SEMINAR REPORT ON CYBER SECURITY

PREPARED BY

JOHNSON TEMITOPE BLESSING

20190705010161
ND 2

SUBMITTED TO THE DEPARTMENT OF COMPUTER

STUDIES, FACULTY OF SCIENCE, THE POLYTECHNIC
IBADAN.
IN PARTIAL FULFILMENT OF THE AWARD OF
NATIONAL DIPLOMA IN COMPUTER SCIENCE.

SUPERVISED BY
MR.EGBEDOKUN S.O

i
 ABSTRACT

Cyber Security plays an important role in the field of information technology .Securing the
information have become one of the biggest challenges in the present day. Whenever we think
about the cyber security the first thing that comes to our mind is ‘cyber crimes’ which are
increasing immensely day by day. Various Governments and companies are taking many
measures in order to prevent these cyber-crimes. Besides various measures cyber security is still
a very big concern to many. This paper mainly focuses on challenges faced by cyber security on
the latest technologies .It also focuses on latest about the cyber security techniques, ethics and
the trends changing the face of cyber security.

Keywords: cyber security, cyber-crime, cyber ethics, social media, cloud computing, android
apps.

ii
 TABLE OF CONTENTS

Title page I

Abstract II

Table of contents III-IV

CHAPTER ONE

Introduction 1

Cyber crime 2

Classification of cyber crime 3-6

Financial and fraud crimes 3

Cyber terrorism 3-4

Cyber extortion 4

Cybersex trafficking 4-5

Cyber warfare 5

Ad-fraud 5-6

CHAPTER TWO

Cyber security 7

Trends changing cyber security 8

Web servers 8

Cloud computing and its services 8

APT’s and Targeted attacks 8

Mobile networks 9

iii
 IPv6: New internet Protocol 9

Encryption of the code 9-10

CHAPTER THREE

Role of social media in cyber security 11

Cyber security techniques 12

Access control and password security 12

Authentication of data 12

Malware scanners 12

Firewalls 12

Anti-virus software 12

Cyber ethics 13

Conclusion 14

References 15-17

iv
 CHAPTER ONE

INTRODUCTION

Today man is able to send and receive any form of data may be an e-mail or an audio or video
just by the click of a button but did he ever think how securely his data id being transmitted or
sent to the other person safely without any leakage of information? The answer lies in cyber
security. Today Internet is the fastest growing infrastructure in everyday life. In today’s technical
environment many latest technologies are changing the face of the mankind. But due to these
emerging technologies we are unable to safeguard our private information in a very effective
way and hence these days cyber-crimes are increasing day by day. Today more than 60 percent
of total commercial transactions are done online, so this field required a high quality of security
for transparent and best transactions. Hence cyber security has become a latest issue. The scope
of cyber security is not just limited to securing the information in IT industry but also to various
other fields like cyber space etc.

Even the latest technologies like cloud computing, mobile computing, E-commerce, net banking
etc also needs high level of security. Since these technologies hold some important information
regarding a person their security has become a must thing. Enhancing cyber security and
protecting critical information infrastructures are essential to each nation's security and economic
wellbeing. Making the Internet safer (and protecting Internet users) has become integral to the
development of new services as well as governmental policy. The fight against cyber-crime
needs a comprehensive and a safer approach. Given that technical measures alone cannot prevent
any crime, it is critical that law enforcement agencies are allowed to investigate and prosecute
cyber-crime effectively. Today many nations and governments are imposing strict laws on cyber
securities in order to prevent the loss of some important information. Every individual must also
be trained on this cyber security and save themselves from these increasing cyber-crimes.

The internet has made the world smaller in many ways but it has also opened us up to influences
that have never before been so varied and so challenging. As fast as security grew, the hacking
world grew faster. There are two ways of looking at the issue of cyber security. One is that the
companies that provide cloud computing do that and only that so these companies will be
extremely well secured with the latest in cutting edge encryption technology.

1
CYBER CRIME

Cyber-crime is a term for any illegal activity that uses a computer as its primary means of
commission and theft. The U.S. Department of Justice expands the definition of cyber-crime to
include any illegal activity that uses a computer for the storage of evidence. The growing list of
cyber-crimes includes crimes that have been made possible by computers, such as network
intrusions and the dissemination of computer viruses, as well as computer-based variations of
existing crimes, such as identity theft, stalking, bullying and terrorism which have become as
major problem to people and nations. Usually in common man’s language cyber-crime may be
defined as crime committed using a computer and the internet to steel a person’s identity or sell
contraband or stalk victims or disrupt operations with malevolent programs. As day by day
technology is playing in major role in a person’s life the cyber-crimes also will increase along
with the technological advances.

There are many privacy concerns surrounding Cybercrime when confidential information is

intercepted or disclosed, lawfully or otherwise. Internationally, both governmental and non-state
actors engage in cybercrimes, including espionage, financial theft, and other cross-border crimes.
Cybercrimes crossing international borders and involving the actions of at least one nation-state
are sometimes referred to as cyber warfare. Warren Buffett describes Cybercrime as the "number
one problem with mankind" and "poses real risks to humanity."

A report (sponsored by McAfee) published in 2014 estimated that the annual damage to the
global economy was $445 billion. A 2016 report by Cyber security ventures predicted that global
damages incurred as a result of cybercrime would cost up to $6 trillion annually by 2021 and
$10.5 trillion annually by 2025.

Approximately $1.5 billion was lost in 2012 to online credit and debit card fraud in the US. In
2018, a study by the Center for Strategic and International Studies (CSIS), in partnership
with McAfee, concludes that nearly one percent of global GDP, close to $600 billion, is lost to
cybercrime each year. The World Economic Forum 2020 Global Risk report confirmed that
organized Cybercrimes bodies are joining forces to perpetrate criminal activities online while
estimating the likelihood of their detection and prosecution to be less than 1 percent in the US.

2
CLASSIFICATIONS OF CYBER CRIME

Financial and Fraud crimes

Computer fraud is any dishonest misrepresentation of fact intended to let another to do or refrain
from doing something which causes loss. In this context, the fraud will result in obtaining a
benefit by:

 Altering in an unauthorized way. This requires little technical expertise and is a common
form of theft by employees altering the data before entry or entering false data, or by
entering unauthorized instructions or using unauthorized processes;
 Altering, destroying, suppressing, or stealing output, usually to conceal unauthorized
transactions. This is difficult to detect;
 Altering or deleting stored data;

Other forms of fraud may be facilitated using computer systems, including bank

fraud, carding, identity theft, extortion, and theft of classified information. These types of crime
often result in the loss of private information or monetary information.

Cyber terrorism
Government officials and information technology security specialists have documented a
significant increase in Internet problems and server scams since early 2001. There is a growing
concern among government agencies such as the Federal Bureau of Investigations (FBI) and
the Central Intelligence Agency (CIA) that such intrusions are part of an organized effort
by cyberterrorist foreign intelligence services, or other groups to map potential security holes in
critical systems. A cyberterrorist is someone who intimidates or coerces a government or an
organization to advance his or her political or social objectives by launching a computer-based
attack against computers, networks, or the information stored on them.

Cyberterrorism, in general, can be defined as an act of terrorism committed through the use of

cyberspace or computer resources (Parker 1983). As such, a simple propaganda piece on the
Internet that there will be bomb attacks during the holidays can be considered cyberterrorism.

3
There are also hacking activities directed towards individuals, families, organized by groups
within networks, tending to cause fear among people, demonstrate power, collecting information
relevant for ruining peoples' lives, robberies, blackmailing, etc.

Cyber extortion
Cyber extortion occurs when a website, e-mail server, or computer system is subjected to or
threatened with repeated denial of service or other attacks by malicious hackers. These hackers
demand money in return for promising to stop the attacks and to offer "protection". According to
the Federal Bureau of Investigation, cybercrime extortionists are increasingly attacking corporate
websites and networks, crippling their ability to operate and demanding payments to restore their
service. More than 20 cases are reported each month to the FBI and many go unreported in order
to keep the victim's name out of the public domain. Perpetrators typically use a distributed
denial-of-service attack. However, other cyber extortion techniques exist such
as doxing extortion and bug poaching.

An example of cyber extortion was the attack on Sony Pictures of 2014.

Ransom ware is a kind of cyber extortion in which a malware is used to restrict access to files,
sometimes threatening permanent data erasure unless a ransom is paid. Kapersky Lab 2016
Security Bulletin report estimates that a business falls victim of Ransom ware every 40
minutes. and predicted to attack a business every 11 minutes in 2021. With Ransom ware
remaining one of the fastest growing cybercrimes in the world, global Ransom ware damage is
predicted to cost up to $20 billion in 2021.

Cybersex trafficking

Cybersex trafficking is the transportation of victims and then the live streaming of coerced
sexual acts and or rape on webcam. Victims are abducted, threatened, or deceived and
transferred to 'cybersex dens.' The dens can be in any location where the cybersex traffickers
have a computer, tablet, or phone with internet connection. Perpetrators use social
media networks, videoconferences, dating pages, online chat rooms, apps, dark web sites, and
other platforms. They use online payment systems and crypto currencies to hide their identities.
Millions of reports of its occurrence are sent to authorities annually. [35] New legislation and
police procedures are needed to combat this type of cybercrime.

4
An example of cybersex trafficking is the 2018–2020 Nth room case in South Korea.

Cyber warfare

The U.S. Department of Defense notes that the cyberspace has emerged as a national-level

concern through several recent events of geostrategic significance. Among those are included,
the attack on Estonia's infrastructure in 2007, allegedly by Russian hackers. In August 2008,
Russia again allegedly conducted cyber-attacks, this time in a coordinated and synchronized
kinetic and non-kinetic campaign against the country of Georgia. Fearing that such attacks may
become the norm in future warfare among nation-states, the concept of cyberspace operations
impacts and will be adapted by war fighting military commanders in the future.

Ad-fraud

Ad-frauds are particularly popular among cybercriminals, as such frauds are less likely to be
prosecuted and are particularly lucrative cybercrimes.[42] Jean-Loup Richet, Professor at
the Sorbonne Business School, classified the large variety of ad-fraud observed in cybercriminal
communities into three categories: (1) identity fraud; (2) attribution fraud; and (3) ad-fraud
services.

Identity fraud aims to impersonate real users and inflate audience numbers. Several ad-fraud
techniques relate to this category and include traffic from bots (coming from a hosting company
or a data center, or from compromised devices); cookie stuffing; falsifying user characteristics,
such as location and browser type; fake social traffic (misleading users on social networks into
visiting the advertised website); and the creation of fake social signals to make a bot look more
legitimate, for instance by opening a Twitter or Facebook account.

Attribution fraud aims to impersonate real users’ behaviors (clicks, activities, conversations,
etc.). Multiple ad-fraud techniques belong to this category: hijacked devices and the use of
infected users (through a malware) as part of a botnet to participate in ad fraud campaigns; click
farms (companies where low-wage employees are paid to click or engage in conversations and
affiliates’ offers); incentivized browsing; video placement abuse (delivered in display banner
slots); hidden ads (that will never be viewed by real users); domain spoofing (ads served on a
website other than the advertised real-time bidding website); and click jacking (user is forced to
click on the ad).

5
Ad fraud services are related to all online infrastructure and hosting services that might be
needed to undertake identity or attribution fraud . Services can involve the creation of spam
websites (fake networks of websites created to provide artificial backlinks); link building
services; hosting services; creation of fake and scam pages impersonating a famous brand and
used as part of an ad fraud campaign.

A successful ad-fraud campaign involves a sophisticated combination of these three types of ad-
fraud—sending fake traffic through bots using fake social accounts and falsified cookies; bots
will click on the ads available on a scam page that is faking a famous brand.

6
 CHAPTER TWO

CYBER SECURITY

Computer security, cyber security, or information technology security (IT security) is the

protection of computer systems and networks from information disclosure, theft of or damage to
their hardware, software, or electronic data, as well as from the disruption or misdirection of the
services they provide.

Cyber security is one of the information system management by individuals or organizations to

direct end-users security behaviours, on the basis of personal perceived behaviours toward
potential security breach in work and non-work environment. The extant study of cyber security
explores three main streams: individual behaviours toward information security in non-work
setting, employee behaviours toward information security in work setting, and organization
information system security policy (ISSP) compliance and the related issues.

The field is becoming increasingly significant due to the continuously expanding reliance
on computer systems, the Internet[2] and wireless network standards such as Bluetooth and Wi-Fi,
and due to the growth of "smart" devices, including smartphones, televisions, and the various
devices that constitute the "Internet of things". Cyber security is also one of the significant
challenges in the contemporary world, due to its complexity, both in terms of political usage and
technology. Its primary goal is to ensure the system's dependability, integrity, and data privacy.

7
TRANDS CHANGING CYBER SECURITY

Here mentioned below are some of the trends that are having a huge impact on cyber security.

Web servers

The threat of attacks on web applications to extract data or to distribute malicious code persists.
Cyber criminals distribute their malicious code via legitimate web servers they’ve compromised.
But data-stealing attacks, many of which get the attention of media, are also a big threat. Now,
we need a greater emphasis on protecting web servers and web applications. Web servers are
especially the best platform for these cyber criminals to steal the data. Hence one must always
use a safer browser especially during important transactions in order not to fall as a prey for
these crimes.

Cloud computing and it’s services

These days all small, medium and large companies are slowly adopting cloud services. In other
words the world is slowly moving towards the clouds. This latest trend presents a big challenge
for cyber security, as traffic can go around traditional points of inspection. Additionally, as the
number of applications available in the cloud grows, policy controls for web applications and
cloud services will also need to evolve in order to prevent the loss of valuable information.
Though cloud services are developing their own models still a lot of issues are being brought up
about their security. Cloud may provide immense opportunities but it should always be noted
that as the cloud evolves so as its security concerns increase.

APT’s and Targeted attacks

APT (Advanced Persistent Threat) is a whole new level of cyber crime ware. For years network
security capabilities such as web filtering or IPS have played a key part in identifying such
targeted attacks (mostly after the initial compromise). As attackers grow bolder and employ more
vague techniques, network security must integrate with other security services in order to detect
attacks. Hence one must improve our security techniques in order to prevent more threats coming
in the future.

8
Mobile networks

Today we are able to connect to anyone in any part of the world. But for these mobile networks
security is a very big concern. These days firewalls and other security measures are becoming
porous as people are using devices such as tablets, phones, PC’s etc all of which again require
extra securities apart from those present in the applications used. We must always think about the
security issues of these mobile networks. Further mobile networks are highly prone to these
cyber-crimes a lot of care must be taken in case of their security issues.

IPv6: New internet Protocol

IPv6 is the new Internet protocol which is replacing IPv4 (the older version), which has been a
backbone of our networks in general and the Internet at large. Protecting IPv6 is not just a
question of porting IPv4 capabilities. While IPv6 is a wholesale replacement in making more IP
addresses available, there are some very fundamental changes to the protocol which need to be
considered in security policy. Hence it is always better to switch to IPv6 as soon as possible in
order to reduce the risks regarding cyber crime.

Encryption of the code

Encryption is the process of encoding messages (or information) in such a way that
eavesdroppers or hackers cannot read it.. In an encryption scheme, the message or information is
encrypted using an encryption algorithm, turning it into an unreadable cipher text. This is usually
done with the use of an encryption key, which specifies how the message is to be encoded.
Encryption at a very beginning level protects data privacy and its integrity. But more use of
encryption brings more challenges in cyber security. Encryption is also used to protect data in
transit, for example data being transferred via networks (e.g. the Internet, ecommerce), mobile
telephones, wireless microphones, wireless intercoms etc. Hence by encrypting the code one can
know if there is any leakage of information.

Hence the above are some of the trends changing the face of cyber security in the world.

The top network threats are mentioned in below Fig -1.

9
The above pie chart shows about the major threats for networks and cyber security.

10
 CHAPTER THREE

ROLE OF SOCIAL MEDIA IN CYBER SECURITY

As we become more social in an increasingly connected world, companies must find new ways
to protect personal information. Social media plays a huge role in cyber security and will
contribute a lot to personal cyber threats. Social media adoption among personnel is skyrocketing
and so is the threat of attack. Since social media or social networking sites are almost used by
most of them every day it has become a huge platform for the cyber criminals for hacking private
information and stealing valuable data.

In a world where we’re quick to give up our personal information, companies have to ensure
they’re just as quick in identifying threats, responding in real time, and avoiding a breach of any
kind. Since people are easily attracted by these social media the hackers use them as a bait to get
the information and the data they require. Hence people must take appropriate measures
especially in dealing with social media in order to prevent the loss of their information. The
ability of individuals to share information with an audience of millions is at the heart of the
particular challenge that social media presents to businesses. In addition to giving anyone the
power to disseminate commercially sensitive information, social media also gives the same
power to spread false information, which can be just being as damaging. The rapid spread of
false information through social media is among the emerging risks identified in Global Risks
2013 report.

Though social media can be used for cyber-crimes these companies cannot afford to stop using
social media as it plays an important role in publicity of a company. Instead, they must have
solutions that will notify them of the threat in order to fix it before any real damage is done.
However companies should understand this and recognize the importance of analyzing the
information especially in social conversations and provide appropriate security solutions in order
to stay away from risks. One must handle social media by using certain policies and right
technologies.

11
CYBER SECURITY TECHNIQUES

Access control and password security

The concept of user name and password has been fundamental way of protecting our
information. This may be one of the first measures regarding cyber security.

Authentication of data

The documents that we receive must always be authenticated be before downloading that is it
should be checked if it has originated from a trusted and a reliable source and that they are not
altered. Authenticating of these documents is usually done by the anti virus software present in
the devices. Thus a good anti virus software is also essential to protect the devices from viruses.

Malware scanners

This is software that usually scans all the files and documents present in the system for malicious
code or harmful viruses. Viruses, worms, and Trojan horses are examples of malicious software
that are often grouped together and referred to as malware.

Firewalls

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and
worms that try to reach your computer over the Internet. All messages entering or leaving the
internet pass through the firewall present, which examines each message and blocks those that do
not meet the specified security criteria. Hence firewalls play an important role in detecting the
malware.

Anti-virus software

Antivirus software is a computer program that detects, prevents, and takes action to disarm or
remove malicious software programs, such as viruses and worms. Most antivirus programs
include an auto-update feature that enables the program to download profiles of new viruses so
that it can check for the new viruses as soon as they are discovered. An anti virus software is a
must and basic necessity for every system.

12
CYBER ETHICS

Cyber ethics are nothing but the code of the internet. When we practice these cyber ethics there
are good chances of us using the internet in a proper and safer way. The below are a few of them:

 DO use the Internet to communicate and interact with other people. Email and instant
messaging make it easy to stay in touch with friends and family members, communicate
with work colleagues, and share ideas and information with people across town or
halfway around the world
 Don’t be a bully on the Internet. Do not call people names, lie about them, send
embarrassing pictures of them, or do anything else to try to hurt them
 Internet is considered as world’s largest library with information on any topic in any
subject area, so using this information in a correct and legal way is always essential.
 Do not operate others accounts using their passwords.
 Never try to send any kind of malware to other’s systems and make them corrupt.
 Never share your personal information to anyone as there is a good chance of others
misusing it and finally you would end up in a trouble.
 When you’re online never pretend to the other person, and never try to create fake
accounts on someone else as it would land you as well as the other person into trouble.
 Always adhere to copyrighted information and download games or videos only if they are
permissible.

The above are a few cyber ethics one must follow while using the internet. We are always
thought proper rules from out very early stages the same here we apply in cyber space.

13
CONCLUSION

Computer security is a vast topic that is becoming more important because the world is
becoming highly interconnected, with networks being used to carry out critical transactions.
Cyber-crime continues to diverge down different paths with each New Year that passes and so
does the security of the information. The latest and disruptive technologies, along with the new
cyber tools and threats that come to light each day, are challenging organizations with not only
how they secure their infrastructure, but how they require new platforms and intelligence to do
so. There is no perfect solution for cyber-crimes but we should try our level best to minimize
them in order to have a safe and secure future in cyber space.

14
 REFERENCES

A Sophos Article 04.12v1.dNA, eight trends changing network security by James Lyne.

Cyber Security: Understanding Cyber Crimes- Sunit Belapure Nina Godbole

Computer Security Practices in Non Profit Organisations – A NetAction Report by Audrie

Krause.

A Look back on Cyber Security 2012 by Luis corrons – Panda Labs.

International Journal of Scientific & Engineering Research, Volume 4, Issue 9, September-2013

Page nos.68 – 71 ISSN 2229-5518, “Study of Cloud Computing in HealthCare Industry “
by G.Nikhita Reddy, G.J.Ugander Reddy.

IEEE Security and Privacy Magazine – IEEECS “Safety Critical Systems – Next Generation
“July/ Aug 2013.

CIO Asia, September 3rd , H1 2013: Cyber security in malasia by Avanthi Kumar.

Aitel, D. (2013). Cybersecurity essentials for electric operators. The Electricity Journal, 26(1),
52-58.

Allen, J. Governing for Enterprise Security. Pittsburgh: Carnegie Mellon University, 2005.
Available on: . Access: April 15, 2012.

ANSI – American National Standards Institute (2009). ISA – 99.00.02-2009. Security for
Industrial Automation and Control Systems: Establishing an Industrial Automation and
Control Systems Security Program. USA.

Bodeau, D., & Graubart, R. (2010). Cyber resiliency engineering framework. MTR110237,
MITRE Corporation, September. Available at: . Access in: 15 apr. 2012.

Cebula, J. J., & Young, L. R. (2010). A Taxonomy of Operational Cyber Security Risks,
Software Engineering Institute. Available at: . Access in: 15 may 2012.

Cooper, D. R., Schindler, P. S., & Sun, J. (2006). Business research methods (Vol. 9). New
York: McGrawHill Irwin.

15
Coutinho, M. P. (2007) Detecção de Attacks em infraestruturas críticas de systems elétricos de
potência usando técnicas inteligentes. 260 f. PhD Tesis, Universidade UNIFEI, Itajubá.

DOE - US Department of Energy; DHS - US Department of Homeland Security (2012).

Electricity Subsector – Cybersecurity Capability Maturity Model – ES-C2M2.
Washington: DOE/DHS, 2012. Avaiable on: . Acess July 2nd 2012.

Gellings, C. W. (2009). The smart grid: enabling energy efficiency and demand response. The
Fairmont Press, Inc.

Hatch, M. J., & Cunliffe, A. L. (2013). Organization theory: modern, symbolic and postmodern
perspectives. Oxford University Press.

ITU-T – International Telecomunication Union (2008). Recommendation X.1205: Overview of

Cybersecurity. Geneva: ITU-T, 2008.

Mesquita, J. D. (2010). Estatística multivariada aplicada à administração: guia prático para

utilização do SPSS. Curitiba: CRV.

MIT - Massachusets Institute of Technology (2011). The Future of the Electric Grid: An
Interdisciplinary MIT Study. Cambridge: MIT.

Momoh, J. (2012). Smart grid: fundamentals of design and analysis (Vol. 63). John Wiley &
Sons

Newton’s Telecom Dictionary (2009). 25. ed. New York: Flatiron.

NIST – National Institute of Standards Technologies (2010). NISTIR 7628: Guidelines for Smart
Grid Cyber Security National Institute of Standards and Technology Interagency Report
7628. Gaithersburg: Department of Commerce/NIST, 2010. 1 v. 289 p. Avaiable on: .
Access: February 4, 2011.

OCDE (2004). Os Princípios da OCDE sobre o Governo das Sociedades. Disponível em: .Acesso
em: 25 out. 2012.

OCDE (2005). Diretrizes da OCDE sobre Governança Corporativa para Empresas de Controle
Estatal. Disponível em: .Acesso em: 25 out. 2012.

16
Roth, A. L. et al. (2012) Diferenças e inter-relações dos conceitos de governança e gestão de
redes horizontais de empresas: contribuições para o campo de estudos. Revista de
Administração da Universidade de São Paulo – RAUSP, v. 47, n. 1, p. 112-123,
jan./fev./mar. 2012.

Sorebo, G., Echols, M. (2012). Smart Grid Security: An End-to-End View of Security in the
New Electrical Grid. Boca Raton: CRC Press.

Turnbull, S. (1997) Corporate Governance: Its Scope, Concerns and Theories. Scholarly
Research and Theory Papers, v. 5, n. 4, 180-205.

Wright, J. T. C.; Giovanazzo, R. A. (2000) Delphi: uma Ferramenta de Apoio ao Planejamento

Prospectivo. Caderno de Pesquisa em Administração, São Paulo, FIA/FEA/USP, v. 1, n.
12, p. 54-65.

17