The opening unit of AP Cybersecurity introduces the adversarial mindset by walking through three classic compromise pathways: tricking the user, guessing the password, and abusing the network.
Social engineering takes center stage as the human-layer attack, showing how phishing emails, smishing texts, and pretext phone calls exploit psychology rather than code.
Authentication weaknesses receive parallel treatment, with attention to predictable password patterns, online password attacks, and the defensive value of password managers and multifactor authentication.
Wireless security threats round out the trio of attack scenarios, covering evil twin access points, jamming, war driving, and the trade-offs of using public Wi-Fi and VPNs.
Artificial intelligence appears as a double-edged force: adversaries weaponize generative tools to craft phishing in any language, clone voices, and scan targets, while defenders deploy AI for log triage, configuration review, and anomaly detection.
Adversary classification (low-skilled versus high-skilled) and motivation (greed, ideology, revenge, recognition) establish vocabulary that will reappear throughout later units on threats and risk.
Practical defensive habits, including verifying SSIDs, refusing unsolicited authentication codes, and establishing shared secrets with family, connect the academic content to personal digital hygiene.
The unit functions as a survey: every topic introduced here (malware, encryption, network protocols, vulnerabilities, detection engineering) will be revisited in greater depth in subsequent units.
Key Concepts and Terms
Social engineering: A category of attack that manipulates human psychology rather than exploiting technical flaws, typically to extract information, install malware, or trigger a fraudulent action.
Elicitation: The act of drawing sensitive information out of a target, often through conversational or seemingly innocent questioning.
Intimidation: A social-engineering tactic that uses threats of negative consequences to pressure a target into complying.
Urgency: A social-engineering tactic that imposes a time pressure so the target acts before thinking critically.
Phishing: A social-engineering attack delivered through email, text (smishing), voice (vishing), or social media that tries to harvest credentials or deliver malware.
One-time password (OTP): A short, single-use authentication code sent to a user, valuable to adversaries because possessing it can unlock an account.
Online password attack: An attempt to gain access by submitting many candidate passwords directly to a live login service, often using a dictionary tailored to the target.
Multifactor authentication (MFA): A login process requiring two or more independent factors, such as a password plus a code from an app or a hardware key.
Password manager: Software that generates, stores, and autofills long random passwords, removing the need for users to memorize or reuse credentials.
Evil twin: A rogue wireless access point with an SSID matching a legitimate network, used to capture victims' traffic when they connect to it.
Service set identifier (SSID): The human-readable name broadcast by a wireless access point.
Jamming: A wireless denial-of-service attack that floods a frequency range with electromagnetic noise, blocking legitimate communication.
Denial of service (DoS): Any attack that prevents legitimate users from accessing a resource.
War driving: Reconnaissance that involves moving through an area to detect and map wireless networks.
Zero day: An undocumented vulnerability for which no patch yet exists, typically discoverable only by high-skilled adversaries.
Virtual private network (VPN): A service that encrypts a user's network traffic between their device and the VPN provider, hiding it from local network observers.
Large language model (LLM): A generative AI system trained on large text corpora, usable by adversaries to draft phishing or by defenders to triage events.
Deepfake: An AI-generated audio, image, or video impersonation built from samples of a real person.
Human Targets and Social Engineering
Attacks succeed because they exploit predictable psychological responses, not because the target is uninformed about technology.
A message claiming "Your account will be locked in 10 minutes" combines urgency with intimidation.
A caller posing as IT support and demanding a verification code uses authority plus time pressure.
Delivery channels include email, SMS, social media DMs, and in-person pretexting.
Business email compromise has cost organizations billions, often beginning with a single spoofed message to a finance employee.
Information disclosed during an attack feeds further attacks.
Birthdate, pet's name, and employer are standard challenge-question answers used to reset banking or email accounts.
A captured OTP grants the adversary a session as the victim, even when the password is strong.
Malicious links and attachments turn a click into code execution.
Drive-by downloads can install keyloggers or browser session stealers without visible signs.
Authentication and Password Defense
Human-chosen passwords cluster around predictable patterns that adversaries encode into wordlists.
"Spring2024!" and "Fluffy1998" exemplify the word-plus-year-plus-symbol pattern.
Family names, anniversaries, and sports teams populate targeted dictionaries built from a victim's social media.
Repeated failed logins in seconds, attempts at 3 a.m. local time, or sign-ins from unfamiliar device fingerprints all warrant investigation.
Strong authentication relies on length, randomness, and uniqueness across accounts.
A 20-character passphrase like "correct-horse-battery-staple" resists dictionary attacks better than "P@ssw0rd1!".
Reuse means one breach (such as the 2012 LinkedIn dump) compromises every account sharing that password.
MFA blocks most credential-stuffing attempts even when the password is known.
Hardware keys (YubiKey) and authenticator apps (Google Authenticator, Authy) are stronger than SMS codes because SMS can be intercepted via SIM swap.
Wireless and Network Risks
Public Wi-Fi is hostile territory because anyone within radio range can attempt attacks.
A coffee-shop evil twin named "Starbucks-Free-WiFi" can capture every unencrypted request from connected devices.
HTTPS protects page content, but DNS queries and unencrypted protocols can still leak.
Wireless attacks vary in goal.
Evil twin: eavesdropping and credential capture.
Jamming: denial of service, sometimes used to force devices onto an attacker-controlled network.
War driving: reconnaissance for later attacks or mapping signal leakage outside a building.
Defensive habits reduce exposure.
Confirm the exact SSID with venue staff before connecting.
Use a reputable VPN to shield traffic from the local network, while recognizing the VPN provider itself sees the traffic.
Disable automatic reconnection to open networks to prevent silent association with spoofed SSIDs.
Adversary Profiles
Skill level shapes the threat.
Low-skilled actors (sometimes called script kiddies) buy or download tools and aim at known, unpatched vulnerabilities.
High-skilled actors, including nation-state groups like APT29, develop custom malware and discover zero days.
Motivation shapes target selection.
Financially motivated criminals favor ransomware against hospitals and municipalities.
Hacktivists such as Anonymous target organizations on ideological grounds.
State-sponsored actors pursue espionage, sabotage, or influence operations.
Insiders may act on revenge or grievance, leveraging legitimate access.
AI as Attack Tool and Defense Tool
Generative AI strengthens offensive campaigns at every phase.
LLMs produce grammatically flawless phishing in any language, eliminating the typo tell that once flagged scams.
Voice cloning from a few seconds of audio enables "grandparent scams" and CEO-fraud calls authorizing wire transfers.
Prompt injection and training-data poisoning can coax LLMs into leaking confidential prompts or repeating planted falsehoods.
AI-assisted code tools help adversaries write malware variants and scan large codebases for exploitable bugs.
Automated reconnaissance scrapes LinkedIn, Instagram, and public records to build target profiles in minutes.
The same technology accelerates defense.
AI reviews firewall rules and access-control lists and proposes tighter configurations, subject to engineer review.
Code-analysis tools flag SQL-injection or buffer-overflow patterns before deployment.
Security operations centers use machine-learning triage to filter millions of daily log events down to a manageable queue of suspicious events.
Automated response systems can isolate an infected endpoint within seconds of detection, far faster than a human analyst.
Personal defenses against AI-augmented attacks include establishing a shared verbal codeword with family, enabling MFA so a cloned voice cannot defeat voice authentication alone, withholding sensitive data from chatbot prompts, and verifying AI-generated information against authoritative sources.
