Bansilal Ramnath Agarwal Charitable Trust's

Vishwakarma Institute of Technology

(An Autonomous Institute affiliated to Savitribai Phule Pune University)

Emerging Threats & Security Technologies

Presented By-
 Sachin Tadge (09)

Vishwakarma Institute of Technology

 Vishal Tayde (10)
666, Upper Indiranagar, Bibwewadi,

Pune, Maharashtra, INDIA - 411 037  Gauravi Wani (11)

What is Cyber Threat?
 A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal
data, or disrupt digital life in general.
 Cyber threats also refer to the possibility of a successful cyber attack that aims to
gain unauthorized access, damage, disrupt, or steal an information technology
asset, computer network, intellectual property or any other form of sensitive data.
 Cyber threats can come from within an organization by trusted users or from
remote locations by unknown parties. 
Emerging Threats
 Trojan Attack
 Ransomware
 Identity Theft
 Phishing
 Attacking from Computing Cloud
 Social Engineering
 Mobile Malware
 Crypto Jacking
Trojan Attack
 A Trojan horse or Trojan is a type of malware that is often disguised as legitimate
software.
 Trojans can be employed by cyber-thieves and hackers trying to gain access to
users' systems. Users are typically tricked by some form of social engineering
into loading and executing Trojans on their systems.
 Once activated, Trojans can enable cyber-criminals to spy on you, steal your
sensitive data, and gain backdoor access to your system. These actions can
include:
• Deleting data
• Blocking data
• Modifying data
• Copying data
Ransomware
 Ransomware is a type of malware attack in which the attacker locks and encrypts
the victim’s data and then demands a payment to unlock and decrypt the data.
 This type of attack takes advantage of human, system, network, and software
vulnerabilities to infect the victim’s device—which can be a computer, printer,
smartphone, wearable, point-of-sale (POS) terminal, or other endpoint.
Identity Theft
 Identity theft, also known as identity fraud, is a crime in which an imposter
obtains key pieces of personally identifiable information (PII), such as Social
Security or driver's license numbers, to impersonate someone else.
 The taken information can be used to run up debt purchasing credit, goods and
services in the name of the victim or to provide the thief with false credentials. In
rare cases, an imposter might provide false identification to police, creating a
criminal record or leaving outstanding arrest warrants for the person whose identity
has been stolen.
Phishing

 Phishing is a cybercrime in which a target or targets are contacted by email,

telephone or text message by someone posing as a legitimate institution to lure
individuals into providing sensitive data such as personally identifiable information,
banking and credit card details, and passwords.
 What really distinguishes phishing is the form the message takes: the attackers
masquerade as a trusted entity of some kind, often a real or plausibly real person,
or a company the victim might do business with.
Attacking from Computing Cloud
 Cloud Computing technology provides a shared pool of computing resources over
the internet at any time for little to no cost. Using cloud computing, many
individuals and businesses have already improved the efficiency of their operations
while reducing IT costs.
 Cloud technology is still being actively developed, and thus it has many
vulnerabilities that can be exploited by cybercriminals or malicious insiders. Let’s
look at the key cloud computing vulnerabilities that raise security concerns among
cloud users.
Social Engineering
 Social engineering is the art of manipulating people so they give up confidential
information. The types of information these criminals are seeking can vary, but
when individuals are targeted the criminals are usually trying to trick you into giving
them your passwords or bank information, or access your computer to secretly
install malicious software–that will give them access to your passwords and bank
information as well as giving them control over your computer.
 Criminals use social engineering tactics because it is usually easier to exploit your
natural inclination to trust than it is to discover ways to hack your software.  For
example, it is much easier to fool someone into giving you their password than it is
for you to try hacking their password (unless the password is really weak).
Mobile Malware
 Mobile malware is malicious software specifically designed to target mobile
devices, such as smartphones and tablets, with the goal of gaining access to
private data.
 Although mobile malware is not currently as pervasive as malware that attacks
traditional workstations, it’s a growing threat because many companies now allow
employees to access corporate networks using their personal devices, potentially
bringing unknown threats into the environment.
Crypto jacking
 Crypto jacking is malicious crypto mining that happens when cybercriminals hack
into both business and personal computers, laptops, and mobile devices to install
software.
 This software uses the computer’s power and resources to mine for
cryptocurrencies or steal cryptocurrency wallets owned by unsuspecting victims.
The code is easy to deploy, runs in the background, and is difficult to detect.
 With just a few lines of code, hackers can hijack the resources of any computer
and leave unsuspecting victims with slower computer response times, increased
processor usage, overheating computer devices, and higher electricity bills.
Hackers use these resources to both steal cryptocurrency from other digital wallets
and to allow hijacked computers to do the work so they can mine valuable coins.
Security Technologies
 Blockchain
 Deep Learning
 Biometric
 User Behavior Analytics
 Automation
 Zero-Trust Model
Blockchain
 Blockchain technology is labeled as a peer to peer network with a shared,
distributed ledger which records all data transactions across multiple networks.
The core benefit of using Blockchain is people can make secure transactions onto
a Blockchain irrespective of the industry.
 Blockchain technology can prevent a variety of data breaches, cyberattacks,
identity thefts and treachery in transactions. Blockchain ensures that the data
remains private and secure in all the blocks it creates to maintain transparency.
Deep Learning
 Applications of Deep Learning in Cybersecurity
•  Intrusion Detection Systems
• Intrusion Prevention Systems
• Dealing with Malware
• Network Traffic Analysis
Biometric
 Biometrics scanners are hardware used to capture the biometric for verification of
identity. These scans match against the saved database to approve or deny access to
the system. In other words, biometric security means your body becomes the “key” to
unlock your access.
 Examples of Biometric Security
Here are some common examples of biometric security:
• Voice Recognition
• Fingerprint Scanning
• Facial Recognition
• Iris Recognition
• Heart-Rate Sensors
 User Behavior Analytics
 Once someone's username and password are compromised, whoever has them
can waltz onto a network and engage in all kinds of malicious behavior. That
behavior can trigger a red flag to system defenders if they're employing user
behavior analytics (UBA). The technology uses big data analytics to identify
anomalous behavior by a user.
 Automation
 Automation in cyber security is becoming all the more important, but it is vital to
have total control over how automation operates. With the increasing number of
alerts and threats that cyber security organizations are facing on a daily basis, it
becomes overwhelming for SecOps teams and analysts to deal with each and
every one of them. That is why automation plays a vital part in modern cyber
security.
 The role of automation in SOAR (Security Orchestration Automation and
Response) is to ease the burden of cyber security organizations by automating
repetitive behavior and recurring tasks. The degree of automation can be adjusted,
and security teams can determine whether they want some tasks to include human
interaction (extremely fundamental in some processes) or if they want all of their
tasks to be fully automated.
Zero-Trust Model

 Zero Trust is a network security model, based on a strict identity verification

process. The framework dictates that only authenticated and authorized users and
devices can access applications and data. At the same time, it protects those
applications and users from advanced threats on the Internet
Thank You 