Copyright © 2021 Kyle J. Dise All rights reserved. No part of this book may be reproduced in any form without the express written permission of the copyright owner, except for the use of brief excerpts in reviews. For permission requests, contact Kyle J. Dise via email at kdise@protonmail.com. Disclaimer: The opinions expressed in this book are for general information purposes only and should not be relied upon for making business, legal, or other decisions. Opinions expressed are the author's and are based on research using sources believed to be reliable. The author is not responsible or liable for the accuracy and completeness of any information provided. Furthermore, the author accepts no responsibility for any damage, risk, or loss that results directly or indirectly from the use of information presented in this book.
Table of Contents Part I: What is a Cyberattack? . . . . . . . . . . . . . . . . . . . . . . . . 2 Part II: Types of Cyberattacks . . . . . . . . . . . . . . . . . . . . . . . . 8 Part III: Security Tips to Deter Cyberattacks . . . . . . . . . . . . . . . 28 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40 Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Introduction The Illustrated Cyberattack Field Guide aims to be a guide that will introduce readers to cyberattacks, how they work, and how to protect oneself from falling victim to one. We live in a digital world where so much of our infrastructure and personal information is online, and as a result, criminals have taken to the digital realm as well to carry out cybercrimes. As time has progressed, news headlines about major cyberattacks and data breaches are more and more commonplace. Not only are they happening more often, but they are becoming bigger in scale and causing greater damages. When infrastructural facilities like hospitals or energy plants are targeted, a much broader range of people are affected and one day it could even impact you, your family, and your friends.
In addition to attacks on infrastructure and business, smaller attacks are being carried out on individuals, which means strong personal security practices should be a priority now more than ever. Thankfully, there are now safer and easier ways to manage the security of your devices and accounts. The goal of this book is to educate readers on the kinds of cybersecurity threats that exist and to teach them digital self-defense practices. Readers will develop an understanding of the threats they face and the steps to take to avoid falling victim to one.
1
PART I
What is a Cyberattack?
Part I: What is a Cyberattack?
3
We live in a world where computers are involved in countless aspects of our lives, and as public infrastructure, business, and even personal life are all now able to benefit from digital technology, so too is crime. Cyberattacks happen so often now that it almost seems like it has become commonplace to see news headlines about information being leaked in data breaches or organizations having their operations interfered with by malware. Not only are attacks happening more often, but they are becoming bigger in scale and causing greater damages to governments, businesses, and even individuals. But what, exactly, are cyberattacks? Cyberattacks are acts intended to illicitly access, control, damage, or interfere with a computer information system like a personal computer, smartphone, server, or network (IBM, n.d.; National Institute of Standards and Technology [NIST], 2021). They can be as small as looking at someone’s emails when a computer is left open at their desk, or as big as interfering with systems that control a whole nation’s infrastructure. With how much our personal lives rely on digital technology, strong cybersecurity practices should be a priority now more than ever, and the first step to protect oneself from cyberattacks is to understand some of the common types of threats.
4
The Illustrated Cyberattack Field Guide
What Is Not a Cyberattack? “Cyberattack” is an interesting word. Some spell it with a space, as “cyber attack,” whereas others spell it as one word. To someone unfamiliar with cyberattacks, it may sound like some kind of sci-fi robot attack. But despite the cool scenarios seen in sci-fi movies, when we say “cyberattack,” we are not referring to robots with laser swords or to artificially intelligent programs at war with each other. In addition, there are many contexts where the word “attack” means very different things. So, while the following scenarios may be considered types of attacks, i.e. personal attacks, and are conducted via cyberspace, they are not what we mean when using the word “cyberattack.” ■ ■ ■
■
Heated debates in an online forum Rude comments left on social media posts Hateful messages from Internet trolls and cyberbullies An attack on an enemy team in an online video game
When we discuss cyberattacks in this book, what we really mean are the various types of illicit tampering with computers and other devices. It is a more narrowly defined term than an “attack” in the traditional sense.
Robots with laser swords: cool, but not cyberattacks.
5
You can think of white hack hackers as the "good guys" and black hat hackers as the "bad guys" of hacking.
6
Why Are Cyberattacks Conducted? The motivations behind cyberattacks vary for each particular attack, but some motives are more common than others. One of the more common motivations is to seek financial gain, but there are also many other reasons why people engage in cyberattacks, including espionage, activism, and attacking adversaries (Intel Security and Privacy Office, 2015; Mark, 2020; Northern Ireland Cyber Security Centre, n.d.). There are also sometimes more personal motivations behind cyberattacks such as revenge, seeking notoriety, or even just testing one’s own abilities (Intel, 2015; Mark, 2020). Not all methods involved in cyberattacks are used for exclusively malicious purposes. For example, while the term “hacker” can often be used to describe someone committing cyberattacks, there are also many legitimate and ethical reasons for hacking. Hackers can often be categorized into three categories: white hats, black hats, and grey hats (NortonLifeLock, 2017). White Hats White hat hackers are what are considered “ethical hackers,” and only hack systems that they have permission to attack (NortonLifeLock, 2017). They utilize their knowledge of cybersecurity and cyberattacks to hack a system in order to find ways to improve its security. They are often hired by companies and organizations to find security
flaws in their computing infrastructure so that they can then fix them before a malicious actor finds and exploits them. Black Hats Black hat hackers differ from white hat hackers because their defining feature is that they are typically malicious in intent and hack illicitly. Their motive often relates to personal gain at the expense of the safety and security of others. When you see harmful cyberattacks in the news or in movies, the hacker behind them is oftentimes what you would consider a black hat hacker. Grey Hats Grey hat hackers are those who fall in between the lines of black hats and white hats. They may or may not have malicious intent, but a basic way to think of them is that they are typically not as explicitly malicious as black hat hackers yet they do not play by the rules like white hat hackers. Some may engage in cyberattacks for reasons that aren’t necessarily maliciously motivated but may still be unethical or illegal (NortonLifeLock, 2017). Some of the types of grey hats include Internet activists (“hacktivists”) and people who hack for personal enjoyment. Hackers who have good intentions, like helping find security flaws, but do so illicitly, are another kind of grey hat hacker (NortonLifeLock, 2017). An easy, though generalized, way of remembering them is that they are often hacking in a way that is more morally grey than white hats and black hats. Part I: What is a Cyberattack?
7
PART II
Types of Cyberattacks
There are countless types of cyberattacks and new ones are always being developed and discovered. Some attacks work by taking advantage of bugs found in software, whereas some utilize programs or other tools that were made specifically for malicious use. In some cases, cyberattacks do not even require any special software or tools and rely only on social engineering, by tricking victims into sharing sensitive information like passwords.
Malware The word “malware” comes from shortening the term “malicious software” and describes numerous kinds of programs. They harm victims by doing things like stealing data, corrupting files, spying on user activities, or even controlling their device. The common types of malware tend to fall into one of a handful of categories, with some being defined by the particular way that they allow malicious programming to access a system, whereas some categories are defined by the actual functions carried out by them. For example, a trojan horse is defined by the delivery method it uses to deliver and activate malicious programming, whereas spyware is defined by its functionality to gather information on the victim. So, if a trojan horse delivers malicious programming that collects information on a victim, then the attack would be considered both a trojan horse and spyware.
10
The Illustrated Cyberattack Field Guide
Since some categories are defined by the way that they deliver malicious code, and therefore can ultimately have a myriad of different malicious functions, the upcoming descriptions for those categories will focus on more how they deliver malicious programming rather than explaining the potential malicious functions they carry. So, when we say a particular type of malware has malicious programming, functions, or code, we mean that it could potentially be capable of having one of many types of malicious functions, including but not limited to the illicit access, control, damage, or interference with a victim’s computer. Virus If your computer gets a virus, you can rest assured it will not have a cough and chills. Though if it overheats, an argument could be made for it getting a fever. Jokes aside, viruses are one of the well-known types of malware. They are malicious programs that hide within legitimate programs or files and are activated when a victim opens the host program that it is attached to. Upon activation, viruses start replicating by modifying other files to insert their own malicious code.
Computer viruses may sound sickly, but rest assured your computer will not have a fever and chills.
11
12
Worm Worms, according to NIST (2021), are a type of self-replicating program that spreads to other computers by using network capabilities. Unlike viruses, which attach themselves to a host program, NIST states that worms are independent programs that can activate without any user intervention. One of the earliest major incidents involving a computer worm was in 1988, when the Morris worm hit around 6,000 computers within the first day of being activated (Federal Bureau of Investigation [FBI], n.d.). The Morris worm did not actually carry out any intentionally malicious functions, however, even non-malicious worms can cause damage by greatly slowing down systems (FBI, n.d.).
Part II: Types of Cyberattacks
13
Trojan Horse Trojan horses, also called trojans, are programs that appear to be legitimate software but actually have malicious functions (NIST, 2021). One of the advantages a trojan horse has in a cyberattack is that a victim might give it more system permissions and access thinking that a legitimate program requires them. They may sound similar to viruses, and they do similarly require a victim to open a program in order for the malware to activate, but one of the differences is that trojans do not self-replicate. They are named after the legendary Trojan Horse, a hollow wooden horse that was said to have been used in the Trojan War, in which Greek soldiers hid inside of and then attacked from after the Trojans brought the horse back to Troy (The Editors of Encyclopaedia Britannica, 2018). The similarity to the legend comes from the way that trojans are disguised as a legitimate program in order to trick the victim into giving it system access, not realizing they are actually giving that access to malware, which mirrors the way that the Trojan soldiers brought the wooden horse into their city not realizing they were bringing in Greek soldiers.
14
The Illustrated Cyberattack Field Guide
15
Ransomware Ransomware is kind of attack that has seen a large increase in the past decade and has been involved in many major cyberattacks such as the WannaCry cyberattack in 2017, which quickly infected over 250,000 machines across 150 countries (McAfee, 2017). It holds a victim’s data for ransom by encrypting it until a fee is paid to the attacker (Volynkin, Morales, & Horneman, 2017), usually in the form of a cryptocurrency like bitcoin. If the ransom is not paid, then the data will be corrupted, or in some cases the attacker threatens to steal the data and publish it online. Botnets A botnet, from the words “robot” and “network,” is when an attacker gains control over many separate computers and organizes them into a network to illicitly use for other activities (NIST, 2021). There are many different reasons why an attacker might want to organize a botnet, as some of the possible uses for it could be to distribute malware to spread further, mining cryptocurrency, or conducting a distributed denial-of-service attack (Regan, 2021).
16
The Illustrated Cyberattack Field Guide
Denial-of-Service Attack Denial-of-service (DoS) attacks aim to disrupt a network in order to make it inaccessible to its users (Cross & Shinder, 2008). In order to make the network malfunction, attackers flood it with traffic until it crashes (Cybersecurity and Infrastructure Security Agency [CISA], 2019) and therefore can no longer provide access to users. Distributed Denial-of-Service Attack A distributed denial-of-service (DDoS) attack uses multiple computers to carry out the attack, often utilizing a botnet to do so (CISA, 2019). As mentioned earlier, a botnet refers to when an attacker is controlling an organized network of computers, which is something that could provide many advantages to an attacker hoping to carry out a DDoS attack. In addition to being able to flood a network with even exponentially greater amounts of traffic, using a botnet in a DDoS attack would also help hide the identity of the attacker since the attack cannot be traced back to just one machine (CISA, 2019).
Ransomware locks up your files and demands money to release them. Worse, some types even destroy your files.
Part II: Types of Cyberattacks
17
Be aware of the many types of sensors on your device and the types of data they could gather if hijacked by a malicious party. 18
The Illustrated Cyberattack Field Guide
Spyware Spyware, as its name implies, spies on its victims and then sends the collected data back to the attacker. One form of spyware is a key logger, which tracks all the keystrokes typed into a device in order to collect passwords, messages, and any other information typed by the user. Sometimes spyware goes further and hijacks sensors on a device, such as using a computer’s camera to watch or record the victim or listening in through the microphone. Rootkit Rootkits, according to NIST (2021), are a set of tools that can be used by an attacker to hide their activities on the machine they are attacking and maintain administrative access. In order to install a rootkit, the attacker must first gain administrative privileges on the victim’s machine by other means, such as installing a backdoor through a trojan horse or obtaining their password using spyware or a successful password attack. Another way of describing administrative privileges is to use the superuser, root, admin, or supervisor account. So, an easy way to remember rootkits is to think of them as a kit of tools used for illicitly maintaining rootlevel access on a computer.
Part II: Types of Cyberattacks
19
20
Phishing Phishing is a type of social engineering where attackers try to trick users into providing sensitive information like passwords. Some ways attackers do this are by pretending to be a trusted contact or organization and asking them to send personal information. For example, attackers sometimes fabricate emails from social media sites that tell the receiver that they need to log in to fix some issue with their account. But when they type in their username and password, it actually sends them to the attacker. Phishing attacks are often sent en masse in hopes that at least a handful of recipients will be tricked, but when a phishing attack is more narrowly targeted to a particular person, group, or organization, it is called spear phishing (NIST, 2021).
Part II: Types of Cyberattacks
21
Code injection attacks involve an attacker finding a way to inject malicious code into a website or program.
22
The Illustrated Cyberattack Field Guide
Code Injection Code Injection attacks involve inserting malicious code into a program in order to modify its functions or gain control over it. Typically, the code is injected by exploiting vulnerabilities in a program that unintentionally allow a user to make modifications to its underlying code. In some cases, this can allow an attacker to retrieve sensitive information from a program’s backend, while in other cases malicious code can be delivered directly to other users. Structured Query Language Injection Structured Query Language (SQL) is a widely used programming language that is used for managing relational databases (Oppel, 2015). It can serve as a very powerful tool to organize sets of data for all kinds of uses, and as a result there are many programs that rely on SQL for functionality. However, such programs can be potentially vulnerable to SQL injection attacks, where attackers are able to exploit it by sending their own commands to the backend of the database (NIST, 2021). Particularly, SQL injection attacks are most commonly targeted at websites utilizing data-driven applications, where attackers try to exploit vulnerabilities that could allow them steal and destroy sensitive data or even gain control of the whole system (University of California, Berkeley Information Security Office [UC Berkeley ISO], n.d.). For an example of what a basic form of this attack might look like, imagine a website with a simple
calendar app that allows users to input a date to see the events scheduled for that day, but an attacker enters an input that tricks the calendar app in a such a way that it allows them to add their own code to the program using the input field. Luckily, there are some ways that can help prevent an application from being vulnerable to SQL injection attacks, such as having proper configuration of the database and user privileges, keeping all the components updated with security patches, and filtering the ways that users are allowed to provide input (UC Berkeley ISO, n.d.). Cross-Site Scripting Cross-site scripting (XSS) is a kind of attack where attackers exploit a website to inject malicious code that is then delivered to other visitors (University of Washington Office of the Chief Information Security Officer [UW CISO], 2019). The malicious code activates because the victims’ web browser is tricked to make it seem like the code is coming from a trusted website (MDN Contributors, 2021). An attacker can write their code to do many different functions, such as having it send a victim’s sensitive information to the attacker or redirecting them to another malicious website (MDN Contributors, 2021). For example, a website that allows user-submitted content could have a vulnerability that allows an attacker to submit code into that executes when others visit the page.
Part II: Types of Cyberattacks
23
24
Man-In-The-Middle (MITM) Attack
Password Attacks
Man-in-the-middle (MITM) attacks involve an attacker intercepting or altering communications by being “in the middle” of a user and the system they are connecting to (NIST, 2019). They do not literally require the attacker to be physically in the middle of the client and server being targeted, but rather the name is meant to convey the idea that the attacker intercepting communications between two points and is therefore “in the middle” of them. One form of a MITM attack is when an attacker hijacks an unsecured public Wi-Fi network and then collects incoming traffic from all of the other users connected to it (Cisco, n.d.-a).
When an attacker obtains a victim’s password, chances are that they did not get it by a lucky guess. More likely is that they discovered it using one of the types of password attacks. Some methods involve using software that attempts to crack the password and some are like systematic estimated guesses.
The Illustrated Cyberattack Field Guide
Brute Force Brute Force attacks are a well-known type of password attack that tries to run through different combinations of letters, numbers, and symbols until it finds the correct password, sometimes just systematically trying every possible combination (NIST, 2021). If trying to guess a simple four-digit numerical pin, there are 10,000 different possible combinations it could be. This is because there are four digits, each of which is a number from the set of numbers zero through nine (0, 1, 2, 3, 4, 5, 6, 7, 8, 9), which contains ten different numbers. So, you can calculate the number of combinations by multiplying 104, which is equal to 10,000 (Delahaye, 2019). If you are making a password that is eight characters in length, and can use only numbers and lowercase letters, then the total number of combinations is 368, or 2,821,109,907,456. This may be a lot of combinations, but keep in mind that modern computers can guess anywhere from thousands to billions of passwords per second. There is also another form of brute force attacks called a dictionary attack. Instead of running through all possible combinations, dictionary attacks guess passwords using dictionary words and phrases, and can even guess variations based on common passwords (National Cyber Security Centre [NCSC], 2016).
Luckily, there are some easy ways to deter password attacks, such as having a strong, lengthy password. Adding even just a few more characters to your password can make it exponentially stronger against brute force attacks. These attacks can also be deterred by limiting the number of password attempts, which some systems do by temporarily disabling access to an account if too many incorrect guesses are attempted. Credential Stuffing In a credential stuffing attack, attackers make a list of stolen credentials, typically from data breaches and phishing attacks, and then test them against other sites in order to test if they are able to access any accounts (NortonLifeLock, 2021). This attack finds a lot of success in the fact that many people re-use the same password across multiple sites. So, if their credentials got leaked in a data breach on one site, an attacker may add it to their list and try to use it to log in to other accounts.
Part II: Types of Cyberattacks
25
Exploits Exploits are flaws and vulnerabilities that allow an attacker to gain illicit access to a system and are typically caused by software bugs (glitches or malfunctions) in the system (Cisco, n.d.-b). Sometimes a bug can result in unintended side effects that result in new ways for attackers to bypass a system’s security measures. When an exploit is discovered, the solution is typically that the developers will release a patch that fixes the bug that causes it. Zero-Day The term “zero-day exploit” refers to exploits that have just been discovered and which developers have “zero days left” to fix (Stouffer, 2021). The reason for urgency is because they indicate vulnerabilities on products that are already shipped and in use, thus leaving all users vulnerable to being a victim of the exploit until a security patch is made to fix it. Another reason why they are of such great concern is because attackers could have potentially been utilizing the exploit before it was brought to the attention of users and developers.
26
The Illustrated Cyberattack Field Guide
Part II: Types of Cyberattacks
27
PART III
Security Tips to Deter Cyberattacks
Part III: Security Tips to Deter Cyberattacks
29
Exercising Caution
CAUTION!
30
The Illustrated Cyberattack Field Guide
When connecting to the Internet, it is best to be careful about which sites you visit and what files you download in order to avoid falling victim to malware. In addition, it is a good idea to exercise caution about sharing personal information, whether that is personal data or sensitive credentials. For example, entering your credit card number in a malicious site could lead to attackers stealing it for their own use. Even things like personal photos can become dangerous if they are stolen by an attacker, as they could use them to blackmail or impersonate a victim. Before installing countless apps, consider that they may have access to some of the contents of your device, like personal data and account information. When choosing which apps to install, it is recommended to limit it to just the ones you really require and make use of, because having too many extra programs can consume resources and increase the surface area for vulnerabilities. Even when using a device for tasks other than browsing and downloading from the Internet, there are still many security considerations to be aware of, including physical ones. A flash drive or other storage medium from an untrusted source could secretly contain malware that harms your device upon connecting to it. It is also dangerous to leave a computer unattended in an unsecured location, as a malicious passerby could steal information from the device or even install malware on it before you return.
Strong and Unique Passwords To make a strong password, two major considerations should be length and complexity. A long password makes it harder to crack since brute force attacks typically take exponentially greater amounts of time to discover longer passwords. Adding complexity to a password also makes it more resistant to brute force attacks and can be achieved by using a password made up of a combination of numbers, symbols, and both uppercase and lowercase letters.
Attackers know that people often re-use the same passwords, and so they look for credentials from data leaks and then use them to try to log in to more important accounts. For example, if someone had the same username and password on their email account as they did on a small forum, and then the forum is involved in a data breach, attackers may see their credentials and try to use them to sign into their email.
One method for creating and remembering passwords with greater length and complexity is to use a passphrase. Passphrase is a term used to describe a password that includes multiple words to make into a phrase. For example, instead of a password like “Jupiter5,” one could consider using a passphrase like “Jupiter-is-the5th-planet.” To make it even safer, the phrase could be made of random words like “lighthouse-cinnamon-aeroplane,” and uppcercase letters, symbols, and numbers so that it becomes “1Lighthouse#2Cinnamon#3Aeroplane!.” The next step beyond making strong passwords is to use unique passwords, which in this case means passwords that are different from the ones you’ve used on other accounts already. It is advised to not use the same password on multiple accounts, because if even just one of those accounts get compromised, then every other account of yours with the same password should also be considered compromised. Part III: Security Tips to Deter Cyberattacks
31
Using a Password Manager Using a password manager makes it much easier to use unique passwords. In addition, it frees up your memory — your brain’s memory, not your computer’s memory — so that you no longer have to remember tons of different passwords. As a result, you are then free to also make much more complex and difficult passwords if you desire, since you don’t have to worry about memorizing them (your password manager will remember them for you). When using a password manager, just make sure you remember the password to your password database. If you forget it, you might just lose access to all the passwords saved in it, so make sure to memorize it and consider writing it down on a piece of paper stored some place safe and out of the way, just in case you do forget it.
32
The Illustrated Cyberattack Field Guide
Two-Factor Authentication Two-factor authentication (2FA) is a security mechanism that requires a user to have an additional identification measure beyond just a username and password. The most common form of 2FA involves generating a temporary code that a user must enter in order to log in. Some users find 2FA inconvenient, but it is well worth it for the great improvements it brings to security. The reason why new temporary codes are generated each time is because it requires users to have immediate access to the receiving device. Therefore, even if an attacker obtains your password, they still cannot access your account unless they also have access to the device receiving the code. One way that attackers have gotten past this is by using social engineering to trick a cellular provider into giving them control over a victim’s phone number, and then receiving the 2FA code that way. Luckily, there are other ways to receive 2FA codes that are more secure than receiving them via your phone number, such as using an authenticator app or a physical device that generates codes.
Part III: Security Tips to Deter Cyberattacks
33
Encryption Encryption is a feature available in most modern operating systems, and some devices even utilize it by default. When data is encrypted, it basically becomes password protected. The way it works is that data gets algorithmically scrambled in a way that can only be deciphered by entering the correct password. So, if someone tries to access the data without the correct password, they will basically just see unusable gibberish data. To compare it to a non-computing situation, it would be like making a secret code that only you know how to decipher, so that way when you are writing notes no one else will know what you are writing. One of the most common applications of encryption is full disk encryption, which means that the entire disk and all of its contents are encrypted. On a device's primary disk drive, full disk encryption would make it so that the entire system drive, which contains all system files as well as all of the user files that are saved on it, is protected by encryption. In addition to the primary disk, full disk encryption can also be applied to external disks, like flash drives and external hard drives, which would make it so that all the files saved on that external drive would be encrypted and therefore could not be viewed or modified without a password.
34
The Illustrated Cyberattack Field Guide
All major desktop operating systems, Windows, macOS, and Linux, have encryption tools available out-of-the-box. However, depending on your device and settings, the encryption tools may or may not be activated by default. Particularly, some devices ship with full disk encryption enabled by default, but others some require the user to turn it on manually if they wish to enable it. For the three major desktop operating systems, Windows has BitLocker, macOS has FileVault, and Linux has LUKS. These are all tools that can enable full disk encryption for both internal and external storage devices. Full disk encryption is also available on many mobile devices, including Apple iPhones and many Android smartphones. In addition to the tools that come included with operating systems, there are also many options for third-party encryption software, such as Veracrypt, a free and open-source cross-platform encryption tool. Some third-party encryption tools allow for more granular encryption, allowing the user to encrypt individual files or make encrypted containers, which in practice function almost like a folder that encrypts anything that is put inside of it. They also can provide more advanced features like different encryption algorithms and hidden drives.
Full disk encryption makes a drive and all of its files password-protected, helping deter unathorized access.
Part III: Security Tips to Deter Cyberattacks
35
Multiple backups is a great way to keep data safe, even better if each one is in a different format.
36
The Illustrated Cyberattack Field Guide
Backup Backing up data is one the most important actions that can be taken to prevent data loss. Unfortunately, there are many ways in which data can be lost, even without including the threat of cyberattacks. Many unexpected events could lead to data loss, and one such concern is hardware damage. If a device is damaged, whether by a liquid spill or by physical damage, it could lead to the hard drive being damaged or short-circuited. The same applies to external drives as well, and it should be noted that hard disk drives are especially prone to physical damage due to all of the small moving parts inside. Even without any physical damage, all hard drives will eventually fail. The life span varies, where more than half a dozen years is likely the high end of things, though many drives will fail earlier than that. When a drive fails, it will most likely be without warning, which is why having data backed up is important. Backing up data is when one makes a copy of their files to a second location, an extra copy that can be relied upon if the primary copy is lost or damaged. Because there are so many ways data can be lost, backing up is extremely important. If data is lost, and no backup was made, then the files may be lost forever.
Luckily, there are many ways to backup data. The more often files are backed up, and the more separate locations they are backed up to, the safer they are. A backup should be stored on a separate drive, because if your backup is on the same drive and then it fails, both the primary files and the backup will be lost. At the simplest level, a simple copy of files can be made to a separate location. The separate location can be something like an external hard drive, a flash drive, a DVD, or even a cloud storage drive. Nowadays, external hard drives and cloud storage are some of more popular media used for personal backup, but ultimately all storage media have their pros and cons, so it is prudent to do research to find out what the most suitable format for one’s needs is. A simple copy is straightforward, but it is not foolproof. For example, if a file gets corrupted in the primary drive, and it gets backed up, then both the primary drive and the backup drive will have a corrupted file. So, for a more in-depth backup, it can be beneficial to use a system that backs up old versions of files instead of overwriting them. Luckily, Windows and macOS both have a way of backing up files in this way, using File History in Windows and Time Machine in macOS. For more advanced backup approaches, there are many more tools and methods that can be utilized, so it is worth dong further research if one’s backup needs require more options and controls.
Part III: Security Tips to Deter Cyberattacks
37
Antivirus Software Antivirus software is a type of software that helps keep your device free of malware. In addition to malware, it can also help detect and remove potentially unwanted software and changes to your system that may leave your device vulnerable. One of the main techniques used by antivirus software is to by scan your files and compare them against a database of known malware to see if there is a match. Then, it will remove the discovered malware from your system before it causes any further damage. It is a good idea to have antivirus software installed on desktop operating systems to ensure that malware does not infect your device. Some security features come included with operating systems, and Windows additionally has an antivirus scanner and other tools included in its Windows Security app, which is useful since historically Windows has been a major target of malware due to it being the most widely-used desktop operating system in the world. For thirdparty antivirus software, there are many options from different cybersecurity vendors, and while many have similar core functions, some may have additional features to help protect your device. So, it is a good idea to research some of the available options when choosing which software is right for you. While there are many options for paid antivirus software, even free ones can provide you with useful security tools to protect your device. 38
The Illustrated Cyberattack Field Guide
CAUTION!
CAUTION!
Antivirus software scans your device's contents and compares them against a database of known malware to see if they contain any malware. Part III: Security Tips to Deter Cyberattacks
39
Conclusion
Now that you have an idea of the types of cyberattacks that exist, you are better equipped to safely use information technology! While it is nearly impossible to reach a point of being completely immune to cyberattacks, understanding the threats and implementing some safe computing practices can go a long way in avoiding situations that could put you at risk. If you want to explore more ways to protect yourself, there are countless areas to research further, such as firewalls, sandboxes, and system permissions. Stay safe out there!
40
The Illustrated Cyberattack Field Guide
Part III: Security Tips to Deter Cyberattacks
41
Bibliography Cisco. (n.d.-a). What is a cyberattack? Retrieved October 12, 2021, from https://www.cisco.com/c/en/us/ products/security/common-cyberattacks.html. Cisco. (n.d.-b). What is an exploit? Retrieved October 12, 2021, from https://www.cisco.com/c/en/us/ products/security/advanced-malware-protection/what-is-exploit.html. Cross, M., & Shinder, D. L. (2008). Chapter 10 - Understanding Network Intrusions and Attacks. In Scene of the cybercrime (Second Edition, pp. 419–465). Syngress Publishing. Cybersecurity and Infrastructure Security Agency [CISA]. (2019, November 20). Security tip (ST04-015) Understanding Denial-of-Service Attacks. United States Department of Homeland Security. Retrieved October 12, 2021, from https://us-cert.cisa.gov/ncas/tips/ST04-015. Delahaye, J. (2019, April 12). The Mathematics of (Hacking) Passwords. Scientific American. Retrieved from https://www.scientificamerican.com/article/the-mathematics-of-hacking-passwords/. The Editors of Encyclopaedia Britannica. (2018, September 27). Trojan horse. Encyclopedia Britannica. https://www.britannica.com/topic/Trojan-horse. Federal Bureau of Investigation [FBI]. (n.d.). Morris worm. United States Department of Justice. Retrieved October 12, 2021 from https://www.fbi.gov/history/famous-cases/morris-worm. IBM. (n.d.). What is a cyber attack? Retrieved October 12, 2021, from https://www.ibm.com/topics/ cyber-attack. Intel Security and Privacy Office. (2015). Understanding cyberthreat motivations to improve defense [White paper]. Intel. Retrieved October 12, 2021 from https://www.intel.com/content/dam/www/ public/us/en/documents/white-papers/understanding-cyberthreat-motivations-to-improvedefense-paper.pdf. Mark, C. (2020, February 19). Understanding cyber attacker motivations to best apply controls. AT&T Cybersecurity. Retrieved October 13, 2021, from https://cybersecurity.att.com/blogs/securityessentials/understanding-cyber-attacker-motivations-to-best-apply-controls.
42
The Illustrated Cyberattack Field Guide
McAfee. (2017, May 12). “WannaCry” ransomware spreads like wildfire, attacks over 150 countries. McAfee Blogs. Retrieved October 11, 2021, from https://www.mcafee.com/blogs/internetsecurity/wannacry-ransomware-attacks/. MDN Contributors. (2021, May 6). Types of attacks. Mozilla Developer Network Web Docs. Retrieved October 12, 2021, from https://developer.mozilla.org/en-US/docs/Web/Security/Types_of_ attacks#cross-site_scripting_xss. National Cyber Security Centre [NCSC]. (2016, November 23). NCSC Glossary. Government of the United Kingdom. Retrieved October 12, 2021, from https://www.ncsc.gov.uk/information/ncscglossary. National Institute of Standards and Technology [NIST]. (2021, September 7). Computer Security Resource Center - Glossary. NIST Computer Security Resource Center. Retrieved October 11, 2021, from https://csrc.nist.gov/glossary/. Northern Ireland Cyber Security Centre. (n.d.). Cyber threats. Northern Ireland Department of Finance. Retrieved October 13, 2021, from https://www.nicybersecuritycentre.gov.uk/cyber-threats. NortonLifeLock. (2021, October 7). Credential stuffing simplified + attack protection tips. Norton Internet Security Center. Retrieved October 12, 2021, from https://us.norton.com/ internetsecurity-emerging-threats-credential-stuffing.html. NortonLifeLock. (2017, July 24). What is the difference between black, white, and grey hat hackers?. Norton Internet Security Center. Retrieved October 12, 2021, from https://us.norton.com/ internetsecurity-emerging-threats-credential-stuffing.html. Oppel, A. (2015). SQL. McGraw-Hill Education. Regan, J. (2021, August 26). What is a botnet and how can you protect your computer? AVG Signal Blog. Retrieved October 12, 2021, from https://www.avg.com/en/signal/what-is-botnet. Stouffer, C. (2021, September 3). What is a zero-day exploit? Norton Internet Security Center. NortonLifeLock.. Retrieved October 12, 2021, from https://us.norton.com/internetsecurityemerging-threats-how-do-zero-day-vulnerabilities-work.html. Bibliography
43
University of California, Berkeley Information Security Office [UC Berkeley ISO]. (n.d.). How to protect against SQL Injection attacks. Retrieved October 12, 2021, from https://security.berkeley.edu/ education-awareness/how-protect-against-sql-injection-attacks. University of Washington Office of the Chief Information Security Officer [UW CISO]. (2019, May 23). Mitigating cross-site scripting (XSS) vulnerabilities. Retrieved October 12, 2021, from https:// ciso.uw.edu/2019/05/23/mitigating-cross-site-scripting-xss-vulnerabilities/. Volynkin, A. , Morales, J. , & Horneman, A. , (2017, May 31). Ransomware: Best Practices for Prevention and Response. Retrieved from http://insights.sei.cmu.edu/blog/ransomware-best-practices-forprevention-and-response/.
44
The Illustrated Cyberattack Field Guide
Bibliography
45
Index
account 19, 21, 25, 30, 31, 33
Brute Force 25
admin 19
bug 10, 26
administrative access 19
code 10, 23, 33, 34
administrative privileges 19
Code Injection 23
algorithms 34
combinations 25
Android 34
communications 24
antivirus 38
complexity 31, 32
Apple 34
compromise 31
application 23
computer 4, 10, 11, 13, 19, 30, 32, 43
apps 30
containers 34
attack 4, 7, 10, 16, 19, 21, 23, 24, 25, 31, 42, 43, 44
corrupt 16
backdoor 19 backend 23 bitcoin 16 BitLocker 34 blackmail 30 botnet 16, 43
46
crack 24, 31 credential 25, 30, 31, 43 Credential Stuffing 25 Cross-site scripting 23 cryptocurrency 16 cyberattack 4, 5, 7, 10, 14, 16, 40, 42
breach 25, 31
cyberattacker 16, 19, 21, 23, 24, 25, 26, 30, 31, 33, 42
browsing 30
Cyberattackers 4
The Illustrated Cyberattack Field Guide
cybersecurity 8, 4, 7, 42, 50
grey hat hacker 7
data 4, 10, 16, 19, 23, 25, 30, 31, 34
white hat hacker 7
database 23, 32
hidden drive 34
denial-of-service attack (DoS) 16
identification 33
developer 26, 43
impersonation 30
device 10, 19, 30, 33
information technology 40, 50
dictionary attack 25
injection 23
distributed denial-of-service attack (DDoS) 16
Internet 4, 7, 30, 43
download 30
iPhone 34
drive 30, 34
key 19
email 3, 4, 21, 31
key logger 19
encryption 16, 34
keystrokes 19
exploit 7, 23, 25, 26, 42, 43
leaks 31
FileVault 34
Linux 34
firewall 40
LUKS 34
flash drive 30
machine 16, 19
full-disk encryption 34
macOS 34
hack 6, 7
malfunction 16
hacker 7
malicious 7, 10, 13, 14, 23, 30
black hat hacker 7
malware 4, 10, 14, 16, 30, 42
Index
47
48
manager 32
ransom 16
Man-In-The-Middle (MITM) 24
ransomware 16, 44
Morris worm 13, 42
robot 4, 16
network 4, 13, 16, 24
root 19
online 4, 16
rootkit 19
open-source 34
root-level 19
operating systems 34
scripting 23, 43, 44
passphrase 31
security 7, 23, 26, 30, 33, 42, 43, 44
password 10, 19, 21, 24, 25, 31, 32, 33, 34, 42
security patch 23, 26
password attack 19, 25
self-replicating 13
password manager 32
sensitive information 10, 21, 23
patch 26
site 23, 25, 30, 43, 44
permissions 14, 40
smartphones 34
personal data 30
social engineering 10, 21, 33
personal information 21, 30
social media 4, 21
Phishing 21
software 10, 14, 24, 26, 34
photos 30
spear phishing 21
pin 25
Spyware 19
privileges 19, 23
SQL 23, 43, 44
program 10, 13, 14, 23
SQL injection attacks 23
The Illustrated Cyberattack Field Guide
storage 30
XSS 23, 44
Structured Query Language Injection 23
zero-day exploit 26, 43
superuser 19 supervisor 19 surface area 30 symbols 25, 31 system 4, 7, 10, 13, 14, 23, 24, 25, 26, 34, 40 traffic 16, 24 trojan horse 10, 14, 19 Two-Factor Authentication (2FA) 33 unique 31 username 21, 31, 33 virus 10 viruses 10, 11, 13, 14 vulnerability 23, 26, 30, 43, 44 WannaCry 16, 43 web browser 23 website 23 Wi-Fi 24 worm 13
Index
49
About the Author Kyle Dise is a graphic designer and illustrator with a critical eye for analyzing visual media. They grew up in Northern Virginia and studied Art and Visual Technology at George Mason University. Beyond art and design, Kyle's other interests include information technology and cybersecurity. For Kyle’s design and illustration portfolio, and for any professional inquiries, please visit kyledise.com.