Scribd
Upload
58 views

Introduction To Cyber Security Unit 2

Cyber criminals follow a 3 step process to plan attacks: 1) Reconnaissance - where they passively gather open source information about targets through searches and surveillance or actively probe networks using tools. 2) Scanning and scrutiny - where they analyze the information to identify network details, vulnerabilities, and entry points through port scanning and other techniques. 3) Launching the attack - where they exploit vulnerabilities by cracking passwords, executing malware, and covering their tracks.

Uploaded by

Rakesh.M Lamborghini
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
58 views

Introduction To Cyber Security Unit 2

Cyber criminals follow a 3 step process to plan attacks: 1) Reconnaissance - where they passively gather open source information about targets through searches and surveillance or actively probe networks using tools. 2) Scanning and scrutiny - where they analyze the information to identify network details, vulnerabilities, and entry points through port scanning and other techniques. 3) Launching the attack - where they exploit vulnerabilities by cracking passwords, executing malware, and covering their tracks.

Uploaded by

Rakesh.M Lamborghini
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 7

HOW CYBER CRIMINALS PLAN THE ATTACK?

1) Reconnainance:

Passive attack

o A passive attack involves gathering information about a target without individual’s/company’s


knowledge.

o It can be as simple as watching a building to identify what time employees enter the building
premises.

o However it is usually done with internet searches or by googling about Individual or company to
gain information.

o Google Yahoo search

o Surfing online communities like Orkut, Instagram, Facebook.

o Organisation website may provide a personal directory or information about key employees.

o Blogs,newsgroup & press religious are used for gathering information.

o Going through the job postings in particular job profiles for technical persons can provide
Information about type of technology.

Ex: Linkedin professional community.

o Google earth is a virtual globe it maps the earth by the super imposing images obtained from
satellite imagery and provides aerial photography of a particular location.

o People search - provides personal information (DOB, residential address, contact number, etc).

o WHO IS - this is a domain name registration lookup tool to find a website. This utility is used for
communicating servers who is located around the world to obtain domain name registration.

o Trace route - to find the route in a computer system to target a system.

o NS lookup - the tool is used in windows and linux to query DNS details.

Active attack

o Arpbound - it listens to the traffic on the ethernet network Interface. It reports MAC address pairs
as well as events such as IP conflicts, IP changes, various ARP protocol spoofing & packets not using
the expected gateways.

о Arping - it is a network tool that broadcasts ARP packets & receives replies similar to ping.

o Bing - it is used for band width ping, it is a point - to - point band width width measurement tool
based on ping.

o Dsniff - this is a network auditing tool to capture user name, password & authentication
Information on a local subnet.

o Filesnarf - this is a network auditing tool to capture file transfers on a local subnet.
2) Scanning & Scrutinising the information:
Port scanning :-

TCP

o Porte no. - 1.

o Port service multiplexer.

RJE

o Port no. - 5.

o Remote Job Entry.

FTP

o Port no.- 20.

o File Transfer Protocol.

ECHO

o Port no. - 7.

MSP

o Port no. - 18.

o Message Sender Protocol.

Network scanning;-

Understand the IP address & related information about the computer network systems.

Vulnerability scanning:-

Understand the weakness of the system.

3)Launch the attack:

o Crack the password.

o Exploit the privileges.

o Execute the malicious commands / applications.

o Hide the files if required.

o Cover the tracks.


o Delete the access locks so that there is no trail of ilicit activity.
In Feb 2009, according to the Neelson survey on the profile of cybercafe users in India it was found
that 90 percent of the audience were accross 8 cities and 3500 cafes were mailed and within the age
group of 15 to 35 years. 52 percent were graduates and post graduates though almost 50 percent
were students.

A recent survey conducted in one of the metropolitan cities in India reveals the following facts( eye
opener)

1)Pirated software such as OS,browser and MS office tools .

2) Antivirus software is found to be not updated.

3) Several cybercafe had installed a software called deep freeze from protecting computer from
malware attack but it's disadvantage is that it will help cybercriminals to hood winking investigation
agencies because the characteristics of deep freeze is that it will wipe out all the recent events which
is done on the system

4)Annual maintenance contract found not in place for serving the computer . Harddisc are not
formatted unless computer's are down.
5)Pornographic websites and other similar websites with indecent contents are not block in cyber
cafe.

6)Cybercafe owners have less knowledge about IT security and it its governance.

7)Government state police, ISP's do not seem to provide IT governance guidelines to cybercafe
owners.

8)Cybercafe association or state police do not seem to conduct periodic visit to cybercafe.
To some extent anitivirus software and firewall stops attack vectors however no protection method is
fully attack proof.

If an attack Vector though of a guided missile it's payward contains the malicious software.

In technical terms, the payword is necessary. Data carried in a pocket or other transmission unit.

Example- Zero day attack - It attacks a computer threat which attemts to exploit tge computer
applications vulnerabilities that are unkown by anybody in the world that is undisclosed to the
software vendors for which no patch is available.

Zero day attack are used by the attackers before the software vendors know about system
vulnerability

You might also like