temp.pdf

Full Transcript

Cybercrime against organization

Unauthorized access to computer system or network
Unauthorized access is when someone gains access to a website,
program, server, service,
other system using someone else's account or other methods. For
example, if someone kept guessing a password or username for an
account that was not theirs until they gained access, it is considered
unauthorized access. Unauthorized access could also offer if a user
attempts to access
an area of the system they should not be accessing. When
attempting it access that area they should be denied access and
possibly see an unauthorized access message.

Password Sniffing

Password sniffing is a type of network attack in which an attacker
intercepts data packets that include passwords. The attacker then
uses a password-cracking program to obtain the actual passwords
from the intercepted data.

Password sniffing can be used to obtain passwords for any type of
account, including email, social media, and financial accounts. It is
one of the most common types of attacks on both home and
business networks.

DOS

A Denial-of-Service (DoS) attack is an attack meant to shut down a
machine or network, making it inaccessible to its intended users. DoS
attacks often target web servers of high-profile organizations such as
banking, commerce, and media companies, or govemment and trade
organizations. DoS attacks do not typically result in the theft or loss
of significant information or other assets, they can cost the victim a
great deal of time and money to handle. Two methods of DoS attacks
are: flooding services or crashing services.

Backdoors

backdoor is a means of bypassing an organization's existing security
systems. While a company may have various security solutions in
place, there may be mechanisms in place that allow a legitimate user
or attacker to evade them. If an attacker can identify and access
these backdoors they can gain access to corporate systems without
detection.

Every computer system has an official means by which users are
supposed to access it. Offen this includes an authentication system
where the user provides a password or other type of credential to
demonstrate their identity, If the user successfully authenticates,
they are granted access to the system with their permissions limited
to those assigned to their particular account

While this authentication system provides security, it can also be
inconvenient for some users, both legitimate and illegitimate. A
system administrator may need to gain remote access to a system
that is not designed to allow it An attacker may want to access a
company's database server despite lacking the credentials to do so.
The manufacturer of a system may include a default account to
simplify configuration, testing, and deployment of updates to a
system.

In these cases, a backdoor may be inserted into a system. For
example, a system administrator may set up a web shell on a server.
When they want to access the server, they visit the appropriate site
and can send commands directly to the server without needing to
authenticate or configure corporate security policies to accept a
secure remote access protocol like SSH.
How is a Backdoor Used by Hackers?

A backdoor provides access to a system that bypasses an
organization's normal authentication mechanisms. Cybercriminals,
who theoretically lack access to legitimate accounts on an
organization's systems, can use it to remotely access corporate
systems. With this remote access, they can steal sensitive data,
deploy ransomware, spyware, or other malware, and take other
malicious actions on the system.

Often, backdoors are used to provide an attacker with initial access to
an organization's environment. If a system administrator or other
legitimate user has created a backdoor on the system, an attacker
that discovers this backdoor may use it for their own purposes.
Alternatively, f an attacker identifies a vulnerability that would allow
them to deploy their own backdoor on a system, then they can use
the backdoor to expand their access and capabilities on the system.

Malware

Any malicious software intended to harm or exploit any
programmable device, service, or network is referred to as malware.
Cybercriminals typically use it to extract data they can use against
victims to their advantage in order to profit financially. Financial
information, medical records, personal emails, and passwords are
just a few examples of the types of information that could be
compromised.

In simple words, malware is short for malicious software and refers
to any software that is designed to cause harm to computer systems,
networks, or users. Malware can take many forms It's important for
individuals and organizations to be aware of the different types of
malware and take steps to protect their systems, such as using
antivina software, keeping software and systema up-to-date, and
being cautious when opening email attachments or downloading
software from the internet.

Malware is a program designed to gain access to computer systems,
generally for the benefit of some third party, without the user's
permission. Malware includes computer viruses, worms Trajan
horses, ransomeware, spyware, and other malicious programs.

Why Do Cybercriminals Use Malware?

1. Cybercriminals use malware, which includes all forms of malicious
software including viruses, for a variety of purposes.
2. Using deception to induce a victim to provide personal information
for identity theft
3. Theft of customer credit card information or other financial
information
4. Taking over several computers and using them to launch denial-of-
service attacks against other networks
5. Using Infected computers to mine for cryptocurrencies like bitcoin.

Types of Malware

1. Viruses- A Virus is a malicious executable code attached to another
executable file. The virus spreads when an infected file is passed
from system to system. Viruses can be harmless or they can modify
or delete data. Opening a file can trigger a virus. Once a program
virus is active, it will infect other programs on the computer.
2. Worms-Worms replicate themselves on the system, attaching
themselves to different files and looking for pathways between
computers, such as computer network that shares common file
storage areas. Worms usually slow down networks. A virus needs a
host program to run but worms can run by themselves. After a worm
affects a host, it is able to spread very quickly over
the network.

3. Trojan horse - A Trojan horse is malware that carries out malicious
operations under the appearance of a desired operation such as
playing an online game. A Trojan horse varies from a virus because
the Trojan binds itself to non-executable files, such as Image files,
and audio files.

4. Ransomware - Ransomware grasps a computer system or the data
it contains until the victim makes a payment. Ransomware encrypts
data in the computer with a key that is unknown to the user. The user
has to pay a ransom (price) to the criminals to retrieve data. Once the
amount is paid the victim can resume using his/her system

5. Adware-it displays unwanted ads and pop-ups on the computer. It
comes along with software downloads and packages. It generates
revenue for the software distributer by displaying ads.

6. Spyware-Its purpose is to steal private information from a
computer system for a third party. Spyware collects information and
sends it to the hacker.

7. Logic Bombs - A logic bomb is a malicious program that uses a
trigger to activate the malicious code. The logic bomb remains non-
functioning until that trigger event happens. Once triggered, a logic
bomb implements a malicious code that causes harm to a computer.
Cybersecurity specialists recently discovered logic bombs that attack
and destroy the hardware components in a workstation or server
including the cooling fans, hard drives, and power supplies. The logic
bomb overdrives these devices until they overheat or fail.

Email bombing

An email bomb is a denial-of-service attack that involves sending
large volumes of messages to an email address. Email bombing
usually aims to render the victim’s email unusable or hide important
messages (such as security breach alerts) in the torrent. The recipient
of an email bomb may not be the attacker’s intended victim —
criminals can also flood random mailboxes with junk to bring down
the server hosting them.

Salami attack

A salami attack is a method of cybercrime that attackers or a hacker
typically used to commit financial crimes. Cybercriminals steal money
or resources from financial accounts on a system one at a time. This
attack occurs when several minor attacks combine to create a sturdy
attack. because of this sort of cybercrime, these attacks frequently go
undetected. Salami attacks are used for the commission of economic
crimes Those who are found guilty of such an attack face punishment
under Section 66 of the IT Act.

Software Piracy

Software Piracy is the act of illegally using, copying, modifying,
distributing, sharing, or selling computer software protected by
copyright laws. A software pirate is anyone who intentionally or
unintentionally commits these illegal acts.

You don't have to be a hacker to become a software pirate. It's
enough to use illegal software or copy and share legal software
without the author's consent
Software piracy is illegal and considered a crune because whenever
software is used, copied or sold illegally, these copyright holders are
robbed of their payment and recognition.

Industrial Espionage

Industrial espionage is the covert, and sometimes illegal, practice of
investigating competitors to gain a business advantage. The target of
an investigation might be a trade secret, such as a proprietary
product specification or formula, or information about business
plans.

Intrusions or attacks?

Computer intrusions occur when someone tries to gain access to any
part of your computer system. hackers typically use automated
computer programs when they try to compromise a computer's
security. There are several ways an intruder can try to gain access to
your computer
They can:
1. Access your computer to view, change, or delete information on
your computer.
2. Crash or slow down your computer.
3. Access your private data by examining the files on your system.
4.Use your computer to access other computers on the internet.

Crimes related to Social Media

5 common crimes being committed on, or as a result of, social media.

1. Online Threats, Stalking, Cyberbullying

The most commonly reported and seen crimes that occur on social
media involve people making threats, bullying, harassing, and
stalking others online. While much of this type of activity goes
unpunished, or isn't taken seriously, victims of these types of crimes
frequently don't know when they can call the police. If you feel
threatened by a statement made online to you, or believe a direct
threat is credible, it's probably a good idea to consider calling the
police.

2. Hacking and Frand

Although logging into a friend's social media account to post an
embarrassing status message may be forgivable between friends, it
technically, can be a serious crime.
Additionally, creating fake accounts, or impersonation accounts, to
trick people (as opposed to just remaining anonymous), can also be
punished as fraud depending on the actions the fake/impersonation
account holder takes.

3. Buying Illegal Things

Connecting over social media to make business connections, or buy
legal goods or services may be perfectly legitimate. However,
connecting over social media to buy drugs or other
regulated,controlled or banned products is illegal.

4.Posting videos of criminal activites

As smartphones and social media technology continues to improve
hand in hand some and more criminals are posting videos of their
crimes on social media. While this sounds somewhat horrifying it
really is just short-sighted as more and more police departments
and prosecutors are able to rely on these videos to arrest and convict
the criminals.

5.Vacation Robberies
one common practice among burglars is to use social media to
discover when a potential victim is on vacation. If your vacation
status updates are publicly viewable, rather than restricted to friend
groups, then potential burglars can easily see when you are going to
be away for an extended period of time.

Unit 2: Global perspective on Cyber-crimes and Cyber
Security

2.1 A global perspective on cybercrimes

In an interconnected world where the internet serves as the backbone of communication,
commerce, and connectivity, cybercrimes have emerged as a significant global threat.
From data breaches to identity theft, cybercriminal activities transcend borders, posing
challenges to law enforcement agencies and governments worldwide.
Firstly, the nature of cybercrimes knows no bounds. Perpetrators can launch attacks from any
corner of the globe, targeting individuals, businesses, and even governmental institutions
irrespective of geographical location.
This global reach underscores the need for international cooperation and collaboration to
combat cyber threats effectively.
As advancements such as artificial intelligence, the Internet of Things (IoT), and blockchain
unfold, cybercriminals adapt their tactics, finding new vulnerabilities to exploit.
The cost of cyber-attacks extends beyond immediate financial losses, encompassing
reputational damage, regulatory fines, and even geopolitical tensions. Despite the challenges,
concerted efforts are underway to foster global collaboration in addressing cybercrimes.
International organizations, such as INTERPOL and the United Nations, facilitate
information sharing and capacity building among member states. Additionally, initiatives like
the Budapest Convention on Cybercrime aim to harmonize legal frameworks to enhance
cross-border cooperation in prosecuting cybercriminals. A global perspective on cybercrimes
is essential for understanding the multifaceted nature of the threat and devising effective
countermeasures.

2.2 Phases of cyber-attack
1. Reconnaissance :This initial phase involves gathering information about the target system
or network. It includes passive activities like scanning publicly available information, social
engineering, or utilizing open-source intelligence to identify potential vulnerabilities and
targets.
Passive Attacks Passive attacks involve monitoring and eavesdropping on network
communications without altering or disrupting them. This phase aims to gather sensitive
information such as usernames, passwords, or system configurations without alerting the
target.
Active Attacks In contrast to passive attacks, active attacks involve directly
interacting with the target system or network to exploit vulnerabilities. This may include
launching malware, phishing attempts, or other methods to gain unauthorized access or
disrupt operations.
2. Scanning : Scanning involves systematically probing the target system or network for
vulnerabilities and weaknesses. This phase often follows reconnaissance and passive attacks
to identify specific entry points or potential targets for exploitation.

3. Gaining Access Once vulnerabilities are identified through scanning, attackers attempt to
exploit them to gain unauthorized access to the target system or network. This may involve
exploiting software vulnerabilities, misconfigurations, or weak authentication mechanisms to
infiltrate the target.
4. Maintaining Access After gaining initial access, attackers seek to maintain persistence
within the target environment to continue their malicious activities undetected. This phase
involves establishing backdoors, creating user accounts, or installing stealthy malware to
ensure ongoing access.
5.Covering Tracks. As the final phase of the cyber-attack lifecycle, covering tracks aims to
conceal the attacker's presence and activities to evade detection and forensic investigation.
This may involve deleting log files, altering timestamps, or manipulating system
configurations to remove traces of the attack.

2.3 Detection Avoidance

Detection avoidance refers to the techniques and strategies employed by attackers to evade
detection by security mechanisms, monitoring systems, and cybersecurity professionals.
Common methods used for detection avoidance are:
1. Encryption: Attackers may encrypt their malicious payloads, communication channels, or
data exfiltration activities to obfuscate their activities and evade detection by security
monitoring tools.
2. Anti-Forensic Techniques: Anti-forensic techniques involve manipulating or deleting
digital evidence to hinder or obfuscate post-incident analysis and forensic investigations.
Attackers may attempt to erase logs, alter timestamps, or overwrite data to cover their tracks
3. Polymorphic Malware: Polymorphic malware is designed to dynamically change its code
structure or appearance with each iteration, making it difficult for traditional antivirus and
endpoint protection solutions to detect and block.

2.4 Types of Attack vectors

Cybercriminals employ various attack vectors to exploit vulnerabilities in systems, networks,
and individuals' behaviour. Common types of attack vectors in cybercrime are:
1. Phishing: Phishing attacks involve sending deceptive emails, messages, or websites to trick
individuals into divulging sensitive information such as login credentials, financial details, or
personal data.
2. Malware: Malware, short for malicious software, encompasses a broad range of malicious
programs designed to infiltrate, damage, or gain unauthorized access to computers and
networks.
3. Exploits: Exploits target software vulnerabilities to gain unauthorized access, execute
arbitrary code, or escalate privileges on a system or network.
4. Man-in-the-Middle (MitM) Attacks: MitM attacks involve intercepting and manipulating
communication between two parties without their knowledge or consent. Attackers positioned
between the victim and the intended communication endpoint can eavesdrop on sensitive
data, modify transmitted information, or impersonate legitimate entities to deceive both
parties.
5. SQL Injection:
SQL injection attacks exploit vulnerabilities in web applications that improperly handle user
input. By injecting malicious SQL queries into input fields, attackers can manipulate database
queries, access unauthorized data, or execute arbitrary commands on the underlying database
server.

6. Distributed Denial of Service (DDoS) Attacks:
DDoS attacks overwhelm targeted systems or networks with a flood of malicious traffic,
causing service disruption or downtime for legitimate users. By coordinating large numbers
of compromised devices, known as botnets, attackers can amplify their attack traffic and
evade mitigation efforts.

7. Social Engineering:
Social engineering is the tactic of manipulating, influencing, or deceiving a victim in order to
gain control over a computer system, or to steal personal and financial information.
For example:
Phishing is the most common type of social engineering attack, typically using spoofed email
addresses and links to trick people into providing login credentials, credit card numbers, or
other personal information