Introduction to Cyber Security

 Cyber security is the practice of protecting systems, networks, and programs from digital
attacks.
 These cyber-attacks are usually aimed at accessing, changing, or destroying sensitive
information.
 The three main goals of cyber security:
 Confidentiality, Integrity, and Availability
 They work in harmony to protect data from threats, ensure its accuracy, and make it
accessible to those who need it.

 Types of Cyber security:

1. Network Security –
 It focuses on securing computer networks from unauthorized access, data
breaches, and other networkbased threats.
 It involves technologies such as Firewalls, Intrusion detection systems (IDS),
Virtual private networks (VPNs).
2. Application Security:
 It is concerned with securing software applications and preventing
vulnerabilities. It involves secure coding practices, regular software updates
and patches, and application-level firewalls.
3. Information or Data Security:
 It focuses on protecting sensitive information from unauthorized access,
disclosure, alteration. It includes Encryption, Access controls, Data
classification, and Data loss prevention (DLP) measures.
4. Cloud Security:
 It involves securing data, applications, and infrastructure hosted on cloud
platforms.It uses various cloud service providers such as AWS, Azure, Google
Cloud, etc., to ensure security against multiple threats.
5. Mobile Security:
 It involves securing the organizational and personal data stored on mobile
devices such as cell phones, tablets, and other similar devices against various
malicious threats. These threats are Unauthorized access, Device loss or Theft,
Malware, etc.
 Regularly backing up mobile device data is important to prevent data loss in
case of theft, damage, or device failure.
 Mobile devices often connect to various networks, including public Wi-Fi,
which can pose security risks. It is important to use secure networks whenever
possible, such as encrypted Wi-Fi networks or cellular data connections.
6. Endpoint Security:
 It refers to securing individual devices such as computers, laptops,
smartphones, and IoT devices.
 It includes antivirus software, intrusion prevention systems (IPS), device
encryption, and regular software updates.
 Antivirus and Anti-malware software that scans and detects malicious software,
such as Viruses, Worms, Trojans, and Ransomware. Firewalls are essential
components of endpoint security.
6. Internet of Things (IoT) Security:
 IoT security is the practice of protecting Internet of Things (IoT) devices from
attack.
  It is based on a cybersecurity strategy to protect IoT devices and the vulnerable
networks they connect to from cyber attacks.

Types of Cyber Threats

1. Malware
2. Denial-of-Service (DoS) Attacks
3. Phishing
4. Spoofing
5. Identity-Based Attacks
6. Code Injection Attacks
7. Supply Chain Attacks
8. Insider Threats
9. DNS Tunneling
10. IoT-Based Attacks
1. Malware:
 Malware — or malicious software — is any program or code that is created with the intent
to do harm to a computer, network or server.
 Most common type of cyber attack.

Type Description
Ransomware In a ransomware attack, an adversary encrypts a victim’s data and offers
to provide a decryption key in exchange for a payment. Ransomware
attacks are usually launched through malicious links delivered via
phishing emails, but unpatched vulnerabilities and policy
misconfigurations are used as well.

Fileless Malware Fileless malware is a type of malicious activity that uses native, legitimate tools
built into a system to execute a cyber attack. Unlike traditional malware, fileless
malware does not require an attacker to install any code on a target’s system,
making it hard to detect.

Spyware Spyware is a type of unwanted, malicious software that infects a computer or

other device and collects information about a user’s web activity without their
knowledge or consent.

Adware Adware is a type of spyware that watches a user’s online activity in order to
determine which ads to show them. While adware is not inherently malicious,
it has an impact on the performance of a user’s device and degrades the user
experience.

Trojan A trojan is malware that appears to be legitimate software disguised as native

operating system programs or harmless files like free downloads. Trojans are
installed through social engineering techniques such as phishing or bait
websites. The zeus trojan malware, a variant, has the goal accessing financial
information and adding machines to a botnet.

Virus Virus is a computer program or software that connects itself to another

software or computer program to harm computer system. When the computer
program runs attached with virus it perform some action such as deleting a file
 from the computer system. Virus can’t be controlled by remote. Resident and
Non-resident viruses are two types of Virus.

Worms A worm is a self-contained program that replicates itself and spreads its copies
to other computers. A worm may infect its target through a software
vulnerability or it may be delivered via phishing or smishing. Embedded worms
can modify and delete files, inject more malicious software, or replicate in place
until the targeted system runs out of resources

Backdoors Backdoors are hidden entry points into a computer system. It bypass normal
authentication mechanisms. Attackers use backdoors to gain unauthorized
access to systems. A Backdoor can be installed on your system by hackers in the
form of some malware application or using your device’s software
vulnerabilities.

Rootkits Rootkit malware is a collection of software designed to give malicious actors

control of a computer network or application. Once activated, the malicious
program sets up a backdoor exploit and may deliver additional
malware. Bootkits take this a step further by infecting the master boot prior to
the operating system being on boot up, going undetectable at times

Exploits An exploit is a piece of software or data that opportunistically uses a defect in

an operating system or an app to provide access to unauthorized actors. The
exploit may be used to install more malware or steal data.

Keylogger Keyloggers are tools that record what a person types on a device. While there
are legitimate and legal uses for keyloggers, many uses are malicious. In a
keylogger attack, the keylogger software records every keystroke on the victim’s
device and sends it to the attacker

Botnet Botnet is a network of computers infected with malware that are controlled by
a bot herder. The bot herder is the person who operates the botnet
infrastructure and uses the compromised computers to launch attacks designed
to crash a target’s network, inject malware, harvest credentials or execute CPU-
intensive tasks.

2. Denial-of-Service (DoS) Attacks:

 A Denial-of-Service (DoS) attack is a malicious, targeted attack that floods a network with
false requests in order to disrupt business operations.
 In a DoS attack, users are unable to perform routine and necessary tasks, such as accessing
email, websites, online accounts or other resources that are operated by a compromised
computer or network.
 While most DoS attacks do not result in lost data and are typically resolved without paying
a ransom, they cost the organization time, money and other resources in order to restore
critical business operations.
 The difference between DoS and Distributed Denial of Service (DDoS) attacks has to do
with the origin of the attack. DoS attacks originate from just one system while DDoS
attacks are launched from multiple systems.
 DDoS attacks are faster and harder to block than DOS attacks because multiple systems
must be identified and neutralized to halt the attack.
 Types:

 HTTP flood DDoS- the attacker uses HTTP requests that appear legitimate to overwhelm an
application or web server.
 UDP flood DDoS- a remote host is flooded with User Datagram Protocol (UDP) packets sent to
random ports.
 ICMP flood - a barrage of ICMP Echo Request packets overwhelms the target, consuming both
inbound and outgoing bandwidth.
3. PhishingAttacks:
 Phishing is a type of cyberattack that uses email, SMS, phone, social media, and social
engineering techniques to entice a victim to share sensitive information — such as
passwords or account numbers — or to download a malicious file that will install viruses
on their computer or phone.

Type Description

Spear Spear-phishing is a type of phishing attack that targets specific individuals

Phishing or organizations typically through malicious emails. The goal of spear
phishing is to steal sensitive information such as login credentials or infect
the targets’ device with malware.

Whaling A whaling attack is a type of social engineering attack specifically

targeting senior or C-level executive employees with the purpose of
stealing money or information, or gaining access to the person’s computer
in order to execute further cyberattacks.

SMiShing Smishing is the act of sending fraudulent text messages designed to trick
individuals into sharing sensitive data such as passwords, usernames and
credit card numbers. A smishing attack may involve cybercriminals
pretending to be your bank or a shipping service you use.

Vishing Vishing, a voice phishing attack, is the fraudulent use of phone calls and
voice messages pretending to be from a reputable organization to convince
individuals to reveal private information such as bank details and
passwords.

4. Spoofing
 Spoofing is a technique through which a cybercriminal disguises themselves as a known
or trusted source.
 In so doing, the adversary is able to engage with the target and access their systems or
devices with the ultimate goal of stealing information, extorting money or installing
malware or other harmful software on the device.

Type Description

Domain Domain spoofing is a form of phishing where an attacker impersonates

Spoofing a known business or person with fake website or email domain to fool
people into the trusting them. Typically, the domain appears to be
legitimate at first glance, but a closer look will reveal subtle differences.
 Email Spoofing Email spoofing is a type of cyberattack that targets businesses by using
emails with forged sender addresses. Because the recipient trusts the
alleged sender, they are more likely to open the email and interact with
its contents, such as a malicious link or attachment.

ARP Spoofing Address Resolution Protocol (ARP) spoofing or ARP poisoning is a

form of spoofing attack that hackers use to intercept data. A hacker
commits an ARP spoofing attack by tricking one device into sending
messages to the hacker instead of the intended recipient. This way, the
hacker gains access to your device’s communications, including
sensitive data.

5. Identity-Based Attacks:
 Identity-driven attacks are extremely hard to detect. When a valid user’s credentials
have been compromised and an adversary is masquerading as that user, it is often very
difficult to differentiate between the user’s typical behavior and that of the hacker using
traditional security measures and tools.
6. Code Injection Attacks:
 Code injection attacks consist of an attacker injecting malicious code into a vulnerable
computer or network to change its course of action.
 Eg. SQL injection, cross site scripting(XSS), Data poisioning
7. Supply Chain Attacks:
 A supply chain attack is a type of cyberattack that targets a trusted third-party vendor
who offers services or software vital to the supply chain. Software supply chain attacks
inject malicious code into an application in order to infect all users of an app, while
hardware supply chain attacks compromise physical components for the same purpose.
Software supply chains are particularly vulnerable because modern software is not
written from scratch: rather, it involves many off-the-shelf components, such as third-
party APIs, open source code and proprietary code from software vendors.
8. DNS Tunneling:
 DNS Tunneling is a type of cyberattack that leverages/take benefit of domain name
system (DNS) queries and responses to bypass traditional security measures and
transmit data and code within the network.
 Once infected, the hacker can freely engage in command-and-control activities. This
tunnel gives the hacker a route to unleash malware and/or to extract data, IP or other
sensitive information by encoding it bit by bit in a series of DNS responses.
 DNS tunneling attacks have increased in recent years, in part because they are relatively
simple to deploy. Tunneling toolkits and guides are even readily accessible online
through mainstream sites like YouTube.
9. IoT-Based Attacks:
 An IoT attack is any cyberattack that targets an Internet of Things (IoT) device or
network. Once compromised, the hacker can assume control of the device, steal data,
or join a group of infected devices to create a botnet to launch DoS or DDoS attacks.

How To Protect Against Cyber Attacks

 A comprehensive cybersecurity strategy is absolutely essential in today’s connected

world.
 From a business perspective, securing the organization’s digital assets has the obvious
benefit of a reduced risk of loss, theft or destruction, as well as the potential need to
pay a ransom to regain control of company data or systems.
  In preventing or quickly remediating cyberattacks, the organization also minimizes
the impact of such events on business operations.
 Recommendations for protection against cyber attacks:
 Protect All Workloads: You must secure all critical areas of enterprise risk,
including endpoints and cloud workloads, identity and data.
 Know Your Adversary: CrowdStrike Falcon® Intelligence identifies today’s
bad actors and exposes their playbook to enable security teams to proactively
optimize preventions, strengthen defenses and accelerate incident response.
 Be Ready When Every Second Counts: Security teams of all sizes must invest
in speed and agility for their daily and tactical decision making by automating
preventive, detection, investigative and response workflows with integrated
cyber threat intelligence directly observed from the front lines.
 Adopt Zero Trust: Because today’s global economy requires data to be
accessible from anywhere at any time, it is critical to adopt a Zero Trust model.
The CrowdStrike Zero Trust solution connects the machine to the identity and
the data to deliver full Zero Trust protection.
 Monitor the Criminal Underground: Adversaries congregate to collaborate
using a variety of hidden messaging platforms and dark web forums. Leverage
digital risk monitoring tools like Falcon Intelligence Recon to monitor
imminent threats to your brand, identities or data.
 Invest in Elite Threat Hunting: The combination of technology with expert
threat hunters is absolutely mandatory to see and stop the most sophisticated
threats. Top-quality managed services such as Falcon Complete and Falcon
OverWatch can help you close the growing cyber skills gap with the expertise,
resources and coverage needed to augment your team.
 Build Comprehensive Cybersecurity Training Program: User awareness
programs should be initiated to combat the continued threat of phishing and
related social engineering techniques.

Vulnerabilities

 Vulnerability in security refers to a weakness or opportunity in an information system that

cybercriminals can exploit and gain unauthorized access to a computer system.
 Vulnerabilities weaken systems and open the door to malicious attacks.

 Hardware Vulnerability: Hardware vulnerability is a weakness which can used

to attack the system hardware through physically or remotely.
 For examples:
1. Old version of systems or devices
2. Unprotected storage
3. Unencrypted devices, etc.

 Software Vulnerability: A software error happen in development or configuration

such as the execution of it can violate the security policy.
 For examples:
1. Lack of input validation
2. Unverified uploads
3. Cross-site scripting
4. Unencrypted data, etc.
  Network Vulnerability: A weakness happen in network which can be hardware or
software.
 For examples:
1. Unprotected communication
2. Malware or malicious software (e.g.:Viruses, Worms, etc)
3. Social engineering attacks
4. Misconfigured firewalls

 Human vulnerabilities: Common human vulnerabilities includes;

1. Opening email attachments infected with malware
2. Forgetting to install software updates on mobile devices.

Cyber Crimes
Cybercrime is any criminal activity that involves a computer, network or networked device. Types
of Cybercrimes: Identity Theft:
 Taking and using someone’s personal information without permission. It’s usually for doing
fraud.
 For eg. Stealing someone’s social security number to open bank account or get credit cards.

Hacking:
 Criminal hacking is the act of gaining unauthorized access to data in a computer or network.
 Hackers steal data ranging from personal information and corporate secrets to government
intelligence. Hackers also break into networks to disrupt operations of companies and
governments.

Ransomware:
 Ransomware attacks are a very common type of cybercrime.
 It is a type of malware that has the capability to prevent users from accessing all of their
personal data on the system by encrypting them and then asking for a ransom to give access
to the encrypted data. (It is a Malicious software locks valuable digital files and demanding a
ransom for their release.)
 Ransomware typically affect via email, attract a user to click on an attachment or visit a
website that infects their computer with malicious code.

Phishing and scams:

 Phishing refers to a method used by cyber criminals to obtain confidential information using
emails or texts.
 Scammers pose as a trusted source (often a bank or well-known company) and trick
recipients into providing personal information, such as account passwords and social security
numbers. Phishing messages often use fraud link to attract recipients to click a link or open
an attachment.
Internet Fraud:
 Internet fraud is a type of cybercrimes that makes use of the internet and it can be considered
a general term that groups all of the crimes that happen over the internet like spam, banking
frauds, theft of service, etc.

Hacking:
 Hacking is the act of gaining unauthorized access to data in a system or computer. Hacking
refers to activities that seek to compromise digital devices, such as computers, smartphones,
tablets, and even entire networks. Types of Hacking/hackers: Positive hacking/Ethical
hacking:
  It is also known as White Hat Hackers.
 White hat hackers are the one who is authorized or the certified hackers who work for the
government and organizations by performing penetration testing and identifying loopholes in
their cybersecurity.
 They also ensure the protection from the malicious cyber crimes.
 They work under the rules and regulations provided by the government, that’s why they are
called Ethical hackers or Cybersecurity experts.

Black Hat Hackers(Malicious hacking):
 They are often called Crackers.
 Black Hat Hackers can gain the unauthorized access of your system and destroy your vital
data. The method of attacking they use common hacking practices they have learned earlier.
 They are considered to be as criminals and can be easily identified because of their malicious
actions.

Gray Hat Hackers:

 Gray hat hackers fall somewhere in the category between white hat and black hat hackers.
 They are not legally authorized hackers.
 They work with both good and bad intentions; they can use their skills for personal gain. It all
depends upon the hacker.
 If a gray hat hacker uses his skill for his personal gains, he/she is considered as black hat
hackers.

Script Kiddies:
 They are the most dangerous people in terms of hackers.
 A Script kiddie is an unskilled person who uses scripts or downloads tools available for
hacking provided by other hackers.
 They attempt to attack computer systems and networks and deface websites. Their main
purpose is to impress their friends and society. Generally, Script Kiddies are juveniles who
are unskilled about hacking.

Hacktivist/Hactivism:
 These are also called the online versions of the activists.
 Hacktivist is a hacker or a group of anonymous hackers who gain unauthorized access to
government’s computer files and networks for further social or political ends.