Cyber Attacks: Origins, Mechanisms, and Damages - A Thread 🧵

Malware:
Malware is a collective term for malicious software that is designed to infiltrate, damage, or gain unauthorized access to computers, networks, or devices.

Malware is developed by various cybercriminal groups and sometimes by state-sponsored actors with the intent of causing harm.

Common types include:
-viruses
-worms
-trojan
-ransomware
-spyware.

Malware can be spread through various channels, such as email attachments, malicious websites, USB drives, and infected software downloads. Once inside a system, it can perform various harmful activities like stealing data, encrypting files (ransomware), or spying on users (spyware).

Real-Life Example:
The impact of malware can be devastating, leading to massive data theft, system damage, financial losses, and operational disruptions. For instance, the WannaCry ransomware attack in 2017 infected over 300,000 computers across 150 countries, causing billions in damages and severely impacting organizations like the UK’s National Health Service (NHS).

Denial-of-Service (DoS) Attacks:
A DoS attack aims to make a website, network, or service unavailable to its intended users by overwhelming it with traffic.

DoS attacks are launched by various actors, including hacktivists, cybercriminals, and state-sponsored groups, often as a form of protest or to disrupt operations.g

The attacker floods the target system with excessive requests or data packets, consuming all available resources and causing the system to slow down or crash. Distributed Denial-of-Service (DDoS) attacks involve multiple compromised devices (botnets) to amplify the attack.

Real-Life Example:
DoS attacks can cause significant downtime, leading to loss of revenue, customer dissatisfaction, and reputational damage. For example, the 2016 Dyn DNS attack, a massive DDoS attack, brought down major websites like Twitter, Netflix, and Reddit by overwhelming the DNS provider.

Phishing:
Phishing is a technique where attackers impersonate trustworthy entities to trick individuals into divulging personal information, such as passwords or credit card numbers.

Phishing attacks are typically carried out by cybercriminals seeking to steal sensitive information.

Phishing attacks are commonly executed through fraudulent emails, messages, or websites that appear legitimate. Victims are often prompted to click on a link or download an attachment, leading to the compromise of their credentials or systems.

Real-Life Example:
Successful phishing attacks can lead to identity theft, financial fraud, and unauthorized access to sensitive information. A well-known example is the 2016 phishing attack on John Podesta, the chairman of Hillary Clinton’s presidential campaign, which led to the leak of thousands of emails and had significant political consequences.

Cybersecurity Study Guide- 🧵

The Cybersecurity Threat Universe: A Thread

Malware:

Malware is a term that describes any malicious software that can harm your devices or data.

Types of malware and what they do:

-Virus:
A code that inserts itself into an application and executes when the app is run. It can damage or delete files, corrupt data, or spread to other programs.

-Ransomware:
A type of malware that encrypts your data and demands a ransom for the decryption key.

-Spyware:
It collects information about your activities, such as passwords, payment details, or messages, without your consent.

-Trojan:
A Trojan disguises itself as a legitimate or desirable program, but performs malicious actions once installed. It can take control of your system, steal data, or download more malware.

-Worm:
A type of malware that spreads through a network by replicating itself. It can consume bandwidth, slow down performance, or damage network devices.

Internet of Things (IOT) Attacks:

The IoT is a system of devices that can communicate and exchange data over the internet, such as smart home appliances, wearable gadgets, or industrial sensors.

An IoT attack is a cyberattack that targets devices or networks that are connected to the Internet of Things (IoT).

CyberSecurity Study Guide

Estimated Duration: 6-8 Months 👇

What To Learn (Part 1):

The Basics
*CIA Triad
*Cybercrimes & Cyberattacks
*OWASP Framework
*OSINT
*Recon,Scanning & Enumeration
*Exploitation & Attacking Vectors
*Privilege Escalation
*Windows Active Directory
*Exploit Dev & Payloads

Advanced
*Malwares, Rootkits, Reserve Engineering
*Pivoting and Persistence
(Post Exploitation)

What To Learn (Part 2):

*Linux

*Networking:
-OSI Models
-Network Topologies
-Common Protocols and their uses
-Common Ports and their uses
-IPv4 and IPv6
-Basics of Subnetting

*Programming Languages (At least 1 These):
-Python
-C/C++
-JavaScript
-HTML

Top 9 Hacking Gadgets and Their Uses
👇

1. Flipper Zero:

Flipper Zero is a toy-like portable hacking tool. The device is able to read, copy, and emulate RFID and NFC tags, radio remotes, iButton, and digital access keys, along with a GPIO interface.

2. Raspberry Pi:

This is a low cost credit card sized desktop computer that runs Linux but it also provides a set of GPIO (general purpose input/output) pins. It enables people to explore computing and learn Programming

How to Land a GRC Job in 10 Steps 👇

1. Learn the basics of GRC:

You can start by reading books, articles, blogs, and videos on GRC topics, such as governance frameworks, risk management methodologies, compliance standards, and best practices.

2. Get a relevant Degree/Certification:

Having a degree or certification in a related field can boost your credibility and qualifications for a GRC job.

Some of the common degrees that GRC employers look for are:
- Cybersecurity
- Business
- Computer Science
- Legal
- Information Technology

Some of the popular certifications that GRC employers value are:
- CompTIA Security+
- Certified in Risk and Information Systems Control (CRISC)
- Project Management Professional (PMP)
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Privacy Manager (CIPM)
- Certified Ethical Hacker (CEH)

You don't need to have all of these degrees or certifications, but having at least one or two can demonstrate your commitment and expertise in GRC.

3. Familiarize yourself with the common GRC standards and frameworks:

- ISO 27001: An international standard for information security management systems

- PCI DSS: A set of security standards for payment card industry

- ITIL: A framework for IT service management

- COBIT: A framework for IT governance and management