Unit one

Cyber Security, Threat and Cyber Attacks

Cyber Security
Cyber security is the most concerned matter as cyber threats and attacks are overgrowing.
Attackers are now using more sophisticated techniques to target the systems. Individuals,
small-scale businesses or large organization, are all being impacted. So, all these firms
whether IT or non-IT firms have understood the importance of Cyber Security and focusing
on adopting all possible measures to deal with cyber threats.

Cyber security is primarily about people, processes, and technologies working together to
encompass the full range of threat reduction, vulnerability reduction, deterrence,
international engagement, incident response, resiliency, and recovery policies and activities,
including computer network operations, information assurance, law enforcement, etc."

OR

Cyber security is the body of technologies, processes, and practices designed to protect
networks, computers, programs and data from attack, damage or unauthorized access. The
term cyber security refers to techniques and practices designed to protect digital data,
the data that is stored, transmitted or used on an information system.

OR

Cyber security is the protection of Internet-connected systems, including hardware,

software, and data from cyber-attacks. It is made up of two words one is cyber and other is
security. • Cyber is related to the technology which contains systems, network and programs
or data. • Whereas security related to the protection which includes systems security,
network security and application and information security.

Important of cyber security

Listed below are the reasons why cyber security is so important in what’s become a
predominant digital world:

 Cyber-attacks can be extremely expensive for businesses to endure.

 In addition to financial damage suffered by the business, a data breach can also inflict
untold reputational damage.

 Cyber-attacks these days are becoming progressively destructive. Cybercriminals are

using more sophisticated ways to initiate cyber-attacks.
Because of the above reasons, cyber security has become an important part of the business
and the focus now is on developing appropriate response plans that minimize the damage in
the event of a cyber-attack. But, an organization or an individual can develop a proper
response plan only when he has a good grip on cyber security fundamentals.

Cyber-Attack

A cyber-attack is an exploitation of computer systems and networks. It uses malicious code

to alter computer code, logic or data and lead to cybercrimes, such as information and
identity theft. Cyber-attacks can be classified into the following categories:
i. Web-based attacks
ii. System-based attacks
Web-based attacks: These are the attacks which occur on a website or web applications.
Some of the important web-based attacks are as follows

 Injection attacks: It is the attack in which some data will be injected into a web
application to manipulate the application and fetch the required information. In an
Injection attack, an attacker supplies untrusted input to a program, this input gets
processed by an interpreter as part of a command or query which in turn alters the
execution of that program. Example- SQL Injection, code Injection, log Injection, XML
Injection etc.

 DNS Spoofing: This is a type of computer security hacking. Whereby a data is

introduced into a DNS resolver's cache causing the name server to return an incorrect
IP address, diverting traffic to the attacker’s computer or any other computer. In this
attack altered DNS records are used to redirect online traffic to a fraudulent website
that resembles its intended destination.

The DNS spoofing attacks can go on for a long period of time without being detected
and can cause serious security issues.

 Session Hijacking: It is a security attack on a user session over a protected network. In

this attack a user in a session can be hijacked by an attacker and lose control of the
session altogether, where their personal data can easily be stolen.

After a user starts a session such as logging into a banking website, an attacker can
hijack it.Web applications create cookies to store the state and user sessions. By stealing
the cookies, an attacker can have access to all of the user data.

 Phishing: Phishing is a type of attack which attempts to steal sensitive information like
user login credentials and credit card number. It occurs when an attacker is
 masquerading as a trustworthy entity, dupes a victim into opening an email, instant
message or text message.

 Brute force: It is a type of attack which uses a trial and error method to guess login
info, encryption keys, or find a hidden web page. This attack generates a large number
of guesses and validates them to obtain actual data like user password and personal
identification number. This attack may be used by criminals to crack encrypted data, or
by security, analysts to test an organization's network security.

 Denial of Service: It is an attack which meant to make a server or network resource

unavailable to the users. It accomplishes this by flooding the target with traffic or
sending it information that triggers a crash. It uses the single system and single
internet connection to attack a server.

It can be classified into the following; Volume-based attacks, Protocol attacks and
Application layer attacks

 Dictionary attacks: This type of attack stored the list of a commonly used password and
validated them to get original password.

 URL Interpretation: It is a type of attack where we can change the certain parts of a
URL, and one can make a web server to deliver web pages for which he is not authorized
to browse.

 File Inclusion attacks: It is a type of attack that allows an attacker to access

unauthorized or essential files which is available on the web server or to execute
malicious files on the web server by making use of the include functionality.

 Man in the middle attacks: It is a type of attack that allows an attacker to intercepts
the connection between client and server and acts as a bridge between them. Due to this,
an attacker will be able to read, insert and modify the data in the intercepted
connection.

System-based attacks

These are the attacks which are intended to compromise a computer or a computer network.
Some of the important system-based attacks are as follows:

 Virus: It is a type of malicious software program that spread throughout the computer
files without the knowledge of a user. It is a self-replicating malicious computer program
that replicates by inserting copies of itself into other computer programs when executed.
It can also execute instructions that cause harm to the system.
 Worm: It is a type of malware whose primary function is to replicate itself to spread to
uninfected computers. It works same as the computer virus. Worms often originate from
email attachments that appear to be from trusted senders.

 Trojan horse: It is a malicious program that occurs unexpected changes to computer

setting and unusual activity, even when the computer should be idle. It misleads the user
of its true intent. It appears to be a normal application but when opened/executed some
malicious code will run in the background.

 Backdoors: It is a method that bypasses the normal authentication process. A developer

may create a backdoor so that an application or operating system can be accessed for
troubleshooting or other purposes.

 Bots: A bot (short for "robot") is an automated process that interacts with other
network services. Some bots program run automatically, while others only execute
commands when they receive specific input. Common examples of bots program are the
crawler, chatroom bots, and malicious bots.

Seven Layers of Cyber Security

The 7 layers of cyber security should center on the mission critical assets you are seeking to
protect.

1. Mission Critical Assets: This is the data you need to protect, critical assets can include
patents/copyrights, corporate financial data, customer sales information, human
resource information and internal manufacturing processes.

2. Data Security: Data security controls protect the storage and transfer of data.

3. Application Security: Applications security controls protect access to an application, an

application’s access to your mission critical assets, and the internal security of the
application.

4. Endpoint Security:Endpoint security controls protect the connection between devices

and the network.

5. Network Security: Network security controls protect an organization’s network and

prevent unauthorized access of the network.

6. Perimeter Security:Perimeter security controls include both the physical and digital
security methodologies that protect the business overall.

7. The Human Layer: Humans are the weakest link in any cyber security posture. Human
 security controls include phishing simulations and access management controls that
protect mission critical assets from a wide variety of human threats, including cyber
criminals, malicious insiders, and negligent users.

Security Vulnerabilities, Threats, Attacks and assets

As the recent epidemic of data breaches illustrates, no system is immune to attacks. Any
company that manages, transmits, stores, or otherwise handles data has to institute and
enforce mechanisms to monitor their cyber environment, identify vulnerabilities, and close
up security holes as quickly as possible. Before identifying specific dangers to modern data
systems, it is crucial to understand the distinction between cyber threats and
vulnerabilities.

Cyber threats are security incidents or circumstances with the potential to have a negative
outcome for your network or other data management systems.

Threat is any incident that could negatively affect an asset – for example, if it’s lost,
knocked offline or accessed by an unauthorized party.

Threats can be categorized as circumstances that compromise the confidentiality, integrity

or availability of an asset, and can either be intentional or accidental. Intentional threats
include things such as criminal hacking or a malicious insider stealing information, whereas
accidental threats generally involve employee error, a technical malfunction or an event
that causes physical damage, such as a fire or natural disaster.

Examples of common types of security threats include phishing attacks that result in the
installation of malware that infects your data, failure of a staff member to follow data
protection protocols that cause a data breach, or even a tornado that takes down your
company’s data headquarters, disrupting access. Vulnerabilities are the gaps or weaknesses
in a system that make threats possible and tempt threat actors to exploit them. Types of
vulnerabilities in network security include but are not limited to SQL injections, server
misconfigurations, cross-site scripting, and transmitting sensitive data in a non-encrypted
plain text format. When threat probability is multiplied by the potential loss that may result,
cyber security experts, refer to this as a risk.

Categories of vulnerabilities

 Corrupted (Loss of integrity)

 Leaky (Loss of confidentiality)

 Unavailable or very slow (Loss of availability)

Threats represent potential security harm to an asset when vulnerabilities are exploited

Attacks are threats that have been carried out

Types of attacks:

 Passive Attack – Make use of information from the system without affecting system
resources

 Active – Alter system resources or affect operation

 Insider – Initiated by an entity inside the organization

 Outsider – Initiated from outside the perimeter

Computer criminals

Computer Criminals are criminals who uses computer as an instrument to further illegal
ends, such as committing fraud, trafficking in child pornography and intellectual property,
stealing identities, or violating privacy.
Computer criminals have access to enormous amounts of hardware, software, and data; they
have the potential to cripple much of effective business and government throughout the
world. In a sense, the purpose of computer security is to prevent these criminals from doing
damage. We say computer crime is any crime involving a computer or aided by the use of one.
Although this definition is admittedly broad, it allows us to consider ways to protect
ourselves, our businesses, and our communities against those who use computers maliciously.
One approach to prevention or moderation is to understand who commits these crimes and
why. Many studies have attempted to determine the characteristics of computer criminals.
By studying those who have already used computers to commit crimes, we may be able in the
future to spot likely criminals and prevent the crimes from occurring.

CIA Triad

The CIA Triad is actually a security model that has been developed to help people think
about various parts of computer security against cybercrimes.

CIA triad broken down:

Confidentiality

Keeping data secure

It's crucial in today's world for people to protect their sensitive, private information from
unauthorized access. At its core, the tenet of confidentiality is about keeping what needs to
be private, private. Government regulation, industry compliance requirements, expectations
from business partners and your company’s own business priorities all play a role in defining
what data needs to be kept confidential. Protecting confidentiality is dependent on being
able to define and enforce certain access levels for information.

In some cases, doing this involves separating information into various collections that are
organized by that needs access to the information and how sensitive that information
actually is - i.e. the amount of damage suffered if the confidentiality was breached.

Integrity

Data integrity is what the "I" in CIA Triad stands for.

Integrity focuses on keeping data clean and untainted, both when it’s uploaded and when
it’s stored. This means making sure only those who are allowed to modify it, modify it.

This is an essential component of the CIA Triad and designed to protect data from deletion
or modification from any unauthorized party, and it ensures that when an authorized person
makes a change that should not have been made the damage can be reversed.

Availability

Keeping data accessible when required.

This is the final component of the CIA Triad and refers to the actual availability of your
data. Authentication mechanisms, access channels and systems all have to work properly for
the information they protect and ensure it's available when it is needed. Availability
essentially means that when an authorized user needs to access data or information, they
can. It can sometimes be confused with or even seem to contradict confidentially.

Motive of Cyber criminals (Attackers)

The categories of cyber-attackers enable us to better understand the attackers'

motivations and the actions they take. As shown in Figure, operational cyber security risks
arise from three types of actions:

i) Inadvertent actions (generally by insiders) that are taken without malicious or

harmful intent.

ii) deliberate actions (by insiders or outsiders) that are taken intentionally and are
meant to do harm; and
iii) inaction (generally by insiders), such as a failure to act in a given situation, either
because of a lack of appropriate skills, knowledge, guidance, or availability of the
correct person to take action Of primary concern here are deliberate actions, of which
there are three categories of motivation.

1. Political motivations: examples include destroying, disrupting, or taking control of

targets; espionage; and making political statements, protests, or retaliatory actions.

2. Economic motivations: examples include theft of intellectual property or other

economically valuable assets (e.g., funds, credit card information); fraud; industrial
espionage and sabotage; and blackmail.

3. Socio-cultural motivations: examples include attacks with philosophical, theological,

political, and even humanitarian goals. Socio-cultural motivations also include fun,
curiosity, and a desire for publicity or ego gratification.

Cyber Attacker
Actions

Inadvertent Deliberate Inaction

Types of cyber-attacker actions and their motivations when deliberate

Active attacks Political Economical Social-Cultural

An active attack is a network exploit in which a hacker attempts to make changes to data on
the target or data en route to the target.
Types of Active attacks:

Masquerade: In this attack, the intruder pretends to be a particular user of a system to

gain access or to gain greater privileges than they are authorized for. A masquerade may
be attempted through the use of stolen login IDs and passwords, through finding security
gaps in programs or through bypassing the authentication mechanism.

Session replay: In this type of attack, a hacker steals an authorized user’s log in
information by stealing the session ID. The intruder gains access and the ability to do
anything the authorized user can do on the website.

Message modification: In this attack, an intruder alters packet header addresses to direct
a message to a different destination or modify the data on a target machine.

Denial of service (DoS) attack: Users are deprived of access to a network or web resource.
This is generally accomplished by overwhelming the target with more traffic than it can
handle.

Passive Attacks
Passive attacks are relatively scarce from a classification perspective, but can be carried
out with relative ease, particularly if the traffic is not encrypted.

Types of Passive attacks:

Eavesdropping (tapping): The attacker simply listens to messages exchanged by two

entities. For the attack to be useful, the traffic must not be encrypted. Any unencrypted
information, such as a password sent in response to an HTTP request, may be retrieved by
the attacker.

Traffic analysis: the attacker looks at the metadata transmitted in traffic in order to
deduce information relating to the exchange and the participating entities, e.g. the form of
the exchanged traffic (rate, duration, etc.). In the cases where encrypted data are used,
traffic analysis can also lead to attacks by cryptanalysis, whereby the attacker may obtain
information or succeed in unencrypting the traffic.

Software Attacks: Malicious code (sometimes called malware) is a type of software

designed to take over or damage a computer user's operating system, without the user's
knowledge or approval. It can be very difficult to remove and very damaging. Common
malware examples are listed in the following table:

Attack Characteristics
Virus A virus is a program that attempts to damage a computer system and
replicate itself to other computer systems.
A virus:
 Requires a host to replicate and usually attaches itself to a
host file or a hard drive sector.
 Replicates each time the host is used.
 Often focuses on destruction or corruption of data.
 Usually attaches to files with execution capabilities such as
 .doc, .exe, and .bat extensions.
 Often distributes via e-mail. Many viruses can e-mail
themselves to everyone in your address book.
 Examples: Stoned, Michelangelo, Melissa, I Love You.
Worm A worm is a self-replicating program that can be designed to do any
number of things, such as delete files or send documents via e-mail. A
worm can negatively impact network traffic just in the process of
replicating itself. A worm:
 Can install a backdoor in the infected computer.
 Is usually introduced into the system through vulnerability.
 Infects one system and spreads to other systems on the
network.
 Example: Code Red.
Trojan horse A Trojan horse is a malicious program that is disguised as legitimate
software. Discretionary environments are often more vulnerable and
susceptible to Trojan horse attacks because security is user focused
and user directed. Thus the compromise of a user account could lead to
the compromise of the entire environment. A Trojan horse:
 Cannot replicate itself.
 Often contains spying functions (such as a packet sniffer) or
backdoor functions that allow a computer to be remotely
controlled from the network.
 Often is hidden in useful software such as screen savers or
games. Example: Back Orifice, Net Bus, Whack-a-Mole.
Logic Bomb A Logic Bomb is malware that lies dormant until triggered. A logic
bomb is a specific example of an asynchronous attack.
 A trigger activity may be a specific date and time, the
launching of a specific program, or the processing of a specific
type of activity.
 Logic bombs do not self-replicate.
Hardware Attacks

Common hardware attacks include:

 Manufacturing backdoors, for malware or other penetrative purposes; backdoors aren’t

limited to software and hardware, but they also affect embedded radio-frequency
identification (RFID) chips and memory
 Eavesdropping by gaining access to protected memory without opening other hardware •
Inducing faults, causing the interruption of normal behavior • Hardware modification
tampering with invasive operations

 Backdoor creation; the presence of hidden methods for bypassing normal computer
authentication systems

 Counterfeiting product assets that can produce extraordinary operations and those
made to gain malicious access to systems.

Cyber Threats/Cyber Warfare

Cyber warfare refers to the use of digital attacks like computer viruses and hacking by one
country to disrupt the vital computer systems of another, with the aim of creating damage,
death and destruction. Future wars will see hackers using computer code to attack an
enemy's infrastructure, fighting alongside troops using conventional weapons like guns and
missiles. Cyber warfare involves the actions by a nation-state or international organization
to attack and attempt to damage another nation's computers or information networks
through, for example, computer viruses or denial-of-service attacks.

Cyber Crime: Cybercrime is criminal activity that either targets or uses a computer, a
computer network or a networked device. Cybercrime is committed by cybercriminals or
hackers who want to make money. Cybercrime is carried out by individuals or organizations.
Some cybercriminals are organized, use advanced techniques and are highly technically
skilled. Others are novice hackers.

Cyber Terrorism: Cyber terrorism is the convergence of cyberspace and terrorism. It

refers to unlawful attacks and threats of attacks against computers, networks and the
information stored therein when done to intimidate or coerce a government or its people in
furtherance of political or social objectives. Examples are hacking into computer systems,
introducing viruses to vulnerable networks, web site defacing, Denial-of-service attacks, or
terroristic threats made via electronic communication.

Cyber Espionage: Cyber spying, or cyber espionage, is the act or practice of obtaining
secrets and information without the permission and knowledge of the holder of the
information fromindividuals, competitors, rivals, groups, governments and enemies for
personal, economic, political or military advantage using methods on the Internet.
 Unit 2

Cybercrimes
Cyber-crime is vastly growing in the world of tech today. Criminals of the World Wide Web
exploit internet users’ personal information for their own gain. They dive deep into the dark
web to buy and sell illegal products and services. They even gain access to classified
government.

Cyber –crimes are at all-time high, costing companies and individuals billions of dollars
annually.The evolution of technology and increasing accessibility of smart tech means there
are multiple access points within users’ home for cybercriminals or hackers to exploit.

What is cybercrime?

Cybercrime is defined as a crime where a computer is the object of the crime or is used as a
tool to commit an offense. Cybercrime is criminal activity that either targets or uses a
computer, a computer network or a networked device.
Most, but not all, cybercrime is committed by cybercriminals or hackers who want to make
money. Cybercrime is carried out by individuals or organizations. Some cybercriminals are
organized, use advanced techniques and are highly technically skilled. Others are novice
hackers. Rarely, cybercrime aims to damage computers for reasons other than profit. These
could be political or personal.

A cybercriminal may use a device to access a user’s personal information, confidential

business information, government information, or disable a device. It is also a cybercrime to
sell or elicit the above information online.

Categories of cybercrime

There are three major categories that cybercrime falls into: individual, property and
government. The types of methods used and difficulty levels vary depending on the
category.

Individual: This category of cybercrime involves one individual distributing malicious or

illegal information online. This can include cyber-stalking, distributing pornography and
trafficking.

Property: This is similar to a real-life instance of a criminal illegally possessing an

individual’s bank or credit card details. The hacker steals a person’s bank details to gain
access to funds, make purchases online or run phishing scams to get people to give away
their information. They could also use malicious software to gain access to a web page with
confidential information.

Government: This is the least common cybercrime, but is the most serious offense. A crime
against the government is also known as cyber terrorism. Government cybercrime includes
hacking government websites, military websites or distributing propaganda. These criminals
are usually terrorists or enemy governments of other nations.

Types of Cybercrime

DDoS Attacks (Distributed Denial of Service)

These are used to make an online service unavailable and take the network down by
overwhelming the site with traffic from a variety of sources. Large networks of infected
devices known as Botnets are created by depositing malware on users’ computers. The
hacker then hacks into the system once the network is down.

Botnets

Botnets are networks from compromised computers that are controlled externally by
remote hackers. The remote hackers then send spam or attack other computers through
these botnets. Botnets can also be used to act as malware and perform malicious tasks.

Identity Theft

This cybercrime occurs when a criminal gains access to a user’s personal information to steal
funds, access confidential information, or participate in tax or health insurance fraud. They
can also open a phone/internet account in your name, use your name to plan a criminal
activity and claim government benefits in your name. They may do this by finding out user’s
passwords through hacking, retrieving personal information from social media, or sending
phishing emails.

Cyberstalking

This kind of cybercrime involves online harassment where the user is subjected to a plethora
of online messages and emails. Typically cyberstalkers use social media, websites and search
engines to intimidate a user and instill fear. Usually, the cyberstalker knows their victim
and makes the person feel afraid or concerned for their safety.

Social Engineering

Social engineering involves criminals making direct contact with you usually by phone or
email. They want to gain your confidence and usually pose as a customer service agent so
you’ll give the necessary information needed. This is typically a password, the company you
work for, or bank information. Cybercriminals will find out what they can about you on the
internet and then attempt to add you as a friend on social accounts. Once they gain access
to an account, they can sell your information or secure accounts in your name.

PUPs

PUPS or Potentially Unwanted Programs are less threatening than other cybercrimes, but
are a type of malware. They uninstall necessary software in your system including search
engines and pre-downloaded apps. They can include spyware or adware, so it’s a good idea to
install an antivirus software to avoid the malicious download.

Phishing

This type of attack involves hackers sending malicious email attachments or URLs to users
to gain access to their accounts or computer. Cybercriminals are becoming more established
and many of these emails are not flagged as spam. Users are tricked into emails claiming
they need to change their password or update their billing information, giving criminals
access.

Prohibited/Illegal Content

This cybercrime involves criminals sharing and distributing inappropriate content that can
be considered highly distressing and offensive. Offensive content can include, but is not
limited to, sexual activity between adults, videos with intense violent and videos of criminal
activity. Illegal content includes materials advocating terrorism-related acts and child
exploitation material. This type of content exists both on the everyday internet and on the
dark web, an anonymous network.

Online Scams

These are usually in the form of ads or spam emails that include promises of rewards or
offers of unrealistic amounts of money. Online scams include enticing offers that are “too
good to be true” and when clicked on can cause malware to interfere and compromise
information.

Exploit Kits

Exploit kits need a vulnerability (bug in the code of a software) in order to gain control of a
user’s computer. They are readymade tools criminals can buy online and use against anyone
with a computer. The exploit kits are upgraded regularly similar to normal software and are
available on dark web hacking forums.
 History of Cybercrime

The malicious tie to hacking was first documented in the 1970s when early computerized
phones were becoming a target. Tech-savvy people known as “phreakers” found a way
around paying for long distance calls through a series of codes. They were the first hackers,
learning how to exploit the system by modifying hardware and software to steal long
distance phone time. This made people realize that computer systems were vulnerable to
criminal activity and the more complex systems became, the more susceptible they were to
cybercrime.

Fast Forward to 1990, where a large project named Operation Sundevil was exposed. FBI
agents confiscated 42 computers and over 20,000 floppy disks that were used by criminals
for illegal credit card use and telephone services. This operation involved over 100 FBI
agents and took two years to track down only a few of the suspects. However, it was seen as
a great public relations effort, because it was a way to show hackers that they will be
watched and prosecuted.

The Electronic Frontier Foundation was formed as a response to threats on public liberties
that take place when law enforcement makes a mistake or participates in unnecessary
activities to investigate a cybercrime. Their mission was to protect and defend consumers
from unlawful prosecution. While helpful, it also opened the door for hacker loopholes and
anonymous browsing where many criminals practice their illegal services.

Crime and cybercrime have become an increasingly large problem in our society, even with
the criminal justice system in place. Both in the public web space and dark web,
cybercriminals are highly skilled and are not easy to find. Read below to learn more about
how to combat cybercrime through cyber law.

Impact of Cybercrime on Society

Cybercrime has created a major threat to those who use the internet, with millions of users’
information stolen within the past few years. It has also made a major dent in many nations’
economies. IBM president and CEO GinniRometty described cybercrime as “the greatest
threat to every profession, every industry, and every company in the world.”

The impacts of a single, successful cyber-attack can have far-reaching implications

including financial losses, theft of intellectual property, and loss of consumer confidence
and trust. The overall monetary impact of cybercrime on society and government is
estimated to be billions of dollars a year. Criminals take advantage of technology in many
different ways. The Internet, in particular, is a great tool for scammers and other
miscreants, since it allows them to ply their trade while hiding behind a shield of digital
anonymity.

Cybercrime affects society in a number of different ways, both online and offline,
Becoming the victim of cybercrime can have long-lasting effects on life. One common
technique scammers employ is phishing, sending false emails purporting to come from a
bank or other financial institution requesting personal information. If one hands over this
information, it can allow the criminal to access one's bank and credit accounts, as well as
open new accounts and destroy credit rating. Cyber criminals take full advantage of
anonymity, secrecy, and interconnectedness provided by the Internet, therefore, attacking
the very foundations of our modern information society. Cybercrime can involve botnets,
computer viruses, cyber bullying, cyber stalking, cyber terrorism, and cyber pornography,
denial of service attacks, identity theft, malware, and spam. Law enforcement officials
have struggled to keep pace with cyber criminals, who cost the global economy billions
annually. Police are attempting to use the same tools cyber criminals use to perpetrate
crimes in an effort to prevent those crimes and bring the guilty parties to justice.

Following are some othereffect of cybercrime

SECURITY COSTS: Cyber criminals also focus their attacks on businesses, both large and
small. Hackers may attempt to take over company servers to steal information or use the
machines for their own purposes, requiring companies to hire staff and update software to
keep intruders out. A survey of large companies found an average expenditure of $8.9
million per year on cyber security, with 100 per cent of firms surveyed reporting at least
one malware incident in the preceding 12 months and 71 per cent reporting the hijacking of
company computers by outsiders.

MONETARY LOSSES: The overall monetary losses from cybercrime can be immense.
According to a 2012 report by Symantec, more than 1.5 million people fall victim to some
sort of cybercrime every day, ranging from simple password theft to extensive monetary
swindles. With an average loss of $197 per victim, this adds up to more than $110 billion
dollars lost to cybercrime worldwide every year. As consumers get wise to traditional
avenues of attack, cyber criminals have developed new techniques involving mobile devices
and social networks to keep their illicit gains flowing.

PIRACY: The cybercrime of piracy has had major effects on entertainment, music and
software industries. Claims of damages are hard to estimate and even harder to verify,
with estimates ranging widely from hundreds of millions to hundreds of billions of dollars
per year. In response, copyright holders have lobbied for stricter laws against intellectual
property theft, resulting in laws like the Digital Millennium Copyright Act. These laws allow
copyright holders to target file sharers and sue them for large sums of money to
counteract the financial damage of their activities online.

How to Fight Cybercrime

It seems like in the modern age of technology, hackers are taking over our systems and no
one is safe. The average dwell-time, or time it takes a company to detect a cyber-breach, is
more than 200 days. Most internet users are not dwelling on the fact that they may get
hacked and many rarely change their credentials or update passwords. This leaves many
people susceptible to cybercrime and it’s important to become informed.

Following are some preventive measures you can take in order to protect yourself as an
individual or as a business from cyber attack.
1. Become vigilant when browsing websites.
2. Flag and report suspicious emails.

3. Never click on unfamiliar links or ads.

4. Use a VPN whenever possible.

5. Ensure websites are safe before entering credentials.

6. Keep antivirus/application systems up to date.

7. Use strong passwords with 14+ characters.

 Unit 3

Cybercrime: Mobile and Wireless

In this modern era, the rising importance of electronic gadgets (i.e mobile hand-held
devices) – which became an integral part of business, providing connectivity with the
internet outside the office – brings many challenges to secure these devices from being a
victim of cybercrime. In the recent years, the use of laptops, personal digital assistants
(PDAs), and mobile phones has grown from limited user communities to widespread desktop
replacement and broad deployment.
The maturation of the PDA and advancements in cellular phone technology have converged
into a new category of mobile device: The smartphones.
Smartphones combine the best aspects of mobile and wireless technologies and blend them
into a useful business tool. The larger and more diverse community of mobile users and their
devices increase the demands on the IT function to secure the device data and connection to
the network, keeping control of the corporate assets, while at the same time supporting
mobile user productivity.
These technological developments present a new set of security challenges to the global
organizations.
Growth of Mobile and wireless devices
Today, incredible advances are being made for mobile devices. The trend is for smaller
devices and more processing power. A few years ago, the choice was between a wireless
phone and a simple PDA. Now the buyers have a choice between high-end PDAs with
integrated wireless modems and small phones with wireless Web-browsing capabilities. A long
list of options is available to the mobile users. A simple hand-held mobile device provides
enough computing power to run small applications, play games and music, and make voice
calls. A key driver for the growth of mobile technology is the rapid growth of business
solutions into hand-held devices. As the term "mobile device" includes many products. We
first provide a clear distinction among the key terms: mobile computing, wireless computing
and hand-held devices. Figure below helps us understand how these terms are related. Let
us understand the concept of mobile computing and the various types of devices.
Many types of mobile computers have been introduced since 1990s. They are as follows:

1. Portable computer: It is a general-purpose computer that can be easily moved from one
place to another, but cannot be used while in transit, usually because it requires some
"setting-up" and an AC power source.

2. Tablet PC: It lacks a keyboard, is shaped like a slate or a paper notebook and has
features of a touchscreen with a stylus and handwriting recognition software. Tablets
may not be best suited for applications requiring a physical keyboard for typing, but are
otherwise capable of carrying out most tasks that an ordinary laptop would be able to
perform.

3. Internet tablet: It is the Internet appliance in tablet form. Unlike a Tablet PC, the
Internet tablet does not have much computing power and its applications suite is limited.
Also it cannotreplace a general-purpose computer. The Internet tablets typically
feature an MP3 and video player, a Web browser, a chat application and a picture viewer.

4. Personal digital assistant (PDA): It is a small, usually pocket-sized, computer with

limited functionality. It is intended to supplement and synchronize with a desktop
computer, giving access to contacts, address book, notes, E-Mail and other features.

5. Ultramobile (PC): It is a full-featured, PDA-sized computer running a general-purpose

operating system (OS).
6. Smartphone: It is a PDA with an integrated cell phone functionality. Current
Smartphones have a wide range of features and installable applications.

7. Carputer: It is a computing device installed in an automobile. It operates as a wireless

computer, sound system, global positioning system (GPS) and DVD player. It also
contains word processing software and is Bluetooth compatible.

8. Fly Fusion Pentop computer: It is a computing device with the size and shape of a pen. It
functions as a writing utensil, MP3 player, language translator, digital storage device
and calculator.

Popular types of attacks against mobile networks are as follows:

1. Malwares, viruses and worms: Although many users are still in the transient process of
switching from 2G,2.5G2G,2.5G to 3G,3G, it is a growing need to educate the community
people and provide awareness of such threats that exist while using mobile devices. Here
are few examples of malware(s) specific to mobile devices:

 Skull Trojan:It’s a malicious code that deactivates all links to Symbian system
applications, such as e-mail and calendar, by replacing their menu icons with images
of skulls.

 Cabir Worm: It is the first dedicated mobile-phone worm infects phones running on
Symbian OS and scans other mobile devices to send a copy of itself to the first
vulnerable phone it finds through Bluetooth Wireless technology. The worst thing
about this worm is that the source code for the Cabir-H and Cabir-I viruses is
available online.

 Mosquito Trojan: It affects Smartphones and is a cracked version of "Mosquitos"

mobile phone game.

 Brador Trojan: It affects the Windows CE OS by creating a svchost. exe file in the
Windows start-up folder which allows full control of the device. This executable file is
conductive to traditional worm propagation vector such as E-Mail file attachments.

 Lasco Worm: It was released first in 2005 to target PDAs and mobile phones running
the Symbian OS. Lasco is based on Cabir's source code and replicates over Bluetooth
connection.

2. Denial-of-service (DoS): The main objective behind this attack is to make the system
unavailable to the intended users. Virus attacks can be used to damage the system to
make the system unavailable. Presently, one of the most common cyber security threats
 to wired Internet service providers (iSPs) is a distributed denial-of-service (DDos)
attack .DDoS attacks are used to flood the target system with the data so that the
response from the target system is either slowed or stopped.

3. Overbilling attack: Overbilling involves an attacker hijacking a subscriber's IP address

and then using it (i.e., the connection) to initiate downloads that are not "Free
downloads" or simply use it for his/her own purposes. In either case, the legitimate user
is charged for the activity which the user did not conduct or authorize to conduct.

4. Spoofed policy development process (PDP): These of attacks exploit the vulnerabilities
in the GTP [General Packet Radio Service (GPRS) Tunneling Protocol].

5. Signaling-level attacks: The Session Initiation Protocol (SIP) is a signaling protocol used
in IP multimedia subsystem (IMS) networks to provide Voice Over Internet Protocol (VoIP)
services.

Credit Card Frauds in Mobile and Wireless Computing Era:

These are new trends in cybercrime that are coming up with mobile computing - mobile
commerce (M-Commerce) and mobile banking (M-Banking). Credit card frauds are now
becoming commonplace given the ever-increasing power and the ever-reducing prices of the
mobile hand-held devices, factors that result in easy availability of these gadgets to almost
anyone. Today belongs to "mobile computing" that is, anywhere anytime computing. The
developments in wireless technology have fuelled this new mode of working for white collar
workers. This is true for credit card processing too; wireless credit card processing is a
relatively new service that will allow a person to process credit cards electronically, virtually
anywhere. Wireless credit card processing is a very desirable system, because it allows
businesses to process transactions from mobile locations quickly, efficiently and
professionally. It is most often used by businesses that operate mainly in a mobile
environment

Different Types of Mobile Security Threats

Mobile security threats are commonly thought of as a single, all-encompassing threat. But
the truth is, there are four different types of mobile security threats that organizations
need to take steps to protect themselves from:

Mobile Application Security Threats: Application-based threats happen when people

download apps that look legitimate but actually skim data from their device. Examples are
spyware and malware that steal personal and business information without people realizing
it’s happening.
Web-Based Mobile Security Threats:Web-based threats are subtle and tend to go
unnoticed. They happen when people visit affected sites that seem fine on the front-end
but, in reality, automatically download malicious content onto devices.

Mobile Network Security Threats: Network-based threats are especially common and risky
because cybercriminals can steal unencrypted data while people use public WiFi networks.

Mobile Device Security Threats: Physical threats to mobile devices most commonly refer to
the loss or theft of a device. Because hackers have direct access to the hardware where
private data is stored, this threat is especially dangerous to enterprises.

Below are the most common examples of these threats, as well as steps organizations can
take to protect themselves from them.

1. Social Engineering:Social engineering attacks are when bad actors send fake emails
(phishing attacks) or text messages (smishing attacks) to your employees in an effort to
trick them into handing over private information like their passwords or downloading
malware onto their devices.

Phishing Attack Countermeasures

The best defense for phishing and other social engineering attacks is to teach employees
how to spot phishing emails and SMS messages that look suspicious and avoid falling prey to
them altogether. Reducing the number of people who have access to sensitive data or
systems can also help protect your organization against social engineering attacks because
it reduces the number of access points attackers have to gain access to critical systems or
information.

2. Data Leakage via Malicious Apps: As Dave Jevans, CEO and CTO of Marble Security,
explains, “Enterprises face a far greater threat from the millions of generally available
apps on their employees’ devices than from mobile malware.”That’s because 85% of
mobile apps today are largely unsecured. Tom Tovar, CEO of Appdome, says, “Today,
hackers can easily find an unprotected mobile app and use that unprotected app to
design larger attacks or steal data, digital wallets, backend details, and other juicy bits
directly from the app.”

For example, when your employees visit Google Play or the App Store to download apps
that look innocent enough, the apps ask for a list of permissions before people are
allowed to download them. These permissions generally require some kind of access to
files or folders on the mobile device, and most people just glance at the list of
permissions and agree without reviewing them in great detail.
 However, this lack of scrutiny can leave devices and enterprises vulnerable. Even if the
app works the way it’s supposed to, it still has the potential to mine corporate data and
send it to a third party, like a competitor, and expose sensitive product or business
information.

How to Protect Against Data Leakage

The best way to protect your organization against data leakage through malicious or
unsecured applications is by using Mobile Application Management (MAM) tools. These tools
allow IT admins to manage corporate apps (wipe or control access permissions) on their
employees’ devices without disrupting employees’ personal apps or data.

3. Unsecured Public WiFi: Public WiFi networks are generally less secure than private
networks because there’s no way to know who set the network up, how (or if) it’s secured
with encryption, or who is currently accessing it or monitoring it. And as more companies
offer remote work options, the public WiFi networks your employees use to access your
servers (e.g., from coffee shops or cafes) could present a risk to your organization.

For example, cybercriminals often set up WiFi networks that look authentic but are
actually a front to capture data that passes through their system (a “man in the middle”
attack)

How to Reduce Risks Posed By Unsecured Public WiFi

The best way for you to protect your organization against threats over public WiFi networks
is by requiring employees to use a VPN to access company systems or files. This will ensure
that their session stays private and secure, even if they use a public network to access your
systems.

4. End-to-End Encryption Gaps: An encryption gap is like a water pipe with a hole in it.
While the point where the water enters (your users’ mobile devices) and the point where
the water exits the pipe (your systems) might be secure, the hole in the middle lets bad
actors access the water flow in between.

Unencrypted public WiFi networks are one of the most common examples of an
encryption gap (and it’s why they’re a huge risk to organizations). Since the network
isn’t secured, it leaves an opening in the connection for cybercriminals to access the
information your employees are sharing between their devices and your systems.

However, WiFi networks aren’t the only thing that poses a threat—any application or
service that’s unencrypted could potentially provide cybercriminals with access to
sensitive company information. For example, any unencrypted mobile messaging apps
 your employees use to discuss work information could present an access point for a bad
actor.

Solution: Ensure Everything is Encrypted

For any sensitive work information, end-to-end encryption is a must. This includes ensuring
any service providers you work with encrypt their services to prevent unauthorized access,
as well as ensuring your users’ devices and your systems are encrypted as well.

5. Internet of Things (IoT) Devices: The types of mobile devices that access your
organization’s systems are branching out from mobile phones and tablets to include
wearable tech (like the Apple Watch) and physical devices (like Google Home or Alexa).
And since many of the latest IoT mobile devices have IP addresses, it means bad actors
can use them to gain access to your organizations’ network over the internet if those
devices are connected to your systems.

How to Combat Shadow IoT Threats

Mobile device management (MDM) tools can help you combat shadow IoT threats, as well as
identity and access management (IAM) tools like Auth0. However, IoT/Machine-to-Machine
(M2M) security is still in a bit of a “wild west” phase at the moment. So it’s up to each
organization to put the appropriate technical and policy regulations in place to ensure their
systems are secure.

6. Spyware: Spyware is used to survey or collect data and is most commonly installed on a
mobile device when users click on a malicious advertisement (“malvertisement”) or
through scams that trick users into downloading it unintentionally.

Whether your employees have an iOS or Android device, their devices are targets ripe
for data mining with spyware—which could include your private corporate data if that
device is connected to your systems.

How to Protect Against Spyware

Dedicated mobile security apps (like Google’s Play Protect) can help your employees detect
and eliminate spyware that might be installed on their devices and be used to access
company data. Ensuring your employees keep their device operating systems (and
applications) up to date also helps ensure that their devices and your data are protected
against the latest spyware threats.

7. Poor Password Habits: A 2020 study by Balbix found that 99% of the people surveyed
reused their passwords between work accounts or between work and personal accounts.
 Unfortunately, the passwords that employees are reusing are often weak as well.

For example, a 2019 study by Google found that 59% of the people they surveyed used a
name or a birthday in their password

These bad password habits present a threat to organizations whose employees use their
personal devices to access company systems. Since both personal and work accounts are
accessible from the same device with the same password, it simplifies the work a bad
actor has to do in order to breach your systems.

However, these behaviors also provide opportunities for credential-based brute force
cyber-attacks like credential stuffing or password spraying because cybercriminals can
use weak or stolen credentials to access sensitive data through company mobile apps.

How to Reduce or Eliminate Mobile Password Threats

The NIST Password Guidelines are widely regarded as the international standard for
password best practices. Following these guidelines—and insisting your employees do the
same—will help protect you against threats from weak or stolen passwords. Password
managers can simplify the work required for your employees to follow these guidelines.

Requiring your employees to use more than one authentication factor (multi-factor
authentication or MFA) to access mobile company applications will also help reduce the risk
that a bad actor could gain access to your systems since they’d need to verify their
identity with additional authentication factors in order to log in.

Finally, implementing passwordless authentication will help you eliminate password risks
altogether. For example, in the event that a mobile device is stolen or accessed illegally,
requiring a facial scan as a primary (or secondary) authentication factor could still prevent
unauthorized access.

8. Lost or Stolen Mobile Devices: Lost and stolen devices aren’t a new threat for
organizations. But with more people working remotely in public places like cafes or
coffee shops and accessing your systems with a wider range of devices, lost and stolen
devices pose a growing risk to your organization.

How to Protect Against Lost or Stolen Device Threats

First and foremost, you’ll want to ensure employees know what steps to take if they lose
their device. Since most devices come with remote access to delete or transfer information,
that should include asking employees to make sure those services are activated.
9. Out of Date Operating Systems

Like other data security initiatives, mobile security requires continuous work to find and
patch vulnerabilities that bad actors use to gain unauthorized access to your systems and
data.

However, these patches only protect your organization if your employees keep their devices
up to date at all times. And according to Verizon’s Mobile Security Index Report, operating
system updates on 79% of the mobile devices used by enterprises are left in the hands of
employees.

How To Keep Mobile Operating Systems Up To Date

Google and Apple both allow organizations to push updates to managed Android and iOS
devices. Third-party MDM tools often provide this functionality as well.

IAM Tools Can Help Secure Company Mobile Applications

Identity and Access Management (IAM) tools can help organizations secure the apps and
data that users access from their mobile devices, including:

Restricting which devices and users can access enterprise applications and data, as well as
which parts of those applications they’re allowed to access.

Tracking user behavior and securing access in the event that something looks suspicious with
security features like multi-factor authentication (MFA),brute force attack protection,
and more.