Theme 3

Cybersecurity

Global definition

Cybersecurity refers to the practice of protecting systems, networks, and data from digital attacks, unauthorized access, and damage. It involves implementing technologies, processes, and policies to safeguard sensitive information and ensure the integrity, confidentiality, and availability of resources. Cybersecurity encompasses various disciplines, including network security, application security, information security, and operational security, along with user education and response planning.

With the increasing reliance on digital infrastructure, cybersecurity plays a critical role in defending against threats such as hacking, phishing, malware, ransomware, and data breaches. It requires constant vigilance, innovation, and adaptation to combat evolving cyber threats and secure both individual users and organizations.

Real world cyber attack

In this section we will focus on a real worldwide attack that took place in june 2017 called NotPetya. Obviously, there have been many more attacks in the last few years but this one is interesting as it spread worldwide in a matter of hours and is still considered one of the most devastating cyberattacks in history.

1. The NotPetya attacks disguised itself as a ransomware but was in reality a wiper. What are these two types of malware, how do they operate and what are the differences between them ?

2. NotPetya targeted Microsoft operating system from Windows XP to Windows 10 at the time. To do so, it used an exploit called EternalBlue that target a vulnerability in Microsoft’s OS . What is a vulnerability ? What is an exploit ? Why is this exploit particularly interesting (where does it come from) ?

3. The attack first started in Ukraine. What was the first compromised system ? (Optional: What is the name of this kind of attack ?)

4. The attack has spread all around the world, what were the damages ? Which companies were affected and how much did it cost to them.

5. Even if the attack is not a real ransomware per se, these are the most popular among cybercriminals today, do you know about more recent ransomware attacks ? Optional: Have you ever been infected by this kind of malware ? Do you know other types of attacks ?

6. What are the security tips that you want to give to your fellow students ? (Optional: What security tips as an engineer designing a system ?)

Documentation

• About the attack

  1. Andy Greenberg The Untold Story of NotPetya, the Most Devastating Cyberattack in History. Wired 2018

  2. Karan Sood and Shaun Hurley NotPetya Technical Analysis - A Triple Threat: File Encryption, MFT Encryption, Credential Theft. Crowdstrike Blog

  3. D. D. A. Nguyen et. al How Fast Does Malware Leveraging EternalBlue Propagate? The case of WannaCry and NotPetya. 2024 IEEE 10th International Conference on Network Softwarization (NetSoft)

• Tools

  1. Benjamin Delpy - Mimikatz Benjamin Delpy’s blog

  2. Dan Goodin NSA-leaking Shadow Brokers just dumped its most damaging release yet. Ars Technica 2017

• Recommendations

  1. ANSSI: guides Guide d’hygiène informatique. retrieved 4 Dec. 2024

  2. ANSSI: intro du cybersecurity Découvrir la cybersécurité. retrieved 4 Dec. 2024

  3. Ève Tourny Cyber sécurité et attaques informatiques: les leçons à tirer de Wanna Cry et Not Petya. retrieved 4 Dec. 2024

• General Cyber security intelligence

  1. Blogs
  • Information Website The Hackernews
  • Personal blog Bruce Schneir’s blog
  • Personal blogBrian Krebs blog
  2. Videos
  • BlackHat conference youtube channel BlackHat
  • French Youtuber Micode channel Micode Youtube channel (in French)

Tips for fast & efficient reading

The documentation on offer can be extensive, long and complex. Don’t panic. We can’t hope to have time and expertize to examine each article in detail during the session.

The body of a scientific article is made up of arguments, demonstrations and proofs, which is mandatory for other scientists, but perhaps not for the general public. This is why an Abstract is provided. It gives a general idea of the subject and the findings. That’s enough for a first reading level. (A second reading level will focus on the Introduction and Conclusion sections. And a third will delve into the body of the article.)

Likewise, we don’t have enough time at the moment to watch the video resources in their entirety, although they are certainly of interest. So don’t feel uncomfortable if you’re channel-hopping: watch a few moments at the beginning and end to get the main idea, then move on.

So, organize your reading/watching time to cover the diversity of documents, without trying to go into too much detail in each one.