1. GeneralKnowledge
What is Cyber Security?
Cybersecurity can be seen as a group of defensive processes, technologies, and practices that are specifically designed to protect internet-connected machines. More specifically software on those machines.
Asset, threat, vulnerability, and exploit are the most commonly used terms in the cybersecurity lingo.
What is being protected?
- An asset is something that has some value to its owner. Its value can be tangible (e.g., gold or a running server) or intangible (e.g., data).
- A threat is an intention to cause damage. For cybersecurity, this can be defined as a hostile act aimed by an attacker(threat actor) at an asset.
- A vulnerability is a defect in the target system. This defect may be a bug in the application code or a flaw in the design of the system.
- An exploit is a way to take advantage of a known vulnerability. The usual objective is to take control of the asset.
OpSec is a crucial component of an organisation's overall security strategy.
- Assets Identification
- Threat Identification
- Vulnerability Identification
- Access Control
- Monitoring
At its core, OpSec is about identifying critical information, analysing threats, assessing vulnerabilities, and implementing appropriate protective measures. This process is continuous and dynamic, adapting to new threats and changes in the organisation's operational environment.
Disaster Recovery (DR) and Business Continuity (BC) are critical components of an organisation's resilience strategy.
- The goal of DR is to minimise downtime and data loss
- BC ensures that, no matter what happens, the concert (the business) can keep going, even if adjustments are needed.
Responsibility: This falls under the Business Continuity Manager as the conduct They conduct risk assessments, identify critical business functions, set Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs), and design strategies to meet these goals.
The shared responsibility model is one in which the cloud provider secures the building (the infrastructure), while you secure your own unit (your data and applications).
| Areas of cloud sec | Device Sec - 4 Layers |
|---|---|
| Data transit, - IAM - Network |
Device Sec - Data Sec - Net Sec - App Sec. |
Threat Models:
STRIDE
'STRIDE' is an acronym for the following threat categories:
Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.
- Spoofing covers cases where someone is illegally accessing a system using another user’s authentication information.
- Tampering covers cases such as unauthorized changes made to persistent data, whether inside a machine or in the transport.
- Repudiation specifies that a system should be able to trace user operations to provide evidence of what has happened in case of a breach.
- Information Disclosure covers the exposure of information to unauthorized individuals. (This category of threat can also occur within a machine or during transport.)
- Denial of Service refers to cases where the server or service is made temporarily unavailable. Lastly,
- Elevation of Privilege is a threat type in which an unprivileged user finds a way to gain sufficient privileges to compromise the system.
Threat Actors
A Threat Actor "team" is an organized group of individuals with specialized skills collaborating to carry out cyber attacks.
-
Expert Programmers create custom malware to exploit system vulnerabilities,
-
Network Specialists navigate complex digital infrastructures to find weak points,
-
Social Engineersuse psychological manipulation techniques to deceive individuals into revealing sensitive information, -
Data Analysts process stolen information to extract valuable intelligence, such as financial details or trade secrets,
-
In the cyber world, this is the role of the
exfiltration specialist, who safely extracts data or deploys ransomware while evading detection, covering their tracks meticulously.
To execute this heist, they use specific tools and techniques designed for precision and stealth. -
A cyber reconnaissance specialist uses tools like network scanners, open-source intelligence gathering (OSINT), and social engineering to probe weak points.
-
the hacker uses malware, rootkits, or custom scripts to gain unauthorized access.
-
the exfiltration specialist’s use of encrypted communication channels, data obfuscation techniques, and VPNs to remain untraceable.
Objectives
The primary objective of a Threat Actors is to infiltrate and exploit target systems or networks, with their motivations spanning a wide spectrum.
Red Team
The primary purpose of a Red Team is to improve an organization's security by identifying weaknesses that regular checks might miss.
The Red Team operates covertly, meaning most people in the organization are unaware of the ongoing test. This secrecy ensures that the responses they observe are genuine and not influenced by prior knowledge of the test.
Objectives:
- A significant focus is placed on assessing human factors, examining how susceptible employees are to social engineering tactics and phishing attempts, which often serve as entry points for cyberattacks.
- Red Teams also examine the organization's supply chain security, identifying potential vulnerabilities introduced by third-party vendors or partners.
Advanced Persistent Threats:
APTs are long-term operations that persists over a long period of time rather than demanding ransom immediately during usual attacks.
The primary objective of an APT focuses on long-term access to:
- Sensitive information
- critical systems
Stages of an APT attack:
#aptstages
- It begins with reconnaissance
- This is followed by initial infiltration, often through tailored spear-phishing emails or exploiting vulnerabilities.
- They then engage in lateral movement, escalating privileges and compromising additional systems, like thieves methodically disabling alarms and accessing restricted areas.
- The critical stage of data exfiltration involves stealthily transferring valuable information out of the network.
- Finally, the attackers maintain persistence, ensuring they can return even if partially discovered, analogous to thieves establishing multiple escape routes and safe houses.
