Professional Documents
Culture Documents
Lecture 2 Slides
Lecture 2 Slides
Lecture, 23.4.2024-29.5.2024
• Lecture 4 (May 21): Cybersecurity in Finland: Guest Speakers & Tanesh Kumar
• Individual Assignment # 5: Deadline: 27.05.2024
• Lecture 5 (May 28): Case Studies Presentations: Tanesh Kumar & Juho Kaivosoja
Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 3
Lecture 2 – Threats and Risks of Cybersecurity
07.05.2024
• One member from each group will present the work (other
members can also join in between if they want to add something)
Source: https://www.itu.int/dms_pub/itu-t/opb/tut/T-TUT-ICTSS-2020-4-PDF-E.pdf
Source: https://informationsecurity.wustl.edu/vulnerabilities-threats-and-risks-explained/ Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 9
What are CYBER THREATS?
Source: https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-150.pdf
Source: https://csrc.nist.gov/glossary/term/cyber_attack
Source: https://www.nicybersecuritycentre.gov.uk/cyber-threats
Source: https://www.ibm.com/blog/types-of-cyberthreats/
Lecture 2 – Threats and Risks of Cybersecurity 8.5.2024 10
Image Source: https://www.freepik.com/free-vector/hacker-activity-concept-with-man-devices_7960406.htm
Cyber Threats: Insight
• Each organization in today’s world is somehow prone to cyber threats.
• It is estimated that the financial damages due to the cyber attacks will likely
cross $10.5 trillion by 2025.
• In today’s smart, connected and digital world, everything (device, human or
things) are connected to internet.
• Massive volume of data/information is flowing through internet (Cyberspace).
• It is vital to know and identify various cyber threat actors around and their
motivations.
Sources: https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/
Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 11
Cybersecurity Threats: Threat Actors & Motivation
Cyber threat actors, (malicious actors), are individuals or groups that
intentionally pose harm to digital devices or systems.
Cyber Threat Actors Motivation
Hacktivists Variable
Sources: https://www.lupovis.io/what-are-cybersecurity-threat-actors/
Source: https://www.ibm.com/topics/threat-actor Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 12
Source: https://www.sophos.com/en-us/cybersecurity-explained/threat-actors
Source: https://www.cyber.gc.ca/sites/default/files/ncta-2022-intro-e.pdf
Types of Cyber Threats
Social
Engineering Data Threats
Malware
DDoS
MiTM
Supply Chain
IoT Threats Attacks
Zero-Day
APT Threats
Exploits
Source: https://www.ibm.com/topics/cyber-attack
Source: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023 Lecture 2 – Threats and Risks of Cybersecurity 8.5.2024 13
Image Source: https://pixabay.com/vectors/hacker-computer-programming-hacking-5471975/
Cybersecurity Threats: Global Biggest Cybers Threats
Global biggest cybersecurity threats in the following year per CISOs 2023
• According to a 2023 survey of Chief Share of respondents
Information Security Officers (CISO) 0% 5% 10% 15% 20% 25% 30% 35%
Malware 26%
Source: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023
Source: https://www.cisco.com/site/us/en/learn/topics/security/what-is-malware.html
Source: https://www.ibm.com/topics/malware Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 16
Source: https://www.proserveit.com/blog/what-is-a-ransomware-and-how-to-protect-your-organization
What is Malware Attack?
• A program that is written intentionally to carry out
annoying or harmful actions, which includes Trojan
horses, viruses, and worms.
• Attackers use malware for various purposes: get hold
of devices/data, gain unauthorized access, data theft,
system disruptions.
• Main goal of ransomware is to get gain benefit by
asking the victim to provide ransom amount to get
back control of their sensitive information.
• Types: Ransomware, Viruses, Trojan horses, Worms,
Spyware, Adware, Cryptojacking.
• Working: Malware follow the same basic pattern:
When malicious software/file or infected link is clicked
and installed/downloaded, the device gets infected. designed by Freepik
Source: https://www.cisco.com/site/us/en/learn/topics/security/what-is-malware.html
Source: https://www.ibm.com/topics/malware Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 17
Source: https://csrc.nist.gov/glossary/term/malware
Image Source: https://www.freepik.com/free-vector/hacker-concept-illustration_8199319.htm
Malware Attack: Types: Ransomware
Ransomware is a type of attack where threat actors take control of a
target’s assets and demand a ransom in exchange for the return of the
asset’s availability and confidentiality.
0
2017 2018 2019 2020 2021 2022
Number of complaints
200
in healthcare organizations. 156
137
• The second most victimized industry sector 150
122
Source: https://www.fortinet.com/br/resources/cyberglossary/malware
Sources: https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 23
Source: https://www.cisco.com/c/en/us/products/security/malware-protection-best-practices-detection-prevention.html#~best-practices
What is Social Engineering Attack?
• Social engineering encompasses a broad range of
activities that attempt to exploit human error or
human behavior with the objective of gaining access
to information or services.
• These attacks leverage human psychology and trust
instead of only depending on technical weaknesses.
• These attacks are performed through various means,
including email, phone calls, and text messages.
• Types: Phishing, Baiting, Tailgating/Piggybacking,
Honeytrap, Pretexting, Scareware, Physical social
engineering
• Working: Attackers gather all necessary information
about the victim, gain the trust and then trick the designed by Freepik
victim.
Sources: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023
Source: https://www.ibm.com/topics/phishing Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 24
Source: https://www.imperva.com/learn/application-security/social-engineering-attack/
Image Source: https://www.freepik.com/free-vector/internet-thief-stealing-ideas-from-man_7077734.htm
Social Engineering Attacks: Phishing Attack
According to CISCO, ‘Phishing is the practice of sending fraudulent communications that
appear to come from a legitimate and reputable source, usually through email and text
messaging’.
Attacker Victim/Target
3. Attacker collects
4. Attacker uses target’s credentials information
credentials to access
sensitive information
2. Victim clicks on link and go to
phishing website
Original Phishing
Website Website
Source: https://www.cisco.com/c/en/us/products/security/email-security/what-is-phishing.html
Source: https://www.ibm.com/topics/phishing
Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 25
Source: https://arcticwolf.com/resources/blog/16-social-engineering-attack-types/
Source: https://www.simplilearn.com/tutorials/cryptography-tutorial/what-is-phishing-attack
Social Engineering Attacks: Phishing Attack
• Usually, the malicious entity sent emails, text messages or website links (which looks
legitimate) and ask users to click the link (infected link or attachment).
• Goal is to steal money, get login credentials, access to personal data, credit card info.
• Types: Email Phishing, Spear Phishing, Business email compromise (BEC), Whaling
Attacks, Voice phishing (Vishing), SMS phishing (SMiShing), Angler/Social media
phishing
• Example: A phishing email related to a bank sent to the customers asking them to click
on a link and update their account information, leading them to a fake website designed
to steal their login credentials.
Source: https://www.cisco.com/c/en/us/products/security/email-security/what-is-phishing.html
Source: https://www.ibm.com/topics/phishing
Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 26
Source: https://arcticwolf.com/resources/blog/16-social-engineering-attack-types/
Phishing Attack: Real-Life Example
Google and Facebook phishing attack
Source: https://www.bbc.com/news/technology-39744007
Sources: https://www.bluevoyant.com/knowledge-center/8-devastating-phishing-attack-examples-and-prevention-tips
Source: https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-phishing/the-top-5-phishing-scams-of-all-times/ Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 27
Phishing Attack: Impact
Online industries worldwide most targeted by phishing attacks as of 2nd quarter 2023
Phishing most targeted industry sectors worldwide Q2 2023
25% 23,5%
22,3%
• During the second quarter of 2023, over 23
percent of phishing attacks worldwide 20%
Percentage of attacks
15%
• Social media followed, with around 22.3
percent of registered phishing attacks.
10% 9,2%
• Furthermore, web-based software services 6,6% 6,3% 6,1% 5,8%
and webmail accounted for 22.3 percent of
5%
attacks. 2,2% 1,7%
0%
Source: https://www.ibm.com/topics/social-engineering
Source: https://www.ibm.com/topics/phishing Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 29
Source: https://www.cmu.edu/iso/aware/dont-take-the-bait/social-engineering.html
What is Distributed Denial-of-Service (DDoS) Attack?
Denial-of-service attacks (DoS) are defined for this report as availability attacks in which
attackers, partially or totally, obstruct the legitimate use of a target's service by depleting or
exploiting the target's assets over a period of time.
• DoS attacks can be distributed (DDoS), usually relying on large-scale botnets or proxies.
Bots or Infected Hosts
Victim/Target
Attacker
Sources: https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-dos-attacks
Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 31
DDoS Attacks: Real-Life Example
• In February 2018, GitHub, one of the world's largest code hosting platforms, was
targeted by one of the largest DDoS attack of the history during that time.
• The attack originated from over a thousand different autonomous systems
(ASNs) across tens of thousands of unique endpoints.
• It was an amplification attack using the memcached-based approach described
above that peaked at 1.35Tbps via 126.9 million packets per second.
Sources: https://github.blog/2018-03-01-ddos-incident-report/
Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 32
DDoS Attacks: Prevention/Mitigation
• Traffic filtering
• Use of content delivery networks (CDN)
• Cloud service providers’ DoS protections
• On-premises solutions
• Regular monitoring and updating
• Incident response plan
Sources: https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-dos-attacks
Sources: https://www.hostwinds.com/blog/ddos-attacks-risks-prevention-mitigation Lecture 2 – Threats and Risks of Cybersecurity 8.5.2024 33
What is Man-in-the-Middle (MiTM) Attack?
In a man-in-the-middle (MiTM) attack, an adversary positions himself in between the user and
the system so that he can intercept and alter data traveling between them.
Web-Browser/
User
Application
Original Connection
Attacker
Man-in-the-Middle (MiTM)
Sources: https://csrc.nist.gov/glossary/term/man_in_the_middle_attack
Lecture 2 – Threats and Risks of Cybersecurity 8.5.2024 34
MiTM Attacks
.
• An attack in which an attacker is able to read, insert and modify at will messages between
two parties without either party knowing that the link between them has been
compromised.
• Since MitM attacks are relatively easy to execute, they are widespread, and the impact is
quite extensive.
• The key goal of attackers is to gain unauthorized access to sensitive information, such as
login credentials, personal or financial data.
• Types: Session hijacking, DNS spoofing, Wi-Fi eavesdropping, Email Hijacking,
HTTPS Spoofing.
• Example: when using public Wi-Fi, an attacker can intercept data packets, steal login
credentials, or redirect users to fake websites to exploit vulnerabilities.
Sources: https://www.strongdm.com/blog/man-in-the-middle-attack
Sources: https://www.byos.io/blog/how-to-prevent-man-in-the-middle-attack Lecture 2 – Threats and Risks of Cybersecurity 8.5.2024 35
Source: https://www.itu.int/dms_pub/itu-t/opb/tut/T-TUT-ICTSS-2020-4-PDF-E.pdf
Man-in-the-Middle (MiTM) Attack: Real-Life Example
• In 2015, Lenovo SuperFish incident happened where pre-installed adware ‘SuperFish’on
their laptops.
• SuperFish utilizes "man-in-the-middle" (MiTM) related approaches to inject various
advertisements into web browsers, even on encrypted HTTPS websites.
• They key problem was that SuperFish's used a self-signed/single root CA certificate that
can be easily exploited by the attacker.
• With this vulnerability, attackers can intercept encrypted communications and fetch the
critical data.
• Solution: Uninstall SuperFish Visual Discovery and associated root CA certificate
Source: https://support.lenovo.com/fi/fi/product_security/ps500035-superfish-vulnerability
Sources: https://www.cisa.gov/news-events/alerts/2015/02/20/lenovo-superfish-adware-vulnerable-https-spoofing Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 36
Man-in-the-Middle (MiTM) Attack: Prevention/Mitigation
• Use of VPN and Encryption
• Secure Connections
• Avoiding public Wi-Fi hotspots
• Network Security
• Awareness and Training
• Regular monitoring and updating the network
Sources: https://www.byos.io/blog/how-to-prevent-man-in-the-middle-attack
Source: https://www.strongdm.com/blog/man-in-the-middle-attack-prevention Lecture 2 – Threats and Risks of Cybersecurity 8.5.2024 37
Source: https://www.forbes.com/sites/forbestechcouncil/2024/03/07/19-keys-to-detecting-and-preventing-man-in-the-middle-attacks/?sh=721a507635f8
Assignment # 3: Group Assignment
Write a report of 2-3 pages and a slide show of three slides that you prepare to
present on the next lecture.
Hand in two files: the report as a PDF and the presentation (PDF, PPT). Each
group needs to upload both files only once by May 14th, 2024.
Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 38
Cybersecurity Threats: Finland (statistic)
Number of incidents
60 000 53 693 55 335
50 000 46 775
42 666
• Number of detected malware and 40 000
39 106
32 107 33 443
32 066
malicious traffic peaked at roughly 81 30 000
thousands incidents during the third 20 000 16 752
quarter of 2021. 10 000
0
Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3
• The lowest number of 16,752 incidents 2019 2019 2020 2020 2020 2020 2021 2021 2021 2021 2022 2022 2022 2022 2023 2023 2023
was reported in the 3rd quarter of 2019. Description: Over the period from 2019 to 2023, the number of malware observations in Finland fluctuated strongly. The number of detected malware and malicious traffic peaked at roughly
81 thousands incidents during the third quarter of 2021. The lowest number of 16,752 incidents was reported in the 3rd quarter of 2019. Read more
Note(s): Finland; Q3 2019 to Q3 2023; Detected malware and malicious traffic
Source(s): Traficom
Source: https://www.statista.com/statistics/733010/number-of-malware-incidents-per-quarter-in-finland/
Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 41
Cybersecurity Threats: Personal data breaches in
Finland
telecommunication operators in
300 278
3 500 4 000
3 000 3 500
Number of DoS attacks
2 500
2 000
2 000
1 500
1 500
1 000
1 000
500
500
0
0
2017 2018 2019 2020
2017 2018 2019 2020
• Between 2017 and 2020, the majority of DoS • In 2020, there were over three thousand DoS
attacks were under one Gbps, followed by attacks that lasted up to 15 minutes.
attacks with one to 10 Gbps.
Lecture 2 – Threats and Risks of Cybersecurity 43
Source: https://www.statista.com/statistics/1224637/volume-of-dos-attacks-by-bandwidth-finland//
Source: https://www.statista.com/statistics/1224617/number-of-dos-attacks-by-length-finland/
Cybersecurity Threats: Consequences for companies
in Finland
Which of the following are the most severe consequences of cyber attacks?
Consequences of cyber attacks for companies in Finland 2019
Share of companies
• Almost half of the Finnish companies 0% 10% 20% 30% 40% 50%
considered violation of privacy (either staff Violation of privacy (staff or customer
47%
or customer information) as the most information)
severe consequence of cyber attacks in the Loss of income (direct or indirect) 42%
2019 survey.
Loss of intangible assets 31%
• Another 42 percent of companies stated
loss of income as one of the most severe Negative publicity 24%
I do not know 6%
cybercrime.
Fairly well informed 51%
Don't know 1%