Lecture 8 Cyber Security and Defence:
PART 1
The cybercrime threat is evolving into organized crime. The threat actors are…
- Insider threats: people that are inside your company
- Hacktivists
- Market threat: competitors:
- State-sponsored cyber warfare:
- Organized Crime:
Different companies have to consider different threats.
Human Factor - What does an organization look out for? 33% of social attacks are done by the
exploitation of human behavior.
What is at risk?
Different companies may have different risks:
Theory of an attack:
1. Penetrate: getting inside an organization or company via certain weaknesses. The most
common method is Phishing.
2. Escalate: access to other systems on certain networks to look for valuable info. Stay as
quiet as possible
3. Exfiltrate: Extract the data that he was looking for/ disrupt systems in the form of
ransomware.
How is an attack possible?
(All elements have a social elements)
- The first step is to get as much info as possible via…
- Phishing (send messages/emails, postnl or vodafone). Therefore it is important
to get info about the target. Can be done physically by dressing up in disguise
(santa clause example, cleaning company). Once inside go into the server room.
, - Or.. Weaponize and deliver by using a small computer in black box that can be
connected to a server and navigated remotely. Or using USB sticks that connect
to company hardware can allow breach of software if a certain executable is
installed on the hardware (open the file to enable the malware).
Security vs Functionality:
- Creativity and technology: Something that is prevalent but can also overlook security
maybe from a certain stakeholder
Malicious Software:
- Wannacrypt: ransomware attack should make us Wannacry… You can just download
malware online and can be used to ransomware.
- Most common ways to hack:
-
FPART 2
- Cyber defense: How to protect our data and availability?
- Used to implement 20 critical security controls!
- Be ready to defend!
- Where are your crown jewels? What is the most important data that can leak for your
country?
PART 1
The cybercrime threat is evolving into organized crime. The threat actors are…
- Insider threats: people that are inside your company
- Hacktivists
- Market threat: competitors:
- State-sponsored cyber warfare:
- Organized Crime:
Different companies have to consider different threats.
Human Factor - What does an organization look out for? 33% of social attacks are done by the
exploitation of human behavior.
What is at risk?
Different companies may have different risks:
Theory of an attack:
1. Penetrate: getting inside an organization or company via certain weaknesses. The most
common method is Phishing.
2. Escalate: access to other systems on certain networks to look for valuable info. Stay as
quiet as possible
3. Exfiltrate: Extract the data that he was looking for/ disrupt systems in the form of
ransomware.
How is an attack possible?
(All elements have a social elements)
- The first step is to get as much info as possible via…
- Phishing (send messages/emails, postnl or vodafone). Therefore it is important
to get info about the target. Can be done physically by dressing up in disguise
(santa clause example, cleaning company). Once inside go into the server room.
, - Or.. Weaponize and deliver by using a small computer in black box that can be
connected to a server and navigated remotely. Or using USB sticks that connect
to company hardware can allow breach of software if a certain executable is
installed on the hardware (open the file to enable the malware).
Security vs Functionality:
- Creativity and technology: Something that is prevalent but can also overlook security
maybe from a certain stakeholder
Malicious Software:
- Wannacrypt: ransomware attack should make us Wannacry… You can just download
malware online and can be used to ransomware.
- Most common ways to hack:
-
FPART 2
- Cyber defense: How to protect our data and availability?
- Used to implement 20 critical security controls!
- Be ready to defend!
- Where are your crown jewels? What is the most important data that can leak for your
country?
