DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

Unit-1
CYBER SECURITY (CS 413)
IV BTECH-I SEM

PREPARED BY
Prof. K.Kiran Kumar
HOD, CSE & CSIT

CSE, CIET
CHALAPATHI 1

Institute of Engineering & Technology

INTRODUCTION TO CYBER
SECURITY
Cybersecurity is primarily about people, processes, and technologies
working together to encompass the full range of threat reduction,
vulnerability reduction, deterrence, international engagement, incident
response, resiliency, and recovery policies and activities, including
computer network operations, information assurance, law enforcement,
etc."

 Cybersecurity is the protection of Internet-connected systems, including

hardware, software, and data from cyber attacks. It is made up of two
words one is cyber and other is security. Cyber is related to the technology
which contains systems, network and programs or data. Whereas security
related to the protection which includes systems security, network security
and application and information security.
CSE, CIET 2
 It is the body of technologies, processes, and practices
designed to protect networks, devices, programs, and data
from attack, theft, damage, modification or unauthorized
access.

 It may also be referred to as information technology

security.

 We can also define cyber security as the set of principles and

practices designed to protect our computing resources and
online information against threats.

CSE, CIET 3
Why is cyber security important?

 We live in a digital era which understands that our private information

is more vulnerable than ever before.

 We all live in a world which is networked together, from internet

banking to government infrastructure, where data is stored on
computers and other devices.

 As the volume of cyber-attacks grows, companies and organizations,

especially those that deal information related to national security,
health, or financial records, need to take steps to protect their
sensitive business and personal information.

CSE, CIET 4
History of Cyber Security
 In 1969, Leonard Kleinrock, professor of UCLA and student, Charley Kline,
sent the first electronic message from the UCLA SDS Sigma 7 Host computer
to Bill Duvall, a programmer, at the Stanford Research Institute. This is a well-
known story and a moment in the history of a digital world

 In 1970's, Robert (Bob) Thomas who was a researcher for BBN

Technologies in Cambridge, Massachusetts created the first computer worm
(virus).

 In American computer programmer named Ray Tomlinson, the inventor of

email, was also working for BBN Technologies at the time. He saw this idea
and liked it. He tinkered (an act of attempting to repair something) with the
program and made it self-replicating "the first computer worm." He named
the program Reaper, the first antivirus software which would found
CSE, CIET 5

copies of The Creeper and delete it.

What is computer security?

 Computer security basically is the protection of computer systems and

information from harm, theft, and unauthorized use. It is the process of
preventing and detecting unauthorized use of your computer system.

 Often people confuse computer security with other related terms like
information security and cybersecurity. One way to ascertain the similarities and
differences among these terms is by asking what is being secured. For example,

 Information security is securing information from unauthorized access,

modification & deletion

 Computer Security means securing a standalone machine by keeping it updated

and patched

 Cybersecurity is defined as protecting computer systems, which communicate

over the computer networks
CSE, CIET 6
 Components of computer system

 The components of a computer system that needs to be protected

are:

 Hardware, the physical part of the computer, like the system memory
and disk drive

 Firmware, permanent software that is etched into a hardware

device’s nonvolatile memory and is mostly invisible to the user

 Software, the programming that offers services, like operating

system, word processor, internet browser to the user

CSE, CIET 7
 Computer security is mainly concerned with three main areas:

 Confidentiality is ensuring that information is available only to the

intended audience

 Integrity is protecting information from being modified by

unauthorized parties

 Availability is protecting information from being modified by

unauthorized parties

CSE, CIET 8
  Computer Security Practices
 Computer security threats are becoming relentlessly inventive these days. There is much
need for one to arm oneself with information and resources to safeguard against these
complex and growing computer security threats and stay safe online. Some preventive
steps you can take include:
 Secure your computer physically by:
 Installing reliable, reputable security and anti-virus software
 Activating your firewall, because a firewall acts as a security guard between the internet and
your local area network
 Stay up-to-date on the latest software and news surrounding your devices and perform
software updates as soon as they become available
 Avoid clicking on email attachments unless you know the source
 Change passwords regularly, using a unique combination of numbers, letters and case
types
 Use the internet with caution and ignore pop-ups, drive-by downloads while surfing
 Taking the time to research the basic aspects of computer security and educate yourself
on evolving cyber-threats
 Perform daily full system scans and create a periodic system backup schedule to ensure
your data is retrievable should something happen to your computer.
CSE, CIET 9
 THREATS

 In computer security, a threat is a possible danger that might exploit a

vulnerability to breach security and therefore cause possible harm.

 A potential cause of an incident, that may result in harm of systems and

organization.

 A threat can be either "intentional" (i.e. hacking: an individual cracker or a

criminal organization) or "accidental" (e.g. the possibility of a computer
malfunctioning, or the possibility of a natural disaster such as an
earthquake, a fire, or a tornado) or otherwise a circumstance, capability,
action, or event

 A cyber or cybersecurity threat is a malicious act that seeks to damage

data, steal data, or disrupt digital life in general. Cyber attacks
include threats like computer viruses, data breaches, and Denial of Service
(DoS) attacks
CSE, CIET 10
 Threats classification

 Threats can be classified according to their type and origin:

 Types of threats:
 Physical damage: fire, water, pollution

 Natural events: climatic, seismic, volcanic

 Loss of essential services: electrical power, air conditioning,

telecommunication

 Compromise of information: eavesdropping, theft of media, retrieval of

discarded materials

 Technical failures: equipment, software, capacity saturation,

 Compromise of functions: error in use, abuse of rights, denial of actions

CSE, CIET 11
 Common Cyber Threats

 If you suspect you may have been a target of any of the threats
included here, or have been targeted by any other cyber threat,
report it to your FSO or security point of contact immediately.

 Common cyber threats include:

 Phishing and spear phishing

 Malicious code

 Weak and default passwords

 Unpatched or outdated software vulnerabilities

 Removable media

CSE, CIET 12
 Harm

 The negative consequence of an actualized threat is harm;

 we protect ourselves against threats in order to reduce or eliminate

harm.

 We have already described many examples of computer harm:

 a stolen computer, modified or lost file, revealed private letter, or

denied access to data.

 These events cause harm that we want to avoid.

 The negative consequence of an actualized threat is harm;

 we protect ourselves against threats in order to reduce or eliminate

harm.

CSE, CIET 13
 Vulnerability

 A computer vulnerability is a cybersecurity term that refers to a

defect in a system that can leave it open to attack. This vulnerability
could also refer to any type of weakness present in a computer itself,
in a set of procedures, or in anything that allows information security
to be exposed to a threat.

 In computer security, a vulnerability is a weakness which can be

exploited by a threat actor, such as an attacker, to perform
unauthorized actions within a computer system. To exploit a
vulnerability, an attacker must have at least one applicable tool or
technique that can connect to a system weakness. In this frame,
vulnerability is also known as the attack surface.

 Vulnerability management is the cyclical practice of identifying,

classifying, remediating, and mitigating vulnerabilities.
CSE, CIET 14
 Common Computer Security Vulnerabilities
 The most common computer vulnerabilities include:
 Bugs
 Weak passwords
 Software that is already infected with virus
 Missing data encryption
 OS command injection
 SQL injection
 Buffer overflow
 Missing authorization
 Use of broken algorithms
 URL redirection to untrusted sites
 Path traversal
 Missing authentication for critical function
 Unrestricted upload of dangerous file types
 Dependence on untrusted inputs in a security decision
 Cross-site scripting and forgery
 Download of codes without integrity checks
CSE, CIET 15
 Causes and Harms of Computer Security Vulnerabilities:
 Computer security vulnerability can harm five kinds of system
securities that include: Reliability, confidentiality, entirety, usability,
and undeniableness.
 Reliability: This refers to reducing incorrect false alarm in the
operation of a computer system and enhancing the efficiency of a
computer system.
 Confidentiality: This refers to protecting users’ information from
disclosure and getting by unauthorized third party.
 Entirety: This system security requires that information or programs
should not be forged, tampered, deleted or inserted deliberately in
the process of storing, operation and communication. In other words,
information or programs cannot be lost or destroyed.
 Usability: This ensures that users can enjoy the services offered by
computers and information networks.
 Undeniableness: This security refers to guaranteeing information
actors to be responsible for their behavior.

CSE, CIET 16
 Controls
 Security controls are safeguards or countermeasures to avoid, detect,
counteract, or minimize security risks to physical property,
information, computer systems, or other assets.

 According to their nature, for example:

 Physical controls e.g. fences, doors, locks and fire extinguishers;
 Procedural controls e.g. incident response processes, management
oversight, security awareness and training;
 Technical controls e.g. user authentication (login) and logical
access controls, antivirus software, firewalls;
 Legal and regulatory or compliance controls e.g. privacy laws,
policies and clauses.

CSE, CIET 17
 Cia Triad diagram

 A control or countermeasure is a means to counter threats. Harm occurs

when a threat is realized against a vulnerability. To protect against harm,
then, we can neutralize the threat, close the vulnerability, or both. The
possibility for harm to occur is called risk.

 We can deal with harm in several ways:

 • prevent it, by blocking the attack or closing the vulnerability

 • deter it, by making the attack harder but not impossible

 • deflect it, by making another target more attractive (or this one less so)

 • mitigate it, by making its impact less severe

 • detect it, either as it happens or some time after the fact

 • recover from its effects

CSE, CIET 18
 Authentication
 Definition: Authentication is the process of recognizing a user’s identity. It is the mechanism of
associating an incoming request with a set of identifying credentials. The credentials provided are
compared to those on a file in a database of the authorized user’s information on a local operating
system or within an authentication server.


 A computer system does not have the cues we do with face-to-face communication that let us recognize
our friends. Instead computers depend on data to recognize others. Determining who a person really is
consists of two separate steps:
 • Identification is the act of asserting who a person is.
 • Authentication is the act of proving that asserted identity: that the person is who she says she is.


 Identification is asserting who a person is.

 Authentication is proving that asserted identity.


 Identification is the ability to identify uniquely a user of a system or an application that is running in the
system. Authentication is the ability to prove that a user or application is genuinely who that person or
what that application claims to be.
 For example, consider a user who logs on to a system by entering a user ID and password. The system
uses the user ID to identify the user. The system authenticates the user at the time of logon by checking
that the supplied password is correct.
CSE, CIET 19
 Non-repudiation
 The non-repudiation service can be viewed as an extension to the
identification and authentication service. In general, non-repudiation
applies when data is transmitted electronically; for example, an order
to a stock broker to buy or sell stock, or an order to a bank to transfer
funds from one account to another.

 The overall goal of the non-repudiation service is to be able to prove

that a particular message is associated with a particular individual.

 The non-repudiation service can contain more than one component,

where each component provides a different function. If the sender of
a message ever denies sending it, the non-repudiation service
with proof of origin can provide the receiver with undeniable evidence
that the message was sent by that particular individual. If the
receiver of a message ever denies receiving it, the non-repudiation
service with proof of delivery can provide the sender with undeniable
evidence that the message was received by that particular individual.
CSE, CIET 20
 Authentication Based on Phrases and Facts: Something You
Know

 Password protection seems to offer a relatively secure system for

confirming identity related information, but human practice
sometimes degrades its quality. Let us explore vulnerabilities in
authentication, focusing on the most common authentication
parameter, the password. In this section we consider the nature of
passwords, criteria for selecting them, and ways of using them for
authentication. As you read the following discussion of password
vulnerabilities, think about how well these identity attacks would
work against security questions and other authentication schemes
with which you may be familiar. And remember how much
information about us is known—sometimes because we reveal it
ourselves—as described in below
CSE, CIET 21
 Facebook Pages Answer Security Questions George Bronk, a 23-year-old
resident of Sacramento, California, pleaded guilty on 13 January 2011 to
charges including computer intrusion, false impersonation, and
possession of child pornography. His crimes involved impersonating
women with data obtained from their Facebook accounts.

 According to an Associated Press news story , Bronk scanned Facebook

pages for pages showing women’s email addresses. He then read their
Facebook profiles carefully for clues that could help him answer security
questions, such as a favorite color or a father’s middle name. With these
profile clues, Bronk then turned to the email account providers. Using
the same technique as Kernell, Bronk pretended to have forgotten his
(her) password and sometimes succeeded at answering the security
questions necessary to recover a forgotten password. He sometimes
used the same technique to obtain access to Facebook accounts.
CSE, CIET 22
 Authentication Based on Biometrics: Something You Are
 Biometrics are biological properties, based on some physical characteristic of
the human body. The list of biometric authentication technologies is still
growing.
 Now devices can recognize the following biometrics:
 • fingerprint
 • hand geometry (shape and size of fingers)
 • retina and iris (parts of the eye)
 • voice
 • handwriting, signature, hand motion
 • typing characteristics
 • blood vessels in the finger or hand
 • face
 • facial features, such as nose shape or eye spacing
 Authentication with biometrics has advantages over passwords because a
biometric cannot be lost, stolen, forgotten, or shared and is always available,
always at hand, so to speak. These characteristics are difficult, if not
impossible, to forge.
CSE, CIET 23
 Access control is a method of limiting access to a system or to physical or virtual
resources. It is a process by which users can access and are granted certain
prerogative to systems, resources or information. Access control is a security
technique that has control over who can view different aspects, what can be viewed
and who can use resources in a computing environment. It is a fundamental concept
in security that reduces risk to the business or organization.
 Authentication Factors:
 Password or PIN
 Bio-metric measurement (fingerprint & ratina scan)
 Card or Key
 Different access control models are used depending on the compliance requirements
and the security levels of information technology that is to be protected. Basically
access control is of 2 types:
 Physical Access Control:
Physical access control restricts entry to campuses, buildings, rooms and physical IT
assets.
 Logical Access Control:
Logical access control limits connections to computer networks, system files and
data.
CSE, CIET 24
 Access Control Models:
 Attribute-based Access Control (ABAC):
In this model, access is granted or declined by evaluating a set of rules, policies, and relationships
using the attributes of users, systems and environmental conditions.
 Discretionary Access Control (DAC):
In DAC, the owner of data determines who can access specific resources.
 History-Based Access Control (HBAC):
Access is granted or declined by evaluating the history of activities of the inquiring party that
includes behavior, the time between requests and content of requests.
 Identity-Based Access Control (IBAC):
By using this model network administrators can more effectively manage activity and access based
on individual requirements.
 Mandatory Access Control (MAC):
A control model in which access rights are regulated by a central authority based on multiple levels
of security. Security Enhanced Linux is implemented using MAC on the Linux operating system.
 Organization-Based Access control (OrBAC):
This model allows the policy designer to define a security policy independently of the
implementation.
 Role-Based Access Control (RBAC):
RBAC allows access based on the job title. RBAC eliminates discretion on a large scale when
providing access to objects. For example, there should not be permissions for human resources
specialist to create network accounts.
 Rule-Based Access Control (RAC):
RAC method is largely context based. Example of this would be only allowing students to use the
labs during a certain time of day.
CSE, CIET 25
 CRYPTOGRAPHY

 Cryptography is a technique of transforming and transmitting confidential data in an

encoded way so that only authorized and intended users can obtain or work on it. It is a
Greek origin word in which “crypto” means hidden and “graphy” means writing , so
cryptography means hidden or secret writing.

 Modern Usage of Cryptography

 1. Confidentiality
 This deals with how many people can understand the information that is being transmitted
other than the two parties that are engaged in the conversation. If more people are able to
read the files, it means the communication system is not secure.
 2. Integrity
 This deals with how easily the information that is being transmitted may be altered on its
way from one spot to another without either the sender or the receiver being aware of the
changes to its content.
 3. Non-repudiation
 Whether or not the creator of the piece of communication may be able to deny the
intentions behind creating the message or its mode of transmission at a later stage.
 4. Authentication
 The sender and the receiver should both be able to confirm each other's identity as well as
the point of origin of the transmitted information. This is a crucial first step towards
establishing the veracity of the transmitted file.
CSE, CIET 26
 Cryptographic Attacks

 It is a common observation that the network administrators invest time and

money to design security around the applications, servers and other
infrastructure components, but tend to take cryptographic security less
seriously.
 SSL MITM attack
 In this type, the attacker intrudes into the network and establishes a
successful man-in-the-middle connection. Attacker silently watches the
HTTPS traffic on the wire, and waits for the targeted website to respond to
some browser's HTTPS request.
 SSL MITB attack
 Similar to the attack mentioned above, in this type attacker injects a
JavaScript code snippet into the browser to create a man-in-the-browser
situation. This snippet monitors all SSL activities and records the session.
While this is happening, the attacker also records encrypted version of the
same session and programmatically tries to find out cipher strength and the
key, besides stealing data. This attack is becoming more popular lately, due
to multiple open source browsers and various security vulnerability problems
with each of those.
CSE, CIET 27
 Key Hijacking

 This is another intrusive type of attack whereby the attacker gains

access into the web server which hosts the website.

 Birthday attack targets on the hash, and needs multiple attackers

coming together who individually capture chunks of data and share it
among themselves. Each chunk is then analyzed programmatically to
create additional set of data, in such a way that the hash of it
matches that of the data chunk. In other words, for a given chunk of
data and hash combination, the mathematical algorithm creates a
clone data set. Further process of the original data chunk and the
resultant data set, helps derive the encryption key. This attack is a
very time consuming and technically complex type, but can be
possible using multiple powerful computing machines and software
programs.
CSE, CIET 28
 A chosen dataset method consists of two different types. In first type,
called chosen plaintext, attacker is assumed to have access to the
original data and the encrypted version of it. Attacker then applies
multiple encryption keys to the original data, each time the output is
compared with the already encrypted version. If the result is positive,
it means the key is derived. In the second type, called chosen
ciphertext, attacker has the cipher text and also the decrypted
version of it. Again, attacker tries multiple keys until the output
matches that of the decrypted version obtained already. These
attacks are bit less time consuming, however need attacker to gain
enormous amount of data and computational power to seek the
desired results.

CSE, CIET 29
 Browser Attacks
 WHAT IS A WEB BROWSER?

 The web browser is a software application that allows users to view and interact with content on
a web page, such as text, graphics, video, music, games, or other material.1 It is a very popular
method by which users access the Internet. Of the various web browsers currently available,
Internet Explorer, Mozilla Firefox, Opera, and Safari are the most prevalent. Plugins, also known as
add-ons, are applications that extend the functionality of browsers. Some of the more familiar
plug-ins include Flash Player, Java, Media Player, QuickTime Player, Shockwave Player, RealOne
Player, and Acrobat Reader. Based on how a web page was designed, specific plug-ins may be
required to view some content.

 Assailants go after a browser to obtain sensitive information, such as account numbers or

authentication passwords; to entice the user, for example, using pop-up ads; or to install
malware. There are three attack vectors against a browser:

 • Go after the operating system so it will impede the browser’s correct and secure functioning.

 • Tackle the browser or one of its components, add-ons, or plug-ins so its activity is altered.

 • Intercept or modify communication to or from the browser.

CSE, CIET 30
 WHAT CAN I DO TO PROTECT MYSELF FROM BROWSER ATTACKS?
 You can take a number of steps to protect yourself from browser attacks. Your
company or agency’s IT department should already have implemented these
steps, but you can also apply them to your home computer:
 • Keep your browser(s) updated and patched.
 • Keep your operating system updated and patched.
 • Use anti-virus and antispyware software, and keep your definitions up to date.
Recommended software for the individual user includes Comodo
(www.comodo.com), ZoneAlarm (www.zonealarm.com), and Blink (
www.eeye.com).
 • Keep your applications (programs), such as multi-media programs used for
viewing videos, updated and patched, particularly if they work with your
browser.
 • Install a firewall between your computer and the Internet and keep it updated
and patched.
 • Block pop-up windows, some of which may be malicious and hide attacks. This
may block malicious software from being downloaded to your computer.
 • Tighten the security settings on your browsers. Check the settings in the
security, privacy, and content sections in your browser. The minimum level
should be medium.
CSE, CIET 31
 BROWSER ATTACK TYPES

 MAN-IN-THE-BROWSER ATTACKS
 A man-in-the-browser (MITB) attack uses a Trojan to infect the
victim’s internet browser and modify information as it is exchanged
between the browser interface and the internet. Unlike some other
web attacks, the user is not redirected to a malicious URL. Browsing
and transactions take place as normal, but the malware interposes
itself between the web application and the user’s browser, capturing
and relaying sensitive information back to the attacker. It can also
modify how the webpage appears, injecting form fields to capture
additional information. Attackers can steal personal information, such
as login credentials, account details and even social security or
passport numbers. While typically targeting financial sites, the stolen
data is often sold on underground markets and can be used to gain
entry to corporate networks, especially as 60% of internet users
reuse passwords across multiple accounts.
 Man-in-the-browser: Trojan horse that intercepts data passing through
the browser.
CSE, CIET 32
 PAGE-IN-THE-MIDDLE ATTACK

 A page-in-the-middle attack is another type of browser attack in which a user is redirected to

another page. Similar to the man-in-the-browser attack, a page attack might wait until a user

has gone to a particular web site and present a fictitious page for the user. As an example,

when the user clicks “login” to go to the login page of any site, the attack might redirect the

user to the attacker’s page, where the attacker can also capture the user’s credentials.

 USER-IN-THE-MIDDLE ATTACK

 A different form of attack puts a human between two automated processes so that the human

unwittingly helps spammers register automatically for free email accounts.

 A CAPTCHA is a puzzle that supposedly only a human can solve, so a server application can

distinguish between a human who makes a request and an automated program generating the

same request repeatedly. Think of web sites that request votes to determine the popularity of

television programs. To avoid being fooled by bogus votes from automated program scripts,

the voting sites sometimes ensure interaction with an active human by using CAPTCHAs (an

acronym for Completely Automated Public Turing test to tell Computers and Humans Apart—
CSE, CIET 33

sometimes finding words to match a clever acronym is harder than doing the project itself).
 UI-REDRESS ATTACK

 Commonly called clickjacking, this type of attack tricks a user into unknowingly
clicking on a button or link that enables a malicious action. The attacker uses
hidden iframes, text boxes or stylesheets to disguise the real click action, while
the user thinks they are clicking on something innocuous such as an antivirus
alert or a “like” button.

 ADWARE

 Adware is usually installed together with a free or shareware program. It is also

delivered via drive-by-download. These days, adware is more than just a
nuisance. Much of today’s adware borders on spyware. It can collect user
information, hijack the browser and search engine, redirect to unknown websites
and/or display pop-up ads, which may or may not be malicious download links in
disguise. In addition, many strains of adware are being incorporated as part of
broader attacks with sophisticated, evasive techniques to penetrate operating
systems and bypass security defenses.
CSE, CIET 34
 CROSS-SITE REQUEST FORGERY

 A CSRF attack steals a victim’s session cookie and other

authentication information used to login to a vulnerable website.
Once complete, the attacker can take control of the victim’s session,
for instance on a banking site, and have complete control over the
account. However, because the website believes a legitimate user is
logged in, it’s very hard to detect when this attack is successful.
 USING COMPONENTS WITH KNOWN VULNERABILITIES
 Components, such as libraries, frameworks, and other software
modules that have known vulnerabilities have become low hanging
fruit for attackers. However, as we saw with the recent HeartBleed
bug, effective patch management and secure coding can be difficult,
especially for complex web applications. Applications using
components with known vulnerabilities may undermine application
defenses and enable a range of possible attacks and impacts.

CSE, CIET 35
 Web Attacks Targeting Users
 1. Drive-By Downloads

 Drive-by downloads are a central part of many of the most

sophisticated Web attacks that criminals perpetrate against online
users. They are so dangerous because they require no user action to
download malicious content onto an endpoint. What's more, these
attacks are often unleashed from legitimate sites.

 Drive-by downloads are typically deployed by hackers who have

taken advantage of Web vulnerabilities such as SQL injection that can
be exploited to "allow attackers to change the content of a website,"
says Chris Wysopal, CTO at the app security testing company
Veracode.

CSE, CIET 36
 Clickjacking

 If the attacker requires extra interaction from the user to load

malware, this will be accomplished through an attack called
"clickjacking."

 "The purpose of this attack is to open the target website in an

invisible frame and get the user to click somewhere in the frame
when they don't even know they're clicking in that website," says Ari
Elias-Bachrach, application security consultant and trainer for security
consultancy Defensium. "In this way, you can trick the user into
making a mouse click that does something [malicious] on the
website."

CSE, CIET 37
 Plug-In- And Script-Enabled Attacks

 Not only do attackers look for vulnerabilities within the browser itself,
they also frequently ferret out bugs in browser plug-ins and scripting
programming to help them carry out drive-by downloads and
clickjacking attacks.

 Since these attacks rely on known vulnerabilities, "make sure users

keep browsers and browser plug-ins updated to the latest versions by
enabling auto-update functions," says Wolfgang Kandek, CTO of
vulnerability management firm Qualys.

CSE, CIET 38
 Advanced Phishing Attacks

 While phishing attacks are typically associated with email, most are
perpetrated via links to malicious content on the Web, whether a
simple password capture form used in traditional phish attempts or a
malicious drive-by download in more advanced targeted attacks.

 Phishing attacks are designed to trick users into thinking they are a
link from an organization or person they know, making people feel
safe enough to click or divulge information they otherwise wouldn't.
Many corporate security training programs have helped users spot
the most obvious first-generation phishing attempts, which were
designed to steal credentials such as banking passwords. But
attackers are getting more crafty.

CSE, CIET 39
 Social (Engineering) Networks

 Millions of people sharing information on social networking sites such

as Facebook, Twitter, LinkedIn and Google+ creates "an ideal attack
bed for someone who wants to socially engineer a target individual,
group of individuals or an organization as a whole," says Joe DeSantis,
manager of incident response at security consultancy SecureState.

 If people don't configure their privacy settings very stringently,

attackers can simply troll their pages to dig up information about the
target and then hone a particularly effective spear-phishing email. Or
attackers can pose as friends or family to "friend" a target -- or a
friend of the target -- to gain that intelligence. They can also use a
social networking connection to directly send targets malicious links
on their walls or Twitter feeds.
CSE, CIET 40
 Watering Hole Attacks

 It's easy these days for attackers to use exploit kits to break into
legitimate sites and implant drive-by-download attacks. With
"watering hole attacks" they're taking that technique further. The
idea is that, just as a lion waits by a watering hole visited by the prey
it would like to eat, an attacker plants malware at news or networking
sites that he knows his targets are likely to visit. For example,
employees of an accounting firm are likely to visit an accounting
association website.

CSE, CIET 41
 Third-Party Web Apps

 As more employees do work via third-party Web applications,

criminals are having a heyday using these apps to compromise
endpoints and enterprise networks. If policies for third-party apps
aren't well-known and there are no controls in place to keep people
from installing them within the corporate environment, companies
can expect to find these apps in spades. Many people use Web apps
in their personal lives, so they may not think twice about allowing a
project management app to integrate with their Salesforce.com
identities, says Tsahy Shapsa, co-founder of cloud security firm
CloudLock.

CSE, CIET 42
 Obtaining User or Website Data
 Websites are built for human consumption, not machine. So it’s not always easy to get web data into a
spreadsheet for analysis or machine learning. Copying and pasting information from websites is time-
consuming, error-prone and not feasible.
 Web scraping is a way to get data from a website by sending a query to the requested page, then
combing through the HTML for specific items and organizing the data. If you don’t have an engineer on
hand, Import.io provides a no-coding, point and click web data extraction platform that makes it easy to
get web data.
 Here are the steps to get a data from a website:
 Step 1: First, find the page where your data is located. For instance, a product page on
Amazon.com.
 Step 2: Copy and paste the URL from that page into Import.io, to create an extractor that will
attempt to get the right data.
 Step 3: Click Go and Import.io will query the page and use machine learning to try to
determine what data you want.
 Step 4: Once it’s done, you can decide if the extracted data is what you need. In this case, we
want to extract the images as well as the product names and prices into columns. We trained
the extractor by clicking on the top three items in each column, which then outlines all items
belonging to that column in green.
 Step 5: Import.io then populates the rest of the column for the product names and prices.
 Step 6.:Next, click on Extract data from website.
 Step 7:Import.io has detected that the product listing data spans more than one page, so you
can add as many pages as needed to ensure that you get every product in this category into
your spreadsheet.
 Step 8: Now, you can download the images, product names, and prices.
 Step 9: First, download the product name and price into an Excel spreadsheet.
 Step 10: Next, download the images as files to use to populate your own website or
marketplace.
CSE, CIET 43
 Email Attacks
 Email Security refers to the security measures that an organization takes in order to
secure various aspects of its email system such as identity, content, media
attachments or email access.Email security can be a target of a phishing attack,
identity theft, spam emails and virus attacks.
 Types of Email Attacks
 Many people rely on the Internet for many of their professional, social and personal
activities. But there are also people who attempt to damage our Internet-connected
computers, violate our privacy and render inoperable the Internet services.
 Email is a universal service used by over a billion people worldwide. As one of the most
popular services, email has become a major vulnerability to users and organizations.
 Below are some of the most common types of Attacks:
 Phishing : Phishing is a form of fraud. Cyber criminals use email, instant messaging,
or other social media to try to gather information such as login credentials by
masquerading as a reputable person. Phishing occurs when a malicious party sends a
fraudulent email disguised as being from an authorized, trusted source. The message
intent is to trick the recipient into installing malware on his or her device or into
sharing personal or financial information.
 Spear phishing is a highly targeted phishing attack. While phishing and spear phishing
both use emails to reach the victims, spear phishing sends customized emails to a
specific person. The criminal researches the target’s interests before sending the
email.
CSE, CIET 44
 Vishing: Vishing is phishing using voice communication technology.
Criminals can spoof calls from authorized sources using voice over IP
technology. Victims may also receive a recorded message that
appears authorized. Criminals want to obtain credit card numbers or
other information to steal the victim’s identity. Vishing takes
advantage of the fact that people trust the telephone network.
 Smishing: Smishing is phishing using text messaging on mobile
phones. Criminals impersonate a legitimate source in an attempt to
gain the trust of the victim. For example, a smishing attack might
send the victim a website link. When the victim visits the website,
malware is installed on the mobile phone.
 Whaling: Whaling is a phishing attack that targets high profile
targets within an organization such as senior executives. Additional
targets include politicians or celebrities.
 Pharming: Pharming is the impersonation of an authorized website
in an effort to deceive users into entering their credentials. Pharming
misdirects users to a fake website that appears to be official. Victims
then enter their personal information thinking that they connected to
a legitimate site.
CSE, CIET 45
 Spyware: Spyware is software that enables a criminal to obtain information about a
user’s computer activities. Spyware often includes activity trackers, keystroke
collection, and data capture. In an attempt to overcome security measures, spyware
often modifies security settings. Spyware often bundles itself with legitimate software
or with Trojan horses. Many shareware websites are full of spyware.
 Scareware: Scareware persuades the user to take a specific action based on fear.
Scareware forges pop-up windows that resemble operating system dialogue windows.
These windows convey forged messages stating that the system is at risk or needs the
execution of a specific program to return to normal operation. In reality, no problems
exist, and if the user agrees and allows the mentioned program to execute, malware
infects his or her system.
 Adware: Adware typically displays annoying pop-ups to generate revenue for its
authors. The malware may analyze user interests by tracking the websites visited. It
can then send pop-up advertising relevant to those sites. Some versions of software
automatically install Adware.
 Spam: Spam (also known as junk mail) is unsolicited email. In most cases, spam is a
method of advertising. However, spam can send harmful links, malware or deceptive
content. The end goal is to obtain sensitive information such as a social security
number or bank account information. Most spam comes from multiple computers on
networks infected by a virus or worm. These compromised computers send out as
much bulk email as possible.
 Virus : Attacking with a virus through email is another form using email as a vector.
Creating a virus and implementing it requires a meticulous amount of planning, an
activity more likely to be conceived and executed by a group rather than an individual.
CSE, CIET 46