Alipio,Shelby Lyn C.

CpE-302 INTROHDL

Research Activity:
Research topics regarding cybersecurity and types of hacks and attacks
I. What is Cyber Security?
Cybersecurity is about protecting systems, networks, and software from digital attacks
that aim to access, alter, or destroy confidential information, extort money via ransomware, or
disrupt normal operations. As more devices come online, and attackers become more innovative,
implementing effective cybersecurity measures is increasingly challenging. A successful
approach to cybersecurity requires multiple layers of protection, including people, processes, and
technology that work together to create an effective defense. Everyone benefits from advanced
cyber defense programs, including individuals who may face identity theft, extortion attempts, or
loss of personal data, as well as organizations critical to society, like hospitals and financial
service companies. Making internet a safer space for users.
II. What are the 5 types of cyber security?
1. Critical Infrustructure Security- This security plays a vital role in society's safety and
well-being by protecting cyber-physical systems, networks, and assets. Examples of
critical infrastructure include the electricity grid, water purification systems, hospitals,
and shopping centers. To fully understand CIS, the organization responsible for securing
it should understand the vulnerabilities of the associated infrastructure systems and create
a plan to prevent future damage.
2. Application Security – is crucial for protecting software application code and data from
cyber threats and breaches. It employs hardware and software techniques to address
external threats during the development, design, and deployment phases of an
application. Due to the accessibility of applications over networks, implementing security
standards, systems, and tools during all development stages is essential. Application
security includes various measures, such as authentication, authorization, encryption
programs, antivirus and antispyware software, firewalls, and application security testing
that help prevent unauthorized access to applications and protect sensitive data assets.
3. Network Security – It is essential in preventing unauthorized access to a user's internal
networks, which can be caused by malicious intentions. It safeguards the network
infrastructure and restricts access to the network. Security teams are utilizing machine
learning to identify abnormal traffic and provide real-time alerts to improve network
security monitoring. Network administrators are also implementing policies and
procedures to prevent unauthorized access, modification, and exploitation of the network.
4. Cloud Security- Cloud security is a software-based security tool that safeguards and
monitors data in cloud resources. Cloud providers are continuously developing and
implementing new security tools to assist enterprise users in enhancing their data
security. The belief that cloud computing is less secure than traditional methods is a
common myth. However, research has shown that control does not necessarily guarantee
security, and accessibility is more important than the physical location of data. According
to Alert Logic's Cloud Security Report, on-premises environment users are more
vulnerable to security incidents than service provider environment customers, with the
latter experiencing fewer attacks. Cloud computing security is comparable to traditional
Alipio,Shelby Lyn C.
CpE-302 INTROHDL

on-premise data centers, but without the burden of maintaining massive data facilities,
and the risk of security breaches is lower.
5. Internet of Things (IoT) Security - is the process of safeguarding internet-connected
devices and the networks they operate on from cyber threats and breaches. It includes
protection, identification, and monitoring of risks while addressing vulnerabilities in
devices that can pose security risks to businesses. IoT devices comprise critical and non-
critical cyber-physical systems, such as sensors, appliances, security cameras, Wi-Fi
routers, and printers. According to Bain & Company, IoT markets are predicted to
increase to $520 billion in 2021, with core technologies such as IoT's data center,
analytics, consumer devices, networks, legacy embedded systems, and connectors.
However, IoT devices are often shipped in a vulnerable state with minimal security
patching, creating unique security challenges for users.

III. Give at least 3 examples of hacking techniques and how we mitigate them.

1. Bait and Switch -is a hacking technique where hackers buy advertisement space
on websites and create an attractive advertisement to lure users into clicking it,
which redirects them to a malicious web page. This technique allows hackers to
install malicious code on the victim's system and steal their information.
To mitigate: In order to avoid falling prey to online scams, it is important to
use common sense, conduct research on merchants and their websites, and use
software tools like anti-malware, ad-blockers, and browser extensions to protect
against malicious activities. Additionally, users should be cautious when
navigating unfamiliar websites and avoid offers that seem too good to be true or
have vague or unclear phrasing. It is recommended to stick to known and trusted
websites and retailers to minimize the risk of falling victim to scams.

2. Virus, Trojan, and Other Spyware -are malicious codes that hackers use to gain
unauthorized access to a victim's computer. These codes can perform various tasks
like stealing data and diverting traffic.
To mitigate: To prevent malware attacks, it's crucial to only download and
install software from sources that are entirely trustworthy. Also, do not open
attachments or run programs from unknown senders via email. Keeping all
software on your computer up-to-date with the latest patches and ensuring that a
Trojan antivirus is installed and running on your computer can also help to protect
it from potential threats.

3. Cookie Theft- is a technique where attackers gain access to a victim's browser

session cookies to authenticate themselves as the victim and conduct attacks.
Clearing search history and cache periodically can help protect against such
attacks.
To mitigate: To prevent session hijacking, it is important to have good digital
hygiene practices such as checking if a website uses HTTPS encryption by
looking at the URL, avoiding logging onto free public Wi-Fi connections, and
Alipio,Shelby Lyn C.
CpE-302 INTROHDL

implementing automatic log-off when sessions are not in use. Automatic log-off
may be inconvenient but can wipe your session clean once work is over.

IV. Give at least 3 examples of cyber-attacks and how we mitigate them.

1. Malware attack is a common type of cyberattack that uses malicious software like
viruses, worms, spyware, ransomware, adware, and trojans. These programs enter
a system through vulnerabilities, such as clicking on dangerous links or opening
infected email attachments.
To mitigate: To prevent malware attacks, users can use antivirus software,
firewalls, avoid clicking suspicious links, and regularly update their operating
systems and browsers.

2. Phishing attacks are a type of social engineering attack where attackers

impersonate trusted contacts and send fake emails to gain access to confidential
information and account credentials.
To mitigate: To prevent phishing attacks, users should scrutinize emails for
errors, use anti-phishing toolbars, and update their passwords regularly.

3. Password attacks is a method of hacking where an attacker uses software tools

such as Cain, Abel, John the Ripper, Hashcat, or Aircrack to crack your password.
It includes brute force attacks, dictionary attacks, and keylogger attacks.
To mitigate: To prevent password attacks, users can use strong alphanumeric
passwords with special characters, avoid using the same password for multiple
accounts, regularly update their passwords, and avoid displaying password hints
publicly.
Alipio,Shelby Lyn C.
CpE-302 INTROHDL

References:

Biasco, P. (2021, May 11). What is Cookie Theft and session hijacking? Privacy Bee. Retrieved
March 6, 2023, from https://privacybee.com/blog/what-is-cookie-theft-and-session-
hijacking/

Cisco. (2023, February 9). What is cybersecurity? Cisco. Retrieved March 6, 2023, from
https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html#~how-
cybersecurity-works

GeeksforGeeks. (2022, June 8). 5 common hacking techniques used by hackers. GeeksforGeeks.
Retrieved March 6, 2023, from https://www.geeksforgeeks.org/5-common-hacking-
techniques-used-by-hackers/

Ilevičius, P. (2020, February 7). What is bait and switch? NordVPN. Retrieved March 6, 2023,
from https://nordvpn.com/blog/what-is-bait-and-switch/

M, S. (2023, February 8). 10 types of cyber attacks you should be aware in 2023.
Simplilearn.com. Retrieved March 6, 2023, from
https://www.simplilearn.com/tutorials/cyber-security-tutorial/types-of-cyber-attacks

Mindcore. (2018, September 5). 5 type of cyber security: Mindcore IT services. Mindcore.
Retrieved March 6, 2023, from https://mind-core.com/blogs/cybersecurity/5-types-of-
cyber-security/