ITSE202

CYBERSECURITY
II
LECTURE V – Cybersecurity Risks & Threats

1
1. TYPES OF CYBER THREATS
 Cyber threats can be classified into different categories.

 This allows organizations to assess the likelihood of a

threat occurring and understand the monetary impact
of a threat so that they can prioritize their security
efforts.

2
1.1. Software Attacks
 A successful denial-of-service (DoS attack).
 A computer virus.

3
1.2. Software Errors
 A software bug.
 An application going offline.
 A cross-site script (is an exploit where the attacker
attaches code onto a legitimate website that will
execute when the victim loads the website) or illegal
file server share.

4
1.3. Sabotage
 A backdoor, or a worm that erases files.
 An authorized user successfully penetrating and
compromising an organization’s primary database.
 The defacement of an organization’s website.

5
1.4. Human Error
 Inadvertent data entry errors.
 An employee dropping a laptop computer.

6
1.5. Theft
 Laptops or equipment being stolen from an unlocked
room.

7
1.6. Hardware Failures
 Hard drive crashes.
 A firewall misconfiguration.

8
1.7. Utility Interruption
 Electrical power outages.
 Water damage resulting from sprinkler (a device that
sprays water) failure.

9
1.8. Natural Disaster
 Severe storms such as hurricanes or tornados.
 Earthquakes.
 Floods.
 Fires.
2. INTERNAL & EXTERNAL THREATS

11
3. USER THREATS AND VULNERABILITIES
 A user domain includes anyone with access to an
organization’s information system, including employees,
customers and contract partners.

 Users are often considered to be the weakest link in

information security systems, posing a significant threat to
the confidentiality, integrity and availability of an
organization’s data.

12
3.1. No Awareness of Security
 Users must be aware of and understand an organization’s
sensitive data, security policies and procedures,
technologies and countermeasures that are implemented in
order to protect information and information systems.

13
3.2. Poorly Enforced Security Policies
 All users must be aware of and understand an
organization’s security policies, as well as the
consequences of non-compliance.

14
3.3. Data Theft
 Data stolen by users can pose a significant financial threat
to organizations, both in terms of the resulting damage to
their reputation and/or the legal liability associated with
the disclosure of sensitive information.

15
3.4. Unauthorized Downloads & Media
 Many network and device infections and attacks can be
traced back to users who have downloaded unauthorized
emails, photos, music, games, apps and videos to their
computers, networks or storage devices, or used
unauthorized media such as external hard disks and USB
drives.

16
3.5. Unauthorized Virtual Private Network
(VPN)
 VPNs can hide the theft of unauthorized information
because the encryption normally used to protect
confidentiality can stop a network administrator from
tracking data transmission (unless they have permission to
do so).

17
3.6. Unauthorized Websites
 Accessing unauthorized websites can pose a risk to a user’s
data and devices, as well as the organization itself. Often,
these websites prompt users to download scripts or plugins
that contain malicious code or adware. Some of these sites
can even take over user devices like cameras and
applications.

18
3.7. Destruction of Systems, Apps or Data
 The accidental or deliberate destruction or sabotage of
systems, applications and data poses a serious risk to
all organizations. Activists, disgruntled employees or
industry competitors attempt to delete data and
destroy or misconfigure devices, to make
organizational data and information systems
unavailable.

19
4. THREATS TO DEVICES
 Any devices left powered on and unattended pose the risk of
someone gaining unauthorized access to network resources.
 Downloading files, photos, music or videos from unreliable
sources could lead to the execution of malicious code on
devices.
 Cybercriminals often exploit security vulnerabilities within
software installed on an organization’s devices to launch an
attack.
 An organization’s information security teams must try to keep
up to date with the daily discovery of new viruses, worms and
other malware that pose a threat to their devices.
20
 Users who insert unauthorized USB drives, CDs or DVDs
run the risk of introducing malware, or compromising data
stored on their device.

 Policies are in place to protect an organization’s IT

infrastructure. A user can face serious consequences for
purposefully violating such policies.

 Using outdated hardware or software makes an

organization’s systems and data more vulnerable to
attack.

21
5. THREATS TO THE LOCAL AREA
NETWORK
 The local area network (LAN) is a collection of devices,
typically in the same geographic area, connected by cables
(wired) or airwaves (wireless).

 Because users can access an organization’s systems,

applications and data from the LAN domain, it is critical
that it has strong security and stringent access controls.

22
Examples of threats to the LAN include:

 Unauthorized access to wiring closets, data centers and

computer rooms.
 Unauthorized access to systems, applications and data.
 Network operating system or software vulnerabilities and
updates.
 Rogue users gaining unauthorized access to wireless networks.
 Exploits of data in transit.
 Misconfigured firewalls.

23
6.1. Software as a Service (SaaS)
 This is a subscription-based model that provides
organizations with software that is centrally hosted and
accessed by users via a web browser, app or other software.
In other words, this is software not stored locally but in the
cloud.

 Salesforce
 Microsoft 365
 Netflix
 Zoom etc.

24
6.2. Platform as a Service (PaaS)
 This subscription-based model provides a platform that
allows an organization to develop, run and manage its
applications on the service’s hardware, using tools that the
service provides. This platform is accessed via the public
cloud.

 IBM Cloud
 Oracle Cloud
 Microsoft Azure
 Amazon AWS

25
6.3. Infrastructure as a Service (IaaS)
 This subscription-based model provides virtual
computing resources such as hardware, software,
servers, storage and other infrastructure components
over the Internet. An organization will buy access to
them and use them via the public cloud.

 Alibaba Cloud
 Oracle Cloud
 Cloud Storage
 IBM Cloud

26
While public cloud service providers do implement security
controls to protect the cloud environment, organizations are
responsible for protecting their own resources on the cloud.
Therefore, some of the most common threats to the public
cloud domain include:
 Data breaches.
 Compromised credentials or account hijacking.
 Social engineering attacks.
 Compliance violation.

27
7. THREATS TO APPLICATIONS
The application domain includes all of the critical systems, applications
and data used by an organization to support operations. Increasingly,
organizations are moving applications such as email, security monitoring
and database management to the public cloud.
Common threats to applications include:
 Someone gaining unauthorized access to data centers, computer
rooms, wiring closets or systems.
 Server downtime during maintenance periods.
 Network operating system software vulnerabilities.
 Data loss.
 Client-server or web application development vulnerabilities.
28
8. BACKDOORS & ROOTKITS
 Cybercriminals also use many different types of malicious
software (known as malware) to carry out their attacks such
as Backdoors & Rootkits.

29
8.1. Backdoors
 Backdoor programs, such as Netbus and Back Orifice, are
used by cybercriminals to gain unauthorized access to a
system by bypassing the normal authentication
procedures.
 Cybercriminals typically have authorized users
unknowingly run a remote access Trojan horse program
(RAT) on their machine to install a backdoor that gives the
criminal administrative control over a target computer.

 Backdoors grant cybercriminals continued access to a

system, even if the organization has fixed the original
vulnerability used to attack the system.
30
8.2. Rootkits
 This malware is designed to modify the operating system to
create a backdoor, which attackers can then use to access
the computer remotely.
 Most rootkits take advantage of software vulnerabilities to
gain access to resources that normally shouldn’t be
accessible(privilege escalation) and modify system files.
 Rootkits can also modify system forensics and monitoring
tools, making them very hard to detect. In most cases, a
computer infected by a rootkit has to be wiped and any
required software reinstalled.

31
9.1 The Dark Web
 This refers to encrypted web content that is not indexed
by conventional search engines and requires specific
software, authorization or configurations to access.

 Expert researchers monitor the dark web for new threat

intelligence.

3
REFERENCES
Cisco Network Academy, Cybersecurity Essentials,
Cybersecurity P3: Principles, Practices and Processes,
Obscuring Data