Cybercrime Against Organizations PDF

Document Details

ConsummateFrancium

Uploaded by ConsummateFrancium

Geetanjali Inter College

Tags

cybercrime computer security information security digital security

Summary

This document discusses various cybercrimes against organizations, emphasizing unauthorized access, password sniffing, denial-of-service attacks, backdoors, and malware. It explains how these threats work and the potential damage they can cause. It also touches on preventive measures.

Full Transcript

Cybercrime against organization Unauthorized access to computer system or network Unauthorized access is when someone gains access to a website, program, server, service, other system using someone else's account or other methods. For example, if someone kept guessing a password or username for an...

Cybercrime against organization Unauthorized access to computer system or network Unauthorized access is when someone gains access to a website, program, server, service, other system using someone else's account or other methods. For example, if someone kept guessing a password or username for an account that was not theirs until they gained access, it is considered unauthorized access. Unauthorized access could also offer if a user attempts to access an area of the system they should not be accessing. When attempting it access that area they should be denied access and possibly see an unauthorized access message. Password Sniffing Password sniffing is a type of network attack in which an attacker intercepts data packets that include passwords. The attacker then uses a password-cracking program to obtain the actual passwords from the intercepted data. Password sniffing can be used to obtain passwords for any type of account, including email, social media, and financial accounts. It is one of the most common types of attacks on both home and business networks. DOS A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks often target web servers of high-profile organizations such as banking, commerce, and media companies, or govemment and trade organizations. DoS attacks do not typically result in the theft or loss of significant information or other assets, they can cost the victim a great deal of time and money to handle. Two methods of DoS attacks are: flooding services or crashing services. Backdoors backdoor is a means of bypassing an organization's existing security systems. While a company may have various security solutions in place, there may be mechanisms in place that allow a legitimate user or attacker to evade them. If an attacker can identify and access these backdoors they can gain access to corporate systems without detection. Every computer system has an official means by which users are supposed to access it. Offen this includes an authentication system where the user provides a password or other type of credential to demonstrate their identity, If the user successfully authenticates, they are granted access to the system with their permissions limited to those assigned to their particular account While this authentication system provides security, it can also be inconvenient for some users, both legitimate and illegitimate. A system administrator may need to gain remote access to a system that is not designed to allow it An attacker may want to access a company's database server despite lacking the credentials to do so. The manufacturer of a system may include a default account to simplify configuration, testing, and deployment of updates to a system. In these cases, a backdoor may be inserted into a system. For example, a system administrator may set up a web shell on a server. When they want to access the server, they visit the appropriate site and can send commands directly to the server without needing to authenticate or configure corporate security policies to accept a secure remote access protocol like SSH. How is a Backdoor Used by Hackers? A backdoor provides access to a system that bypasses an organization's normal authentication mechanisms. Cybercriminals, who theoretically lack access to legitimate accounts on an organization's systems, can use it to remotely access corporate systems. With this remote access, they can steal sensitive data, deploy ransomware, spyware, or other malware, and take other malicious actions on the system. Often, backdoors are used to provide an attacker with initial access to an organization's environment. If a system administrator or other legitimate user has created a backdoor on the system, an attacker that discovers this backdoor may use it for their own purposes. Alternatively, f an attacker identifies a vulnerability that would allow them to deploy their own backdoor on a system, then they can use the backdoor to expand their access and capabilities on the system. Malware Any malicious software intended to harm or exploit any programmable device, service, or network is referred to as malware. Cybercriminals typically use it to extract data they can use against victims to their advantage in order to profit financially. Financial information, medical records, personal emails, and passwords are just a few examples of the types of information that could be compromised. In simple words, malware is short for malicious software and refers to any software that is designed to cause harm to computer systems, networks, or users. Malware can take many forms It's important for individuals and organizations to be aware of the different types of malware and take steps to protect their systems, such as using antivina software, keeping software and systema up-to-date, and being cautious when opening email attachments or downloading software from the internet. Malware is a program designed to gain access to computer systems, generally for the benefit of some third party, without the user's permission. Malware includes computer viruses, worms Trajan horses, ransomeware, spyware, and other malicious programs. Why Do Cybercriminals Use Malware? 1. Cybercriminals use malware, which includes all forms of malicious software including viruses, for a variety of purposes. 2. Using deception to induce a victim to provide personal information for identity theft 3. Theft of customer credit card information or other financial information 4. Taking over several computers and using them to launch denial-of- service attacks against other networks 5. Using Infected computers to mine for cryptocurrencies like bitcoin. Types of Malware 1. Viruses- A Virus is a malicious executable code attached to another executable file. The virus spreads when an infected file is passed from system to system. Viruses can be harmless or they can modify or delete data. Opening a file can trigger a virus. Once a program virus is active, it will infect other programs on the computer. 2. Worms-Worms replicate themselves on the system, attaching themselves to different files and looking for pathways between computers, such as computer network that shares common file storage areas. Worms usually slow down networks. A virus needs a host program to run but worms can run by themselves. After a worm affects a host, it is able to spread very quickly over the network. 3. Trojan horse - A Trojan horse is malware that carries out malicious operations under the appearance of a desired operation such as playing an online game. A Trojan horse varies from a virus because the Trojan binds itself to non-executable files, such as Image files, and audio files. 4. Ransomware - Ransomware grasps a computer system or the data it contains until the victim makes a payment. Ransomware encrypts data in the computer with a key that is unknown to the user. The user has to pay a ransom (price) to the criminals to retrieve data. Once the amount is paid the victim can resume using his/her system 5. Adware-it displays unwanted ads and pop-ups on the computer. It comes along with software downloads and packages. It generates revenue for the software distributer by displaying ads. 6. Spyware-Its purpose is to steal private information from a computer system for a third party. Spyware collects information and sends it to the hacker. 7. Logic Bombs - A logic bomb is a malicious program that uses a trigger to activate the malicious code. The logic bomb remains non- functioning until that trigger event happens. Once triggered, a logic bomb implements a malicious code that causes harm to a computer. Cybersecurity specialists recently discovered logic bombs that attack and destroy the hardware components in a workstation or server including the cooling fans, hard drives, and power supplies. The logic bomb overdrives these devices until they overheat or fail. Email bombing An email bomb is a denial-of-service attack that involves sending large volumes of messages to an email address. Email bombing usually aims to render the victim’s email unusable or hide important messages (such as security breach alerts) in the torrent. The recipient of an email bomb may not be the attacker’s intended victim — criminals can also flood random mailboxes with junk to bring down the server hosting them. Salami attack A salami attack is a method of cybercrime that attackers or a hacker typically used to commit financial crimes. Cybercriminals steal money or resources from financial accounts on a system one at a time. This attack occurs when several minor attacks combine to create a sturdy attack. because of this sort of cybercrime, these attacks frequently go undetected. Salami attacks are used for the commission of economic crimes Those who are found guilty of such an attack face punishment under Section 66 of the IT Act. Software Piracy Software Piracy is the act of illegally using, copying, modifying, distributing, sharing, or selling computer software protected by copyright laws. A software pirate is anyone who intentionally or unintentionally commits these illegal acts. You don't have to be a hacker to become a software pirate. It's enough to use illegal software or copy and share legal software without the author's consent Software piracy is illegal and considered a crune because whenever software is used, copied or sold illegally, these copyright holders are robbed of their payment and recognition. Industrial Espionage Industrial espionage is the covert, and sometimes illegal, practice of investigating competitors to gain a business advantage. The target of an investigation might be a trade secret, such as a proprietary product specification or formula, or information about business plans. Intrusions or attacks? Computer intrusions occur when someone tries to gain access to any part of your computer system. hackers typically use automated computer programs when they try to compromise a computer's security. There are several ways an intruder can try to gain access to your computer They can: 1. Access your computer to view, change, or delete information on your computer. 2. Crash or slow down your computer. 3. Access your private data by examining the files on your system. 4.Use your computer to access other computers on the internet. Crimes related to Social Media 5 common crimes being committed on, or as a result of, social media. 1. Online Threats, Stalking, Cyberbullying The most commonly reported and seen crimes that occur on social media involve people making threats, bullying, harassing, and stalking others online. While much of this type of activity goes unpunished, or isn't taken seriously, victims of these types of crimes frequently don't know when they can call the police. If you feel threatened by a statement made online to you, or believe a direct threat is credible, it's probably a good idea to consider calling the police. 2. Hacking and Frand Although logging into a friend's social media account to post an embarrassing status message may be forgivable between friends, it technically, can be a serious crime. Additionally, creating fake accounts, or impersonation accounts, to trick people (as opposed to just remaining anonymous), can also be punished as fraud depending on the actions the fake/impersonation account holder takes. 3. Buying Illegal Things Connecting over social media to make business connections, or buy legal goods or services may be perfectly legitimate. However, connecting over social media to buy drugs or other regulated,controlled or banned products is illegal. 4.Posting videos of criminal activites As smartphones and social media technology continues to improve hand in hand some and more criminals are posting videos of their crimes on social media. While this sounds somewhat horrifying it really is just short-sighted as more and more police departments and prosecutors are able to rely on these videos to arrest and convict the criminals. 5.Vacation Robberies one common practice among burglars is to use social media to discover when a potential victim is on vacation. If your vacation status updates are publicly viewable, rather than restricted to friend groups, then potential burglars can easily see when you are going to be away for an extended period of time. Unit 2: Global perspective on Cyber-crimes and Cyber Security 2.1 A global perspective on cybercrimes In an interconnected world where the internet serves as the backbone of communication, commerce, and connectivity, cybercrimes have emerged as a significant global threat. From data breaches to identity theft, cybercriminal activities transcend borders, posing challenges to law enforcement agencies and governments worldwide. Firstly, the nature of cybercrimes knows no bounds. Perpetrators can launch attacks from any corner of the globe, targeting individuals, businesses, and even governmental institutions irrespective of geographical location. This global reach underscores the need for international cooperation and collaboration to combat cyber threats effectively. As advancements such as artificial intelligence, the Internet of Things (IoT), and blockchain unfold, cybercriminals adapt their tactics, finding new vulnerabilities to exploit. The cost of cyber-attacks extends beyond immediate financial losses, encompassing reputational damage, regulatory fines, and even geopolitical tensions. Despite the challenges, concerted efforts are underway to foster global collaboration in addressing cybercrimes. International organizations, such as INTERPOL and the United Nations, facilitate information sharing and capacity building among member states. Additionally, initiatives like the Budapest Convention on Cybercrime aim to harmonize legal frameworks to enhance cross-border cooperation in prosecuting cybercriminals. A global perspective on cybercrimes is essential for understanding the multifaceted nature of the threat and devising effective countermeasures. 2.2 Phases of cyber-attack 1. Reconnaissance :This initial phase involves gathering information about the target system or network. It includes passive activities like scanning publicly available information, social engineering, or utilizing open-source intelligence to identify potential vulnerabilities and targets. Passive Attacks Passive attacks involve monitoring and eavesdropping on network communications without altering or disrupting them. This phase aims to gather sensitive information such as usernames, passwords, or system configurations without alerting the target. Active Attacks In contrast to passive attacks, active attacks involve directly interacting with the target system or network to exploit vulnerabilities. This may include launching malware, phishing attempts, or other methods to gain unauthorized access or disrupt operations. 2. Scanning : Scanning involves systematically probing the target system or network for vulnerabilities and weaknesses. This phase often follows reconnaissance and passive attacks to identify specific entry points or potential targets for exploitation. 3. Gaining Access Once vulnerabilities are identified through scanning, attackers attempt to exploit them to gain unauthorized access to the target system or network. This may involve exploiting software vulnerabilities, misconfigurations, or weak authentication mechanisms to infiltrate the target. 4. Maintaining Access After gaining initial access, attackers seek to maintain persistence within the target environment to continue their malicious activities undetected. This phase involves establishing backdoors, creating user accounts, or installing stealthy malware to ensure ongoing access. 5.Covering Tracks. As the final phase of the cyber-attack lifecycle, covering tracks aims to conceal the attacker's presence and activities to evade detection and forensic investigation. This may involve deleting log files, altering timestamps, or manipulating system configurations to remove traces of the attack. 2.3 Detection Avoidance Detection avoidance refers to the techniques and strategies employed by attackers to evade detection by security mechanisms, monitoring systems, and cybersecurity professionals. Common methods used for detection avoidance are: 1. Encryption: Attackers may encrypt their malicious payloads, communication channels, or data exfiltration activities to obfuscate their activities and evade detection by security monitoring tools. 2. Anti-Forensic Techniques: Anti-forensic techniques involve manipulating or deleting digital evidence to hinder or obfuscate post-incident analysis and forensic investigations. Attackers may attempt to erase logs, alter timestamps, or overwrite data to cover their tracks 3. Polymorphic Malware: Polymorphic malware is designed to dynamically change its code structure or appearance with each iteration, making it difficult for traditional antivirus and endpoint protection solutions to detect and block. 2.4 Types of Attack vectors Cybercriminals employ various attack vectors to exploit vulnerabilities in systems, networks, and individuals' behaviour. Common types of attack vectors in cybercrime are: 1. Phishing: Phishing attacks involve sending deceptive emails, messages, or websites to trick individuals into divulging sensitive information such as login credentials, financial details, or personal data. 2. Malware: Malware, short for malicious software, encompasses a broad range of malicious programs designed to infiltrate, damage, or gain unauthorized access to computers and networks. 3. Exploits: Exploits target software vulnerabilities to gain unauthorized access, execute arbitrary code, or escalate privileges on a system or network. 4. Man-in-the-Middle (MitM) Attacks: MitM attacks involve intercepting and manipulating communication between two parties without their knowledge or consent. Attackers positioned between the victim and the intended communication endpoint can eavesdrop on sensitive data, modify transmitted information, or impersonate legitimate entities to deceive both parties. 5. SQL Injection: SQL injection attacks exploit vulnerabilities in web applications that improperly handle user input. By injecting malicious SQL queries into input fields, attackers can manipulate database queries, access unauthorized data, or execute arbitrary commands on the underlying database server. 6. Distributed Denial of Service (DDoS) Attacks: DDoS attacks overwhelm targeted systems or networks with a flood of malicious traffic, causing service disruption or downtime for legitimate users. By coordinating large numbers of compromised devices, known as botnets, attackers can amplify their attack traffic and evade mitigation efforts. 7. Social Engineering: Social engineering is the tactic of manipulating, influencing, or deceiving a victim in order to gain control over a computer system, or to steal personal and financial information. For example: Phishing is the most common type of social engineering attack, typically using spoofed email addresses and links to trick people into providing login credentials, credit card numbers, or other personal information

Use Quizgecko on...
Browser
Browser