Cyber Security 3IT81

Priyank Bhojak
Assistant professor
IT Department
BVM Engineering College
 Cyber: The cyber has some interesting Synonyms: fake,
replicated, pretend, virtual, computer generated. Cyber
means combining forms relating to Information
Technology, the internet and Virtual reality.
 Cyber: The cyber has some interesting Synonyms: fake,
replicated, pretend, virtual, computer generated. Cyber
means combining forms relating to Information
Technology, the internet and Virtual reality.
Cyber Security

 Cyber-safety is a common term used to describe a set

of practices, measures and/or actions you can take to
protect personal information and your computer
from attacks
 Cyber security is the body of technologies,
processes and practices designed to protect
networks, computers, programs and data from
attack, damage or unauthorized access. In a
computing context, the term security implies cyber
security.

 Cyber security involves protecting that

information by preventing, detecting, and
responding to attacks.
Application Security
 Web application security is the process of protecting
websites and online services against different security
threats that exploit vulnerabilities in an application’s code.
Common targets for web application attacks are content
management systems (e.g., WordPress), database
administration tools (e.g., phpMyAdmin) and SaaS
applications.
 Different types of application security such as firewalls, antivirus
programs, encryption programs and other devices can help to
ensure that unauthorized access is prevented. Companies also
can identify sensitive data assets and protect them through
specific application security processes tied to these data sets.

Application security is one of several levels of security that

companies use to protect systems. Others include operating
system security, network security and end-point or mobile
security.
 Data security
 Data security refers to protective digital privacy measures that
are applied to prevent unauthorized access to computers,
databases and websites. Data security also protects data from
corruption. Data security is an essential aspect of IT for
organizations of every size and type.
 Examples of data security technologies include
backups, data masking and data erasure. A key data
security technology measure is encryption, where
digital data, software/hardware, and hard drives are
encrypted and therefore rendered unreadable to
unauthorized users and hackers.
 One of the most commonly encountered methods of
practicing data security is the use of authentication.
With authentication, users must provide a password,
code, biometric data, or some other form of data to
verify identity before access to a system or data is
granted.
 A firewall :
 Acts as a security gateway between two networks
 Usually between trusted and untrusted networks (such as between a corporate
network and the Internet)
 Acts as a security gateway between two networks
 Tracks and controls network communications
 Decides whether to pass, reject, encrypt, or log
communications (Access Control)
 Packet Filter
 Application Gateway or Proxy
 Stateful Inspection
 Network Address Translation (NAT)
 A VPN is a private connection over an open network
 A VPN includes authentication and encryption to protect data
integrity and confidentiality
Why Use Virtual Private Networks?
 More flexibility
 More scalability
 Lower costs
 Reduced frame relay/leased line costs
 Reduced long distance
 Reduced equipment costs (modem banks,CSU/DSUs)
 Reduced technical support
First, let’s talk about some common cyber-safety threats and the problems they
can cause . . .

Viruses Hackers
Viruses infect computers through email Hackers are people who “trespass” into
attachments and file sharing. They delete your computer from a remote location.
files, attack other computers, and make They may use your computer to send
your computer run slowly. One infected spam or viruses, host a Web site, or do
computer can cause problems for all other activities that cause computer
computers on a network. malfunctions.

Identity Thieves Spyware

People who obtain unauthorized access Spyware is software that “piggybacks” on
to your personal information, such as programs you download, gathers
Social Security and financial account information about your online habits, and
numbers. They then use this information transmits personal information without
to commit crimes such as fraud or theft. your knowledge. It may also cause a
wide range of other computer
malfunctions.
 1. Install OS/Software Updates

2. Run Anti-virus Software

3. Prevent Identity Theft

4. Turn on Personal Firewalls

5. Avoid Spyware/Adware

6. Protect Passwords

7. Back up Important Files

15
 Organization and user’s assets include connected computing devices,
personnel, infrastructure, applications, services, telecommunications
systems, and the totality of transmitted and/or stored information in the
cyber environment.

 Cyber security strives to ensure the attainment and maintenance of the

security properties of the organization and user’s assets against relevant
security risks in the cyber environment. The general security objectives
comprise the following:

 Availability
 Integrity, which may include authenticity and non-repudiation
 Confidentiality
Security - Elements

 Three main elements which are confidentiality, integrity,

and availability and the recently added authenticity and utility.
Confidentiality

 Confidentiality is the concealment of information or

resources. Also, there is a need to keep information secret
from other third parties that want to have access to it, so just
the right people can access it.
 Example in real life − Let’s say there are two people
communicating via an encrypted email they know the
decryption keys of each other and they read the email by
entering these keys into the email program. If someone
else can read these decryption keys when they are
entered into the program, then the confidentiality of that
email is compromised.
Integrity

 Integrity is the honesty of data in the systems or resources by

the point of view of preventing unauthorized and improper
changes. Generally, Integrity is composed of two sub-
elements – data-integrity, which it has to do with the content
of the data and authentication which has to do with the origin
of the data as such information has values only if it is correct.
 Example in real life − Let’s say you are doing an online
payment of 5 USD, but your information is tampered without
your knowledge in a way by sending to the seller 500 USD,
this would cost you too much.
Availability

 Availability refers to the ability to access data of a resource when it

is needed, as such the information has value only if the authorized
people can access at right time.
 Denying access to data now a days has become a common attack.
Imagine a downtime of a live server how costly it can be.

 Example in real life − Let’s say a hacker has compromised a

webserver of a bank and put it down. You as an authenticated

user want to do an e-banking transfer but it is impossible to
access it, the undone transfer is a money lost for the bank.
 In the world today it seems that everything relies on
computers and the internet now — communication (email,
cell phones), entertainment (digital cable, mp3s),
transportation (car engine systems, airplane navigation),
shopping (online stores, credit cards), medicine (equipment,
medical records), and the list goes on. Some important
questions have to asked to assess the impact of technology
such as:
 How much of your daily life relies on computers, both personal
and work related?

 How much of your personal information is stored either on your

computer or on someone else’s system?
Malicious code -

 Malicious code, sometimes called malware, is a broad

category that includes any code that could be used to attack
your computer. Malicious code can have the following
characteristics:

 It might require you to actually do something before it

infects your computer. This action could be opening an email
attachment or going to a particular web page.
 Some forms propagate without user intervention and
typically start by exploiting software vulnerability. Once
the victim computer has been infected, the malicious code
will attempt to find and infect other computers. This code
can also propagate via email, websites, or network-based
software.

 Some malicious code claims to be one thing while in fact

doing something different behind the scenes. For example,
a program that claims it will speed up your computer may
actually be sending confidential information to a remote
intruder.
 Cyberspace: In terms of computer science,
―Cyberspace‖ is a worldwide network of computer
networks that uses the transmission control protocol/
Internet protocol (TCP/IP) for communication to
facilitate transmission and exchange of data.

 Cyber terrorism: cyberterrorism is the premediated,

politically motivated attack against information,
computer systems, computer programs and data which
result in violence a against non combatants targets by
sub national groups or clandestine agents.
 Cybercrime: A crime conducted in which a computer was
directly and significantly instrumental. Other alternative
definition of computer crime:

Any illegal act where a special knowledge of computer

technology is essential for its perpetration, investigation or
prosecution.

Any financial dishonesty that takes place in computer

environment.

Any threats to computer itself, such as theft of hardware or

software.
 Cybercrime against peoperty
 Credit card frauds
 Intellectual property (IP) crime
 Internet time theft
Cybercrime against organization

 Unauthorized accessing of computer

 Password sniffing
 Denial-of-service attacks
 Virus attack
 E-Mail bombing
 Logic bomb
 Data diddiling
 Software piracy
Cybercrimes against society
 Forgery
 Cyber terrorism
 Web jacking
Malware
 Malware is shorthand for malicious software. It is
software developed by cyber attackers with the
intention of gaining access or causing damage to a
computer or network, often while the victim remains
oblivious to the fact there's been a compromise. A
common alternative description of malware is
'computer virus' -- although are big differences
between these types malicious programs.
Though varied in type and capabilities, malware usually has one
of the following objectives:

 Provide remote control for an attacker to use an infected

machine.
 Send spam from the infected machine to unsuspecting targets.
 Investigate the infected user’s local network.
 Steal sensitive data.
 The origin of the first computer virus is hotly debated: For
some, the first instance of a computer virus -- software that
moves from host to host without the input from an active user
-- was Creeper, which first appeared in the early 1970s, 10
years before the actual term 'computer virus' was coined by
American computer scientist Professor Leonard M. Adleman.

 Brain The boot sector of an infected floppy

 Brain is the industry standard name for a computer virus that
was released in its first form in January 1986, and is
considered to be the first computer virus for MS-DOS.
 Includes different types of programs designed to be harmful
or malicious
 Spam

 Adware and spyware

 Viruses

 Worms

 Trojan horses

 Rootkits

 Remote Administration Tools

 Botnets
 Spam

 Spam refers to the use of electronic messaging

systems to send out unrequested or unwanted
messages in bulk.
 The difficulty with stopping spam is that the economics
of it are so compelling. While most would agree that
spamming is unethical, the cost of delivering a message
via spam is next to nothing.
 If even a tiny percentage of targets respond, a spam
campaign can be successful economically.
 The most common form of spam is email spam, but the term
also applies to any message sent electronically that is in bulk.
 This includes: instant message spam, search engine spam,
blog spam, Usenet newsgroup spam, wiki spam, classified ads
spam, Internet forum spam, social media spam, junk fax
spam, and so on.
 Adware and spyware
 Spyware is considered a malicious program and is similar to a
Trojan Horse in that users unknowingly install the product when
they install something else. ... Spyware works like adware but is
usually a separate program that is installed unknowingly when
you install another freeware type program or application.

 Spyware secretly monitors your computer and internet use. Some of

the worst examples of spyware include keyloggers who record
keystrokes or screenshots, sending them to remote attackers who
hope to glean user IDs, passwords, credit card numbers, and other
sensitive information.
 Adware (short for advertising-supported software) is
a type of malware that automatically delivers
advertisements. Common examples of adware include
pop-up ads on websites and advertisements that are
displayed by software
 Some adware may hijack your browser start or search
pages, redirecting you to sites other than intended.
How do I prevent spyware and adware from entering my
system?

 Always read all the install screens when

installing software, especially freeware and
shareware. This also means reading the end-user
license agreement carefully, as some will
actually tell you that if you install the app in
question, you've also decided to install some
spyware with the software.
 As a PC user, you should have the control to decide whether a
program or service should be accessing the internet. To achieve
this task, you will need to install a firewall on your system.
With a good firewall installed on your system, you will have
the ability to deny or allow access to the internet for specific
programs such as spyware.

 Install and run a spyware blocking software program on your

system such as any Anti-Virus

 Beware of peer-to-peer file-sharing services. Many of the most

popular applications include spyware in their installation
procedure.
Viruses
 The two most common types of network attacks are the virus
and the worm. A virus is a program used to infect a
computer. It is usually buried inside another program—known
as a Trojan—or distributed as a stand-alone executable.
 Not all viruses are malicious; in fact, very few cause
extensive damage to systems. Most viruses are simply
practical jokes, designed to make it appear, or scare recipients
into thinking, that something is wrong with Windows.
Unfortunately, the viruses that are destructive are often
extremely destructive. A well-designed virus can disable an
entire network in a matter of minutes.
 Worms are often confused with viruses, but they are very different

types of code. A worm is self-replicating code that spreads itself

from system to system.

 A traditional virus requires manual intervention to propagate

itself, by copying it unknowingly to a floppy, unwittingly

embedding it in an attachment, or some other method.
 Worms do not require assistance to spread; instead, a worm can

automatically e-mail itself to other users, copy itself through the

network, or even scan other hosts for vulnerabilities—and then
attack those hosts.
 A computer worm is a standalone malware computer program

that replicates itself in order to spread to other computers.

Often, it uses a computer network to spread itself, relying
on security failures on the target computer to access it.
 A rootkit is software used by a hacker to gain constant

administrator-level access to a computer or network. A rootkit is

typicially installed through a stolen password or by exploiting a
system vulnerabilities without the victim's consent or knowledge.
 Rootkits primarily aim at user-mode applications, but they also

focus on a computer’s hypervisor, the kernel, or even firmware.

Rootkits can completely deactivate or destroy the anti-malware
software installed in an infected computer, thus making a rootkit
attack difficult to track and eliminate. When done well, the intrusion
can be carefully concealed so that even system administrators are
unaware of it.
 You can guess a rootkit’s definition from the two component words,

―root‖ and ―kit‖ are Linux/UNIX terms, where ―root‖ is the

equivalent of the Windows Administrator, while ―kits‖ are software
designed to take root/administrator control of a PC, without
informing the user.
 Once a rootkit installs itself on your computer, it will boot up at the

same time as your PC. On top of that, by having administrator

access, it can track everything you do on the device, scan your
traffic, install programs without your consent, hijacker your
computer’s resources
Remote Administration Tool
 A RAT stands for a remote administration tool that when it is

installad on a computer allows a remote computer to take control of

it. Hackers and malware sometimes install these types of software
on a computer in order to take control of them remotely.
 Best Android RAT
 DROIDJACK
 ANDRORAT
 SPYNOTE
 A RAT or remote administration tool, is software that gives a

person full control a tech device, remotely. The RAT gives

the user access to your system, just as if they had physical
access to your device. With this access, the person can
access your files, use your camera, and even turn on/off your
device.
 RATs can be used legitimately. For example, when you have

a technical problem on your work computer, sometimes your

corporate IT guys will use a RAT to access your computer
and fix the issue.
 Phases of Virus
 Dormant Phase
 Propagation Phase
 Triggering Phase
 Executing Phase
 Trojan horse
 A Trojan horse or Trojan is a type of malware that is often disguised as

legitimate software. Trojans can be employed by cyber-thieves and

hackers trying to gain access to users' systems. Users are typically
tricked by some form of social engineering into loading and executing
Trojans on their systems. Once activated, Trojans can enable cyber-
criminals to spy on you, steal your sensitive data, and gain backdoor
access to your system. These actions can include:

 Deleting data
 Blocking data
 Modifying data
 Copying data
 Disrupting the performance of computers or computer networks
Botnets
 A botnet is a collection of internet-connected devices, which

may include PCs, servers, mobile devices and internet of

things devices that are infected and controlled by a common
type of malware. Users are often unaware of a botnet infecting
their system.
 The term botnet is derived from the words robot and network.

A bot in this case is a device infected by malware, which then

becomes part of a network, or net, of infected devices
controlled by a single attacker or attack group.
 The botnet malware typically looks for vulnerable devices across

the internet, rather than targeting specific individuals, companies or

industries. The objective for creating a botnet is to infect as many
connected devices as possible, and to use the computing power and
resources of those devices for automated tasks that generally remain
hidden to the users of the devices.
Ransomware

 Ransomware is a type of malware that prevents or limits

users from accessing their system, either by locking the

system's screen or by locking the users' files unless a
ransom is paid. More modern ransomware families,
collectively categorized as crypto-ransomware, encrypt
certain file types on infected systems and forces users to
pay the ransom through certain online payment methods to
get a decrypt key.
 Ransom Prices and Payment

 Ransom prices vary depending on the ransomware variant and the

price or exchange rates of digital currencies. Thanks to the

perceived anonymity offered by crypto currencies, ransomware
operators commonly specify ransom payments in bitcoins. Recent
ransomware variants have also listed alternative payment options
such as iTunes and Amazon gift cards. It should be noted, however,
that paying the ransom does not guarantee that users will get the
decryption key or unlock tool required to regain access to the
infected system or hostaged files.
 Ransomware Infection and Behavior

 Users may encounter this threat through a variety of

means. Ransomware can be downloaded onto systems when
unwitting users visit malicious or compromised websites. It can also
arrive as a payload either dropped or downloaded by other malware.
Some ransomware are known to be delivered as attachments from
spammed email, downloaded from malicious pages through
advisements, or dropped by exploit kits onto vulnerable systems.
 Once executed in the system, ransomware can either lock the

computer screen, or, in the case of crypto-ransomware,

encrypt predetermined files. In the first scenario, a full-screen
image or notification is displayed on the infected system's
screen, which prevents victims from using their system. This
also shows the instructions on how users can pay for the
ransom. The second type of ransomware prevents access to
files to potentially critical or valuable files like documents and
spreadsheets.
 Phishing
 Phishing is a type of social engineering attack often used to steal user data,

including login credentials and credit card numbers. It occurs when an

attacker, masked as a trusted entity, dupes a victim into opening an email,
instant message, or text message.
 When cybercriminals try to get sensitive information from you, like

credit card numbers and passwords. Some specific techniques

include spear phishing (targets specific people or departments), whale
phishing (targets important people like CEOs),
and SMSpiShing (phishing via text messages) and vishing (voice
phishing that takes place over the phone, usually through
impersonation).
 The following illustrates a common phishing scam attempt:

 A spoofed email from myuniversity.edu is mass-distributed to as

many faculty members as possible.

 The email claims that the user’s password is about to expire.

Instructions are given to go to myuniversity.edu/renewal to renew

their password within 24 hours.
 PHISHING PROTECTION
 Two-factor authentication (2FA) is the most effective method for countering

phishing attacks, as it adds an extra verification layer when logging in to

sensitive applications. 2FA relies on users having two things: something they
know, such as a password and user name, and something they have, such as
their smart phones.
 In addition to using 2FA, organizations should enforce strict password

managment policies. For example, employees should be required to frequently

change their passwords and to not be allowed to reuse password for multiple
applications.
 Educational campaigns can also help diminish the threat of phishing attacks by

enforcing secure practices, such as not clicking on external email links.

Spoofing

 When cybercriminals try to get into your computer by masked as a

trusted source. Examples include email spoofing, IP spoofing and
address bar spoofing.
 Spoofing can take place on the Internet in several different ways. One

common method is through e-mail. E-mail spoofing involves sending

messages from a bogus e-mail address or faking the e-mail address of
another user. Fortunately, most e-mail servers have security features that
prevent unauthorized users from sending messages.
 Another way spoofing takes place on the Internet is via IP spoofing. This

involves masking the IP address of a certain computer system. By hiding or

faking a computer's IP address, it is difficult for other systems to determine
where the computer is transmitting data from.
 Denial-of-Service
 A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or

network, making it inaccessible to its intended users.

 DoS attacks accomplish this by flooding the target with traffic, or sending it

information that triggers a crash. In both instances, the DoS attack deprives
legitimate users (i.e. employees, members, or account holders) of the service or
resource they expected.
 Victims of DoS attacks often target web servers of high-profile

organizations such as banking, commerce, and media companies, or

government and trade organizations.
 Though DoS attacks do not typically result in the theft or loss of

significant information or other assets, they can cost the victim a great
deal of time and money to handle.
 There are two general methods of DoS attacks: flooding services or

crashing services. Flood attacks occur when the system receives too
much traffic for the server to buffer, causing them to slow down and
eventually stop
 Keylogger: Spyware (or hardware) that tracks and records
keystrokes, particularly passwords and credit card information.

 Hijackware: Malware that changes your browser settings to direct

you to malicious sites or show you ads. Also known as browser
hijacker.

 Backdoor: Opens a backdoor into your computer to provide a

connection for other malware, viruses, SPAM or hackers.

 logic bomb : is a piece of code intentionally inserted into

a software system that will set off a malicious function when specified
conditions are met.
 Salami attacks:
Salami attacks are a series of minor data security
attacks that together result in a larger attack. For example,
deducting a very small amount or money from a bank account
which is not noticeable. But when the deduct very small amounts
from large number of accounts, it become a huge amount.

 Data diddling attacks:

Data diddling is an illegal or unauthorized data
alteration. Changing data before or as it is input into a computer or
output. Example: Account executives can change the employee time
sheet information of employees before entering to the HR payroll
application.

 Man-in-the-middle attacks: A man-in-the-middle attack is a type of

network attack where the attacker sits between two devices that are
communicating to manipulate the data as it moves between them
Security Patche
 You may have heard the tech term ―patches‖ thrown around the

office or mentioned in news segments, but if you’re not already

familiar, you should be.
 A patch is a small piece of software that a company issues

whenever a security flaw is uncovered.

 Patches are perhaps one of the single-most important cyber security

tools that the everyday tech user needs, right up there with things
like anti-virus software and scanning filters.
 A number of holes have been exploited with severe consequences before

their developers’ could create a patch, including the Heartbleed virus in

2014 and the recent WannaCry ransomware attack that struck in
2014-15.
 Some of the hardest hit networks were hospitals, as their systems

were locked up by the attack. This resulted in the loss of patient

care, and some facilities even had to turn away patients due to the
inability to access any of their computers.
 The only way to unlock the computer and remove the ransomware

was to pay the fine in bitcoin to the hackers, at least until the
block was discovered.
 Microsoft had already issued a patch only a matter of weeks ago for the

particular hole that led to WannaCry, but many users had either not installed it
or did not have automatic updates activated on their systems.

 Unfortunately, this kind of secrecy—while necessary to keep hackers

from launching new malware attacks—also means that if the developer

themselves discovered the hole and patched it in the next regularly
scheduled update, you may never know about it. That’s why it’s very
important to keep all of your software and handheld devices up-to-
date; depending on your comfort level with your own tech you might
choose to set your computer to automatically install any new updates
from the developer.