CyberTruck - a cyber security simulation

By carla [dot] bohme [at] ics [dot] lu [dot] se (Carla Böhme) - published 22 November 2023

Photograph of 10 students standing in front of the CyberTruck. — Photo: Madelaine Hallerdal, WithSecure

WithSecure visited the Department of Informatics on their European Cyber Tour, allowing students on our Bachelor's programme to get hands-on experience with the handling of cyber threats in a simulated environment.

On October 30th, 2023, students taking the course IS and Business Development got to experience something never seen before in the Bachelor's programme on Design of Information Systems. The day started with a guest lecture, followed by playground sessions, where groups of students got to enter the CyberTruck and experience realistic simulations of cyber threats and learn about tools for penetration testing.

The truck, furnished with an office environment, resided in the parking lot of the Holger Crafoord Centre for the day.

"The CyberTruck playground offers exciting simulations in understanding actual cyber vulnerabilities"

We interviewed Miranda Kajtazi, associate professor and course director of the sub-course Information Security in the third semester of our Bachelor's programme, about the experience.

How did you find out about the WithSecure Cyber Tour?

It was all by coincidence indeed. Martin Lindgren originally contacted me during the past summer. I quickly looked into his profile and explored the role WithSecure plays in the domain of CyberSecurity, which was intriguing.

How was it working with WithSecure?

Right from the first time we met over Zoom, we formed a strong bond that fostered our interactions to foresee a CyberTruck day for our students.

Can you tell me a bit about the CyberTruck simulation game?

The CyberTruck playground offers exciting simulations in understanding actual cyber vulnerabilities, not only from a user perspective, but also the organisational perspective.

Did you join in on one yourself?

Yes, I did join one of the sessions by mid-day, together with our Head of Department Nicklas Holmberg. We thought that the playground was not only creative, it was very stimulating, engaging, and let us be honest, also stressful, because it really showed you how easy it is to fall trap in unsecure cyber spaces.

Tell me about the guest lecture. Who spoke and what were the main takeaways?

Martin Lindgren held a guest lecture that brought an overarching perspective to understand the role of Offensive Security in being proactive to prevent cyber-attacks. Among others, our students got to learn that a Very Important Person (VIP) is also often a Very Attacked Person (VAP). Common knowledge on cyber security is often weak in understanding the consequences in this regard.

Was the day successful?

It definitely was, the students got to experience a new way of engaging with industry and the key actors like WithSecure who play an important role in waking up individuals, organizations, and the society about security risks in cyber spaces.

What do you think the students learned?

The students got a first-hand experience to understand penetration testing and its key role in acting proactively towards preventing cyber-attacks.

What reactions and comments have you gotten from students?

Overall, the students were very positive and excited about the day. Of course, while many found it amusing, a number also found it challenging to join and interact with the playground right away. In a nutshell, the time spent during the CyberTruck day was positive, with many students wishing they had more time to spend at the CyberTruck itself.

Miranda Kajtazi expressed that while some students found the simulation to be quite manageable, others expressed that the experience was very challenging and had a hard time finishing some of the tasks. Despite this, most students seemed to appreciate the unique approach to getting some hands-on experience with cyber security, no matter their previous experience.

Having been a part of the first European Tour by WithSecure, Miranda Kajtazi hopes to invite the CyberTruck again in the future. Due to the students varied backgrounds with cyber security, she plans on implementing a preparatory activity for all students to even the playing field, if the possibility arises.

Fotografi på CyberTruck som står parkerad. — CyberTruck. Photo: Madelaine Hallerdal, WithSecure

"The biggest challenge was choosing among various tools in the virtual environment"

Nenad Sekulic, one of the participating students, won first prize in the the competitive aspect of the CyberTruck challenge. We asked him a few questions about himself and his experience (his answers have been translated from Swedish).

Do you have a background in information security?

My background in information security is characterised by a strong commitment and passionate interest. I have experience working as an IT manager and system administrator in two private organisations related to the health sector.

What did you learn from the guest lecture with Martin Lindgren?

Martin Lindgren's lecture was rewarding and entertaining. It gave me a deeper understanding of the strategies hackers use to access sensitive information and data. For example, the concept of the "Very Attacked Person" (VAP), is often individuals in middle management positions who are insufficiently protected by their organisations.

Tell us a bit about the simulation.

During the CyberTruck event, we had the opportunity to meet cybersecurity analysts and partially familiarise ourselves with their work. The cybersecurity team gave us a nearly one-hour demonstration of how hackers search for vulnerabilities on websites and use various tools to exploit them to obtain sensitive information about users. Such as credit card information, health information and many more. [...] During the "Capture the Flag" (CTF) sessions, participants were faced with a series of challenges. These tasks included cookie intercepting, SQL injections, website defacement, Cross-Site Scripting (XSS) and more.

What was the most fun part of the simulation?

The most rewarding and entertaining aspect of the simulation was the opportunity to explore and use the various penetration testing tools available in Kali Linux.

What were the main challenges of the simulation?

For me personally, the biggest challenge was choosing among the various tools in the virtual environment, which had limited resources. Due to this limitation in performance, I had to carefully select and use only one or two tools at a time.

Would you recommend the CyberTruck activity to other students?

The CyberTruck experience was an eye-opener for me and has confirmed my interest in pursuing my career in the field of information security. Given the valuable insights I gained, I would highly recommend CyberTruck to other students.

"The playground session illuminated the multifaceted nature of cyber security"

Axel Malmström, another one of the participating students, shared some insights from the experience.

The playground session [...] illuminated the multifaceted nature of cyber security. It revealed the complexity of defence mechanisms required to ensure a website's security, highlighting the challenge of plugging all the potential loopholes. Major companies such as Google, Facebook and Microsoft were cited as examples that have experienced cyber-attacks due to vulnerabilities in their applications.

The experience expressed the necessity of understanding attackers’ methods and fault processes to prevent future attacks effectively. It was made clear that the cyber-threat landscape is constantly evolving, necessitating a proactive approach to safeguarding our online environments. Along with this knowledge, there is a heightened awareness of the critical need for protective measures against these ever-evolving threats.