Cyber Security Rohini Sharma

UNIT 2 : CYBER CRIME

Various methods by which credit card fraud can occur:

Skimming: Criminals use skimming devices to capture credit card information from the magnetic stripe
when the card is swiped at a legitimate payment terminal.
Phishing: Fraudsters may use deceptive emails, websites, or phone calls to trick individuals into
providing their credit card information.
Carding: Criminals use stolen credit card information to make unauthorized purchases online.
Account takeover: Hackers may gain access to a victim's online account and make unauthorized
transactions using their stored credit card information.

Measures to combat credit card fraud:

Fraud detection algorithms: SVM, Decision tree.
EMV chip technology: EMV (Europay, Mastercard, and Visa) chips embedded in credit cards provide
additional security compared to magnetic stripes, making it more difficult for fraudsters to clone cards.
Two-factor authentication: Requiring additional verification steps, such as a one-time password sent
to the cardholder's mobile phone, for online transactions.
Card monitoring: Monitoring card activity in real-time to identify and block suspicious transactions.
Educating consumers: Providing consumers with tips and best practices to protect their credit card
information and detect fraudulent activity.

Security challenges posed by Mobile devices:

Data breaches: Mobile devices store a wealth of personal and sensitive information, including emails,
contacts, photos, and financial data. If a mobile device is lost, stolen, or compromised, this data can be
accessed by unauthorized individuals, leading to data breaches and privacy violations.
Malware and phishing attacks: Mobile devices are increasingly targeted by malware and phishing
attacks, which attempt to steal sensitive information or gain unauthorized access to the device.
Malicious apps, phishing emails, and malicious websites are common vectors for these types of attacks.
Unsecured Wi-Fi networks: Mobile devices often connect to public Wi-Fi networks, which may not
be secure. Attackers can intercept data transmitted over these networks, potentially compromising
sensitive information such as login credentials and financial data.
Device theft and loss: Mobile devices are small and portable, making them susceptible to theft or loss.
If a device falls into the wrong hands, the data stored on it may be compromised, even if the device
itself is protected by a passcode or biometric authentication.
Vulnerabilities in operating systems and apps: Like any software, mobile operating systems and apps
are susceptible to vulnerabilities that can be exploited by attackers. These vulnerabilities may be used
to gain unauthorized access to the device, install malware, or steal data.

pg. 1
Cyber Security Rohini Sharma

Lack of security updates: Mobile device manufacturers and app developers regularly release security
updates to address vulnerabilities and protect against emerging threats. However, many users fail to
install these updates in a timely manner, leaving their devices vulnerable to attack.
Bring Your Own Device (BYOD) policies: Many organizations allow employees to use their personal
mobile devices for work purposes through BYOD policies. While this can increase productivity and
flexibility, it also introduces security risks, as personal devices may not meet the same security standards
as company-owned devices.

Registry settings for Mobile Devices:

Developer options:
On your Android phone, go to Settings.
Scroll down and tap on About phone or About device.
Find the Build number option and tap it multiple times (usually 7 times) quickly until you see a message
saying "You are now a developer!"
Go back to the main Settings screen, and you should see a new option called Developer options.
Open Developer options and look for settings related to system performance, USB debugging,
networking, and other advanced options. While these settings are not stored in a traditional registry,
they provide access to low-level system configurations similar to registry settings.
Third-party apps:
There are several third-party apps available on the Google Play Store that claim to provide access to
hidden system settings and configurations on Android devices. These apps may require root access or
specific permissions to access advanced settings. Search for apps like "Advanced Settings" or "Hidden
Settings" on the Google Play Store and follow the instructions provided by the app to access additional
system settings.
Command-line tools:
If your Android device is rooted and you have access to a terminal emulator app, you can use command-
line tools to access and modify system settings.Use commands like adb shell (Android Debug Bridge)
to access the device's shell and navigate to system directories where configuration files are stored.
Be cautious when using command-line tools, as modifying system settings without proper knowledge
can potentially damage your device or cause instability.
Manufacturer-specific tools:
Some Android device manufacturers provide proprietary tools or apps that allow users to access
advanced settings and configurations. These tools may vary depending on the manufacturer and device
model. Check the manufacturer's website or user manual for information on any specialized tools or
apps available for your device.
While accessing registry-like settings on Android phones may not be as straightforward as on Windows-
based systems, these methods provide ways to access and modify system configurations for advanced
users or developers. Be cautious when making changes to system settings, as incorrect modifications
can potentially harm your device or void your warranty.

pg. 2
Cyber Security Rohini Sharma

Attacks on Mobile/Cell Phones:

Mobile phones are vulnerable to various types of attacks due to their widespread use, connectivity, and
the sensitive data they often contain. Some common attacks on mobile phones include:
Malware: Malicious software, such as viruses, worms, Trojans, and spyware, can infect mobile devices
through app downloads, email attachments, malicious websites, or Bluetooth connections. Malware can
steal sensitive information, track user activities, or hijack the device for botnet participation.
Phishing: Attackers may send phishing messages via SMS, email, or social media apps to trick users
into revealing sensitive information, such as login credentials, credit card numbers, or personal details.
Phishing attacks often masquerade as legitimate entities, such as banks, government agencies, or
popular websites.
Network Spoofing: Attackers can set up rogue Wi-Fi networks with legitimate-sounding names (e.g.,
"Free Public Wi-Fi") to trick users into connecting. Once connected, attackers can intercept and
manipulate network traffic, steal login credentials, or distribute malware.
Bluetooth Attacks: Bluetooth-enabled devices are susceptible to attacks such as Bluejacking,
Bluesnarfing, and Bluebugging. Bluejacking involves sending unsolicited messages or files to nearby
Bluetooth devices, Bluesnarfing involves unauthorized access to device data (e.g., contacts, emails) via
Bluetooth, and Bluebugging allows attackers to take control of a device's functions, such as making
calls or sending messages.
Physical Attacks: Mobile devices can be physically compromised if they are lost, stolen, or accessed
by unauthorized individuals. Attackers may attempt to bypass device security measures, such as
passcodes or biometric authentication, to gain access to sensitive data stored on the device.
Man-in-the-Middle (MitM) Attacks: In MitM attacks, attackers intercept and alter communications
between a mobile device and a server, allowing them to eavesdrop on sensitive information or inject
malicious content into the communication stream. MitM attacks can occur over unsecured Wi-Fi
networks, compromised routers, or malicious proxies.
App Vulnerabilities: Mobile apps may contain vulnerabilities that can be exploited by attackers to gain
unauthorized access to device resources or sensitive data. Common vulnerabilities include insecure data
storage, insufficient encryption, and improper handling of user inputs.
To mitigate these attacks, mobile users should:

• Keep their devices and apps updated with the latest security patches.
• Install antivirus and antimalware software.
• Be cautious when downloading apps or clicking on links from unknown sources.
• Use strong passwords or biometric authentication to secure their devices.
• Avoid connecting to unsecured Wi-Fi networks and disable unnecessary wireless connections
when not in use.
• Regularly back up important data and enable remote wipe capabilities in case the device is lost
or stolen.
Additionally, organizations should implement mobile device management (MDM) solutions, enforce
security policies, and provide security awareness training to employees to reduce the risk of mobile-
related security incidents.

pg. 3
Cyber Security Rohini Sharma

Security Implications for organisations

1. Botnet:

A combination of the words “robot” and “network”, a Botnet is a group of private computers infected
with malicious software and controlled as a group without the owners' knowledge. They’re often used
to deliver large volumes of spam, carryout DDoS attacks (see below), and steal data/credentials. Botnets
have the collective computing power to act as a force multiplier for groups looking to disrupt or break
into targets’ systems.

2. Cryptojacking:

Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers
usually trick the victim into clicking on a malicious email link which loads cryptomining code on the
computer, or by infecting a website or online ad with code that auto-executes once loaded in the victim’s
browser. The cryptomining code then works in the background as unsuspecting victims use their
computers normally. The victim may notice the computer’s slower performance while they’re working,
but otherwise it can go undetected.

pg. 4
Cyber Security Rohini Sharma

Cryptojacking is an illegal form of cryptomining. In simple terms, cryptomining is the operation that
generates new cryptocurrency, a type of digital currency created and encrypted on the record-keeping
technology called blockchain.

Blockchain transactions generate complex mathematical puzzles that must be solved before the
transaction can be authenticated and completed. Cryptocurrency miners are the people who solve the
encrypted puzzles, validate the transaction and earn cryptocurrency for their efforts. The cryptomining
process is the only way to create and encrypt new coins on the blockchain.

3. Ransomware:

Ransomware is malicious malware that threatens to publish or steal victims’ data or prevents users from
accessing their systems until a ransom is paid. Ransomware has grown to be one of the biggest problems
in network security because it can paralyze large organizations and even whole cities,
with Atlanta and Baltimore as recent examples. The infection often starts with someone clicking on
what looks like an innocent link or attachment, then turns into a disaster for companies of all sizes when
vital files and documents are suddenly inaccessible and held for ransom.

However, sometimes paying the ransom won’t fix the problem. Sometimes cybercriminals demand
ransom even though the data they took is already destroyed.

4. Worms:

A worm is self-replicating malware that duplicates itself to spread to uninfected computers. Its primary
function is to infect other computers while remaining active on infected systems. Worms spread by
exploiting vulnerabilities in operating systems; this kind of attack literally worms its way into systems
by finding cracks and replicating itself over and over.

pg. 5
Cyber Security Rohini Sharma

5. Phishing:

A phishing attack involves using email to trick employees into believing a message is from a legitimate,
trustworthy source. Then, when they click a link in the email or open an attachment, their computer
becomes infected. The phisher could be someone pretending to be from the employee’s company, or
perhaps a company he/she does business with. Sometimes the message will describe something the
employee either wants or needs, or thinks they are expecting— a request from their bank, for instance.
Whatever the masquerade, a sophisticated phishing attempt has the appearance of genuine
communication but contains genuine harm.

pg. 6
Cyber Security Rohini Sharma

6. DDoS (Distributed Denial of Service) Attack

In a DDoS attack, the perpetrator seeks to make a machine or network resource unavailable to its
intended users by temporarily or indefinitely disrupting services of a host connected to the internet.
DDoS is typically accomplished by flooding the targeted machine from many different sources with
superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from
being fulfilled.

7. APT (Advanced Persistent Threats)

APT is an undercover, ongoing computer network attack in which a person or group gains unauthorized
access to a network with the goal of going undetected for the longest period possible in order to spy,
place custom malicious code on multiple computers for specific tasks, gather information, and access
sensitive, classified information. Traditionally, APT was associated with governments, but over the last
few years there have been multiple examples of non-state sponsored large groups conducting large-
scale targeted intrusions for other reasons.

pg. 7
Cyber Security Rohini Sharma

Organizational security policies and measures in Mobile

computing era:
Device Usage Policy:

Define acceptable use of mobile devices for work-related activities. Specify prohibited activities, such
as downloading unauthorized apps, visiting unsafe websites, or using personal devices for unauthorized
purposes.

Device Ownership and Responsibility:

Clarify ownership and responsibility for mobile devices, especially in Bring Your Own Device (BYOD)
environments. Outline the organization's rights to monitor, manage, and control devices used for work
purposes.

Security Controls and Settings:

Specify mandatory security controls and settings for mobile devices, such as screen locks, encryption,
and biometric authentication. Require regular security updates and patches for operating systems and
applications.

Data Protection:

Define protocols for protecting sensitive data stored on mobile devices, including customer information,
intellectual property, and confidential business data.
Require encryption of data at rest and in transit, as well as secure storage and transmission of sensitive
information.

Lost or Stolen Devices:

Establish procedures for reporting lost or stolen devices promptly.

Require remote wipe and lock capabilities to erase data and prevent unauthorized access to corporate
information on lost or stolen devices.

BYOD Policy:

If allowing BYOD, outline requirements for device registration, security controls, and user
responsibilities. Specify which devices and operating systems are supported and eligible for use in the
workplace.

Mobile App Management (MAM):

Define policies for managing and securing mobile applications used for work purposes. Specify
requirements for app vetting, whitelisting, and blacklisting, as well as guidelines for downloading and
installing apps.

pg. 8
Cyber Security Rohini Sharma

Training and Awareness:

Provide regular training and awareness programs to educate employees about mobile device security
best practices. Ensure employees understand their roles and responsibilities in safeguarding
organizational data on mobile devices.

Compliance and Enforcement:

Communicate consequences for non-compliance with mobile device security policies, including
disciplinary actions and termination of access privileges. Regularly audit and enforce policy compliance
through monitoring, reporting, and enforcement measures.

Policy Review and Updates:

Establish procedures for periodic review and updates to mobile device security policies to address
emerging threats, technological advancements, and regulatory changes.
Ensure policies remain relevant and effective in mitigating risks associated with mobile device usage
in the organization.

pg. 9