Scribd
Upload
35 views12 pages

Types of Cyber Attackers Explained

These are handmade slides for Information security

Uploaded by

mubarizmakhdoom
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
35 views12 pages

Types of Cyber Attackers Explained

These are handmade slides for Information security

Uploaded by

mubarizmakhdoom
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

Attackers and

Type of attackers
Lecture 10

Hassan Raza Jaffri


Hassan Raza Jaffri
Who are attackers?

• Attacker or hacker referred to a person who used advanced computer skills to attack computers.
• Black hat: hackers were those attackers who violated computer security for personal gain (such as to steal
credit card numbers) or to inflict malicious damage (corrupt a hard drive). Malicious hackers, trying to find
flaws to exploit them (Crackers – they crack the code).

• White hat: hackers were described as “ethical attackers”: with an organization’s permission they would
attempt to probe a system for any weaknesses and then privately provide information back to that
organization about any uncovered vulnerabilities.

• Gray hat: hackers who would attempt to break into a computer system without the organization’s
permission (an illegal activity) but not for their own advantage; instead, they would publically disclose
the vulnerability in order to shame the organization into taking action.
Hassan Raza Jaffri
Who are attackers?
• Cybercriminals: individuals who launch attacks against other users and their computers. They
are a loose network of attackers, identity thieves, and financial fraudsters. “Cybercriminals often
meet in online “underground” forums to trade information and coordinate attacks”.

• Script kiddies: they lack the knowledge of computers and networks needed to do so.
• Script kiddies instead do their work by downloading automated attack software (scripts) from
websites and using it to perform malicious acts.

• Brokers: In recent years several software vendors have started financially rewarding individuals who
uncover vulnerabilities in their software and then privately report it back to the vendors so that the
weaknesses can be addressed.

• Insiders: Another serious threat to an organization actually comes from an unlikely source: its employees,
contractors, and business partners, often sell insider information.

• Cyberterrorists: Many security experts fear that terrorists will turn their attacks to a nation’s network and
computer infrastructure to cause disruption and panic among citizens.
Hassan Raza Jaffri
Who are attackers?
• Hactivists: can involve breaking into a website and changing the contents on the site as a means of
making a political statement against those who oppose their beliefs. as a means of protest or to
promote a political agenda.
▪ Famous attacks: Anonymous – DDOS attack on Visa, Mastercard, PayPal to protest the arrest of
Julian Assange (WikiLeaks). Google/Twitter/SayNow worked together to provide communication for
the Egyptian people when the government orchestrated an internet blackout during the 2011 protests.
• State-Sponsored Attackers: Instead of using an army to march across the battlefield to strike an
adversary, governments are using for launching computer attacks against their foes.
▪ Approximately 120 countries have been developing ways to use the internet as a weapon to target
financial markets, government computer systems and utilities.
▪ Famous attacks: US elections (Russia), Sony websites (N. Korea), Stuxnet (US/Israel), US Office of
Personnel Management (China).

Hassan Raza Jaffri


Outsiders & Insiders:
Outsiders:
● Unauthorized individuals - Trying to gain access; they launch the majority of
attacks but are often mitigated if the organization has good Defense in
Depth.
● Interception, malicious code (e.g. virus, logic bomb, trojan horse), sale
of personal information, system bugs, system intrusion, system sabotage
or unauthorized system access.
● 48-62% of risks are from outsiders.
Insiders:
● Authorized individuals - Not necessarily to the compromised system, who
intentionally or unintentionally compromise the system or data.
● This could be: Assault on an employee, blackmail, browsing of proprietary
information, computer abuse, fraud and theft, information bribery, input of
falsified or corrupted data.
● 38-52% of risks are from insiders, another reason good
Authentication and Authorization controls are needed.

Hassan Raza Jaffri


Digital Security:

• Digital security means protecting your computer, mobile devices,


tablets, and any other Internet-connected devices from intruders, which
could be in the form of hacking, phishing, and more.
• Digital security could also be used to protect your personal data from
being used and sold by companies.
• Digital security involves protecting your online presence (data, identity,
assets). At the same time, cyber security covers more ground,
protecting entire networks, computer systems, and other digital
components, and the data stored within from unauthorized access.
Hassan Raza Jaffri
Threats:

• A digital security threat refers to any possible malicious attack that seeks to
unlawfully access data, disrupt digital operations or damage information.
• These threats can originate from various actors, including corporate spies,
hacktivists, terrorist groups, hostile nation-states, criminal organizations,
lone hackers and disgruntled employees.

Hassan Raza Jaffri


Digital Security Risks:

1. Data Risks
2. Cyber Security Risks
3. Privacy Risks
4. Reputational Risks
5. Talent Shortage & Cultural Risks
6. Third Party Risk
7. Technology Risk
8. Artificial Intelligence Risk
9. Compliance Risk
Hassan Raza Jaffri
Prevention from
Threats:

• There are a number of ways to protect yourself online


1. From VPNs
2. Password managers
3. Identity monitoring services
4. Ensure endpoint protection
5. Install a Firewall
6. Data Backup
7. Access Management
8. Network Security
Hassan Raza Jaffri
Prevention from
Threats:

• Look after your logins


1. Use bookmarks or favorites or URLs to access sites.
2. Make sure your browser or website doesn’t store or remember your
login details.
3. Be cautious of logging in to your social media accounts using a hotspot
or free WiFi.
4. If you access your social media accounts through an app on your
phone or your tablet, make sure you lock it.

Hassan Raza Jaffri


Prevention from
Threats:

• Use strong passwords on your accounts


1. Use a different password for each of your social media accounts.
2. Make your account passwords long and strong. Short sentences make
the best passwords.
3. Don’t use the information you share on your social media accounts to
create your passwords.
4. Don’t share your passwords with anyone.

Hassan Raza Jaffri


THANK YOU!
Hassan Raza Jaffri

You might also like