Cyber Security

Instructor - Dr. Vikram Dhiman

CSE Dept GITAM
8283877786
⚫ Disclaimer: All information and software
available on this site are for educational
purposes only.
⚫ Please feel free to use these at your own
discretion; the site owners cannot be held
responsible for any damages caused.
⚫ The views expressed are our own and do not
necessarily reflect those of our employers.
⚫ Using any tools for attacking targets without
prior mutual consent is illegal.
⚫ It is the end user’s responsibility to obey all
applicable local, state, and federal laws. We
assume no liability and are not responsible for
 What is Cyber Security?

It is a process of protecting internet-connected systems

such as computers, servers, mobile devices, electronic
systems, networks, and data from malicious attacks

Course Prerequisite: Concepts of Computer Networks

*This ppt is for reference only

False Sense of Security?
Data Transmission in Computer Networks
What Is a Vulnerability?
⚫ Vulnerabilities refer to errors or
weaknesses within a system’s
security protocols, structure,
execution, or internal
management that could
potentially breach the system’s
security policies.
What Is a Vulnerability
Assessment?
⚫ Vulnerability assessment identifies
weaknesses or vulnerabilities in computer
systems, networks, and software, along with
the inherent risks they introduce.
⚫ By using specialized tools like vulnerability
scanners and manual methods, vulnerability
assessment helps organizations figure out
where they might be at risk. This process not
only identifies potential problems but also
Vulnerability Assessment
Types
⚫ Network-Based Vulnerability
Assessment
⚫ Application-Based Vulnerability
Assessment
⚫ API-Based Vulnerability Assessment
⚫ Host-Based Vulnerability Assessment
⚫ Wireless Network Vulnerability
8 Asset Management KPIs you
should be using
⚫ MTTF (Mean time to failure)
⚫ MTTR (Mean Time Through Repair)
⚫ MTFB (Mean Time Between Failures)
⚫ FF (Failure Frequency)
⚫ Incident resolution and response time
(Trsl and Trsp)
Risk
Cyber Security Today
Cybersecurity Threats and
Trends for 2023
⚫ Vulnerability in the Cloud
⚫ Data Breaches
⚫ Risky Hybrid or Remote Work
Environments
⚫ Mobile Attacks
⚫ Phishing Gets More Sophisticated
⚫ Ransomware Strategies Evolve
⚫ Crypto jacking
Critical thinking
⚫ Critical
thinking skills
enable you to
make better
decisions and
collaborate
more
efficiently
Critical Thinking
⚫ The National Security Agency has cautioned
against four types of cloud vulnerabilities —
misconfiguration, poor access control,
shared tenancy and supply chain
vulnerabilities.

⚫ Other cloud vulnerabilities may include

insecure APIs and lack of multi-factor
authentication.
Data Breaches
⚫ Data breaches have, unfortunately, become all too
common, and they don’t seem to be going away any time
soon.

⚫ Some of the biggest data breaches of the 21st century

include top companies like Yahoo, LinkedIn, Facebook and
Marriott International. According to Comparitech, the
U.S. has experienced the most data breaches with 212.4
million people affected in 2021 (compared with 174.4
million people in 2020). The closest country behind the
U.S. was Iran with 156.1 million people affected by a data
Mobile Attacks
⚫ The average cell phone user in the U.S. spent
4 hours and 23 minutes on their device in 2021.
Smartphones are everywhere; not only are they used for
personal connection and communication, but they are
often essential for business, which makes them even more
vulnerable to cyber threats.

⚫ Just like computers and laptops, smartphones are

susceptible to many security threats, including phishing
(especially via text messaging), poor password security,
spyware and malicious apps.
Phishing Gets More
Sophisticated
⚫ Phishing attacks, in which carefully targeted
digital messages are transmitted to fool
people into clicking on a link that can then
install malware or expose sensitive data, are
becoming more sophisticated.
Crypto jacking
⚫ The cryptocurrency movement also affects cybersecurity
in other ways. For example, cryptojacking is a trend that
involves cyber criminals hijacking third-party home or
work computers to “mine” for cryptocurrency.
⚫ Because mining for cryptocurrency (like Bitcoin, for
example) requires immense amounts of computer
processing power, hackers can make money by secretly
piggybacking on someone else’s systems. For businesses,
cryptojacked systems can cause serious performance
issues and costly downtime as IT works to track down and
resolve the issue.
Social Engineering
⚫ Hackers are continually becoming more and more
sophisticated not only in their use of technology, but also
psychology. Tripwire describes social engineers as
“hackers who exploit the one weakness that is found in
each and every organization: human psychology.

⚫ Using a variety of media, including phone calls and social

media, these attackers trick people into offering them
access to sensitive information.” The article includes
a video demonstrating an example of social engineering.
What Companies Are Doing to
Combat
⚫
Cybersecurity Threats
One of the most effective methods for preventing and
mitigating cybersecurity threats and attacks is through
proper cybersecurity education. Many companies and
organizations are using webinars and training tools to
keep employees informed of best practices and proper
protocols.

⚫ Companies may also adopt new technologies and run

security audits, in addition to hiring experienced
cybersecurity professionals and/or consultants to help
strengthen their cyber defenses.
Cyber Security Starts With
Critical Thinking
⚫ To apply quantitative and algorithmic skills
⚫ To make high stakes decisions about data security
⚫ To assess and manage technology risks
⚫ To plan, evaluate, and implement cyber security measures
⚫ To respond to security breaches/threats
⚫ To identify and integrate the latest security intelligence
⚫ To adapt systems to the constantly changing technological
environment
⚫ To lead the deployment of prevention and technology recovery plans
⚫ To explain threats, options, plans, and progress to senior leadership
and coworkers
Overview of actors and their
motives.
⚫ Hacking organizations, Major types of cyber-
attacks,
⚫ Network Security Model, Security services,
Security Mechanisms, Threat Examples,
Malware
⚫ and Ransomware, Threat Protection, Internet
Security Threats, Security Threat, The Cyber
Kill Chain,
⚫ Social Engineering, Cyberwarfare
Every organization is vulnerable
to cyber threats.
⚫ Most devices today are connected to the
internet—be it cars, consumer durables like
air conditioners or heating systems, or
laptops and mobile phones. IoT devices are
increasingly transmitting large amounts of
data across cyberspace. And with most apps
migrating to the cloud, more and more
personal and work-related information is
moving online.
Every organization is vulnerable
to cyber threats.
⚫ Experts believe that the economic damages
caused by cyber attacks will likely cross
$10.5 trillion by 2025.

⚫ What can you do to

protect your data, systems and networks fro
m cyber threats
and vulnerabilities?
Every organization is vulnerable
to cyber threats.
⚫ What can you do to
protect your data, systems and networks fro
m cyber threats
and vulnerabilities?

⚫ The first step is understanding how to

identify threat actors. Who are they? What
do they want to achieve? Most importantly,
why do they want to attack our systems?
What can you do to
protect your data, systems and networks from cy
ber threats
and vulnerabilities?
⚫“If you know the enemy and
know yourself, you need not
fear the result of a hundred
battles.”
Exploring the Landscape of Cyber Threat Actors
⚫ In the world of cybersecurity, a threat may
be defined as a potential negative action or
event facilitated by a vulnerability that
results in an unwanted impact on a
computer system or application.
Exploring the Landscape of Cyber Threat Actors
⚫ A person or an organization with malicious
intent can break into systems or networks
through a weak spot and inflict damage.

⚫ The individual or group carrying out such

cyber threats is called a cyber threat actor.
Exploring the Landscape of Cyber Threat Actors
⚫ The damage inflicted by threat actors may
take various forms:
⚫ They may render apps or systems unusable, leading to network
outages and system downtime that cause economic losses to
corporations and businesses.
⚫ They may corrupt data and make it unreadable.
⚫ They may steal sensitive personal or financial information and use it
to embezzle funds. (The property or asset need not be of substantial
value for embezzlement to occur)
⚫ They may commit other types of fraud, like theft of intellectual
property.
Loss of Reputation
⚫ Disruptions caused by cyber attacks lead to
negative publicity and a loss of reputation
for the company attacked as it exposes core
vulnerabilities in their security.
Knowledge is power. (Threat Actors)
⚫ The total amount of digital data worldwide
will reach 200 zettabytes by 2025, with
about 100 zettabytes stored in public or
private cloud environments.

⚫ An important implication is that the cyber

threat surface is growing exponentially. It
helps in deploying cyberdefense strategy.
Types of Cyber Threat Actors
Proactive measures
Proactive measures
Why is threat modeling necessary?
As organizations become more digital and cloud-based, IT systems face
increased risk and vulnerability. Growing use of mobile and Internet of
Things (IoT) devices also expands the threat landscape. And while hacking
and distributed-denial-of-service (DDoS) attacks repeatedly make headlines,
threats can also come from within--from employees trying to steal or
manipulate data, for example.

Smaller enterprises are not immune to attacks either--in fact they may be
more at risk because they don't have adequate cybersecurity measures in
place. Malicious hackers and other bad actors make risk assessments of
their own and look for easy targets.
What are the benefits of threat modeling?
⚫ The process of threat modeling can:
⚫ Provide an enhanced view of systems. The steps involved in threat
modeling--creating data flow diagrams (DFDs) and graphical
representations of attack paths, as well as prioritizing assets and risks--
help IT teams gain a deeper understanding of network security and
architecture.
⚫ Help enable better collaboration on security. Proper threat modeling
requires input from many stakeholders. Participating in the process can
help instill cybersecurity consciousness as a core competency for all
participants.
⚫ Facilitate risk prioritization. Businesses can use the threat data provided
by modeling to make decisions about which security risks to prioritize--a
helpful process for understanding where to allocate people and budget
resources.
What are the benefits of threat modeling?
⚫ The process of threat modeling can:
⚫ Provide an enhanced view of systems. The steps involved in threat
modeling--creating data flow diagrams (DFDs) and graphical
representations of attack paths, as well as prioritizing assets and risks--
help IT teams gain a deeper understanding of network security and
architecture.
⚫ Help enable better collaboration on security. Proper threat modeling
requires input from many stakeholders. Participating in the process can
help instill cybersecurity consciousness as a core competency for all
participants.
⚫ Facilitate risk prioritization. Businesses can use the threat data provided
by modeling to make decisions about which security risks to prioritize--a
helpful process for understanding where to allocate people and budget
resources.
What is involved in the threat modeling
process?
⚫ Steps involved in threat modeling include:
⚫ Identify assets. An asset could be account data, intellectual property, or simply the
reliable functioning of a system.
⚫ Diagram the system. DFDs provide a high-level, asset-centric view of systems and
the data flows of attacks. An attack tree, or graphic representation of an attack
path, illustrates the possible origins and paths of attacks.
⚫ Analyze threats. Use threat modeling methods to further analyze specific threat
types, identify potential threats, map data flows, and quantify risk.
⚫ Perform risk management and prioritization. Many threat modeling tools produce
threat scores and data for calculating risk. Stakeholder input is essential to this
step.
⚫ Identify fixes. Once you identify the areas, assets, or threats that matter most to
the organization, the next steps may be apparent. Changing firewall, encryption, or
multi-factor authentication settings are examples of steps to address a threat.
Demo-1
How do I measure the effectiveness of threat
modeling?
⚫ Two ways to measure effectiveness are:
⚫ Common Vulnerability Scoring System (CVSS). CVSS produces
standardized scores for application vulnerabilities, IT systems
and elements, and IoT devices; the scores can be calculated with
a free online tool. For additional perspective, scores can be
compared against a database of existing scores crowdsourced
from similar enterprises.
⚫ Penetration testing. Sometimes referred to as "ethical hacking,"
penetration testing is the process of staging dummy attacks on a
system to measure its strengths and weaknesses. Pen tests may
require a good deal of time-consuming data analysis, so
organizations should be wary of running too many tests, or tests
on assets that are not sufficiently high-risk to justify the cost.
Threat modeling methods and tools
ARP Poisoning
What is MITM?
⚫ The Man-in-the-Middle attack (abbreviated
MITM, MitM, MIM, MiM, MITMA) implies
an active attack where the adversary
impersonates the user by creating a
connection between the victims and sends
messages between them. In this case, the
victims think that they are communicating
with each other, but in reality, the malicious
actor controls the communication.
Demo 2
⚫ In this exercise, we have used Ettercap to
perform ARP poisoning in LAN environment
using VMware workstation in which we have
installed Kali Linux and Ettercap tool to sniff
the local traffic in LAN.
List of software requied
⚫ VMware workstation
⚫ Kali Linux or Linux Operating system
⚫ Ettercap Tool
⚫ LAN connection
Local LAN
⚫ Note − This attack is possible in wired and wireless networks.
You can perform this attack in local LAN.

⚫ Step 1 − Install the VMware workstation and install the Kali

Linux operating system.

⚫ Step 2 − Login into the Kali Linux using username pass “root,
toor”.

⚫ Step 3 − Make sure you are connected to local LAN and check
the IP address by typing the command ifconfig in the terminal.
Step 4 − Open up the terminal and type “Ettercap
–G” to start the graphical version of Ettercap
Step 5 − Now click the tab “sniff” in the menu bar and select “unified sniffing”
and click OK to select the interface. We are going to use “eth0” which means
Ethernet connection.
Step 6 − Now click the “hosts” tab in the menu bar and click “scan
for hosts”. It will start scanning the whole network for the alive
hosts.
⚫ Step 7 − Next, click the “hosts” tab and select “hosts list” to see the
number of hosts available in the network. This list also includes the
default gateway address. We have to be careful when we select the
targets.
Continue..
⚫ Step 8 − Now we have to choose the targets.
In MITM, our target is the host machine,
and the route will be the router address to
forward the traffic.
⚫ In an MITM attack, the attacker intercepts
the network and sniffs the packets. So, we
will add the victim as “target 1” and the
router address as “target 2.”
Continue..
⚫ In VMware environment, the default
gateway will always end with “2” because
“1” is assigned to the physical machine.

⚫ Step 9 − In this scenario, our target is

“192.168.121.129” and the router is
“192.168.121.2”. So we will add target 1 as
victim IP and target 2 as router IP.
⚫ Step 10 − Now click on “MITM” and click
“ARP poisoning”. Thereafter, check the
option “Sniff remote connections” and click
OK.
Continue..
⚫ Step 11 − Click “start” and select “start
sniffing”. This will start ARP poisoning in the
network which means we have enabled our
network card in “promiscuous mode” and
now the local traffic can be sniffed.
⚫ Note − We have allowed only HTTP sniffing
with Ettercap, so don’t expect HTTPS
packets to be sniffed with this process.
Now it’s time
⚫ Step 12 − Now it’s time to see the results; if
our victim logged into some websites. You
can see the results in the toolbar of Ettercap
Conclusion
⚫ This is how sniffing works. You must have understood how easy it is to
get the HTTP credentials just by enabling ARP poisoning.

⚫ ARP Poisoning has the potential to cause huge losses in company

environments. This is the place where ethical hackers are appointed to
secure the networks.

⚫ Like ARP poisoning, there are other attacks such as MAC flooding, MAC
spoofing, DNS poisoning, ICMP poisoning, etc. that can cause significant
loss to a network.

⚫ In the next chapter, we will discuss another type of attack known as DNS
poisoning.
Network Security Model
What is the network security model?
⚫ A network security model is the security
process of interconnecting various computer
networks to protect them from unwanted
threats and access.
⚫ This security model provides top-notch
safety to network infrastructure.
What are the benefits of moving from
traditional security models to 'Zero Trust
Networks'?
⚫ Zero Trust Network challenges traditional
security by verifying every application, user
and device before granting access.
⚫ Some benefits it provides over traditional
security are
⚫ 1) easy governance and 2) compliance,
3)enhanced protection of data, 4) better
security and much more.
Why do we need a network security
model?
⚫ The Internet and other private networks are
hubs of opportunities for users worldwide,
but it also exposes us to unwanted threats.

⚫ Using a network security model, one can

keep their network safe and running without
worry.
Types of Network Security Models
⚫ Network Access Control (NAC)
⚫ Antivirus and Antimalware Software
⚫ Virtual Private Networks (VPN)
⚫ Firewall Protection
⚫ Zero Trust Network Access (ZTNA)
⚫ Application Security
⚫ Email Security
 Conclusion
⚫ Securing client data and information is
crucial; network security plays a significant
role in achieving this.

⚫ A network security model ensures shared

data is kept safe, protects against viruses,
and helps improve network performance by
reducing overhead costs and losses resulting
from data breaches
Networking
⚫ Structure of
the
suggested
network
security
model.
Security services
⚫ Is threat modeling available as a service?

⚫ Yes. Threat modeling as a service (TMaaS) can allow an

organization to focus on remediation and high-level network
architecture decisions, while leaving necessary data-crunching
to TMaaS providers.
⚫ TMaaS also can perform continuous threat modeling,
automatically running testing anytime a system is updated,
expanded, or changed.
⚫ TMaaS solutions incorporate threat intelligence--such as data
about threats and attacks crowdsourced from organizations
worldwide--that can inform threat hypotheses for networks and
Security services
Security Mechanisms
Threat Examples, Malware
and Ransomware,
Threat Protection
⚫ Cyberthreat protection is a category of
security solutions designed to help
security professionals defend systems
and networks against malware and
other targeted cyberattacks.
Different Approaches to Cyber
Protection
⚫ Detection-Focused Security
⚫ Prevention-Focused Security
The Difference Between Cyber
Protection and Cybersecurity
⚫ Cyber protection and cybersecurity are
related but distinct concepts.
⚫ In general, cybersecurity focuses on
protecting an organization’s systems and
networks against cyber threats, such as
ransomware, phishing, etc.
Internet Security Threats
Social Engineering
⚫ Social engineering refers to all techniques
aimed at talking a target into revealing
specific information or performing a
specific action for illegitimate reasons.
Demo 3 Phishing attack
Security Threat
⚫ A security threat is a malicious act that aims
to corrupt or steal data or disrupt an
organization's systems or the entire
organization.
⚫ A security event refers to an occurrence
during which company data or its network
may have been exposed.
⚫ An event that results in a data or network
breach is called a security incident.
The Cyber Kill Chain
⚫ The Cyber Kill Chain framework, developed by Lockheed
Martin (2022), explains how attackers move through
networks to identify vulnerabilities that they can then
exploit.
⚫ Attackers use the steps in the Cyber Kill Chain when
conducting offensive operations in cyberspace against
their targets.
⚫ If you’re responsible for defending a network, this model
can help you understand the stages of a cyberattack and
the measures you can take to prevent or intercept each
step.
The Cyber Kill Chain: The Seven Steps of a
Cyberattack
Continue..
⚫ 1. Reconnaissance
⚫ Reconnaissance is the first stage in the Cyber Kill Chain
and involves researching potential targets before carrying
out any penetration testing
⚫ The reconnaissance stage may include identifying
potential targets, finding their vulnerabilities, discovering
which third parties are connected to them (and what data
they can access), and exploring existing entry points as
well as finding new ones. Reconnaissance can take place
both online and offline.
Continue..
⚫ 2. Weaponization
⚫ The weaponization stage of the Cyber Kill Chain occurs
after reconnaissance has taken place and the attacker has
discovered all necessary information about potential
targets, such as vulnerabilities.
⚫ In the weaponization stage, all of the attacker’s
preparatory work culminates in the creation of malware
to be used against an identified target.
⚫ Weaponization can include creating new types of malware
or modifying existing tools to use in a cyberattack
Continue..
⚫ 3. Delivery
⚫ In the delivery stage, cyberweapons and other Cyber Kill
Chain tools are used to infiltrate a target’s network and
reach users.
⚫ Delivery may involve sending phishing emails containing
malware attachments with subject lines that prompt users
to click through. Delivery can also take the form of
hacking into an organization’s network and exploiting a
hardware or software vulnerability to infiltrate it.
Continue..
⚫ 4. Exploitation
⚫ Exploitation is the stage that follows delivery and
weaponization. In the exploitation step of the Cyber Kill
Chain, attackers take advantage of the vulnerabilities
they have discovered in previous stages to further
infiltrate a target’s network and achieve their objectives.
⚫ In this process, cybercriminals often move laterally across
a network to reach their targets. Exploitation can
sometimes lead attackers to their targets if those
responsible for the network have not deployed deception
measures.
Continue..
⚫ 5. Installation
⚫ After cybercriminals have exploited their target’s
vulnerabilities to gain access to a network, they begin the
installation stage of the Cyber Kill Chain: attempting to
install malware and other cyberweapons onto the target
network to take control of its systems and exfiltrate
valuable data.

⚫ In this step, cybercriminals may install cyberweapons and

malware using Trojan horses, backdoors, or command-
line interfaces.
Continue..
⚫ 6. Command and Control
⚫ In the C2 stage of the Cyber Kill Chain, cybercriminals
communicate with the malware they’ve installed onto a
target’s network to instruct cyberweapons or tools to
carry out their objectives.

⚫ For example, attackers may use communication channels

to direct computers infected with the Mirai botnet
malware to overload a website with traffic or C2 servers
to instruct computers to carry out cybercrime objectives.
Continue..
⚫ 7. Actions on Objectives
⚫ After cybercriminals have developed cyberweapons,
installed them onto a target’s network, and taken control
of their target’s network, they begin the final stage of the
Cyber Kill Chain: carrying out their cyberattack
objectives.
⚫ While cybercriminals’ objectives vary depending on the
type of cyberattack, some examples include weaponizing
a botnet to interrupt services with a Distributed Denial of
Service (DDoS) attack, distributing malware to steal
sensitive data from a target organization, and using
Cyberwarfare
⚫ Cyberwarfare is the use of cyber attacks
against an enemy state, causing comparable
harm to actual warfare and/or disrupting vital
computer systems.
⚫ Some intended outcomes could be espionage,
sabotage, propaganda, manipulation or
economic warfare.
Cy War
⚫ According to the
Cybersecurity and
Infrastructure Security
Agency (CISA), part of the
US Government's
Department of Homeland
Security (DHS), the
objective of cyberwarfare is
to “weaken, disrupt or
destroy” the target
nation-state.
Examples of cyber terrorism
⚫ Introduction of viruses to vulnerable data networks.
⚫ Hacking of servers to disrupt communication and steal
sensitive information.
⚫ Defacing websites and making them inaccessible to the
public thereby causing inconvenience and financial losses.
⚫ Hacking communication platforms to intercept or stop
communications and make terror threats using the
internet.
⚫ Attacks on financial institutions to transfer money and
cause terror.
Read this Article
⚫ Seminar on Cyber-Terrorism and
Information Warfare: Threats and
Responses, Proceedings Report PIPS-
98-2

⚫ https://www.ojp.gov/ncjrs/virtual-library/
abstracts/seminar-cyber-terrorism-and-i
nformation-warfare-threats-and
Career Average Salary
⚫ A mid-career Cyber Security Specialist with
4-9 years of experience earns an average
salary of ₹12.5 Lakhs per year, while an
experienced Cyber Security Specialist with
10-20 years of experience earns an average
salary of ₹26.3 Lakhs per year.