TOPIC:

5.3 CYBER SECURITY

Chiranjiv Sinha
PGT Computer Science Page 01
✓ Cyber security is the practice of protecting systems, networks, programs,
and data from digital attacks, damage, or unauthorized access.

Page 02
Keeping data safe is extremely important for many reasons.
Personal Data (family photos, private chats) and Commercial Data (bank details, passwords)
must be safeguarded because:
❑ Risk of Loss – Data can be accidentally deleted or corrupted.
❑ Malicious Threats – Hackers can intercept, steal, or destroy data.
❑ Cyber Attacks – Breaches lead to financial loss, privacy violations, and reputational
damage.

Page 03
Brute-Force Attack DDOS Attack

Data Interception Hacking

Malware Phishing

Pharming Social Engineering

Page 04
❖ A brute force attack is when hackers systematically try every possible password
combination (Trial and Error method) to break into an account. It’s like trying every key
on a keyring until one unlocks the door.
❖ How hackers do it:
❖ First step -
✓ They try common passwords first (eg. 12345, password, qwerty, pass1234 etc)
✓ About 10% of accounts can be hacked this way.
❖ Next step -
✓ If simple passwords fail. They use “wordlists” – giant files containing millions of
possible passwords.
✓ These include dictionary words, names and common phrases.
❖ Final stage -
✓ If wordlist fail, they try every possible character combination.
✓ This can take from hours to years depending on a password strength.
Page 05
❖ How to Protect Yourself:
❖ Create Strong Passwords:
❑ At least 12 characters long
❑ Mix uppercase, lowercase, numbers and symbols
❖ Use Extra Security:
❑ Enable two-factor authentication (2FA)
❑ Change passwords regularly
❑ Never reuse passwords across sites

Page 06
❖ Data Interception is a form of stealing data by tapping into a wired or wireless
communication link.
❖ The intent is to compromise privacy or to obtain confidential information.
❖ How it works:
❖ Wired Networks (Ethernet, Cables)
✓ Packet Sniffing: Hackers use tools like Wireshark to analyse unencrypted data
packets traveling through a network.
❖ Wireless Networks (Wi-Fi)
✓ Wardriving/Access Point Mapping
✓ Hackers drive/walk near buildings with a laptop, antenna and GPS to detect
vulnerable Wi-Fi signals.
✓ Weak or Public Wi-Fi (e.g. Cafes, railway stations, airports etc) is especially risky

Page 07
❖ Encryption is key
✓ Use WPA3 for Wi-Fi. WEP (Wired Equivalency Privacy) is outdated now.
✓ Enable end to end encryption (e.g. https, VPNs)
❖ Public Wi-Fi? Be cautious
✓ It is important not to use public Wi-Fi since no data encryption will exist and your
data is then open to interception by anyone within the place.
❖ Secure your Network
✓ Complex password + disable remote access

Page 08
❖ A denial of service (DoS) attack is an attempt at preventing users from accessing part of
network, notably an internet server.
❖ The attacker may be able to prevent a user from:
❖ Accessing their emails
❖ Accessing websites/web pages
❖ Accessing online services such as banking.

❖ If too many people accessing a website at the same time, the server will go down.

Page 09
❖ How does it attack?

When a user enters a

The server can only
website’s URL in their
handle a finite number of
browser, a request is
requests. E.g. 1 million at
sent to the web server
a time
that contains the website

Optimal Traffic

Page 10
❖ How does it attack?

A criminal can use a software The server becomes overloaded

that force thousands of innocent and won’t be able to service a
computers around the world to user’s legitimate request. It will
send a viewing request to a web slow the website down or cause
server it to go offline altogether

X 100000 Sorry Network

Page 11
Error
❖ Signs to detect a DDOS attack

Slow network performance (opening files or

accessing certain websites)

Inability to access certain websites

Large amounts of spam email reaching the

user's email account

Page 12
❖ How to prevent/ be safe from a DDOS attack

using an up-to-date malware checker

setting up a firewall to restrict traffic to and

from the web server or user’s computer

applying email filters to filter out unwanted

traffic (for example, spam)

Page 13
❑ Hacking is the act of gaining illegal access to a computer system without the
user’s permission.
❑ Data can be deleted, passed on, changed or corrupted.
❑ Encryption does not stop hacking, it just make the data meaningless.
❑ Solution: Firewall, strong passwords

Page 14
Type Motivation Legality Examples Real-World Case

Microsoft pays hackers

- Penetration testers
White Hat Ethical security testing Legal to find Azure
- Bug bounty hunters
vulnerabilities

- Hacktivists
Exposes flaws but without WikiLeaks publishes
Grey Hat Legal/illegal - Researchers selling
permission classified info
bugs

- Cybercriminals
WannaCry ransomware
Black Hat Personal gain Illegal - State-sponsored
attack
hackers

Did You Know?

Google paid $12 million to
white hats in 2023 via its bug
bounty program!
Page 15
✓ Malware are pieces of software that have been written and coded with the intention
of causing damage to or stealing data from a computer or system.

Page 16
❖ Viruses are programs or program codes that self-replicate with the intention
of deleting or corrupting files or causing a computer to malfunction.
❖ Viruses need an active host program on the target computer or an operating
system that has already been infected, before they can actually run and cause
harm.
❖ Viruses are often sent as email attachments, reside on infected websites or on
infected software downloaded to the user’s computer.
❖ Example: Melissa virus (1999) infected Word docs.
❖ Protection:
❑ Avoid unknown email attachments.
❑ Use antivirus software.
❑ Use genuine software/applications

Page 17
❖ A type of stand alone malware that can self replicate. Unlike viruses, they
don’t need an active host program to be opened in order to do any damage.
❖ Worm replicates itself until the computer’s resources are used to their
maximum capacity and no further processing can take place, leading to
system failure and crashing.
❖ Worms tend to be problematic because of their ability to spread throughout a
network without any action from end user; whereas viruses require each end
user to somehow initiate the virus.
❖ Example: “I LOVE YOU” worm, 2000.
❖ Protection:
❑ Patch network security flaws
❑ Use firewalls + antivirus

Page 18
❖ A Trojan Horse is a malware that is hidden away in the code of software that appears
to be harmless. A Trojan Horse replaces all or part of the legitimate software with the
intent of carrying our some harm to the user’s computer system.
❖ They need to be executed by the end user. They usually arrive as an email attachment
or are downloaded form an infected website.
❖ Once installed on the user’s computer, the Trojan Horse will give cyber criminals access
to personal information on your computers, such as IP addresses, passwords and other
personal data.
❖ Spyware and ransomware are often installed on a user’s computer via Trojan Horse
malware.
❖ Example: Emotet (Banking Trojan)
❖ Protection:
❑ Never override security warnings.
❑ Verify software sources.

Page 19
❖ Spyware is a software that gathers information by monitoring a user’s
activities carried out on their computer.
❖ The gathered information (bank account numbers, passwords and credit/debit
card details) is sent back to the cybercriminal who originally sent the spyware
(Just like cookies).
❖ Spyware can be detected and removed by anti-spyware software.
❖ Example: infostealers, tracking cookies, keyloggers etc.
❖ Protection:
❑ Use anti-spyware tools like Malwarebytes.
❑ Avoid suspicious downloads.

Page 20
❖ Adware is a software that will attempt to flood an end user with unwanted
advertising.
❖ For example, it could:
❑ Redirect a user’s browser to a website that contains promotional advertising.
❑ Appear in the form of pop-ups.
❑ Appear in the browser’s toolbar and redirect search requests.
❖ Protection:
❑ Use ad-blockers.
❑ Uninstall suspicious programs.

Page 21
❖ Ransomware are programs that encrypt data on a user’s computer and hold
the data hostage.
❖ The cybercriminal waits until the ransom money is paid and sometimes the
decryption key is then sent to the user.
❖ It is spread through Phishing emails, Trojans etc.
❖ Example: WannaCry 2017, it locks the system.
❖ Protection:
❑ Backup data regularly.
❑ Never pay ransoms, report to cybercell police.

Page 22
❖ Sending out legitimate looking emails designed to trick the recipients into
giving their personal details to the sender of the email.
❖ These emails may contain links or attachments when initiated take user to a
fake website to enter personal details.

Page 23
✓ Don’t click suspicious links (check sender, avoid "Dear Customer").
✓ Use anti-phishing toolbars (blocks fake sites).
✓ Look for "https://" & in URLs.
✓ Update browsers & use firewalls (stops attacks).
✓ Never respond to emails asking for passwords/bank details.
✓ Block pop-ups & close them with .

Page 24
❑ Redirect user from a genuine website to
a fake one, with the hope that this goes
unnoticed. They manipulate the DNS
Server.
❑ A user may then be prompted to enter
login details, and this can then be
collected by a criminal for use on the
genuine site.
❑ Pharming attacks occur when web
servers are attacked and code is inserted
into a website that redirects visitors
(changing the IP address).

Page 25
How Does It Work?
1.DNS Cache Poisoning – Hackers alter DNS records to redirect users to fake sites.
2.User enters a URL → Computer fetches the fake IP address → Redirected to scam site.

Page 26
Why is Pharming Dangerous?
❑ Users don’t realize they’re on a fake site (looks legitimate).
❑ Can bypass anti-phishing measures (since no email/link is clicked).
❑ Harder to detect if the DNS server itself is compromised.

Prevention Tips
✓ Use antivirus software (detects website tampering).
✓ Check for "https://" & in the address bar.
✓ Verify URL spellings (scammers use slight misspellings).
✓ Use modern browsers (some warn about pharming).
✓ Avoid suspicious sites & downloads (prevents malware infection).

Page 27
What is Social Engineering?
•Manipulates people into bypassing security by exploiting human emotions.
•No hacking needed—victims willingly give access or download malware.

Stages of a Social Engineering Attack

1. Reconnaissance – Victim is researched (e.g., job role, habits).
2. Engagement – Contact made (email, call).
3. Exploitation – Victim acts (clicks link, installs malware).
4. Cover-Up – Cybercriminal hides traces.

Page 28
Method How It Works Emotion Exploited

Fake emails with malicious links (e.g., "Your account is

Phishing Emails Trust, Fear
compromised!").

Fake pop-ups (e.g., "Virus detected! Download this antivirus

Scareware Fear
NOW!").

Baiting Infected USB drives left in public (e.g., "Who owns this?"). Curiosity

Fake IT calls (e.g., "Your device is hacked—install this

Vishing (Phone Calls) Fear, Trust
software!").

Malicious Links Fake urgent messages (e.g., "Click here for a security
Curiosity, Fear
(IM/SMS) update!").

Page 29
Why Does It Work?
•Exploits fear (urgent threats), curiosity (mystery links/USBs), trust (fake
authority).
•Victims act without thinking due to pressure.

How to Stay Safe

Verify unexpected requests (e.g., call the company directly).
Never plug in unknown USBs.
Ignore pop-up threats (real antivirus doesn’t work that way).
Check URLs/email senders for odd spellings.
Slow down—scammers rush you.
Remember: No legitimate company asks for passwords or urgent actions via
email/call!
Page 30
Page 30
Page 30
Page 31