This document discusses cyber safety and security. It begins by defining cybercrime and dividing it into three categories: crimes where the computer is the target, where it is used as a weapon, and where it is an accessory. It then discusses the types of cybercrime including property, individual, and government crimes. The document outlines some key Indian cybercrime laws and penalties. It provides examples of recent major cyber attacks in India, and concludes by listing 10 basic steps for cyber safety and security such as user education, incident management, and malware prevention.
This document discusses cyber safety and security. It begins by defining cybercrime and dividing it into three categories: crimes where the computer is the target, where it is used as a weapon, and where it is an accessory. It then discusses the types of cybercrime including property, individual, and government crimes. The document outlines some key Indian cybercrime laws and penalties. It provides examples of recent major cyber attacks in India, and concludes by listing 10 basic steps for cyber safety and security such as user education, incident management, and malware prevention.
This document discusses cyber safety and security. It begins by defining cybercrime and dividing it into three categories: crimes where the computer is the target, where it is used as a weapon, and where it is an accessory. It then discusses the types of cybercrime including property, individual, and government crimes. The document outlines some key Indian cybercrime laws and penalties. It provides examples of recent major cyber attacks in India, and concludes by listing 10 basic steps for cyber safety and security such as user education, incident management, and malware prevention.
Class: XII Section: B Roll No.:31 CONTENTS: ● What is Cyber Crime? ● Types of Cyber Crime ● Cyber Crime laws in India ● Cyber attacks in India ● Basic Steps to Cyber Safety and Security What is Cyber Crime? Cybercrime is any criminal activity that involves a computer, networked device or a network. While most cybercrimes are carried out in order to generate profit for the cybercriminals, some cybercrimes are carried out against computers or devices directly to damage or disable them. Others use computers or networks to spread malware, illegal information, images or other materials. Cybercrime is divided into three categories: ● crimes in which the computing device is the target -- for example, to gain network access; ● crimes in which the computer is used as a weapon -- for example, to launch a denial-of-service (DoS) attack; and ● crimes in which the computer is used as an accessory to a crime -- for example, using a computer to store illegally obtained data. Types of Cyber Crime Property: This is similar to a real-life instance of a criminal illegally possessing an individual’s bank or credit card details. The hacker steals a person’s bank details to gain access to funds, make purchases online or run phishing scams to get people to give away their information. They could also use a malicious software to gain access to a web page with confidential information. Individual: This category of cybercrime involves one individual distributing malicious or illegal information online. This can include cyberstalking, distributing pornography and trafficking. Government: This is the least common cybercrime, but is the most serious offense. A crime against the government is also known as cyber terrorism. Government cybercrime includes hacking government websites, military websites or distributing propaganda. These criminals are usually terrorists or enemy governments of other nations. Laws against Cyber Crime ● SECTION 66: Using password of another person- If a person fraudulently uses the password, digital signature or other unique identification of another person, he/she can face imprisonment up to 3 years or/and a fine of 1 Lakh INR. ● SECTION 66D: Cheating using computer resource- If a person cheats someone using a computer resource or a communication device, he/she could face imprisonment up to 3 years or/and fine up to 1 Lakh INR ● Section 66E: Publishing peivate images of others- If a person captures, transmits or publishes images of a person’s private parts without his/her consent or knowledge, the person is entitled to imprisonment up to 3 years of fine up to 2 Lakhs INR or both ● Section 66F: Acts of Cyber Terrorsim- A person can face life imprisonment if he/she denies an authorized person the access to the computer resource or attempts to penetrate/access a computer resource without authorization, with an aim to threaten the unity, integrity, security or sovereignty of the nation. This is a non-bailable offence. Section 67: Publishing Child Porn or predating children online- If a person captures, publishes or transmits images of a child in a sexually explicit act or induces anyone under the age of 18 into a sexual act, then the person can face imprisonment up to 7 years or fine up to 10 lakhs INR or both Section 69 : Govt.'s Power to block websites- If the government feel it necessary in the interest of sovereignty and integrity of India, it can intercept, monitor or decrypt any information generated, transmitted, received or stored in any computer resource. The power is subject to compliance of procedure. Under section 69A, the central government can also block any information from public access. Section 43A : Data protection at Corporate level- If a body corporate is negligent in implementing reasonable security practices which causes wrongful loss or gain to any person, such body corporate shall be liable to pay damages to the affection person. Cyber attacks in India ● Recently, the servers of Delhi AIIMS were compromised due to a ransomware cyber-attack. The personal data of millions of patients in the top premier medical institute is at risk after a ransomware attack on its servers. ● In February 2022, Air India experienced a major cyberattack that compromised approximately 4.5 million customer records. Passport, ticket, and some credit card information were compromised. ● In 2020, approximately 82% of Indian companies suffered ransomware attacks. ● In 2021, A high-profile India-based payment company, Juspay, suffered a data breach impacting 35 million customers. This breach is very noteworthy because Juspay handles payments for online marketplaces, including Amazon and other big players. ● In May 2017, the top five cities in India (Kolkata, Delhi, Bhubaneswar, Pune, and Mumbai) got impacted due to the WannaCry ransomware attack. 4. Managing user privileges: If users are provided with unnecessary system privileges or data access rights, then the risk of misuse or compromise is increased. All users should be provided with a reasonable (but minimal) level of system privileges and rights needed for their role. The granting of highly elevated system privileges should be carefully controlled and managed. This principle is sometimes referred to as ‘least privilege’. 5. User education and awareness: Users have a critical role to play in their organisation’s security. It is important to educate staff on the potential cyber risks, to ensure users can do their job as well as help keep the organisation secure. 6. Incident management: All organisations will experience security incidents at some point. Investment in creating effective incident management policies and processes will help to improve resilience, support business continuity, improve customer and stakeholder confidence and potentially reduce any impact. 7. Malware prevention: Malicious software, is a term to cover any code or content that could have a malicious, undesirable impact on systems. Any exchange of information carries with it a degree of risk that malware might be exchanged, this could seriously impact your systems and services. The risk may be reduced by developing and implementing appropriate anti- malware policies. 8. Monitoring: System monitoring aims to detect actual or attempted attacks on systems and business services. In addition, monitoring to ensure that systems are being used appropriately in accordance with organisational policies. Monitoring is often a key capability needed to comply with legal or regulatory requirements. 9. Removable media controls: Produce a policy to control all access to removable media. Limit media types and use. Scan all media for malware before importing onto the corporate system. 10. Home and mobile working: Mobile working and remote system access offers great benefits, but exposes new risks that need to be managed. Risk based policies and procedures that support mobile working or remote access to systems that are relevant to users, as well as service providers should be created. GRAPH DEMONTRSATING RATE OF CYBER CRIME THANK YOU