Comprehensive Cybersecurity Report: Threats, Biometrics, and Dark Web

Verified

Added on 2020/02/24

AI Summary

This report delves into several critical aspects of cybersecurity. It begins by emphasizing the importance of effective threat intelligence communication to executives, outlining the need for comprehensive business analysis, the presentation of potential solutions, and demonstrations of vulnerabilities to gain executive trust. The report then examines the escalating cybercrime in social media, highlighting vulnerabilities exploited by malicious actors and the need for user vigilance and platform security measures. It also introduces the concept of Cyber Body Language, or Digital Body Language, as a means of understanding user behavior online, while acknowledging the associated privacy concerns. Furthermore, the report discusses the future of security through biometrics, contrasting it with traditional authentication methods and highlighting the advantages of biometric authentication. It also addresses integrated technologies as a means of providing reliable security, describing the combination of different security models to grant access to services. The report includes unique ways to protect against DDoS attacks. Finally, it explores the hidden nature of the dark web, the illegal activities performed there, and the importance of protecting personal data. The report concludes with a discussion of ATM Black Box attacks, detailing how criminals exploit vulnerabilities in ATM architecture.

1. How to communicate Threat Intelligence to Executives
Threat intelligence communication is very key in ensuring that proper measures have been taken
before attacks occur. Discovering threats is one thing and propagating the threat to the relevant
executive for proper measures to be taken is totally a different thing. This involves making the
threat actionable for the targeted business. The communication under discussion is vertical in
most cases, whereby the issue is escalated to higher authorities up to the executives that make the
necessary decisions.
The most crucial thing in communicating the threat efficiently and effectively is to do a
comprehensive analysis of the business under the risk. Analysis may involve a close scrutiny of
the operations and transactions of the business both internally and externally. It evaluates the
security measures and mitigations that the business has put in place to compact any potential
threat. (Franolich, 2017 )
After an evaluation, any business executive desire a solution rather than a problem. Therefore,
for a better communication of any threat, a breakdown of possible solutions must be outlined and
suggested to counter attack the identified threat. A demonstration of the vulnerabilities and weak
points that attackers can use to gain access to the system is a useful step to win executive trust in
the intelligence that one is putting across. Moreover, a demonstration of the solution to combat
the problem at hand should be suggested.
By showing the executives the consequences attached to threats as well as explaining the
solution towards it can convince them to take action to the identified threat.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

2. Cybercrime in social media grows at an alarming rate
The number of social media platforms have increased at a very high speed considering the
increase in innovations and inventions all over the world. These platforms host very many people
that interconnect on a daily basis through messages, chats and mails. However, these networks
many vulnerabilities and weakness that hackers can use to penetrate into and perform malicious
operations.
With the number increasing up to 70% increase in six months, recorded Cybercrime events are
one click away on the internet. Malicious individuals take advantage of these social media
platforms because they are free, easy-to-use, and offer a global reach (Bleau, 2016). They launch
fake accounts and website of well-known domain names such as Google, Amazon, Alibaba, etc.
to redirect online users to malicious web contents including pornographic sites.
In the recent past, many fake accounts of popular individuals have attracted many
unknowledgeable internet users to follow them which lead them to presumably official accounts’
contents. The increase has been majorly influenced by the need of the every device and every
person on the whole globe to interconnect and share resources. Fundraising accounts that are
created on social media platforms have been intercepted and the credit details altered to redirect
the raise funds to anonymous personnel.
The “internet community” are face with the challenge to innovate security mechanisms to
identify and expose any Cybercrime attacks. Every online user has a responsibility to be vigilant
and observe preventive measures that doesn’t expose them or their data to hackers. Moreover,
social media platforms have a role to enforce security procedures to protect their user’s data from
being accessed by malicious individuals.

3. Cyber Body Language
Cyber Body Language or “Digital Body Language” is similar to facial expression or behavior a
user makes when interacting in the cyber world. Cyber Body Language is best understood as
“Context-Awareness” where a device or software is designed, primarily or partly, to analyze the
behavior or pattern of the users and apply information gathered to automatically assert products,
services, or other purposes such as security monitoring (ZUHRI, 2017). With the increasing
number of internet users who spend a lot of time online, there has been a demand to understand
and identify users by the websites they visit, the web applications they use, the posts and
comments they make in social media platforms.
The comprehensive ability of cyber body language involves first being aware of the context an
online user is in. This involves understanding the provided device or the use application in order
to gather and synthesize the context information. Gathering the user’s behavior online is
achieved by having context awareness systems which analyze and record the user’s operations in
that particular context. A successful context awareness system is achieved by scrutinizing the
posts that users send to social media platforms including images and videos. Similarly, a series
of comments and emotional ‘emojis’ attaches a particular contextual event to a certain reaction
by a certain user.
However, understanding cyber body language by applying context awareness system has been
subjected to the breach of user’s privacy. This is considered as collecting personal information
without the consent of the users. The collected data on the other hand has been suspected to be
sold out to organizations that advertise to users according to the intelligent statistics made by the
context awareness systems.

4. Biometrics are the future of security
Authentication is one of the core pillars of security enforcement. It describes the process of
verifying that they are the one who they say they are. There are many implemented mechanisms
to authenticate use to systems and applications. These procedures have proven to be inefficient to
novices and vulnerable to malicious programs that brute force into the safeguarded application or
register key logging activities to get personal information of users.
The most common implemented authentication system is the username and password (UNP)
model. This model registers a user to a system which in-turn logs in a user through matching
username and password. Unfortunately, this model has forced online users to reuse their
credentials which increase their vulnerability to malicious attacks. Two-factor authentication
models have proven a more secure solution but has a drawback for its failure to provide a
suitable user experience.
The engagement of biometrics of voice recognition systems and fingerprint scans have provided
a more secure solution to authentication problem which is less vulnerable to hacks and more
convenient to all levels of users. The implementable biometric authentication system is
considerably simplified and highly accelerated to access systems with ease. Biometrics are
arguably the future to securing any basic products in the future, whereby any personal
information and credit card information will be linked to personnel biometrics to grant them
access to social amenities.
When these fields are mastered, biometric-powered multifactor authentication will finally unify
the age-old opposing forces of convenience and security, and a brilliant and incredibly secure
end-user experience will be established (Team2, Digital ID – Biometrics are the key to marrying
security and convenience, 2017).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

5. Integration Technologies promise a more reliable security
Integrated technologies are a combination of two or more set of security models that rely each
other in order to grant access to a certain facility or service. Over years, independent
technologies have not been trusted in offering a safer security to access of services. When a
single security model is compromised the whole system is compromised. Organizations have
opted to secure their resources by implementing integrated technologies whereby a series of
access codes is given to different people who have to authorize and authenticate the access to the
system.
An integration of cutting edge biometric recognition technology and key management systems is
offering the very highest levels of security for organizations managing large number of priority
keys (Team2, 2017). In addition to biometric recognition security access codes such as
fingerprint scans or voice recognition systems, organizations have added a verification
confirmation of personal identification numbers to grant access. It offers a more reliable security
system because without correct series of security pass codes, one cannot be able to bypass the
lock system. Moreover, more critical systems demand that more than one person is given a
portion of the pass codes, which means that all the personnel having the keys have to authorize
the access for a consistent, correct and complete access key.
Other integrated technologies have deployed a system that notify the system administrator in
case of any authentication attempt to the system. A history of all authenticated users is kept in
order for tracking any unusual behavior or intrusion into the system during a particular session.
Intrusion Detection Systems and Intrusion Prevention Systems are among these integrated
technologies that detect any intrusion and prevent them accordingly.

6. Unique ways to protect yourself from DDoS attacks
Distributed Denial of Service (DDoS) attacks have always been a problem over the years to
organizations that have their presence on the internet. Many companies have been face with this
viral attack, it has proved to be one of the worst pandemic to the cyber world. Many solutions
have been presented but DDoS attacks are notoriously still increasing (Team2, 2017). A few
ways to protect oneself from these attacks include:
i. Implement Proxy Protection
Proxy protection hides real time IP address from any malicious attacks by presenting an extra
layer of security which DDoS attacks would crack before launching its attacks. It’s not only a
protection mechanism but also a performance enhancement protocol.
ii. Block spoofed IP Addresses
It is recommended that once IP Addresses have been spoofed, one blocks them. Spoofed IP
Addresses are vulnerable to potential future attacks. Allowing data packets from trust hosts is a
sure way to ensure that malicious data does not corrupt the system.
iii. Monitor Traffic Levels
Distributed Denial of Service attacks tend to send a lot of traffic to a targeted route in order to
clog the network so as to prevent legitimate transmission of data to allowed channels. The
network administrator has to install Traffic Monitoring system to detect any unusual traffic over
the network and prevent it accordingly as well as sending alerts.
iv. Monitor interconnected devices
DDoS attacks have been known to distribute easily from one device to another. A complex
system with different interconnected devices is more vulnerable than an independent system. To
prevent DDoS attacks from attacking an entire system, a routine monitoring of all interconnected
devices is necessary to isolate any susceptible device.

7. The hidden nature of The Dark Web
The internet has presented the world with many positive good reasons for its existence but at the
same time, it has presented us with a platform that it is frequently associated with financial fraud,
file sharing and data breaches, including the sale of details from identity theft (Team2, 2017). It
comprises of publicly accessible websites that are anonymously hidden on the internet by the use
of encryption technologies.
It is a place where criminals conduct their illegal business of selling drugs, weapons, exchange
stolen goods and other unhuman activities. The data that hosts the contents of the dark web are
stored in random encrypted computers interconnected all over the world that make it hard to
unravel their source of information. File sharing has been at the fore front goal of the Dark web
where leaked Government secrets are shared over the internet, credit card details of individuals
that have been hacked are sold at fee in order to commit financial fraud. Illegal business
agreements such as selling of narcotic drugs is highly conducted in the hoods, pornography and
child pornography is promoted and done using the same platform.
Individuals on the internet are encouraged to protect their data by following best security
practices whenever they use the internet. Checking social media settings often is a good step to
secure personal data as well not sharing critical information publicly is recommendable.
Changing passwords regularly is also a good move to bar hackers from accessing unauthorized
system.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

8. ATM Black Box Threatens Banking.
ATM Black Box attack is whereby criminals identify access points in the physical architecture of
the ATM that would grant them access to cables or ports allowing them to attach a laptop to the
internal computer of the ATM (Warner, May 20, 2017).
This attack has been witnessed in the recent past to target Automated Vending Machines by
manipulating the vulnerabilities and weaknesses in the system architecture of the machines. The
new attack has been influenced by the potential transmission of commands when accessing the
interconnected wires to the core operating system. After access to the interconnected wires, a
laptop is usually attached and which in turn issue commands to the ATM resulting to the payout
and manipulative actions to the cash system in the machine.
The technique of causing an ATM machine to dump all of its cash is called "Jackpotting." This
mechanism is majorly done after the hacker’s access to the system through supervisor mode of
safe mode. These modes grant the hacker access to issue commands that dump all the cash from
the ATM machine physically or send them to other distributive channels. The concern rather has
not been to the ATM Computer but the cables that connect to the dispenser. This therefore
allows the connected laptop’s malicious program to run commands to the dispenser that execute
commands from the ATM machine, thus giving orders to dispense bills or ‘cash out’ the
machine.
Mitigation guidelines have been provided by Expert Group on ATM Fraud (EGAF) to combat
ATM attacks. These procedures outlines measures to conduct Threats Assessment to all possible
ATM attacks.

9. Replacement Touchscreen can hack a Phone.
The rise of mobile smart phones all over the globe has given hackers a new platform to target
data and programs through mobile phones. Replacement Touchscreen is one of the upcoming
hardware implant that hackers use to launch malicious programs to phones by embedding
malware programs in the replaced screens (Schneier, 2017).
This attack has been influenced by the high number of screen breakages that require replacement
at one point in time. By manipulating this possible vulnerability, hackers can install malicious
apps, record the key logs of keyboard inputs and send them remotely. The programs can record
passwords and personal identification numbers of financial applications, take pictures and videos
of the surrounding environment through the screen and in turn email them to the attacker.
Unlike most of the attacks, replacement of touchscreen attack is not easily identified by the
owner of the phone, which leaves them unaware of any suspicious behavior of the phones
operations. The malware can run manipulative programs to the phones operating system to alter
the normal functionalities of the installed programs, change passwords and perform unauthorized
actions to social media platforms.
It is upon people owning smart phones to be vigilant to any hardware modification of their
phones once they are repaired. It is therefore recommended to ensure that any hardware implants
to smartphones is conducted by the phones manufacturer with official branded parts, rather than
street persons who may put phones to possible vulnerabilities that may cause more harm than
rectification.

10. Say No to Cyberbullying
Cyberbullying is whereby on internet user abuses, bullies, intimidates, despises or look down
upon another user through the use of text messages sent via mobile phones online. Cyberbullying
has been experienced by children worldwide, which is facilitated by the raise of many different
social media networks, children have access to other interconnected users online.
Many victimized children have been affected negatively by this cybercrime attack which leads
them to conduct activities against their will or depict unusual behavior to other children.
Research has it that 90% of the children experiencing cyberbullying never tell an adult.
According to the American Academy of Pediatrics’ Clinical Report, being the victim of school
bullying or cyberbullying is associated with substantial distress, resulting in lower school
performance and school attachment (Markozashvili, 2017 ).
This attack’s effects are detrimental to children both mental, physical and social lives. Many
campaigns have been launched to raise awareness of the cyberbullying consequences to children.
Although many countries have laws prohibiting harassment and stalking, they have fallen short
of addressing cyber bullying.
Technology and Telecommunication companies should enforce appropriate security measures
regarding children using services online. Procedures and guidelines should be documented in
Policy Acts to ensure that any online service provider to children adhere to the provided acts.
It is therefore a collective responsibility of the entire society to take arms to combat this attack
by prohibiting cyberbullying in all sides. The increasing numbers of this attack online poses a
great danger to the coming generation, a generation that will have a ‘domino effect’ to other
generations to come. The effects of this attack

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

References
1. Schneier, B. (2017). Hacking a Phone Through a Replacement Touchscreen - Schneier on Security.
Schneier.com. Retrieved 7 September 2017, from
https://www.schneier.com/blog/archives/2017/08/hacking_a_phone.html
2. Franolich, J. (2017). SANS Digital Forensics and Incident Response Blog | Three Steps to
Communicate Threat Intelligence to Executives. | SANS Institute. Digital-forensics.sans.org.
Retrieved 7 September 2017, from https://digital-forensics.sans.org/blog/2017/05/22/three-
steps-to-communicate-threat-intelligence-to-executives
3. Markozashvili, D. (2017). Campaign Art: Raise your voice against cyberbullying. People, Spaces,
Deliberation. Retrieved 7 September 2017, from
http://blogs.worldbank.org/publicsphere/campaign-art-raise-your-voice-against-cyberbullying
4. Bleau, H. (2016). Cybercrime in Social Media Grows 70% in Six Months. Rsa.com. Retrieved 7
September 2017, from https://www.rsa.com/en-us/blog/2016-12/cybercrime-social-media-
grows-70-six-months
5. Team2, D. (2017). Cyber Body Language. Digitalforensicsmagazine.com. Retrieved 7 September
2017, from https://digitalforensicsmagazine.com/blogs/?p=2200
6. Warner, G. (2017). Europol Announces 27 ATM Black Box arrests. Garwarner.blogspot.co.ke.
Retrieved 7 September 2017, from http://garwarner.blogspot.co.ke/2017/05/europol-
announces-27-atm-black-box.html
7. Team2, D. (2017). Digital ID – Biometrics are the key to marrying security and convenience.
Digitalforensicsmagazine.com. Retrieved 7 September 2017, from
http://digitalforensicsmagazine.com/blogs/?p=2111
8. Team2, D. (2017). Integrated Technologies are the Key. Digitalforensicsmagazine.com. Retrieved
7 September 2017, from http://digitalforensicsmagazine.com/blogs/?p=1972
9. Team2, D. (2017). DDoS Protection: 14 Unique Ways to Protect Yourself from DDoS Attacks.
Digitalforensicsmagazine.com. Retrieved 7 September 2017, from
http://digitalforensicsmagazine.com/blogs/?p=1903
10. Team2, D. (2017). The Dark Web explained – what does it mean for online security?.
Digitalforensicsmagazine.com. Retrieved 7 September 2017, from
http://digitalforensicsmagazine.com/blogs/?p=1893