2.

Worm

It is a type of malware whose primary function is to replicate itself to spread to uninfected

computers. It works same as the computer virus. Worms often originate from email
attachments that appear to be from trusted senders.

3. Trojan horse

It is a malicious program that occurs unexpected changes to computer setting and unusual
activity, even when the computer should be idle. It misleads the user of its true intent. It
appears to be a normal application but when opened/executed some malicious code will run
in the background.

4. Backdoors

It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting or
other purposes.

5. Bots

A bot (short for "robot") is an automated process that interacts with other network services.
Some bots program run automatically, while others only execute commands when they
receive specific input. Common examples of bots program are the crawler, chatroom bots,
and malicious bots.

CYBER SECURITY Page 9

The 7 layers of cyber security should centre on the mission critical assets you are seeking to
protect.

1: Mission Critical Assets – This is the data you need to protect

2: Data Security – Data security controls protect the storage and transfer of data.
3: Application Security – Applications security controls protect access to an application, an
application’s access to your mission critical assets, and the internal security of the
application.
4: Endpoint Security – Endpoint security controls protect the connection between devices and
the network.
5: Network Security – Network security controls protect an organization’s network and
prevent unauthorized access of the network.
6: Perimeter Security – Perimeter security controls include both the physical and digital
security methodologies that protect the business overall.
7: The Human Layer – Humans are the weakest link in any cyber security posture. Human
security controls include phishing simulations and access management controls that protect
mission critical assets from a wide variety of human threats, including cyber criminals,
malicious insiders, and negligent users.

Vulnerability, threat, Harmful acts

As the recent epidemic of data breaches illustrates, no system is immune to attacks. Any
company that manages, transmits, stores, or otherwise handles data has to institute and
enforce mechanisms to monitor their cyber environment, identify vulnerabilities, and close up
security holes as quickly as possible.
Before identifying specific dangers to modern data systems, it is crucial to understand the
distinction between cyber threats and vulnerabilities.

Cyber threats are security incidents or circumstances with the potential to have a negative
outcome for your network or other data management systems.
Examples of common types of security threats include phishing attacks that result in the
installation of malware that infects your data, failure of a staff member to follow data
protection protocols that cause a data breach, or even a tornado that takes down your
company’s data headquarters, disrupting access.

Vulnerabilities are the gaps or weaknesses in a system that make threats possible and tempt
threat actors to exploit them.

Types of vulnerabilities in network security include but are not limited to SQL injections,
server misconfigurations, cross-site scripting, and transmitting sensitive data in a non-
encrypted plain text format.
When threat probability is multiplied by the potential loss that may result, cyber security
experts, refer to this as a risk.

CYBER SECURITY Page 10

SECURITY VULNERABILITIES, THREATS AND ATTACKS –
Categories of vulnerabilities
 Corrupted (Loss of integrity)

 Leaky (Loss of confidentiality)

 Unavailable or very slow (Loss of availability)

– Threats represent potential security harm to an asset when vulnerabilities are exploited
- Attacks are threats that have been carried out
 Passive – Make use of information from the system without affecting system
resources

 Active – Alter system resources or affect operation

 Insider – Initiated by an entity inside the organization

 Outsider – Initiated from outside the perimeter

Computer criminals
Computer criminals have access to enormous amounts of hardware, software, and data; they
have the potential to cripple much of effective business and government throughout the
world. In a sense, the purpose of computer security is to prevent these criminals from doing
damage.
We say computer crime is any crime involving a computer or aided by the use of one.
Although this definition is admittedly broad, it allows us to consider ways to protect
ourselves, our businesses, and our communities against those who use computers maliciously.
One approach to prevention or moderation is to understand who commits these crimes and
why. Many studies have attempted to determine the characteristics of computer criminals. By
studying those who have already used computers to commit crimes, we may be able in the
future to spot likely criminals and prevent the crimes from occurring.
CIA Triad
The CIA Triad is actually a security model that has been developed to help people think
about various parts of IT security.
CIA triad broken down:

Confidentiality

It's crucial in today's world for people to protect their sensitive, private information from
unauthorized access.

Protecting confidentiality is dependent on being able to define and enforce certain access
levels for information.

CYBER SECURITY Page 11

In some cases, doing this involves separating information into various collections that are
organized by who needs access to the information and how sensitive that information actually
is - i.e. the amount of damage suffered if the confidentiality was breached.

Some of the most common means used to manage confidentiality include access control lists,
volume and file encryption, and Unix file permissions.

Integrity

Data integrity is what the "I" in CIA Triad stands for.

This is an essential component of the CIA Triad and designed to protect data from deletion or
modification from any unauthorized party, and it ensures that when an authorized person
makes a change that should not have been made the damage can be reversed.

Availability

This is the final component of the CIA Triad and refers to the actual availability of your data.
Authentication mechanisms, access channels and systems all have to work properly for the
information they protect and ensure it's available when it is needed.

Understanding the CIA triad

The CIA Triad is all about information. While this is considered the core factor of the
majority of IT security, it promotes a limited view of the security that ignores other important
factors.

For example, even though availability may serve to make sure you don't lose access to
resources needed to provide information when it is needed, thinking about information
security in itself doesn't guarantee that someone else hasn't used your hardware resources
without authorization.

It's important to understand what the CIA Triad is, how it is used to plan and also to
implement a quality security policy while understanding the various principles behind it. It's
also important to understand the limitations it presents. When you are informed, you can
utilize the CIA Triad for what it has to offer and avoid the consequences that may come along
by not understanding it.

Assets and Threat

What is an Asset: An asset is any data, device or other component of an organization’s

systems that is valuable – often because it contains sensitive data or can be used to access
such information.

For example: An employee’s desktop computer, laptop or company phone would be

considered an asset, as would applications on those devices. Likewise, critical infrastructure,
such as servers and support systems, are assets. An organization’s most common assets are
information assets. These are things such as databases and physical files – i.e. the sensitive
data that you store

CYBER SECURITY Page 12

What is a threat: A threat is any incident that could negatively affect an asset – for
example, if it’s lost, knocked offline or accessed by an unauthorized party.

Threats can be categorized as circumstances that compromise the confidentiality, integrity or

availability of an asset, and can either be intentional or accidental.

Intentional threats include things such as criminal hacking or a malicious insider stealing
information, whereas accidental threats generally involve employee error, a technical
malfunction or an event that causes physical damage, such as a fire or natural disaster.

Motive of Attackers

The categories of cyber-attackers enable us to better understand the attackers' motivations

and the actions they take. As shown in Figure, operational cyber security risks arise from
three types of actions: i) inadvertent actions (generally by insiders) that are taken without
malicious or harmful intent; ii) deliberate actions (by insiders or outsiders) that are taken
intentionally and are meant to do harm; and iii) inaction (generally by insiders), such as a
failure to act in a given situation, either because of a lack of appropriate skills, knowledge,
guidance, or availability of the correct person to take action Of primary concern here are
deliberate actions, of which there are three categories of motivation.

1. Political motivations: examples include destroying, disrupting, or taking control of

targets; espionage; and making political statements, protests, or retaliatory actions.
2. Economic motivations: examples include theft of intellectual property or other
economically valuable assets (e.g., funds, credit card information); fraud; industrial
espionage and sabotage; and blackmail.
3. Socio-cultural motivations: examples include attacks with philosophical, theological,
political, and even humanitarian goals. Socio-cultural motivations also include fun,
curiosity, and a desire for publicity or ego gratification.

Types of cyber-attacker actions and their motivations when deliberate

CYBER SECURITY Page 13
Active attacks: An active attack is a network exploit in which a hacker attempts to make
changes to data on the target or data en route to the target.

Types of Active attacks:

Masquerade: in this attack, the intruder pretends to be a particular user of a system to gain
access or to gain greater privileges than they are authorized for. A masquerade may be
attempted through the use of stolen login IDs and passwords, through finding security gaps in
programs or through bypassing the authentication mechanism.

Session replay: In this type of attack, a hacker steals an authorized user’s log in information
by stealing the session ID. The intruder gains access and the ability to do anything the
authorized user can do on the website.

Message modification: In this attack, an intruder alters packet header addresses to direct a
message to a different destination or modify the data on a target machine.

In a denial of service (DoS) attack, users are deprived of access to a network or web
resource. This is generally accomplished by overwhelming the target with more traffic than it
can handle.

In a distributed denial-of-service (DDoS) exploit, large numbers of compromised systems

(sometimes called a botnet or zombie army) attack a single target.

Passive Attacks:Passive attacks are relatively scarce from a classification perspective, but
can be carried out with relative ease, particularly if the traffic is not encrypted.

Types of Passive attacks:

Eavesdropping (tapping): the attacker simply listens to messages exchanged by two entities.
For the attack to be useful, the traffic must not be encrypted. Any unencrypted information,
such as a password sent in response to an HTTP request, may be retrieved by the attacker.

Traffic analysis: the attacker looks at the metadata transmitted in traffic in order to deduce
information relating to the exchange and the participating entities, e.g. the form of the
exchanged traffic (rate, duration, etc.). In the cases where encrypted data are used, traffic
analysis can also lead to attacks by cryptanalysis, whereby the attacker may obtain
information or succeed in unencrypting the traffic.

Software Attacks: Malicious code (sometimes called malware) is a type of software

designed to take over or damage a computer user's operating system, without the user's
knowledge or approval. It can be very difficult to remove and very damaging. Common
malware examples are listed in the following table:

CYBER SECURITY Page 14

Attack Characteristics
Virus A virus is a program that attempts to damage a computer system and replicate itself
to other computer systems. A virus:

 Requires a host to replicate and usually attaches itself to a host file or a

hard drive sector.
 Replicates each time the host is used.
 Often focuses on destruction or corruption of data.
 Usually attaches to files with execution capabilities such as .doc, .exe, and
.bat extensions.
 Often distributes via e-mail. Many viruses can e-mail themselves to
everyone in your address book.
 Examples: Stoned, Michelangelo, Melissa, I Love You.

Worm A worm is a self-replicating program that can be designed to do any number of

things, such as delete files or send documents via e-mail. A worm can negatively
impact network traffic just in the process of replicating itself. A worm:

 Can install a backdoor in the infected computer.

 Is usually introduced into the system through a vulnerability.
 Infects one system and spreads to other systems on the network.
 Example: Code Red.

Trojan A Trojan horse is a malicious program that is disguised as legitimate software.

horse Discretionary environments are often more vulnerable and susceptible to Trojan
horse attacks because security is user focused and user directed. Thus the
compromise of a user account could lead to the compromise of the entire
environment. A Trojan horse:

 Cannot replicate itself.

 Often contains spying functions (such as a packet sniffer) or backdoor
functions that allow a computer to be remotely controlled from the
network.
 Often is hidden in useful software such as screen savers or games.
 Example: Back Orifice, Net Bus, Whack-a-Mole.

Logic A Logic Bomb is malware that lies dormant until triggered. A logic bomb is a
Bomb specific example of an asynchronous attack.

 A trigger activity may be a specific date and time, the launching of a

specific program, or the processing of a specific type of activity.
 Logic bombs do not self-replicate.

CYBER SECURITY Page 15

Hardware Attacks:
Common hardware attacks include:

 Manufacturing backdoors, for malware or other penetrative purposes; backdoors

aren’t limited to software and hardware, but they also affect embedded radio-
frequency identification (RFID) chips and memory

 Eavesdropping by gaining access to protected memory without opening other

hardware

 Inducing faults, causing the interruption of normal behaviour

 Hardware modification tampering with invasive operations

 Backdoor creation; the presence of hidden methods for bypassing normal computer
authentication systems

 Counterfeiting product assets that can produce extraordinary operations and those
made to gain malicious access to systems.
Cyber Threats-Cyber Warfare:Cyber warfare refers to the use of digital attacks -- like
computer viruses and hacking -- by one country to disrupt the vital computer systems of
another, with the aim of creating damage, death and destruction. Future wars will see
hackers using computer code to attack an enemy's infrastructure, fighting alongside
troops using conventional weapons like guns and missiles.
Cyber warfare involves the actions by a nation-state or international organization to attack
and attempt to damage another nation's computers or information networks through, for
example, computer viruses or denial-of-service attacks.
Cyber Crime:
Cybercrime is criminal activity that either targets or uses a computer, a computer network
or a networked device.Cybercrime is committed by cybercriminals or hackers who want
to make money. Cybercrime is carried out by individuals or organizations.
Some cybercriminals are organized, use advanced techniques and are highly technically
skilled. Others are novice hackers.
Cyber Terrorism:
Cyber terrorism is the convergence of cyberspace and terrorism. It refers to unlawful
attacks and threats of attacks against computers, networks and the information stored
therein when done to intimidate or coerce a government or its people in furtherance of
political or social objectives.
Examples are hacking into computer systems, introducing viruses to vulnerable
networks, web site defacing, Denial-of-service attacks, or terroristic threats made via
electronic communication.
Cyber Espionage:
Cyber spying, or cyber espionage, is the act or practice of obtaining secrets and
information without the permission and knowledge of the holder of the information from

CYBER SECURITY Page 16