1.6 Cyber Attacks

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

2 hours 7 minutes
Video Transcription
Hey, everyone, welcome back to the course. So in the last video, we wrapped up our discussion on the different violation or the different penalties for violating HIPPA. We talked about civil and criminal violations.
In this video, we're gonna go ahead and jump into cyber attacks, So I'm gonna hit this at a very, very high level. I don't want to get to Gigi in this course, but I'm just gonna talk about some of the differences between things like viruses, worms. Trojans will also do a quick discussion on fishing, so I'll talk about phishing attacks. We'll also talk about
what's called de dos attacks or distributed denial of service attacks
as well. It's a hip hop breach notification rule.
So quick pre assessment question. And you may or may not know the answer to this. I try to keep it pretty simple. Based off the level of this course, eso computer viruses are self propagating. Is that true or false?
Are so that's false. And we're gonna talk about what is self propagating in just a little bit here.
So we've got different types of nowhere, and these were kind of the most common formats. Ransomware is actually tucked into this as well. So we got viruses warms in Trojan. That's kind of a traditional ones we think of.
So viruses are gonna need some type of host. This is just some virus code here. You don't worry about what that is for this course on, Basically, viruses attached themselves to file, so they are not self replicating. So I want to state that the viruses are not self replicating.
So going back to the previous question,
so different virus types. There's many, many different types out there. Most viruses actually includes several components wrapped into one. But we got boot sector that affects the boot sector. So basically, as I reboot my machine, the virus doesn't go away. It keeps popping up for me,
ransomware, which will actually show in the next video when we do the example.
Ah, show virus. So basically, the virus code is just encased with, you know, code. So that way it can potentially fool antivirus ran timeout where solutions. It doesn't work too well these days. Polymorphic. So So That's kind of like
you've got that that cockroach that will not die, right? So you spray cockroaches each year. You get rid of them,
and then they adapt to whatever chemical you're using. And then you have to spray him with something different, different the next year to get rid of them. So that's think of that with a polymorphic virus. It keeps changing its code as we detected. Or as you know, so that way it can't be detected or, you know, result.
And then we've got our macro viruses A lot of people have heard about. You know, this this is actually, surprisingly, is still a pretty, pretty prevalent attack type. Uh,
but think of like your word document your Excel document. That's that's the macros. And so nowadays, when you download like a word document, it's gonna download in protected mode where it makes you like, click to edit of document if you want to, like, actually do stuff in it. And so that way you don't you potentially don't get attacked by macaroons.
We've got our worm, sees her self replicating so they don't need a host, and then their self propagating so they spread themselves. Want to cry is a good example of self propagation,
as are many other things out there. This many, like code Red was the old one back in the day. Self propagating is the key point to take away for worms again. For this course, you don't need to really know any of this stuff. I just want to hit it at a high level. And the whole overarching thing, for the most part with worms is that
they eat up. Resource is so if I wanted to, you know, attack your company, for example and I threw a worm out there,
it could potentially eat up all the resources of your company and cause you basically cause a denial of service type of attack.
We've got Trojans. This one, this'll one's kind of like Think of this one. Kind of like a jelly doughnut. So think of a trophy like a jelly donut. Right? So, like, let's say I hand you a donut, and I don't tell you that. I don't tell you like the flavoring in it, right? And you don't know that there's a filling in it. You just know I've got a donut from Ken, right?
That's a Trojan. You know, the the donut is not unless you're on a diet and I'm trying to you know, thwart your diet efforts. But otherwise it's not a malicious intent, right? I'm just giving you a donut. A Trojan itself has a malicious intent. It's, you know, something hidden inside of something else, right? So the Trojan is usually attached inside of some software that's legit
on. And then we, Donald the Trojan
we you know, So this might be a game or something like that that we download on her phone. And then now, now the Attackers got a Trojan on her phone or a remote Access Trojan, and they can do callbacks in that sort of stuff and get our data from our phone.
The other example here that most people are probably familiar with is the Trojan story from the city of Troy, the Trojan War, whatever. We're basically they took that big Trojan horse and they hid soldiers inside of it and said, Oh, yeah, here's a gift. We don't want to fight anymore. And they and they let let the big horse inside of the city walls.
And then when it became night time or whatever, I mean, you could look up the story, read about it
when it became night time. Here came all the soldiers out of this hidden, you know, out of this hidden compartment in the horse. And they took over the city. Um, I'd like to donut idea better. That's just, you know, like, who doesn't really like donuts out there or hasn't had a donut or doesn't want to donate right now? Because I'm talking about It s like that example better.
And there's some common port center and use. But again, criminal hackers will
constantly change the port they're using. So that way you can't really, you know, tell what it is. And in many, many cases, they actually come through on legit ports like 4 43 for https. So we can't really tell what's going on with with the software that's coming through or the application that's coming through.
So, delivery, how can we get this right? But how can we get it? I'm advertising. So if you go to like some popular websites, what Attackers were doing Actually, this occurred, I think, a couple years back, I mean it still, it still occurs, and I actually was was a victim of this artist when I was reading article maybe of Forbes or something. like that I forget.
But as I was reading the article, there was a drive by attack through Malbert Rising.
It started downloading a pdf malicious pdf file. Execute herbal on my machine and forcing me, Of course, I was inside of a virtual machine. You know, of course, I was running Mauer bites as well, so it blocked all that stuff from actually executing. But that's that's, um, advertising attack. You just go to a regular Web site that you're looking at.
They've got advertising there,
and some of that advertising is it was purchased by criminal Attackers, and they've gone ahead and modified it and using that to download malicious software on victim machines.
We've also got fishing that will kind of peek out in just a little bit here, Um,
where you know, an attacker is using an email or something like that, and that's more common like in health care. Well, actually is common across the board, but that's amore common attack in healthcare. We got us be attack, you know? So if I drop a bunch of us beach US bees in the parking lot and really, really successful way to do this is like attached some like keys to it.
So people think it's like some of these keys.
Um, but in any event, you pick up that USB as a victim, you go plugging in your computer at work, and you're like, Oh, funny cat video. Let me watch this. But meanwhile, you don't realize that I'm downloading malware on your computer and I'm taking over stuff. And then, of course, insider threat can just download you know, any malware? So this is like, you're you know, you're, you know,
aggravated employee. You know, they're upset with the company of whatever the case might be.
They download malicious software on their work computer to try to, you know, cause harm to the company
arts lesson. As I mentioned, let's jump into a quick example of fishing on this one explained that one a little better, since it is more of ah, applicable thing for health care.
All right, so we just learned about viruses forms in Trojans, and then I mentioned that
many of these can be received by a phishing attack. So you click on a certain phishing email. You may be downloaded documented. Open the document which will actually show you in the next video with the ransomware example. Uh, basically, you do some kind of action, and all of a sudden, oops. You know, my computer's locked up or whatever the case might be.
Now, what is fishing, right? Well, most of us know fishing, like in the lake or, you know, in the ocean or something. Like Dad, this type of fishing is a similar type of thought process. So basically, the attacker is, you know, putting out some kind of a line. Right? So here's our friendly attacker over here, ready to steal your data. And I'm sure you love my artwork,
but here they are with their magical fishing pole, and they're dropping a line over to you. They got some kind of bait here, right?
So that might be a document or something. We'll just put you over here. Here you are. And if that doesn't look like you, My apologies. But close enough, right? All right. So here's our attacker.
Our attacker put some kind of bait out there. That might be just an email. Ah, phishing emails. You know, trying to trick us like, Hey, this is your bank. Um, you know, and and You know, if you want to get your accounts unlocked, you need toe, you know, do this actions. You get that money, right? We want to get that money.
It might also be one of the most common scams out there. Fishing emails is basically the long loss Nigerian prince. That's your relative, right? Hey, you know you've won the are like the lottery scam. Like, Oh, you've won $10 million. I just need you to send me, you know, $5000 to be able to process it, right? Like,
yeah, sure. Let me do that. People still fall for that,
surprisingly enough. Anyways,
you're the Nigerian prince. You know, that's your long lost relative. And, hey, I just need you to send me $10,000 I could send over your inheritance again. People still fall for that one. But the more common thing that you'll see, health care related is going to be a phishing email. It might be something like, Hey, I've got this invoice.
Can you download the invoice? Here's the invoice you're waiting on. Can you download that and do something with it? And you're like, yes, you know, a big wife er yes, they're right. I want to do that. Don't do that. Unless you actually trust the source and you verify the source. A good thing to do with the phishing email, or if you suspect it might be a phishing emails. Just call the person. Hey, did you send me this email?
A lot of times, I think. No, I didn't. You know what you talking about?
Or they may say, Yes, I did. And be like, Well, can you just verify that like you did send an invoice with it? Because sometimes an attacker could spoof it or, you know, take control the session there to control the email and add an attachment to it.
So basically, just verify the source of it. Make sure it's the correct source. We're not gonna dive into like email headers on this course at all. But you could basically look at email headers or even just call your I t department. If you're not a geeky person and just have them take a look at stuff for you, make sure it looks legit. I'll give an example from real life that that I experienced well, I didn't actually fall for it.
but a phishing email went out to, uh, many people in the organization,
and, um,
it was said it was from HR and was basically, you know, crafted from the HR person on and saying like, Hey, you know, can you open this attach spreadsheet and enter in your user name and password? We just need that.
I forget exactly what it was saying. It needed it for it immediately. I was like, Yeah, right. I'm not doing that. Um, and I I, uh I got that time I was working with, um, some field Cecil field nurses and stuff, and I basically, you know, I contacted all them. So, hey, if you get an email like this, don't open it, don't don't interact with it, don't download the file.
And then, um
uh what, uh
What happened, though, is that there was some executives that, you know, like one of those executives was actually an advocate for security. He was always talking about security on again. I'm not gonna tell you any, you know, like, really detailed information, cause I don't want to give stuff away on the particular company, but
he was always like talking about security and how he knew so much about security and all this. You know, all this stuff and he actually entered in his username and password in that
in that document, Because when I contacted on, of course, I contacted the general I t a help desk on, then Also, I contacted the HR person was like, Did you send this out? And she's like, No, and I t was like, Yeah, let's you know, Yeah, you're you're right. That's a phishing email and, you know, and come to find out he had actually introduce this using your password. Anyways, I found that funny
that, like somebody that was such an advocate for security and such, you know, all they knew everything about security,
um, that they
were putting their username and password in some random document, like, you know, so So that being said, I'll just give a life lesson here or, you know, work lesson.
You will net. You should never, ever get a request via email to give your user name of password. That's not a normal request. So if you're out there and you've got an email you're looking at right now in your inbox and it's saying Hey, we just need your using a password. Hey, it's you know, Joey and I t
or it's Susie and HR
never provide that information to somebody via email. Just call a person and just verify they actually need it. Do not call them at the number in the email. I want to stress that because a lot of times Attackers will put that information in the e mails like, Oh, yeah, I just call this number. And of course, we're gonna answer and say, Yeah, Suzy, Right, Yeah, yeah, I'm in hr.
Call the number you have for HR call somebody in HR that, You know, we're just call the H R number
and ask for that person on say like, Hey, look, you know, they're not available. Tell the person on the phone like, Hey, look, I got this email from them,
and it doesn't seem legit, So that way, if they're in a meeting or something like that, that person can just go ask him. Hey, you know, are you are you sending out e mails or whatever they could say yes or no right there so that we could get some traction on that, um,
the other type of thing. You know, I mentioned documents a lot because that's actually where in what? We'll see here in just a little bit the next video. But that's what what will see as the most common type of phishing attack now there is also it's called a fishing. You know, we're really creative in our naming, basically voice
fishing. So over the telephone, right, So you might get a call like, Hey, it's the help desk.
I just need you to, you know, change this network configuration sitting. I just need you to change the setting. I just need to you to give me your verify your user name or password or whatever.
Don't fall for that either. Like your
You should not have your i t helped ask ever calling you asking for your user name or password because
they could just change it on their end, right? They've got administrative access. They can just change it if they need to. Um and they may call you like, Hey, I need to I need to do this or that on your computer. You know, can I log in remotely like they're not gonna call you and ask for using a password. Now, getting into that part of it with the log in remotely, uh,
make sure that it's actually them, right. Make sure it's not just an attacker like Oh, yeah? Can you
give me your I p address or whatever, Right. So just be my fault. Like, if something doesn't seem right,
just, you know, speak up. Say something, right? The FBI or Homeland Security? They have things, you know, where they basically all the time. Say, if you see something, say something exact same thing here for protection. It gets fishing and malware tax. If you see something. If something doesn't seem right,
speak up about it. Don't be shy about it. If your boss was terrible than just call the FBI. But, like, I've got this, I don't know if it's what I should do with it,
and you know they'll be able to tell you they'll be like, Yeah, you shouldn't click on that or whatever. Right. Um,
so you know, but But in your organization, try to keep it that way inside the organization and talk with him like that.
All right, so we're gonna wrap up this video just talking about the breach notification rules, So we'll take a look back at the Power Point slide and finish that out. And then, as I mentioned, I've got some examples of attacks for you, so you could take a look in the in the next video.
So hopeful you understand phishing attacks a little better now. And hopefully you are not going to be that person that enters in their user name and password in just a random document from supposedly an HR person. So again, just if it doesn't feel right, just tell somebody, right? Just just call someone. Tell someone there's no there's no
there's nobody. Nobody should be coming down on you for reporting it.
It really should be embraced. Even if your organization doesn't necessarily embrace security so much, you could always call, you know, FBI or someone like that, and just say, Hey, look, I just want to make sure this this seems right. So never be embarrassed off that. Just make sure you report things. If it doesn't look right again, just go ahead and report it
are. So let's talk about the hip. A breach notification rule. So what is a breach, right? Well, basically according a H H s, it's It's gonna be any type of impermissible use for disclosure under the privacy rule. Eso basically surrounding the ph I. Right? So the security or privacy of your pH I
it's kind of automatically assumed to be a breach unless you know the covered entity or the business associate can actually demonstrate that the low probability that the Ph I has been actually compromise, you know? So in an example of, like getting the laptop stolen, like if if they can prove that they were using full disk encryption. Plus
we went ahead and said in the race command. So as soon as the laptop's turned on,
you know, or something and it connects to the Internet, somehow it's gonna erase all the data on it or whatever the case might be. So unless they can, you know, kind of prove stuff like that is considered a breach.
So with breaches, we've got kind of different levels of noticably notification that the covered entity must do S O. Obviously, most of us could have assumed that the individual rights, So if if you lose my data or if my data is breached from your organization, you would contact me as an individual. Some capacity is a hey,
you know your your information was stolen.
Now there's some stipulations on that that the covered entity has to do so as an example, they have to send it to your first class mail or V E mail, if only if the individual so basically, the patient house agreed to receive that type of notice. Elektronik Lee.
Now, if they've got sufficient or on a date information so they send mail to unit comes back return to sender.
Um, what they have to do that is basically posted notice. You know, they could do it in several different ways. It could post it on their website home page for at least 90 days. That can also print it in like some kind of major media outlet and the individuals local area. That one probably gets too costly, so they normally do it just on their Web page.
And what they also have to do is include a toll free number that, you know, like myself, is a patient could call
that remains active for at least 90 days were you know, I can call in and learn more information and find out if I'm actually involved were part of that particular breach
Now with ah,
if there's like less less than 10 people. So like if it's a small doctor's office and there's less than 10 people affected, they may also
provide, you know, a substitute written notice, you know, by some type of alternative form, you know, So it might be a written notice, telephone or some other types of means that they deem appropriate.
and basically the stipulation on the notification you know, this from a general standpoint, is that it has to be provided with no unreasonable delay. So if they're dragging their feet on purpose, they can't do so, s so it's gonna be basically no later than 60 days
after, you know, after they discovered that the breach is occurring. Eso again. This is regarding health organization. So you know all those you know, like when Equifax lost your data? Are, you know, like Marriott or something like that on? They took forever to report it. They're not, you know, covered necessarily under Hitler because they're not health care or organizations. They're not business entities or anything like that.
Regarding media notice S o The covered entities, you know, have to If there's if there's more than 500 residents in a particular state or a particular jurisdiction that are affected, what they have to do, they have to basically notify prominent media outlets that are serving that particular area. So that jurisdiction or that state,
you know, so like your local news out later, whatever they have to say, Hey, you know,
Mary out lost your data or whatever the case might be
and that same same with, like the individual notification that has to occur within 60 days. So just be mindful of that. There are stipulations on that. And then also, they have to notify the secretary of HHS secretary without unreasonable delay again. Basically, if that affects 500 or more individuals, just like with the media outlet,
they have to go ahead and notify within writing and same timeline there within 60 days. They have to make sure they do that.
and then we fought course you notification by a business associate that after, you know, follow, you know, adhere to all that same stuff after it. Just make sure that they provide the covered entity with you. No identification of each individual that's affected on then the covered entity actually does the notification.
And so that's kind of, you know, the short version of the breach notification rules. You just understand that if it's at a certain level, so if, like, they just lose, like my data and that's it, then they just notify me to see individual. If they lose 500 or more individuals information where they suspect that they have lost 500 more individuals,
then they have to go ahead and also notify
a media outlet in that local area, local jurisdiction, as well as notify the secretary of the breach. So just keep those things in mind if you're wondering, like, should I notify on this breach? Your organization should actually outline this that stuff in some documentation, but you just want to be my full of it as well.
So a quick post assessment question here, David Sasaki, analyst, And if you don't know what that is, don't worry about that. Your focus here is the actual question itself, So he's a stock analyst. He suspects the machine on the network is infected with worm. With this knowledge of worms. What's his first action? So what's the best first action here?
All right, so the answer is C. So if you didn't, if you didn't know that if you're not techie at all, that's totally fine. The answer is to isolate the machine. We just basically one isolate whatever is going on on. And then we would probably do some of these other steps as well. But we just want to isolate this machine is a certain first step.
All right, so in this video, we just wrapped up our discussion on cyber attacks. We talked about the different forms again. This was a very, very high level type of video, just kind of walking you through some components. In the next video, as I mentioned, we're gonna show you a couple examples of ransomware. She can kind of understand how that works and some of the things you need to look out for, and then we'll move right into Module two
Up Next