UNIT – 1

Introduction to cyber crime:

Cyber crime is taken very seriously by law enforcement. In the early long periods of
the cyber security world, the standard cyber criminals were teenagers or hobbyists in
operation from a home laptop, with attacks principally restricted to pranks and malicious
mischief. Today, the planet of the cyber criminals has become a lot of dangerous. Attackers
are individuals or teams who attempt to exploit vulnerabilities for personal or financial gain.

Types of Cyber Criminals:

1. Hackers: The term hacker may refer to anyone with technical skills, however, it typically
refers to an individual who uses his or her skills to achieve unauthorized access to systems or
networks so as to commit crimes. The intent of the burglary determines the classification of
those attackers as white, grey, or black hats. White hat attackers burgled networks or PC
systems to get weaknesses so as to boost the protection of those systems. The owners of the
system offer permission to perform the burglary, and they receive the results of the take a
look at. On the opposite hand, black hat attackers make the most of any vulnerability for
embezzled personal, monetary or political gain. Grey hat attackers are somewhere between
white and black hat attackers. Grey hat attackers could notice a vulnerability and report it to
the owners of the system if that action coincides with their agenda.

 (a). White Hat Hackers – These hackers utilize their programming aptitudes for a
good and lawful reason. These hackers may perform network penetration tests in an
attempt to compromise networks to discover network vulnerabilities. Security
vulnerabilities are then reported to developers to fix them.

 (b). Gray Hat Hackers – These hackers carry out violations and do seemingly
deceptive things however not for individual addition or to cause harm. These hackers
may disclose a vulnerability to the affected organization after having compromised
their network.

 (c). Black Hat Hackers – These hackers are unethical criminals who violate network
security for personal gain. They misuse vulnerabilities to bargain PC frameworks.
2. Organized Hackers: These criminals embody organizations of cyber criminals,
hacktivists, terrorists, and state-sponsored hackers. Cyber criminals are typically teams of
skilled criminals targeted on control, power, and wealth. These criminals are extremely subtle
and organized, and should even give crime as a service. These attackers are usually
profoundly prepared and well-funded.

What is cyber security?

"Cyber security is primarily about people, processes, and technologies working together to
encompass the full range of threat reduction, vulnerability reduction, deterrence, international
engagement, incident response, resiliency, and recovery policies and activities, including
computer network operations, information assurance, law enforcement, etc."
OR
Cyber security is the body of technologies, processes, and practices designed to protect
networks, computers, programs and data from attack, damage or unauthorized access.
• The term cyber security refers to techniques and practices designed to protect digital
data.
• The data that is stored, transmitted or used on an information system.
OR
Cyber security is the protection of Internet-connected systems, including hardware, software,
and data from cyber attacks.
It is made up of two words one is cyber and other is security.
• Cyber is related to the technology which contains systems, network and programs or
data.
• Whereas security related to the protection which includes systems security, network
security and application and information security.

Why is cyber security important?

Listed below are the reasons why cyber security is so important in what’s become a
predominant digital world:
• Cyber attacks can be extremely expensive for businesses to endure.
• In addition to financial damage suffered by the business, a data breach can also inflict
untold reputational damage.
• Cyber-attacks these days are becoming progressively destructive. Cybercriminals are
using more sophisticated ways to initiate cyber attacks.
Cyber security Fundamentals
Confidentiality:
Confidentiality is about preventing the disclosure of data to unauthorized parties.
It also means trying to keep the identity of authorized parties involved in sharing and holding
data private and anonymous.
Often confidentiality is compromised by cracking poorly encrypted data, Man-in-the-middle
(MITM) attacks, disclosing sensitive data.
Standard measures to establish confidentiality include:
• Data encryption
• Two-factor authentication
• Biometric verification
• Security tokens
Integrity:
Integrity refers to protecting information from being modified by unauthorized parties.
Standard measures to guarantee integrity include:
• Cryptographic checksums
• Using file permissions
• Uninterrupted power supplies
• Data backups
Availability:
Availability is making sure that authorized parties are able to access the information when
needed.
Standard measures to guarantee availability include:
• Backing up data to external drives
• Implementing firewalls
• Having backup power supplies
• Data redundancy

Types of Cyber Attacks

A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to
alter computer code, logic or data and lead to cybercrimes, such as information and identity
theft.
Cyber-attacks can be classified into the following categories:
1) Web-based attacks
2) System-based attacks
Web-based attacks
These are the attacks which occur on a website or web applications. Some of the important
web-based attacks are as follows-
1. Injection attacks
It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.
Example- SQL Injection, code Injection, log Injection, XML Injection etc.
2. DNS Spoofing
DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a
DNS resolver's cache causing the name server to return an incorrect IP address, diverting
traffic
to the attackers computer or any other computer. The DNS spoofing attacks can go on for a
long period of time without being detected and can cause serious security issues.
3. Session Hijacking
It is a security attack on a user session over a protected network. Web applications create
cookies to store the state and user sessions. By stealing the cookies, an attacker can have
access
to all of the user data.
4. Phishing
Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a
trustworthy
entity in electronic communication.
5. Brute force
It is a type of attack which uses a trial and error method. This attack generates a large number
of guesses and validates them to obtain actual data like user password and personal
identification number. This attack may be used by criminals to crack encrypted data, or by
security, analysts to test an organization's network security.
6. Denial of Service
It is an attack which meant to make a server or network resource unavailable to the users. It
accomplishes this by flooding the target with traffic or sending it information that triggers a
crash. It uses the single system and single internet connection to attack a server. It can be
classified into the following-
Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is
measured in bit per second.
Protocol attacks- It consumes actual server resources, and is measured in a packet.
Application layer attacks- Its goal is to crash the web server and is measured in request per
second.
7. Dictionary attacks
This type of attack stored the list of a commonly used password and validated them to get
original password.
8. URL Interpretation
It is a type of attack where we can change the certain parts of a URL, and one can make a
web server to deliver web pages for which he is not authorized to browse.
9. File Inclusion attacks
It is a type of attack that allows an attacker to access unauthorized or essential files which is
available on the web server or to execute malicious files on the web server by making use of
the include functionality.
10. Man in the middle attacks
It is a type of attack that allows an attacker to intercepts the connection between client and
server and acts as a bridge between them. Due to this, an attacker will be able to read, insert
and modify the data in the intercepted connection.
System-based attacks
These are the attacks which are intended to compromise a computer or a computer network.
Some of the important system-based attacks are as follows-
1. Virus
It is a type of malicious software program that spread throughout the computer files without
the knowledge of a user. It is a self-replicating malicious computer program that replicates by
inserting copies of itself into other computer programs when executed. It can also execute
instructions that cause harm to the system.
2. Worm
It is a type of malware whose primary function is to replicate itself to spread to uninfected
computers. It works same as the computer virus. Worms often originate from email
attachments
that appear to be from trusted senders.
3.Trojanhorse
It is a malicious program that occurs unexpected changes to computer setting and unusual
activity, even when the computer should be idle. It misleads the user of its true intent. It
appears to be a normal application but when opened/executed some malicious code will run
in the background.
4.Backdoors
It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting or
other purposes.
5.Bots
A bot (short for "robot") is an automated process that interacts with other network services.
Some bots program run automatically, while others only execute commands when they
receive
specific input. Common examples of bots program are the crawler, chatroom bots, and
malicious bots.

Cyber Stalking:

Cyber stalking refers to the use of the internet and other technologies to harass or stalk
another person online, and is potentially a crime in the United States. This online harassment,
which is an extension of cyberbullying and in-person stalking, can take the form of e-mails,
text messages, social media posts, and more and is often methodical, deliberate, and
persistent.

Most of the time, the interactions do not end even if the recipient expresses their displeasure
or asks the person to stop. The content directed at the target is often inappropriate and
sometimes even disturbing, which can leave the person feeling fearful, distressed, anxious,
and worried.
Examples of Cyber Stalking:

 Post rude, offensive, or suggestive comments online

 Follow the target online by joining the same groups and forums

 Send threatening, controlling, or lewd messages or emails to the target

 Use technology to threaten or blackmail the target

 Tag the target in posts excessively, even if they have nothing to do with them

 Comment on or like everything the target posts online

 Create fake accounts to follow the target on social media

 Message the target repeatedly

 Hack into or hijack the target's online accounts

 Attempt to extort sex or explicit photos

 Send unwanted gifts or items to the target

 Release confidential information online

 Post or distribute real or fake photos of the target

 Bombard the target with sexually explicit photos of themselves

 Create fake posts designed to shame the victim

 Track the target's online movements by installing tracking devices

 Hack into the target's camera on their laptop or smart phone as a way to secretly
record them.

 Continue the harassing behaviour even after being asked to stop.

How to Prevent Cyber stalking:

When it comes to preventing cyber stalking, it's important that you take the necessary
precautions to protect yourself online. Although it's not possible to completely prevent cyber
stalking from occurring, there are steps you can take to increase your security and reduce the
likelihood of it happening.

1. Create strong passwords.

2. Be sure to log out every time.

3. Keep track of your devices.

4. Use caution on public wifi.

5. Practice online safety habits.

Botnet attack (Robot attack):

A botnet attack is a large-scale cyber attack carried out by malware-infected devices which
are controlled remotely. It turns compromised devices into ‘zombie bots’ for a botnet
controller. Unlike other malware that replicates itself within a single machine or system,
botnets pose a greater threat because they let a threat actor perform a large number of actions
at the same time. Botnet attacks are akin to having a threat actor working within the network,
as opposed to a piece of self-replicating malware.

They are becoming more sophisticated than other malware attack types since they can be
scaled up or changed on the fly to inflict even more damage. Malware delivered via botnet
often includes network communication features that allow attackers to use the botnet to route
communications with other threat actors through the vast network of compromised machines.

 A botnet is a number of internet connected devices, each of which runs one or more
bots.
 Botnets can be used to perform DDos attacks.
 A botnet is a network of computers infected by malware that under the control of a
single attacking party is known as the bot header.
 Each individual machine under the control of the bot header is known as bot.
  From one central point the attacking party can command every computer on its botnet
to simultaneously carryout a coordinated criminal action.
Botnet actions:
1.E-mail spam
2.DDos attacks
3.Financial breach

Attack Vector:

An attack vector is a pathway or method used by a hacker to illegally access a network or

computer in an attempt to exploit system vulnerabilities. Hackers use numerous attack
vectors to launch attacks that take advantage of system weaknesses, cause a data breach, or
steal login credentials. Such methods include sharing malware and viruses, malicious email
attachments and web links, pop-up windows, and instant messages that involve the attacker
duping an employee or individual user.

Types of attack vector:

Compromised Credentials

Weak and compromised credentials are the most-used attack vector as people continue to use
weak passwords to protect their online accounts and profiles. Compromised credentials occur
when information like usernames or passwords are exposed to a third party such as mobile
apps and websites. This is frequently caused by victims of a phishing attempt revealing their
login details to an attacker by entering them on a spoofed website. Lost and stolen credentials
enable an intruder to access user accounts and corporate systems without detection, then
escalate their access level within a network.

Malware

Malware is a term that describes various strands of malicious software, which include
ransomware, spyware, Trojans, and viruses. Cyber criminals use malware as a threat vector to
help them gain access to corporate networks and devices, then steal data or damage systems.

Phishing
Phishing is an email, Short Message Service (SMS), or telephone-based attack vector that
sees the attacker pose as a trusted sender to dupe the target into giving up sensitive data, such
as login credentials or banking details.

Proliferation of mobile and wireless devices:

 people hunched over their smartphones or tablets in cafes, airports, supermarkets
and even at bus stops, seemingly oblivious to anything or anyone around them.
 They play games, download email, go shopping or check their bank balances on the
go.
They might even access corporate networks and pull up a document or two on their mobile
gadgets Today, incredible advances are being made for mobile devices. The trend is for
smaller devices and more processing power. A few years ago, the choice was between a
wireless phone and a
simple PDA. Now the buyers have a choice between high-end PDAs with integrated wireless
modems and small phones with wireless Web-browsing capabilities. A long list of options is
available to the mobile users. A simple hand-held mobile device provides enough computing
power to run small applications, play games and music, and make voice calls. A key driver
for the growth of mobile technology is the rapid growth of business solutions into hand-held
devices.
As the term "mobile device" includes many products. We first provide a clear distinction
among the key terms: mobile computing, wireless computing and hand-held devices. Figure
below helps us understand how these terms are related. Let us understand the concept of
mobile computing and the various types of devices.
Mobile computing is "taking a computer and all necessary files and software out into the
field."
Many types of mobile computers have been introduced since 1990s. They are as follows:
1. Portable computer: It is a general-purpose computer that can be easily moved from one
place to another, but cannot be used while in transit, usually because it requires some
"setting-up" and an AC power source.
2. Tablet PC: It lacks a keyboard, is shaped like a slate or a paper notebook and has features
of a touchscreen with a stylus and handwriting recognition software. Tablets may not be best
suited for applications requiring a physical keyboard for typing, but are otherwise capable of
carrying out most tasks that an ordinary laptop would be able to perform.
3. Internet tablet: It is the Internet appliance in tablet form. Unlike a Tablet PC, the Internet
tablet does not have much computing power and its applications suite is limited. Also it
cannot replace a general-purpose computer. The Internet tablets typically feature an MP3 and
video player, a Web browser, a chat application and a picture viewer.
4. Personal digital assistant (PDA): It is a small, usually pocket-sized, computer with
limited functionality. It is intended to supplement and synchronize with a desktop computer,
giving access to contacts, address book, notes, E-Mail and other features.
5. Ultra mobile (PC): It is a full-featured, PDA-sized computer running a general-purpose
operating system (OS).
6. Smartphone: It is a PDA with an integrated cell phone functionality. Current Smartphones
have a wide range of features and installable applications.
7. Carputer: It is a computing device installed in an automobile. It operates as a wireless
computer, sound system, global positioning system (GPS) and DVD player. It also contains
word processing software and is Bluetooth compatible.
8. Fly Fusion Pentop computer: It is a computing device with the size and shape of a pen. It
functions as a writing utensil, MP3 player, language translator, digital storage device and
calculator.

Security Challenges Posed by Mobile Devices

Social Engineering

Social engineering attacks are when bad actors send fake emails (phishing attacks) or text
messages (smishing attacks) to your employees in an effort to trick them into handing over
private information like their passwords or downloading malware onto their devices.
Data Leakage via Malicious Apps

As Dave Jevans, CEO and CTO of Marble Security, explains, “Enterprises face a far greater
threat from the millions of generally available apps on their employees’ devices than from
mobile malware.”

Unsecured Public WiFi

Public WiFi networks are generally less secure than private networks because there’s no way
to know who set the network up, how (or if) it’s secured with encryption, or who is currently
accessing it or monitoring it. And as more companies offer remote work options, the public
WiFi networks your employees use to access your servers (e.g., from coffee shops or cafes)
could present a risk to your organization.
End-to-End Encryption Gaps

An encryption gap is like a water pipe with a hole in it. While the point where the water
enters (your users’ mobile devices) and the point where the water exits the pipe (your
systems) might be secure, the hole in the middle lets bad actors access the water flow in
between.
Internet of Things (IoT) Devices

The types of mobile devices that access your organization’s systems are branching out from
mobile phones and tablets to include wearable tech (like the Apple Watch) and physical
devices (like Google Home or Alexa). And since many of the latest IoT mobile devices have
IP addresses, it means bad actors can use them to gain access to your organizations’ network
over the internet if those devices are connected to your systems.

Spyware

Spyware is used to survey or collect data and is most commonly installed on a mobile device
when users click on a malicious advertisement (“malvertisement”) or through scams that trick
users into downloading it unintentionally.

Poor Password Habits

A 2020 study by Balbix found that 99% of the people surveyed reused their passwords
between work accounts or between work and personal accounts. Unfortunately, the
passwords that employees are reusing are often weak as well.
Lost or Stolen Mobile Devices

Lost and stolen devices aren’t a new threat for organizations. But with more people working
remotely in public places like cafes or coffee shops and accessing your systems with a wider
range of devices, lost and stolen devices pose a growing risk to your organization.

Attacks on Mobile-Cell Phones:

• Mobile Phone Theft:
Mobile phones have become an integral part of everbody's life and the mobile phone has
transformed from being a luxury to a bare necessity. Increase in the purchasing power and
availability of numerous low cost handsets have also lead to an increase in mobile phone
users. Theft of mobile phones has risen dramatically over the past few years. Since huge
section of working population in India use public transport, major locations where theft
occurs are bus stops, railway stations and traffic signals.
The following factors contribute for outbreaks on mobile devices:
1. Enough target terminals: The first Palm OS virus was seen after the number of Palm
OS devices reached 15 million. The first instance of a mobile virus was observed during
June 2004 when it was discovered that an organization "Ojam" had engineered an
antipiracy Trojan virus in older versions of their mobile phone game known as Mosquito.
This virus sent SMS text messages to the organization without the users' knowledge.
2. Enough functionality: Mobile devices are increasingly being equipped with office
functionality and already carry critical data and applications, which are often protected
insufficiently or not at all. The expanded functionality also increases the probability of
malware.
3. Enough connectivity: Smart phones offer multiple communication options, such as
SMS, MMS, synchronization, Bluetooth, infrared (IR) and WLAN connections. Therefore,
unfortunately, the increased amount of freedom also offers more choices for virus writers.