CASP+ is for professionals who are keen to develop technology and take care of technical aspects of cybersecurity rather than managing it and preparing frameworks for the same. CompTIA A+ Certification is designed for advanced professionals who are not in managerial positions and take up the role of practitioners. The work of these practitioners is to maintain efficiency in the framework system designed by the managers. Vulnerabilities come in many forms, from hardware and software to buildings and people. You could have an application that runs outdated code that could be exploited by a threat, such as a hacker or a virus. Or your data center may be vulnerable to physical break-ins because it has windows or doors that are left unlocked. Humans can also become vulnerable by falling prey to trust games designed by attackers to gain unauthorized access to a building, computer, or network.
Victims of Cyber Attackers
More than four hundred twenty-nine million identities were exposed as a result of errors or direct cyber-attacks. Email is still a widely used form of communication, and more than fifty percent of it is spam, that is, unsolicited emails that often pursue a commercial or scam purpose. More than four hundred thirty million new variants of malicious software were discovered. That makes more than one million per day. The number of new vulnerabilities discovered raised to more than fifty-five hundred, which means that more than fifteen are discovered every single day, and this does not include those vulnerabilities that someone discovers and does not report. When it comes to web sites, one in approximately three thousand sites were found to contain malware, and around seventy-eight percent of all scanned web sites were vulnerable. In total, more than one million attacks against web servers were blocked per day. On top of that, cyber attackers can get value out of their attacks, normally in the form of economic gain.
Software and Data
All this, the huge number of interconnected systems, their complexity, our software, and the human element creates a substantial attack surface for attackers, who can exploit victims for economic or political gain. Moreover, in the last years, attacks have become not only more complex but also easier to conduct because of the commercialization of attack components and services. So, let's now have a look at what we call the Underground Economy of Cybercrime. This one of the most significant evolution of cyber attacks in the last years. One central notion is the idea of market places. These are the places where tools and data required conducting cybercrime operations can be bought and sold. Many of these marketplaces are just web-based forums, openly accessible to everyone. So, what can be sold and bought in these markets places?
Everything! For example, according to some reports from 2015, you can buy one thousand compromised hosts for as little as two hundred dollars. If you are interested in proxy servers, you can get one hundred fifty of them for twenty-five dollars a month. If you're after accounts on Twitter, Facebook, Google, etc., you can get one thousand of them for less than thirty dollars. And if what you look for is online social engagement, you might get one thousand followers on Twitter for twenty dollars and one thousand re-tweets for three hundred and fifty. But this is not all. You can also buy services such as a distributed denial-of-service against a particular victim, captcha solvers, SIM cars for mobile phones, customized malware and payloads for your attacks, and also credentials belonging to real users. So, let's now explore what types of cybercrime activities are more popular today and can be built around these components. The first one is `spamvertised products,´ that is, products are sold online in which potential clients are contacted through spam. This activity dates back to the 1990s, and it's one of the oldest forms of online abuse. Currently, spam campaigns involve different actors, each of which often gets a commission for every sale. Historically, email has been the main venue to contact potential clients, but in recent years spam is also present in other prominent venues, such as online social networks. Fighting spam can be done at several levels, including technical measures, such as blacklisting IPs and email accounts used by spammers and also using spam filters.
