Professional Documents
Culture Documents
CSF Unit-1&2
CSF Unit-1&2
UNIT-I
2. Cyber Extortion –
Cyber extortion occurs when a website, e-mail server or computer system is
subjected to or threatened with repeated denial of service or other attacks by
malicious hackers. These hackers demand huge money in return for
assurance to stop the attacks and to offer protection.
3. Cyber Warfare –
Cyber warfare is the use or targeting in a battle space or warfare context of
computers, online control systems and networks. It involves both offensive
and defensive operations concerning to the threat of cyber attacks,
espionage and sabotage.
4. Internet Fraud –
Internet fraud is a type of fraud or deceit which makes use of the Internet
and could include hiding of information or providing incorrect information for
the purpose of deceiving victims for money or property. Internet fraud is not
considered a single, distinctive crime but covers a range of illegal and illicit
actions that are committed in cyberspace.
5. Cyber Stalking –
This is a kind of online harassment wherein the victim is subjected to a
barrage of online messages and emails. In this case, these stalkers know
their victims and instead of offline stalking, they use the Internet to stalk.
However, if they notice that cyber stalking is not having the desired effect,
they begin offline stalking along with cyber stalking to make the victims’ lives
more miserable.
2. Anonymity-
Those who Commit cyber crime are anonymous for us so we cannot do
anything to that person.
5. No harsh punishment-
In Cyber crime there is no harsh punishment in every cases. But there is
harsh punishment in some cases like when somebody commits cyber
terrorism in that case there is harsh punishment for that individual. But in
other cases there is no harsh punishment so this factor also gives
encouragement to that person who commits cyber crime.
Prevention of Cyber Crime:
Below are some points by means of which we can prevent cyber crime:
1. Use strong password –
Maintain different password and username combinations for each account
and resist the temptation to write them down. Weak passwords can be easily
cracked using certain attacking methods like Brute force attack, Rainbow
table attack etc, So make them complex. That means combination of letters,
numbers and special characters.
Defining cybercrime
The U.S. Department of Justice (DOJ) divides cybercrime into three
categories:
1. Cyber Terrorism –
Cyber terrorism is the use of the computer and internet to perform violent
acts that result in loss of life. This may include different type of activities
either by software or hardware for threatening life of citizens.
In general, Cyber terrorism can be defined as an act of terrorism committed
through the use of cyberspace or computer resources.
2. Cyber Extortion –
Cyber extortion occurs when a website, e-mail server or computer system is
subjected to or threatened with repeated denial of service or other attacks by
malicious hackers. These hackers demand huge money in return for
assurance to stop the attacks and to offer protection.
3. Cyber Warfare –
Cyber warfare is the use or targeting in a battle space or warfare context of
computers, online control systems and networks. It involves both offensive
and defensive operations concerning to the threat of cyber attacks,
espionage and sabotage.
4. Internet Fraud –
Internet fraud is a type of fraud or deceit which makes use of the Internet
and could include hiding of information or providing incorrect information for
the purpose of deceiving victims for money or property. Internet fraud is not
considered a single, distinctive crime but covers a range of illegal and illicit
actions that are committed in cyberspace.
5. Cyber Stalking –
This is a kind of online harassment wherein the victim is subjected to a
barrage of online messages and emails. In this case, these stalkers know
their victims and instead of offline stalking, they use the Internet to stalk.
However, if they notice that cyber stalking is not having the desired effect,
they begin offline stalking along with cyber stalking to make the victims’ lives
more miserable.
2. Anonymity-
Those who Commit cyber crime are anonymous for us so we cannot do
anything to that person.
Cyber crime is taken very seriously by law enforcement. In the early long
periods of the cyber security world, the standard cyber criminals were
teenagers or hobbyists in operation from a home laptop, with attacks principally
restricted to pranks and malicious mischief. Today, the planet of the cyber
criminals has become a lot of dangerous. Attackers are individuals or teams
who attempt to exploit vulnerabilities for personal or financial gain.
Types of Cyber Criminals:
1. Hackers: The term hacker may refer to anyone with technical skills,
however, it typically refers to an individual who uses his or her skills to achieve
unauthorized access to systems or networks so as to commit crimes. The intent
of the burglary determines the classification of those attackers as white, grey, or
black hats. White hat attackers burgled networks or PC systems to get
weaknesses so as to boost the protection of those systems. The owners of the
system offer permission to perform the burglary, and they receive the results of
the take a look at. On the opposite hand, black hat attackers make the most of
any vulnerability for embezzled personal, monetary or political gain. Grey hat
attackers are somewhere between white and black hat attackers. Grey hat
attackers could notice a vulnerability and report it to the owners of the system if
that action coincides with their agenda.
(a). White Hat Hackers – These hackers utilize their programming
aptitudes for a good and lawful reason. These hackers may perform network
penetration tests in an attempt to compromise networks to discover network
vulnerabilities. Security vulnerabilities are then reported to developers to fix
them and these hackers can also work together as a blue team. They always
use the limited amount of resources which are ethical and provided by the
company, they basically perform pentesting only to check the security of the
company from external sources.
(b). Gray Hat Hackers – These hackers carry out violations and do
seemingly deceptive things however not for individual addition or to cause
harm. These hackers may disclose a vulnerability to the affected
organization after having compromised their network and they may exploit it .
(c). Black Hat Hackers – These hackers are unethical criminals who
violate network security for personal gain. They misuse vulnerabilities to
bargain PC frameworks. theses hackers always exploit the information or
any data they got from the unethical pentesting of the network.
2. Organized Hackers: These criminals embody organizations of cyber
criminals, hacktivists, terrorists, and state-sponsored hackers. Cyber criminals
are typically teams of skilled criminals targeted on control, power, and wealth.
These criminals are extremely subtle and organized, and should even give
crime as a service. These attackers are usually profoundly prepared and well-
funded.
3. Internet stalkers: Internet stalkers are people who maliciously monitor the
web activity of their victims to acquire personal data. This type of cyber crime is
conducted through the use of social networking platforms and malware, that are
able to track an individual’s PC activity with little or no detection.
4. Disgruntled Employees: Disgruntled employees become hackers with a
particular motive and also commit cyber crimes. It is hard to believe that
dissatisfied employees can become such malicious hackers. In the previous
time, they had the only option of going on strike against employers. But with the
advancement of technology there is increased in work on computers and the
automation of processes, it is simple for disgruntled employees to do more
damage to their employers and organization by committing cyber crimes. The
attacks by such employees brings the entire system down. Please refer
for: Cyber Law (IT Law) in India
What is Cyberstalking?
Cyberstalking is a type of cybercrime that uses the internet and technology to harass or
stalk a person. It can be considered an extension of cyberbullying and in-person
stalking. However, it takes the form of text messages, e-mails, social media posts, and
other mediums and is often persistent, deliberate, and methodical.
Cyberstalking Examples
Cyberstalkers use a variety of tactics and techniques to humiliate, harass, control, and
intimidate their victims. Many cyberstalkers are technologically savvy as well as creative
in their ways. Here are some examples of how Cyberstalking might take place:
Types of Cyberstalking
Let us explore the various kinds of Cyberstalking that are prevalent:
Catfishing
The creation of fake profiles or copying of existing ones on social media to approach
victims.
Keeping an eye on the activities of a victim on social media to accurately gauge their
behavior pattern.
Using Street View to spy on a victim and find their location from posts or photos on
social media.
Hijacking webcam
A recent survey conducted in one of the metropolitan cities in India reveals the following
facts,
Pirated software(s) such as OS, browser, office automation software(s) (e.g.,
Microsoft Office) are installed in all the computers.
Antivirus software is found to be not updated to the latest patch and/or antivirus
signature.
Several cybercafes had installed the software called "Deep Freeze" for protecting
the computers from prospective malware attacks.
Annual maintenance contract (AMC) found to be not in a place for servicing the
computers; hence, hard disks for all the computers are not formatted unless the
computer is down. Not having the AMC is a risk from cybercrime perspective
because a cybercriminal can install a Malicious Code on a computer and conduct
criminal activities without any interruption.
Pornographic websites and other similar websites with indecent contents are not
blocked.
Cybercafe owners have very less awareness about IT Security and IT
Governance.
Government/ISPs/State Police (cyber cell wing) do not seem to provide IT
Governance guidelines to cybercafe owners.
Cybercafe association or State Police (cyber cell wing) do not seem to conduct
periodic visits to cybercafes - one of the cybercafe owners whom we interviewed
expressed a view that the police will not visit a cybercafe unless criminal activity
is registered by fling an First Information Report (FIR). Cybercafe owners feel
that police either have a very little knowledge about the technical aspects.
involved in cybercrimes and/or about conceptual understanding of IT security.
There are thousands of cybercafes across India. In the event that a central agency
takes up the responsibility for monitoring cyber
BOTNETS
Now that you have a good understanding of what is a botnet, it’s time to dive deeper into
learning how a botnet works. Below are the steps that are carried out to initiate a botnet attack:
Prepping the Botnet Army: The first step in creating a botnet is to infect as many connected
devices as possible, to ensure that there are enough bots to carry out the attack. It uses the
computing power of the infected devices for tasks that remain hidden to the device owners.
However, the fraction of bandwidth taken from a single machine isn't sufficient, and hence the
Botnet combines millions of devices to carry out large-scale attacks. This way, it creates bots either
by exploiting security gaps in software or websites or phishing emails. They often deploy botnets
through a trojan horse virus.
Establishing the connection: Once it hacks the device, as per the previous step, it infects it with a
specific malware that connects the device back to the central botnet server. This way, it connects all
the devices within the botnet network, and they are ready to execute the attack. A bot herder uses
command programming to drive the bot's actions.
Launching the attack: Once infected, a bot allows access to admin-level operations like gathering
and stealing user data, reading and writing system data, monitoring user activities, performing DDoS
attacks, sending spam, launching brute force attacks, crypto mining, and so on.
As seen in the above image, a bot herder initiates the attack by infecting several devices with
malicious code, which acts as the Botnet. In the next step, these devices take over and conduct
the final cyber attack. Therefore, even if you trace the cyberattack back in such a scenario, you
cannot trace the bot herder easily.
In the next segment of this tutorial on what is a botnet, you will dive deeper into understanding
botnets and look at the architecture of a botnet.
Botnet Architecture
A botnet architecture has developed over a while for improved working and slimmer chances of
getting traced. As seen previously, once it infects the desired number of devices, the botmaster
(bot herder) takes control of the bots using two different approaches.
Client-Server Model
The client-server model is a traditional model that operates with the help of a command and
control (C&C) server and communication protocols like IRC. For example, IRC or Internet
Relay Chat sends automated commands to the infected bot devices.
Before engaging in a cyberattack, it frequently programs the bots to remain dormant and await
commands from the C&C server. When the bot herder issues a command to the server, it is then
relayed to the clients. Following this, the clients run the commands and report back to the bot
herder with the findings.
ATTACK VECTOR:
An attack vector is a pathway or method used by a hacker to
illegally access a network or computer in an attempt to exploit
system vulnerabilities. Hackers use numerous attack vectors to
launch attacks that take advantage of system weaknesses, cause
a data breach, or steal login credentials. What is an
attack vector?
An attack vector, or threat vector, is a way for attackers to enter a network or system.
Common attack vectors include social engineering attacks, credential theft, vulnerability
exploits, and insufficient protection against insider threats. A major part of information
security is closing off attack vectors whenever possible.
Suppose a security firm is tasked with guarding a rare painting that hangs in a museum.
There are a number of ways that a thief could enter and exit the museum — front doors,
back doors, elevators, and windows. A thief could enter the museum in some other way
too, perhaps by posing as a member of the museum's staff. All of these methods
represent attack vectors, and the security firm may try to eliminate them by placing
security guards at all doors, putting locks on windows, and regularly screening museum
staff to confirm their identity.
Similarly, digital systems all have areas attackers can use as entry points. Because
modern computing systems and application environments are so complex, closing off all
attack vectors is typically not possible. But strong security practices and safeguards can
eliminate most attack vectors, making it far more difficult for attackers to find and use
them.
Email attachments: One of the most common attack vectors, email attachments can
contain malicious code that executes after a user opens the file. In recent years, multiple
major ransomware attacks have used this threat vector, including Ryuk attacks.
Account takeover: Attackers can use a number of different methods to take over a
legitimate user's account. They can steal a user's credentials (username and password)
via phishing attack, brute force attack, or purchasing them on the underground market.
Attackers can also try to intercept and use a session cookie to impersonate the user to a
web application.
Lack of encryption: Unencrypted data can be viewed by anyone who has access to it. It
can be intercepted in transit between networks, as in an on-path attack, or simply
viewed inadvertently by an intermediary along the network path.
Insider threats: An insider threat is when a known and trusted user accesses and
distributes confidential data, or enables an attacker to do the same. Such occurrences
can be either intentional or accidental on the part of the user. External attackers can try
to create insider threats by contacting insiders directly and asking, bribing, tricking, or
threatening them into providing access. Sometimes malicious insiders act of their own
accord, out of dissatisfaction with their organization or for some other reason.
Browser-based attacks: To display webpages, Internet browsers load and execute code
they receive from remote servers. Attackers can inject malicious code into a website or
direct users to a fake website, tricking the browser into executing code that
downloads malware or otherwise compromises user devices. With cloud computing,
employees often access data and applications solely through their Internet browser,
making this threat vector of particular concern.
Application compromise: Instead of going after user accounts directly, an attacker may
aim to infect a trusted third-party application with malware. Or they could create a fake,
malicious application that users unknowingly download and install (a common attack
vector for mobile devices).
Open ports: A port is a virtual entryway into a device. Ports help computers and servers
associate network traffic with a given application or process. Ports that are not in use
should be closed. Attackers can send specially crafted messages to open ports to try to
compromise the system, just as a car thief might try opening doors to see if any are
unlocked.
How can an organization secure its
attack vectors?
There is no way to eliminate attack vectors altogether. But these approaches can help
stop both internal and external attacks.
Good security practices: Many attacks succeed due to user error: users fall for
phishing attacks, open malicious email attachments, or provide access to an
unauthorized person. Training users to avoid these errors can go a long way toward
eliminating several major attack vectors.
Browser isolation: This technology moves the process of loading and executing
untrusted code to a location outside of an organization's secured network. Browser
isolation can even help eliminate the threat of zero-day attacks, at least in the
browser.
Secure access service edge (SASE): As reliance on the cloud has changed corporate
computing models, many organizations find their networking and security models
need to change as well. Secure access service edge (SASE) is one method of
integrating networking and security.
Wireless and mobile devices have become ubiquitous in today’s society, and
with this increased usage comes the potential for security threats. Wireless and
mobile device attacks are a growing concern for individuals, businesses, and
governments.
Below are some of the most common types of Wireless and Mobile Device
Attacks:
SMiShing: Smishing become common now as smartphones are widely used.
SMiShing uses Short Message Service (SMS) to send fraud text messages or
links. The criminals cheat the user by calling. Victims may provide sensitive
information such as credit card information, account information, etc. Accessing
a website might result in the user unknowingly downloading malware that
infects the device.
War driving : War driving is a way used by attackers to find access points
wherever they can be. With the availability of free Wi-Fi connection, they can
drive around and obtain a very huge amount of information over a very short
period of time.
WEP attack: Wired Equivalent Privacy (WEP) is a security protocol that
attempted to provide a wireless local area network with the same level of
security as a wired LAN. Since physical security steps help to protect a wired
LAN, WEP attempts to provide similar protection for data transmitted over
WLAN with encryption. WEP uses a key for encryption. There is no provision for
key management with Wired Equivalent Privacy, so the number of people
sharing the key will continually grow. Since everyone is using the same key, the
criminal has access to a large amount of traffic for analytic attacks.
WPA attack: Wi-Fi Protected Access (WPA) and then WPA2 came out as
improved protocols to replace WEP. WPA2 does not have the same encryption
problems because an attacker cannot recover the key by noticing traffic. WPA2
is susceptible to attack because cyber criminals can analyze the packets going
between the access point and an authorized user.
Bluejacking: Bluejacking is used for sending unauthorized messages to
another Bluetooth device. Bluetooth is a high-speed but very short-range
wireless technology for exchanging data between desktop and mobile
computers and other devices.
Replay attacks: In a Replay attack an attacker spies on information being sent
between a sender and a receiver. Once the attacker has spied on the
information, he or she can intercept it and retransmit it again thus leading to
some delay in data transmission. It is also known as playback attack.
Bluesnarfing : It occurs when the attacker copies the victim’s information from
his device. An attacker can access information such as the user’s calendar,
contact list, e-mail and text messages without leaving any evidence of the
attack.
RF Jamming: Wireless signals are susceptible to electromagnetic interference
and radio-frequency interference. Radio frequency (RF) jamming distorts the
transmission of a satellite station so that the signal does not reach the receiving
station.
There are several types of attacks that target these devices, each
with its own advantages and disadvantages:
Wi-Fi Spoofing: Wi-Fi spoofing involves setting up a fake wireless access point
to trick users into connecting to it instead of the legitimate network. This attack
can be used to steal sensitive information such as usernames, passwords, and
credit card numbers. One advantage of this attack is that it is relatively easy to
carry out, and the attacker does not need sophisticated tools or skills. However,
it can be easily detected if users are aware of the legitimate network’s name
and other details.
Packet Sniffing: Packet sniffing involves intercepting and analyzing the data
packets that are transmitted over a wireless network. This attack can be used to
capture sensitive information such as email messages, instant messages, and
web traffic. One advantage of this attack is that it can be carried out without the
user’s knowledge. However, the attacker needs to be in close proximity to the
victim and must have the technical skills and tools to intercept and analyze the
data.
Bluejacking: Bluejacking involves sending unsolicited messages to Bluetooth-
enabled devices. This attack can be used to send spam, phishing messages, or
malware to the victim’s device. One advantage of this attack is that it does not
require a network connection, and the attacker can be located anywhere within
range of the victim’s Bluetooth signal. However, it requires the attacker to have
the victim’s Bluetooth device’s address and is limited to devices that have
Bluetooth capabilities.
SMS Spoofing: SMS spoofing involves sending text messages that appear to
come from a trusted source, such as a bank or a government agency. This
attack can be used to trick users into revealing sensitive information or
downloading malware. One advantage of this attack is that it can be carried out
without the user’s knowledge. However, it requires the attacker to have the
victim’s phone number, and it can be easily detected if users are aware of the
legitimate source of the message.
Malware: Malware is software designed to infect a device and steal or damage
data. Malware can be distributed through email attachments, software
downloads, or malicious websites. One advantage of this attack is that it can be
carried out remotely, without the attacker needing to be physically close to the
victim. However, it requires the attacker to have a way to deliver the malware to
the victim’s device, such as through a phishing email or a fake website.
Many people rely on the Internet for many of their professional, social and
personal activities. But there are also people who attempt to damage our
Internet-connected computers, violate our privacy and render inoperable the
Internet services.
Given the frequency and variety of existing attacks as well as the threat of new
and more destructive future attacks, network security has become a central
topic in the field of computer networking.
How are computer networks vulnerable? What are some of the more
prevalent types of attacks today?
Malware – short for malicious software which is specifically designed to disrupt,
damage, or gain authorized access to a computer system. Much of the malware
out there today is self-replicating: once it infects one host, from that host it
seeks entry into other hosts over the Internet, and from the newly infected
hosts, it seeks entry into yet more hosts. In this manner, self-replicating
malware can spread exponentially fast.
Virus – A malware which requires some form of user’s interaction to infect the
user’s device. The classic example is an e-mail attachment containing malicious
executable code. If a user receives and opens such an attachment, the user
inadvertently runs the malware on the device.
Worm – A malware which can enter a device without any explicit user
interaction. For example, a user may be running a vulnerable network
application to which an attacker can send malware. In some cases, without any
user intervention, the application may accept the malware from the Internet and
run it, creating a worm.
Botnet – A network of private computers infected with malicious software and
controlled as a group without the owners’ knowledge, e.g. to send spam.
DoS (Denial of Service) – A DoS attack renders a network, host, or other
pieces of infrastructure unusable by legitimate users. Most Internet DoS attacks
fall into one of three categories :
• Vulnerability attack: This involves sending a few well-crafted messages to a
vulnerable application or operating system running on a targeted host. If the
right sequence of packets is sent to a vulnerable application or operating
system, the service can stop or, worse, the host can crash.
• Bandwidth flooding: The attacker sends a deluge of packets to the targeted
host—so many packets that the target’s access link becomes clogged,
preventing legitimate packets from reaching the server.
• Connection flooding: The attacker establishes a large number of half-open or
fully open TCP connections at the target host. The host can become so bogged
down with these bogus connections that it stops accepting legitimate
connections.
DDoS (Distributed DoS) – DDoS is a type of DOS attack where multiple
compromised systems, are used to target a single system causing a Denial of
Service (DoS) attack. DDoS attacks leveraging botnets with thousands of
comprised hosts are a common occurrence today. DDoS attacks are much
harder to detect and defend against than a DoS attack from a single host.
Packet sniffer – A passive receiver that records a copy of every packet that
flies by is called a packet sniffer. By placing a passive receiver in the vicinity of
the wireless transmitter, that receiver can obtain a copy of every packet that is
transmitted! These packets can contain all kinds of sensitive information,
including passwords, social security numbers, trade secrets, and private
personal messages. some of the best defenses against packet sniffing involve
cryptography.
IP Spoofing – The ability to inject packets into the Internet with a false source
address is known as IP spoofing, and is but one of many ways in which one
user can masquerade as another user. To solve this problem, we will need end-
point authentication, that is, a mechanism that will allow us to determine with
certainty if a message originates from where we think it does.
Man-in-the-Middle Attack – As the name indicates, a man-in-the-middle attack
occurs when someone between you and the person with whom you are
communicating is actively monitoring, capturing, and controlling your
communication transparently. For example, the attacker can re-route a data
exchange. When computers are communicating at low levels of the network
layer, the computers might not be able to determine with whom they are
exchanging data.
Compromised-Key Attack – A key is a secret code or number necessary to
interpret secured information. Although obtaining a key is a difficult and
resource-intensive process for an attacker, it is possible. After an attacker
obtains a key, that key is referred to as a compromised key. An attacker uses
the compromised key to gain access to a secured communication without the
sender or receiver being aware of the attack.
Phishing – The fraudulent practice of sending emails purporting to be from
reputable companies in order to induce individuals to reveal personal
information, such as passwords and credit card numbers.
DNS spoofing – Also referred to as DNS cache poisoning, is a form of
computer security hacking in which corrupt Domain Name System data is
introduced into the DNS resolver’s cache, causing the name server to return an
incorrect IP address.
Rootkit – Rootkits are stealthy packages designed to benefit administrative
rights and get the right of entry to a community tool. Once installed, hackers
have complete and unrestricted get right of entry to the tool and can, therefore,
execute any movement including spying on customers or stealing exclusive
data with no hindrance.
Find out about Organization Assaults:
There’s something else to find out about network assaults.
Zeus Malware: Variations, Techniques and History:
Zeus, otherwise called Zbot, is a malware bundle that utilizes a client/server
model. Programmers utilize the Zeus malware to make gigantic botnets. The
primary reason for Zeus is to assist programmers with acquiring unapproved
admittance to monetary frameworks by taking accreditations, banking data and
monetary information. The penetrated information is then sent back to the
assailants through the Zeus Order and Control (C&C) server.
Zeus has tainted north of 3 million PCs in the USA, and has compromised
significant associations like NASA and the Bank of America.
Cobalt Strike: White Cap Programmer Force to be reckoned with in Some
unacceptable Hands
Cobalt Strike is a business infiltration testing instrument. This instrument
empowers security analyzers admittance to a huge assortment of assault
capacities. You can utilize Cobalt Strike to execute stick phishing and gain
unapproved admittance to frameworks. It can likewise recreate an assortment
of malware and other high level danger strategies.
While Cobalt Strike is a real instrument utilized by moral programmers, some
digital hoodlums get the preliminary rendition and break its product insurance,
or even get admittance to a business duplicate of the product.
FTCode Ransomware: Dispersion, Life systems and Assurance
FTCode is a kind of ransomware, intended to encode information and power
casualties to pay a payoff for a decoding key. The code is written in PowerShell,
implying that it can scramble records on a Windows gadget without
downloading some other parts. FTCode loads its executable code just into
memory, without saving it to plate, to forestall location by antivirus. The FTCode
ransomware is conveyed through spam messages containing a contaminated
Word layout in Italian.
Mimikatz: World’s Most Perilous Secret word Taking Stage
Mimikatz is an open-source instrument at first created by moral programmer
Benjamin Delpy, to exhibit a blemish in Microsoft’s confirmation conventions.
.As such, the apparatus takes passwords. It is conveyed on Windows and
empowers clients to extricate Kerberos tickets and other validation tokens from
the machine. A portion of the more significant assaults worked with by Mimikatz
incorporate Pass-the-Hash, Kerberos Brilliant Ticket, Pass the Key, and Pass-
the-Ticket.
Understand more: Mimikatz: World’s Most Risky Secret key Taking Stage
Grasping Honor Acceleration and 5 Normal Assault Strategies
Honor heightening is a typical technique for acquiring unapproved admittance to
frameworks. Programmers start honor heightening by tracking down weak
focuses in an association’s guards and accessing a framework. Typically, the
primary place of infiltration won’t concede aggressors with the fundamental
degree of access or information. They will go on with honor heightening to
acquire authorizations or get admittance to extra, more delicate frameworks.
This article is contributed by Achiv Chauhan. If you like GeeksforGeeks and
would like to contribute, you can also write an article
using write.geeksforgeeks.org or mail your article to review-
team@geeksforgeeks.org. See your article appearing on the GeeksforGeeks
main page and help other Geeks. Please write comments if you find anything
incorrect, or you want to share more information about the topic discussed
above.
UNIT – II
UNIT - II
Proxy server refers to a server that acts as an intermediary between the request
made by clients, and a particular server for some services or requests for some
resources. There are different types of proxy servers available that are put into
use according to the purpose of a request made by the clients to the servers.
The basic purpose of Proxy servers is to protect the direct connection of
Internet clients and internet resources. The proxy server also prevents the
identification of the client’s IP address when the client makes any request is
made to any other servers.
Internet Client and Internet resources: For internet clients, Proxy
servers also act as a shield for an internal network against the request
coming from a client to access the data stored on the server. It makes the
original IP address of the node remains hidden while accessing data from
that server.
Protects true host identity: In this method, outgoing traffic appears to
come from the proxy server rather than internet navigation. It must be
configured to the specific application such as HTTPs or FTP. For example,
organizations can use a proxy to observe the traffic of its employees to get
the work efficiently done. It can also be used to keep a check on any kind of
highly confidential data leakage. Some can also use it to increase their
websites rank.
1. Reverse Proxy Server: The job of a reverse proxy server to listen to the
request made by the client and redirect to the particular web server which is
present on different servers.
Example – Listen for TCP port 80 website connections which are normally
placed in a demilitarized zone (DMZ) zone for publicly accessible services
but it also protects the true identity of the host. Moreover, it is transparent to
external users as external users will not be able to identify the actual number
of internal servers. So, it is the prime duty of reverse proxy to redirect the
flow depending upon the configurations of internal servers. The request that
is made to pass through the private network protected by firewalls will need
a proxy server that is not abiding by any of the local policies. Such types of
requests from the clients are completed using reverse proxy servers. This is
also used to restrict the access of the clients to the confidential data residing
on the particular servers.
2. Web Proxy Server: Web Proxy forwards the HTTP requests, only URL is
passed instead of a path. The request is sent to particular the proxy server
responds. Examples, Apache, HAP Proxy.
3. Anonymous Proxy Server: This type of proxy server does not make an
original IP address instead these servers are detectable still provides
rational anonymity to the client device.
4. Highly Anonymity Proxy: This proxy server does not allow the original
IP address and it as a proxy server to be detected.
5. Transparent Proxy: This type of proxy server is unable to provide any
anonymity to the client, instead, the original IP address can be easily
detected using this proxy. But it is put into use to act as a cache for the
websites. A transparent proxy when combined with gateway results in a
proxy server where the connection requests are sent by the client , then IP
are redirected. Redirection will occurs without the client IP address
configuration. HTTP headers present on the server-side can easily detect its
redirection .
6. CGI Proxy: CGI proxy server developed to make the websites more
accessible. It accepts the requests to target URLs using a web form and
after processing its result will be returned to the web browser. It is less
popular due to some privacy policies like VPNs but it still receives a lot of
requests also. Its usage got reduced due to excessive traffic that can be
caused to the website after passing the local filtration and thus leads to
damage to the organization.
7. Suffix Proxy: Suffix proxy server basically appends the name of the
proxy to the URL. This type of proxy doesn’t preserve any higher level of
anonymity. It is used for bypassing the web filters. It is easy to use and can
be easily implemented but is used less due to the more number of web filter
present in it.
8. Distorting Proxy: Proxy servers are preferred to generate an incorrect
original IP address of clients once being detected as a proxy server. To
maintain the confidentiality of the Client IP address HTTP headers are used.
9. Tor Onion Proxy: This server aims at online anonymity to the user’s
personal information. It is used to route the traffic through various networks
present worldwide to arise difficulty in tracking the users’ address and
prevent the attack of any anonymous activities. It makes it difficult for any
person who is trying to track the original address. In this type of routing, the
information is encrypted in a multi-folds layer. At the destination, each layer
is decrypted one by one to prevent the information to scramble and receive
original content. This software is open-source and free of cost to use.
10. 12P Anonymous Proxy: It uses encryption to hide all the
communications at various levels. This encrypted data is then relayed
through various network routers present at different locations and thus I2P is
a fully distributed proxy. This software is free of cost and open source to use,
It also resists the censorship.
11. DNS Proxy: DNS proxy take requests in the form of DNS queries and
forward them to the Domain server where it can also be cached, moreover
flow of request can also be redirected.
Every computer has its unique IP address which it uses to communicate with
another node. Similarly, the proxy server has its IP address that your computer
knows. When a web request is sent, your request goes to the proxy server first.
The Proxy sends a request on your behalf to the internet and then collect the
data and make it available to you. A proxy can change your IP address So, the
webserver will be unable to fetch your location in the world. It protects data from
getting hacked too. Moreover, it can block some web pages
also.
Phishing
Phishing is one type of cyber attack. Phishing got its name from “phish”
meaning fish. It’s a common phenomenon to put bait for the fish to get trapped.
Similarly, phishing works. It is an unethical way to dupe the user or victim to
click on harmful sites. The attacker crafts the harmful site in such a way that the
victim feels it to be an authentic site, thus falling prey to it. The most common
mode of phishing is by sending spam emails that appear to be authentic and
thus, taking away all credentials from the victim. The main motive of the
attacker behind phishing is to gain confidential information like
Password
Credit card details
Social security numbers
Date of birth
The attacker uses this information to further target the user and impersonate
the user and cause data theft. The most common type of phishing attack
happens through email. Phishing victims are tricked into revealing information
that they think should be kept private. The original logo of the email is used to
make the user believe that it is indeed the original email. But if we carefully look
into the details, we will find that the URL or web address is not authentic. Let’s
understand this concept
In this example, most people believe it’s YouTube just by looking at the red
icon. So, thinking of YouTube as a secure platform, the users click on the
extension without being suspicious about it. But if we look carefully, we can see
the URL is supertube.com and not youtube.com. Secondly, YouTube never
asks to add extensions for watching any video. The third thing is the extension
name itself is weird enough to raise doubt about its credibility.
How Does Phishing Occur?
Below mentioned are the ways through which Phishing generally occurs. Upon
using any of the techniques mentioned below, the user can lead to Phishing
Attacks.
Clicking on an unknown file or attachment: Here, the attacker
deliberately sends a mysterious file to the victim, as the victim opens the file,
either malware is injected into his system or it prompts the user to enter
confidential data.
Using an open or free wifi hotspot: This is a very simple way to get
confidential information from the user by luring him by giving him free wifi.
The wifi owner can control the user’s data without the user knowing it.
Responding to social media requests: This commonly includes social
engineering. Accepting unknown friend requests and then, by mistake,
leaking secret data are the most common mistake made by naive users.
Clicking on unauthenticated links or ads: Unauthenticated links have
been deliberately crafted that lead to a phished website that tricks the user
into typing confidential data.
Types of Phishing Attacks
There are several types of Phishing Attacks, some of them are mentioned
below. Below mentioned attacks are very common and mostly used by the
attackers.
Email Phishing: The most common type where users are tricked into
clicking unverified spam emails and leaking secret data. Hackers
impersonate a legitimate identity and send emails to mass victims.
Generally, the goal of the attacker is to get personal details like bank details,
credit card numbers, user IDs, and passwords of any online shopping
website, installing malware, etc. After getting the personal information, they
use this information to steal money from the user’s account or harm the
target system, etc.
Spear Phishing: In spear phishing of phishing attack, a particular
user(organization or individual) is targeted. In this method, the attacker first
gets the full information of the target and then sends malicious emails to
his/her inbox to trap him into typing confidential data. For example, the
attacker targets someone(let’s assume an employee from the finance
department of some organization). Then the attacker pretends to be like the
manager of that employee and then requests personal information or
transfers a large sum of money. It is the most successful attack.
Whaling: Whaling is just like spear-phishing but the main target is the
head of the company, like the CEO, CFO, etc. a pressurized email is sent to
such executives so that they don’t have much time to think, therefore falling
prey to phishing.
Smishing: In this type of phishing attack, the medium of phishing attack
is SMS. Smishing works similarly to email phishing. SMS texts are sent to
victims containing links to phished websites or invite the victims to call a
phone number or to contact the sender using the given email. The victim is
then invited to enter their personal information like bank details, credit card
information, user id/ password, etc. Then using this information the attacker
harms the victim.
Vishing: Vishing is also known as voice phishing. In this method, the
attacker calls the victim using modern caller id spoofing to convince the
victim that the call is from a trusted source. Attackers also use IVR to make it
difficult for legal authorities to trace the attacker. It is generally used to steal
credit card numbers or confidential data from the victim.
Clone Phishing: Clone Phishing this type of phishing attack, the attacker
copies the email messages that were sent from a trusted source and then
alters the information by adding a link that redirects the victim to a malicious
or fake website. Now the attacker sends this mail to a larger number of users
and then waits to watch who clicks on the attachment that was sent in the
email. It spreads through the contacts of the user who has clicked on the
attachment.
Impact of Phishing
These are the impacts on the user upon affecting the Phishing Attacks. Each
person has their own impact after getting into Phishing Attacks, but these are
some of the common impacts that happen to the majority of people.
Financial Loss: Phishing attacks often target financial information, such
as credit card numbers and bank account login credentials. This information
can be used to steal money or make unauthorized purchases, leading to
significant financial losses.
Identity Theft: Phishing attacks can also steal personal information, such
as Social Security numbers and date of birth, which can be used to steal an
individual’s identity and cause long-term harm.
Damage to Reputation: Organizations that fall victim to phishing attacks
can suffer damage to their reputation, as customers and clients may lose
trust in the company’s ability to protect their information.
Disruption to Business Operations: Phishing attacks can also cause
significant disruption to business operations, as employees may have their
email accounts or computers compromised, leading to lost productivity and
data.
Spread of Malware: Phishing attacks often use attachments or links to
deliver malware, which can infect a victim’s computer or network and cause
further harm.
Signs of Phishing
It is very much important to be able to identify the signs of a phishing attack in
order to protect against its harmful effects. These signs help the user to protect
user data and information from hackers. Here are some signs to look out for
include:
Suspicious email addresses: Phishing emails often use fake email
addresses that appear to be from a trusted source, but are actually
controlled by the attacker. Check the email address carefully and look for
slight variations or misspellings that may indicate a fake address.
Urgent requests for personal information: Phishing attacks often try to
create a sense of urgency in order to trick victims into providing personal
information quickly. Be cautious of emails or messages that ask for personal
information and make sure to verify the authenticity of the request before
providing any information.
Poor grammar and spelling: Phishing attacks are often created quickly
and carelessly, and may contain poor grammar and spelling errors. These
mistakes can indicate that the email or message is not legitimate.
Requests for sensitive information: Phishing attacks often try to steal
sensitive information, such as login credentials and financial information. Be
cautious of emails or messages that ask for sensitive information and verify
the authenticity of the re
quest before providing any information.
Unusual links or attachments: Phishing attacks often use links or
attachments to deliver malware or redirect victims to fake websites. Be
cautious of links or attachments in emails or messages, especially from
unknown or untrusted sources.
Strange URLs: Phishing attacks often use fake websites that look similar
to the real ones, but have slightly different URLs. Look for strange URLs or
slight variations in the URL that may indicate a fake website.
How To Stay Protected Against Phishing?
Until now, we have seen how a user becomes so vulnerable due to phishing.
But with proper precautions, one can avoid such scams. Below are the ways
listed to protect users against phishing attacks:
Authorized Source: Download software from authorized sources only
where you have trust.
Confidentiality: Never share your private details with unknown links and
keep your data safe from hackers.
Check URL: Always check the URL of websites to prevent any such
attack. it will help you not get trapped in Phishing Attacks.
Avoid replying to suspicious things: If you receive an email from a
known source but that email looks suspicious, then contact the source with a
new email rather than using the reply option.
Phishing Detection Tool: Use phishing-detecting tools to monitor the
websites that are crafted and contain unauthentic content.
Try to avoid free wifi: Avoid using free Wifi, it will lead to threats and
Phishing.
Keep your system updated: It’s better to keep your system always
updated to protect from different types of Phishing Attacks.
Keep the firewall of the system ON: Keeping ON the firewalls helps you
in filtering ambiguous and suspicious data and only authenticated data will
reach to you.
How To Distinguish between a Fake Website and a Real Website?
It is very important nowadays to protect yourself from fake websites and real
websites. Here are some of the ways mentioned through which you can identify
which websites are real and which ones are fake. To distinguish between a fake
website and a real website always remember the following points:
Check the URL of the website: A good and legal website always uses a
secure medium to protect yourself from online threats. So, when you first see
a website link, always check the beginning of the website. That means if a
website is started with https:// then the website is secure because https:// s
denotes secure, which means the website uses encryption to transfer data,
protecting it from hackers. If a website uses http:// then the website is not
guaranteed to be safe. So, it is advised not to visit HTTP websites as they
are not secure.
Check the domain name of the website: The attackers generally create
a website whose address mimic of large brands or companies like
www.amazon.com/order_id=23. If we look closely, we can see that it’s a fake
website as the spelling of Amazon is wrong, that is amazon is written. So it’s
a phished website. So be careful with such types of websites.
Look for site design: If you open a website from the link, then pay
attention to the design of the site. Although the attacker tries to imitate the
original one as much as possible, they still lack in some places. So, if you
see something off, then that might be a sign of a fake website. For example,
www.sugarcube.com/facebook, when we open this URL the page open is
cloned to the actual Facebook page but it is a fake website. The original link
to Facebook is www.facebook.com.
Check for the available web pages: A fake website does not contain the
entire web pages that are present in the original website. So when you
encounter fake websites, then open the option(links) present on that website.
If they only display a login page, then the website is fake.
Anti-Phishing Tools
Well, it’s essential to use Anti-Phishing tools to detect phishing attacks. Here
are some of the most popular and effective anti-phishing tools available:
Anti-Phishing Domain Advisor (APDA): A browser extension that
warns users when they visit a phishing website. It uses a database of known
phishing sites and provides real-time protection against new threats.
PhishTank: A community-driven website that collects and verifies reports
of phishing attacks. Users can submit phishing reports and check the status
of suspicious websites.
Webroot Anti-Phishing: A browser extension that uses machine
learning algorithms to identify and block phishing websites. It provides real-
time protection and integrates with other security tools.
Malwarebytes Anti-Phishing: A security tool that protects against
phishing attacks by detecting and blocking suspicious websites. It uses a
combination of machine learning and signature-based detection to provide
real-time protection.
Kaspersky Anti-Phishing: A browser extension that provides real-time
protection against phishing attacks. It uses a database of known phishing
sites and integrates with other security tools to provide comprehensive
protection.
Key loggers
also known as keystroke loggers, may be defined as the recording of the key
pressed on a system and saved it to a file, and the that file is accessed by the
person using this malware. Key logger can be software or can be
hardware. Working: Mainly key-loggers are used to steal password or
confidential details such as bank information etc. First key-logger was invented
in 1970’s and was a hardware key logger and first software key-logger was
developed in 1983. 1. Software key-loggers : Software key-loggers are the
computer programs which are developed to steal password from the victims
computer. However key loggers are used in IT organizations to troubleshoot
technical problems with computers and business networks. Also Microsoft
windows 10 also has key-logger installed in it.
1. JavaScript based key logger – It is a malicious script which is installed
into a web page, and listens for key to press such as oneKeyUp(). These
scripts can be sent by various methods, like sharing through social media,
sending as a mail file, or RAT file.
2. Form Based Key loggers – These are key-loggers which activates when
a person fills a form online and when click the button submit all the data or
the words written is sent via file on a computer. Some key-loggers works as
a API in running application it looks like a simple application and whenever a
key is pressed it records it.
2. Hardware Key-loggers : These are not dependent on any software as these
are hardware key-loggers. keyboard hardware is a circuit which is attached in a
keyboard itself that whenever the key of that keyboard pressed it gets recorded.
1. USB keylogger – There are USB connector key-loggers which has to be
connected to a computer and steals the data. Also some circuits are built
into a keyboard so no external wire i used or shows on the keyboard.
2. Smartphone sensors – Some cool android tricks are also used as key
loggers such as android accelerometer sensor which when placed near to
the keyboard can sense the vibrations and the graph then used to convert it
to sentences, this technique accuracy is about 80%. Now a days crackers
are using keystroke logging Trojan, it is a malware which is sent to a victims
computer to steal the data and login details.
So key-loggers are the software malware or a hardware which is used to steal ,
or snatch our login details, credentials , bank information and many more.
Some keylogger application used in 2020 are:
1. Kidlogger
2. Best Free Keylogger
3. Windows Keylogger
4. Refog Personal Monitor
5. All In One Keylogger
Prevention from key-loggers : These are following below-
1. Anti-Key-logger – As the name suggest these are the software which
are anti / against key loggers and main task is to detect key-logger from a
computer system.
2. Anti-Virus – Many anti-virus software also detect key loggers and delete
them from the computer system. These are software anti-software so these
can not get rid from the hardware key-loggers.
3. Automatic form filler – This technique can be used by the user to not fill
forms on regular bases instead use automatic form filler which will give a
shield against key-loggers as keys will not be pressed .
4. One-Time-Passwords – Using OTP’s as password may be safe as every
time we login we have to use a new password.
5. Patterns or mouse-recognition – On android devices used pattern as a
password of applications and on PC use mouse recognition, mouse program
uses mouse gestures instead of stylus.
6. Voice to Text Converter – This software helps to prevent Keylogging
which targets a specific part of our keyboard.
1. Worms :
Worms are similar to a virus but it does not modify the program. It replicates
itself more and more to cause slow down the computer system. Worms can be
controlled by remote. The main objective of worms is to eat the system
resources. The WannaCry ransomware worm in 2000 exploits the Windows
Server Message Block (SMBv1) which is a resource-sharing protocol.
2. Virus :
A virus is a malicious executable code attached to another executable file that
can be harmless or can modify or delete data. When the computer program
runs attached with a virus it performs some action such as deleting a file from
the computer system. Viruses can’t be controlled by remote. The ILOVEYOU
virus spreads through email attachments.
Difference between Worms and Virus :
Basis of
Sr.No. Comparison WORMS VIRUS
A Virus is a malicious
A Worm is a form of malware executable code attached to
that replicates itself and can another executable file
spread to different computers via which can be harmless or
1. Definition Network. can modify or delete data.
Trojan Horse:
A standalone malicious program that may give full control of an infected
PC to another PC is called a Trojan horse.
This is actually a code segment that tries to misuse its own environment.
They somehow look attractive but on the other hand, they are really
harmful and they actually serve as virus carriers.
It may make copies of them, harm the host computer systems, or steal
information.
The Trojan horse will actually do damage once installed or run on your
computer but at first, a glance will appear to be useful software.
Trojans are designed as they can cause serious damage by deleting files
and destroying information on your system.
Trojans allow confidential or personal information to be compromised by
the system creating a backdoor on your computer that gives unauthorized
users access to your system.
Unlike Trojans do not self-replicate or reproduce by infecting other files
nor do they self-replicate which means Trojan horse viruses differ from other
computer viruses and do not spread themselves.
The most popular Trojan horses are Beast, Zeus, The Blackhole Exploit
Kit, Flashback Trojan, Netbus, Subseven, Y3K Remote Administration Tool,
and Back Orifice.
2.Trap Door:
A trap door is kind of a secret entry point into a program that allows
anyone to gain access to any system without going through the usual
security access procedures.
Another definition of a trap door is it is a method of bypassing normal
authentication methods. Therefore it is also known as a back door.
Trap Doors are quite difficult to detect and also in order to find them the
programmers or the developers have to go through the components of the
system.
Programmers use Trap door legally to debug and test programs. Trap
doors turn to threats when any dishonest programmers gain illegal access.
Program development and software update activities should be the first
focus of security measures. The operating system that controls the trap
doors is difficult to implement.
The word Steganography is derived from two Greek words- ‘stegos’ meaning
‘to cover’ and ‘grayfia’, meaning ‘writing’, thus translating to ‘covered writing’, or
‘hidden writing’. Steganography is a method of hiding secret data, by
embedding it into an audio, video, image, or text file. It is one of the methods
employed to protect secret or sensitive data from malicious attacks.
How is it different from cryptography?
Cryptography and steganography are both methods used to hide or protect
secret data. However, they differ in the respect that cryptography makes the
data unreadable, or hides the meaning of the data, while steganography hides
the existence of the data.
In layman’s terms, cryptography is similar to writing a letter in a secret
language: people can read it, but won’t understand what it means. However, the
existence of a (probably secret) message would be obvious to anyone who
sees the letter, and if someone either knows or figures out your secret
language, then your message can easily be read.
If you were to use steganography in the same situation, you would hide the
letter inside a pair of socks that you would be gifting the intended recipient of
the letter. To those who don’t know about the message, it would look like there
was nothing more to your gift than the socks. But the intended recipient knows
what to look for, and finds the message hidden in them.
Similarly, if two users exchanged media files over the internet, it would be more
difficult to determine whether these files contain hidden messages than if they
were communicating using cryptography.
Cryptography is often used to supplement the security offered by
steganography. Cryptography algorithms are used to encrypt secret data before
embedding it into cover files.
Image Steganography –
As the name suggests, Image Steganography refers to the process of hiding
data within an image file. The image selected for this purpose is called
the cover image and the image obtained after steganography is called
the stego image.
How is it done?
An image is represented as an N*M (in case of grayscale images) or N*M*3 (in
case of color images) matrix in memory, with each entry representing the
intensity value of a pixel. In image steganography, a message is embedded into
an image by altering the values of some pixels, which are chosen by an
encryption algorithm. The recipient of the image must be aware of the same
algorithm in order to know which pixels he or she must select to extract the
message.
In this example, we first convert the secret text into binary form. We then modify
the least significant bit of each color channel (red, green, and blue) of the image
pixels to store the binary representation of the secret text. To extract the secret
text, we retrieve the least significant bit of each color channel and convert it
back to ASCII characters.
Some of the features of image steganography in cryptography are:
Secrecy: The primary feature of image steganography is secrecy. The secret
information is hidden within the image in a way that is not easily detectable by
an unauthorized person.
Capacity: The capacity of an image to carry secret information depends on the
size of the image and the amount of information to be hidden. Generally, larger
images have a higher capacity to carry secret information.
Robustness: The image steganography technique should be robust, i.e., it
should be able to withstand image processing techniques like compression,
cropping, and resizing without affecting the hidden information.
Security: The security of the hidden information is of utmost importance. The
image steganography technique should be designed in such a way that it is
resistant to attacks like statistical analysis and brute force attacks.
Efficiency: The image steganography technique should be efficient, i.e., it
should be able to hide the secret information in the image quickly and
effectively.
Concealment: The hidden information should be concealed in the image in a
way that it is not easily distinguishable from the original image.
Retrieval: The hidden information should be retrievable by the authorized party
using a decryption key or algorithm.
Advantages of Image Steganography:
Security: Image steganography provides a high level of security for secret
communication as it hides the secret message within the image, making it
difficult for an unauthorized person to detect it.
Capacity: Image steganography has a high capacity to carry secret information
as it can hide a large amount of data within an image.
Covert Communication: Image steganography provides a covert means of
communication, as the existence of the secret message is hidden within the
image.
Robustness: Steganography techniques are often designed to be robust,
meaning that the hidden message can remain intact even when the image
undergoes common image processing operations like compression or resizing.
Resistance to Cryptanalysis: Steganography can make it difficult for
cryptanalysts to detect and analyze hidden messages as the message is
camouflaged within the image, making it difficult to separate from the image’s
natural features.
Disadvantages of Image Steganography:
Detection: Steganography can be detected if a person has the right tools and
techniques, so it is not a foolproof method of securing communication.
Complexity: Steganography can be complex and requires specialized tools
and knowledge to implement effectively.
Lengthy Transmission Time: Hiding data within an image can be a time-
consuming process, especially for large files, which can slow down the
transmission of data.
Susceptibility to Data Loss: The hidden message may be lost or distorted
during the transmission or processing of the image, resulting in a loss of data.
Misuse: Steganography can be misused for illegal activities, including hiding
malicious code or malware within an image, making it difficult to detect and
prevent cybersecurity attacks.
1. Commercial Sniffers –
Commercial sniffers are used to maintain and monitor information over the
network. These sniffers are used to detect network problems. Network
General Corporation (NGC) is a company that offers commercial sniffers.
These can be used for:
1. Fault analysis to detect problems in a network.
2. Underground Sniffers –
Underground sniffers are malicious programs used by hackers to capture
information over a network when underground sniffers are installed on the
router, it can breach security of any network that passes through the router.
It can capture:
1. Confidential messages like email.
Components of a Sniffer:
To capture the information over the network sniffer uses the following
components:
1. Hardware –
Sniffers use standard network adapters to capture network traffic.
2. Capture Driver –
Capture Driver captures network traffic from Ethernet wire, filters that
network traffic for information that you want, and then stores the filtered
information in a buffer.
3. Buffer –
When a sniffer captures data from a network, it stores data in a buffer. There
are 2 ways to store captured data –
1. You can store data until the buffer is filled with information
4. Decoder –
The information that travels over the network is in binary format, which is not
readable. you can use a decoder to interpret this information and display it in
a readable format. A decoder helps you analyze how information is passed
from one computer to other.
Placement of Sniffer:
The most common places where you can place sniffers are:
1. Computer
2. Cable wires
3. Routers
4. Network segments connected to the internet
In the above figure, it can be seen that attack captures the victim’s
session ID to gain access to the server by using some packet sniffers.
Cross Site Scripting(XSS Attack)
Attacker can also capture victim’s Session ID using XSS attack by
using javascript. If an attacker sends a crafted link to the victim with
the malicious JavaScript, when the victim clicks on the link, the
JavaScript will run and complete the instructions made by the attacker.
<SCRIPT type="text/javascript">
</SCRIPT>
IP Spoofing
Spoofing is pretending to be someone else. This is a technique used
to gain unauthorized access to the computer with an IP address of a
trusted host. In implementing this technique, attacker has to obtain the
IP address of the client and inject his own packets spoofed with the IP
address of client into the TCP session, so as to fool the server that it is
communicating with the victim i.e. the original host.
Blind Attack
If attacker is not able to sniff packets and guess the correct sequence
number expected by server, brute force combinations of sequence
number can be tried.
Mitigation
To defend a network with session hijacking, a defender has to implement both
security measures at Application level and Network level. Network level hijacks
can be prevented by Ciphering the packets so that the hijacker cannot decipher
the packet headers, to obtain any information which will aid in spoofing. This
encryption can be provided by using protocols such as IPSEC, SSL, SSH etc.
Internet security protocol (IPSEC) has the ability to encrypt the packet on some
shared key between the two parties involved in communication. IPsec runs in
two modes: Transport and Tunnel.
In Transport Mode only the data sent in the packet is encrypted while in Tunnel
Mode both packet headers and data are encrypted, so it is more restrictive.
Session hijacking is a serious threat to Networks and Web applications on web
as most of the systems are vulnerable to it.
A buffer is a temporary area for data storage. When more data (than was
originally allocated to be stored) gets placed by a program or system process,
the extra data overflows. It causes some of that data to leak out into other
buffers, which can corrupt or overwrite whatever data they were holding.
In a buffer-overflow attack, the extra data sometimes holds specific
instructions for actions intended by a hacker or malicious user; for example, the
data could trigger a response that damages files, changes data or unveils
private information.
Attacker would use a buffer-overflow exploit to take advantage of a program
that is waiting on a user’s input. There are two types of buffer overflows: stack-
based and heap-based. Heap-based, which are difficult to execute and the least
common of the two, attack an application by flooding the memory space
reserved for a program. Stack-based buffer overflows, which are more common
among attackers, exploit applications and programs by using what is known as
a stack memory space used to store user input.
Let us study some real program examples that show the danger of such
situations based on the C.
In the examples, we do not implement any malicious code injection but just to
show that the buffer can be overflow. Modern compilers normally provide
overflow checking option during the compile/link time but during the run time it
is quite difficult to check this problem without any extra protection mechanism
such as using exception handling.
C
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
exit(0);
strcpy(buffer, argv[1]);
printf("strcpy() executed...\n");
return 0;
Compile this program in Linux and for output use command output_file
INPUT
DOS DDOS
In Dos attack single system targets the In DDoS multiple systems attacks the victims
victim system. system..
Victim PC is loaded from the packet of Victim PC is loaded from the packet of data
data sent from a single location. sent from Multiple location.
In DOS Attack only single device is used In DDoS attack,The volumeBots are used to
with DOS Attack tools. attack at the same time.
DOS Attacks are Easy to trace. DDOS Attacks are Difficult to trace.
SQL injection is a technique used to extract user data by injecting web page
inputs as statements through SQL commands. Basically, malicious users can
use these instructions to manipulate the application’s web server.
1. SQL injection is a code injection technique that can compromise your
database.
2. SQL injection is one of the most common web hacking techniques.
3. SQL injection is the injection of malicious code into SQL statements via
web page input.
The Exploitation of SQL Injection in Web Applications
Web servers communicate with database servers anytime they need to retrieve
or store user data. SQL statements by the attacker are designed so that they
can be executed while the web server is fetching content from the application
server. It compromises the security of a web application.
Example of SQL Injection
Suppose we have an application based on student records. Any student can
view only his or her own records by entering a unique and private student ID.
Suppose we have a field like the one below:
Student id: The student enters the following in the input field: 12222345 or
1=1.
Query:
SELECT * from STUDENT where
STUDENT-ID == 12222345 or 1 = 1
Now, this 1=1 will return all records for which this holds true. So basically, all
the student data is compromised. Now the malicious user can also delete the
student records in a similar fashion. Consider the following SQL query.
Query:
SELECT * from USER where
USERNAME = “” and PASSWORD=””
Now the malicious can use the ‘=’ operator in a clever manner to retrieve
private and secure user information. So instead of the above-mentioned query
the following query when executed retrieves protected data, not intended to be
shown to users.
Query:
Select * from User where
(Username = “” or 1=1) AND
(Password=”” or 1=1).
Since 1=1 always holds true, user data is compromised.
Impact of SQL Injection
The hacker can retrieve all the user data present in the database such as user
details, credit card information, and social security numbers, and can also gain
access to protected areas like the administrator portal. It is also possible to
delete user data from the tables.
Nowadays, all online shopping applications and bank transactions use back-
end database servers. So in case the hacker is able to exploit SQL injection,
the entire server is compromised.
Preventing SQL Injection
User Authentication: Validating input from the user by pre-defining length,
type of input, of the input field and authenticating the user.
Restricting access privileges of users and defining how much amount of
data any outsider can access from the database. Basically, users should not
be granted permission to access everything in the database.
Do not use system administrator accounts.
For more details, you can refer to How to Protect Against SQL Injection
Attacks? article.
SQL in Web Pages
SQL injection typically occurs when you ask a user for input, such as their
username/user ID, instead of their name/ID, and the user gives you an SQL
statement that you execute without the knowledge about your database.
txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users
WHERE UserId = " + txtUserId;
SQL Injection Based on Batched SQL Statements
1. Most databases guide batch SQL statements.
2. A batch of SQL statements is a collection of two or more square
statements separated by using semicolons.
The SQL declaration underneath will return all rows from the “users” desk after
which delete the “Employees ” table.
Query:
SELECT * FROM Users;
DROP TABLE Employees
Look at the following example:
Syntax:
txtEmpId = getRequestString("EmpId");
txtSQL = "SELECT * FROM Users
WHERE EmpId = " + txtEmpId;
The valid SQL statement would look like this:
Identity Theft also called Identity Fraud is a crime that is being committed by a
huge number nowadays. Identity theft happens when someone steals your
personal information to commit fraud. This theft is committed in many ways by
gathering personal information such as transactional information of another
person to make transactions.
Prerequisite – Cyber Crime, and Cybercrime causes and measures to prevent
it
Example: Thieves use different mechanisms to extract information about
customers’ credit cards from corporate databases, once they are aware of the
information they can easily degrade the rating of the victim’s credit card. Having
this information with the thieves can make you cause huge harm if not notified
early. With these false credentials, they can obtain a credit card in the name of
the victim which can be used for covering false debts.
Types of Identity Thefts:
There are various amount of threats but some common ones are :
Criminal Identity Theft – This is a type of theft in which the victim is
charged guilty and has to bear the loss when the criminal or the thief backs
up his position with the false documents of the victim such as ID or other
verification documents and his bluff is successful.
Senior Identity Theft – Seniors with age over 60 are often targets of
identity thieves. They are sent information that looks to be actual and then
their personal information is gathered for such use. Seniors must be aware
of not being the victim.
Driver’s license ID Identity Theft – Driver’s license identity theft is the
most common form of ID theft. All the information on one’s driver’s license
provides the name, address, and date of birth, as well as a State driver’s
identity number. The thieves use this information to apply for loans or credit
cards or try to open bank accounts to obtain checking accounts or buy cars,
houses, vehicles, electronic equipment, jewelry, anything valuable and all
are charged to the owner’s name.
Medical Identity Theft – In this theft, the victim’s health-related
information is gathered and then a fraud medical service need is created
with fraud bills, which then results in the victim’s account for such services.
Tax Identity Theft – In this type of attack attacker is interested in
knowing your Employer Identification Number to appeal to get a tax refund.
This is noticeable when you attempt to file your tax return or the Income Tax
return department sends you a notice for this.
Social Security Identity Theft – In this type of attack the thief intends to
know your Social Security Number (SSN). With this number, they are also
aware of all your personal information which is the biggest threat to an
individual.
Synthetic Identity Theft – This theft is uncommon to the other thefts,
thief combines all the gathered information of people and they create a new
identity. When this identity is being used than all the victims are affected.
Financial Identity Theft – This type of attack is the most common type of
attack. In this, the stolen credentials are used to attain a financial benefit.
The victim is identified only when he checks his balances carefully as this is
practiced in a very slow manner.
Techniques of Identity Thefts : Identity thieves usually hack into corporate
databases for personal credentials which requires effort but with several social-
engineering techniques, it is considered easy. Some common identity theft
techniques are:
Pretext Calling – Thieves pretending to be an employee of a company
over phone asking for financial information are an example of this theft.
Pretending as legitimate employees they ask for personal data with some
buttery returns.
Mail Theft – This is a technique in which credit card information with
transactional data is extracted from the public mailbox.
Phishing – This is a technique in which emails pertaining to be from
banks are sent to a victim with malware in it. When the victim responds to
mail their information is mapped by the thieves.
Internet – Internet is widely used by the world as attackers are aware of
many techniques of making users get connected with public networks over
Internet which is controlled by them and they add spyware with downloads.
Dumpster Diving – This is a technique that has made much information
out of the known institutions. As garbage collectors are aware of this they
search for account related documents that contain social security numbers
with all the personal documents if not shredded before disposing of.
Card Verification Value (CVV) Code Requests – The Card Verification
Value number is located at the back of your debit cards. This number is used
to enhance transaction security but several attackers ask for this number
while pretending as a bank official.
Steps Of Prevention From Identity Theft:
Following are some methods by which you can enhance your security for
identity thefts :
1. Use Strong Passwords and do not share your PIN with anyone on or off
the phone.
2. Use two-factor notification for emails.
3. Secure all your devices with a password.
4. Don’t install random software from the internet.
5. Don’t post sensitive information over social media.
6. While entering passwords at payment gateway ensure its authenticity.
7. Limit the personal information to be carried with out.
8. Keep a practice of changing your PIN and password regularly.
9. Do not disclose your information over phone.
10. While traveling do not disclose personal information with strangers.
11. Never share your Aadhaar/PAN number (In India) with anyone whom you
do not know/trust.
12. Never share your SSN (In US) with anyone whom you do not know/trust.
13. Do not make all the personal information on your social media accounts
public.
14. Please never share an Aadhaar OTP received on your phone with
someone over a call.
15. Make sure that you do not receive unnecessary OTP SMS about Aadhaar
(if you do, your Aadhaar number is already in the wrong hands).
16. Do not fill personal data on the website that claims to offer benefits in
return.
17. Last, be a keeper of personal knowledge.
Social engineering is the act of manipulating people into giving up private or
confidential information by appearing to be a likely insiders. For example,
asking a person for help with your car and saying you know someone who can
fix it if they get you keys to the vehicle. Some people might trust that story and
give up their keys, but others might see social engineering as a scam and not
hand over any personal information.
Methodology:
Footprinting is an assault using various sorts of distractions in order to gain
access to the target’s office or building without any suspicion being raised. This
is beneficial when an attacker wants to do something illegal, such as stealing
files from confidential or proprietary files on company computers, committing
fraud, etc. Footprinting is a much less stealthy method than social engineering,
but it always has the advantage of having a low profile and a low chance of
being caught. Footprinting is useful in cases where an attacker does not have
any special access to the target building and wants to get into it. For example, if
someone wanted to commit fraud in a bank and did not know any employees or
had no contact with banks previously, footprinting would be used to gain access
because an attacker or fraudster would not have any previous information on
bank employees or customs they follow so footprinting is the best way for him to
find out information about them. These are all valuable pieces of information
when wanting to commit fraud in a bank.
Port scan attack is being used by attackers based on the services and
security of the cyber network.
If proper security mechanisms including authentication methods are not
properly implemented, then they become a target attack point for Cyber-
Attackers.
Cybercriminals make use of the vulnerable target security breaches and
open port information to get into the user/ organization systems.
Prevention:
The preventive ways for Port Scan attack are listed as follows :
Secured Firewalls:
A firewall can be used to track the traffic of open ports, including
both incoming and outgoing traffic from the network.
Identification of an open port is that the target post involved here is
bound to respond with packets, which shows that the target host
listens on the port.
Strong Security Mechanisms:
Computer systems with strong security can protect open ports from
being exploited.
Security administrators should be well aware that any harmful
attack should not be allowed access to computer open ports.
Parameters
-a RemoteName
Parameters
-A IPAddress
-c
-n
-r
-RR
-s
-S
Interval
There are several countermeasures which can be taken into account for the
mitigation of several kinds of enumeration:
1. NetBIOS Enumeration:
Disable SMB and NetBIOS.
Use a network firewall.
Prefer Windows firewall/ software firewalls.
Disable sharing.
2. SNMP Enumeration:
Eliminate the specialist or shut off the SNMP administration.
In the event that stopping SNMP isn’t a choice, at that point change the
default network string names.
Move up to SNMP3, which encodes passwords and messages.
Actualize the Group Policy security alternative.
3. LDAP Enumeration:
Utilize SSL technology to encrypt the traffic.
Select a username unique in relation to your email address and empower
account lockout.
4. NTP Enumeration:
Configure MD5 Layer.
Configure NTP Authentication.
Upgrade NTP version.
5. SMTP Enumeration:
Ignore email messages to unknown recipients.
Disable open relay feature.
Breaking point the number of acknowledged associations from a source
to forestall brute force exploits.
Not to include sensitive mail server and localhost information in mail
responses.
6. DNS Enumeration Using Zone Transfer:
Incapacitate the DNS Zone moves to the untrusted hosts.
Make sure that the private hosts and their IP addresses are not published
in DNS zone files of the public DNS server.
Use premium DNS regulation services that hide sensitive information
such as host information from the public.
Utilize standard organization administrator contacts for DNS enlistment to
maintain a strategic distance from social designing assaults.
Avoid publishing Private IP address information into the zone file.
Disable Zone Transfer for untrusted hosts.
Hide Sensitive information from public hosts.
7. IPsec Enumeration:
Preshared keys utilized with both fundamental and forceful mode IKE key
trade components are available to sniffing and disconnected savage power
granulating assaults to bargain the shared mystery. You should utilize
advanced testaments or two-factor validation components to refute these
dangers.
Pre-shared keys and forceful mode IKE uphold is a catastrophe waiting to
happen. On the off chance that you should uphold forceful mode IKE, utilize
advanced declarations for verification.
Forcefully firewall and channel traffic coursing through VPN encrypted
tunnel so that, in case of a trade-off, network access is restricted. This point
is particularly significant while giving versatile clients network access,
instead of branch workplaces.
Where conceivable, limit inbound IPsec security relationship to explicit IP
addresses. This guarantees that regardless of whether an aggressor
bargains a preshared key, she can only with significant effort access the
VPN.
8. VoIP(Voice over IP) Enumeration:
This hack can be smothered by actualizing SIPS (SIP over TLS) and
confirming SIP queries and reactions (which can incorporate uprightness
insurance).
The utilization of SIPS and the verification of reactions can stifle many
related hacks including eavesdropping and message or client pantomime.
The utilization of digest confirmation joined with the utilization of TLS
between SIP telephones and SIP intermediaries can give a station through
which clients can safely validate inside their SIP domain.
Voicemail messages can be changed over to message records and
parsed by ordinary spam channels. This can just shield clients from SPIT
voicemails.
9. RPC Enumeration:
Try not to run rexd, users, or rwalld RPC administrations, since they are
of negligible utilization and give aggressors both valuable data and direct
admittance to your hosts.
In high-security conditions, don’t offer any RPC administrations to the
public Internet. Because of the unpredictability of these administrations,
almost certainly, zero-day misuse contents will be accessible to assailants
before fixed data is delivered.
To limit the danger of inner or confided in hacks against vital RPC
administrations, (for example, NFS segments, including statd, lockd, and
mountd), introduce the most recent seller security patches.
Forcefully channel egress traffic, where conceivable, to guarantee that
regardless of whether an assault against an RPC administration is effective,
an associate back shell can’t be brought forth to the hacker.
10. Unix/Linux User Enumeration:
Keep the kernel fixed and refreshed.
Never run any service as root except if truly required, particularly the web,
information base, and record mainframes.
SUID digit ought not to be set to any program which lets you getaway to
the shell.
You should never set SUID cycle on any record
supervisor/compiler/mediator as an aggressor can undoubtedly
peruse/overwrite any documents present on the framework.
Try not to give sudo rights to any program which lets you break to the
shell.
11. SMB Enumeration:
Impair SMB convention on Web and DNS mainframes.
Debilitate SMB convention web confronting mainframes.
Handicap ports TCP 139 and TCP 445 utilized by the SMB convention.
Restrict anonymous access through the RestrictNull Access parameter
from the Windows Registry.