Hands-On Cybersecurity for Finance E-Book

Hands-On Cybersecurity for Finance

Copyright © 2019 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Vijin BorichaAcquisition Editor: Heramb BhavsarContent Development Editor: Nithin George VargheseTechnical Editor: Komal KarneCopy Editor: Safis EditingLanguage Support Editor: Storm MannProject Coordinator: Drashti PanchalProofreader: Safis EditingIndexer: Pratik ShirodkarGraphics: Tom ScariaProduction Coordinator: Arvindkumar Gupta

First published: January 2019

Production reference: 1310119

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN 978-1-78883-629-6

www.packtpub.com

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

Improve your learning with Skill Plans built especially for you

Get a free eBook or video every month

Mapt is fully searchable

Copy and paste, print, and bookmark content

Packt.com

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks. 

Foreword

As cybercrime continues to be a growing threat to critical-business infrastructure, global economies, and financial stability, there is a need for vigilance across all sectors, geographies, and industries. There are many techniques, tools, and technologies that financial services organizations can employ to protect their infrastructure, data, and people from a compromise. On occasion, it appears as if there is a surfeit of such techniques, tools, and technologies—and the number of available solutions is overwhelming to even the largest global organizations, and even more so to those who do not have mature, well-funded, and well-staffed security organizations. In this book, Dr. Erdal Ozkaya and Milad Aslaner explore the many different aspects of building a comprehensive and segment-specific offense and defense against current and emerging threats to global financial services organizations. Their objective is to reduce the complexity and focus on the fundamentals of cyber resilience and good cyber hygiene by means of practical advice. As global threats continue to increase in volume and complexity, it is often important to make certain we are doing the basics well. The advanced tools will be valuable, but our ability to construct and operate a scalable and sustainable security program with relevant processes, people, and tools is what will allow us to be successful over the long term. Both of the authors have relevant, boots-on-the-ground experience to share, and I encourage you, the reader, to read this book with a pragmatic view of what is possible today, while regarding it as a building block for the future success of your security program.

Ann S. Johnson

Corporate Vice President, Microsoft

Contributors

About the authors

Dr. Erdal Ozkaya is a leading cybersecurity professional skilled in business development, management, and academics. He spends his time securing the cyberspace and sharing his knowledge as a security adviser, speaker, lecturer, and author. Erdal is passionate about reaching communities and creating cyber-aware campaigns. He leverages new and innovative approaches and technologies to holistically address information security and privacy needs for people and organizations worldwide. He has co-authored many cybersecurity books as well as security certification courseware and exams for different vendors. Erdal is also a part time lecturer at Australian Charles Sturt University.

Milad Aslaner is a security professional with over 10 years' experience in product engineering and management. He has published white papers and books on social engineering, the practical application of cybersecurity, and cybersecurity in the financial services industry, with a technical focus on EDR, TVM, incident response, and real-world exploitation techniques. During his time at Microsoft since 2012, he has led the commercial software engineering team for the Surface Book and Laptop, and built security features such as SEMM. As a senior security program manager, he aims to transform strategic enterprise customer requirements to realize new scenarios, thereby safeguarding Microsoft customers against the evolving threat landscape.

About the reviewers

Dr. Aditya Mukherjee is a cybersecurity veteran, with more than 11 years of experience in security consulting for various Fortune 500's and government entities, managing large teams focusing on customer relationships, and building service lines. He started his career as an entrepreneur, where he specialization in implementation of cybersecurity solutions/cyber-transformation projects, and solving challenges associated with security architecture, framework and policies. Over the tenure of his career he has been bestowed with various industry recognition and awards, of which most recently are the—Most Innovative/Dynamic CISO of the Year 2018, Cyber Sentinel of the Year and an Honorary Doctorate—for excellence in the field of management.

Kunal Sehgal has been heading critical cybersecurity roles for financial organizations, for over 15 years now. He is an avid blogger and a regular speaker on cyber related topics across Asia. He also holds a bachelor's degree in computer applications from Punjab University, and a post graduate diploma from Georgian College in cyberspace security. He has numerous cyber certifications including: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Tenable Certified Nessus Auditor (TCNA), Certificate of Cloud Security Knowledge (CCSK), ISO 27001 Lead Auditor, Offensive Security Certified Professional (OSCP), CompTIA Security+, and many more.

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Table of Contents

Title Page

Copyright and Credits

Hands-On Cybersecurity for Finance

Dedication

About Packt

Why subscribe?

Packt.com

Foreword

Contributors

About the authors

About the reviewers

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Reviews

Disclaimer

Introduction to Cybersecurity and the Economy

What is cybersecurity – a brief technical description?

People

Processes

Technology

The scope of cybersecurity

Critical infrastructure security

Network security

Cloud security

Application/system security

User security

Internet of Things security

Terminologies

General description of hacking groups and cyber espionage

Hacking groups

Cyber espionage

Cybersecurity objectives

Importance of cybersecurity and its impacts on the global economy

The number of cyber attacks is growing

Cyber attacks are getting worse

Impacts on the global economy

Estimation of financial losses related to cybercrime

Finance and cybersecurity

Critical dependency of business, processes, and IT infrastructure

Economic loss

Banking and financial systems – changes from a risk and security perspective

Data breach means money

Financial repercussion of reputational damage caused by cyber attacks

Digital economy and related threats

Smart threats

Ransomware

Critical infrastructure attacks

Summary

Further reading

Cyber Crime - Who the Attackers Are

Introduction to cyber crime

Threat actors

Hacktivism

Case study – Dakota Access Pipeline

Case study – Panama Papers

Cyber terrorists

Case study – Operation Ababil

Cyber criminals

Case study – FIN7

Case study – Carbanak APT Attack

Case study – OurMine operation

Summary

Counting the Costs

The cost of a cybersecurity attack

The cost of different cyber attacks

Breakdown of the costs of a cyber attack

Production loss

Economic losses

Damaged brand and reputation

Loss of data

Fines, penalties, and litigations

Losses due to recovery techniques

Breakdown of the cost of securing an organization

Every financial institute should know Carbanak

Antivirus systems

Endpoint Detection and Response solutions

Firewall systems

Intrusion-prevention systems

Encryption

Bonus

What is Microsoft offering?

Windows 10 Defender Security Center

Windows Defender

Windows Defender Exploit Guard

Controlled folder access

Network protection

Attack surface reduction

Windows Defender Credential Guard

Windows Defender Application Guard

Windows Event Forwarding

Windows Defender Advanced Threat Protection

Protecting privileged identities

How do privileged identities get compromised?

How to prevent attackers from gaining access to privileged identities

Summary

Further reading

The Threat Landscape

Threats against end customers

Credit card fraud

Application fraud

Card-not-present fraud

Compromised account fraud

Credit card testing

Financial Trojans

Case study – BackSwap Trojan

Case study – Ramnit

Case study – Bebloh

Phishing

Case study – immediate action required

Pretexting

Dumpster diving

Mobile fraud

Threats against financial institutes

ATM attacks

POS attacks

Denial of service

Ransomware

Blackmailing

Summary

Phishing, Spamming, and Scamming to Steal Data and Money

Phishing scams

Evolution of phishing

Social engineering emails

Spear phishing

Business email compromise or whaling

Credential theft using malicious software

Ardamax

LokiBot

Characteristics of phishing emails

Spamming

How spammers get email addresses

How spammers make money

Advertising

Malware

Storm

Triout

Botnets

Characteristics of spam emails

Summary

Further reading

The Malware Plague

Malware categories

Computer virus

Computer worm

SQL Slammer worm

Crypto worm

WannaCry

Trojan

Bebloh

Zeus

Rootkit

Torpig

Spyware

Adware

Malware trends

Malware infection vectors

Injected by remote attacker

Email

Auto-executed web infection

User-executed web infection

Installed by other malware

Network propagation

Portable media

Coded into existing software

Summary

Vulnerabilities and Exploits

Detecting vulnerabilities

Exploitation techniques

Buffer overflow

Integer overflow

Memory corruption

Format string attacks

Race condition

Cross-site scripting

One-click attack

SQL injections

Exploitation delivery

Summary

Further reading

Attacking Online Banking Systems

Online banking benefits for financial services

The online banking process

Attack techniques

Summary

Further reading

Vulnerable Networks and Services - a Gateway for Intrusion

Vulnerable network protocols and network intrusions

Simple Mail Transfer Protocol

Secure Sockets Layer

Domain Name System

Packet sniffing

Distributed denial of service

Attacking web servers and web-based systems

SQL injection

Buffer overflow

Advanced Google search operators

Brute-force attacks

Medusa

Brutus

Bypassing web protection

Bypassing captcha

Bypassing two-factor authentication

Bypassing firewalls

Hacking wireless networks

Hacking wireless networks

Aircrack-ng

Kismet

Wireshark

Hacking Bluetooth

Vulnerable network devices

Summary

Further reading

Responding to Service Disruption

Cybersecurity incidents

Fundamentals

Data knowledge

Monitoring

Attack surface analysis

Vendor management

Incident response and management

Phase 1 – preparation

Phase 2 – detection and analysis

Phase 3 – containment

Phase 4 – eradication and recovery

Phase 5 – post-incident activity

Summary

Further reading

The Human Problem - Governance Fail

Business versus security

Failing security management

Lack of adoption of cybersecurity initiatives

Lack of organization and planning

Poor leadership

Careless online behavior

Insider threats

Technological transformation of financial services

Failure in implementing security policies

Summary

Further reading

Securing the Perimeter and Protecting the Assets

Network models

Single trust network model

Dual trust network model

Zero trust network model

Microsoft 365 zero trust network models

Endpoint security

Endpoint security threats

Physical access

Malicious code execution

Device-based attack

Communication interception

Insider threats

Decreased productivity

Modern endpoint security

Device protection

Threat resistance

Identity protection

Information protection

Breach detection investigation and response

Summary

Further reading

Threat and Vulnerability Management

Vulnerability management strategy

Asset inventory

Information management

Risk assessment

Vulnerability analysis

Threat analysis

Risk acceptance

Vulnerability assessment

Reporting and remediation

Defining vulnerabilities in a few steps

From vulnerability to threat

Multiplying threats

Multiplying risk

The root cause of security issues

Vulnerability management tools

Implementation of vulnerability management

Best practices for vulnerability management

Assess yourself

Tying vulnerability assessments into business impact

Take an active role

Identify and understand the business processes

Pinpoint the applications and data

Try to find hidden data sources

Determine the hardware structure

Map the network infrastructure to hardware

Identify the controls

Run the vulnerability scans

Read the results of the scans

Conduct penetration testing by third parties as well

Understanding risk management

Defense in depth approach

Best practices for protecting your environment​

Summary

Further reading

Audit, Risk Management, and Incident Handling

IT auditing

Evaluating the systems, policies, and processes that secure the organization

Determining the risks to the company's assets

Ensuring that the organization is compliant with the relevant regulations

Determining inefficiencies in the IT infrastructure and management

Risk management

Identification

Risk analysis

Risk assessment

Risk mitigation

Risk monitoring

Incident handling

Preparation

Identification

Containment

Recovery and analysis

Summary

Further reading

Encryption and Cryptography for Protecting Data and Services

Encryption

Early encryption methods

Encryption today

Symmetric encryption

Asymmetric encryption

Protecting data and services with cryptography

Data at rest

Full disk encryption

File encryption

Data in transit

End-to-end encryption

Encrypted web connection (SSL and TLS)

Encrypted email servers

Examples of encryption algorithms

Advanced Encryption Standard (AES)

Triple DES

RSA

Blowfish

Encryption challenges

Summary

Further reading

The Rise of the Blockchain

Introduction to Blockchain technology

Consensus mechanisms in a Blockchain

Proof of work

Proof of stake

Applications of Blockchain technology

Recording purposes

Digital identity

Government purposes

Financial applications

Cryptocurrencies

Cryptocurrency wallets

Desktop wallets

Web wallets

Mobile wallets

Hardware wallets

Paper wallets

Challenges to cryptocurrencies

Unstable value

Theft

Exchange risks

Blockchain challenges and future

Summary

Further reading

Artificial Intelligence and Cybersecurity

Threat landscape evolution

Artificial Intelligence

Narrow Artificial Intelligence

True Artificial Intelligence

Technologies powering Artificial Intelligence

Artificial Intelligence-powered cybersecurity

Use cases

Summary

Further reading

The Quantum Future

Evolution of the quantum technology

1965

1980

1985

1994

1995

1996–present

The quantum technology race

Quantum communication

Quantum computation

Quantum simulation

Quantum sensing

Quantum software

Quantum technology breakthroughs

Impacts of the quantum technology

Communication

Mining

Finance

Defense

Health

Energy

Big data

Artificial Intelligence

Summary

Further reading

Other Books You May Enjoy

Leave a review - let other readers know what you think

Preface

Welcome to Hands-On Cyber Security for Finance. This book will present a step-by-step guide on understanding threats to the financial cyberspace and help you learn how to secure your organization against such threats.

This book aims to overcome financial cyber threats by taking you through some of the most well-known case studies and real-life scenarios and elucidate ways to tackle them. As you make progress with the book, you will discover different vulnerabilities and bugs (including the human risk factor), and thus gain an expert-level view on identifying attackers. By the end of the book, rest assured you will have excellent insight into the future of cybersecurity and gained hands-on experience in protecting financial services and their related infrastructures.

Who this book is for

Hands-On Cybersecurity for Finance is for you if you are a security architect, cyber risk manager, or pentester looking to secure your organization.

What this book covers

Chapter 1, Introduction to Cybersecurity and the Economy, provides a general overview of the current technologies, the infrastructures, and the general economy related to the financial world, which happens to be the primary target of cybercrime. 

Chapter 2, Cyber Crime - Who the Attackers Are, gives an in-depth explanation particularly on cybercrime and cybercriminals, covering several associated case studies. 

Chapter 3, Counting the Costs, covers the costs associated with cyber attacks and cybersecurity by analyzing different reports from cybersecurity experts.

Chapter 4, The Threat Landscape, briefly discusses threats against end users and financial institutes.

Chapter 5, Phishing, Spamming, and Scamming to Steal Data and Money, will provide the reader with an in-depth study on the malicious techniques frequently used by an attacker to obtain sensitive information.

Chapter 6, The Malware Plague, introduces different malware families and explains how they spread; this will eventually help you plan your defense strategy in a better way.

Chapter 7, Vulnerabilities and Exploits, will deep dive into the different exploitation techniques such as buffer overflow, race condition, and memory corruption, and explain how these exploits are delivered by threat actors.

Chapter 8, Attacking Online Banking Systems, will focus on the online economy and related security systems. We will describe how protections are implemented and how hackers are able to penetrate and acquire their target.

Chapter 9, Vulnerable Networks and Services - a Gateway for Intrusion, will introduce the important aspects of cybersecurity that are related to communication and network protocols.

Chapter 10, Responding to Service Disruption, will cover in depth what a cybersecurity incident is and how to establish an incident response plan.

Chapter 11, The Human Problem - Governance Fail, will briefly consider the human factor impacting the entire cybersecurity implementation, including standards, policies, configurations, architecture and so on.

Chapter 12, Securing the Perimeter and Protecting the Assets, will go deep into the most commonly adapted IT perimeter security model, which is single trust, then share insights into dual trust and finish up with the zero trust network model.

Chapter 13, Threat and Vulnerability Management, will cover three important processes in any organization and the different steps associated with it.

Chapter 14, Audit, Risk Management, and Incident Handling, will take us through the detailed version of encryption from its early methods and give us a brief idea of how far it has evolved. This chapter will cover various techniques along with the associated challenges. 

Chapter 15, Encryption and Cryptography for Protecting Data and Services, will touch upon one of the most important changes facing the global economy currently: Blockchain and cryptocurrency.

Chapter 16, The Rise of the Blockchain, will talk about quantum computing at length, particularly the different ways in which it will shape the future. 

Chapter 17, Artificial Intelligence and Cybersecurity, will focus in detail how to defend an asset using threat model, analysis, bug testing, software life cycle, accomplishing monitoring of software engineering processes used to ensure quality. 

Chapter 18, The Quantum Future, will evaluate the impact of the increasing use of AI (Artificial Intelligence), which could soon be the next game changer.

To get the most out of this book

Basic understanding of cybersecurity tools and practices will help you get the most out of this book.

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://www.packtpub.com/sites/default/files/downloads/9781788836296_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

Any command-line input or output is written as follows:

Set-MpPreference -EnableNetworkProtection Enabled

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packt.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packt.com.

Disclaimer

The information within this book is intended to be used only in an ethical manner. Do not use any information from the book if you do not have written permission from the owner of the equipment. If you perform illegal actions, you are likely to be arrested and prosecuted to the full extent of the law. Packt Publishing does not take any responsibility if you misuse any of the information contained within the book. The information herein must only be used while testing environments with proper written authorizations from appropriate persons responsible.

Introduction to Cybersecurity and the Economy

The relationship between cybersecurity and the economy has only been growing stronger, with cyber attacks on the rise. Cyber attacks have brought a new recognition of the importance of cybersecurity efforts. Attacks have now become widespread, common, and expected in some firms. New attacks are emerging within weeks due to an underground economy that has seen specialists create built-to-sell malware to a waiting list of cyber criminals. The impacts of cyber attacks have been felt and there are reports that these attacks are only going to get worse. The current and forecasted impacts are a devastation to the global economy. Here, we will introduce cybersecurity and link it to cyber attacks and the global economy. In this chapter, we will cover the following topics:

What is cybersecurity?

The scope of cybersecurity

Terminology related to the cybersecurity world

General description of hacking groups, cyber criminals, and cyber espionage

Importance of cybersecurity and its impacts on the global economy

Financial repercussion of reputational damage caused by cyber attacks

Digital economy and related threats

What is cybersecurity – a brief technical description?

Cybersecurity can be summarized as efforts aimed at preserving the confidentiality, integrity, and availability of computing systems. It's the practice of affording security to networks and systems to protect them from cyber attacks.

Cyber attacks have been on the rise and are targeted at accessing, modifying, or deleting data, money extortion, and the interruption of normal services. Cybersecurity is of great concern to today's businesses since there has been a high adoption of information technology to achieve efficiency and effectiveness in business operations. The current business environment is such that there are many devices, systems, networks, and users. All these are targeted by cyber criminals, and multiple techniques have been devised and used against them. Cyber attacks are only becoming more effective and sophisticated. Therefore, cybersecurity is becoming a survival mechanism rather than a luxury for many businesses. Cybersecurity has multiple layers, which cover devices, networks, systems, and users. These layers are intended to ensure that these targets are not compromised by attackers. In organizations, these layers can be compressed into three categories: people, processes, and technology.

People

This is the category that includes users. Users are known to be particularly weak in the cybersecurity chain. Unfortunately, cyber criminals are aware of this and often target them rather than systems during attacks. Users are the culprits in creating weak passwords, downloading attachments in strange emails, and easily falling for scams.

Processes

This category encompasses all the processes used by the organization. These can include business processes, such as the supply chain, that could be exploited by attackers to get malware inside companies. Supply chains are, at times, targeted in organizations that are well secured against other methods of being attacked.

Technology

Technology relates to both the devices and software used by an organization. Technology has been a prime target for cyber criminals and they have developed many techniques to compromise it. While security companies try to keep abreast of the threats facing technology today, it seems that cyber criminals have always had the upper hand. Cyber criminals can source new types of malware from underground markets and use them in multiple attacks against different technologies.

The scope of cybersecurity

The importance of cybersecurity can't be overstated. The world is in a state of interconnection, and therefore an attack on one host or user can easily become an attack against many people. Cyber attacks can range from the theft of personal information to extortion attempts for individual targets. For companies, many things are always at stake. There is, therefore, a broad scope of what cybersecurity covers for both individuals and corporate organizations—let's look at this in more detail.

Critical infrastructure security

Critical infrastructure is systems that are relied on by many. These include electricity grids, traffic lights, water supply systems, and even hospitals. Inevitably, these infrastructures are being digitized to meet current demands. This inadvertently makes them a target for cyber criminals. It is, therefore, necessary for critical systems to have periodic vulnerability assessments so that attacks that can be used against them can be mitigated beforehand. There have been several attacks on critical infrastructures in different countries. Commonly-targeted sectors include transport, telecom, energy, and the industrial sector. The most significant one was on Iran's nuclear facility. The facility was targeted using a speculated state-sponsored malware called Stuxnet. Stuxnet caused the total destruction of the nuclear facility. This just highlights the effect of cyber attacks against critical infrastructure.

The following is an excerpt from an article that describes the malware attack on Iranian nuclear facility computers (https://www.engadget.com/2014/11/13/stuxnet-worm-targeted-companies-first/):

Network security

There is no way businesses can be conducted without networks today. Countries that have isolated themselves from internet connectivity have been left behind financially, since a big part of the global economy is currently powered by the internet. North Korea is an example of one country where the internet is highly restricted and only accessed by a few people. However, having connectivity to networks comes with its own cons. Individual and corporate networks have been subjected to unauthorized access, malware, and denial of service from cyber criminals. There are some techniques that can be used to perform actions on networks that can hardly be detected by network admins without the use of tools such as intrusion-detection systems. Other cyber attacks include sniffing packets, theft, and manipulating data during transit. The tools that are being used to protect against network security threats have become overwhelmed with the amounts of traffic that they have to filter. They have also been facing challenges due to the number of false positives that are getting reported. Because of this, security companies are turning to new technologies, such as machine learning, to enable them to detect malicious and abnormal traffic in a more efficient and effective manner.

Cloud security

Among the new technologies that are receiving massive adoption is the cloud. The cloud allows organizations to access resources that they could previously not access due to the financial constraints of acquiring and maintaining the resources. It's also a preferred option for backing up due to its reliability and availability compared to other backup options. However, the cloud has its own set of challenges where security is concerned. Organizations and individuals are concerned about the theft of their cloud-stored data. There have already been incidences of data theft in the cloud. Cloud security ensures that cloud users can secure their data and limit the people that can access it.

According to McAfee security, as many as one in every four organizations has been a victim of cloud data theft (https://venturebeat.com/2018/04/15/mcafee-26-of-companies-have-suffered-cloud-data-theft/) :

Application/system security

Many business processes are run with the aid of applications or systems. However, these systems have introduced a weak point in organizations. If these systems are hacked, they can lead to the halting of services or production activities, theft of business secrets, and loss of money. A study by Trustwave SpiderLabs in 2017 revealed that 100% of randomly-selected and -tested web apps had at least one vulnerability. App security is, therefore, receiving attention in many organizations that have set up cybersecurity strategies.

A 2017 study showed that 100% of sampled web apps had at least one vulnerability (https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/don-t-sleep-on-web-applications-the-5-most-common-attack-types-and-how-to-better-defend-them/):

User security

As said before, these are the weakest weak points, and they are particularly hard to protect since they are targeted using social-engineering techniques. These techniques cannot be prevented by using security tools. Attackers get to users through normal interactions, using media such as phones, emails, or face-to-face encounters. Organizations have lost a lot of money due to their employees being attacked using social-engineering attack methods. Therefore, user-awareness programs have been incorporated into most cybersecurity strategies.

Internet of Things security

Internet of Things (IoT) is an emerging technology that has been plagued with security threats. However, its practicality has seen it being adopted in many organizations despite the security challenges. IoT devices have been shipping in an insecure state, which poses threats to organizations and individuals. Cybersecurity has therefore been extended to cover this threat landscape.

Terminologies

Here are some terms related to the cybersecurity world:

Cybercrime

: Any crime that involves the use of a computer as the object of a crime or as an accessory used to commit a crime. The perpetrators of such a crime are known as cyber criminals. They mostly use computer technology to illegally access sensitive information, scam, or carry out malicious actions.

Ransomware

: Malware built to extort money from victims by blocking access to their computers and files until they pay a ransom amount. However, the payment of the ransom is never a guarantee of file recovery.

Malware

: Malicious software. There are three categories of malware: viruses, worms, and Trojans. These are used to either allow unauthorized access or to damage computers.

Social engineering

: An attack technique that is increasingly being used by cyber criminals to manipulate people into revealing some information or carrying out some actions. The end goal is either monetary gain or access to sensitive information, such as business secrets.

Phishing

: A common exploitation attack that involves sending fraudulent emails, that claim to be from reputable sources, to users. Phishers aim to get sensitive data or money from their targets. With advancements in technology, phishing attacks are becoming more sophisticated and advanced, and thus more successful.

Botnet

: A network of zombie devices that have been infected with malware to make them perform certain tasks, such as denial of service attacks. Personal computers were once key targets for recruitment in botnets, but since the introduction of IoT devices, hackers have been shifting focus to this largely insecure technology. A particularly dreadful botnet is the Mirai botnet, which is made up of IoT devices and has been used in several attacks.

Data breach

: A corporate network is attacked by cyber criminals and some valuable data is stolen. In many cases, customer authentication details, addresses, and their financial information is stolen. Stolen data is valuable and can be sold in black markets or ransomed. Even when the stolen data is encrypted, hackers can find ways to decrypt it, especially if the encryption algorithm was weak.

DDoS attack

: Attackers target a machine with an overwhelming number of requests, thus clogging its bandwidth and ability to respond to legitimate requests. DDoS attacks are carried out by botnets, which have been discussed previously. DDoS attacks can be used as a diversion technique where hackers cause security personnel to focus their efforts on recovering from the DDoS attack while another attack is taking place.

Spyware

: Malware used to spy on people for the purposes of obtaining their personal information, login credentials, or other sensitive information. They mostly infect browsers or come hidden in apps and programs. For mobile devices, malware can use GPS sensors to communicate back the whereabouts of a user's device, and they can also access the call history and SMS.

General description of hacking groups and cyber espionage

Hacking groups and cyber espionage have frequently featured in cybersecurity reports; here, we will discuss both of them.

Hacking groups

Hacking groups have been active with their engagements in both legal and illegal activities. Legal activities are those that don't violate any government regulations, such as the spreading of user awareness, while illegal activities violate government regulations, such as electronic fraud. Hacking groups are an association of hackers that act in unison during cyber attacks. Due to their unity during attacks, they are often more successful than solo attackers. There has been significant activity from hacking groups that has led to both good outcomes, such as user awareness, and bad outcomes, such as the theft and destruction of data. Here are some famous hacking groups:

Shadow Brokers

: A notorious hacking group known for taking the fight directly to law-enforcement agencies. This group has taken credit for attacks against the US

National Security Agency

(

NSA

) many times. In their hacks, the Shadow Brokers have released to the public some of the alleged NSA hacking arsenal, which comprises exploits, bugs, and malware. This hacking group is associated with one of the most dreadful ransomware attacks. The group hacked the NSA and released an exploit called EternalBlue, which could be used against Windows computers. The exploit was released in March 2016 in black markets, and in May, hackers had already used it as part of the WannaCry ransomware attack. This is the exploit that made the encryption mechanism to execute by the Windows OS security mechanisms. The NSA was partially blamed by Microsoft for harboring these exploits instead of notifying the company so that they could be fixed. Shadow Brokers have not been associated with any illegal activity that targets corporate organizations or individuals. It seems that their main target is the NSA, due to speculations that this agency continually stocks exploits that it can use for espionage purposes inside and outside the US.

Bureau 121

: This hacking group is said to be from North Korea, which contradicts the common assumption that North Korea is lagging behind technologically. Defectors from North Korea have said that there are military hackers that are well-paid in the country to keep up with hacking operations. The group is said to be massive, with over 1,500 people who work outside North Korea. The group has attacked South Koreans through apps and websites, and has even destroyed banking records. They said to be behind the 2015 Sony hack, which cost the company $15,000,000. The hack came just after Sony released a movie that had depicted Kim Jong-un in a bad light.

Anonymous

: The most recognized hacking group in the world. It's said to be from 4chan and has, over the years since 2003, grown in number and capabilities. The group operates in a decentralized manner, and even if one of their members is arrested, there are more than sufficient personnel to keep the group running. The group is associated with a hacktivist movement that takes the form of vigilante actions. The group has played a role in anti-child-pornography movements, where its members have brought down numerous websites that offer such content. What makes Anonymous so special is that it has been adopted as an idea rather than a hacking group. Therefore, it has received adoption around the world and has a higher chance of staying relevant. This group has been branded with the iconic Guy Fawkes mask.