Module 08 · Cyberspace Tech Solutions Cybersecurity Curriculum
Advanced Topics & Emerging Trends
AI in cybersecurity, IoT security, quantum threats, supply chain attacks, and emerging technologies — ~60 minutes of interview prep.
20
Interview Q&As
25
MCQ Questions
4
Simulations
60
Minutes
Learning Outcomes
- Analyse the impact of AI on both offensive and defensive cybersecurity
- Identify IoT security challenges and mitigations
- Understand quantum computing's threat to cryptography
- Explain supply chain attacks and emerging threat vectors
Topics Covered
| # | Topic | Time | Type |
|---|---|---|---|
| 1 | Core Concepts (AI, IoT, Quantum, Supply Chain) | 10 min | Reading |
| 2 | Interview Questions & Answers | 20 min | Q&A |
| 3 | MCQ Quiz (25 questions) | 15 min | Quiz |
| 4 | AI Use Case Classifier | 5 min | Simulation |
| 5 | IoT Attack Surface Mapper | 4 min | Simulation |
| 6 | Emerging Threat Timeline | 3 min | Simulation |
| 7 | Technology Risk Matcher | 3 min | Simulation |
💡 Tip: Emerging topics are increasingly common in senior cybersecurity interviews. Expect questions on AI-driven attacks, post-quantum readiness, and IoT/OT security.
Core Concepts · ~10 min
Advanced Topics Fundamentals
AI in Cybersecurity
🛡️ Defensive AI
- UEBA — anomaly detection on user/entity behaviour
- AI-powered SIEM (Splunk, Microsoft Sentinel)
- SOAR — automated playbook execution
- Predictive threat intelligence
- AI-driven vulnerability prioritization
⚔️ Offensive AI
- AI-generated hyper-personalized phishing
- Deepfakes for voice/video social engineering
- Polymorphic malware evading AV signatures
- AI-powered fuzzing and exploit generation
- Adversarial ML — model poisoning/evasion
IoT Security Challenges
| Challenge | Risk | Mitigation |
|---|---|---|
| Default credentials | Immediate takeover | Change on first boot, enforce unique passwords |
| No encryption | Eavesdropping, MitM | Enforce TLS/DTLS for all communication |
| No firmware updates | Unpatched vulnerabilities forever | OTA update capability, signed firmware |
| Flat network access | Lateral movement to corporate systems | IoT VLAN, network segmentation |
| Physical accessibility | Debugging ports exposed | Disable JTAG/UART, tamper protection |
| Weak resource constraints | Can't run standard security agents | Lightweight crypto, hardware security chips |
⚠️ Mirai Botnet (2016): Malware infected 600,000+ IoT devices (cameras, DVRs) using default credentials. Launched 1.2 Tbps DDoS attacks — the largest ever at the time. Still active variants exist today.
Quantum Computing Threats
| Algorithm | Threat | Affected Crypto | Solution |
|---|---|---|---|
| Shor's Algorithm | Breaks public-key crypto | RSA, ECC, Diffie-Hellman | Post-quantum algorithms (CRYSTALS-Kyber) |
| Grover's Algorithm | Halves symmetric key strength | AES-128 (weakened to 64-bit) | Use AES-256 (still 128-bit effective) |
🔬 Harvest Now, Decrypt Later (HNDL): Nation-state actors are collecting encrypted traffic today, storing it, and plan to decrypt it once quantum computers are powerful enough. Sensitive data with long shelf life (10+ years) is already at risk.
NIST PQC Standards (2024): CRYSTALS-Kyber (ML-KEM) for key encapsulation, CRYSTALS-Dilithium (ML-DSA) for digital signatures, FALCON, SPHINCS+ — standardized to replace RSA/ECC.
Supply Chain Attacks
| Attack | Year | Method | Impact |
|---|---|---|---|
| SolarWinds (SUNBURST) | 2020 | Malicious code injected into legitimate software update | 18,000+ organizations including US govt agencies |
| XZ Utils backdoor | 2024 | Attacker spent 2 years gaining maintainer trust, inserted backdoor | Nearly compromised SSH on all Linux systems |
| npm package typosquatting | Ongoing | Malicious packages with names similar to popular ones | Credential theft from developer machines |
| 3CX Desktop App | 2023 | Compromised build process, trojanized installer | Targeted financial sector customers |
Interview Q&A · ~20 min · 20 Questions
Interview Questions & Model Answers
Click any question to reveal the model answer. Easy Medium Hard
1How is AI being used to improve cybersecurity defences?Easy▼
AI enhances cyber defences in several key ways:
- UEBA (User and Entity Behaviour Analytics): ML models learn baselines of normal user/device behaviour and alert on statistical anomalies — detecting insider threats and compromised accounts without relying on known signatures.
- AI-powered SIEM: Tools like Microsoft Sentinel and Splunk use ML to correlate millions of events, reduce alert fatigue, and surface the most critical incidents automatically.
- SOAR (Security Orchestration, Automation and Response): AI-driven playbooks automatically contain threats — isolating endpoints, blocking IPs, resetting passwords — within seconds of detection.
- Predictive threat intelligence: NLP models analyse dark web forums, threat feeds, and CVE databases to predict likely attacks before they occur.
- Vulnerability prioritization: AI ranks patching priorities based on exploitability, asset criticality, and threat actor interest — not just CVSS score.
💡 Interview Tip: Mention the distinction between rule-based detection (legacy SIEM) and ML-based anomaly detection — this shows depth. UEBA is a favourite topic for SOC/Blue Team roles.
2How can attackers use AI to enhance their attacks?Medium▼
AI significantly lowers the barrier and increases the effectiveness of attacks:
- AI-generated phishing: LLMs like GPT can generate hyper-personalized, grammatically perfect spear phishing emails at massive scale — previously limited by language barriers and time.
- Deepfakes: Synthetic voice and video can impersonate executives (CEO fraud) convincing employees to transfer funds or reveal credentials. A UK energy firm lost $243,000 to a deepfake voice call in 2019.
- Polymorphic malware: AI regenerates malware code each execution, changing hashes and patterns to evade signature-based AV/EDR.
- AI-powered fuzzing: Automated vulnerability discovery at speeds impossible for human researchers — finding 0-days faster.
- Adversarial ML: Attackers subtly poison training data to corrupt ML security models, or craft inputs that evade ML-based detection (evasion attacks).
💡 The emerging term "Offensive AI" is distinct from traditional automation — it adapts, learns, and personalizes attacks in ways static tools cannot.
3What are the main security challenges with IoT devices?Easy▼
IoT devices introduce unique security challenges:
- Default credentials: Many ship with admin/admin or hardcoded passwords users never change.
- No patch mechanism: Many devices have no way to receive firmware updates, leaving vulnerabilities permanently unpatched.
- Unencrypted communications: Many use HTTP, Telnet, or custom protocols without TLS.
- Resource constraints: Limited CPU/RAM prevents running standard security agents or heavy cryptography.
- Physical access: Deployed in accessible locations; JTAG/UART debug ports often exposed.
- No visibility: Traditional security tools don't see IoT traffic — they don't appear in Active Directory or EDR.
- Long lifespans: Industrial IoT devices run 10–20 years, far outliving security support.
💡 OWASP IoT Top 10 is a great framework to reference: Weak passwords, Insecure network services, Insecure ecosystem interfaces, Lack of secure update mechanism, Use of insecure/outdated components are key items.
4What is the Mirai botnet and what does it demonstrate about IoT security?Medium▼
Mirai was malware discovered in 2016 that scanned the internet for IoT devices (cameras, DVRs, routers) using default username/password combinations. It infected over 600,000 devices, forming a massive botnet used to launch record-breaking DDoS attacks including a 1.2 Tbps attack against Dyn DNS that took down major websites (Twitter, Netflix, Reddit) for hours.
Lessons from Mirai:
Lessons from Mirai:
- Default credentials are catastrophic at scale — one vulnerability across millions of devices.
- IoT devices make ideal DDoS bots — always-on, large numbers, no user awareness.
- The source code was published, spawning dozens of Mirai variants still active today.
- Regulatory response: UK's Product Security and Telecommunications Infrastructure Act now bans default passwords on consumer IoT devices.
💡 Mirai demonstrated that "security by obscurity" (it's just a camera, who cares?) fails catastrophically — every internet-connected device is an attack surface.
5What is UEBA and how does it work?Medium▼
UEBA (User and Entity Behaviour Analytics) uses machine learning to establish baselines of normal behaviour for users and devices, then generates risk scores and alerts when behaviour deviates significantly.
- Data sources: Active Directory logs, VPN logs, email, file access, cloud activity, endpoint telemetry.
- Baseline building: ML models learn what's "normal" for each user/entity over weeks.
- Anomaly detection: Flags deviations — login at unusual time, mass file downloads, access to new systems, unusual geographic location.
- Risk scoring: Assigns dynamic risk scores updated in real time.
💡 UEBA was largely incorporated into SIEM/SOAR platforms. Vendors: Microsoft Sentinel, Splunk UBA, Securonix, Exabeam.
6What is SOAR and how does it differ from SIEM?Medium▼
| SIEM | SOAR | |
|---|---|---|
| Primary function | Collect, correlate, alert on security events | Automate and orchestrate response to alerts |
| Output | Alerts and dashboards for analysts | Automated actions (block IP, isolate host, reset password) |
| Human involvement | Required to triage and respond | Reduces/eliminates human steps via playbooks |
| Focus | Detection | Response and remediation |
| Examples | Splunk, IBM QRadar, Microsoft Sentinel | Palo Alto XSOAR, Splunk SOAR, IBM Resilient |
💡 Modern platforms like Microsoft Sentinel combine SIEM + SOAR. The key SOAR value: MTTR (Mean Time to Respond) reduced from hours to seconds via automated playbooks.
7What is a deepfake and how can it be used in social engineering?Easy▼
A deepfake is AI-generated synthetic media (audio, video, image) that convincingly replaces a real person's likeness or voice using deep learning models (GANs — Generative Adversarial Networks).
Social engineering applications:
Social engineering applications:
- CEO fraud: Deepfake voice call from "the CEO" instructing finance to wire money urgently. ($243K case, UK, 2019).
- Video conference fraud: Deepfake video used in a Zoom call to impersonate a company executive — $25M Hong Kong bank fraud in 2024.
- Vishing at scale: Cloning a person's voice from just 3 seconds of audio (AI tools like ElevenLabs) to make convincing calls to employees or family.
- KYC bypass: Using deepfakes to fool identity verification systems at financial institutions.
8What is adversarial machine learning?Hard▼
Adversarial ML involves manipulating or exploiting ML systems used in security:
- Evasion attacks: Crafting inputs that cause an ML model to misclassify them. Example: slightly modifying malware binary so ML-based AV classifies it as benign, without changing functionality.
- Poisoning attacks: Injecting malicious training data to corrupt the model's behaviour at training time. Example: poisoning an email spam filter to allow phishing emails.
- Model inversion: Reconstructing training data from model outputs — revealing sensitive PII used in training.
- Model extraction/stealing: Querying a model repeatedly to reconstruct its logic and create a copy, bypassing licensing or enabling evasion.
💡 This is an emerging field at the intersection of ML and security. MITRE ATLAS framework maps adversarial ML tactics analogously to ATT&CK for traditional threats.
9What is quantum computing's threat to cryptography?Hard▼
Quantum computers leverage quantum mechanics (superposition, entanglement) to solve certain mathematical problems exponentially faster than classical computers.
- Shor's Algorithm can factor large integers and compute discrete logarithms in polynomial time — directly breaking RSA, ECC, and Diffie-Hellman. These rely on the computational difficulty of these exact problems.
- Grover's Algorithm provides a quadratic speedup for searching — effectively halving symmetric key strength (AES-128 drops to 64-bit effective security).
💡 The urgency is NOW because of "harvest now, decrypt later" — encrypted traffic captured today will be readable once CRQCs exist. Sensitive data with 10+ year confidentiality requirements needs protection now.
10What is post-quantum cryptography?Hard▼
Post-quantum cryptography (PQC) refers to cryptographic algorithms designed to resist attacks from quantum computers. These run on classical computers but use mathematical problems that quantum algorithms cannot efficiently solve.
NIST PQC Standards (finalized 2024):
NIST PQC Standards (finalized 2024):
- ML-KEM (CRYSTALS-Kyber): Key encapsulation mechanism — replaces Diffie-Hellman for key exchange. Based on the hardness of Module Learning With Errors (MLWE).
- ML-DSA (CRYSTALS-Dilithium): Digital signatures — replaces RSA/ECDSA signatures.
- SLH-DSA (SPHINCS+): Hash-based signatures — stateless, conservative choice.
11What is a supply chain attack? Give a real-world example.Medium▼
A supply chain attack compromises an organization by targeting less-secure elements in its supply chain — vendors, software dependencies, build systems — rather than attacking the target directly.
SolarWinds (2020) — the definitive example:
SolarWinds (2020) — the definitive example:
- Russian APT (Cozy Bear / APT29) compromised SolarWinds' build environment.
- Injected SUNBURST backdoor into a legitimate Orion software update.
- 18,000+ organizations downloaded the trojanized update, including US Treasury, DoJ, State Department, Microsoft, FireEye.
- Went undetected for 8–9 months. The attackers blended perfectly with legitimate SolarWinds traffic.
💡 Mitigations: Software Bill of Materials (SBOM), vendor security assessments, code signing verification, build pipeline integrity checks (SLSA framework), network monitoring for unexpected outbound connections.
12What is the OWASP IoT Top 10?Medium▼
OWASP IoT Top 10 (2018, updated guidance ongoing) lists the most critical IoT security issues:
- Weak, guessable, or hardcoded passwords
- Insecure network services
- Insecure ecosystem interfaces (web/API/mobile/cloud)
- Lack of secure update mechanism
- Use of insecure or outdated components
- Insufficient privacy protection
- Insecure data transfer and storage
- Lack of device management
- Insecure default settings
- Lack of physical hardening
💡 #1 (default passwords) enabled the entire Mirai botnet. #4 (no update mechanism) means vulnerabilities are permanent on some devices. #10 (physical hardening) is unique to IoT vs web security.
13How does 5G change the cybersecurity threat landscape?Hard▼
5G introduces both opportunities and risks:
- Expanded attack surface: 5G enables billions more IoT devices, drones, autonomous vehicles, and industrial systems to connect — each a potential entry point.
- Network slicing vulnerabilities: 5G creates virtual network slices; if isolation is imperfect, attackers can move between slices (lateral movement across virtual networks).
- Software-defined infrastructure: 5G core is software-based (cloud-native), introducing software vulnerabilities into what was previously dedicated hardware — expanded attack surface.
- Supply chain risks: Concerns about equipment from certain vendors (Huawei, ZTE) potentially containing backdoors.
- IMSI catchers still relevant: While 5G improved authentication, some legacy 4G downgrade attacks can still intercept traffic in hybrid networks.
14What is a harvest-now-decrypt-later attack?Hard▼
A Harvest Now, Decrypt Later (HNDL) attack is a strategy where adversaries collect and store encrypted data today — even though they cannot currently decrypt it — with the plan to decrypt it once sufficiently powerful quantum computers become available.
This is particularly concerning for:
This is particularly concerning for:
- Government secrets and classified communications
- Long-term financial transactions
- Medical records with 20+ year relevance
- Intellectual property in development
- Strategic infrastructure plans
💡 NSA has mandated US national security systems migrate to post-quantum cryptography by 2035. Organizations with sensitive long-lived data should begin crypto-agility planning immediately.
15What are the security implications of smart home devices?Easy▼
Smart home devices (smart TVs, thermostats, cameras, doorbells, voice assistants, smart locks) create significant home network security risks:
- Network bridgehead: A compromised smart TV on the same network as work laptops can enable attackers to pivot to corporate systems via VPN.
- Surveillance: Hijacked cameras and microphones (smart speakers like Alexa/Google Home) enable eavesdropping on personal and business conversations.
- Physical security: Compromised smart locks can allow physical entry.
- Data privacy: Many devices send data to third-party cloud services — often in jurisdictions with different privacy laws.
- Lateral movement: Flat home networks mean any compromised device can reach all others including work devices and NAS drives.
16What is ICS/SCADA security and why is it critical?Hard▼
ICS (Industrial Control Systems) and SCADA (Supervisory Control and Data Acquisition) control physical infrastructure: power grids, water treatment plants, oil pipelines, manufacturing, nuclear facilities.
Why it's critical:
Why it's critical:
- Physical consequences: Unlike IT systems, an ICS attack can cause explosions, blackouts, water contamination, or loss of life.
- Stuxnet precedent (2010): First cyberweapon to cause physical damage — destroyed Iranian uranium centrifuges by manipulating PLCs while displaying normal readings.
- Air gap myths: Many ICS systems believed to be isolated are connected to corporate IT networks or inadvertently via maintenance laptops, USB drives.
- Legacy systems: 30+ year old equipment with no security features, running outdated OS (Windows XP), cannot be patched without shutting down critical infrastructure.
17What is Zero Trust and how does it relate to emerging threats?Medium▼
Zero Trust is a security model based on the principle: "Never trust, always verify." It assumes breach — no user, device, or network segment is inherently trusted, even inside the perimeter.
Core principles:
Core principles:
- Verify explicitly: Authenticate and authorize every access request based on all available data points (identity, device health, location, behaviour).
- Use least privilege: Limit access to only what's needed for the specific task, for the minimum time.
- Assume breach: Segment networks, encrypt all data in transit, monitor everything, minimize blast radius.
- Defeats lateral movement from supply chain compromises (SolarWinds)
- Limits damage from AI-powered credential attacks
- Handles IoT devices as untrusted by default
- Works for cloud-native environments where there is no perimeter
18What is blockchain and how can it be used in cybersecurity?Medium▼
A blockchain is a distributed, append-only ledger where records (blocks) are cryptographically linked and consensus-validated — making tampering computationally infeasible.
Cybersecurity applications:
Cybersecurity applications:
- Immutable audit logs: Security logs stored on blockchain cannot be deleted or modified by attackers who compromise the logging server — preserving forensic evidence.
- Decentralized Identity (DID): Self-sovereign identity — users control their credentials without a central identity provider that can be breached.
- PKI transparency: Certificate Transparency (CT) logs use append-only logs to detect mis-issued TLS certificates.
- Software supply chain: Recording build provenance and code signing events on an immutable ledger.
- Secure DNS: Blockchain-based DNS (e.g., Handshake) resistant to DNS poisoning.
💡 Don't confuse "blockchain" with "cryptocurrency." The underlying data structure has security applications independent of financial use cases.
19How do polymorphic malware and AI interact?Hard▼
Polymorphic malware changes its code, signature, or structure with each execution while maintaining its payload functionality — evading signature-based detection.
Traditional polymorphism: Used simple encryption with changing keys, mutation engines to rewrite code.
AI-enhanced polymorphism:
Traditional polymorphism: Used simple encryption with changing keys, mutation engines to rewrite code.
AI-enhanced polymorphism:
- ML models (especially GANs) can generate functionally equivalent but syntactically different malware code variants on demand.
- AI can test generated variants against known AV signatures before deployment, selecting only those that evade detection.
- Metamorphic AI malware rewrites its entire logic — not just encryption — making even heuristic detection harder.
- LLMs have been used to generate novel shellcode that evades ML-based detectors (demonstrated by researchers in 2023).
💡 This is why behavioural detection (what the malware DOES, not what it looks like) is increasingly important over signature-based AV. EDR tools monitor process behaviour, memory, and API calls.
20What steps should organizations take to prepare for quantum threats?Hard▼
A quantum readiness programme should include:
- Crypto inventory: Discover all cryptographic assets — where RSA, ECC, and Diffie-Hellman are used across applications, APIs, PKI, VPNs, TLS certificates.
- Data sensitivity assessment: Identify data with long confidentiality requirements (classified, medical, IP) — these are at risk from HNDL attacks now.
- Crypto-agility design: Architect systems to swap algorithms without major rewrites — abstract cryptographic primitives behind interfaces.
- Pilot PQC algorithms: Test CRYSTALS-Kyber for key exchange and Dilithium for signatures in non-critical systems now.
- Hybrid cryptography: Combine classical + PQC algorithms during transition — maintains security if either is broken.
- Follow NIST guidance: NIST IR 8547 provides migration timelines. NSA mandates migration by 2035.
- Vendor readiness: Assess TLS library, VPN, PKI vendor roadmaps for PQC support.
MCQ Quiz · ~15 min · 25 Questions
Multiple Choice Questions
Select an answer then click Check. Explanations shown after submission.
MCQ Progress:
0 / 25
Simulation 1 · ~5 min
AI Use Case Classifier
Classify each scenario as AI-Offensive, AI-Defensive, or Not AI-related.
Simulation 2 · ~4 min
IoT Attack Surface Mapper
Match each IoT vulnerability to its correct mitigation control.
Simulation 3 · ~3 min
Emerging Threat Timeline
Click the threats below to arrange them from oldest (1) to most recent (5).
Simulation 4 · ~3 min
Technology Risk Matcher
Match each emerging technology to its primary security risk.
🎉