Cyber Security

&

Digital Forensics

Dr. Smitha Rajagopal

 Cloud computing
 Soft computing
 Machine learning
 Cyber security
 Big data

PhD (MAHE, Manipal)

Cloud platforms : AWS and Azure Research
publications in IEEE Access, Security and
Communication Networks (Q1 journals)

smitha.research1012@gmail.com

2
•Importance of Cyber Security
•Types of Cyber attacks
•CIA triad
•Firewalls
•IDS
•IPS
•Cognitive Cyber Security
•Web application security
•Attack life cycle
•Career prospects in Cyber security : The path forward
•Certifications
 Digital forensics is a branch of forensic
science encompassing the recovery,
investigation, examination and analysis of
material found in digital devices, often in
relation to mobile devices and computer
crime.
 To put it simply, within the world of
information and digital security, cyber security
focuses on preventing data breaches, and
cyber forensics handles what happens after a
breach occurs.

 Cyber security personnel evaluates systems on

what protective measures it needs, while
someone in digital forensics looks for how a
hacker gained access.
Information Systems Audit and Control Association (ISACA), Illinois, United States
•95% of cybersecurity breaches are caused by human error.
•The worldwide information security market is forecast to reach $170.4 billion in 2022.
•88% of organizations worldwide experienced spear phishing attempts in 2019.
•68% of business leaders feel their cybersecurity risks are increasing.
•On average, only 5% of companies’ folders are properly protected.
•Data breaches exposed 36 billion records in the first half of 2020.
•(86% of breaches were financially motivated and 10% were motivated by espionage.
•45% of breaches featured hacking, 17% involved malware and 22% involved phishing.
•Between January 1, 2005, and May 31, 2020, there have been 11,762 recorded breaches.
•The top malicious email attachment types are .doc and .dot which make up 37%, the next
highest is .exe at 19.5%.
•An estimated 300 billion passwords are used by humans and machines worldwide.
 Cybersecurity is the practice of protecting critical
systems and sensitive information from digital
attacks. Also known as information technology (IT)
security, Cybersecurity measures are designed to
combat threats against networked systems and
applications and those threats may originate from
inside or outside of any organization.
 Too many users exchange information

 Every individual holds the right to his/her

own privacy

 The dark web can cause serious damage

 Need arises to protect data from hackers

 Immense growth of IOT devices

 Cybercrime is criminal activity that either
targets or uses a computer, a computer
network or a networked device.
 WannaCry, Marcus Hutchins (British researcher)

12
https://www.informationisbeautiful.net/visualizations/worlds-biggest-
data-breaches-hacks/

13
 SQL injection is a code injection technique that might destroy
your database.
 SQL injection is one of the most common web hacking
techniques.
 SQL injection is the placement of malicious code in SQL
statements, via web page input.
 Cross-Site Scripting (XSS) attacks are a type of injection, in which
malicious scripts are injected into otherwise benign and trusted
websites. XSS attacks occur when an attacker uses a web
application to send malicious code, generally in the form of a
browser side script, to a different end user.
 The IPS often sits directly behind the firewall and provides a
complementary layer of analysis that negatively selects for dangerous
content.
 Unlike its predecessor the Intrusion Detection System (IDS)—which is a
passive system that scans traffic and reports back on threats—the IPS is
placed inline (in the direct communication path between source and
destination), actively analyzing and taking automated actions on all
traffic flows that enter the network. Specifically, these actions include:

 Sending an alarm to the administrator (as would be seen in an IDS)

 Dropping the malicious packets
 Blocking traffic from the source address
 Resetting the connection
Preventing data from unauthorized access (C)

Accuracy, consistency and trustworthiness of data (I)

Information should be accessible to authorized parties

always on demand (A)
 Threats have the potential to steal or damage data, disrupt business, or create harm
in general.
 Intentional threats: Things like malware, ransomware, phishing, malicious code,
and wrongfully accessing user login credentials are all examples of intentional
threats. They are activities or methods bad actors use to compromise a security or
software system.
 Unintentional threats: Unintentional threats are often attributed to human error.
For example, let’s say you forgot to lock the back door before leaving for work. While
you’re at the office, a thief seizes the opportunity to sneak into your home and steal
your valuables. Even though you didn’t mean to leave the door unlocked, the thief
took advantage of your home’s vulnerability. In the Cybersecurity industry, someone
might leave the door to the IT servers unlocked or leave sensitive information
unmonitored. An employee could forget to update their firewall or anti-virus
software. Current and even former employees may also have unnecessary access to
sensitive data, or simply be unaware of the threats. (Which is why employee training
is so important.)
 Natural threats: While acts of nature (floods, hurricanes, tornadoes, earthquakes,
etc.) aren’t typically associated with Cybersecurity, they are unpredictable and have
the potential to damage your assets.
 Vulnerability refers to a weakness in your
hardware, software, or procedures. It’s a gap
through which a bad actor can gain access to
your assets. In other words, threats exploit
vulnerabilities.
 Cyber risk is the intersection of assets,
threats, and vulnerabilities. It’s the potential
for loss, damage, or destruction of an asset
when a threat takes advantage of a
vulnerability.

 Threats + Vulnerability = Risk

 A WAF or Web Application Firewall helps
protect web applications by filtering and
monitoring HTTP traffic between a web
application and the Internet. It typically
protects web applications from attacks such as
cross-site-scripting (XSS) and SQL injection
among others.
26
 As cyber attacks increase in scale and
complexity, artificial intelligence (AI) helps
resource-intensive security operations and
analysts stay ahead of the threat.
 Artificial intelligence is changing the game by
analyzing vast amounts of risk data to accelerate
response times and expand the capacities of
underfunded security operations.
 AI has the potential to add value not only to an
organization’s operations, but also to human
functions associated with monitoring, detecting,
and responding to threats.
 Social engineering is a manipulation technique that
exploits human error to gain private information, access,
or valuables.

 The attack cycle gives these criminals a reliable process

for deceiving you. Steps for the social engineering attack
cycle are usually as follows:
 Prepare by gathering background information on you or a
larger group you are a part of.
 Infiltrate by establishing a relationship or initiating an
interaction, started by building trust.
 Exploit the victim once trust and a weakness are
established to advance the attack.
 Disengage once the user has taken the desired action.
 Phishing attackers pretend to be a trusted
institution or individual in an attempt to persuade
you to expose personal data and other valuables.
 Attacks using phishing are targeted in one of two
ways:
 Spam phishing, or mass phishing, is a widespread
attack aimed at many users. These attacks are
non-personalized and try to catch any
unsuspecting person.
 Spear phishing and by extension, whaling , use
personalized info to target particular users.
Whaling attacks specifically aim at high-value
targets like celebrities, upper management, and
high government officials.
30
 A Denial-of-Service (DoS) attack is an attack meant to shut down
a machine or network, making it inaccessible to its intended
users

 A distributed denial-of-service (DDOS) attack occurs when

multiple machines are operating together to attack one target.
DDOS attackers often leverage the use of a botnet—a group of
hijacked internet-connected devices to carry out large scale
attacks.

 Attackers take advantage of security vulnerabilities or device

weaknesses to control numerous devices using command and
control softwares. Once in control, an attacker can command
their botnet to conduct DDOS on a target. In this case, the
infected devices are also victims of the attack.
 Certified Information Systems Security Professional (CISSP)
 Certified Information Systems Auditor (CISA)
 Certified Information Security Manager (CISM)
 Security+
 Certified Ethical Hacker (CEH)
 GIAC Security Essentials Certification (GSEC)
 Systems Security Certified Practitioner (SSCP)
 CompTIA Advanced Security Practitioner (CASP+)
 GIAC Certified Incident Handler (GCIH)
 Offensive Security Certified Professional (OSCP)

https://www.coursera.org/articles/popular-cybersecurity-certifications
 GIAC Certified Forensic Examiner (GCFE)
 GIAC Certified Forensic Analyst (GCFA)
 GIAC Reverse Engineering Malware (GREM)
 GIAC Network Forensic Analyst (GNFA)
 GIAC Advanced Smartphone Forensics (GASF)
 GIAC Cyber Threat Intelligence (GCTI)