From the course: Cisco Certified CyberOps Associate (200-201) Cert Prep: 1 Security Concepts
Recognizing the complexity of today’s environment
From the course: Cisco Certified CyberOps Associate (200-201) Cert Prep: 1 Security Concepts
Recognizing the complexity of today’s environment
- [Narrator] Today's threat landscape is complex and continues to evolve. Current cyber threats pose a risk to businesses, governments and individuals. Malware is becoming more aggressive. We are experiencing everything from network-based ransomware worms to devastating wiper malware. Malicious actors are designing sophisticated malware that is polymorphic in nature and alludes detection. This behavior makes it even more difficult to combat malware because the signatures are constantly changing. Today a large percentage of global traffic is encrypted. However, this is a two-edged sword. We know that encryption is used to protect our data from prying eyes. However, malicious actors are using encryption to conceal their activity, such as communication with a command and control server and moving through your network in the form of an advanced persistent threat. When cyber criminals use encryption to conceal their activity, it's like hiding in plain sight. Email continues to be an attack vector and malicious actors are doubling down on using email and spam as a way to get into an organization. They are using specially crafted spear phishing attacks that prey on our fears, such as using a current event to lure someone into opening an email. Because of the expansion of the internet of things, this is another attack vector to gain access to an individual, government or business. Many IoT devices are untested and have many vulnerabilities which can lead to an attack such as a burst attack which is a denial of service attack that showers the victim with aggressive amounts of traffic to shut down a service. When we think of network attacks, we can group them into three broad categories reconnaissance, access, or denial of service attacks. Reconnaissance attacks are passive attacks used to gather information, map a network, profiling the host, or searching for vulnerabilities. Access attacks take advantage of vulnerabilities in order to gain access to systems. Access attacks can use any number of different techniques that include man in the middle, spoofing and social engineering. Denial of service attacks overwhelm a target by sending large amounts of traffic with the goal of locking out legitimate users. Most denial of service attacks are distributed and use armies of botnets or zombies to launch the attack. The zombies communicate with the command and control server who issues instructions on when to launch an attack. Evasion methods are common with most attacks as the malicious actor seeks to remain undetected for as long as possible. Evasion methods include using encryption, fileless automation, tunneling, and steganography. Malicious actors are constantly developing new attack methods. As a result, the security specialist must be aware of the latest attack methods as early detection is essential in preventing an advanced persistent threat.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
Recognizing the complexity of today’s environment3m 46s
-
(Locked)
Leveraging threat intelligence5m 13s
-
(Locked)
Hunting threats4m 23s
-
(Locked)
Analyzing malware2m 35s
-
(Locked)
Dissecting malware using reverse engineering6m 40s
-
(Locked)
Detecting anomalies using the sliding window4m 50s
-
(Locked)
Comparing detection methods4m 10s
-
(Locked)
Using five-tuple log analysis4m 48s
-
(Locked)
Monitoring data loss using traffic profiles4m 24s
-
-
-