Self-study|IT|Int|Lesson 4: Cyber security

pic1_SS|IT|Pre-Int|L1

Complete the answers with the given words

Did you know that there is a hacker attack every 39 seconds? What types of attacks do you think they are?

Well, don’t worry if you don’t know how to describe them in English because in today’s lesson we’re going to focus on cyber threats and attacks. So, at the end of this lesson, you’ll be able to differentiate between them and describe them.

Ready? Let’s get started!

pic1_SS|IT|Pre-Int|L1

Do the quiz and find out how much you know about cybersecurity

Match the halves to complete the statements about cybersecurity

pic1_SS|IT|Pre-Int|L1

Read the text and choose a subheading for each paragraph

Before reading the article, study the following words and their definitions:

Glossary

the dark web — the part of the World Wide Web that is only accessible by means of special software, allowing users and website operators to remain anonymous or untraceable
a leak — the origin of secret information that becomes known, or the act of making it known
to expose — to uncover or allow to be seen
ransom — a large amount of money that is demanded in exchange for someone or something
to infiltrate — to secretly join an organization or enter a place in order to find out secret information about it or harm it
to halt — to (cause to) stop moving or doing something or happening

Read the task and explain the difference between the attacks in the text area below. Use the given words and phrases

Explain the difference between the following categories and their purpose. Give examples of recent cases you have faced.

Categories of cyberattacks:

🔹Attacks on confidentiality

🔹Attacks on integrity

🔹Attacks on availability

Wordlist / Useful language

leak
ransom
to sell something on the dark web
to access and release sensitive information
to expose data
to block users from doing something
to infiltrate a network

pic1_SS|IT|Pre-Int|L1

Label the pictures with the word/phrases

pic2|ss|it|pre-Int|L1

Let’s see what you know about different types of cyberattacks shown in the exercise above.

Read the questions and answer them.

Are you familiar with the cyberattacks mentioned above?

How do they differ?

What are their main characteristics?

Use the voice recorder.

pic1_SS|IT|Pre-Int|L1

Scan the text and mark the sentences as True or False

Common types of cyberattacks

Social engineering

It is a type of attack on confidentiality. It is the process of psychologically manipulating people into performing actions or giving away information. Phishing attacks are the most common form of social engineering. Phishing attacks usually come in the form of a deceptive email that tricks the user into giving away personal information. An attack can have devastating results. For individuals, this includes unauthorized purchases, the stealing of funds, or identify theft.

Eavesdropping attack

An eavesdropping breach, also known as snooping or sniffing, is another example of an attack on confidentiality where an individual tries to steal the information that smartphones, computers and other digital devices send or receive. These attacks target weakened transmissions between the client and server that enable the attacker to receive network transmissions. An attacker can install network monitors such as sniffers on a server or computer to perform an eavesdropping attack and intercept data as it is being transmitted.

APTs (Advanced Persistent Threats)

It is a type of attack on integrity, where an unauthorized user infiltrates a network undetected and stays in the network for a long time. The intent of an APT is to steal data and not harm the network. APTs happen most often in sectors with high-value information, such as national defense, manufacturing, and the finance industry.

Malware or malicious software

It is a type of attack on availability. It refers to software that is designed to gain access or damage a computer without the knowledge of the owner. Several common types of malware include spyware, keyloggers, true viruses, and worms.

Good safety tips:

Educate yourself.
Be aware of the information you’re releasing, and be careful when providing personal information.
Make sure you have up-to-date software, anti-virus software and a firewall.
Do not disclose your passwords to anyone, and create long and difficult-to-guess passwords.
Report any suspicious incident to the person in charge of computer-related security.
Avoid clicking on hypertext links in unsolicited emails.

Read the text carefully and complete the key characteristics and purposes of the cyberattacks

Social engineering

Eavesdropping attacks

APTs

Malware

You can read about various cyberattacks in detail 🔗here.

pic1_SS|IT|Pre-Int|L1

Do you know what’s illustrated?

This is the EU’s annual awareness campaign that takes place each October across Europe.

Watch the video and fill in the gaps

pic1_SS|IT|Pre-Int|L1

Match the halves to complete the collocations

Read the task and then choose one cyberattack to talk about. Use the phrases from the exercise above

Imagine that you’ve decided to take part in the Cybersecurity Month by organizing an event in your city in order to help more people learn about network and information security.

Choose one topic you want to focus on and cover the points.

Prepare a speech covering the following points: 🔹Explain what social engineering is and how it works 🔹Explain how and why cyber attackers use it 🔹Provide some safety tips	Prepare a speech covering the following points: 🔹Explain what an eavesdropping attack is and how it works 🔹Explain how and why cyber attackers use it 🔹Provide some safety tips
Prepare a speech covering the following points: 🔹Explain what an advanced persistent threat is and how it works 🔹Explain how and why cyber attackers use it 🔹Provide some safety tips	Prepare a speech covering the following points: 🔹Explain what malicious software is and how it works 🔹Explain how and why cyber attackers use it 🔹Provide some safety tips

Use the voice recorder.

pic4|ss|IT|Pre-int|L1

Complete the sentences with the words from the lesson to revise the useful vocabulary related to cybersecurity

Match the types of cyberattacks to their definitions

Do the test

1. While opening an email, you got an interesting but suspicious message from a company. The message said that you had won a lottery, and the company was asking you for specific personal and banking details so that they could lodge a large sum of money in your bank account. These emails are a common type of cyberattacks that is called

«phishing».

2. Which of the following is a common example of a «phishing» attack?

You’ve got an email that appears to be from your bank asking you to enter your account number and password, but the web address looks unfamiliar.
You’ve received a text message claiming that you’ve won a contest and asking you to click on the link.

Points to consider: With phishing, an attacker tries to collect user personal data (such as passwords and credit card numbers) by means of fake apps, fake SMS or fake email messages that seem genuine. The attacker may either ask you to provide your data directly (i.e. via replying in the mail) or via visiting a web site that he/she proposes. Never answer a message that appears to be phishing.

3. You’ve noticed that one of your friends has been using some of the same computer programs for years, and one of the programs has long been discontinued by the manufacturer. You tell your friend that this old and discontinued software exposes their computer to serious security threats. Among these threats, you mention

malicious software.

Points to consider: Using discontinued software implies exposure to a number of risks such as malicious software due to the software lacking updates. See for more information and additional threats coming from the use of discontinued software a recent ENISA (The European Union Agency for Cybersecurity) recommendation: Users should make sure that they are aware and understand the security risk they are exposing themselves to by continuing to use obsolete software.

4. One of your friends has recently been a victim of a social engineering attack since someone has stolen her username and password for accessing her work email. Social engineering in a security context means

a form of social deception focused on information gathering, fraud, or system access.

Points to consider: Social engineering is indeed a complex form of social deception, exploiting human weaknesses so as to psychologically manipulate people with the aim to information gathering, fraud, or system access (e.g. to fool someone into giving you his/her password).

5. Your friend is a «very heavy» user of mobile apps. He has apps for playing and learning, for staying informed about what happens in his city and for keeping in touch with his friends. Whenever he sees an interesting app, he just downloads and installs it. However, for ensuring his safety and security, it is best to

check that the app comes from a reputable source.

Points to consider: Before installing or using new smartphone apps or services, it is important to check their reputation. Never install any software onto the device unless it is from a trusted source. Also, make sure that, especially if the app is cost-free, you fully understand which personal data it uses and make sure that you agree with this.

6. Criminals access someone’s computer and encrypt the user’s personal files and data. The user is unable to access this data unless they pay

a ransom.

Points to consider: The main aim of this type of cyberattacks is to block users from accessing their own data until they pay some money.

7. These days in the media, it is not uncommon to hear that organizations and companies have suffered from cyberattacks. The popular image is that these attacks are carried out by so-called malicious hackers that are external to an organization. However, several observations show that many of these attacks are carried out by organization employees or former employees. The common name which is given to this latter type of threat is

an insider threat.

Points to consider: While it is common to think that cyberattacks come from external sources, often attacks come from the inside. An insider — for example an employee — might obtain access to the computer systems or networks of an organization and then conduct harmful or criminal activities against the organization. However, a significant amount of insider threats stem from unintentional user errors/mistakes.

pic1_SS|IT|Pre-Int|L1

Watch the video about social engineering and mark the sentences as True or False

pic1_SS|IT|Pre-Int|L1

Reading technique

Detailed reading

Skimming is reading for understanding the main idea.

Scanning is reading for specific information (that is what you trained in previous lessons).

Detailed reading speaks for itself and allows you to understand the text deeper.

How to read in detail:

Use underlining and highlighting to pick out what seem to you the most central or important words and phrases (if a text is on paper).
Use keywords to record the main headings and points as you read. Use one or two keywords for each main point.
Use questions that will encourage you to take an active approach to your reading.
Record your questions as you read. They can be used as prompts for follow-up work.
Use summaries to check if you have understood what you have read. Pause after a section of the text and put what you have read in your own words. Skim over the text to check the accuracy of your summary, filling in any significant gaps.

Read the excerpt carefully paying attention to details and then match the parts of the sentences

Cloud computing

Cloud computing, often referred to as simply «the cloud», is the delivery of on-demand computing resources — everything from applications to data centers — over the internet on a pay-for-use basis. Cloud computing services fall into 4 categories: infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS) and functions as a service (FaaS).

Infrastructure as a service (IaaS)

IaaS is the most basic category of cloud computing services that allows you to rent IT infrastructure (hardware, storage, servers and data center space or network components) from a cloud provider on a pay-as-you-go basis.

Platform as a service (PaaS)

Platform as a service (PaaS) refers to the supply of an on-demand environment for developing, testing, delivering and managing software applications. It is designed to quickly create web or mobile apps, without worrying about setting up or managing the underlying infrastructure of servers, storage, network and databases needed for development.

Software as a service (SaaS)

Software as a service (SaaS) is a method for delivering software applications over the Internet as per the demand and on a subscription basis. In SaaS, a service provider hosts the application and underlying infrastructure at its data center, handles any maintenance, and a customer accesses it via a standard web browser.

Functions as a service (FaaS)

FaaS adds another layer of abstraction to PaaS. It provides a platform allowing customers to develop, run, and manage application functionalities by uploading narrowly functional blocks of code and setting them to be triggered by a certain event and without having to handle the hassles of virtual servers, containers, and application runtimes.

You can read about cloud computing in detail 🔗here and try the new reading technique in action.

Look at your roadmap and see your progress

pic2|ss|IT|int|L4

Урок Homework Курс

Introduction
Cyber threats
Common cyber threats
Cyberattacks
Types of cyberattacks
Cybersecurity month
Describing cyberattacks
Homework 1
Homework 2
Homework 3