UNIT-2

Information & Cyber Security

BCA-6001
UNIT-II Syllabus
Internet Security: Computer Security and Threats, Hacking, Cracking,
sneaking, Viruses, Trojan Horses, malicious code, Worms and Logic Bombs.
Network attack and Defence Most Common Attacks, Scripts Kiddies and
Packaged Defence.
What is Cyber Security?

Cyber security refers to the practice of protecting computer systems, networks,

and data from cyber threats such as hacking, malware, phishing, and other cyber
attacks. It involves various technologies, processes, and policies designed to
ensure the confidentiality, integrity, and availability of digital information.

Key Objectives of Cyber Security

1. Confidentiality – Protecting sensitive data from unauthorized access.

2. Integrity – Ensuring data accuracy and preventing unauthorized
modifications.
3. Availability – Keeping systems and information accessible to authorized
users.
4. Authentication – Verifying user identities to prevent unauthorized
access.
5. Non-Repudiation – Ensuring accountability for actions performed in a
system.

Internet Security: Computer Security and Threats

Internet security refers to the protection of systems, networks, and data from
cyber threats. It encompasses various technologies, processes, and practices
designed to safeguard sensitive information and prevent unauthorized access,
attacks, and damage to digital infrastructure.

Threats are actions carried out primarily by hackers or attackers with malicious
intent, to steal data, cause damage, or interfere with computer systems. A
threat can be anything that can take advantage of a vulnerability to breach
security and negatively alter, erase, or harm objects. A threat is any potential
danger that can harm your systems, data, or operations. In cybersecurity,
threats include activities like hacking, malware attacks, or data breaches that
aim to exploit vulnerabilities.
Types of Threats:
A security threat is a threat that has the potential to harm computer systems
and organizations. The cause could be physical, such as a computer
containing sensitive information being stolen. It’s also possible that the cause
isn’t physical, such as a viral attack.
1. Physical Threats: A physical danger to computer systems is a potential
cause of an occurrence/event that could result in data loss or physical damage.
It can be classified as:
 Internal: Short circuit, fire, non-stable supply of power, hardware failure
due to excess humidity, etc. cause it.
 External: Disasters such as floods, earthquakes, landscapes, etc. cause it.
 Human: Destroying of infrastructure and/or hardware, thefts, disruption,
and unintentional/intentional errors are among the threats.
2. Non-physical threats: A non-physical threat is a potential source of an
incident that could result in:
 Hampering of the business operations that depend on computer systems.
 Sensitive – data or information loss
 Keeping track of other’s computer system activities illegally.
 Hacking id & passwords of the users, etc.
The non-physical threads can be commonly caused by:
(i) Malware: Malware (“malicious software”) is a type of computer program
that infiltrates and damages systems without the users’ knowledge. Malware
tries to go unnoticed by either hiding or not letting the user know about its
presence on the system. You may notice that your system is processing at a
slower rate than usual.
(ii) Virus: It is a program that replicates itself and infects your computer’s
files and programs, rendering them inoperable. It is a type of malware that
spreads by inserting a copy of itself into and becoming part of another
program. It spreads with the help of software or documents. They are
embedded with software and documents and then transferred from one
computer to another using the network, a disk, file sharing, or infected e-mail.
They usually appear as an executable file.
(iii) Spyware: Spyware is a type of computer program that tracks, records,
and reports a user’s activity (offline and online) without their permission for
the purpose of profit or data theft. Spyware can be acquired from a variety of
sources, including websites, instant chats, and emails. A user may also
unwittingly obtain spyware by adopting a software program’s End User
License Agreement.
Adware is a sort of spyware that is primarily utilized by advertising. When
you go online, it keeps track of your web browsing patterns in order to
compile data on the types of websites you visit.
(iv) Worms: Computer worms are similar to viruses in that they replicate
themselves and can inflict similar damage. Unlike viruses, which spread by
infecting a host file, worms are freestanding programs that do not require a
host program or human assistance to proliferate. Worms don’t change
programs; instead, they replicate themselves over and over. They just eat
resources to make the system down.
(v) Trojan: A Trojan horse is malicious software that is disguised as a useful
host program. When the host program is run, the Trojan performs a
harmful/unwanted action. A Trojan horse, often known as a Trojan, is
malicious malware or software that appears to be legal yet has the ability to
take control of your computer. A Trojan is a computer program that is
designed to disrupt, steal, or otherwise harm your data or network.
(vi) Denial Of Service Attacks: A Denial of Service attack is one in which
an attacker tries to prohibit legitimate users from obtaining information or
services. An attacker tries to make a system or network resource unavailable
to its intended users in this attack. The web servers of large organizations
such as banking, commerce, trading organizations, etc. are the victims.
(vii) Phishing: Phishing is a type of attack that is frequently used to obtain
sensitive information from users, such as login credentials and credit card
details. They deceive users into giving critical information, such as bank and
credit card information, or access to personal accounts, by sending spam,
malicious Web sites, email messages, and instant chats.
(viii) Key-Loggers: Keyloggers can monitor a user’s computer activity in
real-time. Keylogger is a program that runs in the background and records
every keystroke made by a user, then sends the data to a hacker with the intent
of stealing passwords and financial information.

Common Security Threats

1. Hacking

Hacking is the act of exploiting vulnerabilities in a computer system or network

to gain unauthorized access. Hackers can be categorized into different types:

 White-hat hackers (Ethical Hackers) – Security professionals who use

hacking techniques for defensive purposes.
 Black-hat hackers (Malicious Hackers) – Individuals who break into
systems with malicious intent, such as stealing data or causing damage.
 Grey-hat hackers – Hackers who may break into systems without
permission but do not cause direct harm and sometimes report
vulnerabilities.
2. Cracking

Cracking is a subset of hacking that involves bypassing security protections,

such as breaking passwords, software licenses, or encrypted data. Crackers
often target proprietary software to remove license restrictions, making it
available for illegal distribution.
Cracking is a technique used to breach computer software or an entire
computer security system, and with malicious intent.
Cracking can be recognized by, for example, software companies don’t come
to know the whether their software has been cracked, public WiFi networks
being cracked and examined by individuals to hamper their private
information, somebody sending phishing emails to other people from your
email address.

Types of Cracking
(a) Password Cracking
(b) Software cracking
(c) Network cracking
(d) Application cracking
(e) Wireless cracking

Password Cracking
Password cracking refers for Finding password from stored data.This is the
most typical techniques for password cracking.
 Brute force cracking: Until it finds a match the cracking algorithm outputs
random sequences of characters.
 Dictionary cracking: This is similar to brute-force cracking tictionary
tracking restrict itself to words rather than utilising random letters.
 Rainbow table cracking : It is used to determine the encryption used to
hash a password, a rainbow table leverages previously computed hashed
values.

Software Cracking
Software cracking is the process of modifying software to completely or
partially eliminate one or more of its functions. At least one of the
following tools or methods is used in the majority of software cracking.

Network Cracking
Network cracking is when a LAN, or “local area network,” is breached by an
outsider. A wireless network can be cracked considerably more easily than
a cable one since the cracker only has to be in close proximity to the
wireless signal. The Wi-fi system in your house is a typical illustration of a
wireless LAN. Cracking a wired network requires a direct connection, but
 cracking a wireless network is much more convenient, because the cracker
just needs to be close to the wireless signal.

Application Cracking
Application cracking refers to the process of modifying software to remove
or disable its copy protection or licensing mechanisms. Application
cracking can also be used as a method of bypassing authentication
mechanisms and gaining access to otherwise secure systems.This involves
exploiting vulnerabilities in software applications to bypass authentication
mechanisms, access sensitive data or execute arbitrary code. Application
cracking poses several risks.

Wireless Cracking
Wireless cracking is a form of cyber attack that involves gaining
unauthorized access to a wireless network by exploiting vulnerabilities in
its security protocols. This type of attack is particularly relevant in the
context of Wi-Fi networks, which are widely used in homes, businesses,
and public places. Wireless cracking can be used for a variety of purposes,
including stealing sensitive information, intercepting communications, and
launching other types of attacks on the network or its users.

3. Sneaking

Sneaking in cybersecurity refers to an attack technique where hackers gain

unauthorized access to a system or network by avoiding detection, often using
stealthy methods like malware, backdoors, or compromised credentials.

4. Viruses

A virus is a type of malicious software (malware) that attaches itself to a host

file or program and spreads when executed. Viruses can corrupt, delete, or
modify files, slow down systems, and cause severe damage. They typically
spread via infected files, email attachments, or malicious websites.

Common types of viruses include:

Common Viruses

1. File Infector Virus – Attaches to executable files and spreads when they run.
2. Boot Sector Virus – Infects the system’s boot sector, making it hard to remove.
3. Macro Virus – Spreads through documents (like Word or Excel) using macros.
4. Polymorphic Virus – Changes its code to avoid detection by antivirus software.
5. Resident Virus – Hides in a computer’s memory and infects files over time.
Advanced Viruses

6. Worms – Self-replicating malware that spreads across networks without a host file.
7. Trojan Horse – Disguised as legitimate software but contains malicious code.
8. Ransomware – Encrypts files and demands payment for decryption.
9. Spyware – Secretly collects user data, including passwords and browsing history.
10. Rootkit Virus – Gives hackers hidden control over a system.

5. Trojan Horses

A Trojan horse is a type of malware that disguises itself as legitimate software

to trick users into installing it. Unlike viruses, Trojans do not replicate
themselves but can open backdoors, allowing attackers to gain remote access to
the infected system.

Types of Trojans:

1. Backdoor Trojan
 Opens a "backdoor" for hackers to remotely control the system.
 Used for spying, stealing data, or launching further attacks.

2. Banking Trojan
 Steals banking credentials and financial data from users.
 Targets online banking transactions.

3. Downloader Trojan
 Installs additional malware onto the infected device.
 Often used as an entry point for ransomware or spyware.

4. Rootkit Trojan
 Hides deep in the system, making it difficult to detect.
 Allows attackers long-term access and control over a device.

5. Spy Trojan (Spyware)

 Monitors user activities, including keystrokes, browsing history, and
passwords.
 Often used for identity theft.

6. Ransom Trojan (Ransomware)

 Encrypts files and demands payment for decryption.
 Can lock entire systems until the ransom is paid.
6. Malicious Code

Malicious code is any harmful software or script designed to disrupt, damage,

steal data, or gain unauthorized access to a system. It includes viruses, worms,
Trojans, and other malware types that pose security risks..

Types of Malicious Code

1. Virus
 Attaches to files and spreads when executed.
 Can corrupt, delete, or steal data.
2. Worm
 Self-replicates and spreads across networks without needing a host file.
 Slows down systems and consumes bandwidth.
3. Trojan Horse
 Disguised as legitimate software but contains hidden malware.
 Used for stealing data or providing remote access to hackers.
4. Ransomware
 Encrypts files and demands payment for decryption.
 Can completely lock users out of their data.
5. Spyware
 Secretly collects user data, including passwords and browsing activity.
 Often used for identity theft.
6. Adware
 Displays unwanted advertisements and may track user activity.
 Can slow down systems and lead to further infections.
7. Keylogger
 Records keystrokes to steal sensitive information like passwords.
 Used in credential theft and online fraud.
8. Logic Bomb
 Activates malicious actions when specific conditions are met.
 Can delete files, crash systems, or steal data.
9. Botnet Malware
 Turns infected devices into bots controlled by hackers.
 Used for DDoS attacks, spamming, and cryptojacking.
7. Worms

A computer worm is a type of malware that self-replicates and spreads across

networks without needing a host file. Unlike viruses, worms do not require user
action to spread, making them highly dangerous. They can slow down networks,
steal data, or install more malware Common examples:

 Email Worms: Email worms spread through email attachments or links.

 Network Worms: Network worms move through computer networks by
exploiting security weaknesses in network services or protocols.
 File-Sharing Worms: File Sharing worms target shared folders or peer-
to-peer file-sharing networks.
 Instant Messaging (IM) Worms: IM worms spread through instant
messaging platforms. They send infected links or files to a person’s
contacts.
 Internet Worms: Internet worms target vulnerabilities in websites, web
servers, or web applications. They can infect computers when people visit
compromised websites or interact with infected web content.

8. Logic Bombs

A logic bomb is a type of malwarе dеsignеd to attack computеr systеms. It is

codе that is placеd in a program and еxеcutеs a specific sеt of instructions
whеn cеrtain conditions arе mеt.

9. Network Attack and Defence

Network attacks are attempts to compromise, disrupt, or gain unauthorized

access to networks. Defences include implementing firewalls, intrusion
detection systems (IDS), encryption, and secure access controls.

Most Common Attacks

 Denial of Service (DoS) & Distributed Denial of Service (DDoS)

Attacks – Overloads a network/server with excessive traffic, making it
unavailable.
 Man-in-the-Middle (MitM) Attack – An attacker intercepts
communication between two parties.
 Phishing Attacks – Deceptive emails or messages trick users into
revealing sensitive information.
 SQL Injection – Attackers inject malicious SQL queries to manipulate
databases.
 Zero-Day Exploits – Attacks targeting newly discovered software
vulnerabilities before patches are released.
10. Script Kiddies and Packaged Defence

Script Kiddies are inexperienced hackers who use pre-written scripts, tools,
and exploits developed by skilled hackers. They lack in-depth technical
knowledge and often carry out cyberattacks for fun or notoriety rather than
personal gain.

Packaged Defence refers to cybersecurity solutions that provide pre-configured

security measures to protect against cyber threats. These include:

 Antivirus software – Detects and removes malware.

 Firewalls – Filters network traffic and blocks unauthorized access.
 Intrusion Detection Systems (IDS) – Monitors network traffic for
suspicious activities.
 Encryption tools – Protects data in transit and storage.

Who are Script Kiddies?

A Script Kiddie (or Skiddie) is an unskilled cyber attacker who uses pre-made
hacking tools, scripts, and exploits developed by professional hackers. These
individuals have little to no technical expertise and rely on automated programs
to launch cyberattacks.

Characteristics of Script Kiddies:

 Lack of Expertise: They do not create their own attack methods.

 Use of Pre-Written Tools: They rely on hacking scripts, malware, and
exploit kits available online.
 Motivations: Their attacks are often driven by curiosity, peer
recognition, or mischief rather than financial gain or political motives.
 Common Targets: They usually attack personal computers, small
websites, and online gaming accounts rather than high-security networks.
 Low-Level Threat: While their attacks can be disruptive, they are
usually not as sophisticated as those conducted by advanced hackers.

Common Attacks by Script Kiddies:

1. DDoS (Distributed Denial of Service) Attacks: Using tools like LOIC

(Low Orbit Ion Cannon) to flood websites with traffic and cause
downtime.
2. Defacing Websites: Altering website appearances by injecting malicious
scripts.
3. SQL Injection: Using automated tools to steal or modify database
content.
 4. Brute Force Attacks: Attempting to crack passwords using dictionary-
based tools.
5. Phishing & Social Engineering: Using fake emails or messages to steal
credentials.

Examples of Tools Used by Script Kiddies:

 Metasploit: A penetration testing framework often misused for attacks.

 Nmap: A network scanner used to find vulnerable systems.
 LOIC/HOIC: Tools used for launching DDoS attacks.
 SQLmap: A tool for automating SQL injection attacks.
 Wireshark: A network analyzer that can capture sensitive data.

2. Packaged Defence: Pre-Built Security Solutions

What is Packaged Defence?

Packaged Defence refers to pre-configured, automated security solutions

designed to protect against common cyber threats. These solutions are user-
friendly, requiring minimal expertise to deploy, making them ideal for
businesses and individuals lacking advanced cybersecurity knowledge.

Key Features of Packaged Defence Solutions:

✔ Pre-Built Security Mechanisms: Includes antivirus, firewalls, intrusion

detection, and encryption.
✔ Automated Threat Detection: Uses AI and machine learning to identify
suspicious activities.
✔ User-Friendly Interface: Designed for non-experts to set up and manage
security.
✔Frequent Updates: Regular patches and updates to counter evolving cyber
threats.
✔Cloud-Based Protection: Some solutions operate on cloud servers to provide
real-time security.

Types of Packaged Defence Solutions:

1. Firewalls & Intrusion Prevention Systems (IPS)

 Example Tools: Cisco ASA, Palo Alto Networks, pfSense

  Protects against unauthorized access by filtering incoming/outgoing
traffic.

2. Endpoint Security Solutions

 Example Tools: Norton, McAfee, Bitdefender, Kaspersky

 Detects and removes malware, ransomware, and phishing threats.

3. Security Information & Event Management (SIEM)

 Example Tools: Splunk, IBM QRadar, ArcSight

 Collects and analyzes security logs for real-time threat detection.

4. Cloud Security Platforms

 Example Tools: AWS Security Hub, Microsoft Defender for Cloud,

Google Chronicle
 Protects cloud-based applications from data breaches and cyber
threats.

5. AI-Driven Threat Intelligence

 Example Tools: Darktrace, CrowdStrike Falcon, FireEye

 Uses machine learning to predict and prevent cyber threats before they
occur.

What Is A Cyber Attack?

A cyber attack refers to an action designed to target a computer or any element
of a computerized information system to change, destroy, or steal data, as well
as exploit or harm a network. A cyber attack is a malicious attempt by hackers
to damage, disrupt, steal, or gain unauthorized access to computer systems,
networks, or data

Types Of Cyber Security Attacks

 Phishing Attack– Fake emails or messages tricking you into sharing
personal info.
 Malware – Harmful software like viruses, worms, or spyware that
damages your system.
 Ransomware – Malware that locks your files and demands payment to
unlock them.
 Trojan Horse – A fake program that looks useful but contains harmful
code.
 Spyware – Secretly collects your personal data without permission.
 Adware – Shows unwanted ads and may track your activities.
 Denial-of-Service (DoS) Attack – Overloads a website with too much
traffic, making it crash.
 Distributed Denial-of-Service (DDoS) Attack – A stronger DoS attack
using multiple computers.
 Brute Force Attack – Hackers try many password combinations to break
into an account.
 Man-in-the-Middle Attack (MITM attacks) – Hackers secretly intercept
communication between two parties.
 SQL Injection – Attackers insert malicious code into databases to steal
or manipulate data.
 Zero-Day Attack – Exploiting security weaknesses before companies fix
them.
 Eavesdropping Attack – Hackers secretly listen to private conversations
or data transfers.
 Session Hijacking – Taking control of an active session between a user
and a website.
 DNS Spoofing – Redirects users to fake websites to steal their
information.
 Keylogger Attack – Records what you type, including passwords and
sensitive data.
 Cross-Site Scripting (XSS) – Injects harmful scripts into websites to
steal data.
 Rootkit Attack – Hides inside a system to give hackers remote control
access.
 Social Engineering – Tricking people into revealing confidential
information.
 Keylogger Attack – Records everything you type, including passwords.
 Session Hijacking – Taking control of an active session between you and
a website.
 Replay Attack – Hackers resend old data to pretend they are you.
 SIM Swapping Attack – Transfers your phone number to a hacker’s
SIM to access your accounts.
 Two-Factor Authentication Bypass – Tricks you into revealing 2FA codes.
 Insider threats occur when employees or trusted individuals misuse their
access to harm an organization, either intentionally or unintentionally.
 A web attack is a cyber attack that targets websites, web applications, or
web servers to steal data, disrupt services, or exploit vulnerabilities.
Examples include SQL injection, Cross-Site Scripting (XSS), Cross-Site
Request Forgery (CSRF), and Denial-of-Service (DoS) attacks.
 Session Hijacking is a cyber attack where a hacker steals a user's active
session ID to gain unauthorized access to their account or online activity
  DNS Spoofing (or DNS Cache Poisoning) is a cyber attack where hackers
manipulate the Domain Name System (DNS) to redirect users to fake
websites, tricking them into revealing sensitive information.

Vulnerability in Cyber Security

A vulnerability is a weakness in an IT system that can be exploited by an

attacker to deliver a successful attack. They can occur through flaws, features or
user error, and attackers will look to exploit any of them, often combining one
or more, to achieve their end goal.

Types of Vulnerabilities
1. Software Vulnerabilities
 Unpatched Software – Old versions of software with security flaws.
 Zero-Day Vulnerability – A newly discovered flaw with no fix
available.
2. Network Vulnerabilities
 Unsecured Wi-Fi – Open or weakly protected networks can be hacked.
 Man-in-the-Middle Attack – Hackers intercept communication between
devices.
3. Hardware Vulnerabilities
 Outdated Devices – Old hardware may lack security updates.
 USB Attacks – Malicious USB drives can inject malware.
4. Human-Related Vulnerabilities
 Weak Passwords – Easy-to-guess passwords make accounts vulnerable.
 Phishing Attacks – Tricking users into revealing sensitive information.
5. Web & Application Vulnerabilities
 SQL Injection – Hackers inject malicious code into databases.
 Cross-Site Scripting (XSS) – Injects harmful scripts into websites.
6. Cloud Security Vulnerabilities
 Misconfigured Cloud Settings – Leads to data leaks.
 Weak API Security – Can allow unauthorized access to cloud data.