






















































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Assignment 1 - Security - Grade D
Typology: Study Guides, Projects, Research
1 / 94
This page cannot be seen from the preview
Don't miss anything!























































































Qualification BTEC Level 5 HND Diploma in Computing Unit number and title Unit 5 : Security Submission date 12/08/20 22 Date Received 1st submission Re-submission Date Date Received 2nd submission Student Name Phan Nhat Linh Student ID GCD Class GCD0905 Assessor name Tran Trong Minh Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice. Student’s signature Linh Grading grid
Grade: Assessor Signature: Date: Lecturer Signature:
I/ IDENTIFY TYPES OF SECURITY THREAT TO ORGANISATIONS. GIVE AN EXAMPLE OF A RECENTLY PUBLICIZED SECURITY BREACH AND DISCUSS ITS CONSEQUENCES (P1)
Figure 1 : Threats to Information Security Software assaults, intellectual property theft, identity theft, equipment or information theft, sabotage, and information extortion are all examples of information security concerns. A threat is defined as something that can exploit a vulnerability to breach security and negatively change, delete, or injure an item or objects of interest. Viruses, worms, Trojan horses, and other malware are examples of software assaults. Many consumers mistake malware, virus, worms, and bots for the same thing. But they are not the same; the only thing they have in common is that they are all malicious software that behaves differently. Malware is an abbreviation for Malicious Software and Software. Malware is essentially defined as malicious software, which can be an invasive computer code or anything designed to execute destructive actions on a system. Malware is classified into two types: Malware Infection Methods and Actions
Unfortunately, there are also unhappy individuals who actively undermine organizations from inside. A dissatisfied internal auditor recently downloaded payroll and other HR personal data from Morrisons and released it on the internet. The ex-employee was convicted and sentenced to jail, but Morrisons was also penalized for failing to put in place the necessary technological and organizational safeguards to prevent this crime (note that Morrisons is currently appealing against the fine). There are other situations when organizations require specialized assistance and must rely on contractors or outside entities with access to their systems or data. Third parties are frequently the source of problems since they may not have the same levels of security on their equipment that have access to the controller's data.
The amount of harm posed by these agents is dependent on your behavior, similar to the threat posed by nation governments. However, because some terrorists want to target certain industries or nations, there remains a continual potential of a random strike against you.
Criminals seek personal data for a variety of purposes, including credit card fraud, identity theft, and bank account fraud. These crimes are now being committed on a large basis. Methodologies differ, but the final effect is the same: you and your data are being collected and utilized for evil purposes.
While not a cyber assault, these occurrences can have a similar impact on your capacity to do business. If you are unable to access your offices, data centers, or information saved in the cloud, you are still facing a data catastrophe, and this must be considered. The risk of an earthquake in the United Kingdom is quite low, but every year we see images of a town or metropolis under water.
The fear of a rival stealing your intellectual property is evident, but we are increasingly collaborating with a wide range of partner organizations to address skills and resource gaps, or simply to deliver services. Depending on their motivations, these partner firms may steal or expose your intellectual property or personal data that you are keeping.
Figure 3 : Insider threats An insider threat happens when someone close to a company who have authorized access to its network purposefully or accidentally misuse that access to harm the company's vital data or systems. Insider dangers are created by careless workers who do not follow their businesses' business rules and regulations. They may, for example, mistakenly provide customer data to other parties, click on phishing links in emails, or share their login credentials with others. Other insider dangers come from contractors, business partners, and third-party vendors. Some insiders willfully circumvent security measures for the sake of convenience or in an ill-conceived attempt to become more productive. Malicious insiders deliberately circumvent cybersecurity procedures in order to erase data, steal data for later sale or exploit, disrupt operations, or otherwise harm the firm. Solutions: ➢ Restrict employees' access to only the resources they require to complete their duties; ➢ Train new employees and contractors on security awareness before granting them network access. Regular security training should include knowledge regarding unintended and malicious insider threat awareness.
To limit the danger of these sorts of information security risks produced by viruses or worms, businesses should install and maintain antivirus and antimalware software on all of their systems and networked devices. Furthermore, enterprises must instruct customers to avoid downloading files or clicking on links in emails from unknown senders, as well as installing free software from untrustworthy websites. Users should also exercise extreme caution while using P2P file sharing services, and they should avoid clicking on advertisements, particularly those from unknown companies and websites.
Figure 5 : Botnets A botnet is a network of Internet-connected devices, such as PCs, mobile devices, servers, and IoT devices, that are infected with and controlled remotely by a common form of malware. Typically, botnet malware scans the internet for susceptible devices. The threat actor that creates a botnet's purpose is to infect as many connected devices as possible, leveraging the computational power and resources of those devices for automated operations that are typically concealed from the devices' owners. The threat actors that operate these botnets, who are generally fraudsters, utilize them to transmit email spam, participate in click fraud operations, and create malicious traffic for distributed denial-of-service assaults. Solutions: ➢ Monitor network performance and activity to detect any irregular network behavior;
➢ Keep the operating system up to date; ➢ Keep all software up-to-date and install any necessary security patches; ➢ Educate users not to engage in any activity that puts them at risk of bot infections or other malware, including opening emails or messages, downloading attachments or clicking links from unfamiliar sources; and ➢ Implement antibotnet tools that find and block bot viruses. In addition, most firewalls and antivirus software include basic tools to detect, prevent and remove botnets.
Figure 6 : Drive-by download attacks In a drive-by download attack, malicious malware is downloaded from a website without the user's consent or knowledge via a browser, application, or integrated operating system. To start the download, the user does not need to do anything. Simply visiting or viewing a website might initiate a download. Drive-by downloads can be used by cybercriminals to inject banking Trojans, steal and collect personal information, and deploy exploit kits or other malware to endpoints. Solutions: One of the best ways a company can prevent drive-by download attacks is to regularly update and patch systems with the latest versions of software, applications, browsers, and operating systems. Users should also be warned to stay away from insecure websites. Installing security software that actively scans websites can help protect endpoints from drive-by downloads.
Figure 8 : Distributed denial-of-service (DDoS) attacks In a distributed denial-of-service (DDoS) attack, multiple compromised machines attack a target, such as a server, website or other network resource, making the target totally inoperable. The flood of connection requests, incoming messages or malformed packets forces the target system to slow down or to crash and shut down, denying service to legitimate users or systems. Solutions: ➢ Implement technology to monitor networks visually and know how much bandwidth a site uses on average. DDoS attacks offer visual clues so administrators who understand the normal behaviors of their networks will be better able to catch these attacks. ➢ Ensure servers have the capacity to handle heavy traffic spikes and the necessary mitigation tools necessary to address security problems. ➢ Update and patch firewalls and network security programs. ➢ Set up protocols outlining the steps to take in the event of a DDoS attack occurring.
Figure 9 : Ransomware In a ransomware attack, the victim's computer is locked, typically by encryption, which keeps the victim from using the device or data that's stored on it. To regain access to the device or data, the victim has to pay the hacker a ransom, typically in a virtual currency such as Bitcoin. Ransomware can be spread via malicious email attachments, infected software apps, infected external storage devices and compromised websites. Solutions: To protect against ransomware attacks, users should regularly back up their computing devices and update all software, including antivirus software. Users should avoid clicking on links in emails or opening email attachments from unknown sources. Victims should do everything possible to avoid paying ransom. Organizations should also couple a traditional firewall that blocks unauthorized access to computers or networks with a program that filters web content and focuses on sites that may introduce malware. In addition, limit the data a cybercriminal can access by segregating the network into distinct zones, each of which requires different credentials.
Figure 11 : Advanced persistent threat attacks An advanced persistent threat (APT) is a targeted cyberattack in which an unauthorized intruder penetrates a network and remains undetected for an extended period of time. Rather than causing damage to a system or network, the goal of an APT attack is to monitor network activity and steal information to gain access, including exploit kits and malware. Cybercriminals typically use APT attacks to target high-value targets, such as large enterprises and nation-states, stealing data over a long period. Solutions: ➢ Detecting anomalies in outbound data may be the best way for system administrators to determine if their networks have been targeted. ➢ Indicators of APTs include the following: ➢ Unusual activity on user accounts; ➢ Extensive use of backdoor Trojan horse malware, a method that enables APTs to maintain access; ➢ Odd database activity, such as a sudden increase in database operations involving massive amounts of data; and ➢ The presence of unusual data files, possibly indicating that data that has been bundled into files to assist in the exfiltration process.
Figure 12 : Malvertising Malvertising is a technique cybercriminals use to inject malicious code into legitimate online advertising networks and web pages. This code typically redirects users to malicious websites or installs malware on their computers or mobile devices. Users' machines may get infected even if they don't click on anything to start the download. Cybercriminals may use malvertising to deploy a variety of moneymaking malware, including cryptomining scripts, ransomware and banking Trojans. Some of the websites of well-known companies, including Spotify, The New York Times and the London Stock Exchange, have inadvertently displayed malicious ads, putting users at risk. Solutions: ➢ To prevent malvertising, ad networks should add validation; this reduces the chances a user could be compromised. Validation could include: Vetting prospective customers by requiring legal business paperwork; two-factor authentication; scanning potential ads for malicious content before publishing an ad; or possibly converting Flash ads to animated gifs or other types of content. ➢ To mitigate malvertising attacks, web hosts should periodically check their websites from an unpatched system and monitor that system to detect any malicious activity. The web hosts should disable any malicious ads. ➢ To reduce the risk of malvertising attacks, enterprise security teams should be sure to keep software and patches up to date as well as install network antimalware tools.