THREATS PPTX.

1. Virus – They have the ability to replicate themselves by hooking them to the program on the
host computer like songs, videos etc and then they travel all over the Internet. The Creeper
Virus was first detected on ARPANET. Examples include File Virus, Macro Virus, Boot Sector
Virus, Stealth Virus etc.

2. Worms – Worms are also self-replicating in nature but they don’t hook themselves to the
program on host computer. Biggest difference between virus and worms is that worms are
network-aware. They can easily travel from one computer to another if network is available and
on the target machine they will not do much harm, they will, for example, consume hard disk
space thus slowing down the computer.

3. Trojan – Their purpose is to conceal themselves inside the software that seem legitimate and
when that software is executed they will do their task of either stealing information or any other
purpose for which they are designed. 

They often provide backdoor gateway for malicious programs or malevolent users to enter your system
and steal your valuable data without your knowledge and permission. Examples include FTP Trojans,
Proxy Trojans, Remote Access Trojans etc.

4. Bots –: can be seen as advanced form of worms. They are automated processes that are designed to
interact over the internet without the need for human interaction. They can be good or bad. Malicious
bot can infect one host and after infecting will create connection to the central server which will provide
commands to all infected hosts attached to that network called Botnet.

1. Adware – Adware is not exactly malicious but they do breach privacy of the users. They display
ads on a computer’s desktop or inside individual programs. They come attached with free-to-use
software, thus main source of revenue for such developers. They monitor your interests and
display relevant ads. An attacker can embed malicious code inside the software and adware can
monitor your system activities and can even compromise your machine.

2. Spyware – It is a program or we can say software that monitors your activities on computer and
reveal collected information to an interested party. Spyware are generally dropped by Trojans,
viruses or worms. Once dropped they install themselves and sits silently to avoid detection. One
of the most common example of spyware is KEYLOGGER. The basic job of keylogger is to record
user keystrokes with timestamp. Thus capturing interesting information like username,
passwords, credit card details etc.

3. Ransomware – It is type of malware that will either encrypt your files or will lock your computer
making it inaccessible either partially or wholly. Then a screen will be displayed asking for
money i.e. ransom in exchange.
 4. Scareware – It masquerades as a tool to help fix your system but when the software is executed
it will infect your system or completely destroy it. The software will display a message to
frighten you and force to take some action like pay them to fix your system.

5. Rootkits – are designed to gain root access or we can say administrative privileges in the user
system. Once gained the root access, the exploiter can do anything from stealing private files to
private data.

6. Zombies – They work similar to Spyware. Infection mechanism is same but they don’t spy and
steal information rather they wait for the command from hackers.

• Theft of intellectual property means violation of intellectual property rights like copyrights,

patents etc.

• Identity theft means to act someone else to obtain person’s personal information or to access
vital information they have like accessing the computer or social media account of a person by
login into the account by using their login credentials.

• Theft of equipment and information is increasing these days due to the mobile nature of
devices and increasing information capacity.

• Sabotage means destroying company’s website to cause loss of confidence on part of its

customer.

• Information extortion means theft of company’s property or information to receive payment in

exchange. For example ransomware may lock victims file making them inaccessible thus forcing
victim to make payment in exchange. Only after payment victim’s files will be unlocked.

• Technology with weak security – With the advancement in technology, with every passing day a
new gadget is being released in the market. But very few are fully secured and follows
Information Security principles. Since the market is very competitive Security factor is
compromised to make device more up to date. This leads to theft of data/ information from the
devices

• Social media attacks – In this cyber criminals identify and infect a cluster of websites that
persons of a particular organization visit, to steal information.

• Mobile Malware –There is a saying when there is a connectivity to Internet there will be danger
to Security. Same goes for Mobile phones where gaming applications are designed to trap
customer to download the game and unintentionally they will install malware or virus on the
device.

• Outdated Security Software – With new threats emerging everyday, updation in security
software is a prerequisite to have a fully secured environment.

• Corporate data on personal devices – These days every organization follows a rule BYOD. BYOD
means Bring your own device like Laptops, Tablets to the workplace. Clearly BYOD pose a
 serious threat to security of data but due to productivity issues organizations are arguing to
adopt this.

• Social Engineering – is the art of manipulating people so that they give up their confidential
information like bank account details, password etc. These criminals can trick you into giving
your private and confidential information or they will gain your trust to get access to your
computer to install a malicious software- that will give them control of your computer. For
example email or message from your friend, that was probably not sent by your friend. Criminal
can access your friends device and then by accessing the contact list, he can send infected email
and message to all contacts. Since the message/ email is from a known person recipient will
definitely check the link or attachment in the message, thus unintentionally infecting the
computer.

Masquerade – 

A masquerade attack takes place when one entity pretends to be a different entity. A Masquerade
attack involves one of the other forms of active attacks.  If an authorization procedure isn’t always
absolutely protected, it is able to grow to be extraordinarily liable to a masquerade assault. Masquerade
assaults may be performed using the stolen passwords and logins, with the aid of using finding gaps in
programs, or with the aid of using locating a manner across the authentication process.

Modification of messages –

It means that some portion of a message is altered or that message is delayed or reordered to produce
an unauthorized effect. Modification is an attack on the integrity of the original data. It basically means
that unauthorized parties not only gain access to data but also spoof the data by triggering denial-of-
service attacks, such as altering transmitted data packets or flooding the network with fake data.
Manufacturing is an attack on authentication. For example, a message meaning “Allow JOHN to read
confidential file X” is modified as “Allow Smith to read confidential file X”.

Repudiation – 

This attack occurs when the network is not completely secured or the login control has been tampered
with. With this attack, the author’s information can be changed by actions of a malicious user in order to
save false data in log files, up to the general manipulation of data on behalf of others,  similar to the
spoofing of e-mail messages.  

Replay – 

It involves the passive capture of a message and its subsequent transmission to produce an authorized
effect. In this attack, the basic aim of the attacker is to save a copy of the data originally present on that
particular network and later on use this data for personal uses. Once the data is corrupted or leaked it is
insecure and unsafe for the users.

Denial of Service – 
It prevents the normal use of communication facilities. This attack may have a specific target. For
example, an entity may suppress all messages directed to a particular destination. Another form of
service denial is the disruption of an entire network either by disabling the network or by overloading it
with messages so as to degrade performance. 

Passive attacks: A Passive attack attempts to learn or make use of information from the system but does
not affect system resources. Passive Attacks are in the nature of eavesdropping on or monitoring
transmission. The goal of the opponent is to obtain information that is being transmitted. Types of
Passive attacks are as follows: 

• The release of message content

• Traffic analysis

The release of message content – 

Telephonic conversation, an electronic mail message, or a transferred file may contain sensitive or
confidential information. We would like to prevent an opponent from learning the contents of these
transmissions. 

Traffic analysis –

Suppose that we had a way of masking (encryption) information, so that the attacker even if captured
the message could not extract any information from the message.

The opponent could determine the location and identity of communicating host and could observe the
frequency and length of messages being exchanged. This information might be useful in guessing the
nature of the communication that was taking place.

The most useful protection against traffic analysis is encryption of SIP traffic. To do this, an attacker
would have to access the SIP proxy (or its call log) to determine who made the call.

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it
inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or
sending it information that triggers a crash. In both instances, the DoS attack deprives legitimate users
(i.e. employees, members, or account holders) of the service or resource they expected

MOVING TO IS SECURITY

SolarWinds Hack

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian
government penetrated thousands of organizations globally including multiple parts of the United States
federal government, leading to a series of data breaches. More than 18,000 SolarWinds customers
installed the malicious updates, with the malware spreading undetected. Through this code, hackers
accessed SolarWinds's customer information technology systems, which they could then use to install
even more malware to spy on other companies and organizations.
Kaseya attack

international headquarters is in Dublin, Ireland, and the company has a US headquarters in Miami,
Florida. The vendor maintains a presence in 10 countries. 

Kaseya provides IT solutions including VSA, a unified remote-monitoring and management tool for
handling networks and endpoints. In addition, the company provides compliance systems, service desks,
and a professional services automation platform. The firm's software is designed with enterprises and
managed service providers (MSPs) in mind, and Kaseya says that over 40,000 organizations worldwide
use at least one Kaseya software solution. As a provider of technology to MSPs, which serve other
companies, Kaseya is central to a wider software supply chain. attack was triggered via an authentication
bypass vulnerability in the Kaseya VSA web interface. According to the cybersecurity firm, this allowed
the attackers to circumvent authentication controls, gain an authenticated session, upload a malicious
payload, and execute commands via SQL injection, achieving code execution in the process. 

Cloud

Exploitation of Microsoft’s Open Management Infrastructure (OMI) software agents embedded within
Azure VMs could have enabled attacks against up to 65% of Azure customers until it was patched.

OMIGOD was not the only security issue discovered in Azure in 2021. The ChaosDB vulnerability
discovered in August provided complete control over Azure Cosmos DB clients’ cloud resources through
a compromised key. Azurescape targeted Azure’s Container as a Service (CaaS) offering and enabled
exploitation of other customers’ Kubernetes clusters within the same public cloud services. While
Azurescape was patched before it was exploited, the potential fallout could have been significant.

. Mobile devices introduce new security risks (Pegasus, Predator, FluBot Android botnet)

The upswing in mobile device usage has also made cyberespionage tools like Pegasus more effective and
dangerous. Developed by the NSO Group, the malware uses several zero-click exploits to gain access to
target devices before taking them over and collecting data from various sources (texts, phone, email,
etc.). Pegasus is officially available only to governments, law enforcement, etc. but has a history of being
abused to target journalists, activists, government officials, and business executives. Inspired by
Pegasus’s success, Cytrox, a North Macedonian country, now offers a similar tool called Predator, and
this threat is likely to spread to common cyber threat actors as well

CLOUD COMPUTING TS

The GoldenEye ransomware is a combination of two attack strategies. First, two viruses get downloaded
together. These are called Mischa and Petya. Second, like all ransomware, these viruses encrypt data
and then demand a payment to get the decryption key.

Documents submitted in a court case involving Apple revealed that the XcodeGhost malware

discovered in 2015 impacted 128 million iOS users. XcodeGhost is a piece of malware designed to inject
malicious code into iOS and OS X applications through rogue versions of Xcode, Apple’s integrated
development platform for creating iOS and macOS software. The attackers had delivered the rogue
Xcode via third-party websites aimed at Chinese developers.

When the malware was first discovered, cybersecurity companies and independent
researchers spotted more than 4,000 iOS applications that had been compromised by XcodeGhost. No
malicious OS X apps were seen in the wild.

The malicious iOS apps allowed attackers to collect information about the hacked devices and open
arbitrary URLs. However, the malware did not appear to target sensitive user information from devices.

Apple at the time removed the malicious applications from the App Store and provided information for
developers on how to determine if the version of Xcode they were using was legitimate.

The regulatory compliance dashboard provides insight into your compliance posture for a set of
supported standards and regulations, based on continuous assessments of your Azure environment.

BLOCK CHAIN TS

Phishing attacks

Phishing is a scamming attempt to attain a user's credentials. Fraudsters send wallet key owners emails
designed to look as though they're coming from a legitimate source. The emails ask users for their
credentials using fake hyperlinks. Having access to a user's credentials and other sensitive information
can result in losses for the user and the blockchain network.

Routing attacks

Blockchains rely on real-time, large data transfers. Hackers can intercept data as it's transferring to
internet service providers. In a routing attack, blockchain participants typically can't see the threat, so
everything looks normal. However, behind the scenes, fraudsters have extracted confidential data or
currencies.

Sybil attacks

In a Sybil attack, hackers create and use many false network identities to flood the network and crash
the system. Sybil  refers to a famous book character diagnosed with a multiple identity disorder.

51% attacks

Mining requires a vast amount of computing power, especially for large-scale public blockchains. But if a
miner, or a group of miners, could rally enough resources, they could attain more than 50% of a
blockchain network's mining power. Having more than 50% of the power means having control over the
ledger and the ability to manipulate it.

Note: Private blockchains are not vulnerable to 51% attacks.

When establishing a private blockchain, ensure that it's deployed in a secure, resilient infrastructure.
Poor underlying technology choices for business needs and processes can lead to data security risks
through their vulnerabilities.

Consider business and governance risks. Business risks include financial implications, reputational
factors and compliance risks. Governance risks emanate primarily from blockchain solutions'
decentralized nature, and they require strong controls on decision criteria, governing policies, identity
and access management.

Blockchain security is about understanding blockchain network risks and managing them. The plan to
implement security to these controls makes up a blockchain security model. Create a blockchain security
model to ensure that all measures are in place to adequately secure your blockchain solutions.

To implement a blockchain solution security model, administrators must develop a risk model that can
address all business, governance, technology and process risks. Next, they must evaluate the threats to
the blockchain solution and create a threat model. Then, administrators must define the security
controls that mitigate the risks and threats based on the following three categories:

• Enforce security controls that are unique to blockchain

• Apply conventional security controls

• Enforce business controls for blockchain

IBM Blockchain services and consulting can help you design and activate a blockchain network that
addresses governance, business value and technology needs while assuring privacy, trust and security.

BIG DATA THREATS

Big Data Defined

 
Big Data is essentially a special application of data science, in which the data sets are enormous and
require overcoming logistical challenges to deal with them. The primary concern is efficiently capturing,
storing, extracting, processing, and analyzing information from these enormous data sets.

Processing and analysis of these huge data sets is often not feasible or achievable due to physical and/or
computational constraints. Special techniques and tools (e.g., software, algorithms, parallel
programming, etc.) are therefore required.

Big Data is the term that is used to encompass these large data sets, specialized techniques, and
customized tools. It is often applied to large data sets in order to perform general data analysis and find
trends, or to create predictive models.

While it is practically impossible to build a full-proof Big Data system, there are certain preventive
measures which can effectively alleviate data breaches to a great deal. Following a set of best practices
can be the most logical tactic to mitigate potential security risks to your Big Data implementation.
Let’s take a look at some of the most important data security best practices that can reduce the risks
associated with analyzing a massive amount of data.

1. Protect Authentication Gateways

Weak authentication mechanism is one of the most common factors that contribute towards data
breaches. Exposing the vulnerabilities present in user authentication function, a hacker can potentially
gain access to sensitive data. Flawed implementation of user authentication process must be prevented
at the design stage. Ensure that there is no broken authentication tokens which can be exploited by any
unauthorized users.

2. Employ Principle of Least Privilege

You should ideally maintain a tiered access control and implement principle of least privilege (PoPL). It
advocates limiting user access to the minimal level that will allow normal functioning. In other words,
you should give a user only those privileges which are essential for that user to take care of his/her
responsibilities. It would prevent unethical IT specialists from indulging in unlawful data mining
activities.

3. Make Use of Retrospective Attack Simulation:

Not all organizations can build in-house infrastructure to support Big Data initiatives due to financial
constraints. If your Big Data project relies on a third-party cloud-based (public or private) solution, then
reflective attack simulation can be used to find vulnerabilities with the third-party application hosted on
the cloud. If the attack succeeds, then you should investigate the issue further to find a permanent
resolution. Retrospective simulation would help you to identify probable weaknesses in the system
before a genuine hacker tries to exploit the vulnerability.

4. Use Latest Antivirus Protection:

Multiple antivirus vendors have come up with security solutions that are specifically targeted towards
Big Data initiatives. So always protect your Big Data environment with the latest Antivirus suite. Make
sure that the updates and patches are installed as soon as they are made available by the manufacturer.

5. Schedule Periodic Audits:

Big Data is an emerging market and the technologies are constantly evolving, making it difficult for the
existing security solutions to keep up with the increasing demand. Periodic audits will help you to
identify new vulnerabilities as they make their presence felt. Thus you can realign your security
compliance with the current security standards.

Terrorists are highly trained, well-equipped and financially strong. This implies that to win an encounter
with Cyber terror, security agencies should use Big Data to leverage predictive analytics. Huge amounts
of data is gathered on potential terrorist behaviour  from various data sources that include data on
involvement in extreme online conversations, unusual purchases, moving in conflicted regions,
connecting with other extremist dispositions, etc. . Security and intelligence agencies are leveraging
analytics in real-time to identify data patterns across disparate systems by linking these different and
unusual behaviours.
Security firms are using several innovative data visualization and data mining technologies to identify
data patterns from the big data to flush out cyber spies, terrorists and hackers. These firms are trying to
make the best use of big data and data science technologies to detect fraudulent and many other
suspicious criminal activities by identifying suspicious behaviour patterns to identify threats that are
likely to happen.

If you can get your arms around a big enough set of data, you’ll always find something in there. It’s not
unreasonable to think that the more data you can get access to that you might discover something of
predictive value.”- said Fred Cate, director of the Centre for Applied Cyber Security Research

1. Big Data System in Abu Dhabi to prevent Terrorism

In Abu Dhabi, top security experts have presented a novel security concept through the development of
a big data system to Abu Dhabi Autonomous Systems Investments, Tawazum Company. The big data
system would screen the entire data that flows into the databases of government authorities which can
then be used to prevent any kind of cybercrime or terrorist activities. These big data systems apply a
statistical data model and filter the data accordingly. Australia, US and UK are already using this big data
system. Such systems help the government assess the feelings of the population about any kind of a
social media issues. There are several opposition groups that use social media to organize protests and
terror attacks which can be prevented by introducing this kind of a big data system in UAE.

2. Use of Tableau Software to identify Terrorism

Tableau data visualization tool is used by The Institute for the Study of Violent Groups to scan 10 years’
worth of data on individuals and groups engaged in extremism, trans-national crime and terrorism.
Officials generates various reports every week using Tableau and sends them to the governments
defense officials worldwide to detect any suspicious and unusual data patterns.

“We can slice and dice the data instantly and answer questions that we never thought to ask before.
Knowing patterns and characteristics of the major terrorist’s camps has helped defense officials make
decisions that have saved lives.”-said John Hitzeman, the institute’s IT and analysis coordinator

3. European Government develops POLE Data Model to Store and Record Incidents

A big data solution has been developed that works on the POLE (Person, Object ,Location and Event
based) data model for storing and recording suspicious entities and incidents. The recorded people
(entities) in the system can be linked to various other events or people many number of times to build a
network of associations and keep track of suspicious people. This data can be retrieved and updated
quickly in real time.

4. Use of Machine Learning and Analytics to predict Online Fraud

The cyber security arm RSA of the US big data company EMC uses machine learning and advanced big
data analytics methodologies to prevent online fraud. They have detected approximately 500, 000
attacks in 8 years – half of which were identified in 2012 alone. RSA’s Israeli operation moved away from
the rule based fraud detection system in favour of a more self-improving method that uses data science-
led methodologies reinforced by Bayesian inferencing.
Every time any RSA client makes a transaction through online banking option-20 factors are stored in the
Anti-Fraud Command Centre (AFCC) database. All these 20 factors are then pooled with 150 fraud risk
features where each risk feature is a combination of 2 or more of the recorded 20 factors. For instance,
a combination of MAC address and IP address can better predict the fraudulency than just the IP
address. All these risk features are combined to form groups with Bayesian predictors depending on the
patterns in which they indicate fraudulent activity.

Detica – the data intelligence arm of BAE Systems in UK also implements similar technology to identify
any kind of advanced tenacious threats by using various data science technologies which had gone
unnoticed earlier.

5. University of Maryland develops algorithm to predict attacks

University of Maryland implemented analytic technologies similar to the data mining analytics
algorithms used by Amazon to predict customer behavior. Computational analysis of Terrorist Group
mined data on 770 variables by extracting 20 years of activities.

By using the monthly data on 770 variables, security agencies could identify various factors like what are
the different types of terror strikes in various geopolitical situations, identifying the factors responsible
for the frequent occurrence of attacks, how the terrorist group chooses their attack locations, etc. This
registered project developed by Laboratory for Computational Cultural Dynamics (LCCD) at University of
Maryland along with another project Temporal Probabilistic Rule system received a funding of $600,000
from the defense department.

6. Microsoft uses powerful Data Mining Systems to identify Security Threats

Researchers at Microsoft have developed custom built data mining system that culls approximately one
million malicious files, 320 million early warning reports and 250 million threat reports that are sent by
various organizations running Windows network. The analysts at Microsoft categorize and prioritize the
most prevailing threats. This information is then shared with antivirus partners namely McAfee and
Symantec. This helps Microsoft analyze and combat cybercrime.

The major areas to focus on, to counter terrorism – are adopting advanced analytics and data science
technologies for real time analytics, sharing data in a responsible way and using the analytics to take
actionable insights from the huge amounts of data produced. Following these steps can help security
agencies and other intelligence firms track online fraud, cybercrime and terrorist activities online and
offline.