Ethics in Information Technology3

Download as pdf or txt
Download as pdf or txt
You are on page 1of 29

CYBERATTACKS AND CYBERSECURITY

1 Computer Ethics and Society Eng.Hashim Al Atefi


Objectives
As you have finished this lecture, you should consider the following
questions:
• Why are computer incidents so prevalent, and what are their
effects?
• What can be done to implement a strong security program to
prevent cyber attacks?
• What actions must be taken in the event of a successful security
intrusion?

2 Computer Ethics and Society Eng.Hashim Al Atefi


The Threat Landscape
• Business managers, IT professionals, and IT users all face a number
of complex trade-offs when making decisions regarding IT security,
such as the following:
o How much effort and money should be spent to safeguard
against computer crime? (In other words, how safe is safe
enough?)
o What should be done if recommended computer security
safeguards make conducting business more difficult for
customers and employees, resulting in lost sales and
increased costs?
o If a firm is a victim of a cybercrime, should it pursue
prosecution of the criminals at all costs, maintain a low profile
to avoid the negative publicity, inform affected customers, or
take some other action?

3 Computer Ethics and Society Eng.Hashim Al Atefi


Why Computer Incidents Are So Prevalent?

• increasing computing complexity,


• expanding and changing systems,
• increase in the prevalence of bring your own device (BYOD) policies,
• a growing reliance on software with known vulnerabilities,
• increasing sophistication of those who would do harm

4 Computer Ethics and Society Eng.Hashim Al Atefi


Why Computer Incidents Are So Prevalent? (Cont.)

Increasing Complexity Increases Vulnerability


• Computing environments have become enormously complex:
o Cloud computing,
o networks,
o computers,
o mobile devices,
o virtualization,
o operating systems,
o applications,
o websites,
o switches, routers, and gateways

5 Computer Ethics and Society Eng.Hashim Al Atefi


Why Computer Incidents Are So Prevalent? (Cont.)
Expanding and Changing Systems Introduce New Risks
• Businesses have moved quickly into:
o e-commerce,
o mobile computing,
o collaborative work groups,
o global business, and
o inter-organizational information systems
o Information technology has become ubiquitous and is a
necessary tool for organizations to achieve their goals.
o However, it is increasingly difficult for IT organizations to
keep up with the pace of technological change
• An ongoing assessment of new security risks, and implement
approaches for dealing with them.

6 Computer Ethics and Society Eng.Hashim Al Atefi


Why Computer Incidents Are So Prevalent? (Cont.)
Increasing Prevalence of (BYOD) Bring Your Own Device Policies
• Bring your own device (BYOD):
o is a business policy that permits, and in some cases encourages,
employees to use their own mobile devices to access company
computing resources and applications, including email, corporate
databases, the corporate intranet, and the Internet.
o This practice raises many potential security issues as it is highly
likely that such devices are also used for no work activity that
exposes them to malware much more frequently than a device used
strictly for business purposes.
o malware may then be spread throughout the company.
o many users do not use password to protect their laptops, tablets,
and smartphones or set the timeout to automatically lock the
device after a few minutes of not being used.
o All these create an environment ripe for potential security
problems.

7 Computer Ethics and Society Eng.Hashim Al Atefi


Why Computer Incidents Are So Prevalent? (Cont.)
Growing Reliance on Commercial Software with Known Vulnerabilities
 In computing, an exploit is an attack on an information system that
takes advantage of a particular system vulnerability

8 Computer Ethics and Society Eng.Hashim Al Atefi


Why Computer Incidents Are So Prevalent? (Cont.)
Increasing Sophistication of Those Who Would Do Harm

9 Computer Ethics and Society Eng.Hashim Al Atefi


Types of Exploits

There are numerous types of computer attacks, with new


varieties being invented all the time:
• ransomware, viruses, worms , and Trojan horses
• blended threats, Spam
• distributed denial-of-service (DDoS) attacks
• Rootkits, advanced persistent threats
• phishing and spear phishing, smishing and vishing
• Cyberespionage, and cyberterrorism.

Computer Ethics and Society


10
Eng.Hashim Al Atefi
Types of Exploits (Cont.)
• Ransomware is malware that stops you from using your
computer or accessing your data until you meet certain
demands, such as paying a ransom or sending photos to the
attacker.
• A computer becomes infected with ransomware when a user
opens an email attachment containing the malware or is lured
to a compromised website by a deceptive email or pop-up
window.
• Ransomware can also be spread through removable USB
drives or by texting applications such as Yahoo Messenger,
with the payload disguised as an image.

11 Computer Ethics and Society Eng.Hashim Al Atefi


Types of Exploits (Cont.)
• A virus is a piece of programming code, usually disguised as something
else, that causes a computer to behave in an unexpected and usually
undesirable manner..
o Almost all viruses are attached to a file, meaning the virus exe-
cutes only when the infected file is opened.
o A virus is spread to other machines when a computer user shares
an infected file or sends an email with a virus-infected attachment
o In other words, viruses are spread by the action of the “infected”
computer user.
• A Worm is a harmful program that resides in the active memory of the
computer and duplicates itself
o Worms differ from viruses in that they can propagate without
human intervention
o replicating itself on your computer so that it can potentially
send out thousands of copies of itself to everyone in your email
address book

12 Computer Ethics and Society Eng.Hashim Al Atefi


Types of Exploits (Cont.)
• A Trojan Horse is a seemingly harmless program in which malicious code
is hidden. (e.g. update for software the user currently has installed on his
or her computer)
o A Trojan horse often creates a “backdoor” on a computer that
enables an attacker to gain future access to the system and
compromise confidential or private information. How can A
Trojan horse be delivered?
o Another type of Trojan horse is a logic bomb, which executes
when it is triggered by a specific event
• A blended threat is a sophisticated threat that combines the features of a
virus, worm, Trojan horse, and other malicious code into a single payload.
• might use server and Internet vulnerabilities to initiate and then transmit
and spread an attack on an organization’s computing devices, using
multiple modes to transport itself, including email, Internet Relay Chat
(IRC), and file-sharing networks.

13 Computer Ethics and Society Eng.Hashim Al Atefi


Types of Exploits (Cont.)

Email spam is the use of email systems to send unsolicited email to large
numbers of people.
• Most spam is a form of low-cost commercial advertising, sometimes for
questionable products such as pornography, phony get-rich-quick
schemes, and worthless stock.
• Sinister side of spam?
• Positive side of spam?

14 Computer Ethics and Society Eng.Hashim Al Atefi


Types of Exploits (Cont.)
• A distributed denial-of-service (DDoS) attack is one in which a
malicious hacker takes over computers via the Internet and
causes them to flood a target site with demands for data and
other small tasks.
• The term botnet is used to describe a large group of such
computers, which are controlled from one or more remote
locations by hackers, without the knowledge or consent of
their owners.
• The botnet computers (called zombies) go into action, each
sending a simple request for access to the target site again
and again—dozens of times per second.
• The target computers become so overwhelmed by requests
for service that legitimate users are unable to get through to
the target computer.
15 Computer Ethics and Society Eng.Hashim Al Atefi
Types of Exploits (Cont.)
A rootkit is a set of programs that enables its user to gain administrator-level
access to a computer without the end user’s consent or knowledge.
• Some symptoms of rootkit infections:
o The computer locks up or fails to respond to input from the keyboard
or mouse.
o The screen saver changes without any action on the part of the user
o The taskbar disappears.
o Network activities function extremely slowly.
• Actions:
o reformat the disk
o reinstall the operating system and all applications
o and reconfigure the user’s settings

16 Computer Ethics and Society Eng.Hashim Al Atefi


Types of Exploits (Cont.)

An advanced persistent threat (APT) is a network attack in which an intruder


gains access to a network and stays there—undetected—with the intention of
stealing data over a long period of time (weeks or even months).
• An APT attack advances through the following five phases:
1. Reconnaissance
2. Incursion ( spear phishing
3. Discovery
4. Capture
5. Export

17 Computer Ethics and Society Eng.Hashim Al Atefi


Types of Exploits (Cont.)
Phishing is the act of fraudulently using email to try to get the recipient to
reveal personal data

Example of phishing Email

18 Computer Ethics and Society Eng.Hashim Al Atefi


Types of Exploits (Cont.)
Spear phishing is a variation of phishing in which the
phisher sends fraudulent emails to a certain
organization’s employees.
• The phony emails are designed to look like they
came from high-level executives within the
organization.
 Employees are directed to a fake website and then
asked to enter personal information, such as
name, Social Security number, and network
passwords.
 Botnets have become the primary means for
distributing phishing scams.
19 Computer Ethics and Society Eng.Hashim Al Atefi
Types of Exploits (Cont.)
Smishing and Vishing
• Smishing is another variation of phishing that involves the use of texting.
• In a smishing scam, people receive a legitimate-looking text message telling
them to call a specific phone number or log on to a website.
• Vishing is similar to smishing except that the victims receive a voice-mail
message telling them to call a phone number or access a website.
Cyberespionage
• Cyberespionage involves the deployment of malware that secretly steals data
in the computer systems of organizations, such as government agencies,
military contractors, political organizations, and manufacturing firms.
• High-value data include the following:
o Sales, marketing, and new product development plans, schedules, and
budgets
o Details about product designs and innovative processes
o Employee personal information
o Customer and client data
o Sensitive information about partners and partner agreements

20 Computer Ethics and Society Eng.Hashim Al Atefi


Types of Exploits (Cont.)
Cyberterrorism
• Cyberterrorism is the intimidation of government or
civilian population by using information technology
to disable critical national infrastructure (for
example, energy, transportation, financial, law
enforcement, and emergency response) to achieve
political, religious, or ideological goals.

• It is an increasing concern for countries and


organizations around the globe.

21 Computer Ethics and Society Eng.Hashim Al Atefi


How organizations can take steps to implement a trustworthy
computing environment to defend against such attacks

The CIA Security Triad

22 Computer Ethics and Society Eng.Hashim Al Atefi


Intrusion Detection System

23 Computer Ethics and Society Eng.Hashim Al Atefi


Implementing CIA at the End-User Level

24 Computer Ethics and Society Eng.Hashim Al Atefi


Critical Thinking Exercise: How secure is your organization

• Review and answer the security questions in previous slide.


Based on this self-assessment, what changes do you need to
make in order to better protect the security of your (or your
organization’s) information systems and data?

25 Computer Ethics and Society Eng.Hashim Al Atefi


RESPONSE TO CYBERATTACKS
• An organization should be prepared for the worst
• A response plan should be developed well in advance of any incident
and be approved by both the organization’s legal department and senior
management.
• A well-developed response plan helps keep an incident under technical
and emotional control
• Response Plan Elements:
o Incident Notification
o Protection of Evidence and Activity Logs
o Incident Containment
o Eradication
o Incident Follow-Up
o Using an (MSSP) managed security service provider
o Computer Forensics

26 Computer Ethics and Society Eng.Hashim Al Atefi


RESPONSE TO CYBERATTACKS

27 Computer Ethics and Society Eng.Hashim Al Atefi


RESPONSE TO CYBERATTACKS

28 Computer Ethics and Society Eng.Hashim Al Atefi


Critical Thinking Exercise: Selecting an MSSP Provider

• Your team has been assigned responsibility to


identify an appropriate MSSP provider for a
small, rural hospital. What criteria will you use
to select an appropriate provider? Do research
online to identify three MSSP providers. Use
the criteria you established to rate each of the
three, and choose the one that would be best
for the hospital.

Computer Ethics and Society


29
Eng.Hashim Al Atefi

You might also like