This document provides an overview of a cyber security lecture at Bakhtar University. It discusses the course objectives, policies, and grading evaluation. It then defines cybersecurity and outlines the major cybersecurity challenges, including advanced persistent threats and recent cyber attacks against major organizations. The document categorizes types of cyber attackers and concludes by listing reference books.

1. Lec-1: Cyber Security
Mr. Islahuddin Jalal
MS (Cyber Security) – UKM Malaysia
Research Title – 3C-CSIRT Model for Afghanistan
BAKHTAR UNIVERSITY ‫باخترپوهنتون‬ ‫د‬

2. Outlines to be discussed…. Today
• Course Objective
• Class Policy
• Grading Policy
• What is Cybersecurity
• The Cybersecurity Challenge
• Defining cybersecurity challenge
• Cyber attacks of Today
• Types of cyberattackers
• Reference Books

3. Class Policy
• A student must reach the class-room in time. Late comers may join the
class but are not entitled to be marked present.
• Attendance shall be marked at the start of the class and students failing to
secure 75% attendance will not be allowed to sit in final exam.
• The assignment submission deadline must be observed. In case of late
submission, ten percent may be deducted from each day.
• Those who are absent on the announcement date of the assignment/test.
Must get the topic/chapter of test/assignment confirmed through their
peers.
• Mobile phones must be switched-off in the class-rooms.
9/15/2017 Bakhtar University 3

4. Grading Evaluation for Cyber Security
Internal Evaluation
Midterm Exam 20%
Attendance 5%
Assignment/Presentations 5%
Quizzes/Tests 10%
Total Internal Evaluation 40%
Final-term Examination
Final-term Exam 60%
Total Marks 100%
9/15/2017 Bakhtar University 4

5. Cybersecurity
• Relative new discipline,
• it is so new that there is no agreed upon
• spelling of the term
• broadly accepted definition
• Many people believe
• Cybersecurity is something you can buy in increments, much like a commodity
• Others believe
• Cybersecurity is just refers to technical measures such as:
• Password protection
• Installing a firewall

6. Continued…
• Some says
• Cybersecurity is an administrative and technical program solely in the realm
of IT professionals.
• Protection against harm

7. What is Cybersecurity?
• Cybersecurity is the deliberate synergy of technologies, processes,
and practices to protect vital information and the networks, computer
systems and appliances, and programs used to collect, process, store,
and transport that information from attack, damage, and
unauthorized access.

8. Cyberattacks of Today
• The major cyber threats were
• Viruses
• Worms
• Trojan horses
• The mentioned threats randomly attacked computers directly
connected to internet
• Now the scenario is totally changed……..

9. Recent Years Compromises

10. RSA’s Enterprise
• In 2011, RSA’s enterprise was breached and the security keys for
many of its customers were believed to have been stolen.
• This breach prompted RSA to replace millions of its SecureID tokens
to restore security for its customers.
• This breach is disconcerting because RSA is one of the oldest and
most established cybersecurity brands.

11. Target’s Point of Sale (POS)
• In 2013, Target’s point of sale (POS) network was compromised,
resulting in the loss of personal information and credit card numbers
for over 40 million customers.
• The costs of this breach, particularly when reputational damage and
lawsuits are taken into account, will likely be huge.

12. Sony Pictures Entertainment
• In 2014, Sony Pictures Entertainment reported attackers had
infiltrated its environment and disabled almost every computer and
server in the company.
• This cyberattack brought the company to its knees and resulted in the
public release of thousands of proprietary documents and e-mail
messages.

13. German Steel Mill
• In 2014, a German steel mill was affected by a hacking incident that
caused one of its blast furnaces to malfunction.
• This resulted in significant physical damage to the plant and its
facilities.

14. Anthem’s IT System
• In 2015, Anthem reported its IT systems had been breached and
personal information on over 80 million current and former members
of their healthcare network was compromised, which included the US
government’s Blue Cross Blue Shield program.

15. These breaches are indicative of some of
the major trends.

16. • Cyber attackers are now targeting
• Personal identities
• financial accounts
• Healthcare information
• Cyber attackers are now taking control of Industrial equipment and
causing physical damage to plants and equipment

17. Cyber attacks of Today
• Advanced Persistent Threats (APT)
• Waves of Malware
• Static viruses
• Network-based viruses
• Trojan Horse
• Command and control malware
• Customized malware
• Polymorphic malware
• Intelligent Malware
• Fully automated polymorphic malware
• Firmware and supply chain malware

18. • Advanced
• – Attacker adapts to defenders’ efforts
• – Can develop or buy Zero-Day exploits
• – Higher level of sophistication
• Persistent
• – Attacks are objective and specific
• – Will continue until goal is reached
• – Intent to maintain long term connectivity
• Threats
• – Entity/s behind the attack
• – Not the malware/exploit/attack alone
Advanced Persistent Threats

19. • Key contributors to popularity of APTs
• Nation States
• Organized crime groups
• Hactivist Groups
APT Defined

20. Why we talk about them?

21. • – Gain awareness
• – Constantly in the News
• – Understand the Risk to your Organization
• – Organizational Impact
• – Prioritize Information Security investments
• – Communicate Risk more effectively

22. • RSA
• Google
• Johnson & Johnson
• DuPont
• General Electric Walt Disney
• Sony Adobe Systems Intel Corp
• Baker Hughes Exxon British Petroleum
• Marathon Chevron King & Spalding
• CareFirst BCBS QinetiQ Alliant Techsystems
• Northrup Grumman Lockheed Martin Citi Cards
• Oak Ridge Labs IMF Yahoo
• And many, many more …..
APT in the news

23. Typical Attack Map
Step
1
• Reconnaissance
Step
2
• Initial Intrusion into the Network
Step
3
• Establish a Backdoor into the Network
Step
4
• Obtain User Credentials
Step
5
• Install Various Utilities
Step
6
• Privilege Escalation / Lateral Movement / Data Exfiltration
Step
7
• Maintain Persistence

24. Static viruses
• Static viruses that propagated from computer to computer via floppy
disks and boot sectors of hard drives.
• These viruses propagated themselves, but few of them actually
impacted system operations.

25. Network-based viruses
• Network-based viruses that propagated across the open Internet
from computer to computer, exploiting weaknesses in operating
systems.
• Computers were often directly connected to each other without
firewalls or other protections in between.

26. Trojan Horse
• Trojan malware that propagates across the Internet via e-mail and
from compromised or malicious web sites.
• This malware can infect large numbers of victims, but does so
relatively arbitrarily since it is undirected.

27. Command and Control malware
• Command and control features that allows the attacker to remotely
control its operation within the target enterprise.
• Compromised machines then become a foothold inside of the
enterprise that can be manipulated by the attacker

28. Customized malware
• Custom malware developed for a particular target.
• Custom malware is sent directly to specific targets via phishing e-
mails, drive-by websites, or downloadable applications such as mobile
apps.
• Because the malware is customized for each victim, it is not
recognized by signature-based defenses.

29. Polymorphic malware
• Polymorphic malware designed not only to take administrative
control of victim networks, but also to dynamically modify itself so it
can continuously evade detection and stay ahead of attempts to
remediate it.

30. Intelligent Malware
• Malware with intelligence to analyze a victim network, move laterally
within it, escalate privileges to take administrative control, and
extract, modify, or destroy its target data or information systems.
• Intelligent malware does all of these actions autonomously, without
requiring human intervention or external command and control.

31. Fully automated polymorphic malware
• Fully automated polymorphic malware that combines the features of
the polymorphic and intelligent malwares. This malware takes control
autonomously and dynamically evades detection and remediation to
stay one step ahead of defenders at all times.

32. Firmware and supply chain malware
• This malware wave takes the fully automated polymorphic malware
to its logical conclusion by delivering malware capabilities through the
supply chain, either embedded in product firmware or within
software products before they are shipped.
• Such malware is embedded in products when they are built, or at
such a low level in the product firmware that they are virtually
undetectable.
• By delivering malware in this manner, it is difficult for cyber
defenders to differentiate the supply chain malware from the other
features coming from the factory.

33. Categories of Cyber attackers
• Commodity Threats
• Hacktivists
• Organized crimes
• Espionage
• Cyberwar

34. Commodity Threats
• Random malware, viruses, Trojans, Worms, botnets, ransomware and
other threats that are out propagating on the internet all the time.
• Commodity threats are undirected and opportunistic
• May exploit vulnerabilities or other cyber defense weaknesses.
• Destructive but limited in damage
• Can be the starting point for most dangerous attacks

35. Hacktivists
• Consists of targeted attack to bolster their cause and embarrass their
adversaries.
• Hacktivists use hacking to make a public or political statement
• Can be used against individuals, enterprises or governments,
depending on the situation and the particular objectives of the
hacktivists.

36. Organized crime
• Targeted attacks like hactivists
• The intention is money

37. Espionage
• Generally focused on stealing information
• Frequently use APT-style methods
• To be very effective against enterprises to get the job done in any mean.
• Can be conducted at the nation-state level
• Cyberespionage is a serious issue and the campaigns can involve
complex webs of target individuals and enterprises as the agent work
their way from their starting points toward their objectives.

38. Cyberwar
• It is about damaging the ability of enterprises or governments to
operate in cyberspace.
• The damage is done by overwhelming, overloading , disabling or
destroying the IT systems used by the victims
• Examples
• In 2007, Estonian’s internet infrastructure was targeted
• Notorious Stuxnet worm against Iran nuclear program and ruined nuclear
centrifuges required for enriching uranium
• In 2012, Saudi Aramco resulted in tens of thousands of computers having to
be replace or rebuilt.
• etc

39. Reference Books
• Enterprise Cyber Security by Scott E. Donald, Stanley G. Siegel, Chris
K. Williams and Abdul Aslam
• Cyber Security for Executive: A practical Guide by Gregory J. Touhill
and C. Joseph Touhill

40. Thank You
For Your Patience