Cyber Security UNIT II PDF

Summary

This document provides information on cyber security, including definitions of cybercrime and cyber law, and examples of various cybercrimes. It also discusses methods of addressing issues related to hacking and unauthorized access.

Full Transcript

1. Define cybercrime. Give two examples.
It can be defined as “The illegal usage of any communication device to
commit or facilitate in committing any illegal act”.

2. Define Cyber Law.
Cyber law is a term used to describe the legal issues related to use
ofcommunications technology, particularly "cyberspace", i.e. the Internet. It
is also known as Internet Law or Cyber Law, is the part of the overall legal
system that is related to legal informatics and supervises the
digitalcirculation of information, e-commerce, software and information
security. It is associated with legal informatics and electronic elements,
including information systems, computers, software, and hardware.

3. What are the top five cybercrimes?
1. Phishing - is a technique used by cyber criminals to trick people into
installing some malicious software, most likely through a link.
2. Ransomware –It works when criminals steal something of great value
and demand payment in exchange for its return.
3. Hacking - Hacking occurs when accounts and passwords are
compromised.
4. Website Spoofing- The word spoof means to trick, or deceive. Website
spoofing is when a website is designed to look like a real one and deceive
you into believing it is a legitimate site.
5. Identity theft - Identity theft happens when a person pretends to be
someone else to commit fraud. Cybercriminals steal your personal
information, like identity cards, credit cards and the like, to make
transactions.

4. Give examples of common cybercrimes that individuals or organizations
may encounter?
Cybercrimes against individuals:
1. Phishing and Scam
2. Theft of Identity
3. Malware Attacks
4. Cyberstalking

5. Web JackingCybercrimes against organizations:
1. Unauthorized Accessing of Computer
2. Denial Of Service
3. Computer contamination / Virus attack
4. Email Bombing
5. Data diddling
6. Salami Attack
5. How does cyber law address issues related to hacking and unauthorized
access to computer systems?
According to section 66, Hacking of a Computer System with malicious
intentions like fraud will be punished with 3 years imprisonment or the
fine of Rs.5,00,000 or both.
Section 43: Penalty for unauthorized access, damage to computer systems,
and data theft. - Penalty: Imprisonment for up to three years or a fine of
up to ₹500,000 or both.

6. What are the main categories or classifications of cybercrime?
Cyber crimes are majorly of 4 categories:
1. Against Individuals: These include e-mail spoofing, spamming, cyber
defamation, cyber harassments and cyber stalking.
2. Against Property: These include credit card frauds, internet time theft
and intellectual property crimes.
3. Against Organisations: These include unauthorized accessing of
computer, denial Of service, computer contamination / virus attack, e
mail bombing, salami attack, logic bomb, trojan horse and data
diddling.
4. Against Society: These include Forgery, Cyber Terrorism, Web
Jacking.

7. Differentiate between personal cybercrimes and property cybercrimes?
Cybercrime against personal/individual involves targeting person’s
computer, data, identity such as hacking phishing or identity theft.
Cybercrime against property involves damaging or stealing a person’s or
an organization’s property such as malware, ransomware or piracy.

8. What is Cyber terrorism? Give example.
It is often defined as any premeditated, politically motivated attack against
information systems, programs and data that threatens violence or results
in violence.
Or
It is the use of the Internet to conduct violent acts that result in, or threaten,
the loss of life or significant bodily harm, in order to achieve political or
ideological gains through threat or intimidationExamples:
Unauthorized access- Attackers often aim to disable or modify
communications that control military or other critical technology.
Cyberespionage:Governments often carry out or
sponsor cyberespionage attacks. They aim to spy on rival nations
and gather intelligence, such as troop locations or military
strategies.
9. What is Cyber Extortion? Give example.
Cyber extortion is an online crime in which hackers hold your data,
website, computer systems, or other sensitive information hostage until
you meet their demands for payment. It often takes the form
of ransomware and distributed denial-of-service attack.
One of the most common cyber extortion examples is ransomware.
During a ransomware attack, a hacker breaches your network and hijacks
your data, or other critical element of your network and demands that you
pay them money, typically in cryptocurrency, before they allow you to
access your digital assets again.

10.What is Cyber Warfare? Give example.
Cyber warfare is a cyberattack or series of cyberattacks launched
against a country or state with the aim of gaining a strategic or military
advantage.
Example:
Malware attacks
Communications blackouts or significant power grid or public utilities
shut-downs can be caused by malware such as viruses and worms that
are used as cyberweapons to attack critical infrastructure networks or
industrial control systems.

11.What is Internet Fraud? Give example.
Internet fraud is a type of cybercrime fraud or deception which makes use
of the Internet and could involve hiding of information or providing
incorrect information for the purpose of tricking victims out of money,
property and inheritance.
Example: LOTTERY SCAM
An email, letter or text message from a lottery company arrives from out
of nowhere. It will advise you that you have won a lot of money or
fantastic prizes—in a lottery or competition you did not enter. Lottery
scams will often use the names of legitimate lotteries, so that even if you
do some superficial research, the scam will seem real.

12.What is Cyber Stalking? Give example.
Cyberstalking is a type of cybercrime that uses the internet and technology
to harass or stalk a person. It can be considered an extension of
cyberbullying and in-person stalking. However, it takes the form of text
messages, e-mails, social media posts.
Example:
Message the target repeatedly
Continue the harassing behavior even after being asked to stop
Use technology to threaten or blackmail the target
Follow the target online by joining the same groups and forums
Hack into or hijack the target's online accounts
Posting offensive, suggestive, or rude comments online
13.What are the challenges involved in addressing cybercrimes?
The increasing technology of the Internet has provided various
advancements in human beings’ daily life. But this advancement of
technology is facing various challenges as follows,
Mixed attack- Cybercriminals are very creative as they are always
busy in
making a new variant of existing cyberattack or forming a new cyberattack.
This type of dynamic environment of cybercrimes gives a very hard
challenge for security researchers to defend the data and information on the
Internet from the various types of cyberattacks.
Huge Increase in the Cybersurface
(Cybersurface- It constitutes desktops, laptops, mobiles, tablets, and
smartwatches that can be connected to the Internet with the help of hardware
and software.)
The increased cybersurface gives rise to the difficult level of defending data
on the cybersurface by security professionals.

14.What is phishing?
Phishing is a cybercrime in which a target or targets are contacted by
email, telephone or text message by someone posing as a legitimate
institution to lure individuals into providing sensitive data such as
personally identifiable information, banking and credit card details, and
passwords.

15.What is ransomware? Name two preventive measures against
ransomware attacks.
Ransomware is a type of malware that encrypts a victim's files or locks
them out of their systems, demanding a ransom in exchange for restoring
access.
Keep All Systems And Software Updated- Always keep your operating
system, web browser, antivirus, and any other software you use updated to
the latest version available.
Install Antivirus Software & Firewalls- antivirus and anti-malware
software are the most common ways to defend against ransomware. They
can scan, detect, and respond to cyber threats.

16.What is meant by Cyber Financial Frauds and give examples of
protection against it.
Cyber financial frauds involve unauthorized access, theft, or manipulation
of financial data or transactions using digital platforms.
Examples:
Guard your online information - Be sure to continually maintain
the security software of your computers and teach employees to
avoid entering personal information (like financial information and
log-in credentials) into public computers.
Monitor your accounts. It is recommended to log into your
financial account daily through online banking or a mobile banking
app that enables you to keep an eye on your balances and account
activity and ensures that you catch unauthorized transactions
quickly.

17.What is meant by Denial of Service (DoS) attack?
A denial-of-service (DoS) attack is a type of cyber attack in which a
malicious actor aims to render a computer or other device unavailable to
its intended users by interrupting the device's normal functioning.

18.What is malware? Give two examples of malware types.
Malware, short for malicious software, refers to any intrusive software
developed by cybercriminals (often called hackers) to steal data and
damage or destroy computers and computer systems.
Examples of common malware include viruses, worms, Trojan viruses,
spyware, adware, and ransomware.

19.Describe two common social engineering techniques used in cybercrime.
Computer based social engineering techniques:
Phishing- an attacker uses a message sent by email, social media,
instant messaging clients, or SMS to obtain sensitive information
from a victim or trick them into clicking a link to a malicious
website.
Pretexting: attackers create a fake identity and use it to manipulate
their victims into providing private information.
Human based social engineering techniques:
Impersonation helps attackers in tricking a target to reveal sensitive
information.
Posing as a legitimate end user: Give identity and ask for the
sensitive information.
Posing as an important user: Posing as a VIP of a target company,
valuable customer, etc.

20.What is meant by zero-day attacks?
These are cyber-attacks that exploit software vulnerabilities that are
unknown to the software vendor or have not been patched yet.
Or
"Zero-day" is a term that describes recently discovered security
vulnerabilities that hackers can use to attack systems. The term "zero
day" refers to the fact that the vendor or developer has only just learned
of the flaw – which means they have “zero days” to fix it. A zero-day
attack takes place when hackers exploit the flaw before developers have
a chance to address it.
21.What is Crypto jacking?
Cryptojacking is a type of cybercrime that involves the unauthorized use of
people's devices (computers, smartphones, tablets, or even servers) by
cybercriminals to mine for cryptocurrency. the motive of this crime is
profit, but unlike other threats, it is designed to stay completely hidden from
the victim.

22.Define Data breaches and mention two consequences of such incidents.
A data breach is a cyber attack in which sensitive, confidential or otherwise
protected data has been accessed or disclosed in an unauthorized fashion.
The consequences of data breach can be far-reaching and often long-term.
Reputational Damage: Company reputations are tainted
because of data breaches for years because news of the breaches
remains forever on the Internet and social media.
Loss of Sales: When people lose trust in an organization, they
may cease to be customers.

23.Mention two preventive measures against Cyber Crime.
Use strong password
Do not trust everything on the internet

24.How to report cybercrime?
Complaints can be reported through helpline number 1930 or on
National Cybercrime Reporting Portal.

25.What is meant by zero-click attacks?
Zero-click attacks are a sophisticated class of cyber threats that exploit
software vulnerabilities without any action or input from the targeted
user. Zero-click attacks operate covertly, often targeting messaging apps,
email platforms, and other software with remote code execution
capabilities.

26.What is Web based threats?
Web-based threats, or online threats, are a category of cybersecurity risks
that may cause an undesirable event or action via the internet. Web threats
are made possible by end-user vulnerabilities, web service
developers/operators, or web services themselves.

27.Define cyberbullying and provide two ways to prevent cyberbullying
incidents.
Cyberbullying is a type of bullying in which one or more individuals
use digital technologies to intentionally and repeatedly cause harm to
another person. Cyberbullies use mobile phones, computers or other
electronic devices to send texts, emails or instant messages; post
comments on social media or in chat rooms; or in other ways use
private or public forums to attack their victims. There are ways to
prevent cyberbullying incidents.
1. Protect Accounts/Devices With Passwords: Cyber attackers can hack
your account & use your confidential information to hurt you. This is why
it is important to take precautions while setting your passwords.
2. Don’t Share Personal Information: It is important to teach them not
to share personal information like Phone number, Address etc

28.What is online scams and give two examples of common online scams.
Internet scam or online scam is a type of cybercrime or deception which
makes use of the Internet and could involve hiding of information or
providing incorrect information for the purpose of tricking victims out
of money, property, and inheritance.
Example:
banking, credit card and online account scams
job and employment scams
charity and medical scams

29.What is Forensic Investigation?
Forensic investigation in cybersecurity refers to the practice of
collecting, analyzing, and preserving digital evidence after a cyberattack or
cybercrime. The goal of a forensic investigation is to uncover details about
how an attack occurred, who was responsible, and what was accessed or
stolen.

30.Define encryption. Write its importance in protecting sensitive data.
Encryption is a way of scrambling data so that only authorized parties can
understand the information. In technical terms, it is the process of
converting
human-readable plaintext to incomprehensible text, also known as cipher
text.
It’s important to protect sensitive data because if attackers manage to access
your system data, these methods ensure they can't see, read, or do much with
the information.

31.What is Spyware?
Spyware is a type of malicious software that is installed on a computing
device without the end user's knowledge. It invades the device, steals
sensitive information and internet usage data, and relays it to advertisers,
data
firms or external users.

32.What is the main legislation governing cyber law in India?
In India, cyber laws are contained in the Information Technology Act,
2000 (IT Act) which came into force on October 17, 2000. The main
purpose of the Act is to provide legal recognition to electronic commerce
and to facilitate filing of electronic records with the Government.

33.Name any one offense related to cybercrime that is defined under the
Information Technology Act, 2000.
a) Hacking of a Computer System with malicious intentions like
fraud will be punished with 3 years imprisonment or the fine of Rs.
5,00,000 or both.
b) Fraud or dishonesty using or transmitting information or identity
theft is punishable with 3 years imprisonment or Rs. 1,00,000 fine or
both.

34.What is the role of the Cyber Crime Investigation Cell (CCIC) in India?
It is responsible for investigating cybercrime cases and providing
technical support to other law enforcement agencies.

35.What is the punishment for unauthorized access to a computer system
under the Information Technology Act, 2000?
Unauthorized access to computer systems, data, or networks can lead
to imprisonment up to 3 years or a fine of up to 5 lakh rupees, or both.

36.How can individuals report cybercrimes in India? Provide one reporting
channel.Visit the nearest police station immediately.
To report cybercrime complaints online, visit the National Cyber
Crime Reporting Portal.
1930 is national cybercrime helpline. If you fall victim to a financial
fraud, you can call this number with necessary details, such as your
name, contact information, your account number along with the
details of the account that you transferred the money to.
Report any adverse activity or unwanted behavior to CERT-IN
using following channels E-mail : [email protected]

37.Write the difference between virus and worms.
Both computer virus and worm can equally harm a computer device.
However, these two aren’t the same completely.
A computer virus is a kind of malicious computer program, which when
executed, replicates itself and inserts its own code. A virus spreads from
one software or device to another. It includes boot sector virus, file
infector virus.
On the other hand, a computer worm is a stand-alone malicious program
which can spread itself to other parts of any device. It includes internet
worms, email worms. However, one similarity is that both virus and
worms are a subcategory of malware.

38.Name the organisation for cyber-crimes against women and children in
India.
The Ministry of Home Affairs stated that the main objective of the
Cyber Crime Prevention Against Women and Children (CCPWC)
scheme is to develop effective mechanisms to handle cyber-crimes
against women and children in the country.

39.What is meant by Social Engineering Attacks?
Social engineering is a manipulation technique that exploits human
error to gain private information, access, or valuables. In cybercrime,
these “human hacking” scams tend to lure unsuspecting users into
exposing data, spreading malware infections, or giving access to
restricted systems. Attacks can happen online, in-person, and via other
interactions.