Cyber security

Introduction
• Cyber security refers to the body of technologies,
processes, and practices designed to protect
networks, devices, programs, and data from attack,
damage, or unauthorized access.
• Cyber Security is Safety

• Security: We must protect our computers and data in

the same way that we secure the doors to our homes.
• Safety: We must behave in ways that protect us
against risks and threats that come with technology
• A cyberattack is a deliberate and malicious
electronic attempt by one party, which may be
either an organization or an individual to
breach into the cyber environment of the
other party – an individual or an organization
– to steal, delete, or damage the valuable
information.
• The main objective of the attacker is to get
benefits from that malicious act.
• Many organizations from the enemy countries
try to destroy the important information to
inflict losses to the enemy countries and their
institutes.
• In short, the core purpose of cyberattack is
always to inflict losses to the targeted entity.
The main areas of attacks :
 Data servers
 Application servers
 Storage servers
 Financial information
 Operational systems
 Computer networks
 Objectives of the cyber security
• The objectives of cyberattacks may vary from
person to person and from organization to
organization.
• For instance, many individual hackers attack
the computers of other organizations or
individuals to get financial benefits.
• An organization may steal the information
from its competitor to achieve competitive
edge.
 Some of the main objectives of a hacker for
conducting cyberattacks are listed below:
• Achieving monetary gains
• Damaging the brand value of the other party
• Inflicting damages through cyberterrorism
• Obtaining government and business secrets
 CIA” triad
• Breaching “CIA” triad –
• Confidentiality – restrict access to
authorized individuals
• Integrity – data has not been
altered in an unauthorized manner
• Availability – information can be
accessed and modified by
authorized individuals in an
appropriate timeframe
• The main sources of confidentiality breach include the
following:
• hackers breach Confidentiality of data by

• Theft of employee laptops

• Leaving computers with confidential information unattended
• Providing unauthorized access to the unconcerned person
• Unauthorized access by hacker through malware
• Consulting company employees violating confidentiality
agreements
• Unlawful use of information for personal or business gains
examples of confidential data include the
following:
• Intellectual property
• Personal identity information
• Credit card information
• Bank account information
• Personal health information
• Business or trade secrets
The main sources of Integrity breach
• Introduction of malware on the server
• Undoable malicious encryption of data
• Manipulation of original data
• Introduction of viruses
• Malicious insiders
• The main sources of Availability breach
• Failure of hardware
• Malfunction of software
• Choking of data bandwidth
• Redundant arrangement failures
• DoS attacks
 Types of cyber attacks
• Denial-of-service (DoS) attacks
• Distributed Denial-of-service (DDoS) attacks
• Malware attacks
• Phishing attacks
• Structured Language Query,
• SQL Injection
• Man-in-the-middle (MITM) attacks
 Denial of Service (DoS)
• Denial of Service or DoS is an Internet
security-related event in which the hackers
attack a particular server running some
Internet services to prevent it from working
normal or to stop the services.
• In this case, the servers are overwhelmed
with the flooding of superfluous messages
(Figure 3.2).
The major symptoms of being the victim of DoS
attacks
 Inability in accessing a website
 Delay in accessing online service
 Huge delays in file opening on the
websites
 Increased volume of spam emails
 Degradation of performance of services
• impact of the DoS attack can be mitigated by
taking the following steps:
• Routing the malicious traffic
• Using load balancers to avoid heavy malicious
traffic to strive the server
• Using intrusion detection systems
• Using intrusion prevention systems
• Using security firewalls
Main types of DoS attacks include the following:
• DNS (Domain Name System) server attack
• HTTP (Hypertext Transfer Protocol) server attack
• ICMP (Internet Control Message Protocol)
flooding
• Network attack or buffer overflow attack
• SYN flood attack on TCP (Transmission Control
Protocol) handshake protocol
 Distributed denial of service (DDoS)
• Distributed denial of service or precisely DDoS is a type of DoS
attack.
• servers are jammed or overwhelmed with the malicious traffic to
prevent the legitimate users from accessing their accounts
online services.
• However, the main difference between DoS and DDoS attacks is
that the DoS attack is targeted from a specific origination of
traffic to attack the victim server,
• In the DDoS attack case, multiple sources of traffic are used to
attack the victim server (at the same time).
• DoS attack is more danger than the DoS attack.
• The prevention of DDoS attacks is very difficult as compared to
the normal DoS attacks
• In the DDoS attack, the hacker uses controller machine to hack
multiple vulnerable machines around the globe.

• all those infected machines will be controlled by the software

program running on the attacker’s server.

• That controller sends instructions to the infected machine on

which the hacker has already established the control to send
automated requests (traffic) to the targeted victim machine.

• all those “zombies” start attacking the target from multiple

Internet Protocol (IP) sources to bring the server to almost a halt.
• DDoS attack example:
• Volume-Based or Volumetric Attacks
• Protocol Attacks
• Application-Layer Attacks
 Man-in-the-Middle(MITM)
• Man-in-the-Middle” or MITM cyberattack, the
hacker intercepts the normal connection
between the user and the web server without
any knowledge of both user and server.
• The legitimate communication link between
the two entities is exploited, intercepted, and
decrypted to steal the personal information
for malicious use
• Sometimes, you get an email that looks like it
was sent from your bank or your other financial
institute.
• That is a phishing email, which asks you to click
certain link for the verification of your account,
phone number, or any other information.
• Once you click that link, the link takes you to the
web server, which looks like your bank website
but in reality, that is not your bank website.
• Example: insert your credentials to login
• you provide your bank information to the
hacker. Finally, the hacker obtains your
password and uses that password to take
some information or valuable item from your
account.
• This entire process is known as the MITM
cyberattack.
The major types of MITM attacks include the
following
• DNS spoofing
• HTTP spoofing
• IP spoofing
• Email hijacking
• SSL (Secure Sockets Layer) hijacking
• Wi-Fi network eavesdropping
• Stealing the cookies set on the browsers
 Structured Query Language
• Structured Query Language (SQL) injection is a
type of malicious practice to steal the valuable
data from the database server.
• This method exploits the vulnerabilities in the
traditional Active Server Page (ASP) websites,
PHP applications, and SQL server forms.
• The traditional ASP and hypertext
preprocessor (PHP)-powered websites generate
the dynamic SQL within the front end of the
application.
• The malicious user appends an SQL command
in the back end of the SQL form field.
• The objective of that command is to break the
original SQL script and run the malicious script
attached with the SQL form
• The malicious code gets data from the SQL
database server and sends to the computer of
the hacker.
• The valuable information is compromised
through SQL injections.
 Spamming
• Spamming is the name of sending junk mails and messages to
the users in bulk without getting consent from the users

• It is a form of bombardment of products for marketing

purposes.

• The hackers also use spamming for spreading malware,

viruses, phishing, Trojans, worms, and spyware.

• Spamming is a widespread form of malicious attacks used to

send the unsolicited messages through different modes of
messaging such as instant messages, emails, social network
messages, ads, mobile phone messages, and social groups
 Cyber terrorism
• Cyberterrorism is a type of cybercrime to attack or
threat to attack the computer systems, mission-
critical data, or computer networks either to
damage the cyber resources or to steal the critical
information that can pose a great threat to the
security of public lives, government systems, or
even the defense systems of a country.
• The objectives of cyberterrorism include the
sabotage of political and social fabric through
coercion or intimidation tactics
 Phishing attack
• Phishing is a type of cyber attack in which the
targeted person is bombarded with the emails that
look very similar to the emails coming from their
banks, insurance companies, and other service
providers.
• The hacker targets the people through emails to
get their sensitive and personal information
related to their financial and other account
information disguising as the genuine and
trustworthy individuals
• The main target of the phishing attack is to get the
information about the credit card number, ATM pin
codes, passwords, user name, and the related
information.
• Once the information has been collected, the hackers use
that information to steal the money or other valuable
digital assets.
• This attack is normally used for the financial theft from
the bank accounts.
• The marketing strategies and campaigns also use similar
kinds of tactics to increase the sales of the products.
There are three major modes of phishing used
in the modern phishing activities as listed
below:
• Telephone calls commonly referred to as
voice phishing, or vishing
• Emails referred to as general phishing
• Small text messages (SMS) referred to as
smishing
 Zero-day attack
• Zero-day exploitation commonly known as
Zero-Day or 0-Day is a vulnerability in the
computer software system that is known
exactly on the same day when the malicious
attacks exploit that vulnerability.
• In this attack, there is almost no time to patch
up the vulnerability of the software because it
was known at the same time when the attack
occurred and no time was available for the
software engineers to tackle this issue.
• In zero-day vulnerabilities, the malwares are
installed silently on the computers without
any notable movement or change, but it
explodes immediately as it is detected by the
computer security personnel.
• the malware automatically encrypts the data
before sending to its command control center
established by the hackers
 Cyber frauds and forgery
• Cyber frauds and forgery is also a new form of
cyberattack in the modern digital world.
• In this form of crime, the digitally stored
documents are forged to form the counterfeit
documents.
• This crime is increased during the recent years
due to the availability of high-tech devices like
computer software, printers, scanners,
cameras, and other tools
• In cyber frauds, the fake and counterfeit
currency is also a big component.
• Traditionally, it was very difficult to create fake
currency because it required a high level of
technology, machinery, and tools.
• But now it is much easier with the help of ink
jet printers and modern software tools
• Many documents used for the immigration,
education, jobs, and security clearance were found
fabricated with the help of modern cyber tools.
• Although all these crimes are punishable under the
laws, catching such frauds without any particular
tools and training is almost impossible.
• Many counterfeit checks, coupons, stationery, bills,
and other documents are becoming more prone to
forgery and fraud in the market.
 Cyberstalking
• Cyberstalking is one of the most serious
problems in the domain of cyberspace.
• Women are the most affected population of
cyberstalking.
• Cyberstalking is a form of harassing and
threatening.
• It is also known as cyberbullying in other
terms
• In this form of cyberattack, the organizations,
groups, or individuals are harassed to agree
upon some undesirable conditions in
relationship or business.
• Cyberstalking is a systematic approach of
harassing done through email, phones, SMS,
chats, and other forms of communication.
• The main components used in the
communication to threaten the targeted entity
include defaming, false allegations, slandering,
 Digital vandalism
• digital vandalism attack, the malware either
removes the useful data from the websites or
manipulates the information in such a way
that the meaning of the information is
reversed.
• Thus, a bad impact on the reputation of the
source is created.
• This campaign of cyber vandalism is also used
in many political, social, and personal
defamation cases.
• It is comparatively difficult to catch and sue
the culprits due to the sophisticated attacks by
the hackers from unknown locations
• Digital vandalism directly affects the reputation
and brand name of the company, person, or an
institute.
• It has become very critical today because of
fierce competition in the marketplace.
• Many hackers damage the brands of a
particular company or entity and indirectly
provide the benefit to its competitor in the
market.
 Cryptojacking
• Cryptojacking is a relatively new form of
cyberattack to be used for stealing the
“cryptocurrency”.
• This attack mines processor’s power through
malicious software on the cryptocurrency
miner machines of the legitimate users.
• In this form of cyberattack, the processing
power of the legitimate cryptocurrency
machines is hijacked and used for
cryptocurrency mining to earn rewards
 Types of Computer Malware
• The malware is a computer software program
maliciously developed to install on the
computers without any consent of the users.
• The main objective of such ill-conceived
programs is to either establish the access to
the targeted computers without any
permission of the user or to install the
program to create annoyance for the users.
• The annoyance can include pranks, data theft,
data damage, computer malfunction, service
blockage, and spying on the users.
• the malware programs are installed on the
targeted computers to achieve different types
of goals, which may include getting financial
favor, knowing the business strategies,
compromising the defense, sabotaging the
governmental system, and many others.
• All those malicious objectives are achieved by
introducing different kinds of malicious
programs, which are classified into different
categories in the field of information
technology. The main types of malware
software programs are
• Viruses
• Trojan Horse
• Rootkit
• Spyware
• Worms
• Adware
• Scareware
• Browser Hijacker
• A computer virus is a malicious computer program,
which is designed to alter the computer functions,
slow down the computer performance, and
damage the valuable files on the computer drive.
• The virus programs are executable files when run
on any machine by mistake, or through any trick or
click, it will get activated and will start altering the
computer configurations and the process, which
are used for smooth operation of the computer
• The virus programs have the capability to copy
into multiple files and, thus, overwhelm the
computer processes and data storage. As
mentioned earlier, the virus programs are
designed to propagate to other machines
when some data is transferred from an
infected computer to the other one. The main
sources of virus propagation include the
following:
• Copying on hard drive
• Data copying through flash
• Email attachments
• Short text messages
• Scam websites
• Scam social media links
• Infected file downloading from Internet
• Visiting infected websites
• The viruses are just programs in the form of executable
files.
• They do not get activate without running those
executable files on your computers.
• If you got a virus program on your computer, but it has
not been executed on your computer, your computer is
not infected as yet.
• As soon as you execute that file by either clicking or
running some legitimate programs on which the virus
files are attached, the virus becomes active and starts
doing its designed job.
The objectives of spreading a virus may include the
following
• Amusement, fun, and prank
• Altering computer functioning
• Corrupting data files on computer
• Stealing credentials
• Sending spamming emails from your computer
Erasing valuable data
• Damaging hard drives
The main symptoms of a virus-infected computer may include the
following

 Frequent appearance of pop-ups and other annoyance

 Changes in the home screen and other settings
 Redirecting your online surfing to certain websites
 Large-scale incoming and outgoing emails
 Slowing down of the performance of your computer
 Running of unknown programs on your computer
 Changes in your passwords, especially the admin passwords
 System starts crashing frequently
 Restarting of your computer unexpectedly
We can save our computers from the attack of nasty
viruses by taking the following measures:
• Avoid using insecure websites.
• Do not open fake websites that allure you for some
free incentives.
• Always keep your antivirus software updated.
• Always keep operating system (OS) of your computer
updated.
• Turn on the security firewall settings.
• Always configure your browser for high level of security.
•
• Free and insecure plugins should not be installed on your
browsers.
• Do not use your credit cards on the websites that do not
comply with the Payment Card Industry Data Security
Standard (PCI DSS) guidelines for secure transactions.
• Never insert flash cards (i.e., pen drive) or other storage
devices into your computer without scanning and
knowing about the type of data.
• Never open emails and their attachments from unknown
people and email address.
 Trojan horse
• Trojan horse in this field is also a malicious computer
program that may look very meek and harmless, but it
can pave the way for a bigger attack on your computer
and valuable data.
• It collects the information about the user behavior,
credentials, and other activities on the computer silently
and sends those to its command and control center
from where the other malicious attacks can originate.
• Hackers use Trojan to open the backdoor on your
computer to access your computer and establish control
on your machine.
• A Trojan horse comes in through some social engineering tactics
such as emails, disguised links, and other sources.

• They would sit on the computers and start spying, making

changes in credentials and doing other such malicious activities.

• The main objectives of Trojan horse are to spy on the user

activities and send back to its master control.

• Based on the information, backdoor access on the computer is

created to get control over the computer for malicious activities.
• The Trojan horses cannot replicate as the virus
or computer worms can do.

• They are like spies working silently on your

computers to accomplish their malicious acts
for which the Trojan horses are designed and
propagated.
Generally recognized activities of a Trojan horse on
an infected computer include the following:
• Collecting data and sending to command and
control center
•Copying the files and credential information
• Blocking of the data
• Altering the useful data
• Reducing the performance of computer
• Deleting some useful data files
Types:
• Trojan Spy
• Trojan Mail Finder
• Trojan Proxy
• Trojan Clicker
• Trojan Ransom
• Trojan SMS
• Trojan Dropper
symptoms of Trojan horse attack
Performance degrades significantly.
• Internet speed slows down.
• Problem in Internet browsing occurs.
• Many Internet browser pop-ups may appear.
• Your computer security application can warn you
through security pop-ups.
• Computer starts working itself without your
instructions.
Some crucial applications will stop working and
unwanted applications will load without any
control on them.
• A large number of spam emails appear in your
inbox.
• Your contacts may receive emails that you did
not send to them.
• Loading of computer takes much longer.
• Your data files are deleted or modified.
 Rootkit
• Rootkit is a type of malware that gets the
administrator-level privileges on the OS of the
computer without showing its presence on the
computer.
• The main feature of rootkit is that it hides from
being detected easily, but maintains the control
over the OS to perform its designated tasks on the
system.
• The normal behavior of the OS is subverted by the
rootkit malware on the system
• A powerful rootkit gets control on those APIs
and establishes the full control on the system.
• windows browser program sends a request to
the OS API to find a certain file on the
computer.
• The OS responds to the browser through API
about that file.
• The rootkit malware subverts the request sent to
the OS from reaching to the desired API and
responds with fake responses.
• Moreover, you request the OS to start the
antivirus or anti-malware application to scan your
computer; the request is interrupted from reaching
to the OS.
• The rootkit interrupts the request and sends you a
fake response that the program you requested for
is not working at this time.
There are three main goals of a rootkit on a computer:
• Running freely without any restrictions of having been
caught and deleted

• Hiding from the system applications and the user of the

computer

• Stealing personal information, passwords, and installing

other malicious programs on the computer so that the
compromised computer can be used for attacking the other
computers on the network
Major ways in which the rootkits subvert the
OS