What is Cybercrime?

Types, Tools, Examples

What is Cybercrime?
Cybercrime is defined as an unlawful action against any person using a computer, its systems,
and its online or offline applications. It occurs when information technology is used to commit or
cover an offense. However, the act is only considered Cybercrime if it is intentional and not
accidental.

Example of Cybercrime
Here, are some most commonly occurring Cybercrimes:

 The fraud did by manipulating computer network

 Unauthorized access to or modification of data or application
 Intellectual property theft that includes software piracy
 Industrial spying and access to or theft of computer materials
 Writing or spreading computer viruses or malware
 Digitally distributing child pornography

Cybercrime Attack Types

Cybercrime can attack in various ways. Here, is some most common cybercrime attack mode:

Hacking:
It is an act of gaining unauthorized access to a computer system or network.

Denial Of Service Attack:

In this cyberattack, the cyber-criminal uses the bandwidth of the victim’s network or fills their e-
mail box with spammy mail. Here, the intention is to disrupt their regular services.

Software Piracy:
Theft of software by illegally copying genuine programs or counterfeiting. It also includes the
distribution of products intended to pass for the original.

Phishing:
Pishing is a technique of extracting confidential information from the bank/financial institutional
account holders by illegal ways.

Spoofing:
It is an act of getting one computer system or a network to pretend to have the identity of another
computer. It is mostly used to get access to exclusive privileges enjoyed by that network or
computer.

Cyber Crime Tools

There are many types of Digital forensic tools

Kali Linux:

Kali Linux is an open-source software that is maintained and funded by Offensive Security. It is
a specially designed program for digital forensics and penetration testing.

Ophcrack:

This tool is mainly used for cracking the hashes, which are generated by the same files of
windows. It offers a secure GUI system and allows you to runs on multiple platforms.

EnCase:

This software allows an investigator to image and examine data from hard disks and removable
disks.

SafeBack:

SafeBack is mainly using for imaging the hard disks of Intel-based computer systems and
restoring these images to some other hard disks.

Data dumper:

This is a command-line computer forensic tool. It is freely available for the UNIX Operating
system, which can make exact copies of disks suitable for digital forensic analysis.

Md5sum:

A tool to check helps you to check data is copied to another storage successfully or not.

Summary:

 Cybercrime is an unlawful action against any person using a computer, its systems, and
its online or offline applications.
 The fraud did by manipulating computer network is an example of Cybercrime
 Various types of Cyber crime attack modes are 1) Hacking 2) Denial Of Service Attack
3) Software Piracy 4) Phishing 5) Spoofing.
  Some important tool use for preventing cyber attack are 1)Kali Linux, 2) Ophcrack, 3)
EnCase, 4) SafeBack, 5) Data Dumber
 Kali Linux is an open-source software that is maintained and funded by Offensive
Security.
 Ophcrack is a tool that is mainly used for cracking the hashes, which are generated by the
same files of windows.
 EnCase tool allows an investigator to image and examine data from hard disks and
removable disks
 SafeBack is mainly using for imaging the hard disks of Intel-based computer systems and
restoring these images to some other hard disks.
 Data dumper is a command-line computer forensic tool.
 Md5sum is a helps you to check data is copied to another storage successfully or not. If
you are interested in furthering your understanding of such cybersecurity tools and
software, you might find this comprehensive guide on Cybersecurity Software
Tools quite helpful.

Cyber Security Tools

Protecting our IT environment is very critical. Every organization needs to take cybersecurity
very seriously. There are numbers of hacking attacks which affecting businesses of all sizes.
Hackers, malware, viruses are some of the real security threats in the virtual world. It is essential
that every company is aware of the dangerous security attacks and it is necessary to keep
themselves secure. There are many different aspects of the cyber defence may need to be
considered. Here are six essential tools and services that every organization needs to consider to
ensure their cybersecurity is as strong as possible. They are described below:
1. Firewalls

As we know, the firewall is the core of security tools, and it becomes one of the most important
security tools. Its job is to prevent unauthorized access to or from a private network. It can be
implemented as hardware, software, or a combination of both. The firewalls are used to prevent
unauthorized internet users from accessing private networks connected to the Internet. All
messages are entering or leaving the intranet pass through the firewall. The firewall examines
each message and blocks those messages that do not meet the specified security criteria.

The Firewall is very useful, but it has limitations also. A skilled hacker knew how to create data
and programs that are believing like trusted firewalls. It means that we can pass the program
through the firewall without any problems. Despite these limitations, firewalls are still very
useful in the protection of less sophisticated malicious attacks on our system.

2. Antivirus Software

Antivirus software is a program which is designed to prevent, detect, and remove viruses and
other malware attacks on the individual computer, networks, and IT systems. It also protects our
computers and networks from the variety of threats and viruses such as Trojan horses, worms,
keyloggers, browser hijackers, rootkits, spyware, botnets, adware, and ransomware. Most
antivirus program comes with an auto-update feature and enabling the system to check for new
viruses and threats regularly. It provides some additional services such as scanning emails to
ensure that they are free from malicious attachments and web links.

3. PKI Services

PKI stands for Public Key Infrastructure. This tool supports the distribution and identification of
public encryption keys. It enables users and computer systems to securely exchange data over the
internet and verify the identity of the other party. We can also exchange sensitive information
without PKI, but in that case, there would be no assurance of the authentication of the other
party.

People associate PKI with SSL or TLS. It is the technology which encrypts the server
communication and is responsible for HTTPS and padlock that we can see in our browser
address bar. PKI solve many numbers of cybersecurity problems and deserves a place in the
organization security suite.

PKI can also be used to:

o Enable Multi-Factor Authentication and access control

o Create compliant, Trusted Digital Signatures.
o Encrypt email communications and authenticate the sender's identity.
o Digitally sign and protect the code.
o Build identity and trust into IoT ecosystems.
4. Managed Detection and Response Service (MDR)

Today's cybercriminals and hackers used more advanced techniques and software to breach
organization security So, there is a necessity for every businesses to be used more powerful
forms of defences of cybersecurity. MDR is an advanced security service that provides threat
hunting, threat intelligence, security monitoring, incident analysis, and incident response. It is a
service that arises from the need for organizations (who has a lack of resources) to be more
aware of risks and improve their ability to detect and respond to threats. MDR also uses
Artificial Intelligence and machine learning to investigate, auto detect threats, and orchestrate
response for faster result.

The managed detection and response has the following characteristics:

o Managed detection and response is focused on threat detection, rather than compliance.
o MDR relies heavily on security event management and advanced analytics.
o While some automation is used, MDR also involves humans to monitor our network.
o MDR service providers also perform incident validation and remote response.

5. Penetration Testing

Penetration testing, or pen-test, is an important way to evaluate our business's security systems
and security of an IT infrastructure by safely trying to exploit vulnerabilities. These
vulnerabilities exist in operating systems, services and application, improper configurations or
risky end-user behavior. In Penetration testing, cybersecurity professionals will use the same
techniques and processes utilized by criminal hackers to check for potential threats and areas of
weakness.

A pen test attempts the kind of attack a business might face from criminal hackers such as
password cracking, code injection, and phishing. It involves a simulated real-world attack on a
network or application. This tests can be performed by using manual or automated technologies
to systematically evaluate servers, web applications, network devices, endpoints, wireless
networks, mobile devices and other potential points of vulnerabilities. Once the pen test has
successfully taken place, the testers will present us with their findings threats and can help by
recommending potential changes to our system.

6. Staff Training

Staff training is not a 'cybersecurity tool' but ultimately, having knowledgeable employees who
understand the cybersecurity which is one of the strongest forms of defence against cyber-
attacks. Today's many training tools available that can educate company's staff about the best
cybersecurity practices. Every business can organize these training tools to educate their
employee who can understand their role in cybersecurity.

We know that cyber-criminals continue to expand their techniques and level of sophistication to
breach businesses security, it has made it essential for organizations to invest in these training
tools and services. Failing to do this, they can leave the organization in a position where hackers
would be easily targeted their security system. So, the expense of the investment on these
training tools might put a reward for the business organization with long-term security and
protection.

Proxy servers can add an extra layer of security for users and organizations alike. In this blog, we
break down how proxy servers work and what their benefits are.

A proxy server acts as an intermediary or middleman between a user and the websites they
browse. They can be set up as a firewall or a web filter, acting as a layer of cybersecurity that
prevents cyber attackers from entering a private network and protects your computer against
malware and other cyber threats. In this article, we’ll discuss what a proxy server is, how it
works, and its various benefits and use cases.

What is a Proxy Server?

A proxy server is a gateway that anonymously passes data between users and the internet. The
proxy itself could be a computer system or a router.

When an individual uses a browser, they normally communicate directly with the internet, but
with a proxy server, the proxy communicates with the internet on their behalf.

When someone uses a proxy server, the internet traffic goes through the proxy before reaching
the destination computer. Since all communication is happening through the proxy, it offers
some level of security and privacy, and a number of IT companies depend on proxy servers to
filter out any potentially harmful data that might come in from the internet.

According to the FBI’s IC3 report for 2021, the United States received nearly 850,000
cybercrime complaints in 2021, an increase of 7.9% from the previous year, while the potential
losses due to these crimes amounted to $6.9 billion. With this plethora of cyberattacks, it only
makes sense to invest in security and privacy.

While proxy servers perform many important functions, the main reasons they are used are as
follows:

 To filter incoming traffic, making the company’s network more secure

 To keep the company’s network more private
 To speed up access to resources through the use of a cache

How Does a Proxy Server Work?

All devices connected to the internet have an internet protocol (IP) address. This address is how
a device is recognized on the internet, and it plays a role in how proxy servers work. Proxies can
have different ways of working, but the following steps are common among all proxy servers:

 When a device makes a request to the internet through a proxy, the proxy server reads
and interprets the request.
  That request is then forwarded to the right internet server.
 The internet server reads the IP of the proxy and sends the requested data to the IP of that
proxy.
 The proxy server receives the data, extracts it, and checks it for possible malware.
 Once marked safe, the data is forwarded to the requesting device.

Benefits of Proxy Servers

Proxy servers have a fairly simple mechanism and yet add a lot of value to an IT company or
other corporate entity. Here are some of the primary benefits and use cases for proxy servers.

Improved Security
This is the main reason why companies use proxy servers, as data breaches are expensive and
can result in huge losses. Global losses due to cybercrime reached over $6 trillion in 2021 and is
expected to top $10.5 trillion annually by 2025.

As a proxy server filters out malicious data from the internet before it reaches the company’s
servers, it can act as an additional layer of security. A proxy server alone might not save the
company’s network from all hacking attempts, but it can add to the security of the system and
lower the risk of cyberattacks.

It can also help a company against phishing, identity or brand theft, DDoS attacks, and other
malware attacks.

Anonymity
Since proxies sit between company networks and internet servers, the internet is unable to know
the company IP that generated the request. A company’s research and development process, part
of its intellectual property, is crucial for its success and must be protected. When an additional
layer of security is present between the unfiltered internet and the company servers, it protects
sensitive company data from being stolen.

For example, if a spy is monitoring the network, a proxy can prevent the spy from finding out
what the employees are searching for online.

Faster Speed
Caching is another important function performed by proxy servers. More frequently visited sites
can be cached by the proxy, thereby eliminating the need for the proxy to send a request to the
internet servers whenever a request is made for those pages,.

More than that, proxy servers also compress traffic and remove ads from websites, thereby
making the internet faster than usual.

Control Internet Usage

Proxies can be used to block undesirable content. For example, some companies might want to
block certain social media sites so their employees aren’t distracted from their work. A proxy
server also lets network administrators monitor the requests sent to the internet to ensure no
illegal or improper activities are being carried out.

Bypassing Restrictions
Some websites only allow access to IPs from a certain location. This can be a problem when a
business needs to access a geo-restricted website, but when a company uses a proxy server, the
IP is masked and employees can access the content they need.

How are Proxy Servers Used?

The proxy itself sits outside the firewall and protects the servers, but companies and
organizations can install proxy network software on each individual computer if necessary. The
proxy can also be a standalone computer or a router installed between two separate devices on
the company’s network.

When a proxy sits between two devices, it accepts requests, sends them to the required
destination, gathers responses, and forwards them to the requesting device.

Are Proxy Servers Similar to VPNs?

Proxy servers are similar to VPNs in some ways. For example, they both let users hide their IP
addresses and help bypass geo-restrictions.

However, a proxy server doesn’t encrypt the network traffic. A VPN, on the other hand,
encrypts network traffic and adds another layer of safety.

However, a VPN doesn’t use a cache to speed up internet access, whereas a proxy can improve
the speed of access with its caching capabilities.

In general, a VPN is trusted more by companies, thanks to its ability to encrypt data, but for
personal use, a proxy might be enough. However, in business scenarios where breaches are
expensive, VPNs could be a better choice.

Conclusion
A proxy server is an intermediary between end users and the internet that offers benefits such
as:

 Improving security
 Providing anonymity
 Improving browsing speed
 Allowing for control over internet usage
 Bypassing geo-restrictions

While it’s just one component of security, it can help to prevent cyber attackers from accessing
private networks and protect individual computers from malware and other threats.
 What is Proxy Server?

Proxy server refers to a server that acts as an intermediary between the request made by clients,
and a particular server for some services or requests for some resources. There are different types
of proxy servers available that are put into use according to the purpose of a request made by the
clients to the servers. The basic purpose of Proxy servers is to protect the direct connection of
Internet clients and internet resources. The proxy server also prevents the identification of the
client’s IP address when the client makes any request is made to any other servers.
 Internet Client and Internet resources: For internet clients, Proxy servers also act as a
shield for an internal network against the request coming from a client to access the data
stored on the server. It makes the original IP address of the node remains hidden while
accessing data from that server.
 Protects true host identity: In this method, outgoing traffic appears to come from the proxy
server rather than internet navigation. It must be configured to the specific application such as
HTTPs or FTP. For example, organizations can use a proxy to observe the traffic of its
employees to get the work efficiently done. It can also be used to keep a check on any kind of
highly confidential data leakage. Some can also use it to increase their websites rank.

Need Of Private Proxy:

1. Defeat Hackers: To protect organizations data from malicious use, passwords are used and
different architects are setup, but still, there may be a possibility that this information can be
hacked in case the IP address is accessible easily. To prevent such kind of misuse of Data
Proxy servers are set up to prevent tracking of original IP addresses instead data is shown to
come from a different IP address.
2. Filtering of Content: By caching the content of the websites, Proxy helps in fast access to
the data that has been accessed very often.
3. Examine Packet headers and Payloads: Payloads and packet headers of the requests made
by the user nodes in the internal server to access to social websites can be easily tracked and
restricted.
4. To control internet usage of employees and children: In this, the Proxy server is used to
control and monitor how their employees or kids use the internet. Organizations use it, to
deny access to a specific website and instead redirecting you with a nice note asking you to
refrain from looking at said sites on the company network.
5. Bandwidth savings and improved speeds: Proxy helps organizations to get better overall
network performance with a good proxy server.
6. Privacy Benefits: Proxy servers are used to browse the internet more privately. It will change
the IP address and identify the information the web request contains.
7. Security: Proxy server is used to encrypt your web requests to keep prying eyes from reading
your transactions as it provides top-level security.

Types Of Proxy Server

1. Reverse Proxy Server: The job of a reverse proxy server to listen to the request made by the
client and redirect to the particular web server which is present on different servers.
Example – Listen for TCP port 80 website connections which are normally placed in a
demilitarized zone (DMZ) zone for publicly accessible services but it also protects the true
identity of the host. Moreover, it is transparent to external users as external users will not be
able to identify the actual number of internal servers. So, it is the prime duty of reverse proxy
to redirect the flow depending upon the configurations of internal servers. The request that is
made to pass through the private network protected by firewalls will need a proxy server that
is not abiding by any of the local policies. Such types of requests from the clients are
completed using reverse proxy servers. This is also used to restrict the access of the clients to
the confidential data residing on the particular servers.
2. Web Proxy Server: Web Proxy forwards the HTTP requests, only URL is passed instead of
a path. The request is sent to particular the proxy server responds. Examples, Apache, HAP
Proxy.
3. Anonymous Proxy Server: This type of proxy server does not make an original IP address
instead these servers are detectable still provides rational anonymity to the client device.
4. Highly Anonymity Proxy: This proxy server does not allow the original IP address and it as
a proxy server to be detected.
5. Transparent Proxy: This type of proxy server is unable to provide any anonymity to the
client, instead, the original IP address can be easily detected using this proxy. But it is put into
use to act as a cache for the websites. A transparent proxy when combined with gateway
results in a proxy server where the connection requests are sent by the client , then IP are
redirected. Redirection will occurs without the client IP address configuration. HTTP headers
present on the server-side can easily detect its redirection .
6. CGI Proxy: CGI proxy server developed to make the websites more accessible. It accepts the
requests to target URLs using a web form and after processing its result will be returned to the
web browser. It is less popular due to some privacy policies like VPNs but it still receives a
lot of requests also. Its usage got reduced due to excessive traffic that can be caused to the
website after passing the local filtration and thus leads to damage to the organization.
7. Suffix Proxy: Suffix proxy server basically appends the name of the proxy to the URL. This
type of proxy doesn’t preserve any higher level of anonymity. It is used for bypassing the web
filters. It is easy to use and can be easily implemented but is used less due to the more number
of web filter present in it.
8. Distorting Proxy: Proxy servers are preferred to generate an incorrect original IP address of
clients once being detected as a proxy server. To maintain the confidentiality of the Client IP
address HTTP headers are used.
9. Tor Onion Proxy: This server aims at online anonymity to the user’s personal information. It
is used to route the traffic through various networks present worldwide to arise difficulty in
tracking the users’ address and prevent the attack of any anonymous activities. It makes it
difficult for any person who is trying to track the original address. In this type of routing, the
information is encrypted in a multi-folds layer. At the destination, each layer is decrypted one
by one to prevent the information to scramble and receive original content. This software is
open-source and free of cost to use.
10. 12P Anonymous Proxy: It uses encryption to hide all the communications at various levels.
This encrypted data is then relayed through various network routers present at different
 locations and thus I2P is a fully distributed proxy. This software is free of cost and open
source to use, It also resists the censorship.
11. DNS Proxy: DNS proxy take requests in the form of DNS queries and forward them to the
Domain server where it can also be cached, moreover flow of request can also be redirected.

How Does The Proxy Server Operates?

Every computer has its unique IP address which it uses to communicate with another node.
Similarly, the proxy server has its IP address that your computer knows. When a web request is
sent, your request goes to the proxy server first. The Proxy sends a request on your behalf to the
internet and then collect the data and make it available to you. A proxy can change your IP
address So, the webserver will be unable to fetch your location in the world. It protects data from
getting hacked too. Moreover, it can block some web pages also.

Disadvantages of Proxy Server

1. Proxy Server Risks: Free installation does not invest much in backend hardware or
encryption. It will result in performance issues and potential data security issues. If you install
a “free” proxy server, treat very carefully, some of those might steal your credit card
numbers.
2. Browsing history log: The proxy server stores your original IP address and web request
information is possibly unencrypted form and saved locally. Always check if your proxy
server logs and saves that data – and what kind of retention or law enforcement cooperation
policies they follow while saving data.
3. No encryption: No encryption means you are sending your requests as plain text. Anyone
will be able to pull usernames and passwords and account information easily. Keep a check
that proxy provides full encryption whenever you use it.

What Does Anonymizer Mean?

An anonymizer is a proxy server that makes Internet activity untraceable. An anonymizer

protects personally identifying information by hiding private information on the user’s behalf.
 Advertisements
When users anonymize their personal electronic identification information it can enable:

 Risk minimization
 Taboo electronic communications
 Identity theft prevention
 Protection of search history
 Avoidance of legal and/or social consequences
An anonymizer may also be known as anonymous proxy.

What is Cyber Security?

The technique of protecting internet-connected systems such as computers, servers, mobile

devices, electronic systems, networks, and data from malicious attacks is known as
cybersecurity. We can divide cybersecurity into two parts one is cyber, and the other is security.
Cyber refers to the technology that includes systems, networks, programs, and data. And security
is concerned with the protection of systems, networks, applications, and information. In some
cases, it is also called electronic information security or information technology security.
Some other definitions of cybersecurity are:

"Cyber Security is the body of technologies, processes, and practices designed to protect
networks, devices, programs, and data from attack, theft, damage, modification or unauthorized
access."

"Cyber Security is the set of principles and practices designed to protect our computing
resources and online information against threats."

Types of Cyber Security

Every organization's assets are the combinations of a variety of different systems. These systems
have a strong cybersecurity posture that requires coordinated efforts across all of its systems.
Therefore, we can categorize cybersecurity in the following sub-domains:

o Network Security: It involves implementing the hardware and software to secure a

computer network from unauthorized access, intruders, attacks, disruption, and misuse.
This security helps an organization to protect its assets against external and internal
threats.
o Application Security: It involves protecting the software and devices from unwanted
threats. This protection can be done by constantly updating the apps to ensure they are
secure from attacks. Successful security begins in the design stage, writing source code,
validation, threat modeling, etc., before a program or device is deployed.
o Information or Data Security: It involves implementing a strong data storage
mechanism to maintain the integrity and privacy of data, both in storage and in transit.
o Identity management: It deals with the procedure for determining the level of access
that each individual has within an organization.
o Operational Security: It involves processing and making decisions on handling and
securing data assets.
o Mobile Security: It involves securing the organizational and personal data stored on
mobile devices such as cell phones, computers, tablets, and other similar devices against
various malicious threats. These threats are unauthorized access, device loss or theft,
malware, etc.
o Cloud Security: It involves in protecting the information stored in the digital
environment or cloud architectures for the organization. It uses various cloud service
providers such as AWS, Azure, Google, etc., to ensure security against multiple threats.
o Disaster Recovery and Business Continuity Planning: It deals with the processes,
monitoring, alerts, and plans to how an organization responds when any malicious
activity is causing the loss of operations or data. Its policies dictate resuming the lost
operations after any disaster happens to the same operating capacity as before the event.
 o User Education: It deals with the processes, monitoring, alerts, and plans to how an
organization responds when any malicious activity is causing the loss of operations or
data. Its policies dictate resuming the lost operations after any disaster happens to the
same operating capacity as before the event.

Importance of Cyber Security

Today we live in a digital era where all aspects of our lives depend on the network, computer and
other electronic devices, and software applications. All critical infrastructure such as the banking
system, healthcare, financial institutions, governments, and manufacturing industries use devices
connected to the Internet as a core part of their operations. Some of their information, such as
intellectual property, financial data, and personal data, can be sensitive for unauthorized access
or exposure that could have negative consequences. This information gives intruders and threat
actors to infiltrate them for financial gain, extortion, political or social motives, or just
vandalism.

Cyber-attack is now an international concern that hacks the system, and other security attacks
could endanger the global economy. Therefore, it is essential to have an excellent cybersecurity
strategy to protect sensitive information from high-profile security breaches. Furthermore, as the
volume of cyber-attacks grows, companies and organizations, especially those that deal with
information related to national security, health, or financial records, need to use strong
cybersecurity measures and processes to protect their sensitive business and personal
information.

Cyber Security Goals

Cyber Security's main objective is to ensure data protection. The security community provides
a triangle of three related principles to protect the data from cyber-attacks. This principle is
called the CIA triad. The CIA model is designed to guide policies for an organization's
information security infrastructure. When any security breaches are found, one or more of these
principles has been violated.

We can break the CIA model into three parts: Confidentiality, Integrity, and Availability. It is
actually a security model that helps people to think about various parts of IT security. Let us
discuss each part in detail.
Confidentiality

Confidentiality is equivalent to privacy that avoids unauthorized access of information. It

involves ensuring the data is accessible by those who are allowed to use it and blocking access to
others. It prevents essential information from reaching the wrong people. Data encryption is an
excellent example of ensuring confidentiality.

Integrity

This principle ensures that the data is authentic, accurate, and safeguarded from unauthorized
modification by threat actors or accidental user modification. If any modifications occur, certain
measures should be taken to protect the sensitive data from corruption or loss and speedily
recover from such an event. In addition, it indicates to make the source of information genuine.

Availability

This principle makes the information to be available and useful for its authorized people always.
It ensures that these accesses are not hindered by system malfunction or cyber-attacks.

Types of Cyber Security Threats

A threat in cybersecurity is a malicious activity by an individual or organization to corrupt or

steal data, gain access to a network, or disrupts digital life in general. The cyber community
defines the following threats available today:
Malware

Malware means malicious software, which is the most common cyber attacking tool. It is used
by the cybercriminal or hacker to disrupt or damage a legitimate user's system. The following are
the important types of malware created by the hacker:

o Virus: It is a malicious piece of code that spreads from one device to another. It can clean
files and spreads throughout a computer system, infecting files, stoles information, or
damage device.
o Spyware: It is a software that secretly records information about user activities on their
system. For example, spyware could capture credit card details that can be used by the
cybercriminals for unauthorized shopping, money withdrawing, etc.
o Trojans: It is a type of malware or code that appears as legitimate software or file to fool
us into downloading and running. Its primary purpose is to corrupt or steal data from our
device or do other harmful activities on our network.
o Ransomware: It's a piece of software that encrypts a user's files and data on a device,
rendering them unusable or erasing. Then, a monetary ransom is demanded by malicious
actors for decryption.
o Worms: It is a piece of software that spreads copies of itself from device to device
without human interaction. It does not require them to attach themselves to any program
to steal or damage the data.
o Adware: It is an advertising software used to spread malware and displays
advertisements on our device. It is an unwanted program that is installed without the
user's permission. The main objective of this program is to generate revenue for its
developer by showing the ads on their browser.
 o Botnets: It is a collection of internet-connected malware-infected devices that allow
cybercriminals to control them. It enables cybercriminals to get credentials leaks,
unauthorized access, and data theft without the user's permission.

Phishing

Phishing is a type of cybercrime in which a sender seems to come from a genuine

organization like PayPal, eBay, financial institutions, or friends and co-workers. They contact a
target or targets via email, phone, or text message with a link to persuade them to click on that
links. This link will redirect them to fraudulent websites to provide sensitive data such as
personal information, banking and credit card information, social security numbers, usernames,
and passwords. Clicking on the link will also install malware on the target devices that allow
hackers to control devices remotely.

Man-in-the-middle (MITM) attack

A man-in-the-middle attack is a type of cyber threat (a form of eavesdropping attack) in which a

cybercriminal intercepts a conversation or data transfer between two individuals. Once the
cybercriminal places themselves in the middle of a two-party communication, they seem like
genuine participants and can get sensitive information and return different responses. The main
objective of this type of attack is to gain access to our business or customer data. For example, a
cybercriminal could intercept data passing between the target device and the network on an
unprotected Wi-Fi network.

Distributed denial of service (DDoS)

It is a type of cyber threat or malicious attempt where cybercriminals disrupt targeted servers,
services, or network's regular traffic by fulfilling legitimate requests to the target or its
surrounding infrastructure with Internet traffic. Here the requests come from several IP addresses
that can make the system unusable, overload their servers, slowing down significantly or
temporarily taking them offline, or preventing an organization from carrying out its vital
functions.

Brute Force

A brute force attack is a cryptographic hack that uses a trial-and-error method to guess all
possible combinations until the correct information is discovered. Cybercriminals usually use
this attack to obtain personal information about targeted passwords, login info, encryption keys,
and Personal Identification Numbers (PINS).

SQL Injection (SQLI)

SQL injection is a common attack that occurs when cybercriminals use malicious SQL scripts for
backend database manipulation to access sensitive information. Once the attack is successful, the
malicious actor can view, change, or delete sensitive company data, user lists, or private
customer details stored in the SQL database.

Domain Name System (DNS) attack

A DNS attack is a type of cyberattack in which cyber criminals take advantage of flaws in the
Domain Name System to redirect site users to malicious websites (DNS hijacking) and steal data
from affected computers. It is a severe cybersecurity risk because the DNS system is an essential
element of the internet infrastructure.

Latest Cyber Threats

The following are the latest cyber threats reported by the U.K., U.S., and Australian
governments:

Romance Scams

The U.S. government found this cyber threat in February 2020. Cybercriminals used this threat
through dating sites, chat rooms, and apps. They attack people who are seeking a new partner
and duping them into giving away personal data.

Dridex Malware

It is a type of financial Trojan malware identifies by the U.S. in December 2019 that affects the
public, government, infrastructure, and business worldwide. It infects computers through
phishing emails or existing malware to steal sensitive information such as passwords, banking
details, and personal data for fraudulent transactions. The National Cyber Security Centre of the
United Kingdom encourages people to make sure their devices are patched, anti-virus is turned
on and up to date, and files are backed up to protect sensitive data against this attack.

Emotet Malware

Emotet is a type of cyber-attack that steals sensitive data and also installs other malware on our
device. The Australian Cyber Security Centre warned national organizations about this global
cyber threat in 2019.

The following are the system that can be affected by security breaches and attacks:

o Communication: Cyber attackers can use phone calls, emails, text messages, and
messaging apps for cyberattacks.
o Finance: This system deals with the risk of financial information like bank and credit
card detail. This information is naturally a primary target for cyber attackers.
o Governments: The cybercriminal generally targets the government institutions to get
confidential public data or private citizen information.
 o Transportation: In this system, cybercriminals generally target connected cars, traffic
control systems, and smart road infrastructure.
o Healthcare: A cybercriminal targets the healthcare system to get the information stored
at a local clinic to critical care systems at a national hospital.
o Education: A cybercriminals target educational institutions to get their confidential
research data and information of students and employees.

Benefits of Cyber Security

The following are the benefits of implementing and maintaining cybersecurity:

o Cyberattacks and data breach protection for businesses.

o Data and network security are both protected.
o Unauthorized user access is avoided.
o After a breach, there is a faster recovery time.
o End-user and endpoint device protection.
o Regulatory adherence.
o Continuity of operations.
o Developers, partners, consumers, stakeholders, and workers have more faith in the
company's reputation and trust.

Cyber Safety Tips

Let us see how to protect ourselves when any cyberattacks happen. The following are the popular
cyber safety tips:

Conduct cybersecurity training and awareness: Every organization must train their staffs on
cybersecurity, company policies, and incident reporting for a strong cybersecurity policy to be
successful. If the staff does unintentional or intentional malicious activities, it may fail the best
technical safeguards that result in an expensive security breach. Therefore, it is useful to conduct
security training and awareness for staff through seminars, classes, and online courses that
reduce security violations.

Update software and operating system: The most popular safety measure is to update the
software and O.S. to get the benefit of the latest security patches.

Use anti-virus software: It is also useful to use the anti-virus software that will detect and
removes unwanted threats from your device. This software is always updated to get the best level
of protection.

Perform periodic security reviews: Every organization ensures periodic security inspections of
all software and networks to identify security risks early in a secure environment. Some popular
examples of security reviews are application and network penetration testing, source code
reviews, architecture design reviews, and red team assessments. In addition, organizations should
prioritize and mitigate security vulnerabilities as quickly as possible after they are discovered.

Use strong passwords: It is recommended to always use long and various combinations of
characters and symbols in the password. It makes the passwords are not easily guessable.

Do not open email attachments from unknown senders: The cyber expert always advises not
to open or click the email attachment getting from unverified senders or unfamiliar websites
because it could be infected with malware.

Avoid using unsecured Wi-Fi networks in public places: It should also be advised not to use
insecure networks because they can leave you vulnerable to man-in-the-middle attacks.

Backup data: Every organization must periodically take backup of their data to ensure all
sensitive data is not lost or recovered after a security breach. In addition, backups can help
maintain data integrity in cyber-attack such as SQL injections, phishing, and ransomware.

Security Policies

Security policies are a formal set of rules which is issued by an organization to ensure that the
user who are authorized to access company technology and information assets comply with rules
and guidelines related to the security of information. It is a written document in the organization
which is responsible for how to protect the organizations from threats and how to handles them
when they will occur. A security policy also considered to be a "living document" which means
that the document is never finished, but it is continuously updated as requirements of the
technology and employee changes.

Need of Security policies-

1) It increases efficiency.

The best thing about having a policy is being able to increase the level of consistency which
saves time, money and resources. The policy should inform the employees about their individual
duties, and telling them what they can do and what they cannot do with the organization sensitive
information.

2) It upholds discipline and accountability

When any human mistake will occur, and system security is compromised, then the security
policy of the organization will back up any disciplinary action and also supporting a case in a
court of law. The organization policies act as a contract which proves that an organization has
taken steps to protect its intellectual property, as well as its customers and clients.

3) It can make or break a business deal

It is not necessary for companies to provide a copy of their information security policy to other
vendors during a business deal that involves the transference of their sensitive information. It is
true in a case of bigger businesses which ensures their own security interests are protected when
dealing with smaller businesses which have less high-end security systems in place.

4) It helps to educate employees on security literacy

A well-written security policy can also be seen as an educational document which informs the
readers about their importance of responsibility in protecting the organization sensitive data. It
involves on choosing the right passwords, to providing guidelines for file transfers and data
storage which increases employee's overall awareness of security and how it can be strengthened.

We use security policies to manage our network security. Most types of security policies are
automatically created during the installation. We can also customize policies to suit our specific
environment. There are some important cybersecurity policies recommendations describe below-

1. Virus and Spyware Protection policy

This policy provides the following protection:

o It helps to detect, removes, and repairs the side effects of viruses and security risks by
using signatures.
o It helps to detect the threats in the files which the users try to download by using
reputation data from Download Insight.
o It helps to detect the applications that exhibit suspicious behaviour by using SONAR
heuristics and reputation data.

2. Firewall Policy

This policy provides the following protection:

o It blocks the unauthorized users from accessing the systems and networks that connect to
the Internet.
o It detects the attacks by cybercriminals.
o It removes the unwanted sources of network traffic.

3. Intrusion Prevention policy

This policy automatically detects and blocks the network attacks and browser attacks. It also
protects applications from vulnerabilities. It checks the contents of one or more data packages
and detects malware which is coming through legal ways.

4. LiveUpdate policy
This policy can be categorized into two types one is LiveUpdate Content policy, and another is
LiveUpdate Setting Policy. The LiveUpdate policy contains the setting which determines when
and how client computers download the content updates from LiveUpdate. We can define the
computer that clients contact to check for updates and schedule when and how often clients
computer check for updates.

5. Application and Device Control

This policy protects a system's resources from applications and manages the peripheral devices
that can attach to a system. The device control policy applies to both Windows and Mac
computers whereas application control policy can be applied only to Windows clients.

6. Exceptions policy

This policy provides the ability to exclude applications and processes from detection by the virus
and spyware scans.

7. Host Integrity policy

This policy provides the ability to define, enforce, and restore the security of client computers to
keep enterprise networks and data secure. We use this policy to ensure that the client's computers
who access our network are protected and compliant with companies? securities policies. This
policy requires that the client system must have installed antivirus.

WHAT IS PHISHING?

Phishing is a cyber crime that leverages deceptive emails, websites, and text messages to steal
confidential personal and corporate information.
Victims are tricked into giving up personal information such as their credit card data, phone
number, mailing address, company information, etc. Criminals then use this information to steal
the victim's identity and commit further crimes using this stolen identity.
Criminals who use phishing tactics are successful because they carefully hide behind emails and
websites familiar to the intended victim. For example, the email address might
be [email protected] instead of [email protected]. Using these fake email
addresses, they urge recipients to update their account credentials to protect them from fraud.
Phishing is a type of social engineering that criminals use to steal data, infect computers, and
infiltrate company networks.

What Are The Different Types Of Phishing?

Email
This is the most common phishing tactic. An email is sent to multiple recipients urging them to
update personal information, verify account details, or change passwords.
Typically, the email is worded to promote a sense of urgency, sometimes highlighting the
recipient's need to protect themselves or their organization. The email is designed to appear to
come from a legitimate source, such as customer service for PayPal, Apple, Microsoft, a bank, or
other known companies.

Content Injection
A familiar-looking webpage, like an email account login page or online banking page, is injected
with malicious content. The content can include a link, form, or pop-up that directs people to a
secondary website where they are urged to confirm personal information, update credit card
details, change passwords, etc.

Link Manipulation
A carefully worded email arrives with a malicious link to a familiar website such as Amazon or
another popular website. When you click on the link, it takes you to a fake website designed to
look exactly like the known website, where you are then prompted to update your account
information or verify account details.

CEO Fraud
This common type of domain spoofing includes sending emails that masquerade as coming from
the CEO, human resources, or a colleague. The email may ask the recipient to transfer funds,
confirm an e-transfer or wire transfer, or send tax information.
Fake Websites
Hackers create fake websites that look just like highly frequented websites. This fake website has
a slightly different domain, for example, outlook.you.live.com instead of outlook.live.com.
People believe they're on the right website and accidentally open themselves to identity theft.

Mobile Phishing
Mobile phishing can involve fraudulent SMS, social media, voice mail, or other in-app messages
informing the recipient that their account has been closed, compromised, or is expiring. The
message includes a link, video, or message to steal personal information or install malware on
the mobile device.

Spear Phishing
Spear phishing is advanced targeted email phishing. The criminal targets a specific individual or
organization and uses focused, personalized messages to steal data that goes beyond personal
credit card information. For example, infiltrating a hospital, bank, or university to steal data
severely compromises the organization.

Voice Phishing
With voice phishing or vishing, a phone caller leaves a strongly worded voicemail or reads from
a script that urges the recipient to call another phone number. Often these calls are designed to be
urgent and encourage the recipient to act before their bank account is suspended or, worse, they
may be charged with a crime.
Session Hijacking
This type of phishing requires sophisticated techniques that allow criminals to violate a web
server and steal information stored on the server.

Malvertising
This type of malware uses online advertisements or pop-ups to encourage people to click a link
that installs malware on the computer.

Malware
Malware happens with a person clicks an email attachment and inadvertently installs software
that mines the computer and network for information. Keylogging is one type of malware that
tracks keystrokes to discover passwords. A trojan horse is another type of malware that tricks
someone into entering personal information.

Man-In-The-Middle
With man-in-the-middle phishing attacks, the criminal tricks two people into sending
information to each other. The phisher or criminal may send fake requests to each party or alter
the information being sent and received. The people involved believe they are communicating
with each other and have no idea a third party is manipulating them.
Evil Twin Wi-Fi
In this phishing attack, cyber criminals create a fake Wi-Fi access point that acts as a legitimate
Wi-Fi hotspot. This tactic is common in coffee shops, airports, hospitals, or locations where
people routinely need Wi-Fi access. People log into this Wi-Fi access point thinking they're
using a legitimate spot, allowing criminals to intercept any data communicated on this fake Wi-
Fi account.
These different types of phishing are part of a greater social engineering scheme. Social
engineering is a savvy way to trick people into giving up information, access, and details they
know they should keep secure and private.
What is password cracking?

Password cracking is the process of using an application program to identify an unknown or

forgotten password to a computer or network resource. It can also be used to help a threat actor
obtain unauthorized access to resources.

With the information malicious actors gain using password cracking, they can undertake a range
of criminal activities. Those include stealing banking credentials or using the information for
identity theft and fraud.

A password cracker recovers passwords using various techniques. The process can involve
comparing a list of words to guess passwords or the use of an algorithm to repeatedly guess the
password.

How do you create a strong password?

Password crackers can decipher passwords in a matter of days or hours, depending on how weak
or strong the password is. To make a password stronger and more difficult to uncover, a plaintext
password should adhere to the following rules:

 Be at least 12 characters long. The shorter a password is, the easier and faster it will be
cracked.
 Combine letters and a variety of characters. Using numbers and special characters, such as
periods and commas, increases the number of possible combinations.

 Avoid reusing a password. If a password is cracked, then a person with malicious intent
could use that same password to easily access other password-protected accounts the victim
owns.

 Pay attention to password strength indicators. Some password-protected systems include

a password strength meter, which is a scale that tells users when they have created a strong
password.

 Avoid easy-to-guess phrases and common passwords. Weak passwords can be a name, a
pet's name or a birthdate -- something personally identifiable. Short and easily predictable
patterns, like 123456, password or qwerty, also are weak passwords.

 Use encryption. Passwords stored in a database should be encrypted.

 Take advantage of password creation tools and managers. Some smartphones will
automatically create long, hard-to-guess passwords. For example, Apple iPhones will create
strong website passwords for users. An iPhone stores the passwords in its password manager,
iCloud Keychain and automatically fills the password into the correct field so the user doesn't
have to remember the complicated password.
 Ponemon
Institute research looked at password hygiene behavior of IT professionals.
What does a password cracking attack look like?

The general process a password cracker follows involves these four steps:

1. Steal a password via some nefarious means. That password has likely been encrypted before
being stored using a hash Hashes are mathematical functions that change arbitrary-length
inputs into an encrypted fixed-length output.

2. Choose a cracking methodology, such as a brute-force or dictionary attack, and select a

cracking tool.

3. Prepare the password hashes for the cracking program. This is done by providing an input to
the hash function to create a hash that can be authenticated.

4. Run the cracking tool.

A password cracker may also be able to identify encrypted passwords. After retrieving the
password from the computer's memory, the program may be able to decrypt it. Or, by using the
same algorithm as the system program, the password cracker creates an encrypted version of the
password that matches the original.

What are password cracking techniques?

Password crackers use two primary methods to identify correct passwords: brute-force and
dictionary attacks. However, there are plenty of other password cracking methods, including the
following:

 Brute force. This attack runs through combinations of characters of a predetermined length
until it finds the combination that matches the password.

 Dictionary search. Here, a password cracker searches each word in the dictionary for the
correct password. Password dictionaries exist for a variety of topics and combinations of
topics, including politics, movies and music groups.

 Phishing. These attacks are used to gain access to user passwords without the use of a
password cracking tool. Instead, a user is fooled into clicking on an email attachment. From
here, the attachment could install malware or prompt the user to use their email to sign into a
false version of a website, revealing their password.

 Malware. Similar to phishing, using malware is another method of gaining unauthored access
to passwords without the use of a password cracking tool. Malware such as keyloggers, which
track keystrokes, or screen scrapers, which take screenshots, are used instead.

 Rainbow attack. This approach involves using different words from the original password in
order to generate other possible passwords. Malicious actors can keep a list called a rainbow
table with them. This list contains leaked and previously cracked passwords, which will make
the overall password cracking method more effective.

 Guessing. An attacker may be able to guess a password without the use of tools. If the threat
actor has enough information about the victim or the victim is using a common enough
password, they may be able to come up with the correct characters.
Some password cracking programs may use hybrid attack methodologies where they search for
combinations of dictionary entries and numbers or special characters. For example, a password
cracker may search for ants01, ants02, ants03, etc. This can be helpful when users have been
advised to include a number in their password.

Keylogger

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of

recording (or logging) the keys struck on a keyboard, typically in a covert manner so that the
person using the keyboard is unaware that their actions are being monitored.

It has the capability to record every keystroke you make to a log file, usually encrypted. A
keylogger recorder can record instant messages, e-mail, and any information you type at any
time using your keyboard. The log file created by the keylogger can then be sent to a specified
receiver. Some keylogger programs will also record any e-mail addresses you use and Web site
URLs you visit.

Legitimate programs may have a keylogging function which can be used to call certain program
functions using “hotkeys,” or to toggle between keyboard layouts (e.g. Keyboard Ninja). There is
a lot of legitimate software which is designed to allow administrators to track what employees do
throughout the day, or to allow users to track the activity of third parties on their computers.
However, the ethical boundary between justified monitoring and espionage is a fine line.
Legitimate software is often used deliberately to steal confidential user information such as
passwords.

Most modern keyloggers are considered to be legitimate software or hardware and are sold on
the open market. Developers and vendors offer a long list of cases in which it would be legal and
appropriate to use keyloggers, including:

 Parental control: parents can track what their children do on the Internet, and can opt to
be notified if there are any attempts to access websites containing adult or otherwise
inappropriate content;
 Jealous spouses or partners can use a keylogger to track the actions of their better half on
the Internet if they suspect them of “virtual cheating”;
 Company security: tracking the use of computers for non-work-related purposes, or the
use of workstations after hours;
 Company security: using keyloggers to track the input of key words and phrases
associated with commercial information which could damage the company (materially or
otherwise) if disclosed;
 Other security (e.g. law enforcement): using keylogger records to analyze and track
incidents linked to the use of personal computers;
 Other reasons.

Threat
As such programs are extensively used by cyber criminals, detecting them is a priority for
antivirus companies. Unlike other types of malicious program, keyloggers present no threat to
the system itself. Nevertheless, they can pose a serious threat to users, as they can be used to
intercept passwords and other confidential information entered via the keyboard. As a result,
cyber criminals can get PIN codes and account numbers for e-payment systems, passwords to
online gaming accounts, email addresses, user names, email passwords etc.

Once a cyber criminal has got hold of confidential user data, s/he can easily transfer money from
the user’s account or access the user’s online gaming account. Unfortunately access to
confidential data can sometimes have consequences which are far more serious than an
individual’s loss of a few dollars. Keyloggers can be used as tools in both industrial and political
espionage, accessing data which may include proprietary commercial information and classified
government material which could compromise the security of commercial and state-owned
organizations (for example, by stealing private encryption keys).

Keyloggers, phishing and social engineering are currently the main methods being used in cyber
fraud. Users who are aware of security issues can easily protect themselves against phishing by
ignoring phishing emails and by not entering any personal information on suspicious websites. It
is more difficult, however, for users to combat keyloggers; the only possible method is to use an
appropriate security solution, as it’s usually impossible for a user to tell that a keylogger has
been installed on his/ her machine.

In recent years, we have seen a considerable increase in the number of different kinds of
malicious programs which have keylogging functionality. No Internet user is immune to cyber
criminals, no matter where in the world s/he is located and no matter what organization s/he
works for.

Attacks

One of the most publicized keylogging incidents recently was the theft of over $1million from
client accounts at the major Scandinavian bank Nordea. In August 2006 Nordea clients started to
receive emails, allegedly from the bank, suggesting that they install an antispam product, which
was supposedly attached to the message. When a user opened the file and downloaded it to his/
her computer, the machine would be infected with a well known Trojan called Haxdoor. This
would be activated when the victim registered at Nordea’s online service, and the Trojan would
display an error notification with a request to re-enter the registration information. The keylogger
incorporated in the Trojan would record data entered by the bank’s clients, and later send this
data to the cyber criminals’ server. This was how cyber criminals were able to access client
accounts, and transfer money from them. According to Haxdoor’s author, the Trojan has also
been used in attacks against Australian banks and many others.

On January 24, 2004 the notorious Mydoom worm caused a major epidemic. MyDoom broke the
record previously set by Sobig, provoking the largest epidemic in Internet history to date. The
worm used social engineering methods and organized a DoS attack on www.sco.com; the site
was either unreachable or unstable for several months as a consequence. The worm left a Trojan
on infected computers which was subsequently used to infect the victim machines with new
modifications of the worm. The fact that MyDoom had a keylogging function to harvest credit
card numbers was not widely publicized in the media.

In early 2005 the London police prevented a serious attempt to steal banking data. After
attacking a banking system, the cyber criminals had planned to steal $423 million from
Sumitomo Mitsui’s London-based offices. The main component of the Trojan used, which was
created by the 32-year-old Yeron Bolondi, was a keylogger that allowed the criminals to track all
the keystrokes entered when victims used the bank’s client interface.

There are many more examples of cyber criminals using keyloggers – most financial cybercrime
is committed using keyloggers, since these programs are the most comprehensive and reliable
tool for tracking electronic information.

Structure

The main idea behind keyloggers is to get in between any two links in the chain of events
between when a key is pressed and when information about that keystroke is displayed on the
monitor. This can be achieved using video surveillance, a hardware bug in the keyboard, wiring
or the computer itself, intercepting input/ output, substituting the keyboard driver, the filter
driver in the keyboard stack, intercepting kernel functions by any means possible (substituting
addresses in system tables, splicing function code, etc.), intercepting DLL functions in user
mode, and, finally, requesting information from the keyboard using standard documented
methods.

Experience shows that the more complex the approach, the less likely it is to be used in common
Trojan programs and the more likely it is to be used in specially designed Trojan programs which
are designed to steal financial data from a specific company.

Keyloggers can be divided into two categories: keylogging devices and keylogging software.
Keyloggers which fall into the first category are usually small devices that can be fixed to the
keyboard, or placed within a cable or the computer itself. The keylogging software category is
made up of dedicated programs designed to track and log keystrokes.

The most common methods used to construct keylogging software are as follows:

 a system hook which intercepts notification that a key has been pressed (installed using
WinAPI SetWindowsHook for messages sent by the window procedure. It is most often
written in C);
 a cyclical information keyboard request from the keyboard (using WinAPI
Get(Async)KeyState or GetKeyboardState – most often written in Visual Basic,
sometimes in Borland Delphi);
 using a filter driver (requires specialized knowledge and is written in C).

Hardware Keyloggers
Some keyloggers can be implemented entirely as hardware devices. A typical desktop computer
has a keyboard that connects to the back of the computer using a USB cable. If someone were to
sneak in, unplug the keyboard’s USB cable, then attach a specialized USB device between the
computer’s USB port and the keyboard’s USB connector, the device could function as a
keylogger. Sitting in the middle, it could intercept keyboard signals from the keyboard, store
them on the device, and then pass the keystrokes to the computer so everything would appear to
be working normally. Security software on the computer wouldn’t be able to detect this
keylogger, as it runs entirely in hardware. If the computer were hidden under a desk, no one
would notice the device.

The person could then come back a few days later to grab the device and sneak off with it,
leaving no trace of keylogging software or suspicious network activity.

Stealth

Recently, keyloggers that disguise their files to keep them from being found manually or by an
antivirus program have become more numerous. These stealth techniques are called rootkit
technologies. There are two main rootkit technologies used by keyloggers:

 masking in user mode;

 masking in kernel mode.

Spread

Keyloggers spread in much the same way that other malicious programs spread. Excluding cases
where keyloggers are purchased and installed by a jealous spouse or partner, and the use of
keyloggers by security services, keyloggers are mostly spread using the following methods):

 a keylogger can be installed when a user opens a file attached to an email;

 a keylogger can be installed when a file is launched from an open-access directory on a
P2P network;
 a keylogger can be installed via a web page script which exploits a browser vulnerability.
The program will automatically be launched when a user visits a infected site;
 a keylogger can be installed by another malicious program already present on the victim
machine, if the program is capable of downloading and installing other malware to the
system.

Protection

Most antivirus companies have already added known keyloggers to their databases, making
protecting against keyloggers no different from protecting against other types of malicious
program: install an antivirus product and keep its database up to date. However, since most
antivirus products classify keyloggers as potentially malicious, or potentially undesirable
programs, users should ensure that their antivirus product will, with default settings, detect this
type of malware. If not, then the product should be configured accordingly, to ensure protection
against most common keyloggers.
Since the chief purpose of keyloggers is to get confidential data (bank card numbers, passwords,
etc.), the most logical ways to protect against unknown keyloggers are as follows:

 using one-time passwords or two-step authentication,

 using a system with proactive protection designed to detect keylogging software,
 using a virtual keyboard.

Spyware

Spyware is software that aims to gather information about a person or organization without their
knowledge and that may send such information to another entity without the consumer’s consent,
or that asserts control over a computer without the consumer’s knowledge.

“Spyware” is mostly classified into four types: system monitors, trojans, adware, and tracking
cookies. Spyware is mostly used for the purposes of tracking and storing Internet users’
movements on the Web and serving up pop-up ads to Internet users.

Whenever spyware is used for malicious purposes, its presence is typically hidden from the user
and can be difficult to detect.

Installation

Spyware does not necessarily spread in the same way as a virus or worm because infected
systems generally do not attempt to transmit or copy the software to other computers. Instead,
spyware installs itself on a system by deceiving the user or by exploiting software vulnerabilities.

Most spyware is installed without users’ knowledge, or by using deceptive tactics. Spyware may
try to deceive users by bundling itself with desirable software. Other common tactics are using a
Trojan horse. Some spyware authors infect a system through security holes in the Web browser
or in other software. When the user navigates to a Web page controlled by the spyware author,
the page contains code which attacks the browser and forces the download and installation of
spyware.

Examples

These common spyware programs illustrate the diversity of behaviors found in these attacks.
Note that as with computer viruses, researchers give names to spyware programs which may not
be used by their creators. Programs may be grouped into “families” based not on shared program
code, but on common behaviors, or by “following the money” of apparent financial or business
connections. For instance, a number of the spyware programs distributed by Claria are
collectively known as “Gator”. Likewise, programs that are frequently installed together may be
described as parts of the same spyware package, even if they function separately.

 CoolWebSearch, a group of programs, takes advantage of Internet Explorer

vulnerabilities. The package directs traffic to advertisements on Web sites including
 coolwebsearch.com. It displays pop-up ads, rewrites search engine results, and alters the
infected computer’s hosts file to direct DNS lookups to these sites.
 Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to
advertising. When users follow a broken link or enter an erroneous URL, they see a page
of advertisements. However, because password-protected Web sites (HTTP Basic
authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it
impossible for the user to access password-protected sites.

Behavior

A spyware program is rarely alone on a computer: an affected machine usually has multiple
infections. Users frequently notice unwanted behavior and degradation of system performance. A
spyware infestation can create significant unwanted CPU activity, disk usage, and network
traffic. Stability issues, such as applications freezing, failure to boot, and system-wide crashes
are also common. Spyware, which interferes with networking software, commonly causes
difficulty connecting to the Internet.

In some infections, the spyware is not even evident. Users assume in those situations that the
performance issues relate to faulty hardware, Windows installation problems, or another
infection. Some owners of badly infected systems resort to contacting technical support experts,
or even buying a new computer because the existing system “has become too slow”. Badly
infected systems may require a clean reinstallation of all their software in order to return to full
functionality.

Moreover, some types of spyware disable software firewalls and anti-virus software, and/or
reduce browser security settings, which further open the system to further opportunistic
infections. Some spyware disables or even removes competing spyware programs, on the
grounds that more spyware-related annoyances make it even more likely that users will take
action to remove the programs.

Prevention

As the spyware threat has worsened, a number of techniques have emerged to counteract it.
These include programs designed to remove or block spyware, as well as various user practices
which reduce the chance of getting spyware on a system.

When a large number of pieces of spyware have infected a Windows computer, the only remedy
may involve backing up user data, and fully reinstalling the operating system. For instance, some
spyware cannot be completely removed by Symantec, Microsoft, PC Tools.

Difference between Worms and Virus

Read

Discuss

Courses

1. Worms :
Worms are similar to a virus but it does not modify the program. It replicates itself more and
more to cause slow down the computer system. Worms can be controlled by remote. The main
objective of worms is to eat the system resources. The WannaCry ransomware worm in 2000
exploits the Windows Server Message Block (SMBv1) which is a resource-sharing protocol.
2. Virus :
A virus is a malicious executable code attached to another executable file that can be harmless or
can modify or delete data. When the computer program runs attached with a virus it performs
some action such as deleting a file from the computer system. Viruses can’t be controlled by
remote. The ILOVEYOU virus spreads through email attachments.
Difference between Worms and Virus :

Basis of
Sr.No. Comparison WORMS VIRUS

A Virus is a malicious
executable code attached to
A Worm is a form of malware that another executable file which
replicates itself and can spread to can be harmless or can
1. Definition different computers via Network. modify or delete data.

The main objective of worms is to eat

the system resources. It consumes
system resources such as memory and
bandwidth and made the system slow
in speed to such an extent that it stops The main objective of viruses
2. Objective responding. is to modify the information.

It doesn’t need a host to replicate It requires a host is needed

3. Host from one computer to another. for spreading.

4. Harmful It is less harmful as compared. It is more harmful.

Detection and Worms can be detected and removed Antivirus software is used for
5. Protection by the Antivirus and firewall. protection against viruses.

Viruses can’t be controlled by

6. Controlled by Worms can be controlled by remote. remote.
 Worms are executed via weaknesses Viruses are executed via
7. Execution in the system. executable files.

Worms generally comes from the Viruses generally comes from

downloaded files or through a the shared or downloaded
8. Comes from network connection. files.

 Hampering computer performance

by slowing down it  Pop-up windows linking to
 Automatic opening and running of malicious websites
programs  Hampering computer
 Sending of emails without your performance by slowing
knowledge down it
 Affected the performance of web  After booting, starting of
browser unknown programs.
9. Symptoms  Error messages concerning to  Passwords get changed
system and operating system without your knowledge
 Installation of Antivirus
software
 Never open email
attachments
 Keep your operating system and  Avoid usage of pirated
system in updated state software
 Avoid clicking on links from  Keep your operating
untrusted or unknown websites system updated
 Avoid opening emails from  Keep your browser
unknown sources updated as old versions
10. Prevention  Use antivirus software and a are vulnerable to linking
firewall to malicious websites
Boot sector virus, Direct
Internet worms, Instant messaging Action virus, Polymorphic
worms, Email worms, File sharing virus, Macro virus, Overwrite
worms, Internet relay chat (IRC) virus, File Infector virus are
11. Types worms are different types of worms. different types of viruses

Examples of viruses include

Examples of worms include Morris Creeper, Blaster, Slammer,
12. Examples worm, storm worm, etc. etc.

13. Interface
It does not need human action to It needs human action to
 replicate. replicate.

Its spreading speed is slower

14. Speed Its spreading speed is faster. as compared to worms.

What Is a Trojan Horse Virus?

A Trojan Horse Virus is a type of malware that downloads onto a computer disguised as a
legitimate program. The delivery method typically sees an attacker use social engineering to hide
malicious code within legitimate software to try and gain users' system access with their
software.

A simple way to answer the question "what is Trojan" is it is a type of malware that typically
gets hidden as an attachment in an email or a free-to-download file, then transfers onto the user’s
device. Once downloaded, the malicious code will execute the task the attacker designed it for,
such as gain backdoor access to corporate systems, spy on users’ online activity, or steal
sensitive data.

Indications of a Trojan being active on a device include unusual activity such as computer
settings being changed unexpectedly.

History of the Trojan Horse

The original story of the Trojan horse can be found in the Aeneid by Virgil and the Odyssey by
Homer. In the story, the enemies of the city of Troy were able to get inside the city gates using a
horse they pretended was a gift. The soldiers hid inside the huge wooden horse and once inside,
they climbed out and let the other soldiers in.

There are a few elements of the story that make the term “Trojan horse” an appropriate name for
these types of cyber attacks:

 The Trojan horse was a unique solution to the target’s defenses. In the original story, the
attackers had laid siege to the city for 10 years and hadn’t succeeded in defeating it. The Trojan
horse gave them the access they had been wanting for a decade. A Trojan virus, similarly, can be
a good way to get behind an otherwise tight set of defenses.
 The Trojan horse appeared to be a legitimate gift. In a similar vein, a Trojan virus looks like
legitimate software.
 The soldiers in the Trojan horse controlled the city’s defense system. With a Trojan virus, the
malware takes control of your computer, potentially leaving it vulnerable to other “invaders.”
How Do Trojans Work?

Unlike computer viruses, a Trojan horse cannot manifest by itself, so it needs a user to download
the server side of the application for it to work. This means the executable (.exe) file should be
implemented and the program installed for the Trojan to attack a device’s system.

A Trojan virus spreads through legitimate-looking emails and files attached to emails, which are
spammed to reach the inboxes of as many people as possible. When the email is opened and the
malicious attachment is downloaded, the Trojan server will install and automatically run every
time the infected device is turned on.

Devices can also be infected by a Trojan through social engineering tactics, which cyber
criminals use to coerce users into downloading a malicious application. The malicious file could
be hidden in banner advertisements, pop-up advertisements, or links on websites.

A computer infected by Trojan malware can also spread it to other computers. A cyber criminal
turns the device into a zombie computer, which means they have remote control of it without the
user knowing. Hackers can then use the zombie computer to continue sharing malware across a
network of devices, known as a botnet.

For example, a user might receive an email from someone they know, which includes an
attachment that also looks legitimate. However, the attachment contains malicious code that
 executes and installs the Trojan on their device. The user often will not know anything untoward
has occurred, as their computer may continue to work normally with no signs of it having been
infected.

The malware will reside undetected until the user takes a certain action, such as visiting a certain
website or banking app. This will activate the malicious code, and the Trojan will carry out the
hacker’s desired action. Depending on the type of Trojan and how it was created, the malware
may delete itself, return to being dormant, or remain active on the device.

Trojans can also attack and infect smartphones and tablets using a strand of mobile malware.
This could occur through the attacker redirecting traffic to a device connected to a Wi-Fi
network and then using it to launch cyberattacks.
Most Common Types of Trojan Malware
There are many types of Trojan horse viruses that cyber criminals use to carry out different
actions and different attack methods. The most common types of Trojan used include:

1. Backdoor Trojan: A backdoor Trojan enables an attacker to gain remote access to a computer
and take control of it using a backdoor. This enables the malicious actor to do whatever they
want on the device, such as deleting files, rebooting the computer, stealing data, or uploading
malware. A backdoor Trojan is frequently used to create a botnet through a network of zombie
computers.
2. Banker Trojan: A banker Trojan is designed to target users’ banking accounts and financial
information. It attempts to steal account data for credit and debit cards, e-payment systems, and
online banking systems.
3. Distributed denial-of-service (DDoS) Trojan: These Trojan programs carry out attacks that
overload a network with traffic. It will send multiple requests from a computer or a group of
computers to overwhelm a target web address and cause a denial of service.
4. Downloader Trojan: A downloader Trojan targets a computer that has already been infected by
malware, then downloads and installs more malicious programs to it. This could be additional
Trojans or other types of malware like adware.
5. Exploit Trojan: An exploit malware program contains code or data that takes advantage of
specific vulnerabilities within an application or computer system. The cyber criminal will target
users through a method like a phishing attack, then use the code in the program to exploit a
known vulnerability.
6. Fake antivirus Trojan: A fake antivirus Trojan simulates the actions of legitimate antivirus
software. The Trojan is designed to detect and remove threats like a regular antivirus program,
then extort money from users for removing threats that may be nonexistent.
7. Game-thief Trojan: A game-thief Trojan is specifically designed to steal user account
information from people playing online games.
8. Instant messaging (IM) Trojan: This type of Trojan targets IM services to steal users’ logins
and passwords. It targets popular messaging platforms such as AOL Instant Messenger, ICQ,
MSN Messenger, Skype, and Yahoo Pager.
9. Infostealer Trojan: This malware can either be used to install Trojans or prevent the user from
detecting the existence of a malicious program. The components of infostealer Trojans can make
it difficult for antivirus systems to discover them in scans.
10. Mailfinder Trojan: A mailfinder Trojan aims to harvest and steal email addresses that have
been stored on a computer.
11. Ransom Trojan: Ransom Trojans seek to impair a computer’s performance or block data on the
device so that the user can no longer access or use it. The attacker will then hold the user or
organization ransom until they pay a ransom fee to undo the device damage or unlock the
affected data.
12. Remote access Trojan: Similar to a backdoor Trojan, this strand of malware gives the attacker
full control of a user’s computer. The cyber criminal maintains access to the device through a
remote network connection, which they use to steal information or spy on a user.
13. Rootkit Trojan: A rootkit is a type of malware that conceals itself on a user’s computer. Its
purpose is to stop malicious programs from being detected, which enables malware to remain
active on an infected computer for a longer period.
14. Short message service (SMS) Trojan: An SMS Trojan infects mobile devices and is capable of
sending and intercepting text messages. This includes sending messages to premium-rate phone
numbers, which increases the costs on a user’s phone bill.
15. Spy Trojan: Spy Trojans are designed to sit on a user’s computer and spy on their activity. This
includes logging their keyboard actions, taking screenshots, accessing the applications they use,
and tracking login data.
16. SUNBURST: The SUNBURST trojan virus was released on numerous SolarWinds Orion
Platform. Victims were compromised by trojanized versions of a legitimate SolarWinds digitally
signed file named: SolarWinds.Orion.Core.BusinessLayer.dll. The trojanized file is a backdoor.
Once on a target machine, it remains dormant for a two-week period and will then retrieve
commands that allow it to transfer, execute, perform reconnaissance, reboot and halt system
services. Communication occurs over http to predetermined URI's.

Trojan Horse and Trap Door


In this article, we will study why there is a need of security in brief followed by what exactly
Program threats (like Trojan Horse and Trap Door). Let us first understand the need of security
and program threats first.
Need of Security and Program Threats:
Security of a computer system (software one) is actually a crucial task. Security is very important
to keep the threats away from the system. Mainly security covers integrity, confidentiality, and
availability of the system. Security preserves the system from hacking and viruses, worms, and
malware. A system is said to be secured if and if only all of its resources are used in the order as
intended under all the circumstances as well as consequences, but no system can provide
absolute guarantee from several malicious tasks or threats. If a user program is altered to do
made malicious tasks, then it is known as Program Threat.
Such two program threats (including Trojan Horse and Trap Door) are mentioned in the below-
illustrated section:
1. Trojan Horse:
 A standalone malicious program that may give full control of an infected PC to another PC is
called a Trojan horse.
 This is actually a code segment that tries to misuse its own environment.
 They somehow look attractive but on the other hand, they are really harmful and they actually
serve as virus carriers.
 It may make copies of them, harm the host computer systems, or steal information.
 The Trojan horse will actually do damage once installed or run on your computer but at first,
a glance will appear to be useful software.
 Trojans are designed as they can cause serious damage by deleting files and destroying
information on your system.
 Trojans allow confidential or personal information to be compromised by the system creating
a backdoor on your computer that gives unauthorized users access to your system.
 Unlike Trojans do not self-replicate or reproduce by infecting other files nor do they self-
replicate which means Trojan horse viruses differ from other computer viruses and do not
spread themselves.
 The most popular Trojan horses are Beast, Zeus, The Blackhole Exploit Kit, Flashback
Trojan, Netbus, Subseven, Y3K Remote Administration Tool, and Back Orifice.
2.Trap Door:
 A trap door is kind of a secret entry point into a program that allows anyone to gain access to
any system without going through the usual security access procedures.
 Another definition of a trap door is it is a method of bypassing normal authentication
methods. Therefore it is also known as a back door.
 Trap Doors are quite difficult to detect and also in order to find them the programmers or the
developers have to go through the components of the system.
 Programmers use Trap door legally to debug and test programs. Trap doors turn to threats
when any dishonest programmers gain illegal access.
 Program development and software update activities should be the first focus of security
measures. The operating system that controls the trap doors is difficult to implement.

What is a Backdoor Attack?

Safe & SecurityVirusWeb Services

Cybercriminals use numerous ways to take advantage of the vulnerabilities in the operating
system or applications to infiltrate the device or network. One such method is using
the Backdoor Attack.

In this post, we would discuss what Backdoor Attack is, its types, and how to stay safe from
Backdoor Attacks.

What is a Backdoor Attack?

In cybersecurity terms, a Backdoor Attack is an attempt to infiltrate a system or a network by

maliciously taking advantage of software's weak point.
Backdoors allow the attackers to quietly get into the system by deceiving the security protocols
and gain administrative access. It is similar to the real-life robbery in which burglars take
advantage of the loopholes in a house and get a 'backdoor' entry for conducting the theft.

After gaining high-level administrative privilege, the cyber attackers could perform various
horrendous tasks like injecting spyware, gaining remote access, hack the device, steal sensitive
information, encrypt the system through ransomware, and many more.

Backdoors are originally meant for helping software developers and testers, so they are not
always bad.

Types of Backdoor

As mentioned, Backdoors are not always malicious. Here are the two types of Backdoors as per
their intentions.

Administrative Backdoor

Sometimes software developers intentionally leave a backdoor into the program so that in case of
any failure or error, they can easily reach the core of the software's code and quickly solve the
issue. Such Backdoors are called the Administrative Backdoors. These deliberate Backdoors can
also help the software testers to testify the codes.

Though such Backdoors are only known to the developers, a skillful hacker can take advantage
of it and silently use it for his benefit. So Administrative Backdoor can be called a type of
loophole in the program.

Malicious Backdoor

Malicious Backdoors are the backdoors installed on the system by cybercriminals using malware
programs like Remote Access Trojan (RAT). These are specifically designed for taking control
of the system or network and conduct malicious tasks. RAT is a malware program that can reach
the root of the system and install the backdoor. RAT is generally spread through a malicious
program.

Why are Backdoors dangerous?

It might be evident by now what havoc a software backdoor can create, even if it is meant for the
rightful purposes. Here is the list of the malicious purposes a backdoor can be used for:

 Backdoor can be a gateway for dangerous malware like trojans, ransomware, spyware,
and others. Using backdoor, it becomes easy for the cyberattackers to release the malware
programs to the system.
 Backdoors are the best medium to conduct a DDoS attack in a network.
  Cryptojackers can use the backdoor to infiltrate your system and conduct crypto mining.
 Using backdoors, hackers can modify sensitive system settings like Administrative
passwords and others.
 Backdoors can help cyber attackers to use your internet connection remotely for
uploading and downloading.
 Attackers can also install and run some specific applications or tasks with the help of
Backdoors.

How to protect your device from Backdoor Attacks?

It is quite challenging to track Backdoor attacks as they are carried out stealthily, so it is better to
prevent them from happening on your device. Here are the best preventive measures:

Change the Default Password

If you have newly joined an organization, you might get some accounts for your work.
Generally, such accounts are transferred to the new employees with the default password such
as 1.23456, qwerty, etc. It is the responsibility of the new account holder to immediately change
the default password and set a strong one.

Monitor Network

You must regularly monitor your internet network. Check for irregularities such as a surge in
usage, slow browsing, or downloading. A Backdoor can cause such abnormalities as it might use
your data for transferring the data to and fro from your device.

Keep Firewall ON

A firewall monitors the incoming and outgoing activities across your network. It is essential to
always keep it ON.

Monitor Apps and Extensions Installation

While installing an application, make sure no other program is being installed along with the
primary one. The additional program can be malicious and can introduce a backdoor. Similarly,
before installing a plugin or web extension, verify its authenticity by seeing its ratings and
reviews.
 What Is Steganography?

A steganography technique involves hiding sensitive information within an ordinary, non-secret

file or message, so that it will not be detected. The sensitive information will then be extracted
from the ordinary file or message at its destination, thus avoiding detection. Steganography is an
additional step that can be used in conjunction with encryption in order to conceal or protect
data.

Steganography is a means of concealing secret information within (or even on top of) an
otherwise mundane, non-secret document or other media to avoid detection. It comes from the
Greek words steganos, which means “covered” or “hidden,” and graph, which means “to write.”
Hence, “hidden writing.”

You can use steganography to hide text, video, images, or even audio data. It’s a helpful bit of
knowledge, limited only by the type of medium and the author’s imagination.

Although the technique is centuries old, it’s still useful enough to make us justifiably pose the
question, “What is steganography in cyber security?” But before we explore its uses in today’s
cyber security field, let’s get more acquainted with the overall concept by looking at some
steganography examples, then wrap things up with a fun little exercise.

Different Types of Steganography

1. Text Steganography − There is steganography in text files, which entails secretly storing
information. In this method, the hidden data is encoded into the letter of each word.

2. Image Steganography − The second type of steganography is image steganography, which

entails concealing data by using an image of a different object as a cover. Pixel intensities are the
key to data concealment in image steganography.

Since the computer description of an image contains multiple bits, images are frequently used as
a cover source in digital steganography.

The various terms used to describe image steganography include:

 Cover-Image - Unique picture that can conceal data.

 Message - Real data that you can mask within pictures. The message may be in the form of
standard text or an image.
 Stego-Image − A stego image is an image with a hidden message.
 Stego-Key - Messages can be embedded in cover images and stego-images with the help of a
key, or the messages can be derived from the photos themselves.
3. Audio Steganography − It is the science of hiding data in sound. Used digitally, it protects
against unauthorized reproduction. Watermarking is a technique that encrypts one piece of data
(the message) within another (the "carrier"). Its typical uses involve media playback, primarily
audio clips.

4. Video Steganography − Video steganography is a method of secretly embedding data or

other files within a video file on a computer. Video (a collection of still images) can function as
the "carrier" in this scheme. Discrete cosine transform (DCT) is commonly used to insert values
that can be used to hide the data in each image in the video, which is undetectable to the naked
eye. Video steganography typically employs the following file formats: H.264, MP4, MPEG, and
AVI.

5. Network or Protocol Steganography − It involves concealing data by using a network

protocol like TCP, UDP, ICMP, IP, etc., as a cover object. Steganography can be used in the case
of covert channels, which occur in the OSI layer network model.

Steganography Examples Include

 Writing with invisible ink

 Embedding text in a picture (like an artist hiding their initials in a painting they’ve done)
 Backward masking a message in an audio file (remember those stories of evil messages
recorded backward on rock and roll records?)
 Concealing information in either metadata or within a file header
 Hiding an image in a video, viewable only if the video is played at a particular frame rate
 Embedding a secret message in either the green, blue, or red channels of an RRB image
Steganography can be used both for constructive and destructive purposes. For example,
education and business institutions, intelligence agencies, the military, and certified ethical
hackers use steganography to embed confidential messages and information in plain sight.

On the other hand, criminal hackers use steganography to corrupt data files or hide malware in
otherwise innocent documents. For example, attackers can use BASH and PowerShell scripts to
launch automated attacks, embedding scripts in Word and Excel documents. When a poor,
unsuspecting user clocks one of those documents open, they activate the secret, hidden script,
and chaos ensues. This process is a favored ransomware delivery method.

Difference between DOS and DDOS attack

In a DoS attack, rapid and continuous online requests are sent to a target server to
overload the server's bandwidth. Distributed denial-of-service (DDoS) attacks leverage a
wide web of computers or devices infected with malware to launch a coordinated barrage
of meaningless online requests, blocking legitimate access.
1. DOS Attack is a denial of service attack, in this attack a computer sends a massive amount of
traffic to a victim’s computer and shuts it down. Dos attack is an online attack that is used to
make the website unavailable for its users when done on a website. This attack makes the server
of a website that is connected to the internet by sending a large number of traffic to it.
2. DDOS Attack means distributed denial of service in this attack dos attacks are done from
many different locations using many systems.
Difference between DOS and DDOS attacks:

DOS DDOS

DDOS Stands for Distributed Denial of service

DOS Stands for Denial of service attack.
attack.

In Dos attack single system targets the In DDoS multiple systems attacks the victims
victim system. system..

Victim PC is loaded from the packet of data Victim PC is loaded from the packet of data sent
sent from a single location. from Multiple location.

Dos attack is slower as compared to DDoS. DDoS attack is faster than Dos Attack.

It is difficult to block this attack as multiple

Can be blocked easily as only one system is
devices are sending packets and attacking from
used.
multiple locations.

In DOS Attack only single device is used In DDoS attack,The volumeBots are used to
with DOS Attack tools. attack at the same time.

DOS Attacks are Easy to trace. DDOS Attacks are Difficult to trace.

Volume of traffic in the Dos attack is less as DDoS attacks allow the attacker to send massive
 DOS DDOS

compared to DDos. volumes of traffic to the victim network.

Types of DOS Attacks are: 1. Buffer Types of DDOS Attacks are: 1. Volumetric
overflow attacks 2. Ping of Death or ICMP Attacks 2. Fragmentation Attacks 3. Application
flood 3. Teardrop Attack 4. Flooding Attack Layer Attacks 4. Protocol Attack.

What Is SQL Injection (SQLi)?

SQL injection (SQLi) is a cyberattack that injects malicious SQL code into an application,
allowing the attacker to view or modify a database. According to the Open Web Application
Security Project, injection attacks, which include SQL injections, were the third most serious
web application security risk in 2021. In the applications they tested, there were 274,000
occurrences of injection.

To protect against SQL injection attacks, it is essential to understand what their impact is and
how they happen so you can follow best practices, test for vulnerabilities, and consider
investing in software that actively prevents attacks.

Consequences of a Successful SQL Injection Attack

SQL injection attacks can have a significant negative impact on an organization.

Organizations have access to sensitive company data and private customer information, and
SQL injection attacks often target that confidential information. When a malicious user
successfully completes an SQL injection attack, it can have any of the following impacts:

 Exposes Sensitive Company Data: Using SQL injection, attackers can retrieve and alter
data, which risks exposing sensitive company data stored on the SQL server.
 Compromise Users’ Privacy: Depending on the data stored on the SQL server, an attack
can expose private user data, such as credit card numbers.
 Give an attacker administrative access to your system: If a database user has
administrative privileges, an attacker can gain access to the system using malicious code.
To protect against this kind of vulnerability, create a database user with the least possible
privileges.
 Give an Attacker General Access to Your System: If you use weak SQL commands to
check user names and passwords, an attacker could gain access to your system without
knowing a user’s credentials. With general access to your system, an attacker can cause
additional damage accessing and manipulating sensitive information.
  Compromise the Integrity of Your Data: Using SQL injection, attackers can make
changes to or delete information from your system.

Because the impact of a successful SQL injection attack can be severe, it’s important for
businesses to practice prevention and limit vulnerabilities before an attack occurs. To do that,
you must understand how a SQL injection attack occurs, so you know what you’re up
against.

3 Types of SQL Injection

By understanding cybersecurity threats, organizations can better prepare for attacks and
remedy vulnerabilities. Let’s take a look at the types of SQL injection attacks, which fall into
three categories: in-band SQL injection, inferential SQL injection and out-of-band SQL
injection.

1. In-band SQL Injection

In-band SQL injection is the most common type of attack. With this type of SQL injection
attack, a malicious user uses the same communication channel for the attack and to gather
results. The following techniques are the most common types of in-band SQL injection
attacks:

 Error-based SQL injection: With this technique, attackers gain information about the
database structure when they use a SQL command to generate an error message from the
database server. Error messages are useful when developing a web application or web
page, but they can be a vulnerability later because they expose information about the
database. To prevent this vulnerability, you can disable error messages after a website or
application is live.
 Union-based SQL injection: With this technique, attackers use the UNION SQL
operator to combine multiple select statements and return a single HTTP response. An
attacker can use this technique to extract information from the database. This technique is
the most common type of SQL injection and requires more security measures to combat
than error-based SQL injection.

2. Inferential SQL Injection

Inferential SQL injection is also called blind SQL injection because the website database
doesn’t transfer data to the attacker like with in-band SQL injection. Instead, a malicious
user can learn about the structure of the server by sending data payloads and observing the
response. Inferential SQL injection attacks are less common than in-band SQL injection
attacks because they can take longer to complete. The two types of inferential SQL injection
attacks use the following techniques:

 Boolean injection: With this technique, attackers send a SQL query to the database and
observe the result. Attackers can infer if a result is true or false based on whether the
information in the HTTP response was modified.
  Time-based injection: With this technique, attackers send a SQL query to the database,
making the database wait a specific number of seconds before responding. Attackers can
determine if the result is true or false based on the number of seconds that elapses before
a response. For example, a hacker could use a SQL query that commands a delay if the
first letter of the first database’s name is A. Then, if the response is delayed, the attacker
knows the query is true.

3. Out-of-Band SQL Injection

Out-of-band SQL injection is the least common type of attack. With this type of SQL
injection attack, malicious users use a different communication channel for the attack than
they use to gather results. Attackers use this method if a server is too slow or unstab le to use
inferential SQL injection or in-band SQL injection.

How Is an SQL Injection Attack Performed?

SQL is a language used in programming that is designed for data in a relational data stream
management system. SQL queries execute commands, including commands to retrieve data,
update data and delete records. To execute malicious commands, an attacker can insert
malicious code into strings that are passed to a SQL server to execute. There are several
ways that malicious users can execute an attack, but common vulnerable inputs in a web
application or web page are user-input fields like forms that allow free text.

9 Best Practices to Protect Your Database from SQL Injection

When developing your website or web application, you can incorporate security measu res
that limit your exposure to SQL injection attacks. For example, the following security
prevention measures are the most effective ways to prevent SQL injection attacks:

1. Install the latest software and security patches from vendors when available.
2. Give accounts that connect to the SQL database only the minimum privileges needed.
3. Don’t share database accounts across different websites and applications.
4. Use validation for all types of user-supplied input, including drop-down menus.
5. Configure error reporting instead of sending error messages to the client web browser.
6. Use prepared statements with parameterized queries that define all the SQL code and
pass in each parameter so attackers can’t change the intent of a query later.
7. Use stored procedures to build SQL statements with parameters that are stored in the
database and called from the application.
8. Use allowlist input validation to prevent unvalidated user input from being added to
query.
9. Escape all user-supplied input before putting it in a query so that the input isn’t confused
with SQL code from the developer.

In general, organizations should avoid using shared accounts so that attackers can’t gain
further access if one account is compromised. Organizations should also avoid sending
database error messages to the client web browser because attackers can use that information
to understand technical details about the database.

CrowdStrike’s Approach to Stopping SQL Attacks

Because SQL injection is a common hacking technique and the consequences can be severe,
it’s important to protect your business from these threats. By following best practices and
periodically testing for vulnerabilities, you can reduce the likelihood of becoming a victim of
a SQL injection attack. In addition, organizations should consider investing in a
comprehensive cybersecurity solution like the CrowdStrike Falcon® platform. Cybersecurity
solutions help strengthen your security posture against SQL injection and many other
cybersecurity risks.

The Falcon platform is highly modular and extensible, making it easy to adopt the protection
you need. The cloud-based architecture can defend enterprise organizations without
compromising speed and performance. CrowdStrike’s platform can help you secure the most
critical areas of enterprise risk: endpoints, cloud workloads, identities, and data. To see how
CrowdStrike could protect your business from a SQL injection attack, read how
CrowdStrike’s threat hunting and intelligence teams stopped a SQL injection campaign .

What is a SQL injection attack?

You may not know what a SQL injection (SQLI) attack is or how it works, but you definitely
know about the victims. Target, Yahoo, Zappos, Equifax, Epic Games, TalkTalk, LinkedIn, and
Sony Pictures—these companies were all hacked by cybercriminals using SQL injections.

A SQLI is a type of attack by which cybercriminals exploit software vulnerabilities in web

applications for the purpose of stealing, deleting, or modifying data, or gaining administrative
control over the systems running the affected applications.

Cybersecurity researchers regard the SQLI as one of the least sophisticated, easy-to-defend-
against cyberthreats. Malwarebytes Labs ranked SQLI as number three in the The Top 5
Dumbest Cyber Threats that Work Anyway, citing the fact that SQLI is a known, predictable
attack with easily implemented countermeasures.

SQLI attacks are so easy, in fact, attackers can find vulnerable websites using advanced Google
searches, called Google Dorking. Once they've found a suitable target, SQLI attackers can use
automated programs to effectively carry out the attack for them. All they have to do is input the
URL of the target site and watch the stolen data roll in.

And yet SQLI attacks are commonplace and happen every day. In fact, if you have a website or
online business, cybercriminals have likely tried using the SQLI to try and break into your
website already. One study by the Ponemon Institute on The SQL Injection Threat & Recent
Retail Breaches found that 65% of the businesses surveyed were victims of a SQLI-based attack.
Frequently targeted web applications include: social media sites, online retailers, and
universities. Small-to-medium sized businesses are especially vulnerable as they are often not
familiar with the techniques cybercriminals use in a SQLI attack and, likewise, don't know how
to defend against such an attack.

With that, let's take the first step in defending against a SQL injection by educating ourselves on
the topic. Here's your primer on SQL injections.

“A SQLI is a type of attack by which cybercriminals exploit software vulnerabilities in web

applications for the purpose of stealing, deleting, or modifying data, or gaining
administrative control over the systems running the affected applications.”

How does a SQL injection work?

Developed in the early 70s, SQL (short for structured query language) is one of the oldest
programming languages still in use today for managing online databases. These databases
contain things like prices and inventory levels for online shopping sites. When a user needs to
access database information, SQL is used to access and present that data to the user. But these
databases can also contain more sensitive and valuable data like usernames and passwords, credit
card information, and social security numbers. This is where SQL injections come into play.

Put simply, a SQL injection is when criminal hackers enter malicious commands into web forms,
like the search field, login field, or URL, of an unsecure website to gain unauthorized access to
sensitive and valuable data.

Here's an example. Imagine going to your favorite online clothing site. You're shopping for
socks and you're looking at a Technicolor world of colorful socks, all available with a click of
your mouse. The wonders of technology! Every sock you see exists in a database on some server
somewhere. When you find a sock you like and click on that sock, you're sending a request to the
sock database, and the shopping site responds with the information on the sock you clicked. Now
imagine your favorite online shopping website is constructed in a slipshod manner, rife with
exploitable SQL vulnerabilities.

A cybercriminal can manipulate database queries in such a way that a request for information
about a pair of socks returns the credit card number for some unfortunate customer. By repeating
this process over and over again, a cybercriminal can plumb the depths of the database and steal
sensitive information on every customer that's ever shopped at your favorite online clothing
site—including you. Taking the thought experiment even further, imagine you're the owner of
this clothing site. You've got a huge data breach on your hands.

One SQLI attack can net cybercriminals personal information, emails, logins, credit card
numbers, and social security numbers for millions of consumers. Cybercriminals can then
turnaround and sell this personal info on the gloomiest corners of the dark web, to be used for all
kinds of illegal purposes.
Stolen emails can be used for phishing and malspam attacks. Malspam attacks, in turn, can be
used to infect victims with all kinds of
destructive malware like ransomware, adware, cryptojackers, and Trojans (e.g. Emotet), to name
a few. Stolen phone numbers for Android and iOS mobile devices can be targeted
with robocalls and text message spam.

Stolen logins from social networking sites can even be used to send message spam and steal even
more logins for additional sites. Malwarebytes Labs previously reported on hacked LinkedIn
accounts being used to spam other users with InMail messages containing bad URLs spoofed, or
faked, to look like a Google Docs login page by which cybercriminals could harvest Google
usernames and passwords.

“A cybercriminal can manipulate database queries in such a way that a request for
information about a pair of socks returns the credit card number for some unfortunate
customer.”

What is the history of SQL injections?

The SQL injection exploit was first documented in 1998 by cybersecurity researcher and hacker
Jeff Forristal. His findings were published in the long running hacker zine Phrack. Writing under
the moniker Rain Forest Puppy, Forristal explained how someone with basic coding skills could
piggyback unauthorized SQL commands onto legitimate SQL commands and pull sensitive
information out of the database of an unsecured website.

When Forristal notified Microsoft about how the vulnerability impacted their popular SQL
Server product, they didn't see it as a problem. As Forristal put it, "According to them
[Microsoft], what you're about to read is not a problem, so don't worry about doing anything to
stop it."

What makes Microsoft's lackadaisical response so shocking is many industries and institutions
seriously depended (then and now) on the company's database management technology to keep
their operations running, including retail, education, healthcare, banking, and human resources.
This leads us to the next event in the SQLI history timeline—the first major SQLI attack.

In 2007, the biggest convenience store chain in the United States, 7-Eleven, fell victim to a SQLI
attack. The Russian hackers used SQL injections to hack into the 7-Eleven website and use that
as a stepping stone into the convenience store's customer debit card database. This allowed the
hackers to then withdraw cash back home in Russia. All told, the culprits made off with two
million dollars, as Wired magazine reported.

Not all SQLI attacks are motivated by greed. In another noteworthy example from 2007,
cybercriminals used SQLI to gain administrative control over two US Army-related websites and
redirect visitors to websites with anti-American and anti-Israeli propaganda.
The 2008 MySpace data breach ranks as one of the largest attacks on a consumer website.
Cybercriminals stole emails, names, and partial passwords of almost 360 million accounts. And
this is why we don't reuse passwords from one site to the next.

The title for most egregious lack of security goes to Equifax. The 2017 Equifax data breach
yielded extremely personal information (i.e., names, social security numbers, birth dates, and
addresses) for 143 million consumers. For an organization that acts as the gatekeepers of
information for every single American, except those living off the grid, you'd think they would
take precautions against a basic SQLI attack. Before the data breach occurred, a cybersecurity
research firm even warned Equifax they were susceptible to a SQLI attack, but the credit bureau
took no action until it was too late.

In what ranks as the creepiest hack in history, a 2015 SQLI attack on toy manufacturer Vtech led
to a breach of nearly five million parents and 200,000 children. Speaking with Motherboard, the
online multimedia publication, the hacker responsible claimed they had no plans for the data and
did not publish the data anywhere online. Conversely, the hacker also explained that the data was
very easy to steal and someone else could have gotten to it first. Cold comfort indeed.

Moving forward to today, the SQLI attack is still a thing. Every three years the Open Web
Application Security Project (OWASP) ranks the Top 10 Most Critical Web Application
Security Risks. In the most recent 2017 edition, the SQLI attack ranked as number one.

Beyond the longevity of the SQLI attack, what's interesting is that SQLI attacks haven't changed
or evolved in any way. SQLI attacks work and will continue to work until people change their
attitudes about cybersecurity. Be that change.

How do SQL Injections affect my business?

As reported in our Cybercrime Tactics and Techniques report, cyberattacks (of all kind) on
businesses went up 55% in the second half of 2018, while attacks on individual consumers rose
only 4%. The stats are not surprising. Businesses with crummy security present criminals with a
soft target, holding a treasure trove of valuable data worth millions.

Conversely, a business at the center of a data breach can expect to pay out millions. An IBM
study found the average cost of a data breach, including remediation and penalties, to be $3.86
million. The LinkedIn data breach mentioned previously ended up costing the business
networking site $1.25 million in an out-of-court settlement.

After their data breach, Target was forced to pay the largest amount on record—$18.5 million—
to settle investigations brought on by multiple states. This was in addition to the $10 million
Target paid to settle a class action lawsuit brought on by consumers.

Granted, these are huge data breaches affecting millions of consumers. However, small-to-
medium sized businesses can still expect to payout $148 for each stolen consumer record.
The moral of the story? Take your security seriously and avoid being a "Target" for
cybercriminals.

How can I protect against SQL injections?

All this hand wringing aside, you're here because you know SQL injections are a serious threat.
Now, let's do something about it. Here's some tips for protecting your business against SQL
injection attacks.

Update your database management software. Your software is flawed as it comes from the
manufacturer. This is a fact. There's no such thing as bug-free software. Cybercriminals can take
advantage of these software vulnerabilities, or exploits, with a SQLI. You can protect yourself by
just patching and updating your database management software.

Enforce the principle of least privilege (PoLP). PoLP means each account only has enough
access to do its job and nothing more. For example, a web account that only needs read access to
a given database shouldn't have the ability to write, edit or change data in any way.

Use prepared statements or stored procedures. As opposed to dynamic SQL, prepared

statements limit variables on incoming SQL commands. In this way, cybercriminals can't
piggyback malicious SQL injections onto legitimate SQL statements. Stored procedures
similarly limit what cybercriminals are able to do by storing SQL statements on the database,
which are executed from the web application by the user.

Hire competent, experienced developers. SQLI attacks often result from sloppy coding. Let
your software developers know in advance what you expect as far as security is concerned.

What if my personal information was stolen in a data breach? You should take a look at
our data breach checklist. There you'll learn all about cleaning up and staying safe after a SQLI
attack data breach impacts you.

Visit OWASP. The Open Web Application Security Project, OWASP for short, is the leading
authority on web applications and they have lots of additional reading on how to prevent SQL
injections.

And if you just can't get enough SQL injection in your life, visit the Malwarebytes Labs blog for
all the latest happenings in the world of cyberthreats and cybersecurity.

What Is Buffer Overflow?

Buffer overflow is a software coding error or vulnerability that can be exploited by hackers to
gain unauthorized access to corporate systems. It is one of the best-known software security
vulnerabilities yet remains fairly common. This is partly because buffer overflows can occur in
various ways and the techniques used to prevent them are often error-prone.
 The software error focuses on buffers, which are sequential sections of computing memory that
hold data temporarily as it is transferred between locations. Also known as a buffer overrun,
buffer overflow occurs when the amount of data in the buffer exceeds its storage capacity. That
extra data overflows into adjacent memory locations and corrupts or overwrites the data in those
locations.

What Is a Buffer Overflow Attack?

A buffer overflow attack takes place when an attacker manipulates the coding error to carry out
malicious actions and compromise the affected system. The attacker alters the application’s
execution path and overwrites elements of its memory, which amends the program’s execution
path to damage existing files or expose data.

A buffer overflow attack typically involves violating programming languages and overwriting
the bounds of the buffers they exist on. Most buffer overflows are caused by the combination of
manipulating memory and mistaken assumptions around the composition or size of data.

A buffer overflow vulnerability will typically occur when code:

1. Is reliant on external data to control its behavior

2. Is dependent on data properties that are enforced beyond its immediate scope
3. Is so complex that programmers are not able to predict its behavior accurately

Buffer Overflow Exploits

The buffer overflow exploit techniques a hacker uses depends on the architecture and operating
system being used by their target. However, the extra data they issue to a program will likely
contain malicious code that enables the attacker to trigger additional actions and send new
instructions to the application.

For example, introducing additional code into a program could send it new instructions that give
the attacker access to the organization’s IT systems. In the event that an attacker knows a
program’s memory layout, they may be able to intentionally input data that cannot be stored by
the buffer. This will enable them to overwrite memory locations that store executable code and
replace it with malicious code that allows them to take control of the program.

Attackers use a buffer overflow to corrupt a web application’s execution stack, execute arbitrary
code, and take over a machine. Flaws in buffer overflows can exist in both application servers
and web servers, especially web applications that use libraries like graphics libraries. Buffer
overflows can also exist in custom web application codes. This is more likely because they are
given less scrutiny by security teams but are less likely to be discovered by hackers and more
difficult to exploit.
 Buffer Overflow Consequences

Common consequences of a buffer overflow attack include the following:

1. System crashes: A buffer overflow attack will typically lead to the system crashing. It may also
result in a lack of availability and programs being put into an infinite loop.
2. Access control loss: A buffer overflow attack will often involve the use of arbitrary code, which
is often outside the scope of programs’ security policies.
3. Further security issues: When a buffer overflow attack results in arbitrary code execution, the
attacker may use it to exploit other vulnerabilities and subvert other security services.

Types of Buffer Overflow Attacks

There are several types of buffer overflow attacks that attackers use to exploit organizations’
systems. The most common are:

1. Stack-based buffer overflows: This is the most common form of buffer overflow attack. The
stack-based approach occurs when an attacker sends data containing malicious code to an
application, which stores the data in a stack buffer. This overwrites the data on the stack,
including its return pointer, which hands control of transfers to the attacker.
2. Heap-based buffer overflows: A heap-based attack is more difficult to carry out than the stack-
based approach. It involves the attack flooding a program’s memory space beyond the memory it
uses for current runtime operations.
3. Format string attack: A format string exploit takes place when an application processes input
data as a command or does not validate input data effectively. This enables the attacker to
execute code, read data in the stack, or cause segmentation faults in the application. This could
trigger new actions that threaten the security and stability of the system.

Which Programming Languages Are More Vulnerable?

Nearly all applications, web servers, and web application environments are vulnerable to buffer
overflows. Environments that are written in interpreted languages, such as Java and Python, are
immune to the attacks, with the exception of overflows in their interpreter.

Buffer overflow attacks are typically caused by coding errors and mistakes in application
development. This results in buffer overflow as the application does not allocate appropriately
sized buffers and fails to check for overflow issues. These issues are particularly problematic in
the programming language C/C++ as it does not have buffer overflow protection built in.

This programming language is not the only one vulnerable to buffer overflow attacks. A buffer
overflow program in Assembly, C, C++ or Fortran is also particularly vulnerable and more likely
to enable attackers to compromise a system. However, applications written in JavaScript or Perl
are typically less vulnerable to buffer overflow attacks.
 How to Prevent Buffer Overflows

Application developers can prevent buffer overflows by building security measures into their
development code, using programming languages that include built-in protection, and regularly
testing code to detect and fix errors.

One of the most common methods for preventing buffer overflows is avoiding standard library
functions that have not been bounds-checked, which includes gets, scanf, and strcpy. Another
common method is to prevent buffer overruns by using bounds-checking that is enforced at
runtime. This automatically checks that the data written to a buffer is within the appropriate
boundaries.

Modern operating systems now deploy runtime protection that enables additional security against
buffer overflows. This includes common protection like:

1. Address space layout randomization (ASLR): Buffer overflow attacks typically need to know
where executable code is located. ASLR moves at random around locations of data regions to
randomize address spaces, which makes overflow attacks almost impossible.
2. Data execution prevention: This method prevents an attack from being able to run code in non-
executable regions by flagging areas of memory as executable or non-executable.
3. Structured exception handling overwrite protection (SEHOP): Attackers may look to overwrite
the structured exception handling (SEH), which is a built-in system that manages hardware and
software exceptions. They do this through a stack-based overflow attack to overwrite the
exception registration record, which is stored on the program’s stack. SEHOP prevents attackers’
malicious code from being able to attack the SEH and use its overwrite exploitation technique.

Implementing security measures around development code and operating systems is not enough
to protect organizations’ systems. When a buffer overflow vulnerability is discovered, it is
crucial to quickly patch the software and ensure it is made available to all users.

Buffer Overflow Attack Examples

A common buffer overflow example is when an attacker injects their malicious code into
corrupted memory. Or they may simply take advantage of the buffer overflow and the adjacent
memory corruption.

For example, a simple buffer overflow can be caused when code that relies on external data
receives a ‘gets()’ function to read data in a stack buffer. The system cannot limit the data that is
read by the function, which makes code safety reliant on users entering fewer than ‘BUFSIZE’
characters.

Types of Wireless and Mobile Device Attacks

Wireless and mobile devices have become ubiquitous in today’s society, and with this increased
usage comes the potential for security threats. Wireless and mobile device attacks are a growing
concern for individuals, businesses, and governments.
Below are some of the most common types of Wireless and Mobile Device Attacks:
SMiShing: Smishing become common now as smartphones are widely used. SMiShing uses
Short Message Service (SMS) to send fraud text messages or links. The criminals cheat the user
by calling. Victims may provide sensitive information such as credit card information, account
information, etc. Accessing a website might result in the user unknowingly downloading
malware that infects the device.
War driving : War driving is a way used by attackers to find access points wherever they can
be. With the availability of free Wi-Fi connection, they can drive around and obtain a very huge
amount of information over a very short period of time.
WEP attack: Wired Equivalent Privacy (WEP) is a security protocol that attempted to provide a
wireless local area network with the same level of security as a wired LAN. Since physical
security steps help to protect a wired LAN, WEP attempts to provide similar protection for data
transmitted over WLAN with encryption. WEP uses a key for encryption. There is no provision
for key management with Wired Equivalent Privacy, so the number of people sharing the key
will continually grow. Since everyone is using the same key, the criminal has access to a large
amount of traffic for analytic attacks.
WPA attack: Wi-Fi Protected Access (WPA) and then WPA2 came out as improved protocols
to replace WEP. WPA2 does not have the same encryption problems because an attacker cannot
recover the key by noticing traffic. WPA2 is susceptible to attack because cyber criminals can
analyze the packets going between the access point and an authorized user.
Bluejacking: Bluejacking is used for sending unauthorized messages to another Bluetooth
device. Bluetooth is a high-speed but very short-range wireless technology for exchanging data
between desktop and mobile computers and other devices.
Replay attacks: In a Replay attack an attacker spies on information being sent between a sender
and a receiver. Once the attacker has spied on the information, he or she can intercept it and
retransmit it again thus leading to some delay in data transmission. It is also known as playback
attack.
Bluesnarfing : It occurs when the attacker copies the victim’s information from his device. An
attacker can access information such as the user’s calendar, contact list, e-mail and text messages
without leaving any evidence of the attack.
RF Jamming: Wireless signals are susceptible to electromagnetic interference and radio-
frequency interference. Radio frequency (RF) jamming distorts the transmission of a satellite
station so that the signal does not reach the receiving station.

There are several types of attacks that target these devices, each with its own advantages
and disadvantages:

Wi-Fi Spoofing: Wi-Fi spoofing involves setting up a fake wireless access point to trick users
into connecting to it instead of the legitimate network. This attack can be used to steal sensitive
information such as usernames, passwords, and credit card numbers. One advantage of this
attack is that it is relatively easy to carry out, and the attacker does not need sophisticated tools
or skills. However, it can be easily detected if users are aware of the legitimate network’s name
and other details.
Packet Sniffing: Packet sniffing involves intercepting and analyzing the data packets that are
transmitted over a wireless network. This attack can be used to capture sensitive information
such as email messages, instant messages, and web traffic. One advantage of this attack is that it
can be carried out without the user’s knowledge. However, the attacker needs to be in close
proximity to the victim and must have the technical skills and tools to intercept and analyze the
data.
Bluejacking: Bluejacking involves sending unsolicited messages to Bluetooth-enabled devices.
This attack can be used to send spam, phishing messages, or malware to the victim’s device. One
advantage of this attack is that it does not require a network connection, and the attacker can be
located anywhere within range of the victim’s Bluetooth signal. However, it requires the attacker
to have the victim’s Bluetooth device’s address and is limited to devices that have Bluetooth
capabilities.
SMS Spoofing: SMS spoofing involves sending text messages that appear to come from a
trusted source, such as a bank or a government agency. This attack can be used to trick users into
revealing sensitive information or downloading malware. One advantage of this attack is that it
can be carried out without the user’s knowledge. However, it requires the attacker to have the
victim’s phone number, and it can be easily detected if users are aware of the legitimate source
of the message.
Malware: Malware is software designed to infect a device and steal or damage data. Malware
can be distributed through email attachments, software downloads, or malicious websites. One
advantage of this attack is that it can be carried out remotely, without the attacker needing to be
physically close to the victim. However, it requires the attacker to have a way to deliver the
malware to the victim’s device, such as through a phishing email or a fake website.
Conclusion: Wireless and mobile device attacks can have severe consequences, including the
theft of sensitive data, identity theft, financial loss, and reputational damage. To protect against
these attacks, users should always use strong passwords, keep their devices and software up-to-
date, avoid connecting to unsecured networks, and use reputable app stores. Businesses should
also implement security measures such as firewalls, intrusion detection systems, and employee
training to protect against wireless and mobile device attacks.

WHAT IS PHISHING?

Phishing is a cyber crime that leverages deceptive emails, websites, and text messages to steal
confidential personal and corporate information.
Victims are tricked into giving up personal information such as their credit card data, phone
number, mailing address, company information, etc. Criminals then use this information to steal
the victim's identity and commit further crimes using this stolen identity.
Criminals who use phishing tactics are successful because they carefully hide behind emails and
websites familiar to the intended victim. For example, the email address might
be [email protected] instead of [email protected]. Using these fake email
addresses, they urge recipients to update their account credentials to protect them from fraud.
Phishing is a type of social engineering that criminals use to steal data, infect computers, and
infiltrate company networks.

What Are The Different Types Of Phishing?

Email
This is the most common phishing tactic. An email is sent to multiple recipients urging them to
update personal information, verify account details, or change passwords.
Typically, the email is worded to promote a sense of urgency, sometimes highlighting the
recipient's need to protect themselves or their organization. The email is designed to appear to
come from a legitimate source, such as customer service for PayPal, Apple, Microsoft, a bank, or
other known companies.

Content Injection
A familiar-looking webpage, like an email account login page or online banking page, is injected
with malicious content. The content can include a link, form, or pop-up that directs people to a
secondary website where they are urged to confirm personal information, update credit card
details, change passwords, etc.

Link Manipulation
A carefully worded email arrives with a malicious link to a familiar website such as Amazon or
another popular website. When you click on the link, it takes you to a fake website designed to
look exactly like the known website, where you are then prompted to update your account
information or verify account details.
CEO Fraud
This common type of domain spoofing includes sending emails that masquerade as coming from
the CEO, human resources, or a colleague. The email may ask the recipient to transfer funds,
confirm an e-transfer or wire transfer, or send tax information.

Fake Websites
Hackers create fake websites that look just like highly frequented websites. This fake website has
a slightly different domain, for example, outlook.you.live.com instead of outlook.live.com.
People believe they're on the right website and accidentally open themselves to identity theft.

Mobile Phishing
Mobile phishing can involve fraudulent SMS, social media, voice mail, or other in-app messages
informing the recipient that their account has been closed, compromised, or is expiring. The
message includes a link, video, or message to steal personal information or install malware on
the mobile device.

Spear Phishing
Spear phishing is advanced targeted email phishing. The criminal targets a specific individual or
organization and uses focused, personalized messages to steal data that goes beyond personal
credit card information. For example, infiltrating a hospital, bank, or university to steal data
severely compromises the organization.
Voice Phishing
With voice phishing or vishing, a phone caller leaves a strongly worded voicemail or reads from
a script that urges the recipient to call another phone number. Often these calls are designed to be
urgent and encourage the recipient to act before their bank account is suspended or, worse, they
may be charged with a crime.

Session Hijacking
This type of phishing requires sophisticated techniques that allow criminals to violate a web
server and steal information stored on the server.

Malvertising
This type of malware uses online advertisements or pop-ups to encourage people to click a link
that installs malware on the computer.

Malware
Malware happens with a person clicks an email attachment and inadvertently installs software
that mines the computer and network for information. Keylogging is one type of malware that
tracks keystrokes to discover passwords. A trojan horse is another type of malware that tricks
someone into entering personal information.
 Man-In-The-Middle
With man-in-the-middle phishing attacks, the criminal tricks two people into sending
information to each other. The phisher or criminal may send fake requests to each party or alter
the information being sent and received. The people involved believe they are communicating
with each other and have no idea a third party is manipulating them.

Evil Twin Wi-Fi

In this phishing attack, cyber criminals create a fake Wi-Fi access point that acts as a legitimate
Wi-Fi hotspot. This tactic is common in coffee shops, airports, hospitals, or locations where
people routinely need Wi-Fi access. People log into this Wi-Fi access point thinking they're
using a legitimate spot, allowing criminals to intercept any data communicated on this fake Wi-
Fi account.

Cyber Crime – Identity Theft

 Read

 Discuss

 Courses


Identity Theft also called Identity Fraud is a crime that is being committed by a huge number nowadays.
Identity theft happens when someone steals your personal information to commit fraud. This theft is
committed in many ways by gathering personal information such as transactional information of another
person to make transactions.
Prerequisite – Cyber Crime, and Cybercrime causes and measures to prevent it
Example: Thieves use different mechanisms to extract information about customers’ credit cards from
corporate databases, once they are aware of the information they can easily degrade the rating of the victim’s
credit card. Having this information with the thieves can make you cause huge harm if not notified early. With
these false credentials, they can obtain a credit card in the name of the victim which can be used for covering
false debts.
Types of Identity Thefts:
There are various amount of threats but some common ones are :
 Criminal Identity Theft – This is a type of theft in which the victim is charged guilty and has to bear the
loss when the criminal or the thief backs up his position with the false documents of the victim such as ID
or other verification documents and his bluff is successful.
 Senior Identity Theft – Seniors with age over 60 are often targets of identity thieves. They are sent
information that looks to be actual and then their personal information is gathered for such use. Seniors
must be aware of not being the victim.
 Driver’s license ID Identity Theft – Driver’s license identity theft is the most common form of ID theft.
All the information on one’s driver’s license provides the name, address, and date of birth, as well as a
State driver’s identity number. The thieves use this information to apply for loans or credit cards or try to
open bank accounts to obtain checking accounts or buy cars, houses, vehicles, electronic equipment,
jewelry, anything valuable and all are charged to the owner’s name.
 Medical Identity Theft – In this theft, the victim’s health-related information is gathered and then a fraud
medical service need is created with fraud bills, which then results in the victim’s account for such
services.
 Tax Identity Theft – In this type of attack attacker is interested in knowing your Employer Identification
Number to appeal to get a tax refund. This is noticeable when you attempt to file your tax return or the
Income Tax return department sends you a notice for this.
 Social Security Identity Theft – In this type of attack the thief intends to know your Social Security
Number (SSN). With this number, they are also aware of all your personal information which is the biggest
threat to an individual.
 Synthetic Identity Theft – This theft is uncommon to the other thefts, thief combines all the gathered
information of people and they create a new identity. When this identity is being used than all the victims
are affected.
 Financial Identity Theft – This type of attack is the most common type of attack. In this, the stolen
credentials are used to attain a financial benefit. The victim is identified only when he checks his balances
carefully as this is practiced in a very slow manner.
Techniques of Identity Thefts : Identity thieves usually hack into corporate databases for personal credentials
which requires effort but with several social-engineering techniques, it is considered easy. Some common
identity theft techniques are:
 Pretext Calling – Thieves pretending to be an employee of a company over phone asking for financial
information are an example of this theft. Pretending as legitimate employees they ask for personal data with
some buttery returns.
 Mail Theft – This is a technique in which credit card information with transactional data is extracted from
the public mailbox.
 Phishing – This is a technique in which emails pertaining to be from banks are sent to a victim with
malware in it. When the victim responds to mail their information is mapped by the thieves.
 Internet – Internet is widely used by the world as attackers are aware of many techniques of making users
get connected with public networks over Internet which is controlled by them and they add spyware with
downloads.
 Dumpster Diving – This is a technique that has made much information out of the known institutions. As
garbage collectors are aware of this they search for account related documents that contain social security
numbers with all the personal documents if not shredded before disposing of.
 Card Verification Value (CVV) Code Requests – The Card Verification Value number is located at the
back of your debit cards. This number is used to enhance transaction security but several attackers ask for
this number while pretending as a bank official.
Steps Of Prevention From Identity Theft:
Following are some methods by which you can enhance your security for identity thefts :
1. Use Strong Passwords and do not share your PIN with anyone on or off the phone.
2. Use two-factor notification for emails.
3. Secure all your devices with a password.
4. Don’t install random software from the internet.
5. Don’t post sensitive information over social media.
6. While entering passwords at payment gateway ensure its authenticity.
7. Limit the personal information to be carried with out.
8. Keep a practice of changing your PIN and password regularly.
9. Do not disclose your information over phone.
10. While traveling do not disclose personal information with strangers.
11. Never share your Aadhaar/PAN number (In India) with anyone whom you do not know/trust.
12. Never share your SSN (In US) with anyone whom you do not know/trust.
13. Do not make all the personal information on your social media accounts public.
14. Please never share an Aadhaar OTP received on your phone with someone over a call.
15. Make sure that you do not receive unnecessary OTP SMS about Aadhaar (if you do, your Aadhaar number
is already in the wrong hands).
16. Do not fill personal data on the website that claims to offer benefits in return.
17. Last, be a keeper of personal knowledge.