Unit 1

Cybersecurity Terminology
1. Malware: Malware is any malicious code, software, or script deployed
by a threat actor to wreak havoc on an organization or individual.
Malware is usually found attached to emails, embedded in fraudulent
links, hidden in ads, or lying in wait on various sites that you (or your
employees) might visit. The end goal of malware is to harm or exploit
computers and networks, often to steal data or money.A virus is the
most common type of malware attack. In order for a virus to infect a
system it requires a user to click or copy it to media or a host.

What Are the Most Common Types of Malware Attacks?

1. Adware
Adware — commonly called “spam” — is unwanted or malicious advertising
installed on an endpoint. While relatively harmless, it can be irritating, as adware
can hamper your computer’s performance. In addition, these ads may lead users
to download more harmful types of malware inadvertently through clicking on links
in the malicious ads. To defend against adware, make sure you keep your
operating system, web browser, and email client updated so they can block
known adware attacks before they are able to download and install.

2. Fileless Malware
Unlike traditional malware, which uses executable files to infect devices, fileless
malware doesn’t directly impact files or the file system. Instead, this type of
malware uses non-file objects like Microsoft Office macros, PowerShell, and other
system tools. And this type is on the rise.

3. Viruses
A virus infects other programs and can spread to other systems, in addition to
performing its own malicious acts. A virus is attached to a file and is executed
once the file is launched. The virus will then encrypt, corrupt, delete, or move your
data and files. Viruses will often be attached to phishing emails and lead to larger
attacks like business email compromise (BEC).

4. Worms
Like a virus, a worm can duplicate itself in other devices or systems. Unlike
viruses, worms do not need human action to spread once they are in a network or
system. Worms often attack a computer’s memory or hard drive. Vulnerability
management is the key to protecting yourself against worms, so a priority should
be ensuring that every device is updated with the latest available patches.
Technology like firewalls and email filtering can also help you detect files or links
that may contain a worm.

5. Trojans
A Trojan program — like its namesake horse found in Greek mythology —
pretends to be innocuous, but it is in fact malicious. A Trojan can’t spread by
itself like a virus or worm, but instead must be executed by its victim, often
through social engineering tactics such as phishing. Trojans rely on social
engineering to spread, which puts the burden of defense on users.

6. Bots
A bot is a software program that performs an automated task without requiring
any interaction. Bots can execute attacks much faster than humans ever could.
A computer with a bot infection can spread the bot to other devices, creating
what’s known as a botnet. This network of bot-compromised machines can then
be controlled and used to launch massive attacks — such as DDoS attacks or
brute force attacks — often without the device owner being aware of its role in the
attack. One way to control bots is to use tools that help determine if traffic is
coming from a human user or a bot.
For example, you can add CAPTCHAs to your forms to prevent bots from
overwhelming your site with requests. This can help you identify and separate
good traffic from bad. Site traffic should always be monitored, and organizations
should make sure they’re using updated browsers and user agents.

7. Ransomware
Arguably the most common form of malware, ransomware attacks encrypt a
device’s data and hold it for ransom. If the ransom isn’t paid by a certain deadline,
the threat actor threatens to permanently delete the data or — in double
extortion models — release the valuable data on the dark web.
Ransomware gangs, as well as individual actors, are continuing to see the payoff
in attacking high-value targets like supply chains and critical infrastructure.

Cybercriminals use spyware to monitor the activities of users. Spyware often

leads to credential theft, which in turn can lead to a devastating data breach. It
often originates in corrupt files, or through downloading suspicious files.
Spyware is an umbrella category under which many of the other types of malware
we’ve discussed can be collected — adware, rootkits, keyloggers and trojan
horses are all kinds of spyware — however there are additional forms of spyware
that allow threat actors to track your cookies and monitor your internet activity,
monitor system usage or steal targeted info like conversations in messaging apps.
 10. Rootkits
Rootkits were not originally designed as malware, but they have become a
common attack vector for threat actors. A rootkit allows a user to maintain
privileged access within a system without being detected. In short, rootkits give a
user administrative-level access while concealing that access, allowing
them to take over a given device. Rootkits are often the first stage in a breach,
and after employing one, a threat actor can install more malware, launch a DDoS
attack, or take other escalation actions. Rootkits can also install and hide
keyloggers.

11. Keyloggers
Keyloggers are a common kind of spyware that monitors and records users’
keystrokes. Once this type of malware is installed onto an endpoint, hackers can
monitor and record every single keystroke a user makes, giving them full
access to a user’s movements in a system and online, as well as giving them
access to any and all credentials that may be entered into a system through
typing.
While there are legitimate uses for keylogging software — parents wishing to
monitor their children’s activity online or organizations wishing to monitor
their employees — malicious keyloggers are used to gain information and
steal credentials. This can allow users to access bank accounts, steal identities,
or gain access to other systems and environments.

Phishing is a cyberattack that uses social engineering and email to trick

a target into giving away sensitive information or downloading
malware. Here are some examples of phishing:
 Deceptive phishing
A common type of phishing where the attacker sends a fake email
that appears to be from a legitimate source, such as a bank,
coworker, or friend. The email may ask the recipient to provide login
credentials or click a link to a fake website.
 Search engine phishing
Hackers create spam pages that look like they are from a
legitimate company, such as Booking.com. The pages may include
the company's address and wording that users would expect from a real
ad. When users click on the ad, they are prompted to enter login
information.
 Social media phishing
The attacker sends a message that appears to be from a social media
platform, such as Facebook, and asks the user to log in to correct an
 issue. The message includes a link that takes the user to a fake website
that looks like the social media platform.
 CEO fraud
The attacker sends an email from a familiar email address, such as the
CEO's, and asks the user to act urgently. The email may ask the user to
transfer funds, update employee details, or install an app.
 Google Docs scam
The attacker sends an email that appears to be from someone the user
knows, and asks the user to click a link to view a document. The link
takes the user to a page that looks like Gmail's login page, and the
user is asked to grant access to their Google account.

Firewall: A firewall is a computer network security system that restricts internet

traffic in to, out of, or within a private network.

This software or dedicated hardware-software unit functions by selectively

blocking or allowing data packets. It is typically intended to help prevent
malicious activity and to prevent anyone—inside or outside a private
network—from engaging in unauthorized web activities.

Firewalls can be viewed as gated borders or gateways that manage the

travel of permitted and prohibited web activity in a private network. The term
comes from the concept of physical walls being barriers to slow the spread
of fire until emergency services can extinguish it. By comparison, network
security firewalls are for web traffic management — typically intended to slow the
spread of web threats.
Firewalls create 'choke points' to funnel web traffic, at which they are then
reviewed on a set of programmed parameters and acted upon accordingly.

Two-factor authentication :- Two-factor authentication (2FA) is a

security process that requires two forms of identification to access a
system or account, instead of just a username and password. 2FA is a
vital tool for organizations to protect their data and users from
cyberattacks.

Here are some ways 2FA works:

 Push-based 2FA
A mobile authenticator app sends a notification to a user's device,
requiring them to approve access to accounts.
 SMS passcodes
 A 2FA service texts a code to the user's mobile device, which they then
enter into the prompt.

 Hardware tokens
Credentials are stored on a dedicated hardware device that cannot be
duplicated.
 Biometrics
A user's identity is validated using facial biometrics or a retinal scan.

VPN :- A virtual private network (VPN) is a cybersecurity tool that

encrypts data and masks a user's IP address to protect their online
privacy and security:
 How it works
A VPN creates a secure tunnel between a user's device and a VPN
server, encrypting all data that passes through it. This prevents
unauthorized people from accessing the user's data and makes it
difficult for others to track their online activity.
 Benefits
VPNs can be used for a variety of purposes, including:
 Remote access: VPNs allow remote users to securely access an
organization's services, such as email and file services.
 Protecting against cyber threats: VPNs can help protect users from
cyber criminals, hackers, and their internet service provider.
 Avoiding website blocks: VPNs can help users bypass website blocks
and firewalls.

DDOS:- In cybersecurity, "DDoS" stands for "Distributed Denial-of-

Service," which refers to a cyber attack where multiple compromised
devices (often part of a botnet) are used to flood a target server or
network with excessive traffic, effectively preventing legitimate users
from accessing the service by overwhelming its resources and causing it
to become unavailable; essentially, a coordinated attack from multiple
sources to disrupt a system's functionality.
Key points about DDoS attacks:
 "Distributed" aspect:
 Unlike a simple Denial-of-Service (DoS) attack which originates from a
single source, a DDoS attack leverages multiple compromised devices
across the internet to launch the attack, making it harder to trace and
mitigate.
 Impact:
A DDoS attack can lead to website unavailability, slow network
performance, and disruption of online services, causing
significant damage to businesses and individuals.
man-in-the-middle :- A "man-in-the-middle" (MITM) attack in
cyber security is a malicious act where a hacker positions
themselves between two communicating parties, intercepting and
potentially altering their data exchange without either party
realizing it, essentially eavesdropping on their conversation and stealing
sensitive information like login credentials or credit card details; this
can occur on a network like Wi-Fi, where the attacker creates a fake
access point to capture data flowing through it.
Key points about MITM attacks:
 How it works:
The attacker establishes a connection with each victim, acting as a
middleman and relaying messages between them while secretly
reading and potentially modifying the data.
 Common targets:
Login credentials, financial information, private messages, sensitive
data transmitted over unsecured networks.
SQL injection:- SQL injection, also known as SQLI, is a
common attack vector that uses malicious SQL code for backend
database manipulation to access information that was not
intended to be displayed.

social engineering:- Social engineering attacks manipulate

people into sharing information that they shouldn’t share,
downloading software that they shouldn’t download, visiting
websites they shouldn’t visit, sending money to criminals or
making other mistakes that compromise their personal or
organizational security.
 Brute Force:- A brute force attack is a cyber attack where a
hacker attempts to gain unauthorized access to a system by
guessing passwords, login credentials, or encryption keys. Hackers
use a trial-and-error method to systematically check all possible
combinations until they find the correct one.

Vulnerability:- A "vulnerability" in cybersecurity refers to a

weakness or flaw in a computer system, network, or application
that can be exploited by a cyber attacker to gain unauthorized
access, steal sensitive data, or disrupt operations; essentially, it's a
potential entry point for malicious activity due to a design flaw, coding
error, misconfiguration, or outdated software.

Data Breach :- A "data breach" in cybersecurity refers to a

security incident where sensitive or confidential information, like
personal details, financial data, or medical records, is accessed,
stolen, or exposed by unauthorized individuals due to vulnerabilities in a
system, often through hacking, malware, social engineering, or insider
threats, resulting in a breach of privacy and potential harm to affected
individuals or organizations.
Key points about data breaches:
 What is compromised:
Sensitive information like credit card numbers, login credentials,
personal addresses, medical records, and more can be exposed in a
data breach.
 Common causes:
 Phishing attacks: Deceiving users into revealing sensitive information
through emails or links that appear legitimate.
 Malware: Malicious software that infiltrates systems to steal data.
 Weak passwords: Easily guessable passwords that can be cracked by
hackers.
 Insider threats: Malicious actions by employees with access to sensitive
data.
 Unpatched vulnerabilities: Software flaws that attackers can exploit

Computer Ethics
computer ethics is a set of principles that regulates the use of
computers. Computer ethics address issues related to the misuse of
computers and how they can be prevented. It primarily imposes the
ethical use of computing resources. It includes methods to avoid
violating the unauthorized distribution of digital content. The core issues
surrounding computer ethics are based on the use of the internet,
internet privacy, copyrighted content, software, and related services,
and user interaction with websites. The Internet has changed our
lifestyle. It has become a part of our life. It allows us to communicate
with a person from another part of the world. collecting information on
any topic, social meets, and many other activities. But at the same time,
some peoples are always trying to cheat or harm others.

Internet Security

The internet is an insecure channel for exchanging information because

it features a high risk of fraud or phishing. Internet security is a branch
of computer security specifically associated with the utilization of the
internet, involving browser security and network security. Its objective
is to determine measures against attacks over the web. Insufficient
internet security can be dangerous. It can cause many dangerous
situations, like starting from the computer system getting infected with
viruses and worms to the collapse of an e-commerce business.
Different methods have been devised to protect the transfer of data
over the internet such as information privacy and staying alert against
cyber attacks.
Information Privacy: Information privacy is the privacy or protection of
personal information and refers to the personal data stored on a
computer. It is an important aspect of information sharing. Information
privacy is also known as data privacy or online privacy. Some Internet
privacy involves the right of personal privacy and deals with the storing
and displaying of personal information on the internet. In any exchange
of personal information over the internet, there is always a risk involved
with the safety of personal information. Internet privacy may be a cause
for concern especially when online purchases, visiting social networking
sites, participating in online games or attending forums.

General steps to protect our system from risks:

1. Always use preventive software applications, like anti-virus, anti-

malware, etc,
2. Avoid exposing personal data on websites with low-security levels.
3. Avoid shopping from unreliable websites
 4. Always use strong passwords consisting of letters, numerals, and
special characters.
5. Always keep your operating system updated.
6. Always on the firewall.

How to protect yourself from cyberbullying:

 Not to respond to cyberbullying.

 Never open e-mails received from unknown senders.
 Keep your password secret.
 Be careful, when you are posting something on a social site.

How to protect yourself from hacking:

 Never connect your system to free wifi or a free network.
 Always use strong passwords consisting of letters, numerals, and
special characters.
 Before installing any application in your system, always check
permission and authenticity.
 Always keep your operating system updated.
 Always use preventive software applications, like anti-virus, anti-
malware, etc,
How to protect yourself from plagiarism:
 While writing, always writes in your own words.
 Always use a plagiarism checker before the update.
 If you are taking someone else’s work, then always give the credit to
the original author in an in-text citation.

Business and professional ethics in cyber security

Business and professional ethics in cybersecurity refers to a set of moral
principles guiding cybersecurity professionals, ensuring they prioritize
user privacy, data integrity, confidentiality, and responsible disclosure of
vulnerabilities while acting with honesty, transparency, and
accountability, even when facing difficult situations that could potentially
benefit their organization at the expense of ethical conduct; essentially,
it's about doing the right thing in the digital world, even when it's
challenging.
Key aspects of cybersecurity ethics:
 Confidentiality:
Protecting sensitive information from unauthorized access, including
personal data, trade secrets, and client information.
 Integrity:
Maintaining the accuracy and consistency of data, ensuring information
is not tampered with or manipulated.
 Availability:
Guaranteeing that critical systems and data are accessible to
authorized users when needed.
 Transparency:
Being open and honest about cybersecurity practices, vulnerabilities,
and incidents.
 Accountability:
Taking responsibility for one's actions and decisions in the
cybersecurity domain.
Ethical dilemmas in cybersecurity:
 Disclosure of vulnerabilities:
Deciding whether to publicly disclose a security flaw to alert the
community, even if it could harm the organization's reputation.
 Data collection and surveillance:
Balancing the need for data collection to protect against threats with the
right to privacy.
 Algorithmic bias:
Addressing potential biases in automated security systems that could
unfairly target certain groups.
 Conflict of interest:
Managing situations where personal interests might clash with
professional obligations.
 Employee privacy monitoring:
Determining the appropriate level of monitoring employee online activity
while respecting their privacy.
How to uphold cybersecurity ethics:
 Code of ethics:
Adhering to established ethical guidelines and codes within the
cybersecurity industry.
 Training and awareness:
Providing regular training to cybersecurity professionals on ethical
issues and best practices.
 Reporting mechanisms:
 Establishing clear channels for reporting potential ethical breaches
within an organization.

 Compliance with regulations:

Following relevant data protection and cybersecurity laws.

Need for cyber security

Cybersecurity is crucial because it protects individuals, businesses, and
organizations from malicious cyber attacks, safeguarding sensitive data,
preventing identity theft, financial losses, and system disruptions caused
by hackers, spammers, and cybercriminals, thus ensuring the integrity
and availability of critical information across digital platforms; essentially
acting as a shield against threats like phishing scams, ransomware, and
data breaches.
Key reasons why cybersecurity is needed:
 Data Protection:
Safeguards sensitive personal and corporate information from
unauthorized access and theft.
 Financial Security:
Prevents financial losses due to fraudulent online transactions or cyber
extortion.
 Business Continuity:
Minimizes downtime and operational disruptions caused by
cyberattacks.
 Reputation Management:
Protects a company's image by preventing data breaches that could
damage customer trust.
 Legal Compliance:
Many industries have regulations requiring robust cybersecurity
practices to protect customer data.
 Individual Privacy:
Protects personal information like banking details and medical records
from unauthorized access.
 Emerging Threats:
As technology evolves, so do cyber threats, making continuous
cybersecurity measures essential.
 Cyber frauds and crimes
Cyber frauds and crimes in cybersecurity include activities like identity
theft, phishing scams, ransomware attacks, data breaches, malware
distribution, online banking fraud, social media scams, cyber espionage,
online harassment, and unauthorized access to computer systems,
essentially any illegal activity conducted through digital devices or
networks to deceive or harm individuals or organizations.
Key examples of cyber frauds and crimes:
 Phishing: Sending deceptive emails or messages to trick users into
revealing sensitive information like passwords or credit card details.
 Identity theft: Stealing personal information like Social Security
numbers to commit fraud in someone else's name.
 Ransomware: Encrypting a victim's data and demanding a ransom
payment to decrypt it.
 Data breaches: Unauthorized access to sensitive data stored on a
computer system, leading to potential misuse.
 Malware: Malicious software designed to damage or disrupt computer
systems, like viruses, trojans, or spyware.
 Cyber espionage: Using hacking techniques to gain access to
confidential information for competitive advantage
 Online banking fraud: Unauthorized access to bank accounts through
online platforms to steal funds
 Social media fraud: Using social media platforms to deceive users with
fake accounts or misleading information
 Credit card fraud: Stealing credit card details to make unauthorized
purchases
 Cyber stalking: Repeatedly contacting or harassing someone online

What are some of the most common digital payment

risks?

Businesses that accept digital payments face a number of security risks,

including:

Third-party risk
Many companies today are relying on third parties to handle critical business
functions in order to increase efficiency and reduce costs. This can create layers
of additional risk if companies fail to properly vet their third-party vendors prior to
establishing a business relationship. Complicating this issue is that many third-
party vendors are also outsourcing their own functions to external parties, creating
fourth- and fifth-party risk.

When accepting digital payments, companies often work with numerous vendors,
including payment processors, point-of-sale system vendors, payment gateway
providers and more. Insufficient third-party security controls could cause all of the
data shared across these devices and applications to be exposed to risk.

Phishing scams

Phishing is historically one of the tried-and-true methods of data theft, but it

continues to be an effective form of hacking in the digital economy. According to
research from Proofpoint , 83% of organizations were subject to a phishing
TM

attack in 2021, a 26% increase from the previous year. When conducting a
phishing scam, malicious actors might send seemingly benign communications to
unsuspecting users (often in the form of emails) claiming to be a known or
otherwise trustworthy source (like a bank, lending institution or university).

The hacker usually asks for sensitive personal information to complete an urgent
request, like completing an application for a loan that requires banking details.
Once the subject of the attack complies, hackers can use their personal
information to access the funds in their credit cards and bank accounts. Both
junior staff and senior managers could be subject to phishing scams that expose
data and lead to theft.

Malware

Malware occurs when users download an app, file or attachment that contains
malicious software. Once the malware infects the device, the hacker behind the
software has access to all of the information stored in the device. While many
companies have firewalls and antivirus software installed on their desktops and
laptops, they often skip these security measures on their mobile devices.

An increasing number of businesses are processing payments using a tablet or

smartphone as their point-of-sale operating system. The potential storage of such
a large volume of cardholder information could make these devices subject to a
malware attack, exposing the data of anyone that has made a purchase on that
device.

Digital payment security best practices

The increasing use of digital payments makes securing sensitive customer

information critical to long-term stability and success in the modern economy.
Fortunately, there are several steps businesses can take to strengthen their data
privacy protocols and maintain the security of their digital payments. These
include:
1. Two-factor authentication

Implementing two-factor authentication adds a simple yet effective layer of

security to digital payments through more robust customer identification
procedures at the point of sale. Before customers can complete a transaction,
they must supply an additional form of digital identification to authenticate their
identity. Often, they will receive a unique code in their email or in a text message
to their smartphone, which they must supply to complete their transaction.

To avoid adding layers of steps and causing customers to abandon their carts, it
is important that your two-factor authentication protocol is frictionless and does
not add too much friction to the buying process.

2. Ensure PCI DSS compliance

The Payment Card Industry Data Security Standard (PCI DSS) provides
companies with a detailed set of guidelines they can use to enhance the
protection of consumer credit card data. There are 12 components required to be
PCI DSS compliant, including using secure firewalls, encrypting cardholder data,
updating software on a routine basis, and restricting access to systems and
devices.

While PCI DSS compliance could add a layer of security to digital payment
systems, it also signals to consumers that companies take the privacy and
security of their data seriously, which could help to create stronger customer
relationships.

3. Train employees on best practices

Hackers often take advantage of unsuspecting employees to gain access to

critical systems and devices. You should conduct routine employee training
sessions to ensure they are up to date on the latest security best practices.
Employees should be trained on good password procedures, identifying possible
scams, and reacting in the event of a cybersecurity incident.

4. Tokenize customer card data

Tokenization is a secure method of payment data encryption that converts credit

card information into a series of randomly generated numerals. This new
sequence of numbers is called a token. The numbers contained in these tokens
have no inherent value (beyond the card information they represent), so they can
be transferred between different parties involved in the digital transaction process
without the risk of being stolen by malicious actors.

Cyber security search engine

Cybersecurity Search Engines are specialized search engines
or tools designed to help cybersecurity professionals and
researchers find information related to cybersecurity threats,
vulnerabilities, solutions, and other relevant topics.

Cybersecurity search engines also index devices and networks that are
connected to the internet, which can be useful for security professionals
who are trying to identify potential vulnerabilities. Cybersecurity search
engines are designed to index and prioritize cybersecurity-related
information, which can be helpful for users who are looking for specific
types of information.

Benefits of using a cybersecurity search engine

 More specialized results: Cybersecurity search engines are
designed to index and prioritize cybersecurity-related information.
This means that you are more likely to find the information you are
looking for when you use a cybersecurity search engine.
 Deeper insights: Cybersecurity search engines often provide
more detailed information about cybersecurity threats and
vulnerabilities than Google. This can be helpful for security
professionals who are trying to understand a threat or vulnerability
in more depth.
 Better discovery: Cybersecurity search engines can index
devices and networks that are connected to the internet. This can
be helpful for security professionals who are trying to identify
potential vulnerabilities in their attack surface.
Top 5 Cybersecurity Search Engines

1. Shodan
Shodan is a search engine that indexes devices connected to the
internet. It can be used to find devices such as webcams, routers, and
industrial control systems that are exposed to the public internet.

2. Censys
Censys is another search engine that indexes devices connected to the
internet. It is similar to Shodan, but it has a wider range of features, such
as the ability to search for specific vulnerabilities and to search for
devices that are using specific malware.

3. ZoomEy
ZoomEye is a Chinese search engine that indexes devices connected to
the internet. It is similar to Shodan and Censys, but it is focused on the
Chinese internet.

4. GreyNoise
GreyNoise is a search engine that indexes IP addresses and domains
associated with malicious activity. It can be used to identify and block
malicious traffic.

5. Pulsedive
Pulsedive is a search engine that indexes threat intelligence from a
variety of sources, including security blogs, social media, and
government agencies. It can be used to get up-to-date information on the
latest threats.