IT NS 1 – CYBER SECURITY PRINCIPLES AND EMERGING

CHALLENGES

Chapter I
Introduction to Cybersecurity – Part 2

Introduction
Cybersecurity is a critical issue that affects both individuals and organizations
alike. With the increasing amount of sensitive data being stored and transmitted
electronically, it is essential to maintain robust cybersecurity measures to protect against
cyber-attacks, data breaches, and other malicious activities. However, cybersecurity
measures alone are not enough to protect against these threats. It is also important for
individuals and organizations to be aware of the risks and take proactive steps to prevent
and mitigate them. In this context, cybersecurity awareness plays a crucial role in
promoting safe online behavior and ensuring the security of information systems and data.

Learning Outcome
At the end of the unit, the student should be able to:
 Explain the principles of confidentiality, integrity, and availability in cybersecurity
 Define the different types of cyber-attacks
 Analyze the different risk management frameworks and their application in
cybersecurity.

Learning Content

UNDERSTANDING THE TYPES OF CYBER-ATTACKS AND CYBER-DETECTION

Cyber-attacks refer to malicious activities that are carried out through digital channels with the
intent to harm or gain unauthorized access to computer systems, networks, or devices. Cyber-
attacks can take various forms, including malware infections, phishing, social engineering, denial-
of-service attacks, ransomware, and more. These attacks can result in a range of consequences,
such as data breaches, financial losses, reputational damage, and even physical harm.

Cyber detection, on the other hand, refers to the process of identifying, analyzing, and responding
to cyber threats in order to prevent or mitigate their impact. Cyber detection involves various
techniques and tools, such as intrusion detection systems, network monitoring, threat
intelligence, and incident response planning. By implementing effective cyber detection
strategies, organizations can better protect their systems, data, and assets from cyber-attacks
and minimize the risk of cyber threats.

There are various types of cyber-attacks, and the methods used by cybercriminals are
continuously evolving. Here are some common types of cyber-attacks:
 1. Phishing attacks: These attacks use social engineering to trick victims into divulging
personal information or downloading malware.

2. Malware attacks: Malware refers to any software designed to harm a computer system.
Malware can take many forms, including viruses, trojans, and ransomware.

3. Denial of Service (DoS) attacks: A DoS attack floods a system with traffic or requests,
making it inaccessible to legitimate users.

4. Man-in-the-middle (MitM) attacks: MitM attacks intercept communication between two

parties, allowing attackers to eavesdrop, modify, or inject new data into the
communication.

5. SQL injection attacks: SQL injection attacks exploit vulnerabilities in web applications to
access sensitive information or execute unauthorized commands.

6. Zero-day attacks: A zero-day attack exploits a vulnerability in software before the

software developer has a chance to patch it.

There are several other types of cyber-attacks that organizations should be aware of.
1. Advanced Persistent Threats (APTs): APTs are long-term targeted attacks that are
typically carried out by sophisticated cybercriminals. These attacks often involve multiple
stages and can go undetected for long periods.

2. Social engineering attacks: Social engineering attacks use psychological manipulation to

trick people into divulging sensitive information or taking harmful actions. Examples
include pretexting, baiting, and spear-phishing.

3. Cryptojacking: Cryptojacking involves using someone's computer or mobile device to

mine cryptocurrency without their knowledge or consent. This can slow down the device
and increase energy consumption.

4. DNS spoofing: DNS spoofing involves redirecting a user to a fake website by altering the
DNS records of a legitimate site. This can be used to steal login credentials or other
sensitive information.

5. Eavesdropping attacks: Eavesdropping attacks involve intercepting and monitoring

network traffic to gain access to sensitive information such as passwords or credit card
numbers.

6. Password attacks: Password attacks involve attempting to guess or steal passwords to

gain access to a system or account. Examples include brute force attacks, dictionary
attacks, and password spraying.

7. Watering hole attacks: In a watering hole attack, attackers compromise a website that is
frequently visited by the target group and inject malware into it. When the target group
visits the website, the malware infects their devices.

8. Fileless malware attacks: Fileless malware attacks exploit vulnerabilities in software

applications and run in the memory of the targeted device, making them difficult to detect
by traditional antivirus software.
 9. Supply chain attacks: Supply chain attacks involve targeting the software supply chain by
injecting malware into legitimate software updates or components, which then infects the
devices of customers who use the software.

10. IoT attacks: Attacks on Internet of Things (IoT) devices involve exploiting the
vulnerabilities of connected devices such as smart home devices, medical devices, and
industrial control systems.

11. Physical attacks: Physical attacks on devices or infrastructure involve physically

damaging or compromising devices, servers, or network infrastructure to gain
unauthorized access or cause disruption.

12. Insider attacks: Insider attacks involve individuals with authorized access to an
organization's systems or data, intentionally or unintentionally causing harm by stealing
or leaking sensitive data, installing malware, or disrupting network operations.

It's important to remember that cyber-attacks can take many forms, and new types of attacks are
constantly emerging. It's essential for organizations to regularly review and update their
cybersecurity measures to protect against the latest threats.

In addition to cyber-attacks, there are various methods of cyber-detection that organizations can
use to identify potential threats. Some common methods include:

1. Firewalls: Firewalls are network security devices that monitor incoming and outgoing
traffic and block unauthorized access.

2. Intrusion Detection Systems (IDS): IDSs monitor network traffic for suspicious behavior
and alert security teams when they detect potential threats.

3. Anti-malware software: Anti-malware software can scan for and remove malicious
software from systems.

4. Network Behavior Analysis (NBA): NBA systems monitor network traffic patterns to
detect abnormal activity that may indicate a cyber-attack.

5. Security Information and Event Management (SIEM): SIEM systems consolidate and
analyze security-related data from across an organization's systems to identify potential
threats.

6. Endpoint Detection and Response (EDR): EDR solutions are installed on endpoints such
as laptops, servers, and mobile devices to detect and respond to cyber threats. They
collect and analyze data from the endpoint, identify suspicious behavior, and alert
security teams.

7. User and Entity Behavior Analytics (UEBA): UEBA solutions use machine learning
algorithms to analyze user behavior and detect anomalies that could indicate a cyber
attack. This includes identifying unusual login activity, data access patterns, and
abnormal network behavior.

8. Threat Intelligence: Threat intelligence involves gathering and analyzing information

 about cyber threats from a variety of sources, including threat feeds, dark web
monitoring, and social media analysis. This information can help security teams
proactively identify potential threats and respond quickly to cyber attacks.

9. Deception Technology: Deception technology involves creating fake data, systems, or

networks to deceive attackers and divert their attention away from real systems and data.
This can help security teams detect and respond to attacks more effectively.

10. Vulnerability Management: Vulnerability management involves identifying and prioritizing

vulnerabilities in an organization's systems and applications and taking steps to
remediate them before they can be exploited by cyber attackers.

11. Penetration Testing: Penetration testing involves simulating a cyber attack to identify
weaknesses in an organization's systems and infrastructure. This can help organizations
understand their security posture and prioritize security improvements.

12. Network Traffic Analysis (NTA): NTA solutions monitor and analyze network traffic to
detect and respond to cyber threats. They use machine learning algorithms to identify
anomalies in network behavior and alert security teams to potential threats.

13. Security Information and Event Management (SIEM): SIEM solutions collect and analyze
security event data from various sources, including network devices, servers, and
endpoints. They correlate this data to identify potential threats and generate alerts for
security teams.

14. Behavioral Analytics: Behavioral analytics involves analyzing patterns of behavior to

identify potential threats. This can include analyzing user behavior, network traffic, and
application usage to detect anomalies that could indicate a cyber attack.

15. Artificial Intelligence (AI): AI technologies, such as machine learning and natural
language processing, can be used to analyze large amounts of data and identify
potential threats. AI-powered solutions can detect and respond to threats more quickly
and accurately than traditional methods.

16. Incident Response (IR): Incident response involves preparing for and responding to
cyber attacks. It involves identifying the source and scope of the attack, containing the
damage, and restoring systems and data to normal operation.

17. Continuous Monitoring: Continuous monitoring involves continuously collecting and

analyzing data from various sources to identify potential threats. This can include
monitoring network traffic, user behavior, and system logs.

By implementing a combination of these cyber detection techniques, organizations can improve

their ability to detect and respond to cyber threats in a timely and effective manner.

Teaching and Learning Activities

From the listed examples about cyber-attacks and cyber-detection, can you name at
least 5 cyber-attacks, and 5 examples of cyber-detection? Write it on the given space
below:
 Cyber attacks Cyber detection
1_______________________________ 1_____________________________

2_______________________________ 2_____________________________
3_______________________________ 3_____________________________

4_______________________________ 4_____________________________
5_______________________________ 5_____________________________

Now that you have answered confidently the activity above, you are now ready to
takethe quiz. Login to your Schoology app in your computer or phone and take the quiz,
or contactme if you have problem taking the online quiz.

Recommended learning materials and resources for supplementary reading

 Cisco Networking Academy. (n.d.). Cybersecurity Essentials. Retrieved from
https://www.netacad.com/courses/cybersecurity/cybersecurity-essentials
 University of Washington. (n.d.). Introduction to Cybersecurity. Retrieved from
https://www.coursera.org/learn/introduction-cybersecurity
 Georgia Tech Professional Education. (n.d.). Applied Cybersecurity. Retrieved from
https://pe.gatech.edu/courses/applied-cybersecurity

Flexible Teaching Learning Modality (FTLM) adopted

Face to Face
 Classroom discussion
 Assessment activities
 Hands-on activities

Online (synchronous)
 Zoom Meeting as scheduled
 Messenger Application
Remote (asynchronous)
 Schoology Application. Instructions can be viewed at www.erickabuzo.com/class
 Printed Module

Assessment Task
Login to your Schoology app in your computer or phone and take the online
activity, orcontact me if you have problems in taking the online activity.
References
 National Institute of Standards and Technology. (2014). Framework for improving critical
infrastructure cybersecurity. Retrieved from https://www.nist.gov/cyberframework
 Winkler, I. (2021). Advanced persistent security: A cyberwarfare approach to
implementing adaptive enterprise protection, detection, and response. Apress.
 Grimes, R. A. (2021). Cybersecurity for Dummies. John Wiley & Sons.
 Halevi, T. (2019). Cyber intelligence: The intersection of threat and opportunity. John
Wiley & Sons.
, 