IT Security Incidents

LESSON 7
IT Security Incidents

INTRODUCTION
“At the end of the day, the goals are simple:
safety and security.” -Jodi Rell

Businesses face many risks related to technology,

including the risk of a cyberbreach resulting in the loss of
protected health information (PHI), personally identifiable
information (PII) or payment card information. The threats
are real, and the potential losses can be steep.
Figure 1 Cybersecurity
Organizations may also incur losses through phishing,
Source: http://www.rmmagazine.com/2018/01/25/mitigating-cyberrisk-in-2018/
ransomware, or a denial of service attack. This lesson
identifies the most common computer-related security incidents and provides numerous reasons
why such incidents are increasing. Including the use of cloud computing, virtualization business
policies. It describes some of the more common hacker attacks.

In addition to providing a useful classification of computer crimes and their perpetrators, this
lesson outlines both how to implement trustworthy computing to manage security vulnerabilities
and how to respond to specific security incidents to quickly resolve problems and improve ongoing
security measures. A process for performing an assessment of an organization’s computers and
network from both internal and external threats is presented. It discusses the need for a corporate
security policy and offers both a process for establishing a security policy and several security-
related policy templates that can help an organization to quickly develop effective security policies.

In this module you will learn all about the following:

✓ Computer-Related Security Incidents
✓ Types of Exploits
✓ Types of Perpetrators

OBJECTIVES
At the end of the module, you should be able to:

identify reasons of being cyber-attacked;

describe the most common types of computer security attacks;
outline the actions that must be taken in response to a security incident;
appreciate the importance of cyber security.

UNLOCKING OF DIFFICULTIES

1. ransomware an attack that encrypts valuable information to extort funds from the
victim in exchange for the data’s release
2. phishing malicious email disguised as coming from a colleague, customer or
financial institution to gain access to assets
3. DOS Denial-of-service attack; an attack that cripples an organization’s online
operations, preventing it from doing business

4. perpetrators someone who has committed a crime — suspect until it has been
proven that he or she carried out the offense.

LIVING IN THE IT ERA

 IT Security Incidents

PRE-ASSESSMENT

Find the correct answer! (Individual Work)

Direction: Read and analyze each statement and identify what is asked or described in each item.
Encircle the letter of the correct answer.

1. What is a piece of programming code usually disguised as something else that causes a
computer to behave in an unexpected and usually undesirable manner?
A. Virus C. Trojan Horse
B. Worms D. Rootkit

2. This attack is a set of programs that enables its user to gain administrator-level access to
a computer without the end user’s consent or knowledge.
A. Virus C. Trojan Horse
B. Worms D. Rootkit

3. What type of computer attack appears to be harmless but is in fact malicious?

A. DOS C. Trojan Horse
B. Worms D. Rootkit

4. It is a type of Trojan horse that executes when a specific condition occurs.

A. Logic Virus C. Logic bomb
B. Logic Worms D. Rootkit

5. It is also known as “Junk Email” which causes the abuse of email systems to send
unsolicited email to large numbers of people.
A. SPAM C. Love bug
B. Logic Bomb D. Virus

6. This country rank with the lowest rate of infected computers.

A. Germany C. Sudan
B. China D. Japan

7. What is a program used to verify that a human, rather than a computer?

A. CAPTCHA C. CATCHA
B. CAPHA D. CAPTHA

8. What is the most common computer-related security incident?

A. Virus C. Malware infection
B. Worms D. Rootkit

9. It is a computer program which replicates itself and is self-propagating.

A. Virus C. Malware infection
B. Worms D. Rootkit

10. It is one in which a malicious hacker takes over computers on the internet.
A. Virus C. DOS attack
B. Worms D. Malware infection

LIVING IN THE IT ERA

 IT Security Incidents

LEARNING TASKS

Task 1: You got this! (Individual)

Directions: List down seven (7) computer problems you have encountered in school, offices and even
at home.

LIVING IN THE IT ERA

 IT Security Incidents

MAIN CONTENT
Things to Ponder! Read and Understand. (Individual)

Directions: Read, understand, and analyze the text below and accomplish the following activities.
I T S E C U R I T Y I N C I D E N T S: A M A J O R CONCERN

The security of information technology used in business is of utmost importance.

Confidential business data and private customer and employee information must be
safeguarded, and systems must be protected against malicious acts of theft or disruption.
Although the necessity of security is obvious, it must often be balanced against other business
needs. Business managers, IT professionals, and IT users all face a number of ethical decisions
regarding IT security, such as the following:
• If a firm is a victim of a computer crime, should it pursue prosecution of the criminals at
all costs, maintain a low profile to avoid the negative publicity, inform its affected customers, or
take some other action?
• How much effort and money should be spent to safeguard against computer crime? (In
other words, how safe is safe enough?)
• If a company realizes that it has produced software with defects that make it possible for
hackers to attack customer data and computers, what actions should it take?
• What should be done if recommended computer security safeguards make conducting
business more difficult for customers and employees, resulting in lost sales and increased costs?

Why Computer Incidents Are So Prevalent

In today’s computing environment of increasing complexity, higher user expectations,

expanding and changing systems, and growing reliance on software with known
vulnerabilities, it is no wonder that the number, variety, and impact of security
incidents are increasing dramatically.
• Computer security incidents occur around the world with personal computer
users in developing countries being exposed to the greatest risk of their
computers being infected by malware. Table 3-2 shows the ranking of the best
and worst countries in terms of percent of computers infected by malware as
determined by Kaspersky Lab, a provider of computer security software and
services.

LIVING IN THE IT ERA

 IT Security Incidents

Types of Exploits

✓ Computer virus has become an umbrella term for many types of malicious
code. Technically, a virus is a piece of programming code, usually disguised as
something else, that causes a computer to behave in an unexpected and usually
undesirable manner.
✓ Often a virus is attached to a file, so that when the infected file is opened, the
virus executes. Other viruses sit in a computer’s memory and infect files as the
Viruses computer opens, modifies, or creates them. Most viruses deliver a “payload,” or
malicious software that causes the computer to perform in an unexpected way.
✓ For example, the virus may be
programmed to display a certain message on the
computer’s display screen, delete or modify a
certain document, or reformat the hard drive. A
true virus does not spread itself from
computer to computer.
✓ A virus is spread to other machines
when a computer user opens an infected email
attachment, downloads an infected program, or visits infected Web sites. In other
words, viruses spread by the action of the “infected” computer user.
✓ Unlike a computer virus, which requires users to spread infected files to other
users, a worm is a harmful program that resides in the active memory of the
computer and duplicates itself. Worms differ from viruses in that they can propagate
without human intervention, often sending copies of themselves to other computers
by email.
✓ The negative impact of a worm attack on an organization’s computers can be
Worms considerable—lost data and programs, lost productivity due to workers being unable
to use their computers, additional lost productivity as workers attempt to recover data
and programs, and lots of effort
for IT workers to clean up the
mess and restore everything to
as close to normal as possible.
✓ The cost to repair the
damage done by each of the
Code Red, SirCam, and
Melissa worms was estimated to exceed $1 billion, with that of the Conficker, Storm,
and ILOVEYOU worms totaling well over $5 billion.16,17
✓ A Trojan horse is a program in which malicious code is hidden inside a
seemingly harmless program. The program’s harmful payload might be designed to
enable the hacker to destroy hard drives, corrupt files, control the computer remotely,
launch attacks against other computers, steal passwords or Social Security numbers,
or spy on users by recording keystrokes and transmitting them to a server operated
by a third party.

LIVING IN THE IT ERA

 IT Security Incidents

Trojan ✓ A Trojan horse can be delivered as an email attachment, downloaded from a

Horses Web site, or contracted via a removable media device such as a
CD/DVD or USB memory stick.
✓ Once an unsuspecting user executes the program that
hosts the Trojan horse, the malicious payload is automatically
launched as well—with no telltale signs. Common host programs
include screen savers, greeting card systems, and games.
✓ Email spam is the abuse of email systems to send unsolicited email to large
numbers of people. Most spam is a form of low-cost commercial advertising,
sometimes for questionable products such
as pornography, phony get-rich-quick
schemes, and worthless stock. Spam is also
an extremely inexpensive method of
Spam marketing used by many legitimate
organizations.
✓ For example, a company might send
email to a broad cross section of potential
customers to announce the release of a new
product to increase initial sales. Spam is also used to deliver harmful worms and other
malware.
✓ The Controlling the Assault of Non-Solicited Pornography and Marketing
(CAN-SPAM) Act went into effect in January 2004. The act says that it is legal to
spam, provided the messages meet a few basic requirements—spammers cannot
disguise their identity by using a false return address, the email must include a label
specifying that it is an ad or a solicitation, and the email must include a way for
recipients to indicate that they do not want future mass mailings. Despite CAN-SPAM
and other measures, the percentage of spam in email messages averaged 68 percent
in October 2012, according to Secure list, a blog run by the computer security firm
Kaspersky Labs.
✓ A partial solution to this problem is the use of CAPTCHA to ensure that only
humans obtain free accounts.
✓ CAPTCHA (Completely
Automated Public Turing Test to
Tell Computers and Humans
Apart) software generates and
grades tests that humans can pass
but all, but the most sophisticated
computer programs cannot. For
example, humans can read the
distorted text in Figure 3-1, but simple
computer programs cannot.

✓ A distributed denial-of-service (DDoS) attack is one in which a malicious

hacker takes over computers via the Internet and causes them to flood a target
site with demands for data and
Distributed other small tasks.
Denial-of- ✓ A distributed denial-of-service
Service attack does not involve infiltration of
(DDoS) the targeted system. Instead, it
Attacks keeps the target so busy responding
to a stream of automated requests
that legitimate users cannot get in—
the Internet equivalent of dialing a
telephone number repeatedly so
that all other callers hear a busy
signal.
✓ The targeted machine “holds
the line open” while waiting for a reply that never comes, and eventually the requests
exhaust all resources of the target.

LIVING IN THE IT ERA

 IT Security Incidents

✓ A rootkit is a set of programs that enables its user to gain administrator-

level access to a computer without the end user’s consent or knowledge. Once
installed, the attacker can gain full control of the system and even obscure the
Rootkits presence of the rootkit from legitimate system administrators.
✓ Attackers can use the rootkit to execute files, access logs, monitor user activity,
and change the computer’s configuration. Rootkits are one part of a blended threat,
consisting of the dropper, loader, and rootkit. The dropper code gets the rootkit
installation started and can be activated by clicking on a link to a malicious Web site
in an email or opening an infected PDF file. The dropper launches the loader program
and then deletes itself. The loader loads the rootkit into memory; at that point, the
computer has been compromised. Rootkits are
designed so cleverly that it is difficult even to
discover if they are installed on a computer.
✓The fundamental problem with trying to
detect a rootkit is that the operating system
currently running cannot be trusted to provide
valid test results. Here are some symptoms of
rootkit infections:
• The computer locks up or fails to respond to
input from the keyboard or mouse. • The screen
saver changes without any action on the part of the user.
• The taskbar disappears.
• Network activities function extremely slowly.
✓ When it is determined that a computer has been infected with a rootkit, there is
little to do but reformat the disk; reinstall the operating system and all applications;
and reconfigure the user’s settings, such as mapped drives. This can take hours, and
the user may be left with a basic working machine, but all locally held data and settings
may be lost.
✓ Phishing is the act of fraudulently using email to try to get the recipient to
reveal personal data. In a phishing scam, con artists
send legitimate-looking emails urging the recipient to take
Phishing action to avoid a negative consequence or to receive a
reward. The requested action may involve clicking on a
link to a Web site or opening an email attachment. These
emails lead consumers to counterfeit Web sites designed
to trick them into divulging personal data.
✓ Spear-phishing is a variation of phishing in which the phisher sends
fraudulent emails to a certain organization’s employees. It is known as spear-
phishing because the attack is much more precise and narrower, like the tip of a spear.
The phony emails are designed to look like they came from high-level executives
within the organization. Employees are directed to a fake Web site and then asked to
enter personal information, such as name, Social Security number, and network
passwords. Botnets have become the primary means for distributing phishing scams.
✓ In a smishing scam, people receive a legitimate-looking text message on
their phone telling them to call a specific phone number or to log on to a Web site.
This is often done under the guise that there is a problem with their bank account or
Smishing credit card that requires immediate attention. However, the phone number or Web site
and is phony and is used to trick unsuspecting victims into providing personal information
Vishing such as a bank account number, personal identification number, or credit card
number.
✓ This information can be used to steal money from victims’ bank accounts,
charge purchases on their credit cards, or open new accounts. In some cases, if
victims log on to a Web site, malicious software is downloaded onto their phones,
providing criminals with access to information stored on the phones. The number of
smishing scams increases around the holidays as people use their cell phones to
make online purchases.
✓ Vishing is like smishing except that the victims receive a voice mail telling
them to call a phone number or access a Web site.
Table 1. Type of Cyber Attacks

LIVING IN THE IT ERA

 IT Security Incidents

Recommended Action Steps for Institutions and Organizations

Companies should educate their customers about the dangers of phishing,

smishing, and vishing through letters, recorded messages for those calling into
the company’s call center, and articles on the company’s Web site.

• Call center service employees should be trained to detect customer complaints

that indicate a scam is being perpetrated. They should attempt to capture key pieces
of information, such as the callback number the customer was directed to use, details
of the phone message or text message, and the type of information requested.

• Customers should be notified immediately if a scam occurs. This can be done

via a recorded message for customers phoning the call center, working with local
media to place a news article in papers serving the area of the attack, placing a banner
on the institution’s Web page, and even displaying posters in bank drive-through and
lobby areas.

• If it is determined that the calls are originating from within the United States,
companies should report the scam to the Federal Bureau of Investigation (FBI).

• Institutions can also try to notify the telecommunications carrier for the phone
number that victims are requested to call, to request that they shut down that number

Types of Perpetrators

The people who launch these kinds of computer attacks include thrill seekers
wanting a challenge, common criminals looking for financial gain, industrial spies trying to
gain a competitive advantage, and terrorists seeking to cause destruction to further their
cause.
Each type of perpetrator has different objectives and access to varying resources,
and each is willing to accept different levels of risk to accomplish his or her objective.
Each perpetrator decides to act in an unethical manner to achieve his or her own
personal objectives.

LIVING IN THE IT ERA

 IT Security Incidents

Prevention

No organization can ever be completely secure from attack. The key is to implement a layered
security solution to make computer break-ins so difficult that an attacker eventually gives up. In a
layered solution, if an attacker breaks through one layer of security, there is another layer to overcome.
These layers of protective measures are explained in more detail in the following sections.

✓ Installing a Corporate Firewall Installation of a corporate firewall is the most common

security precaution taken by businesses. A firewall stands guard between an organization’s internal
network and the Internet, and it limits network access based on the organization’s access policy.

✓ Intrusion Detection Systems An intrusion detection system (IDS) is software and/or

hardware that monitors system and network resources and activities and notifies network security
personnel when it detects network traffic that attempts to circumvent the security measures of a
networked computer environment. Such activities usually signal an attempt to breach the integrity
of the system or to limit the availability of network resources.

✓ Installing Antivirus Software on Personal Computers Antivirus software should be

installed on each user’s personal computer to scan a computer’s memory and disk drives regularly
for viruses. Antivirus software scans for a specific sequence of bytes, known as a virus signature,
that indicates the presence of a specific virus. If it finds a virus, the antivirus software informs the
user, and it may clean, delete, or quarantine any files, directories, or disks affected by the malicious
code. Good antivirus software checks vital system files when the system is booted up, monitors the
system continuously for viruslike activity, scans disks, scans memory when a program is run,
checks programs when they are downloaded, and scans email attachments before they are
opened. Two of the most widely used antivirus software products are Norton AntiVirus from
Symantec and Personal Firewall from McAfee.

LIVING IN THE IT ERA

 IT Security Incidents

ANALYSIS

Task 2: Let me Say it to You! (Individual)

Directions: List down 5 cyber-attacks issues from the internet and its corresponding action/s that must
be taken in response to the incident.

Cyber-Attacks Issue Action

✓
1.

✓
2.

✓
3.

✓
4.

✓
5.

ABSTRACTION

Task 3: Research yourself! (Individual)

Overview: Do you know how much data about yourself is freely online? If someone were to research you, what
would they be able to find? What could they know about you from a simple search? Put on your
detective hat and go digging for the data you can find about yourself.

Directions: Begin by typing in your name. Then, try your name + your school or the name of your city.
Even try your name + a sport you play! You can look at search engines, your school
website, social networks, or any other frequently used website! You can even include posts
from social media sites if you can find them.

LIVING IN THE IT ERA

 IT Security Incidents

Task 4: Answer me briefly. (Individual)

Directions: Discuss the following in your own understanding.

What could someone who is researching you

find out about your personality/life?

___________________________________
___________________________________
___________________________________
___________________________________
___________________

What does this tell us about our presence

online with the things we post and
information we make public?

__________________________________
__________________________________
__________________________________
__________________________________
__________________________________

How could this information be used in a

hacking situation?

________________________________
________________________________
________________________________
________________________________
________________________________
________________________________
____________________

What information poses the biggest threat to

your privacy/security?

__________________________________
__________________________________
__________________________________
__________________________________
__________________________________
__________________________________
__________________________________
___________________________

LIVING IN THE IT ERA

 IT Security Incidents

APPLICATION

Task 5: Show Me! (Individual)

Direction: Create your own rules on how to stay safe online.

✓ ___________________________________________________________________________
___________________________________________________________________________
✓ ___________________________________________________________________________
___________________________________________________________________________
✓ ___________________________________________________________________________
___________________________________________________________________________
✓ ___________________________________________________________________________
___________________________________________________________________________
✓ ___________________________________________________________________________
___________________________________________________________________________
✓ ___________________________________________________________________________
___________________________________________________________________________
✓ ___________________________________________________________________________
___________________________________________________________________________
✓ ___________________________________________________________________________
___________________________________________________________________________
✓ ___________________________________________________________________________
___________________________________________________________________________
✓ ___________________________________________________________________________
___________________________________________________________________________

REFLECTION

Task 6: My Reflection (Individual)

Direction: Share some learning insights/reflection about the knowledge and skills gained from the
present lesson. Do the following activities.

The essence of knowing the cyber-prevention is__________________________

__________________________________________________________________
__________________________________________________________________
__________________________________________________________________
__________________________________________________________________
____________________.
Strong password is beneficial to me because_____________________________
__________________________________________________________________
__________________________________________________________________
__________________________________________________________________
__________________________________________________________________
_____________________.

LIVING IN THE IT ERA

 IT Security Incidents

POST-ASSESSMENT

Task 7: Modified True or False. (Individual)

Direction: Identify whether the following statements are true or false. Write T if the statement is correct
otherwise F and change the underlined word/s to make the statement true.

___________________1. According to the 2010/11 CSI Computer Crime and Security Survey,

malware infection is the most common security incident.

___________________2. The security of information technology used in business is of the utmost

importance, but it must be balanced against other business needs and

issues.

___________________3. There are many kinds of people who launch computer attacks, including

the hacker, cracker, malicious insider, industrial spy, cybercriminal,

hacktivist, and cyberterrorist. Each type has the same motivation.

___________________4. An anti-virus is software and/or hardware that monitors system and

network resources and activities, and notifies network security personnel

when it detects network traffic that attempts to circumvent the security

measures of a networked computer environment

___________________5. Crackers test the limitations of information systems out of intellectual

curiosity—to see whether they can gain access and how far they can go.

___________________6. Cyberterrorists destroy infrastructure components of financial

institutions, utilities, and emergency response units.

___________________7. Hackers cause problems, steal data, and corrupt systems.

___________________8. In a smishing scam, people receive a legitimate-looking text message

on their phone telling them to call a specific phone number or to log on to

a Web site.

___________________9. Worm is a piece of programming code, usually disguised as something

else, that causes a computer to behave in an unexpected and usually

undesirable manner.

___________________10. Trojan horse is a program in which malicious code is hidden inside a

seemingly harmless program.

LIVING IN THE IT ERA

 IT Security Incidents

GLOSSARY
GLOSSARY
The following terms used in this module are defined as follows:

(a portmanteau for malicious software) is any software intentionally designed to

cause damage to a computer, server, client, or computer network (by contrast,
malware
software that causes unintentional harm due to some deficiency is typically
described as a software bug).
the kind of harmful computer code or web script designed to create system
malicious vulnerabilities leading to back doors, security breaches, information and data theft,
code and other potential damages to files and computing systems. It's a type of threat
that may not be blocked by antivirus software on its own.
a string of characters used for authenticating a user on a computer system,
password sometimes called a passcode, is a memorized secret.

a network security system that monitors and controls over all your incoming and
firewall outgoing network traffic based on advanced and a defined set of security rules.

a code that takes advantage of a software vulnerability or security flaw. It is written

exploit either by security researchers as a proof-of-concept threat or by malicious actors
for use in their operations.

REFERENCES

Bitsnbytes. (n.d.). Retrieved from Bitsnbytes: www.bitsnbytes.com

Reynolds, G. (2013). Principles of Ethics in IT. Phil: ESP Printers Inc.
Risk Management. (2018, Jan 25). Retrieved from Risk Management:
http://www.rmmagazine.com/2018/01/25/mitigating-cyberrisk-in-2018/
Vpnmentor. (n.d.). Retrieved from Vpnmentor: https://www.vpnmentor.com/blog/teachers-guide-to-
cybersecurity/

LIVING IN THE IT ERA