Need for Security

Lecture-2
Engr. Asim Javaid
 Objective
Recognize the threats landscape in
information security.
Outline
• Understanding the Threats
Landscape
• Exploration of various threats:
cybercrime, espionage, insider
threats.
• Discussion on evolving threat
vectors.
Understanding the Threats Landscape
Overview of Cybercrime, espionage, insider threats
Cybercrime

Criminal activities conducted through the use of

computers or the internet to cause harm or gain
unauthorized access
Threats

Malware

Phishing

Spoofing
Malware

Malicious software designed to

harm, exploit, or gain
unauthorized access to systems
or data.

https://www.avast.com/c-malware
Malware

Malware is an umbrella term

for any type of “malicious Adware Spyware Viruses
software” that’s designed to
infiltrate your device without
your knowledge, cause Botnets Trojans Worms

damage or disruption to your

system, or steal data. Rootkits Ransomware
How does malware work?
How does malware work?
• Your device gets infected after you unwittingly download or install
malicious software, often by clicking on an infected link or visiting an
infected website.

• In other cases, hackers spread malware through peer-to-peer file-

sharing services and free software download bundles.

• Embedding malicious computer code in a popular torrent or

download is an effective way to spread malware across a wide user
base
How does malware work?
• Mobile devices can also be infected via text messages.
• Another technique is to load malware onto the firmware of a USB
stick or flash drive.

• Then, when the USB stick is connected to another device, the

malware will likely remain undetected, because it’s loaded onto the
device’s internal hardware (rather than its file storage).

• That’s one reason why you should never insert an unfamiliar USB
drive into your computer.
Common types of malware
• Ransomware
• Ransomware works by locking or denying access to your device or files until
you pay a ransom to the hacker.

• Any individuals or groups storing critical information on their devices are at

risk from the threat of ransomware.
How does
ransomware
spread?
• Ransomware can spread in several ways, including via
malicious email links or attachments, phishing
messages, and zero-day exploits.
Ransomware : Attack Vector
• Exploit kits
• Malicious actors develop exploit kits to take advantage of
vulnerabilities in applications, networks, or devices.
• This type of ransomware can infect any network-
connected device running outdated software.
• Phishing
• In a phishing attack, cybercriminals use social engineering
techniques to impersonate trusted contacts and send you
an email with a malicious link or attachment that’s often
disguised as a fake order form, receipt, or invoice.
• In reality, these files (a fake PDF, XLS, DOCX file) are
executable files in disguise: downloading and opening the
file triggers the ransomware attack.
Ransomware : Attack Vector
• Malvertising
• Attackers can distribute malware by embedding it in
fake online ads in a practice known as malvertising.
• While some malvertising ads only install ransomware
onto your device after you click, others download the
ransomware as soon as you load the webpage — no
clicks required.
• Drive-by downloads
• Attackers can seed websites with malware so that
when you visit, the site automatically and secretly
downloads the malware onto your device.
How a ransomware
attack works
• The ransomware encrypts your files. Malicious code in the
ransomware scrambles files or file structures so they become
unusable and inaccessible until you decrypt them.

• Ransomware tends to use data encryption methods that can

only be reversed with a specific decryption key, which is what
the ransomware attacker is asking you to pay for.

• Then, a ransom note appears on your screen after the

malware encrypts your files.
Types of ransomware
• Different types of ransomware attack range from annoying to
life-threatening.

• Some ransomware locks you out of your computer, while

others can eradicate your files and render your operating
system useless.

• All types of ransomware, by definition, have one thing in

common: a ransom demand.
 Types of
ransomware
: Filecoders
Types of ransomware
• Filecoders

• Also known as encryptors, filecoders make up 90% of

ransomware strains.

• Filecoders encrypt and lock files on infected devices.

• The attackers demand payment for decryption keys,

usually by a deadline after which they may damage,
destroy, or permanently lock your files.
 Types of
ransomware :
Screenlockers
Types of
ransomware :
Screenlockers
 • Screenlockers

• These lock you out of your device completely.

Types of
• Screenlockers tend to mimic government
ransomware institutions, like the US Department of
Homeland Security or the FBI and inform you
that you broke the law and must pay a fine to
unlock your device.
 • Doxxing

• Doxxing is not technically a form of

Types of ransomware, but it is a serious digital threat
that can involve a ransom demand.

ransomware • Through a malicious file or link, the attacker

gains access to your private data, including
usernames, passwords, credit card numbers,
and passport details.
 • Scareware
• Scareware is a fake software program that
claims to have found issues on your computer
Types of and demands payment to fix them.

ransomware • Scareware typically bombards your screen with

pop-ups and alert messages. Some strains
behave more like screenlockers, locking up
your computer or mobile device until you pay.
Common types of malware
• Spyware
• Collects information about a device or network and relays this data back to
the attacker.

• Hackers typically use spyware such as Pegasus to monitor a person’s internet

activity and harvest personal data, including login credentials, credit card
numbers, or financial information that can be used to commit identity theft.
Common types of malware
• Worms
• Designed with one goal in mind: proliferation.

• A worm infects a computer, then replicates itself, spreading to additional

devices while remaining active on all infected machines.

• Some worms act as delivery agents to install additional malware. Other

types of worms are designed only to spread, without intentionally causing
harm to their host machines
Common types of malware
• Adware
• Used to create revenue for the malware developer by bombarding an
infected device with unwanted advertisements.

• Common types of adware include free games or browser toolbars. These

types of adware collect personal data about the victim, and then use it to
personalize the ads they display.

• Though most adware is legally installed, it’s certainly no less annoying than
other types of malware.
Common types of malware
Common types of malware
• Trojans
• Trojans are a type of malware used to conceal another type of malware.

• Trojan malware infiltrates a victim’s device by presenting itself as legitimate

software. Once installed, the trojan activates, sometimes going so far as to
download additional malware.

• Trojan malware gets its name from the stories ancient Greek poets told of
Athenian warriors hiding inside a giant wooden horse, then emerging after
Trojans pulled it within the walls of their city.
Common types of malware
• Botnets
• A botnet isn’t a type of malware, but a network of computers or computer
code that carry out or execute malware.

• Attackers infect a group of computers with malicious software known as

“bots,” which receive commands from their controller.

• Computers connected in a botnet form a network, providing the controller

access to a substantial degree of collective processing power, which can be
used to coordinate DDoS attacks, send spam, steal data, and create fake ads
on your browser
Computer Virus
What is a computer virus?
What is a computer virus?
• A computer virus is a type of malware that attaches itself to
other programs, self-replicates, and spreads from one
computer to another.

• When a virus infects a computer, it makes copies of itself and

attaches to other files or documents. It then modifies those
files and continues to spread

• Viruses infect computers discreetly, and they’re often

designed to destroy personal files or gain control of devices.
How do computer viruses work?
• To understand how computer viruses work, it’s helpful to split them
into two categories
• those that begin to infect and replicate as soon as they land on your
computer
• and those that lie dormant, waiting for you to unwittingly execute the code
Computer virus :Phases
• Dormant phase
• This is when the virus is hidden on your system, lying in wait

• Propagation phase
• This is the viral stage, when the virus begins to self-replicate, stashing copies
of itself in files, programs, or other parts of your disk.

• The clones may be slightly altered in an attempt to avoid detection, and

these copies will also self-replicate, creating more clones that continue to
copy and spread.
Computer virus :Phases
• Triggering phase
• A specific action is generally required to trigger or activate the virus.
• This could be a user action, like clicking an icon or opening an app.
• Other viruses are programmed to come to life after a certain amount of time,
such as a logic bomb designed to trigger after your computer has rebooted a
certain number of times
• Execution phase
• Now the virus’s program is executed and releases its payload, the malicious
code that harms your device.
How do computer viruses spread?
• Emails
• Common attack method of cybercriminals, emails like those used in phishing attacks can carry harmful
attachments, malicious links, or even an infection right in the email body’s HTML.
• Downloads
• Hackers can hide viruses in apps, documents sent over file-sharing services, plug-ins, and most other places
where files are available to download.
• Messaging services
• Viruses can be spread through SMS messages or messaging services like Facebook Messenger, WhatsApp, and
Instagram. There, as with email, they also take the form of malicious links, attachments, or executable files.
• Old software
• If you don’t update your apps or operating system, you may be exposing yourself to vulnerabilities that
cybercrooks can exploit to spread computer viruses.
• Malvertising
• Viruses can be hidden in online advertisements, such as banner ads delivered through ad exchanges.
Malvertising lets perpetrators hide malicious code even in legitimate, trusted websites like the New York
Times and the BBC, both of which have been hit.
What computer viruses do
• Slow or stuttering performance
• Corrupted or deleted files
• Incessant pop-ups or adware
• Program failure and operating system crashes
• A constantly spinning hard drive
• Malfunctioning apps, files, and other programs
Phishing
• Phishing is a form of social engineering
• Often carried out via email
• Where attackers attempt to trick legitimate users into revealing sensitive
information or performing an undesirable act
What is Phishing?
• Attackers may trick victims into clicking on a link that will direct them
to a fake website. The website will ask them to enter sensitive
information like login credentials

• Google Security Survey

• Direct victims to download attachments that will infect their system

with dangerous malware or ransomware
How Does Phishing Work?
Phishing : History
• This term “phishing” was first used in the 1990s in reference to the
first publicly-available automated phishing tool, AOHell

• AOHell helped attackers steal credit card information and passwords

from AOL users

• “Nigerian Prince” scams via email

• It resulted in losses of $2.5 billion in 2020
Phishing : Attack Vector
• Text messages (smishing)
• Social media
• Phone calls (vishing)
• Even, Platforms for video conferencing, workforce messaging and file-
sharing also used for phishing
Phishing : Techniques
• Bait Creation
• Phishers craft messages, usually emails, that appear legitimate and trustworthy. They
often mimic well-known companies, government agencies, or organizations to trick
recipients into thinking the communication is genuine.
• Social Engineering
• Phishers use psychological tactics to manipulate recipients’ emotions and behavior.
They may create a sense of urgency, curiosity, fear, or excitement to compel
recipients to take immediate action without thinking.
• Deceptive Content
• Phishing messages contain links or attachments that, when clicked or opened, lead
to malicious websites or deliver malware. These links often appear valid but redirect
to fake sites designed to steal login credentials or personal data.
Phishing : Techniques
• Spoofed Websites
• Phishers create fake websites that closely resemble legitimate ones. These
sites are designed to capture sensitive information entered by victims,
thinking they are interacting with the genuine site.
• Credential Theft
• Fake websites prompt victims to enter usernames and passwords. Once
entered, this information is captured by the phisher, allowing unauthorized
access to victims’ accounts.
Phishing : Techniques
• Malware Delivery
• Phishing emails might include infected attachments. When opened, these
attachments can install malware onto the victim’s device.
• Spear Phishing
• In targeted attacks, phishers research their victims (often using social media)
and craft highly personalized messages.
• Business Email Compromise (BEC)
• Phishers target businesses by posing as executives or employees, requesting
financial transactions or sensitive information from colleagues.
Phishing : Techniques
• Vishing and Smishing
• Phishing attacks can also occur over phone calls (vishing) or SMS messages
(smishing), where attackers impersonate legitimate entities to extract
information.
• Data Harvesting
• Phishing campaigns aim to collect a large volume of personal data, which can
then be sold on the dark web or used for identity theft, fraud, or further
targeted attacks.
Phishing : Methods
• Standard Email Phishing: The scammer sends numerous fake emails asking recipients to
share their personal information or login credentials. These en masse attacks work very
well in organizations with low phishing awareness.
• Spear Phishing: This attack targets specific individuals. Attackers present themselves as a
genuine sender and send personalized emails to the target. Since the message includes
specific details, it appears authentic, so the recipient has no reason not to trust the
message or the sender.
• Whaling: A whaling attack targets the “big fish” such as C-suite executives. It involves
sophisticated social engineering tactics to manipulate the victims into wiring large
amounts of money into the attacker’s account.
• Business Email Compromise (BEC): The attacker sends fraudulent emails by spoofing a
genuine account owner’s email address in order to steal money from the company.
• Malware Phishing: In a malware phishing attack, the attacker trick victims into
downloading an attachment that will install malware on their devices.
Phishing : Types
• Pharming
• Installing malicious code on a victim’s device
• Evil Twin Phishing
• The scammer sets up a false WiFi network that looks real
• Angler Phishing
• The use of fake social media posts to get a victim to provide login info
• Search Engine Phishing
• The attacker makes fake products that pop up on a search engine and
encourages a victim to enter sensitive information to complete the purchase
Spoofing
What is spoofing?
What is spoofing?

• Spoofing is a cybercrime that happens when

someone impersonates a trusted contact or
brand, pretending to be someone you trust in
order to access sensitive personal information.

• Spoofing attacks copy and exploit the identity of

• your contacts
• the look of well-known brands
• or the addresses of trusted websites
What is spoofing?
• With these types of spoofing attacks, hackers try to trick you
into exposing sensitive personal information.

• Spoofing attacks can also happen on a more technical level,

through DNS or IP address spoofing.

• Spoofing in network security involves fooling a computer or

network by using a falsified IP address, redirecting internet traffic
at the DNS (Domain Name System) level, or faking ARP (Address
Resolution Protocol) data within a local access network (LAN)
Types of spoofing
• Email spoofing
• When a hacker creates and sends emails from a
forged email address that their intended victim will
recognize, like one used by their bank.

• In corporate settings, hackers may impersonate high-

ranking executives or business partners and request
inside information from employees
Types of spoofing
• Website spoofing
• Website spoofing is when a hacker creates a fake website that looks like a legitimate
one. When you log in, the hacker gets your credentials. Then, they can use your
username and password to access your account.

• Malicious spoofers sometimes use a cloaked URL, which redirects you through their
own system and collects your personal information.

• They can even disguise the true destination of the URL by inserting special control
characters that contain a different meaning than the characters you see.

• Often, like in typosquatting, the URL is so similar to the intended address that you
may not notice the difference.
Types of spoofing
• IP spoofing
• IP spoofing happens at a deeper level of the internet
than email spoofing. When a hacker uses IP spoofing,
they’re messing with one of the web’s basic protocols.

• Many closed networks are configured to accept

packets only from a pre-approved range of IP
addresses. This security measure prevents unknown
devices from getting inside. A hacker can use an IP
spoofing attack to change the IP address of their
device and fool an otherwise secure network into
letting them in.
Types of spoofing
• ARP spoofing

• Address Resolution Protocol (ARP) spoofing lets a hacker

infiltrate a local network (LAN) by masking their computer
as a network member.

• Hackers use ARP spoofing to steal information with man-

in-the-middle attacks, where a hacker intercepts a
conversation and impersonates both participants to
collect the information being transmitted
Types of spoofing
• DNS spoofing
• Also known as DNS cache poisoning, DNS spoofing
diverts victims from one website to another.

• A hacker will poison a target website’s listing in a

DNS server by changing its associated IP address to
one of their choosing, which then redirects victims
to fraudulent websites that harvest personal data or
inject malware into their computers.
Types of spoofing
• Caller ID spoofing
• Because they can make their calls appear to be
coming from a trusted number or specific geographic
region, ID spoofing is popular with robocallers.

• Once a victim answers the phone, the attacker tries

to convince them to divulge sensitive information.

• Caller ID spoofing can also be used to send spoofed

or spam text messages.
Types of spoofing
• GPS spoofing
• Some people misrepresent their physical location by
faking their GPS coordinates.

• Any mobile app that relies on smartphone location data

is a potential target for GPS spoofing attacks.
Types of spoofing
• SMS spoofing
• Hackers can send spoofed SMS messages that
appear to be coming from another number.

• SMS spoofing attacks often contain malicious

links that, when clicked, will lead to spoofed
websites. Others will encourage the victim to
download something that turns out to be
malware.
Social
Engineering
Manipulating individuals to divulge
confidential information or perform
actions

Types: Pretexting, Baiting,

Tailgating with brief explanations
Examples: Real-world scenarios
depicting social engineering attacks
DDoS Attacks
Overwhelming a system or network to
disrupt service availability.

Methodology: How DDoS attacks work

and their impact on targeted systems

Visual representation of a network

under a DDoS attack
Espionage
Espionage ?

Espionage refers to the practice of obtaining

confidential or classified information from
governments, organizations, or individuals without
their knowledge or consent. It typically involves
stealthy activities carried out by spies or intelligence
agents working for a foreign government,
organization, or entity.
Espionage ?

Cyber espionage involves infiltrating networks, systems, or

devices to steal sensitive data such as intellectual property,
trade secrets, financial information, classified government
documents, or personal data. Attackers use this stolen
information for economic, political, or personal gain.
 Phishing

Espionage :
Malware
Methods
and Social Engineering

Techniques
Exploiting Vulnerabilities
Examples of Cyber Espionage
• Advanced Persistent Threats (APTs)
• These are long-term targeted attacks by sophisticated adversaries aiming to steal
sensitive information. An example is the APT1 group associated with the Chinese
military, which conducted extensive cyber espionage campaigns against various
industries.
• Stuxnet
• A malware designed to target Iran's nuclear program, believed to be a joint effort by
American and Israeli intelligence agencies.
• NotPetya
• Although primarily considered ransomware, NotPetya was also seen as a cyber-
espionage tool used by Russia, aiming to disrupt Ukrainian infrastructure.
Impacts and
Consequences
• Financial Loss
• Companies face financial repercussions due to stolen
intellectual property or disrupted operations.
• Reputation Damage
• Breaches resulting from espionage can lead to a loss of
trust among customers, partners, or the public.
• National Security Risks
• Espionage targeting government or critical infrastructure
can pose severe national security threats.
Intellectual Property Theft
Intellectual Property
Theft
• Refers to the unauthorized acquisition, use, or
replication of proprietary information, creations, or
innovations that are protected by intellectual property
laws.

• It involves stealing valuable ideas, inventions, trade

secrets, or creative works for various illicit purposes,
such as gaining a competitive advantage, financial gain,
or undermining an entity's market position.
Types of Intellectual Property
• Patents
• Protect inventions or innovations, granting exclusive rights for a
specified period.
• Copyrights
• Safeguard original works of authorship, including literary, artistic, or
creative works.
• Trademarks
• Protect symbols, names, or designs that distinguish products or
services in the market.
• Trade Secrets
• Include confidential business information (e.g., formulas,
processes, customer lists) providing a competitive advantage.
Forms of Intellectual Property
Theft
Cyber Espionage

• Attackers infiltrate networks to steal proprietary data, such as

product designs, source code, or trade secrets.

Insider Threats

• Employees or insiders with access to sensitive information may

steal or leak intellectual property.

Counterfeiting

• Illegally replicating products or goods, violating trademarks or

patents.
Insider Threats
Insider Threats
• Refer to risks posed to an organization's security, data, or
resources by individuals within the organization itself.

• These threats can stem from current or former employees,

contractors, or business associates who misuse their access,
privileges, or knowledge for malicious purposes or
inadvertently compromise security due to negligence.
Types of Insider Threats
• Malicious Insiders
• Individuals intentionally exploit their access to steal data, sabotage systems,
or cause harm to the organization.
• Motivations can include financial gain, revenge, or ideology.
• Negligent Insiders
• Employees who unintentionally compromise security by disregarding security
protocols, falling victim to social engineering attacks, or failing to follow best
practices due to carelessness or lack of awareness.
• Compromised Insiders
• Personnel whose credentials or systems have been compromised by external
threats, turning them into unwitting facilitators of cyberattacks.
Examples of Insider
Threats
• Data Theft
• An employee copying sensitive data before leaving
the company to sell or use elsewhere.
• Sabotage
• A disgruntled employee intentionally deleting critical
files or disrupting systems before leaving.
• Unintentional Breach
• Sharing sensitive information through email or social
media by mistake
Emerging Threats
AI Threats
Adversarial Machine Learning
• Adversarial attacks involve manipulating AI models by
introducing subtly crafted inputs (adversarial examples) to
deceive or mislead the machine learning algorithms

• These attacks can lead to misclassification of data,

undermining the integrity and reliability of AI systems
Deepfake Technology
• Deepfakes use AI-generated synthetic media to create
fake videos, audio recordings, or images that appear
genuine but are entirely fabricated

• Misuse of deepfakes can lead to disinformation

campaigns, defamation, and fraud, posing significant
challenges for authentication and trust
AI-Powered Cyberattacks
• Attackers can use AI algorithms to automate and enhance various
cyberattacks, such as spear-phishing, malware creation, or password
cracking

• Increased sophistication and efficiency of cyber threats, making them

harder to detect and defend against
Emerging Threats
IoT Threats
 IoT devices often have limited
security features and can be
susceptible to vulnerabilities due to
insecure configurations, weak
Device passwords, or lack of updates
Vulnerabilities Exploitation of these vulnerabilities
can lead to unauthorized access,
data breaches, or device
manipulation.
Botnets and DDoS
Attacks
• Compromised IoT devices can be recruited into botnets,
used by attackers to launch Distributed Denial of Service
(DDoS) attacks, overwhelming networks or services.

• Disruption of services, network outages, and financial

losses for businesses relying on online services.
Privacy Concerns
• IoT devices collect vast amounts of user data, raising
privacy concerns if this data is misused, leaked, or
accessed without consent.

• Potential compromise of sensitive personal information,

leading to privacy violations and identity theft.
Emerging Threats
Quantum Computing Threats
Quantum Computing Threats
• Quantum computers, once fully developed, could break
traditional encryption algorithms, compromising the security
of current encryption methods.

• The advent of quantum computers poses a risk to the

confidentiality and integrity of encrypted data, prompting the
need for quantum-resistant cryptography.
Emerging Threats
Cyber-Physical Attacks
Cyber-Physical Attacks
• Attacks targeting the convergence of digital and physical
systems, such as those affecting critical infrastructure,
industrial control systems, or connected vehicles.

• Breaches in cyber-physical systems can lead to physical

damage, disruptions in essential services, or even endanger
human safety.
Assignment-1
• Group Presentation
• 10 Minutes Presentation recent information security
incidents (2020 Onwards)
• Due Date
• 23-12-2023
• Instructions
• Three Group Members
• One Incident Per Group Member
• Grading
• Presentation
Summary
• What is a malware?
• Types of malware
• Phishing
• Spoofing
• Espionage
• Intellectual Property Theft
• Insider Threats
• Emerging Threats
The End
Thank