UNIT -1

Overview of cyber security

Created By: Prof. Hansa Vaghela

Department of Computer Engineering
[email protected]
Course Outcome

❖ Understand the importance of privacy for the personal, organizational and cyber data

❖ Differentiate between threat, risk, attack and vulnerability.

❖ Analyze and evaluate the importance of data, its privacy and security

❖ Apply the protection measures to digital devices using latest tools and technologies

❖ Evaluate Security Model of any organization

Content

❖ Overview of cyber security

❖ Cyber security increasing threat landscape

❖ Cyber security terminologies

❖ Non-state actors

❖ Cyber terrorism

❖ Protection of end user machine

❖ Critical IT and National Critical Infrastructure

❖ Cyber warfare

❖ Case Studies
Overview of cyber security

Cybersecurity divide into two parts one is cyber, and the other is
security.

Cyber refers to the technology that includes systems, networks,

programs, and data.

security is concerned with the protection of systems, networks,

applications, and information.

In some cases, it is also called electronic information security or

information technology security.

Cyber security is vital to protecting our digital world, from personal data
to critical infrastructure.
Overview of cyber security

Definition:

“The technique of protecting internet-connected systems

such as computers, servers, mobile devices, electronic
systems, networks, and data from malicious attacks is
known as cybersecurity.”

"Cyber Security is the body of technologies, processes, and

practices designed to protect networks, devices, programs,
and data from attack, theft, damage, modification or
unauthorized access."

"Cyber Security is the set of principles and practices

designed to protect our computing resources and online
information against threats."
Types of Cyber Security
Application Information or Identity Operational
Network Security Cloud Security Mobile Security
Security Data Security management Security
• It involves • It involves • It involves in • It involves • It involves • It deals with the • It involves
implementing protecting the protecting the securing the implementing a procedure for processing and
the hardware software and information organizational strong data determining the making
and software to devices from stored in the and personal storage level of access decisions on
secure a unwanted digital data stored on mechanism to that each handling and
computer threats. This environment or mobile devices maintain the individual has securing data
network from protection can cloud such as cell integrity and within an assets.
unauthorized be done by architectures for phones, privacy of data, organization.
access, constantly the computers, both in storage
intruders, updating the organization. It tablets, and and in transit.
attacks, apps to ensure uses various other similar
disruption, and they are secure cloud service devices against
misuse. This from attacks. providers such various
security helps Successful as AWS, Azure, malicious
an organization security begins Google, etc., to threats. These
to protect its in the design ensure security threats are
assets against stage, writing against multiple unauthorized
external and source code, threats. access, device
internal threats. validation, loss or theft,
threat malware, etc.
modeling, etc.,
before a
program or
device is
deployed.
Importance of Cyber Security
Importance of Cyber Security

1) Protecting Sensitive Data

Personal information (e.g., Social Security numbers, credit card details)
Financial data (e.g., bank accounts, investment records)
Intellectual property (e.g., trade secrets, research data)
Impact of Data Breaches: Financial losses, identity theft, reputational damage
Importance of Cyber Security

2) Ensuring Business Continuity

Organizations rely on technology for critical operations.
Cyberattacks can disrupt operations, leading to financial losses and customer
dissatisfaction.
Importance of Cyber Security

3) Maintaining National Security

Critical infrastructure (power grids, transportation systems) is increasingly reliant on
technology.
Cyberattacks can cripple national infrastructure, causing widespread disruption.
The Increasing Threat Landscape

What is the Threat Landscape?

❖ The ever-changing environment of cybersecurity threats and vulnerabilities.

❖ It encompasses the types of attacks, their frequency, and their potential impact.

Increasing Cyber Threat Landscape

A d vanced Tactics Increased Targets

Attackers use sophisticated techniques like Businesses, governments, and individuals are
ransomware, phishing, and social engineering to increasingly vulnerable as more devices and data are
exploit vulnerabilities. connected online.
The Increasing Threat Landscape

Why is it Increasing?

❖ Rapid technological advancements (IoT, Cloud, AI)

❖ Increased reliance on technology in all aspects of life

❖ Globalization and interconnectedness

❖ Rise of cybercrime and its impact

❖ Advanced Persistent Threats (APTs)

❖ Emergence of new threats (e.g., ransomware, IoT vulnerabilities)

❖ The role of technology in driving the threat landscape

Rise of cybercrime and its impact

Rise of Cybercrime:

Increased Sophistication & Frequency:

❖ Cybercrime is becoming more sophisticated and organized.

❖ Attacks are more frequent and impactful.

Impact:

Financial Losses:- Stolen funds, ransomware demands, business disruptions.

Data Breaches:-Exposure of sensitive data (customer information, intellectual property).

Reputational Damage:-Loss of trust, legal liabilities, negative media coverage.

Advanced Persistent Threats (APTs)

Highly sophisticated and persistent attacks carried out by nation-states, organized crime
groups, or other well-resourced adversaries.

Characteristics:
❖ Long-term campaigns: Involve sustained attacks aimed at infiltrating or exploiting a
target over an extended period.

❖ Stealthy and evasive techniques: Methods used by attackers to avoid detection and
bypass security measures.

❖ Targeting specific organizations or individuals: Involves focusing on particular entities

to exploit vulnerabilities for strategic gains.

Objectives:
❖ Espionage, sabotage, data theft, disruption of critical infrastructure
Emergence of New Threats

Ransomware:
❖ Encrypting data and demanding a ransom for its release. Increasingly sophisticated and
impactful, targeting critical infrastructure.

IoT Vulnerabilities:

❖ Exploiting vulnerabilities in internet-connected devices (smart homes, medical devices).

Supply Chain Attacks:

❖ Compromising software development processes or third-party vendors to infiltrate target

organizations.

Cloud Security Challenges:

❖ Data breaches, misconfigurations, insider threats within cloud environments.

The Role of Technology in Driving the Threat Landscape

Increased Connectivity:

❖ The rise of the Internet of Things (IoT) creates a vast attack surface.

Cloud Computing:

❖ While offering benefits, cloud environments introduce new security challenges.

Artificial Intelligence (AI) and Machine Learning:

❖ AI can be used by both attackers and defenders, making the threat landscape more
dynamic.
Cybersecurity Terminologies

Attack
Cyber Space Attack
Vector

Attack
Threat Risk
surface

Vulnerability Exploit Exploitation

Hacker
Cybersecurity Terminologies

Cyberspace:

❖ a virtual environment created by the

interconnection of computers and
networks that allows people to
communicate, share information, and
participate in various activities.

❖ The digital environment where

computers and networks communicate.
Cyber Space

Aspect Cyberspace Physical World

Nature Virtual, digital Tangible, physical

Location Exists in computer networks and the internet Exists in the natural, material environment

Digital communication (emails, messages, social

Communication Face-to-face communication, physical mail
media)

Commerce E-commerce, digital transactions Traditional retail, physical currency transactions

Interactions Online interactions, virtual communities In-person interactions, physical communities

Access Requires electronic devices and internet connection Accessible without technology (physical presence)

Security Cybersecurity measures (firewalls, encryption) Physical security measures (locks, surveillance)

Presence Avatars, usernames, digital identities Physical presence, real identities

Regulation Digital laws, online governance, and policies Physical laws, regulations, and societal norms

Environment Digital ecosystems (websites, platforms) Natural and built environments (cities, nature)
Cybersecurity Terminologies

Attack: An attempt to exploit a

vulnerability to compromise a
system.

Attack Vector: The path or method

used by an attacker to gain
unauthorized access.

Attack vectors are the specific paths

or methods that cyber attackers use
to gain unauthorized access to a
system, network, or application.

These vectors serve as entry points

for attacks, allowing malicious actors
to exploit vulnerabilities.
Cybersecurity Terminologies

Attack Surface:

❖ The total area of a computer system or network that is exposed to potential attacks.

❖ Attack surface is the general term for the areas of a system, device, or network that contain
security vulnerabilities that may be exploited.

❖ The attack surface of an organization’s computer systems and devices can often vary
significantly depending on what they are used for and how they have been configured.
Cybersecurity Terminologies
Cybersecurity Terminologies

Threat

❖ A potential danger or harm to a system or data.

❖ Computer security threats are potential threats to your computer’s efficient operation and
performance.

❖ These could be harmless adware or dangerous trojan infection.

❖ As the world becomes more digital, computer security concerns are always developing.

❖ A threat in a computer system is a potential danger that could jeopardize your data security.
Cybersecurity Terminologies
Physical Threats
• Internal: Short circuit, fire,
non-stable supply of power,
hardware failure due to excess
humidity, etc. cause it.
• External: Disasters such as
floods, earthquakes,
landscapes, etc. cause it.
• Human: Destroying of
infrastructure and/or
hardware, thefts, disruption,
and unintentional/intentional
errors are among the threats.
Non-physical threats
• Hampering of the business
operations that depend on
computer systems.
• Sensitive – data or
information loss
• Keeping track of other’s
computer system activities
illegally.
• Hacking id & passwords of the
users, etc.
Cybersecurity Terminologies

Risk: The likelihood and potential impact of a threat.

Vulnerability: A weakness in a system that can be exploited by an attacker.

Exploit: A piece of code that takes advantage of a vulnerability.

Exploitation: The act of using an exploit to compromise a system.

Cybersecurity Terminologies

Hacker

❖ An individual with advanced computer skills, often used to describe those who use
their skills for malicious purposes.

❖ Computer hackers are unauthorized users who gain access to computers in order to
steal, alter, or delete data, generally by installing malicious software without your
knowledge or agreement.

❖ They can get access to the information you don’t want them to have thanks to their
cunning techniques and in-depth technological knowledge.
Types of Hackers

• These types of hackers, often known as crackers and always have a malicious motive and
Black Hat gain illegal access to computer networks and websites.
• Their goal is to make money by stealing secret organizational data, stealing funds from
Hacker online bank accounts, violating privacy rights to benefit criminal organizations, and so
on.

• White hat hackers (sometimes referred to as ethical hackers) are the polar opposites of
black hat hackers. They employ their technical expertise to defend the planet against
White Hat malicious hackers.
• White hats are employed by businesses and government agencies as data security
hacker analysts, researchers, security specialists, etc. White hat hackers, with the permission of
the system owner and with good motives, use the same hacking tactics that the black
hackers use.

• They fall somewhere between the above-mentioned types of hackers, in that they gain
Grey Hat illegal access to a system but do so without any malicious intent.
• The goal is to expose the system’s weaknesses. Instead of exploiting vulnerabilities for
Hacker unlawful gains, grey hat hackers may offer to repair vulnerabilities they’ve identified
through their own unauthorized actions.
Non-State Actors

Who are non-state actors?

❖ Non-state actors are individuals or groups that engage in cyber activities but are not directly
affiliated with a nation-state.

❖ Entities that operate independently of any government or state authority.

❖ Include various groups and individuals with diverse motivations and capabilities.

❖ Examples of non-state actors include: script kiddies, scammers, hacktivists, blackhat hackers,
and criminal organizations
Types of Non-State Actors

Criminal Groups:

Motivation: Financial gain (e.g., ransomware, data theft, fraud)

Examples:

• Ransomware gangs: Groups that encrypt victims' data and demand a ransom for its release.

• Cybercrime syndicates: Organized groups involved in various cybercriminal activities.

Hacktivists:

Motivation: Political or social activism

Examples:

• Groups that conduct cyberattacks to protest government policies or support a particular cause.

• Defacing websites, data leaks, denial-of-service attacks.

Types of Non-State Actors

Terrorist Organizations:

Motivation: To cause disruption, fear, and political instability.

Examples:

• Using cyberattacks to disrupt critical infrastructure, spread propaganda, or recruit

members.
Motivations of Non-State Actors

Financial Gain:

❖ Primary motivation for many cybercriminals.

❖ Includes activities like stealing financial data, extorting money through ransomware, and selling stolen data on
the dark web.

Political Activism:

❖ Driven by ideological or political beliefs.

❖ Aim to disrupt government operations, spread propaganda, or raise awareness for a cause.

Espionage:

❖ Stealing sensitive information for competitive advantage, intelligence gathering, or blackmail.

Impact of Non-State Actor Attacks

Financial Loss:

❖ Ransomware payments, data breach costs, lost productivity.

Reputational Damage:

❖ Loss of customer trust, legal and regulatory consequences.

Disruption of Critical Services:

❖ Impact on healthcare, transportation, energy, and other essential services.

National Security Threats:

❖ Espionage, theft of intellectual property, sabotage of critical infrastructure.

Addressing the Threat of Non-State Actors

Enhanced Cybersecurity Measures:

❖ Implementing strong defenses against cyberattacks.

❖ Improving threat intelligence and incident response capabilities.

International Cooperation:

❖ Sharing information and collaborating to combat cybercrime.

Legal and Regulatory Frameworks:

❖ Developing and enforcing laws to deter and punish cybercriminals.

Cyberterrorism

Terrorism:

❖ The unlawful use of violence and intimidation, especially against civilians,

in the pursuit of political aims.

Cyberterrorism:

❖ The use of computers and the internet to intimidate or coerce a

government or civilian population.

❖ Exploiting vulnerabilities in computer systems and networks to achieve

terrorist objectives.
Examples of Cyberterrorism

Disrupting Critical Infrastructure:

❖ Attacking power grids, transportation systems, and communication networks.
❖ Causing widespread disruption and potential physical harm.

Spreading Propaganda and Misinformation:

❖ Disseminating false information and propaganda online to influence public opinion and incite
violence.
❖ Utilizing social media platforms to spread extremist ideologies.

Recruitment and Funding:

❖ Using online platforms to recruit new members and raise funds for terrorist activities.
Impact of Cyberterrorism

1) Social and Political Disruption:

❖ Eroding public trust, destabilizing governments, and inciting social unrest.

2) Economic Damage:
❖ Disruption of businesses, financial markets, and critical infrastructure.Loss of productivity
and economic output.

3) Loss of Life:
❖ In some cases, cyberattacks can have direct or indirect impacts on human life.
Protection of End-User Machines

❖ Endpoint security is the process of protecting endpoints on end-user devices such as

desktops, laptops, and mobile devices against attackers.

❖ Endpoint security solutions protect endpoints on a network or in the cloud against

cybersecurity threats.

❖ Endpoint Security or Endpoint Protection is a technique for the safety of computer

networks.

Examples of Endpoints

❖ Any computing device, usually a user-end device connected to an organization’s

network, is an endpoint.

Tablets, Mobile devices, Smartwatches, Printers, Servers, ATM machines, Medical Devices
Types of Endpoint Security

Internet Of Things: Securing computing devices at the networks they are linked to from
threats and breaches via means of protecting, identifying, and tracking risks.

Data Loss Prevention: It is the type of endpoint security that detecting and stopping data
breaches.

Network Access Control: It restricts the availability of network resources to endpoint devices.

URL filtering: Technology that offers enables groups to control their users and visitors on the
web page.

Browser Isolation: Isolation of a web user’s surfing interest far from their nearby networks
and infrastructure.
Protection of End-User Machines

Endpoint Security Importance

❖ Protection Against Increasing Threats

❖ Protecting Sensitive Data

❖ Mitigating Insider Threats

❖ Enhancing User Productivity

❖ End-user devices are often the first line of defense against cyberattacks.

❖ They can be entry points for malware, data breaches, and other security threats.

❖ Protecting endpoints is crucial for individual users and organizations.

Protection of End-User Machines

Endpoint Security Benefits

❖ Enhanced Protection Against Cyber Threats

❖ Improved Compliance

❖ Data Loss Prevention

❖ Centralized Management and Control

❖ Reduced Risk of Insider Threats

❖ Cost Saving
Anti-virus/Anti-malware Software

Key Role:

❖ Detecting and removing malware (viruses, worms, Trojans, ransomware, spyware).

❖ Real-time protection against new threats.

Features:

❖ Signature-based detection: Matches known malware signatures.

❖ Heuristic analysis: Identifies suspicious behavior.
❖ Behavioral analysis: Monitors program activity for malicious behavior.

Importance of Regular Updates:

Ensure the software has the latest virus definitions and security updates.
Firewalls

A security system that monitors and controls incoming and outgoing network traffic.

Types of Firewalls:

1) Software firewalls:

Installed on individual devices (e.g., Windows Firewall).

2) Hardware firewalls:
Dedicated devices that filter network traffic at the network perimeter.

How Firewalls Work:

Analyze network traffic and block unauthorized connections.

Allow only authorized traffic to pass through.

Intrusion Detection and Prevention Systems (IDPS)

Intrusion Detection Systems (IDS):

❖ Monitor network traffic for malicious activity and generate alerts.

❖ It is a security tool that monitors a computer network or systems for malicious activities
or policy violations.

❖ It helps detect unauthorized access, potential threats, and abnormal activities by

analyzing traffic and alerting administrators to take action.

❖ An IDS is crucial for maintaining network security and protecting sensitive data from
cyber-attacks.

❖ An IDS maintains network traffic looks for unusual activity and sends alerts when it
occurs.
Intrusion Detection and Prevention Systems (IDPS)

Intrusion Detection Systems (IDS):

❖ The main duties of an IDS are

anomaly detection and reporting;
however, certain Intrusion
Detection Systems can take action
when malicious activity or unusual
traffic is discovered.
Intrusion Detection and Prevention Systems (IDPS)

Intrusion Prevention Systems (IPS):

❖ Go beyond detection and actively block or prevent malicious traffic.

❖ intrusion Prevention System is also known as Intrusion Detection and Prevention

System.

❖ It is a network security application that monitors network or system activities for

malicious activity.

❖ Major functions of intrusion prevention systems are to identify malicious activity,

collect information about this activity, report it and attempt to block or stop it.

❖ Intrusion prevention systems are contemplated as augmentation of Intrusion

Detection Systems (IDS) because both IPS and IDS operate network traffic and system
activities for malicious activity.
Intrusion Detection and Prevention Systems (IDPS)

Intrusion Prevention Systems (IPS):

❖ An IPS works by analyzing network traffic in real-time and comparing it against known
attack patterns and signatures.

❖ When the system detects suspicious traffic, it blocks it from entering the network.

Benefits:

❖ Early detection of attacks and threats.

❖ Proactive prevention of security breaches.

User Education and Awareness

Importance of User Training:

❖ Educating users about cybersecurity threats and best practices.

❖ Recognizing and avoiding phishing attacks.

❖ Identifying suspicious emails and websites.

❖ Practicing safe browsing habits.

❖ Following strong password hygiene.

Training Methods:

❖ Security awareness workshops, online training modules, phishing simulations.

Protection of End-User Machines

Endpoint Software Antivirus Software

Endpoint security is the process of securing endpoints

Antivirus Software created specifically to detect,
such as workstations, and servers against threats and
prevent, and remove malware (viruses).
cyberattacks.

Antivirus Software does not provides Data Loss

Endpoint Software provides Data Loss Prevention.
Prevention.

Endpoint Software are more costlier. Antivuris Software generally have lower cost

Endpoint Software support Encryption Antivirus Software does not support encryption

Advance Firewall and network security. Basic firewall and network security
Critical IT and National Critical Infrastructure

Critical Infrastructure:

❖ Systems and assets essential for the security, economy, public health, and safety
of a nation.

❖ Examples: Power grids, transportation systems, communication networks,

healthcare systems, financial systems, water and wastewater systems.

Critical IT:

❖ Information and communication technology (ICT) systems that are vital to the
functioning of critical infrastructure.
Critical IT and National Critical Infrastructure

Interdependence:

❖ Critical infrastructure heavily relies on IT systems for operation, control, and

management.

Examples:

❖ Power Grids: SCADA systems for monitoring and control.

❖ Transportation Systems: Traffic management systems, airline reservation systems.

❖ Healthcare Systems: Electronic health records, telemedicine.

❖ Financial Systems: Electronic trading platforms, banking networks.

Cybersecurity Threats to Critical Infrastructure

Cyberattacks:

Disruption of operations:
❖ Causing power outages, transportation delays, or disruptions to healthcare
services.
❖ Data breaches: Exposing sensitive data and compromising privacy.
❖ Sabotage: Malicious attacks aimed at damaging or destroying critical
infrastructure.

Examples:
❖ Ransomware attacks: Disrupting hospital operations by encrypting critical
systems.
❖ Denial-of-service (DoS) attacks: Overwhelming critical systems with traffic,
causing outages.
❖ Data breaches: Exposing sensitive patient information in healthcare systems.
The Impact of Attacks on Critical Infrastructure

Economic Impacts:

❖ Financial losses due to disruptions and data breaches.

❖ Loss of productivity and economic output.

Social Impacts:

❖ Disruptions to essential services affecting public health and safety.

❖ Loss of public trust and confidence.

National Security Impacts:

❖ Weakening national security and resilience.

❖ Potential for cascading failures across interconnected systems.
Protecting Critical Infrastructure

Enhanced Cybersecurity Measures:

❖ Implementing robust cybersecurity defenses, including intrusion detection and

prevention systems, firewalls, and encryption.

❖ Regular security audits and vulnerability assessments.

Resilience Planning:

❖ Developing and implementing disaster recovery and business continuity plans.

International Cooperation:

❖ Sharing threat intelligence and collaborating on cybersecurity best practices.

Cyber Warfare

❖ The use of computer networks and cyberspace for military, intelligence, or

political purposes.

❖ Involves actions by a nation-state or state-sponsored actors to disrupt,

damage, or destroy enemy computer systems and networks.

Key Characteristics:

❖ State-sponsored activities

❖ Focus on military, political, or economic objectives

❖ Potential for significant disruption and damage

State-Sponsored Cyberattacks

Motivation:

❖ Espionage and intelligence gathering

❖ Disrupting enemy military operations

❖ Sabotaging critical infrastructure

❖ Undermining political stability

Examples:
❖ Stuxnet: Malware designed to sabotage Iranian nuclear centrifuges.
❖ NotPetya: A destructive malware attack that crippled Ukrainian infrastructure and
spread globally.
❖ Attacks on government agencies, critical infrastructure, and private companies.
Cyber Espionage

Stealing sensitive information:

❖ Military secrets, government documents, corporate trade secrets, personal data.

❖ Using techniques like hacking, malware, and social engineering.

Impact:

❖ Loss of competitive advantage, national security risks, erosion of trust.

Examples:

❖ Hacking into government networks to steal classified information.

❖ Targeting private companies to steal intellectual property.

Case Studies

The Importance of Studying Past Incidents:

❖ Understand attack vectors and techniques

❖ Identify vulnerabilities and weaknesses

❖ Improve security posture and incident response capabilities

❖ Learn from others' mistakes to prevent future attacks

The 2023 Costa Rica Government Ransomware Attack

What Happened:
In May 2023, the Conti ransomware group launched a series of cyberattacks against the Costa
Rican government, targeting critical infrastructure like hospitals, schools, and government
agencies.
Impact:
Disrupted essential services, including healthcare, education, and transportation.
Caused significant economic and social disruption.Exposed sensitive government data.
Lessons Learned:
Importance of robust backups and disaster recovery plans: Costa Rica lacked sufficient
backups and recovery systems, leading to prolonged disruption.
Need for improved cybersecurity infrastructure: Investments in cybersecurity defenses and
incident response capabilities are crucial for government agencies.
International cooperation: Collaboration between countries is essential to combat
ransomware and other cyber threats.
The 2023 Microsoft Cloud Services Outage

What Happened:
In July 2023, a faulty software update for Microsoft Windows caused a global IT
outage that disrupted airline and hospital operations, supermarkets, and other
businesses.
Impact:
❖ Widespread disruption of critical services.
❖ Demonstrated the interconnectedness of modern systems and the potential for
cascading failures.
Lessons Learned:
❖ Thorough testing of software updates: Rigorous testing is essential to prevent
unintended consequences.
❖ Importance of incident response planning: Organizations need to have plans in
place to mitigate the impact of service disruptions.
❖ Focus on resilience: Building more resilient systems that can withstand
disruptions.
The 2023 Uber Data Breach

What Happened:
In September 2023, a 19-year-old teenager gained access to Uber's systems by
exploiting a vulnerability in a third-party engineering tool.

Impact:
Access to sensitive company data, including employee information and customer
data.

Lessons Learned:
❖ Importance of secure software development practices: Secure coding practices
and regular security audits are crucial.
❖ Third-party risk management: Organizations must carefully vet and monitor third-
party vendors and their security practices.
❖ Employee security awareness: Educate employees about social engineering
tactics and the importance of strong security practices.
References:

[1] Stallings, W., & Brown, L. (2017). Computer Security: Principles and Practice.
Pearson Education.

[2] Stallings, W., & Brown, L. (2017). Computer Security: Principles and Practice.
Pearson Education.

https://www.geeksforgeeks.org/cyber-security-tutorial/

https://www.merriam-webster.com/dictionary/source

https://www.merriam-webster.com/dictionary/source

https://www.merriam-webster.com/dictionary/source