Cybersecurity CS100 PROFESSOR SULTANA GMU CS Dept Slides Adapted from Dr Zaman Computer Crime Forms of Computer Crime Computer Crime Malicious Programs DoS Denial of Service Rogue Wi Fi hotspots Data Manipulation Identity Theft Internet Scams Cyberbullying Description Include viruses worms and Trojan horses Causes computer systems to slow down or stop Imitate legitimate Wi Fi hotspot in order to capture personal information Involves changing data or leaving prank messages Is illegal assumption of a person s identity for economic gain Are scams over the Internet usually initiated by e mail and involving phishing Is using the Internet smartphones or other devices to send post content intended to hurt or embarrass another person Types of Internet Scams Type Chain Letter Auction Fraud Vacation Prize Advance Fee Loans Description Classic chain letter instructing recipient to send a nominal amount of money to each of five people on a list The recipient removes the first name on the list adds his or her name at the bottom and mails the chain letter to five friends This is also known as a pyramid scheme Almost all chain letters are fraudulent and illegal Merchandise is selected and payment is sent Merchandise is never delivered Free vacation has been awarded Upon arrival at vacation destination the accommodations are dreadful but can be upgraded for a fee Guaranteed low rate loans available to almost anyone After applicant provides personal loan related information the loan is granted subject to payment of an insurance fee Examples of Known Attacks Known Attacks LinkedIn scams have been popping up across the U S that upon first glance look like legitimate e mails but be careful what links you are clicking on and who you are connecting with When you do receive a LinkedIn invitation it is best to log into to your LinkedIn account not using the link in the e mail but through your browser and then accept invitations you have received directly from the LinkedIn website Known Attacks Keylogger software is a type of spyware and is extremely dangerous because the keylogger spyware can log your keystrokes as you type them and then send the keystrokes your login IDs passwords account numbers etc directly to cybercriminals terrorists or identity thieves who could then login as YOU Known Attacks Buying more than you paid for Ever find something on Amazon for a price that seems too good to be true It might be A 2016 investigation found that some Closed circuit TV surveillance hardware sold on Amazon came with pre installed malware The pre installed malware had the ability to hijack video feeds and share the data over the web Be aware as next generation spyware will continue to show up where you might not expect it Known Attacks In 2022 the largest ever distributed denial of service DDoS attack on Google Cloud took place which also affected Cloudflare and Amazon Web Services In 2016 a Botnet attack on Brian Krebs a well respected security reporter led to a massive distributed DDoS attacks The attack included hundreds of thousands of devices connected to the Internet such as routers IP cameras DVRs printers and computers sitting online unprotected Together they were used to send an overload of data to Krebs that caused the DDoS attack Sources have named this particular attack Mirai and its code was later published on hacker sites The best way to keep your device from being part of a DDoS attack is to make sure your Internet connected devices are not using default login and password settings the main takeover targets of these types of botnets Exam next week Thurs Nov 14 o Python functions SEO Algorithm vs Heuristics basic networking copyright patent info linux commands and purpose encryption Cesar Vigenere malware known attacks cybersecurity Final Exam Date Dec 17 4 30 to 7 15 Late work amnesty policy Class Participation Lecture Agenda Class Participation 14 In Zeus create a python file titled classparticipation14 py oWrite and define a function called def area triangle base height oMake sure to have return statement Encode the phrase MEETMEATNOON using a Caesar cipher with a shift of 4 Decode the message TFDSFU using a Caesar cipher with a shift of 1 Encode the following phrase EXAMTIME using the Vigen re cipher with the key TRY Known Attacks Bots and botnets have been utilized in global identity from their personal theft unknowing victims and sending information directly to identity thieves stealing personal information rings Known Attacks to enable Crimeware can be any software program or group of programs designed illegal activity online Crimeware is designed to do a lot of things including stealing personal information such as passwords account numbers credit card numbers PINs and sensitive organizational information The cost of cybercrime losses continues to rise and some experts estimate the global loss total to be over 100 billion Known Attacks Digital virtual currencies Bitcoin Perhaps the first widely used cryptocurrency Bitcoins are a digital asset and used as an online payment system Unfortunately as is with many other technologies bitcoins are also used by cybercriminals to both execute illegal transactions and launder profits Digital currencies are enabling new and previously unseen levels of criminal activity Many digital currency transactions can be executed anonymously allowing criminals to offer illicit goods and services for sale in transactions that would normally be transparent to law enforcement Bitcoin mining malware is a related threat that is infecting PCs and systems globally Known Attacks In 2020 The University of California at San Francisco files recover ransom to UCSF paid 1 14M encrypted by a ransomware In 2021 CNA Financial rumored to have paid 40M to restore control of its computer systems Known Attacks Known scareware techniques include exploiting software updates like Adobe Acrobat and Flash player These attacks were specifically targeted at Mac Users when the cybercriminals found a way to exploit vulnerabilities in OS X Gatekeeper and allow malicious code to slide past Apple s defenses A victim may visit a new site and immediately receive a notification to update his her current software and then a free download link is provided Beware of this trap If you do not recognize the website you would be downloading the software from chances are it is scareware and not a real update Always go to the official real website of the software to download any updates if they are