WIXLIB

MALWAREThe malware (malicious software) is an application or script intentionally designed to causedamage to data, computers or networks.The main types of malware: Viruses: replicate themselves by modifying other computer programs and inserting their own code.Trojans: give the impression of doing legitimate operations, when they actually try to explore the systemvulnerabilities and to allow cybercriminals to illegally access the system.Worms: apps with destructive effects infecting the computer system and propagating through the Internet.Ransomware: encrypt or block the access to the files and ask for a ransom in order to remove the restriction.Cryptominers: use computer resources to mine cryptocurrencies for cybercriminals.Adware: transmit aggressively advertisement to the user.Spyware: capture various information about the user's activity on the Internet.Rogueware: mislead users to pay for removing false infections detected in the operating system.HOW TO PROTECTINSTALL AN ANTIVIRUS SOLUTION todetect and remove the malware in real time.BACKUP YOUR DATA to restore it in case ofa successful infection with malware.INSTALL A FIREWALL APPLICATION toinspect the traffic from websites, e-mailsand applications.USE ADVANCED TOOLS, for malwaredetection and mitigation, like IntrusionDetection and Prevention Systems (IDPS).UPDATE THE OPERATING SYSTEMS ANDTHE APPLICATIONS to patch the existentvulnerabilities.MONITOR THE LOGS using SecurityIncident and Event Management (SIEM)solution.DISABLE AUTOMATIC EXECUTION OFCODE ON WEBSITES to prevent theinstallation of file-less malware.USE SECURITY POLICIES that specify thesteps to be followed in case of infection.USE E-MAIL FILTERING to recognize anddetect the malicious emails andattachments.AVOID USING ADMIN ACCOUNTS toprevent malware to have administratorprivileges.REDUCE ACCESS TO POWERSHELLfunctions, to limit the malware to executemalicious code into the console.REPORT THE SECURITY INCIDENTS to theNational Computer Security IncidentResponse Team.CYBERSECURITY GUIDE, ISBN: 978-973-0-33645-0, DOI: 10.19107/CYBERSEC.2021.EN7

E-MAIL BASED ATTACKSThis types of attacks usually appear to be sent from a reputable source, with the intention ofpersuading the user to open a malicious attachment or follow a fraudulent URL. Although themechanisms of e-mail based attacks vary, the objective is almost always the same: steal moneyor data.Types of e-mail attacks: E-mail bombing: repeatedly sending an e-mail with large files attached, to a specific e-mail address. This attackleads to available space filling on the server, making your email account inaccessible.E-mail spoofing: sending e-mails with the sender's address modified. This attack is used to hide the real identityof the sender to find out confidential details or the data needed to access an account.E-mail spamming: sending unsolicited e-mails with commercial content. The purpose of these attacks is toattract the e-mails recipients to access some websites and buy more or less legitimate products or services.E-mail phishing: sending messages to determine the recipients of e-mails to provide information on bankaccounts, credit cards, passwords, or other personal details.HOW TO PROTECTDISABLE AUTOMATIC EXECUTION OFCODE, macros, rendering of graphics andpreloading mailed links at the e-mailclients.USE E-MAIL SECURITY SOLUTIONS likeanti-spam filters, malware scanners andURL analyzers to identify phishingwebsites in real-time.KEEP YOUR MAIL CLIENT, OPERATINGSYSTEM AND WEB BROWSER UPDATEDAND PATCHED. When the updatenotifications appear, install the updates assoon as they are available.USE SECURE E-MAIL COMMUNICATIONWITHDIGITALSIGNATURESORENCRYPTION when exchanging sensitiveinformation.DO NOT CLICK ON LINKS OR DOWNLOADATTACHMENTS if you are not absolutelyconfident about the source of the e-mail.USE TWO-FACTOR AUTHENTICATION toprotect your accounts. If is implementedyou should use, to prevent taking controlof your account.USE COMPLEX, STRONG AND UNIQUEPASSWORDS for every online service. Reusing the same password for variousservices is a serious security issue andshould be avoided at all times.DOUBLE-CHECK THE BANK RECIPIENT’SINFORMATION THROUGH A DIFFERENTCHANNEL, when wiring money to anaccount.CYBERSECURITY GUIDE, ISBN: 978-973-0-33645-0, DOI: 10.19107/CYBERSEC.2021.EN8

WEB-BASED ATTACKSThese types of attacks are methods by which cybercriminals can delude victims using websystems and services as threat vectors. This covers a vast attack surface, like creating maliciousURLs to redirect the users to the other website, downloading malware or injecting maliciouscode into a website for stealing information.Types of web-based attacks: Drive-By Downloads - downloads malicious contents to the victim’s device. In this type of attack, the end-uservisits a legitimate website compromised by cybercriminals with malicious scripts for running browser-basedexploits or redirecting the user to another infected website.Watering Hole Attacks - targeted attacks using exploit kits with stealth features. A malicious actor is interestedin compromising a specific group of users by using exploits or malicious content injected into the website.Formjacking - attackers inject malicious code into legitimate website’s payment forms. This attack mostlycaptures banking and other Personal Identifiable Information (PII) and the malicious script will simultaneouslyforward the data to the portal and to the cybercriminals.Malicious URL - links created with the intention of distributing malware or facilitating a scam. The processinvolves socially engineering the victims’ information to persuade them to click on the malicious URL, whichdelivers the malware and compromises the victims’ computer.HOW TO PROTECTUPDATE THE SOFTWAREUSE A PROACTIVE APPROACH (SERVERSAND SERVICES)Get the latest operating system, Internetbrowsers, application patches, plugins andadd-ons and keep them updated andpatched against known vulnerabilities.Control the version of the content scriptsas well as scanning locally hosted files andscripts.ENDPOINT PROTECTION SOFTWARERESTRICT THE WEB-BASED CONTENTUse Heuristic File Protection Intrusion andPrevention System for a disk behavioralmonitoring.Use tools such as ad blockers for limitingthe possibility of executing maliciouscodes while visiting specific websites.APPLICATION WHITELISTINGMONITOR AND FILTERIsolate the applications and create asandbox to reduce the risk of drive-bycompromise attacks.Monitor and filter the web content andemails for detecting and preventing thedelivery of harmful URLs and files.CYBERSECURITY GUIDE, ISBN: 978-973-0-33645-0, DOI: 10.19107/CYBERSEC.2021.EN9

DoS AND DDoS ATTACKSA Denial-of-Service (DoS) or a Distributed Denial-of-Service (DDoS) attacks represent maliciousattempts to disrupt the normal traffic of a targeted server, service or network by overwhelmingthe target or its surrounding infrastructure with a flood of Internet traffic.Types of DoS and DDoS attacks: Volume Based Attacks - the attack’s goal is to saturate the bandwidth of the attacked website. (UDP floods,ICMP floods, and other spoofed-packet floods).Protocol Attacks - this type of attack consumes actual server resources, or those of intermediatecommunication equipment, such as firewalls and load balancers. (SYN floods, fragmented packet attacks, Pingof Death, Smurf DDoS and more).Application Layer Attacks - comprised of seemingly legitimate and innocent requests, the goal of these attacksis to crash the web server. (low-and-slow attacks, GET/POST floods, attacks that target Apache, Windows orOpenBSD vulnerabilities and more).HOW TO PROTECTUNDERSTAND YOUR SERVICEPREPARE THE SERVICE PROVIDERSUnderstand the points where resourcescan be exhausted and who is responsiblefor them.Ensure your service providers areprepared to deal with overloading of theirresources and protect your service.RESPONSE PLANMONITOR AND TESTHave a Denial of Service response plan inplace that includes graceful degradation ofyour service.Monitor for Denial of Service attacks andtest your ability to respond.UNDERSTAND THE WARNING SIGNSREDUCE ATTACK SURFACE AREAMinimize the surface area that can beattacked thereby limiting the options forattackers. Do not expose the resources toports, protocols, or applications fromwhere they do not expect anycommunication.Some symptoms of a DDoS attack includenetwork slowdown, spotty connectivityon a company intranet, or intermittentwebsite shutdowns. If a lack ofperformance seems to be prolonged ormore severe than usual, the networklikely is experiencing a DDoS attack.CYBERSECURITY GUIDE, ISBN: 978-973-0-33645-0, DOI: 10.19107/CYBERSEC.2021.EN10

WEB APPLICATION ATTACKSThe web application attacks range from targeted database manipulation to large-scale networkdisruption. These attacks can exfiltrate critical or personal information and make reputationaldamage.Types of web-application attacks: Cross-site scripting (XSS) - upload a piece of malicious script code into the website for stealing data or performother kinds of mischief.SQL Injection (SQLi) - submit destructive code into an input form. If the systems fail to clean this information,it can be submitted into the database where it can change, delete, or reveal data to the attacker.Path traversal - improper protection of data that has been inserted, these web server attacks involve injectingpatterns into the webserver hierarchy that is allowed to obtain user credentials, databases, configuration filesand other information stored on hard drives.Local File Inclusion - attack technique that involves forcing the web application to execute a file locatedelsewhere on the system.HOW TO PROTECTUSE INPUT VALIDATION AND ISOLATIONTECHNIQUES for injection type attacks.USE AUTHORIZATION LEVELS ANDSTRICT AUTHENTICATION MECHANISMSto prevent breaches.DEPLOY TRAFFIC AND BANDWIDTHMANAGEMENT CAPABILITIES and restrictaccess to inbound traffic for requiredservices only.SECURE DEVELOPMENT by applyingsecurity procedures in the applicationdevelopment and maintenance life cycle.SCAN THE APPLICATION to discover anyvulnerabilities and patch them as quicklyas possible.ENFORCE A GOOD PATCH MANAGEMENTAND TESTING PROCESSES for the webapplications.PERFORM VULNERABILITY AND RISKASSESSMENTS before and during theprocess of web application development.IMPLEMENT AN INVENTORY of the APIsused and validate them against perimeterscans discovery and encrypt the APIs’connection and communication.INSTALL WEB APPLICATION FIREWALLSto control the access to web applicationsusing rules designed to recognize andrestrict suspicious activity.CYBERSECURITY GUIDE, ISBN: 978-973-0-33645-0, DOI: 10.19107/CYBERSEC.2021.EN11

SOCIAL MEDIA SCAMSSocial media scams represent a criminal activity designed to trick someone through the use ofsocial media platforms out of money or personal details, such as email addresses, passwords andbirth dates.HOW TO PROTECTPROTECT YOUR INFORMATIONAVOID FREE APP DOWNLOADSAvoid sharing details on social media thatcould enable someone to impersonate youand consider setting your profile to private.Verify the source of the apps that ask foryour social media personal information.Avoid third party app stores.VERIFY REQUESTVerify any request that comes in fromfriends or acquaintances before you actupon it. Contact that person directly toensure you are not being scammed.BE AWARE OF CLICKBAITSECURE YOUR ACCOUNTSAVOID OVERSHARINGMost people overshare. If in doubt, do notpost. Oversharing can give criminals theinformation they need to social engineeryou into falling prey to other scams.Create strong and unique password for allyour online accounts. Don’t use any type ofpersonal details in your password.TAKE CARE ON PUBLIC WI-FIAvoid using apps with sensitiveinformation while using public WI-FIconnections.TREAT LINKS WITH SUSPICIONMake sure you look closely at the URLbefore you log in to any social networkingsite. Be wary of shortened links.REFRAIN FROM TAKING A QUIZRefrain yourself from taking social mediacatchy quizzes. Even if the quiz islegitimate, personal information is stillbeing gathered.Be aware of post that attract attention,whether claiming that gives out gift cards,wins in a lottery or some breaking celebritynews or photos.NEVER DOWNLOAD AN UNEXPECTEDDOCUMENT ATTACHMENTDon’t download an unexpected legitimatelooking document attached to a messagethat can download malware to your deviceand can steal personal information.GUARD AGAINST FAKE LIVE STREAM ANDMOVIE OFFERSAvoid clicking on fake live streams ormovies, that often go to websites thatdistribute malware, or request a credit cardfor a free trial.CYBERSECURITY GUIDE, ISBN: 978-973-0-33645-0, DOI: 10.19107/CYBERSEC.2021.EN12

SECURITY OF ONLINE TRANSACTIONSOnline transactions present a certain risk level regarding the undermining of personal data, butthere are some methods that can limit this risk, using proper prevention means.Types of attacks: E-Skimming attacks target traders who accept online payments, by changing the source code of online shops,managing this way to obtain in real time the access to clients’ credentials.Card-Not-Present (CNP) fraud is a scam where the attackers attempt to make fraudulent transactions whilenot possessing the physical card.HOW TO PROTECTCHECK ONLINE SHOPS AND SELLERS toensure that they are legitimate. A new ecommerce website can be a sign relatedto a possible fraud attempt.CHECK FOR THE TRADER’S WEBSITE TOBE SECURED – use websites that benefitof both a digital certificate and aconnection of https type (on the left ofURL address you should be able to see asmall locker).AVOID INTRODUCING THE DATA FROMYOUR CREDIT-CARD ON THE WEBSITE.There are numerous websites wherethere are required the data of the creditcard for authentication, and once thosecredentials obtained they can be usedlater for unauthorized transactions.GET INFORMED RELATED TO YOURRIGHTS when you choose to purchaseonline goods and services and check therefund procedure.TRY TO MAKE ONLINE PAYMENTS USINGVIRTUAL CARDS that you can recharge onlywith the minimum amounts of money thatyou need for the transactions and that can beeasily replaced in case they werecompromised or try to use alternativesystems of e-money, such as Paypal.SOME SHOPS OF ONLINE TRADING OFFERTO THEIR CLIENTS THE POSSIBILITY TOSTORE ONLINE THE DATA of their creditcards in order to facilitate the transactions.Carefully examine those situations and therisks that those websites of sellers to becompromised and this way to get access theaccess to your data.NOTIFY AS SOON AS POSSIBLE THECOMPETENT AUTHORITIES, if you consideryou have been the victim of a fraud,BE VIGILANT! If an offer is too good to betrue, maybe it is a false one!CYBERSECURITY GUIDE, ISBN: 978-973-0-33645-0, DOI: 10.19107/CYBERSEC.2021.EN13

SECURITY OF DEBIT / CREDIT CARDFollowing some phone calls or some phishing campaigns via e-mail, the cyber criminals can askyou, under different reasons, the data of your credit card. The issuing financial institution or lawauthorities will never ask for these authentication data, therefore, if you already provided thisdata to another person, you have to immediately contact the bank in order to block the card.HOW TO PROTECTTAKE CARE OF YOUR CREDIT CARD asyou take of your cash.BE CAREFUL OF THE PIN CODE AND DONOT KEEP IT INSCRIBED IN YOURWALLET NEXT TO YOUR BANK CARDAvoid being seen by others when enteringyour PIN at the ATM / POS. Do not giveyour card PIN to another person.KEEP THE CARD IN YOUR POSSESSION,don’t share it and avoid leaving it in thecar, on the restaurant table or in otherpublic places.SET MAXIMUM LIMITS ON ATMPURCHASES OR WITHDRAWALS to suityour needs and change these limits whennecessary.WHEN YOU HAVE SUSPICIONS, check theofficial website of the bank or call the cardissuing institution.AVOID USING THE ATM IF YOU HAVE ANYSUSPICIONS - check the ATM in advancebeforemakingwithdrawalsortransactions.AVOID SENDING THE CARD'S AUTHENTICATION DATA by e-mail or other means ofcommunication.DON'T FORGET TO PICK UP THE CARDafter collecting the money from the ATM.DO NOT REPLY TO INCOMING SMSMESSAGES ASKING FOR YOUR PIN CODE,data written on the card or otherauthentication elements such as onlinebanking data.EMERGENCY TELEPHONE NUMBER. It isrecommended that you have the bank'stelephone number handy so that you cancall and request a card lock when there areindications that the card data has beencompromised or that you have lost yourcard or stolen it.CYBERSECURITY GUIDE, ISBN: 978-973-0-33645-0, DOI: 10.19107/CYBERSEC.2021.EN14

IDENTITY THEFTIdentity theft or identify fraud is the illicit use of a victim’s Personal Identifiable Information(PII) by an impostor to impersonate that person and gain a financial advantage and otherbenefits.Types of techniques: SIM-Swapping identities - this technique targets cryptocurrency holders and high-profile individualsor accounts with the intention of stealing the victim’s identity.Digital doppelgangers - the anti-fraud technique ‘digital masks’ was exposed when stolen digitalidentities appeared as a trading product on the darknet marketplaces.Business e-mail compromise (BEC) - the attackers impersonate a trusted individual, usually withinthe company, and the victim is tricked into making a financial transaction or divulging sensitiveinformation, personal or corporate.HOW TO OWSER. If one is needed, use anoffline protected password manager.ENFORCE THE USE OF PASSWORDPROTECTED DEVICES, ensuring goodquality of credentials, and securemethods for their storage.MULTI-FACTOR AUTHENTICATION IS ASECURITY MEASURE to overcomepassword hacking or loss and to ensurethe success of the authentication processwith multiple keys.PAY CLOSE ATTENTION WHEN USINGPUBLIC WI-FI NETWORKS. If one is used,avoid accessing sensitive applicationsand data. Use a trusted VPN service toconnect to public Wi-Fi networks.AUTHENTICATE ANY SENDER OF AREQUEST to transfer money bytelephone or in person.ENSUREGOODQUALITYOFCREDENTIALS AND SECURE METHODSfor their storage in all used media.ADEQUATELY PROTECT ALL IDENTITYDO

Enhance Cyber Capacity Building in Romania for Preventing and Combating the Cybercrime Phenomenon PURPOSE OF THE PROGRAM: The program goal is to strengthen the cyber capacity in Romania by raising cybersecurity awareness and improve the skills of criminal justice authorities and private sector in fighting cybercrime. U.S. Embassy in Romania