UNIT-3

Cyber Security
 Cybercrime
• Now a days, we are connected to the Internet by many means i.e., through computer, smartphone or
tablet.
• These gadgets are used for storing personal information, online banking, online shopping, booking
tickets, playing games, and connecting with friends over social media.
• Although networks of today have simplified the communication process and have provided great
opportunities in almost all spheres, there are various types of challenges and threats associated with the
use of these networks of today.
• These threats are known as Cyber crimes.

• A cyber crime is any illegal activity done through internet.

• Eg: Identity Theft:
• Where somebody can steal your e-mail Id or password and use it to send fake e-mails to people
containing false information about the product or winning a lottery etc.
• Then there are credit card account thefts, Internet frauds like, ordering goods in your name,
extracting mobilephone contacts etc., forgery i.e., imitating documents
• Currency and objects of other people with bad intentions, harassing others and mischief mongering,
By sending threatening messages, all of which come under the jurisdiction of Indian Penal Code
(IPC).
 Cybersecurity
• Cybersecurity is the practice of protecting systems, networks, and data from digital threats.
• It encompasses strategies, technologies, and best practices to safeguard against attacks.
Types of cybercrimes
 CYBERCRIMES AGAINST AN INDIVIDUAL PERSON

• Identity theft: Criminals steal personal information to impersonate the victim.

• Online harassment (cyberbullying): Malicious online behavior causing emotional
distress.
• Phishing attacks: Deceptive emails or messages to steal sensitive information.
• Financial fraud (online scams):Scammers trick individuals into financial losses.
• Cyberstalking: Persistent and threatening online behavior.
• Social engineering: Manipulating individuals into revealing confidential information.
 CYBERCRIMES AGAINST PROPERTY
•Intellectual Property Theft:
Theft of patents, trade secrets, and proprietary information.
•Data Breaches:
Unauthorized access to sensitive data, leading to exposure or theft.
•Unauthorized Access (Hacking):
Intrusion into systems and networks for malicious purposes.
•Online Fraud and Scams:
Deceptive schemes to defraud individuals or organizations.
•Cyber-Espionage:
Covert gathering of sensitive information for strategic advantage.
•Sabotage and Destruction:
Deliberate attacks on digital assets and infrastructure.
CYBERCRIMES AGAINST ORGANISATION/SOCIETY
Data Breaches:
Unauthorized access to sensitive data, often leading to data theft or exposure.
Ransomware Attacks:
Malicious software that encrypts data and demands a ransom for decryption.
Business Email Compromise (BEC):
Scammers impersonate executives to initiate fraudulent transactions.
Advanced Persistent Threats (APTs):
Long-term, targeted attacks with the goal of espionage or data theft.
Insider Threats:
Malicious actions or negligence from employees or trusted individuals.
Distributed Denial of Service (DDoS) Attacks:
Overwhelming a network or website with traffic to disrupt services.
 Prevention and Protection
• Using strong, unique passwords for each online account.

• Being cautious with personal information sharing, especially on social media.

• Implement strong access controls, encryption, and multi-factor authentication for added security.

• Keeping software and devices up-to-date to patch vulnerabilities.

• Using reputable antivirus and anti-malware software to scan for threats.

• Implementing robust access controls and user permissions.

• Conducting regular security assessments and audits.

• Develop and enforce robust cybersecurity policies and procedures.

• Educating employees on cybersecurity best practices.

• Monitoring network traffic for anomalies.

Security Threat Management
• Threats
• Anything that can harm a computer
• Vulnerabilities are weaknesses in security
• Security attempts to neutralize threats
• Loss of privacy
• Inability to use hardware
• Inability to use software

• Types of Threats
• Threats to Users
• Threats to Data
• Threats to Hardware
 Threats to Users
• Identity Theft

• Impersonation by private information

• Thief can ‘become’ the victim

• Methods of stealing information

• Shoulder surfing- It is a form of social engineering where an attacker covertly observes a person's

keystrokes or screen to obtain sensitive information, such as passwords, PINs, or security codes.
• Snagging-systematic process of identifying and documenting construction defects, defects,

imperfections,
• Dumpster diving- to retrieve confidential or sensitive information, such as discarded documents

or electronic media.
• High-tech methods
Threats to Users
• Loss of privacy
• Personal information is stored electronically
• Purchases are stored in a database
• Data is sold to other companies
• Public records on the Internet
• Internet use is monitored and logged
• None of these techniques are illegal
Threats to Users
• Cookies
• Files delivered from a web site
• Originally improved a site’s function
• Cookies now track history and passwords
• Browsers include cookie blocking tools
• Spyware
• Software downloaded to a computer
• Designed to record personal information
• Typically undesired software
• Hides from users
• Several programs exist to eliminate
Threats to Users
• Web bugs
• Small programs embedded in gif images
• Gets around cookie blocking tools
• Companies use to track usage
• Blocked with spyware killers

• Spam
• Unsolicited commercial email
• Networks and PCs need a spam blocker
• Stop spam before reaching the inbox
• Spammers acquire addresses using many methods
• CAN-SPAM Act passed in 2003
 Threats to Data
• The most serious threat
• Data is the reason for computers
• Data is very difficult to replace
• Protection is difficult
• Data is intangible

• Viruses
• Software that distributes and installs itself
• Ranges from annoying to catastrophic
• Countermeasures
• Anti-virus software
• Popup blockers
• Do not open unknown email

• Trojan horses
• Program that poses as beneficial software
• User willingly installs the software
• Countermeasures
• Anti-virus software
Threats to Data
• Internet fraud
• Most common cybercrime
• Fraudulent website
• Have names similar to legitimate sites

• Hacking
• Using a computer to enter another network
• Cost users $1.3 trillion in 2003
• Hackers motivation
• Recreational hacking
• Financial hackers
• Grudge hacking
• Hacking methods
• Sniffing
• Social engineering
• Spoofing
Threats to Data
• Distributed denial of service attack
• Attempt to stop a public server
• Hackers plant the code on computers
• Code is simultaneously launched
• Too many requests stops the server
• Cyber terrorism
• Attacks made at a nations information
• Targets include power plants
• Threat first realized in 1996
• Organizations combat cyber terrorism
• Computer Emergency Response Team (CERT)
• Department of Homeland Security
Threats to Hardware
• Affect the operation or reliability
• Power-related threats
• Power fluctuations
• Power spikes or browns out
• Power loss
• Countermeasures
• Surge suppressors
• Line conditioners
• Uninterruptible power supplies
• Generators
Threats to Hardware
• Theft and vandalism
• Thieves steal the entire computer
• Accidental or intentional damage
• Countermeasures
• Keep the PC in a secure area
• Lock the computer to a desk
• Do not eat near the computer
• Watch equipment
• Chase away loiterers
• Handle equipment with care
Threats to Hardware
• Natural disasters
• Disasters differ by location
• Typically result in total loss
• Disaster planning
• Plan for recovery
• List potential disasters
• Plan for all eventualities
• Practice all plans
Top Computer Security Actions
Top Computer Security Actions
Top Computer Security Actions
RISK ASSESSMENTS
Forensic Analysis
 Security threat correlation
• Overview
• Network Activity & Threat Correlation
• Creating Value Within Your Organization
• Sharing Value Between Organizations
• When Does Information Sharing Work?
• Why Doesn’t Information Sharing Work?
• Potential Directions for Improvement
 Security Threat Correlation
• Security threat correlation is the process of collecting, analyzing, and correlating data
from various security sources to detect and respond to cybersecurity threats more
effectively.
Data Sources for Correlation:
• Security Information and Event Management (SIEM) systems
• Firewall logs
• Intrusion detection/prevention systems (IDS/IPS)
• Antivirus and anti-malware solutions
• Network traffic analysis
• User authentication and access logs
• Vulnerability assessment tools
The Correlation Process:
• Data Collection: Gather security data from various sources across the organization.
• Normalization: Convert data into a consistent format for analysis.
• Aggregation: Group similar data points to reduce complexity.
• Analysis: Apply correlation rules and algorithms to identify patterns and anomalies.
• Alerting: Generate alerts for potential security incidents.
• Incident Response: Investigate, mitigate, and respond to confirmed incidents.
 Security Threat Correlation- Example 1
Scenario:
• A large financial institution uses a Security Information and Event Management (SIEM) system to
monitor its network. The SIEM collects data from various sources, including firewalls, intrusion
detection systems, and server logs.
Correlation:
• The SIEM correlates data from multiple sources.
• It detects a series of login attempts from a specific IP address that have been blocked by the
firewall.
• Simultaneously, it identifies unusual data transfer activities on a server.
• Correlation rules trigger an alert, suspecting a potential brute force attack and data exfiltration.
Response:
• Security analysts investigate the alert and confirm a coordinated attack.
• They block the malicious IP address, change affected passwords, and conduct a forensic analysis.
• The incident response team identifies and remediates vulnerabilities, improving overall security.
 Security Threat Correlation- Example 2
Scenario:
• A retail company experiences a series of fraudulent transactions on its e-commerce platform. Some
customers report unauthorized credit card charges.
Correlation:
• The company's fraud detection system correlates transaction data with customer login information.
• It identifies a pattern where multiple fraudulent transactions are linked to a specific group of user
accounts.
• Further analysis reveals that all these accounts accessed the website from a single geographical
location.
Response:
• The company temporarily suspends the affected user accounts.
• The security team conducts a deeper investigation, identifying a data breach that exposed customer
credentials.
• They implement two-factor authentication and notify affected customers to change their passwords.
 Security Threat Correlation- Example 3
Scenario:
• A healthcare organization uses a combination of intrusion detection systems (IDS) and endpoint
security solutions to protect its patient data.
Correlation:
• The IDS detects suspicious network traffic patterns originating from a specific employee's
workstation.
• Simultaneously, the endpoint security solution raises an alert about unusual activity on the same
workstation.
• Correlation between the IDS and endpoint security data indicates a potential malware infection.
Response:
• The employee's workstation is isolated from the network to prevent further spread.
• The endpoint security solution quarantines the suspicious files and alerts the IT team.
• The incident response team analyzes the malware, identifies its source, and deploys a signature to
the organization's antivirus software to block it effectively.
Vulnerability Assessment
 Vulnerability Assessment
A vulnerability assessment in cybersecurity is a systematic process used to identify, assess, and
prioritize security weaknesses or vulnerabilities in an organization's digital infrastructure,
software, and networks.
Types of Vulnerabilities
• Software Vulnerabilities: Flaws in software applications, operating systems, and firmware.
• Configuration Weaknesses: Inadequately configured devices, services, or systems.
• Access Control Issues: Unauthorized access, weak authentication mechanisms, or misconfigured
permissions.
• Policy Violations: Non-compliance with security policies, standards, or regulations.
• Physical Security Gaps: Weaknesses in physical security measures that could impact digital
systems.
 Vulnerability Assessment
Process
• Asset Identification: Identify and inventory all digital assets within the organization, including
hardware, software, and data.
• Vulnerability Scanning: Utilize automated tools to scan and assess the security of digital assets.
• Risk Assessment: Evaluate the severity and potential impact of identified vulnerabilities.
• Prioritization: Prioritize vulnerabilities based on their risk, potential impact, and exploitability.
• Reporting: Generate comprehensive reports detailing identified vulnerabilities and recommended
actions.
• Remediation: Develop and execute a plan to address and mitigate identified vulnerabilities.
• Verification: Validate that vulnerabilities have been successfully remediated.
• Continuous Monitoring: Establish ongoing monitoring and periodic reassessment to maintain
security.
Benefits:
•Proactive Security: Identifying vulnerabilities before exploitation reduces the risk of security incidents.
•Compliance: Helps organizations meet regulatory requirements for security assessments.
•Cost Savings: Preventing security breaches can save substantial costs associated with incident response and
recovery.
•Enhanced Resilience: Regular vulnerability assessments improve an organization's ability to withstand
cyberattacks.
 Scanning for Software Vulnerabilities-Example 1
Scenario:
• A cybersecurity team conducts regular vulnerability assessments on their organization's network
infrastructure. During a recent scan, they identified a critical vulnerability in a widely used server
software.
Correlation:
• The vulnerability assessment tool detected an unpatched software version running on a critical
server.
• The assessment revealed that the vulnerability had a high severity score and could be remotely
exploited.
• The team verified the findings and assessed the potential impact on the organization.
Response:
• The team immediately informed the system administrator about the vulnerability.
• The administrator applied the necessary patches to remediate the vulnerability.
• A follow-up scan confirmed the successful patching of the server.
 Configuration Weakness Discovery- Example 2
Scenario:
• An e-commerce company conducts a vulnerability assessment on its web application. During the
assessment, they identified a configuration weakness in their web server settings.
Correlation:
• The assessment identified that the web server's directory listing was enabled, revealing sensitive
files and directories to potential attackers.
• The vulnerability assessment report included recommendations for securing the web server's
configuration.
Response:
• The IT team reconfigured the web server to disable directory listing.
• They also implemented additional security measures, such as a web application firewall (WAF), to
enhance security.
• A subsequent vulnerability assessment confirmed that the configuration weakness had been
mitigated.
 Access Control Issue Detection- Example
3
Scenario:
• A financial institution conducts regular vulnerability assessments to ensure the security of customer
data. During an assessment, they identified an access control issue in their customer database.
Correlation:
• The vulnerability assessment revealed that several database accounts had overly permissive
privileges, allowing unauthorized access to sensitive customer information.
• The assessment highlighted the potential for data breaches and non-compliance with data
protection regulations.
Response:
• The organization's database administrators immediately reviewed and revised the access control
settings.
• They implemented a principle of least privilege (PoLP) to restrict access based on job roles and
responsibilities.
• Subsequent assessments confirmed that access control had been strengthened, reducing the risk of
unauthorized data access.