In this tutorial, we aim to train employees to recognize and handle the common cyber threats they might face in their daily work. It's crucial for employees to be aware of potential threats in order to safeguard sensitive data and maintain the overall security of the organization.
What you will learn:
Prerequisites:
Phishing: This is usually an email that looks like it's from a trusted source, but it's not. The email may contain links or attachments that, when clicked or opened, can install malware on your computer.
Malware: This is a harmful software that can damage your computer or steal your data. It includes viruses, worms, Trojans, ransomware, and spyware.
Man-in-the-Middle (MitM) attacks: These occur when attackers intercept and possibly alter the communication between two parties.
SQL Injection: This is an attack that targets the database through a vulnerable website.
Here are some signs to look out for:
While recognizing cyber threats isn't necessarily a coding task, let's take the SQL injection as an example to understand how it works.
SQL Injection Attack:
SELECT * FROM Users WHERE Username='admin' AND Password='password' OR '1'='1';
In this example, the attacker has used OR '1'='1' to manipulate the SQL query. Since '1'='1' is always true, this will allow them to bypass any password.
In this tutorial, we've covered common cyber threats like phishing, malware, MitM attacks, and SQL injection. We've also discussed how to recognize these threats.
Exercise 1:
Imagine you've received an email from your bank asking you to update your password. The email contains a link to update your password. What would you do?
Solution:
Don't click the link. Instead, navigate to the bank's website directly from your browser and check if there's a need to update your password. This could be a phishing attempt.
Exercise 2:
You notice your computer has become significantly slower and you're seeing unwanted pop-ups. What could be the issue?
Solution:
This could be a sign of malware. You should run a full system scan using a trusted antivirus software.
Exercise 3:
As a developer, how would you prevent SQL injection attacks?
Solution:
Use parameterized queries or prepared statements, which can ensure that the parameters (values) are separate from the command (query). This way, an attacker can't manipulate the query. Here's an example in PHP:
$stmt = $pdo->prepare('SELECT * FROM Users WHERE Username = :username AND Password = :password');
$stmt->execute(['username' => $username, 'password' => $password]);
In this example, :username and :password are parameters, and the values for these parameters are supplied later using an array. Even if an attacker tries to inject SQL, it will not affect the query structure.