Unit Computer

5 Security
Lesson 1. Cybersecurity

LEARNING OUTCOMES
At the end of the unit, the students must have:
1. Defined cybersecurity
2. Classified different malicious software and anti-malware tools to use
3. Explained cybersecurity, vulnerabilities, attacks and impact of security breaches
4. Identified computer protection and counter measures against cybersecurity

INTRODUCTION
Every business is under constant threat from a multitude of sources. From the biggest Fortune
500 companies down to the smallest of mom-and-pop stores, no business is 100% safe from
an attack. The simple fact is that there are too many threats out there to effectively prevent
them all.

For example, as noted by leading antivirus company Kaspersky Lab, “The number of new
malicious files processed by Kaspersky Lab’s in-lab detection technologies reached 360,000 a
day in 2017.” That’s 250 new malware threats every minute.

But, malware isn’t the only threat out there; there are many more cybersecurity threats and
network vulnerabilities in existence that malicious actors can exploit to steal your company’s
data or cause harm.

LEARNING CONTENT
The Internet has transformed our lives in many good ways. Unfortunately, this vast network
and its associated technologies also have brought in their wake, the increasing number of
security threats. The most effective way to protect yourself from these threats and attacks is
to be aware of standard cybersecurity practices.

18
Lecture Notes in CC 201 – Introduction to Computing
Property of WVSU
What is computer security?

Computer security basically is the protection of computer systems and information from harm,
theft, and unauthorized use. It is the process of preventing and detecting unauthorized use
of your computer system.

Often people confuse computer security with other related terms like information security and
cybersecurity. One way to ascertain the similarities and differences among these terms is by
asking what is being secured. For example,

 Information security is securing information from unauthorized access, modification

& deletion
 Computer Security means securing a standalone machine by keeping it updated and
patched
 Cybersecurity is defined as protecting computer systems, which communicate over
the computer networks

It’s important to understand the distinction between these words, though there
isn’t necessarily a clear consensus on the meanings and the degree to which they overlap or
are interchangeable.

So, Computer security can be defined as controls that are put in place to provide
confidentiality, integrity, and availability for all components of computer systems. Let’s
elaborate the definition.

The components of a computer system that needs to be protected are:

 Hardware, the physical part of the computer, like the system memory and disk drive
 Firmware, permanent software that is etched into a hardware device’s nonvolatile
memory and is mostly invisible to the user
 Software, the programming that offers services, like operating system, word
processor, internet browser to the user

The CIA Triad

Computer security is mainly concerned with three main areas:

 Confidentiality is ensuring that information is available

only to the intended audience
 Integrity is protecting information from being modified by
unauthorized parties
 Availability is protecting information from being modified
by unauthorized parties
Computer Security Triad

WHAT IS CYBERSECURITY?

19
Lecture Notes in CC 201 – Introduction to Computing
Property of WVSU
Cyber security is the practice of defending computers, servers, mobile devices, electronic
systems, networks, and data from malicious attacks. It's also known as information technology
security or electronic information security. The term applies in a variety of contexts, from
business to mobile computing, and can be divided into a few common categories.

· Network security is the practice of securing a computer network from intruders,

whether targeted attackers or opportunistic malware.
· Application security focuses on keeping software and devices free of threats. A
compromised application could provide access to the data its designed to protect.
Successful security begins in the design stage, well before a program or device is
deployed.
· Information security protects the integrity and privacy of data, both in storage and
in transit.
· Operational security includes the processes and decisions for handling and
protecting data assets. The permissions users have when accessing a network and the
procedures that determine how and where data may be stored or shared all fall under
this umbrella.
· Disaster recovery and business continuity define how an organization responds
to a cyber-security incident or any other event that causes the loss of operations or
data. Disaster recovery policies dictate how the organization restores its operations
and information to return to the same operating capacity as before the event. Business
continuity is the plan the organization falls back on while trying to operate without
certain resources.
· End-user education addresses the most unpredictable cyber-security factor: people.
Anyone can accidentally introduce a virus to an otherwise secure system by failing to
follow good security practices. Teaching users to delete suspicious email attachments,
not plug in unidentified USB drives, and various other important lessons is vital for the
security of any organization.

Types of cyber threats

The threats countered by cyber-security are three-fold:

1. Cybercrime includes single actors or groups targeting systems for financial gain or to
cause disruption.
2. Cyber-attack often involves politically motivated information gathering.
3. Cyberterrorism is intended to undermine electronic systems to cause panic or fear.

So, how do malicious actors gain control of computer systems? Here are some common
methods used to threaten cyber-security:

1) Malware

Malware, or “malicious software,” is an umbrella term that describes any malicious program
or code that is harmful to systems. Hostile, intrusive, and intentionally nasty, malware seeks
20
Lecture Notes in CC 201 – Introduction to Computing
Property of WVSU
to invade, damage, or disable computers, computer systems, networks, tablets, and mobile
devices, often by taking partial control over a device’s operations. Like the human flu, it
interferes with normal functioning.

Malware is all about making money off you illicitly. Although malware cannot damage the
physical hardware of systems or network equipment (with one known exception—see the
Google Android section below), it can steal, encrypt, or delete your data, alter or hijack core
computer functions, and spy on your computer activity without your knowledge or permission.

How can I tell if I have a malware

infection?

Malware can reveal itself with many different

aberrant behaviors. Here are a few telltale signs
that you have malware on your system:

 Your computer slows down. One of

malware’s main effects is to reduce the
speed of your operating system, whether
you’re navigating the Internet or just
using your local applications.

 A tidal wave of annoying ads that shouldn’t be there washes over your screen.
Unexpected pop-up ads are a typical sign of a malware infection. They’re especially
associated with a form of malware known as adware. What’s more, pop-ups usually
come packaged with other hidden malware threats. So if you see something akin to
“CONGRATULATIONS, YOU’VE WON A FREE PSYCHIC READING!” in a pop-up, don’t
click on it. Whatever free prize the ad promises, it will cost you plenty.

 Your system repeatedly crashes, freezes, or displays a BSOD (Blue Screen of Death),
which can occur on Windows systems after encountering a fatal error.

 You notice a mysterious loss of disk space, probably due to a bloated malware squatter
which hides in your hard drive.

 There’s a weird increase in your system’s Internet activity.

 Usage of your system resources is abnormally high and your computer’s fan starts
whirling away at full speed—signs of malware activity taking up system resources in
the background.

 Your browser’s homepage changes without your permission. Similarly, links you click
send you to an unwanted web destination. This usually means you clicked on that
“congratulations” pop-up, which downloaded some unwanted software. Likewise, your
browser might slow to a crawl.

 New toolbars, extensions, or plugins unexpectedly populate your browser.

 Your antivirus product stops working and you cannot update it, leaving you
unprotected against the sneaky malware that disabled it.

 Then there’s the painfully obvious, intentionally non-stealthy malware attack. This
famously happens with ransomware, which announces itself, tells you it has your data,
and demands a ransom to return your files.
21
Lecture Notes in CC 201 – Introduction to Computing
Property of WVSU
  Even if everything seems to be working just fine on your system, don’t get complacent,
because no news isn’t necessarily good news. Powerful malware can hide deep in your
computer, going about its dirty business without raising any red flags as it snags your
passwords, steals sensitive files, or uses your PC to spread to other computers.

What are the most common forms of malware?

Here are the most common offenders in the rogues’ gallery of malware:

Common Types of Malware

 Adware is unwanted software designed to throw advertisements up on your screen,

most often within a web browser. Typically, it uses an underhanded method to either
disguise itself as legitimate, or piggyback on another program to trick you into installing
it on your PC, tablet, or mobile device.

 Spyware is malware that secretly observes the computer user’s activities without
permission and reports it to the software’s author.

 A virus is malware that attaches to another program and, when executed—usually

inadvertently by the user—replicates itself by modifying other computer programs and
infecting them with its own bits of code.

 Worms are a type of malware similar to viruses, self-replicating in order to spread to

other computers over a network, usually causing harm by destroying data and files.

 A Trojan, or Trojan horse, is one of the most dangerous malware types. It usually
represents itself as something useful in order to trick you. Once it’s on your system,
the attackers behind the Trojan gain unauthorized access to the affected computer.
From there, Trojans can be used to steal financial information or install threats like
viruses and ransomware.

 Ransomware is a form of malware that locks you out of your device and/or encrypts
your files, then forces you to pay a ransom to get them back. Ransomware has been
called the cyber criminal’s weapon of choice because it demands a quick, profitable
payment in hard-to-trace cryptocurrency. The code behind ransomware is easy to
obtain through online criminal marketplaces and defending against it is very difficult.

22
Lecture Notes in CC 201 – Introduction to Computing
Property of WVSU
  Rootkit is a form of malware that provides the attacker with administrator privileges
on the infected system. Typically, it is also designed to stay hidden from the user,
other software on the system, and the operating system itself.

 A keylogger is malware that records all the user’s keystrokes on the keyboard,
typically storing the gathered information and sending it to the attacker, who is seeking
sensitive information like usernames, passwords, or credit card details.

 Malicious cryptomining, also sometimes called drive-by mining or cryptojacking, is

an increasingly prevalent malware usually installed by a Trojan. It allows someone else
to use your computer to mine cryptocurrency like Bitcoin or Monero. So instead of
letting you cash in on your own computer’s horsepower, the cryptominers send the
collected coins into their own account and not yours. Essentially, a malicious
cryptominer is stealing your resources to make money.

 Exploits are a type of malware that takes advantage of bugs and vulnerabilities in a
system in order to allow the exploit’s creator to take control. Among other threats,
exploits are linked to malvertising, which attacks through a legitimate site that
unknowingly pulls in malicious content from a bad site. Then the bad content tries to
install itself on your computer in a drive-by download. No clicking is necessary. All you
have to do is visit a good site on the wrong day.

How can I protect myself from malware?

When it comes to malware, prevention is better than a cure. Fortunately, there are some
common sense, easy behaviors that minimize your chances of running into any nasty software.

 Don’t trust strangers online! “Social engineering”, which can include strange
emails, abrupt alerts, fake profiles, and curiosity-tickling offers, are the #1 method of
delivering malware. If you don’t know exactly what it is, don’t click on it.
 Double-check your downloads! From pirating sites to official storefronts, malware
is often lurking just around the corner. So before downloading, always double-check
that the provider is trustworthy by carefully reading reviews and comments.
 Get an ad-blocker! Malvertising – where hackers use infected banners or pop-up ads
to infect your device – is on the rise. You can’t know which ads are bad: so it’s safer
to just block them all with a reliable ad-blocker.
 Careful where you browse! Malware can be found anywhere, but it’s most common
in websites with poor backend security, like small, local websites. If you stick to large,
reputable sites, you severely reduce your risk of encountering malware.
 Stay vigilant. Pay particular attention if you see a domain name that ends in an odd
set of letters, i.e., something other than com, org, edu, or biz, to name a few, as they
can be an indicator for risky websites.“Make sure your operating system, browsers,
and plugins are always up to date.”
 Avoid clicking on pop-up ads while browsing the Internet. Stay away from
opening unsolicited email attachments or downloading software from untrustworthy
websites or peer-to-peer file transfer networks.
 Make sure your operating system, browsers, and plugins are always up to
date, because keeping your software patched can keep online criminals at bay.
 For mobile users, only download apps from Google Play Store (the App Store
is the iPhone’s only choice). Every time you download an app, check the ratings
and reviews first. If it has a low rating and a low number of downloads, it is best to
avoid that app.
23
Lecture Notes in CC 201 – Introduction to Computing
Property of WVSU
  Do not download apps from third-party sources. The best way to make sure of
this is to turn off this function on your Android phone. Go to Settings on your Android
device and open up the Security section. Here, make sure Unknown Sources is disabled
to avoid installation of apps from marketplaces other than the Play Store.
 Do not click on strange, unverified links in emails, texts, and WhatsApp
messages of unknown origin. Strange links from friends and contacts should be
avoided too unless you have verified it to be safe.
 To keep their businesses safe, organizations can prevent malicious apps from
threatening their networks by creating strong mobile security policies and by
deploying a mobile security solution that can enforce those policies. This is
vital in the business environment that exists today—with multiple operating systems
at work under multiple roofs.
 Finally, get yourself a good anti-malware program. It should include layered
protection (the ability to scan and detect malware such as adware and spyware while
maintaining a proactive real-time defense that can block threats such as ransomware).
Your security program should also provide remediation to correct any system changes
from the malware it cleans, so everything goes back to normal.

2.) SQL injection

An SQL (structured language query) injection is a type of cyber-attack used to take control of
and steal data from a database. Cybercriminals exploit vulnerabilities in data-driven
applications to insert malicious code into a databased via a malicious SQL statement. This
gives them access to the sensitive information contained in the database .

3.) Unpatched Security Vulnerabilities

While there are countless new threats being developed daily, many of them rely on old security
vulnerabilities to work. With so many malwares looking to exploit the same few vulnerabilities
time and time again, one of the biggest risks that a business can take is failing to patch those
vulnerabilities once they’re discovered.

It’s all too common for a business—or even just the individual users on a network—to dismiss
the “update available” reminders that pop up in certain programs because they don’t want to
lose the 5-10 minutes of productive time that running the update would take. Updating is a
nuisance to most users. However, it’s a “nuisance” that could save a business untold amounts
of time, money, and lost business later.

The easy fix is to maintain a regular update schedule—a day of the week where your IT team
checks for the latest security patches for your organization’s software and ensures that they’re
applied to all of your company’s systems.

4. ) Hidden Backdoor Programs

This is an example of an intentionally-created computer security vulnerability. When a

manufacturer of computer components, software, or whole computers installs a program or
bit of code designed to allow a computer to be remotely accessed (typically for diagnostic,
configuration, or technical support purposes), that access program is called a backdoor.

24
Lecture Notes in CC 201 – Introduction to Computing
Property of WVSU
When the backdoor is installed into computers without the user’s knowledge, it can be called
a hidden backdoor program. Hidden backdoors are an enormous software vulnerability
because they make it all too easy for someone with knowledge of the backdoor to illicitly
access the affected computer system and any network it is connected to.

5.) Superuser or Admin Account Privileges

One of the most basic tenets of managing software vulnerabilities is to limit the access
privileges of software users. The less information/resources a user can access, the less
damage that user account can do if compromised.

However, many organizations fail to control user account access privileges—allowing virtually
every user in the network to have so-called “Superuser” or administrator-level access. Some
computer security configurations are flawed enough to allow unprivileged users to create
admin-level user accounts.

Verifying that user account access is restricted to only what each user needs to do their job
is crucial for managing computer security vulnerabilities. Also, ensuring that newly-created
accounts cannot have admin-level access is important for preventing less-privileged users
from simply creating more privileged accounts.

6. ) Automated Running of Scripts without Malware/Virus Checks

One common network security vulnerability that some attackers learned to exploit is the use
of certain web browsers’ (such as Safari) tendencies to automatically run “trusted” or “safe”
scripts. By mimicking a trusted piece of code and tricking the browser, cybercriminals could
get the browser software to run malware without the knowledge or input of the user—who
often wouldn’t know to disable this “feature.”

While keeping employees from visiting untrustworthy websites that would run malware is a
start, disabling the automatic running of “safe” files is much more reliable—and necessary for
compliance with the Center for Internet Security’s (CIS’) AppleOS benchmark.

7. ) Unknown Security Bugs in Software or Programming Interfaces

Computer software is incredibly complicated. When two or more programs are made to
interface with one another, the complexity can only increase. The issue with this is that within
a single piece of software, there may be programming issues and conflicts that can create
security vulnerabilities. When two programs are interfaced, the risk of conflicts that create
software vulnerabilities rises.

Programming bugs and unanticipated code interactions rank among the most common
computer security vulnerabilities—and cybercriminals work daily to discover and abuse them.
Unfortunately, predicting the creation of these computer system vulnerabilities is nearly
impossible because there are virtually no limits to the combinations of software that might be
found on a single computer, let alone an entire network.

8. ) Phishing (Social Engineering) Attacks

25
Lecture Notes in CC 201 – Introduction to Computing
Property of WVSU
In a phishing attack, the attacker attempts to trick an employee in the victim organization into
giving away sensitive data and account credentials—or into downloading malware. The most
common form of this attack comes as an email mimicking the identity of one of your company’s
vendors or someone who has a lot of authority in the company.

For example, the attacker may say something like: “This is Mark from IT, your user account
shows suspicious activity, please click this link to reset and secure your password.” The link
in such an email often leads to a website that will download malware to a user’s computer,
compromising their system. Other phishing attacks may ask users to give the attacker their
user account credentials so they can solve an issue.

The basic goal of this strategy is to exploit an organization’s employees to bypass one or more
security layers so they can access data more easily.

There are several ways to defend against this attack strategy, including:

 Email Virus Detection Tools. To check email attachments for malware that could
harm your network.

 Multifactor Authentication (MFA). Using multiple authentication methods (such

as biometrics, one-use texted codes, and physical tokens) for giving users access to
your network makes it harder for attackers to hijack user accounts with just the
username and password.

 Employee Cybersecurity Awareness Training. An educated employee is less

likely to fall for phishing schemes than one who doesn’t know basic cybersecurity
protocols. Cybersecurity awareness training helps to provide employees with the
basic knowledge they need to identify and avoid phishing attacks.

 Defense in Depth. Using a defense-in-depth approach to network security adds

extra layers of protection between each of the individual assets on the network. This
way, if attackers bypass the outermost defenses of the network, there will still be
other layers of protection between the compromised asset and the rest of the
network.

 Policy of Least Privilege. Enacting a policy of least privilege means restricting a

user’s access to the minimum amount needed to perform their job duties. This way,
if that user’s account privileges are misused, the damage will be limited.

9.) Your IoT Devices

The Internet of Things (IoT) encompasses many “smart” devices, such as Wi-Fi capable
refrigerators, printers, manufacturing robots, coffee makers, and countless other machines.
The issue with these devices is that they can be hijacked by attackers to form slaved networks
of compromised devices to carry out further attacks. Worse yet, many businesses don’t even
realize just how many IoT devices they have on their networks—meaning that they have
unprotected vulnerabilities that they aren’t aware of.

26
Lecture Notes in CC 201 – Introduction to Computing
Property of WVSU
These unknown devices represent a massive opportunity to attackers—and, a massive risk for
businesses.To minimize the risk from IoT devices, a security audit should be performed that
identifies all of the disparate assets on the network and the operating systems they’re running.

10) Your Own Employees

The biggest security vulnerability in any organization is its own employees. Whether it’s the
result of intentional malfeasance or an accident, most data breaches can be traced back to a
person within the organization that was breached.

For example, employees may abuse their access privileges for personal gain. Or, an employee
may click on the wrong link in an email, download the wrong file from an online site, or give
the wrong person their user account credentials—allowing attackers easy access to your
systems.

Some of the same prevention techniques mentioned in the anti-phishing bullets can be applied
to prevent data breaches caused by employees.

For example, using a policy of least privilege keeps users from having access to too much data
at once, making it harder for them to steal information. Additionally, cybersecurity awareness
training helps employees spot phishing attempts and other social engineering-style attacks so
they won’t fall for them.

CYBER SAFETY TIPS - PROTECT YOURSELF AGAINST CYBERATTACKS

How can businesses and individuals guard against cyber threats? Here are our top cyber
safety tips:

1. Update your software and operating system: This means you benefit from the
latest security patches.
2. Use anti-virus software: Security solutions like Kaspersky Total Security will detect
and removes threats. Keep your software updated for the best level of protection.
3. Use strong passwords: Ensure your passwords are not easily guessable.
4. Do not open email attachments from unknown senders: These could be infected
with malware.
5. Do not click on links in emails from unknown senders or unfamiliar
websites:This is a common way that malware is spread.
6. Avoid using unsecure WiFi networks in public places: Unsecure networks leave
you vulnerable to man-in-the-middle attacks.

27
Lecture Notes in CC 201 – Introduction to Computing
Property of WVSU
 LET’S
DO IT
Name: _____________________Course,Year, & Section:_________Date Accomplished: ___

Activity 1. Viewing the Video

Please watch the video from your OTG flash drive about the “What Is Cyber Security: How It
Works?” After watching the video clip, answer the following questions. Please submit your
output in our Google Classroom.

1. What have you learned about the video? Write your reflection.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________

_______________________________________________________________________________

_______________________________________________________________________________

_______________________________________________________________________________

2. How can you relate the video on cyber security in handling our Covid situation right now?
Is it comparable?
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________

_______________________________________________________________________________

_______________________________________________________________________________

_______________________________________________________________________________

28
Lecture Notes in CC 201 – Introduction to Computing
Property of WVSU
 Activity 2. Answer/Expound the following questions/statements. Each item is worth five
(5) points. Limit your answer in 3-5 sentences only. Please submit your output in our Google
Classroom.

1. In your own understanding, what are the major cyber security threats that a
student like you is prone to? What good practices should you observe to prevent
infecting your mobile phones or computers?

___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
__________________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
2. Among the types of cyber threats (Cybercrime, Cyber-attack and Cyberterrorism)
which do you think is the most dangerous type of threat? Why do you say so?

______________________________________________________

___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
__________________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________

29
Lecture Notes in CC 201 – Introduction to Computing
Property of WVSU