Al Imam Mohammad Ibn Saud Islamic University

College of Computer and Information Sciences

IS 1180
IS and ethics
 Chapter 3
CYBERATTACKS AND CYBERSECURITY
LEARNING OBJECTIVES
1. Why are computer incidents so prevalent, and what are their
effects?
2. What can be done to implement a strong security program to
prevent cyberattacks?
3. What actions must be taken in the event of a successful security
intrusion?
ORGANIZATIONS BEHAVING BADLY
• A zero-day exploit is a cyberattack that takes place before the
security community and/or software developers become aware of
and fix a security vulnerability.
• Zero-day exploits have been found in widely used software such as
Acrobat Reader, Adobe Flash Player, Apple iOS, Google Chrome, Java,
Microsoft Internet Explorer, and Microsoft Windows.
ORGANIZATIONS BEHAVING BADLY
• While one would hope that the discoverer of a zero-day vulnerability
would immediately inform the original software manufacturer so that
a fix can be created for the problem, unfortunately this is often not
the case. In some cases, this knowledge is sold on the black market to
hackers, cyberterrorists, governments, or large organizations that may
then use it to launch their own cyberattacks.
• Information about one zero-day vulnerability in Apple’s iOS was
reportedly sold for $500,000.
THE THREAT LANDSCAPE
• The number and intensity of cybercrimes being committed against
individuals, organizations, and governments continues to grow.
• As a result, organizations are putting in place a range of
countermeasures to combat cybercrime like:
• Having an overall security strategy
• having a chief information security officer (CISO) in charge of security
• having employee security awareness and training programs
• having security standards for third parties
• conducting threat assessments
• actively monitoring and analyzing security intelligence
THE THREAT LANDSCAPE
• In spite of all these countermeasures, however, the number of
computer security incidents surged from 2014 to 2015 in the
following industries: public sector organizations; entertainment,
media, and communications; technology and telecommunications
companies; pharmaceuticals and life sciences; and power and utilities
organizations
Why Computer Incidents Are So Prevalent?
There are various reasons that behind the dramatic increase in the
number, variety, and severity of security incidents:
1. Increasing Complexity Increases Vulnerability
2. Expanding and Changing Systems Introduce New Risks
3. Increasing Prevalence of Bring your own device (BYOD) Policies
4. Growing Reliance on Commercial Software with Known
Vulnerabilities
5. Increasing sophistication of those who would do harm, Table 3-1
summarizes the types of perpetrators of computer mischief, crime,
and damage.
Why Computer Incidents Are So Prevalent?
Types of Exploits
1. Ransomware: is malware that stops you from using your computer or
accessing your data until you meet certain demands, such as paying a
ransom or sending photos to the attacker.
2. Viruses: s is a piece of programming code, usually disguised as
something else, that causes a computer to behave in an unexpected and
usually undesirable manner.
3. Worms: is a harmful program that resides in the active memory of the
computer and duplicates itself.
4. Trojan Horses: is a seemingly harmless program in which malicious code
is hidden
5. Blended Threat: is a sophisticated threat that combines the features of a
virus, worm, Trojan horse, and other malicious code into a single
payload.
Types of Exploits
6. Email spam: is the use of email systems to send unsolicited email to large
numbers of people.
7. DDoS Attacks: is one in which a malicious hacker takes over computers
via the Internet and causes them to flood a target site with demands for
data and other small tasks.
8. Rootkit: is a set of programs that enables its user to gain administrator-
level access to a computer without the end user’s consent or knowledge
9. Advanced Persistent Threat (APT) : is a network attack in which an
intruder gains access to a network and stays there—undetected—with
the intention of stealing data over a long period of time (weeks or even
months).
Types of Exploits
10. Phishing: is the act of fraudulently using email to try to get the
recipient to reveal personal data.
• Spear phishing is a variation of phishing in which the phisher sends fraudulent
emails to a certain organization’s employees
11. Smishing: another variation of phishing that involves the use of
texting. In a smishing scam, people receive a legitimate-looking text
message telling them to call a specific phone number or log on to a
website
12. Vishing: is similar to smishing except that the victims receive a
voice-mail message telling them to call a phone number or access a
website.
Types of Exploits
13. Cyberespionage: involves the deployment of malware that secretly
steals data in the computer systems of organizations, such as
government agencies, military contractors, political organizations,
and manufacturing firms.
14. Cyberterrorism: the intimidation of government or civilian
population by using information technology to disable critical
national infrastructure (for example, energy, transportation) to
achieve political, religious, or ideological goals.
Federal Laws for Prosecuting Computer
Attacks
• Over the years, several laws have been enacted to help prosecute
those responsible for computer-related crimes.
• IN the USA Those convicted of cyberterrorism are subject to a prison
term of 5 to 20 years.
• An example in Saudi Arabia: The Anti-Cybercrimes Law of 2017
THE CIA SECURITY TRIAD
• The IT security practices of organizations worldwide are focused on
ensuring confidentiality, maintaining integrity, and guaranteeing the
availability of systems and data.
• Confidentiality: ensures that only those individuals with the proper authority
can access sensitive data.
• Integrity: ensures that data can only be changed by authorized individuals.
• Availability: ensures that the data can be accessed when and where needed,
including during times of both normal and disaster recovery operations
Implementing CIA at the Organization Level
• Implementing CIA begins at the organization level with:
1. The definition of an overall security strategy.
2. Performance of a risk assessment to help prioritize the investments in time and
resources.
3. Laying out plans for disaster recovery, which is a documented process for
recovering an organization’s business information system assets in the event of a
disaster.
4. Setting security policies that defines responsibilities and the behaviour expected
of members of the organization.
5. Conducting security audits that evaluates an organization’s security policy.
6. Ensuring regulatory standards compliance.
7. Creating a security dashboard to provide a comprehensive display of the
organization’s security defences performance .
Completion of these tasks at the organizational level will set a sound
foundation and clear direction for future CIA-related actions.