Introduction to Cyber Security

Cybersecurity is the protection of Internet-connected systems, including hardware, software, and

data from cyber attackers.
Cyber security is the practice of defending computers, servers, mobile devices, electronic
systems, networks, and data from malicious attacks. It's also known as information technology
security or electronic information security. The term applies in a variety of contexts, from
business to mobile computing, and can be divided into a few common categories.

· Network security is the practice of securing a computer network from intruders, whether
targeted attackers or opportunistic malware.
· Application security focuses on keeping software and devices free of threats. A compromised
application could provide access to the data its designed to protect. Successful security begins in
the design stage, well before a program or device is deployed.
· Information security protects the integrity and privacy of data, both in storage and in transit.
· Operational security includes the processes and decisions for handling and protecting data
assets. The permissions users have when accessing a network and the procedures that determine
how and where data may be stored or shared all fall under this umbrella.
· Disaster recovery and business continuity define how an organization responds to a
cyber-security incident or any other event that causes the loss of operations or data. Disaster
recovery policies dictate how the organization restores its operations and information to return to
the same operating capacity as before the event.
· End-user education addresses the most unpredictable cyber-security factor: people. Anyone
can accidentally introduce a virus to an otherwise secure system by failing to follow good
security practices. Teaching users to delete suspicious email attachments, not plug in unidentified
USB drives, and various other important lessons is vital for the security of any organization.

Importance of Cyber Security

Cyber security is the protection of electronic data and information. It’s the defense of electronic
systems on devices, like computers, cell phones, servers, and networks, from malicious attacks.
Regardless of who you are, it’s important to keep your data safe from unauthorized access.
Here are some reasons why cyber security is crucial:

1. There Are Different Types Of Cyber Attacks

No one is safe from the threat of cyber attacks. These attacks include malware, phishing,
man-in-the-middle, and drive-by attacks. Scary right? Wait till you hear about
crypto-jacking. This is where criminals could compromise your computer and use it to steal
resources, such as Bitcoins and other digital currencies. If they can get to your computer,
then they could easily steal your data. You need cyber security if you want to stand a chance
against these threats.

2. Increase In Cybercrimes
The fast development of technology, such as fast broadband, better gadgets, and cloud
computing, has led to an increase in the number of connected devices. According to some
surveys, there’ll be about 21.1 billion networked devices in the world in 2021. This, with the
development of the dark web, has created a fertile ground for cybercrime activities. Cyber
security can, nonetheless, minimize your exposure.
3. Tech Users Are Vulnerable
The fact that almost everyone on this planet is now more reliant on information and
communication technology means, for cybercriminals, that there’s a booming criminal
opportunity. Factors like the enhancement of cloud storage and social media growth have
left many exposed to cyber attacks. This makes cyber security more important than ever.

4. Cloud Storage Needs Protection

Sensitive information, like banking details and passwords, can now be stored on the cloud,
increasing their risk of theft. Also, the growth of social media has led to an increase in
identity fraud. The truth is that whether you’re an individual, a small business, a large
organization, or even a government, you’re at risk of being targeted for cybercrime. You
may, therefore, want to consider cyber security.

5. It Could Save Millions Of Dollars

According to recent studies, the average cost of cybercrimes for an organization was about
USD$13 million last year. Research also revealed a sharp increase in information breaches,
including financial information, health records, trade secrets, personal data, and intellectual
property. You’d rather pay a little for cyber security and save big on your organization’s
protection than lose a fortune through industrial espionage.

6. Enables Credibility
Cyber attacks often make online platforms, like websites, unpleasant or inaccessible. That
could result in a bad reputation, which might be difficult to undo. Cyber security is, hence,
important for the protection of your platform from such risks. It could also help protect
customers from potential hackers.

7. Viruses Can Harm You Or Business

Computer viruses can spread like wildfire. These could cause severe problems for you and
your business if not controlled. Computer viruses are capable of corrupting your files and
systems. It’s essential, therefore, to take cyber security seriously as it could save your
computer systems from viruses.

8. The Dark Web

The growth and development of technology haven’t left the dark web behind. The dark web
is a secret collaboration of Internet sites, and which is only accessible through specialized
 web browsers. It’s mainly used for hiding Internet activities and keeping users anonymous
and private.
Cybersecurity is important because it protects you or your company from potential cyber
threats. The advancement of technology has left many people vulnerable to cybercriminal
activities, such as hacking, data theft and damage, and industrial espionage. Cybercrime rate is
increasing; hence, without cyber security, you could lose sensitive information, money, or
reputation. Cyber security is as important as the need for technology.

Cyber Security Challenges

Cyber Security Challenges has been the national security in today’s world, organizations ranging
from small to large enterprises, government and private universities, hospitals, all prone to
Cyber attacks from across the globe.
The recent important cyber security challenges are described below:

1. Ransomware Evolution
Ransomware is a type of malware in which the data on a victim's computer is locked, and
payment is demanded before the ransomed data is unlocked. After successful payment, access
rights returned to the victim. Ransomware is the bane of cybersecurity, data professionals, IT,
and executives.
Ransomware attacks are growing day by day in the areas of cybercrime. IT professionals and
business leaders need to have a powerful recovery strategy against the malware attacks to protect
their organization. It involves proper planning to recover corporate and customers' data and
application as well as reporting any breaches against the Notifiable Data Breaches scheme.
Today's DRaaS solutions are the best defence against the ransomware attacks. With DRaaS
solutions method, we can automatically back up our files, easily identify which backup is clean,
and launch a fail-over with the press of a button when malicious attacks corrupt our data.
2. Blockchain Revolution
Blockchain technology is the most important invention in computing era. It is the first time in
human history that we have a genuinely native digital medium for peer-to-peer value exchange.
The blockchain is a technology that enables cryptocurrencies like Bitcoin. The blockchain is a
vast global platform that allows two or more parties to do a transaction or do business without
needing a third party for establishing trust.
It is difficult to predict what blockchain systems will offer in regards to cybersecurity. The
professionals in cybersecurity can make some educated guesses regarding blockchain. As the
application and utility of blockchain in a cybersecurity context emerges, there will be a healthy
tension but also complementary integrations with traditional, proven, cybersecurity approaches.
3. IoT Threats
IoT stands for Internet of Things. It is a system of interrelated physical devices which can be
accessible through the internet. The connected physical devices have a unique identifier (UID)
and have the ability to transfer data over a network without any requirements of the
human-to-human or human-to-computer interaction. The firmware and software which is
running on IoT devices make consumer and businesses highly susceptible to cyber-attacks.
When IoT things were designed, it is not considered in mind about the used in cybersecurity and
for commercial purposes. So every organization needs to work with cybersecurity professionals
to ensure the security of their password policies, session handling, user verification, multifactor
authentication, and security protocols to help in managing the risk.
4. AI Expansion
AI short form is Artificial intelligence. According to John McCarthy, father of Artificial
Intelligence defined AI: "The science and engineering of making intelligent machines, especially
intelligent computer programs."
It is an area of computer science which is the creation of intelligent machines that do work and
react like humans. Some of the activities related to artificial intelligence include speech
recognition, Learning, Planning, Problem-solving, etc. The key benefits with AI into our
cybersecurity strategy has the ability to protect and defend an environment when the malicious
attack begins, thus mitigating the impact. AI take immediate action against the malicious attacks
at a moment when a threats impact a business. IT business leaders and cybersecurity strategy
teams consider AI as a future protective control that will allow our business to stay ahead of the
cybersecurity technology curve.
5. Serverless Apps Vulnerability
Serverless architecture and apps is an application which depends on third-party cloud
infrastructure or on a back-end service such as google cloud function, Amazon web services
(AWS) lambda, etc. The serverless apps invite the cyber attackers to spread threats on their
system easily because the users access the application locally or off-server on their device.
Therefore it is the user responsibility for the security precautions while using serverless
application.
 The serverless apps do nothing to keep the attackers away from our data. The serverless
application doesn't help if an attacker gains access to our data through a vulnerability such as
leaked credentials, a compromised insider or by any other means then serverless.
We can run software with the application which provides best chance to defeat the
cybercriminals. The serverless applications are typically small in size. It helps developers to
launch their applications quickly and easily. They don't need to worry about the underlying
infrastructure. The web-services and data processing tools are examples of the most common
serverless apps.
Cyber Crime
Computer crime, or cybercrime, is any crime that involves a computer and a network. The
computer may have been used in the commission of a crime, or it may be the target.

Cyberspace

Cyberspace is "the environment in which communication over computer networks occurs.

Cyber threats
A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt
digital life in general.

Types of cyber threats

The threats countered by cyber-security are three-fold:

1. Cybercrime includes single actors or groups targeting systems for financial gain or to cause
disruption.
2. Cyber-attack often involves politically motivated information gathering.
3. Cyberterrorism is intended to undermine electronic systems to cause panic or fear.

So, how do malicious actors gain control of computer systems? Here are some common methods
used to threaten cyber-security:

Malware

Malware means malicious software. One of the most common cyber threats, malware is
software that a cybercriminal or hacker has created to disrupt or damage a legitimate user’s
computer. Often spread via an unsolicited email attachment or legitimate-looking download,
malware may be used by cybercriminals to make money or in politically motivated
cyber-attacks.

There are a number of different types of malware, including:

· Virus: A self-replicating program that attaches itself to clean file and spreads throughout a
computer system, infecting files with malicious code.
· Trojans: A type of malware that is disguised as legitimate software. Cybercriminals trick
users into uploading Trojans onto their computer where they cause damage or collect data.
· Spyware: A program that secretly records what a user does, so that cybercriminals can make
use of this information. For example, spyware could capture credit card details.
· Ransomware: Malware which locks down a user’s files and data, with the threat of erasing
it unless a ransom is paid.
· Adware: Advertising software which can be used to spread malware.
· Botnets: Networks of malware infected computers which cybercriminals use to perform
tasks online without the user’s permission.

Cyber warfare

The generally accepted definition of cyber warfare is the use of cyber attacks against a
nation-state, causing it significant harm, up to and including physical warfare, disruption of vital
computer systems and loss of life.

What is cyberwar?

When we talk about cyberwar we are referring to a completely different attack. It is precisely
cybersecurity that must be implemented to avoid the attacks that can come with a cyberwar,
which as defined by Tech Target, is "the use of cyberattacks against a nation-state, causing
significant damage, up to and including the physical warfare, disruption of vital computer
systems, and loss of life.”

It cannot be a war without the use of weapons, in cyberwar, these are the ones that play this role:

● Viruses, phishing, computer worms, and malware can cause damage to key infrastructure.
● DDoS attacks can block access to computer networks or essential equipment for certain
users.
● The theft of confidential data from institutions, governments, and companies.
● Cyber ​espionage triggers information theft and compromises national security and
stability.
● Spreading or sharing false information that can cause chaos.

The goal of a cyberwar boils down to weakening or destroying some other nation. To achieve
this, they plan to attack targets that represent a wide repertoire of objectives in one and that
greatly affect the nation and its interests.

The threats of a cyberwar range from propaganda on social networks, to espionage and chaos
that affect the infrastructure of a nation and cause loss of life.
Main differences between cybersecurity and cyberwar

What differentiates one from the other is in its name: cybersecurity elements are applied
precisely to avoid the attacks and consequences of a cyberwar, whether in an entire nation or a
company as a target.

US Lieutenant Gregory Conti, who coordinates cybersecurity and cyber warfare studies at the
US Military Academy, believes the two are "basically the same thing," making it clear how
similar the two terms are.

Types of attacks in a cyberwar

Destabilization

In recent years, cybercriminals, as people who commit cyber attacks cause destabilization in
daily processes and in the daily life of the common citizen by attacking key infrastructures for
certain nations, in addition to stealing confidential data from companies.

Sabotage

When a cyberattack sabotages government or company-specific computer systems, it is used to

support other conventional attack methods. These attacks on computerized systems sabotage
communications, contaminate software and put the company and national security at risk.

Data theft

Hacking into computers and systems to steal data is one of the most common types of
cyberattacks and has been around since the invention of the internet. It is used to sell sensitive
data on the black market, to blackmail, to expose scandals by a nation or company, and even for
its total destruction in the public eye.

Outstanding examples of a cyberwar

Throughout history, there have been several attacks that can be considered a cyberwar against
certain companies or governments, these have stood out and monopolized the news at the time:

Sony-2014
 Hackers associated with the North Korean government were blamed for a cyberattack on Sony
Pictures after Sony released the movie The Interview, which portrayed North Korean leader Kim
Jong Un in a negative light, all in a satirical manner, but this did not go down well in that nation

The Federal Bureau of Investigation found that the malware used in the attack included lines of
code, encryption algorithms, data removal methods, and compromised networks that were
similar to malware previously used by North Korean hackers.

United States presidential election - 2016

Much was said about this incident, where the Russian government apparently intervened in the
outcome of these elections, where Donald Trump was the winner. A report by special adviser
Robert Mueller determined that the Russians were involved in an information war.

Mueller's report found that Russia used social media accounts and interest groups to alter the
political climate in the US using what he called "information warfare." The operation began by
discrediting the electoral system in 2014 to more explicit activities designed to benefit candidate
Donald Trump in the 2016 election, according to the report.

CIA Triad

Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to
guide policies for information security within an organization. The model is also sometimes
referred to as the AIC triad (availability, integrity and confidentiality) to avoid confusion with
the Central Intelligence Agency.

What is the CIA triad? The CIA triad components, defined

The CIA triad is a widely used information security model that can guide an organization's
efforts and policies aimed at keeping its data secure. The model initials stand for the three
principles:

● Confidentiality: Only authorized users and processes should be able to access or modify data
● Integrity: Data should be maintained in a correct state and nobody should be able to improperly
modify it, either accidentally or maliciously
● Availability: Authorized users should be able to access data whenever they need to do so

These three principles are obviously top of mind for any infosec professional.

Who created the CIA triad, and when?

Unlike many foundational concepts in infosec, the CIA triad doesn't seem to have a single
creator or proponent; rather, it emerged over time as an article of wisdom among information
security pros. Ben Miller, a VP at cybersecurity firm Dragos, traces back early mentions of the
three components of the triad in a blog post; he thinks the concept of confidentiality in computer
 science was formalized in a 1976 U.S. Air Force study, and the idea of integrity was laid out in
a 1987 paper that recognized that commercial computing in particular had specific needs around
accounting records that required a focus on data correctness. Availability is a harder one to pin
down, but discussion around the idea rose in prominence in 1988 when the Morris worm, one of
the first widespread pieces of malware, knocked a significant portion of the embryonic internet
offline.

CIA triad examples

To understand how the CIA triad works in practice, consider the example of a bank ATM, which
can offer users access to bank balances and other information. An ATM has tools that cover all
three principles of the triad:

● It provides confidentiality by requiring two-factor authentication (both a physical card and a

PIN code) before allowing access to data
● The ATM and bank software enforce data integrity by ensuring that any transfers or withdrawals
made via the machine are reflected in the accounting for the user's bank account
● The machine provides availability because it's in a public place and is accessible even when the
bank branch is closed

Cyber Terrorism

Cyberterrorism is any premeditated, politically motivated attack against information

systems, programs and data that results in violence. The details of cyberterrorism and the
parties involved are viewed differently by various organization.
Examples are hacking into computer systems, introducing viruses to vulnerable networks,
web site defacing, Denial-of-service attacks, or terroristic threats made via electronic
communication.
What is the goal of cyber terrorism?
The most common objective of cyber terrorism is to damage or destroy a specific target which
may be an organization, industry, sector, economy or to just make an impact on particular targets

Cyber Security of Critical Infrastructure

Critical infrastructure describes the physical and cyber systems and assets that are so vital to
the United States that their incapacity or destruction would have a devastating impact on our
physical or economic security or public health or safety.
 Cybersecurity - Organizational Implications
Role of Cybersecurity in an Organization
Cybersecurity is the most important security an organization can have.

Cybersecurity is important to all businesses and should be taken seriously. The benefits of
cybersecurity are immense for not only companies but also their employees.

Cybersecurity is very important for any business. No business wants to be a victim of a cyber
attack so the role of cybersecurity in an organization is an extremely important one. The best way
to ensure a business will not become the victim of a cyber attack is to verify the business has an
effective security plan in place before any attack can happen.

Importance of IT Security in Business

IT security is important for any business. Organizations don’t like to talk about it, but security
breaches are constantly happening to businesses, sometimes multiple times a month.
Cybercriminals are constantly looking to hack businesses and many succeed. A good security
system protecting IT for businesses is the best defense a company can have against these
cybersecurity threats. The importance of cybersecurity for a business is not just about their
information being protected but also the information of their employees and customers.
Companies have a lot of data and information on their systems. This fact adds to the importance
of security, whether it is data security, information security or cybersecurity in general.

Importance of Cybersecurity Awareness in employees

There are many benefits of cybersecurity for a business. When it comes to cybersecurity, it is
important for a company to not only train and inform the higher-ups but every employee, of the
benefits of cybersecurity. When a company trains all of its employees about the benefits of
cybersecurity, the company itself has less exposure to cybersecurity risks in the first place. A
company will save money with cyber-related loss and severity of cybersecurity incidents when
they offer their employees proper cybersecurity training. Another benefit of training employees
is the time saved. When a company has fewer cybersecurity threats, the employees of that
company will spend less time tracking down the treat, fixing it and possibly having to redo any
affected work. When employees are properly trained, when it comes to cybersecurity, they
develop a more positive company culture with regards to cyber and information security.

Cybersecurity Solutions to company

There are many ways to ensure a business is practicing effective cybersecurity. One of the
biggest ways is to train and educate employees of the significance of cybersecurity and the
benefits of keeping the company secure. Another tool companies use is cybersecurity services
provided by a reliable cybersecurity company. A few of those reliable companies include:

● Herjavec Group
● Raytheon Cyber
● IBM Security
 ● Thycotic
● Digital Defense
● Palo Alto Networks

Cybersecurity is important for any organization that has critical data and information they can
not afford to lose. When it comes to hackers, many companies are defenseless against attacks.
The reason for this is in part due to lack of employee knowledge and lack of proper cybersecurity
service. Companies need to protect themselves against attacks and education can help a great
deal. When employees are aware of the importance of cybersecurity, they will do their part to
achieve security for their company.

Important:

Malware scanners
This is software that usually scans all the files and documents present in the system for
malicious code or harmful viruses. Viruses, worms, and Trojan horses are examples of malicious
software that are often grouped together and referred to as malware.

Firewalls
A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and
worms that try to reach your computer over the Internet. All messages entering or leaving the
internet pass through the firewall present, which examines each message and blocks those that do
not meet the specified security criteria. Hence firewalls play an important role in detecting the
malware.

Anti-virus software
Antivirus software is a computer program that detects, prevents, and takes action to disarm or
remove malicious software programs, such as viruses and worms. Most antivirus programs
include an auto-update feature that enables the program to download profiles of new viruses so
that it can check for the new viruses as soon as they are discovered. An anti virus software is a
must and basic necessity for every system.
 MODULE-II

What is Cybercrime – Definition

Cyber Crime

Computer crime, or cybercrime, is any crime that involves a computer and a network. The
computer may have been used in the commission of a crime, or it may be the target.

Perhaps the most dangerous types of malware creators are the hackers and groups of hackers that
create malicious software programs in an effort to meet their own specific criminal objectives.
These cybercriminals create computer viruses and Trojan programs that can:
● Steal access codes to bank accounts
● Advertise products or services on a victim’s computer
● Illegally use an infected computer’s resources – to develop and run:
o Spam campaigns
o Distributed Network Attacks (also called DDoS attacks)
o Blackmailing operations

Who is a Hacker?
A computer hacker is a skilled computer expert who uses their technical knowledge to overcome
a problem. Although the term “hacker” can basically refer to any skilled computer programmer,
it has however become more synonymous with the idea of a security hacker; that is, a person
who, with their technical knowledge, uses bugs or exploits to break into computer systems.
Now that you know who a hacker is, you may be wondering: “why do they do what they do?”
Primarily, there are about four motives behind the actions of hackers attempt to break into
computer systems.

The first motive is monetary gain, especially when it involves breaking into systems with the
specific purpose of stealing credit card numbers or manipulating banking systems.

Second, some hackers act for egoistic motives; to increase their reputation within the hacker
subculture, leaving their signatures on the system or network after a breach.

Third, corporate spies allow organizations to possess information on services and products that
may be hijacked or used as a leverage within the marketplace.

Lastly, some hackers do it for patriotic reasons; as in state-sponsored cyber attacks during
wartime

Different Types of Hackers

Just as knowing the techniques used by hackers is important, it is equally necessary that you
know the types of computer hackers out there today.

1. Black Hat Hacker

Basically, these are the “bad guys”. They are the types of hackers who break into
computer networks with purely negative motives such as monetary gain or reputation.
2. White Hat Hacker

As opposed to the black hat, these are the “good guys”. They are ethical hackers who
create algorithms to break existing internet networks so as to solve the loopholes in them.
3. Grey Hat Hacker

Basically, these are hackers who exploit the internet systems only to make public, certain
vast datasets of information that would be of benefit to everyone. They don’t possess the
bad intentions of black hats.
4. Blue Hat Hacker

In one word, this is the amateur. Usually, their techniques are deployed out of ill motives
such as revenge attacks.
5. Red Hat Hacker

The objective of a red hat hacker is to find black hat hackers, intercept and destroy their
schemes.
6. Script Kiddie
 This refers to the newbies. They don’t cause excessive damage; they use downloaded
hacking software or purchased scripts to bombard traffic sites or simply disrupt the
regular activity of a website.
7. Green Hat Hacker

This is the set of individuals who simply want to observe and learn about the world of
hacking. It comprises those who join learning communities to watch videos and tutorials
about hacking.
8. Social Engineering Hackers

These are hackers who use psychological manipulation to make people to divulge private
contents or to perform certain actions. It is a more complex crime scheme.
9. Hactivists

These are the types of hackers who break into systems and networks just to draw
attention towards an alarming social cause.
10. Cyber Terrorist:

These are politically motivated attackers who break into computer systems to stir up
violence against non-combatant targets by subnational groups or clandestine agents.
11. State/Nation Sponsored Hackers:

These are hackers who are employed by a country to attack the cybersphere of another
nation or international agency as a result of warfare or to retrieve/steal information.
12. Malicious Insider/Whistle-blower Hacker

These are the types of computer hackers who leak sensitive information from within an
organization, especially data under the umbrella of government agencies.
13. Elite Hackers

These are individuals who are considered the “cutting-edge geniuses”. They are the real
experts and the innovators in the field of hacking.

Difference between Hackers and Crackers :

Hacker Cracker

The good people who hack for knowledge The evil person who breaks into a system
purposes. for benefits.
 Hacker Cracker

They are skilled and have a advance They may or may not be skilled, some of
knowledge of computers OS and crackers just knows a few tricks to steal
programming languages. data.

They work in an organisation to help

protecting there data and giving them These are the person from which hackers
expertise on internet security. protect organisations .

Hackers share the knowledge and never If they found any loop hole they just
damages the data. delete the data or damages the data.

Crackers are unethical and want to benifit

Hackers are the ethical professionals. themselves from illegal tasks.

Hackers program or hacks to check the Crackers do not make new tools but use
integrity and vulnerability strength of a someone else tools for there cause and
network. harm the network.

Crackers may or may not have

Hackers have legal certificates with them e.g certificates, as there motive is to stay
CEH certificates. annonymous.

Cyber Attacks

A Cyber Attack is an attack initiated from a computer against a website, computer system or
individual computer (collectively, a computer) that compromises the confidentiality, integrity
or availability of the computer or information stored on it.

Backdoors – Backdoor is a type of cyber threat in which the attacker uses a back door to install
a keylogging software, thereby allowing an illegal access to your system. This threat can turn out
to be potentially serious as it allows for modification of the files, stealing information, installing
unwanted software or even taking control of the entire computer.

Denial-of-Service Attack – A denial-of-service or a DOS attack generally means attacking the

network to bring it down completely with useless traffic by affecting the host device which is
connected to the internet. A DOS attack targets websites or services which are hosted on the
servers of banks and credit card payment gateways.
Direct-access Attack – A direct-access attack simply means gaining physical access to the
computer or its part and performing various functions or installing various types of devices to
compromise security. The attacker can install software loaded with worms or download
important data, using portable devices.

Eavesdropping – As the name suggests, eavesdropping means secretly listening to a

conversation between the hosts on a network.

Spoofing – Spoofing is a cyber-attack where a person or a program impersonate another by

creating false data in order to gain illegal access to a system. Such threats are commonly found in
emails where the sender’s address is spoofed.

Tampering – Tampering is a web based attack where certain parameters in the URL are changed
without the customer’s knowledge; and when the customer keys in that URL, it looks and
appears exactly the same. Tampering is basically done by hackers and criminals to steal the
identity and obtain illegal access to information.

Repudiation Attack – A repudiation attack occurs when the user denies the fact that he or she
has performed a certain action or has initiated a transaction. A user can simply deny having
knowledge of the transaction or communication and later claim that such transaction or
communication never took place.

Information Disclosure– Information disclosure breach means that the information which is
thought to be secured is released to unscrupulous elements who are not trustworthy.

Privilege Escalation Attack – A privilege escalation attack is a type of network intrusion which
allows the user to have an elevated access to the network which was primarily not allowed. The
attacker takes the advantage of the programming errors and permits an elevated access to the
network.

Exploits – An exploit attack is basically a software designed to take advantage of a flaw in the
system. The attacker plans to gain easy access to a computer system and gain control, allows
privilege escalation or creates a DOS attack.

Social Engineering – An attack by a known or a malicious person is known as social

engineering. They have knowledge about the programs used and the firewall security and thus it
becomes easier to take advantage of trusted people and deceive them to gain passwords or other
necessary information for a large social engineering attack.

Indirect attack – Indirect attack means an attack launched from a third party computer as it
becomes more difficult to track the origin of the attack.

Computer crime – A crime undertaken with the use of a computer and a network is called as a
computer crime.
Malware – Malware refers to malicious software that are being designed to damage or perform
unwanted actions into the system. Malware is of many types like viruses, worms, Trojan horses,
etc., which can cause havoc on a computer’s hard drive. They can either delete some files or a
directory or simply gather data without the actual knowledge of the user.

Adware – Adware is a software that supports advertisements which renders ads to its author. It
has advertisements embedded in the application. So when the program is running, it shows the
advertisement. Basically, adware is similar to malware as it uses ads to inflict computers with
deadly viruses.

Bots – Bots is a software application that runs automated tasks which are simple and repetitive in
nature. Bots may or may not be malicious, but they are usually found to initiate a DoS attack or a
click fraud while using the internet.

Ransomware – Ransomware is a type of cyber security threat which will restrict access to your
computer system at first and will ask for a ransom in order for the restriction to be removed. This
ransom is to be paid through online payment methods only which the user can be granted an
access to their system.

Rootkits – A rootkit is a malicious software designed in such a way that hides certain process or
programs from normal anti-virus scan detection and continues to enjoy a privilege access to your
system. It is that software which runs and gets activated each time you boot your system and are
difficult to detect and can install various files and processes in the system.

Spyware – Spyware, as the name suggests, is a software which typically spies and gathers
information from the system through a user’s internet connection without the user’s knowledge.
A spyware software is majorly a hidden component of a freeware program which can be
downloaded from the internet.

Scareware – Scareware is a type of threat which acts as a genuine system message and guides
you to download and purchase useless and potentially dangerous software. Such scareware
pop-ups seem to be similar to any system messages, but actually aren’t. The main purpose of the
scareware is to create anxiety among the users and use that anxiety to coax them to download
irrelevant software’s.

Trojan Horses – Trojan Horses are a form of threat that are malicious or harmful codes hidden
behind genuine programs or data which can allow complete access to the system and can cause
damage to the system or data corruption or loss/theft of data. It acts as a backdoor and hence it is
not easily detectable.

Virus – A computer virus is a self-replicating program which, when executed, replicates or even
modifies by inserting copies of itself into another computer file and infects the affected areas
once the virus succeeds in replicating. This virus can be harmful as it spreads like wildfire and
can infect majority of the system in no time.
Worm – Just like a virus, worm is a self-replicating program which relies on computer network
and performs malicious actions and spreads itself onto other computer networks. Worms
primarily rely on security failures to access the infected system.

Phishing – Phishing is a cyber threat which makes an attempt to gain sensitive information like
passwords, usernames and other details for malicious reasons. It is basically an email fraud
where the perpetrator sends a legitimate looking email and attempts to gain personal information.

Identity Theft – Identity theft is a crime wherein your personal details are stolen and these
details are used to commit a fraud. An identity theft is committed when a criminal impersonates
individuals and use the information for some financial gain.

Intellectual Property Theft – Intellectual Property theft is a theft of copyrighted material where
it violates the copyrights and the patents. It is a cybercrime to get hands onto some trade secrets
and patented documents and research. It is basically a theft of an idea, plan and the methodology
being used.

Password Attacks – Password attack is a form of a threat to your system security where
attackers usually try ways to gain access to your system password. They either simply guess the
password or use an automated program to find the correct password and gain an entry into the
system.

Bluesnarfing – Bluesnarfing is a threat of information through unauthorized means. The hackers

can gain access to the information and data on a Bluetooth enabled phone using the wireless
technology of the Bluetooth without alerting the user of the phone.

Bluejacking – Bluejacking is simply sending of texts, images or sounds, to another Bluetooth

enabled device and is a harmless way of marketing. However, there is a thin line between
bluejacking and bluesnarfing and if crossed it results into an act of threat.

DDoS – DDoS basically means a Distributed Denial of Service. It is an attempt to make any
online service temporarily unavailable by generating overwhelming traffic from multiple sources
or suspend services of a host connected to the internet.

Keylogger – A keyloggers is a spyware that has the capability to spy on the happenings on the
computer system. It has the capability to record every stroke on the keyboard, web sites visited
and every information available on the system. This recorded log is then sent to a specified
receiver.

MiTM (Man in the Middle): By impersonating the endpoints in an online information

exchange (i.e. the connection from your smartphone to a website), the MITM can obtain
information from the end user and the entity he or she is communicating with.

Malvertising: A way to compromise your computer with malicious code that is downloaded to
your system when you click on an affected ad.
Watering Hole Attack: It is a computer attack strategy, in which the victim is a particular group
(organization, industry, or region). In this attack, the attacker guesses or observes which websites
the group often uses and infects one or more of them with malware. Eventually, some member of
the targeted group gets infected.

Semantic attack: It is the use of incorrect information to damage the credibility of target
resources or to cause direct or indirect harm. It is also the modification and dissemination of
information to set someone into the wrong direction or to cover your tracks.

Ransomware: It is a type of malicious software designed to block access to a computer system

until a sum of money is paid.

[What are common denial-of-service attacks?

There are many different methods for carrying out a DoS attack. The most common method of attack occurs when an attacker floods a network
server with traffic. In this type of DoS attack, the attacker sends several requests to the target server, overloading it with traffic. These service
requests are illegitimate and have fabricated return addresses, which mislead the server when it tries to authenticate the requestor. As the junk
requests are processed constantly, the server is overwhelmed, which causes a DoS condition to legitimate requestors.

● In a Smurf Attack, the attacker sends Internet Control Message Protocol broadcast packets to a number of hosts with a spoofed source
Internet Protocol (IP) address that belongs to the target machine. The recipients of these spoofed packets will then respond, and the
targeted host will be flooded with those responses.
● A SYN flood occurs when an attacker sends a request to connect to the target server but does not complete the connection through
what is known as a three-way handshake—a method used in a Transmission Control Protocol (TCP)/IP network to create a connection
between a local host/client and server. The incomplete handshake leaves the connected port in an occupied status and unavailable for
further requests. An attacker will continue to send requests, saturating all open ports, so that legitimate users cannot connect.

Individual networks may be affected by DoS attacks without being directly targeted. If the network’s internet service provider (ISP) or cloud
service provider has been targeted and attacked, the network will also experience a loss of service.

SQL injection

An SQL (structured language query) injection is a type of cyber-attack used to take control of
and steal data from a database. Cybercriminals exploit vulnerabilities in data-driven applications
to insert malicious code into a database via a malicious SQL statement. This gives them access to
the sensitive information contained in the database.

Zero-day exploit
A zero-day exploit hits after a network vulnerability (weakness/helplessness) is announced but
before a patch or solution is implemented. Attackers target the disclosed vulnerability during this
window of time. Zero-day vulnerability threat detection requires constant awareness.

DNS Tunneling
DNS tunneling utilizes the DNS protocol to communicate non-DNS traffic over port 53. It sends
HTTP and other protocol traffic over DNS. There are various, legitimate reasons to utilize DNS
tunneling. However, there are also malicious reasons to use DNS Tunneling VPN services. They
can be used to disguise outbound traffic as DNS, concealing data that is typically shared through
an internet connection. For malicious use, DNS requests are manipulated to exfiltrate data from a
compromised system to the attacker’s infrastructure. It can also be used for command and control
callbacks from the attacker’s infrastructure to a compromised system.
 Cyber safety tips - protect yourself against cyberattacks

How can businesses and individuals guard against cyber threats? Here are our top cyber safety
tips:

1. Update your software and operating system:This means you benefit from the latest security
patches.
2. Use anti-virus software:Security solutions like Kaspersky Total Security will detect and
removes threats. Keep your software updated for the best level of protection.
3. Use strong passwords:Ensure your passwords are not easily guessable.
4. Do not open email attachments from unknown senders:These could be infected with
malware.
5. Do not click on links in emails from unknown senders or unfamiliar websites:This is a
common way that malware is spread.
6. Avoid using unsecure WiFi networks in public places:Unsecure networks leave you
vulnerable to man-in-the-middle attacks.

[Read cyber attacks from other note’s Cyber security-Soumen Sir,

Page: 11]
Malware
● Malware is a type of computer program created by criminals with the intention of stealing
or damaging data and perhaps disrupting network operation. There are three main types of
malware:
1. Virus: malicious software attached to another program to execute a particular action
on a computer. Viruses normally require the intervention of humans in order to
propagate themselves, and are commonly received as attachments to emails or as files
stored on USB memory sticks.
2. Worms: self-contained malware programs that attack a computer and try to exploit a
specific security ‘hole’ or vulnerability in a software program installed on it. Once
they have successfully attacked the vulnerability, the worm copies its program across
the network to attack other devices on the network.
3. Trojan horse: similar in operation to a worm, except it is disguised to look like a
useful software program that you may want to install on your computer. Once you
have installed the Trojan, it will act as if it is normal software, but will be secretly
carrying out some criminal activity such as logging the keys you are typing in an
attempt to copy your passwords. Trojans are normally capable of transmitting the
information they steal to interested criminals via your network connection to the
Internet.
● There are many precautions you can take to protect yourself from malware:
o Always install antivirus software on your computers and make sure it is kept
up-to-date.
 o Always keep your operating system updated, as updates include patches for any
vulnerabilities that may be exploited by malware. Most operating systems can be
configured to do this automatically for you.
o Never open email attachments from people you do not know. Always scan email
attachments from people you do know.
o Always scan your USB memory sticks with your antivirus software after inserting
them into your computer. Never plug in a memory stick that you have ‘found’.
o Always keep copies (backups) of your important files on a separate hard drive,
preferably one that is not kept connected to your network. You can then retrieve your
data if malware damages the originals.

SNIFFING

1. What is Sniffing?
2. Types of Sniffing Attack
3. Detection of Sniffing Attack
4. Prevention of Sniffing Attack
1. WHAT IS SNIFFING?
As mentioned previously, sniffing attacks focus on stealing customer information. These attacks
are executed behind safe and secure channels. The attacks involve constantly monitoring and
capturing the data transferred via packets in the network. Special packet sniffers are used for
interfering with the data transfer and extract information.

Many a time, people confuse data sniffing with spoofing. There are prominent differences
between each of these network attacks. To begin with, sniffing is where the attacker actively gets
involved in the conversation. They listen to the actual flow of data packets. As a result, they will
be able to sniff segments that can make a big difference. This involves segments that carry
passwords, sensitive information, personal data, and even credit card credentials.

On the other hand, spoofing is also known as a man in the middle attack. These are attacks where
the hacker becomes an imposter. They find a way of positioning themselves between the
machine (or network) and the target. As a result, any data transferred by the target has to go
through the man in the middle. The tools and strategies used to host a spoofing attack are much
different than the sniffing attacks.

2. TYPES OF SNIFFING ATTACK

There are two major types of sniffing attacks. The passive and active sniffing attacks are equally
common. To understand how to detect packet sniffing, it is important to learn more about the
different types of sniffing attacks.
Active sniffing attacks happen in switched networks. By definition, the switch is an important
device that connects the host and the network. The Media Address Control is used by the switch
to connect the devices. The MAC address is essential for forwarding traffic to the right devices
connected to the switch. This behavior is utilized by the attackers. They find a way to inject
traffic deep into the LAN layer. Consequently, this allows them to actively sniff content from the
connection.

Next, the passive sniffing attacks replace the switches with hubs. The MAC address is used by
the hubs. However, the MAC address is only used to decide the destination ports of the data
transfer. Passive attacks are much simpler and faster than active attacks. Why? The hacker only
has to find a way into the LAN network. Once they find a way of getting connected in the data
transfer network channel, they will be able to sniff.

Regardless of the sniffing methodology, this kind of attack plays an important role in extracting
crucial pieces of information from the network.

3. DETECTION OF SNIFFING ATTACK

The method used for detection strongly depends on the complexity of the attack. In many cases,
the attack can go unnoticed. There are anti sniffer solutions that may even identify a sniffer
attack. However, these attacks are known to be false positive. This is why cyber specialists
follow protocols to judge if an attack is real or not. Also, you need to figure out what is a sniffer
tool meant to do in your workflow. This way, you will be able to master how a sniffer works, and
how it would blend with your existing (or proposed) security strategies.
Wireshark is a widely used tool for identifying sniffing attacks. This is an open-source platform
that takes care of analyzing and capturing network traffic. The tool runs on Linux and Windows
machines. The packets transferred over the network can be tracked easily using the Wireshark
tool. Moreover, it helps in filtering the packets based on protocol, IP, and a few other
parameters.

Debookee is a paid tool for analyzing and monitoring the network. This tool is capable of
intercepting traffic from multiple devices. The methods used by this tool are completely
independent of the devices used. This means traffic from phones, laptops, and even tablets can be
monitored using the tool. The SSL/TLS decryption strategy used by the Debookee is known for
supporting secured layer communication.

Another impressive tool for capturing sniffing attacks would be dSniff. This tool became famous
for spotting password sniffing in networks.

4. PREVENTION OF SNIFFING ATTACK

To begin with, users should be cautious about the network they use to transfer data. The kind of
data used and shared across free public wireless networks has to be controlled. This is because
the chances of a hacker sniffing in these public platforms are extremely high. It is quite easy for
hackers to build fake wireless networks. These networks lure traditional users into establishing a
connection and transferring data. This is why users need to think twice before access free public
WiFi services.

Encryption is a formal solution to sniffing attacks. This ensures that every piece of information
transferred over the network is carefully encrypted. The receiving end needs to have the right
decryption methods for understanding the actual message. Encryption to avoid sniffing attacks
can be achieved easily in a virtual private network (VPN).

Network monitoring and analyzing are two important stages in identifying and preventing
network attacks, of all sizes and types. Periodic monitoring and carefully drafted plans can help
you judge the presence of a sniffing attack. However, the checks have to be performed
periodically. Else, the chances of your missing an attack are extremely high.

Many times, ethical hackers make use of the methods used by hackers to penetrate systems to
identify prevention strategies. These steps turn into effective contingency plans.

CONCLUSION
On the whole, network sniffing attacks are prone to occur at any time. Users need to be
extremely cautious about the way they use and connect with networks. At all times, data needs to
be transferred via a safe and encrypted channel. This reduces the risks of a sniffing attack. Also,
organizations need to safeguard their virtual private networks to ensure that hackers cannot
eavesdrop on any communication that happens.

What Is Elevation of Privilege?

Privilege escalation is a common way for attackers to gain unauthorized access to systems within
a security perimeter.

Attackers start by finding weak points in an organization’s defenses and gaining access to a
system. In many cases that first point of penetration will not grant attackers with the level of
access or data they need. They will then attempt privilege escalation to gain more permissions or
obtain access to additional, more sensitive systems.
In some cases, attackers attempting privilege escalation find the “doors are wide open” –
inadequate security controls, or failure to follow the principle of least privilege, with users
having more privileges than they actually need. In other cases, attackers exploit software
vulnerabilities, or use specific techniques to overcome an operating system’s permissions
mechanism.
There are two types of privilege escalation:
● Horizontal privilege escalation — an attacker expands their privileges by taking over another
account and misusing the legitimate privileges granted to the other user. To learn more about
horizontal privilege escalation see our guide on lateral movement.
This attack involves a hacker simply taking over someone else’s account. For example, one
internet banking user might gain access to the account of another user by learning their ID and
password. In horizontal privilege escalation, the attacker does not actively seek to upgrade the
privileges associated with the account they have compromised, but simply to misuse them by
assuming the identity of the other user.

● Vertical privilege escalation (aka elevation of privilege or EoP) — an attacker attempts to gain
more permissions or access with an existing account they have compromised. For example, an
attacker takes over a regular user account on a network and attempts to gain administrative
permissions.
Here, a malicious user gains access to a lower-level account and uses it to gain higher level
privileges. For example, a hacker might compromise a user’s internet bank account user and then
try to get access to site administrative functions. Vertical privilege escalation requires more
sophisticated attack techniques than horizontal privilege escalation, such as hacking tools that
help the attacker gain elevated access to systems and data.

How does privilege escalation attack happen?

Attackers who try to perform unauthorized actions and obtain high-level privileges often use
so-called privilege escalation exploits. Exploits are pieces of code with the goal to release a
particular payload. The payload will focus on a known weakness in the operating system or
software components. Privilege escalation exploit execution will later enable them to steal or
damage data, disrupt operations or set up persistence on the network to perform further attacks.
Typically privilege escalation attack consists of five steps:

1. Find a vulnerability
2. Create the related privilege escalation exploit
3. Use the exploit on a system
4. Check if it successfully exploits the system
5. Gain additional privileges

Privilege escalation techniques

An attacker’s goal in a privilege escalation attack is to obtain high-level privileges (e.g. root
privileges) and make their way to critical IT systems without being noticed. There are multiple
privilege escalation techniques that attackers use to accomplish this. Let’s explore three of the
most common ones:
● Manipulating access tokens
● Bypassing user account control
● Using valid accounts

[Worms, Trojans, Viruses, Backdoors.: See PPT Module-2_virus worm

malware, backdoor]

Module-III
Ethical Hacking
Ethical hacking and penetration testing are common terms, popular in information security
environment for a long time. Increase in cybercrimes and hacking create a great challenge for
security experts and analyst and regulations over the last decade. It is a popular war between
hackers and security professionals. Fundamental Challenges to these security experts are of
finding weaknesses and deficiencies in running and upcoming systems, applications, software
and addressing them proactively. It is less costly to investigate proactively before an attack
instead of investigating after falling into an attack, or while dealing with an attack. For security
aspect, prevention and protection, organizations have their penetration testing teams internally as
well as contracted outside professional experts when and if they are needed depending on the
severity and scope of the attack.

Why Ethical Hacking is Necessary

The rise in malicious activates, cybercrimes and appearance of different forms of advanced
attacks require to need of penetration tester who penetrate the security of system and networks to
be determined, prepare and take precaution and remediation action against these aggressive
attacks.
 These aggressive and advanced attacks include: -
1. Denial-of-Services Attacks
2. Manipulation of data
3. Identity Theft
4. Vandalism
5. Credit Card theft
6. Piracy
7. Theft of Services
Increase in these type of attacks, hacking cases, and cyber attacks, because of increase of use of
online transaction and online services in the last decade. It becomes more attractive for hackers
and attackers to tempt to steal financial information. Computer or Cybercrime law has slowed
down prank activities only, whereas real attacks and cybercrimes rise. It focuses on the
requirement of Pentester, a shortened form of Penetration tester for the search for vulnerabilities
and flaw within a system before waiting for an attack. If you want to beat the attacker and
hacker, you have to be smart enough to think like them and act like them. As we know, hackers
are skilled, with great knowledge of hardware, software, and exploration capabilities. It ensures
the need and importance of ethical hacking which allows the ethical hacker to counter the attack
from malicious hackers by anticipating methods. Another major advantage and need for ethical
hacking are to uncover the vulnerabilities in systems and security deployments to take action to
secure them before they are used by a hacker to breach security.

What are the key concepts of ethical hacking?

Hacking experts follow four key protocol concepts:

1. Stay legal. Obtain proper approval before accessing and performing a security
assessment.
2. Define the scope. Determine the scope of the assessment so that the ethical hacker’s
work remains legal and within the organization’s approved boundaries.
3. Report vulnerabilities. Notify the organization of all vulnerabilities discovered during
the assessment. Provide remediation advice for resolving these vulnerabilities.
4. Respect data sensitivity. Depending on the data sensitivity, ethical hackers may have to
agree to a non-disclosure agreement, in addition to other terms and conditions required by
the assessed organization.

How are ethical hackers different than malicious hackers?

Ethical hackers use their knowledge to secure and improve the technology of organizations. They
provide an essential service to these organizations by looking for vulnerabilities that can lead to a
security breach.
An ethical hacker reports the identified vulnerabilities to the organization. Additionally, they
provide remediation advice. In many cases, with the organization’s consent, the ethical hacker
performs a re-test to ensure the vulnerabilities are fully resolved.
Malicious hackers intend to gain unauthorized access to a resource (the more sensitive the better)
for financial gain or personal recognition. Some malicious hackers deface websites or crash
backend servers for fun, reputation damage, or to cause financial loss. The methods used and
vulnerabilities found remain unreported. They aren’t concerned with improving the organizations
security posture.

Scope and Limitations of Ethical Hacking

Ethical Hacking is an important and crucial component of risk assessment, auditing, counter
frauds. Ethical hacking is widely used as penetration testing to identify the vulnerabilities, risk,
and highlight the holes to take remedial actions against attacks. However, there is also some
limitations where ethical hacking is not enough, or just through ethical hacking, the issue could
not resolve. An organization must first know what it is looking for before hiring an external
pentester or ethical hacker. It helps focus the goals to achieve and save time. The testing team
dedicated in troubleshooting the actual problem in resolving the issues. The ethical hacker also
helps to understand the security system of an organization better. It is up to the organization to
take recommended actions by the Pentester or ethical hacker and enforce security policies over
the system and network.

What is an Attack Vector?

Attack Vector Definition: In cyber security, an attack vector is a method or pathway used by a
hacker to access or penetrate the target system. Hackers steal information, data and money from
people and organizations by investigating known attack vectors and attempting to exploit
vulnerabilities to gain access to the desired system. Once a hacker gains access to an
organization's IT infrastructure, they can install a malicious code that allows them to remotely
control IT infrastructure, spy on the organization or steal data or other resources.
Attack vectors may be exploited by a variety of groups, from a disgruntled former employee of
your organization that wants to disrupt your business to the intelligence service of a foreign
government that wants to steal your technology. There are also many different known attack
vectors that these groups can effectively exploit to gain unauthorized access to your IT
infrastructure. IT organizations can mitigate against cyber attacks through a number of different
methods, including real-time event detection and response capabilities that neutralize cyber
attacks before they can lead to data loss.
Difference Between Attack Vector and Attack Surfaces
An attack vector is the path that a hacker takes to exploit cybersecurity vulnerabilities. Whereas
an attack surface is all of the public and privately exposed nexus points of your company's data
and human or software interaction.
What is Threat Modeling?

Threat modeling is a method of optimizing network security by locating vulnerabilities,

identifying objectives, and developing countermeasures to either prevent or mitigate the effects
of cyber-attacks against the system.

While security teams can conduct threat modeling at any point during development, doing it at
the start of the project is best practice. This way, threats can be identified sooner and dealt with
before they become an issue.

Ten Threat Modeling Methodologies

There are as many ways to fight cybercrime as there are types of cyber-attacks. For instance,
here are ten popular threat modeling methodologies used today.

1. STRIDE

A methodology developed by Microsoft for threat modeling, it offers a mnemonic for identifying
security threats in six categories:

● Spoofing: An intruder posing as another user, component, or other system feature that contains an
identity in the modeled system.

● Tampering: The altering of data within a system to achieve a malicious goal.

● Repudiation: The ability of an intruder to deny that they performed some malicious activity, due to the
absence of enough proof.

● Information Disclosure: Exposing protected data to a user that isn't authorized to see it.

● Denial of Service: An adversary uses illegitimate means to exhaust services needed to provide service
to users.

● Elevation of Privilege: Allowing an intruder to execute commands and functions that they aren't
allowed to.

2. DREAD

Proposed for threat modeling, but Microsoft dropped it in 2008 due to inconsistent ratings.
OpenStack and many other organizations currently use DREAD. It's essentially a way to rank
and assess security risks in five categories:

● Damage Potential: Ranks the extent of damage resulting from an exploited weakness.
● Reproducibility: Ranks the ease of reproducing an attack

● Exploitability: Assigns a numerical rating to the effort needed to launch the attack.

● Affected Users: A value representing how many users get impacted if an exploit becomes widely
available.

● Discoverability: Measures how easy it is to discover the threat.

3. P.A.S.T.A

This stands for Process for Attack Simulation and Threat Analysis, a seven-step, risk-centric
methodology. It offers a dynamic threat identification, enumeration, and scoring process. Once
experts create a detailed analysis of identified threats, developers can develop an asset-centric
mitigation strategy by analyzing the application through an attacker-centric view.

4. Trike

Trike focuses on using threat models as a risk management tool. Threat models, based on
requirement models, establish the stakeholder-defined "acceptable" level of risk assigned to each
asset class. Requirements model analysis yields a threat model where threats are identified and
given risk values. The completed threat model is then used to build a risk model, factoring in
actions, assets, roles, and calculated risk exposure.

5. VAST

Standing for Visual, Agile, and Simple Threat modeling, it provides actionable outputs for the
specific needs of various stakeholders such as application architects and developers,
cybersecurity personnel, etc. VAST offers a unique application and infrastructure visualization
plan so that the creation and use of threat models don't require any specialized expertise in
security subject matters.

6. Attack Tree

The tree is a conceptual diagram showing how an asset, or target, could be attacked, consisting of
a root node, with leaves and children nodes added in. Child nodes are conditions that must be
met to make the direct parent node true. Each node is satisfied only by its direct child nodes. It
also has "AND" and "OR" options, which represent alternative steps taken to achieve these
goals.
7. Common Vulnerability Scoring System (CVSS)

This method provides a way to capture a vulnerability's principal characteristics and assigning a
numerical score (ranging from 0-10, with 10 being the worst) showing its severity. The score is
then translated into a qualitative representation (e.g., Low, Medium, High, and Critical). This
representation helps organizations effectively assess and prioritize their unique vulnerability
management processes.

8. T-MAP

T-MAP is an approach commonly used in Commercial Off the Shelf (COTS) systems to
calculate attack path weights. The model incorporates UML class diagrams, including access
class, vulnerability, target assets, and affected value.

9. OCTAVE

The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) process is a
risk-based strategic assessment and planning method. OCTAVE focuses on assessing
organizational risks only and does not address technological risks. OCTAVE has three phases:

● Building asset-based threat profiles. (Organizational evaluation)

● Identifying infrastructure vulnerabilities. (Information infrastructure evaluation)

● Developing and planning a security strategy. (Evaluation of risks to the company's critical assets and
decision making.)

10. Quantitative Threat Modeling Method

This hybrid method combines attack trees, STRIDE, and CVSS methods. It addresses several
pressing issues with threat modeling for cyber-physical systems that contain complex
interdependencies in their components. The first step is building components attack trees for the
STRIDE categories. These trees illustrate the dependencies in the attack categories and low-level
component attributes. Then the CVSS method is applied, calculating the scores for all the tree's
components.

What is information security architecture?

Enterprise information security architecture (EISA) is about using a methodology to create or
modify an organization’s security processes and information security systems. The objective is to
fulfill the requirements for information security in your organization as well as the business goals
and strategic direction.
The security architecture ensures that services are properly managed, delivered and supported in
addition to meeting the needs of the business.

What is a Vulnerability Assessment?

A vulnerability assessment is the process of identifying and quantifying known security
vulnerabilities in an environment. It is a surface-level evaluation of your information security
posture, indicating weaknesses as well as providing the appropriate mitigation procedures
required to either eliminate those weaknesses or reduce them to an acceptable level of risk.

On the other hand, a vulnerability assessment is the technique of identifying (discovery) and
measuring security vulnerabilities (scanning) in a given environment. It is a comprehensive
assessment of the information security position (result analysis). Further, it identifies the
potential weaknesses and provides the proper mitigation measures (remediation) to either
remove those weaknesses or reduce below the risk level.
The following diagram summarizes the vulnerability assessment −

What is a Penetration Test?

A penetration test simulates the actions of an external and/or internal cyber attacker that aims to
breach the information security of the organization. Using many tools and techniques, the
penetration tester attempts to exploit critical systems and gain access to sensitive data.

Penetration testing replicates the actions of an external or/and internal cyber attacker/s that is
intended to break the information security and hack the valuable data or disrupt the normal
functioning of the organization. So, with the help of advanced tools and techniques, a penetration
tester (also known as ethical hacker) makes an effort to control critical systems and acquire
access to sensitive data.

The following table illustrates the fundamental differences between penetration testing and
vulnerability assessments −
 Penetration Testing Vulnerability Assessments

Makes a directory of assets and resources in a given

Determines the scope of an attack.
system.

Tests sensitive data collection. Discovers the potential threats to each resource.

Gathers targeted information and/or inspect Allocates quantifiable value and significance to the
the system. available resources.

Attempts to mitigate or eliminate the potential

Cleans up the system and gives final report.
vulnerabilities of valuable resources.

It is non-intrusive, documentation and Comprehensive analysis and through review of the

environmental review and analysis. target system and its environment.

It is ideal for physical environments and

It is ideal for lab environments.
network architecture.

It is meant for critical real-time systems. It is meant for non-critical systems.

What is social engineering?

Most cybercriminals are master manipulators, but that doesn’t mean they’re all manipulators of
technology — some cybercriminals favor the art of human manipulation.
In other words, they favor social engineering, meaning exploiting human errors and
behaviors to conduct a cyberattack. For a simple social engineering example, this could occur
in the event a cybercriminal impersonates an IT professional and requests your login information
to patch up a security flaw on your device. If you provide the information, you’ve just handed
a malicious individual the keys to your account and they didn’t even have to go to the trouble
of hacking your email or computer to do it.
As with most cyber threats, social engineering can come in many forms and they’re
ever-evolving. Here, we’re overviewing what social engineering looks like today, attack types to
know, and red flags to watch for so you don’t become a victim.

Social engineering defined

For a social engineering definition, it’s the art of manipulating someone to divulge sensitive
or confidential information, usually through digital communication, that can be used for
fraudulent purposes.
Unlike traditional cyberattacks that rely on security vulnerabilities to gain access to
unauthorized devices or networks, social engineering techniques target human vulnerabilities.
For this reason, it’s also considered human hacking.
Cybercriminals who conduct social engineering attacks are called social engineers, and
they’re usually operating with two goals in mind: to wreak havoc and/or obtain valuables like
important information or money.

How social engineering works

Like most types of manipulation, social engineering is built on trust first— false trust, that is — and
persuasion second. Generally, there are four steps to a successful social engineering attack:

1. Preparation: The social engineer gathers information about their victims, including where they
can access them, such as on social media, email, text message, etc.
2. Infiltration: The social engineer approaches their victims, usually impersonating a trustworthy
source and using the information gathered about the victim to validate themselves.
3. Exploitation: The social engineer uses persuasion to request information from their victim, such
as account logins, payment methods, contact information, etc., that they can use to commit their
cyberattack.
4. Disengagement: The social engineer stops communication with their victim, commits their
attack, and swiftly departs.

Depending on the social engineering attack type, these steps could span a matter of hours to a
matter of months. No matter the time frame, knowing the signs of a social engineering attack can
help you spot — and stop — one fast.

Signs of a social engineering attack

Social engineering can happen everywhere, online and offline. And unlike traditional cyberattacks,
whereby cybercriminals are stealthy and want to go unnoticed, social engineers are often communicating
with us in plain sight. Consider these common social engineering tactics that one might be right
under your nose.
Social engineering attack types + examples
Almost all cyberattacks have some form of social engineering involved. And most social
engineering techniques also involve malware, meaning malicious software that unknowingly
wreaks havoc on our devices and potentially monitors our activity.

Pore over these common forms of social engineering, some involving malware, as well as
real-world examples and scenarios for further context.

1. Scareware

As the name indicates, scareware is malware that’s meant to scare you to take action — and take
action fast. It often comes in the form of pop-ups or emails indicating you need to “act now” to
get rid of viruses or malware on your device. In fact, if you act you might be downloading
a computer virus or malware.
Scareware example

Turns out it’s not only single-acting cybercriminals who leverage scareware. In 2019, an office
supplier and tech support company teamed up to commit scareware acts. The office
supplier required its employees to run a rigged PC test on customers’ devices that
would encourage customers to purchase unneeded repair services. Ultimately, the Federal Trade
Commission ordered the supplier and tech support company to pay a $35 million settlement.

2. Email hacking and contact spamming

It’s in our nature to pay attention to messages from people we know. And social engineers know
this all too well, commandeering email accounts and spamming contact lists with phishing scams
and messages.
Email hacking and contact spamming example

If your friend sent you an email with the subject, “Check out this site I found, it’s totally cool,”
you might not think twice before opening it. By taking over someone’s email account, a social
engineer can make those on the contact list believe they’re receiving emails from someone they
know. The primary objectives include spreading malware and tricking people out of
their personal data.

3. Access tailgating

Also known as piggybacking, access tailgating is when a social engineer physically trails or
follows an authorized individual into an area they do not have access to. This can be as simple of
an act as holding a door open for someone else. Once inside, they have full reign to access
devices containing important information.
Access tailgating example

If someone is trailing behind you with their hands full of heavy boxes, you’d hold the door for
them, right? In reality, you might have a social engineer on your hands. Your act of kindness is
granting them access to an unrestricted area where they can potentially tap into private devices
and networks.

4. Phishing

Phishing is a well-known way to grab information from an unwitting victim. How it typically
works: A cybercriminal, or phisher, sends a message to a target that’s an ask for some type of
information or action that might help with a more significant crime. The ask can be as simple as
encouraging you to download an attachment or verifying your mailing address.
Worth noting is there are many forms of phishing that social engineers choose from, all with
different means of targeting. Spam phishing often takes the form of one big email sweep, not
necessarily targeting a single user. Spear phishing targets individual users, perhaps by
impersonating a trusted contact. Whaling targets celebrities or high-level executives.
Phishing also comes in a few different delivery forms:

● Vishing, meaning voice phishing, is when your phone call might be recorded, including
information you input on PIN pads.
● Smishing, meaning SMS phishing, are texts containing malicious links.
● Email phishing is among the most traditional phishing method, meaning phishing by
email oftentimes by delivering a malicious link or a download.
● Angler phishing is when a cybercriminal impersonates a customer service person to
intercept your communications and private messages.
● URL phishing is a falsified link you receive that contains malware.
● In-session phishing occurs when you’re already on a platform or account and are asked,
for instance, to log in again.
● Fax-based phishing often occurs as a fake email from a trusted institution requested you
print off the message and fax back your sensitive information.

Phishing example

A social engineer might pose as a banking institution, for instance, asking email recipients to
click on a link to log in to their accounts. Those who click on the link, though, are taken to a fake
website that, like the email, appears to be legitimate. If they log in at that fake site, they’re
essentially handing over their login credentials and giving the cybercriminal access to their bank
accounts.

5. DNS spoofing

Also known as cache poisoning, DNS spoofing is when a browser is manipulated so that online
users are redirected to malicious websites bent on stealing sensitive information. In other
words, DNS spoofing is when your cache is poisoned with these malicious redirects.
DNS spoofing example

In 2018, a cloud computing company and its customers were victims of a DNS spoofing attack
that resulted in around $17 million of cryptocurrency being stolen from victims.
Cybercriminals rerouted people trying to log into their cryptocurrency accounts to a fake website
that gathered their credentials to the cryptocurrency site and ultimately drained their accounts.

6. Baiting

Baiting is built on the premise of someone taking the bait, meaning dangling something desirable
in front of a victim, and hoping they’ll bite. This occurs most often on peer-to-peer sites like
social media, whereby someone might encourage you to download a video or music, just to
discover it’s infected with malware — and now, so is your device.
Baiting example

For a physical example of baiting, a social engineer might leave a USB stick, loaded with
malware, in a public place where targets will see it such as in a cafe or bathroom. In addition, the
criminal might label the device in a compelling way — “confidential” or “bonuses.” A target
who takes the bait will pick up the device and plug it into a computer to see what’s on it. The
malware will then automatically inject itself into the computer.

7. Physical breaches

As the name indicates, physical breaches are when a cybercriminal is in plain sight, physically
posing as a legitimate source to steal confidential data or information from you. This might be as
a colleague or an IT person — perhaps they’re a disgruntled former employee — acting like
they’re helping you with a problem on your device. In fact, they could be stealing your
account logins.
Physical breaches example

A social engineer posing as an IT person could be granted access into an office setting to update
employees’ devices — and they might actually do this. At the same time, however, they could be
putting a keylogger on the devices to track employees ’ every keystroke and patch together
confidential information that can be used toward other cyberattacks.

8. Pretexting

What is pretexting? It’s the use of an interesting pretext, or ploy, to capture someone’s attention.
Once the story hooks the person, the social engineer tries to trick the would-be victim into
providing something of value. Oftentimes, the social engineer is impersonating a legitimate
source.
Pretexting example

Let’s say you received an email, naming you as the beneficiary of a will or a house deed. The
email requests your personal information to prove you’re the actual beneficiary and to speed
the transfer of your inheritance. Instead, you’re at risk of giving a con artist the ability not to add
to your bank account, but to access and withdraw your funds.

9. Watering hole attacks

A watering hole attack is a one-sweep attack that infects a single webpage with malware. The
webpage is almost always on a very popular site — or virtual watering hole, if you will — to
ensure that the malware can reach as many victims as possible.
Watering hold attack example

In 2014, a media site was compromised with a watering hole attack attributed to Chinese
cybercriminals. They exploited vulnerabilities on the media site to create a fake widget
that, when loaded, infected visitors’ browsers with malware.

10. Quid pro quo

Quid pro quo means a favor for a favor, essentially “I give you this, and you give me that.” In the
instance of social engineering, the victim coughs up sensitive information like account logins or
payment methods and then the social engineer doesn’t return their end of the bargain.
Quid pro quo example

For a quid pro quo video gaming example, you might be on a gaming forum and on the lookout
for a cheat code to surpass a difficult level. Perhaps you wire money to someone selling the code,
just to never hear from them again and to never see your money again.

Tips to avoid becoming a victim of a social engineering attack (Defense )

Your best defense against social engineering attacks is to educate yourself of their risks, red flags, and
remedies. To that end, look to the following tips to stay alert and avoid becoming a victim of a
social engineering attack.

Communicate safely online

Your own wits are your first defense against social engineering attacks. Simply slowing down
and approaching almost all online interactions with skepticism can go a long way in stopping
social engineering attacks in their tracks.
1. Don’t click links you don’t request.
2. Don’t overshare personal information online.
3. Be cautious of online-only friendships.
4. Remember the signs of social engineering.
5. Acknowledge what’s too good to be true.

Secure your accounts and networks

Beyond putting a guard up yourself, you’re best to guard your accounts and networks against
cyber attacks, too. Consider these means and methods to lock down the places that host your
sensitive information.
6. Use two-factor authentication.
7. Only use strong, unique passwords and change them often.
8. Consider a password manager to keep track of your strong passwords.
9. Set high spam filters.
10. Don’t allow strangers on your Wi-Fi network.
11. Use a virtual private network.
12. Monitor your account activity closely.

Safeguard your devices

Finally, ensuring your devices are up to cybersecurity snuff means that you aren’t the only one
charged with warding off social engineers — your devices are doing the same.
13. Don’t leave devices unattended.
14. Use cybersecurity software.
15. Keep your software up to date

Insider Threat
What Is an Insider Threat

An insider threat is a security risk that originates from within the targeted organization. It
typically involves a current or former employee or business associate who has access to
sensitive information or privileged accounts within the network of an organization, and who
misuses this access.

Traditional security measures tend to focus on external threats and are not always capable of
identifying an internal threat emanating from inside the organization.
 Types of insider threats include:

● Malicious insider—also known as a Turncloak, someone who maliciously and intentionally

abuses legitimate credentials, typically to steal information for financial or personal incentives.
For example, an individual who holds a grudge against a former employer, or an opportunistic
employee who sells secret information to a competitor. Turncloaks have an advantage over other
attackers because they are familiar with the security policies and procedures of an organization,
as well as its vulnerabilities.
● Careless insider—an innocent pawn who unknowingly exposes the system to outside threats.
This is the most common type of insider threat, resulting from mistakes, such as leaving a device
exposed or falling victim to a scam. For example, an employee who intends no harm may click
on an insecure link, infecting the system with malware.
● A mole—an imposter who is technically an outsider but has managed to gain insider access to a
privileged network. This is someone from outside the organization who poses as an employee or
partner.

Three types of risky behavior explained

Malicious Insider Threat Indicators

Anomalous activity at the network level could indicate an inside threat. Likewise, if an employee
appears to be dissatisfied or holds a grudge, or if an employee starts to take on more tasks with
excessive enthusiasm, this could be an indication of foul play. Trackable insider threat indicators
include:

● Activity at unusual times—signing in to the network at 3 am

● The volume of traffic—transferring too much data via the network
● The type of activity—accessing unusual resources

How To Protect Against an Insider Attack: Best Practices

You can take the following steps to help reduce the risk of insider threats:

● Protect critical assets—these can be physical or logical, including systems, technology,

facilities, and people. Intellectual property, including customer data for vendors, proprietary
software, schematics, and internal manufacturing processes, are also critical assets. Form a
comprehensive understanding of your critical assets. Ask questions such as: What critical assets
do we possess? Can we prioritize our assets? And, What do we understand about the current state
of each asset?
● Enforce policies—clearly document organizational policies so you can enforce them and prevent
misunderstandings. Everyone in the organization should be familiar with security procedures and
 should understand their rights in relation to intellectual property (IP) so they don’t share
privileged content that they have created.
● Increase visibility—deploy solutions to keep track of employee actions and correlate
information from multiple data sources. For example, you can use deception technology to lure a
malicious insider or imposter and gain visibility into their actions.
● Promote culture changes—ensuring security is not only about know-how but also about
attitudes and beliefs. To combat negligence and address the drivers of malicious behavior, you
should educate your employees regarding security issues and work to improve employee
satisfaction.

Important Q/A
Difference between Phishing and Vishing

There are digital advancements today at their peak; therefore, various advanced and cyber
threats on a big level have also occurred from time to time around the world. These
cyber-threats have different forms and are very miscellaneous. People use various methods, and
most people have suffered from this.
There are various types of email attacks used by attackers to abstract the personal information of
users. This important information includes login authentication, bank details, or any other
informative data. Phishing and Vishing are the types of email attacks.
What is Phishing?
Phishing is a type of email attack in which the stealer tries to get hold of the user's important
data in a fraudulent way. For example, by using electronic communication, your data is stolen
from the related have faith incorporation. Assaulters design emails to target a group and provide
a link to click and insert the virus code on the computer.
For example,
● Bank transaction passwords from the people
● Thieving login credentials
What is Vishing?
Vishing is a cyber-attack in which stealing is done using voice communication. Voice
communication is used to steal important information from users. In Vishing, the assaulter
deceives the target to provide the delicate data through the voice call by fooling the employee
from the trustable company.
For example,
● Calling the user and asking bank ATM OTP or password
● Asking for the bank account UPI PIN.
Difference between Phishing and Vishing
Phishing Vishing

Phishing assault is done through emails Vishing assault is done through voice
to a large number of people. communication to a large number of people.

Sufferers need to click on the vicious Sufferers need to tell the information by themselves
link. through voice communication.

Phishing is an automatic assault. Vishing is not an automatic assault.

The assaulter has sent various emails at a Whereas in Vishing, a voice attack is done by the
time. assaulter only a single time.

Its preciseness is more. Its preciseness is less.

Currently, phishing is used frequently. Vishing is done previously, but presently also some
assaulters use this technique to fraud the people.

Assaulters who hack the information Scammers are not professional hackers in Vishing.
using phishing are mainly professional
hackers.

Some of the crucial phishing are sphere While visiting takes place through numerous
phishing, clone phishing, whaling, etc. mediums as video calls through skype, zoom, etc.

The common attacks of phishing and Vishing are going on through a call to win some prize or
lottery. And to claim these prizes, they will ask you for your OTP or specific number. However,
you can take some steps to avoid these scammers' calls, like block the numbers or report them.
However, sometimes, scammers steal the identity from our phones. Therefore, this makes it
more difficult to find out that they are authentic or not.
 Phishing and types

Phishing involves an attacker trying to trick someone into providing sensitive account or
other login information online. All the different types of phishing are designed to take
advantage of the fact that so many people do business over the internet.
Phishing also comes in a few different delivery forms:

● Vishing, meaning voice phishing, is when your phone call might be recorded, including
information you input on PIN pads.
● Smishing, meaning SMS phishing, are texts containing malicious links.
● Email phishing is among the most traditional phishing method, meaning phishing by
email oftentimes by delivering a malicious link or a download.
● Angler phishing is when a cybercriminal impersonates a customer service person to
intercept your communications and private messages.
● URL phishing is a falsified link you receive that contains malware.
● In-session phishing occurs when you’re already on a platform or account and are asked,
for instance, to log in again.
● Fax-based phishing often occurs as a fake email from a trusted institution requested you
print off the message and fax back your sensitive information.

Phishing example

A social engineer might pose as a banking institution, for instance, asking email recipients to
click on a link to log in to their accounts. Those who click on the link, though, are taken to a fake
website that, like the email, appears to be legitimate. If they log in at that fake site, they’re
essentially handing over their login credentials and giving the cybercriminal access to their bank
accounts.

Cyber Crime, Types, how u protect yourself from cyber crimes

What is cybercrime?

Cybercrime is criminal activity that either targets or uses a computer, a computer network or a
networked device. Most cybercrime is committed by cybercriminals or hackers who want to
make money. However, occasionally cybercrime aims to damage computers or networks for
reasons other than profit. These could be political or personal.

Cybercrime can be carried out by individuals or organizations. Some cybercriminals are

organized, use advanced techniques and are highly technically skilled. Others are novice hackers.

What are the types of cybercrime?

Types of cybercrime include:

● Email and internet fraud.
● Identity fraud (where personal information is stolen and used).
● Theft of financial or card payment data.
● Theft and sale of corporate data.
● Cyberextortion (demanding money to prevent a threatened attack).
● Ransomware attacks (a type of cyberextortion).
● Cryptojacking (where hackers mine cryptocurrency using resources they do not own).
● Cyberespionage (where hackers access government or company data).
● Interfering with systems in a way that compromises a network.
● Infringing copyright.
● Illegal gambling.
● Selling illegal items online.
● Soliciting, producing, or possessing child pornography.

Examples of cybercrime

Here are some famous examples of different types of cybercrime attack used by cybercriminals:

Malware attacks

A malware attack is where a computer system or network is infected with a computer virus or
other type of malware. A computer compromised by malware could be used by cybercriminals
for several purposes. These include stealing confidential data, using the computer to carry out
other criminal acts, or causing damage to data.

Phishing

A phishing campaign is when spam emails, or other forms of communication, are sent with the
intention of tricking recipients into doing something that undermines their security. Phishing
campaign messages may contain infected attachments or links to malicious sites, or they may ask
the receiver to respond with confidential information.
A famous example of a phishing scam took place during the World Cup in 2018. According to
our report, 2018 Fraud World Cup , the World Cup phishing scam involved emails that were sent
to football fans. These spam emails tried to entice fans with fake free trips to Moscow, where the
World Cup was being hosted. People who opened and clicked on the links contained in these
emails had their personal data stolen.
Distributed DoS attacks

Distributed DoS attacks (DDoS) are a type of cybercrime attack that cybercriminals use to bring
down a system or network. Sometimes connected IoT (Internet of Things) devices are used to
launch DDoS attacks.

A DDoS attack overwhelms a system by using one of the standard communication protocols it
uses to spam the system with connection requests. Cybercriminals who are carrying out
cyberextortion may use the threat of a DDoS attack to demand money. Alternatively, a DDoS
may be used as a distraction tactic while another type of cybercrime takes place.

A famous example of this type of attack is the 2017 DDoS attack on the UK National Lottery
website. This brought the lottery’s website and mobile app offline, preventing UK citizens from
playing. The reason behind the attack remains unknown, however, it is suspected that the attack
was an attempt to blackmail the National Lottery.

How to protect yourself against cybercrime

Given its prevalence, you may be wondering how to stop cybercrime? Here are some sensible
tips to protect your computer and your personal data from cybercrime:
Keep software and operating system updated
Keeping your software and operating system up to date ensures that you benefit from the latest
security patches to protect your computer.
Use anti-virus software and keep it updated
Using anti-virus or a comprehensive internet security solution.

Use strong passwords

Be sure to use strong passwords that people will not guess and do not record them anywhere. Or
use a reputable password manager to generate strong passwords randomly to make this easier.
Never open attachments in spam emails
A classic way that computers get infected by malware attacks and other forms of cybercrime is
via email attachments in spam emails. Never open an attachment from a sender you do not know.
Do not click on links in spam emails or untrusted websites
Another way people become victims of cybercrime is by clicking on links in spam emails or
other messages, or unfamiliar websites. Avoid doing this to stay safe online.
Do not give out personal information unless secure
Never give out personal data over the phone or via email unless you are completely sure the line
or email is secure. Make certain that you are speaking to the person you think you are.
Contact companies directly about suspicious requests
If you are asked for personal information or data from a company who has called you, hang up.
Call them back using the number on their official website to ensure you are speaking to them and
not a cybercriminal. Ideally, use a different phone because cybercriminals can hold the line open.
When you think you’ve re-dialed, they can pretend to be from the bank or other organization that
you think you are speaking to.
Be mindful of which website URLs you visit
Keep an eye on the URLs you are clicking on. Do they look legitimate? Avoid clicking on links
with unfamiliar or URLs that look like spam. If your internet security product includes
functionality to secure online transactions, ensure it is enabled before carrying out financial
transactions online.
Keep an eye on your bank statements
Spotting that you have become a victim of cybercrime quickly is important. Keep an eye on your
bank statements and query any unfamiliar transactions with the bank. The bank can investigate
whether they are fraudulent.

Effects of Cyber crime/ Impacts of cyber crime (direct and Indirect losses
from cyber crime)

Effect of cybercrime on individual

Modern gadgets and technologies are used by many to store very confidential things and
sensitive information. The secret stuff or infusion can include important documents, photos,
videos, etc. When personal data get leaked, it also affects a person and her/his life. Ransomware
and other cyber-attacks that are done to extort money could end up causing substantial financial
losses to an individual. Once a person has faced a severe problem, they could stop limiting the
use of digital technologies. So he/she will leave out several major benefits of technologies.

Effects of cybercrime on businesses

Cybercrimes usually take place against businesses. Hackers know that there is a lot of money to
be made by attacking businesses. Businesses that face cyber-attacks suffer a lot. There are
several effects of cybercrime on businesses, for example:
• A cybercrime will drop the value of a company, and some businesses may even have to close.
• Businesses will lose their clients after cyber-attacks because they would not be able to trust the
company anymore. So the customers of a business can also lose a lot if the business suffers
security breaches.
• Companies that have looked out on a security breach should give special interest when taking
business loans. They will also have a difficult time more capital for their business.
• When a business be affected by a cyber-attack, it is not seen as a victim. It is seen as guilty, and
its clients are seen as real victims. If customers' sensitive information is leaked in the
cyber-breach, the business might have to pay hefty fines.
• The identity of the brand will be damaged and loss of reputation after a cyberattack. And also,
no one trusts it.
• Businesses like banks may face direct financial loss as hackers could take a lot of money from
an account without ever being caught.
• Damage to financier perception after a security breach can drop the value of a company.
• Businesses may also face raised costs for borrowing and larger difficulty in raising more capital
as a result of a cyberattack.
• Loss of sensitive customer data can result in a charge for companies that have failed to save
their customers' information.

Effects of cybercrimes on national security

Protecting confidential data from a hacker is the essential feature of national security. The hacker
could get information about positions of ground personnel, which would put the foot army of the
country in a vulnerable place. The criminal could gather modern weapons designs that could
wind up being used against the government that designed them. Loss of valuable information
could be detrimental even if the enemy fails to get back it.

What Is Cyberbullying?
Cyberbullying is when someone uses technology to harass, threaten, embarrass, or target another
person. Cyberbullying can occur through SMS, Text, and apps, or online in social media, forums,
or gaming where people can view, participate in, or share content. Cyberbullying includes
sending, posting, or sharing negative, harmful, false, or mean content about someone else. It can
include sharing personal or private information about someone else causing embarrassment or
humiliation. Some cyberbullying crosses the line into unlawful or criminal behavior.

The most common places where cyberbullying occurs are:

● Social Media, such as Facebook, Instagram, Snapchat, and Tik Tok

● Text messaging and messaging apps on mobile or tablet devices
● Instant messaging, direct messaging, and online chatting over the internet
● Online forums, chat rooms, and message boards, such as Reddit
● Email
● Online gaming communities

What is a SQL Injection Attack?

SQL Injection attacks (or SQLi) alter SQL queries, injecting malicious code by exploiting
application vulnerabilities.
Successful SQLi attacks allow attackers to modify database information, access sensitive data,
execute admin tasks on the database, and recover files from the system. In some cases attackers
can issue commands to the underlying database operating system.
Impact of SQL injection on your applications:
● Steal credentials—attackers can obtain credentials via SQLi and then impersonate users
and use their privileges.
● Access databases—attackers can gain access to the sensitive data in database servers.
● Alter data—attackers can alter or add new data to the accessed database.
● Delete data—attackers can delete database records or drop entire tables.
 ● Lateral movement—attackers can access database servers with operating system
privileges, and use these permissions to access other sensitive systems.

How to Prevent SQL injection?

1. Use prepared statements and parameterized queries - Parameterized statements ensure that the
parameters passed into the SQL statements are treated safely.
2. Object-relational mapping - Most development teams prefer to use Object Relational
Mapping frameworks to translate SQL result sets into code objects more seamlessly.
3. Escaping inputs - It is a simple way to protect against most SQL injection attacks. Many
languages have standard functions to achieve this. You need to be aware while using escape
characters in your code base where an SQL statement is constructed.
Some of the other methods used to prevent SQL Injection are:
● Password hashing
● Third-party authentication
● Web application firewall
● Purchase better software
● Always update and use patches
● Continuously monitor SQL statements and database

What Is Identity Theft?

Identity theft is the crime of obtaining the personal or financial information of another person to
use their identity to commit fraud, such as making unauthorized transactions or purchases.
Identity theft is committed in many different ways and its victims are typically left with damage
to their credit, finances, and reputation.

Types of Identity Thefts:

There are various amount of threats but some common ones are :
● Criminal Identity Theft – This is a type of theft in which the victim is charged guilty and
has to bear the loss when the criminal or the thief backs up his position with the false
documents of the victim such as ID or other verification documents and his bluff is
successful.
● Senior Identity Theft – Seniors with age over 60 are often targets of identity thieves. They
are sent information that looks to be actual and then their personal information is gathered for
such use. Seniors must be aware of not being the victim.
● Driver’s license ID Identity Theft – Driver’s license identity theft is the most common form
of ID theft. All the information on one’s driver’s license provides the name, address, and date
of birth, as well as a State driver’s identity number. The thieves use this information to apply
for loans or credit cards or try to open bank accounts to obtain checking accounts or buy cars,
houses, vehicles, electronic equipment, jewelry, anything valuable and all are charged to the
owner’s name.
● Medical Identity Theft – In this theft, the victim’s health-related information is gathered and
then a fraud medical service need is created with fraud bills, which then results in the
victim’s account for such services.
● Tax Identity Theft – In this type of attack attacker is interested in knowing your Employer
Identification Number to appeal to get a tax refund. This is noticeable when you attempt to
file your tax return or the Income Tax return department sends you a notice for this.
● Social Security Identity Theft – In this type of attack the thief intends to know your Social
Security Number (SSN). With this number, they are also aware of all your personal
information which is the biggest threat to an individual.
● Synthetic Identity Theft – This theft is uncommon to the other thefts, thief combines all the
gathered information of people and they create a new identity. When this identity is being
used than all the victims are affected.
● Financial Identity Theft – This type of attack is the most common type of attack. In this, the
stolen credentials are used to attain a financial benefit. The victim is identified only when he
checks his balances carefully as this is practiced in a very slow manner.

DoS vs DDoS
What is a DoS Attack?
A DoS attack is a denial of service attack where a computer is used to flood a server with TCP
and UDP packets.
During this type of attack, the service is put out of action as the packets sent over the network
to overload the server’s capabilities and make the server unavailable to other devices and
users throughout the network. DoS attacks are used to shut down individual machines and
networks so that they can’t be used by other users.
There are a number of different ways that DoS attacks can be used. These include the following:

● Buffer overflow attacks – This type of attack is the most common DOS attack
experienced. Under this attack, the attacker overloads a network address with traffic so
that it is put out of use.
● Ping of Death or ICMP flood – An ICMP flood attack is used to take unconfigured or
misconfigured network devices and uses them to send spoof packets to ping every
computer within the target network. This is also known as a ping of death (POD) attack.
● SYN flood – SYN flood attacks send requests to connect to a server but don’t complete
the handshake. The end result is that the network becomes inundated with connection
requests that prevent anyone from connecting to the network.
● Teardrop Attack – During a teardrop DoS attack, an attacker sends IP data packet
fragments to a network. The network then attempts to recompile these fragments into
their original packets. The process of compiling these fragments exhausts the system and
it ends up crashing. It crashes because the fields are designed to confuse the system so
that it can not put them back together.

What is a DDoS Attack?

A DDoS attack is one of the most common types of DoS attack in use today. During a DDoS
attack, multiple systems target a single system with malicious traffic. By using multiple
locations to attack the system the attacker can put the system offline more easily.
The reason for this is that there is a larger number of machines at the attackers’ disposal and it
becomes difficult for the victim to pinpoint the origin of the attack.
In addition, using a DDoS attack makes it more complicated for the victim to recover. Nine
times out of ten the systems used to execute DDoS attacks have been compromised so that the
attacker can launch attacks remotely through the use of slave computers. These slave computers
are referred to as zombies or bots.
DoS vs DDoS: What’s the Difference?
The key difference between DoS and DDoS attacks is that the latter uses multiple internet
connections to put the victim’s computer network offline whereas the former uses a single
connection. DDoS attacks are more difficult to detect because they are launched from multiple
locations so that the victim can’t tell the origin of the attack. Another key difference is the
volume of attack leveraged, as DDoS attacks allow the attacker to send massive volumes of
traffic to the target network.
It is important to note that DDoS attacks are executed differently to DoS attacks as well. DDoS
attacks are executed through the use of botnets or networks of devices under the control of an
attacker. In contrast, DoS attacks are generally launched through the use of a script or a DoS
tool like Low Orbit Ion Cannon.

Difference between Steganography and Cryptography

1. Steganography:
Steganography is a method in which secret message is hidden in a cover media. Steganography
means covered writing. Steganography is the idea to prevent secret information by creating the
suspicion. Steganography is less popular than Cryptography. In steganography, structure of data
is not usually altered.
The forms of steganography are:
1. Text
2. Audio
3. Video
4. Images
5. Network or Protocol

2. Cryptography:
Cryptography means secret writing. In cryptography, sender does not send message directly to
the receiver, before sending information to the receiver information or plain text is converted into
cipher text by using some encryption algorithm then send to the receiver and receiver decrypt the
cipher text into plain text to read the original information.
It is of two types:
1. Symmetric key cryptography
2. Asymmetric key cryptography
The difference between Steganography and Cryptography:
S.N
O Steganography Cryptography

1. Steganography means covered writing. Cryptography means secret writing.

Steganography is less popular than While cryptography is more popular than

2. Cryptography. Steganography.

Attack’s name in Steganography While in cryptography, Attack’s name

3. is Steganalysis. is Cryptanalysis.

In steganography, structure of data is not While in cryptography, structure of data is

4. usually altered. altered.

While cryptography
Steganography supports Confidentiality and Authenticat
supports Confidentiality and Authenticat ion security principles as well as Data
5. ion security principles. integrity and Non-repudiation.

In steganography, the fact that a secret While in cryptography only secret

6. communication is taking place is hidden. message is hidden.

In steganography, not much mathematical Cryptography involves the use of number

7. transformations are involved. theory, mathematics etc. to modify data

What is a Botnet?

A combination of two words—robot and network—a botnet is a network of

malware-infected computers that can be wholly controlled by a single command and
control center operated by a threat actor. The network itself, which can be composed of
thousands if not hundreds of thousands of computers, is then used to further spread the malware
and increase the size of the network.

How Do Botnets Work?

The malware used to recruit new devices to the botnet is intended to spread itself across the
internet by looking out for vulnerabilities in exposed devices. These devices can range from
 personal computers, to IoT devices such as IP cameras and home routers. Once they have found
an exposed device, they infect it and report back to their command and control center. They are
then tasked with seeking out other similar devices to infect and so the process continues.

Once a device is infected by the malware and recruited to the botnet, it lies in waiting for further
instructions as to what type of attack it is to carry out by its ‘master’. In this sense, while the
botnet lies in waiting, it is known as a ‘zombie network’.

What Are Botnets Used For?

Depending on the malware that is spread, a botnet could have a variety of purposes that is
utilized by the controller of such a network. This could range from information theft to sending
of spam. Botnets can be used by anyone who is able to recruit such an army of infected
computers, but generally they are operated by organized gangs of online criminals for
committing financial fraud.

The types of tasks a botnet malware can be expected to perform are:

● Delivering Theft DDoS Attacks Click Fraud

● Spam Personal & Private Data Bringing down websites Botnets boost ad spend by automatically
clicking on ads.

● Malware Credit Card Details Extortion

● Viruses Banking Details

What is social engineering?

Social engineering is a manipulation technique that exploits human error to obtain private
information or valuable data. In cybercrime, the human hacking scams entice unsuspecting
users to disclose data, spread malware infections, or give them access to restricted systems.
Attacks can occur online, in-person, and by other interactions. Social engineering scams are
based on how people think and act.

Common Examples of Social Engineering Attacks

In no particular order, here are nine common cyber threats that leverage social engineering
tactics to gain access to sensitive information. While most of these attacks occur online, several
can rear their heads in physical spaces like offices, apartment buildings, and cafes.
1. Phishing

The most pervasive way of implementing social engineering, hackers will use
deceptive phishing emails, websites, and text messages to steal sensitive personal or
organizational information from unsuspecting victims. Despite how well-known phishing email
techniques are, 1 in 5 employees still click on those suspicious links

2. Spear Phishing

This email scam is used to carry out targeted attacks against individuals or businesses. Spear
phishing is more intricate than your average mass phishing email, as it requires in-depth research
on potential targets and their organizations

3. Baiting

This type of attack can be perpetrated online or in a physical environment. The cyber criminal
usually promises the victim a reward in return for sensitive information or knowledge of its
whereabouts.

4. Malware

A category of attacks that includes ransomware, victims are sent an urgently worded message
and tricked into installing malware on their device(s). Ironically, a popular tactic is telling the
victim that malware has already been installed on their computer and that the sender will remove
the software if they pay a fee.

5. Pretexting

This attack involves the perpetrator assuming a false identity to trick victims into giving up
information. Pretexting is often leveraged against organizations with an abundance of client data,
like banks, credit card providers, and utility companies.

6. Quid Pro Quo

This attack centers around an exchange of information or service to convince the victim to act.
Normally, cyber criminals who carry out these schemes don’t do advanced target research and
offer to provide “assistance,” assuming identities like tech support professionals.

7. Tailgating:

This attack targets an individual who can give a criminal physical access to a secure building or
area. These scams are often successful due to a victim’s misguided courtesy, such as if they hold
the door open for an unfamiliar “employee.”
8. Vishing

In this scenario, cyber criminals will leave urgent voicemails to convince victims they must act
quickly to protect themselves from arrest or another risk. Banks, government agencies, and law
enforcement agencies are commonly impersonated personas in vishing scams.

9. Water-Holing

This attack uses advanced social engineering techniques to infect a website and its visitors with
malware. The infection is usually spread through a website specific to the victims’ industry, like
a popular website that’s visited regularly.

Cyber Law (IT Law) in India

Cyber Law also called IT Law is the law regarding Information-technology including computers
and the internet. It is related to legal informatics and supervises the digital circulation of
information, software, information security, and e-commerce.
IT law does not consist of a separate area of law rather it encloses aspects of contract, intellectual
property, privacy, and data protection laws. Intellectual property is a key element of IT law. The
area of software license is controversial and still evolving in Europe and elsewhere.
According to the Ministry of Electronics and Information Technology, Government of
India :

Cyber Laws yields legal recognition to electronic documents and a structure to support e-filing
and e-commerce transactions and also provides a legal structure to reduce, check cyber crimes.
Importance of Cyber Law:
1. It covers all transactions over the internet.
2. It keeps eye on all activities over the internet.
3. It touches every action and every reaction in cyberspace.

Advantages of Cyber Law:

● Organizations are now able to carry out e-commerce using the legal infrastructure provided
by the Act.

● Digital signatures have been given legal validity and sanction in the Act.

● It has opened the doors for the entry of corporate companies for issuing Digital Signatures
Certificates in the business of being Certifying Authorities.

● It allows Government to issue notifications on the web thus heralding e-governance.

● It gives authority to the companies or organizations to file any form, application, or any other
document with any office, authority, body, or agency owned or controlled by the suitable
Government in e-form using such e-form as may be prescribed by the suitable Government.
● The IT Act also addresses the important issues of security, which are so critical to the success
of electronic transactions.

● Cyber Law provides both hardware and software security.

Intellectual Property Right

Intellectual property rights are the legal rights that cover the privileges given to individuals who
are the owners and inventors of a work, and have created something with their intellectual
creativity. Individuals related to areas such as literature, music, invention, etc., can be granted
such rights, which can then be used in the business practices by them.
The creator/inventor gets exclusive rights against any misuse or use of work without his/her prior
information. However, the rights are granted for a limited period of time to maintain equilibrium.
Types of Intellectual Property Rights
Intellectual Property Rights can be further classified into the following categories −
● Copyright
● Patent
● Patent
● Trade Secrets, etc.

Advantages of Intellectual Property Rights

Intellectual property rights are advantageous in the following ways −
● Provides exclusive rights to the creators or inventors.
● Encourages individuals to distribute and share information and data instead of keeping it
confidential.
 ● Provides legal defense and offers the creators the incentive of their work.
● Helps in social and financial development.
Intellectual Property Rights in India
To protect the intellectual property rights in the Indian territory, India has defined the formation
of constitutional, administrative and jurisdictive outline whether they imply the copyright, patent,
trademark, industrial designs, or any other parts of the intellectual property rights.
Back in the year 1999, the government passed an important legislation based on international
practices to safeguard the intellectual property rights. Let us have a glimpse of the same −
● The Patents (Amendment) Act, 1999, facilitates the establishment of the mail box system
for filing patents. It offers exclusive marketing rights for a time period of five years.
● The Trade Marks Bill, 1999, replaced the Trade and Merchandise Marks Act, 1958
● The Copyright (Amendment) Act, 1999, was signed by the President of India.
● The sui generis legislation was approved and named as the Geographical Indications of
Goods (Registration and Protection) Bill, 1999.
● The Industrial Designs Bill, 1999, replaced the Designs Act, 1911.
● The Patents (Second Amendment) Bill, 1999, for further amending the Patents Act of
1970 in compliance with the TRIPS.

Offences and Penalties under Information Technology Act, 2000

\
Purpose of Introduction Information Technology Act, 2000 was enacted on 17th May,
2000 to provide legal recognition for electronic transactions and facilitate E-Commerce. It
was later amended by passing Information Technology (Amendment) Act, 2008. The
following are the important objectives of Information Technology Act, 2000 :
1. Grant legal recognition to E-Transactions
2. Provide legal recognition to Digital Signatures for authentication
3. Facilitate E-Filing of data and information
4. Allow Electronic storage of data
5. Grant recognition to maintenance of books of accounts in Electronic Form

Penalties, Compensation and Adjudication under Information Technology Act, 2000

Section 43: Where a person without the permission of owner or any other person-in-charge
damage the Computer, or Computer System, or Computer Network, the he shall be liable for
Penalty and Compensation to such person so affected.
Section 44: Where a person fails to furnish any document, return, report to the controller, or
certifying authority, then he shall be liable to pay penalty upto Rs.1,50,000/- per failure.
Further where a person fails to furnish any information, books or other documents within time
specified, then he shall be liable to pay penalty upto Rs.5,000/- per day. Further provided that
where a person fails to maintain books of accounts or other records, then he shall be liable to
pay penalty upto Rs.10,000/- per day. Offences under Information Technology Act, 2000
Section 65: Any person tamper, conceal, destroy, or alter any computer source document
intentionally, then he shall be liable to pay penalty upto Rs.2,00,000/-, or Imprisonment upto 3
years, or both.
Section 66: Any person dishonestly, or fraudulently does any act as referred in Section 43,
then he shall be liable to pay penalty upto Rs.5,00,000/-, or Imprisonment upto 3 years, or
both.
Section 66B: Any person dishonestly, or fraudulently receives or retains any stolen computer
resource or communication device, then he shall be liable to pay penalty upto Rs.1,00,000/-,
or Imprisonment upto 3 years, or both.
Section 66C: Any person dishonestly, or fraudulently make use of Electronic Signature,
Password or any other Unique Identification Feature of any other person, then he shall be
liable to pay penalty upto Rs.1,00,000/-, or Imprisonment upto 3 years, or both.
Section 66D: Any person dishonestly, or fraudulently by means of any communication device
or computer resource cheats by personating, then he shall be liable to pay penalty upto
Rs.1,00,000/-, or Imprisonment upto 3 years, or both.
Section 66E: Any person intentionally captures, publishes, or transmits image of private area
of any person without consent, then he shall be liable to pay penalty upto Rs.2,00,000/-, or
Imprisonment upto 3 years, or both.
Section 66F: Any person does any act electronically, or with use of computer with intent to
threaten unity, integrity, security, or sovereignty of India, then he shall punishable with
Imprisonment for Life.
Section 67: Any person publishes, or transmits in electronic form any material which appeals
to prurient interest, or if its effect is such as to tend to deprave and coorupt persons who are
likely to read, see, or hear matter contained in it, then he shall be liable to pay penalty upto
Rs.5,00,000/-, or Imprisonment upto 3 years, or both, And in the event of second or
subsequent conviction, he shall be liable to pay penalty upto Rs.10,00,000/-, or Imprisonment
upto 5 years, or both.
Section 67A: Any person publishes, or transmits in electronic form any material which
contains sexually explicit act, or conduct, then he shall be liable to pay penalty upto
Rs.10,00,000/-, or Imprisonment upto 5 years, or both, And in the event of second or
subsequent conviction, he shall be liable to pay penalty upto Rs.10,00,000/-, or Imprisonment
upto 7 years, or both.
Section 68: The Controller may, by order, direct a Certifying Authority or any employee of
such Authority to take such measures or cease carrying on such activities as specified in the
order if those are necessary to ensure compliance with the provisions of this Act, rules or any
regulations made thereunder and if any person who intentionally or knowingly fails to comply
with the order, then he shall be liable to pay penalty upto Rs.1,00,000/-, or Imprisonment upto
2 years, or both.
Section 69: Where the Central Government or a State Government or any of its officers
specially authorized by the Central Government or the State Government, as the case may be,
in this behalf may, if satisfied that it is necessary or expedient so to do, in the interest of the
sovereignty or integrity of India, defense of India, security of the State, friendly relations with
foreign States or public order or for preventing incitement to the commission of any
cognizable offence relating to above or for investigation of any offence, it may with reasons to
be recorded in writing, by order, direct any agency of the appropriate Government to intercept,
 monitor or decrypt or cause to be intercepted or monitored or decrypted any information
generated, transmitted, received or stored in any computer resource, Any person who fails to
comply with the order, then he shall be liable to Imprisonment of 7 years, along with the fine
(amount of fine is not specified in the act).
Section 70: The appropriate Government may, by notification in the Official Gazette, declare
any computer resource which directly or indirectly affects the facility of Critical Information
Infrastructure, to be a protected system, Any person who fails to comply with the notification,
then he shall be liable to Imprisonment of 10 years, along with the fine (amount of fine is not
specified in the act).
Section 71: Whoever makes any misrepresentation to, or suppresses any material fact from
the Controller or the Certifying Authority for obtaining any License or Electronic Signature
Certificate, as the case may be, then he shall be liable to pay penalty upto Rs.1,00,000/-, or
Imprisonment upto 2 years, or both.
Section 72: If any person who has secured access to any electronic record, book, register,
correspondence, information, document or other material without the consent of the person
concerned discloses such electronic record, book, register, correspondence, information,
document or other material to any other person, then he shall be liable to pay penalty upto
Rs.1,00,000/-, or Imprisonment upto 2 years, or both.
Section 72A: If any person who has secured access to any material containing personal
information about another person, with the intent to cause or knowing that he is likely to cause
wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in
breach of a lawful contract, then he shall be liable to pay penalty upto Rs.5,00,000/-, or
Imprisonment upto 3 years, or both.
Section 73: If any person publishes a Electronic Signature Certificate, or make it available to
any other person with the knowledge that Certifying Authority has not issued it, or Subscriber
has not accepted it, or Certificate has been revoked or suspended then he shall be liable to pay
penalty upto Rs.1,00,000/-, or Imprisonment upto 2 years, or both.
Section 74: If any person knowingly creates, publishes, or otherwise makes available
Electronic Signature Certificate for any fraudulent or unlawful purpose, then he shall be liable
to pay penalty upto Rs.1,00,000/-, or Imprisonment upto 2 years, or both.
Section 75: If any person have committed an offence, or contravention committed outside
India, and if the act or conduct constituting the offence or contravention involves a computer,
computer system or computer network located in India, then the provisions of this Act shall
apply also to any offence or contravention committed outside India by any person irrespective
of his nationality.
Section 76: Any computer, computer system, floppies, compact disks, tape drives, or any
other accessories related thereto, in respect of which any provision of this Act, rules, orders,
or regulations made thereunder has been, or is being contravened, shall be liable to
confiscation. However, if it is proved that such resources were not used in committing fraud
then only person in default will be arrested.

Who are Hackers, Crackers, Phreakers?

Hackers
 ● He is the one who is curious about workings of any computer software.
● Very often they are no other than unit of smart programmers.
● They have advanced knowledge of operating system and programming language.
● They require data concerned with variety of security holes, so they can exploit and damage
or steal knowledge.

2. Crackers

● They are the ones who break into different systems with malicious intent.
● They carry out activities like making unauthorized access, destroying necessary
information, stopping services provided by server, etc.
● Crackers can easily be identified because their actions are malicious.

3. Phreakers

● They are the ones who gain illegal access to the telephone system.
● They are considered to be the original computer hackers as they are the ones who break into
telephone system illegally and make long distance calls.
● Phreaker word is a combination of, “Phone” + “Freak”.
● Earlier, Phreakers whistled or used an instrument to mimic tones of phone system operators
to route calls and identify payments to avoid paying for an expensive call. Thus, they
basically attack phone systems to obtain free phone access or using the phone line to
transmit viruses and access, steal and destroy data

What is Cyberstalking?

Cyberstalking is a type of cybercrime that uses the internet and technology to harass or stalk a
person. It can be considered an extension of cyberbullying and in-person stalking. However, it
takes the form of text messages, e-mails, social media posts, and other mediums and is often
persistent, deliberate, and methodical.

Cyberstalking often starts with seemingly harmless interactions that go on to become systematic
in an annoying or frightening manner. Some even find the initial stage of cyberstalking to be
amusing and harmless, but it stops being fun anymore when the interactions do not end even
after the recipient has expressed their displeasure and asked for the interaction to stop.
Bottom of Form

Cyberstalking Examples

Cyberstalkers use a variety of tactics and techniques to humiliate, harass, control, and intimidate
their victims. Many cyberstalkers are technologically savvy as well as creative in their ways.
Here are some examples of how Cyberstalking might take place:
 ● Posting offensive, suggestive, or rude comments online
● Sending threatening, lewd, or offensive emails or messages to the victim
● Joining the same groups and forums as the victim
● Releasing the victim’s confidential information online
● Tracking all online movements of the victim through tracking devices
● Using technology for blackmailing or threatening the victim
● Excessively tagging the victim in irrelevant posts
● Engaging with all online posts made by the victim
● Creating fake profiles on social media to follow the victim
● Posting or distributing real or fake photos of the victim
● Excessively sending explicit photos of themselves to the victim
● Making fake posts intended to shame the victim
● Repeatedly messaging the victim
● Hacking into the victim’s online accounts
● Attempting to extort explicit photos of the victim
● Sending unwanted gifts or items to the victim
● Using hacking tools to get into the victim’s laptop or smartphone camera and secretly
record them
● Continuing harassment even after being asked to stop

Difference between Cyberstalking and Cyberbullying

Here you will know what is cyberbullying and Cyberstalking is and the differences between
them.

In Cyberstalking, the victim is harassed online through electronic communication devices,

instant messaging, social networks, discussion groups, etc., for the purpose of revenge, anger, or
control. A stalker may be a stranger or an acquaintance of the victim.

Cyberbullying is mostly when a child, preteen, or teen is harassed, humiliated, tormented,

threatened, embarrassed, or targeted through the internet, interactive and digital technologies, or
electronic devices by another individual of the same age range. If adults are involved, it is
considered cyber-harassment or Cyberstalking.

Cyberbullying happens in a repeated, deliberate, and hostile manner. It can be as simple as

repeatedly sending emails, texting, or harassing someone. Cyberbullying may involve:

● Repeated public threats

● Hate speech, pejorative labels, or defamatory false accusations
● Sexual remarks
● Ganging up on a victim by ridiculing them in online forums and discussions
 ● Hacking into or vandalizing sites and posting false statements about a victim to discredit
or humiliate them
● Identifying victims of crime personally and publishing content meant to severely defame
or humiliate them
● Posting rumors about the victim online to convince others to dislike or participate in their
online denigration