5.

CYBER SECURITY AND TYPES OF

CYBER ATTACK

Context: An Overview of Cyber Security:

With internet bandwidth becoming cheaper, and the usage of connected, smart
gadgets increasing exponentially, protecting ourselves online and keeping all data
safe and secure has become a priority. We are relying heavily on data, connected
systems and online ecosystems to live our daily lives. It has become ubiquitous,
and we cannot imagine living without connectivity and gadgets. Security threats
like denial of service, hacking into systems, data theft, identity theft are something
that we all have to safeguard against.
Cyber security is important because it protects all categories of data from theft and
damage. This includes sensitive data, personally identifiable information (PII),
protected health information (PHI), personal information, intellectual property,
data, and governmental and industry information systems.
This part helps us to understand what Cyber security means, and how it can be
implemented.

What is Cyber security?

Cyber security is the application of technologies, processes and controls to
protect systems, networks, programs, devices and data from cyber attacks.
It aims to reduce the risk of cyber attacks and protect against the unauthorised
exploitation of systems, networks and technologies.
Steps to Cyber security
5 types of Cyber Security

1. Critical infrastructure security:

Critical infrastructure security consists of the cyber-physical systems and
Common examples of critical infrastructure:
• electricity grid
• water purification
• traffic lights
• shopping centers
• hospitals
Having the infrastructure of an electricity grid on the internet makes it vulnerable to
cyber-attacks.
Organizations with responsibility for any critical infrastructures should perform
due diligence to understand the vulnerabilities and protect their business against
them. The security and resilience of this critical infrastructure is vital to our
society’s safety and well-being.
Organizations that are not responsible for critical infrastructure, but still rely on it
for a portion of their business, should develop a contingency plan by evaluating
how an attack on critical infrastructure they depend on might affect them.
2. Application security:
You should choose application security as one of the several must-have security
measures adopted to protect your systems. Application security uses software and
hardware methods to tackle external threats that can arise in the development
stage of an application.

Applications are much more accessible over networks, causing the adoption of
security measures during the development phase to be an imperative phase of
the project.
Types of application security:
• antivirus programs
• firewalls
• encryption programs
These help to ensure that unauthorized access is prevented. Companies can also
detect sensitive data assets and protect them through specific application security
processes attached to these data sets.

3. Network security:
As cyber security is concerned with outside threats, network security guards
against unauthorized intrusion of your internal networks due to malicious intent.
Network security ensures that internal networks are secure by protecting the
infrastructure and inhibiting access to it.
To help better manage network security monitoring, security teams are now using
machine learning to flag abnormal traffic and alert to threats in real time.
Network administrators continue to implement policies and procedures to
prevent unauthorized access, modification and exploitation of the network.
Common examples of network security implementation:
• extra logins
• new passwords
• application security
o antivirus programs
o antispyware software
o encryption
o firewalls
o Monitored internet access

4. Cloud security:
Improved cyber security is one of the main reasons why the cloud is taking over.
Cloud security is a software-based security tool that protects and monitors the
data in your cloud resources. Cloud providers are constantly creating and
implementing new security tools to help enterprise users better secure their data.
Cloud computing security is similar to traditional on-premise data centers, only
without the time and costs of maintaining huge data facilities, and the risk of
security breaches is minimal.

5 Internet of things (IoT) security

IoT refers to a wide variety of critical and non-critical cyber physical systems, like
appliances, sensors, televisions, wifi routers, printers, and security cameras.
According to Bain & Company’s prediction…
• The combined markets of IoT will grow to about $520 billion in 2021;
• More than double the $235 billion spent in 2017.
IoT devices are frequently sent in a vulnerable state and offer little to no security
patching. This poses unique security challenges for all users.
5 Essential elements of Cyber Security
Effective cyber security risk management must include the following five elements.
An Effective Framework – A framework must be adopted, adjusted, and fine-
tuned to an organization’s particular circumstances and the type of data being
protected. Executives need to establish proper governance that applies to all of
the organization’s resources – its people, processes, and technology. Choosing
and implementing an appropriate framework is an essential first step to building a
cyber security risk management program.
End-to-End Scope – A cyber security program must be comprehensive in order to
be successful – that is, address all data in the organization that needs to be
protected. To be effective, a cyber security program must keep all of the critical
elements of the organization that need to be protected in its scope.
Thorough Risk Assessment and Threat Modeling – Identifying the risks and the
likelihood of an array of threats and the damage they could do is a critical step to
prioritize cyber security threats. In prioritizing, the cyber security team should
consider the organization’s data from an outside perspective, in other words
identify which data is likely to be valuable from a hacker’s point of view. This
perspective will help the team develop an effective cyber security strategy to help
prevent likely attacks.
Proactive Incident Response Planning – Acknowledging that any system’s security
might be breached eventually, many organizations have adopted incident
response plans. Taking a proactive approach to incident response planning means
testing the plan, identifying how to improve its effectiveness, making those
improvements, and ensuring that personnel are trained and prepared to react to
a security breach and limit its damage.
Dedicated Cyber security Resources – The last, but not least, critical element is
personnel who are dedicated to managing the organization’s cyber security. In
order to establish an effective cyber security risk management program, it is
essential that the roles and responsibilities for the governance of the chosen
framework be clearly defined.
8 components of a strong Cyber Security Defense System
Future of Cyber Security: Threats, Tools and Technology
Threats to Cyber Security
Tools for Cyber Security
Password Managers : The need to keep private digital information protected is
highlighted by the prevalence of growing cyber attacks. Password managers are
being used to keep track of and generate secure passwords. The user has to only
remember one password, that of the password manager.

Password managers like Lastpass,Dashlane, Sticky Password and KeepassX can be used.

Virtual Private Network (VPN): A VPN connection establishes a secure

connection between you and the internet. Via the VPN, all your data traffic is
routed through an encrypted virtual tunnel. This disguises your IP address when
you use the internet, making its location invisible to everyone. You can still access
all online services using the VPN.

VPNs offer the best protection available when it comes to your online security.
Therefore, you should leave your VPN on at all times to protect from data leaks
and cyberattacks.

Blockchain Technology : Blockchain technology, a decentralized distributed ledger

of transactions, offers the next level of cyber security.
Common Types of Cyber Attacks
A cyber attack is when an individual or an organization deliberately and
maliciously attempts to breach the information system of another individual
or organization. While there is usually an economic goal, some recent attacks
show destruction of data as a goal.
Malicious actors often look for ransom, or other kinds of economic gain, but
attacks can be perpetrated with an array of motives, including political
activism purposes.
1. Malware
The term “malware” encompasses various types of attacks including spyware,
viruses, and worms. Malware uses a vulnerability to breach a network when a
user clicks a “planted” dangerous link or email attachment, which is used to install
malicious software inside the system.
Malware and malicious files inside a computer system can:
• Deny access to the critical components of the network
• Obtain information by retrieving data from the hard drive
• Disrupt the system or even rendering it inoperable
Malware is so common that there is a large variety of modus operandi. The most
common types being:
• Viruses—these infect applications attaching themselves to the initialization
sequence. The virus replicates itself, infecting other code in the computer
system. Viruses can also attach themselves to executable code or associate
themselves with a file by creating a virus file withthe same name but with
an .exe extension, thus creating a decoy which carries the virus.
• Trojans—a program hiding inside a useful program with malicious
purposes. Unlike viruses, a trojan doesn’t replicate itself and it is commonly
used to establish a backdoor to be exploited by attackers.
• Worms—unlike viruses, they don’t attack the host, being self-contained
programs that propagate across networks and computers. Worms are often
installed through email attachments, sending a copy of themselves to every
contact in the infected computer email list. They are commonly used to
overload an email server and achieve a denial-of-service attack.
• Ransomware—a type of malware that denies access to the victim data,
threatening to publish or delete it unless a ransom is paid. Advanced
ransomware uses cryptoviral extortion, encrypting the victim’s data so that
it is impossible to decrypt without the decryption key.
 • Spyware—a type of program installed to collect information about users,
their systems or browsing habits, sending the data to a remote user. The
attacker can then use the information for blackmailing purposes or
download and install other malicious programs from the web.
2. Phishing

Phishing attacks are extremely common and involve sending mass amounts of
fraudulent emails to unsuspecting users, disguised as coming from a reliable
source. The fraudulent emails often have the appearance of being legit, but link
the recipient to a malicious file or script designed to grant attackers access to
your device to control it or gather recon, install malicious scripts/files, or to
extract data such as user information, financial info, and more.
Phishing attacks can also take place via social networks and other online
communities, via direct messages from other users with a hidden intent. Phishers
often leverage social engineering and other public information sources to collect
info about your work, interests, and activities—giving attackers an edge in
convincing you they’re not who they say.
There are several different types of phishing attacks, including:
• Spear Phishing—targeted attacks directed at specific companies and/or
individuals.
• Whaling—attacks targeting senior executives and stakeholders within an
organization.
• Pharming—leverages DNS cache poisoning to capture user credentials
through a fake login landing page.
Phishing attacks can also take place via phone call (voice phishing) and via text message
(SMS phishing).
3. Man-in-the-Middle (MitM) Attacks

Occurs when an attacker intercepts a two-party transaction, inserting themselves

in the middle. From there, cyber attackers can steal and manipulate data by
interrupting traffic.
This type of attack usually exploits security vulnerabilities in a network, such as an
unsecured public WiFi, to insert themselves between a visitor’s device and the
network. The problem with this kind of attack is that it is very difficult to detect,
as the victim thinks the information is going to a legitimate destination. Phishing
or malware attacks are often leveraged to carry out a MitM attack.
4. Denial-of-Service (DOS) Attack

DOS attacks work by flooding systems, servers, and/or networks with traffic to
overload resources and bandwidth. This result is rendering the system unable to
process and fulfill legitimate requests. In addition to denial-of-service (DoS)
attacks, there are also distributed denial-of-service (DDoS) attacks.
DoS attacks saturate a system’s resources with the goal of impeding response to
service requests. On the other hand, a DDoS attack is launched from several
infected host machines with the goal of achieving service denial and taking a
system offline, thus paving the way for another attack to enter the
network/environment.
The most common types of DoS and DDoS attacks are the TCP SYN flood attack,
teardrop attack, smurf attack, ping-of-death attack, and botnets.
5. SQL Injections

This occurs when an attacker inserts malicious code into a server using server query
language (SQL) forcing the server to deliver protected information. This type of
attack usually involves submitting malicious code into an unprotected website
comment or search box. Secure coding practices such as using prepared
statements with parameterized queries is an effective way to prevent SQL
injections.
When a SQL command uses a parameter instead of inserting the values directly, it
can allow the backend to run malicious queries. Moreover, the SQL interpreter
uses the parameter only as data, without executing it as a code. Learn more about
how secure coding practices can prevent SQL injection here.
6. Zero-day Exploit

A Zero-day Exploit refers to exploiting a network vulnerability when it is new and

recently announced — before a patch is released and/or implemented. Zero-day
attackers jump at the disclosed vulnerability in the small window of time where
no solution/preventative measures exist. Thus, preventing zero-day attacks
requires constant monitoring, proactive detection, and agile threat management
practices.
7. Password Attack

Passwords are the most widespread method of authenticating access to a secure

information system, making them an attractive target for cyber attackers. By
accessing a person’s password, an attacker can gain entry to confidential or
critical data and systems, including the ability to maniuplate and control said
data/systems.
Password attackers use a myriad of methods to identify an individual password,
including using social engineering, gaining access to a password database, testing
the network connection to obtain unencrypted passwords, or simply by guessing.
The last method mentioned is executed in a systematic manner known as a
“brute-force attack.” A brute- force attack employs a program to try all the
possible variants and combinations of information toguess the password.
Another common method is the dictionary attack, when the attacker uses a list
of common passwords to attempt to gain access to a user’s computer and
network. Account lockout best practices and two- factor authentication are very
useful at preventing a password attack. Account lockout features can freeze the
account out after a number of invalid password attempts and two-factor
authentication adds an additional layer of security, requiring the user logging in to
enter a secondary code only available on their 2FA device(s).
8. Cross-site Scripting

A cross-site scripting attack sends malicious scripts into content from reliable
websites. The malicious code joins the dynamic content that is sent to the victim’s
browser. Usually, this malicious code consists of Javascript code executed by the
victim’s browser, but can include Flash, HTML and XSS.
9. Rootkits

Rootkits are installed inside legitimate software, where they can gain remote
control and administration- level access over a system. The attacker then uses the
rootkit to steal passwords, keys, credentials, and retrieve critical data.
Since rootkits hide in legitimate software, once you allow the program to make
changes in your OS, the rootkit installs itself in the system (host, computer,
server, etc.) and remains dormant until the attacker activates it or it’s triggered
through a persistence mechanism. Rootkits are commonly spread through email
attachments and downloads from insecure websites.
10. Internet of Things (IoT) Attacks

While internet connectivity across almost every imaginable device creates

convenience and ease for individuals, it also presents a growing—almost
unlimited—number of access points for attackers to exploit and wreak havoc. The
interconnectedness of things makes it possible for attackers to breach an entry
point and use it as a gate to exploit other devices in the network.
IoT attacks are becoming more popular due to the rapid growth of IoT devices and
(in general) low priority given to embedded security in these devices and their
operating systems. In one IoT attack case, a Vegas casino was attacked and the
hacker gained entry via an internet-connected thermometer inside one of the
casino’s fishtanks.
Best practices to help prevent an IoT attack include updating the OS and keeping a
strong password for every IoT device on your network, and changing passwords
often.
Tips to avoid Cyber Attacks:
1. Train employees in cyber security principles

2. Install, use and regularly update antivirus and anti-spyware software on every
computer
3. Use a firewall for Internet connection
4. Download and install software for operating systems and applications as they
become available
5. Make backup copies of important business data and information
6. Control physical access to your computers and network components
7. Secure the Wi-Fi network
8. Require individual user accounts for each employee
9. Limit employee access to data and information, and limit authority to install
software
10. Regularly change passwords

Preventing Cyber Attacks on your Company:

1. Identify the Threats

Basic threats like unauthorized access to your computer should be tackled

immediately before you suffer any loss of information. Most companies contain
very sensitive information which, if leaked, could be ruinous for the company.
Hackers are always looking for opportunities to invade privacy and steal data
that’s of crucial importance. Identify and deal with potential threats to your
business before they cause harm.
2. Beware of Cybercrimes

Always be wary of cybercriminals, work like you expect an attack. This will allow
you to ensure that your corporation is covered at all times with the necessary
strategies and plans. Always keep records of which information is attractive for
criminals and which is not. In addition to this, develop multiple strategies with
proper risk assessments on a regular basis to ensure effective solutions should the
need arise.

3. Keep an Eye on Employees

Employees are one of the key elements of the company because they have
insights of the business and are privy to the operations. Keep employees
motivated and discourage them from leaking out crucial information, try to
make them more loyal to the company. In addition to this, keep a backup of all
the messages that are exchanged between employees. Check on how they use
passwords and keep these passwords safe from unauthorized personnel. You
can use a Password Manager for generating and managing the passwords of
your company.

4. Use Two-Factor Authentication

You can minimize the risk of getting hacked by using a two-factor authentication
for your company. Encourage all employees to use two-factor authentication as
it increases security by adding an additional step for accessing accounts. In this
particular system, you have to enter a password plus you have to enter a code
which is sent to your smartphone, something that only you have access to. This
double authentication allows you to protect your data and discourages hackers
from attacking.
5. Conduct Audits on a Regular Basis
When your company starts to grow, you eventually reach a point where you
cannot compromise the security of your data and have to minimize the risk of
getting hacked. For this specific purpose, you can have an audit performed by
cyber security consultants who are experts at protecting your data. In addition to
this, you can hire a full-time security officer who will be responsible for handling
all security- related problems and ensure the safety of your business.

6. Ensure a Strong Sign-Off Policy

In order to keep your company safe and secure from online threats, you need to
develop and implement a strong sign-off policy for all employees. This sign-off
policy should ensure that the employees return laptops and mobile devices
before they leave the premises. In addition to this, the email address that you use
must be encrypted so information doesn’t leak and data remains confidential.

7. Protect the Important Data

Always protect the most sensitive information of your company. Data which is
vulnerable and can be targeted by hackers should be protected first. Keep a
check on how this crucial data storage is being accessed by staff and make sure
that it cannot be accessed by anyone without authorization. Double check the
procedures that you use to lock the data to ensure that it is safe and out of
reach from intruders.

8. Carry Out Risk Assessments

Conduct cyber security risk assessments on a regular basis in order to mitigate the
risks. There should be a separate department in your company that is dedicated to
minimizing the risk of data loss. Risk Management is one of the key factors that
contribute towards the growth of your company as it keeps the business safe
from getting exposed to competitors who are always looking for insights. You can
also hire a professional like a Cybercrime Consultant or Risk Mitigation Specialist,
these are experts at protecting your company against threats and are known for
producing positive results for your
business.

9. Insure Your Company Against Cybercrime

There are many companies that offer insurance policies against cybercrimes and
attackers. This can prove to be a good investment for your company as it covers
all the risks and threats that arise because of hackers and viruses. Moreover, by
covering your company for cybercrime, you will also have an idea about the
damages that you can suffer and have an estimate of the level of the risk that
your company is involved in.

10. Have In-Depth Knowledge About Risk Factors

Get knowledge about the risks involved in your business, the better security
measures you will be able to take for your company. Plan systematic audits for
your company in order to keep your company clean from all sorts of viruses and
build a detailed overview of the rules and regulations that all employees have to
follow to ensure the safety of the business. After compiling the results of the
audits, develop and implement security strategies accordingly in order to reduce
the risks that you have identified
Lab Session

Exercises to assess understanding of the concepts

1. You have CCTV cameras installed in your home. You are able to remotely
monitor the CCTV footage on your mobile from anywhere. Do you think
your CCTV footage can be intercepted and viewed by hackers?
2. You use your mobile to pay for services online through internet banking or
using debit card. You do not have any antivirus program installed on your
mobile. Do you think it is possible for hackers to get access to your
password/CVV without you sharing the info?

Practical Assignments using common tools

1. Find out which are the most popular free antivirus apps and VPN apps
available for your mobile. Compare any two of each.
2. Install any free antivirus app on your mobile and note the features of the app.
3. Install any free VPN app on your mobile, and visit your favourite
(regularly visited) websites. Note down any difference in the experience
before and after installing the VPN app.
Note: The trainer is instructed to encourage the students to work in groups of 02-
03 and discuss the above exercises before submitting the same

Frequently Asked Questions

What is Cyber Security?

Cybersecurity refers to the specialization of computer network security that
consists of technologies, policies, and procedures that protect networked
computer systems from unauthorized use or harm.

Why do we need Cyber Security?

The increasing reliance of our information-age economies and governments on
cyber (computer-based) infrastructure makes them progressively more vulnerable
to cyber attacks on our computer systems, networks, and data.
In their most disruptive form, cyber attacks target the enterprise, government,
military, or other infrastructural assets of a nation or its citizens.
Both the volume and sophistication of cyber threats (cyber warfare, cyber
terrorism, cyber espionage and malicious hacking) are increasing, and pose potent
threats to our enterprise, government, military, or other infrastructural assets.
What is a Cyber Attack?
An offensive action by a malicious actor that is intended to undermine the
functions of networked computers and their related resources, including
unauthorized access, unapproved changes, and malicious destruction. Examples
of cyber attacks include Distributed Denial of Service (DDoS) and Man- in-the-
Middle (MITM) attacks.

What are the differences among the terms cyber attack, cyber threat & cyber
risk?
The terms cyber attack, cyber threat, and cyber risk are interrelated as follows. A
cyber attack is an offensive action, whereas a cyber threat is the possibility that
a particular attack may occur, and the
cyber risk associated with the subject threat estimates the probability of potential losses
that may result.
For example, a Distributed Denial of Service (DDoS) cyber attack by a botnet is a
cyber threat for many enterprises with online retail websites, where the
associated cyber risk is a function of lost revenues due to website downtime and
the probability that a DDoS cyber attack will occur

What is malware?
Malware is an umbrella term derived from "malicious software", and refers to any
software that is intrusive (unauthorized access), disruptive, or destructive to
computer systems and networks. Malware may take many forms (executable
code, data files) and includes, but is not limited to, computer viruses, worms,
trojan horses (trojans), bots (botnets), spyware (system monitors, adware,
tracking cookies), rogueware (scareware, ransomware), and other malicious
programs. The majority of active malware threats are usually worms or trojans
rather than viruses

What is cyber hygiene?

Cyber is a colloquial term that refers to best practices and other activities that
computer system administrators and users can undertake to improve their cyber
security while engaging in common online activities, such as web browsing,
emailing, texting, etc

What is cyberspace?
Cyberspace is the virtual environment that consists of computer systems and
networks, where all computers communicate via networks and all networks are
connected. The term originated in science fiction during the 1980s and became
popular during the 1990s. More recently computer vendors are attempting to
brand cyberspace as the "Internet of Things" (IoT).

What is a firewall?
A firewall is a network security system that monitors incoming and outgoing
network message traffic and prevents the transmission of malicious messages
based on an updatable rule set. In effect, a firewall establishes a barrier between a
trusted, secure internal network and external networks (e.g., the Internet) that are
assumed to be untrustworthy and non-secure. Firewalls can be implemented
assoftware that runs on general-purpose hardware (e.g., an open source firewall
on a Windows PC or Mac OS X computer) or a dedicated hardware device
(appliance).
How does a firewall work?
Firewalls function as a filter between a trusted, secure internal network and
external networks (e.g., the Internet) that are assumed to be untrustworthy and
non-secure. The firewall filter may be flexibly programmed to control what
information packets are allowed and blocked.

What is anti-virus software?

Anti-virus software, also known as, anti-malware software, is computer software
used to scan files to identify and eliminate malicious software (malware).
Although anti-virus software was originally developed to detect and remove
computer viruses (hence its name), it has been broadened in scope to detect
other malware, such as worms, Trojan horses, adware, spyware, ransom-ware,
etc.

How does anti-virus software work?

Anti-virus software typically uses two different techniques to identify and eliminate
malware:
• Virus dictionary approach: The anti-virus software scans a file while
referring to a dictionary of known virus signatures that have been
previously identified. If a code segment in the filematches any virus
signature in the virus dictionary, then the anti-virus software performs one
or more of the following operations: deletes the file; quarantines the file so
that it is unable to spread; or attempts to repair the file by removing the
virus from the file.
 • Suspicious behaviour approach: The anti-virus software
monitors the behaviour of all programs, flagging
suspicious behaviour, such as one executing program
attempting to write date to another executable program.
The user is alerted to all suspicious behaviour, and is
queried regarding how the suspicious behaviour should be
handled.

What is a Unified Threat Management (UTM) system and how

does it work?
A Unified Threat Management (UTM) provides multiple security
services in a single device or service on a network. UTM security
services can include, but are not limited to:
1. scanning incoming date using Deep Packet Inspection (DPI)
to secures the network from viruses and other malware;
2. filtering website URLs to prevent access to malicious websites;
3. ensuring operating systems, applications, and Anti-Virus
software are updated automatically with the latest patches
and security updates

What is the relation between cybersecurity and cryptography?

Cyber security defenses are typically based on strong
authentication and encryption techniques(cryptography
techniques), cryptography is a key enabling technology for
cybersecurity. In other words, cryptography helps to implement
cyber security.