Cyber Attack Cyber attack : * Acyber attack is any type of offensive action that targets computer information systems, computer networks or personal computer devices, using various methods to steal, alter or destroy data or information systems. Motives for Cyber Attacks This is the most likely reason an organization get attacked. * Business’ financial details * Customers' financial details (eg credit card data) * Sensitive personal data * Customers' or staff email addresses and login credentials * Customer Databases * Clients Lists * ITinfrastructure * ITservices (eg the ability to accept online payments) * Intellectual Property (eg trade secrets or product designs)Common Cyber Attacks The different types of cyber attacks Cyber crime worldwide cost $400 billion in 2015 and is forecast to reach $2 trillion in 2019° Se theway > — ons... () computer Somes Domain a 5 WWW | m \ : L . ae | te OC susie " \\Injects malicious code / Malicious software" sucilas Hackers insert themselves imoaweseadich ransomware, designed between your computer targets the visitor's Gaomogestenttor” | andthewebsever "| meet computer system / ~~” Cenops tao mabe 3 Sseyer argo cata, Fake official emails (bank, Paypal) such as credit cards link to fake websites, where victims: Distributed Denial of Service: numbers, usernames: ‘og in, giving up their passwords network of computers overload ‘Source: Techterms com, Lyd of Landon, Forbes" a server with data, shutting it down onFP Types of cyber attack Types of cyber attack To achieve those goals of gaining access or disabling operations, a number of different technical methods are deployed by cybercriminals. * Phishing * Malware * Denial of service * Man inthe middle * Cryptojacking * SQL injection * Zero-day exploitsPhi ng Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site. Malware *Malware: A software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. *Stealing information from computer without your knowledge *In Spanish, "mal" is a prefix that means "bad," making the term “badware,“ Gr) Gen) é Malware. \ Denial-of-Service (DoS) *A DoS is an attack meant to shut down a machine or network, making it inaccessible to its intended users. These exhaust computer power, memory capacity or communication bandwidth of their targets so that they are rendered unavailable.Man-in-the-Middle Attack (MIMT) (MITM) is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other SQL Injection Attack * SQL injection is a code injection technique, used to attack data- driven applications, in which malicious SQL statements are inserted into an entry field for execution. * Vulnerabilities — Human Vulnerabilities — Protocol Vulnerabilities — Software Vulnerabilities — Configuration Vulnerabilities * Defence Strategies and Techniques — Access control : Authentication an Authorization — Data Protection — Prevention and Detection — Response, Recovery and ForesenicsCryptography : Is a method of protecting information and communication through use of codes so that only those for whom the information is intended can read and process it. Encryption is the process of converting normal message (plaintext) into meaningless message = (Ciphertext). Whereas Decryption is the process of converting meaningless message (Ciphertext) into its original form (Plaintext). Encryption Decryption Piaintext Plaintext | »([Ciphertext { >| Key Key