Definition and Origins of the Word Cybercrime

❑ Definition of Cybercrime: Cybercrime refers to illegal activities

that are conducted using digital technology and the internet.
These activities can range from hacking, phishing, and spreading
malware to more complex offenses like online fraud, identity theft,
and cyberterrorism.
The key characteristic of cybercrime is its reliance on digital
infrastructure and the internet to perpetrate offenses.
❑ Emergence of Cybercrime: As the internet became more
accessible and integral to daily life, the term "cybercrime"
emerged to describe criminal activities that exploited digital
technology and networks. The 1990s saw an increase in
cybercrimes like hacking, virus dissemination, and online fraud,
leading to the term gaining prominence in both legal and
technological discourse.
 Definition and Origins of the Word Cybercrime
❑ Modern Usage: Today, "cybercrime" encompasses a broad range
of illegal activities facilitated by computers and the internet. It is a
critical area of study and concern for law enforcement,
cybersecurity professionals, and legislators globally, given the
increasing dependency on digital infrastructure and the
sophisticated nature of modern cyber threats.

Some important definitions

❑ Cyberspace: Cyberspace is a conceptual environment where
communication over computer networks occurs. It encompasses
the virtual domain of digital information, including the internet,
online communities, and digital communication channels.
Cyberspace is characterized by the interconnectedness of devices,
systems, and users, facilitating the exchange of data and
interactions in a non-physical, virtual space.
 Definition and Origins of the Word Cybercrime
❑ Cybersquatting: It is also known as domain squatting, is the act of
registering, trafficking in, or using a domain name with the intent
to profit from the goodwill of a trademark belonging to someone
else. The cybersquatter typically aims to sell the domain to the
trademark owner or a third party at an inflated price, capitalize
on web traffic intended for the legitimate site, or exploit the
domain for malicious purposes.
Domain Registration: Cybersquatters often register domain names
that are identical or confusingly similar to established trademarks,
company names, or celebrity names. The goal is to exploit the value
associated with these names.
Intention to Profit: The primary motive behind cybersquatting is
financial gain. Cybersquatters may hope to sell the domain name to
the rightful trademark owner at a high price.
❑ Cyberwarfare: Cyberwarfare refers to the use of digital attacks by
one nation-state to disrupt the activities of another nation-state,
typically for strategic, military, or political objectives. These
attacks target critical infrastructure, government operations,
military systems, or other key areas to weaken the adversary,
gather intelligence, or assert dominance in cyberspace.
 Definition and Origins of the Word Cybercrime
❑ Cyberterrorism: Cyberterrorism refers to the use of computer
networks and digital technology to carry out acts of terrorism.
These acts are intended to cause significant disruption, fear, or
harm, typically targeting critical infrastructure, information
systems, or public confidence. Cyberterrorism combines the
objectives of traditional terrorism—such as coercion,
intimidation, and spreading fear—with the capabilities and reach
of cyberspace.
Cybercrime: Definition and origin of the word
General Definition
❑ Illegal activities conducted using computers, digital devices, or the
internet, encompassing offenses such as hacking, identity theft,
online fraud, and the distribution of malicious software.
❑ Criminal acts conducted via the internet, including financial
fraud, data breaches, and distribution of illegal content. These
crimes take advantage of the global reach and anonymity
provided by the internet.
❑ Any illegal act involving a computer or computer network. This
includes unauthorized access, data manipulation, and disruption
of services, all of which can impact individuals, organizations, and
governments.
❑ Offenses that involve the use of digital technologies, including
computers, smartphones , and other digital devices, to commit
illegal activities. Examples include cyberstalking, distribution of
child pornography, and digital piracy.
Cybercrime: Definition and origin of the word

❑ Criminal activities that are conducted using electronic devices,

especially those connected to the internet. These crimes encompass
a range of illegal acts from cyberbullying to electronic fraud and
embezzlement.
❑ Crimes that involve advanced technological tools and techniques
to commit offenses. These include hacking into secure systems,
deploying malware, and executing sophisticated online scams.
❑ Any criminal activity carried out over the internet. This broad
category includes a wide range of offenses from financial scams
and hacking to cyber harassment and trafficking of illegal goods
and services.
 Cybercrime and Information Security
❑ Lack of information security gives rise to cybercrime
❑ In Indian perspective, the Information Technology Act, 2008
provides a new focus on information security in the country.
❑ Cybersecurity is the practice of protecting systems, networks, and
programs from digital attacks. In the context of information
security, cybersecurity involves safeguarding information and
information systems from unauthorized access, disclosure,
disruption, modification, or destruction to ensure the
confidentiality, integrity, and availability of data.
❑ Quantifying the financial impact of operational downtime and the
disruption of business processes due to data breach / data theft
can be challenging, especially if the breach affects critical systems
or infrastructure.
❑ The challenges faced while trying to collect data on the business
impact of cybercrimes are as follows:
Many cybercrimes go unreported, either because organizations are
unaware of the breach or choose not to disclose it.
 Cybercrime and Information Security
Organizations do not explicitly incorporate the cost of the vast
majority of computer security incidents into their accounting, unlike
shrinkage of goods in retail. This can lead to an underestimation of
the financial impact of cyber incidents, as many costs are absorbed
without specific allocation or documentation.
Attaching a quantifiable monetary value to corporate data is
challenging. Data’s value can vary greatly depending on its type,
usage, and relevance to business operations.
Companies may be hesitant to share information about cyber
incidents due to concerns about reputation damage, regulatory
scrutiny, and potential legal liabilities.
Organizations may lack the specialized skills and knowledge required
to accurately assess and report the impact of cybercrimes.
Quantifying the impact of cybercrimes on employee morale and
productivity can be difficult.
Many organizations and employees may not have adequate awareness
or understanding of data privacy principles and regulations. This can
lead to improper handling and reporting of data breaches
 Who are Cybercriminals?
❑ Cybercriminals are individuals or groups who engage in illegal
activities using computers and networks to exploit vulnerabilities
for personal, financial, or ideological gain.
❑ These criminals use a variety of techniques to access, steal,
manipulate, or destroy data and systems.
❑ Cybercriminals can be broadly categorized into three groups
based on their motivations and methods:
Type 1: Cybercriminals - Hungry for Recognition
❑ These individuals or groups seek fame, status, and recognition
within the hacker community or society at large. They may be
driven by the desire to prove their skills, gain respect, or achieve
notoriety.
Hobby Hackers
IT professional (social engineering)
Politically motivated hackers
Terrorist organizations
 Who are Cybercriminals?
Type 2: Cybercriminals - Not Interested in Recognition
❑ These individuals or groups operate primarily for financial gain,
espionage, or personal vendettas and prefer to remain anonymous.
They often take great care to avoid detection and publicity.
Psychological Perverts
Financially motivated hackers (corporate espionage)
State-sponsored hacking(national espionage, sabotage)
Organized criminals
Type 3: Cybercriminals – The Insiders
❑ These individuals are current or former employees, contractors,
or business partners with legitimate access to an organization’s
systems and data. Their motivations can include financial gain,
revenge, ideological beliefs,
Disgruntled or former employee seeking revenge
Competing companies using employees to gain economic advantage
through damage and/or theft
 Classification of Cybercrime
1. Cybercrime Against Individuals
❑ These crimes target individuals to steal personal information,
cause harm, or exploit their identity.
Identity Theft: Stealing personal information to impersonate
someone, often to commit fraud or other crimes.
Phishing: Deceptive emails or messages designed to trick individuals
into revealing sensitive information such as passwords or credit card
numbers.
Cyberstalking: Using the internet to harass or stalk an individual,
often involving threats and intimidation.
Online Scams: Various fraud schemes, including advance-fee scams,
romance scams, and auction frauds, aimed at deceiving individuals
for financial gain.
Cyberdefamation, also known as online defamation, refers to the act
of publishing false statements about an individual, organization, or
entity on the internet, which harms their reputation. This form of
defamation occurs through various online platforms, including social
media, websites, blogs, forums, and emails.
Email spoofing: It is the act of forging the sender's address on an
email to make it appear as if it comes from a legitimate source, often
to deceive the recipient and carry out malicious activities.
 Classification of Cybercrime
2. Cybercrimes Against Property
❑ These crimes involve the theft, damage, or disruption of property,
including digital assets and intellectual property.
Hacking: Unauthorized access to computer systems or networks to
steal, modify, or destroy data.
Ransomware: Malware that encrypts a victim's data, demanding a
ransom for decryption.
DDoS Attacks: Distributed Denial of Service attacks aim to make
online services unavailable by overwhelming them with traffic.
Software Piracy: Illegal copying, distribution, or use of software.
3. Cybercrimes Against Organization
❑ These crimes target businesses, government agencies, and other
organizations to steal sensitive information, disrupt operations, or
cause financial loss.
Unauthorized Accessing of Computers: Unauthorized accessing of
computers refers to gaining entry into a computer system or network
without permission, often to steal, alter, or destroy data.
 Classification of Cybercrime
DoS Attack (Denial of Service Attack): A DoS attack aims to make a
computer or network service unavailable to its intended users by
overwhelming it with a flood of illegitimate requests.
Password Sniffing: Password sniffing is the act of intercepting and
capturing passwords as they are transmitted over a network, typically
using specialized software tools.
Virus Attacks/Dissemination of Viruses: Virus attacks involve the
creation and distribution of malicious software (viruses) designed to
infect and damage computer systems and networks.
E-mail Bombing: E-mail bombing is the act of sending large volumes
of emails to a target address to overwhelm the recipient's email
system and cause disruption.
Salami Attack: A salami attack involves the execution of multiple
small, often unnoticed, fraudulent actions that collectively result in
significant financial gain for the attacker.
Logic Bomb: A logic bomb is a piece of code inserted into a software
system that triggers a malicious action when certain conditions are
met.
 Classification of Cybercrime
Trojan Horse: A Trojan horse is a type of malicious software that
disguises itself as legitimate software to deceive users into installing it,
thereby granting attackers access to the victim's system.
Data Diddling: Data diddling involves the unauthorized alteration of
data before or during entry into a computer system, leading to
incorrect or fraudulent outcomes.
Industrial Spying: Industrial spying is the act of using cyber
techniques to gather confidential or proprietary information from
competitors for commercial advantage.
Computer Network Intrusions: Computer network intrusions involve
unauthorized access to or interference with computer networks, often
to steal data or cause harm.
Software Piracy: Software piracy is the illegal copying, distribution,
or use of software without proper licensing or permission from the
copyright holder.
4. Cybercrimes Against Society
❑ These crimes have a broader impact on society, often targeting
critical infrastructure, public safety, or national security.
Cyberterrorism: Using cyber attacks to create fear, harm, or
disruption, often targeting critical infrastructure or government
systems.
 Classification of Cybercrime
Forgery: Forgery is the act of creating, altering, or imitating
documents, signatures, or other items with the intent to deceive or
defraud.
Web Jacking: Web jacking involves taking control of a website by
exploiting its vulnerabilities to deface, redirect, or misuse it, often for
malicious purposes or financial gain.
Cyber Warfare: Cyber warfare refers to state-sponsored cyber
attacks aimed at damaging or disrupting another nation's
infrastructure, economy, or military capabilities, often as part of
broader geopolitical conflicts.
5. Cybercrimes Against Technology
❑ These crimes target technology itself, exploiting vulnerabilities to
cause damage, steal information, or disrupt services.
Virus and Malware Distribution: Creating and spreading malicious
software to damage systems, steal data, or disrupt services.
Botnets: Networks of compromised computers controlled remotely to
perform coordinated attacks or distribute spam and malware.
Cryptojacking: Unauthorized use of someone else's computing
resources to mine cryptocurrencies.
 Classification of Cybercrime
Exploit Kits: Pre-packaged tools that exploit vulnerabilities in
software to deliver malware or conduct attacks.
❑ R
 Cybercrime : The Legal Perspectives
❑ Cybercrime encompasses a wide range of criminal activities that
involve computers, networks, and digital information. Addressing
these crimes from a legal perspective involves understanding
various laws, regulations, and international agreements designed
to prevent, investigate, and prosecute such activities.
❑ Here are some key legal perspectives on cybercrime:
National Legislation: Each country has its own set of laws and
regulations to combat cybercrime like Computer Misuse and Fraud
Acts, Data Protection Laws etc.
International Conventions and Agreements: Cybercrime often crosses
national borders, making international cooperation essential. Various
international agreements facilitate collaboration and standardize
legal frameworks
❑ The legal perspectives on cybercrime encompass a wide array of
laws, regulations, and international agreements designed to tackle
the complex and evolving nature of digital criminal activities. By
understanding and addressing these legal aspects, nations can
better protect their citizens, organizations, and critical
infrastructure from the growing threat of cybercrime.
 Cybercrime : An Indian Perspective
❑ India, as one of the world's largest and fastest-growing digital
economies, faces a significant challenge in combating cybercrime.
❑ The country's increasing internet penetration, digital
transformation, and reliance on technology have made it a target
for various cyber threats.
❑ Addressing these threats involves a comprehensive legal
framework, enforcement mechanisms, and public awareness.
❑ India has established various institutions and mechanisms to
enforce cyber laws and combat cybercrime:
Cyber Crime Cells: Specialized units within the police departments
across states and union territories dedicated to investigating
cybercrimes.
Indian Computer Emergency Response Team (CERT-In): The
national agency responsible for incident response, including handling
cybersecurity incidents, issuing advisories, and promoting
cybersecurity awareness.
National Critical Information Infrastructure Protection Centre
(NCIIPC): Responsible for protecting critical information
infrastructure in India.
 Cybercrime and the Indian ITA 2000
❑ India has developed a robust legal framework to address
cybercrime, primarily through the Information Technology Act,
2000 (IT Act) and subsequent amendments.
Section 66: Covers computer-related offenses, including hacking,
identity theft, and phishing.
Section 66A: Addressed offensive messages through communication
services, though it was struck down by the Supreme Court in 2015 for
being unconstitutional.
Section 66B: Punishes dishonestly receiving stolen computer
resources or communication devices.
Section 66C: Deals with identity theft and imposes penalties for
fraudulent digital signatures or electronic passwords.
Section 66D: Addresses cheating by personation using computer
resources.
Section 66E: Penalizes violations of privacy, including capturing,
publishing, or transmitting images of private areas of individuals.
Section 67: Punishes the transmission of obscene material in
electronic form.
Section 69: Empowers the government to intercept, monitor, and
decrypt information for national security and public order.
 A Global Perspective on Cybercrime
❑ Cybercrime is a global issue that transcends national borders,
affecting individuals, organizations, and governments worldwide.
❑ The interconnected nature of the internet makes it possible for
cybercriminals to operate from anywhere in the world, targeting
victims in multiple countries.
❑ Addressing cybercrime requires a coordinated international
approach, involving comprehensive legal frameworks,
cross-border cooperation, and proactive cybersecurity measures.
❑ Here’s an overview of the International Legal Frameworks and
Agreements:
Budapest Convention on Cybercrime: The first international treaty seeking to
address cybercrime by harmonizing national laws, improving investigative
techniques, and fostering international cooperation.
United Nations Initiatives: Various UN bodies, such as the UN Office on Drugs
and Crime (UNODC), work to develop international standards and promote
legal cooperation against cybercrime.
European Union Directives: The EU has implemented various directives and
regulations, like the General Data Protection Regulation (GDPR), to protect
personal data and ensure cybersecurity.
 A Global Perspective on Cybercrime
Cybercrime and the Extended Enterprise
❑ The concept of the extended enterprise refers to an organization's
network that includes not just its internal operations but also its
external partnerships, suppliers, distributors, customers, and
other stakeholders.

❑ The extended enterprise can only be successful if all the

component groups and individuals have the information they need
in order to do business effectively.
❑ It is a “loosely coupled, self-organizing network” of firms that
combine their economic output to provide “product and services”
offerings to the market.
 A Global Perspective on Cybercrime
❑ This interconnected and often complex ecosystem enhances
business capabilities but also expands the attack surface for
cybercriminals.
❑ Several types of cyber threats specifically impact the extended
enterprise:
Supply Chain Attacks: Targeting suppliers or service providers to
gain access to the primary enterprise.
Phishing and Social Engineering: Cybercriminals use sophisticated
phishing attacks to trick employees of third parties, leading to
credential theft and unauthorized access.
Ransomware: Ransomware can spread through interconnected
systems, affecting not only the targeted enterprise but also its
partners and customers.
Data Breaches: Breaches at third-party vendors can expose sensitive
data, including customer information, intellectual property, and
financial records.
❑ Securing an extended enterprise poses unique challenges:
Organizations often lack full visibility into the security practices and
potential vulnerabilities of their partners and third-party vendors.
 A Global Perspective on Cybercrime
Complexity of Networks: The interconnected nature of the extended
enterprise makes it difficult to manage and secure all endpoints and
connections.
Compliance and Regulations: Different partners and vendors may
operate under varying regulatory requirements, complicating
compliance efforts across the entire network.
❑ Given these unique challenges faced by the extended enterprise,
the international organizations have special roles to play to
enhance security standards. By enhancing visibility, enforcing
rigorous security standards, and fostering collaboration across the
enterprise, businesses can better protect themselves against the
growing threat of cybercrime in an interconnected world.
 How Criminals Plan the Attacks
Phases Involved in Planning Cybercrime
1. Reconnaissance (Information Gathering)
2. Scanning and scrutinizing the gathered information for the
validity of the information as well as to identify the existing
vulnerabilities
3. Launching an attack (gaining and maintaining the system access)
1. Reconnaissance
❑ Reconnaissance phase begins with “Footprinting” – this is the
preparation toward preattack phase and involves accumulating
data about the target’s environment and computer architecture to
find ways to intrude into that environment.
❑ During Footprinting, an attacker gathers as much information as
possible about a target system, network, or organization to
identify potential vulnerabilities.
❑ The goal of footprinting is to create a comprehensive profile of the
target, which serves as a foundation for planning and executing
subsequent attack phases.
 How Criminals Plan the Attacks
❑ By understanding the target’s architecture and security posture,
attackers can identify weak points to exploit while minimizing the
risk of detection.
❑ This phase involves both passive and active techniques.
Passive footprinting includes gathering information without direct
interaction, such as researching public records, analyzing social
media, and reviewing company websites.
Active footprinting involves directly engaging with the target’s
systems, using tools like network scanners and probes to map out the
network structure, open ports, and running services.
❑ Here are some important tools commonly used in passive
reconnaissance:
Google Search: Utilizing advanced search operators to find
information about a target, such as documents, directories, and
employee details.
WHOIS Lookup Tools: Tools like [Link] or DomainTools
provide domain registration details, including the registrant’s contact
information and server details.
 How Criminals Plan the Attacks
Shodan: A search engine for internet-connected devices, allowing
attackers to find exposed devices and services based on specific search
criteria.
Maltego: A data mining tool that provides a graphical representation
of the relationships between various pieces of information about a
target, such as social media profiles, domain names, and email
addresses.
Social Media Platforms: Sites like LinkedIn, Facebook, and Twitter
can reveal a wealth of information about individuals and
organizations, including employee roles, company structure, and
personal connections.
Recon-ng: A web reconnaissance framework that provides modules
for gathering information from various online sources, such as
domain names, IP addresses, and web technologies.
theHarvester: A tool designed to gather emails, subdomains, hosts,
and employee names from public sources such as search engines, PGP
key servers, and social networks.
Amass: An open-source tool for in-depth domain mapping, which
includes DNS enumeration, network mapping, and data gathering
from a wide range of public sources.
 How Criminals Plan the Attacks
Shodan: A search engine for internet-connected devices, allowing
attackers to find exposed devices and services based on specific search
criteria.
Censys: A search engine for internet-connected devices that provides
detailed information about the infrastructure and services exposed by
a target.
FOCA: A tool for extracting metadata from publicly accessible
documents (e.g., PDFs, Word documents) to reveal details such as
usernames, software versions, and network paths.
❑ An active attack involves probing the network to discover
individual hosts to confirm the information (IP addresses,
Operating System type and version, and services on the network)
gathered in the passive attack phase. It involves the risk of
detection and is also called “Rattling the doorknobs” or “Active
reconnaissance”.
❑ Here are some important tools commonly used in active
reconnaissance:
Nmap (Network Mapper): A versatile tool for network discovery and
security auditing, used to identify live hosts, open ports, running
services, and operating system details.
 How Criminals Plan the Attacks
Metasploit Framework: A penetration testing framework that allows
security professionals to identify, exploit, and validate vulnerabilities
within a network or system.
Nessus: A vulnerability scanner that identifies security vulnerabilities
in systems, networks, and applications, providing detailed reports
and remediation suggestions.
OpenVAS (Open Vulnerability Assessment Scanner): An open-source
vulnerability scanner that performs comprehensive scans to identify
and assess vulnerabilities.
Nikto: A web server scanner that detects potentially dangerous files,
outdated software, and configuration issues on web servers.
Hydra: A password-cracking tool used to perform brute force attacks
on various protocols, such as HTTP, FTP, and SSH, to test the
strength of passwords
DirBuster: A directory and file brute-forcing tool that discovers
hidden directories and files on a web server by using a wordlist-based
approach.
Burp Suite: A web vulnerability scanner and testing tool that includes
various features for identifying and exploiting vulnerabilities in web
applications, such as SQL injection and XSS.
 How Criminals Plan the Attacks
Zmap: A fast network scanner designed for Internet-wide network
surveys, capable of scanning large address spaces quickly to identify
open ports and services.
HTTrack: A website copier tool that downloads entire websites,
allowing attackers to analyze the site offline and find vulnerabilities.
Netcat: A versatile networking tool used for reading from and writing
to network connections using TCP or UDP, often called the "Swiss
army knife" of networking.
Hping: A command-line network tool that sends custom TCP/IP
packets and analyzes responses, often used for network mapping,
firewall testing, and penetration testing.
Masscan: A network port scanner similar to Nmap, but designed for
faster scanning of large networks, capable of scanning the entire
Internet in under 6 minutes.
Fierce: A DNS reconnaissance tool that helps locate non-contiguous
IP space and hostnames against specified domains.
 How Criminals Plan the Attacks
❑ Network sniffing is another means of passive attack to yield useful
information such as Internet Protocol (IP) address ranges, hidden
servers or networks, and other available services on the system or
network.
❑ The network traffic is sniffed for monitoring the traffic on the
network – attacker watches the flow of data to see what time
certain transactions take place and where the traffic is going.
❑ Two most commonly used tools in network sniffing are:
Wireshark: A network protocol analyzer that captures and interacts
with traffic on a network, providing detailed information about the
network's structure and data flow
Ettercap: A comprehensive suite for man-in-the-middle attacks on
LAN, allowing for sniffing of live connections, content filtering, and
various network attacks.
 How Criminals Plan the Attacks
2. Scanning and scrutinizing the gathered information
i. Port scanning: Identify open/close ports and services
ii. Network scanning: Understand IP Addresses and related
information about the computer network systems
iii. Vulnerability scanning: Understand the existing weaknesses in
the system.
❑ Port Scanning: A “port” is a place where information goes into
and out of a computer and so, with port scanning, one can identify
open doors to a computer. Ports are basically entry/exit points
that any computer has, to be able to communicate with external
machines.
Port scanning is often one of the first things an attacker will do when
attempting to penetrate a particular compute.
Tools such as Nmap offer an automated mechanism for an attacker to
not only scan the system to find out what ports are “open” (meaning
being used), but also help to identify what operating system (OS) is
being used by the system.
 How Criminals Plan the Attacks
The result of scan on a port is usually generalized into one of the
following three categories:
a. Open or accepted: The host sent a reply indicating that a service
is listening on the port.
b. Closed or not listening: The host sent a reply indicating that
connections will be denied to the port.
c. Filtered or blocked: There was no reply from the host.
Security administrators as well as attackers have a special eye on few
well-known ports and protocols associated with it.
i. Port 20 and 21 – File Transfer Protocols (FTP) – are used for uploading
and downloading of information.
ii. Port 25 – Simple Mail Transfer Protocol (SMTP) – is used for
sending/receiving E-Mails.
iii. Port 23 – Telnet Protocol – is used to connect directly to a remote host
and Internet control message.
iv. Port 80 – It is used for Hypertext Transfer Protocol (HTTP)
Open ports present two categories of vulnerabilities:
Vulnerabilities associated with the program that is delivering the service.
Vulnerabilities associated with the OS that is running the host.
 How Criminals Plan the Attacks
❑ The scrutinizing phase is always called “enumeration” in the
hacking world. The objective behind this step is to identify:
1. The valid user account or groups
2. Network resources and/or shared resources
3. OS and different applications that are running on the OS.
3. Attack (Gaining and Maintaining the System Access)
1. Crack the password
2. Exploit the Privileges
3. Execute the malicious commands/applications
4. Hide the files (if required)
5. Cover the tracks – delete the access logs, so that there is no trail
illicit activity.
 Social Engineering
❑ Social Engineering is a manipulative technique used by attackers
to deceive individuals into divulging confidential information or
performing actions that compromise security. Unlike technical
hacking methods, social engineering exploits human psychology
and behavior, making it a powerful and often successful approach.
❑ Some examples:
An attacker sends an email claiming to be from a bank, asking the recipient to
click on a link to verify their account details. The link leads to a fake website
that captures the entered information.
An attacker calls employees and offers a free software upgrade in exchange
for their login credentials. Believing they will receive a benefit, some
employees provide the requested information.
An attacker leaves USB drives labeled "Confidential" in a company parking
lot. When employees find and insert the drives into their computers, malware
is installed, giving the attacker access to the network.
An attacker researches a company executive and sends a personalized email
that appears to be from a trusted colleague, asking for sensitive business
information or to click on a malicious link.
An attacker calls posing as a fraud investigator from a bank, warning the
target of suspicious activity and asking them to verify their account details to
prevent further unauthorized transactions.
 Social Engineering
Classification of Social Engineering
❑ Human-Based Social Engineering: Human-Based Social
Engineering involves direct interaction with individuals to deceive
them into revealing confidential information or performing
actions that compromise security. Examples –
Impersonating an employee or valid user: An attacker pretends to be an IT
support employee and calls a company employee, claiming there is an issue
with their account. The attacker asks for the employee's login credentials to
"fix" the problem.
Posing as an Important User: An attacker pretends to be the CEO and emails
the finance department, urgently requesting a large fund transfer to a
specified account for a confidential business deal.
Using a third person: An attacker pretends to have permission from an
authorized source to use a system. This trick is useful when the supposed
authorized personnel is on vacation or cannot be contacted for verification.
Calling technical support : An attacker calls the IT helpdesk, pretending to be
an employee, and asks for a password reset to gain access to the company's
internal systems.
Shoulder surfing: An attacker observes someone entering their password or
PIN in a public place, such as at an ATM or on a computer, to steal their
credentials.
 Social Engineering
Dumpster diving : An attacker searches through discarded trash and
documents to find sensitive information like passwords, account numbers, or
personal details.
❑ Computer-Based Social Engineering: Computer-Based Social
Engineering involves using computer software/Internet to deceive
individuals into revealing confidential information or performing
actions that compromise security.
Phishing: An attacker sends an email that appears to be from a cloud storage
service, claiming that the recipient's account is nearly full and urging them to
click a link to upgrade their storage, which leads to a fake website that
captures their login credentials.
Pop-up windows: An attacker sends a pop-up message to a user's computer,
claiming that their system is infected with malware and urging them to
download a fake antivirus program that actually installs malware.
E-Mail attachment: An attacker sends an email with an attachment claiming
to be an invoice from a trusted vendor, but the attachment contains malware
that infects the recipient's computer when opened.
 Cyberstalking
❑ Cyberstalking is the use of the internet or other electronic means
to stalk or harass an individual, group, or organization. It involves
repeated and persistent threatening, intimidating, or intrusive
behavior directed at a specific person, causing them emotional
distress and fear.
How Stalking Works?
1. Information Gathering: The stalker collects personal information about
the victim from social media, public records, or other online sources.
This can include addresses, phone numbers, email addresses, and details
about the victim's routine and personal life.
2. Monitoring: The stalker monitors the victim’s online activities, such as
social media posts, online check-ins, and other digital footprints, to keep
track of their movements and interactions.
3. Communication: The stalker may send threatening or harassing emails,
messages, or posts. They might also spread false information, defame, or
impersonate the victim online.
4. Exploitation: The stalker may exploit the victim’s personal information
to harm them further, such as applying for credit in their name, signing
them up for unwanted services, or publishing private information
(doxing).
 Cyberstalking
Real-Life Incident of Cyberstalking: Case Study
❑ In 2018, a high-profile cyberstalking case emerged when a
Bengaluru-based tech professional, Parvathy (name changed for
privacy), was harassed by an ex-colleague who had developed an
unhealthy obsession with her. The stalker used multiple fake
social media accounts to send threatening messages, hacked into
her email and professional networks, and posted her personal
photos online with derogatory comments. Despite blocking him
repeatedly, the harassment continued until she filed a police
complaint. The cybercrime unit tracked and arrested the stalker,
charging him under the Information Technology Act, 2000, and
the Indian Penal Code. This case underscored the severe impact of
cyberstalking on professional and personal life and highlighted the
critical role of legal recourse in combating cyber harassment.
 Botnets: The Fuel for Cybercrime
❑ A Botnet is a network of compromised computers, known as
"bots" or "zombies," that are controlled by a central entity called
the "botmaster" or "bot herder."
❑ These compromised machines are typically infected with malware
that allows the botmaster to remotely control them, often without
the knowledge of the machine's owner.
❑ Botnets are commonly used for malicious activities such as
distributed denial-of-service (DDoS) attacks, spamming, data
theft, and spreading malware.
Common Protocols Used in Botnets
❑ HTTP/HTTPS: Many modern botnets use HTTP or HTTPS for
command and control (C&C) communications because these protocols
blend in with normal web traffic, making detection more challenging.
❑ IRC (Internet Relay Chat): IRC was one of the earliest protocols used
for botnet communication. Bots connect to an IRC channel to receive
commands from the botmaster. Despite its age, it is still used due to its
simplicity.
Botnets: The Fuel for Cybercrime
 Botnets: The Fuel for Cybercrime
❑ P2P (Peer-to-Peer): Peer-to-peer botnets use decentralized
communication, where each bot can act as both a client and a
server. This architecture makes the botnet more resilient to
takedown efforts since there is no central C&C server.

Common Architectures of Botnets

❑ Centralized Architecture (Client-Server Model): In this architecture, all
bots communicate with a central C&C server to receive instructions. The server acts as
the sole command point. While easy to manage, it is vulnerable to takedown efforts by
authorities or security professionals who can locate and disable the central server
 Botnets: The Fuel for Cybercrime
❑ Decentralized Architecture (Peer-to-Peer (P2P) Model):In a P2P
botnet, there is no central server. Instead, bots communicate
directly with each other to propagate commands. This makes the
botnet more resilient to takedown attempts, as there is no single
point of failure
❑ Hybrid Architecture(Combination of Centralized and P2P
Models): Some botnets use a hybrid approach that combines
elements of both centralized and decentralized architectures. For
example, they might use a central server for initial instructions
and then switch to P2P communication for further commands.
 Attack Vector
Attack Vectors are methods or pathways through which a cyber
attacker can gain access to a computer system, network, or data.
Understanding attack vectors is crucial for developing effective
cybersecurity strategies and defenses.
Common Attack Vectors
❑ Phishing: Phishing involves sending fraudulent communications,
usually emails, that appear to come from a reputable source. The
goal is to trick the recipient into revealing sensitive information,
such as login credentials or financial information.
Example: An email claiming to be from a bank asking the recipient to
verify their account information by clicking on a link that leads to a
fake login page
❑ Malware: Malware, or malicious software, is any software
intentionally designed to cause damage to a computer, server, or
network. Types of malware include viruses, worms, Trojan horses,
ransomware, spyware, and adware.
Example: A user downloads a seemingly legitimate application, which
is actually malware that infects their system, stealing data or causing
system malfunctions.
 Attack Vector
❑ Ransomware: Ransomware is a type of malware that encrypts a
victim’s files. The attacker then demands a ransom from the
victim to restore access to the data upon payment.
Example: A victim receives an email with an attachment that, when
opened, encrypts their files and displays a ransom note demanding
payment in cryptocurrency for the decryption key.
❑ SQL Injection: SQL injection involves inserting malicious SQL
code into a query, allowing an attacker to interfere with the
queries that an application makes to its database. This can result
in unauthorized access to or manipulation of the database.
Example: An attacker inputs malicious SQL commands into a
website’s search box, bypassing authentication and gaining access to
sensitive information stored in the database.
❑ Cross-Site Scripting (XSS):XSS attacks involve injecting malicious
scripts into content from otherwise trusted websites. These scripts
are then executed in the user's browser, allowing attackers to steal
cookies, session tokens, or other sensitive data.
Example:An attacker injects a malicious script into a comment
section on a website, which then executes when other users view the
infected page.
 Attack Vector
❑ Denial of Service (DoS) / Distributed Denial of Service (DDoS):
DoS and DDoS attacks aim to make a machine or network
resource unavailable to its intended users by overwhelming it with
a flood of internet traffic.
Example: A botnet sends an enormous amount of traffic to a target
server, causing it to crash and become inaccessible to legitimate users.
❑ Man-in-the-Middle (MitM): MitM attacks occur when an attacker
secretly intercepts and relays messages between two parties who
believe they are directly communicating with each other. The
attacker can monitor, alter, or steal the data being transmitted.
Example: An attacker intercepts communications between a user and
a website over an unsecured Wi-Fi network, capturing login
credentials and other sensitive information.
❑ Brute Force Attack:A brute force attack involves systematically
attempting all possible combinations of passwords or encryption
keys until the correct one is found.
Example: An attacker uses an automated tool to try thousands of
password combinations to gain access to a user’s email account.
 Attack Vector
❑ Zero-Day Exploit: Zero-day exploits take advantage of previously
unknown vulnerabilities in software. Since the developer is
unaware of the vulnerability, there is no patch or fix available at
the time of the attack.
Example: An attacker discovers a vulnerability in a widely-used
software application and uses it to gain unauthorized access to
systems before a patch is released.
❑ Social Engineering: Social engineering attacks manipulate
individuals into performing actions or divulging confidential
information. These attacks exploit human psychology rather than
technical vulnerabilities.
Example: An attacker calls an employee, pretending to be from the
IT department, and convinces them to reveal their password.
 Cloud Computing
❑ Cloud computing services, while offering considerable benefits
and cost savings, move servers outside the organizations security
perimeter, which makes it easier for cybercriminals to attack these
systems.
❑ Risks associated with cloud computing environment.

Sr. Area What is the risk? How to Remediate the Risk?

No.
1 Elevated User Any data processed outside Customer should obtain as
Access the organization brings with it much information as he/she can
an inherent level of risk, as about the service provider who
outsourced services may will be managing the data and
bypass the physical, logical, scrutinizing vendor’s
and personal controls and will monitoring mechanism about
have elevated user access to hiring and oversight of privilege
such data administrators, and IT control
over the access privileges.
 Cloud Computing
Sr. Area What is the risk? How to Remediate the Risk?
No.
2 Regulatory Cloud computing service The organization is entirely
Compliance providers are not able and/or not responsible for the security and
willing to undergo external integrity of their own data, even
assessments. when it is held by a service
Non-compliance with industry provider. Hence organization
regulations and legal should force the cloud computing
requirements can lead to legal service provider to undergo
penalties, financial losses, and external audits and/or security
reputational damage. certifications and submit the report
on periodic basis.
3. Location of The organization that are The organization should be aware
Data obtaining cloud computing of data residency requirements,
services may not be aware about choose data storage locations
where the data is hosted and may carefully, and use encryption to
not even know in which country it protect data in transit and at rest,
is hosted. Data stored in multiple ensuring compliance with local
jurisdictions can lead to legal and laws and regulations.
compliance issues related to data
sovereignty.
 Cloud Computing
Sr. Area What is the risk? How to Remediate the Risk?
No.
4. Segregation In a multi-tenant cloud The organization should be aware
of Data environment, improper data of the arrangements made by the
segregation can lead to data service provider in terms of the
breaches and unauthorized access use of strong encryption and
to sensitive information. isolation techniques to separate
Therefore, the encryption data between tenants, ensuring that
mechanism should be strong the cloud provider implements
enough to segregate the data from robust data segregation controls,
other organizations, whose data and regularly test these controls for
are also stored under the same effectiveness.
server.
5. Recovery of Data loss due to accidental The organization should be aware
Data deletion, corruption, or disaster of the disaster recovery plans made
can be catastrophic if there is no by the service provider, and ensure
effective recovery plan in place. that data recovery processes are
These can lead to disruption in reliable and efficient.
business continuity and/or
availability of services.
 Cloud Computing
Sr. Area What is the risk? How to Remediate the Risk?
No.
6. Information Due to complex IT environment The organization should enforce
Security and several customers logging in the contractual liability towards
Violation and logging out of the host, it establishing clear incident
Reports becomes difficult to trace response protocols, ensuring
inappropriate and/or illegal timely detection and reporting of
activity. Failure to detect, report, security violations, using
and respond to information automated monitoring and alerting
security violations can lead to systems, and providing regular
prolonged exposure to threats and training to staffs on incident
increased damage from attacks. response procedures.
7. Long-Term In case of any major change in the The organization should ensure
Viability cloud computing service provider getting their data in case of such
(e.g. acquisition and merger, major events.
partnership breakage), the service
provided is at the stake.