Information Security Analysis and Audit

(CSE3501)

FALL Semester 2021-22

Dr. Aju D VIT - Vellore

 Common Cyber Attacks


Ransomware attacks

IoT attacks

Cloud attacks

Phishing attacks

Blockchain and cryptocurrency attacks

Software vulnerabilities

Machine learning and AI attacks

BYOD policies

Insider attacks

Outdated hardware

Security Challenges
 Common Cyber Attacks
Ransomware Attacks


Ransomware attacks involve hacking into a user’s data and preventing
them from accessing it until a ransom amount is paid.

Ransomware attacks have become popular in the last few years and
pose one of India’s most prominent Cyber Security challenges in 2020.

According to the Cyber Security firm Sophos, about 82% of Indian
organizations were hit by ransomware in the last six months.

With most ransomware attacks, the attackers don’t release the data even
after the payment is made and instead try to extort more money.

Security Challenges
 Common Cyber Attacks
IOT Attacks

IoT devices are computing, digital, and mechanical devices that can
autonomously transmit data over a network.


Examples of IoT devices include desktops, laptops, mobile phones, smart
security devices, etc.


As the adoption of IoT devices is increasing at an unprecedented rate, so
are the challenges of Cyber Security.


Attacking IoT devices can result in the compromise of sensitive user data.


According to IoT Analytics, there will be about 11.6 billion IoT devices by
2021.

Security Challenges
 Common Cyber Attacks
Cloud Attacks


Most of us today use cloud services for personal and professional needs.


Hacking cloud-platforms to steal user data is one of the challenges in
Cyber Security for businesses.


The infamous iCloud hack, which exposed private photos of celebrities.


If such an attack is carried out on enterprise data, it could pose a massive
threat to the organization and maybe even lead to its collapse.

Security Challenges
 Common Cyber Attacks
Phishing Attacks


Phishing is a type of social engineering attack often used to steal user
data, including login credentials and credit card numbers.

Unlike ransomware attacks, the hacker, upon gaining access to
confidential user data, doesn’t block it.

Instead, they use it for their own advantages, such as online shopping
and illegal money transfer.

Phishing attacks are prevalent among hackers as they can exploit the
user’s data until the user finds out about it.

Security Challenges
 Common Cyber Attacks
Blockchain & Cryptocurrency Attacks


While blockchain and cryptocurrency might not mean much to the
average internet user, but, these technologies are a huge deal for
businesses.

Attacks on these frameworks pose considerable challenges in Cyber
Security for businesses as it can compromise the customer data and
business operations.

Security Challenges
 Common Cyber Attacks
Software Vulnerabilities

Even the most advanced software has some vulnerability that might pose
significant challenges to Cyber Security in 2020.

Individuals and enterprises don’t usually update the software on these
devices as they find it unnecessary.

Updating your device’s software with the latest version should be a top
priority.

An older software version might contain patches for security vulnerabilities
that are fixed by the developers in the newer version.

These attacks are usually carried out on a large number of individuals, like
the Windows zero-day attacks.
Security Challenges
 Common Cyber Attacks
Machine Learning & AI Attacks

While Machine Learning and Artificial Intelligence technologies have proven
highly beneficial for massive development in various sectors, it has its
vulnerabilities as well.

These technologies can be exploited by unlawful individuals to carry out
cyberattacks and pose threats to businesses.

These technologies can be used to identify high-value targets among a
large dataset. Machine Learning and AI attacks are another big concern in
India.

A sophisticated attack might prove to be too difficult to handle due to the
lack of Cyber Security expertise in our country.
Security Challenges
 Common Cyber Attacks
BOYD Policies


Most organizations have a Bring-Your-Own-Device policy for their employees.

If the device is running an outdated or pirated version of the software, it is already
an excellent medium for hackers to access.

Since the method is being used for personal and professional reasons, hackers can
easily access confidential business data.

These devices make it easier to access your private network if their security is
compromised.

Thus, organizations should let go of BYOD policies and provide secure devices to
the employees, as such systems possess enormous challenges of Computer
Security and network compromise.

Security Challenges
 Common Cyber Attacks
Insider Attacks

While most challenges of Cyber Security are external for businesses, there
can be instances of an inside job.

Employees with malicious intent can leak or export confidential data to
competitors or other individuals.

This can lead to huge financial and reputational losses for the business.

These challenges of Computer Security can be negated by monitoring the
data and the inbound and outbound network traffic.

Installing firewall devices for routing data through a centralized server or
limiting access to files based on job roles can help minimize the risk of
insider attacks.
Security Challenges
 Common Cyber Attacks
Outdated Hardware


Not all challenges of Cyber Security come in the form of software attacks.

With software developers realizing the risk of software vulnerabilities,
they offer a periodic update.

However, these new updates might not be compatible with the hardware
of the device.

This is what leads to outdated hardware, wherein the hardware isn’t
advanced enough to run the latest software versions.

This leaves such devices on an older version of the software, making
them highly susceptible to cyberattacks.

Security Challenges
 Types of Security Attacks


Virus


Worms


Trojan

Security Attacks
 Types of Security Attacks: Virus

• Virus is a malicious program able to inject its code into other programs /
applications or data files and the targeted areas become "infected".
• Installation of a virus is done without user's consent, and spreads in form
of executable code transferred from one host to another.


Resident virus 
Polymorphic virus

Non-resident virus 
Metamorphic virus

Boot sector virus 
Stealth virus

Macro virus 
Companion virus

File-infecting virus (file infector) 
Cavity virus
 Types of Security Attacks: Worm

• Worm is a malicious program category, exploiting operating system

vulnerabilities to spread itself.

• In its design, worm is quite similar to a virus - considered even its sub-
class.

• Unlike the viruses though worms can reproduce / duplicate and spread
by itself.
 Types of Security Attacks: Worm

Types of Worms

The most common categorization of worms relies on the method how they
spread.

Email worms: Spread through email messages, especially through those

with attachments.

Internet worms: Spread directly over the internet by exploiting access to

open ports or system vulnerabilities.

Network worms: Spread over open and unprotected network shares.

Multi-vector worms: Having two or more various spread capabilities.

 Trojans

• Computer Trojan or Trojan Horses are named after the

mythological Trojan horse owing to their similarity in operation
strategy.

• Trojans are a type of malware software that masquerades itself as

a non-malicious even useful application but it will actually do
damage to the host computer after its installation.

• Unlike virus, Trojans do not self-replicate unless end user

intervene to install.
 Trojans: Types

Remote Access Trojans (RAT) aka Backdoor.Trojan

Trojan-DDoS

Trojan-Proxy

Trojan-FTP

Destructive Trojan

Security Software Disabler Trojan

Info Stealer (Data Sending/ Stealing Trojan)

Keylogger Trojan

Trojan-PSW (Password Stealer)

Trojan-Banker

Trojan-IM,.. etc..
 Other Security Threats
Malware

• Malware refers to software viruses, spyware, adware, worms,

Trojans, ransomeware etc.

• They are designed to cause damage to a targeted computer or

cause a certain degree of operational disruption.

Rootkit

• Rootkit are malicious software designed to hide certain

processes or programs from detection.
 Other Security Threats
Spyware

• Spyware is a software that monitors and collects information

about a particular user, computer or organization without user’s
knowledge.

• There are different types of spyware, namely system monitors,

trojans (keyloggers, banker trojans, inforstealers), adware,
tracking cookies etc.

Tracking cookies

• Tracking cookies
 Other Security Threats

Riskware

• Riskware is a term used to describe potentially dangerous

software whose installation may pose a risk to the
computer.

Adware

• Adware in general term adware is software generating or

displaying certain advertisements to the user.
 Other Security Threats
Creepware


Creepware is a term used to describe activities like spying others
through webcams (very often combined with capturing pictures),
tracking online activities of others and listening to conversation over
the computer's microphone and stealing passwords and other data.

Blended threat

• Blended threat defines an exploit that combines elements of

multiple types of malware components.
 Network Attacks


Network attack is usually defined as an intrusion on
the network infrastructure that will first analyze the
environment and collect information in order to exploit
the existing open ports or vulnerabilities.

This may include unauthorized access to organization
resources.
 Network Attacks
Characteristics of network attacks
 Passive attacks: they refer to attack where the
purpose is only to learn and get some information
from the system, but the system resources are not
altered or disabled in any way.
 Active attacks: in this type of network attack, the
perpetrator accesses and either alters, disables or
destroys resources or data.
 Outside attack: when attack is performed from
outside the organization by unauthorized entity it is
said to be an outside attack.
 Network Attacks

Characteristics of network attacks:

• Inside attack: if an attack is performed from
within the company by an "insider" that already
has certain access to the network it is considered
to be an inside attack.
• Others such as end users targeted attacks (like
phishing or social engineering): these attacks are
not directly referred to as network attacks, but are
important to know due to their widespread
occurrences.
 What types of attack are there?

Spear Watering
Social Phishing Social
phishing hole
engineering attack phishing
attack attack
Vishing (voice
Port Network
Whaling phishing or Spoofing
VoIP phishing scanning sniffing

DoS attack ICMP Smurf Buffer Man-in-the

& DDoS Denial of overflow Botnet middle
attack service attack attack
Session Cross-side SQL Bluetooth
hijacking scripting attack injection related
attack (XSS attack) attack attacks