A Guide Note for Security Defenders (Chapter-01)
Prasun Ray
101:The Basics
Common Terminology
First, you need to understand key terms and concepts to identify and prevent threats. A security analyst monitors networks, develops security strategies, and researches IT trends. To do this effectively, they need to be familiar with specific concepts.
| Compliance is about following rules to avoid penalties and breaches. |
| Security frameworks provide guidelines for building plans to protect data. |
| Security controls are safeguards that reduce specific risks. |
| Security posture is an organization's ability to defend assets and data. |
| Threat actors are people who pose security risks. |
| Internal threats can be accidental or intentional. |
| Network security protects an organization's network infrastructure. |
| Cloud security focuses on protecting data in the cloud. |
| Programming creates instructions for computers to perform tasks like automation, traffic review, and alerting. |
Cybersecurity analysts need a mix of transferable and technical skills. Transferable skills are general skills from other fields, while technical skills are specific to cybersecurity. Both are essential for success in this role.
- Transferable skills
Communication
Problem-Solving
Time Management
Growth Mindset
Diverse perspectives
- Technical skills
Programming Languages
Security information and event management (SIEM) tools
Intrusion detection systems (IDSs)
Threat landscape knowledge
Incident response
Common attacks and their effectiveness
Phishing
Phishing is the use of digital communications to trick people into revealing sensitive data or deploying malicious software.
Some of the most common types of phishing attacks today include:
| Business Email Compromise (BEC) | A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, to obtain a financial advantage. |
| Spear phishing | A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source. |
| Whaling | A form of spear phishing. Threat actors target company executives to gain access to sensitive data. |
| Vishing | The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source. |
| Smishing | The use of text messages to trick users, to obtain sensitive information, or to impersonate a known source. |
Malware
Malware is software designed to harm devices or networks. There are many types of malware. The primary purpose of malware is to obtain money, or in some cases, an intelligence advantage that can be used against a person, an organization, or a territory.
Some of the most common types of malware attacks today include:
Viruses | Malicious code written to interfere with computer operations and cause damage to data and software. A virus needs to be initiated by a user (i.e., a threat actor), who transmits the virus via a malicious attachment or file download. When someone opens the malicious attachment or download, the virus hides itself in other files in the now-infected system. When the infected files are opened, it allows the virus to insert its own code to damage and/or destroy data in the system. |
Worms | Malware that can duplicate and spread itself across systems on its own. In contrast to a virus, a worm does not need to be downloaded by a user. Instead, it self-replicates and spreads from an already infected computer to other devices on the same network. |
Ransomware | A malicious attack where threat actors encrypt an organization's data and demand payment to restore access. |
Spyware | Malware that’s used to gather and sell information without consent. Spyware can be used to access devices. This allows threat actors to collect personal data, such as private emails, texts, voice and image recordings, and locations. |
Social Engineering
Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. Human error is usually a result of trusting someone without question. It’s the mission of a threat actor, acting as a social engineer, to create an environment of false trust and lies to exploit as many people as possible.
Some of the most common types of social engineering attacks today include:
| Social media phishing | A threat actor collects detailed information about their target from social media sites. Then, they initiate an attack. |
| Watering hole attack | A threat actor attacks a website frequently visited by a specific group of users. |
| USB baiting | A threat actor strategically leaves a malware USB stick for an employee to find and install, to unknowingly infect a network. |
| Physical social engineering | A threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location. |
Reasons why social engineering attacks are effective
Authority: Impersonating individuals with power.
Intimidation: Using bullying tactics.
Consensus/Social proof: Appealing to the belief that others are doing it.
Scarcity: Creating a sense of limited availability.
Familiarity: Establishing an emotional connection.
Trust: Building trust over time.
Urgency: Persuading others to act quickly.
Type of Attacks
1. Password attack
A password attack is an attempt to access password-secured devices, systems, networks, or data. Some forms of password attacks that you’ll learn about later in the certificate program are:
Brute force
Rainbow table
Password attacks fall under the communication and network security domain.
2. Social engineering attack
Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. Some forms of social engineering attacks that you will continue to learn about throughout the program are:
Phishing
Smishing
Vishing
Spear phishing
Whaling
Social media phishing
Business Email Compromise (BEC)
Watering hole attack
USB (Universal Serial Bus) baiting
Physical social engineering
Social engineering attacks are related to the security and risk management domain.
3. Physical attack
A physical attack is a security incident that affects not only digital but also physical environments where the incident is deployed. Some forms of physical attacks are:
Malicious USB cable
Malicious flash drive
Card cloning and skimming
Physical attacks fall under the asset security domain.
4. Adversarial artificial intelligence
Adversarial artificial intelligence is a technique that manipulates artificial intelligence and machine learning technology to conduct attacks more efficiently. Adversarial artificial intelligence falls under both the communication and network security and the identity and access management domains.
5. Supply-chain attack
A supply-chain attack targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed. Because every item sold undergoes a process that involves third parties, this means that a security breach can occur at any point in the supply chain. These attacks are costly because they can affect multiple organizations and the individuals who work for them. Supply-chain attacks can fall under several domains, including but not limited to the security and risk management, security architecture and engineering, and security operations domains.
6. Cryptographic attack
A cryptographic attack affects secure forms of communication between a sender and the intended recipient. Some forms of cryptographic attacks are:
Birthday
Collision
Downgrade
Cryptographic attacks fall under the communication and network security domain.
Understand Attackers
Advanced persistent threats
Advanced persistent threats (APTs) have significant expertise accessing an organization's network without authorization. APTs tend to research their targets (e.g., large corporations or government entities) in advance and can remain undetected for an extended period of time. Their intentions and motivations can include:
Damaging critical infrastructure, such as the power grid and natural resources
Gaining access to intellectual property, such as trade secrets or patents
Insider threats
Insider threats abuse their authorized access to obtain data that may harm an organization. Their intentions and motivations can include:
Sabotage
Corruption
Espionage
Unauthorized data access or leaks
Hacktivists
Hacktivists are threat actors that are driven by a political agenda. They abuse digital technology to accomplish their goals, which may include:
Demonstrations
Propaganda
Social change campaigns
Fame
Hacker types
A hacker is any person who uses computers to gain access to computer systems, networks, or data. They can be beginner or advanced technology professionals who use their skills for a variety of reasons. There are three main categories of hackers:
Authorized hackers are also called ethical hackers. They follow a code of ethics and adhere to the law to conduct organizational risk evaluations. They are motivated to safeguard people and organizations from malicious threat actors.
Semi-authorized hackers are considered researchers. They search for vulnerabilities but don’t take advantage of the vulnerabilities they find.
Unauthorized hackers are also called unethical hackers. They are malicious threat actors who do not follow or respect the law. Their goal is to collect and sell confidential data for financial gain.
Note: Multiple hacker types fall into one or more of these three categories.
New and unskilled threat actors have various goals, including:
To learn and enhance their hacking skills
To seek revenge
To exploit security weaknesses by using existing malware, programming scripts, and other tactics
Other types of hackers are not motivated by any particular agenda other than completing the job they were contracted to do. These types of hackers can be considered unethical or ethical hackers. They have been known to work on both illegal and legal tasks for pay.
Some hackers consider themselves vigilantes. Their main goal is to protect the world from unethical hackers.
Subscribe to my newsletter
Read articles from Prasun Ray directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by