Professional Documents
Culture Documents
Lec 2 Need For Security
Lec 2 Need For Security
Lec 2 Need For Security
Lecture-2
Engr. Asim Javaid
Objective
Recognize the threats landscape in
information security.
Outline
• Understanding the Threats
Landscape
• Exploration of various threats:
cybercrime, espionage, insider
threats.
• Discussion on evolving threat
vectors.
Understanding the Threats Landscape
Overview of Cybercrime, espionage, insider threats
Cybercrime
Malware
Phishing
Spoofing
Malware
https://www.avast.com/c-malware
Malware
• That’s one reason why you should never insert an unfamiliar USB
drive into your computer.
Common types of malware
• Ransomware
• Ransomware works by locking or denying access to your device or files until
you pay a ransom to the hacker.
• Though most adware is legally installed, it’s certainly no less annoying than
other types of malware.
Common types of malware
Common types of malware
• Trojans
• Trojans are a type of malware used to conceal another type of malware.
• Trojan malware gets its name from the stories ancient Greek poets told of
Athenian warriors hiding inside a giant wooden horse, then emerging after
Trojans pulled it within the walls of their city.
Common types of malware
• Botnets
• A botnet isn’t a type of malware, but a network of computers or computer
code that carry out or execute malware.
• Propagation phase
• This is the viral stage, when the virus begins to self-replicate, stashing copies
of itself in files, programs, or other parts of your disk.
• Malicious spoofers sometimes use a cloaked URL, which redirects you through their
own system and collects your personal information.
• They can even disguise the true destination of the URL by inserting special control
characters that contain a different meaning than the characters you see.
• Often, like in typosquatting, the URL is so similar to the intended address that you
may not notice the difference.
Types of spoofing
• IP spoofing
• IP spoofing happens at a deeper level of the internet
than email spoofing. When a hacker uses IP spoofing,
they’re messing with one of the web’s basic protocols.
Espionage :
Malware
Methods
and Social Engineering
Techniques
Exploiting Vulnerabilities
Examples of Cyber Espionage
• Advanced Persistent Threats (APTs)
• These are long-term targeted attacks by sophisticated adversaries aiming to steal
sensitive information. An example is the APT1 group associated with the Chinese
military, which conducted extensive cyber espionage campaigns against various
industries.
• Stuxnet
• A malware designed to target Iran's nuclear program, believed to be a joint effort by
American and Israeli intelligence agencies.
• NotPetya
• Although primarily considered ransomware, NotPetya was also seen as a cyber-
espionage tool used by Russia, aiming to disrupt Ukrainian infrastructure.
Impacts and
Consequences
• Financial Loss
• Companies face financial repercussions due to stolen
intellectual property or disrupted operations.
• Reputation Damage
• Breaches resulting from espionage can lead to a loss of
trust among customers, partners, or the public.
• National Security Risks
• Espionage targeting government or critical infrastructure
can pose severe national security threats.
Intellectual Property Theft
Intellectual Property
Theft
• Refers to the unauthorized acquisition, use, or
replication of proprietary information, creations, or
innovations that are protected by intellectual property
laws.
Insider Threats
Counterfeiting