PROGRAMME NAME: DIPLOMA IN CYBER SECURITY LEARNER

ID: 2306000672

ASSIGNMENT NAME: CYB401

ASSIGNMENT TITLE: CYBER SECURITY THREAT AND RISK

TABLE OF CONTENTS

CHAPTER 1: COMPLEX BUSINESS CYBER SECURITY THREATS AND RISKS……... 2

1.1 MAJOR CYBER BREACHES AND METHODS OF ATTACK THAT HAVE

SEVERELY IMPACTED BUSINESSES AND PUBLIC ORGANISATIONS..3
1.2 HOW TO CALCULATE THE BUSINESS IMPACT OF A SUSPECTED OR
ACTUAL CYBER SECURITY BREACH……………………………………….4

CHAPTER 2: MEGABREACHES AND EXPLAIN MALWARE AND RANSOMWARE

ATTACKS…………………………………………………………………………………………….6

2.1 THREAT AND RISK MANAGEMENT CONCEPTS AND MODELS……….7

2.2 MALWARE, RANSOMWARE, AND OTHER FORMS OF INTENTIONAL

MALICIOUS CYBER ATTACKS……………………………………………….7

CHAPTER 3: HOW THREATS AND MALICIOUS HACKERS ARE ADVANCING AND

DEVELOPING CUSTOMIZED INTRUSION TOOLS…………………………………………….9

3.1 THE DEVELOPMENT OF CUSTOMISED INTRUSION TOOLS AND THEIR

USE BY MALICIOUS HACKERS………………………………………………10
3.2 HOW AN INTRUSION OCCURS CAN CAUSE A MEGA DATA BREACH11

REFERENCES………………………………………………………………………………………12

1
CHAPTER 1: COMPLEX BUSINESS CYBER SECURITY THREATS AND RISKS.

2
1.1 MAJOR CYBER BREACHES AND METHODS OF ATTACK THAT HAVE SEVERELY
IMPACTED BUSINESSES AND PUBLIC ORGANISATIONS

Due to the adoption of cloud technology, most businesses prefer to save their data in the
cloud. This development has made them vulnerable to cybercriminals. Due to this
development, businesses may need to spend more money on cyber security, which may
trickle down to the increase in cost for customers. Businesses that cyber attackers have
successfully attacked have lost billions of dollars. Around 30,000 Americans have been
duped, and the government has lost up to $60 million," claimed East Java police head Nico
Afinta (CBS News, 2021). According to business insurer Hiscox, companies lost 1.8 billion
dollars to cybercrime in 2019, with heavy targets on energy, financial services, technology,
and manufacturing. Cyber threats have damaged the reputation of many companies and
affected the integrity of their product in the market. It has caused a lack of trust among
shareholders and reduced the stock value of most companies. Cybercriminals are swiftly
enlisting Internet of Things (IoT) devices (Abiodun et al., 2021a, Abiodun et al., 2021b) into
their botnet forces, according to the current threat intelligence discoveries from A10
Networks' cybersecurity researchers, boosted by Mozi malware spreading throughout the
world. Some businesses store their intellectual documents in the cloud for easy accessibility
from anywhere. It increases the risk of cybercrime from any unauthorized access. If a
cybercriminal gains access to such information, they may sell it or exploit it to a competitor of
the company's brand. Criminals can extensively study the organization and its linked
individuals to imitate a believable attack. Information about some organizations is freely
available online (Burns et al., 2019). Below are some of the ways cyber-attacks can severely
impact the business. Payment of ransom to gain access to critical parts of the IT
infrastructure of the organization businesses impacted by cyber-attacks incur more costs on
operational activities and internal business processes.

The reputation of businesses affected by cyber-attacks is always an issue of concern to their

customers. They may have to pay millions to restore their brand image to their customers.
Businesses affected by cyber-attacks may lose large amounts of revenue, resulting in a
complete shutdown of the business operation.

Some of the effects of cyber threats are consuming business resources and reducing the
operational effectiveness of doing business. It can also cause a downtime in business
processes. It was recorded in 2022 that the audited fees without companies with cyber
breaches were 13 percent higher than companies without data breaches. As more people
are infected with coronavirus, so do dangerous cyber-attacks such as spam emails,

3
phishing, malware, ransomware, and malicious domains that utilize the virus as bait (French
et al., 2021).

For some businesses, cyber-attacks have lower credit ratings, reducing their chances of
securing a loan to finance their business operation. It will automatically increase the financial
risk of such organizations.

Compromising customer information is a major issue that leads a business into litigation and
several court cases. A cyber-attacker can steal customers' important information stored on
the server and sell it for financial gain. Such an organization may have serious legal issues,
which may halt the entire business process or activity.

1.2 HOW TO CALCULATE THE BUSINESS IMPACT OF A SUSPECTED OR ACTUAL

CYBER SECURITY BREACH.
Most organizations have suffered from data breaches due to human error, cyberattacks, or
negligence on the part of staff. Billions of dollars have been lost, which cannot be quantified.
According to Verizon's Data Breach Investigation Report (DBIR), a data breach is analyzed
into different sectors. Some of the deductions from this report are
Covid has increased data breaches from phishing, ransomware, and credential theft.
The main actor in a data breach is doing it for financial or financial purposes(Ekran 2021).
The cost of a data breach is lower in the organization at a mature stage of zero trust.
Regarding remote work, the average cost of a data breach is one million dollars higher when
remote work is a factor. ( Advisors Team, 2017).
Personal data is the most expensive data in a data breach, which increased in 2020.
Some factors that increase the cost of data breaches are third-party breaches, compliance
regulations, cloud data migration, and many more.
The top five countries with the highest data breaches are the USA, Canada, the Middle East,
Germany, and Japan.
Healthcare, according to data over the last 11 years, is the most affected sector by data
breaches. Finance, Pharmaceutical, and Technology follow it.
Quantifying the level of data breaches in an organizational environment will not only estimate
the loss in the organization but also save the cost that could have been used in mitigating
the loss. Two methods can be used to determine the quantity of data breaches in
businesses.
Activity-Based Costing: This method assigns cost based on all the activities of the product
and services, the product of the organization, and the consumption of the services. There
are four methods on which the data breach identification can be based:

4
 ¨ Detection and escalation
¨ Notification of the breach
¨ Response to the issue
The loss derived from the effect
Factor Analysis Information Risk (FAIR): It is the only internationally recognized method for
quantifying cyber risk in an organization. This method is maintained by the Open Group, a
global consortium that enables the achievement of business objectives with IT standards.
This method is an international standard like every other international standard.

5
CHAPTER 2: MEGABREACHES AND EXPLAIN MALWARE AND RANSOMWARE
ATTACKS.

6
2.1 THREAT AND RISK MANAGEMENT CONCEPTS AND MODELS

Risk management is the identification of vulnerabilities within and outside an organization's

infrastructure and creating of a strategy to assess and control their occurrence.
Organizations create a budget to manage all the possible risks within and outside their
infrastructures. To identify the vulnerability within a system, you must identify all the threats
and model a way around them. Threats are vulnerabilities in an organization that an attacker
can exploit to implement their strategy(Yassine Aboukir , 2018). Threat modeling is a
strategy that identifies an organization's potential risks and vulnerabilities to mitigate against
them. Some organizations integrate threat model into their software development lifecycle
(SDLC) to detect the problem early and mitigate against it. Implementing a threat model can
help an organization create a contingency plan for security. It can also serve as a resource
for penetration testing. Some of the models used in threat modeling are
Strides model: The stride model framework analyzes all the vulnerabilities and potential risks
in software systems. It provides a framework for addressing all the security risks during
software development and design. The acronym STRIDE denotes Spoofing, Tampering,
Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. Spoofing
deals with the authentication process, defining the threat as someone other than yourself.
Tampering deals with the system's integrity, which defines the threat as modifying
credentials on the network. Repudiation deals with non-repudiation, which means claiming
they did not do something. Information disclosure deals with confidentiality and defines the
permission level of users. Denial of service deals with availability and defines the level of
exhausting the resources to provide service. Elevation of privilege deals with authority, which
defines the privilege given to different users(Saurabh Jain, 2021).
Process for Attack Simulation and Threat Analysis (PASTA): This framework is a risk-centric
model focusing on threats' business impact. It involves seven steps: objectives, creating an
application profile, identifying the threats, assessing vulnerabilities, analyzing risks, defining
countermeasures, and validating the results.
2.2 MALWARE, RANSOMWARE, AND OTHER FORMS OF INTENTIONAL MALICIOUS
CYBER ATTACKS.
Malware is a malicious computer program designed to cause an attack on a computer or
device within a network. There are so many types of malware. These include Trojan horses,
viruses, ransomware, and many more. Malware completely crashes a network infrastructure
or can cause harm to endpoint users within a network, depending on the intention it was
designed to achieve. All malware is designed to exploit an endpoint user within a network for
the benefit of the malicious hacker. Malware developer always uses physical and virtual
means to spread their malicious application within a network. Some malware exploits the

7
opportunity of web proxies to hide malicious traffic from their application to the network.
Some sophisticated malware can change the underlying code to avoid being detected. In
addition, fileless malware resides on the RAM to avoid being detected. Some of the
examples of malware are
Virus: A virus is a program that replicates itself to another program without interference.
Viruses can spread from any resources used on the network or from an email attachment. If
a virus can infect the host in a network environment, it can easily spread to other endpoint
users and disable or infect important resources within the network. Some viruses are event-
triggered, while some replicate by themselves.
Ransomware: Ransomware is a form of malware that locks the information or data of the
computer until a ransom is paid. Ransomware hackers always demand payment, unlike
other forms of malware. They often contact the owner of the file or data after the action is
implemented. Ransomware kits can be generated from the deep web and used to distribute
ransom applications. The cybercriminal can now demand ransom in bitcoin, which keeps
their identity anonymous.
Trojan Horse: A trojan horse is an application developed to imitate legitimate software to
fool a click to launch it within the network. This application can spread to other users within
the network once clicked. A Trojan horse can not launch itself on a system. The victim must
download and launch it before it can infect the system.
Spyware: Spyware is a form of malware developed to exploit information from users or
observe their network activity unknowingly.

8
CHAPTER 3: HOW THREATS AND MALICIOUS HACKERS ARE ADVANCING AND
DEVELOPING CUSTOMIZED INTRUSION TOOLS.

9
3.1 THE DEVELOPMENT OF CUSTOMISED INTRUSION TOOLS AND THEIR USE BY
MALICIOUS HACKERS.
Intrusion tools are software or programs or API developed by intruders to gain access to a
network or host within a network infrastructure to cause harm or steal valuable information
from the network. Some of these tools are
JBiFrost RAT: It is a software developed in Java programming language that helps cyber
criminals to penetrate different operating systems, including Windows, Linux, MacOS, and
Android. Once this RAT program is installed on a victim's computer, it automatically enables
administrative control to the attacker. It can disable the task manager and hide itself from the
start-up program(Danny Palmer, 2018). It can install back-loggers, take screenshots, and
exfiltrate data on victim computers. It. is mostly sent to the victim's computer through email
attachment. Other abilities of JBifrost include:
• Opening a window registry.
• Restarting the computer in safe mode.
• Creating new files.
• Increasing disk activity or network activity.
• Connecting with malicious IP addresses.
Web Shells: Web Shells are scripts that cybercriminals upload to target after an initial
compromise to gain remote access to the computer so the attacker can have administrative
access and access other resources within the network.
One of the commonly used examples of web shells is China Chopper. It has been widely
used to access servers and compromise files. When an attacker installs a China chopper on
a system, it can be accessed from anywhere to rename, delete, copy, or change the time
stamp on files(CBR Staff Writer 2018).
Mimikatz: This application was developed to collect users' login credentials to a victim's
Windows computer using the Local Security Authority Subsystem Service(LSASS). This
application is an open-source application, thereby giving the attackers the privilege of
developing custom plugins.
PowerShell Empire Framework: The PowerShell was developed as a legitimate
penetration testing tool but provides the privilege to escalate privilege, harvest credentials,
exfiltrate information, and move across a network. If an attacker has access to this
application, they can operate the entire memory because it is built on a legitimate
application.
HTran: In penetrating their victim, cybercriminals hide their identity and locations when
compromising a target. They may use TOR or proxy tools like HUC packet transmitter
(HTran), which can be used to intercept and redirect TCP from host to remote host. It has
been available on the internet since 2009.

10
3.2 HOW AN INTRUSION OCCURS CAN CAUSE A MEGA DATA BREACH.
A hacker behind an intrusion can cause a data breach to the organization's reputation and
financial reputation. Data breach has caused a lot of reputation damage to the image of most
company's brand and has reduced their acceptance in the market. Organizations like Yahoo
and Target have been victims of such occurrences by losing millions of dollars in revenue.
The intrusion of cybercriminals into a company's infrastructure can expose sensitive
information into the public domain, which may cause mega damage to the company's
reputation. Cybercriminals can have access from banking information to social security
numbers (SSNs) when data intrusion occurs(Paul Sparrow 2022). In 2019, Facebook
suffered a mega data breach that affected not fewer than 500 million users. It generates a
fine of $277 from the Irish Data Protection Commission. In 2013, 3 billion accounts were
breached in Yahoo. In early 2018, news broke that cybercriminal actors had infiltrated the
world's largest ID database, Aadhaar, exposing information on more than 1.1 billion Indian
citizens. Professional networking site LinkedIn saw data associated with 700 million users
posted on dark web forums in July 2021, impacting more than 90 percent of its users(Ani
Petrosyan, 2023). Most of these attacks have led to serious lawsuits, which have caused
huge financial implications for most of the organization.
Data breach for businesses has direct and indirect expenses on the organizations. Some of
the direct expenses include forensic experts, hotline support, credit monitoring subscriptions,
and potential settlement. Indirect cost includes:
• In-house investigation and communication.
• Customer turnover.
• Diminished rate to the organization.
Another implication of data intrusion is fraud. A criminal can penetrate the network
infrastructure to commit fraud with the identity of the organization's customers. It can cause
mega damage to the organization's reputation, thereby causing them to lose revenue. It can
also affect the trust of shareholders in the business, which may lead to a drop in the
organization's financial investment.

11
 REFERENCES

Cbsnews (2021). https://www.cbsnews.com/news/us-covid-relief-hacking-hackers-arrested-

indonesia-aid-program-scam/.

Abiodun O.I., Abiodun E.O., Alawida M., Alkhawaldeh R.S., Arshad H. A review on the
security of the internet of things: challenges and solutions. Wireless Pers.
Commun. 2021;119(3):2603–2637. [Google Scholar] [Ref list]

Burns A.J., Johnson M.E., Caputo D.D. Spear phishing in a barrel: Insights from a targeted
phishing campaign. J. Organiz. Comp. Electr. Commerce. 2019;29(1):24–39. [Google
Scholar] [Ref list]

French G., Hulse M., Nguyen D., Sobotka K., Webster K., Corman J., Ewing M. Impact of
hospital strain on excess deaths during the COVID-19 pandemic—United States, July 2020–
July 2021. Morb. Mortal. Wkly Rep. 2021;70(46):1613. [PMC free article] [PubMed] [Google
Scholar] [Ref list]

How to Calculate the Cost of a Data Breach, November 9, 2021 – Ekran

Measuring Security and the Financial Impact of Data Breaches by Advisors Team, May 23,
2017 – Focal Point
Kesavulu, Manoj, et al. "An Overview of User-level Usage Monitoring in Cloud Environment."
2018, https://core.ac.uk/download/155660114.pdf.

Yassine Aboukir https://resources.infosecinstitute.com/topics/management-compliance-

auditing/understanding-role-threat-modeling-risk-management/ 2018

Saurabh Jain, 2021 https://radiumhacker.medium.com/threat-modelling-frameworks-sdl-

stride-dread-pasta-93f8ca49504e

Danny Palmer, 2018 https://www.zdnet.com/article/security-warning-attackers-are-using-

these-five-hacking-tools-to-target-you/

CBR Staff Writer 2018 The 5 Most Commonly Used Hacking Tools – and How to Defend
Against Them - https://techmonitor.ai/technology/cybersecurity/hacking-tools-ncsc

Paul Sparrow 2022 https://www.infosecurity-magazine.com/blogs/looking-back-mega-

breaches-trends/

Ani Petrosyan, Aug 30, 2023 https://www.statista.com/statistics/290525/cyber-crime-biggest-

online-data-breaches-worldwide/

12
13