ELEC-E7470 - Cybersecurity D

Lecture, 23.4.2024-29.5.2024

Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 1

ELEC-E7470 – Cybersecurity D: Course Instructors
Responsible Teacher Course Assistant

Dr. Tanesh Kumar Juho Kaivosoja

Staff Scientist, Operating Engineer,
Department of Information and Communications Department of Information and Communications
Engineering, Aalto University Engineering, Aalto University

Email: tanesh.kumar@aalto.fi Email: juho.kaivosoja@aalto.fi

Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 2

ELEC-E7470 – Cybersecurity D: Lectures Schedule
• Lecture 1 (April 23): Basics of Cybersecurity: Tanesh Kumar & Juho Kaivosoja
• Individual Assignment # 1: Deadline: 07.05.2024
• Group Assignment # 2: Deadline: 07.05.2024

• Lecture 2 (May 7): Threats and Risks of Cybersecurity: Tanesh Kumar

• Group Assignment # 3: Deadline: 14.05.2024

• Lecture 3 (May 14): Emerging Trends in Cybersecurity: Tanesh Kumar

• Individual Assignment # 4: Deadline: 21.05.2024

• Lecture 4 (May 21): Cybersecurity in Finland: Guest Speakers & Tanesh Kumar
• Individual Assignment # 5: Deadline: 27.05.2024

• Lecture 5 (May 28): Case Studies Presentations: Tanesh Kumar & Juho Kaivosoja
Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 3
Lecture 2 – Threats and Risks of Cybersecurity
07.05.2024

Dr. Tanesh Kumar

Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 4
ELEC-E7470 – Cybersecurity D: Lecture 2 Plan
• 14:20 - 14:30: Opening
• 14:30 - 15:15: Group Presentation
• 15:15 - 15:30: Break
• 15:30 - 16:15: Lecture Session
• 16:15 - 16:30: Break
• 16:30 - 17:15: Lecture Session + Zoom Breakout Rooms
• 17:15 - 17:30: Break
• 17:30 - 18:00: Final Wrap-up

Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 5

14:30 - 15:15: Group Presentations
• In today’s session, 10 groups in total will present their work.

• One member from each group will present the work (other
members can also join in between if they want to add something)

• Each group will have 4 mins time. (3 mins presentation + 1 min

questions).

• Please ensure that the presentation finished within the allotted

time (as we have limited time and many groups).

Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 6

 Agenda

• What are Cyber Threats?

• Cyber Threats: Types
• Cyber Threats: Finland (statistic)
• Cyber Threats: Future Trends

Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 7

What are CYBER THREATS?

Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 8

Cybersecurity: Terminology: Threat, Vulnerability, Risk

Threat Vulnerability Risk

• Threats can be seen as the • Defect or weakness in a • Potential damage or loss
occurrence of the potential design/system/network/devi associated with the threat.
harmful event that can exploit a ce which is exploited by a Likehood of any
vulunerability. threat. cybersecurity event.
• Example: Hacker target a • Example: software bugs, • Example: A DDoS attack on
organization network to get misconfigurations, weak a specific website can led to
unauthorized access to certain passwords, and lack of inaccessible to legitmate
data, services or resources, security updates users, financial losses,
unauthorized disclosure of reputation damage
information
•

Source: https://www.itu.int/dms_pub/itu-t/opb/tut/T-TUT-ICTSS-2020-4-PDF-E.pdf
Source: https://informationsecurity.wustl.edu/vulnerabilities-threats-and-risks-explained/ Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 9
What are CYBER THREATS?

A cyber threat A cyber threat is “any circumstance or

event with the potential to adversely impact
organizational operations (including mission, functions,
image, or reputation), organizational assets,
individuals, other organizations, or the Nation through
an information system via unauthorized access,
destruction, disclosure, or modification of information,
and/or denial of service.

A Cyber attack is a any kind of malicious activity that

attempts to collect, disrupt, deny, degrade, or destroy
information system resources or the information itself.
designed by Freepik

Source: https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-150.pdf
Source: https://csrc.nist.gov/glossary/term/cyber_attack
Source: https://www.nicybersecuritycentre.gov.uk/cyber-threats
Source: https://www.ibm.com/blog/types-of-cyberthreats/
Lecture 2 – Threats and Risks of Cybersecurity 8.5.2024 10
Image Source: https://www.freepik.com/free-vector/hacker-activity-concept-with-man-devices_7960406.htm
Cyber Threats: Insight
• Each organization in today’s world is somehow prone to cyber threats.
• It is estimated that the financial damages due to the cyber attacks will likely
cross $10.5 trillion by 2025.
• In today’s smart, connected and digital world, everything (device, human or
things) are connected to internet.
• Massive volume of data/information is flowing through internet (Cyberspace).
• It is vital to know and identify various cyber threat actors around and their
motivations.

Sources: https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/
Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 11
Cybersecurity Threats: Threat Actors & Motivation
Cyber threat actors, (malicious actors), are individuals or groups that
intentionally pose harm to digital devices or systems.
Cyber Threat Actors Motivation

Cyber Criminals Financial Gain, Profit

Personal Gain, Discontent, Professional

Insiders
Revenge

National State Geo-Political (Economic, Political or Military

Actors Advantage)

Hacktivists Variable

Thrill seekers Satisfaction

Cyberterrorists Ideological Voilence

Sources: https://www.lupovis.io/what-are-cybersecurity-threat-actors/
Source: https://www.ibm.com/topics/threat-actor Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 12
Source: https://www.sophos.com/en-us/cybersecurity-explained/threat-actors
Source: https://www.cyber.gc.ca/sites/default/files/ncta-2022-intro-e.pdf
Types of Cyber Threats
Social
Engineering Data Threats
Malware

DDoS
MiTM

Supply Chain
IoT Threats Attacks

Zero-Day
APT Threats
Exploits

Source: https://www.ibm.com/topics/cyber-attack
Source: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023 Lecture 2 – Threats and Risks of Cybersecurity 8.5.2024 13
Image Source: https://pixabay.com/vectors/hacker-computer-programming-hacking-5471975/
Cybersecurity Threats: Global Biggest Cybers Threats
Global biggest cybersecurity threats in the following year per CISOs 2023
• According to a 2023 survey of Chief Share of respondents
Information Security Officers (CISO) 0% 5% 10% 15% 20% 25% 30% 35%

worldwide, e-mail fraud was a leading

E-mail fraud (business e-mail compromise) 33%
cybersecurity risk, with roughly 33 percent
naming it as one of the three major Insider threat (negligent, accidental, or criminal) 30%
cybersecurity threats. Cloud account compromise (Microsoft 365 or G
29%
Suite or other)
• A further share of 30 percent of the
respondents found insider threats to be a DDoS attack 29%

significant risk to their organizations' cyber Smishing/Vishing 27%

security.
Ransomware attacks 27%
• Cloud account compromise and DDoS
attacks followed closely, with 29 percent. Supply chain attacks 27%

Malware 26%

Source: https://www.statista.com/statistics/1147391/online-adults-identify-cybersecurity-terms/ Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 14

Cybersecurity Threats: Consequences of Cyber Attacks
Most important consequences of cyber attacks worldwide as of February 2023

Main consequences of cyber attacks worldwide 2023

0% 5% 10% 15% 20% 25% 30% 35%

Costs associated with notifing customers 31%

Caused a breach for third-party partners 26%

Negative impact on brand or reputation 25%

Reduction in business performance indicators 24%

Lost customers 21%

Solvency or viability of business was threatened 21%

Greater difficulty attracting new customers 20%

Fine that had significant impact on business 16%

Lost business partners 16%

Nothing has changed in past 12 months 12%

Source: https://www.statista.com/statistics/1327148/main-consequences-cyber-attacks-cybersecurity-worldwide/ Lecture 1 – Basics of Cybersecurity 7.5.2024 15

What is Malware Attack?
Malware (malicious software), is an overarching term used to describe any software or
firmware intended to perform an unauthorized process that will have an adverse impact on the
confidentiality, integrity or availability of a system.

Source: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023
Source: https://www.cisco.com/site/us/en/learn/topics/security/what-is-malware.html
Source: https://www.ibm.com/topics/malware Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 16
Source: https://www.proserveit.com/blog/what-is-a-ransomware-and-how-to-protect-your-organization
What is Malware Attack?
• A program that is written intentionally to carry out
annoying or harmful actions, which includes Trojan
horses, viruses, and worms.
• Attackers use malware for various purposes: get hold
of devices/data, gain unauthorized access, data theft,
system disruptions.
• Main goal of ransomware is to get gain benefit by
asking the victim to provide ransom amount to get
back control of their sensitive information.
• Types: Ransomware, Viruses, Trojan horses, Worms,
Spyware, Adware, Cryptojacking.
• Working: Malware follow the same basic pattern:
When malicious software/file or infected link is clicked
and installed/downloaded, the device gets infected. designed by Freepik

Source: https://www.cisco.com/site/us/en/learn/topics/security/what-is-malware.html
Source: https://www.ibm.com/topics/malware Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 17
Source: https://csrc.nist.gov/glossary/term/malware
Image Source: https://www.freepik.com/free-vector/hacker-concept-illustration_8199319.htm
 Malware Attack: Types: Ransomware
Ransomware is a type of attack where threat actors take control of a
target’s assets and demand a ransom in exchange for the return of the
asset’s availability and confidentiality.

• Three major entities in all ransomware attack:

assets, actions and blackmail.
• Ransomware targets: files, Folders, memory,
database content, screen, cloud, content
management system, master file table (MFT).
• Example: Some one receive an email with a
malicious attachment. When opened, it
encrypts files on their computer, rendering
them inaccessible. The attacker demands a
ransom payment in exchange for a decryption
key to unlock the files.
designed by Freepik
Sources: https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-ransomware-attacks Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 18
Image Source: https://www.freepik.com/free-vector/steal-data-concept_8149515.htm
Ransomware Attack: Real-life Example
WannaCry ransomware attack
• During May 2017, ‘WannaCry’ was a crypto
ransomware attack was launched which
targeted Microsoft Windows operating system
globally.
• It encrypted the data/sensitive information and
asked for ransom payments in Bitcoin
cryptocurrency.
• The impact of the attack was massive, i.e.,
more than 200,000 computers were affected
across 150 countries.
• It caused serious consequences to various
business, hospitals and other critical
infrastructure which resulted into huge
disruption and financial damage.
Source: https://www.kaspersky.com/resource-center/threats/ransomware-wannacry
Source: https://www.upguard.com/blog/wannacry Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 19
Image Source: https://www.bbc.com/news/technology-39901382
Ransomware Attack: Biggest Attacks Worldwide
Most significant ransomware attacks
worldwide as of May 2022, by impact
• As of February 2023, the WannaCry All-time biggest ransomware attacks worldwide 2022
ransomware attack launched in 2017 was
Name and release year of the attack Loss
the biggest attack by its impact.
WannaCry (2017) 4 billion USD
• During this attack, cyber actors took over TeslaCrypt (2015) Unknown

250 thousand user accounts of Microsoft NotPetya (2017) 10 billion USD

Windows. Sodinokibi (2019) 200 million

SamSam (2018) 6 million USD until 2018
• As a result of this attack, the company Ransomware attack on Colonial Pipeline (2021) 4.4 million USD
lost over four billion U.S. dollars. Ransomware attack on Kronos (2021) Unknown
Ransomware attack on Impressa (2022) 50 terabytes of data
• The latest of selected significant
Ransomware attack on Costa Rica Government (2022) 30 million USD / day
cyberattacks was the 2022 ransomware Ransomware attack on Swisspost (2022) 1.6 terabytes data
attack against Swisspost, in which 1.6
terabytes of data was stolen.

Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 20

Source: https://www.statista.com/statistics/1410605/largest-ransomware-attacks-worldwide/
Ransomware Attack : Impact
Total annual amount of money received by ransomware actors worldwide from 2017 to 2022 (in million
U.S. dollars)
Total value received by ransomware attackers worldwide 2017-2022
• In 2022, the total amount of money 900

received by ransomware actors amounted 800 765 766

to 457 million U.S. dollars, down from 766
million U.S. dollars in the year prior.

Value of payments in million U.S. dollars

700

• The total value of ransomware payments 600

worldwide depicts the impact of COVID-19 500 457

on the global ransomware landscape.
400
• Nevertheless, after reaching the peak point
of 766 million U.S. dollars in 2021, the 300

global revenue of ransomware dropped in 200 174

the following year.
100
46 43

0
2017 2018 2019 2020 2021 2022

Source: https://www.statista.com/statistics/1410498/ransomware-revenue-annual/ Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 21

Ransomware Attack : Impact
Industry sectors most targeted by ransomware attacks in the United States in 2023
U.S. industries most targeted by ransomware 2023

• In 2023, the U.S. Internet Crime Complaint 300

Center (IC3) received approximately 250 250

249
218
complaints indicating ransomware attacks

Number of complaints
200
in healthcare organizations. 156
137
• The second most victimized industry sector 150
122

was critical manufacturing. Government 100 87

75
facilities ranked third, with 156 complaints. 44
50 32 30 24
• Financial services organizations filed 122 9 8 2
complaints during the examined year. 0

Source: https://www.statista.com/statistics/1323599/us-most-targeted-industries-by-ransomware-attacks/ Lecture 2 – Threats and Risks of Cybersecurity 22

Malware Attack: Prevention/Mitigation
• Update your frontline defenses
• Make regular backups
• Avoid malware
• Educate/Training employees
• Prevent malware from being delivered and spreading to devices
• Prevent malware from running on devices
• Use Network and Endpoint Security Tools
• Use security analytics
• Deploy a zero-trust security framework

Source: https://www.fortinet.com/br/resources/cyberglossary/malware
Sources: https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 23
Source: https://www.cisco.com/c/en/us/products/security/malware-protection-best-practices-detection-prevention.html#~best-practices
What is Social Engineering Attack?
• Social engineering encompasses a broad range of
activities that attempt to exploit human error or
human behavior with the objective of gaining access
to information or services.
• These attacks leverage human psychology and trust
instead of only depending on technical weaknesses.
• These attacks are performed through various means,
including email, phone calls, and text messages.
• Types: Phishing, Baiting, Tailgating/Piggybacking,
Honeytrap, Pretexting, Scareware, Physical social
engineering
• Working: Attackers gather all necessary information
about the victim, gain the trust and then trick the designed by Freepik

victim.
Sources: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023
Source: https://www.ibm.com/topics/phishing Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 24
Source: https://www.imperva.com/learn/application-security/social-engineering-attack/
Image Source: https://www.freepik.com/free-vector/internet-thief-stealing-ideas-from-man_7077734.htm
Social Engineering Attacks: Phishing Attack
According to CISCO, ‘Phishing is the practice of sending fraudulent communications that
appear to come from a legitimate and reputable source, usually through email and text
messaging’.
Attacker Victim/Target

1. Phishing Email/link to Target

3. Attacker collects
4. Attacker uses target’s credentials information
credentials to access
sensitive information
2. Victim clicks on link and go to
phishing website

Original Phishing
Website Website
Source: https://www.cisco.com/c/en/us/products/security/email-security/what-is-phishing.html
Source: https://www.ibm.com/topics/phishing
Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 25
Source: https://arcticwolf.com/resources/blog/16-social-engineering-attack-types/
Source: https://www.simplilearn.com/tutorials/cryptography-tutorial/what-is-phishing-attack
Social Engineering Attacks: Phishing Attack
• Usually, the malicious entity sent emails, text messages or website links (which looks
legitimate) and ask users to click the link (infected link or attachment).
• Goal is to steal money, get login credentials, access to personal data, credit card info.
• Types: Email Phishing, Spear Phishing, Business email compromise (BEC), Whaling
Attacks, Voice phishing (Vishing), SMS phishing (SMiShing), Angler/Social media
phishing
• Example: A phishing email related to a bank sent to the customers asking them to click
on a link and update their account information, leading them to a fake website designed
to steal their login credentials.

Source: https://www.cisco.com/c/en/us/products/security/email-security/what-is-phishing.html
Source: https://www.ibm.com/topics/phishing
Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 26
Source: https://arcticwolf.com/resources/blog/16-social-engineering-attack-types/
Phishing Attack: Real-Life Example
Google and Facebook phishing attack

• During 2013-2015, Facebook and Google losses of $100 million due to a

phishing attack.
• The phisher took benefit by knowing that both companies uses a common
vendor ‘Quanta’, a Taiwan-based hard manufacturer.
• Many fake invoices were sent by attackers to both Facebook and Google
which are paid by them assuming that they are coming from.
• The scam was later determined, and both the companies took legal actions.
• Facebook and Google were able to recover $49.7 million (out the total $100
million).

Source: https://www.bbc.com/news/technology-39744007
Sources: https://www.bluevoyant.com/knowledge-center/8-devastating-phishing-attack-examples-and-prevention-tips
Source: https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-phishing/the-top-5-phishing-scams-of-all-times/ Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 27
Phishing Attack: Impact
Online industries worldwide most targeted by phishing attacks as of 2nd quarter 2023
Phishing most targeted industry sectors worldwide Q2 2023
25% 23,5%
22,3%
• During the second quarter of 2023, over 23
percent of phishing attacks worldwide 20%

targeted financial institutions. 16,3%

Percentage of attacks
15%
• Social media followed, with around 22.3
percent of registered phishing attacks.
10% 9,2%
• Furthermore, web-based software services 6,6% 6,3% 6,1% 5,8%
and webmail accounted for 22.3 percent of
5%
attacks. 2,2% 1,7%

0%

Source: https://www.statista.com/statistics/266161/websites-most-affected-by-phishing/ Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 28

Social Engineering Attacks: Prevention/Mitigation
• Don’t open emails and attachments from suspicious sources
• Be aware of tempting offers
• Security awareness training
• Use Multi-Factor Authentication (MFA)
• Strong password management strategies
• Email filtering and anti-Phishing tools
• Access control mechanisms

Source: https://www.ibm.com/topics/social-engineering
Source: https://www.ibm.com/topics/phishing Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 29
Source: https://www.cmu.edu/iso/aware/dont-take-the-bait/social-engineering.html
What is Distributed Denial-of-Service (DDoS) Attack?
Denial-of-service attacks (DoS) are defined for this report as availability attacks in which
attackers, partially or totally, obstruct the legitimate use of a target's service by depleting or
exploiting the target's assets over a period of time.
• DoS attacks can be distributed (DDoS), usually relying on large-scale botnets or proxies.
Bots or Infected Hosts

Victim/Target
Attacker

Distributed Denial of Service (DDoS)

Sources: https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-dos-attacks
Source: https://www.radware.com/cyberpedia/ddospedia/ddos-meaning-what-is-ddos-attack/ Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 30
DDoS Attack
.
• These attacks traditionally require a low set of skills and tools, while preserving the
anonymity of attackers and have a very noticeable and mediatic impact.
• DoS monitoring systems or computers can be part of the target of the DoS, stopping the
monitoring of traffic and making it very hard to see the DoS attack.
• Four core motivations were identified: financial, political or activist, social and
strategic.
• Types: Volumetric attacks (measured in bits per second), Protocol attack (measured
in packets per second), Application attack (measured in requests per second)
• Example: An attacker floods the inbox of victim with a huge amount of spam emails.
Another example is where a malicious entity floods a web server with excessive requests,
overwhelming its capacity to provide services to the valid users.

Sources: https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-dos-attacks
Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 31
DDoS Attacks: Real-Life Example
• In February 2018, GitHub, one of the world's largest code hosting platforms, was
targeted by one of the largest DDoS attack of the history during that time.
• The attack originated from over a thousand different autonomous systems
(ASNs) across tens of thousands of unique endpoints.
• It was an amplification attack using the memcached-based approach described
above that peaked at 1.35Tbps via 126.9 million packets per second.

Sources: https://github.blog/2018-03-01-ddos-incident-report/
Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 32
DDoS Attacks: Prevention/Mitigation
• Traffic filtering
• Use of content delivery networks (CDN)
• Cloud service providers’ DoS protections
• On-premises solutions
• Regular monitoring and updating
• Incident response plan

Sources: https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-dos-attacks
Sources: https://www.hostwinds.com/blog/ddos-attacks-risks-prevention-mitigation Lecture 2 – Threats and Risks of Cybersecurity 8.5.2024 33
What is Man-in-the-Middle (MiTM) Attack?
In a man-in-the-middle (MiTM) attack, an adversary positions himself in between the user and
the system so that he can intercept and alter data traveling between them.

Web-Browser/
User
Application

Original Connection

New Connection New Connection

Attacker
Man-in-the-Middle (MiTM)
Sources: https://csrc.nist.gov/glossary/term/man_in_the_middle_attack
Lecture 2 – Threats and Risks of Cybersecurity 8.5.2024 34
MiTM Attacks
.
• An attack in which an attacker is able to read, insert and modify at will messages between
two parties without either party knowing that the link between them has been
compromised.
• Since MitM attacks are relatively easy to execute, they are widespread, and the impact is
quite extensive.
• The key goal of attackers is to gain unauthorized access to sensitive information, such as
login credentials, personal or financial data.
• Types: Session hijacking, DNS spoofing, Wi-Fi eavesdropping, Email Hijacking,
HTTPS Spoofing.
• Example: when using public Wi-Fi, an attacker can intercept data packets, steal login
credentials, or redirect users to fake websites to exploit vulnerabilities.

Sources: https://www.strongdm.com/blog/man-in-the-middle-attack
Sources: https://www.byos.io/blog/how-to-prevent-man-in-the-middle-attack Lecture 2 – Threats and Risks of Cybersecurity 8.5.2024 35

Source: https://www.itu.int/dms_pub/itu-t/opb/tut/T-TUT-ICTSS-2020-4-PDF-E.pdf
Man-in-the-Middle (MiTM) Attack: Real-Life Example
• In 2015, Lenovo SuperFish incident happened where pre-installed adware ‘SuperFish’on
their laptops.
• SuperFish utilizes "man-in-the-middle" (MiTM) related approaches to inject various
advertisements into web browsers, even on encrypted HTTPS websites.
• They key problem was that SuperFish's used a self-signed/single root CA certificate that
can be easily exploited by the attacker.
• With this vulnerability, attackers can intercept encrypted communications and fetch the
critical data.
• Solution: Uninstall SuperFish Visual Discovery and associated root CA certificate

Source: https://support.lenovo.com/fi/fi/product_security/ps500035-superfish-vulnerability
Sources: https://www.cisa.gov/news-events/alerts/2015/02/20/lenovo-superfish-adware-vulnerable-https-spoofing Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 36
Man-in-the-Middle (MiTM) Attack: Prevention/Mitigation
• Use of VPN and Encryption
• Secure Connections
• Avoiding public Wi-Fi hotspots
• Network Security
• Awareness and Training
• Regular monitoring and updating the network

Sources: https://www.byos.io/blog/how-to-prevent-man-in-the-middle-attack
Source: https://www.strongdm.com/blog/man-in-the-middle-attack-prevention Lecture 2 – Threats and Risks of Cybersecurity 8.5.2024 37
Source: https://www.forbes.com/sites/forbestechcouncil/2024/03/07/19-keys-to-detecting-and-preventing-man-in-the-middle-attacks/?sh=721a507635f8
Assignment # 3: Group Assignment

Draft a cyber attack scenario targeting a fictional organization/company and

perform the following the following tasks.
• Description of attack scenario
• Type of attack(s) (e.g., ransomware, phishing, DDoS)
• Potential impact (e.g., financial, reputation, operational, legal)
• Actions required mitigate the threat and minimize disruption

Write a report of 2-3 pages and a slide show of three slides that you prepare to
present on the next lecture.
Hand in two files: the report as a PDF and the presentation (PDF, PPT). Each
group needs to upload both files only once by May 14th, 2024.
Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 38
Cybersecurity Threats: Finland (statistic)

Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 39

Cybersecurity Threats: Information security violations in Finland

• In 2020, roughly 12000 6 000

Number of violations and threats

4 912
information security violations and 5 000
3 771
threat notifications were 4 000

processed by the National Cyber 3 000

Security Centre in Finland. 2 000

980 1 062
805
1 000
153 83 124 116 32
0
• Majority of notifications processed
by the national authorities during
2020 concerned online scams
(4,912) and phishing (3,771).
Description: In 2020, roughly 12 thousand information security violations and threat notifications were processed by the National Cyber Security Centre in Finland. This was a major increase
of over 100 percent from the previous year, when roughly 4.5 thousand cases were handled. The majority of notifications processed by the national authorities during 2020 concerned online
scams (4,912) and phishing (3,771). Other common types of information security violations and threats included spam, malware, [...] Read more
Note(s): Finland; 2020; Notifications received and processed by the National Cyber Security Centre
Source(s): Telia Company

Source: https://www.statista.com/statistics/1224712/number-of-reported-information-security-violations-and-threats-finland/ Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 40

Cybersecurity Threats: Malware observations in Finland

• Over the period from 2019 to 2023, the 90 000

81 202
number of malware observations in 80 000 74 405
Finland fluctuated strongly. 70 000
69 644
64 350
67 789
63 557
63 143
59 853

Number of incidents
60 000 53 693 55 335

50 000 46 775
42 666
• Number of detected malware and 40 000
39 106
32 107 33 443
32 066
malicious traffic peaked at roughly 81 30 000
thousands incidents during the third 20 000 16 752
quarter of 2021. 10 000

0
Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3
• The lowest number of 16,752 incidents 2019 2019 2020 2020 2020 2020 2021 2021 2021 2021 2022 2022 2022 2022 2023 2023 2023

was reported in the 3rd quarter of 2019. Description: Over the period from 2019 to 2023, the number of malware observations in Finland fluctuated strongly. The number of detected malware and malicious traffic peaked at roughly
81 thousands incidents during the third quarter of 2021. The lowest number of 16,752 incidents was reported in the 3rd quarter of 2019. Read more
Note(s): Finland; Q3 2019 to Q3 2023; Detected malware and malicious traffic
Source(s): Traficom

Source: https://www.statista.com/statistics/733010/number-of-malware-incidents-per-quarter-in-finland/
Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 41
 Cybersecurity Threats: Personal data breaches in
Finland

• In 2022, 518 personal data 600

539
518
breaches were reported by 500 481

telecommunication operators in

Number of data breaches

395
Finland. 400

300 278

• The number of these types of data 200

breaches increased dramatically 93

100
in recent years, peaking at 539 12 9 11 6
incidents in 2021. 0
2013 2014 2015 2016 2017 2018 2019 2020 2021 2022
Description: In 2022, 518 personal data breaches were reported by telecommunication operators in Finland. The number of these types of data breaches increased dramatically in recent years, peaking at
539 incidents in 2021. However, according to the source, this development may be explained through better awareness and reporting practices of Finnish telecommunication operators. Read more
Note(s): Finland; 2013 to 2022; Incl. incidents reported to Traficom by telecommunications operators
Source(s): Traficom

Source: https://www.statista.com/statistics/1204061/number-of-personal-data-breaches-reported-in-finland/ Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 42

Cybersecurity Threats: DDoS Attack in Finland
Number of DoS attacks in Finland 2017-2020, by bandwidth Number of DoS attacks in Finland 2017-2020, by length
0.1-1 Gbps 1-10 Gbps 10-100 Gbps More than 100 Gbps 1-15 minutes 16-30 minutes 31-60 minutes 61-120 minutes over 120 minutes
4 000 4 500

3 500 4 000

3 000 3 500
Number of DoS attacks

Number of DoS attacks

2 500 3 000

2 500
2 000
2 000
1 500
1 500
1 000
1 000
500
500
0
0
2017 2018 2019 2020
2017 2018 2019 2020

• Between 2017 and 2020, the majority of DoS • In 2020, there were over three thousand DoS
attacks were under one Gbps, followed by attacks that lasted up to 15 minutes.
attacks with one to 10 Gbps.
Lecture 2 – Threats and Risks of Cybersecurity 43
Source: https://www.statista.com/statistics/1224637/volume-of-dos-attacks-by-bandwidth-finland//
Source: https://www.statista.com/statistics/1224617/number-of-dos-attacks-by-length-finland/
Cybersecurity Threats: Consequences for companies
in Finland
Which of the following are the most severe consequences of cyber attacks?
Consequences of cyber attacks for companies in Finland 2019
Share of companies

• Almost half of the Finnish companies 0% 10% 20% 30% 40% 50%
considered violation of privacy (either staff Violation of privacy (staff or customer
47%
or customer information) as the most information)

severe consequence of cyber attacks in the Loss of income (direct or indirect) 42%
2019 survey.
Loss of intangible assets 31%
• Another 42 percent of companies stated
loss of income as one of the most severe Negative publicity 24%

consequences, followed by loss of

Threat to national security 19%
intangible assets (31 percent) and negative
publicity (24 percent). Loss of competitive advantage 10%

Loss of market share 8%

I do not know 6%

Source: /www.statista.com/statistics/1224995/consequences-of-a-cyber-attacks-for-companies-in-finland/ Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 44

 Cybersecurity Threats: Risk awareness in Finland
How well informed do you feel about the risks of cybercrime?
Levels of awareness of risks of cybercrime in Finland 2019
• More than half of the interviewed Share of respondents

Finns in 2019, reaching 51 0% 10% 20% 30% 40% 50% 60%

percent, stated that they felt fairly

well informed about the risks of Very well informed 17%

cybercrime.
Fairly well informed 51%

• 17 percent felt very well informed,

Not very well informed
and five percent felt not informed 26%

at all on that topic for the

evaluated period.. Not at all informed 5%

Don't know 1%

Source: https://www.statista.com/statistics/1036870/levels-of-awareness-of-risks-of-cybercrime-in-finland/ Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 45

Cybersecurity Threats: Future Trends

Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 46

Cybersecurity Threats: Future Trends
• Supply chain compromise of software
dependencies
• Advanced disinformation campaigns
• Rise of digital surveillance
authoritarianism/loss of privacy
• Human error and exploited legacy systems
within cyber-physical ecosystems
• Targeted attacks enhanced by smart
device data
• Lack of analysis and control of space-
based infrastructure and objects
• Rise of advanced hybrid threats
• Skills shortage
• Cross-border ICT service providers as a
single point of failure
• Artificial intelligence abuse

Source: https://www.enisa.europa.eu/news/cybersecurity-threats-fast-forward-2030 Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 47

Kiitos
aalto.fi

Lecture 2 – Threats and Risks of Cybersecurity 7.5.2024 48