Professional Documents
Culture Documents
Unit 1
Unit 1
These objectives constitute the foundation of security programs and are collectively known as the CIA (Confidentiality,
Integrity, Availability) triad. The CIA triad serves as a security framework specifically crafted to provide guidance for
information security policies within an organization or company. To prevent any confusion with the Central Intelligence
Agency (CIA), this model is sometimes referred to as the AIC (Availability, Integrity and Confidentiality) triad. These three
elements in the security triad are widely recognized as the most pivotal components of security.
Many organizations and companies routinely employ the CIA criteria when implementing new applications, establishing
databases or ensuring access to data. To achieve complete data security, all of these security objectives must be effectively
implemented. These security policies are interdependent and must not be overlooked.
I. Confidentiality
Confidentiality can be likened to the concept of privacy and revolves around preventing unauthorized access to
information. Its primary goal is to safeguard data by granting access exclusively to authorized individuals or entities while
preventing unauthorized parties from gaining any knowledge about its contents. Confidentiality aims to block critical
information from falling into the wrong hands while ensuring that authorized individuals can access it.
Tools for Confidentiality: The tools for confidentiality refer to the various technologies, practices and methods
employed to ensure that sensitive or confidential information remains private and is only accessible to authorized
individuals or systems. The primary goal of confidentiality tools is to prevent unauthorized access, disclosure or exposure
of sensitive data.
Table 1.1 Tools for Confidentiality
Encryption
Access Control
Tools for Confidentiality Authentication
Authorization
Physical Security
1. Encryption: Encryption is a security technique used to protect sensitive information by transforming it into an
unreadable format, which can only be deciphered by individuals or systems with the proper decryption key or
algorithm. In essence, it's like putting a message into a locked box and only someone with the right key can open
the box and read the message.
Encryption is a technique that involves converting information into an unreadable format for individuals
who lack authorization, accomplished through the use of an algorithm. This data transformation employs a
confidential key known as an encryption key, ensuring that the altered data can only be comprehended with another
confidential key called the decryption key. Its purpose is to safeguard sensitive data, like credit card numbers, by
encoding and altering the data into an unintelligible form known as ciphertext. To regain the original information,
this encrypted data must undergo decryption. The two main categories of encryption are asymmetric-key and
symmetric-key encryption.
2. Access Control: Implementing access controls to restrict who can view or manipulate sensitive data. This may
include user authentication, role-based access control and permission settings. It is a security measure used to
regulate and manage who can access certain resources, systems or areas within an organization or a computer
system. Its primary purpose is to protect sensitive information, ensure the integrity of systems and maintain security.
Access control establishes regulations and guidelines to restrict entry to a system or to both physical and
virtual resources. It's a method through which users gain entry and specific privileges to interact with systems,
resources or information. In access control systems, users are required to furnish credentials, like a person's name
or a computer's serial number, as a prerequisite for gaining access. In the context of physical systems, these
credentials can take various forms, but those that are non-transferable offer the highest level of security.
3. Authentication: Authentication is the process of verifying the identity of an individual or system attempting to
access a computer system, network, application or resource. It is a fundamental security measure designed to ensure
that only authorized and legitimate users or entities can gain access to sensitive information and systems.
It is a process that ensures and confirms a user's identity or role that someone has and validates the identity
of a registered user or process before enabling access to protected networks and systems.
4. Authorisation: Authorization in cybersecurity is like giving or denying permission to access specific things, such
as information or systems, after confirming someone's identity (authentication). It decides what actions a person or
system can take and what resources they can use. Think of it as the security process that determines who gets to do
what based on predefined rules, especially after confirming who they are.
5. Physical security: Physical security encompasses a set of measures and strategies carefully crafted to thwart
unauthorized access to IT assets, such as facilities, equipment, personnel resources and other properties, with the
aim of safeguarding them against potential harm. These protective measures serve as a bulwark against physical
threats that may include theft, vandalism, fire and natural disasters, all geared towards preserving the integrity and
safety of these valuable assets.
II. Integrity
Integrity in the context of cyber security refers to the assurance that data and systems have not been tampered with
or altered in an unauthorized or unintended manner. It is one of the key principles of information security and involves
maintaining the accuracy and reliability of data and the systems that process or store that data. Ensuring data integrity is
crucial in protecting against various cyber threats, such as unauthorized access, data manipulation, and malware attacks. It
protects data and systems from unauthorized changes, ensuring the accuracy and reliability of information and maintaining
the trustworthiness of digital assets.
Integrity refers to the accuracy and reliability of data. It ensures that data remains unchanged and unaltered during
storage, transmission, or processing. Techniques like checksums, hashing, and digital signatures are used to detect and
prevent unauthorized modifications to data.
Tools for Integrity: Ensuring integrity in cyber security requires the use of various tools and technologies. Some
common tools and techniques used to maintain data and system integrity are:
Table 1.2 Tools for Integrity
Checksums
Tools for Integrity Hash Function
Digital Signatures
1. Checksum: A checksum is a value or code generated from a file or message and that is used to verify the data's
integrity. The primary purpose of a checksum is to detect errors or tampering that may have occurred during data
transmission or storage. If the checksum generated from the received data matches the checksum originally sent
or stored, it suggests that the data has not been altered. If the checksums do not match, it indicates potential data
corruption or tampering.
A checksum is a numeric value employed for the purpose of confirming the integrity of either a file or data
transfer. Essentially, it involves calculating a function that translates the content of a file into a numerical
representation. Its primary application lies in the verification of data equivalence between two sets. A checksum
function is contingent on the complete content of a file.
2. Hash Function: A hash function is a mathematical function that takes an input (or 'message') and returns a fixed-
size string of characters, which is typically a hexadecimal number. The output, often called the hash value or hash
code, is unique to the input data. Hash functions are widely used in computer science and cryptography for various
purposes, primarily to ensure data integrity, security, and efficient data retrieval.
Hash functions like MD5, SHA-256, and SHA-3 are used to generate fixed-size hash values or checksums
for files and data. These checksums can be used to verify the integrity of files by comparing them before and after
transmission or storage.
3. Digital Signatures: Digital signatures play a crucial role in ensuring the authenticity, integrity and non-repudiation
of digital documents and messages, making them a fundamental tool in the realm of cyber security and secure
digital communication.
A digital signature is a cryptographic technique used to verify the authenticity and integrity of a digital
message, document or transaction. It provides a way for the sender of the message or document to prove their
identity and ensure that the content has not been tampered with during transmission. Tools like Gnu PG (GPG)
and Open SSL can be used to create and verify digital signatures.
III. Availability:
Availability in the context of cyber security, refers to the state in which a computer system, network, or service is
operational, accessible, and functioning as intended, without interruption or disruption, when it is needed. It is one of the
three fundamental pillars of information security, along with confidentiality and integrity.
Availability ensures that systems, networks and services are consistently accessible and operational, even in
challenging situations. It is a vital aspect of information security, as interruptions or outages can have severe consequences,
including financial losses, loss of productivity and damage to an organization’s reputation.
Availability specifically focuses on the idea that information and resources should be reliably available for
authorized users and systems to access and use. This means protecting against threats and events that could disrupt or deny
access to these resources, such as
1. Distributed Denial of Service (DDoS) Attacks: Attackers overwhelm a system, network or website with a flood
of traffic, making it unavailable to legitimate users.
2. Hardware or Software Failures: Ensuring that systems have redundancy and fault tolerance mechanisms to
minimize downtime in case of hardware or software failures.
3. Natural Disasters: Preparing for disasters like floods, fires or earthquakes that could physically damage
infrastructure and impact availability.
4. Human Error: Implementing access controls and user training to prevent accidental data loss or system
downtime.
5. Malware and Cyber-attacks: Protecting systems and networks from various cyber threats, including viruses,
ransomware, and other attacks that can disrupt services.
Availability is critical because in many cases, the unavailability of information or systems can be just as damaging
as a breach of confidentiality or integrity. For example, in sectors like healthcare or finance, the inability to access patient
records or conduct financial transactions due to a system outage can have serious consequences.
2. Phishing: Phishing attacks involve tricking individuals into revealing sensitive information such as login credentials,
credit card numbers or personal information. Phishing can be carried out through emails, fake websites or other
communication channels.
3. Ransomware: Ransomware is a type of malware that encrypts a victim's data and demands a ransom in exchange for the
decryption key. Paying the ransom is discouraged, as it doesn't guarantee data recovery and supports cybercriminals.
4. Distributed Denial of Service (DDoS) Attacks: DDoS attacks flood a target system or network with an overwhelming
volume of traffic, causing it to become unavailable to legitimate users. These attacks can disrupt online services and
websites.
5. Man-in-the-Middle (MitM) Attacks: In MitM attacks, an attacker intercepts and potentially alters communications
between two parties without their knowledge. This can lead to data theft, eavesdropping, or message manipulation.
6. SQL Injection: SQL injection attacks occur when an attacker injects malicious SQL code into input fields or web forms,
exploiting vulnerabilities in a web application's database. This can lead to unauthorized access, data leakage, or data
manipulation.
7. Zero-Day Exploits: Zero-day vulnerabilities are software vulnerabilities that are unknown to the vendor and have not
yet been patched. Cybercriminals can exploit these vulnerabilities before a fix is available.
8. Insider Threats: Insider threats involve individuals within an organization who misuse their access or privileges to steal
data, damage systems or engage in malicious activities.
9. Password Attacks: Password-related attacks include brute force attacks, dictionary attacks, and credential stuffing,
where attackers attempt to guess or steal passwords to gain unauthorized access to accounts or systems.
10. IoT (Internet of Things) Vulnerabilities: As more devices become connected to the Internet, IoT devices can be
exploited if not properly secured. This can include everything from smart home devices to industrial control systems.
11. Social Engineering: Social engineering attacks manipulate human psychology to trick individuals into divulging
sensitive information or performing actions that compromise security. Examples include pretexting, baiting, and tailgating.
12. Advanced Persistent Threats (APTs): APTs are targeted; long-term cyberattacks usually conducted by nation-state
actors or organised cybercriminal groups. They involve a series of sophisticated and persistent tactics to gain access to
sensitive information.
13. Fileless Malware: Fileless malware operates in memory and doesn't leave a footprint on a victim's disk, making it
harder to detect. It often exploits legitimate tools and processes to carry out attacks.
14. Crypto-jacking: Crypto-jacking involves using a victim's computer or device to mine cryptocurrency without their
consent, causing system slowdowns and increased energy consumption.
15. Supply Chain Attacks: These attacks target vulnerabilities in the supply chain, where attackers compromise software
or hardware before it reaches the end user. This can lead to widespread compromises.
To protect against these and other cyber security threats, organizations need to implement a multi-layered security
strategy that includes firewalls, antivirus software, intrusion detection systems, regular software updates, employee training
and incident response plans. Additionally, staying informed about emerging threats and vulnerabilities is crucial for
maintaining strong cyber security defenses.
1.2 CYBERCRIME
Cybercrime is one of the largest and globally most active forms of crime. After all, the internet is available and visible to
everyone and that of course involves risks. Committing a crime via a computer or other device that is connected to the
Internet is dangerous because the identity of the perpetrator is difficult to find out.
1.2.1 Cybercrime Definition
According to Wikipedia, Cybercrime is a type of crime involving a computer or a computer network. The computer
may have been used in committing the crime or it may be the target. Cybercrime may harm someone's security or
finances.
Cybercrime covers a broad range of illicit activities in the digital realm, using computers and the internet.
It involves using technology for illegal actions, targeting computer systems, networks, and electronic devices.
Also known as computer-based crime, it includes using computers as tools for various unlawful activities such as
fraud, identity theft, and unauthorized access.
With the widespread use of the Internet, cybercrime has become more significant, impacting areas like commerce,
entertainment, and government operations.
Cybercrime goes beyond individual consequences, potentially compromising personal and national security, as well
as financial well-being.
1.2.2 Origins of the Word Cybercrime
The term “cybercrime” is a blend of the words ‘cyber’ and ‘crime’, combining concepts related to technology
and illicit activities. Here's a breakdown of the origins of the term:
1. Cyber: The word “cyber” is derived from the term “cybernetics,” which was introduced by mathematician Norbert
Wiener in his book “Cybernetics: Or Control and Communication in the Animal and the Machine,” published in
1948. Cybernetics deals with the study of systems, control and communication in complex entities, such as
machines and organisms. Over time, “cyber” became associated with computers and electronic systems, especially
with the rise of digital technology and the development of the internet.
2. Crime: “Crime” refers to any action that violates laws or regulations established by a society or governing body,
It encompasses a wide range of unlawful activities, both traditional and modern. “Crime” is a well-established term
that refers to any action or behaviour that violates legal or societal norms, leading to legal consequences. Crimes
encompass a wide range of offenses, from theft and fraud to violence and vandalism.
3. Combination: The term “cybercrime” emerged as technology evolved and criminal activities started to involve
digital platforms, computers and networks. As criminal activities began to exploit the digital landscape, the term
“cybercrime” was coined to describe these new types of illegal actions.
The concept of cybercrime has evolved as technology advances and criminals found new ways to exploit digital
environments. As a result, the term “cybercrime” has become widely used to describe criminal activities that take place in
the digital realm, encompassing a variety of illicit actions carried out using computers, networks and the internet.
Advantages of Implanting Information Security: Implementing information security provides numerous advantages for
organizations. Here are some of the key benefits:
1. Safeguarding Confidentiality: Information security measures shield sensitive data from unauthorized access,
guaranteeing that only authorized individuals can access or modify it.
2. Preservation of Integrity: Information security helps maintain the accuracy and reliability of data. It prevents
unauthorized alterations, tampering, or corruption of information, thereby ensuring the integrity and trustworthiness
of the data.
3. Ensuring Availability: Information security measures ensure that data and critical systems are available when
needed. This is essential for business continuity and preventing downtime due to cyber attacks or technical failures.
4. Compliance with Regulations: Many industries and jurisdictions have specific regulations and compliance
requirements related to data security. Implementing information security measures helps organizations adhere to
these regulations, avoiding legal consequences and fines.
5. Protection against Cyber Threats: Information security safeguards organizations against a wide range of cyber
threats, including malware, phishing, ransomware and denial-of-service attacks. It reduces the risk of data breaches
and financial losses.
6. Risk Management: Information security practices help organizations identify, assess and mitigate risks related to
data and technology. This proactive approach minimises the impact of security incidents and helps organizations
recover more swiftly.
7. Enhanced Trust and Reputation: Strong information security practices build trust with customers, partners and
stakeholders. Protecting sensitive data and demonstrating a commitment to security can enhance an organisation's
reputation.
8. Cost Savings: While implementing security measures requires an initial investment, it can lead to cost savings in
the long run. Preventing security incidents, data breaches and downtime can save organizations significant financial
resources.
9. Competitive Advantage: Organizations with robust information security practices may have a competitive
advantage. Customers and partners often prefer to work with entities that prioritise data protection and security.
10. Improved Incident Response: Information security programs include incident response plans that help
organizations respond effectively to security breaches or incidents. This ensures that incidents are addressed
promptly, minimising their impact.
11. Protection of Intellectual Property: For businesses, protecting intellectual property (IP) is critical. Information
security measures safeguard patents, trade secrets, copyrights and other forms of IP from theft or unauthorised
access.
Implementing information security is essential for protecting data, complying with regulations, reducing risks and
maintaining trust with stakeholders. It also contributes to cost savings, competitive advantage and efficient incident
response, making it a crucial component of modern organizations.
1. Reconnaissance: Reconnaissance involves the process of gathering information about the target system. This
includes identifying vulnerabilities within the computer system or potential weaknesses. If the hacker successfully
gains access to the system during this phase, they proceed with the hacking process. At the end of the reconnaissance
phase, the hacker has a lot of knowledge to plan a more precise attack on the target system.
2. Scanning: Prior to launching an attack, the hacker aims to determine the system's status, including whether it is
operational, which applications are in use and the versions of those programs. In scanning, they identify both open
and closed doors (ports) to find potential ways to get in. They also collect info like the target's IP address and user
accounts. Tools like N-map help in this phase; it's like a detective tool that hackers use to inspect the network and
find weak points. N-map is famous for being effective and easy to use.
3. Gaining Control: After collecting information, the hacker uses it to get into and control the target system. This can
happen through the network (online) or sometimes physically. We call this phase "Owning the System" because the
hacker essentially takes control, like owning a computer or device.
4. Maintaining Access: Once the hacker gets into the system, they want to stay there for future attacks. They may
make changes to the system to stop others, like security people or other hackers, from getting in without permission.
We call the system they've taken over a "Zombie System" in this situation.
5. Log Clearing: In this phase, the hacker deletes any files or evidence left on the system that could help identify and
catch them. Ethical hacking, which is done for good reasons like improving security, might use a tool called
penetration testing to find and catch hackers.
3. Spam:
Spam in cybercrime means sending a lot of unwanted and often harmful messages through electronic
communication, mostly emails.
These messages are sent without permission and can promote products, spread malware, or involve fraudulent
activities.
It often looks like emails advertising products, but sometimes it carries harmful software that can damage your
data.
Spam is also known as "sales promotional advertising mail" or "simultaneously posted advertising message."
Spam cybercrime can lead to spreading malware, attempting phishing, and engaging in financial fraud.
Example: Imagine receiving an email in your inbox that claims you've won a lottery you never entered. The email
insists you provide personal information or pay a small fee to claim your prize. This is a classic example of spam
in the context of cybercrime. It's unsolicited, potentially harmful, and aims to trick you into revealing sensitive
information or parting with your money.
Anti-Spam Techniques: Anti-spam techniques are used by email service providers organizations and individuals to reduce
the impact of spam emails and maintain the integrity of email communication.
Some anti-spam techniques used to combat spam are:
Content Filtering: Content filtering involves analyzing the content of emails to identify and block messages that
exhibit spam-like characteristics. This can include looking for specific keywords, patterns, or known spam
signatures.
Bayesian Filtering: Bayesian filters use statistical methods to determine the probability that an email is spam based
on the words and phrases it contains. These filters learn from past spam and non-spam emails to improve accuracy.
Blacklists: Blacklists contain known spam sources, such as IP addresses or domains associated with spammers.
Emails originating from these sources are blocked or flagged as potential spam.
Whitelists: White lists contain trusted email addresses or domains. Emails from these sources are allowed through
while others may be filtered or marked as spam.
Heuristic Analysis: Heuristic analysis involves examining the behaviour and characteristics of emails to identify
potential spam. This method is more dynamic and adaptable to evolving spam techniques.
Sender Policy Framework (SPF): SPF is an email authentication method that verifies the sender's domain. It helps
prevent email spoofing by ensuring that emails are sent from legitimate sources.
Domain Keys Identified Mail (DKIM): DKIM is another email authentication technique that uses digital
signatures to verify the authenticity of an email's sender.
Machine Learning: Machine learning algorithms can be trained to recognize spam based on patterns, content, and
user behaviour. These systems improve over time as they encounter more data.
Captcha's: CAPTCHAs are puzzles or challenges that users must complete to prove they are human. They help
prevent automated bots from filling out forms or sending spam.
Email Reputation Services: These services assess the reputation of email senders and assign a reputation score.
Emails from senders with poor scores may be treated as potential spam.
Email Authentication: Implementing email authentication protocols like DMARC (Domain-based Message
Authentication, Reporting and Conformance) helps verify the authenticity of email messages.
4. Virus Spreading:
Computer viruses are software programs that attach themselves to a system or files and tend to spread to other
computers connected to a network.
They disrupt the normal operation of the computer and can impact stored data by either modifying it or deleting it
entirely.
Unlike viruses, "worms" do not require a host to attach to; they simply replicate until they consume all available
system memory.
The term "worm" is sometimes used to refer to self-replicating "malware" (malicious software) and these terms are
frequently used interchangeably, particularly when discussing the current prevalence of hybrid viruses and worms.
"Trojan horses," however, differ from viruses in how they propagate.
5. Cyber Stalking:
Cyber stalking is a type of cyber crime that uses the internet and technology to harass or stalk a person. It is a form of online
harassment and stalking in which an individual uses the internet, social media, email or other digital communication tools
to repeatedly harass, threaten or intimidate someone. It involves unwanted and often obsessive attention directed towards a
person, causing fear, discomfort or emotional distress.
Cyberstalkers may engage in various activities, including:
Sending Threatening Messages: This can include threatening emails, messages or comments on social media
platforms.
Tracking Online Activity: Cyberstalks may monitor their victim's online presence, tracking their activities,
locations and interactions.
Creating Fake Profiles: Some cyberstalkers create fake profiles or impersonate their victims online to gather
personal information or spread false and damaging information.
Harassment: Continual harassment through various online channels, such as phone calls, emails or messages.
Doxxing: Revealing and sharing a victim's private or personal information, like home address, phone number or
workplace, with malicious intent.
Posting Defamatory Content: Spreading false, damaging or defamatory information about the victim online.
Online Invasion of Privacy: Invading a person's privacy by hacking into their accounts, taking control of their
devices or illegally accessing their personal information.
Spreading Rumors: Spreading false rumors, gossip or lie about the victim to tarnish their reputation.
Cyberstalking is a serious crime in many jurisdictions and laws have been enacted to address it. Victims of cyberstalking
should report the behavior to law enforcement authorities, collect evidence and take steps to protect their online privacy
and security.
7. Cyber Defamation:
Cyber defamation is spreading false and harmful statements about someone or something on the internet. This
includes untrue information on social media, forums, blogs, or other online platforms. It's like saying things online
that can damage a person's reputation.
Example: Imagine someone spreading false rumors about a person being involved in illegal activities on a social
media platform. This false information can harm that person's reputation and is a form of cyber defamation.
8. Logic Bombs:
9. Denial of Service:
A Denial-of-Service (DoS) cybercrime is an attack aimed at making a computer system, network or online service
unavailable to its intended users by overwhelming it with a flood of traffic or requests. The primary objective of a DoS
attack is to disrupt the normal functioning of the targeted system or service, rendering it inaccessible to legitimate users.
Key aspects of DoS cybercrimes:
1. Overwhelming Traffic: In a DoS attack, the attacker floods the targeted system with a massive volume of traffic,
data or requests. This surge in activity consumes the system's resources, such as bandwidth, processing power or
memory, making it difficult or impossible for legitimate users to access the service.
2. Types of DoS Attacks: There are various types of DoS attacks, including:
Flooding Attacks: These involve sending an excessive amount of traffic to overwhelm the target. Examples
include ICMP flood (Ping flood) and SYN flood attacks.
Application-Layer Attacks: Attackers target specific application vulnerabilities or resources, such as HTTP
GET/POST requests, to exhaust system resources.
Amplification Attacks: These attacks use misconfigured servers or services to amplify traffic, making the
attack more potent. Examples include DNS amplification attacks.
3. Distributed Denial-of-Service (DDoS): In DDoS attacks, it's not just one person causing the traffic jam. It's like
many people from different places (botnets) working together to create a massive jam.
The "5P Netizen mantra" is a set of guiding principles for online security, aimed at helping individuals protect
themselves and their digital information while navigating the internet.
Each "P" in this mantra represents a key aspect of online security:
1. Precaution: This emphasises the importance of being cautious and vigilant while navigating the internet. It involves
being mindful of the websites you visit, the information you share and the potential risks associated with online
activities.
2. Prevention: Prevention involves taking proactive measures to reduce the likelihood of encountering online threats.
This can include using strong, unique passwords, keeping software and antivirus programs up to date and staying
informed about common online scams and risks.
3. Protection: Protection refers to safeguarding your digital assets and personal information. This may involve using
encryption, secure connections (HTTPS) and implementing strong privacy settings on social media and other online
platforms.
4. Preservation: Preservation encourages responsible and sustainable online behaviour. It involves respecting the
privacy and security of others, being mindful of your digital footprint and practicing good digital citizenship.
5. Perseverance: Perseverance underscores the need for consistency and resilience in maintaining online security. It's
about continually practicing the previous four principles and adapting to evolving online threats and technologies.
By adhering to the 5P Netizen mantra, individuals can enhance their online security and protect themselves from various
cyber threats and risks.
I. Reconnaissance
In the context of cybercrime, "Reconnaissance" refers to the initial phase of a cyberattack where cybercriminals
gather information about their target, which can be an individual, organisation or system.
This phase is also known as "cyber reconnaissance" or "cyber intelligence gathering." The primary purpose of
reconnaissance is to collect data that will help cybercriminals to plan and execute their attacks effectively. It is the
process of conducting exploration to locate a person or something of interest.
The reconnaissance phase starts with a technique called Foot printing, which entails the collection of information
about the target's surroundings in order to gain access. Foot printing offers an insight into the vulnerabilities of the
system. The primary goal of the reconnaissance phase is to gain an understanding of the target system, its network
ports and services and any associated data.
An attacker seeks to gather information through two phases:
(i) Passive reconnaissance attack: Passive attacks, as described, are typically carried out by cyber threat actors with the
intent of collecting information or intelligence about a target without directly engaging with the target or causing any
noticeable disruption.
This attack includes:
Google or Yahoo search: Cybercriminals and threat actors can use search engines like Google or Yahoo to find
publicly available information about individuals’ organizations or topics of interest. This information can include
website links, news articles, public profiles and more.
Facebook, LinkedIn, other social sites: Social media platforms like Facebook and LinkedIn often contain a wealth
of personal and professional information about individuals. Cyber attackers may browse these platforms to gather
information for various purposes, including reconnaissance for future attacks or social engineering attempts.
Organisation's website (target): Reviewing an organisation's own website can provide valuable insights into its
structure, employees, products or services and recent developments. This information can help attackers plan
targeted attacks or phishing campaigns.
Blogs, newsgroups, press releases, etc: Online forums, blogs, news groups and press releases can contain
discussions, opinions and announcements related to a wide range of topics. Cyber threat actors may monitor these
sources to stay informed about current events or industry trends.
Job postings on naukri.com, monster.com etc: Job postings often provide details about an organisation's job
vacancies, its hiring requirements and sometimes contact information for HR personnel. Attackers may use this
information for phishing attempts or social engineering.
Network sniffing: Network sniffing involves monitoring network traffic to capture data being transmitted over a
network. While network sniffing is a more active technique than the others listed, it can still be considered passive
in the sense that it doesn't directly engage with the target. Cybercriminals can use network sniffing to intercept
sensitive information, such as login credentials or financial data.
It's important to note that while these activities may seem passive, they can potentially be part of a larger reconnaissance
strategy aimed at gathering information that could be used in future, more active cyberattacks.
(ii) Active reconnaissance attack: Active Reconnaissance in the context of cybercrime or cyber security refers to the phase
of an attack where cybercriminals or hackers actively interact with a target's network or systems to gather additional
information. It's a probing and scanning process that goes beyond passive reconnaissance, where information is gathered
without direct engagement with the target. Active Reconnaissance aims to validate existing information, discover new
details and assess vulnerabilities.
A recent survey conducted in a metropolitan city in India uncovered the following key findings:
1) Pirated Software: All the computers in these cybercafes have pirated software, including operating systems,
browsers and office software like Microsoft Office.
2) Outdated Antivirus Software: The antivirus software on these computers is not updated with the latest patches
and antivirus signatures.
3) Use of "Deep Freeze": Some cybercafes employ software known as "Deep Freeze" to protect their computers from
potential malware attacks.
4) Lack of Annual Maintenance Contracts (AMC): Many cybercafes do not have AMC in place for computer
servicing. This absence of AMC poses a risk as cybercriminals can install malicious code on a computer and engage
in criminal activities without interruption.
5) Unblocked Adult Content: Pornographic and other indecent websites are not blocked on these computers.
6) Low IT Security Awareness: Cybercafe owners have limited awareness of IT security and IT governance.
7) Lack of Government and Law Enforcement Guidance: Government agencies, Internet Service Providers (ISPs)
and state police cyber cell units do not appear to provide IT governance guidelines to cybercafe owners.
8) Infrequent Law Enforcement Visits: Cybercafe associations or state police cyber cell units do not conduct regular
visits to cybercafes unless a criminal activity has been reported through a First Information Report (FIR). Cybercafe
owners believe that the police have limited knowledge of technical aspects related to cybercrimes and lack a
conceptual understanding of IT security.
Tips for safety and security while using the computer in a cybercafe:
1) Always Logout: When using services that require a username and password (e.g., email, instant messaging), be
sure to click "logout" or "sign out" before leaving the computer. Closing the browser window may not be sufficient
to protect your account. Disable automatic login options.
2) Stay with the Computer: Do not leave the computer unattended while browsing. If you need to step away, log out
and close all browser windows to prevent unauthorised access.
3) Clear History and Temporary Files: Before browsing, disable the option to save passwords in your browser's
settings. After your session, clear the browsing history and temporary Internet files, including cookies. This can
help protect your privacy.
4) Be Alert: Stay aware of your surroundings while using a public computer. Be cautious of anyone trying to observe
your username and password from a nearby location.
5) Avoid Financial Transactions: Whenever possible, avoid conducting online banking, shopping or other
transactions that require sensitive information on public computers. If you must do so, change your passwords as
soon as possible using a trusted computer (e.g., at home or in the office).
6) Change Passwords: Periodically change your passwords for online services, especially after using public
computers. Use strong, unique passwords for each account.
7) Use a Virtual Keyboard: Some banks offer a virtual keyboard on their websites for entering passwords and
sensitive information. This can help protect against keyloggers.
8) Use Your Own Device: Whenever possible, use your personal device to access the internet rather than a public
computer.
9) Avoid Sensitive Transactions: Refrain from conducting sensitive transactions, such as online banking or entering
personal passwords, when using public computers.
10) Update Your Antivirus: Ensure that your own antivirus software is up-to-date if you need to use a public computer.
11) Use a VPN: Consider using a Virtual Private Network (VPN) to enhance your online privacy and security.
12) Use HTTPS: When browsing websites, ensure that they use HTTPS to encrypt your data.
13) Educate Yourself: Stay informed about IT security best practices to protect yourself when using public computers.
By following these precautions, individuals can enhance their security and privacy while using public computers and reduce
the risk of unauthorised access to their accounts and personal information.