A Quick Introduction
Cyber Security is a very dense subject to talk about, but as an introduction, I wanted to bring about some of the basic concepts behind an attack.
Every day that passes our data volumes keep increasing and sometimes its protection many times is disregarded. We must make sure to be knowledgable in the area of data protection, especially when handling sensitive data.
- Attack Vectors – this as the route or path that enables an unwanted visitor (hacker) to deliver malicious code or ‘payload.’
- Payload – data carried any transmission unit, most commonly known as ‘packet.’
- Packet – a unit of data routed within a packet-switched computer network
- Computer Network – also known as a data network, is a series of nodes interconnected to exchange different types of data
- Nodes – in a network a node is a connection that can send, receive and/or store data along with a distributed network
- Data – information transformed into an efficient state to facilitate exchange between parties
Malware & System Exploitation
As mentioned previously, this is a dense subject matter, but it gets more interesting from there. It’s also essential to get familiar with some other important Cyber Security terms. Two of the most common words in this cyber sec world are Malware and System Exploitation. Let’s briefly define those and then briefly describe the typical phases of an intrusion.
- Malware – programming code developed with the intention and purpose to cause disruption or harm
- Common Types of Malware (Malware Post Series – Coming Soon!)
- Data Miner
- Browser Hijacker
- System Exploitation – attack or exploit in a computer system that takes advantage of a particular vulnerability many times giving data or even access to protected systems
- Most Common Types of Exploitation (Exploitation Post Series – Coming Soon!)
- SQL Injections
- Cross-Site Scripting
- Denial of Service
- Buffer Overflow
Simple Framework of an Intrusion
For us to understand how intruders gain access into different systems, it’s important to keep a simple framework of the different steps and phases that a hacker undergoes before and during the intrusion. We have been able to summarize and intrusion in a 7-Phase Framework:
- Reconnaissance – research, identification, and selection of targets
- Weaponization – pairing remote access malware with exploit into a deliverable payload (e.g., .pdf ; .doc ; .xlsx)
- Delivery – transmission of weapon to target (e.g., via email, websites)
- Exploitation – once delivered, the weapon’s code is triggered, exploiting the vulnerable systems
- Installation – the weapon installs a backdoor on a target’s system allowing persistent access
- Command & Control – outside servers communicate with the weapons providing access inside of the target’s network
- Actions on Objective – the attacker works to achieve the objective of the intrusion, which can include exfiltration or destruction of data, or intrusion of another target
Further Reading: Interested in other subjects regarding online activity? Read about the impacts of visibility in search engines!
Rivera Pecunia, Gustavo. “Learn about Cyber Security – An Introduction by Pecunia Group.” Pecunia Group, Pecunia Group, 24 July 2018, https://pecuniagroup.com/cyber-security-introduction/.
😄 #TechDisruptor 🚀
Hi there! I’m a Full Stack Developer and Project Manager with experience in delivering creative and effective solutions across healthcare, higher education, nonprofits, and other industries. I’m very passionate about transforming operations with technology and challenging standard practices. My strategy tends to focus is on people interactions, how we learn, perform, and communicate.