What is cybersecurity?
Cybersecurity aims to protect
computers, servers, mobile devices, electronic systems,
networks, and data from malicious internal and external
attacks. It applies to home, business and mobile computing in
their myriad forms.
Some employers use key loggers based on this case from 2017
a
judge in Germany has ruled that using keylogger spyware to
monitor one’s employees is against the law"" and to the
best of my knowledge, it is still illegal in the EU without consent- Make sure you don't consent
Cyber-criminals, corporate data
loggers and government agencies are extremely inventive
so we can only aim to combat their efforts. No
cybersecurity system can guarantee 100% certainty 100% of the
time. Only one speedily updated can give you peace of mind.
What is cybercrime?
- Cybercrime is financial gain,
industrial gain, or disruption by individuals and groups who
target systems or people. Typical instances are:
- Grooming, stalking, bullying,
invasion of privacy or similar: by one or more
individuals targeting devices and systems for personal
gratification, to cause discomfort, or embarrassment to a
person/group with the goal of obtaining blackmail payment
(possibly in kind) from the victim(s)
- Identity fraud and fraud in
general: typically, initiated by a trojan, spyware or
other malware. After gaining access to your devices and
systems, these key loggers send your data is (Website
addresses, keyboard presses, and mouse clicks) to
command-and-control servers
- Intellectual property theft is
stealing or using without permission someone else's
intellectual property. Client lists, mechanical inventions,
poems, logos, and other items are covered under intellectual
property. Intellectual property is protected by a patent for
inventions, trademarks for commercial marks or branded
products, and copyrights on creative pursuits such as music,
photo, poems. Intellectual property is protected under many
countries laws some of which may contain the definition "fair
use" for short snippets of text, video or audio. Intellectual
property is commonly abbreviated as IP.
Who make cyberattacks?
- Before recognizing who make
cyberattacks, you need to recognize "Anyone, or organization
can be the subject of a cyberattack today, even you because
any data is worth stealing!"
- Let's give cyberattacks some
substance: they are Criminal Hackers (and their Zero-day
Remote Code Execution), Old Father Ransomware, Mrs. Phisher,
Mr. Corporate Data Miner, Aunty MITM Government department,
Uncle Malware, Cousin Botnet, 2nd Cousin Data logger, Joey the
script kiddy, and their Sub-Saharan lodger who is related to a
former African dictator and has a fantastic financial offer
for you.
- Cybercriminals are faceless so
they could be an acquaintance, your neighbor, colleague, wife,
son, daughter, or anything else for that matter.
- Cyberattacks often involve
politically motivated information gathering by nation
states and groups affiliated with them. Foremost among them
are members of the “Five Eyes“, “Nine Eyes“, and “14 Eyes” plus
Russia, China, North Korea and Iran.
What is cyberterrorism?
- Cyberterrorism can be defined as
the intentional use of computers, networks, and public
internet to cause destruction and harm for personal
objectives. Experienced cyberterrorists, who are very skilled
in terms of hacking can cause massive damage to government
systems and might leave a country in fear of further attacks.
The objectives of such terrorists may be political or
ideological since this can be considered a form of terror.
- Cyberterrorism aims to
undermine electronic systems to cause economic
destabilization, rioting, panic or fear
- COVID-19 has shown the truth of
the statement: "The world is three meals or four toilet
rolls from anarchy". That is why logistic services are often
the victims of such an attack.
Cybersecurity covers?
- Education teaches everyone to
have an ongoing commitment to security. Making everyone follow
good security practices such as, not reusing passwords, to
delete suspicious emails without opening them, not to plug in
"dirty" USB drives, etc, is vital for security.
- Network security (LAN/WAN):
Secures your computer network from targeted attackers or
opportunistic attackers and malware.
- Application security keeps
software and devices threat free
- Information security protects
the integrity and privacy of your data, during storage and
when in transit
- Operational security covers
your decisions and processes for managing and protecting data
assets such as, the user permissions to access your network,
how and where data is stored or shared
- Disaster recovery and business
continuity is your response to any incident that causes
the loss of operations or data. Disaster recovery policies
dictate how your operations are restored to return to the same
operating capacity as before the event, including information.
Business continuity is your fall-back plan used while trying
to operate without certain resources.
What is Malware?
- Malware is software that a
cyber-criminal or hacker has created to disrupt or damage a
legitimate user’s computer. Often used by cybercriminals to
make money or in politically motivated cyberattacks.
Here are some different types of malware: - Virus: a self-replicating
program that attaches itself to clean file and spreads
throughout a computer system, infecting files with malicious
code.
- Trojan: malware disguised as
legitimate software. Cybercriminals trick users into uploading
Trojans onto their computer where they cause damage or collect
data.
- Spyware: secretly records what
a user does, so that cybercriminals can make use of this
information. For example, spyware could capture credit card
details.
- Ransomware: locks down a
user’s files and data, with the threat of erasing it unless a
ransom is paid.
- Adware: Advertising software
which can be used to spread malware or obtain other
information.
- Botnet: a network of infected
computers which cybercriminals use to perform tasks without
the user’s permission.
Phishing, who falls for that?
- Phishing Who falls for the
phishing emails? In the tests in "Why we fall for phishing emails — and how
we can protect ourselves":
43% of participants took the bait at least once
11.9% clicked more than once. - 1996 gave birth to Phishing.
It is cybercriminal scam which targets victims with emails
(that appear to be from a legitimate company) asking for
sensitive information and trick them into giving personal or
confidential information. The data is then used to commit
cybercrime. Typically, people hand over credit card data and
other personal information.
Really damaging cybercrimes!
- SQL injection An SQL
(structured language query) injection is a cyberattack which
is used exploit vulnerabilities in data-driven applications to
take control of and steal data from a database.
- Man-in-the-middle attack (MITM)
is a cyberthreat where cybercriminals intercept communication
between two individuals to steal data. For example, on an
insecure WiFi network.
- Denial-of-service (DoS) and
Distributed Denial-of-Service (DDoS) attacks are
cyberattacks in which the perpetrator seeks to make a machine
or network resource unavailable to its intended users.
Denial of service floods the targeted machine or resource with requests in an attempt to overload systems and prevent legitimate requests from being fulfilled
Distributed denial-of-service floods the victim with incoming traffic originating from many different sources making it impossible to block a single source and stop the attack - Zero-day Remote Code Execution
(RCE) is an attacker executing code remotely on your
devices using system vulnerabilities. The code can run from a
remote server, so the attack can originate from anywhere in
the world. Once in a network they propagate their attacks over
the whole network