UNIT-3

Cyber Security
 Introduction

 We can divide cybersecurity into two parts one is cyber, and the
other is security.
 Cyber  technology that includes systems, networks, programs,
and data.
 Security  concerned with the protection of systems, networks,
applications, and information.
 It is also called Electronic Information Security or Information
Technology Security.
Motivation
 Applications of Cyber Security

 Network Security Surveillance

 Identification And Access Control (IAM)
 Software Security
 Risk Management
 Security During Software Development
 Security Against Distributed Denial for Service (DDoS)
Challenges
 Cyber Threat
• Any malicious act that attempts to gain access to a computer
network without authorization or permission from the owners.
• It refers to the wide range of malicious activities that can damage
or disrupt a computer system, a network or the information it
contain.
• Most common cyber threats:
• Social Engineered Trojans.
• Unpatched Software.
• Phishing.
• Network worms.
 Sources of Cyber Threats
Cyber threats can come from a wide variety of sources, some notable
examples include:
• National governments.
• Terrorists.
• Industrial secret agents.
• Rogue employees.
• Hackers.
• Business competitors.
• Organization insiders.
 Cyber Threat Classifications

• Threats can be classified by multiple criteria:

• Attacker's Resources
• Attacker's Organization
• Attacker's Funding
• On basis of these criteria, threats are of three types:
• Unstructured Threats
• Structured Threats
• Highly Structured threats
 Unstructured Cyber Threats

• Resources: Individual or small group.

• Organization: Little or no organization.
• Funding: Negligible.
• Attack: Easy to detect and make use of freely available
cyberattack tool.
• Exploitation based on documented vulnerabilities.
 Structured Cyber Threats

• Resources: Well trained individual or group.

• Organization: Well planned.
• Funding: Available.
• Attack: Against particular individual or organizations.
• Exploitation based on information Gathering.
 Highly Structured Cyber Threats

• Extensive organization, resources and planning over time.

• Attack: Long term attack on particular machine or data.
• Exploitation with multiple methods:-
Technical, social and insider help.
 Malware

 Short for malicious software.

 It is software used or created to disrupt computer operation, gather
sensitive information, or gain access to private computer systems.
 It can appear in the form of code, scripts, active content, and other
software.
 'Malware' is a general term used to refer to a variety of forms of
hostile, intrusive, or annoying software
 How Malware Spreads?

Malware is a program that must be triggered or somehow executed

before it can infect your computer system and spread to others.
Here are some examples on how malware is distributed:
a) Social network
b) Pirated software
c) Removable media
d) Emails
e) Websites
 Types of Malware

 Viruses
 Trojan horses
 Worms
 Spyware
 Zombie
 Phishing
 Spam
 Adware
 Ransomware
 Viruses

A program or piece of code that is loaded onto your computer without your knowledge and runs
against your wishes.
 Viruses can also replicate themselves.
 All computer viruses are manmade.
 Viruses copy themselves to other disks to spread to other computers.
 They can be merely annoying or they can be vastly destructive to your files
 Examples Of Computer Viruses

 Macro virus
 Boot virus
 Logic Bomb virus
 Directory virus
 Resident virus
 Trojan Horses

 A Trojan Horse program has the appearance of having a useful and

desired function.
 A Trojan Horse neither replicates nor copies itself, but causes
damage or compromises the security of the computer.
 A Trojan Horse must be sent by someone or carried by another
program and may arrive in the form of a joke program or software
of some sort.
 These are often used to capture your logins and passwords
Trojan Horses
 Example of Trojan Horses

 Remote access Trojans (RATs)

 Backdoor Trojans (backdoors)
 IRC Trojans (IRC bots)
 Keylogging Trojans
 Worms

 A computer worm is a self-replicating computer program.

 It uses a network to send copies of itself to other nodes (computers
on the network) and it may do so without any user intervention.
 It does not need to attach itself to an existing program.
 Spyware

 Spyware is a type of malware installed on computers that collects

information about users without their knowledge.
 The presence of spyware is typically hidden from the user and can
be difficult to detect.
 Spyware programs lurk on your computer to steal important
information, like your passwords and logins and other personal
identification information and then send it off to someone else
 Zombie

 Zombie programs take control of your computer and use it and its
Internet connection to attack other computers or networks or to
perform other criminal activities.
 Phishing

 Phishing (pronounced like the word 'fishing') is a message that tries

to trick you into providing information like your social security
number or bank account information or logon and password for a
web site.
 The message may claim that if you do not click on the link in the
message and log onto a financial web site that your account will be
blocked, or some other disaster
 Spam

 Spam is email that you did not request and do not want.
 One person's spam is another's useful newsletter or sale ad.
 Spam is a common way to spread viruses, trojans, and the like
 Adware

 Adware (short for advertising-supported software) is a type of

malware that automatically delivers advertisements.
 Common examples of adware include pop-up ads on websites and
advertisements that are displayed by software.
 Often times software and applications offer “free” versions that
come bundled with adware.
 Ransomware

 Ransomware is a form of malware that essentially holds a computer

system captive while demanding a ransom.
 The malware restricts user access to the computer either by
encrypting files on the hard drive or locking down the system and
displaying messages that are intended to force the user to pay the
malware creator to remove the restrictions and regain access to their
computer.
Cyber Attacks
 Types of Cyber Attacks

• Advanced Persistent Threat (APT):

• A network attack in which an unauthorized person gains
access to network and stays there undetected for a long
period of time.

• Backdoor:
• Method of bypassing normal authentication and gaining
access in OS or application.
 Types of Cyber Attacks Contin….

• Buffer Overflow:
• An exploit that takes advantage of the program that is
waiting for a user’s input.

• Man-in-the-middle Attack:
• This attack intercepts and relays messages between two
parties who are communicating directly with each other.
 Types of Cyber Attacks Contin….

• Cross-Site Scripting (XSS):

• A code injection attack that allows an attacker to execute
malicious JavaScript in another user’s browser.

• Denial of Service Attack:

• Any attack where the attackers attempt to prevent the
authorized users from accessing the service.
 Types of Cyber Attacks Contin….

• SQL injection:
• A very common exploited web application vulnerability
that allows malicious hacker to steal and alter data in
website’s database.

• Zero-day exploit:
• A vulnerability in a system or device that has been
disclosed but is not yet patched.
 Impacts of Cyber Attacks

• A successful cyber attack can cause major damage to

organizations or systems, as well as to business reputation and
consumer trust.

• Some potential results include:

• Financial loss.
• Reputational damage.
• Legal consequences.
 Tools for Cyber Security Assessment

 NMAP
 Wireshark
 Metasploit
 Aircrack
 Hashcat
 Burpsuite…… etc.
 NMAP
 NMAP (Network Mapper) is an open-source tool used for scanning the networks.
 It is mainly useful to discover hosts, information gathering about the network
devices on which service or port is open publicly .
 NMAP supports major OS platforms like Windows, Linux and even MAC OS.
 The main advantage of NMAP is flexible, easily portable, free, and well
documented.
 Wireshark
 Wireshark is used globally by many for analyzing network protocol.
 This tool help to capture using pcap, store and analyze each packet in a detailed
fashion.
 Wireshark supports OS platforms like Windows, Linux, Solaris, macOS etc.
 Wireshark is also an open-source tool similar to the tcpdump with a user interface
option.
AI Based Cyber Threat
 Cyber Security Opportunities in Market and Skillset

 Networking and System Administration

 Knowledge of Operating Systems and Virtual Machines
 Coding
 Cloud Security
 Artificial Intelligence (AI)
 An Understanding of Hacking