Scientific Applications of Computers L4 10 March 2024 .pptx

University Requirement Courses For All Programs Scientific Applications of Computers (CSE012) : (Lec4: Security) Date : 10 / 3 / 2024 Dr. Eng. Ali M. AbdelAziz

Privacy Threats Web bugs Invisible images or HTML code hidden within an e-mail message or web page Spyware Record and report Internet activities Change browser to manipulate what you view Computer monitoring software Most invasive and dangerous Keystroke Loggers Record activities and keystrokes Anti-Spyware programs Detect and remove privacy threats Figure 2

Agenda 3 State of Cybersecurity/ Current Cyberthreats Topics of Interest: Phishing Emails/Scams Ransomware Social Engineering How to protect yourself WFH Tips Additional resources Q&A

Current state of Cybersecurity 4 Phishing attacks are still number 1 Social Engineering is the leading attack vector for scams Ransomware attacks are on the rise

Cost of Cybersecurity Attacks 5

Phishing Attacks 6 Phishing emails Smishing Vishing e.g. Computer technician call to fix a virus on your machine e.g. ATO text messages to claim a tax refund e.g. COVID 19 vaccines

Phishing Examples

Ransomware 9 Email attachments Website downloads Email links Website links Type of malware that encrypts data specifically asking for payment in order to restore access. How? Regular backups Updates Verify emails Protect Yourself Don’t PAY!

Why is Cyber awareness so important? 10 Everything is CONNECTED! Personal documents Identity Finances Digital footprint

How can I protect myself?

Long and strong. Passphrases Enable 2FA where possible Change default passwords Don’t reuse passwords across accounts Use a Password manager (LastPass is FREE) Passwords

Ensure all devices are on their latest updates. Turn on AUTOMATIC UPDATES Make time for updates Spring clean your apps regularly Updates

Phishing - email Vishing – phone call Smishing – text messages Look out for: Urgency Asking for personal/financial information Unsolicited Contain links and downloadable files Bad grammar Too good to be true Be aware of Scams

Privacy controls Be mindful of what you share Review app privacy collection Search Yourself (Digital Footprint)

Are my devices secure? Using VPN to access University systems? Beware of using FREE Wi-Fi Do I have anti virus installed? Am I backing up my important files? Cloud & Local Are my devices up to date? Enable two-factor authentication (2FA) where possible STOP. THINK BEFORE YOU CLICK. Creating a Cyber secure home checklist

How can you help? Report suspicious emails : [email protected] Got a question? Service Now ticket Yammer & Slack Sign up for free cyber alerts (Australian Cyber Security Centre) GET IN TOUCH!

Scamwatch Stay Smart Online SANS Security Awareness Blog Helpful Websites

Security Involves protecting individuals or organizations from theft and danger Hackers Gain unauthorized access with malicious intent Not all hackers are illegal Cybercrime / Computer Crime Criminal offense that involves a computer and a network Effects over 400 million people annually Costs over $400 billion each year Kamolrat /Shutterstock; Flegere /Shutterstock; Hugh Threlfall/ Alamy Stock Photo 19

20 Back to game board After each answer appears, please return to Game Board. Answer: No. Once an image (or any information) is posted on the internet, it is virtually impossible to remove it from circulation. Taking it off of your social media page will help, but there is no guarantee that others have not already seen it and/or downloaded it to their own machines. You post a picture of you and your best friend to your favorite social media platform. She doesn’t feel comfortable with the image, so you agree to take it down. Will this ensure that no one else sees the picture? #BeCyberSmart: Online Safety - 100

21 Back to game board After each answer appears, please return to Game Board. Answer: Do NOT click the link ! Check the sender’s address and search the document for spelling/grammar mistakes. If you notice anything suspicious, the email is likely a scam. Even if it seems legitimate, navigate to the site yourself rather than clicking any links. You receive an email from an online shopping site claiming that you were incorrectly charged for your last purchase and are due a refund. The email asks you to click a link where you will submit the necessary information. What should you do? #BeCyberSmart: Online Safety - 200

22 Back to game board After each answer appears, please return to Game Board. Answer: It depends. In general, it is never safe to transmit PII (Personally Identifiable Information), especially financial information, over a public network. If you find yourself in a situation where you may need to do so, first consider all your options, including using your mobile data or a VPN (Virtual Private Network) to help protect your browsing. You’ve just settled into your new hotel room when you realize you need to transfer some funds from your savings account to your checking account. In order to do this, you will need to connect your laptop to the hotel’s public Wi-Fi and log in to your online bank. Should you risk it? #BeCyberSmart: Online Safety - 300

23 Back to game board After each answer appears, please return to Game Board. Answer(s): Turn off Wi-Fi and Bluetooth when not using them. These technologies leave you open to remote attacks. Make sure the network is legitimate. Hackers love to create fake networks that mimic real ones, enticing unsuspecting users to log on. Don’t connect. Though perhaps drastic, one near-certain way to circumvent the dangers of public Wi-Fi is simply to avoid using it whenever possible. You have a long commute. Thankfully, your train just installed public Wi-Fi. Now you can listen to your favorite music or podcast. However, when you check for social media updates around lunch, you find that your account has been hacked. What steps could you take to prevent your mobile device or laptop data from being compromised in the future? #BeCyberSmart: Online Safety - 400

24 Back to game board After each answer appears, please return to Game Board. Answer(s): Use a password manager. These are apps, devices, or cloud services that store your passwords in an encrypted vault that can only be unlocked with a single master password. Use a “password pattern.” This is simply a pattern (recognizable only to you) that you can use to help remember your passwords. Passwords often have complex requirements, and most online citizens will need to remember numerous different passwords to access their internet services. What is a way to help you keep track of all these different passwords? #BeCyberSmart: Online Safety - 500

25 After each answer appears, please return to Game Board. Back to game board Answer: 1 & 3. While it is helpful for passwords to have some level of personal relevance, anything concrete or publicly-available (high schools, birthdates, pets’ names, etc.) can be easily researched and guessed by an attacker. Storing your passwords physically or in a text-document is also ill-advised, as someone could gain access to the copy. Which of the following are strong password practices? (Choose all that apply.) Passwords should contain a mixture of upper and lower case letters, numbers, and special characters. Passwords should have personal meaning to you (e.g. a relative’s birthday) so that you can remember them more easily. You should immediately change your password in the case of a known data breach. You should store your passwords on paper or in a text document, giving you a backup in the event that you forget them. Device Security - 100

26 Back to game board After each answer appears, please return to Game Board. Answer: False. Although updates can occasionally cause problems, they also contain vital patches to help protect your machine against attackers. Keep your machine up-to-date and install new patches as soon as possible. Don’t click, “Remind me later,” twelve times. True or false : Automatically updating your machine poses a significant security concern, as it could install unwanted programs/features that disrupt your network or harm your computer. Device Security - 200

27 Back to game board After each answer appears, please return to Game Board. Answer: False. Almost all consumer devices, especially cell phones and tablets, are simply miniature computers. They contain important data (contacts, financial information, calendars) and require protection like any other device. True or false: Although they operate similarly to computers, most mobile devices (cell phones, tablets, etc.) are not full computers and do not require software, such as anti-virus, to be secure. Device Security - 300

28 Back to game board After each answer appears, please return to Game Board. Answer: All of them . Yes, even the toaster – possibly. Tablet Security camera Pacemaker Baby monitor GPS Toaster Thermostat Which of the following devices could potentially be exploited by an attacker? Desktop computer Laptop computer Cell phone Television Refrigerator Digital assistant Remote-controlled keys Device Security - 400

29 Back to game board After each answer appears, please return to Game Board. Answer: Multi-Factor Authentication (MFA). MFA greatly increases the security of access control. Even if a password is learned or an ID is stolen, it will not be enough to compromise a system. Many online services allow MFA options, such as requiring a one-time login code as well as a password. What is the method of access control by which users must present multiple, separate pieces of identification, such as a password and keycard, in order to access a system? Device Security - 500

30 Back to game board After each answer appears, please return to Game Board. Answer: Phishing – a type of social engineering that often manipulates human impulses, such as greed, fear, or the desire to help others. A scammer creates a fake email and sends it to thousands of people, hoping some of them will click on a link and give up their personal information. What is this type of attack called? Types of Cyber Attacks - 100

31 Back to game board After each answer appears, please return to Game Board. Answer: Malware. This stands for “malicious software,” and refers to a large variety of software-based attacks. What is the term for harmful software that seeks to damage or exploit the machines that run it? Types of Cyber Attacks - 200

32 Back to game board After each answer appears, please return to Game Board. Answer: Spoofing. This kind of attack can come in many forms (email, GPS, caller ID), but is most commonly known with regards to fake and malicious wireless networks. Before logging onto a public network, be sure it is the correct one. An attacker goes to a local coffee shop and creates a wireless network using the shop’s name, hoping unsuspecting customers will log on. What is this type of attack called? Types of Cyber Attacks - 300

33 Back to game board After each answer appears, please return to Game Board. Answer: Shoulder surfing. It is important to remember that not all cyber attacks require the direct manipulation of technology. Attackers can often obtain important information by simply observing people, asking questions, or piecing together dissociated facts to learn or guess something private. You bring your laptop to a local restaurant. Without your knowledge, the customer at the table behind you watches you log in to your email, thereby learning your username and password. What is this type of attack called? Types of Cyber Attacks - 400

34 Back to game board After each answer appears, please return to Game Board. Answer: Ransomware. This type of attack has grown more common in recent years, especially against institutions that need to recover their data as soon as possible, such as medical facilities. After clicking an advertisement on an unsecure website, your computer freezes. A message appears, demanding you pay a certain amount of money to unlock your computer. What is this type of attack called? Types of Cyber Attacks - 500

35 Back to game board After each answer appears, please return to Game Board. Answer: Bill Gates. This entrepreneur is widely-known for his contributions to the personal computer industry. He founded the Microsoft Corporation in 1975, with his business partner Paul Allen. Cyber History - 100

36 Back to game board After each answer appears, please return to Game Board. Answer: The Department of Homeland Security . Specifically, the Cybersecurity and Infrastructure Security Agency (CISA), which is responsible for protecting the Nation’s critical infrastructure from physical and cyber threats. Which United States federal agency has been tasked with improving national cybersecurity and protecting the nation’s critical infrastructure? Cyber History - 200

37 Back to game board After each answer appears, please return to Game Board. Answer: Alan Turing. Turing helped the Allies by cracking intercepted messages from the German forces, gleaning information that was crucial to an Allied victory. He also created the “Turing test,” which examines a machine’s ability to display human behavior à la artificial intelligence. This English cryptanalyst is famous for deciphering encoded messages during World War II and creating standards for artificial intelligence. He is considered by many to be the father of theoretical computing. ( Hint: There was a 2014 movie based on his biography.) Cyber History - 300

38 Back to game board After each answer appears, please return to Game Board. Answer(s): Ada Lovelace worked alongside Charles Babbage in the 1840s to publish the first computer-based algorithm. This English writer and mathematician is known for her work on the Analytical Engine and is considered to be one of the first computer programmers. Cyber History - 400

39 Back to game board After each answer appears, please return to Game Board. Answer: WannaCry . This ransomware attack propagated through an exploit called EternalBlue , which took advantage of older Windows systems. Targeted machines had their data involuntarily encrypted, with a demand of Bitcoin payment for the release thereof. In May 2017, this worldwide cyber attack used ransomware to exploit approximately 400,000 unpatched machines, resulting in damages totaling to over $4,000,000,000 (4 billion USD). Cyber History - 500

40 Back to game board After each answer appears, please return to Game Board. Answer: Over 10 million. Approximately how many attempted cyber attacks are reported to the Pentagon every day? (Closest answer wins.) Cyber Stats- 100

41 Back to game board After each answer appears, please return to Game Board. Answer: 310,000. How many unfilled cybersecurity jobs are there in the United States alone? (Closest answer wins.) Cyber Stats- 200

42 Back to game board After each answer appears, please return to Game Board. Answer: 1.8 Million. Globally, how many unfilled cybersecurity positions are there estimated to be by 2022? (Closest answer wins.) Cyber Stats- 300

43 Back to game board After each answer appears, please return to Game Board. Answer: $1.6 Million USD. What is the estimated cost of a successful phishing attack on a single small or medium-sized business? (Closest answer wins.) Cyber Stats- 400

Malicious Programs Malicious Programs or Malware Designed by crackers, computer criminals, to damage or disrupt a computer system Computer Fraud and Abuse Act makes spreading a virus a federal offense 3 most common programs Viruses – migrate through networks and attach to different programs Worms – fills the computer with self-replicating information Trojan horse – programs disguised as something else (left): AlexLMX /Getty Images; (middle): iko /Shutterstock; (right): Alex Melnick/Shutterstock 44

Cyber Threats

Cyber Threat A Cyber threat is any malicious act that attempts to gain access to a computer network without authorization or permission from the owners. It refers to the wide range of malicious activities that can damage or disrupt a computer system, a network or the information it contain. Most common cyber threats: Social Engineered Trojans, Unpatched Software, Phishing, Network worms, etc. 46

Sources of Cyber Threats Cyber threats can come from a wide variety of sources, some notable examples include: National governments. Terrorists. Industrial secret agents. Rogue employees. Hackers. Business competitors. Organization insiders. 47 Anyone with a motive and the needed technology can create cyber threats.

Cyber Threat Classifications Threats can be classified by multiple criteria: Attacker's Resources Attacker's Organization Attacker's Funding On basis of these criteria, threats are of 3 types: Unstructured Threats Structured Threats Highly Structured threats 48

Unstructured Cyber Threats Resources: Individual or small group. Organization: Little or no organization. Funding: Negligible. Attack: Easy to detect and make use of freely available cyberattack tool. Exploitation based on documented vulnerabilities. 49

Structured Cyber Threats Resources: Well trained individual or group. Organization: Well planned. Funding: Available. Attack: Against particular individual or organizations. Exploitation based on information Gathering. 50

Highly Structured Cyber Threats Extensive organization, resources and planning over time. Attack: Long term attack on particular machine or data. Exploitation with multiple methods: Technical, social and insider help. 51

Cyber Security Threat Index Level Cyber threats are evaluated daily by the CTU (counter threat unit) and associated with an threat index level. The threat index levels are: Level 1: Guarded. Level 2: Elevated. Level 3: High. Level 4:Critical. 52

Cyber Attacks

Types of Cyber Attacks Advanced Persistent Threat (APT): A network attack in which an unauthorized person gains access to network and stays there undetected for a long period of time. Backdoor: Method of bypassing normal authentication and gaining access in OS or application. 54

Types of Cyber Attacks Continued Buffer Overflow: An exploit that takes advantage of the program that is waiting for a user’s input. Man-in-the-middle Attack This attack intercepts and relays messages between two parties who are communicating directly with each other. 55

Types of Cyber Attacks Continued Cross-Site Scripting (XSS): A code injection attack that allows an attacker to execute malicious JavaScript in another user’s browser. Denial of Service Attack: Any attack where the attackers attempt to prevent the authorized users from accessing the service. 56

Types of Cyber Attacks Continued SQL injection: A very common exploited web application vulnerability that allows malicious hacker to steal and alter data in website’s database. Zero-day exploit: A vulnerability in a system or device that has been disclosed but is not yet patched. 57

Impacts of Cyber Attacks A successful cyber attack can cause major damage to organizations or systems, as well as to business reputation and consumer trust. Some potential results include: Financial loss. Reputational damage. Legal consequences. 58

Malicious Code

Types of Malicious Code Virus: Malicious software program, when it is executed, it replicates itself by modifying other computer programs and inserting its own code. Network Worm: Standalone malware which replicates itself in order to spread to other computers. 60

Types of Malicious Code Continued Trojan Horse: A program that claims to free your computer from viruses but instead introduces viruses onto your system. Botnet: Used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allow the attacker access to the device and its connection. 61

Types of Malicious Code Continued Keylogger: A type of surveillance technology used to monitor and record each keystroke typed on specific computer’s keyboard. Rootkit: Collection of tools or programs that enable administrator-level access to computer or computer network. 62

Types of Malicious Code Continued Spyware: Software that is hidden from the user in order to gather information about internet interaction, keystrokes, passwords, and other valuable data. Adware: Designed to display advertisements on your computer and redirect your search requests to advertising websites to collect marketing data about you. 63

Types of Malicious Code Continued Ransomware: Malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the user’s files unless a ransom is paid. 64

Vulnerabilities

What is a Vulnerability? A cyber-security term that refers to a flaw in a system that can leave it open to attack. Vulnerability is the composition of three elements: A flaw in system. Access of attacker to that flaw. Capability of attacker to exploit the flaw. 66

Classification of Vulnerabilities Vulnerabilities are classified according to the asset: Hardware. Software. Network. Personal. Physical site. Organizational. 67

Causes Some of the vulnerability in the system occur due to: Missing patches. Cleartext credentials. Using unencrypted channels. RF Emanation. 68

Restricting Access Passwords Dictionary attack Uses software to try thousands of common words sequentially in an attempt to gain unauthorized access to a user’s account Biometric scanning Fingerprint scanners Iris (eye) scanners Facial recognition Left: Anatoliy Babiy / iStockphoto /Getty Images Right: Cristian Baitg /Getty Images 69

Automated Security Tasks Ways to perform and automate important security tasks Security Suites Provide a collection of utility programs designed to protect your privacy and security Firewalls Security buffer between a corporation’s provide network and all external networks Password Managers Helps to create strong passwords Authentication Process of ensuring the integrity of a user Gravvi /Shutterstock 70

Scientific Applications of Computers L4 10 March 2024 .pptx

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Scientific Applications of Computers L4 10 March 2024 .pptx

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Slide 39

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58

Slide 59

Slide 60

Slide 61

Slide 62

Slide 63

Slide 64

Slide 65

Slide 66

Slide 67

Slide 68

Slide 69

Slide 70

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

8-top-ai-courses-for-customer-support-representatives-in-2025.pptx