Professional Documents
Culture Documents
I. Assignment paper
1. Cyberstudy issue in your daily life
Cybersecurity is one of the main issues that the 4.0 industrial revolution is prompting
people to worry about. Cybersecurity-related problems are now numerous and include
cybercrime and security breaches. To be honest, the cyber system in Vietnam, a developing
nation, is quite weak in several areas and quite rudimentary. People draw attention to a number of
major cybersecurity issues.
The first is the emergence of cyberattacks. Attacks against cyber security can result in
identity theft and extortion attempts, which can seriously harm both the victim's life and society
as a whole.
Second, the cost of our purchases is increased by cybersecurity. The price of everything
we purchase includes the whole cost of avoiding cybercrime. Businesses invest a lot of cash on
cyber security.
There was a lot of space for mistake with COVID-19 due to its haste. Most businesses
have to operate in an interim phase before settling into a secure remote working configuration
since setting up teams on secure networks, installing new software, and educating workers about
remote working practices all required time.
Not to mention, IT engineers had a tough job. They had to handle the urgent remote
office setup while also being vigilant for growing dangers that were directly tied to the issues.
2. ICT experiences
ICT is an acronym for Information & Communication Technologies, this word is
understood as Information and Communication Technology. This is a widely used term in the
current technology era, it is a combination of communication and telecommunications, intelligent
building management systems and audio-visual systems in information technology. modern.
Besides, ICT is also a term to talk about the means used to process information, share sound and
images such as telephones, media, sound processing, network transmission and functions.
monitoring ability. ICT is become a crucial part of contemporary life. With its widespread use,
ICT has benefits and drawbacks.
Positively, ICT makes life easier for people. ICT accelerates and improves all processes
and advancement. It modernizes and raises the level of living. ICT links everyone, regardless of
where they are from, and delivers a wealth of fresh cultural, historical, etc. knowledge through
building a massive network grid and numerous worldwide social platforms to share information.
People can grow intellectually and spread their experiences with others in this way. That implies
that we can stay current and grow daily.
The most frequently reported difficulties on the negative side are privacy concerns. The
evidence demonstrates that as technology advances, hazards increase. Specifically, it is asserted
that piracy, phishing, and scamming have increased in frequency in recent years. Malware
systems and fake news are other issues that individuals must contend with since they cause
deviations in their lives. If people are not careful enough, certain personal data may be taken.
Consider the situation of the conflict between Russia and Ukraine, about which a variety of
unfiltered information circulated online. ICT, to sum up, offers many benefits as well as
drawbacks, just like every coin has two sides. We should utilize it and work to reduce the
likelihood that ICT causes.
3. Cyber crime
According to the majority of definitions, cybercrime is defined as any criminal conduct
that uses or makes use of a computer, computer network, or networked device.
Almost all cybercrime is committed by profit-driven hackers or cybercriminals.
Cybercrime may be committed by both individuals and organizations. Particularly given the pace
of IoT, some cybercriminals are well-organized, use cutting-edge tactics, and have a high degree
of technical knowledge, while others are completely new to hacking.
Computers are seldom damaged by cybercrime for reasons other than financial gain.
These might be political or personal. Cybercrime may occur in a variety of ways, including
through viruses, online fraud and forgeries, or the usage of illicit, non-filtered internet
information.
Cybercrime is a serious threat and does enormous harm to both individuals and society.
As a result, the majority of nations and capable enterprises are moving quickly to avert cyber
security breaches.
4. Lores
So far, Vietnam – a Western country with many tradition and custom, has own lores. This essay
will show you some of them:
(1) Abstain from sweeping the house and taking out the trash on Tet holiday
Many people spread word of mouth to each other, if you sweep the house in 3 days, all the luck
and fortune at the beginning of the year will drift out of the house. Therefore, on the afternoon of
the 30th of the New Year, families often clean up so that the 1st, 2nd, and 3rd days do not have to
clean. If they did, Vietnamese people often sweep into a corner of the house, wait for all 3 days
of Tet, or until the day of worship to bring grandparents, they begin to collect and dump.
(2) Differences between the Southern and Northern:
- Hanoi often values and preserves what belongs to tradition, modern Saigon has a more
modern life
- In daily communication, Hanoians value etiquette and rules, while Saigonese live more
comfortably and are somewhat informal.
- Drunk in Hanoi often has to leave early, while in Saigon, it is common to drink overnight.
(3) Gathering on Mid-Autumn. (15/7 – moon calender)
The meaning of Mid-Autumn Festival customs to Vietnamese people is reunion. On this happy
day, everyone in the family gathers together to eat moon cakes, enjoy tea, chat, and make
offerings to the ancestors. And Mid-Autumn Festival is also known as Children's Day. The
custom of Mid-Autumn Festival is unknown since when, over thousands of years, the moon is
also a sacred symbol for Vietnamese people. The shape of a full or waning moon is associated
with joy, sadness, reunion, and parting. Therefore, the full moon is a symbol of reunion and the
Mid-Autumn Festival is called the reunion festival.
5. Misinformation, Disinformation and Malinformation
1. Information
According to Wikipedia, Information is “processed, organized and structured data. It
provides context for data and enables decision making processes.” Information appears thorough
our daily life. For instance, the knowledge we acquired everyday are information. The data of
students’ quantity who entry YNU each semester is also information.
However, in society, especially in the pace of technology development, information might
be use with wrong or bad purposes. In detail, misinformation, disinformation, and mal-
information appear, which causes many troubles in our life. Although three concepts are used for
different intentions, they’re all considered as informatic chaos.
2. Misinformation
Misinformation is defined as false information that is not spread with the goal of harming others.
That means the person propagating it thinks it to be real.
3. Disinformation
Disinformation is false information that is intentionally spread to damage an individual, a social
group, an organization, or a country. “It is a deliberate, intentional lie, and points to people being
actively disinformed by malicious actors” (Sandrine Baume, Véronique Boillet, Vincent
Martenet, 2020).
Disinformation is so-called deliberate misinformation, as the guy who disseminating it knows it
is false already.
4. Mal-information
Mal-information are information based on reality but they are utilized to hurt an
individual, social group, organization, or country.
EXAMPLE OF THE THREE CONCEPTS.
1. Mis-information
Let’s take the case of America and Europe as a telling example, of why the COVID 19
pandemic spread so severe and cause traumatic damage in these areas. One of the main causes
was the misunderstanding of the consequences that this disease causes. The belief that the
COVID is the same type of common cold with insignificant symptoms and can be cured easily
after several days was spread on the internet so much, and people trust them. The problem is that
people who share this sort of stuff almost try to be knowledgeable without intending to hurt
anyone. And this crowding effect created a great misunderstanding in society, and people failed
to thoroughly check and verify the facts they are offering.
2. Dis-information
Also under the situation of COVID 19 pandemic, some people state online that they have
“miracle cure” without any medicine or medical method. Of course, there was no chance for
those statement to become true, they were just trying to scam people to make money or at least,
get attention. But there were some falling into the traps, especially those who are ethnic minority,
who living in slums or less developed countries. Many people’s conditions get more serious or
even die because they believe in those scams.
3. Mal-information
Recently, the dispute between Russia and Ukraine has leak many misinformation and
disinformation, but the most dangerous are mal-information. In details, Anonymous, a notorious
hacker group claimed to have leaked the personal data of more than 600 Russian FSB officers
operating in Moscow. Along with it, the hacker group also released a huge data store of 87,500
emails, about 107GB in size from Neocom Geoservices, a Russian engineering company. This
causes tremendous disadvantages for Russia and related parties.
WAY TO PREVENT MIS-, DIS-, AND MAL-INFORMATION.
Based on those above documents, I would like to suggest some solutions as follows:
- Deploy technical and technological solutions to prevent and handle false and hostile
information
- State management agencies propose to network operators to block messages by
keywords/content, identified sources. At the same time, network operators will work together to
identify and share spam message patterns, ways to prevent spam messages, and methods to
receive and handle spam messages from people.
- Focus on building solutions for filtering tools based on a large enough database to detect
fake news, false news, malicious bad news, etc., thereby, proactively preventing the spread and
warning of news.
6. Approaches to sercurity investment
The 4 ways to approach:
(1) Fear, uncertainty, and doubt (shortened to FUD) is a propaganda tactic used in sales,
marketing, public relations, politics, polling and cults.
This is a psychological effect that affects investors' perception of a market in general, giving
victims feelings of anxiety, uneasiness, fear. miss, lose what everyone around will gain.
(2) The second strategy is focused on the cost of security deployment. This way is simple
because it does not attempt to quantify the advantages of security investment and instead
treats it as a cost of doing business. However, it does not assist a corporation in determining
how much to invest in IT security.
(3) The third one is employing an indirect assessment of the cash worth of security breach
costs. Whilst loss estimates can be useful in persuading businesses to use security measures,
they are less effective in determining which technology to install or how much to invest.
(4) The last method is to employ a risk or decision-making framework that is commonly
used. They calculate the anticipated loss after identifying potential risks, estimated losses,
and their likelihoods.
EXAMPLE
1. FUD
Fear, uncertainty, and doubt (FUD) strategy has been used for years to sell investments in
security
As in the cybersecurity business, they spend a lot of time and energy competing for funding,
personnel, and important stakeholders' attention. Much of this is accomplished by instilling fear that
if the company does not increase its budget or staff, it would experience a breach, lose compliance,
or lose investor confidence, or all three.
One of the typical examples of FUDer is Tesla CEO, Elon Musk. Earlier in May 2022, Musk
was criticized for expressing concern about Bitcoin mining's harmful impact on the environment, and
he announced he would no longer accept Bitcoin for their electric vehicles. This announcement
caused a major correction in the price of Bitcoin , after the cryptocurrency hit a record high price
earlier in the year.
2. Direct cost
Business owner and investors might consider some factors affect directly on security deployment
such as:
- Physical Security: information on security, access control methods, room controls, and so forth.
- A business growth strategy
- Disruptions in income
- Losses in intellectual property
- Concerns about invasion of privacy
- License fee for security products
- Insurance premiums
- Disruption of operations, as well as the repair or upgrade of damaged items and infrastructure.
3. Indirect cost
When employing an indirect cost, the operators should take some long-term factors into
consideration:
- Revenues decreasing in the future.
- Cyberattack-related actions of competitors or hackers
- The process of rehabilitation
- Adding more cyber security rules and technology
- Hiring IT professionals and incorporating external audits
- Investment trends in cyber securities (poor vs. wealthy countries?)
- Losses in the stock exchange
4. Traditional risk decision analysis
Quite many researches before have invested in this method. For example, we have
Hierarchical Holographic Model (HHM) to evaluate IT security risks by Longstaff et al. in 2011
8. Social engineering
Social engineering is defined as “An attempt to trick someone into revealing information
(e.g., a password) that can be used to attack systems or networks.” (Glossary).
Simply put, social engineering is a technique for persuading individuals to steal information
or accomplish a goal. This method is based on consumers' psychological flaws and information
security misunderstandings. As a result, rather of targeting the system's security flaws, hackers focus
on abusing users' natural tendencies. Thus, in general, social engineering is not a cyber assault at its
heart. Instead, social engineering is all about persuasion psychology.
II. ABOUT SOCIAL ENGINEERING
A. Types of attacks of Social Engineering
There are 11 main types of social engineering attack as below:
(1) Phishing: hackers create emails or websites for fake organizations and businesses to lure
users to provide information or transfer money, etc.
(2) Baiting: a form of attack using bait to seduce the victim to trap. It can also hide in USB
devices or external hard drives. Hackers can put malicious code into those devices and spread
to other devices during the user process.
(3) Vishing: combination of the words "voice" and "Phishing”, also known as voice fraud.
Vishing uses Internet phone service (VoIP) to collect personal information and financial
information from the victim.
(4) Pretexting: hackers create a scenario or a reasonable reason to steal the victim's information.
(5) Scareware: hackers will deceive users that their computers are infected with malware. After
that, hackers proposed the victim to install Scareware software to fix the problem.
(6) Water Holing: is a form of intentional attack on organizations/businesses through tricking
members to access websites containing malicious code.
(7) Quid Pro Quo: is a form of hackers pretending to provide a certain benefit in exchange for
user information.
(8) Division theft: hackers will deceive a delivery company or express delivery or wrong
delivery. Therefore, they can prevent transactions made.
(9) Honey trap: hackers pretend to be a "fascinating" person. Thereby, they approach and interact
with an online person to collect information of that person.
(10) Tailgating attack: is also known as Piggybacking. This form of attack was performed
when the hacker pretended to be an employee and deceived the competent person to break
into the company.
(11) Rogue: Rogue software is a malware. They deceive payment goals to eliminate fake
malware.
B. Effects of social engineering
- Lost data: When attacked Social Engineering, the business will be lost data. Hackers can sell that
data block or spread on social networks. More seriously, they can return to blackmail. At this time,
the consequences are not only in data loss but also heavy financial damage.
- Loss of image and brand reputation: Customers and partners of the business will lose confidence
when hearing that businesses are attacked Social Engineering. In fact, damage in prestige and brand
image is harder to recover more than economic damage.
- Business activities are delayed: If hackers attack strongly on the server, it is likely that the network
system will collapse. That is why the business website may be suspended. Depending on the ability
of the business, this time can last from 1, 2 days to 1.2 weeks.
C. Social enginnering examples
(1) Eavesdropping
C is the person standing between A and B. C suspect A and B have something hidden.
Therefore, C conducted an attack on the conversation between the two. The form of eavesdropping
based on human factors can be done by phone and email.
(2) Pop-up Window
Some pop-up screen displayed as above can provide you a link. If you click on that link, you will be
led to a fake website of hackers. That website may ask you to provide information or seduce the
software to contain malicious code to your computer.
(3) Email Phishing
There have been many people who were attacked for Social Engineering by this form. Specifically,
hackers often email an impersonation of a reputable unit, offering attractive invitations to stimulate
users to click on the link or download the attached file. If the above actions are performed, it is likely
that the user will lose personal information or more serious than financial damage.
III. SOLUTIONS
For individuals:
Password management
Multi-factor authentication
Email security with anti-phishing defenses
Bookmark reliable sites and don't put your confidence in sites you've just visited once.
Never click on links that contain too-good-to-be-true claims.
Threats should not be taken lightly. Once the element of dread has been instilled in your
brain, the bad people anticipate you to readily give in.
Learn about the security features that the websites you visit have built-in.
To secure your system and data from all types of attacks, you must invest in an effective
security solution.
For organizations:
Clear decentralization of social networking accounts, websites, network systems.
Avoid using a password for many different accounts to avoid the risk of exposing
information.
Limit posting business information on social networks to avoid bad guys impersonating.
Enhance the knowledge of attack and how to prevent social engineering for employees.
Perform training sessions with fake situations. Thereby, raising the awareness of vigilance
and experience dealing with the same situation.
Use a tool to scan the malicious code and the recurring network security gap to eliminate
cyber attack risks.
Cookies can also record information such as the contents of a shopping cart, registration or login
credentials, and user preferences. This is done so that when visitors return to a site, any information
from a prior session or any specified preferences may be simply retrieved.
(5) Spyware
Spyware is a program that monitors and collects personal information without the user's
knowledge or agreement, and then delivers it to a third party. When signing the End User License
Agreement (EULA) for certain free applications, many consumers unintentionally install spyware.
Cookies, Keyloggers, Trojans, Rootkits, etc. Are all spyware in fact. In details, we have
WildTangent. This software is installed through American Online Instant Messenger (AIM).
According to AOL (American Online), it is needed to create connections between members in
Internet games. Once installed, it will retrieve information about your name, phone number, email
address as well as CPU speed, video card parameters and DirectX. This information may be shared
with other places.
10. Surface web, deep web, dark web and underground market.
(1) Surface web
Surface web is the public face of the internet. When you visit a company's website, you're on the
surface website. These are basically all websites and resources connected to the internet that can be
explored and accessed for free. For example, Google's search engine "crawls" the web to find web
pages that are open to anyone.
(2) Deepweb
The deep web is all the things that are connected to the internet but hidden behind some form of
security. When you log into your webmail service or Facebook account, you are accessing the
Deep Web. Deep web will not display content until you pass these security steps.
Rather than being a dreaded part of the Internet, the deep web is the backbone of our everyday
internet experience. Therefore, it is not surprising that most websites are deep web.
(3) Darkweb
The dark web is part of the deep web. These are websites and servers that have been intentionally
hidden. The people who run the website don't want anyone to know who they are and they
certainly don't want anyone to be able to access their website.
While the dark web is not illegal in most countries, it is quickly being adopted by criminals to
obfuscate illegal content and communications around the world. Combined with the rise of
cryptocurrencies, the dark web has enabled illegal transactions of billions of dollars.
There are many legitimate websites on the dark web but in general, most users should stay away
from them because it comes with serious cybersecurity risks and any website can be compromised.
As a result of the COVID-19 pandemic and its enormous impact worldwide, demand for malicious
and illicit goods, services, and data increase graduallly across dark web marketplaces.
Country marketplaces not only have different product offers, but also different business structures.
Instant-messaging applications and social networks are popular with cybercriminals in China and
Brazil, for example, for conducting business. Meanwhile, Japan made significant use of BBSs that
were strictly restricted (to members only). Additionally, cybercriminals in countries like Germany and
North America, where laws are enforced more seriously, are beginning to burrow deeper into the
Deep Web in order to better evade the prying eyes of law authorities. Cybercriminals from Germany
and North America, as opposed to those from other nations, rely more on the Deep Web.