Introduction

 Cyber Criminals attack the systems in a systematic way.

 Some of the stages involved in the approach followed by cyber criminals are :
 Initial uncovering
• Reconnaissance, the attacker gathers information about the target on the Internet websites
• finds the company’s internal network, such as, Internet domain, machine names and the company’s Internet
Protocol (IP) address ranges to steal the data
 Network probe (Investigation)
• “ping sweep” of the network IP addresses
• “port scanning”
 Crossing the line toward electronic crime (E-crime)
 Attackers are able to access a user account, then they will attempt further exploits to get an administrator or
“root” access
 Capturing the network
 Grab the data
 Covering tracks
 Proxy Servers and Anonymizers
 Proxy server is a computer on a network which acts as an intermediary for connection with other computers on that
network.
 The attacker first connects to a proxy server and establishes a connection with the target system through existing
connection with proxy.
 This enables an attacker to surf on the Web anonymously and/or hide the attack.
 A client connects to the proxy server and requests some services (such as a file, webpage) available from a different server.
 The proxy server evaluates the request and provides the resource by establishing the connection to the respective server
and/or requests the required service on behalf of the client.
 Using a proxy server can allow an attacker to hide ID (i.e., become anonymous on the network).
 Purpose of Proxy Servers
 Keep the systems behind the curtain (mainly for security reasons).
 Speed up access to a resource (through “caching”).
 It is usually used to cache the web pages from a web server.
 Specialized proxy servers are used to filter unwanted content such as advertisements.
 Proxy server can be used as IP address multiplexer to enable to connect number of computers on the Internet, whenever
one has only one IP address
• One of the advantages of a proxy server is that its cache memory can serve all users.
• If one or more websites are requested frequently, may be by different users, it is likely to be in the proxy’s cache
memory, which will improve user response time.
 An anonymizer or an anonymous proxy is a tool that attempts to make activity on the Internet untraceable. It accesses the
Internet on the user’s behalf, protecting personal information by hiding the source computer’s identifying information.
 Anonymizers are services used to make Web surfing anonymous by utilizing a website that acts as a proxy server for the
web client.
Scareware
Malvertising
Clickjacking
Ransomware

https://www.guru99.com/free-proxy-server-list.html
 Phishing
“Phishing” refers to an attack using mail programs to deceive
Internet users into disclosing confidential information that can be
then exploited for illegal purposes.
While checking electronic mail (E-Mail), you find a message from
the bank threatening to close the bank account if you do not reply
immediately.
This message seems to be suspicious from the contents of the
message, it is difficult to conclude that it is a fake/false E-Mail.
These messages are examples of Phishing – in addition to stealing
personal and financial data – and can infect systems with viruses
and also a method of online ID theft in various cases.
These messages look authentic and attempt to get users to reveal
their personal information.
Remote Access Trojans (RATs)
 Stages of Phishing
1. Planning: Criminals, usually called as Phishers, decide the target.
2. Setup: Once Phishers know which business/business house to
spoof and who their victims.
3. Attack: Phishers sends a phony message that appears to be from a
reputable source.
4. Collection: Phishers record the information of victims entering
into WebPages or popup windows.
5. Identity theft and fraud: Phishers use the information that they
have gathered to make illegal purchases or commit fraud.

Remote Access Trojans (RATs)

 Password Cracking
Password is like a key to get an entry into computerized systems like a lock.
Password cracking is a process of recovering passwords from data that have been stored in or transmitted by a computer
system.
An attacker follows a common approach of repeatedly making guesses for the password.

Purpose of Password Cracking:

1. To recover a forgotten password.
2. As a preventive measure by system administrators to check for easily crackable passwords.
3. To gain unauthorized access to a system.
The attacker follows the following steps:
1. Find a valid user account such as an Administrator or Guest;
2. create a list of possible passwords;
3. rank the passwords from high to low probability;
4. key-in each password;
5. try again until a successful password is found.
 Password Cracking
An attacker can also create a script file (i.e., automated program) which will be executed to try each password in a list.
This is still considered manual cracking, is time-consuming and not usually effective.
Passwords are stored in a database and password verification process is established into the system when a user attempts to
login or access a restricted resource.
To ensure confidentiality of passwords, the password verification data is usually not stored in a clear text format.
For example, one-way function (which may be either an encryption function or a cryptographic hash) is applied to the
password, possibly in combination with other data, and the resulting value is stored.
When a user attempts to login to the system by entering the password, the same function is applied to the entered value and the
result is compared with the stored value. If they match, user gains the access; this process is called authentication.
List of Guessable Passwords :
1. Blank (none)
2. the words like “password,” “passcode” and “admin”
3. series of letters from the “QWERTY” keyboard, for example, qwerty, asdf or qwerty uiop
4. user’s name or login name
5. name of user’s friend/relative/pet
6. user’s birthplace or date of birth, or a relative’s or a friend’s
7. user’s vehicle number, office number, residence number or mobile number
8. name of a celebrity who is considered to be an idol (e.g., actors, actress, spiritual gurus) by the user
 Classification of Password Cracking
• An attacker can create a script file that will be executed to try each password in a list and when matches,
an attacker can gain the access to the system.
• The most popular online attack is man-in-the middle (MITM) attack, also termed as “bucket- brigade
Online attack” or sometimes “Janus attack.”
• It is a form of active stealing in which the attacker establishes a connection between a victim and the
server to which a victim is connected.

• Mostly offline attacks are performed from a location other than the target (i.e., either a computer system
or while on the network) where these passwords reside or are used.
Offline • Offline attacks usually require physical access to the computer and copying the password file from the
system onto removable media.

Non • Social Engineering, Shoulder Surfing and Dumpster Diving

Electronic
 Password Guidelines
1. Passwords used for business E-Mail accounts, personal E-Mail accounts and banking/financial user accounts should be

kept separate.

2. Passwords should be of minimum eight alphanumeric characters (common names or phrases should be phrased).

3. Passwords should be changed every 30/45 days.

4. Passwords should not be shared with relatives and/or friends.

5. Password used previously should not be used while renewing the password.

6. Passwords of personal E-Mail accounts and banking/financial user accounts should be changed from a secured system,

within couple of days, if these E-Mail accounts has been accessed from public Internet facilities such as

cybercafés/hotels/libraries.

7. Passwords should not be stored under mobile phones/PDAs, as these devices are also prone to cyber attacks.

8. In case E-Mail accounts/user accounts have been hacked, respective agencies/institutes should be contacted immediately.
Malwares

1. Viruses and worms:

These are known as infectious malware . They spread
from one computer system to another with a particular
behavior.
2 . Trojan Horses:
A Trojan Horse, Trojan for short, is a term used to
describe malware that appears, to the user, to perform a
desirable function but, in fact, facilitates unauthorized
access to the user’s computer system
3. Rootkits: Rootkits is a software system that consists
of one or more programs designed to obscure the fact that
a system has been compromised.
4. Backdoors: Backdoor in a computer system (or
cryptosystem or algorithm) is a method of bypassing
normal authentication, securing remote access to a
computer, obtaining access to plain text and so on while
attempting to remain undetected.
 Spywares
 Spyware is a type of malware (i.e., malicious software) that is installed on computers which collects information about
users without their knowledge.
 The presence of Spyware is typically hidden from the user; it is secretly installed on the user’s personal computer.
 Sometimes, however, Spywares such as key loggers are installed by the owner of a shared, corporate or public computer on
purpose to secretly monitor other users.
Spywares
 Key Loggers and Spywares
 Keystroke logging, often called
keylogging, is the practice of noting
(or logging) the keys struck on a
keyboard, typically in a covert
manner so that the person using the
keyboard is unaware that such
actions are being monitored.
 Keystroke logger or key logger is
quicker and easier way of capturing
the passwords and monitoring the
victims’ IT savvy behavior. It can be
classified as software key logger and
hardware key logger.
 • Software keyloggers are software programs installed on the computer systems which usually
are located between the OS and the keyboard hardware, and every keystroke is recorded.
• Software keyloggers are installed on a computer system by Trojans or viruses without the
knowledge of the user.
Software Key • Cybercriminals always install such tools on the insecure computer systems available in public
Loggers places (i.e., cybercafés, etc) and can obtain the required information about the victim very
easily.
• A keylogger usually consists of two files that get installed in the same directory: a dynamic
link library (DLL) file and an EXEcutable (EXE) file that installs the DLL file and triggers it to
work. DLL does all the recording of keystrokes.

• Hardware keyloggers are small hardware devices.

• These are connected to the PC and/or to the keyboard and save every keystroke into a file
Hardware or in the memory of the hardware device.
• Cybercriminals install such devices on ATM machines to capture ATM Cards’ PINs.
Key Loggers • Each keypress on the keyboard of the ATM gets registered by these keyloggers.
• These keyloggers look like an integrated part of such systems; hence, bank customers are
unaware of their presence.
 Antikeylogger
 Anti key Logger is a tool that can detect the key logger installed on the computer system and can remove the tool.
 Advantages of using antikeylogger are as follows:
1. Firewalls cannot detect the installations of key loggers on the systems; hence, antikeyloggers can detect installations of
key logger.
2. This software does not require regular updates of signature bases to work effectively such as other antivirus and
antispy programs; if not updated, it does not serve the purpose, which makes the users at risk.
3. Prevents Internet banking frauds. Passwords can be easily gained with the help of installing key loggers.
4. It prevents ID theft
5. It secures E-Mail and instant messaging/chatting.
 Virus and Worms
 Computer virus is a program that can “infect” legitimate programs by modifying them to include a possibly “evolved” copy of
itself.
 Viruses spread themselves, without the knowledge or permission of the users, to potentially large numbers of programs on many
machines.
 A computer virus passes from computer to computer in a similar manner as a biological virus passes from person to person.
 Viruses may also contain malicious instructions that may cause damage or annoyance; the combination of possibly Malicious
Code with the ability to spread is what makes viruses a considerable concern.
 Viruses can often spread without any readily visible symptoms.
 A virus can start on event-driven effects (e.g., triggered after a specific number of executions), time-driven effects (e.g., triggered
on a specific date, such as Friday the 13th) or can occur at random.

 Viruses can take some typical actions:

1. Display a message to prompt an action which may set of the 4. cause erratic screen behavior;
virus; 5. halt the system (PC);
2. delete files inside the system into which viruses enter; 6. just replicate themselves to propagate further harm.
3. scramble data on a hard disk;
Types of Virus
Virus and Worms
 Trojan Horse and Backdoors
 Trojan Horse is a program in which malicious or harmful code is contained inside apparently harmless programming or data in
such a way that it can get control and cause harm, for example, ruining the file allocation table on the hard disk.
 A Trojan Horse may get widely redistributed as part of a computer virus.
 The term Trojan Horse comes from Greek mythology about the Trojan War.
 Like Spyware and Adware, Trojans can get into the system in a number of ways, including from a web browser, via E-Mail.
 It is possible that one could be forced to reformat USB flash drive or other portable device to eliminate infection and avoid
transferring it to other machines.
 Unlike viruses or worms, Trojans do not replicate themselves but they can be equally destructive.
 On the surface, Trojans appear benign and harmless, but once the infected code is executed, Trojans kick in and perform
malicious functions to harm the computer system without the user’s knowledge.
 For example, waterfalls.scr is a waterfall screen saver as originally claimed by the author; however, it can be associated with
malware and become a Trojan to unload hidden programs and allow unauthorized access to the user’s PC.
 Possible Threats by Trojans
1. They erase, overwrite or corrupt data on a computer.
2. They help to spread other malware such as viruses (by a dropper Trojan).
3. They deactivate or interfere with antivirus and firewall programs.
4. They allow remote access to your computer (by a remote access Trojan).
5. They upload and download files without your knowledge.
6. They gather E-Mail addresses and use them for Spam.
7. They log keystrokes to steal information such as passwords and credit card numbers.
8. They copy fake links to false websites, display porno sites, play sounds/videos and display images.
9. They slow down, restart or shutdown the system.
10. They reinstall themselves after being disabled.
11. They disable the task manager.
12. They disable the control panel.
 Backdoors
 A backdoor is a means of access to a computer program that bypasses security mechanisms.
 A programmer may sometimes install a backdoor so that the program can be accessed for troubleshooting or other purposes.
 However, attackers often use backdoors that they detect or install themselves as part of an exploit.
 In some cases, a worm is designed to take advantage of a backdoor created by an earlier attack.
 A backdoor works in background and hides from the user.
 It is very similar to a virus and, therefore, is quite difficult to detect and completely disable.
 A backdoor is one of the most dangerous parasite, as it allows a malicious person to perform any possible action on a
compromised system.
 Functions of Backdoors
1. It allows an attacker to create, delete, rename, copy or edit any file, execute various commands; change any system settings;
alter the Windows registry; run, control and terminate applications; install arbitrary software and parasites.
2. It allows an attacker to control computer hardware devices, modify related settings, shutdown or restart a computer without
asking for user permission.
3. It steals sensitive personal information, valuable documents, passwords, login names, ID details; logs user activity and tracks
web browsing habits.
4. It records keystrokes that a user types on a computer’s keyboard and captures screenshots.
5. It sends all gathered data to a predefined E-Mail address, uploads it to a predetermined FTP server or transfers it through a
background Internet connection to a remote host.
6. It infects files, corrupts installed applications and damages the entire system.
Follow the following steps to protect your systems from Trojan Horses and backdoors:
1. Stay away from suspect websites/weblinks:
2. Surf on the Web cautiously:
3. Install antivirus/Trojan remover software
 Steganography
 Steganography is the practice of concealing (hiding) a file, message, image, or video within another file, message, image, or video. The
word steganography combines the Greek words steganos , meaning "covered, concealed, or protected", and graphein meaning
"writing".
 It is a method that attempts to hide the existence of a message or communication.
 Steganography is always misunderstood with cryptography
 The different names for steganography are data hiding, information hiding and digital watermarking.
 Steganography can be used to make a digital watermark to detect illegal copying of digital images. Thus, it aids confidentiality and
integrity of the data.
 Digital watermarking is the process of possibly irreversibly embedding information into a digital signal.
 The Digital signal may be, for example, audio, pictures or video.
 If the signal is copied then the information is also carried in the copy.
 In other words, when steganography is used to place a hidden “trademark” in images, music and software, the result is a technique
referred to as “watermarking”
 Steganalysis is the art and science of detecting messages that are hidden in images, audio/video files using steganography.
 The goal of steganalysis is to identify suspected packages and to determine whether or not they have a payload encoded into them, and if
possible recover it.
 Automated tools are used to detect such steganographed data/information hidden in the image and audio and/or video files.
Steganography
Denial of Service (DoS) Attacks
 Denial of Service (DoS) Attacks
 In this type of criminal act, the attacker floods the bandwidth of the victim’s network or fills his E-Mail box with Spam
mail depriving him of the services he is entitled to access or provide.
 The attackers typically target sites or services hosted on high-profile web servers such as banks, credit card payment
gateways, mobile phone networks and even root name servers.
 Buffer overflow technique is employed to commit such kind of criminal attack known as Spoofing.
 The term IP address Spoofing refers to the creation of IP packets with a forged (spoofed) source IP address with the
purpose of concealing the ID of the sender or impersonating another computing system.
 A packet is a formatted unit of data carried by a packet mode computer network.
 The attacker spoofs the IP address and floods the network of the victim with repeated requests.
 As the IP address is fake, the victim machine keeps waiting for response from the attacker’s machine for each request.
 This consumes the bandwidth of the network which then fails to serve the legitimate requests and ultimately breaks down.
 Classification of Denial of Service (DoS) Attacks

• Complete webpage appearing on the screen and system

Bandwidth attacks is awaiting user’s input.

• Exploit vulnerabilities in network software such as web

Logic attacks server or TCP/IP stack.

Protocol attacks • Rules that are to be followed to send data over network.

• Attack by a single individual or group of individuals, but

Unintentional attacks simply due to a sudden enormous spike in popularity.
 Levels of Denial of Service (DoS) Attacks

Flood attack • Simply sending the victim overwhelming number of ping packets, usually by using the “ping”
command, which result into more traffic than the victim can handle.

• Sends oversized Internet Control Message Protocol (ICMP) packets, and it is one of the core
Ping of death attack protocols of the IP Suite. It is mainly used by networked computers’ OSs to send error messages
indicating that a requested service is not available or that a host or router could not be reached.

• An attacker initiates a TCP connection to the server with an SYN. The server replies with an SYN-ACK.
SYN attack The client then does not send back an ACK, causing the server to allocate memory for the pending
connection and wait.

• Fragmented packets are forged to overlap each other when the receiving host tries to reassemble
Teardrop attack them. IP’s packet fragmentation algorithm is used to send corrupted packets to confuse the victim
and may hang the system.

Smurf attack • Floods a target system via spoofed broadcast ping messages. This attack consists of a host sending an
echo request (ping) to a network broadcast address.

Nuke • Old DoS attack against computer networks consisting of fragmented or invalid packets sent to the
target.
 Tools for Launching Denial of Service (DoS) Attacks

Jolt2 Nemesy Targa Crazy Pinger SomeTrouble

• Allows remote • Generates • Used to run • Send large • Remote flooder
attackers to random packets eight different packets of and bomber.
cause a DoS of spoofed DoS attacks. The ICMP(Internet
attack against source IP to attacker has the Control
Windows based enable the option to launch Message
machines – the attacker to either individual Protocol) to a
attack causes launch DoS attacks or try all remote target
the target attack. the attacks until network.
machine to one is
consume of the • successful.
CPU time
 Distributed Denial of Service (DDoS) Attacks
 In a DDoS attack, an attacker may use your computer to attack another
computer.
 By taking advantage of security vulnerabilities or weaknesses, an attacker
could take control of your computer.
 He/she could then force your computer to send huge amounts of data to a
website or send Spam to particular E-Mail addresses.
 The attack is “distributed” because the attacker is using multiple
computers, including yours, to launch the DoS attack.
 A DDoS attack is a distributed DoS wherein a large number of zombie
systems are synchronized to attack a particular system.
 The zombie systems are called “secondary victims” and the main target is
called “primary victim.”
 Malware can carry DDoS attack mechanisms – one of the better-known
examples of this is MyDoom.
 Botnet is the popular medium to launch DoS/DDoS attacks.
 Attackers can also break into systems using automated tools that exploit
flaws in programs that listen for connections from remote hosts.
 Protect from DoS /DDoS Attacks
1. Implement router filters. This will lessen your exposure to certain DoS attacks.
2. If such filters are available for your system, install patches to guard against TCP
SYN flooding.
3. Disable any unused or inessential network service.
4. Enable quota systems on your OS if they are available.
5. Observe your system’s performance and establish baselines for ordinary activity.
6. Routinely examine your physical security with regard to your current needs.
7. Use Tripwire or a similar tool to detect changes in configuration information or
other files.
8. Invest in and maintain “hot spares” – machines that can be placed into service
quickly if a similar machine is disabled.
9. Invest in redundant and fault-tolerant network configurations.
10. Establish and maintain regular backup schedules
11. Establish and maintain appropriate password policies
DoS and DDoS Attacks
 Attack on Wireless Networks
 Wireless networks extend the range of traditional
wired networks by using radio waves to transmit data
to wireless-enabled devices such as laptops and
PDAs.
 Wireless networks are generally composed of two
basic elements o access points (APs) and other
wireless-enabled devices, such as laptops radio
transmitters and receivers to communicate or
“connect” with each other.
 APs are connected through physical wiring to a
conventional network, and they broadcast signals
with which a wireless device can connect.
 Wireless access to networks has become very common
by now in India – for organizations and for
individuals.
 Important Components of Wireless Sensor Networks
802.11 Networking Standards

• Family of standards for wireless local area network

(WLAN), stating the specifications and/or
requirements for computer communication.

Access points

• Hardware device and/or software that act as a

central transmitter and receiver of WLAN radio
signals.
• AP acts as a communication hub for users to connect
with the wired LAN.

Wi-Fi Hotspots

• Hotspot is a site that offers the Internet access by

using Wi-Fi technology over a WLAN.
• Hotspots are found in public areas (such as coffee
shops, public libraries, hotels and restaurants) and
are commonly offered facility.
 Important Components of Wireless Sensor Networks
802.11 Networking Standards

• Family of standards for wireless local area network

(WLAN), stating the specifications and/or
requirements for computer communication.

Access points

• Hardware device and/or software that act as a

central transmitter and receiver of WLAN radio
signals.
• AP acts as a communication hub for users to connect
with the wired LAN.

Wi-Fi Hotspots

• Hotspot is a site that offers the Internet access by

using Wi-Fi technology over a WLAN.
• Hotspots are found in public areas (such as coffee
shops, public libraries, hotels and restaurants) and
are commonly offered facility.
 Types of Mobile Workers

Tethered/Remote • Considered to be an employee who generally remains at

a single point of work, but is remote to the central
worker company systems.

• An employee who works in an environment (e.g.,

Roaming user warehousing, shop floor, etc.) or in multiple areas (e.g.,
meeting rooms).

• Employees requiring solutions in semi-tethered

Nomad connected environments where modem use frequently.

Road warrior • Ultimate mobile user and spends little time in the office.