UNIT – 4: ISSUES IN SECURITY MANAGEMENT AND CYBER LOSS

RISK IDENTIFICATION
Risk identification in cybersecurity is the process of identifying and cataloging potential threats to an
organization's digital assets and systems. The goal is to understand the likelihood and potential impact
of these threats, and to prioritize the risks to address. Organizations can use a cybersecurity risk
assessment to:
1. Identify vulnerabilities: Identify and quantify vulnerabilities in an organization's digital
landscape
2. Assess threats: Assess the likelihood and potential impact of various cyber threats, such as
malware infections, data breaches, or denial-of-service attacks
3. Prioritize risks: Prioritize the vulnerabilities that the organization can address
4. Meet requirements: Meet requirements for cyber insurance coverage
5. Boost resilience: Boost resilience and cyber security

RISK ASSESSMENT
A cybersecurity risk assessment is a structured process that helps organizations identify, evaluate, and
mitigate potential cyber threats to their digital infrastructure. The goal of a risk assessment is to help
organizations prioritize resources and implement security controls to reduce risk. Here are some steps
involved in a cybersecurity risk assessment:
1. Determine the scope: Decide what to include in the assessment, such as a business unit,
location, or specific aspect of the business.
2. Identify assets: Inventory the organization's IT systems and prioritize the most important
assets.
3. Identify threats and vulnerabilities: Identify potential cyber threats and vulnerabilities to the
organization's assets.
4. Assess and analyze risks: Calculate the likelihood and impact of each risk.
5. Prioritize risks: Use a cost-benefit analysis to prioritize risks based on their potential impact.
6. Implement security controls: Determine how to address each risk, such as by implementing
security controls or detecting threats.
7. Monitor and review: Regularly monitor and review the organization's risk management
controls to ensure they're working effectively.

RISK CONTROL STRATEGIES

1. Risk management framework: A structured approach that helps identify, assess, and respond
to cyber risks. Frameworks like NIST Risk Management Framework and ISO 27001 can help
standardize cybersecurity risk management efforts.
2. Risk identification: A process that helps determine threats by scanning the environment and
objectives of the company.
3. Regular risk assessments: A process that helps identify and evaluate potential cybersecurity
risks. Risk assessments should be comprehensive and conducted regularly.
4. Incident response drills: A process that helps prepare organizations for incidents by
practicing response plans.
5. Compliance: Staying compliant with industry regulations and standards is important for
effective risk control.
 6. Build a risk management culture: This includes distributing responsibilities, prioritizing
risks, training employees, and watching the threat environment.
QUANTITATIVE V/S QUALITATIVE RISK CONTROL PRACTICES

RISK MANAGEMENT
Cybersecurity management refers to an organization's strategic efforts to safeguard information
resources. It focuses on the ways businesses leverage their security assets, including software and IT
security solutions, to safeguard business systems.

These resources are increasingly vulnerable to internal and external security threats such as industrial
espionage, theft, fraud, and sabotage. Cybersecurity management must employ a variety of
administrative, legal, technological, procedural, and employee practices to reduce organizations’ risk
exposure.

Stages of Cybersecurity Risk Management: The cybersecurity risk management process can be
broken up into the following four stages:
1. Identify: To manage risks, an organization first needs to know that they exist. The first step in the
cybersecurity risk management process is performing an audit of an organization’s IT environment and
security infrastructure to identify potential risks that may need to be addressed.

2. Assess: Different risks pose varying threats to the organization’s operations. For example, attacks
against critical assets — such as the corporate database server — are likely to be more impactful than
ones against employee workstations and other lower-priority systems. Organizations can calculate risk
based on the likelihood and impact of a threat occurring and prioritize threats based on this
information.

3. Remediate: After building a prioritized list, an organization can take steps to address these risks.
Common risk management strategies include remediation (eliminating the risk entirely), mitigation
(reducing the risk impact or likelihood), transference (transferring the risk to someone else), or
acceptance (doing nothing).

4. Review: An organization should perform risk assessments and review the effectiveness of existing
controls on a regular basis. This helps to ensure that risk prioritizations are up-to-date and enables the
company to address failed controls or evolving risks.

Cyber Risk Management Benefits: Cybersecurity risk management can improve the efficiency and
effectiveness of a corporate cybersecurity program. Some of the benefits that cyber risk management
can provide to the business include the following:
1. Enhanced Security: A cybersecurity risk management program helps an organization identify the
biggest threats that it faces. With a prioritized list of cybersecurity threats, an organization can more
rapidly improve its security posture by addressing the biggest threats first.

2. Improved Cybersecurity ROI: A cyber risk management program is designed to ensure that an
organization focuses its risk remediation efforts on the greatest threats to the company. This helps to
improve cybersecurity ROI by ensuring that resources are used to manage the biggest threats to the
company and preventing resources from being wasted on lesser threats.

3. Regulatory Compliance: Data privacy laws are focused on protecting sensitive data and often
require a risk management program. Implementing cybersecurity risk management helps to ensure that
an organization is meeting its compliance responsibilities.

4. Cybersecurity Insurance: The growth of ransomware, phishing, and other cyber threats has made
insurance coverage more difficult and expensive to acquire. A strong cybersecurity risk management
program can help an organization to demonstrate that it is a safe risk and reduce its insurance
premiums.

LAWS AND ETHICS IN INFORMATION SECURITY

Laws in Information Security: It is also known as internet laws or digital laws, are laws that govern
the use of the internet and other digital technologies. These laws address a wide range of issues,
including intellectual property, privacy, cybercrime, and liability for online activities. Cyber laws vary
from country to country, but most countries have laws that address issues such as hacking, identity
theft, and online fraud.
1. The Computer Fraud and Abuse Act (CFAA): This law criminalizes unauthorized access to
computer systems and networks, as well as unauthorized access to sensitive information stored on
those systems.
2. The Electronic Communications Privacy Act (ECPA): This law regulates the interception and
disclosure of electronic communications, including email and text messages.
3. The Health Insurance Portability and Accountability Act (HIPAA): This law regulates the use
and disclosure of protected health information (PHI) in electronic form.
4. The Children’s Online Privacy Protection Act (COPPA): This law regulates the collection of
personal information from children under the age of 13.
5. The General Data Protection Regulation (GDPR): This EU regulation regulates the collection
and processing of the personal data of EU citizens.
6. The Personal Data Protection Bill (PDPB): In India, this bill regulates the collection, storage, and
processing of personal data of Indian citizens.

Ethics in Information Security: Cyber ethics is a branch of computer technology behavior that
defines the best practices that must be adopted by a user when he uses the computer system. In simple
terms, cyber ethics refers to the basic ethics and etiquette that must be followed while using a
computer system. Ethics, in general, refers to propagating good behavior, similarly by cyber ethics we
refer to propagating good behavior online that is not harsh or rude.

Cyber ethics governs rules that individuals must be polite and responsible when they use the internet.
Cyber ethics aim to protect the moral, financial, social behavior of individuals. Cyber ethics engages
the users to use the internet safely and use technology responsibly and sensibly. Cyber ethics
empathizes the behavior that must be adopted while using cyber technology. Cyber Ethics focuses on
the following:
1. Privacy:
The content that is available on the internet should not hurt any moral, emotional, or personal
ethics of individuals.
Users should have the right to protect any information which they don’t want to share openly.

Private information like user’s contact details, address, security-related information like bank
details, credit card/debit card details, are all included in basic cyber ethics of user privacy and
must not be breached in any case.
Any breach of privacy is theft/fraud of user identity and user personal information, which is
punishable as per the rules of law.

2. IPR:
IPR stands for Intellectual Property Rights.
 IPR defines that the owners have the complete right to the content that is posted on the internet.

The entire content is solely a belonging of the originator and no individual is allowed to claim
that content published by the original creator as its own.
Unauthorized distribution of someone else’s work should never be adopted as it’s ethically
incorrect to not give creation and monetary benefits to the creator of the work.

3. Security:
Security on the internet is the most basic ethical right that every user must be accessible.

Users of the internet should feel safe while they surf the net.

Security, in general means only authorized users to have access to the content on the computer.

And confidential information is safe, without any risk of loss of information/content.

4. Accuracy:
The content available on the internet is accessed by billions of users.

If there is no reliability of the information that is posted online, then it would mislead the
masses.
Cyber ethics assert the importance of posting content on the internet that is correct in all
aspects.
Users trust the content of the internet and rely heavily on the internet for facts; therefore, it is
highly needed that the asked information is correct and reliable.

CODES OF ETHICS
Cybersecurity ethics are the moral principles and standards that guide the actions of cybersecurity
professionals. They are intended to protect data, networks, and computer systems from unauthorized
access, attacks, and breaches. Ethical cybersecurity practices should uphold the rights and interests of
individuals, organizations, and society. Here are some examples of cybersecurity ethics:
Confidentiality: Keep client and personal information private and confidential.

Intellectual property: Protect the intellectual property of others.

Disclosing risks: Disclose potential dangers to the public, ecommerce clients, or the internet
community.
Honesty: Be honest and forthright about your experience and education limitations.

Conflicts of interest: Disclose conflicts of interest that cannot be avoided.

 Respect: Demonstrate respect and tolerance for all people.

Privacy: Respect privacy and use best cybersecurity practices.

Fairness: Avoid bias in cybersecurity and promote diversity on cybersecurity teams.

Justice: Ensure justice by eliminating discrimination in cybersecurity algorithms.

Law and public interest: Respect the law and the public interest by disclosing vulnerabilities
and breaches.

PROTECTING PROGRAMS AND DATA

Securing programs (software applications, systems) and data is a fundamental aspect of cybersecurity.
Both are vulnerable to a wide range of threats, such as hacking, malware, data breaches, and other
cyberattacks. Effective protection involves implementing a combination of technical, administrative,
and physical security measures.

Protecting Programs (Software Applications): Software and programs are vulnerable to exploitation
if they have flaws or are not secured properly. Protection involves ensuring software integrity, securing
development processes, patching vulnerabilities, and using security best practices.
1. Secure Software Development Lifecycle (SDLC)
Integrate security throughout the software development lifecycle to prevent vulnerabilities.

Key Practices:

❖ Secure Coding Practices: Follow coding standards to avoid vulnerabilities like SQL
injection, buffer overflows, and cross-site scripting (XSS).
❖ Code Review & Static Analysis: Regularly review code for vulnerabilities and use tools
to identify security weaknesses.
❖ Threat Modeling: Identify potential threats during the design phase to mitigate risks.

❖ Penetration Testing: Simulate attacks to identify vulnerabilities.

2. Regular Patching and Updates

Keep all software and programs up-to-date to protect against known vulnerabilities.

Why? Attackers exploit known vulnerabilities that patches and updates aim to fix.

3. Application Firewalls
Use Web Application Firewalls (WAFs) to filter and monitor HTTP traffic to and from web
applications.
They protect against common threats such as DDoS attacks, SQL injection, and XSS.
4. Access Control for Programs
Implement strict role-based access control (RBAC) to ensure only authorized users have access
to specific applications and functionalities.
Enforce multi-factor authentication (MFA) to add an extra layer of security.

5. Intrusion Detection & Prevention Systems (IDS/IPS)

Monitor application traffic for suspicious patterns and block attacks in real time.

Protecting Data: Data protection involves ensuring that sensitive data is safeguarded from
unauthorized access, theft, breaches, corruption, or loss. This applies to data in transit, at rest, and in
use.
1. Encryption
Encryption ensures data confidentiality by converting readable information into an unreadable
format that only authorized parties can decode.
Key Types of Encryptions:

❖ Data at Rest: Encrypt stored data using standards like AES (Advanced Encryption
Standard).
❖ Data in Transit: Use secure protocols like SSL/TLS for web traffic or VPNs for
encrypted communication.
❖ End-to-End Encryption (E2EE): Encrypt communication end-to-end to ensure only
intended recipients can access data.

2. Backup and Recovery

Regular Data Backups: Regularly back up critical data to mitigate the risk of data loss due to
attacks or hardware failure.
Store Backups Securely: Use encryption and store backups in geographically separated
locations.
Test Recovery Procedures: Ensure that data can be restored quickly and effectively in case of
an attack or failure.

3. Data Loss Prevention (DLP) Solutions

DLP tools monitor and restrict unauthorized attempts to access, share, or transmit sensitive
data.
Examples of DLP Measures:
 Monitoring email attachments for sensitive data.

Preventing sensitive data from being copied to external drives or cloud storage without
permission.

4. Access Controls
Limit access to sensitive data to only authorized users or systems.

Implement principles like:

Least Privilege (PoLP): Grant users only the permissions necessary for their roles.

Role-Based Access Control (RBAC): Assign roles to users to determine access levels.

5. Authentication and MFA

Use secure authentication mechanisms to verify user identity:

Strong passwords and password managers.

Multi-factor authentication (MFA): Combines two or more verification factors, such as a

password and a code sent to a user’s device.

CYBER CRIME AND INFORMATION SECURITY

CYBERCRIME: Cybercrime can be defined as illegal activities in which the computer, or the
internet is used as a tool to commit crimes. It could be through various conducts such as identity theft,
online fraud, cyberbullying, and the propagation of malware such as viruses or ransomware. It can
target individuals, organizations, or even government systems, causing much harm. As the internet has
become something essential to use at workplaces, for shopping, or even to communicate, cybercrime
emerged into being a concern.

Types of Cybercrime: Cybercrime encloses a wide range of activities, but these can generally be
divided into two categories:
1. Cyber Crimes Targeting Computer Networks or Devices: These types of crimes involve
different threats (like viruses, bugs, etc.) and (DoS) denial-of-service attacks.
Malware: This kind of cyber threat relates to malware viruses, worms, Trojans, etc. for interfering,
damaging, or unauthorized access to computer systems. For example, ransomware encrypts files and
then later demands ransom for decryption.
Denial-of-Service (DoS) Attacks: Here, the attackers focus on a system and flood it with high traffic,
hence making it inaccessible to the users. Another dangerous variant of DoS is DDoS, wherein many
compromised systems target one, thus, much difficult to defend against.
Phishing Attacks: These are masqueraded e-mails or messages claiming to be from a formal web but
only request that the user grant access to sensitive information like password points for an account or
credit card numbers. Phishing can be described as an outstanding one of the most common cyber
threats
Botnets: A number of hijacked computers can become a “botnet” of malware that can be used by an
attacker for coordinated attacks or spamming.
Exploits and Vulnerabilities: The typical area through which cyber-thieves exploit software
weakness is the application or operating system vulnerability in order to access it illegally.

2. Crimes Using Computer Networks to Commit Other Criminal Activities: These types of crimes
include cyberstalking, financial fraud, or identity thief.
Cyberstalking: This is considered as that crime in the nature of threatening or frightening a person
on-line and spreading fear and emotional distress. This can be termed as involving threats, constant
monitoring, or receiving repeated unwanted messages.
Financial Fraud: This is an example of a cybercrook manipulating the victim online to proceed with
stealing money, such as fake investment opportunities, hacking a business email, and using someone
else’s credit card details.
Identity Theft: It is normally the identity of people whose information is stolen with the intention of
only acting like them either to misuse their cash or money from their account or even to do malicious
reasons. It always lowers the credit score of the victim and in the worst-case scenario, misused the
account/loan financially with incorrect transactions.
Online Harassment and Hate Crimes: When people use the internet to discriminate against a
particular person based on his or her racial background, gender, religion, or whatever, which can
psychologically disturb the harassed person.
Intellectual Property Theft: Intellectual property theft refers to the theft of copyrighted content or
business secrets through the internet, thereby financially and competitively hurting individuals and
companies.

INFORMATION SECURITY: Information Security is not only about securing information from
unauthorized access. Information Security is basically the practice of preventing unauthorized access,
use, disclosure, disruption, modification, inspection, recording, or destruction of information.
Information can be a physical or electronic one. Information can be anything like Your details or we
can say your profile on social media, your data on your mobile phone, your biometrics, etc.

Three Principles of Information Security: Information security is necessary to ensure the

confidentiality, integrity, and availability of information, whether it is stored digitally or in other forms
such as paper documents. Information Security programs are built around 3 objectives, commonly
known as CIA – Confidentiality, Integrity, Availability.
1. Confidentiality – Means information is not disclosed to unauthorized individuals, entities and
process. For example, if we say I have a password for my Gmail account but someone saw while I was
doing a login into Gmail account. In that case my password has been compromised and Confidentiality
has been breached.
2. Integrity – Means maintaining accuracy and completeness of data. This means data cannot be
edited in an unauthorized way. For example, if an employee leaves an organization, then in that case
data for that employee in all departments like accounts, should be updated to reflect status to JOB
LEFT so that data is complete and accurate and in addition to this only authorized person should be
allowed to edit employee data.
3. Availability – Means information must be available when needed. For example, if one needs to
access information of a particular employee to check whether employee has outstood the number of
leaves, in that case it requires collaboration from different organizational teams like network
operations, development operations, incident response and policy/change management. Denial of
service attack is one of the factors that can hamper the availability of information.

CLASSIFICATION OF CYBER CRIMES

Cyber-crimes are an escalating concern affecting individuals, businesses, and societies globally.
Cybercriminals exploit online systems and networks, causing widespread harm to personal security,
organizational stability, and societal peace. Cyber-crimes are commonly classified into four main types
based on their target and impact:
1. Cyber Crimes Against Individuals
2. Cyber Crimes Against Property
3. Cyber Crimes Against Organizations
4. Cyber Crimes Against Society
1. Cyber Crimes Against Individuals: Cyber-crimes against individuals directly affect personal
privacy, finances, or mental well-being. Below are some notable types under this category:
a) Email Spoofing: Email spoofing is when a cybercriminal forges the sender’s email address to make
the message appear as if it’s from a legitimate source. Spoofed emails are used to deceive individuals,
often leading them to click malicious links or share personal information, resulting in financial loss or
identity theft.

b) Spamming: Spamming involves sending unsolicited emails or messages to a large number of

recipients. While some spam is harmless, other spam emails are used to spread malware, conduct
phishing attacks, or promote scams, creating privacy risks for recipients.

c) Cyber Defamation: Cyber defamation refers to the act of harming a person’s reputation through
false statements made online. This can happen through social media posts, emails, or websites, where
defamatory content is published to damage someone’s reputation, often leading to serious
consequences for the victim.

d) Cyber Stalking: Cyberstalking is the act of harassing or intimidating someone through digital
means. Cyberstalks may send unwanted messages, track a person’s online activities, or create a feeling
of fear or insecurity in their target.
e) Phishing: Phishing attacks involve deceiving individuals into sharing confidential information, such
as login credentials or financial data, typically via fake emails or websites that appear legitimate.
Phishing remains one of the most common methods used by cybercriminals to steal sensitive
information.

2. Cyber Crimes Against Property: Cyber-crimes against property often involve stealing or
damaging digital assets. These crimes target individuals and organizations to compromise valuable
data or intellectual property for financial gain.
a) Credit Card Fraud: Credit card fraud occurs when a cybercriminal gains unauthorized access to
someone’s credit card information, leading to illegal purchases and financial loss. Often, this crime is
committed through phishing, data breaches, or card skimming.

b) Intellectual Property Theft: Intellectual property crimes include the unauthorized use or distribution
of copyrighted material, patents, and trade secrets. Examples include software piracy, copyright
infringement, and trademark violations. Such crimes harm businesses and creators by depriving them
of due revenue or damaging their brand.

c) Internet Time Theft: Internet time theft occurs when someone uses another person’s internet
connection without permission. This crime often affects businesses where an employee may misuse
company resources for personal activities, leading to unnecessary costs for the organization.

d) Cyber Vandalism: Cyber vandalism is the act of defacing or damaging someone’s online property,
such as altering websites or social media profiles. This can include deleting data, corrupting files, or
posting offensive content, creating inconvenience and reputational harm.

3. Cyber Crimes Against Organizations: Cyber-crimes against organizations primarily aim to

disrupt operations, steal sensitive information, or extract financial gain. These attacks can severely
impact a business’s financial stability and reputation.
a) Unauthorized Access and Data Theft: Unauthorized access involves intruding into an organization’s
computer systems without permission, often with the goal of stealing sensitive data. This can include
personal information, trade secrets, or financial data, with stolen information either sold or used for
blackmail.

b) Denial of Service (DoS) Attacks: A DoS attack is an attempt to overload a company’s servers with
an excess of fake traffic, preventing legitimate users from accessing services. DoS attacks disrupt
operations, causing potential revenue loss and reputational damage.

c) Virus and Malware Attacks: Viruses and malware are malicious programs installed on a system to
cause damage, steal information, or disrupt operations. Organizations often fall victim to ransomware
attacks, where cybercriminals encrypt files and demand payment to unlock them, significantly
impacting businesses.

d) Salami Attacks: In salami attacks, small amounts of money are stolen over a prolonged period,
often remaining unnoticed due to the minor impact of each transaction. This type of attack is typically
financial, exploiting vulnerabilities in a company’s accounting systems.
e) Web Jacking: Web jacking is a type of cybercrime where an attacker takes control of an
organization’s website, often redirecting it to a malicious site. This can lead to data breaches, malware
distribution, or extortion demands. Web jacking in cyber security is especially dangerous, as it
deceives website visitors and can tarnish a company’s reputation.

4. Cyber Crimes Against Society: Cyber-crimes against society are crimes that impact large groups
of people, potentially threatening public safety, social order, and even national security.
a) Forgery: Forgery using computers involves creating fake documents like currency, certificates, or
official forms. With access to high-quality printers and scanners, cyber criminals can produce
counterfeit documents, causing financial and reputational damage on a large scale.

b) Cyber Terrorism: Cyber terrorism uses digital means to intimidate or harm people, organizations, or
governments. Cyber terrorists may hack government databases, spread propaganda, or launch
cyberattacks on critical infrastructure, aiming to instill fear and disrupt societal stability.

c) Web Jacking for Propaganda: In some cases, web jacking is used to control high-traffic websites,
redirecting them to spread misinformation, propaganda, or harmful content. This tactic can influence
public opinion, create panic, or manipulate political views, especially during sensitive events.

COMPUTER ETHICS AND SECURITY POLICIES

COMPUTER ETHICS: Ethics means “What is wrong and What is Right”. It is a set of moral
principles that rule the behavior of individuals who use computers. An individual gains knowledge to
follow the right behavior, using morals that are also known as ethics.

Computer ethics deals with the procedures, values and practices that govern the process of consuming
computer technology and its related disciplines without damaging or violating the moral values and
beliefs of any individual, organization or entity. Generally, the following guidelines should be
observed by computer users:
1. Honesty: Users should be truthful while using the internet.
2. Confidentiality: Users should not share any important information with unauthorized people.
3. Respect: Each user should respect the privacy of other users.
4. Professionalism: Each user should maintain professional conduct.
5. Obey the Law: Users should strictly obey the cyber law in computer usage.
6. Responsibility: Each user should take ownership and responsibility for their actions

SECURITY POLICIES: Security policies are a formal set of rules which is issued by an organization
to ensure that the user who are authorized to access company technology and information assets
comply with rules and guidelines related to the security of information.

It is a written document in the organization which is responsible for how to protect the organizations
from threats and how to handles them when they will occur. A security policy also considered to be a
"living document" which means that the document is never finished, but it is continuously updated as
requirements of the technology and employee changes.
1) It increases efficiency: The best thing about having a policy is being able to increase the level of
consistency which saves time, money and resources. The policy should inform the employees about
their individual duties, and telling them what they can do and what they cannot do with the
organization sensitive information.

2) It upholds discipline and accountability: When any human mistake will occur, and system security
is compromised, then the security policy of the organization will back up any disciplinary action and
also supporting a case in a court of law. The organization policies act as a contract which proves that
an organization has taken steps to protect its intellectual property, as well as its customers and clients.

3) It can make or break a business deal: It is not necessary for companies to provide a copy of their
information security policy to other vendors during a business deal that involves the transference of
their sensitive information. It is true in a case of bigger businesses which ensures their own security
interests are protected when dealing with smaller businesses which have less high-end security
systems in place.

4) It helps to educate employees on security literacy: A well-written security policy can also be seen as
an educational document which informs the readers about their importance of responsibility in
protecting the organization sensitive data.
What is Cyber Attack?
A cyber-attack occurs when hackers try to penetrate computer systems or networks with a personal
agenda or some purpose to damage or steal information by gaining unauthorized access to computer
systems. It can occur to anyone, either companies or government agencies, which can then have stolen
data and financial losses. Common forms of cyber-attacks include malware, which is harmful software
like viruses, ransomware, and phishing, where attackers send emails that appear to be authentic but
have malicious intent, to convince other users to share sensitive information with them. Other forms
are denial of service, DoS, and MitM attacks, which intercept communications between two parties. It
is through this cyber knowledge of the threats that people are protected in the sensitive information
secured through digital security by advanced technology these days.

Active Attacks
Active attacks are unauthorized actions that alter the system or data. In an active attack, the attacker
will directly interfere with the target to damage or gain unauthorized access to computer systems and
networks. This is done by injecting hostile code into communications, masquerading as another user,
or altering data to get unauthorized access. This may include the injection of hostile code into
communications, alteration of data, and masquerading as another person to get unauthorized access.

Types of active attacks are as follows:

● Masquerade Attack
● Modification of Messages
● Repudiation
● Replay Attack
● Denial of Service (DoS) Attack

1. Masquerade Attack
Masquerade attacks are considered one type of cyber-attack in which the attacker disguises himself to
pose as some other person and accesses systems or data. It could either be impersonating a legal user
or system and demanding other users or systems to provide information with sensitive content or
access areas that are not supposed to be accessed normally. This may even include behaving like an
actual user or even some component of the system with the intention of manipulating people to give
out their private information or allowing them into secured locations.

There are several types of masquerading attacks, including:

● Username and Password Masquerade: In this masquerade attack, a person uses either stolen
or even forged credentials to authenticate themselves as a valid user while gaining access to the
system or application.
● IP address masquerade: This is an attack where the IP address of a malicious user is spoofed
or forged such that the source from which the system or the application is accessed appears to
be trusted.
● Website masquerade: A hacker creates a fake website that resembles as a legitimate one in
order to gain user information or even download malware.
● Email masquerade: This is an e-mail masquerade attack through which an attacker sends an
apparently trusted source email so that the recipient can mistakenly share sensitive information
or download malware.

2. Modification of Messages
This is when someone changes parts of a message without permission, or mixes up the order of
messages, to cause trouble. Imagine someone secretly changing a letter you sent, making it say
something different. This kind of attack breaks the trust in the information being sent. For example, a
message meaning “Allow JOHN to read confidential file X” is modified as “Allow Smith to read
confidential file X”.
3. Repudiation
Repudiation attacks are a type of cyber-attack wherein some person does something damaging online,
such as a financial transaction or sends a message one does not want to send, then denies having done
it. Such attacks can seriously hinder the ability to trace down the origin of the attack or to identify who
is responsible for a given action, making it tricky to hold responsible the right person.

There are several types of repudiation attacks, including:

● Message repudiation attacks: In this attack, a message has been sent by an attacker, but the
attacker later denies the sending of the message. This can be achieved either through spoofed
or modified headers or even by exploiting vulnerabilities in the messaging system.

● Transaction repudiation attacks: Here, in this type of attack, a transaction-for example,

monetary transaction-is made, and at after some time when the evidence regarding the same is
being asked to be give then the attacker denies ever performing that particular transaction. This
can be executed either by taking advantage of the vulnerability in the transaction processing
system or by the use of stolen and forged credentials.

● Data repudiation attacks: In a data repudiation attack, data is changed or deleted. Then an
attacker will later pretend he has never done this. This can be done by exploiting vulnerabilities
in the data storage system or by using stolen or falsified credentials.

4. Replay
It is a passive capturing of a message with an objective to transmit it for the production of an
authorized effect. Thus, in this type of attack, the main objective of an attacker is saving a copy of the
data that was originally present on that particular network and later on uses it for personal uses. Once
the data gets corrupted or leaked it becomes an insecure and unsafe tool for its users.
5. Denial of Service (DoS) Attack
Denial of Service (DoS) is a form of cybersecurity attack that involves denying the intended users of
the system or network access by flooding traffic or requests. In this DoS attack, the attacker floods a
target system or network with traffic or requests in order to consume the available resources such as
bandwidth, CPU cycles, or memory and prevent legitimate users from accessing them.

There are several types of DoS attacks, including:

● Flood attacks: Here, an attacker sends such a large number of packets or requests to a system
or network that it cannot handle them all and the system gets crashed.
● Amplification attacks: In this category, the attacker increases the power of an attack by
utilizing another system or network to increase traffic then directs it all into the target to boost
the strength of the attack.

To Prevent DoS attacks, organizations can implement several measures, such as:

● Using firewalls and intrusion detection systems to monitor network traffic and block suspicious
activity.

● Limiting the number of requests or connections that can be made to a system or network.

● Using load balancers and distributed systems to distribute traffic across multiple servers or
networks.

● Implementing network segmentation and access controls to limit the impact of a DoS attack.
Passive Attacks
A Passive attack attempts to learn or make use of information from the system but does not affect
system resources. Passive Attacks are in the nature of eavesdropping on or monitoring transmission.
The goal of the opponent is to obtain information that is being transmitted. Passive attacks involve an
attacker passively monitoring or collecting data without altering or destroying it. Examples of passive
attacks include eavesdropping, where an attacker listens in on network traffic to collect sensitive
information, and sniffing, where an attacker captures and analyzes data packets to steal sensitive
information.

Types of Passive attacks are as follows:

● The Release of Message Content

● Traffic Analysis

1. The Release of Message Content

Telephonic conversation, an electronic mail message, or a transferred file may contain sensitive or
confidential information. We would like to prevent an opponent from learning the contents of these
transmissions.
2. Traffic Analysis
Suppose that we had a way of masking (encryption) information, so that the attacker even if captured
the message could not extract any information from the message.
The opponent could determine the location and identity of communicating host and could observe the
frequency and length of messages being exchanged. This information might be useful in guessing the
nature of the communication that was taking place.
The most useful protection against traffic analysis is encryption of SIP traffic. To do this, an attacker
would have to access the SIP proxy (or its call log) to determine who made the call.

Social engineering
Social engineering is the term used for a broad range of malicious activities accomplished through
human interactions. It uses psychological manipulation to trick users into making security mistakes or
giving away sensitive information.

Social engineering attacks happen in one or more steps. A perpetrator first investigates the intended
victim to gather necessary background information, such as potential points of entry and weak security
protocols, needed to proceed with the attack. Then, the attacker moves to gain the victim’s trust and
provide stimuli for subsequent actions that break security practices, such as revealing sensitive
information or granting access to critical resources.
CYBER STALKING
Cyberstalking is the use of the internet or digital tools to repeatedly harass, threaten, or stalk someone.
It includes sending unwanted messages, hacking accounts, or spreading lies online. The goal is often
to scare or distress the victim. Cyberstalks often use social media, email, or other online platforms.
Cyberstalking involves using digital platforms to intimidate or control someone by continuously
monitoring or harassing them online, they can track the victim’s online activity.

Cyber stalkers may impersonate their victims, post false information, or make threatening comments.
They often create multiple accounts to avoid detection and can track the victim’s location or personal
activities using GPS or spyware. Cyberstalking can results into offline threats and is a serious situation
of destruction of privacy which can often requires legal action to stop. Cyberstalking is harmful and
illegal.

Some of the Examples of Cyberstalking are as follows

● Repeated Unwanted Messages
● False Profiles
● Tracking Online Activity
● Hacking Accounts
● Posting Private Information
● Threatening Comments
● Monitoring via GPS or Spyware

Consequences of Cyberstalking

● Legal consequences can include fines, restraining orders, or sentence to imprisonment.

● Victims may experience anxiety, depression, and fear which can affects their mental health.
 ● Public harassment or false information can harm the victim’s reputation causing reputational
damage.
● Personal privacy is compromised, making the victim feel vulnerable.
● Financial costs may arise from legal fees, security measures, or identity theft.
● Fear of being targeted can lead to social withdrawal and isolation.
● Cyberstalking can also escalate to physical threats or harm.

Types of Cyber Stalking

1. Webcam Hijacking: Internet stalkers would attempt to trick you into downloading and putting
in a malware-infected file that may grant them access to your webcam. the method is therefore
sneaky in that it’s probably you wouldn’t suspect anything strange.
2. Observing location check-ins on social media: In case you’re adding location check-ins to your
Facebook posts, you’re making it overly simple for an internet stalker to follow you by just
looking through your social media profiles.
3. Catfishing: Catfishing happens via social media sites, for example, Facebook, when internet
stalkers make counterfeit user-profiles and approach their victims as a companion of a
companions.
4. Visiting virtually via Google Maps Street View: If a stalker discovers the victim’s address, then
it is not hard to find the area, neighbourhood, and surroundings by using Street View.
Tech-savvy stalkers don’t need that too.
5. Installing Stalkerware: One more method which is increasing its popularity is the use of
Stalkerware. It is a kind of software or spyware which keeps track of the location, enable
access to text and browsing history, make an audio recording, etc. And an important thing is
that it runs in the background without any knowledge to the victim.
6. Looking at geotags to track location: Mostly digital pictures contain geotags which is having
information like the time and location of the picture when shot in the form of metadata.
Geotags comes in the EXIF format embedded into an image and is readable with the help of
special apps. In this way, the stalker keeps an eye on the victim and gets the information about
their whereabouts.

How to Help Protect Yourself Against Cyberstalking

● Develop the habit of logging out of the PC when not in use.

● Remove any future events you’re close to attending from the social networks if they’re
recorded on online approaching events and calendars.
● Set strong and distinctive passwords for your online accounts.
● Cyber Stalkers can exploit the low security of public Wi-Fi networks to snoop on your online
activity. Therefore, avoid sending personal emails or sharing your sensitive info when
connected to an unsecured public Wi-Fi.
● Make use of the privacy settings provided by the social networking sites and keep all info
restricted to the nearest of friends.
● Do a daily search on the internet to search out what information is accessible regarding you for
the public to check.
CLOUD COMPUTING AND CYBER CRIME

Cloud computing crime is a generic concept that encompasses all types of internet crime, including tv
and film piracy, as well as location-based smart cell phone crime. Cyber criminals have made
extensive use of the highly scalable “on demand” nature of cloud platforms. Security and privacy
experts have long worried that criminals would launch attacks on the servers storing the data in cloud
environments, but criminals are now using the cloud infrastructure itself to get more capability out of
their campaigns.
It is a clear and obvious trend for the greater adoption of cloud computing. More and more businesses
are deploying IT services and applications in this way as they seek simpler management, utility-based
payments and less reliance on traditional datacentres and admin teams. It would be rare to find an
organisation that hasn’t adopted PaaS, IaaS or SaaS for some of their hosting or business applications.