SlideShare a Scribd company logo

105 Common information security threats

Download as PPTX, PDF
S
SsendiSamuel

The document discusses common information security threats. It begins by introducing how information systems are often vulnerable and contain sensitive data, making them targets for various attacks. It then outlines the objectives of understanding security threat categories and common means. The document proceeds to discuss specific threats like DDoS attacks, worms, vulnerabilities, phishing, and man-in-the-middle attacks. It also covers the Mirai botnet attack on Dyn DNS services and defense measures like firewalls and anti-DDoS devices. The key threats discussed are to networks, applications, and data transmission and devices.

1 of 31
www.huawei.com Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Common Information Security Threats
Page 2 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Foreword  Information systems are often vulnerable and have sensitive, confidential information that needs to be communicated. Therefore, they are under threat in various scenarios and through various means.  This class uses some case studies about common attacks to introduce possible threats to the information system.
Page 3 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Objectives  Upon completion of this course, you will be able to:  Categorize information security threats.  Describe common information security threat means.
Page 4 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Current Situation of Information Security Threats 2. Threats to Network Security 3. Threats to Application Security 4. Threats to Data Transmission and Device Security
Page 5 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Endless Security Incidents  On May 12, 2017, the WannaCry ransomware attack broke out at about 8:00 p.m and spread worldwide. Computers infected with WannaCry were vulnerable to attacks once turned on.  In 2017, the traffic of users of multiple software applications in China was hijacked during software upgrade. The users thought they were upgrading the software while they were actually installing viruses.  More than 90% of telecommunication fraud is targeted fraud conducted using precise information of citizens.  In Feb. 2018, the popular online game "Final Fantasy XIV" suffered a three-hour DDoS attack.  On Nov. 10, 2016, five major Russian banks suffered from a DDoS attack lasting for two days. Attack through malicious code Personal information breach Communication process hijacking DDoS attack Security Incident
Page 6 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Beginning of the Cyberwar - Stuxnet  In February 2011, Iran suddenly announced it was to unload fuel from its first nuclear power station. Previously, the industry said Iran needed only one year to be capable of quickly creating nuclear weapons. However, the Stuxnet attack ruined one fifth of the centrifuges of Iran, postponing the research for at least two years, during which time the global landscape changed. Infected over 45,000 networks worldwide Computer worm First worm capable of targeted attack of physical (energy) infrastructure facilities Employed multiple attack means Most sophisticated cyber weapon in history Stuxnet Exploited mobile media to implant viruses
Page 7 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Evolution of Information Security Attacks Forms of attack largely unchanged Current attackers still use viruses, phishing, etc. to target vulnerabilities, much the same as in the past. More sophisticated attack means A major attack usually requires sophisticated deployment, long-term incubation, and a combination of multiple attack methods to achieve the ultimate goal. Diverse attack purposes The attack targets range from targeting personal computers to being used to influence economy, politics, war, energy, and even the global landscape.
Page 8 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Security Threat Categories Threats to Data Transmission and Device Security Threats to Cyber Security Threats to Application Security  OS vulnerabilities  Viruses (such as Trojan horses and worms)  Phishing websites  Data breaches  DDoS attacks  Network intrusion  Communication traffic hijacking  Man-in-the-middle (MITM) attacks  Unauthorized login to the system  Weak security protection for Wireless Networks
Page 9 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Current Situation of Information Security Threats 2. Threats to Network Security 3. Threats to Application Security 4. Threats to Data Transmission and Device Security
Page 10 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. DDoS Attacks Against Dyn DNS Service in the United States  On October 21, 2016, the DNS service from Dyn in the U.S. was hit by DDoS attacks from about 11:00 a.m. to 5:00 p.m. UTC. The attacks paralyzed nearly half the networks in the United States.  These large-scale DDoS attacks were launched from botnets formed by IoT devices, which were infected with Mirai malware. IPC DVR Router IoT devices that launch attacks
Page 11 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Process of a Mirai Attack Scan for open Telnet service ports (23/2323) on the network Crack the IoT device passwords through brute force and implant the Mirai malware into the devices for remote control Look for zombies Load the attack module Load the DNS DDoS attack module Launch a DDoS attack trough the botnet, making customers' websites inaccessible Build a botnet Launch an attack What means were used in this attack?
Page 12 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Scanning  Scanning is a potential attack action. It does not directly interrupt network devices. However, it gathers relevant network information before an attack. Address scanning An attacker sends ICMP packets to destination addresses or uses TCP/UDP packets to initiate connections with certain IP addresses. By checking whether there are response packets, the attacker can determine which target systems are alive and connected to the target network. Port scanning An attacker probes the network structure by scanning ports to identify ports open to the attack target, so as to determine the attack mode. The attacker usually uses the Port Scan software to initiate connections to a series of TCP or UDP ports on a wide range of hosts. Based on the response packets, the attacker can determine whether the hosts use these ports for providing services.
Page 13 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Spoofing Attack - Obtaining the Control Permission  Attackers can obtain the control permission by brute force cracking of passwords. Also, attackers can launch spoofing attacks such as IP spoofing to obtain access and control permissions.  IP spoofing: An attacker may send packets with forged source IP addresses to target hosts to obtain superior access and control permissions. B: 192.168.0.6 A: 192.168.0.1 Sniffer 192.168.0.1 Request Sniffed Paralyze
Page 14 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved.  DDoS attacks:  Exhaust network bandwidth  Exhaust server resources Launching a DDoS Attack Zombies Control traffic Attacker Botnet Jump server Attack traffic Attack target
Page 15 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Defense Measures for Cyber Attacks  Firewalls: Deploying firewalls at the intranet egresses of medium- and large-sized enterprises and data centers can efficiently defend against common DDoS attacks and traditional single-packet attacks.  Anti-DDoS devices: Anti-DDoS solutions provide professional anti-DDoS services for carriers, enterprises, data centers, portal websites, online games, online videos, and DNS services. • Anti-DDoS devices Protection through professional equipment • Firewall
Page 16 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Current Situation of Information Security Threats 2. Threats to Network Security 3. Threats to Application Security 4. Threats to Data Transmission and Device Security
Page 17 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Worm Attack Against Weibo  Sina Weibo (the Chinese Twitter) was once hit by a worm that affected over 30,000 users in less than an hour. The attack process was as follows: The attacker created a user account, infected it with the worm, and sent the malicious link to a public section. Users clicked the malicious link with enticing titles and got their accounts infected. Exploit a web page vulnerability Spread the worm Infected user accounts automatically posted and sent out private messages to their followers. Infected messages increased exponentially, infecting a large number of user accounts. Phishing Take down the website
Page 18 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Threats Brought by Vulnerabilities  Vulnerabilities are defects in the implementation of hardware, software, or protocols or in system security policies. They allow attackers to access or damage systems without authorization.  If system vulnerabilities are not fixed in time, the following attacks may occur: Malicious code propagation Cross-site scripting (XSS) Injection Data breach
Page 19 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Phishing  "Phishing" is cyber fraud. It is the fraudulent attempt to obtain users' private information such as bank or credit card account and password, often for malicious reasons, by using the URL or web page content of an authentic website as disguise, or exploiting vulnerabilities of authentic website server programs to insert dangerous HTML code into some web pages of the website. Before accessing a website, check whether its address is an encrypted link starting with https. What? Refund? Dear customer, due to issues with the payment system, please log in to the XX website for a refund.
Page 20 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Malicious Code  Malicious code is computer code that is deliberately developed or constructed to cause threats or potential threats to a network or system. The most common malicious code includes viruses, Trojan horses, worms, and backdoors.  Malicious code is also called malware, which includes adware, spyware, and malicious shareware. Malware refers to software that is installed and run on a user's computer or other devices without explicitly notifying the user or obtaining the user's consent. Trojan horse Worm Virus Backdoor
Page 22 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Defense Measures for Application Attacks Regular vulnerability fixing • Patching • Vulnerability scanning • Constantly looking out for suspicious websites and links Improving information security awareness • Antivirus software • WAF Protection through professional equipment • Firewalls Regular vulnerability fixing Protection through professional equipment Improving information security awareness
Page 23 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Current Situation of Information Security Threats 2. Threats to Network Security 3. Threats to Application Security 4. Threats to Data Transmission and Device Security
Page 24 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Interception of User Communications  The National Security Agency (NSA) U.S. listened to encrypted communication between Google (including Gmail) and Yahoo users on the cloud.  The NSA exploited the encryption/decryption flaw of Google's front end server to circumvent the server and directly listen to backend plaintext data. Google's front end encryption/decryption device Public Internet Google Cloud
Page 25 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Tumblr User Information Breaches  More than half of the accounts and passwords of the microblogging website Tumblr were stolen by hackers.  Hackers invaded the Tumblr server in a certain way and stole information of Tumblr users. Tumblr stated that the breach would not cause damage to users because the database information was encrypted. However, the facts showed that the user information was encrypted using weak algorithms. After obtaining the encrypted user information, the hackers were able to quickly crack a large amount of user information. Why are information breaches so frequent?
Page 26 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Threats in Communication Process User identity not authenticated Users using weak passwords Device security risks Transmission security risks MITM attacks Data transmission not encrypted or inadequately encrypted Servers with vulnerabilities What security risks will occur during communications?
Page 27 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. MITM Attack  Man-in-the-middle (MITM) attack: A type of indirect intrusion attacks. In MITM attacks, an attacker uses a variety of technical means to virtually place a controlled computer between two computers in the network. This controlled computer is called a man in the middle.  Consequences of MITM attacks  Information tampering  Information theft Man in the middle User A User B
Page 28 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Not Encrypted or Inadequately Encrypted  If information is not encrypted, information security may be compromised. However, even if data is encrypted, information may also be stolen and cracked. Threat prevention suggestions Encrypt information before storage. Encrypt information before transmission. Use strong encryption algorithms.
Page 29 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Authentication Attack  An attacker obtains a user's identity authentication information by certain means, and uses the identity information to steal sensitive information or carry out illegal acts. It is a common form of attack.  Prevention suggestions  Install genuine antivirus software.  Use strong passwords.  Reduce the relevance between different passwords.
Page 30 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Quiz 1. Which of the following are threats to application security? A. Injection attack B. XSS C. IP spoofing attack D. Port scanning 2. Which of the following are device security risks? A. Servers with vulnerabilities B. Users using weak passwords C. Data transmission inadequately encrypted D. User identity not authenticated
Page 31 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Summary  Current Situation of Information Security Threats  Threats to Network Security  Threats to Application Security  Threats to Data Transmission and Device Security
Page 32 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Thank You www.huawei.com

Recommended

102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
SsendiSamuel
 
Cyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation SlidesCyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation Slides
SlideTeam
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
Julia Urbina-Pineda
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Sanjana Agarwal
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
Adam Shostack
 
Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021
Amrit Chhetri
 

Recommended

102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
SsendiSamuel
 
Cyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation SlidesCyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation Slides
SlideTeam
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
Julia Urbina-Pineda
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Sanjana Agarwal
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
Adam Shostack
 
Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021
Amrit Chhetri
 
Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR ModernizationApache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
Kai Wähner
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
Network Intelligence India
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
Narudom Roongsiriwong, CISSP
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
Information Technology
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
Anchises Moraes
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
Vishal Kumar
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
seadeloitte
 
Security architecture
Security architectureSecurity architecture
Security architecture
Duncan Unwin
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Arshad Khan
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
The importance of Cybersecurity
The importance of CybersecurityThe importance of Cybersecurity
The importance of Cybersecurity
Benoit Callebaut
 
Operational Security
Operational SecurityOperational Security
Operational Security
Splunk
 
PPT-Security-for-Management.pptx
PPT-Security-for-Management.pptxPPT-Security-for-Management.pptx
PPT-Security-for-Management.pptx
RSAArcher
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
mohamed nasri
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmap
DATA SECURITY SOLUTIONS
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trends
SsendiSamuel
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-Security
IRJET Journal
 

More Related Content

What's hot

Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR ModernizationApache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
Kai Wähner
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
Network Intelligence India
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
Narudom Roongsiriwong, CISSP
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
Information Technology
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
Anchises Moraes
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
Vishal Kumar
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
seadeloitte
 
Security architecture
Security architectureSecurity architecture
Security architecture
Duncan Unwin
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Arshad Khan
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
The importance of Cybersecurity
The importance of CybersecurityThe importance of Cybersecurity
The importance of Cybersecurity
Benoit Callebaut
 
Operational Security
Operational SecurityOperational Security
Operational Security
Splunk
 
PPT-Security-for-Management.pptx
PPT-Security-for-Management.pptxPPT-Security-for-Management.pptx
PPT-Security-for-Management.pptx
RSAArcher
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
mohamed nasri
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmap
DATA SECURITY SOLUTIONS
 

What's hot (20)

Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR ModernizationApache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
The importance of Cybersecurity
The importance of CybersecurityThe importance of Cybersecurity
The importance of Cybersecurity
 
Operational Security
Operational SecurityOperational Security
Operational Security
 
PPT-Security-for-Management.pptx
PPT-Security-for-Management.pptxPPT-Security-for-Management.pptx
PPT-Security-for-Management.pptx
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmap
 

Similar to 105 Common information security threats

106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trends
SsendiSamuel
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-Security
IRJET Journal
 
module 1 Cyber Security Concepts
module 1 Cyber Security Conceptsmodule 1 Cyber Security Concepts
module 1 Cyber Security Concepts
Sitamarhi Institute of Technology
 
Common Types of Cyber Attacks & How to Prevent Them.pptx
Common Types of Cyber Attacks & How to Prevent Them.pptxCommon Types of Cyber Attacks & How to Prevent Them.pptx
Common Types of Cyber Attacks & How to Prevent Them.pptx
KalponikPrem
 
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive AnalysisEmerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
IRJET Journal
 
ENSA_Module_3.pptx
ENSA_Module_3.pptxENSA_Module_3.pptx
ENSA_Module_3.pptx
SkyBlue659156
 
Global Technologies and Risks Trends
Global Technologies and Risks TrendsGlobal Technologies and Risks Trends
Global Technologies and Risks Trends
Charles Mok
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threatsReadWrite
 
Cybersecurity2021
Cybersecurity2021Cybersecurity2021
Cybersecurity2021
PrabhatChoudhary11
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
rausdeen anfas
 
Mim Attack Essay
Mim Attack EssayMim Attack Essay
Mim Attack Essay
Haley Johnson
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
AbhishekDas794104
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
alinainglis
 
Cyber Security.docx
Cyber Security.docxCyber Security.docx
Cyber Security.docx
TanushreeChakraborty27
 
Cyber crime & security
Cyber crime & security Cyber crime & security
Cyber crime & security
aravindanvaithilinga
 
R20BM564.pptx
R20BM564.pptxR20BM564.pptx
R20BM564.pptx
MADARAUCHIHA278827
 

Similar to 105 Common information security threats (20)

106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trends
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-Security
 
module 1 Cyber Security Concepts
module 1 Cyber Security Conceptsmodule 1 Cyber Security Concepts
module 1 Cyber Security Concepts
 
Module 1.pdf
Module 1.pdfModule 1.pdf
Module 1.pdf
 
Common Types of Cyber Attacks & How to Prevent Them.pptx
Common Types of Cyber Attacks & How to Prevent Them.pptxCommon Types of Cyber Attacks & How to Prevent Them.pptx
Common Types of Cyber Attacks & How to Prevent Them.pptx
 
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive AnalysisEmerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
 
ENSA_Module_3.pptx
ENSA_Module_3.pptxENSA_Module_3.pptx
ENSA_Module_3.pptx
 
Global Technologies and Risks Trends
Global Technologies and Risks TrendsGlobal Technologies and Risks Trends
Global Technologies and Risks Trends
 
Cyber security
Cyber securityCyber security
Cyber security
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threats
 
Cybersecurity2021
Cybersecurity2021Cybersecurity2021
Cybersecurity2021
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
 
Mim Attack Essay
Mim Attack EssayMim Attack Essay
Mim Attack Essay
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Web Attack Survival Guide
Web Attack Survival GuideWeb Attack Survival Guide
Web Attack Survival Guide
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
 
Cyber Security.docx
Cyber Security.docxCyber Security.docx
Cyber Security.docx
 
Cyber crime & security
Cyber crime & security Cyber crime & security
Cyber crime & security
 
R20BM564.pptx
R20BM564.pptxR20BM564.pptx
R20BM564.pptx
 

More from SsendiSamuel

104 Common network devices
104 Common network devices104 Common network devices
104 Common network devices
SsendiSamuel
 
103 Basic network concepts
103 Basic network concepts103 Basic network concepts
103 Basic network concepts
SsendiSamuel
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information security
SsendiSamuel
 
Chapter 06: cloud computing trends
Chapter 06: cloud computing trendsChapter 06: cloud computing trends
Chapter 06: cloud computing trends
SsendiSamuel
 
Chapter 05: introduction to virtualization features
Chapter 05: introduction to virtualization featuresChapter 05: introduction to virtualization features
Chapter 05: introduction to virtualization features
SsendiSamuel
 
Chapter 04: Storage virtualization basics
Chapter 04: Storage virtualization basicsChapter 04: Storage virtualization basics
Chapter 04: Storage virtualization basics
SsendiSamuel
 
Chapter 03: Network basics for cloud computing
Chapter 03: Network basics for cloud computingChapter 03: Network basics for cloud computing
Chapter 03: Network basics for cloud computing
SsendiSamuel
 
Chapter 01: A brief introduction to cloud computing
Chapter 01: A brief introduction to cloud computingChapter 01: A brief introduction to cloud computing
Chapter 01: A brief introduction to cloud computing
SsendiSamuel
 
Chapter 02: Introduction to compute virtualization
Chapter 02: Introduction to compute virtualizationChapter 02: Introduction to compute virtualization
Chapter 02: Introduction to compute virtualization
SsendiSamuel
 

More from SsendiSamuel (9)

104 Common network devices
104 Common network devices104 Common network devices
104 Common network devices
 
103 Basic network concepts
103 Basic network concepts103 Basic network concepts
103 Basic network concepts
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information security
 
Chapter 06: cloud computing trends
Chapter 06: cloud computing trendsChapter 06: cloud computing trends
Chapter 06: cloud computing trends
 
Chapter 05: introduction to virtualization features
Chapter 05: introduction to virtualization featuresChapter 05: introduction to virtualization features
Chapter 05: introduction to virtualization features
 
Chapter 04: Storage virtualization basics
Chapter 04: Storage virtualization basicsChapter 04: Storage virtualization basics
Chapter 04: Storage virtualization basics
 
Chapter 03: Network basics for cloud computing
Chapter 03: Network basics for cloud computingChapter 03: Network basics for cloud computing
Chapter 03: Network basics for cloud computing
 
Chapter 01: A brief introduction to cloud computing
Chapter 01: A brief introduction to cloud computingChapter 01: A brief introduction to cloud computing
Chapter 01: A brief introduction to cloud computing
 
Chapter 02: Introduction to compute virtualization
Chapter 02: Introduction to compute virtualizationChapter 02: Introduction to compute virtualization
Chapter 02: Introduction to compute virtualization
 

Recently uploaded

A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
BhavyaRajput3
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdfAdversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Po-Chuan Chen
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
Nguyen Thanh Tu Collection
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
DhatriParmar
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Thiyagu K
 
Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
RaedMohamed3
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
kaushalkr1407
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
MIRIAMSALINAS13
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
Tamralipta Mahavidyalaya
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
Jheel Barad
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
 

Recently uploaded (20)

A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdfAdversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
 
Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 

105 Common information security threats

  • 1. www.huawei.com Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Common Information Security Threats
  • 2. Page 2 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Foreword  Information systems are often vulnerable and have sensitive, confidential information that needs to be communicated. Therefore, they are under threat in various scenarios and through various means.  This class uses some case studies about common attacks to introduce possible threats to the information system.
  • 3. Page 3 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Objectives  Upon completion of this course, you will be able to:  Categorize information security threats.  Describe common information security threat means.
  • 4. Page 4 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Current Situation of Information Security Threats 2. Threats to Network Security 3. Threats to Application Security 4. Threats to Data Transmission and Device Security
  • 5. Page 5 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Endless Security Incidents  On May 12, 2017, the WannaCry ransomware attack broke out at about 8:00 p.m and spread worldwide. Computers infected with WannaCry were vulnerable to attacks once turned on.  In 2017, the traffic of users of multiple software applications in China was hijacked during software upgrade. The users thought they were upgrading the software while they were actually installing viruses.  More than 90% of telecommunication fraud is targeted fraud conducted using precise information of citizens.  In Feb. 2018, the popular online game "Final Fantasy XIV" suffered a three-hour DDoS attack.  On Nov. 10, 2016, five major Russian banks suffered from a DDoS attack lasting for two days. Attack through malicious code Personal information breach Communication process hijacking DDoS attack Security Incident
  • 6. Page 6 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Beginning of the Cyberwar - Stuxnet  In February 2011, Iran suddenly announced it was to unload fuel from its first nuclear power station. Previously, the industry said Iran needed only one year to be capable of quickly creating nuclear weapons. However, the Stuxnet attack ruined one fifth of the centrifuges of Iran, postponing the research for at least two years, during which time the global landscape changed. Infected over 45,000 networks worldwide Computer worm First worm capable of targeted attack of physical (energy) infrastructure facilities Employed multiple attack means Most sophisticated cyber weapon in history Stuxnet Exploited mobile media to implant viruses
  • 7. Page 7 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Evolution of Information Security Attacks Forms of attack largely unchanged Current attackers still use viruses, phishing, etc. to target vulnerabilities, much the same as in the past. More sophisticated attack means A major attack usually requires sophisticated deployment, long-term incubation, and a combination of multiple attack methods to achieve the ultimate goal. Diverse attack purposes The attack targets range from targeting personal computers to being used to influence economy, politics, war, energy, and even the global landscape.
  • 8. Page 8 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Security Threat Categories Threats to Data Transmission and Device Security Threats to Cyber Security Threats to Application Security  OS vulnerabilities  Viruses (such as Trojan horses and worms)  Phishing websites  Data breaches  DDoS attacks  Network intrusion  Communication traffic hijacking  Man-in-the-middle (MITM) attacks  Unauthorized login to the system  Weak security protection for Wireless Networks
  • 9. Page 9 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Current Situation of Information Security Threats 2. Threats to Network Security 3. Threats to Application Security 4. Threats to Data Transmission and Device Security
  • 10. Page 10 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. DDoS Attacks Against Dyn DNS Service in the United States  On October 21, 2016, the DNS service from Dyn in the U.S. was hit by DDoS attacks from about 11:00 a.m. to 5:00 p.m. UTC. The attacks paralyzed nearly half the networks in the United States.  These large-scale DDoS attacks were launched from botnets formed by IoT devices, which were infected with Mirai malware. IPC DVR Router IoT devices that launch attacks
  • 11. Page 11 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Process of a Mirai Attack Scan for open Telnet service ports (23/2323) on the network Crack the IoT device passwords through brute force and implant the Mirai malware into the devices for remote control Look for zombies Load the attack module Load the DNS DDoS attack module Launch a DDoS attack trough the botnet, making customers' websites inaccessible Build a botnet Launch an attack What means were used in this attack?
  • 12. Page 12 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Scanning  Scanning is a potential attack action. It does not directly interrupt network devices. However, it gathers relevant network information before an attack. Address scanning An attacker sends ICMP packets to destination addresses or uses TCP/UDP packets to initiate connections with certain IP addresses. By checking whether there are response packets, the attacker can determine which target systems are alive and connected to the target network. Port scanning An attacker probes the network structure by scanning ports to identify ports open to the attack target, so as to determine the attack mode. The attacker usually uses the Port Scan software to initiate connections to a series of TCP or UDP ports on a wide range of hosts. Based on the response packets, the attacker can determine whether the hosts use these ports for providing services.
  • 13. Page 13 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Spoofing Attack - Obtaining the Control Permission  Attackers can obtain the control permission by brute force cracking of passwords. Also, attackers can launch spoofing attacks such as IP spoofing to obtain access and control permissions.  IP spoofing: An attacker may send packets with forged source IP addresses to target hosts to obtain superior access and control permissions. B: 192.168.0.6 A: 192.168.0.1 Sniffer 192.168.0.1 Request Sniffed Paralyze
  • 14. Page 14 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved.  DDoS attacks:  Exhaust network bandwidth  Exhaust server resources Launching a DDoS Attack Zombies Control traffic Attacker Botnet Jump server Attack traffic Attack target
  • 15. Page 15 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Defense Measures for Cyber Attacks  Firewalls: Deploying firewalls at the intranet egresses of medium- and large-sized enterprises and data centers can efficiently defend against common DDoS attacks and traditional single-packet attacks.  Anti-DDoS devices: Anti-DDoS solutions provide professional anti-DDoS services for carriers, enterprises, data centers, portal websites, online games, online videos, and DNS services. • Anti-DDoS devices Protection through professional equipment • Firewall
  • 16. Page 16 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Current Situation of Information Security Threats 2. Threats to Network Security 3. Threats to Application Security 4. Threats to Data Transmission and Device Security
  • 17. Page 17 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Worm Attack Against Weibo  Sina Weibo (the Chinese Twitter) was once hit by a worm that affected over 30,000 users in less than an hour. The attack process was as follows: The attacker created a user account, infected it with the worm, and sent the malicious link to a public section. Users clicked the malicious link with enticing titles and got their accounts infected. Exploit a web page vulnerability Spread the worm Infected user accounts automatically posted and sent out private messages to their followers. Infected messages increased exponentially, infecting a large number of user accounts. Phishing Take down the website
  • 18. Page 18 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Threats Brought by Vulnerabilities  Vulnerabilities are defects in the implementation of hardware, software, or protocols or in system security policies. They allow attackers to access or damage systems without authorization.  If system vulnerabilities are not fixed in time, the following attacks may occur: Malicious code propagation Cross-site scripting (XSS) Injection Data breach
  • 19. Page 19 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Phishing  "Phishing" is cyber fraud. It is the fraudulent attempt to obtain users' private information such as bank or credit card account and password, often for malicious reasons, by using the URL or web page content of an authentic website as disguise, or exploiting vulnerabilities of authentic website server programs to insert dangerous HTML code into some web pages of the website. Before accessing a website, check whether its address is an encrypted link starting with https. What? Refund? Dear customer, due to issues with the payment system, please log in to the XX website for a refund.
  • 20. Page 20 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Malicious Code  Malicious code is computer code that is deliberately developed or constructed to cause threats or potential threats to a network or system. The most common malicious code includes viruses, Trojan horses, worms, and backdoors.  Malicious code is also called malware, which includes adware, spyware, and malicious shareware. Malware refers to software that is installed and run on a user's computer or other devices without explicitly notifying the user or obtaining the user's consent. Trojan horse Worm Virus Backdoor
  • 21. Page 22 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Defense Measures for Application Attacks Regular vulnerability fixing • Patching • Vulnerability scanning • Constantly looking out for suspicious websites and links Improving information security awareness • Antivirus software • WAF Protection through professional equipment • Firewalls Regular vulnerability fixing Protection through professional equipment Improving information security awareness
  • 22. Page 23 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Current Situation of Information Security Threats 2. Threats to Network Security 3. Threats to Application Security 4. Threats to Data Transmission and Device Security
  • 23. Page 24 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Interception of User Communications  The National Security Agency (NSA) U.S. listened to encrypted communication between Google (including Gmail) and Yahoo users on the cloud.  The NSA exploited the encryption/decryption flaw of Google's front end server to circumvent the server and directly listen to backend plaintext data. Google's front end encryption/decryption device Public Internet Google Cloud
  • 24. Page 25 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Tumblr User Information Breaches  More than half of the accounts and passwords of the microblogging website Tumblr were stolen by hackers.  Hackers invaded the Tumblr server in a certain way and stole information of Tumblr users. Tumblr stated that the breach would not cause damage to users because the database information was encrypted. However, the facts showed that the user information was encrypted using weak algorithms. After obtaining the encrypted user information, the hackers were able to quickly crack a large amount of user information. Why are information breaches so frequent?
  • 25. Page 26 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Threats in Communication Process User identity not authenticated Users using weak passwords Device security risks Transmission security risks MITM attacks Data transmission not encrypted or inadequately encrypted Servers with vulnerabilities What security risks will occur during communications?
  • 26. Page 27 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. MITM Attack  Man-in-the-middle (MITM) attack: A type of indirect intrusion attacks. In MITM attacks, an attacker uses a variety of technical means to virtually place a controlled computer between two computers in the network. This controlled computer is called a man in the middle.  Consequences of MITM attacks  Information tampering  Information theft Man in the middle User A User B
  • 27. Page 28 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Not Encrypted or Inadequately Encrypted  If information is not encrypted, information security may be compromised. However, even if data is encrypted, information may also be stolen and cracked. Threat prevention suggestions Encrypt information before storage. Encrypt information before transmission. Use strong encryption algorithms.
  • 28. Page 29 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Authentication Attack  An attacker obtains a user's identity authentication information by certain means, and uses the identity information to steal sensitive information or carry out illegal acts. It is a common form of attack.  Prevention suggestions  Install genuine antivirus software.  Use strong passwords.  Reduce the relevance between different passwords.
  • 29. Page 30 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Quiz 1. Which of the following are threats to application security? A. Injection attack B. XSS C. IP spoofing attack D. Port scanning 2. Which of the following are device security risks? A. Servers with vulnerabilities B. Users using weak passwords C. Data transmission inadequately encrypted D. User identity not authenticated
  • 30. Page 31 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Summary  Current Situation of Information Security Threats  Threats to Network Security  Threats to Application Security  Threats to Data Transmission and Device Security
  • 31. Page 32 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Thank You www.huawei.com