4. Cyber Crime Nature of Threat IT Act.pdf

Transcript

Cyber Crime Nature of Threat IT Act
Cybercrime or a computer-oriented crime is a crime that includes a
computer and a network. The computer may have been used in the
execution of a crime or it may be the target. Cybercrime is the use of a
computer as a weapon for committing crimes such as committing fraud,
identity theft, or breaching privacy. Cybercrime, especially through the
Internet, has grown in importance as the computer has become central
to every field like commerce, entertainment, and government.
Cybercrime may endanger a person or a nation’s security and financial
health. Cybercrime encloses a wide range of activities, but these can
generally be divided into two categories:

Crimes that aim at computer networks or devices. These types of crimes
involve different threats (like virus, bugs etc.) and denial-of-service
(DoS) attacks.
Crimes that use computer networks to commit other criminal activities.
These types of crimes include cyber stalking, financial fraud or identity
theft.

We separated the different arguments (or parts) in the IF formula by a
Comma (,). However, we can also use the Semicolon (;) based on the
language settings of the machine/ device.

Classification of Cyber Crime:-
Cyber Terrorism: –
Cyber terrorism is the use of the computer and internet to perform
violent acts that result in loss of life. This may include different type of
activities either by software or hardware for threatening life of citizens.
In general, Cyber terrorism can be defined as an act of terrorism
committed through the use of cyberspace or computer resources.

1
Cyber Extortion: –
Cyber extortion occurs when a website, e-mail server or computer
system is subjected to or threatened with repeated denial of service or
other attacks by malicious hackers. These hackers demand huge money
in return for assurance to stop the attacks and to offer protection.

Cyber Warfare: –
Cyber warfare is the use or targeting in a battle space or warfare
context of computers, online control systems and networks. It involves
both offensive and defensive operations concerning to the threat of
cyber attacks, espionage and sabotage.

Internet Fraud :–
Internet fraud is a type of fraud or deceit which makes use of the
Internet and could include hiding of information or providing incorrect
information for the purpose of deceiving victims for money or property.
Internet fraud is not considered a single, distinctive crime but covers a
range of illegal and illicit actions that are committed in cyberspace.

Cyber Stalking :–
This is a kind of online harassment wherein the victim is subjected to a
barrage of online messages and emails. In this case, these stalkers
know their victims and instead of offline stalking, they use the Internet
to stalk. However, if they notice that cyber stalking is not having the
desired effect, they begin offline stalking along with cyber stalking to
make the victims’ lives more miserable.

2
Challenges in Cyber Crime:-
People are unaware of their cyber rights-
The Cybercrime usually happen with illiterate people around the world
who are unaware about their cyber rights implemented by the
government of that particular country.
Anonymity:-
Those who Commit cyber crime are anonymous for us so we cannot do
anything to that person.
Less numbers of case registered:-
Every country in the world faces the challenge of cyber crime and the
rate of cyber crime is increasing day by day because the people who
even don’t register a case of cyber crime and this is major challenge
for us as well as for authorities as well
Mostly committed by well educated people:-
Committing a cyber crime is not a cup of tea for every individual. The
person who commits cyber crime is a very technical person so he knows
how to commit the crime and not get caught by the authorities.
No harsh punishment:-
In Cyber crime there is no harsh punishment in every cases. But there
is harsh punishment in some cases like when somebody commits cyber
terrorism in that case there is harsh punishment for that individual. But
in other cases there is no harsh punishment so this factor also gives
encouragement to that person who commits cyber crime.

Prevention of Cyber Crime:-

Below are some points by means of which we can prevent cyber crime:

3
Use strong password :–
Maintain different password and username combinations for each
account and resist the temptation to write them down. Weak passwords
can be easily cracked using certain attacking methods like Brute force
attack, Rainbow table attack etc, So make them complex. That means
combination of letters, numbers and special characters.

Use trusted antivirus in devices: –
Always use trustworthy and highly advanced antivirus software in
mobile and personal computers. This leads to the prevention of
different virus attack on devices.

Keep social media private: –
Always keep your social media accounts data privacy only to your
friends. Also make sure only to make friends who are known to you.

Keep your device software updated: –
Whenever you get the updates of the system software update it at the
same time because sometimes the previous version can be easily
attacked.

Use secure network: –
Public Wi-Fi are vulnerable. Avoid conducting financial or corporate
transactions on these networks.

4
Never open attachments in spam emails :–
A computer get infected by malware attacks and other forms of
cybercrime is via email attachments in spam emails. Never open an
attachment from a sender you do not know.
Software should be updated:– Operating system should be updated
regularly when it comes to internet security. This can become a
potential threat when cybercriminals exploit flaws in the system.

Nature of Threat in Cyber Security:-
What are Cyber Security Threat?
Cybersecurity threats are acts performed by individuals with harmful
intent, whose goal is to steal data, cause damage to or disrupt
computing systems. Common categories of cyber threats include
malware, social engineering, man in the middle (MitM) attacks, denial
of service (DoS), and injection attacks—we describe each of these
categories in more detail below.

Cyber threats can originate from a variety of sources, from hostile
nation states and terrorist groups, to individual hackers, to trusted
individuals like employees or contractors, who abuse their privileges
to perform malicious acts.

Common Source of Cyber Attacks:-
Cyber threats are getting more sophisticated and intense amid
increasing levels of remote work, cloud migration and advanced cyber
adversaries. Here are the biggest threats to organizations according to
the Secureworks Counter Threat Unit™:

5
▪ Ransomware remains the primary cyber threat to organizations
with attack numbers rebounding and exceeding historical norms,
now with a median dwell between initial access and payload
delivery of just 24 hours. The top initial access vectors for
ransomware include scan-and-exploit, stolen credentials, and
commodity malware delivered via phishing emails.

▪ Infostealer activity has seen increased use, particularly by
ransomware affiliates, and this activity is a significant precursor
to ransomware attacks. These malware types steal credentials
and other sensitive information, which are then sold on
underground marketplaces.

▪ Business email compromise is one of the most financially
damaging online crimes overall for organizations. It exceeds
even ransomware in aggregate, mainly because it is so prolific,
even if individual financial losses from BEC may be lower than
individual losses from ransomware.

▪ Drive-by Downloads have become increasingly popular to
deliver malware and as an initial access vector for malware. Two
major strains of malware delivered this way are Gootloader and
SocGholish, often via compromised websites.

▪ Supply chain attacks have been leveraged by various threat
actors, including North Korean state-sponsored groups and
ransomware operators, to gain access to the suppliers’ customers
for maximize impact with minimal effort.

▪ State-sponsored threat activity continues to be driven by political
imperatives, with Russia focusing on Ukraine, North Korea on
currency theft, Iran on opposition suppression, and China on
cyberespionage.

6
Source of Cyber Threats:-
When identifying a cyber threat, it’s important to know the adversary
and understand the tactics, techniques, and procedures (TTPs)
associated with them. The TTPs of threat groups are constantly
evolving to avoid detection, but the sources of cyber threats remain the
same. There is always a human element; someone who falls for a clever
trick. But more importantly, there is also always a motive.

Understanding attacker TTPs helps identify the motive behind a cyber
threat and act to prevent the likely next steps. The Secureworks CTU™
actively tracks threat groups and their TTPs, making those insights
available to customers and using it to rapidly create countermeasures
to combat the latest threats.

Most Common Source of Cyber Threats:-
Criminal Groups:- Use cyber threats to steal money and information,
through phishing, social engineering, malicious software or other
means
Hackers:- Individuals, groups or organizations who compromise data
for malicious intent
Hacktivists:- Use cyberattacks to express social, environmental, or
political agendas, often targeting corporations, governments, and
other high-profile entities
Insider Threats:- People who work within an organization who may
intentionally or inadvertently compromise cybersecurity
Corporate Spies:- Business rivals who may employ tactics to steal
information or disrupt services
Nation States:- Governments that use cyber threats to spy on other
nations or disrupt their activities

7
Terrorist Groups:- Use cyber threats to steal information, disrupt
governmental operations or spread fear
Data Brokers:- Collect and sell user information without explicit
consent and often through underground marketplaces

Cyber Attacks Technique:-
While many types of cyber attacks are possible, typical adversary
attack techniques and tactics can be grouped within a matrix that
includes the following categories:
Initial access includes techniques used to attain a foothold within a
network, like targeted spear phishing, configuration weaknesses in
public-facing systems, or exploiting vulnerabilities.
Command and control involve techniques leveraged by attackers to
communicate with a system under their control. For example, an
attacker communicating with a system over high-numbered or
uncommon ports to evade detection by proxies/security appliances.
Collection includes tactics used by adversaries to gather and
consolidate the information they were targeting as a part of their goals.
Persistence includes techniques that enable an adversary to maintain
access to the target system, even following credential changes and
reboots. For example, an attacker creating a scheduled task that runs
their code on reboot or at a specific time.
Defense evasion includes techniques used by attackers to avoid
detection. These include hiding malicious code within trusted folders
and processes, disabling the security software, or obfuscating
adversary code.
Execution involves techniques deployed to run code on a target system.
For instance, an attacker running a PowerShell script to download
additional attacker tools or scan other systems.

8
Discovery includes techniques used by attackers to gain information
about networks and systems that they are looking to use for their
tactical advantage.
Credential access includes techniques deployed on networks and
systems to steal usernames and credentials for reuse.
Impact includes techniques leveraged by attackers to impact the
availability of data, systems, and networks. It includes denial of service
attacks, data or disk wiping software.
Lateral movement involves tactics to enable attackers to move from one
system to another within a network. Some common techniques include
abuse of remote desktop protocol or pass-the-hash methods of
authenticating users.
Exfiltration includes tactics utilized to move data from a compromised
network to a system or network that’s under the attacker’s complete
control.
Privilege escalation involves techniques utilized by adversaries to gain
high-level privileges on a system like a root or local admin.

When a criminal is trying to hack an organization, they won't try
something novel unless absolutely necessary. They draw upon common
hacking techniques that are known to be highly effective, such as
malware or phishing.

Whether you're trying to make sense of the latest data-breach headline
in the news or analyzing an incident in your own organization, it helps
to understand different cyberattack vectors.

Malware:-
Malware refers to various forms of harmful software, such as viruses
and ransomware. Once it is in your computer, it can wreak all sorts of
9
havoc, from taking control of your machine, to monitoring your actions
and keystrokes, to silently sending all sorts of confidential data from
your computer or network to the attacker's home base.

Attackers will use a variety of methods to get malware into your
computer, but at some stage it often requires the user to take an action
to install the malware. This can include clicking a link to download a
file, or opening an email attachment that may look harmless (like a
document or PDF), but actually contains a hidden malware installer.

Ransomware:-
Ransomware is a form of malware that encrypts data on infected IT
systems. It demands a ransom in exchange for a code that will –
hopefully – decrypt the infected system. The ransom payment usually
goes to an anonymous address using Bitcoin.

Adware:-
Adware is a type of malware that displays unwanted ads on end-user
devices to generate revenue from advertisers. It often will be installed
on user devices after tricking people into clicking a link. Adware then
displays the ads and simulates user clicks to defraud advertisers into
thinking that legitimate users are interacting with their ads. They then
pay the cybercriminals for these clicks.

Crypto-Jacking:-
Crypto-jacking is a type of malware that uses the resources of the
infected IT systems to “mine” for cryptocurrencies. This steals the
attacked system's computing resources by running at a high load to
generate income for the remote attackers. They’ll then make money
from the sale of the cryptocurrencies generated on the infected system.

10
Phishing :-
In a phishing attack, an attacker may send you an email that appears
to be from someone you trust, like your boss or a company you do
business with. The email will seem legitimate, and it will have some
urgency to it (e.g. fraudulent activity has been detected on your
account). In the email, there may be an attachment to open or a link to
click.

Upon opening the malicious attachment, you'll unknowingly install
malware in your computer. If you click the link, it may send you to a
legitimate-looking website that asks you to log in to access an
important file – except the website is actually a trap used to capture
your credentials.

Spear Phishing:-
Spear phishing is a highly targeted variant of phishing that uses a fake
email or message from a supposedly important individual to trick a
person within the same organization or a partner organization. Spear
phishing attempts hope to use the extra authenticity – albeit imposter
authenticity – of the sender to trick people into providing information
they shouldn't.

SQL Injection Attack:-
A structured query language (SQL) injection attack specifically targets
servers storing critical website and service data. It uses malicious code
to get the server to divulge information it normally wouldn’t. SQL is a
programming language used to communicate with databases, and can
be used to store private customer information such as credit card
numbers, usernames and passwords (credentials), or other personally

11
identifiable information (PII) – all tempting and lucrative targets for
an attacker.

Cross-Site Scripting (XSS):-
Cross-site scripting (XSS) attacks also involve injecting malicious code
into a website, but in this case the website itself is not being attacked.
Instead, the malicious code only runs in the user's browser when they
visit the attacked website, where it directly targets the visitor.

One of the most common ways an attacker can deploy an XSS attack is
by injecting malicious code into a comment or a script that could
automatically run.

Botnets:-
Botnets are widespread groups of devices that have been compromised
and hijacked by cybercriminals. The threat actors use them to target IT
systems with distributed DoS attacks or other attack types.

Denial-of-Service (DoS):-
Denial-of-service (DoS) attacks flood a website with more traffic than
it’s built to handle, thereby overloading the site’s server and making it
near-impossible to serve content to visitors. It’s possible for a denial-
of-service to occur for non-malicious reasons. For example, if a
massive news story breaks and a news organization’s site is overloaded
with traffic from people trying to learn more about the story.

Man In The Middle Attack:-
A man in the middle (MITM) attack occurs when cybercriminals
intercept and alter network traffic flowing between IT systems. The

12
MITM attack impersonates both senders and receivers on the network.
It aims to trick both into sending unencrypted data that the attacker
intercepts and can use for further attacks or financial gain.

Session Hijacking:-
Session hijacking occurs when an attacker hijacks a session by
capturing the unique – and private – session ID and poses as the
computer making a request, allowing them to log in as an unsuspecting
user and gain access to unauthorized information on the web server. If
everything goes as it should during any internet session, web servers
should respond to your various requests by giving you the information
you're attempting to access.

Credential Reuse:-
Credential reuse occurs when someone uses the same credentials on
multiple websites. It can make life easier in the moment, but can come
back to haunt that user later on. Even though security best practices
universally recommend unique passwords for all applications and
websites, many people still reuse their passwords. This is a fact
attackers will readily exploit, thereby turning those reused passwords
into compromised credentials.
Not all cyber threats originate from external sources. Data and other
sensitive information like login credentials can leak from inside
organizations. This can occur via malicious staff activity or – more
frequently – due to an unintended action. An example of such a mistake
could be sending an email containing an unencrypted attachment to the
wrong recipient.
Cyber threats are getting more sophisticated and intense amid
increasing levels of remote work, cloud migration and advanced cyber
adversaries. Here

13
are the biggest threats to organizations according to the Secureworks
Counter Threat Unit™:
Ransomware remains the primary cyber threat to organizations with
attack numbers rebounding and exceeding historical norms, now with
a median dwell between initial access and payload delivery of just 24
hours. The top initial access vectors for ransomware include scan-and-
exploit, stolen credentials, and commodity malware delivered via
phishing emails.
Infostealer activity has seen increased use, particularly by ransomware
affiliates, and this activity is a significant precursor to ransomware
attacks. These malware types steal credentials and other sensitive
information, which are then sold on underground marketplaces.
Business email compromise is one of the most financially damaging
online crimes overall for organizations. It exceeds even ransomware in
aggregate, mainly because it is so prolific, even if individual financial
losses from BEC may be lower than individual losses from
ransomware.
Drive-by Downloads have become increasingly popular to deliver
malware and as an initial access vector for malware. Two major strains
of malware delivered this way are Gootloader and SocGholish, often
via compromised websites.
Supply chain attacks have been leveraged by various threat actors,
including North Korean state-sponsored groups and ransomware
operators, to gain access to the suppliers’ customers for maximize
impact with minimal effort.
State-sponsored threat activity continues to be driven by political
imperatives, with Russia focusing on Ukraine, North Korea on
currency theft, Iran on opposition suppression, and China on
cyberespionage.
When identifying a cyber threat, it’s important to know the adversary
and understand the tactics, techniques, and procedures (TTPs)
associated with them. The TTPs of threat groups are constantly
14
evolving to avoid detection, but the sources of cyber threats remain the
same. There is always a human element; someone who falls for a clever
trick. But more importantly, there is also always a motive.
Understanding attacker TTPs helps identify the motive behind a cyber
threat and act to prevent the likely next steps. The Secureworks CTU™
actively tracks threat groups and their TTPs, making those insights
available to customers and using it to rapidly create countermeasures
to combat the latest threats.

Criminal Groups:- Use cyber threats to steal money and information,
through phishing, social engineering, malicious software or other
means
Hackers:- Individuals, groups or organizations who compromise data
for malicious intent
Hacktivists:- Use cyberattacks to express social, environmental, or
political agendas, often targeting corporations, governments, and
other high-profile entities
Insider Threats:- People who work within an organization who may
intentionally or inadvertently compromise cybersecurity
Corporate Spies:- Business rivals who may employ tactics to steal
information or disrupt services
Nation States:- Governments that use cyber threats to spy on other
nations or disrupt their activities
Terrorist Groups:- Use cyber threats to steal information, disrupt
governmental operations or spread fear
Data Brokers:- Collect and sell user information without explicit
consent and often through underground marketplaces
While many types of cyber attacks are possible, typical adversary
attack techniques and tactics can be grouped within a matrix that
includes the following categories:

15
Initial access includes techniques used to attain a foothold within a
network, like targeted spear phishing, configuration weaknesses in
public-facing systems, or exploiting vulnerabilities.
Command and control involve techniques leveraged by attackers to
communicate with a system under their control. For example, an
attacker communicating with a system over high-numbered or
uncommon ports to evade detection by proxies/security appliances.
Collection includes tactics used by adversaries to gather and
consolidate the information they were targeting as a part of their goals.
Persistence includes techniques that enable an adversary to maintain
access to the target system, even following credential changes and
reboots. For example, an attacker creating a scheduled task that runs
their code on reboot or at a specific time.
Defense evasion includes techniques used by attackers to avoid
detection. These include hiding malicious code within trusted folders
and processes, disabling the security software, or obfuscating
adversary code.
Execution involves techniques deployed to run code on a target system.
For instance, an attacker running a PowerShell script to download
additional attacker tools or scan other systems.
Discovery includes techniques used by attackers to gain information
about networks and systems that they are looking to use for their
tactical advantage.
Credential access includes techniques deployed on networks and
systems to steal usernames and credentials for reuse.
Impact includes techniques leveraged by attackers to impact the
availability of data, systems, and networks. It includes denial of service
attacks, data or disk wiping software.
Lateral movement involves tactics to enable attackers to move from one
system to another within a network. Some common techniques include

16
abuse of remote desktop protocol or pass-the-hash methods of
authenticating users.
Exfiltration includes tactics utilized to move data from a compromised
network to a system or network that’s under the attacker’s complete
control.
Privilege escalation involves techniques utilized by adversaries to gain
high-level privileges on a system like a root or local admin.

How to Prevent Cyberattacks:-
We could cover thousands of tactics and tips for preventing
cyberattacks at scale, but let's zoom in and take a look at some key
examples:

Phishing Awareness Training:-
Educate employees on why phishing is harmful and empower them to
detect and report phishing attempts. This type of training includes
emailing simulated phishing campaigns to employees, monitoring
results, reinforcing training, and improving on simulation results.
Ongoing security awareness training for staff is also vital, so they know
how to spot the most recent versions of suspicious emails, messages, or
websites.

Encrypt Data:-
All data at rest on servers or devices and in transit over the network
should be encrypted. If an attacker does get access to data or intercepts
it, strong encryption should render it unreadable.

17
Compromised Credentials Detection:-
Leverage user and entity behavior analytics (UBA) to create a baseline
for normal activity on your network. Then, monitor how administrator
and service accounts are being used, which users are inappropriately
sharing credentials, and whether an attacker is already expanding
from initial network compromise to move around and infiltrate other
systems.

Use Multi-Factor Authentication:-
Implementing multi-factor authentication (MFA) for all systems is a
crucial best practice. Requiring an additional piece of information in
combination with a username and password protects systems if login
details are exposed to cybercriminals. Additional tokens, specific
device requirements, and biometrics are all examples of MFA that can
be leveraged when logging into IT systems.

Ransomware Prevention:-
Create a three-point plan to prevent ransomware attacks. This includes
minimizing an attack surface, mitigating potential impact once
exposure has been detected, and debriefing to pinpoint existing plan
gaps. From there, teams can rebuild systems, quarantine endpoints,
change credentials, and lock compromised accounts.

Use Endpoint Protection:-
End-users are frequent targets for cybercriminals, both on their
devices and via social-engineering attacks. All end-user devices should
have endpoint security protection software deployed. This should
integrate with a wider security information and event management
(SIEM) tool that allows for organization-wide monitoring and analyses
of threats.

18
XSS Attack Prevention:-
Institute a filtering policy through which external data will pass. This
will help to catch malicious scripts before they can become a problem.
This leads into creating a wider content security policy that can
leverage a list of trusted sources that are able to access your web
applications.

Threat Intelligence Program:-
Create a central hub that feeds all security-organization functions with
knowledge and data on the highest-priority threats. Organizations rely
heavily on automation to help scale a threat intelligence program by
continuously feeding data into security devices and processes, without
the need for human intervention.

Implement Network Deception Technologies:-
Deception technologies implement onto a network “dummy”
applications, databases, and other IT systems. Any cyberattackers who
breach the external firewalls will be tricked into thinking they have
access to internal systems. In reality, the dummy systems are intended
as honeypots to allow security teams to monitor the attacker's activities
and gather data without exposing the production systems.

Mobile Device Management Solution:-
A lot of business activity now happens on laptops, smartphones, and
tablets. Plus, many people use laptops for their work. The mobile
nature of all these devices means they are at high risk for being lost
and/or stolen. All mobile devices (including laptops) should be enrolled
and managed in a mobile device management (MDM) solution. If a

19
device is lost or stolen, it can be quickly wiped so that unauthorized
users cannot access any data.

IT Act:-
The Information Technology Act, 2000 also Known as an IT Act is an
act proposed by the Indian Parliament reported on 17th October 2000.
This Information Technology Act is based on the United Nations Model
law on Electronic Commerce 1996 (UNCITRAL Model) which was
suggested by the General Assembly of United Nations by a resolution
dated on 30th January, 1997. It is the most important law in India
dealing with Cybercrime and E-Commerce.

The main objective of this act is to carry lawful and trustworthy
electronic, digital and online transactions and alleviate or reduce
cybercrimes. The IT Act has 13 chapters and 94 sections. The last four
sections that starts from ‘section 91 – section 94’, deals with the
revisions to the Indian Penal Code 1860.

The IT Act, 2000 has two schedules:

First Schedule –
Deals with documents to which the Act shall not apply.
Second Schedule –
Deals with electronic signature or electronic authentication method.
The offences and the punishments in IT Act 2000 :
The offences and the punishments that falls under the IT Act, 2000 are
as follows :-

20
Tampering with the computer source documents.
Directions of Controller to a subscriber to extend facilities to decrypt
information.
Publishing of information which is obscene in electronic form.
Penalty for breach of confidentiality and privacy.
Hacking for malicious purposes.
Penalty for publishing Digital Signature Certificate false in certain
particulars.
Penalty for misrepresentation.
Confiscation.
Power to investigate offences.
Protected System.
Penalties for confiscation not to interfere with other punishments.
Act to apply for offence or contravention committed outside India.
Publication for fraud purposes.
Power of Controller to give directions.
Sections and Punishments under Information Technology Act, 2000 are
as follows :
Section Punishment
Section 43 This section of IT Act, 2000 states
that any act of destroying,
altering or stealing computer
system/network or deleting data
with malicious intentions without
authorization from owner of the
computer is liable for the
payment to be made to owner as
compensation for damages.

21
Section 43A This section of IT Act, 2000 states
that any corporate body dealing
with sensitive information that
fails to implement reasonable
security practices causing loss of
other person will also liable as
convict for compensation to the
affected party.
Section 66 Hacking of a Computer System
with malicious intentions like
fraud will be punished with 3
years imprisonment or the fine of
Rs.5,00,000 or both.
Section 66 B,C,D Fraud or dishonesty using or
transmitting information or
identity theft is punishable with 3
years imprisonment or Rs.
1,00,000 fine or both.
Section 66 E This Section is for Violation of
privacy by transmitting image of
private area is punishable with 3
years imprisonment or 2,00,000
fine or both.
Section 66F This Section is on Cyber
Terrorism affecting unity,
integrity, security, sovereignty of
India through digital medium is
liable for life imprisonment.
Section 67 This section states publishing
obscene information or
pornography or transmission of
obscene content in public is liable
for imprisonment up to 5 years or
fine of Rs. 10,00,000 or both.

22