Lecture 1

Cyber Security:
Body of technologies, processes and practices designed to protect networks, computers,
programs and data from attack, damage or unauthorized access.

Cybercrime:
Any criminal activities that are facilitated by or committed by the use of or against a computer.

Cyberspace:
A global computer network, linking all people, machines and sources of information in the
world, and through which one could move or "navigate" as through a virtual space

Application Security:
Application security is the use of software, hardware, and procedural methods to protect
applications from external threats.

Information Security:
Information security is the set of processes that maintain the confidentiality, integrity and
availability of business data in its various forms

Network Security:
Network security is protection of the access to files and directories in a computer network
against hacking, misuse and unauthorized changes to the system. An example of network
security is an anti virus system.

Disaster Recovery Plan:

A disaster recovery plan (DRP) is a documented, structured approach with instructions for
responding to unplanned incidents. This step-by-step plan consists of the precautions to
minimize the effects of a disaster so the organization can continue to operate or quickly resume
mission-critical functions. Typically, disaster recovery planning involves an analysis of business
processes and continuity needs.

Business Continuity Plan:

A business continuity plan (BCP) is a document that consists of the critical information an
organization needs to continue operating during an unplanned event.

Malware
Malware or malicious code (malcode) is short for malicious software. ... Some of the more
commonly known types of malware are viruses, worms, Trojans, bots, back doors, spyware,
and adware
Lecture 1

Different Types of Malware:

#Computer Virus
Created to relentlessly self-replicate it infects programs and files. The malicious activities may
be targeted at destroying valuable data or causing unrepairable damages.

#Spyware
Created to spy on the victim so, it is secretly implanted on the computing device by the hacker.
The spyware gathers information and sends it to the hacker.

#Adware
Devised to pop-up unwanted advertisements on the victim’s computer without their
permission. The pop-ups are uncontrollable and tend to behave erratically, they usually appear
numerous times on the screen and it becomes tedious to close them.

#Rootkit
Rootkit Virus assists a hacker in remotely accessing or controlling a computing device or
network without being exposed. They are hard to detect due to the reason that they become
active even before the system’s Operating System is booted up.

#Trojan Horse
The name “Trojan horse” arrives from the ancient Greek tale on Trojan War. Similar to the
story, the malicious program sneaks into the victim’s computer disguised as a legitimate
program that users will accept and want to use.

#Worm
The Worm Virus is a malicious code that copy’s itself and spreads to other computers. The
Worm makes use of the network to spread to other devices. An infected network or system
may slow down and face unexpected hiccups on the full-swing. While a Computer Virus
attaches itself to different programs and executable codes, the Worm Virus spreads across the
networks, this is the notable difference between the two.

#Ransomware
As the name interprets, the ransomware is a ransom malware. The ransom virus blocks the
user from accessing the files or programs and the virus removal demands to pay the ransom
through certain online payment methods. Once the amount is paid the user can resume using
their system.

#Keylogger
The Keylogger records every keystroke that a user makes on their device by running in the
background. It steals user credentials and confidential data and forwards it to the hacker for
malicious purpose.

#Botnet
The cybercriminal blocks a user actions and takes full control of the system. The hacker
creates a network of malware-infected computers which functions as a bot. The botnet virus is
used to transmit malware, send spam emails, and execute other malicious tasks.
Lecture 1

Malware evades anti-virus by :

1. Encryption
2. Zero day attack: A zero-day vulnerability is a software security flaw that is known to the
software vendor but doesn’t have a patch in place to fix the flaw. It has the potential to be
exploited by cybercriminals.
3. Build each time, designed for you
4. Automated customization via Crimeware
5. Trick you to run an install
6. Detection rate can be as low as 15%.

APT (Advanced Persistent Threat):

An advanced persistent threat (APT) is a stealthy computer network attack in which a person or
group gains unauthorized access to a network and remains undetected for an extended period.

Remote Access Trojans (RATs):

- Embedded in some “normal” software and emails,
designed to fool the user into thinking that it is benign
- Backdoors.
- Often misunderstood as a form of virus.
- Do not proliferate.
- Hidden and insidious.
- Tool to steal your information.

Cyber Attacks
1. Criminal Attacks
E.g. Internet frauds, scams (Email scam, bogus auctions), extortions (Ransomware, Scareware),
intellectual property attacks (Piracy, unauthorised copying from another site), identity theft,
brand theft, digital forgery (e.g. fake emails, fake university).

2. Privacy Violations - Unauthorized collection of data

Targeted Privacy Violation (Stalking, Industrial Espionage), Data Harvesting (Derive
behavioural information from data collected without authorisation), Surveillance, Traffic
Analysis (Study of communication patterns, not content but characteristics).

3. Publicity Attacks - Attacks that tarnish a person or organisation’s reputation

Web defacement, Denial of Service attacks, slander mass emails.

eCommerce risks to customers:

 False or Malicious Websites
o Stealing Visitors' IDs and Passwords
o Stealing Visitors' Credit Card information
o "man-in-the-middle" attacks to monitor a Visitor's activity
o Spying on a Visitor's hard drive
 Selling of customer data by internet vendors and ISPs without authorisation.
 Selling of personal data (credit card, bank accounts, email addresses, etc) on underground
economy servers
 Data harvesting and behavioural tracking using Cookies.
Lecture 1

eCommerce risks to Internet Vendors

 Customer impersonation
o Used to obtain product and service without paying
o Used also to create negative publicity situations
 Denial of service
 Web defacement

Insider Risks
 Internal threats come from:
o Former Employees who were fired or laid off.
o Angry, frustrated current employees who want to damage the company
o Employees who have nothing against the company, but make a critical mistake.
o Industrial Espionage.
 Insiders may pose a more serious risk than outsiders.

Case Studies:
NUS Database Server Security Breach (Jan 2012):
Hacker group Team Intra infiltrated the institution's database by exploiting a SQL vulnerability.

National Parks Board, NParks Portal Attacks (Jun 2011):

Malaysian hacking – cyber war at our door steps. SQL injection; loss of user data for those
booking camping permits. (emails, names and encrypted passwords). Speculation is that it was
Malaysian hackers H3x4 Crew, related to the Anonymous attack on Malaysian websites.

Operation Malaysia(2011):
Jun 15th 2011 – Anonymous announced to launch a Coordinated Cyberattack on 16 Jun at
3:30 am on Malaysia Website, specifically www.Malaysia.gov.my About 90 per cent of the
attacks came from local groups. Affected ~200 websites across two days (Defaced Hacked, or
Leaked, service disrupted

Mafia 2.0 Citibank Attack (June 2011)

Estimated to have lost 360,083 sets of customer records. Attackers raided the accounts of those
affected. Wall Street Journal reported that 3400 customers suffered a loss of US$2.7 million.
Actual costs – much higher (US$70 m). Citigroup said that it will cover the losses and
customers will not be liable for unauthorised use of their accts in connection with the cards.
Attack based on Url Manipulation. Trivial attack

China Hackers hit U.S Chambers

The US Chamber of
Commerce was hacked
by possibly chinese
hackers, allowing them
to gain access to
information of 3 million
members (2011). The
incident happened
about a year before
being discovered
Lecture 1

Attack on NUS student (2013)

True story from our course attendee female student. Indian cyber crime gang used Microsoft
support malware ruse on Singaporeans via random voice calls. Ask victim for DBS fund/credit
card money transfer after remote controlling her computer – very small amount for getting
support to clean up PC from massive malware infections. Student stopped at the last moment;
but PC was infected and encrypted. Lost the PC.

Saudi Aramco (2012) – Political Goals:

Saudi Aramco suffered the worst hack in world history in 2012. Another attack in 2017, targets
the safety systems. In a matter of hours, 35,000 computers were partially wiped or totally
destroyed. Without a way to pay them, gasoline tank trucks seeking refills had to be turned
away. Saudi Aramco's ability to supply 10% of the world's oil was suddenly at risk. And one of
the most valuable companies on Earth was propelled back into 1970s technology, using
typewriters and faxes.

Insider Risks – A True Story

On May 9 2000, the U.S. District Court jury in Newark, N.J., found Tim Lloyd, 37, of
Wilmington, Del., guilty of setting a software time bomb that crippled his former employer's
(Omega Engineering) manufacturing capabilities and cost the company more than U.S.$12
million. Omega Engineering learned firsthand the dangers of the disgruntled employee (11 yrs
employee) after a timed virus, known as a logic bomb, wiped out all of its research,
development, and production programs in one fell swoop in July 1996. The tape backup also
was destroyed.