5.

1 Cyber Security
Cybersecurity is the practice of protecting internet-connected systems, including
hardware, software, and data, from cyber threats such as hacking, malware,
phishing, and unauthorized access. It involves implementing measures to ensure the
confidentiality, integrity, and availability of information and systems.

Importance of syber security

cybersecurity is important for several reasons:
1.Protection of sensitive data: Cybersecurity measures safeguard personal,
financial, and sensitive data from unauthorized access and theft.
2.Prevention of cyber attacks: It helps in defending against various cyber threats
such as malware, ransomware, phishing, and denial-of-service attacks, which can
disrupt operations and cause financial losses.
3.Preservation of reputation: Effective cybersecurity practices help organizations
maintain trust and credibility with customers, partners, and stakeholders by
avoiding data breaches and security incidents.
4.Compliance with regulations: Many industries have regulations and standards
governing data protection and cybersecurity, and adherence to these requirements
is essential to avoid legal consequences and penalties.
5.Safeguarding critical infrastructure: Cybersecurity measures are crucial for
protecting essential services such as power grids, transportation systems, and
healthcare facilities from cyber threats that could have far-reaching
consequences on public safety and national security.
Overall, cybersecurity plays a vital role in safeguarding individuals,
organizations, and nations from the evolving landscape of cyber threats in the
digital age.

5.2 Cyber Security Threats/Attacks:Cybersecurity threats and attacks come in

various forms, targeting different aspects of digital systems and data.

Here are some common types:

1. Data Interception:
Cyber security threats/attacks data interception
Data interception is a common cybersecurity threat where attackers intercept and
capture sensitive information as it travels over a network.
This type of attack can occur through various methods, including:
I.Man-in-the-Middle (MitM) Attack: In a MitM attack, an attacker intercepts
communication between two parties, such as a user and a website, without their
knowledge. The attacker can eavesdrop on the communication, modify data packets,
or even impersonate one of the parties to gain access to sensitive information.

II.Packet Sniffing: Attackers use packet sniffing tools to capture data packets
transmitted over a network. These tools allow attackers to analyze the captured
packets to extract sensitive information such as login credentials, credit card
numbers, or other confidential data.

III.Session Hijacking: In session hijacking attacks, attackers steal a user's

session identifier or session cookie to impersonate the user and gain unauthorized
access to their accounts or sensitive information.

IV.DNS Spoofing: Attackers manipulate the Domain Name System (DNS) to redirect
users to malicious websites or servers controlled by the attacker. This enables
attackers to intercept and capture sensitive data exchanged between users and
legitimate websites.

V.Wireless Eavesdropping: Attackers can eavesdrop on wireless communications, such

as Wi-Fi or Bluetooth, to capture sensitive information transmitted over the
airwaves.

To mitigate data interception threats, organizations and individuals can implement

encryption protocols, such as Transport Layer Security (TLS) or Secure Sockets
Layer (SSL), to encrypt data transmitted over networks. Additionally, using virtual
private networks (VPNs), ensuring secure Wi-Fi connections, and regularly
monitoring network traffic for suspicious activity can help prevent data
interception attacks

DDoS Attack:
A distributed denial-of-service (DDoS) attack is a malicious attempt to
disrupt the normal traffic of a targeted server, service or network by overwhelming
the target or its surrounding infrastructure with a flood of Internet traffic.DDoS
attacks achieve effectiveness by utilizing multiple compromised computer systems as
sources of attack traffic. Exploited machines can include computers and other
networked resources such as IoT devices.From a high level, a DDoS attack is like an
unexpected traffic jam clogging up the highway, preventing regular traffic from
arriving at its destination

#how does a DDoS attack work?

DDoS attacks are carried out with networks of Internet-connected
machines.These networks consist of computers and other devices (such as IoT
devices)which have been infected with malware, allowing them to be
controlled remotely by an attacker. These individual devices are referred to
as bots (or zombies), and a group of bots is called a botnet.Once a botnet has
been established, the attacker is able to direct an attack by sending remote
instructions to each bot.When a victim’s server or network is targeted by the
botnet, each bot sends requests to the target’s IP address, potentially
causing the server or network to become overwhelmed, resulting in a denial-
of-service to normal traffic.
Because each bot is a legitimate Internet device, separating the attack
traffic from normal traffic can be difficult.

DoS vs. DDoS

A distributed denial-of-service attack is a subcategory of the more general denial-
of-service (DoS) attack. In a DoS attack, the attacker uses a single internet
connection to barrage a target with fake requests or to try and exploit a
cybersecurity vulnerability. DDoS is larger in scale. It utilizes thousands (even
millions) of connected devices to fulfill its goal. The sheer volume of the devices
used makes DDoS much harder to fight.

TYPES OF DDOS ATTACK

Volume-Based or Volumetric Attacks

This type of attack aims to control all available bandwidth between the victim
and the larger internet. Domain name system (DNS) amplification is an example
of a volume-based attack. In this scenario, the attacker spoofs the target's
address, then sends a DNS name lookup request to an open DNS server with the
spoofed address When the DNS server sends the DNS record response, it is sent
instead to the target,resulting in the target receiving an amplification of the
attacker’s initially small query.

Protocol Attacks
Protocol attacks consume all available capacity of web servers or other
resources, such as firewalls. They expose weaknesses in Layers 3 and 4 of the
OSI protocol stack to render the target inaccessible.A SYN flood is an
example of a protocol attack, in which the attacker sends the target an
overwhelming number of transmission control protocol (TCP) handshake requests with
spoofed source Internet Protocol (IP) addresses. The targeted servers attempt to
respond to each connection request, but the final handshake never occurs,
overwhelming the target in the process.

Application-Layer Attacks
These attacks also aim to exhaust or overwhelm the target's resources but are
difficult to flag as malicious. Often referred to as a Layer 7 DDoS attack—
referring to Layer 7 of the OSI model—an application-layer attack targets the layer
where web pages are generated in response to Hypertext Transfer Protocol (HTTP)
requests.A server runs database queries to generate a web page. In this form of
attack, the attacker forces the victim's server to handle more than it normally
does. An HTTP flood is a type of application-layer attack and is similar to
constantly refreshing a web browser on different computers all at once. In this
manner, the excessive number of HTTP requests overwhelms the server, resulting in a
DDoS.

diagram of ddos

hacking
Hacking refers to the unauthorized intrusion into computer systems or
networks with the intent to gain access to data, manipulate systems, or disrupt
operations. Here are some key points about hacking:

Types of Hackers: There are different types of hackers, including:

White Hat Hackers: Ethical hackers who use their skills to uncover vulnerabilities
in systems and networks to help improve security.

Black Hat Hackers: Malicious hackers who exploit vulnerabilities for personal gain,
financial motives, or to cause harm.

Grey Hat Hackers: Hackers who may engage in both ethical and unethical hacking
activities, often without malicious intent.

Methods of hacking:
hacker can use various techniques to gain unauthorized
accesS including
1.Exploiting Vulnerabilities: Identifying and exploiting weaknesses or security
flaws in software, hardware, or network configurations.
2.Brute Force Attacks: Attempting to guess passwords or encryption keys through
automated trial-and-error methods.

3.Phishing: Sending fraudulent emails or messages to trick recipients into

revealing confidential information or clicking on malicious links.

4.Malware: Creating and deploying malicious software, such as viruses, worms,

Trojans, or ransomware, to compromise systems or steal data.

5.Motivations for Hacking: Hackers may have various motivations, including:

6.Financial Gain: Theft of sensitive information, such as credit card numbers or

financial data, for monetary profit.

7.Espionage: Gathering confidential or proprietary information for competitive

advantage or espionage purposes.

8.Activism: Hacking for political, ideological, or social reasons to protest or

promote a cause.

9.Vandalism: Malicious destruction or defacement of websites, networks, or data for

the purpose of causing disruption or damage.

10.Cyber Warfare: State-sponsored hacking activities aimed at espionage, sabotage,

or disruption of adversaries' systems or critical infrastructure.

11.Prevention and Mitigation: Protecting against hacking requires implementing

robust cybersecurity measures, including:

12.Firewalls and Intrusion Detection Systems: Monitoring and controlling incoming

and outgoing network traffic to prevent unauthorized access.

13.Encryption: Securing data transmission and storage through encryption algorithms

to protect against interception or unauthorized access.

14.Regular Software Updates: Applying patches and updates to software and systems
to address known vulnerabilities and minimize the risk of exploitation.

15.User Education: Providing training and awareness programs to educate users about
cybersecurity best practices, such as strong password management and identifying
phishing attempts.

16.Access Controls: Implementing strong authentication mechanisms, such as multi-

factor authentication, and restricting access privileges to minimize the risk of
unauthorized access.

Malware
Malware, or malicious software, encompasses a wide range of harmful programs
designed to disrupt, damage, or gain unauthorized access to computer systems or
networks.

Here are some common types of malware:

Viruses: Programs that replicate themselves and spread by infecting other files or
systems. They can cause damage by deleting files, corrupting data, or stealing
information.
Worms: Self-replicating malware that spreads across networks without user
interaction. Worms can exploit vulnerabilities in operating systems or software to
propagate and often consume network bandwidth or degrade system performance.

Trojans: Malware disguised as legitimate software to trick users into installing

them. Once installed, Trojans can perform various malicious actions, such as
stealing sensitive information, creating backdoors for remote access, or launching
denial-of-service attacks.

Ransomware: Malware that encrypts files on a victim's system and demands payment
(usually in cryptocurrency) for the decryption key. Ransomware attacks can result
in data loss, financial loss, and operational disruption for individuals and
organizations.

Spyware: Programs that secretly monitor and collect information about a user's
activities without their consent. Spyware can track keystrokes, capture
screenshots, record web browsing habits, and harvest sensitive data such as login
credentials and financial information.

Adware: Software that displays unwanted advertisements or redirects web traffic to

generate revenue for the attacker. Adware can be bundled with legitimate software
or installed without the user's knowledge, often slowing down system performance
and disrupting the user experience.

Rootkits: Malware designed to conceal its presence or control over a system by

modifying system files, processes, or configurations. Rootkits can give attackers
persistent access to compromised systems while evading detection by security
software.

Botnets: Networks of compromised computers (bots) controlled by a central command-

and-control server. Botnets can be used to carry out distributed denial-of-service
(DDoS) attacks, send spam emails, steal sensitive information, or distribute
malware to other systems.

Protecting against malware requires a multi-layered approach, including:

1.Installing reputable antivirus and anti-malware software.

2.Keeping operating systems and software up to date with security patches.
3.Using strong, unique passwords and enabling multi-factor authentication.
4.Being cautious of suspicious emails, links, and attachments.
5.Regularly backing up important data to mitigate the impact of ransomware attacks.
6.Implementing network firewalls and intrusion detection/prevention systems.
7.Educating users about cybersecurity best practices and promoting a culture of
security awareness.

Phishing

Phishing is a common type of cyber attack that targets

individuals through email, text messages, phone calls, and other forms of
communication. A phishing attack aims to trick the recipient into falling for the
attacker’s desired action, such as revealing financial information, system login
credentials, or other sensitive information.

Whether a phishing campaign is hyper-targeted or sent to as many victims as

possible, it starts with a malicious message. An attack is disguised as a message
from a legitimate company. The more aspects of the message that mimic the real
company, the more likely an attacker will be successful.
While attackers’ goals vary, the general aim is to steal personal information or
credentials. An attack is facilitated by emphasizing a sense of urgency in the
message, which could threaten account suspension, money loss, or loss of the
targeted user’s job. Users tricked into an attacker’s demands don’t take the time
to stop and think if the demands seem reasonable or if the source is legitimate.

Phishing continually evolves to bypass security filters and human detection, so

organizations must continually train staff to recognize the latest phishing
strategies. It only takes one person to fall for phishing to incite a severe data
breach. That’s why it’s one of the most critical threats to mitigate and the most
difficult as it requires human defenses

Pharming

Pharming is online fraud that involves the use of malicious code to

direct victims to spoofed websites in an attempt to steal their credentials and
data. Pharming is a two-step process that begins with an attacker installing
malicious code on a victim's computer or server.
.

Types of Pharming Attack

Malware-based Pharming
In malware-based pharming, internet users often unwittingly pick up malware, such
as a Trojan horse or virus, through malicious email or software downloads. The
downloaded malware will covertly reroute the user to a fake or spoofed website
created and managed by the attacker. When people access the site, the attacker sees
all the personal data or login credentials they enter.In this pharming process,
malicious code sent via email resides on a user’s computer and begins modifying and
corrupting locally hosted files, as well as changing stored IP addresses. These
corrupted files will then be able to automatically direct a user’s computer to
attackers’ fraudulent websites rather than the legitimate website they want to
visit.

DNS Server Poisioning

The DNS serves to direct users’ website requests to the correct IP address. But
when a DNS server is corrupted, it will direct website requests to alternate or
fake IP addresses.

Unlike the malware-based approach, DNS server poisoning does not rely on individual
files being corrupted. Instead, it exploits vulnerabilities at the DNS server
level. The attacker poisons the DNS table, which then redirects users to a
fraudulent website, often without their knowledge. The corruption of a large DNS
server can result in cyber criminals targeting and scamming larger groups of
victims. DNS cache poisoning rewrites the internet’s rules around the flow of
traffic to websites by redirecting traffic to attackers’ spoofed websites. Cyber
criminals can achieve this through DNS hijacking, which enables them to target
multiple users on DNS servers and unprotected routers, especially free or public
Wi-Fi networks.

Social Engineering
Social engineering is the manipulation of individuals to divulge
confidential information or perform actions that may compromise security. It often
involves psychological manipulation rather than technical exploitation. Examples
include phishing emails, pretexting phone calls, and impersonation tactics to gain
access to sensitive data or systems. It's a significant threat to cybersecurity and
requires awareness and education to mitigate effectively.
 COMMON METHODS OF SOCIAL ENGINEERING

Phishing: Sending fraudulent emails that appear to be from legitimate

sources to trick recipients into revealing sensitive information such as passwords
or financial details.

Pretexting: Creating a false pretext or scenario to trick individuals into

revealing information or performing actions they wouldn't normally do,
such as providing login credentials over the phone to someone pretending
to be from IT support.

Baiting: Offering something enticing, like a free download or gift card,

to lure victims into revealing information or installing malware onto
their systems.

Tailgating: Physically following someone into a restricted area or building

by pretending to be an employee or someone who belongs there.

Impersonation: Pretending to be someone else, such as a coworker or

authority figure, to gain trust and access to sensitive information or
systems.

Quid pro quo: Offering something of value in exchange for information or

access, such as promising tech support in exchange for login credentials.

Reverse social engineering: Involves tricking the victim into approaching the
attacker for help or information, thereby giving the attacker an opportunity to
exploit the victim

5.3 TYPES OF MALWARE AND THEIR IMPACT ON SECURITY

I.virus:
A Virus is a malicious executable code attached to another
executable file. The virus spreads when an infected file is passed from system to
system. Viruses can be harmless or they can modify or delete data. Opening a file
can trigger a virus. Once a program virus is active, it will infect other programs
on the computer.

II.Worms – Worms replicate themselves on the system, attaching

themselves to different files and looking for pathways between computers, such as
computer network that shares common file storage areas. Worms usually slow down
networks. A virus needs a host program to run but worms can run by themselves.
After a worm affects a host, it is able to spread very quickly over the network.

III.Trojan horse – A Trojan horse is malware that carries out malicious

operations under the appearance of a desired operation such as playing an online
game. A Trojan horse varies from a virus because the Trojan binds itself to non-
executable files, such as image files, and audio files.

IV.Ransomware – Ransomware grasps a computer system or the data it contains

until the victim makes a payment. Ransomware encrypts data in the computer with a
key that is unknown to the user. The user has to pay a ransom (price) to the
criminals to retrieve data. Once the amount is paid the victim can resume using
his/her system

V.Adware – It displays unwanted ads and pop-ups on the computer. It comes

along with software downloads and packages. It generates revenue for the software
distributer by displaying ads.
 VI. Spyware – Its purpose is to steal private information from a computer
system for a third party. Spyware collects information and sends it to the hacker.