MODULE: I

Subject: Fundamentals of Cyber Security

Subject Code: CSCER0PC101
Overview of Cyber Security
Cyber Security refers to the practice of protecting systems, networks, programs,
and data from digital attacks, unauthorized access, and damage.

GOAL:

To ensure the confidentiality, integrity, and availability

of information.
 Historical Perspective
1950s-1970s: Beginnings of Computer Security

● Cybersecurity started with physical security to protect mainframe computers.

● The concept of securing information became evident when computer systems were networked during the ARPANET era (precursor to
the internet).

1980s: Emergence of Viruses and Security Policies

● The first computer virus, Elk Cloner, was developed in 1982.

● The Morris Worm in 1988 highlighted vulnerabilities in networked systems.
● Governments and organizations began drafting security policies and practices.

1990s: The Rise of the Internet

● The proliferation of the World Wide Web increased exposure to cyber threats.
● Firewalls and antivirus software emerged as the first line of defense.

2000s-Present: Advanced Cyber Threats

● Growth in e-commerce, cloud computing, and IoT brought sophisticated threats like ransomware, DDoS attacks, and zero-day exploits.
● Regulatory frameworks like GDPR and HIPAA were established to enforce data protection.
Key Concepts (CIA Triad)

The CIA Triad forms the foundation of cybersecurity principles, focusing on:

1. Confidentiality
○ Ensures that information is accessible only to authorized individuals.
○ Techniques include encryption, access controls, and data masking.

2. Integrity
○ Ensures that information remains accurate, consistent, and unaltered during storage and transmission.
○ Hashing algorithms, checksums, and digital signatures are used to maintain integrity.

3. Availability
○ Ensures that authorized users have continuous access to information and systems.
 Principles of Cyber Security
● Authentication: Verifying the identity of users and systems.
● Authorization: Granting permissions to access specific resources.
● Accountability: Logging and monitoring user actions to track malicious behavior.
● Non-repudiation: Ensuring that actions or transactions cannot be denied.
● Risk Management: Identifying, analyzing, and mitigating risks to assets.
● Defense in Depth: Layered security to ensure multiple barriers against attacks.
● Least Privilege: Minimizing access rights to only what's necessary for a role.
 The Need for Security
In the digital era, security is a fundamental necessity for individuals, organizations, and governments due to:

1. Data Protection: Safeguarding sensitive information such as personal data, intellectual property, and financial records.

2. Preventing Financial Loss: Cybercrime leads to billions of dollars in damages annually.

3. Maintaining Trust: Customers and stakeholders expect secure systems and services.

4. Compliance Requirements: Legal frameworks like GDPR, HIPAA, and PCI DSS mandate data security.

5. National Security: Protecting critical infrastructure from cyber threats is essential for societal stability.
 Evolution of Threats & Threat Landscape
Initial Threats: Early threats were experimental or mischievous, like the first viruses and worms (e.g., Elk Cloner, Morris Worm).

1990s: With the growth of the internet, malware like Trojans and worms became common.

2000s: The rise of organized cybercrime introduced ransomware and financial fraud.

2010s: State-sponsored attacks and sophisticated campaigns like Stuxnet and APT groups emerged.

2020s and Beyond: Advanced threats include AI-driven attacks, supply chain compromises, and deepfakes.

Threat Landscape

The threat landscape constantly evolves with new attack vectors, tools, and targets. Key aspects include:

● Increased Connectivity: IoT devices, cloud computing, and remote work expand the attack surface.
● Sophisticated Attackers: Hackers use advanced techniques such as machine learning and automation.
● Targeted Attacks: Focused on high-value targets like critical infrastructure, financial institutions, and governments.
 Cyber Attacks
Cyber attacks exploit vulnerabilities to gain unauthorized access, disrupt services, or steal data. Below are key attack types:

1. Phishing
○ Attackers trick individuals into revealing sensitive information (e.g., credentials, credit card details) via deceptive emails, messages, or
websites.
○ Example: Fake emails pretending to be from a trusted entity like a bank or employer.
2. Malware
○ Malicious software designed to damage or disrupt systems, steal data, or gain unauthorized access.
○ Types: Viruses, worms, Trojans, spyware, and adware.
○ Example: WannaCry ransomware attack.
3. Ransomware
○ A type of malware that encrypts the victim's data and demands payment to restore access.
○ Example: The 2021 Colonial Pipeline ransomware attack.
4. Distributed Denial of Service (DDoS) Attack
○ Overwhelms a server or network with traffic to disrupt services.
○ Attackers often use botnets to execute DDoS attacks.
○ Example: The Mirai Botnet attack on Dyn DNS in 2016.
5. Man-in-the-Middle (MITM) Attack
○ Interception and alteration of communication between two parties without their knowledge.
○ Common in insecure Wi-Fi networks.
○ Example: Stealing credentials during a financial transaction.
 Cyber Attack Vectors
Attack vectors refer to the methods or pathways used by attackers to infiltrate systems. Common vectors include:

1. Social Engineering: Exploiting human psychology (e.g., phishing).

2. Exploiting Vulnerabilities: Using software flaws to gain access.
3. Malicious Attachments/Links: Disguised malware in emails or websites.
4. Brute Force Attacks: Guessing passwords through automated tools.
5. Drive-by Downloads: Malware installed without user knowledge when visiting a compromised website.
Cyber Attack Lifecycle
The Cyber Attack Lifecycle describes the typical stages that a cyber attacker follows when launching a cyber attack. Understanding
these stages helps defenders recognize and mitigate threats. The cycle generally consists of the following steps:
Cyber Attack Lifecycle
Reconnaissance (Preparation):

● The attacker gathers information about the target, such as network architecture, domain names, employee details, and security
weaknesses. This phase can be passive (observing public information) or active (scanning for vulnerabilities).

Weaponization:

● After collecting enough data, the attacker creates a weapon (malware or exploit code) designed to exploit the discovered vulnerabilities.
They prepare the payload (e.g., a virus, ransomware, or backdoor) that will be delivered to the target.

Delivery:

● The attacker sends the weapon to the target using various methods. Common techniques include phishing emails, malicious attachments,
infected websites, or social engineering tactics to exploit human error.

Exploitation:

● Upon reaching the target, the weapon exploits a vulnerability (e.g., software flaw or human mistake). Once the attack is successful, it
grants the attacker access to the target system or network.
Cyber Attack Lifecycle
Installation:

● The attacker installs malware or establishes a foothold within the compromised system. This could involve creating backdoors,
adding user accounts, or establishing persistent access to maintain control over the target.

Command and Control (C2):

● The attacker communicates with the compromised system, typically using encrypted or obfuscated channels to avoid detection.
This allows them to send further instructions or retrieve stolen data.

Actions on Objectives:

● The attacker achieves their goal, which could be stealing data, damaging systems, disrupting operations, or causing financial
harm. This stage is the culmination of the attack and often leads to significant consequences for the victim.
Cyber Threat Intelligence (CTI)
Cyber Threat Intelligence is the process of gathering, analyzing, and using information about current or potential cyber threats to understand, prevent, and
respond to cyber-attacks. CTI helps organizations defend against attacks by providing timely and relevant information about the threat landscape.

Key components of Cyber Threat Intelligence:

Data Collection:

○ Gathering raw data from various sources, including open-source intelligence (OSINT), commercial threat feeds, dark web monitoring, incident
reports, and security logs.

Threat Analysis:

● Analysts process the raw data to identify patterns, trends, and adversary tactics, techniques, and procedures (TTPs). This includes identifying attack
indicators (e.g., IP addresses, malware hashes) and understanding threat actor behavior.

Threat Sharing:

● Organizations share relevant threat intelligence with trusted partners or public information repositories to improve collective defense. Sharing can
occur within Information Sharing and Analysis Centers (ISACs) or with industry peers.
Cyber Threat Intelligence (CTI)
Threat Indicators:

● These are observable artifacts or data points that suggest malicious activity (e.g., unusual network traffic, known malware
signatures, suspicious file hashes).

Actionable Intelligence:

● The goal of CTI is to turn raw data into actionable intelligence. This enables defenders to identify potential risks, prioritize
security measures, and develop proactive defense strategies.

Threat Intelligence Lifecycle:

● The lifecycle of CTI consists of the following phases:

1. Collection – Gathering raw data from different sources.
2. Processing – Cleaning and organizing the data.
3. Analysis – Identifying trends and actionable information.
4. Dissemination – Distributing intelligence to relevant stakeholders.
5. Feedback – Updating intelligence and strategies based on the effectiveness of responses.
Types of Cyber Threat Intelligence
1. Strategic Intelligence:
○ High-level information that focuses on long-term trends and high-level risks. Typically used by executives or policy
makers for decision-making and resource allocation.
2. Tactical Intelligence:
○ Information regarding the specific tactics, techniques, and procedures (TTPs) used by cyber adversaries. This helps
security teams detect and mitigate current threats.
3. Operational Intelligence:
○ Focuses on identifying specific cyber threats and incidents. It provides near real-time information about threats and is
highly actionable for immediate defense operations.
4. Technical Intelligence:
○ Focuses on technical details such as IP addresses, domain names, file hashes, and malware indicators that can be
used for detecting and blocking malicious activities.
Importance of Cyber Threat Intelligence
Proactive Defense:

● By understanding the tactics and strategies of attackers, organizations can defend against potential threats before they occur.

Incident Response:

● CTI helps organizations respond more quickly and effectively to security incidents by providing relevant information and reducing response time.

Risk Management:

● Provides insight into emerging threats, allowing organizations to make informed decisions regarding risk management and security priorities.

Collaboration:

● Threat intelligence sharing between organizations can help build a more secure ecosystem by exposing vulnerabilities and developing mitigation strategies
collectively.

Improved Detection:

● By utilizing threat intelligence, organizations can enhance their detection capabilities by understanding what signs of malicious activity to look for, increasing their
chances of catching threats early.