Cyber Security

Unit 3

Malware
Malware is a broad term used to describe any type of malicious software or code that is designed to
harm, exploit, or compromise computer systems, networks, or devices. The term "malware" is a
combination of "malicious" and "software." Malware is created and distributed by cybercriminals with
various malicious intentions, including stealing sensitive information, disrupting computer operations,
gaining unauthorized access, and more.

Here are some common types and characteristics of malware:

1. Viruses: These are programs that can replicate themselves by attaching to legitimate files or programs.
When an infected file is executed, the virus can spread to other files and perform malicious actions.
2. Worms: Worms are self-replicating programs that can spread independently across computer networks
and the internet. They often exploit vulnerabilities to infect other systems.
3. Trojans: Trojans are malicious programs that masquerade as legitimate software or files to deceive
users into executing them. Once executed, they can perform harmful actions, such as stealing data or
providing remote access to an attacker.
4. Ransomware: Ransomware encrypts a victim's files or locks them out of their system, demanding a
ransom in exchange for a decryption key. It's used to extort money from victims.
5. Spyware: Spyware secretly gathers information about a user's activities, such as keystrokes, web
browsing habits, or login credentials, and sends it to a remote server.
6. Adware: Adware displays unwanted advertisements on a user's computer. While not always malicious,
some adware can be intrusive and compromise user privacy.
7. Botnets: Botnets are networks of compromised computers (often infected by worms or Trojans) that
can be controlled remotely by an attacker. They are used for various malicious activities, including
distributed denial-of-service (DDoS) attacks.
8. Keyloggers: Keyloggers record keystrokes on a computer or mobile device, allowing attackers to
capture sensitive information like usernames and passwords.
9. Rootkits: Rootkits are stealthy types of malware that can hide deep within an operating system, making
them difficult to detect. They often provide attackers with unauthorized access.
10. Scareware: Scareware tricks users into thinking their computer is infected with malware and
encourages them to purchase fake antivirus or security software.
11. Fileless Malware: Fileless malware operates in memory rather than on disk, making it harder to detect
with traditional antivirus software. It often uses legitimate system processes to carry out malicious
actions.
12. Mobile Malware: Malware targeting smartphones and tablets is known as mobile malware. It can take
various forms, including malicious apps, spyware, and Trojans.
13. Browser Hijackers: Browser hijackers change a web browser's settings without the user's consent,
often redirecting them to malicious websites or altering search results.
Malware can enter a computer or network through various vectors, including malicious email
attachments, infected websites, software downloads, and vulnerabilities in operating systems or
software. Protecting against malware involves using robust antivirus and anti-malware software,
regularly updating software and operating systems, practicing safe browsing and email habits, and
employing network security measures.
How to detect malware?
Users may be able to detect malware if they observe unusual activity such as a sudden loss of disk
space, unusually slow speeds, repeated crashes or freezes, or an increase in unwanted internet activity
and pop-up advertisements.
Antivirus and antimalware software may be installed on a device to detect and remove malware. These
tools can provide real-time protection or detect and remove malware by executing routine system scans.
Windows Defender, for example, is Microsoft antimalware software included in the Windows 10
operating system (OS) under the Windows Defender Security Center. Windows Defender protects
against threats such as spyware, adware and viruses. Users can set automatic "Quick" and "Full" scans,
as well as set low, medium, high and severe priority alerts.
How to remove malware?
As mentioned, many security software products are designed to detect and prevent malware, as well as
remove it from infected systems.
Malwarebytes is an example of an antimalware tool that handles detection and removal of malware. It
can remove malware from Windows, macOS, Android and iOS platforms. Malwarebytes can scan a
user's registry files, running programs, hard drives and individual files. If detected, malware can then
be quarantined and deleted. However, unlike some other tools, users cannot set automatic scanning
schedules.
 Virus
A computer virus is a program which can harm our device and files and infect them for no further use.
When a virus program is executed, it replicates itself by modifying other computer programs and instead
enters its own coding. This code infects a file or program and if it spreads massively, it may ultimately
result in crashing of the device.
Across the world, Computer viruses are a great issue of concern as they can cause billions of dollars’
worth harm to the economy each year.
Since the computer virus only hits the programming of the device, it is not visible. But there are certain
indications which can help you analyse that a device is virus-hit. Given below are such signs which may
help you identify computer viruses:
 Speed of the System – In case a virus is completely executed into your device, the time taken
to open applications may become longer and the entire system processing may start working
slowly
 Pop-up Windows – One may start getting too many pop up windows on their screen which
may be virus affected and harm the device even more
 Self Execution of Programs – Files or applications may start opening in the background of the
system by themselves and you may not even know about them
 Log out from Accounts – In case of a virus attack, the probability of accounts getting hacked
increase and password protected sites may also get hacked and you might get logged out from
all of them
 Crashing of the Device – In most cases, if the virus spreads in maximum files and programs,
there are chances that the entire device may crash and stop working
Here are some key characteristics of viruses in cybersecurity:
1. Self-Replication: Viruses are self-replicating programs that can make copies of themselves. They do
this by attaching their code to other files or programs. When an infected file is executed, the virus
code activates and seeks out other files to infect.
2. Malicious Payload: Most viruses carry a malicious payload, which is the harmful action they perform
on an infected system. This payload can vary widely, from deleting or corrupting files to stealing
sensitive information or providing unauthorized access to a system.
3. Infection Mechanisms: Viruses typically spread through various means, such as infected email
attachments, shared files, removable media (like USB drives), or vulnerabilities in software. They
require human intervention to spread, as users need to execute the infected file.
4. Concealment: Viruses often attempt to conceal their presence by avoiding detection by antivirus or
security software. They may use encryption or obfuscation techniques to hide their code.
5. Destructive or Non-Destructive: Viruses can be designed to be destructive, causing damage to the
infected system, or non-destructive, where their primary purpose is to propagate or carry out other
malicious activities without causing immediate harm.
6. Activation Trigger: Some viruses are programmed to activate at specific times or under certain
conditions, while others activate as soon as the infected file is executed.
7. Polymorphism: To evade detection, some viruses use polymorphic techniques, which means they
change their code slightly with each replication, making it harder for antivirus software to identify
them based on known signatures.
8. Residence in Memory: Once activated, viruses may reside in the computer's memory, allowing them
to infect other files and programs as they are executed.
9. Detection and Removal: Antivirus and anti-malware software are designed to detect and remove
viruses from infected systems. Regularly updating antivirus software and applying security patches
can help prevent infections.
It's important to note that the term "virus" is often used broadly to describe various types of malware.
While traditional viruses are one category, other types of malware include worms (self-replicating
programs that don't need a host file), Trojans (malicious programs disguised as legitimate software),
ransomware (which encrypts files and demands a ransom), and spyware (which gathers information
without the user's consent), among others.
To protect against viruses and other malware, individuals and organizations should employ robust
cybersecurity practices, including using up-to-date antivirus software, regularly patching and updating
software and operating systems, exercising caution when downloading or opening files from untrusted
sources, and educating users about safe computing practices.

Types of Computer Virus

Discussed below are the different types of computer viruses:
 Boot Sector Virus – It is a type of virus that infects the boot sector of floppy disks or the Master
Boot Record (MBR) of hard disks. The Boot sector comprises all the files which are required
to start the Operating system of the computer. The virus either overwrites the existing program
or copies itself to another part of the disk.
 Direct Action Virus – When a virus attaches itself directly to a .exe or .com file and enters the
device while its execution is called a Direct Action Virus. If it gets installed in the memory, it
keeps itself hidden. It is also known as Non-Resident Virus.
 Resident Virus – A virus which saves itself in the memory of the computer and then infects
other files and programs when its originating program is no longer working. This virus can
easily infect other files because it is hidden in the memory and is hard to be removed from the
system.
 Multipartite Virus – A virus which can attack both, the boot sector and the executable files of
an already infected computer is called a multipartite virus. If a multipartite virus attacks your
system, you are at risk of cyber threat.
 Overwrite Virus – One of the most harmful viruses, the overwrite virus can completely
remove the existing program and replace it with the malicious code by overwriting it. Gradually
it can completely replace the host’s programming code with the harmful code.
 Polymorphic Virus – Spread through spam and infected websites, the polymorphic virus are
file infectors which are complex and are tough to detect. They create a modified or morphed
version of the existing program and infect the system and retain the original code.
 File Infector Virus – As the name suggests, it first infects a single file and then later spreads
itself to other executable files and programs. The main source of this virus are games and
word processors.
 Spacefiller Virus – It is a rare type of virus which fills in the empty spaces of a file with
viruses. It is known as cavity virus. It will neither affect the size of the file nor can be detected
easily.
 Macro Virus – A virus written in the same macro language as used in the software program
and infects the computer if a word processor file is opened. Mainly the source of such viruses
is via emails.
 What is an Anti-Virus?
An anti-virus is a software which comprises programs or set of programs which can detect and remove
all the harmful and malicious software from your device. This anti-virus software is designed in a
manner that they can search through the files in a computer and determine the files which are heavy or
mildly infected by a virus.
Given below is a list of few of the major antivirus software which is most commonly used:
 Norton Antivirus
 F-Secure Antivirus
 Kaspersky Antivirus
 AVAST Antivirus
 Comodo Antivirus
 McAfee Antivirus
Worm
A computer worm is a type of malicious software (malware) that is designed to spread from one
computer to another and replicate itself independently, without needing to attach to host files or
programs like viruses do. Worms can self-replicate and spread across computer networks and the
internet, making them a potent and highly contagious form of malware. Here are some key
characteristics of computer worms:
1. Self-Replication: Worms are self-replicating programs that can create copies of themselves without
user intervention. They do this by exploiting vulnerabilities in computer systems or by using various
network protocols to find and infect other vulnerable computers.
2. Autonomous: Unlike viruses, which require a host file or program to carry them, worms operate
independently. They can execute and propagate without user action.
3. Network-Based: Worms primarily spread through computer networks, email systems, or other
communication channels. They often take advantage of security vulnerabilities, weak passwords, or
unpatched software to gain access to new hosts.
4. Rapid Spread: Worms can spread quickly and widely, infecting a large number of computers in a short
period. This rapid propagation can lead to significant disruptions on networks and the internet.
5. Payload: While the primary goal of worms is to replicate and spread, they may also carry a malicious
payload, such as code for launching denial-of-service (DoS) attacks, installing backdoors, stealing data,
or other destructive actions.
6. Variability: Worms can take many forms and use various techniques to evade detection and
propagation. Some are designed to be stealthy, while others may be more aggressive.
7. Network Scanning: Many worms use network scanning techniques to search for vulnerable computers
or devices. Once a vulnerable host is found, the worm exploits the vulnerability to gain access and infect
it.
8. Spam and Social Engineering: Some worms may use email or social engineering tactics to trick users
into executing malicious attachments or clicking on links, furthering the spread.
9. Botnets: Worms can be used to create networks of infected computers known as botnets. These botnets
can be remotely controlled by attackers to carry out various malicious activities, including distributed
denial-of-service (DDoS) attacks.
10. Week Security Points: Worms often target known security weekness in operating systems, software
applications, or network services. Regularly updating and patching software is crucial to protect against
worm attacks.
 One of the most infamous examples of a computer worm is the "Conficker" worm, which emerged in
the late 2000s and infected millions of computers worldwide by exploiting Windows operating system
vulnerabilities.
To protect against computer worms, individuals and organizations should follow good cybersecurity
practices, including keeping software up to date with security patches, using strong and unique
passwords, employing network security measures, and using reputable antivirus and intrusion detection
systems.
Types of computer worms
Computer worms come in various types, each with its own characteristics and methods of spreading
and infecting computer systems. Here are some common types of computer worms:

1. Internet Worms:
 Internet worms spread over the internet, targeting vulnerabilities in operating systems,
software, or network services. They can infect a wide range of systems and are known for
rapid and widespread propagation.
2. Email Worms:
 Email worms typically spread through infected email attachments or links. They often use
social engineering tactics to trick users into opening the malicious content. Once opened, they
may harvest email addresses from the victim's address book and send copies of themselves to
those contacts.
3. Instant Messaging (IM) Worms:
 IM worms spread through instant messaging platforms. They can send malicious links or files
to contacts on the victim's IM list, often with enticing or deceptive messages.
4. File-Sharing Worms:
 File-sharing worms target peer-to-peer (P2P) file-sharing networks and shared folders. They
disguise themselves as desirable files (e.g., music or software) and spread when users
download and execute them.
5. Network Worms:
 Network worms focus on exploiting vulnerabilities in network services or protocols. They can
spread rapidly across local area networks (LANs) and the internet by scanning for and
infecting vulnerable systems.
6. USB Worms:
 USB worms propagate through infected USB drives or other removable media. When an
infected drive is connected to a computer, the worm may automatically execute and spread to
that computer.
7. Mobile Device Worms:
 Mobile device worms are designed to target smartphones and tablets. They can spread
through infected apps, text messages, or email attachments, often exploiting vulnerabilities in
mobile operating systems.
8. Self-Propagating Worms:
 Self-propagating worms use various techniques to autonomously find and infect vulnerable
systems. They often employ scanning and probing mechanisms to locate potential targets.
9. Email-Worm/Trojan Hybrids:
 Some worms combine characteristics of worms and Trojans. They spread through email
attachments but may also have Trojan-like capabilities for data theft or remote control.
10. Botnet Propagation Worms:
 These worms are used to create or expand botnets (networks of compromised computers).
They may infect computers and connect them to a command-and-control server, enabling
attackers to control the botnet remotely.
11. Worms with Payloads:
 Worms may carry a payload that performs malicious actions beyond replication and
spreading. Payloads can include actions like launching denial-of-service (DoS) attacks,
installing backdoors, or stealing data.
 It's important to note that the classification of worms is not always rigid, and some worms may exhibit
characteristics of multiple types. The evolution of computer worms continues, and attackers regularly
adapt their tactics to exploit new vulnerabilities and technologies. As such, staying vigilant, practicing
good cybersecurity hygiene, and keeping software and systems up to date are essential to protect
against worm attacks.

Trojan Horse

A Trojan Horse Virus is a type of malware that downloads onto a computer disguised as a legitimate
program. The delivery method typically sees an attacker use social engineering to hide malicious code
within legitimate software to try and gain users' system access with their software.
A simple way to answer the question "what is Trojan" is it is a type of malware that typically gets hidden
as an attachment in an email or a free-to-download file, then transfers onto the user’s device. Once
downloaded, the malicious code will execute the task the attacker designed it for, such as gain backdoor
access to corporate systems, spy on users’ online activity, or steal sensitive data.
The term "Trojan horse" is derived from the ancient Greek story of the wooden horse used by the Greeks
to infiltrate the city of Troy during the Trojan War. In the context of computing, a Trojan horse works
similarly: it appears harmless on the surface but carries a hidden, malicious payload.
Here are some key characteristics of Trojan horses:
1. Deception: Trojans are designed to deceive users by appearing as something desirable or harmless,
such as a legitimate software download, a game, or a useful utility.
2. No Self-Replication: Unlike viruses and worms, Trojans do not have the ability to self-replicate or
spread independently. They rely on users to download and execute them voluntarily.
3. Payload: Trojans carry a malicious payload that can include various harmful actions. The payload may
be designed to steal data, provide unauthorized access to the victim's system, deliver other malware
(such as ransomware), or perform other malicious activities.
4. Diverse Types: There are various types of Trojan horses, each designed for specific malicious purposes.
Common types include banking Trojans (aimed at stealing financial information), remote access
Trojans (used for unauthorized remote control of a victim's computer), and keyloggers (which record
keystrokes to capture sensitive information).
5. Delivery Methods: Trojans are typically delivered through deceptive means, such as email
attachments, malicious download links, fake software updates, or even physical media like infected
USB drives.
6. Concealment: Trojans often use techniques to evade detection by antivirus and security software. This
can include encryption, obfuscation, or camouflage within legitimate files.
7. No Self-Propagation: Trojans do not spread independently like worms. Their distribution relies on
social engineering tactics to trick users into executing them.
Common examples of Trojans include fake antivirus software (scareware), which claims to detect and
remove malware but actually infects the system, and Trojan downloaders, which are used to deliver
additional malware onto a compromised system.
To protect against Trojan horses and other forms of malware, it's essential to practice good cybersecurity
hygiene. This includes using reputable antivirus and anti-malware software, keeping software and
operating systems up to date with security patches, avoiding downloading software or files from
untrusted sources, being cautious with email attachments and links, and regularly backing up important
 data. Additionally, educating users about safe computing practices is crucial in preventing Trojan
infections.

types of Trojan horse

Trojan horses come in various types, each designed for specific malicious purposes. These types
of Trojans can be categorized based on their primary functionality and intended actions. Here are
some common types of Trojan horses:

1. Banking Trojans:
 Banking Trojans are designed to steal sensitive financial information, such as login
credentials for online banking and payment systems. They often operate by capturing
keystrokes or intercepting data entered in web forms.
2. Remote Access Trojans (RATs):
 Remote Access Trojans are used to provide attackers with unauthorized remote access to
a victim's computer. Attackers can control the infected system, view the victim's screen,
access files, and even use the computer as a launchpad for further attacks.
3. Keyloggers:
 Keyloggers record keystrokes made on a computer or mobile device. This allows attackers
to capture sensitive information, including passwords, usernames, and credit card details.
4. Downloader Trojans:
 Downloader Trojans are responsible for downloading additional malware onto a
compromised system. They act as a gateway for other malicious software, such as
ransomware or spyware, to enter the victim's device.
5. Fake Antivirus (Scareware):
 Fake antivirus Trojans masquerade as legitimate antivirus software. They display alarming
messages about non-existent threats on the victim's computer and pressure the user into
purchasing fake security software.
6. Distributed Denial-of-Service (DDoS) Trojans:
 DDoS Trojans turn infected computers into part of a botnet (a network of compromised
devices). Attackers can then use these devices to launch DDoS attacks against targeted
websites or services, causing them to become inaccessible.
7. Password Stealers:
 Password-stealing Trojans focus on capturing login credentials for various accounts,
including email, social media, and online gaming. These stolen credentials can be used
for identity theft or further attacks.
8. Email Trojans:
 Email Trojans spread via malicious email attachments or links. Once opened, they may
use the victim's email account to send spam or spread further malware.
9. Game Trojans:
 Game Trojans target gamers by posing as game cheats or hacks. They often lead to
compromised accounts, stolen in-game items, or the installation of additional malware.
10. Ransomware Trojans:
 While ransomware is often delivered as a standalone threat, some Trojans act as delivery
mechanisms for ransomware. They encrypt a victim's files and demand a ransom for
decryption.
11. File-Deleting Trojans:
  These Trojans are designed to delete or corrupt files on the victim's system, causing data
loss and disruption.
12. Rootkits:
 Rootkit Trojans are stealthy and hard-to-detect. They typically aim to gain unauthorized
access to the core of an operating system (the "root" level) and can provide attackers
with persistent control over a compromised system.
13. Fake Update Trojans:
 Fake update Trojans pose as legitimate software updates or patches. When users
download and install them, the Trojan is activated and can carry out its malicious actions.
14. Camouflaged Trojans:
 Camouflaged Trojans hide their malicious code within legitimate software or files. They
may appear harmless but carry out malicious actions once executed.
15. Proxy Trojans:
 Proxy Trojans redirect internet traffic through a compromised computer, allowing
attackers to remain anonymous while carrying out illicit activities.
16. Mobile Trojans:
 Trojans designed for mobile devices (smartphones and tablets) can steal data, send
premium-rate SMS messages, or take control of the device.

These are just some examples of the many types of Trojan horses that exist. Cybercriminals
continually develop new variants and tactics to deceive users and compromise systems. To
protect against Trojan infections, individuals and organizations should follow cybersecurity best
practices, including using reputable antivirus software, keeping software up to date, practicing
safe web browsing habits, and exercising caution when downloading or opening files from
untrusted sources.
cyber homicide

Cybermurder
The transformation of communication globally through the medium of the Internet
has also fostered a new form of homicidal interaction, referred to as cybermurder or
Internet murder. Historically, murderers have used various approaches to identify
strangers as potential victims, including the use of newspaper advertisements. Henri
Landru, the French serial killer, placed ads in the lonely hearts columns of
newspapers during World War I. Landru first seduced his victims, and having gained
their trust, he embezzled their assets and finally murdered them. The
term cybermurder is applied to murders that occur as a result of Internet
advertisement or connection through chat rooms, dating sites, sex-for-sale sites,
online role-playing games, Internet forums or groups, listservs, or bulletin boards. It
also has been used to refer to the use of the Internet by persons to solicit their own
murder or to induce others to take their own lives.

Cyberhomicide presents a significant challenge for law enforcement since the

identification of perpetrators may prove difficult or impossible given the anonymity
provided by the World Wide Web. Consensual homicide is one form of this
phenomenon. This involves Internet advertisement by one individual to cannibalize
or to be cannibalized by another. The most oft-cited legal case involves the murder
of Bernd Brandes, a German engineer, in 2001 by Armin Meiwes. Meiwes murdered,
dissected, and then ate 20 kilograms of Brandes’s body, with Brandes’s consent
captured on videotape, before being apprehended by the police. Meiwes was initially
sentenced to 8 years in prison but received a life sentence on appeal. The active
solicitation of an individual to murder another with the person’s consent was
reflected in the 1996 case of a Maryland businesswoman, Sharon Lopatka, who met
Bobby Glass through an Internet chat room. After a lengthy correspondence
centering on sadomasochistic sex and her desire to be tortured and murdered, she
met with him in person in a trailer he owned. Her husband alerted the police, who
located her body buried near Glass’s trailer. Glass was convicted of manslaughter but
claimed that her death was the result of an accident that occurred during their
consensual sexual activities.

The term Craigslist killer is often associated with cybermurders in the media;
however, given the overwhelming number of sites on the Internet that can just as
readily provide a forum for communication, the term ascribes too much blame to
one service. The case most commonly associated with this term is that of Phillip
Haynes Markoff, a medical student who answered advertisements for sexual services
in two cases in which he was alleged to have committed armed robberies. Markoff
was indicted for the murder of Julissa Brisman on April 14, 2009, but subsequently
hanged himself while awaiting trial. Brisman had posted an Internet ad offering
massage services (often understood to be synonymous with paid sexual services).

Another well-known case illustrative of this form of cybermurder is that of Miranda

Barbour. Barbour, aged 19 at the time of the crime, posted an ad on Craigslist
offering to provide “companionship” to men for the sum of $100. Troy LaFerrara, age
42, answered the ad, and they met in her car at a mall parking lot. Unbeknown to
Ferrara, Barbour’s husband of 3 weeks, Elyette Barbour, was hiding in the back seat of
the car hidden under a blanket. Her husband did not attack LaFerrara as planned, so
Miranda stabbed Ferrara multiple times with a knife, ending his life.

In a 2013 Canadian case, Tim Bosma of Ancaster, Ontario, advertised for the sale of
his truck. Two individuals arrived to inspect the vehicle, and Bosma was last seen
going with them for a test drive. His body was eventually found burned beyond
recognition on farmland located some distance from his home. Dellen Millard was
arrested and charged with forcible confinement, theft of more than $5,000, and first-
degree murder. Millard is awaiting trial on the charges.

In 2014, The Huffington Post reported that since 2009 there have been 29 such
homicides, which typically stem from attempted robberies that are unsuccessful and
lead to the murder of the victim. However, murderous situations can emerge from
other forms of advertisement too, including those for items for sale, room rentals,
sexual partners, and romance. The relative anonymity of the Internet for those
seeking to harm others provides ample opportunity for violent interactions to occur.

Serial killers, according to Elliot Leyton, kill three or more persons over a period of
days, weeks, months, years, or even decades, with resting periods between the
murders. Some serial killers have used the Internet to identify victims and commit
homicide. From 1993 onward, John Edward Robinson utilized Internet chat rooms
and social networking sites to select his victims. Robinson advertised as a dominant
male looking for submissive women for sex. His motive in the first of two of these
murders was economic gain. His victims, Sheila Faith and her teenage daughter,
moved to Kansas City to join him and were never seen again; but, Sheila Faith’s
pension checks continued to be cashed by Robinson for almost 7 years. Two other
women eventually disappeared after becoming involved with him; their bodies were
found in chemical drums on his farm. Robinson was eventually charged and
convicted for the deaths of these women. He received the death sentence as well as
life sentences without the possibility of parole in five of his cases.

Inducing others to take their own lives has been considered by some commentators
to constitute a specific form of cybermurder. However, from a legal perspective, it is
likely more accurate to describe this practice as assisting suicide via the Internet.
Such cases provide a significant legal challenge for prosecutors because freedom of
speech is protected in the United States. The case of William Francis Melchert-Dinkel
illustrates this dilemma: Although he was originally convicted of assisting a suicide,
his conviction was overturned by the Minnesota Supreme Court and remanded back
to a lower court. As the Internet evolves and as technology increasingly connects the
globe, new forms of cybermurder may emerge.
What Is a Cyber Attack?
A cyber-attack is an attempt by cybercriminals, hackers or other digital adversaries to
access a computer network or system, usually for the purpose of altering, stealing,
destroying or exposing information.
Cyberattacks can target a wide range of victims from individual users to enterprises or
even governments. When targeting businesses or other organizations, the hacker’s goal is
usually to access sensitive and valuable company resources, such as intellectual property
(IP), customer data or payment details.
What are the 10 Most Common Types of Cyber Attacks?
1. Malware
Malware — or malicious software — is any program or code that is created with the intent to do
harm to a computer, network or server. Malware is the most common type of cyberattack, mostly
because this term encompasses many subsets such as ransomware, trojans, spyware, viruses,
worms, keyloggers, bots, cryptojacking, and any other type of malware attack that leverages
software in a malicious way.
2. Denial-of-Service (DoS) Attacks
A Denial-of-Service (DoS) attack is a malicious, targeted attack that floods a network with false
requests in order to disrupt business operations.
In a DoS attack, users are unable to perform routine and necessary tasks, such as accessing email,
websites, online accounts or other resources that are operated by a compromised computer or
network. While most DoS attacks do not result in lost data and are typically resolved without
paying a ransom, they cost the organization time, money and other resources in order to restore
critical business operations.
The difference between DoS and Distributed Denial of Service (DDoS) attacks has to do with the
origin of the attack. DoS attacks originate from just one system while DDoS attacks are launched
from multiple systems. DDoS attacks are faster and harder to block than DOS attacks because
multiple systems must be identified and neutralized to halt the attack.
3. Phishing
Phishing is a type of cyberattack that uses email, SMS, phone, social media, and social
engineering techniques to entice a victim to share sensitive information — such as passwords or
account numbers — or to download a malicious file that will install viruses on their computer or
phone.
Common phishing attacks include:

Type Description

Spear Spear-phishing is a type of phishing attack that targets specific individuals or

Phishing organizations typically through malicious emails. The goal of spear phishing is to
steal sensitive information such as login credentials or infect the targets’ device with
malware.

Whaling A whaling attack is a type of social engineering attack specifically targeting senior or
C-level executive employees with the purpose of stealing money or information, or
gaining access to the person’s computer in order to execute further cyberattacks.
Type Description

SMiShing Smishing is the act of sending fraudulent text messages designed to trick individuals
into sharing sensitive data such as passwords, usernames and credit card numbers. A
smishing attack may involve cybercriminals pretending to be your bank or a shipping
service you use.

Vishing Vishing, a voice phishing attack, is the fraudulent use of phone calls and voice
messages pretending to be from a reputable organization to convince individuals to
reveal private information such as bank details and passwords.

4. Spoofing
Spoofing is a technique through which a cybercriminal disguises themselves as a known or trusted
source. In so doing, the adversary is able to engage with the target and access their systems or
devices with the ultimate goal of stealing information, extorting money or installing malware or
other harmful software on the device.
Spoofing can take different forms, which include:

Type Description

Domain Domain spoofing is a form of phishing where an attacker impersonates a known

Spoofing business or person with fake website or email domain to fool people into the trusting
them. Typically, the domain appears to be legitimate at first glance, but a closer look
will reveal subtle differences.

Email Email spoofing is a type of cyberattack that targets businesses by using emails with
Spoofing forged sender addresses. Because the recipient trusts the alleged sender, they are more
likely to open the email and interact with its contents, such as a malicious link or
attachment.

ARP Address Resolution Protocol (ARP) spoofing or ARP poisoning is a form of spoofing
Spoofing attack that hackers use to intercept data. A hacker commits an ARP spoofing attack by
tricking one device into sending messages to the hacker instead of the intended
recipient. This way, the hacker gains access to your device’s communications,
including sensitive data.

5. Identity-Based Attacks
Crowd Strike’s findings show that 80% of all breaches use compromised identities and can take up to
250 days to identify.
Identity-driven attacks are extremely hard to detect. When a valid user’s credentials have been
compromised and an adversary is masquerading as that user, it is often very difficult to differentiate
between the user’s typical behavior and that of the hacker using traditional security measures and
tools.
Some on the most common identity-based attacks include:
 Type Description

Kerberoasting Kerberoasting is a post-exploitation attack technique that attempts to crack the

password of a service account within the Active Directory (AD) where an
adversary masquerading as an account user with a service principal name (SPN)
requests a ticket, which contains an encrypted password, or Kerberos.

Man-in-the- A man-in-the-middle attack is a type of cyberattack in which an attacker

Middle eavesdrops on a conversation between two targets with the goal of collecting
(MITM) personal data, passwords or banking details, and/or to convince the victim to take
Attack an action such as changing login credentials, completing a transaction or initiating
a transfer of funds.

Pass-the-Hash Pass the hash (PtH) is a type of attack in which an adversary steals a “hashed” user
Attack credential and uses it to create a new user session on the same network. It does not
require the attacker to know or crack the password to gain access to the system.
Rather, it uses a stored version of the password to initiate a new session.

Silver Ticket A silver ticket is a forged authentication ticket often created when an attacker
Attack steals an account password. A forged service ticket is encrypted and enables access
to resources for the specific service targeted by the silver ticket attack.

Credential Credential stuffing attacks work on the premise that people often use the same user
Stuffing ID and password across multiple accounts. Therefore, possessing the credentials
for one account may be able to grant access to other, unrelated account.

Password The basics of a password spraying attack involve a threat actor using a single
Spraying common password against multiple accounts on the same application. This avoids
the account lockouts that typically occur when an attacker uses a brute force attack
on a single account by trying many passwords.

Brute Force A brute force attack is uses a trial-and-error approach to systematically guess login
Attacks info, credentials, and encryption keys. The attacker submits combinations of
usernames and passwords until they finally guess correctly.

6. Code Injection Attacks

Code injection attacks consist of an attacker injecting malicious code into a vulnerable computer
or network to change its course of action. There are multiple types of code injection attacks:

Type Description

SQL A SQL Injection attack leverages system vulnerabilities to inject malicious SQL
Injection statements into a data-driven application, which then allows the hacker to extract
information from a database. Hackers use SQL Injection techniques to alter, steal or
erase application's database data.
 Type Description

Cross-Site Cross Site Scripting (XSS) is a code injection attack in which an adversary inserts
Scripting malicious code within a legitimate website. The code then launches as an infected
(XSS) script in the user’s web browser, enabling the attacker to steal sensitive information
or impersonate the user. Web forums, message boards, blogs and other websites that
allow users to post their own content are the most susceptible to XSS attacks.

Malvertising Malvertising attacks leverage many other techniques to carry out the attack.
Typically, the attacker begins by breaching a third-party server, which allows the
cybercriminal to inject malicious code within a display ad or some element thereof,
such as banner ad copy, creative imagery or video content. Once clicked by a website
visitor, the corrupted code within the ad will install malware or adware on the user’s
computer.

7. Supply Chain Attacks

A supply chain attack is a type of cyberattack that targets a trusted third-party vendor who offers
services or software vital to the supply chain. Software supply chain attacks inject malicious
code into an application in order to infect all users of an app, while hardware supply chain
attacks compromise physical components for the same purpose. Software supply chains are
particularly vulnerable because modern software is not written from scratch: rather, it involves
many off-the-shelf components, such as third-party APIs, open source code and proprietary code
from software vendors.
8. Insider Threats
IT teams that solely focus on finding adversaries external to the organization only get half the
picture. Insider threats are internal actors such as current or former employees that pose danger to
an organization because they have direct access to the company network, sensitive data, and
intellectual property (IP), as well as knowledge of business processes, company policies or other
information that would help carry out such an attack.
Internal actors that pose a threat to an organization tend to be malicious in nature. Some motivators
include financial gains in exchange for selling confidential information on the dark web, and/or
emotional coercion using social engineering tactics. On the other hand, some insider threat actors
are not malicious in nature but instead are negligent in nature. To combat this, organizations
should implement a comprehensive cybersecurity training program that teaches stakeholders to be
aware of any potential attacks, including those potentially performed by an insider.
9. DNS Tunneling
DNS Tunneling is a type of cyberattack that leverages domain name system (DNS) queries and
responses to bypass traditional security measures and transmit data and code within the network.
Once infected, the hacker can freely engage in command-and-control activities. This tunnel gives
the hacker a route to unleash malware and/or to extract data, IP or other sensitive information by
encoding it bit by bit in a series of DNS responses.
DNS tunneling attacks have increased in recent years, in part because they are relatively simple
to deploy. Tunneling toolkits and guides are even readily accessible online through mainstream
sites like YouTube.
 10. IoT-Based Attacks
An IoT attack is any cyberattack that targets an Internet of Things (IoT) device or network. Once
compromised, the hacker can assume control of the device, steal data, or join a group of infected
devices to create a botnet to launch DoS or DDoS attacks.
[According to the Nokia Threat Intelligence Lab, connected devices are responsible for nearly
one-third of mobile network infections – more than double the amount in 2019.]
Given that the number of connected devices is expected to grow rapidly over the next several
years, cybersecurity experts expect IoT infections to grow as well. Further, the deployment of 5G
networks, which will further fuel the use of connected devices, may also lead to an uptick in
attacks.

current cyber-attack methods

As of my last knowledge update in September 2021, cyberattack methods continue to evolve as
cybercriminals adapt to new technologies and security measures. Here are some prevalent cyberattack
methods and techniques that were relevant at that time. Please note that the cybersecurity landscape is
dynamic, and new attack methods may have emerged since then:
1. Phishing Attacks:
Phishing attacks involve sending deceptive emails, messages, or websites that impersonate trusted
entities to trick recipients into revealing sensitive information like login credentials, financial details,
or personal data.
2. Ransomware Attacks:
Ransomware is malicious software that encrypts a victim's files or entire system, demanding a ransom
for decryption. Ransomware attacks have become increasingly sophisticated, and cybercriminals target
both individuals and organizations.
3. Credential Stuffing:
Attackers use stolen username-password pairs from data breaches to gain unauthorized access to other
accounts where users have reused the same credentials.
4. Advanced Persistent Threats (APTs):
APTs are highly targeted and sophisticated attacks typically associated with nation-states or advanced
cybercriminal groups. They involve persistent, long-term infiltration of a specific target's network to
steal sensitive data or conduct espionage.
5. Supply Chain Attacks:
Attackers compromise a supplier or service provider to gain access to the systems or data of the
supplier's customers. This can have far-reaching consequences, as seen in the SolarWinds and Kaseya
supply chain attacks.
6. Man-in-the-Middle (MitM) Attacks:
In MitM attacks, an attacker intercepts communication between two parties, often to eavesdrop on or
alter the communication. This can occur in both network and encrypted communications.
7. Distributed Denial-of-Service (DDoS) Attacks:
DDoS attacks overwhelm a target's network or website with a flood of traffic, rendering it inaccessible
to users. Attackers often use botnets (networks of compromised devices) to carry out these attacks.
8. Fileless Malware:
Fileless malware operates in a computer's memory rather than being stored on disk, making it difficult
to detect. It often uses legitimate system processes to carry out malicious activities.
9. Malvertising:
Malicious advertising involves delivering malware through online ads. Attackers compromise ad
networks to display malicious ads on legitimate websites, potentially infecting users who click on them.
10. Social Engineering:
Cybercriminals manipulate individuals into revealing confidential information or taking specific actions
through tactics like pretexting, baiting, or tailgating.
11. IoT Device Exploitation:
Vulnerabilities in Internet of Things (IoT) devices are exploited to gain unauthorized access, conduct
surveillance, or launch attacks. Weak security in these devices can be a significant risk.
12. Cloud-Based Attacks:
As organizations move their data and services to the cloud, attackers target cloud infrastructure and
services. Misconfigured cloud settings and weak access controls can be exploited.
13. Cryptojacking:
Cryptojacking involves using a victim's computing resources to mine cryptocurrencies without their
consent. Attackers infect systems with cryptojacking malware to generate profits.
14. AI and Machine Learning Attacks:
Attackers are increasingly using artificial intelligence and machine learning to automate and enhance
their attacks, making them more effective and difficult to detect.

To stay protected from evolving cyber threats, individuals and organizations should implement robust
cybersecurity practices, including regularly updating software and systems, using strong authentication
methods, educating users about cybersecurity risks, and employing advanced security solutions. Staying
informed about the latest cyber threats and vulnerabilities is also crucial in adapting to new attack
methods.

10. DNS Spoofing

With Domain Name System (DNS) spoofing, a hacker alters DNS records to send traffic to a fake or
“spoofed” website. Once on the fraudulent site, the victim may enter sensitive information that can be
used or sold by the hacker. The hacker may also construct a poor-quality site with derogatory or
inflammatory content to make a competitor company look bad.
In a DNS spoofing attack, the attacker takes advantage of the fact that the user thinks the site they are
visiting is legitimate. This gives the attacker the ability to commit crimes in the name of an innocent
company, at least from the perspective of the visitor.
To prevent DNS spoofing, make sure your DNS servers are kept up-to-date. Attackers aim to exploit
vulnerabilities in DNS servers, and the most recent software versions often contain fixes that close
known vulnerabilities.
11. Session Hijacking
Session hijacking is one of multiple types of MITM attacks. The attacker takes over a session between
a client and the server. The computer being used in the attack substitutes its Internet Protocol (IP)
address for that of the client computer, and the server continues the session without suspecting it is
communicating with the attacker instead of the client. This kind of attack is effective because the server
uses the client's IP address to verify its identity. If the attacker's IP address is inserted partway through
the session, the server may not suspect a breach because it is already engaged in a trusted connection.
To prevent session hijacking, use a VPN to access business-critical servers. This way, all
communication is encrypted, and an attacker cannot gain access to the secure tunnel created by the
VPN.
12. Brute force attack
A brute-force attack gets its name from the “brutish” or simple methodology employed by the attack.
The attacker simply tries to guess the login credentials of someone with access to the target system.
Once they get it right, they are in.
While this may sound time-consuming and difficult, attackers often use bots to crack the credentials.
The attacker provides the bot with a list of credentials that they think may give them access to the secure
area. The bot then tries each one while the attacker sits back and waits. Once the correct credentials
have been entered, the criminal gains access.
To prevent brute-force attacks, have lock-out policies in place as part of your authorization security
architecture. After a certain number of attempts, the user attempting to enter the credentials gets locked
out. This typically involves “freezing” the account so even if someone else tries from a different device
with a different IP address, they cannot bypass the lockout.
It is also wise to use random passwords without regular words, dates, or sequences of numbers in them.
This is effective because, for example, even if an attacker uses software to try to guess a 10-digit
password, it will take many years of non-stop attempts to get it right.
13. Web Attacks
Web attacks refer to threats that target vulnerabilities in web-based applications. Every time you enter
information into a web application, you are initiating a command that generates a response. For
example, if you are sending money to someone using an online banking application, the data you enter
instructs the application to go into your account, take money out, and send it to someone else’s account.
Attackers work within the frameworks of these kinds of requests and use them to their advantage.
Some common web attacks include SQL injection and cross-site scripting (XSS), which will be
discussed later in this article. Hackers also use cross-site request forgery (CSRF) attacks and parameter
tampering. In a CSRF attack, the victim is fooled into performing an action that benefits the attacker.
For example, they may click on something that launches a script designed to change the login credentials
to access a web application. The hacker, armed with the new login credentials, can then log in as if they
are the legitimate user.
Parameter tampering involves adjusting the parameters that programmers implement as security
measures designed to protect specific operations. The operation’s execution depends on what is entered
in the parameter. The attacker simply changes the parameters, and this allows them to bypass the
security measures that depended on those parameters.
To avoid web attacks, inspect your web applications to check for—and fix—vulnerabilities. One way
to patch up vulnerabilities without impacting the performance of the web application is to use anti-
CSRF tokens. A token is exchanged between the user’s browser and the web application. Before a
command is executed, the token’s validity is checked. If it checks out, the command goes through—if
not, it is blocked. You can also use Same Site flags, which only allow requests from the same site to be
processed, rendering any site built by the attacker powerless.
17. XSS Attacks
With XSS, or cross-site scripting, the attacker transmits malicious scripts using clickable content that
gets sent to the target’s browser. When the victim clicks on the content, the script is executed. Because
the user has already logged into a web application’s session, what they enter is seen as legitimate by the
web application. However, the script executed has been altered by the attacker, resulting in an
unintended action being taken by the “user.”
For example, an XSS attack may change the parameters of a transfer request sent through an online
banking application. In the falsified request, the intended recipient of the transferred money has their
name replaced with that of the attacker. The attacker may also change the amount being transferred,
giving themselves even more money than the target initially intended to send.
One of the most straightforward ways of preventing XSS attacks is to use a whitelist of allowable
entities. This way, anything other than approved entries will not be accepted by the web application.
You can also use a technique called sanitizing, which examines the data being entered, checking to see
if it contains anything that can be harmful.
18. Eavesdropping Attacks
Eavesdropping attacks involve the bad actor intercepting traffic as it is sent through the network. In this
way, an attacker can collect usernames, passwords, and other confidential information like credit cards.
Eavesdropping can be active or passive.
With active eavesdropping, the hacker inserts a piece of software within the network traffic path to
collect information that the hacker analyses for useful data. Passive eavesdropping attacks are different
in that the hacker “listens in,” or eavesdrops, on the transmissions, looking for useful data they can
steal.
Both active and passive eavesdropping are types of MITM attacks. One of the best ways of preventing
them is by encrypting your data, which prevents it from being used by a hacker, regardless of whether
they use active or passive eavesdropping.

What Is Web Security?

Web security is a broad category of security solutions that protect your users, devices, and
wider network against internet-based cyberattacks—malware, phishing, and more—that can
lead to breaches and data loss. It reduces the security risk to your organization when your users
accidentally access malicious files and websites through some combination of firewall
inspection, intrusion prevention system (IPS) scanning, sandboxing, URL filtering, and various
other security and access controls.

Web security, also known as internet security or cybersecurity, refers to the practice of protecting
websites, web applications, web services, and web users from various online threats and
vulnerabilities. It encompasses a wide range of strategies, technologies, and best practices
designed to ensure the confidentiality, integrity, and availability of data on the web and to
safeguard users' privacy and trust.

Key aspects of web security include:

1. Data Protection: Ensuring the confidentiality and privacy of sensitive data, such as user
information, financial transactions, and personal details. Encryption and access control
mechanisms are essential for safeguarding data.
2. Authentication and Authorization: Verifying the identity of users and granting appropriate
access privileges. This includes the use of secure login mechanisms, multi-factor authentication,
and role-based access control.
3. Secure Communication: Implementing secure communication protocols, such as HTTPS
(SSL/TLS), to protect data in transit. Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
protocols are commonly used to encrypt data exchanged between web servers and browsers.
4. Protection Against Common Attacks: Defending against common web-based attacks,
including:
 Cross-Site Scripting (XSS): A type of vulnerability that allows attackers to inject
malicious scripts into web pages viewed by other users.
 SQL Injection: Exploiting vulnerabilities in web applications to execute unauthorized SQL
queries on a database.
 Cross-Site Request Forgery (CSRF): Forcing users to perform actions on a website
without their consent.
 Security Misconfigurations: Identifying and addressing security misconfigurations in
web servers, applications, and databases.
5. Web Application Firewall (WAF): Implementing WAFs to filter and monitor HTTP/HTTPS
requests to a web application. WAFs help block malicious traffic and protect against application-
layer attacks.
6. Content Security Policy (CSP): Using CSP headers to prevent or mitigate various types of
attacks, such as XSS, by specifying which sources of content are considered safe.
7. Regular Security Patching: Keeping all software components up to date, including the web
server, content management systems, and third-party libraries, to address known vulnerabilities.
8. Intrusion Detection and Prevention Systems (IDS/IPS): Implementing IDS and IPS solutions to
detect and block suspicious activities and attacks on web applications and servers.
9. Secure Development Practices: Adhering to secure coding practices during the development of
web applications and services, including input validation, secure file handling, and adherence to
secure development frameworks.
10. Security Audits and Testing: Conducting regular security assessments, penetration testing, and
code reviews to identify and rectify vulnerabilities.
11. User Education and Awareness: Educating users and administrators about best practices in web
security, such as strong password management and recognizing phishing attempts.
12. Incident Response and Recovery: Having an incident response plan in place to handle security
breaches and mitigate their impact.
13. Compliance and Regulatory Requirements: Ensuring compliance with industry-specific and
regional regulations related to web security and data privacy (e.g., GDPR, HIPAA).

Web security is a dynamic field that evolves alongside emerging threats and vulnerabilities.
Continuous monitoring, threat intelligence, and proactive security measures are crucial for
protecting web resources and user data in an ever-changing online environment.
How Does Web Security Work?
Web security functions sit between your environment’s endpoints and the internet. From there, they
inspect traffic and requests traveling in both directions. No single technology monitors or inspects all
traffic, but a “stack” of appliances—or a cloud-delivered platform of services, more effective today—
provides holistic coverage to prevent policy violations, malware infections, data loss, credential theft,
and so on.

Many solutions are available today, and some are more comprehensive than others. In a full stack, web
security includes the following technologies:

 Secure web gateway (SWG) provides threat protection and policy enforcement for users
accessing the web to prevent infections and block unwanted traffic.
 Firewall/IPS provides network security, app control, and visibility. Cloud firewalls stay up to
date and scale to handle demand or encryption, making them a more practical option.
 URL filtering screens and blocks inappropriate access or content, also offering protection from
web-borne malware.
 Sandboxing isolates software in an environment where it can be scanned and executed without
the risk of infecting a system or other applications.
 Browser isolation loads webpages or apps in a remote browser and only sends the user pixels,
preventing the downloading, copying, pasting, and printing of data or documents.
 DNS controls define rules that control requests and responses related to DNS traffic, allowing
you to detect and prevent DNS abuses such as tunneling.
 Antivirus detects and neutralizes trojans, spyware, ransomware, and more. Many offerings also
protect against threats such as malicious URLs, phishing, and DDoS.
 TLS/SSL decryption breaks open inbound and outbound encrypted traffic to inspect its
contents, and then re-encrypts it to continue to its destination.

What is Cyber Forensics?

Cyber forensics is a process of extracting data as proof for a crime (that involves electronic devices)
while following proper investigation rules to nab the culprit by presenting the evidence to the court.
Cyber forensics is also known as computer forensics. The main aim of cyber forensics is to maintain
the thread of evidence and documentation to find out who did the crime digitally. Cyber forensics can
do the following:
 It can recover deleted files, chat logs, emails, etc
 It can also get deleted SMS, Phone calls.
 It can get recorded audio of phone conversations.
 It can determine which user used which system and for how much time.
 It can identify which user ran which program.
Why is cyber forensics important?
In today’s technology driven generation, the importance of cyber forensics is immense. Technology
combined with forensic forensics paves the way for quicker investigations and accurate results. Below
are the points describe the importance of cyber forensics:
 Cyber forensics helps in collecting important digital evidence to trace the criminal.
 Electronic equipment stores massive amounts of data that a normal person fails to see. For
example: in a smart house, for every word we speak, actions performed by smart devices, collect
huge data which is crucial in cyber forensics.
 It is also helpful for innocent people to prove their innocence via the evidence collected online.
 It is not only used to solve digital crimes but also used to solve real-world crimes like theft cases,
murder, etc.
 Businesses are equally benefitted from cyber forensics in tracking system breaches and finding
the attackers.
The Process Involved in Cyber Forensics
1. Obtaining a digital copy of the system that is being or is required to be inspected.
2. Authenticating and verifying the reproduction.
3. Recovering deleted files (using Autopsy Tool).
4. Using keywords to find the information you need.
5. Establishing a technical report.
Types of Computer Forensics
1. Disk Forensics:
o Disk forensics involves the examination of physical or logical storage media such as hard
drives, solid-state drives, and removable storage devices.
o Investigators analyze these storage media to recover deleted files, discover hidden data, and
gather evidence related to digital crimes.
2. Network Forensics:
o Network forensics focuses on monitoring and analyzing network traffic and log data to
investigate security incidents.
o It helps in identifying the source of cyberattacks, tracking communication between devices, and
understanding the extent of network breaches.
3. Memory Forensics:
o Memory forensics deals with the analysis of a computer’s volatile memory (RAM) to uncover
information about running processes, network connections, and malicious activities.
o It is particularly useful in identifying live cyber threats and rootkits.
4. Mobile Device Forensics:
o Mobile device forensics involves the examination of smartphones, tablets, and other mobile
devices to retrieve data, messages, call logs, and application usage history.
o Investigators use specialized tools to access locked or encrypted mobile devices.
5. Database Forensics:
o Database forensics focuses on investigating database systems to identify unauthorized
access, data breaches, or data manipulation.
o Investigators analyze database logs and data structures to uncover evidence of
wrongdoing.
6. Cloud Forensics:
o Cloud forensics deals with the investigation of cloud-based services and data stored in the
cloud.
 o It includes examining cloud logs, access controls, and metadata to trace activities and assess
security incidents.
7. Malware Forensics:
o Malware forensics involves the analysis of malicious software (malware) to understand its
behavior, origins, and impact on systems.
o Investigators study malware code and behavior to determine the scope of an attack.
8. Email Forensics:
o Email forensics focuses on the investigation of email communications to gather evidence for
legal proceedings.
o It includes tracking email senders, receivers, timestamps, and content.
9. Live Forensics:
o Live forensics involves analyzing a running computer system to identify ongoing malicious
activities.
o Investigators use techniques to preserve system state and extract volatile data without
interrupting system operation.
10. Incident Response Forensics:
o Incident response forensics is conducted as part of a larger incident response process.
o It includes collecting and preserving digital evidence to understand the nature of a security
incident and support remediation efforts.
These types of computer forensics play essential roles in investigating cybercrimes, ensuring digital
evidence integrity, and strengthening cybersecurity measures in both law enforcement and corporate
environments. Each type focuses on a specific aspect of digital investigation, contributing to a
comprehensive approach in combating cyber threats.
Techniques of Cyber Forensics
Let’s discuss the techniques of Cyber Forensics in-depth
1. Evidence Collection: Cyber forensics experts collect digital evidence from various sources,
including computers, servers, mobile devices, and network logs. The process involves
preserving the integrity of the evidence to maintain its admissibility in court.
2. Data Recovery: Deleted or damaged data can often be recovered using specialized tools and
techniques. This is crucial for reconstructing events and identifying the perpetrators.
3. Network Analysis: Analyzing network traffic and logs helps in tracing the origin of
cyberattacks, understanding attack patterns, and identifying vulnerabilities.
4. Malware Analysis: Cyber forensics professionals dissect malware to understand its behavior,
propagation methods, and impact on systems. This aids in developing countermeasures and
attributing attacks.
5. Memory Analysis: Examining the volatile memory (RAM) of a compromised system can
reveal ongoing malicious activities, such as running processes and network connections.
Advantages
 Cyber forensics ensures the integrity of the computer.
 Through cyber forensics, many people, companies, etc get to know about such crimes, thus taking
proper measures to avoid them.
 Cyber forensics find evidence from digital devices and then present them in court, which can lead
to the punishment of the culprit.
 They efficiently track down the culprit anywhere in the world.
 They help people or organizations to protect their money and time.
 The relevant data can be made trending and be used in making the public aware of it.
What are the required set of skills needed to be a cyber forensic expert?
The following skills are required to be a cyber forensic expert:
 As we know, cyber forensic based on technology. So, knowledge of various technologies,
computers, mobile phones, network hacks, security breaches, etc. is required.
 The expert should be very attentive while examining a large amount of data to identify
proof/evidence.
 The expert must be aware of criminal laws, a criminal investigation, etc.
 As we know, over time technology always changes, so the experts must be updated with the latest
technology.
 Cyber forensic experts must be able to analyse the data, derive conclusions from it and make
proper interpretations.
 The communication skill of the expert must be good so that while presenting evidence in front of
the court, everyone understands each detail with clarity.
 The expert must have strong knowledge of basic cyber security.
External VS Internal Penetration Test: What’s The Difference?
Penetration testing, also known as ethical hacking, is the practice of checking the security
weaknesses of application software, networks, computers and devices, wireless systems, and
employees. Penetration tests can be either external or internal depending on the goal of the
project.
An external penetration test researches and attempts to exploit vulnerabilities that could be
performed by an external user without proper access and permissions. An internal penetration
test is similar to a vulnerability assessment, however, it takes a scan one step further by
attempting to exploit the vulnerabilities and determine what information is actually exposed.
External Penetration Test
External penetration testing consists of testing vulnerabilities to review the chances of being
attacked by any remote attacker. By exploiting the found vulnerabilities it identifies the
information being exposed to outsiders.

The main objective of this test is to simulate an attack on the internal network by mimicking
the actions of an actual threat actor.
This type of penetration testing attempts to find and exploit vulnerabilities of a system to steal
or compromise the organization’s information. As a result, the test will show whether the
implemented security measures are enough to secure an organization and to assess its capability
to defend against any external attack.
On average, an external penetration test will take 2-3 weeks to complete. However, this
depends on the complexity of the system, the size of the network, and the goals of the test itself.
Examples of external penetration tests include:
 Configuration & Deployment Management Testing
 Identity Management Testing
 Authentication Testing
 Authorization Testing
 Session Management Testing, Input Validation Testing
  Testing for weak Cryptography
 Business Logic Testing
 Client Side Testing
 Testing for Error Handling.

Testing methodologies include:

 Footprinting
 Checking for public information and other information leakages.
 System Scanning/Port Scanning/Service Scanning for vulnerabilities
 Manual testing identified vulnerabilities.
 IDS/IPS Testing
 Password Strength Testing

Internal Penetration Test

An internal penetration test uses a different way of dealing with the attacks and comes into the
picture after completion of an external penetration test. In this test, the main focus is to identify
what could be accomplished by an attacker who has internal access to your network.
Prior to engaging with a vendor consider having the following checklist of items available:
 Your goals for performing a pen test.
 The number of internal workstations on the network.
 The number of servers.
 The total number of internal and external IPs.

This can be a threat actor who penetrated the organization’s external defence systems or it
can be an employee, contractor, or other staff with internal access.
Internal penetration tests include using:
 Computer Systems
 Access Points
 WiFi Networks
  Firewalls
 IDS/IPS
 Local Servers
 Employees
Once those vulnerabilities are identified, testers exploit them to discover the impact of an attack
and show the weakness/entry points to the organization.
Internal penetration testing is not just limited to exploiting internal network vulnerabilities, but
it also includes privilege escalation, malware spreading, man in the middle attacks (MITM),
credential stealing, monitoring, information leakage or any other malicious activity.
You might be wondering why you would conduct an internal penetration test, to begin with,
given your systems are supposedly secure from any external threats.
However, internal tests provide the results to an organization that should an attacker manage
to gain access equivalent to an insider, or if any malicious internal user tries to break the
security, what impactful it could have in terms of disclosure, misuse, alteration, or destruction
of organization’s confidential information.
Testing methodologies include:
 Internal Network Scanning
 Port Scanning and System Fingerprinting
 Finding vulnerabilities
 Exploiting
 Manual Vulnerability Testing and Verification
 Firewall and ACL Testing
 Administrator Privileges Escalation Testing
 Password Strength Testing
 Network Equipment Security Controls Testing
 Database Security Controls Testing
 Internal Network Scan for Known Trojans
 Third-Party/Vendor Security Configuration Testing
Conclusion
For every organization, it’s best practice to perform an external and internal penetration test
along with regular security audits to ensure the security of their IT System and determine what
information can be exposed to the attackers. It is also necessary because of IT Security Rules
& Regulations and Guidelines like GLBA, FFIEC, NCUA, HIPAA, and etc.
The Law related to Cyber Crimes in India
The cyber crime is different from any other crime happening in the society. The cyber crime
define to criminal activity in which computers or computer networks are a tool a target or a
place of criminal activity and include everything from electronic wracking to denial of services
attacks. It's a general term that covers crimes like phishing, credit card frauds, bank robbery,
illegal downloading, child pornography, kidnapping children via chat rooms, scams, cyber
terrorism, and distribution of viruses etc.
Cyber Offences under penal code 1860:
The major substantive criminal law is the Indian Penal Code a complete code which deals with
all the offences including cyber crimes. Therefore, this conventional criminal law is sufficient
to deal with all kinds of crimes including cyber crimes. India enacted the information
Technology Act, 2000 basically to regulate e- commerce.
Acts Offences Under IPC Provision Of IPC

1 Sending threatening message Criminal Intimidation Section 503

2 Sending defamatory message Defamation Section 499
3 Bogus websites, cyber frauds Cheating Section 420
4 Spoofing/Forged e-records Forgery Section 463
5 Web-jacking Extortion Section 383
6 Pornography Obscenity Section 292
7 On-line harassment Stalking Section 354-D

Describes the Article:

 The crime done with the help of a computer network is termed as cyber crime
 Cyber crime can harm your privacy and security
 Cyber crime is an illegal act that tends to hack your private data
 Cybercriminals try to gain money through illegal methods
Types of Cyber Crimes:
1. Hacking
2. Cracking
3. Cyber-Stalking
4. E-mail Spoofing
5. SMS Spoofing
6. Cheating & fraud
7. Child Pornography
8. Transmitting Virus etc.
Information Technology Act, 2000 (IT Act):
It is the first cyberlaw to be approved by the Indian Parliament. The Act defines the following
as its object:
“to provide legal recognition for transactions carried out by means of electronic data
interchange and other means of electronic communication, commonly referred to as electronic
methods of communication and storage of information, to facilitate electronic filing of
documents with the Government agencies and further to amend the Indian Penal Code,
the Indian Evidence Act, 1872, the Banker’s Book Evidence Act, 1891 and the Reserve Bank of
India Act, 1934 and for matters connected therewith or incidental thereto.”
However, as cyber-attacks become dangerous, along with the tendency of humans to
misunderstand technology, several amendments are being made to the legislation. It highlights
the grievous penalties and sanctions that have been enacted by the Parliament of India as a
means to protect the e-governance, e-banking, and e-commerce sectors. It is important to note
that the IT Act’s scope has now been broadened to include all the latest communication devices.
The Act states that an acceptance of a contract may be expressed electronically unless otherwise
agreed and that the same shall have legal validity and be enforceable. In addition, the Act is
intended to achieve its objectives of promoting and developing an environment conducive to
the implementation of electronic commerce.
The important provisions of the Act
The IT Act is prominent in the entire Indian legal framework, as it directs the whole
investigation process for governing cyber crimes. Following are the appropriate sections:
 Section 43: This section of the IT Act applies to individuals who indulge in cyber
crimes such as damaging the computers of the victim, without taking the due
permission of the victim. In such a situation, if a computer is damaged without the
owner’s consent, the owner is fully entitled to a refund for the complete damage.
 Section 66: Applies to any conduct described in Section 43 that is dishonest or
fraudulent. There can be up to three years of imprisonment in such instances, or a
fine of up to Rs. 5 lakh.
 Section 66B: This section describes the penalties for fraudulently receiving stolen
communication devices or computers, and confirms a possible three-year prison
sentence. Depending on the severity, a fine of up to Rs. 1 lakh may also be imposed.
 Section 66C: The focus of this section is digital signatures, password hacking, and
other forms of identity theft. This section imposes imprisonment upto 3 years along
with one lakh rupees as a fine.
 Section 66D: This section involves cheating by personation using computer
Resources. Punishment if found guilty can be imprisonment of up to three years
and/or up-to Rs 1 lakh fine.
 Section 66E: Taking pictures of private areas, publishing or transmitting them
without a person’s consent is punishable under this section. Penalties, if found
guilty, can be imprisonment of up to three years and/or up-to Rs 2 lakh fine.
 Section 66F: Acts of cyber terrorism. An individual convicted of a crime can face
imprisonment of up to life. An example: When a threat email was sent to the
Bombay Stock Exchange and the National Stock Exchange, which challenged the
 security forces to prevent a terror attack planned on these institutions. The criminal
was apprehended and charged under Section 66F of the IT Act.
 Section 67: This involves electronically publishing obscenities. If convicted, the
prison term is up to five years and the fine is up to Rs 10 lakh.
Positive and negative aspects of the IT Act
This legislation contains the following benefits:
 Several companies are now able to conduct e-commerce without any fear because
of the presence of this Act. Until recently, the development of electronic commerce
in our country was hindered primarily due to a lack of legal infrastructure to govern
commercial transactions online.
 Digital signatures are now able to be used by corporations to conduct online
transactions. Digital signatures are officially recognized and sanctioned by the Act.
 Additionally, the Act also paves the way for corporate entities to also act as
Certification Authorities for the issuance of Digital Signature Certificates under the
Act. There are no distinctions in the Act as to what legal entity may be designated
as a Certifying Authority, provided the government’s standards are followed.
 Furthermore, the Act permits the companies to electronically file any of their
documents with any office, authority, body or agency owned or controlled by the
appropriate government by using the electronic form prescribed by that government.
 It also provides information on the security concerns that are so crucial to the success
of the use of electronic transactions. As part of the Act, the term secure digital
signatures were defined and approved, which are required to have been submitted
to a system of a security procedure. Therefore, it can be assumed that digital
signatures are now secured and will play a huge part in the economy. Digital
signatures can help conduct a secure online trade.
It is common for companies to have their systems and information hacked. However, the IT
Act changed the landscape completely. A statutory remedy is now being provided to corporate
entities in the event that anyone breaches their computer systems or network and damages or
copies data. Damages are charged to anyone who uses a computer, computer system or
computer network without the permission of the owner or other person in charge.
 Cyber Jurisdiction in India

Introduction
Today a world cannot be imagined without the internet connectivity which has become a basic
necessity of a human being. This global network has made the life easier through its immense
contribution in communication and information sharing. It is playing a pivotal role in almost
every field of life either its education, business, politics, medicine, infrastructure or science and
technology.
The advent of internet culture gave the concept of a virtual world called as Cyber space which
is basically a virtual environment created by interconnected computers and computer networks
on internet without any boundary of distance and physical limitations. Cyber space is a broad
term which includes computers, networks, software, data storage devices, the Internet,
websites, emails and even electronic devices such as cell phones, ATM machines etc.
Just like every coin has two sides the same goes with the cyberspace technologies which has
its own pros and cons, there is no doubt that it has simplified our life to a greater extent but the
dark side of the story reveals that in recent years the computer technology and cyber space has
became an invitation to cyber threats.
The issue of cyber threat involves the criminal activities ranging from minor electronic crimes
to more serious offences such as illegal gambling, theft of personal information, cyber bulling,
cyber stalking, cyber defamation, web jacking, data diddling etc however these offences are
not only the concern but it also raises the question of jurisdiction in order to deal with the cases
of such cyber-crimes. It is evident that cyber space has no restriction of a physical boundary
therefore it becomes convenient for criminals to access the system from any part of the world
with the means of computer or any electronic devices.
For instance, A person sitting in china could break into a bank's host computer in India and
transfer millions of Rupees to another bank in Switzerland, all within a blink of an eye. Only
thing he would require to do this is a computer and a cell phone device. Once the crime has
been committed the confusion of jurisdiction arises as to where the complaint should be logged
for the trial of such cases. This is because of the disparities among the laws of different
countries to deal with cyber crime cases.
Jurisdiction over cyber crime and national laws
Jurisdiction is the power or authority of the court to hear and determine the cause and adjudicate
upon the matter that are litigated before it or the power of the court to take cognizance of the
matter brought before it but when it comes to determine the jurisdiction in context of cyber
space it becomes strenuous part of law.
In common parlance Jurisdictions is of two types:
 Subject jurisdiction allows the court to decide cases of a particular category and to
check whether the claim is actionable in the court where the case has been filed.
 Personal jurisdiction allows a court to decide on matters related to citizens or people of
its territory, the person having some connection to that territory, irrespective of where
the person is presently located. Every state exercises the personal jurisdiction over the
people within its territory
The concept of jurisdiction can be understood in a better way with reference to section 15 to
20 of code of civil procedure (1908) which talks about the place of suing or the subject matter
jurisdiction and section 20 of this code specifically speaks about any other category of suit
which is not covered in sec 15 to 19 of the code.
Section 20 serves important ingredients for the purpose of institution of other suit in a court
within the local limits of whose jurisdiction'[1]:
a. The defendant or each of the defendants resides, or carries on business, or personally
works for gain at the time of the commencement of suit.
b. Any of the defendants, where there are more than one defendants resides, or carries on
business, or personally works for gain at the time of the commencement of suit provided
that in such cases either the leave of the court is given, or the defendants who do not
reside, or carry on business, or personally works for gain, as aforesaid, acquiesce in
such institution or,
c. The cause of action wholly or partially arises.
However, this section doesn't seem to be fit in virtual world. The issue with the cyber space
jurisdiction is the presence of multiple parties across various part of the globe who only have
virtual connections among them therefore we cannot have a clear idea about the parties and the
place of suing so that the jurisdiction of the court could be determined to try such cases.

The substantive source of cyber law in India is the Information Technology Act, 2000 (IT Act)
which came into force on 17 October 2000. The objective of the Act is to provide legal
recognition to e- commerce and to facilitate storage of electronic records with the Government.
The IT Act also penalizes various cybercrimes and provides strict punishments. In pursuant to
this there are certain provision under this act which renders the idea of jurisdiction of court for
the trial of cases pertaining cyber crimes in India as well as outside India.

Such provisions of IT Act are as follows:

Sec 1 specifies the extent of the application of this act. It states that:[2]
(2) It shall extend to the whole of India and, save as otherwise provided in this Act, it applies
also to any offence or contravention thereunder committed outside India by any person.
Sec 75 deals with the provisions of the act to apply for offences or contravention committed
outside India.
It states that[3]:
1. subject to the provision of sub section (2), the provision of this act shall also apply to
any offence or contravention committed outside India by any person irrespective of his
nationality.
2. For the purpose of sub section (1), this act shall apply to an offence or contravention
committed outside India by any person if the act or conduct constituting the offence or
contravention involves a computer, computer system or computer network located in
India.
Comment: The above sections sec1(2) and sec 75 of the IT Act applies to any offence or
contravention committed in India as well as outside India. The application of this act outside
India is empowered by invoking the power of extra territorial jurisdiction of nation It is
immaterial to the fact that whether the offender is citizen of India or not and whether the crime
has been committed inside or outside of India because it applies to any person irrespective of
their nationality if he harms or tries to the computer, computer system or network located in
India either by operating in India or from any part of the world.
Sec 46 of the Act renders power to adjudicate in case of contravention of any provision of this
act and for the purpose adjudging it provides for the appointment of adjudicating officer who
is vested with the powers of civil courts which are conferred on the Cyber Appellate Tribunal
Sec (48) of the act provides for the Establishment of Cyber Appellate Tribunal[4].
(1) The Central Government shall, by notification, establish one or more appellate tribunals to
be known as the Cyber Regulations Appellate Tribunal.
Comment- This tribunal is established by the government under this Act and the government
itself decides the matters and places as to where the tribunal would exercise its jurisdiction. It
is considered as the first appellate tribunal where the appeal from the orders of control board
or the adjudicating officers is preferred. Further any person aggrieved by the decision of
appellate tribunal may prefer appeal in High Court within sixty days from the date of
communication of such decision or order.
The Information Technology Act 2000 seems exhaustive when it comes to adjudicate the
matter where the parties are Indian citizen and the offence or any contravention has been
committed in India as the Indian Courts follow the Principle of lex foris that means the law of
the country but it still creates confusion in order to exercise its extra territorial jurisdiction
where the offence has been committed outside India or by any non-citizen.
For instance, if an American citizen damaged the reputation of one of the Indian Politician by
publishing lewd comments through the social media and the aggrieved person approached to
Indian court for the justice. It is obvious that IT act, 2000 provides for extra territorial
jurisdiction but the issue arises here that how far would it be effective to bring the American
citizen to India to be prosecuted for cyber defamation as the IT Act is not applicable to the
American citizen.
Apart of IT Act 2000, there are other relevant legislation under Indian laws that gives the
authority to India Courts to adjudicate the matters related to cyber-crimes such as:
Sec 3 and 4 of Indian penal code 1882 also deals with the extra territorial jurisdiction of Indian
courts[5].
Section 188 of CrPC 1973 provides that even if a citizen of India outside the country commits
the offence, the same is subject to the jurisdiction of courts in India. Section 178 deals with the
crime or part of it committed in India and Section 179 deals with the consequences of crime in
Indian Territory[6].