Cyber Offences: Unit 2 Overview

Questions and Answers

Which of the following best defines hacking within the context of cyberoffences?

Creating software to improve system performance

Developing security protocols for networks

Unauthorized access to computer systems to manipulate data (correct)

Providing assistance in recovering lost data

What is the primary goal of phishing attacks?

To steal physical assets from organizations

To destroy computer systems

To distribute malware to unsuspecting users

To obtain sensitive information by impersonating a trustworthy entity (correct)

Which of these is NOT categorized as a type of malware?

Spyware

Phishing (correct)

Worms

Ransomware

Identity theft primarily involves which of the following actions?

Stealing personal information to commit fraud

Which of the following describes cyberstalking?

Using digital means to harass or intimidate someone

What is the main characteristic of Denial of Service (DoS) attacks?

Overloading a website with excessive traffic

Child exploitation primarily refers to which of the following activities?

Using the internet to abuse or distribute illegal content involving children

Which of these is a common method associated with online fraud?

Using fake identities in investment schemes

What is a primary economic consequence of cyberoffences?

Significant financial losses

Which of the following is considered a security threat from cyberoffences?

Compromise of national security

What can result from the unauthorized access and misuse of personal data?

Identity theft

Which measure can help prevent cyberoffences?

Regular software updates

What is an example of a web-based attack?

Injection attacks

What does DNS spoofing aim to achieve?

Redirecting traffic to an attacker's computer

What attack involves stealing cookies to gain access to user data?

Session Hijacking

What is phishing primarily targeting?

User login credentials and credit card information

Which of the following best describes a brute force attack?

Using trial and error to guess passwords

What is the purpose of an incident response plan in cybersecurity?

To quickly address and mitigate cyber incidents

What is the primary goal of volume-based attacks?

To saturate the bandwidth of the attacked site

Which type of attack involves changing parts of a URL to access unauthorized web pages?

URL Interpretation

What is a common characteristic of a Trojan horse attack?

Acts as a normal application while executing malicious activities

Which of the following describes a bot?

An automated process that interacts with network services

What is the intent of a masquerade attack?

To pretend to be a legitimate user to gain access

What type of attack results in unauthorized retrieval or execution of files on a server?

File Inclusion attack

What is a primary function of a worm in cybersecurity?

To replicate itself to spread to uninfected systems

Which type of attack involves the theft of a session ID to gain unauthorized access?

Session replay

Which approach allows an attacker to intercept the client's connection and modify data en route?

Man in the Middle attacks

What does a denial of service (DoS) attack aim to achieve?

To overwhelm a target and limit user access

What is the primary focus of social engineering attacks?

Exploiting human error to obtain sensitive information

Which emotion is NOT typically used by attackers in social engineering?

Confidence

What is the first stage of the social engineering attack cycle?

Prepare by gathering background information

What type of attack involves listening to unencrypted messages exchanged between two entities?

Eavesdropping

Which characteristic is critical for a successful social engineering attack?

Exploitation of time-sensitive situations

What is a common goal of social engineering attackers?

Gaining unauthorized access to systems

What does traffic analysis rely upon when dealing with encrypted data?

Cryptanalysis of the metadata

Which method does NOT represent a way attackers can conduct social engineering?

Drive-by downloads of malware

What is a typical outcome of social engineering attacks?

Compromised personal or sensitive information

Which aspect of communication is crucial for an attacker in social engineering?

Establishing trust to manipulate the victim

What is the primary goal of cyberstalking?

To scare or distress the victim

Which of the following is NOT considered a method of cyberstalking?

Building a personal relationship

What legal consequences can someone face if convicted of cyberstalking?

Imprisonment or fines

Which tool is commonly used by cyberstalkers to track victims without their knowledge?

Stalkerware

Which of the following actions can help protect yourself against cyberstalking?

Logging out of devices when not in use

What is catfishing in the context of cyberstalking?

Creating counterfeit user profiles to deceive victims

What impact can cyberstalking have on a victim's mental health?

Increased anxiety and fear

How can GPS technology be exploited by cyberstalkers?

To track a victim's physical location

What role do false profiles play in cyberstalking?

They facilitate deception and harassment

What is one consequence of public harassment stemming from cyberstalking?

Financial costs due to legal actions

What is the first step to take when reporting cyberstalking?

Document evidence

Which of the following is considered illegal under Section 66C of the Information Technology Act in India?

Impersonating someone online

Why are cyber cafés considered hotspots for cybercrime?

They allow anonymous internet access.

What should you do after documenting evidence of cyberstalking?

Block and report the stalker

Which law addresses online stalking in India?

Indian Penal Code, Section 354D

What type of crime can happen if key loggers are installed in a cyber café?

Identity theft

What action can be taken to ensure legal support in cases of cyberstalking?

Seek legal advice

Which of the following is NOT a common cybercrime associated with cyber cafés?

Online bullying

What is one of the challenges in managing cyber crimes in cyber cafés?

Anonymity allowing untraceable activities

What should you do if you are a victim of cyberstalking?

Reach out to support organizations

What is a significant consequence of a cyber café lacking robust security measures?

Increased vulnerability to attacks

Which preventive measure can help track and prevent illegal activities in cyber cafés?

User identification verification

How do botnets primarily achieve control over infected devices?

Using malware to exploit vulnerabilities

What type of attack is primarily facilitated by botnets?

Distributed Denial of Service attacks

Which approach does a botnet utilize when a server communicates directly with infected devices?

Client server

What is one challenge that limits effective monitoring in cyber cafés?

Limited resources and public access

Which feature is essential for maintaining the security of computers in cyber cafés?

Regular updates and maintenance

What is a common use of botnets related to online criminal activities?

Mass identity theft

What is the decentralized approach in botnet communication called?

Peer to peer approach

Which preventive measure involves educating users about safe online practices?

User Education

What is the purpose of an attack vector in cybercrime?

To exploit vulnerabilities and deploy malware

Which type of attack allows cybercriminals to infiltrate a system without disturbing its resources?

Passive attack

What can be a consequence of an effective attack vector used against organizational systems?

Significant financial loss due to data breaches

Which of the following best describes an active attack?

Directly attacking a system to disable its functions

What could be a motive for cyber attackers to use attack vectors other than monetary gains?

To publicly shame an organization

Which preventive measure can help protect your system against attack vectors?

Keeping your system equipped with robust security solutions

What information might cybercriminals typically seek access to through attack vectors?

User login credentials and banking details

What is the biggest concern related to cloud computing?

Security and Privacy

Which of the following options is a typical method to gain entry into a system via an attack vector?

Opening suspicious email attachments

How could cybercriminals sabotage a competitor's business using attack vectors?

By overloading servers with unnecessary data

Which of the following best describes the risk known as 'Lock In' in cloud computing?

Dependence on a particular Cloud Service Provider

What is the primary focus of passive attacks?

To gather information without detection

What allows users to access resources in cloud computing anytime and anywhere?

On Demand Self Service

Which characteristic of cloud computing refers to scaling resources easily in response to demand?

Rapid Elasticity

What is a potential consequence of 'Insecure or Incomplete Data Deletion' in cloud computing?

Remaining sensitive data after deletion

Which risk involves the failure of mechanisms that separate storage and resources between different tenants?

Isolation Failure

What does 'Resource Pooling' in cloud computing enable?

Sharing of storage, memory, and infrastructure among multiple tenants

Which service assures that the cloud provider monitors aspects such as resource optimization and billing?

Measured Service

What is the primary focus of Cloud Computing?

Remote access to hardware and software resources

Which deployment model provides the highest level of security?

Private Cloud

Which service model allows users to access underlying infrastructure components like servers and storage?

Infrastructure-as-a-Service (IaaS)

What characterizes the Hybrid Cloud model?

It combines both public and private cloud resources.

Which of the following is NOT a benefit of Cloud Computing?

High costs of infrastructure

How does Platform-as-a-Service (PaaS) primarily support users?

By supplying runtime environments for applications

Which deployment model is specifically intended for shared access among a group of organizations?

Community Cloud

What is the advantage of using Anything-as-a-Service (XaaS)?

It encompasses various service models across industries.

What aspect of Cloud Computing makes it more collaborative and mobile for business applications?

Accessibility over public and private networks

Which historic evolution does Cloud Computing trace back to?

Implementation of mainframe computers

Study Notes

Introduction to Cyber Offences

• Cyber offences encompass illegal activities conducted via the internet, targeting individuals, organizations, or governments.
• Types of cyber offences include hacking, phishing, malware, identity theft, cyberstalking, online fraud, intellectual property theft, child exploitation, cyberterrorism, and DoS/DDoS attacks.

Importance of Addressing Cyber Offences

• Economic losses from cyber offences affect individuals, businesses, and governments through fraud and service disruptions.
• National security risks arise from compromised sensitive information and critical infrastructure.
• Privacy violations occur through unauthorized access and misuse of personal data.
• Reputational damage from cyberattacks undermines trust in businesses and individuals.
• Organizations face legal consequences for non-compliance with cybersecurity laws.

Prevention and Mitigation Strategies

• Awareness and education on cyber threats are essential for promoting safe online practices.
• Strong passwords and multi-factor authentication enhance account security.
• Regular software updates help patch vulnerabilities in systems and applications.
• Anti-malware solutions should be installed and frequently updated to combat threats.
• Data encryption protects sensitive information from unauthorized access.
• Implementing network security measures, including firewalls and intrusion detection systems, fortifies defenses.
• Incident response plans are vital for addressing cyber incidents promptly.
• Adherence to legal and regulatory frameworks ensures proper protections are in place.

Types of Cyber Attacks

• Cyber-attacks exploit computer systems and networks, often using malicious code.
• Attacks are classified into web-based and system-based categories.

Web-Based Attacks

• Injection attacks manipulate web applications through data injection (e.g., SQL Injection).
• DNS spoofing alters DNS resolver caches, redirecting traffic to fraudulent IP addresses.
• Session hijacking compromises user sessions by stealing authentication cookies.
• Phishing schemes deceive victims into providing sensitive information.
• Brute force attacks use trial-and-error methods to crack passwords.
• Denial of Service attacks flood resources, rendering services unavailable.
• Dictionary attacks utilize common passwords to gain unauthorized access.
• URL interpretation modifies URLs to access restricted pages.
• File inclusion attacks exploit vulnerable web servers to access sensitive files.
• Man-in-the-middle attacks intercept and manipulate communication between parties.

System-Based Attacks

• Viruses, self-replicating malware, spread without user knowledge and can cause system damage.
• Worms replicate to infect uninfected computers, often via email attachments.
• Trojan horses disguise themselves as legitimate software, executing malicious activities in the background.
• Backdoors provide unauthorized access, bypassing standard authentication.
• Bots automate tasks and can be used for both benign and malicious purposes.
• Active attacks alter data on the target or during transmission (e.g., masquerade, session replay, message modification).
• Passive attacks involve monitoring traffic without altering data (e.g., eavesdropping, traffic analysis).

Social Engineering

• Social engineering manipulates human behavior to acquire sensitive information.
• Attackers exploit emotional triggers like fear, curiosity, and urgency to deceive victims.
• Trust is established through rapport-building techniques to facilitate information disclosure.
• The attack cycle involves preparation, infiltration, exploitation, and release.

Cyber Stalking

• Cyberstalking involves using digital tools to harass or intimidate victims.
• Stalkers may engage in unwanted messaging, hacking accounts, or impersonating victims.
• The consequences can include legal repercussions, mental health issues, reputational damage, and invasion of privacy.

Types of Cyber Stalking

• Webcam hijacking enables unauthorized access to victim’s cameras.
• Social media monitoring allows stalkers to track location check-ins.
• Catfishing involves creating fake profiles for deception.
• Geotagging in digital photos aids stalkers in tracking victims' whereabouts.

Reporting Cyberstalking

• Document evidence of harassment through screenshots and communication records.
• Block and report offenders on social media platforms.
• Contact local law enforcement and relevant cybercrime agencies to file complaints.
• Seek legal advice for potential legal actions and ramifications.

Cyberstalking Laws in India

• Identity theft is prohibited under Section 66C of the Information Technology Act.
• Publishing obscene material is illegal as per Section 67 of the Information Technology Act.
• Stalking is addressed by Section 354D of the Indian Penal Code.
• Insulting modesty and making threats online are covered under specific IPC sections.

Cyber Cafés and Cyber Crime

• Cyber cafés provide public access to the internet and related services for a fee, facilitating various online activities.### Cyber Crimes in Cyber Cafés
• Cyber cafés facilitate internet access but are vulnerable to cybercrime due to their public nature.
• Identity theft can occur through key loggers or malicious software, capturing personal data like login credentials.
• Hackers exploit network vulnerabilities to gain unauthorized access to users' accounts and café systems.
• Phishing attacks often occur in cyber cafés through fraudulent emails or websites aimed at stealing personal information.
• Public computers can be used to download and spread malware, which can then steal data or create botnets.
• Anonymity in cyber cafés may enable illegal activities, including online fraud and drug trafficking.
• Lack of privacy exposes users to monitoring and tracking of their activities by others in the café.

Challenges in Managing Cyber Crimes

• Users often remain anonymous in cyber cafés, complicating the tracing of illegal activities.
• Cyber cafés frequently lack essential security measures, such as antivirus software and firewalls.
• Limited resources hinder effective monitoring of potential illegal activities within the café.
• Inadequate laws and regulations in some areas create gaps in responsibilities for preventing cybercrime.

Preventive Measures

• Verifying user identities before granting access can help track and deter illegal actions.
• Regular updates and maintenance of computers and networks enhance protection against vulnerabilities.
• Installing security software like antivirus programs is crucial for detecting and preventing cyber threats.
• Monitoring software and surveillance systems aid in identifying suspicious behavior in cyber cafés.
• Educating users on safe internet practices can significantly reduce the risk of cybercrime.
• Compliance with local laws regarding internet use and data protection strengthens the café's security protocols.

Botnets

• A botnet is a network of infected devices controlled by cybercriminals via malware without user awareness.
• Botnets are commonly used for sending spam, creating unusual internet traffic, and launching attacks.
• Two primary control methods exist for botnets: client-server (centralized) and peer-to-peer (decentralized), with the latter being more difficult to track.
• Zeus malware, known to have infected millions of hosts, exemplifies botnet exploitation.
• Common botnet uses include DDoS attacks, spamming, traffic sniffing, keylogging, and identity theft.

Attack Vectors

• An attack vector is the method used by cybercriminals to infiltrate systems and exploit vulnerabilities.
• Attackers can steal sensitive information such as financial data and personal identification numbers through vectors.
• Active attacks involve direct system interference, while passive attacks utilize discreet infiltration without detection.
• Mitigating attack vectors includes avoiding suspicious emails and calls, and utilizing robust security solutions.

Cloud Computing

• "Cloud" refers to a network that provides services over the internet, available through public and private networks.
• Cloud computing enables remote manipulation and access to hardware/software resources, facilitating online data storage and application use.
• Four deployment models exist: public, private, community, and hybrid clouds.
• Cloud computing relies on three service models: IaaS (Infrastructure), PaaS (Platform), and SaaS (Software).
• It began in the 1950s and has evolved into a dynamic service model, allowing on-demand resource access.

Benefits and Risks of Cloud Computing

• Key benefits include platform-independent access, no software installation needed, cost-effectiveness, and reliable resource utilization.
• Major risks include security and privacy concerns, vendor lock-in, isolation failures, management interface compromises, and potential data deletion issues.

Characteristics of Cloud Computing

• On-demand self-service allows users to access web resources anytime.
• Broad network access ensures services can be accessed from anywhere.
• Resource pooling enables multiple tenants to share computing resources efficiently.
• Rapid elasticity allows for easy scaling of resources according to demand.
• Measured service involves monitoring resource usage for optimization and billing.

Description

This quiz covers the basics of cyber offences, including various illegal activities conducted online, such as hacking and phishing. Understanding these crimes is essential for protecting individuals and organizations from digital threats. Test your knowledge on the definitions, types, and implications of cybercrimes.