore these topics in greater depth. There are additional threat vectors, social engineering, and phishing tactics, the following list of articles explores these topics in greater detail:

• Password cracking and Malicious insiders
• Macro malware
• Supply chain attacks
• Phishing and Phishing trends
• Tech support scams
• Unwanted software

And finally, the resource Malware names demonstrates how malware programs are named and the learning path also provides some general guidelines to prevent malware infections. 

Introduction

Though you might not be aware of it yet, biometrics is becoming a part of everyday life. Would you be surprised to find out that you are probably using biometric security every day? Whether it’s using a fingerprint scanner to access your banking application or facial recognition to unlock your cellphone. As technology advances, the necessity for more advanced security measures is becoming increasingly critical.

Biometric security offers advanced authentication methods that use unique biological characteristics to verify an individual’s identity, just like your cellphone. In this reading, you are going to learn what biometric security is, the various types of biometric security policies, the benefits and disadvantages of biometric systems, and the risks involved in their use.

Let’s jump in by finding out what exactly is biometric security. 

What is biometric security?

Biometric security uses distinctive physical or behavioral traits to identify and authenticate individuals to grant them access to systems, devices, or physical locations. These traits are difficult to duplicate, making biometric security a more secure alternative to traditional password or keycard-based systems.

Types of biometric security systems

There are several types of biometric security systems, each of which uses a distinct biological trait to identify people. Let’s explore some of the most common types, which include:

Eye scanning

Eye scanning involves two major types: 

• Firstly, iris scanning, which captures the pattern of the colored ring around the pupil. Iris scanning is non-intrusive, highly accurate, and offers fast authentication, but it can be sensitive to lighting conditions and certain eye conditions or eyewear.
• Next is retina scanning, which captures the pattern of blood vessels at the back of the eye. Retina scanning is extremely accurate but can be intrusive, slower, and expensive to implement.

Fingerprint recognition 

Fingerprint recognition analyzes the unique ridges and patterns found on a person’s fingertips. This method is widely used for its affordability and ease of implementation, you’ve probably seen it used on cellphones.

Facial recognition

Another type is facial recognition which maps an individual’s facial features to create a unique biometric profile. This method is gaining popularity because of advancements in camera technology and machine learning algorithms.

Other methods

Additional biometric security methods include voice recognition, palm print scanning, and behavioral biometrics such as keystroke dynamics, amongst others.

Benefits of biometric systems

There are several advantages to using biometric security systems, including:

Enhanced security

Biometric identifiers are unique to everyone, making it difficult for unauthorized users to gain access.

Faster authentication

Biometric authentication is typically quicker than entering passwords or using keycards.

Better convenience

Users don’t need to remember passwords or carry physical keys or cards. 

Biometric audit trail

Another advantage of biometric systems is how they enhance accountability by providing a clear and accurate audit trail of access to sensitive areas or data. Each time an individual uses their biometric data for authentication, the system logs the exact time, date, and user identity associated with the event.

With a biometric audit trail, organizations can accurately track who has accessed specific resources, such as secured rooms or confidential files, and when they did so. This helps ensure that only authorized personnel gain access and allows for quick detection of any unauthorized access attempts. When security breaches or other incidents happen, the audit trail can be used to determine who was present at specific times and locations, aiding in investigations and narrowing down potential suspects.

Organizations can use the biometric system’s audit trail to demonstrate compliance with security policies and regulations, proving that they have taken necessary steps to restrict access to sensitive data or areas. Additionally, adopting biometric security systems has its advantages. Employees are less likely to engage in inappropriate behavior when they are aware that biometric systems provide an accurate record of access since they are aware that their actions may be linked back to them.

Disadvantages of biometric systems

However, despite their benefits, biometric systems do have some drawbacks, including:

• Privacy concerns: Collecting, storing, and processing biometric data raises privacy concerns, as this information can be used for unauthorized purposes if not properly protected.
• False positives and negatives: Biometric systems may accidentally generate false positives (granting access to the wrong person) or false negatives (denying access to the correct person), especially if the system is not well-maintained or calibrated or if there are hardware issues.
• Implementation costs: Implementing biometric security systems can be expensive, particularly for more advanced technologies like retina scanning.

Risks involved with biometric systems

While biometric security systems offer many advantages, there are some notable risks involved.

Data breaches

The primary concern relates to data breaches. Because biometric data is stored in centralized databases or on individual devices, it becomes vulnerable to cyberattacks. If unauthorized access to this sensitive information occurs, the privacy and security of users is jeopardized. Also, the collection, storage, and processing of biometric data can make users uncomfortable, as they may fear misuse or unauthorized access to their sensitive information.

Lifelong security risk

Another significant risk associated with biometric systems is the unchangeable nature of biometric data. Unlike passwords that can be altered, biometric data remains the same throughout an individual’s life. Therefore, if a person’s biometric data is compromised, it poses a lifelong security risk since their unique biological traits cannot be modified or replaced.

Technical limitations

Certain technical limitations affect biometric systems. Factors such as poor lighting, environmental conditions, or damaged biometric traits can impact the performance and reliability of these systems. For example, facial recognition may not work effectively in dim lighting, while damaged fingerprints may cause authentication failures.

Legal and regulatory challenges

Organizations using biometric systems may face legal and regulatory challenges. As the use of biometrics is subject to legal and regulatory requirements that vary across jurisdictions. Organizations must be aware of and comply with these regulations to avoid potential fines, penalties, or legal disputes.

Recent biometric incidents 

There have been several incidents involving biometric security systems that have taken place recently. Let’s explore some now. 

In 2015, the United States Office of Personnel Management (OPM) suffered a significant data breach that affected millions of people. While the primary focus was on the theft of personal information, it was later revealed that 5.6 million sets of fingerprints were also compromised. This incident raised concerns about the long-term consequences of biometric data breaches, as compromised fingerprint data cannot be changed.

Another breach occurred in 2019, Suprema, a biometrics security company providing access control systems to organizations worldwide, experienced a massive data breach. The breach exposed the biometric data of over one million people, including fingerprints, facial recognition data, and other sensitive information. This incident highlighted the importance of securing biometric data and ensuring that robust security measures are in place to protect against unauthorized access.

Next is Facebook, who has been using facial recognition technology for several years to automatically identify people in photos uploaded to the platform, as well as to provide accessibility features for visually impaired users. The technology allowed Facebook to suggest tags for recognized friends in photos, making it easier for users to tag and share images.

However, Facebook’s use of facial recognition technology has faced significant controversy and criticism over privacy concerns, data protection, and consent issues. Lawsuits were filed against the company, alleging that Facebook’s facial recognition system violated users’ privacy rights by collecting and storing biometric data without obtaining proper consent. One of the most notable cases was a class-action lawsuit filed in Illinois under the state’s Biometric Information Privacy Act (BIPA).

In response to these concerns and mounting legal challenges, Facebook announced that they will not be using recognition technology to identify people in photos and videos uploaded to the platform anymore. As a part of this decision, Facebook also committed to deleting facial recognition data for billions of users.

Conclusion

Biometric security systems offer advanced authentication methods and have many advantages, but it is not without its risks. In this reading you gained an understanding of biometric security, you explored the different types of biometric security policies including eye scanning (iris, retina), fingerprint, and facial recognition. You have also explored several benefits associated with biometric security and examined some of the risks and disadvantages associated with their use. Finally, you examined some recent incidents that highlighted the importance of robust security measures. 

Biometric technology is continuing to evolve, it’s becoming critical for individuals and organizations to be aware of the associated risks and implement appropriate safeguards to protect sensitive data and maintain privacy.

Introduction

Imagine this scenario: You are an employee of an organization, and while you are working, you receive a notification that an email you received looked suspicious and has now been quarantined. This Microsoft Outlook notification confirms that the message comes from an external organization and to exercise caution when opening the attachment. Maybe you are familiar with this common scenario? 

This is Microsoft Defender doing its job! It works by protecting your system from malicious activity perpetrated by cybercriminals. 

Previously you learned about essential security software that is used in everyday life. In this reading, you’ll dive deeper into how they work. While cybercriminals are becoming smarter every day and inventing new ways to attack or create malware programs, antivirus and firewall developers are also updating their applications to deal with these threats, and this is quite an interesting journey. Let’s jump in. 

Common protections offered by antivirus software

Most antivirus and antimalware programs continuously scan files in your computer and other communication channels like the web and email. Let’s explore them now. 

Web shield

Firstly, a web shield is a technology that scans the websites a user visits, checking for potential threats such as malware, phishing attempts, or other malicious content. It filters incoming data through a proxy server, which intercepts and analyzes the data for suspicious elements. If a threat is detected, the web shield blocks access to the website and displays a warning to the user.

Email shield

Next is email shield technology which scans incoming and outgoing emails for malicious attachments, links, or content. It filters the emails using specific algorithms and heuristics, identifying threats such as viruses, worms, and trojan horses. If a threat is detected, the email shield either removes the malicious content or places the email into a quarantine folder for further inspection.

File shield

There is also file shield technology which continuously monitors the files on a user’s device, scanning for potential threats whenever a file is opened, modified, or executed. It uses signature-based detection and behavioral analysis to identify malware, ransomware, and other malicious content. If a threat is detected, the file shield isolates the file and prevents it from infecting the system.

How do antivirus programs detect malware?

Given the dangers that malware poses, what techniques do antivirus programs employ to identify and neutralize viruses, trojans, and worms? These methods are designed to effectively recognize malicious software based on various characteristics and behaviors. Let’s explore some of the most common techniques that are used by antivirus programs to detect such threats. 

Signature-based detection

First up is signature-based detection which is the most traditional method of identifying malware. This technique relies on the antivirus program’s virus database, which contains unique signatures or patterns of known malware. The antivirus software scans files and compares them to the signatures in the database. If a match is found, the file is flagged as malicious.

However, signature-based detection has its limitations. It can only identify known malware and it is less effective against new or previously unknown threats, which is why it is often combined with other detection techniques.

Heuristic analysis

Next up is heuristic analysis, which involves examining a file’s code, structure, or behavior to identify potential threats. This technique allows antivirus programs to detect previously unknown malware or new variants of existing malware. The heuristic analysis uses algorithms to determine if a file exhibits characteristics commonly associated with malicious software.

However, heuristic analysis can generate false positives because some legitimate programs share features or behavior patterns with malware. However, it is a valuable tool for identifying new threats that may not yet have a signature in the virus database.

Behavioral analysis

Cybersecurity can also complete behavioral analysis by monitoring the real-time actions of software on a system to identify potential threats. This method relies on the principle that malware will exhibit malicious behavior, such as modifying system files, installing unauthorized software, or accessing sensitive data.

If a program exhibits suspicious behavior, the antivirus software will flag it as a potential threat and either block its actions or quarantine the file for further investigation. This approach is useful for detecting malware that may evade signature-based or heuristic detection methods.

Sandbox analysis

Next is sandbox analysis, which involves executing a suspicious file in a controlled, isolated environment, commonly known as a “sandbox.” This technique allows the antivirus program to observe the file’s behavior without risking damage to the actual system. If the file exhibits malicious behavior in the sandbox, it is flagged as a threat and removed from the system.

This method is particularly useful for detecting advanced threats such as zero-day exploits or sophisticated malware that can evade other detection techniques.

Virus database

It is also critical for organizations to hold a virus database, also known as a signature database or malware definition database. It is a vital component of any antivirus software. It serves as a repository of known malware signatures, which are unique patterns or characteristics associated with specific malicious software. By maintaining an up-to-date virus database, antivirus programs can effectively identify and neutralize a wide range of threats. 

Due to the ever-evolving nature of cyber threats, it is essential to keep the virus database up to date. Cybersecurity researchers and antivirus vendors are constantly identifying new malware variants and adding their signatures to the database.

Regular updates are vital because they allow the antivirus software to recognize and defend against the latest malware. However, the frequency of updates can vary depending on the antivirus vendor and the specific software used. Some vendors release updates daily, while others may release updates several times a day. Users should ensure that their antivirus software is configured to automatically update its virus database to maintain optimal protection.

How firewalls work

We’ve talked quite a bit about firewalls.  But how do firewalls work? Let’s find out! 

Firewalls serve as a critical line of defense in network security, monitoring and controlling incoming and outgoing traffic based on predetermined rules. They act as a barrier between trusted internal networks and untrusted external networks, such as the Internet. To understand the technical aspects of how firewalls work, let’s explore how they work behind the scenes. 

One of the fundamental techniques used is packet filtering, which involves inspecting each data packet that passes through the firewall and determining whether to allow or block it based on predefined rules. These rules typically include criteria such as IP addresses, port numbers, and protocol types.

For example, a rule may be set to block all incoming traffic from a specific IP address or to allow only HTTPS traffic through a particular port. Packet filtering is a relatively simple and efficient method for controlling network traffic but may not be sufficient for protecting against more sophisticated threats.

Stateful inspection, also known as dynamic packet filtering or stateful firewall, adds an additional layer of security by maintaining information about the state of active connections. This approach allows firewalls to examine not only individual packets but also the context of the connection in which they are transmitted. 

When a connection is established, the firewall records the details of the connection in a state table. As packets pass through the firewall, they are compared to the state table to determine if they belong to an existing, authorized connection. This method enables firewalls to detect and block unauthorized or malicious packets that may attempt to exploit legitimate connections.

Another technique used is application-layer filtering, also known as deep packet inspection or proxy-based filtering. It involves examining the content of data packets at the application layer of the OSI model. This technique allows firewalls to inspect the actual data being transmitted by the applications, enabling them to detect and block specific types of content, such as malware, spam, or unauthorized access to sensitive information.

Conclusion

In this reading, you discovered how a firewall works and you explored the various firewall configurations available. You also examined antivirus applications learning how they detect malware and why it’s important to update your virus database. 

You now have a great understanding of antivirus and firewall technologies and now know that they are essential components of a robust cybersecurity strategy. By understanding these tools, how they work, and how to configure them to protect your devices and networks, you can take your cybersecurity skills to the next level. 

Introduction

Imagine this scenario: You are 2000 words into a college assignment when you decide to take a break. However, while you are gone from your laptop, your younger sibling unintentionally presses the delete key while playing. When you come back from your break, the paper and its 2000 words have vanished from your device. How would you get it back? What precautions would you take to ensure that this doesn’t happen again?

Every action you perform generates data, be it your daily tasks, academic assignments, or financial reports for your organization. It holds immense value in both personal and professional computing realms. While certain data may not be very private, allowing others to view it without worry. Some data can be extremely sensitive, leading to significant financial harm and breaches of trust if exposed. Additionally, various factors, such as cyberattacks like malware or ransomware and hardware failures, can corrupt, or destroy this data. 

So, in this reading, you’ll explore crucial aspects relating to data protection and discover the recovery strategies that safeguard your valuable information.

Various causes of data loss

Let’s jump in by exploring several causes of why data loss occurs. 

• Accidental deletion: Unintentionally deleting files or folders is a common cause of data loss, often resulting from user error or misunderstanding.
• Human error: Mistakes like unintentional formatting, moving files to incorrect locations, or improper handling of storage devices can lead to data loss.
• Hardware failure: Hard drives and other storage devices can fail due to manufacturing defects, age, or physical damage.
• Software issues: Bugs, compatibility issues, or improper updates can lead to data corruption or loss.
• Power outages: Sudden power failures can result in data loss, especially if the computer was in the middle of writing data to the storage device.
• Malware attack: Malware like viruses, trojans, and worms can delete, corrupt, or encrypt data, rendering it inaccessible without the proper decryption key.
• Natural disasters: Events such as floods, fires, and earthquakes can damage storage devices and result in data loss. This is particularly applicable if a data center is affected by these events.
• Theft or loss: The physical loss or theft of a device containing data can result in the data being irretrievable.
• Firmware or operating system failure: Issues with the firmware or operating system can lead to data loss or inaccessibility.
• Logical errors: Lastly, file system corruption, partition table issues, or bad sectors on the storage device can cause data loss.

Data backup

One of the best solutions to avoid data loss is keeping a regular backup of your data. This not only ensures your data is safe but also saves you from making a serious effort to create that data again. There are various types of software to help you create regular backups of your computer data and store it in physical hard drives, SSD drives, or a cloud storage solution like Microsoft OneDrive, Google Drive, Google Photos, or Dropbox. 

Some operating systems even come with built-in backup and restore applications. For example, macOS comes with ‘Time Machine’, a backup and restore software that can take incremental backups and restore them anytime. 

So, now you have an overview of the role of data backups in preventing data loss, let’s explore some of the common data backup options you have. 

Full backup

Firstly, a full backup involves creating a complete copy of all your data files and folders. This type of backup provides the highest level of data protection, as it ensures that every file is saved. However, full backups are time-consuming and require a lot of storage space, making them less practical for frequent use. Plus, it’s not usually necessary to take full backups every time you change a file or folder. 

However, one of the key benefits of incremental backups is that you can just take a backup of what has changed, let’s learn about it now.

Incremental backup

Incremental backup or differential backup is more efficient than full backups. Instead of copying all the data each time, it only backs up files that have changed or been added since the last backup. This approach saves time and storage space, making it a suitable option for more frequent backups. 

However, restoring incremental backups can be complicated due to the additional time it takes. This is because it requires the most recent full backup and all subsequent incremental backups to complete the restoration.

Database backup

Backing up personal computer files is a crucial aspect of your daily safety precautions. However, when it comes to organizational data backup, the process can be more involved. Most web applications rely on databases to store user information. Several database engines, such as MySQL, PostgreSQL, MongoDB, Microsoft SQL Server, and Oracle, are used by organizations and businesses worldwide. Each of these database engines offers data backup solutions, while third-party software vendors might also provide additional backup options with additional features.

It’s essential to develop a database backup strategy that addresses the specific needs of your organization. Ensuring you consider factors like the size of the database, the frequency of updates, and the level of data sensitivity. 

Encrypting data storage (full disk encryption)

You can also complete full disk encryption. A whole hard drive, SSD, or USB drive can be encrypted as a reliable method of preventing unwanted access to your data if it is lost or stolen. Encryption tools convert your data into an unreadable format, which can only be accessed with the correct decryption key. Some popular encryption tools for full-disk encryption are Microsoft Bitlocker for the Windows operating system, VeraCrypt for Linux, and FileVault for macOS. You might be surprised to hear that your operating system continues to work like a regular machine even when the disk is encrypted with these tools. While there may be a slight decrease in performance due to the encryption and decryption processes, modern hardware and encryption algorithms have minimized this performance impact, making it negligible for most users. 

It’s vital to be aware that malware programs can still access files on an already encrypted disk if they gain access to the system while it is unlocked and running.

So how do you protect your data, what security options do you have? 

Preventing data theft from your device

When working with sensitive data security precautions are vital for your protection. Failing to take these precautions can result in unauthorized access to your personal information, which may have severe consequences.

The following steps will help you ensure your data is securely removed from your devices before they change hands:

1. Back up your data: Before selling or disposing of a device, ensure you have a complete backup of your personal data. 
2. Sign out of account: Sign out from services like iTunes or Google, and any other personal accounts, including email, social media, and cloud storage services.
3. Factory reset your device: Perform a factory reset on your computer or phone to remove all your personal data and restore the device to its original settings. For computers, this may involve reinstalling the operating system.
4. Securely erase your hard disk: Always use a secure erase tool to overwrite your hard disk or SSD multiple times, ensuring it cannot be easily recovered. Some operating systems have built-in tools for this purpose, like “Secure Delete” in macOS. For Windows, you may need to use command line tools or third-party software. 
5. Physically destroy the storage: If you are disposing of a hard disk, SSD, CD, or USB drive and want to guarantee data security, consider physically destroying the disk. 

Data recovery

So, just like in the scenario, your assignment or work has been accidentally deleted, how do you recover it? Let’s find out!

• Recovery strategies: Data loss can be a distressing experience, fortunately, several data recovery strategies can help you retrieve your lost or deleted files.
• Check your recycle bin or trash: Before panicking, ensure that the deleted file isn’t in your computer’s Recycle Bin (Windows) or Trash Folder (macOS). If it’s there, simply right-click and select “Restore” to recover the file.
• Use backup copies: If you’ve been following a robust backup policy, you should have at least one backup copy of your data. Retrieve the lost data from your external hard drive, USB flash drive, or cloud-based storage service.
• File History or Time Machine: Use built-in backup and restore tools like File History (Windows) or Time Machine (macOS) to recover previous versions of lost or deleted files.
• Recovery software: Utilize data recovery software to scan your storage device and attempt to recover lost files. Be sure to act quickly, as the likelihood of successful recovery decreases as new data is written to the storage device.
• Professional data recovery services: If the data loss is due to hardware failure, physical damage, or other complex issues, consider getting help from a professional data recovery service. While this option can be expensive, it may be necessary for recovering critical data.
• Restore from a System Restore Point (Windows): If you’ve lost data due to a recent system change, you may be able to recover it by restoring your computer to an earlier restore point.
• Utilize cloud-based services: If your data was stored on a cloud-based service like Google Drive or Dropbox, check the service’s built-in recovery features, such as version history or a deleted files folder, to recover your data.
• Use antimalware software: To prevent data loss from malware attacks, always install reputable anti-malware software and keep it up to date. 

Conclusion

You now understand that keeping personal and company data safe and secure is an essential part of cybersecurity. In this video, you learned how damage can be caused to your data and device. You also learned how backups can be used to recover your data from accidental data loss.

Preventing data loss in the first place is the best method for dealing with it. You can protect not just your data but also your devices by implementing reliable backup plans, and encryption, and exercising caution when deleting documents and files. 

It adds another layer of security on top of the password.

That’s correct. Multi-factor authentication requires additional verification methods, such as a code from an authenticator app or a fingerprint, making it harder for unauthorized users to access an account even if they have the password.

Even if the password is leaked, it prevents someone from getting access to the user account.

That’s correct. Multi-factor authentication requires additional verification, making it difficult for attackers to access an account, even if they have obtained the password.

They are vulnerable to false acceptances and rejections.

That’s correct. Biometric security systems, while generally accurate, can occasionally produce false acceptances (granting access to an unauthorized individual) or false rejections (denying access to an authorized individual).

Restore files from a recent backup.

That’s correct. Regular backups of your data can be a lifesaver in case of a ransomware attack. You can restore your system from these backups after removing the ransomware from your system.

Store passwords securely in an encrypted database.

That’s correct. Password managers store your passwords securely in an encrypted database, making it difficult for unauthorized individuals to access your login credentials.

Automatically generate strong, unique passwords.

That’s correct. Password managers can automatically generate strong, unique passwords for each of your accounts, reducing the risk of using weak or reused passwords.

Reduce the need to remember multiple passwords.

That’s correct. Password managers can remember and autofill your login credentials, allowing you to access your accounts without having to remember each password.

True

That’s correct. Recent versions of Windows operating systems come with a free antivirus called Microsoft Defender, which is integrated into the system and provides real-time protection against various types of malware and other security threats.

False

Prevents unauthorized access to storage

That’s correct. Full disk encryption secures the entire storage device, not just individual files or folders. This means that unauthorized users cannot access the encrypted data without the proper decryption key, providing an additional layer of security.

Prevents data theft even if the physical device is stolen

Behavioral analysis

That’s correct. The behavioral analysis focuses on monitoring the behavior of programs and processes running on a system to identify any suspicious or malicious actions. By analyzing the actions and activities of a program, antimalware software can detect patterns and behaviors commonly associated with malware.

Heuristic analysis

That’s correct. The heuristic analysis involves using algorithms and rules to identify potentially malicious patterns and behaviors that may indicate the presence of malware. It allows antimalware software to detect and block unknown or newly emerging threats based on their behavior or characteristics, even if they have not been previously identified.

Sandbox analysis

That’s correct. Sandbox analysis involves running potentially malicious files or programs in a controlled virtual environment, known as a sandbox, to observe their behavior. By monitoring their actions, the antimalware software can identify any malicious behavior or activities, such as unauthorized system changes or attempts to exploit vulnerabilities.

You were the victim of a social engineering attack.

That’s correct. In this scenario, you were tricked into clicking on a link in an email and changing your password. The email falsely claimed that you needed to update your password, which is a common tactic used in social engineering attacks.

You were the victim of a phishing attack.

That’s correct. Phishing is a type of social engineering attack where attackers impersonate a trusted entity, such as a legitimate website or service, to trick individuals into divulging sensitive information like passwords.

Spear phishing

That’s correct. Spear phishing is another type of targeted phishing attack that involves sending tailored and personalized emails or messages to specific individuals or groups within an organization. The attackers research to gather information about their targets, making the phishing messages appear more credible and convincing.

Whaling

That’s correct. Whaling, also known as CEO fraud or executive phishing, is a type of targeted phishing attack that specifically focuses on high-profile executives within an organization. Cybercriminals send tailored emails or messages to these individuals, often impersonating trusted entities or colleagues, in an attempt to trick them into revealing sensitive information or performing actions that can be exploited by the attackers.

Command-and-control center

That’s correct! The command-and-control center serves as the central hub for the malware operation. It is responsible for coordinating and controlling the infected systems, issuing commands to the compromised devices, and receiving data or instructions from the malware.

Meltdown and Spectre exploit hardware vulnerabilities in processors.

That’s correct. Both Meltdown and Spectre are hardware vulnerabilities that affect processors. They exploit weaknesses in the way modern processors perform speculative execution, allowing unauthorized access to sensitive information.

True

That’s correct. Rootkits are a type of malware that is designed to conceal their presence or activities on an infected system. They can use various techniques to avoid detection by the security software, such as hiding their files or processes, modifying system components, or intercepting system calls.

True

That’s correct. Worms are a type of malware that is typically spread by exploiting vulnerabilities in operating systems and software applications to gain access to computer systems. Once a vulnerability is exploited, the worm can self-replicate and spread to other vulnerable systems without requiring any user interaction. By taking advantage of vulnerabilities, worms can rapidly propagate through networks and infect a large number of computers.

True

That’s correct. Both viruses and worms can self-replicate, which means they can create copies of themselves and spread to other files or systems.

watering hole attack

That’s correct. The scenario described here is a watering hole attack where cybercriminals identify a website that is frequently visited by the targeted individuals or organizations. The attackers compromise the website by injecting malicious code or malware into it. When the employees visit the compromised website, their computers may become infected with malware, allowing the attackers to gain unauthorized access to the targeted organization’s systems or steal sensitive information.

Meltdown, Spectre

That’s correct. Spectre is a vulnerability that affected nearly all Intel processors, along with AMD and ARM chips. Meltdown, on the other hand, primarily impacted Intel processors. Both vulnerabilities were discovered in early 2018 and allowed attackers to potentially access sensitive information through speculative execution side-channel attacks.

Stuxnet

That’s correct. Stuxnet is malware that caused significant damage to industrial systems, specifically targeting SCADA systems used in critical infrastructure facilities. Stuxnet was designed to compromise and sabotage the programmable logic controllers (PLCs) responsible for controlling industrial processes, such as those found in nuclear facilities or power plants.

Worm, Trojan. Virus, Trojan

That’s correct. Worms can self-replicate and spread autonomously through networks or communication channels. Trojans do not possess self-replication capabilities and rely on user interaction to be executed.

Takes longer to complete compared to other backup methods.

That’s correct. Full backups involve copying all the data from the source, making the process more time-consuming compared to incremental or differential backups that only save changes.

Consumes a significant amount of storage space.

That’s correct. Full backups store a complete copy of your data, which can result in a large amount of storage space being used, particularly for large data sets.

Prevents data theft even if the physical device is stolen.

That’s correct. Full disk encryption ensures that all the data stored on a device is encrypted, making it inaccessible without the correct decryption key. This helps protect your data even if the physical device falls into the wrong hands.

Prevents unauthorized access to storage

That’s correct. Full disk encryption secures the entire storage device, not just individual files or folders. This means that unauthorized users cannot access the encrypted data without the proper decryption key, providing an additional layer of security.

True

That’s correct. Phishing is a subset of social engineering attacks that is done using digital media like email, SMS, and voice calls. Social engineering refers to the manipulation of individuals to deceive them into giving away sensitive information.

Well done and congratulations on finishing another important lesson!

Within this lesson, you explored several important topics relating to Mitigation strategies. You discovered several helpful strategies for protecting your personal data before exploring the fascinating world of biometrics. You also learned how antivirus and firewalls function before focusing on security software and how applications like password generators are fighting back against cybercrime. However, this is a comprehensive topic, there is still plenty to learn. Try taking your knowledge to the next level by exploring the various resources below: 

• Hidden risks in pirated software: Learn how pirated software can help you to understand the hidden risks in it.
• Browse more safely with Microsoft Edge: Learn more about browser security to keep your online accounts safe using the Microsoft Edge browser.
• Web protection: This article will delve deeper into browser security and how to stay safe on the world wide web.
• How to protect against phishing attacks: Learn more about social engineering and phishing attacks and how you to prevent these attacks. This video tutorial will also assist.
• Windows Hello biometrics in the enterprise: Did you know that Windows also comes with a fantastic biometric solution called Hello? This article explores this program in detail.
• Windows security that doesn’t stop: Learn more about Microsoft Defender, which is free software that comes with Microsoft Windows. You can also explore its features from the article Stay protected with Windows Security.
• Microsoft Authenticator: Try using two-factor authentications or MFA now through the Microsoft Authenticator app.

By exploring these additional resources, you’ll expand your knowledge of how to mitigate against cybercrime. Equipping yourself with valuable knowledge will allow you to navigate the ever-changing landscape of cybersecurity threats.