Cyber Security

Unit -2
 • Unauthorized Access to Computers
• Computer Intrusions
• White collar Crimes
• Viruses and Malicious Code
• Internet Hacking and Cracking
• Virus Attacks
• Pornography
•
Contents •
Software Piracy
Intellectual Property
• Mail Bombs
• Exploitation
• Stalking and Obscenity in Internet
• Digital laws and legislation
• Law Enforcement Roles and Responses
• Cybercrime: Mobile and wireless Devices
2
Dept. of CSE, NMIT
 Unauthorized Access
to Computers

Dept. of CSE, NMIT 3

Unauthorized Access to Computers
Unauthorized access is when a
What is
person gains entry to a computer “Unauthori
network, system, application zed
software, data, or other resources Access”?
without permission.

The popular Unauthorized Access is when a person who

term for this does not have permission to connect to or
is use a system gains entry in a manner
“Hacking” unintended by the system owner.

Dept. of CSE, NMIT 4

Unauthorized Access to Computers
How did
this
• Usually, access is gained via happen?
unpatched software
• Other Known vulnerabilities

The most common reasons for unauthorized entry are to:

• Steal sensitive data
• Cause damage
• Hold data hostage as part of a ransomware attack
• Play a prank

Dept. of CSE, NMIT 5

Unauthorized Access to Computers
The three primary objectives of preventing unauthorized
access

• Confidentiality—the protection of sensitive information

from unauthorized access
• Integrity—the protection of sensitive information from
unauthorized modification or destruction
• Availability—the protection of sensitive information and
information systems from unauthorized disruption

Dept. of CSE, NMIT 6

Unauthorized Access to Computers
Digital Unauthorized Access
Tactics How
Unauthorized
Physical Unauthorized Access
Tactics
Access Occurs

Other Unauthorized Access

Tactics

Dept. of CSE, NMIT 7

 Digital Unauthorized Access Tactics
• Guessing passwords

• Exploiting software vulnerabilities: A mistake

in software is referred to as a bug. In most
cases, these bugs are annoying, but
harmless. However, some bugs are
significant vulnerabilities that can be
exploited to gain unauthorized access into
applications, networks, operating systems, or
hardware. These vulnerability exploits are
commonly executed with software or code
that can take control of systems and steal
data.
• Social engineering: phishing, smishing, spear
phishing, ransomware, and impersonation.
Dept. of CSE, NMIT 8
• Social engineering
Cybercriminals often gain unauthorized access by taking advantage of human vulnerabilities, convincing
people to hand over credentials or sensitive data, often involve some form of psychological manipulation and
utilize malicious links in email, pop-ups on websites, or text messages.
• phishing, smishing, spear phishing, ransomware, and impersonation.
• Phishing is a type of social engineering attack often used to steal user data, including login
credentials and credit card numbers.
• Smishing is a form of phishing that uses mobile phones as the attack platform. The
criminal executes the attack with an intent to gather personal information, including social
insurance and/or credit card numbers. Smishing is implemented through text messages or
SMS.
• Spear phishing is a phishing method that targets specific individuals or groups within an
organization. ... A typical spear phishing attack includes an email and attachment. For
example:The attacker is encouraging the target to sign an “updated employee handbook”
• Ransomware is malware that employs encryption to hold a victim's information at
ransom. A user or organization's critical data is encrypted so that they cannot access files,
databases, or applications.
Dept. of CSE, NMIT 9
Physical Unauthorized Access Tactics
Cybercriminals often gain unauthorized access to physical spaces to carry out
their plans. Some opt to steal laptops or smart devices, then break into them
offsite. Others target computers or routers to insert malware.

• Tailgating or piggybacking

• Fraudulent use of access cards

• Door propping

Dept. of CSE, NMIT 10

Physical Unauthorized Access Tactics..

• Tailgating or piggybacking
Tailgating is a tactic used to gain physical access to resources by
following an authorized person into a secure building, area, or
room. The perpetrator can be disguised as a delivery or repair
person, someone struggling with an oversized package who may
require assistance, or someone who looks and acts as if they
belong there. Most of these situations occur "in plain sight."
• Fraudulent use of access cards
Access cards that are lost, stolen, copied or shared pose an
unauthorized access risk.
• Door propping
While incredibly simple, propping open a door or window is one of
the most effective ways for an insider to help a perpetrator gain
unauthorized access to restricted buildings or spaces.
Dept. of CSE, NMIT 11
Other Unauthorized Access Tactics
• Collusion: A malicious insider can collude with an
outsider to provide unauthorized access to physical
spaces or digital access to systems. Often, an insider
comes up with a plan, then brings in an outsider to help.
A more sophisticated third party can help override
internal controls and bypass security measures.

• Passbacks Passbacks are instances of sharing

credentials or access cards to gain unauthorized access
to physical places or digital systems.
Dept. of CSE, NMIT 12
Best Practices for Preventing Unauthorized
Access to Computers
• Electronic Data Protection
• Backup and Disposal of Data
• Password Management and Protection
• System and Device Protection
• Electronic Communications Protection—Email, Instant
Messaging, Text Messaging, and Social Media
• Coach Employees to Avoid Risky Behaviors
• Unauthorized Access Incident Response

Dept. of CSE, NMIT 13

Best practices to prevent unauthorized access

• Electronic Data Protection.

Network drives should be used to store sensitive information to protect it from unauthorized access and for
disaster recovery. Mobile devices and personal computing devices should not be used for storing sensitive
information. Removable media and devices should not be used to store sensitive information.
Backup and Disposal of Data
• Data should be backed up and stored according to data governance policies. Sensitive data backed up to cloud
storage providers should be encrypted. Backups should be conducted on a regular basis. Data that is no longer
needed should be permanently deleted.
Password Management and Protection
• Organizational leaders should ensure strong password policies and effective compliance programs are in place
to prevent unauthorized access, as well as follow these guidelines themselves.
• Strong passwords should be used that include a combination of letters, numbers, and symbols.
• A password should not be a word, common phrase, or one that someone with a little personal knowledge might
guess, such as the user’s/ child’s name, address, or phone number.
• Passwords should never be shared. Passwords should be changed periodically.
• Passwords should not be written down or stored in an unsecure location.
Dept. of CSE, NMIT 14
Best practices to prevent unauthorized access..

• System and Device Protection

• Malware scans should be regularly run on all systems.
• Computers, laptops, and smart devices should have the lock screen enabled, and should be
shut down when not in use for extended periods.
• Single sign-on (SSO) should be considered to centrally manage users’ access to systems,
applications, and networks.
• Anti-virus, anti-malware, and anti-ransomware software should be installed on all computers,
laptops, and smart devices.
• Electronic Communications Protection—Email, Instant Messaging, Text Messaging,
and Social Media
• Sensitive data should only be encrypted or sent as a password-protected file. Attachments or
links from untrusted sources should not be opened. Caution should be taken to avoid phishing
scams.
Contd..

Dept. of CSE, NMIT 15

Best practices to prevent unauthorized access..
• Coach Employees to Avoid Risky Behaviors
• Screens should be positioned so they cannot be viewed by others.
• Special precautions should be taken when leaving devices unattended in work from home
environments. Account recovery questions should not be easy to guess.
• Pop-ups and shortened URLs should not be clicked on unless from a trusted source.
• Sensitive information should not be accessed or discussed in public locations.
• Training/awareness program (Security Education and Training Awareness SETA)
• Unauthorized Access Incident Response
• Timing is of the essence in the event of an unauthorized access incident. Prior planning
and having a team ready to respond is critical.
• NIST unauthrorized access incident response process to follow.. Prepare, Detect,
Analyze, Contain, Eradicate, Recover, Post-Incident Handling.

16
 Computer Intrusions

“Intrusion” means
gaining uninvited access to
a group, place, or event.

Example of Intrusion:
“Intruders entered the art
gallery during the night and
stole several works of art.”
Dept. of CSE, NMIT 17
 Computer Intrusions
What are Computer intrusions occur when someone tries
to gain access to any part of your computer
computer system.
intrusions Computer intruders or hackers typically use
or attacks? automated computer programs when they try to
compromise a computer’s security.
There are several ways an intruder can try to
gain access to your computer.
They can:
• Access your computer to view, change, or delete information on
your computer.
• Crash or slow down your computer.
• Access your private data by examining the files on your system.
• Use your computer to access other computers on the Internet.
Dept. of CSE, NMIT 18
Computer Intrusions Five Stages of a
Cyber/Computer Intrusion

Dept. of CSE, NMIT 19

PHASE 1 OF INTRUSION: RECONNAISSANCE
• ATTACKER'S FOCUS: ANALYZING THE TARGET
• In this stage, attackers act like detectives, gathering information to truly understand their target and
study weaknesses. Their goal is to know the network better than the people who run and maintain it..
• The reconnaissance : it takes patience and time, from weeks to several months. Any information the
infiltrator can gather on the company, such as employee names, phone numbers, and email addresses,
will be vital.

• Attackers will also start to poke the network to analyze what systems and hosts are there. They will
note any changes in the system that can be used as an entrance point.
• For example, leaving your network open for a vendor to fix an issue can also allow the cybercriminal to
plant himself inside.
• By the end of this pre-attack phase, attackers will have created a detailed map of the network,
highlighted the system’s weaknesses, and then continue with their mission
• HOW TO COMBAT: KNOW YOUR NETWORK
• It is important to fully inspect your network, know the technologies inside, and any possible cracks in
your system. The best way to fully understand the network and have information readily available for
research is to centrally collect the log messages from your network hardware.

Dept. of CSE, NMIT 20

• PHASE 2: INITIAL EXPLOITATION
• ATTACKER’S FOCUS: INTRUSION
• Persistence is key and infiltrators use numerous methods in exploitation. Water-holing is
used by an attacker to compromise a popular website that is visited by company
employees. Once the employee visits the infected site, the cybercriminal can attack their
computer in hopes of gaining credentials and access to the company network. Other
examples of vectors used by attackers is by spear phishing, SQL injection, infecting emails,
and tainting removable media.
Example for water-holing:--In 2017, Ukrainian government websites were compromised to
spread the ExPetr malware.

• HOW TO COMBAT: LOGS AND PROCEDURES

• To protect your system, you need to focus on the most detailed information about the
network, the logs! Logs are the key to spotting any anomalies or breaches in your system.

• You need to be constantly monitoring your network traffic and looking for anomalies and
signs of attacks. Also, to make intrusion harder, among other measures, add two-factor
authentication to the services your users use or implement the principle of least privilege as
extra security methods.

Dept. of CSE, NMIT 21

• PHASE 3: ESTABLISH PERSISTENCE
• ATTACKER’S FOCUS: DIGGING INTO THE SYSTEM
• To take over the network, they will need to obtain more control and dive
deeper into the system. One method is through privilege escalation. This is
where the attacker uses any error or flaw in the system to either vertically or
horizontally obtain extra privileges or ones that were not intended for the user

• HOW TO COMBAT: MONITOR CONNECTION PATHWAYS

• With the infiltrator in your network, most likely there will be a command and
control channel from the outside into your infrastructure. Your task is to
detect and disarm the control channel before the attacker can start to move
laterally inside your network, causing more harm.
• You can use network and operating system logs to find connections from the
outside that should not be there with an easy to access dashboard.
Dept. of CSE, NMIT 22
• PHASE 4: MOVE LATERALLY
• ATTACKER’S FOCUS: FINDING KEY PIECES
• Cybercriminals usually do not land in the exact spot of their target, thus, they
need to move laterally to find their key pieces to complete their mission.

• HOW TO COMBAT: PROTECTION THROUGHOUT NETWORK

• If an attacker has made it inside your system, it is imperative to halt their
movement. The amount of protection around your network needs to have the
same strength as inside. You can strengthen your defense through network
segmentation, monitoring your logs, and limiting administrator privilege.

Dept. of CSE, NMIT 23

• PHASE 5: COLLECT, EXFIL, AND EXPLOIT
• ATTACKER’S FOCUS: GET IN, GET OUT
• The attackers have succeeded. They compromised your network and moved
out your sensitive data. The attackers can now leak this information and the
ultimate goal of their mission is complete.

• HOW TO COMBAT: ALWAYS BE IMPROVING!

• You need to be continually improving your defense systems, implementing
policies and procedures, and always be analyzing your logs because it is the
first place to detect malicious activity.

Dept. of CSE, NMIT 24

What are intrusion detection
systems? An intrusion detection system is a tool that
monitors network traffic for potential
intrusions that may indicate malicious
activity or a breach of policies.

• Network intrusion detection system (NIDS)

• Host intrusion detection system (HIDS)
• Protocol-based intrusion detection system (PIDS)
• Application protocol-based intrusion detection system
(APIDS)
• Hybrid intrusion detection system

Dept. of CSE, NMIT 25

• Network intrusion detection system (NIDS)
• (NIDS) is set up across the network, on tactical points, where it monitors inbound and outbound traffic to and from all devices
on a network and matches it with indicators of known attacks. When anomalous activity is detected, an alert is generated for
the incident to be examined further.
• Host intrusion detection system (HIDS)
• (HIDS) runs on all of a network’s hosts and devices that have access to the internet as well as the internal network. It monitors
the operations of individual hosts and tracks the status of all files on an endpoint and detects any activity, such as deletion or
modification of system files. An HIDS also scans all data packets that are sent to or from an endpoint to aid in the prevention
of insider threats.
• Protocol-based intrusion detection system (PIDS)
• (PIDS) is typically deployed on a web server and is used to monitor and analyze communication between devices on a network
and online resources, as it scans data transmitted over HTTP/HTTPS.
• Application protocol-based intrusion detection system (APIDS)
• (APIDS) monitors the communication between users and applications. It monitors the packets transmitted over application-
specific protocols and identifies instructions, tracing it to individual users.
• Hybrid intrusion detection system
• In the hybrid type, the capabilities of two systems—host- and network-based IDSs for example—are combined, rendering it
more effective than any single type of IDS.
• Intrusion detection systems are also categorized as active or passive:
• An active IDS is also known as an intrusion detection and prevention system (IDPS). Not only is it configured to monitor traffic
and detect anomalous behavior, it is also automated to block any suspected attacks with blocking IPs or by restricting access
to sensitive resources without any need for admin involvement.
• A passive IDS only monitors and analyzes network traffic and alerts an admin to a potential attack. It doesn’t have the ability
to perform any blocking or preventative activity on its own.

Dept. of CSE, NMIT 26

Computer Intrusions
IDS detection methods
Signature-based intrusion
detection system (SIDS)

Anomaly-based intrusion
detection system (AIDS)

Dept. of CSE, NMIT 27

• Signature-based intrusion detection system (SIDS)
• It identifies active instructions by monitoring packets travelling through
the network and comparing them against a database of known system
vulnerabilities and their attributes. SIDSs look for specific patterns such
as number of bytes or known malicious instruction sequences, with
the detected patterns (something originating from antivirus software)
known as signatures. Because IDSs can only detect known attacks, it’s
important to continuously update signatures
• Anomaly-based intrusion detection system (AIDS) or behaviour-based
• It was introduced to fill the gaps left by SIDS and present a newer
technology that detects unknown attacks to keep up with the speed at
which new malware and threats are developed.
• AIDS establishes a baseline of normal and trustworthy network activity
and compares it with traffic to identify anomalies.

Dept. of CSE, NMIT 28

 Computer Intrusions
Benefits of intrusion Challenges of intrusion
detection systems (IDS) detection systems
• Identify security risks
• Improve security • Fragmentation
controls • Obscurity
• Low-bandwidth
• Regulatory
attacks
compliance
• Better response time
Dept. of CSE, NMIT 29
BENEFITS of IDS
• Identify security risks
• An IDS tool, by identifying intrusions and security incidents, helps you understand the security risks that your
organization is facing, as well as their quantity and level of sophistication.
• It can also identify problems with your network device configuration and provide valuable metrics that can be
used to further inform incident response policies.
• Improve security controls
• Maintaining a healthy knowledge and understanding of cyber security risks is necessary to establish and improve
cyber security policies and strategies that evolve as the threat landscape changes.
• Regulatory compliance
• As the number of regulatory policies organizations must comply with grows, and across a wide range of
industries, having a tool that empowers and simplifies the process of meeting those regulations is crucial.
• IDSs generate and store logs of a network that form an important part of any documentation maintained for
compliance audits.
• Better response time
• While we mentioned that IDS solutions can be used to inform better incident response practices and its ability to
boost response time to security incidents like alerts to inspect information in those packets, collecting valuable
data efficiently and promptly.
Dept. of CSE, NMIT 30
Challenges of intrusion detection systems
• Fragmentation: This is a basic technique that splits the attack payload by fragmenting it into
multiple packets to stay under the radar since modifying them to require complicated
reassembly will help them avoid detection.
• One way fragmentation is implemented is to add pauses during the sending of other parts of
the payload, in the hope that the IDS will time out.
• Other ways involve sending packets in such a way that one fragment overwrites data from a
previous packet, and by sending packets in incorrect order—to confuse the IDS but not the
target host.
• Obscurity: This IDS evasion technique involves the deliberate manipulation of protocols to
use different ports.
• Low-bandwidth attacks: Attackers can coordinate an attack spread across a large number of
sources, and over a long period of time it can imitate benign traffic and noise such as that
produced by online scanners, thereby avoiding IDS detection.
• This technique works by making it challenging for the IDS to correlate all packets and make
the distinction of whether this is benign or malicious scanning activity.
Dept. of CSE, NMIT 31
White collar Crimes
White collar crimes are non-violent, illegal activities
that are committed by individuals or businesses for
financial gain or personal gain.
The modern thief can steal
more with a computer than
White-collar with a gun. Tomorrow's
crimes and terrorist may be able to do
Cybercrimes? more damage with a keyboard
than with a bomb
Any crime committed on the Internet is referred to as Cybercrime, and
when such crime is non-violent and especially motivated towards financial
gain then it becomes a White-collar cybercrime.

Dept. of CSE, NMIT 32

White collar Crimes - examples
❑ Economic espionage and trade
secret theft
❑ Credit-card fraud
❑ Telemarketing and Mail Fraud
❑ Identity Theft
❑ Phishing
❑ Computer Intrusion

Dept. of CSE, NMIT 33

White collar Crimes - examples
Type of hacking which includes in the white-collar
crimes is the “Salami Attacks” which occurs mainly
in the financial area.
These attacks go unnoticed due to their performing very
little alterations.

Wanna cry The Ziegler

ransomware case
Dept. of CSE, NMIT 34
Viruses and Malicious Code
Malicious code is the language hostile parties “speak”
to manipulate computer systems into dangerous
behaviors.
It is created by
writing changes or add-ons
To the existing programming of
computer programs
Files and
Infrastructure
Dept. of CSE, NMIT 35
Viruses and Malicious Code
Consequences of Malicious Code
• Corruption of data
• Distributed denial-of-Service (DDoS)
• Credential theft and private info theft
• Ransom and extortion
• Nuisance and inconvenience

Dept. of CSE, NMIT 36

 Viruses and Malicious Code
How does
• Any programmed component of a
computer system can be manipulated by a malicious
malicious code. code
• Large-scale components such as work?
computer networking infrastructure and
smaller components like mobile or
desktop apps are all common targets. Traditional computer devices —
• Web services, such as websites and desktops, laptops, mobile
online servers, can also be targets. phones, tablets.
• Malicious code can infect any device IoT devices —
using a computer to operate. smart home devices, in-vehicle
infotainment systems (IVI).
Computer network devices —
modems, routers, servers.
Dept. of CSE, NMIT 37
Viruses and Malicious Code
Types of Malicious Code
Virus Attach itself to program and propagates copies of itself to
other programs.
Trojan Horse Contain unexpected, additional functionality.
Logic bomb Triggers action when condition occur.
Time bomb Triggers action when specific time occur. Trapdoor –
allows unauthorized access to functionality.

Worm Propagates copies of itself through network.

Rabbit As a virus or worm replicates itself without limit to exhaust
resources.
Dept. of CSE, NMIT 38
 Viruses and Malicious Code

Appended Viruses

9/19/2023 Dept. of CSE, NMIT 39

Viruses and Malicious Code

Viruses that surround a program

Dept. of CSE, NMIT 40
Viruses and Malicious Code

Integrated Viruses and

Replacement
Dept. of CSE, NMIT 41
Hacking and Cracking
• Any attempt to intrude into a computer or a network without
authorization is called hacking.
• This involves changing of system or security features in a bid to
accomplish a goal that differs from the intended purpose of the
system.
• It can also refer to non-malicious activities, usually involving
unusual or improvised alterations to equipment or processes.
• An individual who involves themselves in hacking activities is
known as a hacker, and some companies employ hackers as
part of their support staff.
• These kind of hackers use their skills to find flaws in the
company security system, to prevent identity theft and other
computer-related crimes against the company.
Dept. of CSE, NMIT 42
 Hacking and Cracking
There are various kinds of hackers: the most common
are white hats, black hats and grey hats.
• White hats hack to check their own security systems to make it more hack-
proof. In most cases, they are part of the same organization.
• Black hat hackers hack to take control over the system for personal gains.
They destroy, steal and even prevent authorized users from accessing the
system, by finding loopholes and weaknesses in the system.
• Grey hat hackers comprise curious people who have just about enough
computer language skills to enable them to hack a system to locate
potential loopholes in the network security system. They then notify the
network system admin about the weaknesses discovered in the system.

Dept. of CSE, NMIT 43

Hacking and Cracking

Hacking is the process of intruding computer

systems without authorization in order to gain access

Crackingto
is them, for good
the same or bad
practice purpose
though with criminal
intention.
However, cracking is generally less harmful than
hacking
Dept. of CSE, NMIT 44
 Hacking and Cracking
A cracker is someone
• who breaks into a network;
• bypasses passwords or licenses in computer
programs;
• or in other ways intentionally breaches computer
security.
Crackers also act as Black Hats
They by gaining access to the accounts of people maliciously
and misusing this information across networks.
They can steal credit card information, they can destroy
important files, disclose crucial data and information or
personal details and
Dept. of sell them for personal gains.
CSE, NMIT 45
 Hacking and Cracking
Password cracking
Most common password
cracking methods
Common • Brute force cracking
types of
cracking • Dictionary cracking
• Rainbow table cracking
• Brute force cracking: The cracking algorithm outputs random strings of characters
until it gets a match.
• Dictionary cracking: It’s similar to brute-force cracking, but rather than using random
characters, dictionary cracking limits itself to actual words.
• Rainbow table cracking: A rainbow table uses precomputed hash values to figure out
the encryption used to hash a password.
Dept. of CSE, NMIT 46
 Hacking and Cracking
Software cracking
Most software cracking
Common uses at least one of the
types of following tools or
cracking techniques
• Keygen
• Patch
• Loader
Dept. of CSE, NMIT 47
• Keygen: Short for “key generator,” a keygen is a program a cracker
builds to generate valid serial numbers for a software product. If you want
to use the software for free, you can download the keygen and generate
your own serial number, allowing you to fool the developer’s copy
protection into thinking you’ve paid for the software.
• Patch: Patches are small bits of code that modify existing programs.
Developers release patches for software all the time. Crackers can make
them too, and when they do, the patch’s job is to alter the way the
program works by removing the unwanted features.
• Loader: A loader’s job is to block the software’s protection measures as
the software starts up. Some loaders bypass copy protections, while
others are popular with gamers who enjoy cheating in online
multiplayer games.
•

Dept. of CSE, NMIT 48

 Hacking and Cracking
Network cracking

Common Network cracking is when

types of someone breaks through
cracking the security of a LAN, or
“local area network.”

Dept. of CSE, NMIT 49

Hacking and Cracking
How can I prevent cracking?

Don’t repeat
passwords Use a VPN Check for
HTTPS
Change your
router’s login Don’t click ads
info

Stay off public Wi- Keep your software

Fi updated
Dept. of CSE, NMIT 50
 Ethical Hacker (White hat): A security hacker who
Hacking gains access to systems with a view to fix the
identified weaknesses. They may also perform

and penetration Testing and vulnerability assessments.

Cracker (Black hat): A hacker who gains unauthorized
access to computer systems for personal gain. The
Cracking intent is usually to steal corporate data, violate
privacy rights, transfer funds from bank accounts etc.

Grey hat: A hacker who is in between ethical and

black hat hackers. He/she breaks into computer
systems without authority with a view to identify
weaknesses and reveal them to the system owner.
Script kiddies: A non-skilled person who gains access
to computer systems using already made tools.

Hacktivist: A hacker who use hacking to send social,

religious, and political, etc. messages. This is usually
done by hijacking websites and leaving the message
on the hijacked website.
Phreaker: A hacker who identifies and exploits
Dept. of CSE, NMIT weaknesses in telephones instead of9/19/2023
computers.
51
Virus Attacks
• A malware attack is when cybercriminals
create malicious software that’s installed on
someone else’s device without their
knowledge to gain access to personal
information or to damage the device, usually
for financial gain.
• Different types of malware include viruses,
spyware, ransomware, and Trojan horses.
• Malware attacks can occur on all sorts of
devices and operating systems, including
Microsoft Windows, macOS, Android, and iOS.
Dept. of CSE, NMIT 52
• At least one type of malware attack is growing.
 Virus Attacks
CYBER SECURITY ATTACK TYPES – ACTIVE AND PASSIVE ATTACKS

Passive Attacks Active Attacks

• An active attack could be a network exploit
• Passive attack can monitor, observe during which the attackers will modify or alter
or build use of the system’s data for
the content and impact the system resource.
sure functions.
• It’ll cause damages to the victims.
• Passive attack doesn’t have any
• The attackers can perform passive attacks to
impact on the system resources, and
gather info before they begin playacting a
also, the data can stay unchanged.
vigorous attack.
• The victim is difficult to note passive
• The attackers attempt to disrupt and forced the
attacks as this sort of attack is
lock of the system.
conducted in secret.
• The victims can get informed concerning the
• Passive attack aims to achieve data or
active attack.
scan open ports and vulnerabilities of
• This sort of attack can threaten their integrity
the network.
and accessibility.
• A vigorous attack is tougher to perform
compared to a passive attack.
Dept. of CSE, NMIT 53
Virus Attacks
Most common types of malware attacks

• Exploit kit
• Malicious websites and drive-by-
downloads
• Malvertising
• Malicious advertising
• Man-in-the-middle (MitM) attack
• Man-in-the-browser (MitB) attack
• Social engineering and malware attacks
Dept. of CSE, NMIT 54
Virus Attacks
11 real cases of malware attacks
1) CovidLock, 7) Stuxnet, worm, 2010
ransomware, 2020 8) Zeus, trojan, 2007
2) LockerGoga, 9) MyDoom, worm, 2004
ransomware, 2019 10)ILOVEYOU, worm,
3) Emotet, trojan, 2018 2000
4) WannaCry, 11)Melissa, virus, 1999
ransomware, 2017 How to fight malware attacks
5) Petya, ransomware,
2016 Cybersecurity
6) CryptoLocker, awareness
ransomware, 2013 Technology to fight
Dept. of CSE, NMIT malware 55
 Pornography
Cyber pornography can be defined as pornographic
material
designed, published or distributed using cyber space as a medium.

Pornography Offenses
“Child Pronography” means any visual depiction, including but not
limited to the following:

Any photograph that can be considered obscene and/or unsuitable for the age
of child viewer;
• Film, Video, Picture
• Computer-generated image or picture of sexually explicit conduct
• The production of visual depiction that involves the use of a minor
engaging in sexually explicit conduct .
Dept. of CSE, NMIT 56
Pornography
• In India, viewing digital pornography is not a crime,
but creating and distributing such material is.
• It is legal in most other countries.
• However, child pornography is illegal in all forms
and has been banned universally.
As the broadband connections get into the reach of more
and more homes
larger child population will be using the Internet
Greater would be the chances
of falling victim to the aggression of pedophiles.
Dept. of CSE, NMIT 57
 How Pedophiles
Pornography Operate?
• Pedophiles use False identity to trap the children/teenagers (using “False
identity” which in itself is another crime called “identity theft”).
• They seek children/teens in the kids’ areas on the services, such as the T
eens BB, Games BB or chat areas where the children gather.
• They befriend children/teens.
“Pedophiles” are pe • They extract personal information from the child/
teen by winning his/her confidence.
ople who physically or • Pedophiles get EMail address of the child/teen and Start making contacts
psychologically on the victim’s E-Mail address as well. Sometimes, these E-
Mails contain sexually explicit language.
coerce minors to engage • Theystart sending pornographic images/text to the victim including child
in sexual activities, which pornographic images
to help child/teen shed his/her inhibitions so that a Feeling is created in th
the minors would not co e mind of the -
victim that what is being fed to him is normal and that everybody does it.
nsciously agree. • At the end of it, the pedophiles set up a meeting with the child/teen out of
the house and then drag him/her
into the net to Further sexually assault him/het or to use him/her as a sex
object.

Dept. of CSE, NMIT 58

Pornography

Children’s Online Privacy Protection Act or CO

PPA is a way of
Legal re preventing online pornography.
medies e Software Net Nanny and Cybersitter
xist only
to som Originally designed for parents concerned ab
e extent out their children’s
unrestricted access to seamier side of the Int
ernet, which can be used to block a
user’s access to websites containing danger
Dept. of CSE, NMIT 59
Software Piracy
Cybercrime investigation cell of India defines
“software piracy” as theft of software through the
illegal copying of genuine programs or the counterfeiting
and distribution of products intended to pass for the
There
original. are many examples of software piracy
end-user copying - friends loaning disks to each Other, or
organizations under - reporting the number of software
installations they have made, or
organizations not tracking their software licenses;
hard disk loading with illicit means - hard disk vendors load
pirated software;
counterfeiting - large-scale duplication and distribution of 60
Dept. of CSE, NMIT
Software Piracy
Beware that those who buy pirated software have a
lot to lose:

a. getting untested software that may have been copied

thousands of times over,
b. the software, if pirated, may potentially contain hard -
drive-infecting viruses,
c. there is no technical support in the case of software
failure, that is, lack of technical product support
available to properly licensed users,
d. there is no warranty protection,
Dept. of CSE, NMIT 61
Software Piracy
Economic impact of software piracy is grave

Dept. of CSE, NMIT 62

 Intellectual Property
• Intellectual Property (IP) simply refers to the creation of the
mind.
• It refers to the possession of thought or design by the one who
came up with it.
• It offers the owner of any inventive design or any form of
distinct work some exclusive rights, that make it unlawful to
copy or reuse that work without the owner’s permission.
• It is a part of property law. People associated with literature,
music, invention, etc. can use it in business practices.
Dept. of CSE, NMIT 63
Intellectual Property
There are numerous types of tools of protection that
come under the term “intellectual property”
Patent Geographical indications
Trademark Industrial Designs
Trade secrets
Copyrights
Layout Designs of Integrated Circuits
Copyright Infringement
Dept. of CSE, NMIT 64
Intellectual Property
Copyright Issues in
Cyberspace
1.Linking
2.Software Piracy
• Soft lifting
• Software Counterfeiting
• Uploading-Downloading
3.Cybersquatting
4.Trademark Issues in
Cyberspace Dept. of CSE, NMIT 65
 Mail Bombs
• E’Mail bombing refers to sending a
large number of E-Mails to the victim
to crash vicrim’s E-Mail account (in
the case of an individual) or to make
victim’s mail servers crash (in
the case of a company or an E-Mail
service provider).
• Computer program can be written to
instruct a computer to do such tasks
on a repeated basis.
• In recent times, terrorism has hit the
Internet in the form of mail
bombings.
• By instructing a computer to
repeatedly send E-Mail to a specified
person's
9/19/2023 E-Mail address, Dept. ofthe
CSE, NMIT 66
Mail Bombs
Email bombs, depending on the magnitude can be a
form of prank or an actual denial of service attack
There are three ways to
create an email bomb
Mass mailing
List Linking
Zip Bombing
Dept. of CSE, NMIT 67
Exploitation
An exploit is
a program, or
piece of code,
designed to find and take advantage of a security
flaw or vulnerability
in an application or computer system,
typically for malicious purposes such as installing
malware.
An exploit is not malware itself, but rather it is a
method used by cybercriminals to
deliver malware.
Dept. of CSE, NMIT 68
Exploitation
• For exploits to be effective,
many vulnerabilities require an
How attacker to initiate a series of
does an suspicious operations to set up
exploit an exploit.
work?
• Typically, most of the
vulnerabilities are result of a
software or system architecture
bug.
Dept. of CSE, NMIT 69
Exploitation
• Many software vendors patch known bugs to
remove the vulnerability.
• Security software also helps by detecting,
How do I reporting, and blocking suspicious operations.
• Security software prevents exploits from
defend occurring and damaging computer systems,
against regardless of what malware the exploit was
exploits? trying to initiate.
• The typical security software implemented by
businesses to ward off exploits is referred to
as threat defense as well as endpoint,
detection, and response (EDR) software.
• Other best Dept. of CSE, NMITpractices are to initiate
70
 Exploitation
Common types of
Known exploitscomputer exploits
Zero-day exploits
When someone discovers a (unknown
When exploits)
a hacker discovers a
software vulnerability, they’ll vulnerability and immediately
often alert the software’s creates an exploit for it, it’s called
developer, who can then fix the a• zero-day exploit.
ZERO-DAY EXPLOIT
vulnerability immediately with a
ATTACKS are highly dangerous,
security patch.
because there’s no obvious
They may also spread the word or immediate solution to the
about the vulnerability on the vulnerability.
internet to warn others. Either • Only the attacker has discovered
way, the that
Any exploit developer will
targets an already- the vulnerability, and only they
(hopefully) be able toisrespond
patched vulnerability referred to know how to exploit it.
and repair EXPLOIT
as a KNOWN the vulnerability Dept. of CSE, NMIT• To respond to the attack,71 a
before an exploit can take
Dept. of CSE, NMIT 72
Dept. of CSE, NMIT 73
Dept. of CSE, NMIT 74
 Cyber Stalking is
Stalking and Obscenity in Internet “the use of
Stalking is an information and
“act or process communications
of following technology,
particularly the
prey stealthily -
Internet, by an
trying to individual or group
approach of individuals to
some-body or harass another
individual, group of
something.” individuals or and
• false accusations, • pornography
The • monitoring, organization”
• gathering information
behaviou transmission of threats for harassment
r • ID theft purposes
• damage
Dept. of CSE, NMIT
to data or 75
Stalking and Obscenity in Internet
Cyberstalking refers to the use of Internet and/or
other eleccronic communications devices to stalk
another person.
It involves harassing or threatening behaviour that
an individual will conduct repeatedly
For example,
a person, visiting a person’s home and/or at
business place. making phone calls, leaving written
Cyberstalkers take advantage of ease of
messages, or vandalizing against the person’s
communication and an increased access to personal
property.
information available with a few mouse clicks or
keystrokes.
Dept. of CSE, NMIT 76
Stalking and Obscenity in Internet
Types of Stalkers
Two types of stalkers

Online Stalkers

Offline Stalkers

Dept. of CSE, NMIT 77

Dept. of CSE, NMIT 78
Dept. of CSE, NMIT 79
Dept. of CSE, NMIT 80
Dept. of CSE, NMIT 81
Stalking and Obscenity in Internet
Cases Reported on Cyberstalking
• The majority of cybetsralkets are men and the majority
of their victims are women.
• In many cases, the cyberstalker and the victim hold a
prior relationship, and the cyberstalking begins when
the victim attempts to break off the relationship. For
example, ex-lovet, ex—spouse, boss/subordinate, and
neighbor.

Dept. of CSE, NMIT 82

Stalking and Obscenity in Internet
1. Personal information gathering about the victim:
Name; family background; contact details such as
cell phone and telephone numbers (of residence as
well as office); address of residence as well as of the
How office; E-Mail address; date of birth, etc.
Stalki 2. Establish a contact with Victim through
telephone/cell phone. Once the contact is
ng established, the stalker may make calls to the victim
Work to threaten/harass.
3. Stalkers will almost always establish a contact with
s? the victims through E-Mail. The letters may have the
tone loving, threatening or can be sexually explicit.
The stalker may use multiple names while contacting
Dept. of CSE, NMIT 83
Stalking and Obscenity in Internet
5. The stalker may post the victim’s personal
information on any website related to illicit services
such as dating services, posing as if the victim has
posted the information and invite the people to call
How the victim on the given contact details (telephone
numbers/cell phone numbers/E-Mail address) to
Stalki have unethical services. The stalker will use bad
ng and/or offensive/attractive language to invite the
Work interested persons.
6. Whosoever comes across the information, start
s? calling the victim on the given contact details
(telephone/cell phone nos), asking for sexual
services or relationships.
Dept. of CSE, NMIT 84
7. Some stalkers subscribe/register the E-Mail account
Digital laws and legislation
• Social media intermediaries, with registered users in India
above a notified threshold, have been classified as significant
social media intermediaries (SSMIs).
• SSMIs are required to observe certain additional due diligence
such as appointing certain personnel for compliance, enabling
identification of the first originator of the information on its
platform under certain conditions, and deploying technology-
based measures on a best-effort basis to identify certain types
of content.
• The Rules prescribe a framework for the regulation of content
by online publishers of news and current affairs content, and
curated audio-visual content.
• All intermediaries are required
Dept. of CSE, NMIT to provide a grievance85
Digital laws and legislation
Key Issues and Analysis
• The Rules may be going beyond the powers delegated under
the Act in certain cases, such as where they provide for the
regulation of significant social media intermediaries and online
publishers, and require certain intermediaries to identify the
first originator of the information.
• Grounds for restricting online content are overbroad and may
affect freedom of speech.
• There are no procedural safeguards for requests by law
enforcement agencies for information under the possession of
intermediaries.
• Requiring messaging services to enable the identification of
the first originator of information on its platform may adversely86
Dept. of CSE, NMIT
Law Enforcement Roles and
Responses
1. Establishment of National Critical Information Infrastructure
Protection Centre (NCIIPC) for protection of critical
information infrastructure in the country.
2. All organizations providing digital services have been
mandated to report cyber security incidents to CERT-In
expeditiously.
3. Cyber Swachhta Kendra (Botnet Cleaning and Malware
Analysis Centre) has been launched for providing detection
of malicious programmes and free tools to remove such
programmes.
4. Issue of alerts and advisories regarding cyber threats and
counter-measures by CERT-In.
5. Issue of guidelines for Chief Information Security Officers87
Dept. of CSE, NMIT
Law Enforcement Roles and
Responses
7. Empanelment of security auditing organisations to support
and audit implementation of Information Security Best
Practices.
8. Formulation of Crisis Management Plan for countering cyber
attacks and cyber terrorism.
9. Conducting cyber security mock drills and exercises regularly
to enable assessment of cyber security posture and
preparedness of organizations in Government and critical
sectors.
10.Conducting regular training programmes for network / system
administrators and Chief Information Security Officers
(CISOs) of GovernmentDept.andof CSE, NMITcritical sector organisations88
What Are Common Types of Credit Card Fraud?

In 2020 alone, nearly 400,0001 Americans were victims of credit card fraud — and that number is only going
up. In fact, according to the Federal Trade Commission (FTC) credit card fraud is one of the fastest
growing2 forms of identity theft.

Dept. of CSE, NMIT 89

Types Of Credit Card Fraud
• Credit card fraud comes in all shapes and sizes. It can happen
online, over the phone, by text, and in person. You can be duped
by fake emails, have your information stolen in a data breach, or
have your cards stolen out of your mailbox. And these are just a few
of the possibilities.
• To protect yourself from becoming a victim, you need to know
about different kinds of credit card fraud. While solid prevention
won't make you immune to it, being cautious can reduce your
chances

Dept. of CSE, NMIT 90

• Card-not-present (CNP) fraud
• Scammers steal a cardholder's credit card and personal information — and then
use it to make purchases online or by phone. CNP fraud is difficult to prevent
because there is no physical card to examine and the merchant can't verify the
buyer's identity.
• Credit card application fraud
• Criminals use stolen personal information (name, address, birthday, and social
security number) to apply for credit cards. This type of fraud can go undetected
until the victim applies for credit themselves or checks their credit report. While the
victim will typically not be responsible for any purchases made with fraudulent
credit card accounts due to protection offered by the cards, this type of fraud can
damage the victim's credit score.
• Account takeover
• After stealing personal information, scammers contact credit card companies
pretending to be the cardholder. They then change passwords and PIN numbers
so they can take over the account. This type of credit card fraud will likely be
detected when the cardholder tries to use their card or log in to their account
online.
•

Dept. of CSE, NMIT 91

• Credit card skimming
• The practice of credit card skimming is still happening, despite the
prevalence of cards. Skimmers are devices that steal credit card
information from the magnetic strip on the back of the card.
Scammers attach them to credit card reader machines in ATMs,
retail stores, gas stations, and other businesses. Then they either
sell the information to other scammers or use it themselves to make
charges on your card.
• Lost or stolen cards
• One of the most basic credit card fraud schemes is to simply steal
someone's credit card or use a card someone has lost. Thieves also
intercept credit cards sent to cardholders in the mail.

Dept. of CSE, NMIT 92

Protecting Yourself From Credit Card Fraud
• Never provide personal or financial information in response to emails, texts, or
phone — even if it looks like it's coming from a company you do business with.
Remember, no reputable company — including Synovus — will ever request your
personal information via email, text, or phone.
• To protect yourself from skimming, avoid suspicious card readers, like ones with
sticky keypads or that seem to be haphazardly attached to an ATM or gas pump.
• Shield your PIN and account number from bystanders and store employees when
using your card in person.
• Don't let mail sit in your mailbox for an extended period of time. It's not just credit
cards themselves that thieves can steal, but also financial statements. Since these
contain your name, address, and account number, it gives thieves a head start in
CNP scams. If you'll be away, place a vacation hold3 with the post office. And for
additional protection, consider moving to paperless statements.
• Set up account alerts to notify you of suspicious transactions — for example,
charges over a certain dollar amount.

Dept. of CSE, NMIT 93

 How To Detect Credit Card Fraud
• Unauthorized or suspicious charges are often the first indication you've
been a victim of credit card fraud. Review your monthly statements
carefully to make sure there are no charges for things you didn't buy —
or withdrawals you didn't authorize. Receiving a credit card statement
for a card you didn't apply for is another way you could find out you've
been victimized.
• Many credit card companies are proactive about detecting fraud and
often contact cardholders if they detect suspicious activity. However, it's
never wise to provide information on any unsolicited phone calls.
Instead, hang up and call your credit card company back and ask if
there are any problems with your account.

Dept. of CSE, NMIT 94

 How To Report Credit Card Fraud
• If you discover fraudulent transactions — or if your card is lost or
stolen — contact your credit card company immediately to report
the fraud. Ask them to cancel or suspend your account. They will
tell you how to destroy any existing cards and when you'll receive
replacement cards.
• You can also file a police report by contacting your local police or
sheriff's office. In most cases, local authorities aren't equipped to
handle credit card fraud cases. However, some creditors require
police reports as part of their investigation into your fraud claim.
•

Dept. of CSE, NMIT 95

 What Do You Do If You're A Credit Card
Fraud Victim
• File a fraud alert with one of the three credit reporting
bureaus, TransUnion,4 Equifax5 or Experian.6 You only need to file with one as they
share alert information. The alert will make it harder for anyone to open new credit
in your name. You can also place a freeze on your account, which prevents you — or
scammers — from opening any new credit accounts in your name until you remove
the freeze.
• File a complaint with the Federal Trade Commission at identitytheft.gov.7 Once you
have filed a complaint, the agency will work with you to create a personal fraud
recovery plan.
• Check your credit report. It's wise to check your credit report for credit inquiries or
accounts you don't recognize even if you haven't been a victim. This will help you
catch any fraudulent activity that may have slipped through the cracks. If you have
been a victim, it's even more important to check your report regularly. In response to
the dramatic rise in all types of financial fraud during the COVID-19 pandemic, all
three credit reporting bureaus — Equifax, Experian and TransUnion — are
offering free weekly credit reports8 to help consumers keep an eye on their
accounts.
Dept. of CSE, NMIT 96