Hacker

Hackers come in all shapes and sizes. From kids trying to gain infamy on the Internet to political groups trying to send a message, the motives for a cyber-attack vary widely. The term “hacker” carries a rather negative connotation for most people. Gone are the days where we view hackers as the iconic nerds sitting in a shabby basement with ski masks on. Hacking skills have become more and more advanced and in-demand as both companies and countries strive to protect their information software and networks. So how can you protect yourself? It all starts with getting to know your enemy a little better. In this module we profile three different kinds of hackers: the black hat, white hat and grey hat hackers.

In the context of information security, social engineering refers to the psychological manipulation of a person to perform an action or divulge confidential material.  It is a fraudulent means to gather information or access a system and is often one of the many steps taken in a more complex fraud scheme. Social engineering tactics sometimes rely on an individual’s kindness and empathy, as well as their weaknesses, or can be blatantly deceitful and dishonest. This module aims to provide a good understanding of what social engineering is and provides several contexts of where and how it can be detected. It arms the participants with vigilance against social manipulation, whether it be physical or digital.

Phishing is a cyber-attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment. What really distinguishes phishing is the form the message takes: the attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company that the victim might do business with. It is the most widespread and malicious, with phishing messages and techniques becoming increasingly sophisticated. This module trains the participants to spot techniques used by hackers and to guide them to do several procedural checks before opening links or attachments.

Pharming attacks are typically widespread, where a hacker sends the same email to a multitude of recipients and waits to see which recipients take the bait.) Spear phishing attacks are onslaughts that are cleverly researched and that target an individuals’ weaknesses or Achilles heel (so to speak). With the advent of social media, people’s interests are publicly available to everyone for consumption. This makes the hacker’s task extremely easy when engineering a crafty spear-phishing attack. Whaling is a specific form of phishing that’s targeted at high-profile business executives, manager, and the like. It’s different from ordinary phishing in that with whaling, the emails or web pages serving the scam take on a more official or serious look and are usually targeting someone in particular. Examples of each attack are thoroughly explained in this module.

The greatest risk that individuals pose to organisations, is falling prey to ransomware attacks. These can be executed by hackers, physically or via attachments by email. Hackers will typically leave USB sticks, containing a few viral executable files, lying around the organisation. Once launched and executed, the virus takes all the system files and encrypts them to the point that they are no longer recognizable. The hacker then requests payment in a currency (bitcoins) to receive a code to restore the files.  This module explains the travesties that many organisations have suffered by falling victim to this kind of social engineering attack and also provides advice on how to protect against it.

Paying attention to physical security is extremely important in keeping your organisation secure. This module covers topics such as a clean board and desk policy, dumpster diving and upholding physical security controls within the organisation.

With the plethora of digital devices at our disposal, we are all exposed to cyber-crime in our own personal capacity. This module educates the participants on how to manage their devices, keep them updated with security patches and provides a basic understanding of the problems that may arise due to installation of unauthorised software, amongst many other items to protect themselves against.