Cyber Threats and

Vulnerabilities in
Cyberspace
Raneeta Pal
Malware
 Introduction
• Malware (short for malicious software) is
any software designed to harm, exploit, or
disrupt computers, networks, or devices.
It is created with malicious intent and can
steal data, damage systems, or grant
unauthorized access to attackers.
 Malicious
Phishing
downloads
emails
(from
(attachments,
How links)
untrusted
websites)

Malware
Software
Spreads? Infected USB
vulnerabilities
(exploited
drives
through the
internet)
 Types of Malware
Viruses
A virus is a type of malware that attaches
itself to legitimate programs or files and
spreads when the infected program is
executed.It can corrupt or delete data and
slow down system performance.Example:
File infectors, macro viruses.

Worms
Worms are self-replicating malware that
spread without user intervention,
exploiting network vulnerabilities.They
consume bandwidth, overload systems, and
can carry harmful payloads.Example:
Conficker, Stuxnet.
Trojans
Trojans disguise themselves as legitimate
software but carry malicious code.They do
not self-replicate but allow hackers to gain
unauthorized access to a system.Example:
Remote Access Trojans (RATs), Banking
Trojans.

Ransomware
Ransomware encrypts a user's files and
demands payment (usually in
cryptocurrency) to restore access.It is
commonly spread through phishing emails
or malicious downloads.Example:
WannaCry, Locky.
 Common Effects of
Malware

Data theft or loss

System slowdowns or crashes

Unauthorized remote control of

devices

Financial fraud or extortion (e.g.,

ransomware )
PHISHING AND
SOCIAL
ENGINEERING

Raneeta
 Social Engineering
Definition: Social engineering is a broader category of attacks that manipulate
human behavior to gain access to information, systems, or physical locations. It
often involves psychological manipulation and deception.

Common Techniques: Pretexting: Attackers create a fabricated scenario or

pretext to extract information, such as posing as a co-worker or service
provider.

Baiting: Cybercriminals offer something enticing, like free software or a USB

drive, which is infected with malware. Tailgating: An attacker gains physical
access to a restricted area by following authorized personnel.
 Cont.
• Red Flags: Unsolicited requests for sensitive information. Requests for
assistance that seem unusual or out of the ordinary. Suspicious individuals
attempting to gain physical access to secure areas.
• Prevention: Verify the identity of individuals making unusual requests,
especially when it involves sensitive information. Educate employees and
individuals about the dangers of social engineering and the importance of
verifying identities.
In the age of ICT, these threats have evolved and become increasingly
sophisticated. Cybercriminals use psychology, deception, and the ubiquity
of digital communication to exploit individuals and organizations. Vigilance,
skepticism, and proper education are key components of defense against
phishing and social engineering attacks. Additionally, organizations should
provide security training and establish protocols to detect and respond to
these threats effectively
 Phishing Attacks
• Definition: Phishing is a type of cyberattack in which cybercriminals
impersonate trusted entities or individuals, such as banks, government
agencies, or well-known companies, to deceive victims into revealing sensitive
information or performing actions that compromise security.
Common Techniques:
• Email Phishing: Attackers send convincing emails that appear to be from
legitimate sources, often with urgent requests to update account information
or click on malicious links.
• Spear Phishing: Targeted phishing attacks that are highly personalized and
often involve research on the victim to make the message more convincing.
• Smishing: Phishing via SMS (text messages) that may include malicious links or
requests for personal information.
• Vishing: Phishing over the phone, where attackers impersonate trusted entities
and try to extract information or access to a victim's systems.
 Cont.
• Red Flags: Misspelled domain names or email
addresses. Unsolicited requests for personal or
financial information. Urgent or threatening
language in the message. Suspicious-looking links or
email attachments.
• Prevention: Verify the legitimacy of requests for
personal information or actions. Use multi-factor
authentication (MFA) to add an extra layer of
security. Be cautious about clicking on links or
downloading attachments in unsolicited emails or
messages.
Network Vulnerabilities:
Denial of Service (DoS) and
Distributed Denial of Service
(DDoS) Attacks,
Raneeta
 Denial of Service
(DoS) Attack
• A cyberattack where a system, network, or
website is overwhelmed with excessive traffic or
resource requests, making it unavailable to
legitimate users.
• Typically carried out using a single machine.
• Example: Sending massive requests to a web
server to crash it.
 Distributed Denial of Service (DDoS) Attack
A more advanced form of DoS, where multiple compromised
devices (a botnet) flood a target system with traffic, making it
harder to mitigate.
Often used to disrupt businesses, government websites, or
financial services.
Example: A botnet of infected computers attacking an online
banking system, causing downtime.
Insider Threats and Data
Breaches: Causes and
Prevention
 Insider threats
Refer to security risks posed by individuals within an
organization—such as employees, contractors, or
business partners—who have access to sensitive systems
and data. These individuals may misuse their access
intentionally or unintentionally, leading to data theft,
system sabotage, or financial loss.
 • Malicious Insiders
Employees or insiders who intentionally steal,
leak, or misuse sensitive data for personal
gain, revenge, or espionage.Example: An
employee stealing trade secrets and selling
Types of them to a competitor.
Insider • Negligent Insiders
Employees who unintentionally cause
Threats security breaches due to human error, poor
cybersecurity practices, or lack of
awareness.Example: Clicking on a phishing
email, using weak passwords, or
misconfiguring security settings.
• Compromised Insiders:
Legitimate users whose accounts or
devices have been hijacked by
external attackers through phishing,
malware, or social
engineering.Example: A hacker
stealing an employee’s credentials to
gain unauthorized access to a
company’s database.
 • Access Control & Least Privilege: Limit data access
based on job roles.
• Employee Training: Educate staff on cybersecurity

Prevention best practices.

• User Behavior Monitoring: Detect unusual login
patterns or data access.
Strategies • Multi-Factor Authentication (MFA): Add extra
layers of security to prevent unauthorized access.
• Strict Offboarding Process: Revoke access for
former employees immediately.
Emerging Cyber Threats: Advanced
Persistent Threats (APTs) and Zero-
Day Exploits, Cybersecurity Risk
Assessment and Management
 Advanced Persistent
Threats (APTs)

• Advanced Persistent Threats (APTs) are

stealthy, long-term cyberattacks
carried out by well-funded attackers,
often nation-states or organized
cybercriminal groups. These attacks aim
to gain unauthorized access, remain
undetected for extended periods, and
steal sensitive data or disrupt critical
systems.
 Characteristics of APTs
Targeted Attacks: APTs focus on high-value organizations such as governments,
financial institutions, and multinational corporations.

Persistence: Attackers maintain ongoing access, often using backdoors and

malware.

Stealth and Evasion: They avoid detection by using advanced techniques like
encryption.

Multiphase Execution: Attackers gain access, establish control, escalate

privileges, and exfiltrate data.
 Stages of an APT Attack

Reconnaissance – Initial Intrusion – Use Establish Foothold –

Attackers gather phishing, malware, or Deploy backdoors or
intelligence on the exploiting vulnerabilities Remote Access Trojans
target. to gain entry. (RATs).

Lateral Movement – Persistence & Evasion –

Data Exfiltration – Steal
Move within the Maintain long-term
valuable data and
network to access access while avoiding
transfer it covertly.
sensitive areas. detection.
 Real-World APT

Stuxnet (2010) – A sophisticated malware

targeting Iran’s nuclear program.
APT29 (Cozy Bear) – A Russian hacking group
linked to government espionage.
APT38 (Lazarus Group) – North Korean
cybercriminals targeting financial institutions.
 2. Zero-Day Exploits
• A Zero-Day Exploit is an attack that takes advantage of a
software vulnerability before developers can release a
security patch. Since no fix exists at the time of attack, these
exploits are highly dangerous and difficult to defend against.
 Why Are They Dangerous?

No Available Patch – The vulnerability is unknown

to the software vendor.
High Success Rate – Since there’s no fix, attacks
are harder to block.
Widespread Impact – Often used to target critical
infrastructure and businesses.
 How Zero-Day Attacks Work?
Vulnerability Discovery – Attackers find a flaw in software (e.g., an OS or
browser).

Exploit Development – They create malicious code to exploit the flaw.

Attack Deployment – The exploit is used in phishing emails, malicious websites,

or infected files.

Payload Execution – The exploit bypasses security, allowing data theft, malware
installation, or system control.
 Real-World Zero-Day Attacks

WannaCry (2017) – Used a Windows SMB vulnerability

before patches were widely applied.

Google Chrome Zero-Day (2021) – A critical flaw exploited

before Google released a fix.

Apple iOS Zero-Day (2022) – Exploited to target high-

profile individuals.
Cybersecurity Risk Assessment and
Management
 Risk Assessment Steps
• Identify Assets: Determine critical
systems, data, and networks.
• Analyze Threats & Vulnerabilities: Assess
potential attack vectors like malware,
phishing, and insider threats.
• Evaluate Risks: Measure the impact and
likelihood of different cyber threats.
• Prioritize Security Measures: Focus on
high-risk areas that need immediate
protection.
 Risk Management Strategies

Patch Management: Regularly update and patch software vulnerabilities.

Network Segmentation: Limit access between critical and less secure systems.

Intrusion Detection Systems (IDS): Monitor for unusual activities.

Incident Response Plan: Have a strategy to detect, respond, and recover from cyber incidents.

Cybersecurity Training: Educate employees on phishing, social engineering, and safe browsing
habits.
Antivirus and Other
Security Solution

Raneeta
• Antivirus software is a fundamental cybersecurity tool designed to detect, prevent, and
remove malicious software such as viruses, worms, Trojans, ransomware, and spyware.
• It operates using signature-based detection, which scans files for known malware
patterns, and heuristic analysis, which identifies suspicious behavior to detect new
threats. However, antivirus alone is not enough to protect against sophisticated cyber
threats.
• Other essential security solutions include firewalls, which act as a barrier between
trusted and untrusted networks to block unauthorized access, and intrusion detection
and prevention systems (IDS/IPS), which monitor network traffic for suspicious
activities and take action to prevent attacks.
• Endpoint security solutions protect individual devices like computers, mobile phones,
and IoT devices by ensuring they remain secure from cyber threats.
• Multi-Factor Authentication (MFA) adds an extra layer of security by requiring
additional verification beyond just passwords.
• Encryption ensures sensitive data is protected even if intercepted by cybercriminals.
• Organizations also use Security Information and Event Management (SIEM) systems,
which provide real-time threat analysis and response capabilities. Implementing a
combination of these security solutions enhances cybersecurity defenses against
evolving digital threats.
Signature-Based Detection A traditional method used by antivirus software to detect malware by
comparing files against a database of known virus signatures (unique code patterns).Limitation: Cannot
detect new or unknown malware that has not been added to the database.Example: If a virus with a
known code pattern tries to execute, the antivirus immediately blocks it.

Heuristic Analysis A proactive technique used by security software to detect previously unknown or
modified malware based on suspicious behavior or characteristics.Instead of relying on a predefined
signature, it analyzes how a file behaves to determine if it is malicious.Example: If a program tries to
modify system files or send data to an unknown server, heuristic analysis flags it as potentially harmful.

Firewalls A security system that monitors and controls incoming and outgoing network traffic based on
predefined security rules.Firewalls can be hardware-based, software-based, or cloud-based.Example: A
firewall can block unauthorized access to a company’s network while allowing legitimate communication.
• Intrusion Detection and Prevention Systems (IDS/IPS)IDS (Intrusion Detection System): Monitors
network traffic and alerts security teams about suspicious activities but does not take action.IPS
(Intrusion Prevention System): Actively blocks and prevents malicious activities from harming the
network.Example: If an attacker tries to exploit a known system vulnerability, an IDS will detect it
and notify administrators, while an IPS will automatically block the attempt.
• Endpoint Security Solutions protect individual devices (endpoints) such as computers,
smartphones, and IoT devices from cyber threats.These solutions include antivirus, anti-
malware, encryption, and mobile device management (MDM) tools.Example: A company
installing endpoint security software on all employees' laptops to prevent malware infections.
• Security Information and Event Management (SIEM) Systems A cybersecurity solution that
collects, analyzes, and correlates security data from multiple sources in real-time to detect and
respond to threats.SIEM systems help organizations identify potential security incidents and
automate responses.Example: If an employee’s account suddenly logs in from a foreign country
at an unusual time, a SIEM system can detect this anomaly and trigger an alert or block the
login.
Secure WIFI Settings, Track
Yourself Online, Cloud Storage
Security, IOT Security, Physical
Security Threats
 Secure WiFi Settings

WiFi networks can be vulnerable to cyberattacks

if not properly secured. To enhance WiFi security,
use WPA3 or WPA2 encryption instead of
outdated WEP. Set a strong, unique password
and change the default router login credentials.
Enable firewall and MAC address filtering to
restrict unauthorized devices. Additionally,
disable remote management and regularly
update your router firmware to patch
vulnerabilities.
 Track Yourself Online
• Understanding your digital footprint helps in
maintaining online privacy. Regularly check what
personal data is publicly available by Googling
your name and reviewing your social media
settings. Use privacy-focused browsers and
search engines, and enable two-factor
authentication (2FA) on important accounts. Tools
like VPNs, private browsing modes, and password
managers can help minimize exposure to cyber
threats.
 Cloud Storage Security

• Storing data in the cloud offers convenience,

but security risks exist. Use end-to-end
encryption to protect sensitive files, and
enable multi-factor authentication (MFA) for
cloud accounts. Always back up important
data and choose cloud providers that comply
with strong security policies and regulations
(such as GDPR or ISO 27001). Be cautious
when sharing cloud access and set strict
permissions for collaborators.
 IoT Security

• Internet of Things (IoT) devices like smart

home assistants, cameras, and wearables
often have weak security settings. To
protect IoT devices, change default
passwords, update firmware regularly,
and use a separate WiFi network for IoT
devices. Disable unnecessary features like
remote access and Universal Plug and
Play (UPnP), which can expose devices to
external attacks. Also, ensure IoT devices
encrypt data before transmitting it.
Physical Security Threats
• Cybersecurity isn’t just about digital
protection; physical security threats can also
compromise data. Unauthorized access to
offices, lost or stolen devices, and insecure
disposal of documents can lead to data
breaches. To mitigate these risks, use access
control mechanisms like keycards or
biometric authentication, lock devices when
unattended, and shred sensitive documents
before disposal. Installing security cameras
and training employees on social engineering
threats can further enhance security.
END