COMPUTER NETWORK SECURITY

UNIT –VI INTRODUCTION TO CYBER

SECURITY

Mrs.A.P.Kulkarni
Assistant Professor
Dept. Of Information Technology,
Sinhgad Institute of Technology, Lonavala

[email protected]
Cell. +91 9767009703

1
Sinhgad Institutes
 UNIT – VI INTRODUCTION TO CYBER SECURITY
Contents: Introduction to Cyber Security: Basic Cyber Security Concepts, Layers of security, Vulnerability, Threat, Harmful Acts-Malware,
Phishing, MIM Attack, DOS Attack, SQL Injection, Internet Governance – Challenges and Constraints, Computer Criminals, Assets and
Threat, Motive of Attackers, Software attacks, hardware attacks, Cyber Threats-Cyber Warfare, Cyber Crime, Cyber Stalking, Cyber Terrorism,
Cyber Espionage, Comprehensive Cyber Security Policy

Unit Objectives and outcomes: On completion the students will be able to:

To know the introduction to cyber security and their types

Unit outcomes : On completion the students will be able to

Student are able to understand the concept of cyber security and their types.

Outcome Mapping:
PEOs: POs:1,2,4 COs: 5,6 PSOs:2

Books used
•1. Behrouz A. Forouzan, TCP/IP Protocol Suite, McGraw Hill Education, ISBN: 978-0-07-070652-1, 4th Edition.
•2. C. Siva Ram Murthy, B. S. Manoj, Adhoc Wireless Networks: Architecture and Protocols, Pearson Education, ISBN: 978-81-317-0688-6,
1st Edition.
•3. Behrouz A. Forouzan, Data Communication and Networking, McGraw Hill Education, ISBN: 978-1-25-906475-3, 5th Edition.

Sinhgad Institutes
What is Cyber Security?
The technique of protecting internet-connected systems such as computers, servers, mobile
devices, electronic systems, networks, and data from malicious attacks is known as
cybersecurity.
We can divide cybersecurity into two parts one is cyber, and the other is security. Cyber refers
to the technology that includes systems, networks, programs, and data.
And security is concerned with the protection of systems, networks, applications, and
information.
In some cases, it is also called electronic information security or information technology
security.
"Cyber Security is the set of principles and practices designed to
protect our computing resources and online information against
threats."
Sinhgad Institutes
Types of Cyber Security
Every organization's assets are the combinations of a variety of different systems. These systems have a strong
cybersecurity posture that requires coordinated efforts across all of its systems. Therefore, we can categorize
cybersecurity in the following sub-domains:

Network Security: It involves implementing the hardware and software to secure a computer network from
unauthorized access, intruders, attacks, disruption, and misuse. This security helps an organization to protect its
assets against external and internal threats.

Application Security: It involves protecting the software and devices from unwanted threats. This protection can
be done by constantly updating the apps to ensure they are secure from attacks. Successful security begins in the
design stage, writing source code, validation, threat modeling, etc., before a program or device is deployed.

Information or Data Security: It involves implementing a strong data storage mechanism to maintain the integrity
and privacy of data, both in storage and in transit.

Identity management: It deals with the procedure for determining the level of access that each individual has
within an organization.

Sinhgad Institutes
Operational Security: It involves processing and making decisions on handling and securing data assets.

Mobile Security: It involves securing the organizational and personal data stored on mobile devices such as cell
phones, computers, tablets, and other similar devices against various malicious threats. These threats are
unauthorized access, device loss or theft, malware, etc.

Cloud Security: It involves in protecting the information stored in the digital environment or cloud architectures
for the organization. It uses various cloud service providers such as AWS, Azure, Google, etc., to ensure security
against multiple threats.

Disaster Recovery and Business Continuity Planning: It deals with the processes, monitoring, alerts, and plans
to how an organization responds when any malicious activity is causing the loss of operations or data. Its policies
dictate resuming the lost operations after any disaster happens to the same operating capacity as before the event.

User Education: It deals with the processes, monitoring, alerts, and plans to how an organization responds when
any malicious activity is causing the loss of operations or data. Its policies dictate resuming the lost operations after
any disaster happens to the same operating capacity as before the event.

Sinhgad Institutes
For cyber security professionals, understanding the 7 layers of security is the first step.
The 7 Layers of Security
Mission-Critical Assets
This is data that is absolutely critical to protect. Whether businesses would like to admit it or not, they face
malicious forces daily.
An example of mission-critical assets in the Healthcare industry is Electronic Medical Record (EMR) software. In
the financial sector, its customer’s financial records.
Data Security
Data security is when there are security controls put in place to protect both the transfer and the storage of data.
There has to be a backup security measure in place to prevent the loss of data, This will also require the use of
encryption and archiving. Data security is an important focus for all businesses as a breach of data can have dire
consequences.
Endpoint Security
This layer of security makes sure that the endpoints of user devices are not exploited by breaches. This includes the
protection of mobile devices, desktops, and laptops. Endpoint security systems enable protection either on a
network or in the cloud depending on the needs of a business.

Sinhgad Institutes
Application Security
This involves the security features that control access to an application and that application’s access to your assets. It also
includes the internal security of the app itself.
Most of the time, applications are designed with security measures that continue to provide protection when the app is in
use.
Network Security
This is where security controls are put in place to protect the business’s network. The goal is to prevent unauthorized
access to the network.
It is crucial to regularly update all systems on the business network with the necessary security patches, including
encryption. It’s always best to disable unused interfaces to further guard against any threats.

Perimeter Security
This security layer ensures that both the physical and digital security methods protect a business as a whole. It includes
things like firewalls that protect the business network against external forces.

The Human Layer

Despite being known as the weakest link in the security chain, the human layer is a very necessary layer. It incorporates
management controls and phishing simulations as an example.
These human management controls aim to protect that which is most critical to a business in terms of security. This
includes the very real threat that humans, cyber attackers, and malicious users pose to a business.
Sinhgad Institutes
Vulnerabilities in Information Security
Vulnerabilities are weaknesses in a system that gives threats the opportunity to compromise assets. All systems have
vulnerabilities. Even though the technologies are improving but the number of vulnerabilities are increasing such as tens of
millions of lines of code, many developers, human weaknesses, etc. Vulnerabilities mostly happened because of Hardware,
Software, Network and Procedural vulnerabilities.

1. Hardware Vulnerability:
A hardware vulnerability is a weakness which can used to attack the system hardware through physically or remotely.

For examples:
Old version of systems or devices
Unprotected storage
Unencrypted devices, etc.

2. Software Vulnerability:
A software error happen in development or configuration such as the execution of it can violate the security policy.

For examples:
Lack of input validation
Unverified uploads
Unencrypted data, etc.
Sinhgad Institutes
3. Network Vulnerability:
A weakness happen in network which can be hardware or software.
For examples:
Unprotected communication
Malware or malicious software (e.g.: Viruses, Keyloggers, Worms, etc)
Social engineering attacks
Misconfigured firewalls
4. Procedural Vulnerability:
A weakness happen in an organization operational methods.
For examples:
Password procedure – Password should follow the standard password policy.
Training procedure – Employees must know which actions should be taken and what to do to handle the
security. Employees must never be asked for user credentials online. Make the employees know social
engineering and phishing threats.
Sinhgad Institutes
Threats to Information Security

Information Security threats can be many like Software attacks, theft of intellectual property, identity theft, theft
of equipment or information, sabotage, and information extortion.

Threat can be anything that can take advantage of a vulnerability to breach security and negatively alter, erase,
harm object or objects of interest.

Software attacks means attack by Viruses, Worms, Trojan Horses etc. Many users believe that malware, virus,
worms, bots are all same things. But they are not same, only similarity is that they all are malicious software that
behaves differently.

Malware is a combination of 2 terms- Malicious and Software. So Malware basically means malicious software
that can be an intrusive program code or anything that is designed to perform malicious operations on system.

Malware can be divided in 2 categories:

Infection Methods
Malware Actions
Sinhgad Institutes
Malware on the basis of Infection Method are following:
Virus – They have the ability to replicate themselves by hooking them to the program on the
host computer like songs, videos etc and then they travel all over the Internet. The Creeper
Virus was first detected on ARPANET. Examples include File Virus, Macro Virus, Boot Sector
Virus, Stealth Virus etc.
Worms – Worms are also self-replicating in nature but they don’t hook themselves to the
program on host computer. Biggest difference between virus and worms is that worms are
network-aware. They can easily travel from one computer to another if network is available
and on the target machine they will not do much harm, they will, for example, consume hard
disk space thus slowing down the computer.

Sinhgad Institutes
Trojan – The Concept of Trojan is completely different from the viruses and worms. The name Trojan is derived
from the ‘Trojan Horse’ tale in Greek mythology, which explains how the Greeks were able to enter the fortified
city of Troy by hiding their soldiers in a big wooden horse given to the Trojans as a gift. The Trojans were very
fond of horses and trusted the gift blindly. In the night, the soldiers emerged and attacked the city from the inside.
It is a malicious program that occurs unexpected changes to computer setting and unusual activity, even when the
computer should be idle. It misleads the user of its true intent. It appears to be a normal application but when
opened/executed some malicious code will run in the background.
Malware on the basis of Actions:

Adware – Adware is not exactly malicious but they do breach privacy of the users. They display ads on a
computer’s desktop or inside individual programs. They come attached with free-to-use software, thus main
source of revenue for such developers. They monitor your interests and display relevant ads. An attacker can
embed malicious code inside the software and adware can monitor your system activities and can even
compromise your machine.
Sinhgad Institutes
Spyware – It is a program or we can say software that monitors your activities on computer and reveal collected
information to an interested party. Spyware are generally dropped by Trojans, viruses or worms. Once dropped
they install themselves and sits silently to avoid detection.

Ransomware – It is type of malware that will either encrypt your files or will lock your computer making it
inaccessible either partially or wholly. Then a screen will be displayed asking for money i.e. ransom in exchange.

Scareware – It masquerades as a tool to help fix your system but when the software is executed it will infect your
system or completely destroy it. The software will display a message to frighten you and force to take some action
like pay them to fix your system.

Rootkits – are designed to gain root access or we can say administrative privileges in the user system. Once
gained the root access, the exploiter can do anything from stealing private files to private data.

Zombies – They work similar to Spyware. Infection mechanism is same but they don’t spy and steal information
rather they wait for the command from hackers.
Sinhgad Institutes
Phishing
Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message
by someone posing as a legitimate institution to lure individuals into providing sensitive data such as
personally identifiable information, banking and credit card details, and passwords.
The information is then used to access important accounts and can result in identity theft and financial
loss.
A phishing attack is usually a part of a large campaign, aiming to capture as many victims as possible in
a big sample space of targets.
Starting from its place of origin to the successful retrieval of credentials, a phishing attack consists of
four independent phases that need to be executed.
Let us learn more about each individual phase in detail, as denoted in the image below.

Sinhgad Institutes
Sinhgad Institutes
Common Features of Phishing Emails
Too Good To Be True – Lucrative (making a large profit) offers and eye-catching or attention-grabbing statements are designed to
attract people’s attention immediately. For instance, many claim that you have won an iPhone, a lottery, or some other lavish
prize. Just don't click on any suspicious emails. Remember that if it seems to good to be true, it probably is!
Sense of Urgency - A favorite tactic amongst cybercriminals is to ask you to act fast because the super deals are only for a
limited time. Some of them will even tell you that you have only a few minutes to respond. When you come across these kinds
of emails, it's best to just ignore them.
Hyperlinks - A link may not be all it appears to be. Hovering over a link shows you the actual URL where you will be directed
upon clicking on it. It could be completely different or it could be a popular website with a misspelling, for instance
www.bankofarnerica.com - the 'm' is actually an 'r' and an 'n', so look carefully.
Attachments - If you see an attachment in an email you weren't expecting or that doesn't make sense, don't open it! They often
contain payloads like ransomware or other viruses. The only file type that is always safe to click on is a .txt file.
Unusual Sender - Whether it looks like it's from someone you don't know or someone you do know, if anything seems out of
the ordinary, unexpected, out of character or just suspicious in general don't click on it!
Sinhgad Institutes
What Is a Denial-of-Service (DoS) Attack?
A denial-of-service (DoS) attack is a cyberattack on devices, information systems, or other
network resources that prevents legitimate users from accessing expected services and resources.
This is usually accomplished by flooding the targeted host or network with traffic until the target
can't respond or crashes.
DoS attacks last anywhere from a few hours to many months and can cost companies time and
money while their resources and services are unavailable.
A denial-of-service (DoS) is a form of cyberattack that prevents legitimate users from accessing
a computer or network.
In a DoS attack, rapid and continuous online requests are sent to a target server in order to
overload the server’s bandwidth.
Distributed denial-of-service (DDoS) attacks leverage a wide web of computers or devices
infected with malware to launch a coordinated barrage of meaningless online requests, blocking
legitimate access.
Sinhgad Institutes
Sinhgad Institutes
What is MITM Attack(Man In The Middle)

A MITM attack is a form of cyber-attack where a user is introduced with some kind of meeting between the two
parties by a malicious individual, manipulates both parties and achieves access to the data that the two people
were trying to deliver to each other.

A man-in-the-middle attack also helps a malicious attacker, without any kind of participant recognizing till it's too
late, to hack the transmission of data intended for someone else and not supposed to be sent at all.

If an attacker puts himself between a client and a webpage, a Man-in-the-Middle (MITM) attack occurs. This form
of assault comes in many different ways.

For example, In order to intercept financial login credentials, a fraudulent banking website can be used. Between
the user and the real bank webpage, the fake site lies "in the middle."

Sinhgad Institutes
How does MITM work
There are several reasons and strategies for hackers to use a MITM attack. Usually, like credit card numbers or
user login details, they try to access anything. They also spy on private meetings, which may include corporate
secrets or other useful information.

The feature that almost every attack has, in general, is that the attacker pretends to be somebody you trust (or a
webpage).

Sinhgad Institutes
Real life Instances of MITM attack

In the above diagram, you can see that the

intruder positioned himself in between
the client and server to intercept the
confidential data or manipulate the
incorrect information of them.

Sinhgad Institutes
Types of MITM Attack

Sinhgad Institutes
Wi-fi Eavesdropping (secretly listen to a conversation)

You may have seen a notification that suggests, "This connection is not safe," if you've used a device in
a cafe. Public wi-fi is typically offer "as-is," without any promises of service quality.
The unencrypted wi-fi networks are easy to watch. Although, it's just like having a debate in a public
place-anybody can join in.
You can limit your access by setting your computer to "public," which disables Network Discovery. This
avoids other users on the network from exploiting the system.

DNS Spoofing
The Site operates with numeric IP addresses like 192.156.65.118 is one of Google's addresses.

For example, a server is used by several sites to interpret the address to a recognizable title: google.com.
A DNS server, or DNS, is the server that transforms 192.156.65.118 to google.com.

A fraudulent Web server can be developed by an attacker. The fraudulent server transports a specific
web address to a unique IP address, which is termed as "spoofing."
Sinhgad Institutes
IP Spoofing
Many devices connected to the same network contains an IP address, as we all know. Each device is equipped
with its IP address in several enterprise internal web networks. In IP spoofing, the attackers imitate an approved
console's IP address. For a network, it appears just as the system is authorized.

It might be causing a network to be exploited by unauthorized access. They must stay quiet and track the actions,
or a Denial of Service (DoS) attack may also be released. In a Middle-in-the-man attack, IP spoofing may also be
used by placing between two devices.

For Example, Device A and device B assume that they communicate with each other, but both are intercepted
and communicated to the attacker.
Device A= = = = Attacker= = = = Device B

HTTPS Spoofing
Duplicating an HTTPS webpage is not currently possible.
A theoretical approach for circumventing HTTPS, however, has been illustrated by cybersecurity experts. The
attacker creates an authoritative address.
It uses letters of international alphabets rather than standard scripts. This acts as phishing emails with unusual
characters that you might have used. Rolex may be written Rólex, for example.
Sinhgad Institutes
ARP Spoofing

ARP refers to the Protocol on Address Resolution. An ARP request is sent out by a client, and an attacker
produces a fraudulent response. The attacker is like a computer modem in this situation, which enables the
attacker to access the traffic flow. Usually, this is restricted to local area networks (LAN) that use the ARP
protocol.

E-mail Hacking

An attacker exploits the email system of a user in a such a kind of cybersecurity intrusion. The intruder also
watches quietly, collecting data and eavesdropping on the discussion via email. The Attackers may have a scan
pattern that searches for targeted keywords, such as "financial" or "hidden Democratic policies.“

Session Hacking

Usually, this form of MITM attack is often used to hack social media platforms. The webpage contains a "session
browser cookie" on the victim's machine for most social media platforms. If the person steps off, this cookie is
disproved. But when the session is running, the cookie offers identity, exposure, and monitoring data.

Sinhgad Institutes
What is SQL injection
SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code
for backend database manipulation to access information that was not intended to be displayed.
This information may include any number of items, including sensitive company data, user lists
or private customer details.
The impact SQL injection can have on a business is far-reaching. A successful attack may result
in the unauthorized viewing of user lists, the deletion of entire tables and, in certain cases,
the attacker gaining administrative rights to a database, all of which are highly detrimental to a
business.
When calculating the potential cost of an SQLi, it’s important to consider the loss of customer
trust should personal information such as phone numbers, addresses, and credit card details be
stolen.
While this vector can be used to attack any SQL database, websites are the most frequent
targets.
Sinhgad Institutes
What is Internet Governance?
Internet governance refers to the rules, policies, standards and practices that coordinate and shape global
cyberspace.

The Internet is a vast network of independently-managed networks, woven together by globally standardized
data communication protocols (primarily, Internet Protocol, TCP, UDP, DNS and BGP).

The common adoption and use of these protocols unified the world of information and communications like
never before.

Millions of digital devices and massive amounts of data, software applications, and electronic services became
compatible and interoperable. The Internet created a new environment, a complex and dynamic “cyberspace.”

While Internet connectivity generated innovative new services, capabilities and unprecedented forms of
sharing and cooperation, it also created new forms of crime, abuse, surveillance and social conflict.

Internet governance is the process whereby cyberspace participants resolve conflicts over these problems and
develop a workable order.
Sinhgad Institutes
Cyber Criminals
Cyber crime is taken very seriously by law enforcement. In the early long periods of the cyber security world, the standard
cyber criminals were teenagers or hobbyists in operation from a home laptop, with attacks principally restricted to pranks and
malicious mischief.
Today, the planet of the cyber criminals has become a lot of dangerous. Attackers are individuals or teams who attempt to
exploit vulnerabilities for personal or financial gain.

Types of Cyber Criminals:

1. Hackers:
The term hacker may refer to anyone with technical skills, however, it typically refers to an individual who uses his or her
skills to achieve unauthorized access to systems or networks so as to commit crimes.
The intent of the burglary determines the classification of those attackers as white, gray, or black hats. White hat attackers
burgled networks or PC systems to get weaknesses so as to boost the protection of those systems.
The owners of the system offer permission to perform the burglary, and they receive the results of the take a look at. On the
opposite hand, black hat attackers make the most of any vulnerability for embezzled personal, monetary or political gain.
Grey hat attackers are somewhere between white and black hat attackers. Grey hat attackers could notice a vulnerability and
report it to the owners of the system if that action coincides with their agenda.

Sinhgad Institutes
(a). White Hat Hackers –

These hackers utilize their programming aptitudes for a good and lawful reason. These hackers
may perform network penetration tests in an attempt to compromise networks to discover
network vulnerabilities. Security vulnerabilities are then reported to developers to fix them.

(b). Gray Hat Hackers –

These hackers carry out violations and do seemingly deceptive things however not for
individual addition or to cause harm. These hackers may disclose a vulnerability to the affected
organization after having compromised their network.

(c). Black Hat Hackers –

These hackers are unethical criminals who violate network security for personal gain. They
misuse vulnerabilities to bargain PC frameworks.
Sinhgad Institutes
2. Organized Hackers:
These criminals embody organizations of cyber criminals, hacktivists, terrorists, and state-sponsored hackers.
Cyber criminals are typically teams of skilled criminals targeted on control, power, and wealth. These criminals
are extremely subtle and organized, and should even give crime as a service. These attackers are usually
profoundly prepared and well-funded.

3. Internet stalkers:
Internet stalkers are people who maliciously monitor the web activity of their victims to acquire personal data.
This type of cyber crime is conducted through the use of social networking platforms and malware, that are able to
track an individual’s PC activity with little or no detection.

4. Disgruntled Employees:
Disgruntled employees become hackers with a particular motive and also commit cyber crimes. It is hard to
believe that dissatisfied employees can become such malicious hackers. In the previous time, they had the only
option of going on strike against employers. But with the advancement of technology there is increased in work
on computers and the automation of processes, it is simple for disgruntled employees to do more damage to their
employers and organization by committing cyber crimes. The attacks by such employees brings the entire system
down.

Sinhgad Institutes
Assets and Threat

What’s an asset?
An asset is any data, device or other component of an organization's systems that is valuable – often
because it contains sensitive data or can be used to access such information.

For example, an employee’s desktop computer, laptop or company phone would be considered an asset,
as would applications on those devices. Likewise, critical infrastructure, such as servers and support
systems, are assets.

An organization's most common assets are information assets. These are things such as databases and
physical files – i.e. the sensitive data that you store.

A related concept is the ‘information asset container’, which is where that information is kept. In the case
of databases, this would be the application that was used to create the database. For physical files, it
would be the filing cabinet where the information resides

Sinhgad Institutes
What’s a threat?
A threat is any incident that could negatively affect an asset – for example, if it’s
lost, knocked offline or accessed by an unauthorized party.
Threats can be categorized as circumstances that compromise the confidentiality,
integrity or availability of an asset, and can either be intentional or accidental.
Intentional threats include things such as criminal hacking or a malicious insider
stealing information, whereas accidental threats generally involve employee
error, a technical malfunction or an event that causes physical damage, such as a
fire or natural disaster.
Sinhgad Institutes
Motive of Attacker

Sinhgad Institutes
1. Financial Gain
The primary motivation of a hacker is money, and getting it can be done with a variety of methods.
They could directly gain entry to a bank or investment account; steal a password to your financial sites and then transfer
the assets over to one of their own; swindle an employee into completing a money transfer through a complicated spear
phishing technique, or conduct a ransomware attack on your entire organization.

2. Recognition & Achievement

Some hackers are motivated by the sense of achievement that comes with cracking open a major system. Some may
work in groups or independently, but, on some scale, they would like to be recognized.
This also ties into the fact that cyber criminals are competitive by nature, and they love the challenge their actions bring.

3. Insider Threats
Individuals who have access to critical information or systems can easily choose to misuse that access—to the detriment
of their organization.
These threats can come from internal employees, vendors, a contractor or a partner—and are viewed as some of the
greatest cyber security threats to organizations.
However, not all insider threats are intentional, according to an Insider Threat Report from Crowd Research Partners.
Most (51%) are due to carelessness, negligence, or compromised credentials, but the potential impact is still present even
in an unintentional scenario.

Sinhgad Institutes
4. Political Motivation – “Hacktivism”
Some cyber criminal groups use their hacking skills to go after large organizations. They are usually motivated by
a cause of some sort, such as highlighting human rights or alerting a large corporation to their system
vulnerabilities. Or, they may go up against groups whose ideologies do not align with their own.
5. State Actors
State-sponsored actors receive funding and assistance from a nation-state. They are specifically engaged in cyber
crime to further their nation’s own interests. Typically, they steal information, including “intellectual property,
personally identifying information, and money to fund or further espionage and exploitation causes.”
6. Corporate Espionage(spying)
This is a form of cyber attack used to gain an advantage over a competing organization.
Conducted for commercial or financial purposes, corporate espionage involves:
•Acquiring property like processes or techniques, locations, customer data, pricing, sales, research, bids, or
strategies
•Theft of trade secrets, bribery, blackmail, or surveillance.
Sinhgad Institutes
Hardware & software attacks
Major Types of Hardware Attacks:

1.VMX - Virtual machine Extensions(Instructions on processors with x86 virtualization)

Virtualizations offer 2 levels-
(a.) higher performance & more cost effective eg.Intel
(b.) greater isolation & higher costs eg.IBM
Most of us will use 'a.' vs 'b.' not knowing the underlying threats for the reduced isolation.

2.Bluepill -
A rootkit designed for x86 virtualization. It creates a thin hypervisor/VMM and running the remaining
machine virtually. It's almost undetectable, however there was a controversy on this. Hardware assisted
virtualization can help malicious software, thus hardware architecture is prime here.

3.Extreme Privilege Escalation(rapid increase)

This was demonstrated with modern windows8. Exploitation of platform firmware UEFI using new API
(windows 8). Privilege escalation from ring3 to ring0, most privileged level-almost directly
communicates with the hardware resources.
Sinhgad Institutes
4.Stepping p3wns
This attack used resource(printer here) firmware update, that by passes the anti virus at the
computer as it's not windows malicious. However when the task is received at printer side, the
firmware gets updated to the malicious one. This exploitation enables infecting IP phones etc.
which can be a huge concern in 'BYOD' times.

5.Shadow walker(TLB Splitting)

Misuse x86 hardware to hide malware from OS and anti-virus. Infact, even code modifications
could not be detected by anti-virus. The flaw-difference between reading the memory and
executing it.
Sinhgad Institutes
Software Attacks:-
Malicious code (sometimes called malware) is a type of software designed to take over or damage a computer
user's operating system, without the user's knowledge or approval. It can be very difficult to remove and very
damaging. Common malware examples are listed in the following table:
virus
A virus is a program that attempts to damage a computer system and replicate itself to other computer systems. A
virus:
Requires a host to replicate and usually attaches itself to a host file or a hard drive sector.
Replicates each time the host is used.
Often focuses on destruction or corruption of data.
Usually attaches to files with execution capabilities such as .doc, .exe, and .bat extensions.
Often distributes via e-mail. Many viruses can e-mail themselves to everyone in your address book.
Examples: Stoned, Michelangelo, Melissa, I Love You.
Sinhgad Institutes
worm
A worm is a self-replicating program that can be designed to do any number of things, such as delete files or send documents
via e-mail. A worm can negatively impact network traffic just in the process of replicating itself. A worm:Can install a
backdoor in the infected computer.
•Is usually introduced into the system through a vulnerability.
•Infects one system and spreads to other systems on the network.
•Example: Code Red.

A Trojan horse
is a malicious program that is disguised as legitimate software. Discretionary environments are often more vulnerable and
susceptible to Trojan horse attacks because security is user focused and user directed. Thus the compromise of a user account
could lead to the compromise of the entire environment. A Trojan horse:
Cannot replicate itself. Often contains spying functions (such as a packet sniffer) or backdoor functions that allow a computer to
be remotely controlled from the network.
Often is hidden in useful software such as screen savers or games.
Example: Back Orifice, NetBus, Whack-a-Mole.
Sinhgad Institutes
What Is Cyber Warfare?
Cyber warfare is usually defined as a cyber attack or series of attacks that target a
country.
It has the potential to wreak havoc on government and civilian infrastructure and disrupt
critical systems, resulting in damage to the state and even loss of life.
There is, however, a debate among cyber security experts as to what kind of activity
constitutes cyber warfare.
The US Department of Defense (DoD) recognizes the threat to national security posed
by the malicious use of the Internet but doesn’t provide a clearer definition of cyber
warfare. Some consider cyber warfare to be a cyber attack that can result in death.
Sinhgad Institutes
What kinds of cyber weapons are used in warfare?
Examples of acts that might qualify as cyberwarfare include the following:
•viruses, phishing, computer worms and malware that can take down critical infrastructure;
•distributed denial-of-service (DDoS) attacks that prevent legitimate users from accessing
targeted computer networks or devices;
•hacking and theft of critical data from institutions, governments and businesses;
•spyware or cyber espionage that results in the theft of information that compromises national
security and stability;
•ransomware that holds control systems or data hostage; and
•propaganda or disinformation campaigns used to cause serious disruption or chaos.

Sinhgad Institutes
7 Types of Cyber Warfare Attacks
Espionage
Refers to monitoring other countries to steal secrets. In cyber warfare, this can involve using botnets or spear
phishing attacks to compromise sensitive computer systems before exfiltrating sensitive information.
Sabotage(Deliberately destroy)
Government organizations must determine sensitive information and the risks if it is compromised. Hostile
governments or terrorists may steal information, destroy it, or leverage insider threats such as dissatisfied or
careless employees, or government employees with affiliation to the attacking country.
Denial-of-service (DoS) Attacks
DoS attacks prevent legitimate users from accessing a website by flooding it with fake requests and forcing the
website to handle these requests. This type of attack can be used to disrupt critical operations and systems and
block access to sensitive websites by civilians, military and security personnel, or research bodies.

Sinhgad Institutes
Electrical Power Grid
Attacking the power grid allows attackers to disable critical systems, disrupt infrastructure, and potentially result in bodily
harm. Attacks on the power grid can also disrupt communications and render services such as text messages and
communications unusable.
Propaganda Attacks
Attempts to control the minds and thoughts of people living in or fighting for a target country. Propaganda can be used to
expose embarrassing truths, spread lies to make people lose trust in their country, or side with their enemies.
Economic Disruption
Most modern economic systems operate using computers. Attackers can target computer networks of economic establishments
such as stock markets, payment systems, and banks to steal money or block people from accessing the funds they need.
Surprise Attacks
These are the cyber equivalent of attacks like Pearl Harbor and 9/11. The point is to carry out a massive attack that the enemy
isn’t expecting, enabling the attacker to weaken their defenses. This can be done to prepare the ground for a physical attack in
the context of hybrid warfare.
Sinhgad Institutes
Examples of Cyber Warfare Operations
Stuxnet Virus
Stuxnet was a worm that attacked the Iranian nuclear program. It is among the most sophisticated cyber attacks in history.
The malware spread via infected Universal Serial Bus devices and targeted data acquisition and supervisory control systems.
According to most reports, the attack seriously damaged Iran’s ability to manufacture nuclear weapons.
Sony Pictures Hack
An attack on Sony Pictures followed the release of the film “The Interview”, which presented a negative portrayal of Kim Jong
Un. The attack is attributed to North Korean government hackers. The FBI found similarities to previous malware attacks by
North Koreans, including code, encryption algorithms, and data deletion mechanisms.
Bronze Soldier
In 2007, Estonia relocated a statue associated with the Soviet Union, the Bronze Soldier, from the center of its capital Tallinn to
a military cemetery near the city. Estonia suffered a number of significant cyber attacks in the following months. Estonian
government websites, media outlets, and banks were overloaded with traffic in massive denial of service (DoS) attacks and
consequently were taken offline.
Sinhgad Institutes
Fancy Bear
CrowdStrike claims that the Russian organized cybercrime group Fancy Bear targeted
Ukrainian rocket forces and artillery between 2014 and 2016. The malware was spread via an
infected Android application used by the D-30 Howitzer artillery unit to manage targeting data.
Ukrainian officers made wide use of the app, which contained the X-Agent spyware. This is
considered to be a highly successful attack, resulting in the destruction of over 80% of
Ukraine’s D-30 Howitzers.
Enemies of Qatar
Elliott Broidy, an American Republican fundraiser, sued the government of Qatar in 2018,
accusing it of stealing and leaking his emails in an attempt to discredit him. The Qataris
allegedly saw him as an obstacle to improving their standing in Washington.
Sinhgad Institutes
Cyber Stalking
In Cyber Stalking, a cyber criminal uses the internet to consistently threaten somebody. This crime is often perpetrated
through email, social media, and the other online medium.
Cyber Stalking can even occur in conjunction with the additional ancient type of stalking, wherever the bad person harasses the
victim offline.
There’s no unified legal approach to cyber Stalking, however, several governments have moved toward creating these practices
punishable by law. Social media, blogs, image sharing sites and lots of different ordinarily used online sharing activities offer
cyber Stalkers with a wealth of data that helps them arrange their harassment.
It includes actions like false accusations, fraud, information destruction, threats to life and manipulation through threats of
exposure.
It has stalkers take the assistance of e-mails and other forms of message applications, messages announce to an online website
or a discussion cluster, typically even the social media to send unwanted messages, and harass a specific person with unwanted
attention.
Cyber Stalking is typically cited as internet stalking, e-stalking or online stalking.
Sinhgad Institutes
Types of Cyber Stalking
•Webcam Hijacking:
Internet stalkers would attempt to trick you into downloading and putting in a malware-infected
file that may grant them access to your webcam. the method is therefore sneaky that it’s
probably you wouldn’t suspect anything strange.
•Observing location check-ins on social media:
In case you’re adding location check-ins to your Facebook posts, you’re making it overly
simple for an internet stalker to follow you by just looking through your social media profiles.
•Catfishing:
Catfishing happens via social media sites, for example, Facebook, when internet stalkers make
counterfeit user-profiles and approach theirSinhgad
victims as a companion of a companion.
Institutes
Protective Measures:
•Develop the habit of logging out of the PC when not in use.
•Remove any future events you’re close to attending from the social networks if they’re recorded on
online approaching events and calendars.
•Set strong and distinctive passwords for your online accounts.
•Cyber Stalkers can exploit the low security of public Wi-Fi networks to snoop on your online activity.
Therefore, avoid sending personal emails or sharing your sensitive info when connected to an unsecured
public Wi-Fi.
•Make use of the privacy settings provided by the social networking sites and keep all info restricted to
the nearest of friends.
•Do a daily search on the internet to search out what information is accessible regarding you for the
public to check.
Sinhgad Institutes
What is Cyber Terrorism?
In this article, we will learn about Cyber Terrorism and its effect. Cyber Terrorism is basically the process of causing
harm to the community by making use of Internet networks to conduct violent incidents like loss of life or data, to
achieve some political advantage by giving threats.
Cyber Terrorism basically involves damaging large-scale computer networks to achieve a loss of data and even loss of
life. Hackers make use of computer viruses, spyware, malware, ransomware, phishing, programming language scripts,
and other malicious software to achieve their purposes.
•Also, these types of cyber-attacks which often lead to criminal offenses are referred to as Cyber Terrorism. These cyber-
attacks create panic and physical damage to a large number of people.
•Cyber Terrorism deals with creating damage to the people and their data using computer networks intentionally in order
to achieve their meaningful purpose.
•The main purpose behind carrying out Cyber terrorism is to carry out some cyberattack that makes a threat.
•According to the FBI, a Cyber Terrorism attack is defined as a cybercrime that may be used intentionally to cause harm
to people on large scale using computer programs and spyware.

Sinhgad Institutes
Attacks:
The cyber terrorism attacks are usually carried out as follows:
•Unauthorized access: Attackers aim to disrupt and damage all the means of access to the service.
Instead, the hacker gains unauthorized access to the important resources.
•Disruption: These attacks focus on disrupting public websites and critical infrastructure resources to
create fear within the society of massive fatalities and commotion.
•Cyberespionage: The government usually carry out some spyware operations on other government of
other country related to military equipment to gain an advantage over rival nations in terms of military
intelligence.
•Economic failure: Cybercriminals want all the technical system failures to cause a large-scale
economic failure like crashing the electricity or water systems for multiple days to create a panic of these
services within the society.
Sinhgad Institutes
Prevention:
We can prevent situations like cyber terrorism in the following ways:
•Government must regulate all cybercriminal activities and make stricter rules regarding its violation. They must
dedicate more resources to deal with cyber threats.
•There must be more public education about these activities to the general audience. This will help to create even
fewer vulnerabilities that the criminals take advantage of targeting the user’s data. It empowers the citizens to
protect themselves from such kinds of phishing and spyware attacks.
•We must use VPN that help us to use private and protected network setup that is difficult to crack into by
hackers.
•Use strong passwords with a strong combination of alphabets, strings, and numbers in them. Features like two-
factor authentication also play an important role in this thing.
•Don’t open unknown links, URLs, websites, and spam emails that may contain harmful infected files in it and it
may harm the entire computer system.
Sinhgad Institutes
Cyber Espionage
Cyber espionage (cyberespionage) is a form of cyber attack that is carried out against a competitive company or
government entity.

The goal of cyber espionage, which may also be referred to as cyber spying, is to provide the attacker with information
that gives them advantages over competing companies or governments.

As of this writing, cyber espionage is used most often in the media in reference to advanced persistent threats (APTs)
launched by one nation-state against another for political gain.

When the attacker's motives are financial as well as political, the cyber attack is likely to be characterized as being an
example of economic espionage.

Bad actors who engage in cyber espionage typically want to remain undetected for long periods of time. This means that
this type of attack is often quite complicated and expensive to carry out.

What is the difference between cyberwarfare and cyber espionage?

The terms cyber espionage and cyberwarfare are similar, but they are not the same. The biggest difference is that the
primary goal of a cyberwarfare attack is to disrupt the activities of a nation-state, while the primary goal of a
cyberespionage attack is for the attacker to remain hidden for as long as possible in order to gather intelligence.
Sinhgad Institutes
What are cyber espionage tactics?
Cyber espionage tactics are varied. They include, but are not limited to:
•exploiting vulnerabilities in websites or browsers;
•spear phishing emails designed to escalate the attacker's network privileges;
•supply chain attacks that target the primary target's partners;
•malware, Trojans and worms; and
•infecting updates for commonly used third-party software applications.

How can you prevent cyber espionage and protect data?

Although not every company may have to worry about being targeted by nation-state hackers, cyber
espionage can still be committed by individuals in rival companies, so it is a good idea to keep security at the
top of mind. To protect data and prevent cyber espionage, an organization can:
Sinhgad Institutes
 Identify the techniques used in cyber espionage attacks. This can give an organization a good baseline in what to protect.
 Monitor systems for unexpected behaviors. Using security monitoring tools can help pick up on or prevent any suspicious
activity from occurring.
 Ensure critical infrastructure is protected and updated.
 Enact data policies, including who has access to what information. This will help ensure only those who need access to
critical information can gain access.
 Make sure there are no vulnerabilities in a system and that any used third-party software systems are secured and well
protected against cyber attacks.
 Create a cybersecurity policy that addresses security procedures and risks.
 Educate employees about security policies, including how to avoid opening suspicious-looking emails with links or
document attachments.
 Ensure passwords are changed periodically.
 Monitor what data can be stored on individual mobile devices for organizations that make use of bring your own device
(BYOD).
Sinhgad Institutes
What is a Comprehensive IT Security Policy?
To ensure that you are effectively protecting your data, you need something that works to prevent breaches, detect
potential threats, analyze suspicious activity, and provide remediation in the event that something does occur.
That’s where IT security policy comes into play.
A comprehensive IT security policy is essentially a battle plan that guides your organization, ensuring that your
data and network is guarded from potential security threats. Think of it as a link between your people, processes,
and technology. When a security breach happens, it’s likely because one of these links has failed.
Having IT security policy in place, therefore, should tell your employees what’s expected of them, and helps to
educate them on safe and secure procedures they should be following.
Such a policy should encompass a variety of activities, like how your organization’s workstations will be
configured, how your employees will log in, building access procedures to be aware of, and how your employees
should be trained – after all, security breaches at the end-user level can often be prevented if the end-users are
aware of safe practices. Sinhgad Institutes
five tangible benefits of having a Security Policy to think about:
🔒 1. It helps you to enhance your organization’s overall security posture. This means there are
fewer security incidents and more uptime for applications, as issues are pre-emptively avoided.
✔️2. It helps you to better prepare for auditing and compliance requirements.
3. It leads to increased operational efficiency.
📝 4. It also leads to increased accountability for both users and stakeholders within your
organization.
💬 5. It provides your organization with a solid strategy around effective communication and
enforcement of policies.

Sinhgad Institutes
Sinhgad Institutes