“Cyber Security Threats”

A Project
Submitted in partial fulfillment of the requirement for the award of Diploma in Computer
Engineering Discipline
Submitted To

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION, MUMBAI

(DTE Code: 5009)

Submitted By:
Mr. CHETAN PATIL Roll No. 3122
Mr. KALPESH BORSE Roll No. 3125
Mr. ADITYA GAIKWAD Roll No. 3129
Ms. LALIT BORSE Roll No. 3162
Ms. RURUJA KAKUSTE Roll No. 3112

Under the Guidance of

Prof. Mr.Dinesh Bharote

DEPARTMENT OF COMPUTER ENGINEERING

GOVERNMENT POLYTECHNIC
NANDURBAR, DIST- NANDURBAR (MSBTE CODE: 1432)
YEAR 2022-23
 GOVERNMENT POLYTECHNIC,
NANDURBAR, DIST - NANDURBAR (MSBTE CODE: 1432)

CERTIFICATE
This is to certify that

Mr. CHETAN PATIL Roll No. 3122

Mr. KALPESH BORSE Roll No. 3125
Mr. ADITYA GAIKWAD Roll No. 3129
Ms. LALIT BORSE Roll No. 3162
Ms. RURUJA KAKUSTE Roll No. 3112

Has satisfactorily completed project entitled

“ Emerging Trends in Computer and Information Technology(ETI)”

As prescribed by Maharashtra State Board of Technical Education, Mumbai as a part of
syllabus for the partial fulfilment in Diploma in Computer Engineering for Academic year
2022-23.

GUIDE H.O.D.
Prof. Mr.Dinesh Bharote Prof. S. B. Thakre

EXAMINER PRINCIPAL
--------------- Dr. S. B. Pable
 GOVERNMENT POLYTECHNIC,
NANDURBAR, DIST - NANDURBAR (MSBTE CODE: 1432)

CERTIFICATE OF APPROVAL

The Project entitled “Cyber Security Threats” being submitted by “CHETAN PATIL,

KALPESH BORSE, ADITYA GAIKWAD, LALIT BORSE and RURUJA KAKUSTE” has
been examined by us and is hereby approved for the partial award of Diploma in Computer
Engineering for which it has been submitted. It is understood that by this approval the
undersigned do not necessarily endorse or approve any statement made, opinion expressed or
conclusion drawn therein, but approve the project only for the purpose for which it has been
submitted.

(Internal Examiner)
Date:
 INDEX

Sr. No Title Page No

1 Abstract 5

2 Objectives (Cos) 6

3 Cyber Threats 7

4 Types of Cyber Threats 8

5 Conclusion 10

6 References 10

7 Weekly Work / Progress Report 1

 Brief Information of The Project:

Cyber security is the practice of defending computers, servers, mobile

devices, electronic systems, networks, and data from malicious attacks. It's also
known as information technology security or electronicinformation security.
 Cyber Security can be categorized into five
distinct types:
1. Critical infrastructure security.
2. Application security.
3. Network security.
4. Cloud security.
5. Internet of things (IOT) security.

Network security is the practice of securing a computer network from

intruders, whether targetedattackers or opportunistic malware.

Application security focuses on keeping software and devices free of

threats. A compromised application could provide access to the data its
designed to protect. Successful security begins in the design stage, well
before a program or device is deployed.

Information security protects the integrity and privacy of data, both in storage and
in transit.

Operational security includes the processes and decisions for handling and
protecting data assets. Thepermissions users have when accessing a network and
the procedures that determine how and where data may be stored or shared all fall
under this umbrella.

Disaster recovery and business continuity define how an organization responds

to a cyber-security incident or any other event that causes the loss of operations or
data. Disaster recovery policies dictate how the organization restores its
operations and information to return to the same operating capacity as before the
event. Business continuity is the plan the organization falls back on while trying to
operatewithout certain resources.
End-user education addresses the most unpredictable cyber-security factor:
people. Anyone can accidentally introduce a virus to an otherwise secure system by
failing to follow good security practices.Teaching users to delete suspicious email
attachments, not plug in unidentified USB drives, and variousother important
lessons is vital for the security of any organization.
The scale of the cyber threat :
The he global cyber threat continues to evolve at a rapid pace, with a rising
number of data breaches each year. A report by RiskBased Security revealed that a
shocking 7.9 billion records have been exposed by databreaches in the first nine
months of 2019 alone. This figure is more than double (112%) the number of
records exposed in the same period in 2018.
Medical services, retailers and public entities experienced the most breaches,
with malicious criminals responsible for most incidents. Some of these sectors
are more appealing to cybercriminals because they collect financial and
medical data, but all businesses that use networks can be targeted for customer
data,corporate espionage, or customer attacks.

With the scale of the cyber threat set to continue to rise, the International Data
Corporation predicts that worldwide spending on cyber-security solutions will
reach a massive $133.7 billion by 2022. Governments across the globe have
responded to the rising cyber threat with guidance to help organizations implement
effective cyber-security practices.

In the U.S., the National Institute of Standards and Technology (NIST) has
created a cyber-security framework. To combat the proliferation of
malicious code and aid in early detection, the framework recommends
continuous, real-time monitoring of all electronic resources.

The importance of system monitoring is echoed in the “10 steps to cyber security”,
guidance provided by the U.K. government’s National Cyber Security Centre. In
Australia, The Australian Cyber Security Centre (ACSC) regularly publishes
guidance on how organizations can counter the latest cyber-securitythreats.

Types of Cyber Threads

The threats countered by cyber-security are three-fold:
1. Cybercrime includes single actors or groups targeting systems for financial gain
or to cause disruption.

2. Cyber-attack often involves politically motivated information gathering.

3. Cyberterrorism is intended to undermine electronic systems to cause panic or

fear.
So, how do malicious actors gain control of computer systems? Here are some
common methods used tothreaten cyber-security:

Malware :
Malware means malicious software. One of the most common cyber threats,
malware is software that a cybercriminal or hacker has created to disrupt or
damage a legitimate user’s computer. Often spread via anunsolicited email
attachment or legitimate-looking download, malware may be used by
cybercriminals to make money or in politically motivated cyber-attacks.

There are a number of different types of malware, including:

Virus: A self-replicating program that attaches itself to clean file and spreads
throughout a computersystem, infecting files with malicious code.

Trojans: A type of malware that is disguised as legitimate software.

Cybercriminals trick users intouploading Trojans onto their computer where
they cause damage or collect data.
Spyware: A program that secretly records what a user does, so that
cybercriminals can make use of thisinformation. For example, spyware could
capture credit card details.

Ransomware: Malware which locks down a user’s files and data, with the
threat of erasing it unless aransom is paid.

Adware: Advertising software which can be used to spread malware.

Botnets: Networks of malware infected computers which cybercriminals use to
perform tasks onlinewithout the user’s permission.

SQL Injection
An SQL (structured language query) injection is a type of cyber-attack used to
take control of and steal datafrom a database. Cybercriminals exploit
vulnerabilities in data-driven applications to insert malicious code into a
databased via a malicious SQL statement. This gives them access to the sensitive
information contained in the database.

Phishing
Phishing is when cybercriminals target victims with emails that appear to be from
a legitimate company asking for sensitive information. Phishing attacks are often
used to dupe people into handing over credit carddata and other personal
information.

Man-in-the-middle attack
A man-in-the-middle attack is a type of cyber threat where a cybercriminal
intercepts communication between two individuals in order to steal data. For
example, on an unsecure WiFi network, an attacker couldintercept data being
passed from the victim’s device and the network.

Denial-of-service attack
A denial-of-service attack is where cybercriminals prevent a computer system
from fulfilling legitimaterequests by overwhelming the networks and servers
with traffic. This renders the system unusable, preventing an organization
from carrying out vital functions.
Latest cyber threats In India :
Cosmos Bank Attack : Yet, India has a long way to go to catch up with leading
global players in cybersecurity. The malware attack on Cosmos Bank in 2014, in
which customers lost 094 crore, was a glaring example of how Indian markets
could be easy targets for financial crime syndicates. Brijesh Singh,who handled
the case, said he found fraudulent transactions made in 29 countries in two and a
half hours. The manner in which the crime was committed showed
sophistication and large-scale coordination by international hackers. “What was
equally shocking was how online actors used unsuspecting people as money
mules to launder money for various criminal operations,” he said.

The Cosmos Bank case has shown that Indian agencies need to step up further
in monitoring and preventing money crimes. Sameer Ratolikar, chief information
security officer of HDFC Bank, said Indian banks were facing more social
engineering attacks like phishing, especially during the pandemic because ofthe
growing number of online transactions.

Air India Cyber Attack: In February 2021, when SITA, the Geneva-based air
transport data giant which serves more than 90 per cent of the world’s airlines,
informed Air India that hackers stole the personaldata of 4.5 million passengers, it
presented yet another challenge for India’s cybersecurity establishment.
The attack happened outside Indian jurisdiction, yet millions of Indians were
affected. “The breach involvedpersonal data spanning almost a decade from
August 26, 2011 to February 3, 2021,” Air India said in a statement. While the
Indian cyber-warriors tried their best to limit the damage caused by the breach,
they soon realised that investigation into attacks which happened outside the
Indian cyberspace was not easy because of jurisdictional issues.

What’s upping India’s cybersecurity threat?

India is one of the fastest-growing markets for digital technologies fuelling
government’s push towardsactualising its Digital India mission. Whether
creating broadband highways or rolling out services such as DigiLocker and e-
governance schemes like the Jan Dhan Yojana, the government has pushed for as
much digital adoption as possible over the past five years.
India now has over 1.15 billion phones and more than 700 million internet users
and makes it a large pool of digitally vulnerable targets. The pandemic has only
exacerbated this problem as it resulted in an even heavierdependence on digital
technologies. From payments to e-shopping to WFH, the pandemic led to greater
adoption of interconnected devices and hybrid work networks. Consequently, this
vast and rapid expansion of digital assets have increased the surface area for cyber-
attacks by malicious actors and adversaries. The recent spate of attacks on
electricity grids and financial institutions should alert us to the true possibility of
potentially dangerous scenarios in the future.
Cyber threats are of varied nature and some of the key notable ones would be i)
Malware, Viruses, Trojans, spywares, ii) Backdoors, which allow remote access,
iii) DDoS (Distributed Denial of Service), which floodsservers and networks and
makes them unusable, iv) DNS (Domain Named System) poisoning attacks, which
compromises the DNS and redirect websites to malicious sites.
End-user protection
End-user protection or endpoint security is a crucial aspect of cyber security.
After all, it is often an individual (the end-user) who accidentally uploads malware
or another form of cyber threat to their desktop,laptop or mobile device.

So, how do cyber-security measures protect end users and systems? First, cyber-
security relies on cryptographic protocols to encrypt emails, files, and other
critical data. This not only protects information intransit, but also guards against
loss or theft.
In addition, end-user security software scans computers for pieces of malicious
code, quarantines this code, and then removes it from the machine. Security
programs can even detect and remove malicious code hiddenin primary boot record
and are designed to encrypt or wipe data from computer’s hard drive.

Electronic security protocols also focus on real-time malware detection. Many

use heuristic and behavioralanalysis to monitor the behavior of a program and its
code to defend against viruses or Trojans that change their shape with each
execution (polymorphic and metamorphic malware). Security programs can
confine potentially malicious programs to a virtual bubble separate from a user's
network to analyze their behavior and learn how to better detect new infections.

Security programs continue to evolve new defenses as cyber-security

professionals identify new threats andnew ways to combat them. To make the most
of end-user security software, employees need to be educated about how to use it.
Crucially, keeping it running and updating it frequently ensures that it can protect
users against the latest cyber threats.
 Cyber safety tips - protect yourself against
cyberattacks
How can businesses and individuals guard against cyber threats? Here are our
topcyber safety tips:

Update your software and operating system: This means you benefit from
thelatest security patches.

Use anti-virus software: Security solutions like Kaspersky Total Security

willdetect and removes threatsKeep your software updated for the best level
of protection.

Use strong passwords: Ensure your passwords are not easily guessable.

Do not open email attachments from unknown senders: These could be

infectedwith malware.

Do not click on links in emails from

unknown senders or unfamiliar websites:
This is a common waythat malware is spread.

Avoid using unsecure WiFi networks in public places: Unsecure

networksleave you vulnerable toman-in-the-middle attacks.

Conclusion :
Cyber security is one of the most important aspects of the fast-paced
growingdigital world. The threats ofit are hard to deny, so it is crucial to
learn how todefend from them and teach others how to do it too.

13
 Weekly Work / Progress Report

Details of Engagement Hours of the Student

Regarding Completion of the Project

Week Duration Sign of the

No. Date in hours Work or activity Performed Guide

Two hours Discussion and Finalization of the

1 Project Title

Two hours Preparation and Submission of

2 Abstracts

3 Two hours Literature Review

4 Two hours Collection of Data

5 Two hours Collection of Data

6 Two hours Discussion and Outline of Content

7 Two hours Rough Writing of the Projects Contents

8 Two hours Editing and Proof Reading of the Contents

9 Two hours Final Completion of the Project

Two hours Seminar Presentation, viva-vice,

10 Assessment and Submission of Report

14
 Evaluation Sheet for the Micro Project
Name of the Faculty: Prof. Dhinesh Bharote
Course: ETI Course code: 22618
Semester: VI
Title of the project: Emerging Trends in Computer and Information Technology (22618)

Roll No Student Name Marks out of 6 for Marks out of 4 for Total out of 10
performance in performance in
group activity oral/ presentation
3122 CHETAN PATIL

Roll No. 3160

3125 KALPESH BORSE

3129 ADITYA GAIKWAD

3162 LALIT BORSE

3112 RURUJA KAKUSTE

Prof. Dhinesh Bharote

15