Cyber security - The bigger picture

Transcript

1. CYBERSECURITY – THE BIG PICTURE Olakanmi Oluwole

2. ABOUT ME ▪ Pentester & Developer ▪ 6+ years ▪

   Red Teamer ▪ Worked across several industries ▪ @woleoflagos

3. Getting Started Cybersecurity is the protection of internet- connected systems

   such as hardware, software and data from cyber-threats. Cybersecurity is a continuously changing field, with the development of technologies that open up new avenues for cyberattacks

4. Cybersecurity Threats ▪ Distributed denial of service (DDoS) ▪ Man

   in the Middle (MitM) ▪ Social engineering ▪ Malware and spyware ▪ Password attacks ▪ Advanced persistent threats (APT)

5. Distributed denial of service (DDoS) ▪ The objective of a

   denial of service (DoS) attack is to overwhelm the resources of a target system and cause it to stop functioning, denying access to its users. ▪ Methods of DDoS attacks include: – Botnets – Ping of death attack – TCP SYN flood attack

6. MAN-IN-THE-MIDDLE ATTACK (MITM) ▪ In a MitM attack, attackers place

   themselves in between a user communicating and a target server. ▪ Once the attacker has intercepted communications, they may be able to compromise a user’s credentials, steal sensitive data and return different responses to the user. ▪ Methods include: – Eavesdropping – Session hijacking – IP spoofing

7. SOCIAL ENGINEERING ATTACKS ▪ Social engineering attacks work by psychologically

   manipulating users into performing actions desirable to an attacker, or divulging sensitive information. ▪ Methods include: – Phishing – Spear phishing – Doxing – Homograph attacks

8. MALWARE AND SPYWARE ATTACK ▪ Unwanted and Malicious software. Malware

   uses vulnerabilities in browsers or operating systems to install themselves without the user’s knowledge or consent. ▪ Malware types include: – Ransomware – Adware – Spyware – Trojan

9. PASSWORD ATTACKS ▪ Password attacks are used to gain access

   to the password information of an individual by ‘sniffing’ the connection to the network, using social engineering, guessing, or gaining access to a password database. ▪ Common attacks include: – Brute-force – Dictionary attack – Shoulder surfing – Guessing – Social engineering

10. ADVANCED PERSISTENT THREATS (APT) ▪ When an individual or group

    gains unauthorized access to a network and remains undiscovered for an extended period of time, attackers may exfiltrate sensitive data, deliberately avoiding detection by the organization’s security staff.

11. STAYING SAFE

12. Strong Passwords ▪ Don’t use the same password in more

    than one online account. ▪ Use two-factor authentication

13. Stay Updated ▪ Update your Apps ▪ Update you Operating

    system ▪ Read Changelogs

14. Don’t trust public and free Wi-fi networks ▪ Use a

    “private browsing” session ▪ Use a VPN (that is a Virtual Private Network) ▪ Or don’t use it at all

15. Check the link before you click it ▪ Phishing threats

    ▪ Tools: Redirect Detective, Virus Total

16. Don’t forget to log out ▪ Don’t simply close your

    browser when you are done with your financial operation or when you exit your online account. ▪ If you are in a public location, the next person who opens a social media account, for example, will access directly your profile. ▪ Use a secure browser for your financial operations to keep your online banking secure.

17. Private Information Don’t post private information such as: ▪ Your

    account balance ▪ Credit card ▪ Kids information ▪ Personal Identification Codes, e.t.c

18. Don’t access questionable web locations ▪ Don’t access or download

    content from unknown or controversial locations (such as torrent websites) ▪ Insecure websites (Not using SSL) ▪ Malicious Looking Links

19. CAREERS IN CYBERSECURITY

20. Common Careers https://www.cyberseek.org/pathway.html

21. Thank You @l4sec l4seclabs.xyz