🛡️

Understanding Cybersecurity Threats and Protection

Mar 5, 2025

Cyber Ops Associate Course

Course Goal

  • Prepare learners for Cisco 200-201 certification.
  • Focus on Cisco Cyber Security Operation Fundamentals (CBROPS).

Module 14: Common Threats and Attacks

  • Overview of malware, common attacks, reconnaissance, access, social engineering, service buffer overflows, and evasion.

Malware

  • Definition: Software designed to disrupt or damage.

Types of Malware

  • Viruses:

    • Spreads by copying itself into another program.
    • Commonly spread via email and removable media.
    • Can be harmless or harmful.

  • Trojan Horses:

    • Appears legitimate but contains malicious code.
    • Can provide remote access or create a backdoor.
    • Types include remote access, proxy, key logger, and destructive trojans.

  • Worms:

    • Replicate themselves and exploit networks.
    • Do not need a host program.
    • Example: Code Red worm infected over 300,000 servers within 20 hours.
    • Consists of vulnerability, propagation mechanism, and payload.

Other Malware Forms

  • Ransomware: Denies access to resources until a ransom is paid.
  • Scareware, Adware, Spyware, Rootkits.
  • Phishing: Attempts to deceive for information.

Indicators of Malware Infection

  • Strange desktop behavior.
  • Antivirus and firewalls turned off.
  • Slow system performance.
  • Unauthorized email sending.
  • Modified or deleted files.

Network Attacks

  • Categories: Reconnaissance, access, denial of service (DoS).

Reconnaissance Attacks

  • Information gathering (passive or active).
  • Techniques include ping sweep, nmap scan, vulnerability scanning.

Access Attacks

  • Password attacks: Methods to gain critical passwords.
  • Spoofing attacks: Pretend to be someone else for information.

Social Engineering

  • Phishing, Spear Phishing, Pre-texting, Spamming.
  • Quid Pro Quo, Baiting, Impersonation, Tailgating, Shoulder Surfing, Dumpster Diving.

Denial of Service (DoS) Attacks

  • DoS: Overloads victim with traffic.
  • DDoS: Distributed DoS using botnets (zombies and bots).
  • Buffer Overflow: Overloads a system's buffers to exploit vulnerabilities.

Evasion Techniques

  • Encryption and Tunneling: Hide or scramble payloads.
  • Resource Exhaustion: Overload host's security detection.
  • Traffic Fragmentation: Split payloads to avoid detection.
  • Protocol Level Misinterpretation: Trick firewalls into ignoring packets.
  • Traffic Substitution and Insertion, Pivoting, Rootkits, Proxies.

Conclusion

  • Discussed malware types, network attacks, and evasion techniques.
  • Encouragement to ask questions and discuss for better retention.

Contact the instructor if you have any questions or need further explanation on any topics discussed.

Full transcript