Unit-1

Cybercrime is a crime that includes a computer and a network. Cybercrime is

the use of a computer as a weapon for committing crimes such as committing
fraud, identity theft, or breaching privacy. Cybercrime, especially through the
Internet, has grown in importance as the computer has become central to every
field like commerce, entertainment, and government. Cybercrime may be
danger a person or a nation’s security and financial health. Cybercrime
encloses a wide range of activities, but these can generally be divided into two
categories:

1. Crimes that aim at computer networks or devices. These types of

crimes involve different threats (like virus, bugs etc.) and denial-of-
service (DoS) attacks.
2. Crimes that use computer networks to commit other criminal
activities. These types of crimes include cyber stalking, financial fraud
or identity theft.

List of Cybercrimes: Examples

Cybercrimes include monetary crimes as well as non-monetary offences.
The crimes result in damage to persons, computers, or governments.

1. Child Pornography OR Child sexually abusive material (CSAM)

Child sexually abusive material (CSAM) refers to a material containing
sexual images in any form, of a child who is abused or sexually exploited.
Section 67 (B) of the IT Act states that “it is punishable for publishing or
transmitting of material depicting children in the sexually explicit act, etc.
in electronic form.

2. Cyber Bullying
A form of harassment or bullying inflicted through the use of electronic or
communication devices such as computers, mobile phones, laptops, etc.

3. Cyber Stalking
Cyberstalking is the use of electronic communication by a person to follow
a person, or attempts to contact a person to foster personal interaction
repeatedly despite a clear indication of disinterest by such person; or
monitors the internet, email or any other form of electronic
communication commits the offence of stalking.

4. Cyber Grooming
Cyber Grooming is when a person builds an online relationship with a
young person and tricks or pressures him/ her into doing a sexual act.
5. Online Job Fraud
Online Job Fraud is an attempt to defraud people who are in need of
employment by giving them false hope/ promise of better employment
with higher wages.

6. Phishing
Phishing is a type of fraud that involves stealing personal information such
as Customer ID, PIN, Credit/Debit Card number, Card expiry date, CVV
number, etc. through emails that appear to be from a legitimate source.

7. Vishing
Vishing is an attempt where fraudsters try to seek personal information
like Customer ID, Net Banking password, ATM PIN, OTP, Card expiry date,
CVV etc. through a phone call.

8. Smishing
Smishing is a type of fraud that uses mobile phone text messages to lure
victims into calling back on a fraudulent phone number, visiting fraudulent
websites or downloading malicious content via phone or web.

9. SIM Swap Scam

SIM Swap Scam occurs when fraudsters manage to get a new SIM card
issued against a registered mobile number fraudulently through the
mobile service provider. With the help of this new SIM card, they get One
Time Password (OTP) and alerts, required for making financial transactions
through the victim’s bank account. Getting a new SIM card against a
registered mobile number fraudulently is known as SIM Swap.

10. Spamming
Spamming occurs when someone receives an unsolicited commercial
message sent via email, SMS, MMS and any other similar electronic
messaging media. They may try to persuade the recipient to buy a
product or service, or visit a website where he can make purchases, or
they may attempt to trick him/ her into divulging bank account or credit
card details.

11. Ransomware
Ransomware is a type of computer malware that encrypts the files,
storage media on communication devices like desktops, Laptops, Mobile
phones etc., holding data/information as a hostage. The victim is asked to
pay the demanded ransom to get his device decrypts
12. Viruses, Worms, and Trojans
A computer virus is a program written to enter your computer and
damage/alter your files/data and replicate itself.

Worms are malicious programs that make copies of themselves again and
again on the local drive, network shares, etc.

A Trojan horse is not a virus. It is a destructive program that looks like a

genuine application. Unlike viruses, Trojan horses do not replicate
themselves but they can be just as destructive. Trojans open a backdoor
entry to your computer which gives malicious users/programs access to
your system, allowing confidential and personal information to be theft.

13. Denial of Services (DoS) attack

A denial of Services (DoS) attack is an attack intended for denying access
to computer resources without the permission of the owner or any other
person who is in charge of a computer, computer system or computer
network. A Distributed Denial of Service (DDoS) attack is an attempt to
make an online service unavailable by overwhelming it with traffic from
multiple sources.

Classification of Cyber Crimes:

1. Cyber Terrorism –

Cyber terrorism is the use of the computer and internet to perform

violent acts that result in loss of life. This may include different type of
activities either by software or hardware for threatening life of
citizens.

2. Cyber Extortion –

Cyber extortion occurs when a website, e-mail server or computer

system is subjected to or threatened with repeated denial of service
or other attacks by malicious hackers. These hackers demand huge
money in return for assurance to stop the attacks and to offer
protection.

3. Cyber Warfare –

Cyber warfare is the use or targeting in a battle space or warfare

context of computers, online control systems and networks. It
involves both offensive and defensive operations concerning to the
threat of cyberattacks.

4. Internet Fraud –

Internet fraud is a type of fraud or deceit which makes use of the

 Internet and could include hiding of information or providing incorrect
information for the purpose of deceiving victims for money or
property. Internet fraud is not considered a single, distinctive crime
but covers a range of illegal and illicit actions that are committed in
cyberspace.

5. Cyber Stalking –

This is a kind of online harassment wherein the victim is subjected to

a barrage of online messages and emails. In this case, these stalkers
know their victims and instead of offline stalking, they use the
Internet to stalk. However, if they notice that cyber stalking is not
having the desired effect, they begin offline stalking along with cyber
stalking to make the victims’ lives more miserable.

Challenges of Cyber Crime:

1. People are unaware of their cyber rights-

The Cybercrime usually happen with illiterate people around the world
who are unaware about their cyber rights implemented by the
government of that particular country.

2. Anonymity-
Those who Commit cyber crime are anonymous for us so we cannot
do anything to that person.

3. Less numbers of case registered-

Every country in the world faces the challenge of cyber crime and the
rate of cyber crime is increasing day by day because the people who
even don’t register a case of cyber crime and this is major challenge
for us as well as for authorities as well.

4. Mostly committed by well educated people-

Committing a cyber crime is not a cup of tea for every individual. The
person who commits cyber crime is a very technical person so he
knows how to commit the crime and not get caught by the
authorities.

5. No harsh punishment-
In Cyber crime there is no harsh punishment in every cases. But there
is harsh punishment in some cases like when somebody commits
cyber terrorism in that case there is harsh punishment for that
individual. But in other cases there is no harsh punishment so this
factor also gives encouragement to that person who commits cyber
crime.

Prevention of Cyber Crime:

Below are some points by means of which we can prevent cyber crime:
1. Use strong password –

Maintain different password and username combinations for each

 account and resist the temptation to write them down. Weak
passwords can be easily cracked using certain attacking methods like
Brute force attack, Rainbow table attack etc, So make them complex.
That means combination of letters, numbers and special characters.

2. Use trusted antivirus in devices –

Always use trustworthy and highly advanced antivirus software in

mobile and personal computers.

3. Keep social media private –

Always keep your social media accounts data privacy only to your
friends. Also make sure only to make friends who are known to you.

4. Keep your device software updated –

Whenever you get the updates of the system software update it at the
same time because sometimes the previous version can be easily
attacked.

5. Use secure network –

Public Wi-Fi are vulnerable. Avoid conducting financial or corporate
transactions on these networks.

6. Never open attachments in spam emails –

A computer get infected by malware attacks and other forms of
cybercrime is via email attachments in spam emails. Never open an
attachment from a sender you do not know.

What is Cyber Security? / What do you know about Cyber

Security?
Cyber Security is a practice of protecting internet-connected systems such
as hardware, software, programs, computers, servers, mobile devices,
electronic systems, networks, and data from malicious digital attacks. The
main purpose of cyber security is to protect against cyberattacks like
accessing, changing, or destroying sensitive information from your
computer system.

The cyber attackers are mainly aimed at accessing, changing, or

destroying sensitive information, extorting money from users, or
interrupting normal business processes. Cyber Security is also known as
computer security, information technology (IT) security, cybersecurity etc.
It is used to measure the combat threats against networked systems and
applications, whether those threats originate from inside or outside of an
organization.

We can divide the term cyber security into two parts: cyber and security.
Cyber refers to the technology that includes systems, networks, programs,
and data of an internet-connected system. The word security specifies the
protection of the systems, networks, applications, and information.

What is the main goal of Cyber Security?

The main objective of cyber security is to protect data from cyber-attacks.
It follows a principle called CIA trio. It is a security sector that provides a
triangle of three connected principles. The CIA model is used to help
organizations to develop policies for their information security
architecture. There are three main components Confidentiality, Integrity,
and Availability of this CIA model. One or more of these principles is
broken when it finds a security breach. This model provides a security
paradigm to guide individuals through many aspects of IT security.

Let's see these three security aspects in detail:

Confidentiality: Confidentiality is used to provide privacy to prevent

unauthorized access to data. It ensures that the data is only accessible to
those who are authorized to use it and restricts access to others. It
restricts vital information to be exposed to the wrong hands. A good
example of Confidentiality is Data encryption which is used to keep
information private.

Integrity: The Integrity principle is used to assure that the data is

genuine, correct, and safe from unwanted threat actors or unintentional
user alteration. It also specifies that the source of information must be
genuine. If any changes are made, precautions should be taken to protect
sensitive data from corruption or loss and recover from such an incident
quickly.

Availability: The Availability principle ensures that the information is

constantly available and accessible to those who have access to it. It also
ensures that any types of system failures or cyber-attacks do not obstruct
these accesses.

What are the main advantages of cyber security?

Following is a list of main advantages of cyber security:

o Cyber security protects online businesses and transactions against

ransomware, malware, online frauds, and phishing.
o It protects the end-users.
o It provides great protection for both data as well as networks.
o It can increase the recovery time after a breach.
o It prevents unauthorized users from accessing sensitive information.

History of Cyber Security

Cyber Security is the practice of Protecting computers, mobile devices, Servers,

electronic Systems, networks, and data from malicious attacks. It is also known as
Information Security (INFOSEC) or Information Assurance (IA), System Security.
The first cyber malware virus developed was pure of innocent mistakes. But
cybersecurity has evolved rapidly because increase in the cybercrime law field on
the Web.
 1970s: Computer security is born
 1980s: From ARPANET to internet
 1990s: The world goes online
 2000s: Threats diversify and multiply
 2010s: The next generation

1970s: Computer security is born

Cybersecurity proper began in 1972 with a research project on ARPANET (The Advanced Research
Projects Agency Network), a precursor to the internet. Researcher Bob Thomas created a computer
program called Creeper that could move across ARPANET’s network, leaving a breadcrumb trail
wherever it went. It read: ‘I’m the creeper, catch me if you can. Ray Tomlinson – the inventor of email
– wrote the program Reaper, which chased and deleted Creeper. Reaper was not only the very first
example of antivirus software, but it was also the first self-replicating program, making it the first-
ever computer worm.

1980s: From ARPANET to internet

The 1980s brought an increase in high-profile attacks, including those at National
CSS, AT&T, and Los Alamos National Laboratory. The movie War Games, in which
a rogue computer program takes over nuclear missiles systems under the guise of a
game, was released in 1983. This was the same year that the terms Trojan Horse
and Computer Virus were first used.

1987: The birth of cybersecurity

1987 was the birth year of commercial antivirus, although there are competing claims
for the innovator of the first antivirus product.

 Andreas Lüning and Kai Figge released their first antivirus product for
the Atari ST – which also saw the release of Ultimate Virus Killer (UVK)

 Three Czechoslovakians created the first version of NOD antivirus

 In the U.S., John McAfee founded McAfee (now part of Intel Security), and
released VirusScan.

1990s: The world goes online

 The first polymorphic viruses were created (code that mutates while keeping the
original algorithm intact to avoid detection)

 British computer magazine PC Today released an edition with a free disc that ‘accidentally’
contained the DiskKiller virus, infecting tens of thousands of computers
 EICAR (European Institute for Computer Antivirus Research) was established

Early antivirus was purely signature-based, comparing binaries on a system with a database of virus
‘signatures’. This meant that early antivirus produced many false positives and used a lot of
computational power – which frustrated users as productivity slowed.

2000s: Threats diversify and multiply

With the internet available in more homes and offices across the globe,
cybercriminals had more devices and software vulnerabilities to exploit than ever
before. And, as more and more data was being kept digitally, there was more to
plunder.

2010s: The next generation

The 2010s saw many high-profile breaches and attacks starting to impact the national security of
countries and cost businesses millions.

 2012: Saudi hacker 0XOMAR publishes the details of more than 400,000 credit cards online
  2013: Former CIA employee for the US Government Edward Snowden copied and leaked
classified information from the National Security Agency (NSA)

 2013-2014: Malicious hackers broke into Yahoo, compromising the accounts and personal
information of its 3 billion users. Yahoo was subsequently fined $35 million for failing to
disclose the news

 2017: WannaCry ransomware infects 230,000 computers in one day

 2019: Multiple DDoS attacks forced New Zealand’s stock market to temporarily shut down

Next-gen cybersecurity uses different approaches to increase detection of new and

unprecedented threats, while also reducing the number of false positives. It typically
involves:

 Multi-factor authentication (MFA)

 Network Behavioural Analysis (NBA) – identifying malicious files based on
behavioral deviations or anomalies

 Threat intelligence and update automation

 Real-time protection – also referred to as on-access scanning, background

guard, resident shield and auto-protect

 Sandboxing – creating an isolated test environment where you can execute a

suspicious file or URL
 Forensics – replaying attacks to help security teams better mitigate future
breaches

 Back-up and mirroring

 Web application firewalls (WAF) – protecting against cross-site forgery, cross-

site-scripting (XSS), file inclusion, and SQL injection.

Cyber Criminals
Types of Cyber Criminals:

1. Hackers: The term hacker may refer to anyone with technical skills,
however, it typically refers to an individual who uses his or her skills to achieve
unauthorized access to systems or networks so as to commit crimes.
The intent of the illegal determines the classification of those attackers as
white, grey, or black hats.

 White-Hat Hackers: White-Hat Hackers are also known as

Ethical Hackers. These are good hackers who try to secure our
data, websites. With the rise of cyberattacks, organizations and
governments have come to understand that they need ethical
hackers. They protect databases, software
from Malware, Phishing, and SQL injection attacks. The
government hires white hat hackers to protect their websites
and databases.

 Black-Hat Hackers: Black-Hat Hackers are those hackers who

enter the system without taking owners’ permission. These
hackers use vulnerabilities as entry points. They hack systems
illegally. They use their skills to deceive and harm people. They
conduct various attacks, write malware, and damage system
security. They steal users’ passwords, data, and credit card
information by damaging system security. Black-hat hackers
make money by selling data and credit card information on the
dark web. Sometimes they steal the personal data of users and
blackmail them. They also hack social media profiles by sending
links or attachments.

 Gray-Hat Hackers: Gray-Hat Hackers are a mix of both black

and white hat hackers. These types of hackers find
vulnerabilities in systems without the permission of owners.
They don’t have any malicious intent. However, this type of
hacking is still considered illegal. But they never share
information with black hat hackers. They find issues and report
the owner, sometimes requesting a small amount of money to
fix it. But some organizations disregard gray hat hackers
because the hacker is not bound by ethical hacking policies.
These type of hackers does not put someone at risk.
2. Organized Hackers: These criminals embody organizations of cyber
criminals, hacktivists, terrorists, and state-sponsored hackers. Cyber criminals
are typically teams of skilled criminals targeted on control, power, and wealth.
These attackers are usually profoundly prepared and well-funded.

3. Internet stalkers: Internet stalkers are people who maliciously monitor the
web activity of their victims to acquire personal data. This type of cyber crime
is conducted through the use of social networking platforms and malware, that
are able to track an individual’s PC activity with little or no detection.

4. Dissatisfied Employees: Dissatisfied employees become hackers with a

particular motive and also commit cyber crimes. It is hard to believe that
dissatisfied employees can become such malicious hackers.

A Global Perspective on Cybercrimes

Cybercrimes are a global problem that requires international cooperation

and coordination to prevent and combat. According to the United Nations
Office on Drugs and Crime (UNODC), the Global Programme on
Cybercrime is mandated to assist Member States in their struggle against
cyber-related crimes through capacity building and technical assistance 1.
Some of the challenges and trends in cybercrime from a global
perspective are:

 Cybercriminals can exploit the increasing complexity, interconnectivity,

and anonymity of cyberspace to carry out their malicious activities 2.
 The global cybercrime damage costs this year are expected to breach US
$6 trillion an annum. That is almost one-fourth of the US GDP or twice the
GDP of India. This is expected to scale up to US $10.5 trillion an annum by
20252. Cyber attackers are disrupting critical supply chains, at least 4
times more than in 20192.
 The average cost of a data breach was ~US $3.9 million in 2020. Data
privacy and cybersecurity risk are major concerns that are seeing more
regulation created, for example, GDPR (EU), PDP (India) etc 2. However,
data breaches take time to be detected and reported, which can increase
the potential impact and harm.
 More than 80% of reported security incidents were in the form of phishing
attempts. Phishing is a type of social engineering attack that involves
sending fraudulent emails or messages that appear to be from legitimate
sources to trick recipients into revealing sensitive information or installing
malware2.
  Ransomware is a type of malware that encrypts the victim’s data or
system and demands a ransom for its decryption.
 India is no exception to the global trends in cybercrime and expects cyber
frauds to continue to rise in 2021. India ranks 11th worldwide in the
number of attacks caused by servers that were hosted in the country, with
2.3 million incidents reported in Q1 2020 2. Cyberattacks reported in 2020
were up nearly three times from 2019 and more than 20 times compared
to 20162.

Cybercrime Era: Survival Mantra for the Netizens

Cybercrime is any crime that takes place online or primarily online.
Cybercriminals often target computer networks or devices to steal data,
money, or cause damage. Cybercrime can also include things like cyber-
stalking, bullying, revenge porn, and child sexual exploitation 1.

Therefore, it is important to take some basic precautions to protect

yourself and your data from cybercrime. Here are some tips that can help
you stay safe online:

 Use a full-service internet security suite that provides protection for

your devices, online privacy, and identity 1. For example, Norton 360
with LifeLock Select is a trusted security software that offers all-in-
one protection1.
 Use strong passwords that are unique for each account and change
them regularly1. A password manager can help you create and store
complex passwords securely1.
 Use two-factor authentication (2FA) whenever possible to add an
extra layer of security to your accounts 1. 2FA requires you to verify
your identity with something you know (such as a password) and
something you have (such as a code sent to your phone) before
accessing your account3.
 Be careful about clicking on links or opening attachments in emails
or messages from unknown or suspicious sources 1. They could be
phishing attempts that try to trick you into revealing your personal
or financial information or installing malware on your device 3.
 Use a VPN (virtual private network) when connecting to public Wi-Fi
networks to encrypt your data and prevent hackers from
intercepting it1. A VPN also helps you access geo-restricted content
and avoid online censorship3.
 Keep your software and operating system updated with the latest
patches and security fixes1. This helps you close any vulnerabilities
that cybercriminals could exploit to gain access to your system 3.
 Avoid storing sensitive information on your phone or laptop, such as
passwords, bank details, or personal documents 3. If you lose your
device or it gets stolen, you could lose your data or expose it to
unauthorized access3. Always use a passcode lock or biometric
authentication to secure your device3.
 Use privacy-focused apps and services that respect your data and
do not collect or share it without your consent 3. For example, you
can use encrypted messaging apps like Signal or Telegram, search
engines like DuckDuckGo or Qwant, and browsers like Firefox or
Brave3.
 Secure your local network by changing the default password of your
router, enabling encryption, and disabling remote access 3. This
helps you prevent unauthorized users from accessing your network
or devices connected to it3.
 Cyber offenses: How Criminals Plan the Attacks
Below are the three phases involved in planning a cyber-attack.

1. Reconnaissance – this is the information gathering stage

and is usually considered a passive attack.
2. Scanning and scrutinization of the collected data for
validation and accurate identification of existing
vulnerabilities.
3. Launching the attack – entails gaining and maintaining
access to the system.

1. Reconnaissance
In cybersecurity, reconnaissance begins with “Footprinting”, the initial preparation
towards the preattack phase, and entails collecting data about the target’s computer
infrastructure as well as their cyber-environment.

Footprinting gives an overview of the victim’s weak points and suggestions on how
they can be exploited. The primary objective of this phase is to provide the attacker
with an understanding of the victim’s system infrastructure, the networking ports and
services, and any other aspect of security required for launching attacks.

Thus, an attacker attempts to source data from two different phases:

passive and active attacks.

A. Passive attacks
This is the second phase of the attack plan. In this phase, an attacker secretly
gathers information about their target; the aim is to acquire the relevant data
without the victim noticing. The process can be as simple as watching an
organization to see when their CEO reports to work or spying on a specific
department to see when they down their tools. Because most hackers prefer
executing their duties remotely, most passive attacks are conducted over the internet
by googling. For example, one may use search engines such as dogpile to search
for information about an individual or organization.
 1. Yahoo or Google search: malicious individuals can use these search
engines to gather information about employees of the firm they are
targeting to breach their system.
2. Surfing online communities like Twitter, Facebook, Instagram can also
prove useful sources to gather information about an individual, their
lifestyle, and probably a hint to their weakness that can then be
exploited.
3. The organization’s website may also provide useful information about
specific or key individuals within the organization, such as the CEO,
MD, head of the IT department, etc. The website can be used to source
personal details such as email addresses, phone numbers, roles, etc.
With the details, an attacker can then launch a social
engineering attack to breach their target.
4. Press releases, blogs, newsgroups, and so on, are in some cases,
used as the primary channels to gather information about an entity or
employees.
5. Going through job requirements for a specific position within a
company can also help an attacker identify the type of technology
being used by a company and the level of competency of their
workforce. An attacker can then decide on what method to use when
breaching the targeted system from the data.
B. Active Attacks
An active attack involves closely examining the network to discover individual hosts
and verify the validity of the gathered information, such as the type of operating
system in use, IP address of the given gadget, and available services on the
network, collected during the passive attack. It involves the risk of detection and can
also be referred to as “Active reconnaissance” or “Rattling the doorknobs”.

Active reconnaissance can be used to confirm the security measures put in place by
an attacker, but at the same time, it can alert the victim if not well executed. The
process may raise suspicion or increase the attacker’s chance of being caught
before they execute the full attack.
2. Scrutinizing and Scanning the Gathered Information
Scanning is a key step to intelligently examine after as you collect information about
the network infrastructure. The process has the following objectives;

1. Network scanning is executed to understand better the IP address and other

related information about the computer network system.
2. Port Scanning – to identify any closed or open ports and services
3. Vulnerability scanning – to identify existing weak links within the system.
In the hacking world, the scrutinizing phase is also referred to as enumeration. The
objective of scrutinizing includes:

1. To validate the authenticity of the user running the given account, be it an

individual or a group of persons.
2. To identify network resources and or shared resources
3. To verify the operating system and various applications that are running on
the computer OS.
3. Attack
The attack phase is the last step in the attack process. It involves the hacker
gaining and maintaining full control of the system access. It comes immediately after
scanning and enumeration, and it launched sequentially as listed in the below steps.

1. Brute force attack or any other relevant method to bypass the password.
2. Exploit the password.
3. Launch the malicious command or applications.
4. If requires, then hide the files.
5. Cover the tracks, don’t leave any trail that can lead back to you as the
malicious third party. This can be achieved by deleting logs so that there is no
trail for your illicit actions.
 Social Engineering
 Social engineering involves tricking an unsuspecting user into
taking an action that enables a cybercriminal to access
systems and data
 Attackers use social engineering tactics because is it easier to
exploit your natural inclination to trust
 Popular social engineering tactics include baiting, phishing,
spear-phishing, email hacking and contact spamming,
pretexting, vishing, and quid pro quo.
 Install a security product, update your software, and be
vigilant to prevent social engineering attacks
Types of Social Engineering
There are different social engineering tricks that hackers leverage to steal
confidential information.

1. Baiting: a hacker dangles a bait to entice a target into

acting. This social engineering attack is analogous with a
fish reacting to a worm on a hook. For example, an attacker
might leave a USB stick loaded with malware at an office’s
reception or lounge. Additionally, the hacker might label
the device in a compelling way, such as “Salaries,”
“Payments,” or “Confidential.” The chances are that a
victim will take the USB stick and plug into a computer.
Such action triggers malware to execute and self-replicate
automatically.
2. Phishing: Phishing is a popular way a hacker uses to grab
information from users. In this social engineering trick, a
malicious actor typically sends an email or text to a target,
seeking action or information that might enable the
 attacker to commit a more significant crime. A phishing
email appears to come from a trusted source, such as a
bank requesting the victim to update their account details.
Clicking the link takes you to a fake website controlled by
hackers
3. Spear-Phishing: In this attack, a hacker targets of spears
a specific victim. An attacker might gather information
such as the name and email address of the target. The
criminal sends an email that appears to come from a
credible source, such as a senior executive.
4. Email Hacking and Contact Spamming: A hacker with
access to a victims email account can send spam emails to
the contact list, making the recipient believe that they are
receiving the emails from someone they know.
Cybercriminals hack emails and spam contacts to spread
malware and trick people into revealing personal
information
5. Pretexting: Hackers use impressive pretext or ploy to
capture a victim’s attention. For instance, they can send an
email with the target as a beneficiary of a will. Attackers
request the victim to share personal information and bank
details to transfer the funds
6. Quid Pro Quo: In this attack, fraudsters trick a victim into
believing that a fair exchange will take place. For instance,
a hacker may call a target pretending to be a customer
representative or an IT technician. They request a victim’s
login credentials, promising to offer technical support in
return.
7. Vishing: this social engineering attack is a voice version of
phishing attacks. An attacker uses the phone to trick a
victim into sharing confidential information. For example, a
criminal might call an employee posing as a co-worker.
With accurate background information, the criminal might
 lure the victim into sharing credentials and other
information that grants access to company systems and
data.

Popular Compelling Pretext in Social Engineering

Social engineering attacks, including phishing and pretext, are responsible

for 93 percent of successful data breaches. Some practical approaches in
social engineering tactics include:

 Urgently asking the victim for help

 Using phishing attacks with a legitimate-seeming background
 Requesting you to donate to a charitable fundraiser, or some
other cause (this compelling approach is popular during the
COVID-19 pandemic)
 Present a problem that requires a victim to verify their
information by clicking on a link and sharing the information in
a form
 Notifying you that you are a winner
 Hacker posing like a boss or co-worker.

How Can You Prevent Social Engineering Attacks?

These are some of the tips to help you avoid social engineering attacks:

1. Be Vigilant: An USB stick bit is not always a safe find. Always

be on the lookout of the source since hackers could load such
baits with malicious programs waiting to infect your computer.
A text or email requesting you to update your bank details
isn’t necessary from your financial service providers. It would
be best if you always understood that hackers easily spoof
trusted sources. That said, do not click on links or open
attachments from suspicious sources. Always type a URL in
your browsers URL bar instead of clicking on a link shared via
text or email
2. Install a Security Product: Install antivirus software or a
security suite. Keep the antivirus updated.
3. Update Software: Ensure that your computer and other
devices are running the latest versions of the operating
 systems and other applications. Set the operating systems to
download and install updates automatically.
4. Leverage Email Services Security Controls: Some email
programs and services offer controls to filter out junk email,
including scams. Set your spam filters high to block as much
junk and malicious emails as possible.

Cyber Stalking

Cyber Stalking can even occur the bad person harasses the victim.
Several governments have moved toward creating these practices
punishable by law. Social media, blogs, image sharing sites and lots of
different ordinarily used online sharing activities offer Cyber Stalkers
with a wealth of data that helps them arrange their harassment. It
includes actions like fraud, information destruction, threats to life and
manipulation through threats of exposure. It has stalkers take the
assistance of e-mails and other forms of message applications, messages
announce to an online website or a discussion cluster, typically even the
social media to send unwanted messages, and harass a specific person
with unwanted attention.

Types of Cyber Stalking:

 Webcam Hijacking: Internet stalkers would attempt to trick
you into downloading and putting in a malware-infected file that
may grant them access to your webcam.
 Observing location check-ins on social media: In case
you’re adding location check-ins to your Facebook posts, you’re
making it overly simple for an internet stalker to follow you by
just looking through your social media profiles.
 Catfishing: Catfishing happens via social media sites, for
example, Facebook, when internet stalkers make counterfeit
 user-profiles and approach their victims as a companion of a
companion.
 Visiting virtually via Google Maps Street View: If a stalker
discovers the victim’s address, then it is not hard to find the
area, neighbourhood, and surroundings by using Street View.
 Installing Stalkerware: One more method which is increasing
its popularity is the use of Stalkerware. It is a kind of software or
spyware which keeps track of the location, enable access to text
and browsing history, make an audio recording, etc. And an
important thing is that it runs in the background without any
knowledge to the victim.
 Looking at geotags to track location: Mostly digital pictures
contain geotags which is having information like the time and
location of the picture when shot in the form of metadata.
Geotags comes in the EXIF format embedded into an image and
is readable with the help of special apps. In this way, the stalker
keeps an eye on the victim and gets the information about their
whereabouts.
Protective Measures:
 Develop the habit of logging out of the PC when not in use.
 Remove any future events you’re close to attending from the
social networks if they’re recorded on online approaching events
and calendars.
 Set strong and distinctive passwords for your online accounts.
 Cyber Stalkers can exploit the low security of public Wi-Fi
networks to snoop on your online activity. Therefore, avoid
sending personal emails or sharing your sensitive info when
connected to an unsecured public Wi-Fi.
 Make use of the privacy settings provided by the social
networking sites and keep all info restricted to the nearest of
friends.

Cybercafe and Cybercrimes

In February 2009 survey, 90% of the audience across eight cities and 3500 cafes were
male and in the age group of 15-35 years.
 52% were graduates and postgraduates.
 Almost 50% were students.
 In India, cybercafes are known to be used for either real or false terrorist
communication.
Cybercafe hold two types of risks :
1. We do not know what programs are installed on the computer like keyloggers or
spyware.

2. Over the shoulder snooping can enable others to find out your passwords.

 Cyber criminals prefer cybercafes to carry out their activities.

A recent survey conducted in one of the metropolitan cities in India reveals the following
facts:

1.Pirated software are installed in all the computers.

2.Antivirus was not updated with latest patch.

3.Several cybercafes has installed “Deep Freeze” to protect computer which helps cyber
criminals.

4.Annual Maintenance Contract (AMC) was not found for servicing of the computer.

5.Pornographical websites were not blocked.

6.Cybercafe owner have very less awareness about IT security.

7.Cybercafe association or State Police do not seem to conduct periodic visits to

cybercafe.

SECURITY TIPS FOR CYBER CAFÉ.

 Always Logout–While checking email or logging in for chatting, always click
logout/sign out.
 Stay with the computer–While surfing, don’t leave the system unatteneded
for any period of time.
 Clear history and temporary files–Before browsing
deselect AutoComplete option. Browser -> Tools -> Internet options ->
Content tab.–Tools -> Internet Option -> General Tab -> Temporary Internet
Files -> Delete files and then Delete Cookies.
 Avoid online financial transactions–One should avoid online banking,
shopping, etc.–Don’t provide sensitive information such as credit card number
or bank account details.
 Change Passwords / Virtual Keyboard–Change password after completion
of transaction.
 Be alert–One have to be alert for snooping over the shoulder.
 Botnets: The Fuel for Cybercrime
In simple terms, a Bot is simply an automated computer program. One can gain the
control of your computer by infecting them with a virus or other Malicious Code that gives
the access. Your computer system maybe a part of a Botnet even though it appears to be
operating normally. Botnets are often used to conduct a range of activities, from
distributing Spam and viruses to conducting denial-of-service (DoS) attacks.
A Botnet (also called as zombie network) is a network of computers infected with a
malicious program that allows cybercriminals to control the infected machines remotely
without the users' knowledge. "Zombie networks" have become of income for entire
groups of cybercriminals. The invariably low cost of maintaining a Botnet and the ever
diminishing degree of knowledge require to manage one are conducive to the growth in
popularity and, consequently, the number of Botnets.
If someone wants to start a "business" and has no programming skills, there are plenty of
"Bot for sale offers on forums. Obfuscation and encryption of these programs' code can
also be ordered in the same way to protect them from detection by antivirus tools.
Another option is to steal an existing Botnet. Figure below explains how Botnets create
business.

One can reduce the chances of becoming part of a Bot by limiting access into the system.
Leaving your Internet connection ON and unprotected is just like leaving the front door of
the house wide open. One can ensure following to secure the system:
1. Use antivirus and anti-Spyware software and keep it up-to-date: It is important to
remove and/or quarantine the viruses. The settings of these softwares should be done
during the installations so that these softwares get updated automatically on a daily basis.
2. Set the OS to download and install security patches automatically: OS companies
issue the security patches for flaws that are found in these systems.
3. Use a firewall to protect the system, from hacking attacks while it is connected on
the Internet: A firewall is a software and/or hardware that is designed to block
unauthorized access while permitting authorized communications. It is a device or set of
devices configured to permit, deny, encrypt, decrypt, or proxy all (in and out) computer
traffic between different security domains based upon a set of rules and other criteria. A
firewall is different from antivirus protection. Antivirus software scans incoming
communications and files for troublesome viruses vis-a-vis properly configured firewall
that helps to block all incoming communications from unauthorized sources.
4. Disconnect from the Internet. when you are away from your computer: Attackers
cannot get into the system when the system is disconnected from the Internet. Firewall,
antivirus, and anti-Spyware softwares are not foolproof mechanisms to get access to the
system.
5. Downloading the freeware only from websites that are known and trustworthy: It
is always appealing to download free software(s) such as games, file-sharing programs,
customized toolbars, etc. However, one should remember that many free software(s)
contain other software, which may include Spyware.
6. Check regularly the folders in the mail box- "sent items" or "outgoing"-for those
messages, you did not send: If you do find such messages in your outbox, it is a sign that
your system may have infected with Spyware, and maybe a part of a Botnet. This is not
foolproof; many spammers have learned to hide their unauthorized access.
7. Take an immediate action if your system is infected: If your system is found to be
infected by a virus, disconnect it from the Internet immediately. Then scan the entire
system with fully updated antivirus, and anti-Spyware software. Report the unauthorized
accesses to ISP and to the legal authorities. There is a possibility that your passwords may
have been compromised in such cases, so change all the passwords immediately.

Attack Vector
In cybersecurity, an attack vector is a method of achieving unauthorized network
access to launch a cyberattack. Attack vectors allow cybercriminals
to exploit system vulnerabilities to gain access to sensitive data, personally
identifiable information (PII), and other valuable information accessible after a data
breach.

The most common attack vectors include malware, viruses, email attachments, web
pages, pop-ups, instant messages, text messages, and social engineering. However,
the number of cyber threats continues to grow as cybercriminals look to exploit
unpatched or zero-day vulnerabilities listed on CVE and the dark web, as there is no
single solution for preventing every attack vector.

The Difference Between an Attack Vector, Attack Surface and Threat Vector

An attack vector is a method of gaining unauthorized access to a network or

computer system.

An attack surface is the total number of attack vectors an attacker can use to
manipulate a network or computer system or extract data.

Threat vector can be used interchangeably with attack vector and generally
describes the potential ways a hacker can gain access to data or other confidential
information.

Common Attack Vector Examples

1. Compromised Credentials

‍ sernames and passwords are still the most common type of access credential and
U
continue to be exposed in data leaks, phishing scams, and malware. When lost,
stolen, or exposed, credentials give attackers unfettered access. This is why
organizations are now investing in tools to continuously monitor for data exposures
and leaked credentials. Password managers, two-factor authentication (2FA), multi-
factor authentication (MFA), and biometrics can reduce the risk of leak credentials
resulting in a security incident too.

2. Weak Credentials

‍ eak passwords and reused passwords mean one data breach can result in many
W
more. Teach your organization how to create a secure password, invest in a
password manager or a single sign-on tool, and educate staff on their benefits.

3. Insider Threats

‍ isgruntled employees or malicious insiders can expose private information or

D
provide information about company-specific vulnerabilities.

4. Missing or Poor Encryption

‍ ommon data
C encryption methods like SSL certificates and DNSSEC can
prevent man-in-the-middle attacks and protect the confidentiality of data being
transmitted. Missing or poor encryption for data at rest can mean that sensitive data
or credentials are exposed in the event of a data breach or data leak.
5. Misconfiguration

‍ isconfiguration of cloud services, like Google Cloud Platform, Microsoft Azure, or

M
AWS, or using default credentials can lead to data breaches and data leaks, check
your S3 permissions or someone else will. Automate configuration management
where possible to prevent configuration drift.

6. Ransomware

‍ ansomware is a form of extortion where data is deleted or encrypted unless a

R
ransom is paid, such as WannaCry. Minimize the impact of ransomware attacks by
maintaining a defense plan, including keeping your systems patched and backing up
important data.

7. Phishing

‍ hishing attacks are social engineering attacks where the target is contacted by
P
email, telephone, or text message by someone who is posing to be a legitimate
colleague orinstitution to trick them into providing sensitive data, credentials,
or personally identifiable information (PII). Fake messages can send users to
malicious websites with viruses or malware payloads.

8. Vulnerabilities

‍ ew security vulnerabilities are added to the CVE every day and zero-day
N
vulnerabilities are found just as often. If a developer has not released a patch for a
zero-day vulnerability before an attack can exploit it, it can be hard to prevent zero-
day attacks.

9. Brute Force

‍ rute force attacks are based on trial and error. Attackers may continuously try to
B
gain access to your organization until one attack works. This could be by attacking
weak passwords or encryption, phishing emails, or sending infected email
attachments containing a type of malware. Read our full post on brute force attacks.

10. Distributed Denial of Service (DDoS)

DDoS attacks are cyber attacks against networked resources like data centers,
servers, websites, or web applications and can limit the availability of a computer
system. The attacker floods the network resource with messages which cause it to
slow down or even crash, making it inaccessible to users. Potential mitigations
include CDNs and proxies.

11. SQL Injections

‍ QL stands for a structured query language, a programming language used to

S
communicate with databases. Many of the servers that store sensitive data use SQL
to manage the data in their database. An SQL injection uses malicious SQL to get
the server to expose information it otherwise wouldn't. This is a huge cyber risk if the
database stores customer information, credit card numbers, credentials, or
other personally identifiable information (PII).

12. Trojans

‍ rojan horses are malware that misleads users by pretending to be a legitimate

T
program and are often spread via infected email attachments or fake malicious
software.

13. Cross-Site Scripting (XSS)

XSS attacks involve injecting malicious code into a website but the website itself is
not being attacked, rather it aims to impact the website's visitors. A common way
attackers can deploy cross-site scripting attacks is by injecting malicious code into a
comment e.g. embedding a link to malicious JavaScript in a blog post's comment
section.

Why are Attack Vectors Exploited by Attackers?

Cybercriminals can make money from attacking your organization's software

systems, such as stealing credit card numbers or online banking credentials.
However, there are other more sophisticated ways to monetize their actions that
aren't as obvious as stealing money.

Attackers may infect your system with malware that grants remote access to a
command and control server. Once they have infected hundreds or even thousands
of computers they can establish a botnet, which can be used to
send phishing emails, launch other cyber attacks, steal sensitive data, or mine
cryptocurrency.

Another common motivation is to gain access to personally identifiable information

(PkII), healthcare information, and biometrics to commit insurance fraud, credit card
fraud or illegally obtain prescription drugs.

Competitors may employ attackers to perform corporate espionage or overload your

data centers with a Distributed Denial of Service (DDoS) attack to cause downtime,
harm sales, and cause customers to leave your business.

Money is not the only motivator. Attackers may want to leak information to the public,
embarrass certain organizations, grow political ideologies, or perform cyber warfare
on behalf of their government like the United States or China.

How Do Attackers Exploit Attack Vectors?

There are many ways to expose, alter, disable, destroy, steal or gain unauthorized
access to computer systems, infrastructure, networks, operating systems, and IoT
devices.
In general, attack vectors can be split into passive or active attacks:

Passive Attack Vector Exploits

Passive attack vector exploits are attempts to gain access or make use of
information from the system without affecting system resources, such
as typosquatting, phishing, and other social engineering-based attacks.

Active Attack Vector Exploits

Active cyber attack vector exploits are attempts to alter a system or affect its
operation such as malware, exploiting unpatched vulnerabilities, email
spoofing, man-in-the-middle attacks, domain hijacking, and ransomware.

That said, most attack vectors share similarities:

 The attacker identifies a potential target

 The attacker gathers information about the target using social
engineering, malware, phishing, OPSEC, and automated vulnerability scanning
 Attackers use the information to identify possible attack vectors and create or use
tools to exploit them
 Attackers gain unauthorized access to the system and steal sensitive data or install
malicious code
 Attackers monitor the computer or network, steal information, or use computing
resources.

How to Defend Against Common Attack Vectors?

To address common attack vectors, security controls must spread across the
majority of the attack surface. The process begins by identifying all possible entry
points into your private network - a delineation that will differ across all businesses.

The following cyber defense strategies will help you block frequently abused entry
points and also highlight possible regions in your ecosystem that might be housing
attack vectors.

 Create secure IoT credentials - Most IoT devices still use their predictable
factory login credentials, making them prime targets for DDoS attacks.
 Use a password manager - Password managers ensure login credentials
are strong and resilient to brute force attacks.
 Educate employees - To prevent staff from falling common for social
engineering and phishing tactics, they need to be trained on how to identify
and report potential cybercriminal activity. Humans will always be the weakest
points in every security program.
 Identify and shut down data leaks - Most businesses are unknowingly
leaking sensitive data that could facilitate data breaches. A data leak detection
solution will solve this critical security issue.
 Detect and remediate all system vulnerabilities - This should be done for
both the internal and external vendor networks. An attack surface monitoring
solution can help you do this.
 Keep antivirus software updated - Updates keep antivirus software
informed of the latest cyber threats roaming the internet.
 Keep third-party software regularly updated - Software updates contain
critical patches for newly discovered attack vectors. Many cyber attackers
have achieved success by abusing known vulnerabilities in out-of-date
software.