EE6102: Cyber Security and Blockchain Technology PDF

EE6102: CYBER SECURITY AND BLOCKCHAIN TECHNOLOGY DR M Y Siyal EE6102 P1-1 COURSE OBJECTIVES  The industry 4.0/5.0 offers massive benefits to society but also provides opportunities to cyber attackers.  Thus, the purpose of the first part of the course is to provide students with the basic concepts of cyber security, and the necessary skills so that they can design cyber security policies and deploy appropriate technology to protect cyber space.  Blockchain is considered second digital revolution. It allows transactions of any kind to be simultaneously anonymous and secure.  Thus, the aim of the second part of the course is to explain the basic concepts of Blockchain, its development, the potential business applications and how it can transform the world during Industry 4.0/5.0 revolution.  Due to industry 4.0/5.0 and digital transformation, currently there is huge demands for jobs in this area and this demand will continue to increase as most industries will have to adopt industry 4.0/5.0 in order to remain competitive. DR M Y Siyal EE6102 P1-2 COURSE DESIRED OUTCOMES  By the end of the course, students should be able to: 1. Identify and explain modern cyber security threats landscape. 2. Design robust cyber security policies and learn modern cyber security technologies. 3. Learn skills and strategies to implement, manage, control, and govern cyber security at corporate and national level. 4. Understand basic concepts and types of Blockchain Technology. 5. Appreciate and learn possible applications of Blockchain Technology in several industries with use cases and case studies. DR M Y Siyal EE6102 P1-3 COURSE ASSESSMENT  The Course Assessment is done by: 1. CONTINUOUS ASSESSMENT (CA) = 50% a) Individual Quiz : 15 MCQ 30% (Tentatively, Friday, 1 November 2024, during the class) b) Individual Assignment 20% (Due on 3 November 2024. Details will be provided later) 2. FINAL EXAM = 50% Friday, 22 November 2024@ 2:30 pm , 4 Questions DR M Y Siyal EE6102 P1-4 BOOKS TEXT Stallings William, Cryptography and Network Security: Principles and Practice, 8th Edition, Pearson/Prentice- Hall, 2020. REFERENCES 1. Sudeep Tanwar, Blockchain Technology: From Theory to Practice, Springer, 2022. 2. Ralph Moseley Advanced Cybersecurity Technologies, CRS Press, December 2021 DR M Y Siyal EE6102 P1-5 COURSE OUTLINES  Introduction to Cyber Security  Cyber Security Threat Landscape  Industry 4.0/5.0 and Cyber Security  Cyber Security Education, Awareness and Compliance  Cyber Security Planning and Policies  Cyber Security Risk Assessments and Biometric-based Security approaches  Public key Infrastructure (PKI), Symmetric and Asymmetric cryptography algorithms, Digital signature and Digital certificates  Web Security (SSL, TLS and SET) and role of firewalls and Intrusion Detection in cyber security  Online Payment, Digital cash and digital wallets DR M Y Siyal EE6102 P1-6 COURSE OUTLINES  Basics of Blockchain technology  Types of blockchain Technology  Blockchain Technology Development  Cryptocurrencies Bitcoin Ethereum Ripple  DeFi (decentralized finance) Stablecoins (DAI) Non-fungible tokens (NFT)  Blockchain Technology Applications for Industry 4.0/5.0  Use cases and real-world case studies DR M Y Siyal EE6102 P1-7 INTRODUCTION TO CYBER-SECURITY Confidentiality, integrity and availability, (known as CIA triad), are considered the three most important concepts within cyber security. Confidentiality means to Integrity means data prevent the unauthorized must not be changed by access/sharing of data. unauthorized people.  Availability means information should be consistently and readily accessible for authorized parties.  This involves properly maintaining hardware, software, technical infrastructure and systems that hold and display the information. DR M Y Siyal EE6102 P1-8 CNSS CYBER–SECURITY MODEL The McCumber Cube DR M Y Siyal EE6102 P1-9 CYBER-SECURITY  SECURITY State of freedom from a danger or risk  CYBER-SECURITY Tasks of guarding information that is in a digital format Ensures that protective measures are properly implemented Protect information that has value to people and organizations Value comes from the characteristics of the information  Security is achieved through a combination of three entities Products People Procedures DR M Y Siyal EE6102 P1-10 CYBER-SECURITY  A successful organization should have multiple layers of security in place:  Physical security (Products)  Personal security (People)  Organisation security (Procedure)  Communications security  Network security  Cyber security (CIA) Layer Description Products Physical security around the devices, data centers, etc.. May be as basic as door locks or as complicated as special hardware or software. People Those who implement and properly use security products to protect data. Procedures Plans and policies established by an organization to ensure that people correctly use the products. DR M Y Siyal EE6102 P1-11 WHY CYBER-SECURITY?  Policies, Practices, and Technology that must be in place for an organization to transact business electronically via networks with a reasonable assurance of safety.  ASSETS AT RISK  Data assets  Knowledge assets  Software assets  Physical assets  Monetary or financial assets  Employee assets  Customer and partner assets  Goodwill DR M Y Siyal EE6102 P1-12 CYBER–SECURITY TERMINOLOGIES  AUTHENTICATION  Assurance that communicating entity is the one claimed.  ACCESS CONTROL  Prevention of the unauthorized use of a resource.  DATA CONFIDENTIALITY  Protection of data from unauthorized disclosure.  DATA INTEGRITY  Assurance that data received is as sent by an authorized entity.  NON-REPUDIATION  Protection against denial by one of the parties in a communication.  AVAILABILITY  Resource accessible/usable.  SECURITY MECHANISM  Feature designed to detect, prevent, or recover from a security attack. DR M Y Siyal EE6102 P1-13 CYBER SECURITY THREAT LANDSCAPE DR M Y Siyal EE6102 P1-14 SAMPLE OF CYBER SECURITY INCIDENTS/ATTACKS DR M Y Siyal EE6102 P1-15 2015 CYBER ATTACKS  Perhaps 2015's most high-profile hack was on Ashley Madison, the adultery website that promised its members discrete affairs had emails and physical addresses for 37 million users compromised.  An unknown group infiltrated hundreds of banks in multiple countries, swiping about $1 billion.  A breach of children's toy manufacturer VTech resulted in the release of records on 4.8 million parents and more than 6.8 million kids.  Car Hack  Security researcher Nils Rodday showed how he can remotely Hijack a $35K Police Drone a Mile Away.  Losses due to card fraud and cyber attacks leaped by 26%  Cybercrime costs the global economy up to US$575 billion annually according to Merrill Lynch Global Research report.  According to Norton 2015 report, more than one-third (36%) of people have shared their password for online banking account through social media. DR M Y Siyal EE6102 P1-16 2016 CYBER ATTACKS  Bangladesh's central bank lost $80M and could have lost $1B if hackers didn’t make mistake in spelling “Foundation” as “Fandation”.  The Panama Papers leak is 1,500 times the size of Wikileaks’ and will require 2,600 pickup trucks to carry it.  Swiss military hit by series of cyber attacks  The Swiss defense department was the victim of a cyber attack in January, Switzerland’s defense minister has confirmed (04 May 2016, http://www.thelocal.ch/).  Anonymous Attacks Greek Central Bank, Says 30-Day Global Hack to Follow (4 May, http://www.nbcnews.com/)  272.3 million stolen accounts details were being traded in Russia. They include details of Google, Yahoo Microsoft and Mail.ru email users (5/5 Daily Mail UK).  Singapore appears "nine times more vulnerable to cyberattacks" compared to other Asian economies (Channel News Asia, 23 February 2016). DR M Y Siyal EE6102 P1-17 2016 CYBER ATTACKS  In September, 500 million YAHOO customers may have had data stolen.  In October, cybercriminals launched major DDoS attacks, disrupting a host of websites, including the likes of Twitter, Netflix, PayPal, Pinterest and the PlayStation Network etc.  December 14th and 15th, YAHOO announced that this time around, up to one billion (3 billions) user accounts were thought to have been compromised.  Philippine Voter data leak (70 m voter’s data, 340 GB leaked online).  Russian interference in US elections.  Mark Zuckerberg hack (used password “dadada”). DR M Y Siyal EE6102 P1-18 2017 CYBER ATTACKS  The “Ransomware” attacks of 2017, affected over 300,000 devices in 150 countries resulting in estimated cost of over $5 billions.  Equifax: Cybercriminals penetrated Equifax, one of the largest credit bureaus, in July and stole the personal data of 145 million people.  Uber’s CEO revealed on Nov. 21, 2017, that they failed to disclose a massive data breach affecting 57 million Uber drivers and users last year.  Hackers breached 12 power plants in USA, cable networks and “Game of Thrones’ show.  In 2017, 6.5% of people were victims of identity fraud — resulting defrauding people of about $16 billions. Source: thebestvpn.com/cyber-security-statistics-2018 DR M Y Siyal EE6102 P1-19 2018 CYBER ATTACKS  Under Armour: Hackers breached Under Armour’s “MyFitnessPal” APP in February 2018, compromising usernames, email addresses, and passwords from the app's roughly 150 million users.  Facebook: March 2018, 87 million records breached.  Saks Fifth Avenue and Lord & Taylor: April 2018, 5 million stolen credit and debit cards were put up for sale.  PumpUp: 6 million sensitive customer records are breached.  Sacramento Bee: June 2018, daily newspaper has 19.5 million customer records breached.  Ticketfly: June 2018, 27 million records breached.  My Heritage: June 2018, 92 million records breached.  Sing Health: July 2018, 1.5 million records compromised.  Marriott Hotel: In November 2018, Starwood Hotels confirmed that up to 500 million hotel guests’ information had been stolen in a data breach. DR M Y Siyal EE6102 P1-20 2019 CYBER ATTACKS  January 2019: Confidential information belonging to 14,200 people diagnosed with HIV was stolen and leaked online in Singapore.  February 2019: 620 million accounts stolen from 16 hacked websites were put for sale on dark web.  March 29, 2019: Toyota's Second Data Breach affected 3.1 million people.  March 2019: More than a million Israeli websites hit with ransomware.  March 2019: Email marketing company leaves its mailing list on a publicly accessible MongoDB database (809 million).  March 2019: Singapore blood donors’ personal information was improperly put online by a Health Sciences Authority (HSA) vendor for 2 months.  April 2019: Criminal accesses personal data of faculty staff and students at Georgia Tech (1.3 million).  April 2019: Indian government leaves healthcare database exposed on web (12.5 million).  April 2019: Facebook third-party apps expose users’ personal data (540 million). DR M Y Siyal EE6102 P1-21 2019 CYBER ATTACKS  May 2019: American Medical Collection Agency (AMCA) reported that 25 million of its B2B client’s record were compromised.  May 2019: First American real estate insurance company had 885 million records (mortgage documents, Tax information, Social Security numbers etc.) compromised. DR M Y Siyal EE6102 P1-22 2019 CYBER ATTACKS  June 2019:A hacker used a tiny Raspberry Pi computer ($30) to infiltrate NASA's Jet Propulsion Laboratory network, stealing sensitive data and forcing the temporary disconnection of space- flight systems (23 files amounting to approximately 500 megabytes of data). CNA, 25 June 2019  The Florida municipalities paid $1.1 m for two ransomware attacks in the last two weeks. The town's insurer was contacted by the hackers and negotiated ransom payment in bitcoins. Officials felt that paying the ransom was the most efficient way of regaining computer access. BBC News, 26 June 2019.  How a ransomware attack cost one firm £45m DR M Y Siyal EE6102 P1-23 2020 CYBER ATTACKS  APRIL 2020:WHO reports fivefold increase in cyber attacks, urges vigilance.  April 2020:German government lost tens of millions of euros in COVID-19 phishing attack.  May 2020: Over 8 billion real-time Internet records of users of Thailand’s largest cell network, Advanced Info Service (AIS), were leaked due to a misconfigured Elasticsearch database.  June 2020: 230k+ Indonesian COVID-19 patients’ records(sensitive personal details such as name, address, present address, telephone number, citizenship, diagnosis date, result, result date, and more) for sale in the Dark web.  June 2020: BlueKai left exposed an unsecured database containing billions of records like names, home addresses, email addresses, and users’ sensitive web browsing activity.  July 2020: Personal data of thousands of users from the UK, Australia, South Africa, the US, Singapore exposed in bitcoin scam. DR M Y Siyal EE6102 P1-24 2021 CYBER ATTACKS  April 2021: A cyber criminal poisoned the water supply in Florida and managed by increasing the amount of sodium hydroxide to a dangerous level.  May 2021: Acer suffered a ransomware attack and was asked to pay a ransom of $50 million, which made the record of the largest known ransom to date.  May 2021:COLONIAL. the largest oil and gas pipelines in the USA was shut down after cyber-attack.  May 2021: JBS FOODS, one of the biggest meat processing companies in the world was attacked using ransomware and they paid $11 millions.  May 2021. A cyberattack on South Korea's state-run Korea Atomic Energy Research Institute (KAERI) shut it for few days.  May 2021: Norwegian energy technology company was the victim of a ransomware attack, which resulted in the shutdown of water affecting 85% of the Norwegian population.  The amount lost in USA to cyber crime went up from $4.2 billion in 2020 to $6.9 billion in 2021. DR M Y Siyal EE6102 P1-25 2022 CYBER ATTACKS  Crypto.com: The attack took place on January 17th and targeted nearly 500 people’s cryptocurrency wallets (stole $18 million of Bitcoin and $15 million of Ethereum).  German Gas Stations: In February, a Ransomware attack disrupted IT services and forced the closure of 200 gas stations across Germany.  Twitter: In July 2022, Twitter confirmed data from 5.4 million accounts was stolen.  Optus: September 22, 2022, personal and medical data for 11 million people accessed in Optus (Australian telecom company) data breach.  Medibank: On October 13, 2022, Australian healthcare confirmed 9.7 million peoples’ information stolen in Medibank data leak.  WhatsApp: On November 16, 2022, hacker attempted to sell data of 500 million WhatsApp users on dark web.  Ronin’s Axie Infinity mobile game: Hacker stole $600 million of cryptocurrencies.  North Korea: Lazarus Group stole $540m Ethereum and USDC stablecoin from the popular Ronin blockchain ‘bridge’. DR M Y Siyal EE6102 P1-26 2022 CYBER ATTACKS  Uber Hacked by teenager: Uber (USA) had its internal systems completely compromised by teenager in September 2022.  MI-5 Website: Hackers take over MI5 website on 22 October 2022.  Thomson Reuters Leaks 3TB of Data through Misconfigured Servers.  The marketplace “BidenCash” offered 1,221,551 stolen credit cards for free.  The finance ministry of the Costa Rican government was overtaken by hackers who demanded US$10 million to return access back to the government.  Online marketplace Carousell (Singapore) breached by cyber criminals (1.95 million records compromised).  Neopets (69 million), Shanghai COVID app (48.5 million), Pegasus Airlines (23 million), Malaysian National Registration Department (22.5 million).  AcidRain malware attack wracked Ukraine since its war with Russia began by turning off tens of thousands of modems.  A ransomware gang attacked Florida International University and stole 1.2 terabytes of sensitive data, including social security numbers, accounting documents and email databases. DR M Y Siyal EE6102 P1-27 2023 CYBER ATTACKS  February 2, 2023: Surgeries were rescheduled, patients were re-directed, and IT systems were shut down for weeks in Tallahassee Memorial, a 772- bed hospital which has special care units in 21 counties across North Florida, USA.  February 14, 2023: Cloudflare thwarted the largest known DDoS attack peaking at 71 million requests per second. The attack was mounted against gaming platforms, cryptocurrency companies, and hosting providers, among others, that use Cloudflare to protect their websites.  March 24, 2023: NCB Management breach affected former Bank of America credit card holders (494,969).  April 2023: Shields Health Care Group (UK) announced security breach due to cyber attack, where 2,380,483 patients' data was compromised.  According to “UK IT governance report”, number of breached records in May 2023 was 451,724,931 and biggest data breach of 2023 so far: was Twitter /x(220 million breached records). DR M Y Siyal EE6102 P1-28 2023 CYBER ATTACKS  Ransomware gang Dunghill stole 1.3 terabytes of data from Sabre. Data included corporate financial information, passenger turnover and ticket sales data and personal employee information.  Ransomware gang BianLian stole 6.8TB from nonprofit “Save The Children” International, which is the world's leading “nonprofit”, organization that makes US$2.8 billion in revenue and it operates in 116 countries.  Hong Kong-based cryptocurrency exchange platform, CoinEx, saw the loss of US$70 million in cryptocurrency following a cyber attack launched against it on September 12, 2023.  MGM Resorts International experienced a significant cyberattack that disrupted its operations, and cost MGM an estimated $80 million in revenue over five days.  According to IBM, the global average cost of a data breach in 2023 was USD 4.45 million, a 15% increase over 3 years. DR M Y Siyal EE6102 P1-29 2024 CYBER ATTACKS itgovernance.co.uk DR DR M MYY Siyal Siyal EE6102 P1-30 P1-30 2024 CYBER ATTACKS itgovernance.co.uk DR DR M MYY Siyal Siyal EE6102 P1-31 P1-31 CYBER ECONOMY  The 2020 cybercrime economy was worth at least $1.2 trillion, according to economists. That makes it the 15th largest economy in the world, by IMF estimates.  According to cybercrime magazine, cybercrime was $6 trillion USD globally in 2021, which makes it the world’s third-largest economy after the U.S. and China.  According to “Getastra”, $8 trillion will be lost to cyber crimes by the end of 2024, which will make it the world’s second largest economy after USA.  According most reports, cyber crime is expected that to grow at 15% annually and will hit $10.5 trillion USD annually by 2025, which will make it the largest economy in the world, ahead of USA and China.  Cloud security is the fastest-growing segment in cyber space, with growth of nearly 27% from 2022 to 2023.  With deepfake pictures, videos and audio, it is helping cybercriminals to significantly increase success rate of cyber attacks. DR DR M MYY Siyal Siyal EE6102 P1-32 P1-32 CYBER SECURITY ATTACKS AND ATTACKERS DR M Y Siyal EE6102 P1-33 FACTORS AIDING CYBER ATTACKS  Internet has THREE CHARACTERISTICS that aid cyber-Attacks 1. AUTOMATION Speed of computers and networks makes attacks possible to easily launch cyber attacks. Using Data mining/AI, it is easy to find the target victim. 2. ACTION AT A DISTANCE Attackers can be far away from their target and still do damage. Interstate/International differences in laws can affect prosecution. 3. ELECTRONIC TECHNIQUES EASILY TRANSFERABLE/DUPLICATED Counterfeiting e-money. Attack tools can be created by single person. Easily modified per situation. DR M Y Siyal EE6102 P1-34 DIFFERENT TYPES OF CYBER ATTACKS  When there is an unauthorized system/network access by a third party, we term it as a cyber attack.  The person who carries out a cyberattack is termed as a hacker/attacker.  There are many varieties of cyber attacks that happen in the world today.  If we know the various types of cyberattacks, it becomes easier for us to protect our networks and systems against them. Malware Denial of Service Attack Attack Social Engineering SQL Injection Attack Attack Man in the Middle Password Attack Attack DR M Y Siyal EE6102 P1-35 MALWARE ATTACK  This is one of the most common types of cyberattacks.  “Malware” refers to malicious software including viruses, worms, spyware, ransomware, adware, Rootkits, and trojans.  Virus is malicious program that replicates itself and infects computers, however it needs a host to travel, while worm doesn’t require a host.  Logic bomb behaves like a virus, performs malicious act, when certain conditions are met (April fool’s day, 4th of July, X-mas, etc.). DR M Y Siyal EE6102 P1-36 MALWARE ATTACK  Botnet is a network of computer zombies (bots controlled by a master). It can be used to launch denial of service (DOS) attacks, which can cripple a server or network by sending out excessive traffic. It also can be used to crack password in addition to launch many types of other attacks.  The trojan disguises itself as legitimate software, however it is a malicious software that might install adware, keylogger or open a backdoor.  Ransomware blocks access to the network's key components until you pay (normally using Bitcoin), and in some cases you may not be granted access even after the payment.  Spyware is software that steals all your confidential data without your knowledge.  Adware is software that displays advertising content such as banners on a user's screen.  Rootkit is a set of programs that allows someone to gain control over systems and hides the fact that the computer has been compromised. Very difficult to detect as it masks behaviors of other malwares. DR M Y Siyal EE6102 P1-37 BOTNET  Botnet refer to the network of computers that are installed with malicious codes.  Hackers use Botnet to launch various attacks and send spam messages without being traced (not easy to trace it). DR M Y Siyal EE6102 P1-38 MALWARE ATTACK  Malware gets into a system when the user clicks on suspicious links or downloads attachments or uses an infected drive, it then obtains all the information from the client's system. User opens links or uses a corrupted thumb drive User User’s system gets corrupted  How to prevent a malware attack  Use antivirus software. It can protect your computer against malware.  Use firewalls. Windows and Mac OS have  their default built-in firewalls, named Windows  Firewall and Mac Firewall.  Avoid clicking on suspicious links.  Update your OS and browsers, regularly. DR M Y Siyal EE6102 P1-39 MALWARE ATTACKS ON BANKS DR M Y Siyal EE6102 P1-40 NUMBER OF NEW RANSOMWARE MODIFICATIONS nine new ransomware families and 11,387 new modifications DR M Y Siyal EE6102 P1-41 NUMBER OF USERS ATTACKED BY RANSOMWARE DR M Y Siyal EE6102 P1-42 SOCIAL ENGINEERING ATTACK  It is the art of manipulating people so that they end up giving their confidential information.  Phishing attacks are one of the most prominent widespread types of social engineering cyberattacks, wherein an attacker impersonates to be a trusted contact and sends the victim fake mails.  Unaware of this, the victim opens the mail and clicks on the malicious link or opens the mail's attachment.  By doing so, attackers gain access to confidential information and account credentials. They can also install malware through a phishing attack. User opens the mail with the attachments and unknowingly downloads the virus Phishing Attack User’s system gets effected DR M Y Siyal EE6102 P1-43 TYPES OF PHISHING ATTACKS  Phishing attacks have been around since the early days of the internet. Cybercriminals propagated the first phishing attacks in the mid-1990s, using the America Online (AOL) service to steal passwords and credit card information.  While modern attacks use similar social engineering models, cybercriminals use more evolved tactics.  At its core, phishing is an attack methodology that uses social engineering tactics to make a person take an action that is against their best interests. Phishing Attack Spear Phishing Attack Whaling Phishing Attack DR M Y Siyal EE6102 P1-44 SPEAR PHISHING ATTACK  Although spear phishing uses email, it takes a more targeted approach. Cybercriminals targets a specific individual or a group of people.  SlashNext analyzed billions of link-based URLs, attachments and natural language messages in email, mobile and browser channels over six months in 2022 and found more than 255 million spear phishing attacks; a 61% increase in the rate of spear phishing attacks compared to 2021. Spear Phishing Attack Hacker identifies Hacker then send a Unaware of this, Now, hacker steals a victim targeted legitimized the victim opens data from the looking email the email which victim’s computer has malware DR M Y Siyal EE6102 P1-45 WHALING PHISHING ATTACK  A whaling attack is an advanced form of phishing that is precisely engineered to target the most critical individuals in companies, such as senior executives, high-ranking managers, and employees with high-level access.  When approached by their managers or senior executives, junior staff are less likely to be doubtful or ask questions. Attackers exploit this social vulnerability to their advantage.  Attackers themselves often pretend to be senior executives in emails to colleagues asking for personal or company information. Whaling Phishing Attack DR M Y Siyal EE6102 P1-46 PHISHING ATTACK  In late 2015 FACC, an. aerospace company specializing in aircraft components and systems, lost $47 million after a successful ‘whaling’ attack. In this case, the hackers impersonated the CEO of FACC to get an employee to send money.  Smishing: Cyber criminals send text messages posing as a company or charity. These messages work much the same way as email phishing.  Vishing: Cyber criminals call their targets and attempt to get them to give information, such as account credentials or credit card details, over the phone.  Angler phishing: Cyber criminals use social media to get information, to get targets to visit a fake website or download malware.  A 3.4 billion phishing emails are sent daily, and the annual number goes way beyond one trillion.  1.5 million new phishing websites are made monthly. (Swiss Cyber Institute)  Up to 90% of cyber-attacks are phishing attacks according to CISCO’s 2021 Cybersecurity Threat Trends report. Out of those, 65% is spear phishing, which is the most common type of attack. DR M Y Siyal EE6102 P1-47 PHISHING ATTACK DR M Y Siyal EE6102 P1-48 September was the second most active month for phishing (172.6 million emails), followed by July (113.4 million emails) DR M Y Siyal EE6102 P1-49 HOW TO PREVENT PHISHING ATTACKS  Phishing attacks can be prevented by following the below-mentioned steps:  Scrutinize the emails you receive. Most phishing emails have significant errors like spelling mistakes and format changes from that of legitimate sources.  Make use of an anti-phishing toolbar.  Update your passwords regularly.  Conduct regular employee training.  Stay up-to-date with security patches and updates. DR M Y Siyal EE6102 P1-50 PASSWORD ATTACK  It is a form of attack wherein a hacker cracks your password with various programs and password cracking tools like Aircrack, Cain, Abel, John the Ripper, Hashcat, etc., for illegal use.  According to Microsoft report of 2022, there are an estimated 921 password attacks every second globally, which is 74% increase in just one year.  According to “Digital Defence Report 2022”,from July 2021 to June 2022, it blocked 34.7 billion password attack and 37 billion email threats. Use every Trial and error Keylogger Attackers Attacker use password that method used records all the observe user’s hash tables is possible to decode the hits on the keyboard by to find the through the password or keyboard looking over the password of dictionary data user’s shoulder the user DR M Y Siyal EE6102 P1-51 DR M Y Siyal EE6102 P1-52 HOW LONG DOES IT TAKE TO CRACK A PASSWORD?  Password choices = 95 printable ASCII characters  Length of the password = 10 characters in length  Password cracker rate = 6.4 millions operations per second (6.4 6 x10 )  How long will it take to test all possible passwords? 10 19  Thus, there are 95  6 x 10 possible passwords.  The time required = Possible Passwords/cracker rate 6  1019passwords 12 6  9.4  10 seconds 6.4 10 passwords / second = 300, 000 years Thus, it will take 300,000 years to crack the password. DR M Y Siyal EE6102 P1-53 HOW LONG DOES IT TAKE TO CRACK A PASSWORD?  Choices of passwords = 102 characters  Length of passwords = 16 characters  Password cracker rate = 400 million operations/second 6  = 400 x10 operations/second 16 32  Thus, there are 102  1.37x10 possible passwords  The time required is = Possible Passwords/cracker rate  Substituting the values, we have: 32 6  1.37x10 possible passwords/400 x10 operations/second 21   342x10 seconds 21 14  342x10 /60x60x24x365  108x10 years. 14  Thus, it will take 108x10 years to test all possible passwords. DR M Y Siyal EE6102 P1-54 HOW TO PREVENT PASSWORD ATTACKS  Listed below are a few ways to prevent password attacks:  Use strong alphanumeric passwords with special characters  Refrain from using the same password for multiple websites or accounts.  Update your passwords (advisable to changed it every 90 days); this will limit your exposure to a password attack.  Do not have any password hints in the open. DR M Y Siyal EE6102 P1-55 MAN-IN-THE-MIDDLE ATTACK  In the Man-in-the-Middle Attack (MITM) (also known as an eavesdropping attack), an attacker comes in between a two-party communication, i.e., the attacker hijacks the session between a client and host.  As seen below, the client-server communication has been cut off, and instead, the communication line goes through the hacker. X  MITM attacks can be prevented by following the below-mentioned steps:  Be mindful of the security of the website.  Use encryption on your devices.  Refrain from using public Wi-Fi networks. DR M Y Siyal EE6102 P1-56 SQL INJECTION ATTACK  A Structured Query Language (SQL) injection attack occurs on a database- driven website when the hacker manipulates a standard SQL query.  It is carried by injecting a malicious code into a vulnerable website search box, thereby making the server reveal crucial information.  This results in the attacker being able to view, edit, and delete tables in the databases. Attackers can also get administrative rights through this attack.  To prevent a SQL injection attack:  Use an Intrusion detection system, as they are designed to detect unauthorized access to a network.  Carry out a validation of the user-supplied data. With a validation process, it keeps the user input in check. DR M Y Siyal EE6102 P1-57 DENIAL-OF-SERVICE ATTACK  A Denial-of-Service (DoS) Attack is a significant threat to companies. Here, attackers target systems, servers, or networks and flood them with traffic to exhaust their resources and bandwidth or crashes their system.  When this happens, catering to the genuine incoming requests becomes overwhelming for the servers, resulting in the website it hosts either shut down or slow down. This leaves the legitimate service requests unattended.  It is also known as a DDoS (Distributed Denial-of-Service) attack when attackers use multiple compromised systems to launch this attack.  Types of DDoS attack  DDoS attacks can be categorized into mainly three categories  Volume Based Attacks  Protocol Attacks  Application Layer Attacks  Volume bases Attacks: Work on saturating the target network's bandwidth with heavy volumes of traffic.  Ping (ICMP) flood and UDP floods are two popular examples of this attack. DR M Y Siyal EE6102 P1-58 SIMPLE DOS ATTACK DR M Y Siyal EE6102 P1-59 DISTRIBUTED DOS (DDOS) ATTACK DR M Y Siyal EE6102 P1-60 CLASSIC DOS ATTACK (PING ATTACK)  The simplest classical denial of service attack is a flooding attack on an organization.  Can use simple flooding ping.  The attack might be as simple as using a flooding ping command directed at the target network.  From higher capacity link to lower  Can likely generate a higher volume of traffic than the lower capacity target connection can handle.  Causing loss of traffic  Source of flood traffic easily identified.  Since its address is used as the source address in the ICMP echo request packets.  This has two disadvantages. Firstly, since the source of the attack is identified, the attacker can be identified, and legal action taken in response.  Secondly, the targeted system will attempt to respond to the packets being sent.  For that reason, usually spoofed address is used. DR M Y Siyal EE6102 P1-61 CLASSIC DOS ATTACK (PING ATTACK)  Historically, attackers would often spoof in a bogus IP address in order to mask the sending device. With modern botnet attacks, the malicious actors rarely see the need to mask the bot’s IP, and instead rely on a large network of un- spoofed bots to saturate a target’s capacity.  A network administrator can disable a device’s ability to send and receive any requests using the ICMP, however, in that case, all network activities that involve ICMP will also be disabled and the device will not responsive to any ping requests (including genuine requests). DR M Y Siyal EE6102 P1-62 HOW MANY PACKETS ARE NEEDED?  Example 1: In a DoS attack using ICMP Echo Request (ping) packets of 500 bytes in size are sent to flood a target organization.  The numbers of packets sent by the attacker to launch a successful DoS attack will depend on speed of the link. 1. On a 1.5 Megabit per second (Mbps) link 1500000 / (500 * 8) = 375 packets per second. 2. On a 2 Mbps link  2000000 /(500 * 8) = 500 packets per second. 3. On a 10 Mbps link  10000000 / (500 * 8) = 2500 packets per second 4. On a 100 Mbps link  100000000 / (500 * 8) = 25000 packets per second DR M Y Siyal EE6102 P1-63 HOW MANY PACKETS ARE NEEDED?  Example 2: In a DoS attack using ICMP Echo Request (ping) packets of 1000 bytes in size are sent to flood a target organization.  The numbers of packets sent by the attacker to launch a successful DoS attack will depend on speed of the link. 1. On a 1.5 Megabit per second (Mbps) link 1500000 / (1000 * 8) = 187 packets per second. 2. On a 2 Mbps link  2000000 /(1000 * 8) = 250 packets per second. 3. On a 10 Mbps link  10000000 / (1000 * 8) = 1250 packets per second 4. On a 100 Mbps link  100000000 / (1000 * 8) = 12500 packets per second DR M Y Siyal EE6102 P1-64 HOW MANY PACKETS ARE NEEDED?  Example 3: In a DoS attack using ICMP Echo Request (ping) packets of 50000 bytes in size are sent to flood a target organization.  The numbers of packets sent by the attacker to launch a successful DoS attack will depend on speed of the link. 1. On a 1.5 Megabit per second (Mbps) link 1500000 / (50000 * 8) = 3.75 packets per second. 2. On a 2 Mbps link  2000000 /(50000 * 8) = 5 packets per second. 3. On a 10 Mbps link  10000000 / (50000 * 8) = 25 packets per second 4. On a 100 Mbps link  100000000 / (50000 * 8) = 250 packets per second DR M Y Siyal EE6102 P1-65 PROTOCOL BASED DDOS ATTACK  This attack targets the networking layer of the target device.  Types of protocol attack are Ping of Death (PoD) and SYN floods DDoS.  Most devices manufactured after 1998 are generally protected against PoD.  SYN flood attacks work by exploiting the handshake process of a TCP connection.  Under normal conditions, TCP connection exhibits three distinct processes in order to make a connection. 1. First, the client sends a SYN packet to the server in order to initiate the connection. 2. The server than responds to that initial packet with a SYN/ACK packet, in order to acknowledge the communication. 3. Finally, the client returns an ACK packet to acknowledge the receipt of the packet from the server.  After completing this sequence of packet sending and receiving, the TCP connection is open and able to send and receive data. DR M Y Siyal EE6102 P1-66 SYN FLOOD ATTACK DR M Y Siyal EE6102 P1-67 SYN FLOOD ATTACK  To create denial-of-service, an attacker exploits the fact that after an initial SYN packet has been received, the server will respond back with one or more SYN/ACK packets and wait for the final step in the handshake.  Here’s how it works: 1. The attacker sends a high volume of SYN packets to the targeted server, often with spoofed IP addresses. 2. The server then responds to each one of the connection requests and leaves an open port ready to receive the response. 3. While the server waits for the final ACK packet, which never arrives, the attacker continues to send more SYN packets. 4. The arrival of each new SYN packet causes the server to temporarily maintain a new open port connection for a certain length of time, and once all the available ports have been utilized the server is unable to function normally. DR M Y Siyal EE6102 P1-68 SYN FLOOD ATTACK DR M Y Siyal EE6102 P1-69 APPLICATION LAYER DDOS ATTACK  These attacks are sophisticated and focus on crashing the web servers.  HTTP flood attack is designed to overwhelm a targeted server with HTTP requests. Once the target has been saturated with requests and is unable to respond to normal traffic, denial-of-service will occur for additional requests from actual users.  HTTP GET/Post Attack: Multiple computers or other devices are coordinated to send/request multiple requests for images, files, or some other asset from a targeted server until it capacity is saturated. DR M Y Siyal EE6102 P1-70 DNS FLOOD ATTACK  The function of the Domain Name System (DNS) is to translate between easy to remember names (e.g., example.com) and hard to remember addresses of website servers (e.g., 192.168.0.1), so successfully attacking DNS infrastructure makes the Internet unusable for most people.  A DNS flood is DDoS attack where an attacker floods a particular domain’s DNS servers to disrupt DNS resolution for that domain.  DNS flood attacks use the high bandwidth connections of IP cameras, DVR boxes and other IoT devices to directly overwhelm the DNS provider’s services. The only way to withstand these types of attacks is to use a very large and highly distributed DNS system that can monitor, absorb, and block the attack traffic in real time. DR M Y Siyal EE6102 P1-71 FAMOUS DDOS ATTACKS  The biggest DDoS attack took place in February of 2018 on GitHub, a popular online code management service used by millions of developers.  At its peak, this attack saw incoming traffic at a rate of 1.3 terabytes per second (Tbps), sending packets at a rate of 126.9 million per second.  This was a Memcached (a general-purpose distributed memory caching system) DDoS attack.  There were no botnets involved.  The attackers leveraged the amplification effect of a popular database caching system known as Memcached.  By flooding Memcached servers with spoofed requests, the attackers were able to amplify their attack by a magnitude of about 50,000x!  GitHub was using a DDoS protection service, which was automatically alerted within 10 minutes of the start of the attack.  This alert triggered the process of mitigation and GitHub was able to stop the attack quickly.  The world’s largest DDoS attack only ended up lasting about 20 minutes. DR M Y Siyal EE6102 P1-72 FAMOUS DDOS ATTACKS  The second biggest DDoS attack was directed at Dyn, a major DNS provider, in October of 2016.  This attack was devastating and created disruption for many major sites, including AirBnB, Netflix, PayPal, Visa, Amazon, The New York Times, Reddit, and GitHub.  This was done using a malware called Mirai.  Mirai creates a botnet out of compromised Internet of Things (IoT) devices such as cameras, smart TVs, radios, printers, and even baby monitors.  To create the attack traffic, these compromised devices are all programmed to send requests to a single victim.  Fortunately, Dyn was able to resolve the attack within one day, but the motive for the attack was never discovered.  Hacktivist groups claimed responsibility for the attack as a response to WikiLeaks founder Julian Assange being denied internet access in Ecuador, but there was no proof to back up this claim.  There are also suspicions that the attack was carried out by a disgruntled gamer. DR M Y Siyal EE6102 P1-73 FAMOUS DDOS ATTACKS  Another largest-ever-at-the-time attack was the 2013 attack launched on Spamhaus, an organization that helps combat spam emails and spam- related activity.  Spamhaus is responsible for the filtering as much as 80% of all spam, which makes them a popular target to people who would like to see spam emails reach their intended recipients.  The attack traffic to Spamhaus was at a rate of 300 gbps.  Since Spamhaus had signed up for Cloudflare for protection, as soon as attack began, Cloudflare’s DDoS protection mitigated the attack.  The attackers responded by going after Cloudflare in an attempt to bring it down.  This attack did not achieve its goal, it did however cause major issues for LINX, the London internet exchange.  The main culprit of the attack turned out to be a teenage hacker-for-hire in Britain who was paid to launch this DDoS attack. DR M Y Siyal EE6102 P1-74 WHERE DO YOU FILTER? In multiple In the network places? Near the core? source? Near the target? DR M Y Siyal EE6102 P1-75 HOW TO PREVENT DDOS ATTACK  Let’s now look at how to prevent a DDoS attack:  Run a traffic analysis to identify malicious traffic.  Understand the warning signs like network slowdown, intermittent website shutdowns, etc. At such times, the organization must take the necessary steps without delay.  Formulate an incident response plan, have a checklist and make sure your team and data center can handle a DDoS attack.  Outsource DDoS prevention to cloud-based service providers (Cloudflare, NETSCOUT, etc.). DR M Y Siyal EE6102 P1-76 INSIDER THREAT  As the name suggests, an insider threat does not involve a third party but an insider. In such a case; it could be an individual from within the organization who knows everything about the organization. Insider threats have the potential to cause tremendous damages.  Insider threats are rampant in small businesses, as the staff there hold access to multiple accounts with data. Reasons for this form of an attack are many, it can be greed, malice, or even carelessness. Insider threats are hard to predict and hence tricky.  To prevent the insider threat attack:  Organizations should have a good culture of security awareness.  Companies must limit the IT resources staff can have access to depending on their job roles.  Organizations must train employees  to spot insider threats. DR M Y Siyal EE6102 P1-77 DR M Y Siyal EE6102 P1-78 CRYPTO JACKING  “Cryptojacking” takes place when attackers access someone else’s computer for mining cryptocurrency.  The access is gained by infecting a website or manipulating the victim to click on a malicious link.  Victims are unaware of this as the Crypto mining code works in the background; a delay in the execution is the only sign they might witness.  How to prevent Cryptojacking  Update your software and all the security apps as cryptojacking can infect the most unprotected systems.  Have cryptojacking awareness training for the employees; this will help them detect crypotjacking threats.  Install an ad blocker as ads are a primary  source of cryptojacking scripts.  Also have extensions like MinerBlock,  which is used to identify and block  crypto mining scripts. DR M Y Siyal EE6102 P1-79 CRYPTO JACKING DR M Y Siyal EE6102 P1-80 HACKERS  A hacker is a technically skilled individual who discovers and exploits weaknesses in a computer network. Depending on a hacker’s intention, they are generally classified as:  WHITE Hat: Also known as ethical hackers, will help to remove a virus or PenTest a company.  Black Hat: These are the ones who steal money or credit card information.  Gray Hat: Exploits a security weakness in a computer system or product in order to bring the weakness to the attention of the owners.  Script Kiddies: These are hackers in training. Black Hat Hacker Scripts Kiddies Nation Sponsored White Hat Hacker Hackers Gray Hat Hacker Hacktivist DR M Y Siyal EE6102 P1-81 HACKERS DR M Y Siyal EE6102 P1-82 NEED FOR ETHICAL HACKERS 1. Ethical hackers prevent 3. Ethical hackers analyze hackers from cracking into and chance an organization network organization’s security policies. 2. System vulnerabilities are discovered by ethical hackers, which could have 4. Customer data in an been missed out organization with ethical otherwise. hackers are protected DR M Y Siyal EE6102 P1-83 WHY DO HACKERS HACK?  GOVERNMENT SPONSORED HACKING  Cyber Warfare  Cyber Terrorism  Espionage  INDUSTRIAL ESPIONAGE  Attacks on confidentiality  Public information gathering  Trade secret espionage  ELITE HACKERS  Publicize vulnerabilities  Hacking- Challenge  Financial gains  SCRIPT KIDDIES – Gain Respect  INSIDERS – Revenge DR M Y Siyal EE6102 P1-84 REASONS FOR CYBER ATTACKS DR M Y Siyal EE6102 P1-85

EE6102: Cyber Security and Blockchain Technology PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue