Note of training - Digital threats
I have attended a training about Digital threats not long time ago. It is about threats, attacks, and dark sides from internet plus how to protect ourselves from them. This sounds interesting and I would love to share you here.
Know our assets
First of all, we need to know what are our valuable assets. There are any of:
- Identity: social media accounts, real name, etc.
- Personal information: citizen ID, date of birth, etc.
- Financial information: credit card numbers, bank account number, etc.
- Medical information: patient ID, health records, etc.
- Secrets: login passwords, access tokens, etc.
biggest data breaches
- Visualization at https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
- Check our own at https://haveibeenpwned.com/
Threats
There are many sorts of threats happen in the digital worlds. Examples are:
- State-sponsored
- Organized crime groups
- Hacktivists or hackers
- Terrorists
- Malicious insiders
- Script kiddies
- Extremists
- AI
Attack vectors
Many ways to build a method to attack someone, such as:
- Social engineering
- Deepfake
- Weak passwords
- Compromised credentials
- Misconfigured devices
- Software vulnerabilities
Examples of attacks
- Evil links in emails
- Vishing: A phishing VDO. It would be a call to ask credentials, now Deekfake.
- Keylogging
- Backdoor
- Ransomwares. There is Malware Hunter team helping people from ransomwares at https://id-ransomware.malwarehunterteam.com/
Dark webs
96% in the internet world are not found by search engines (refer to this.) Few of it are dark webs. Dark webs are accessible through only certain softwares or configurations.
Risks
- Illegal
- Security identity could be breached
- Financial data leaks
- Psychological effects
Black markets
Black markets is also there in dark webs. These are available in black markets.
- Drugs
- Weapons
- Stolen credit cards
- Fake IDs
Examples of black markets
- Silk road (inspired the movie Silk Road)
- Alphabay
- Hansa
- Welcome to Video
Dark web access
- Tails OS
- Onion mail
- Whonix OS
- Tor browser
Examples of dark web sites
- The Hidden Wiki
- Onion Links
- Lockbit (popular ransomware)
Dark web currencies
- Bitcoin (ten years ago)
- Monero
- Litecoin
- Zcash
books
- The Ransomware Hunting Team
- Pegasus
- Tracers in the dark
- Tor: accessing the deep web and dark web with Tor
Digital self-defence
This is how we can protect when living in digital world.
Encryption
- Secrets + 2FA (2-factor authentication, read more here)
- Backups
- Secure disposal: remove data securely and
- Avoid phishing
- OS and Apps updates
- Public networks: Free Wi-Fi usage with awareness
- Shopping online: secure online transactions on trusted websites
- Prevent malware: not download nor install apps from untrusted sites
Threat modeling
Threat modeling is a digram to assess and communicate our security structures. We can use https://app.diagrams.net to create a simple diagram.
- Use shapes in section “threat modeling”
- Example diagram from lecturer
- A-box is Asset
- C-box is Controls, methods to protect the assets and mitigate the risk
- TA-box is Threat Actor
Below is the link I googled about threat modeling process from OWASP.
Hope this helps and reminds you not to lower your guards down. The threats are around even in the cyber world.