Muhammad Kashif

Activity 1

L01

 Ukrainian state nuclear power company attack

The Russian “hacktivist” group called the People’s Cyber Army engaged
7.25 million bots in August 2022 in a bot attack to take
the Energoatom website down. It used a flood of garbage web traffic
and webpage requests. A disruption of online services lasted for a few
hours, but no permanent negative impact remained. The attack was part
of a Russian psyops campaign to create fear of a nuclear disaster and
terrorize Europeans.

P1 Potential Targets of cyber crime

Cyber attacks often aim at critical infrastructure to maximize Impact
In august 2022 Ukraine’s state nuclear power company
Energoatom because a target of the Russian hacktivist group peoples
Cyber Army.
The attacks goal was not only to disrupt operations but also to create
Public fear around nuclear a tactic to destabilize Europeans
psychologically.
P2. Digital Systems as Targets :
Digital systems like Energoatom’s Website serve as vital online access
Points for information and services by targeting these systems
attackers aim to cause service outages and alarm. In this case the
hacktivist group used a Distributed Denial of Service (DDoS) attacks
to flood Energoatom’s Website with garbage traffic leading to hours
Of disruption.

M1. Tools Used in Cyber Crimes

The Energoatom attack employed a DDoS strategy using a botnet of
7.25 million Bots to overload the website. DDoS attacks along with
Tools like ransomware are commonly used to disrupt digital serices.

SR Type of Cyber Vector Impact Year Targeted

cyber crimethreat organization
Actor
1 Ransomware Russian Phishing NHS 2017 NHS
Attack Cyber Exploiting services (National
criminals System crippled Health
Vulnerabilities patient service)
caredelayed UK
financial
losses
2 Data Breach Unknown Insider threat Leaked 2019 Capital One
or phishing sensitive
information
reputational
damage
3 DDoS Hacktivists Network Disrupted 2020 Amazon
Attacks overload Services Website
viabotnets Website Services
downtime (AWS)

4 Phishing State- Email links or Compromis 2021 Solar Winds

Attack Sponsored Attachments ed personal
and
corporate
data
Activity 2

L02
 Threats and Hazards in Digital Systems

 P3 Explanation of Threats and Hazards and their

Effects

On Digital Systems

 Threats:

These are dangers like hackers or cybercriminals aiming to steal damage

Or disrupt systems.

 Hazards:

Natural or accidental events (e.g. power outages) that harm digital

System indirectly

 Effects: Threats and hazards can cause data loss unauthorized can
cause data lose unauthorized access systems downtime and harm
user trust
 P4 Investigate Common Attack Techniques and
Countermeasures
 Phishing: Tricking users into revealing data.

Countermeasure: Tricking users into revealing data

 Malware : Damages or controls systems (e.g. ransomware )

Countermeasure: Antivirus software and regular updates.

 DDoS: Overloading systems to make them unavailable.

Countermeasure: DDoS protection services and firewalls

 M2 Role of Threats Intelligence

 Threats Intelligence: Gathers information on threats to prevent
attacks early.
Impact; Helps companies update defenses and respond to
New threats faster.

 Evaluation of Techniques and Countermeasure

Effectiveness
 Effectiveness: Most countermeasures are effective but need
regular updates.

Example: Phishing training works well but must be repeated as

attackers improve techniques. DDoS protection help but may be
Costly.
2.4 three physical and virtual security measures
Physical security measures to ensure the integrity of organizational IT security
Physical security is the safeguarding of people, equipment, networks, and data against
physical acts and occurrences that could seriously harm a business, government organization,
or institution.
1 Closing the server room's doors
A physical network's heart is in the server room, where anyone with physical access to the
room's servers, switches, routers, cables, and other equipment can cause a great deal of harm.
Make sure the server room door has strong locks even before locking the servers down. Policies
must specify who has the key or keycode to enter and must mandate that those doors be locked
whenever the room is unoccupied.

2 Set up surveillance.
A good initial step is to lock the server room door, but someone might break in or someone with
access might misuse that authority. You need to be able to keep tabs on who comes and goes at
what times. A logbook for signing in and out is the simplest method to go about it, but it has a lot
of drawbacks. A malicious person will probably choose to ignore it. As opposed to the logbook,
an authentication system integrated into the locking mechanisms would require a smart card,
token, or biometric scan to unlock the doors and keep track of who enters.

3 Safeguard the portables.

Physical security risks are associated with laptops and portable computers. The entire computer,
any data stored on it, as well as any saved network logon passwords, are all easily taken by a
burglar. Employees who use laptops at their desks should either take them with them when they
leave or use a cable lock to attach them to a permanent post. When a person leaves the location,
they can simply put handhelds into a pocket and carry them. They can even be kept in a drawer
or safe. There is also motion- sensing alarms available that can notify the user if their portable is
moved.
Virtual security measures to ensure the integrity of organizational IT security
Virtual security is the practice of defending data and computer networks from unwanted access
or attack. It encompasses rules, processes, and hardware and software solutions created to
safeguard network resources from unauthorized users. Firewalls, intrusion detection systems, and
encryption are common methods for achieving virtual security

1. Validating addresses and connection policies

IP networks like IP VPNs ride on top of virtual networks. Every virtual endpoint is also a real
network endpoint, and from the real network or endpoint below, it is possible to attack or leap
onto the virtual network. It is erroneous to believe that virtual network overlays will address
security issues, the actual network must still be protected.

2. Inter-network gateway security

On-ramp security for virtual networks, which secures the points of entry between networks
and subnets, is a similar security issue. A virtual network often has a few locations where its
users can access external resources like the internet and external users can use the resources
of the virtual network. To prevent illegal connections from being made at those connection
points, this connectivity must be explicitly supplied through one or more virtual network
gateways, which must enact access controls. Hackers might be able to access the bigger
enterprise network through an open connection between a company's virtual network and the
internet.

3.Connection access control

It is vital to recognize that restricting communications to the outside won't eliminate the need
for virtual network access security. To prevent network users from unintentionally or
maliciously leaking data, more precise connection policy rules are essential. The options
available for connection security in virtual network implementations differ greatly. This is
especially true with SD-WANs, which can supplement MPLS VPNs by introducing new sites
where MPLS is unavailable or too expensive to establish. The proper SD-WAN
implementation can significantly enhance connection policy controls, which will enhance
network security on a whole.