Cybersecurity Lecture Notes PDF

CYBERSECUR ITY AKH ILA B M U KU N D A N ASSISTA N T P R O F E SS O R FAC U LT Y O F C O M P U T E R AP PLIC AT IO N S M AR WA D I U N I V E R S I T Y Syllabus Unit 1- Introduction to Cybercrime and Security ◦ Introduction ◦ Cyber offences: How Criminals Plan ◦ Cyber Security that attack, Categories of ◦ Cybercrime Cybercrime ◦ Classifications of Cyber Crimes: ◦ How Criminals Plan the Attacks: Passive Attacks, Active Attacks E-mail spoofing, Spamming, Cyber ◦ Scanning/Scrutinizing gathered defamation, Internet Time Theft, Newsgroup, Spam/Crimes from Usenet Information Newsgroup, Industrial ◦ Attack (Gaining and Maintaining Spying/Industrial Espionage, Hacking, the System Access) Online Frauds, Pornographic Offenses, ◦ Social Engineering Software Piracy, Password Sniffing, ◦ Cyberstalking Credit Card Frauds Syllabus Unit 2- Common Attack and Tools for Cybersecurity ◦ Common Attacks: Introduction ◦ Identity Theft Personally Identifiable Information ◦ Phishing (PII) Methods of Phishing Types of Identity Theft Phishing Techniques Techniques of Identity Theft Spear Phishing Identity theft Countermeasures Types of Phishing Scams Phishing Toolkits & Spy Phishing ◦ How to protect your online identity Phishing Countermeasures ◦ Proxy Servers and Anonymizers Syllabus Unit 2- Common Attack and Tools for Cybersecurity Tools/ Demo: ◦ Phishing Implementation ◦ Password Cracking ◦ Keyloggers and Spyware ◦ Steganography ◦ Dos and DDoS Attacks ◦ SQL Injection Introduction Cybersecurity: Cybersecurity protects network users from digital threats. Some cybersecurity tips include: ◦ Keeping software up to date ◦ Using antivirus and antimalware software ◦ Using strong passwords ◦ Backing up data ◦ Being cautious of phishing scams ◦ Using a password manager ◦ Using two-factor authentication ◦ Not reusing passwords Introduction Cybercrime: Cybercrime includes a variety of threats, such as: ◦ Phishing: A common cyber threat where cybercriminals target individuals and companies for profit. Phishing is often used to deliver ransomware. ◦ Ransomware: A serious threat to businesses of all sizes. Ransomware attacks infect a network and lock down data and computer systems until a ransom is paid. ◦ Cyberstalking: A predominant form of cybercrime. Digital forensics: A process that involves identifying, examining, and analyzing digital evidence to find answers to questions about an online crime or attack. Cybersecurity ◦ Definition: Cyber Security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It involves a set of techniques used to protect the integrity of networks, programs, and data from attack, damage, or unauthorized access. ◦ Cybersecurity is the protection to defend internet-connected devices and services from malicious attacks by hackers, spammers, and cybercriminals. ◦ Companies use the practice to protect against phishing schemes, ransomware attacks, identity theft, data breaches, and financial losses. ◦ There are potential threats behind every device and platform. ◦ A steady rise in the rate of cyber crimes shows the flaws behind the glory of the digital world and highlights the importance of learning about cybersecurity. Cybersecurity Organisation POV ◦ Cybersecurity involves protecting an organization's information assets, including its networks, devices, data, and intellectual property, from cyber threats that could lead to unauthorized access, data breaches, financial loss, or damage to reputation. ◦ Cybersecurity in an organizational context is a strategic approach that ensures business continuity, regulatory compliance, and trust among stakeholders. Cybersecurity Components of Cybersecurity Cybersecurity combines people, processes and technologies to protect computer systems, networks, programs, and data from unauthorized access, use, disclosure, disruption, modification, or destruction. Components of Cybersecurity Cybersecurity combines people, processes and technologies to protect computer systems, networks, programs, and data from unauthorized access, use, disclosure, disruption, modification, or destruction. ◦ Preventive Measures: Implementing software updates, firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) to detect and block malicious activity. ◦ Detection: Utilizing IDS and IPS to identify potential threats, such as malware, phishing, and denial-of-service (DoS) attacks. ◦ Response: Activating incident response plans, which include containment, eradication, recovery, and post-incident activities to mitigate the impact of a breach. ◦ Recovery: Restoring affected systems and data to their pre-incident state, while also implementing measures to prevent similar incidents in the future. ◦ Continuous Monitoring: Ongoing surveillance and analysis of system Types of Cybersecurity ◦ Network Security: Protecting computer networks from unauthorized access and malicious activity. ◦ Application Security: Ensuring the security of software applications, including secure coding practices and vulnerability assessments. ◦ Data Security: Protecting sensitive data, such as confidentiality, integrity, and availability, through encryption, access controls, and data backup. ◦ Cloud Security: Securing cloud-based infrastructure, platforms, and applications, including identity and access management, data encryption, and monitoring. ◦ Endpoint Security: Protecting end-user devices, such as laptops and mobile devices, from malware and unauthorized access. Best Practices in Cybersecurity ◦ Keep Software Up-to-Date: Regularly update operating systems, applications, and firmware to patch vulnerabilities. ◦ Use Strong Authentication: Implement multi-factor authentication (MFA) to verify user identities. ◦ Encrypt Data: Use encryption to protect sensitive data at rest and in transit. ◦ Monitor Systems: Continuously monitor system and network activity for suspicious behavior. ◦ Train Users: Educate users on cybersecurity best practices, including phishing awareness and password management. Cybersecurity Professionals ◦ Chief Information Security Officer (CISO): Oversees overall cybersecurity strategy and operations. ◦ Security Analysts: Monitor systems, detect threats, and respond to incidents. ◦ Penetration Testers: Simulate attacks to identify vulnerabilities and improve defenses. ◦ Incident Responders: Activate and execute incident response plans to mitigate the impact of breaches. Cyber Crime ◦ Definition: Cybercrime is any criminal activity that involves a computer, networked device, or a network. ◦ While most cybercrimes are carried out to generate profit for cybercriminals, some are carried out against computers or devices directly to damage or disable them. Others use computers or networks to spread malware, illegal information, images, or other materials. ◦ Cybercriminals exploit vulnerabilities in systems or deceive individuals to gain unauthorized access to information, cause harm, or engage in fraud. ◦ These crimes pose serious risks to individuals, organizations, and governments, and they can take various forms, from hacking and data breaches to online scams and identity theft. Malware and its Types ◦ Definition: Malware (short for "malicious software") is any software intentionally designed to cause damage to computers, servers, networks, or end users. It is created to infiltrate systems, steal data, or disrupt normal operations, often without the knowledge of the user. Types: ◦ Viruses ◦ Worms ◦ Trojan Horses ◦ Ransomware ◦ Spyware ◦ Adware Malware and its Types Viruses ◦ A virus is a type of malware that attaches itself to legitimate files or programs and replicates itself to spread to other systems. ◦ When the infected file or program is opened, the virus activates and can corrupt, delete, or steal data. Example: ◦ The "ILOVEYOU" virus was a computer virus disguised as a love letter in an email attachment. ◦ Once opened, it overwrote files and sent copies of itself to all contacts in the victim’s email address book. ◦ It caused over $10 billion in damages, shutting down email systems in government agencies and large corporations worldwide. ◦ This affected millions of users worldwide, including businesses, government offices, and individual users. Received as email attachment File Downloaded and opened Sends copies of itself to every contact Corrupts/ overwrites all files Worms ◦ A worm is a self-replicating malware that spreads without needing to attach itself to other programs or files. ◦ Worms exploit vulnerabilities in software or networks, spreading across systems and often consuming bandwidth and system resources. Example: The "Conficker" worm exploited vulnerabilities in Windows operating systems to create a botnet of infected machines. It disabled security services, preventing users from accessing antivirus websites and updates. Although it didn’t cause direct data loss, its widespread infection caused significant costs for cleaning up systems. Public sector organizations like the French Navy and UK Ministry of Defence, as well as corporate and home users were affected by this worm Trojans ◦ A Trojan (or Trojan horse) is malware disguised as legitimate software to trick users into installing it. ◦ Once installed, Trojans can create backdoors for attackers, steal sensitive information, or download additional malware. Example: ◦ The "Zeus" Trojan was used to steal banking credentials by logging keystrokes. It infected over 3.6 million PCs in the U.S. alone, targeting online banking systems and stealing hundreds of millions of dollars. Cybercriminals used Zeus to execute man-in-the-browser attacks, allowing them to perform transactions on behalf of the victim without detection. Financial institutions and their customers worldwide were affected by this malware. Ransomware ◦ Ransomware encrypts a user’s files and demands a ransom payment (often in cryptocurrency) to restore access. ◦ Users are usually infected through phishing emails or malicious downloads, after which their data becomes inaccessible unless they pay the ransom. Example: ◦ WannaCry" was a ransomware attack that spread through a vulnerability in Windows, encrypting files and demanding ransom payments in Bitcoin. ◦ It affected over 200,000 computers in 150 countries, including major organizations like the UK’s National Health Service (NHS). Estimated damages ranged from $4 billion to $8 billion worldwide. ◦ Critical healthcare services were disrupted, as hospitals and clinics were unable to access patient records, resulting in cancelled appointments and delays in treatment. ◦ Public health systems, large corporations and small businesses were affected by this. Spyware ◦ Spyware is malware that secretly monitors user activities, including keystrokes, browsing history, and personal information. ◦ Spyware runs in the background, collecting data such as login credentials, financial information, or even webcam footage. Examples: ◦ "Pegasus" is a spyware used to secretly spy on smartphones by exploiting zero-day vulnerabilities. Pegasus was capable of recording calls, reading messages, tracking location, and accessing the device’s microphone and camera. It was used to target high-profile figures such as journalists, activists, and politicians, leading to concerns over privacy violations and state-sponsored surveillance. ◦ "Keyloggers" are a type of spyware that records everything a user types, allowing attackers to capture passwords and other sensitive information. Adware ◦ Adware displays unwanted advertisements on the user's device and is often bundled with free software. ◦ Adware collects user data such as browsing history to display targeted ads or redirect users to advertising websites. ◦ Adware may continuously open pop-up ads or redirect the user’s browser to ad-heavy websites, slowing down the system. How Malware Spreads? ◦ Phishing emails: Fraudulent emails that trick users into clicking malicious links or downloading infected attachments. ◦ Infected websites: Visiting compromised websites that automatically download malware to the user’s system. ◦ Software vulnerabilities: Exploiting weaknesses in software to gain unauthorized access or install malware. ◦ Removable media: Infected USB drives or other external devices can spread malware when connected to a system. Signs of Malware Protection Against Malware Antivirus Safe browsing software: habits: Avoid Firewalls: Enable Regularly update clicking on firewalls to block and use antivirus suspicious links or unauthorized access software to detect downloading to your system. and remove software from malware. untrusted sources. Backup data: Regular updates: Regularly back up Keep your operating important files to system and prevent loss in case software up to date of a ransomware to patch known attack or other vulnerabilities. malware infection. Types of Cyber Crime ◦ Hacking ◦ Cyber Defamation ◦ Phishing ◦ Credit Card Fraud ◦ Email Spoofing ◦ Pornographic Offences ◦ DoS/ DDoS attacks ◦ Industrial ◦ Cyberstalking Spying/Industrial Espionage ◦ Password Sniffing ◦ Internet Time Theft ◦ Online Fraud ◦ Newsgroup Spam/Crimes ◦ Software Piracy from Usenet Newsgroups ◦ Spamming ◦ Cyber Terrorism 1. Hacking ◦ Hacking is gaining unauthorized access to a computer system, network, or data. In simple terms, it's like breaking into a locked house without permission, but instead of physical doors, hackers break through virtual barriers (such as passwords, firewalls, or software vulnerabilities) to access or manipulate information. Types of Hackers: ◦ Black Hat Hackers: These are the bad guys. They break into systems illegally to steal, destroy, or manipulate data for personal gain or to cause harm. ◦ White Hat Hackers: These are ethical hackers. They are often hired by companies to test security systems, find vulnerabilities, and fix them before real attackers exploit them. ◦ Grey Hat Hackers: These hackers are in between. They may break into systems without permission but not necessarily for malicious purposes. Hacking Reasons for Hacking: ◦ Financial gain: Stealing money, credit card details, or valuable information like bank account details. ◦ Personal or political reasons: Some hackers attack to promote political causes or settle personal grudges. ◦ Challenge or curiosity: Some hack systems to test their skills or simply because they’re curious. ◦ Corporate espionage: Stealing business secrets or data from competitors. ◦ Vandalism or disruption: Some hackers aim to cause damage or chaos by disrupting services or deleting data. Methods of Hacking ◦ Password Cracking: Hackers use software to guess or "crack" passwords by trying multiple combinations or exploiting weak passwords (like "123456" or "password"). Example: If someone uses a weak password, a hacker could use a tool to try thousands of different password combinations until they find the correct one. ◦ Phishing: Hackers trick people into revealing their passwords or personal information by pretending to be a trusted organization (like a bank or government). Example: You might receive an email that looks like it’s from your bank, asking you to log in to “verify your account.” The link leads to a fake website where you enter your real credentials, which the hacker then steals. ◦ Exploiting Software Vulnerabilities: Hackers find weaknesses in software or systems and use them to break in. Example: If there’s a bug in a popular program that allows anyone to gain access to a computer, a hacker can use this vulnerability to take control of Methods of Hacking ◦ Social Engineering: This is when hackers manipulate people into giving away confidential information or access. Instead of breaking into a system using technical methods, they exploit human psychology. Example: A hacker might call an employee pretending to be IT support and ask for their login details, tricking them into revealing the information. ◦ Installing Malware: Hackers can infect a computer with malicious software (malware) that allows them to control the system or steal information. Example: You click on a link in an email, and it installs a program on your computer that secretly logs everything you type, including your passwords. Hacking – Case Studies ◦ Yahoo Data Breach (2013-2014): Hackers managed to breach Yahoo's security and steal the personal data of 3 billion user accounts, including usernames, passwords, and answers to security questions. This data breach exposed users to identity theft and other cybercrimes. ◦ Equifax Hack (2017): Hackers exploited a vulnerability in Equifax’s systems, stealing the sensitive personal data (like Social Security numbers and credit card information) of over 147 million people. This led to widespread identity theft and financial fraud. How to Protect Yourself from Hacking? ◦ Use strong passwords: Avoid common passwords (like "password123") and use a mix of letters, numbers, and symbols. ◦ Enable two-factor authentication (2FA): This adds an extra layer of security by requiring both a password and a second verification step (like a code sent to your phone). ◦ Be cautious of emails and links: Don’t click on suspicious links or download attachments from unknown senders. ◦ Keep software up to date: Regular updates fix vulnerabilities that hackers can exploit. ◦ Use antivirus software: This can help detect and block malware that hackers might use to access your system. 2. Phishing ◦ Phishing is a type of cybercrime where attackers pretend to be a trustworthy person or organization (like a bank or company) to trick people into revealing personal information, such as passwords, credit card numbers, or social security numbers. ◦ In simple terms, phishing is when a scammer sends a fake email or message that looks real to make you give away your sensitive information. Think of it as digital fraud where the criminal "fishes" for your private data by tricking you. It’s often done through fake emails, messages, or websites. Phishing can lead to financial loss, identity theft, and data breaches, but you can protect yourself by staying vigilant, checking for suspicious links, and using security features like two-factor authentication. How Phishing Works? ◦ Bait (Fake Message): The hacker sends an email, text, or message that looks like it’s from a legitimate company, such as your bank, a well-known online store, or even your employer. The message often contains urgent requests like "Your account has been locked" or "You must update your information immediately.“ ◦ Hook (Fake Link): The message includes a link to a fake website that looks almost identical to the real site. When you click on the link, it takes you to a page where you’re asked to log in or enter personal information. ◦ Catch (Stolen Data): When you enter your information (like your username, password, or credit card number), it goes straight to the hacker. Now the hacker has access to your account or personal details, which they can use to steal money, make unauthorized purchases, or even commit identity theft. Phishing HR Phishing Scam Examples: https://www.tessian.com/blog/5-real-world-examples-of-phishing-attacks/ Phishing Link Email Phishing Spear Phishing Methods of Phishing ◦ Email Phishing: The most common type of phishing, where you receive an email pretending to be from a legitimate source. Example: You receive an email that looks like it’s from your bank, asking you to verify your account details. The email contains a link to a fake website where you enter your information. ◦ SMS Phishing (Smishing): Phishing that takes place through text messages (SMS). Example: You receive a text claiming to be from your mobile service provider, saying there’s an issue with your account and providing a link to "fix" it. The link takes you to a fake website to steal your login info. ◦ Phone Phishing (Vishing): This is phishing over the phone, where the scammer calls you pretending to be from a legitimate company and asks for sensitive information. Example: You get a call from someone pretending to be from your bank, Methods of Phishing Spear Phishing: ◦ A more targeted form of phishing where the attacker knows some personal details about you and customizes the message to look more convincing. ◦ Attackers gather information about the target from social media, corporate websites, or previous interactions. They craft highly personalized messages (often impersonating a trusted individual) and send them to the target. The message may contain a malicious attachment, link, or request for sensitive information. Examples: ◦ A CFO receives an email that appears to be from the CEO, asking them to urgently wire funds to a specific account. The email uses familiar language and details, making it look authentic. ◦ A hacker sends you an email that appears to be from your company’s IT department, asking for your password to fix an issue with your email Phishing Techniques ◦ Impersonation/ Website Forgery: The hacker creates a fake email or website that looks nearly identical to a real one. They might use official-looking logos, similar email addresses, and professional language to make it look authentic. Victims are tricked into entering sensitive information, which is then collected by the attacker. ◦ Creating Urgency: Phishing messages often try to create a sense of urgency to make you act quickly without thinking. Examples: "Your account will be locked unless you verify it now!" or "You’ve won a prize! Claim it within 24 hours.“ Phishing Techniques ◦ Fake Links: The email or message contains a link to a fake website that looks real. The URL (website address) might look very similar to the actual website, but it will be slightly different. Example: Instead of www.paypal.com, the fake link might be www.paypa1.com (using the number "1" instead of the letter "l"). ◦ Malicious Attachments: Some phishing emails may contain attachments, like fake invoices or documents. When you download or open them, they can install malware on your computer. Example: You receive an "invoice" from what appears to be a supplier, but when you open it, it installs a virus that steals your data. Types of Phishing Scams ◦ Credential Theft: Attackers try to steal usernames and passwords, which can later be used to access sensitive accounts (e.g., email, social media, or bank accounts). ◦ Account Takeover: After obtaining login credentials, attackers take control of a victim’s account and use it for malicious activities, such as stealing funds or impersonating the victim. ◦ Ransomware Distribution: Phishing emails contain attachments or links that install ransomware, which locks the victim’s files and demands a ransom for unlocking them. Types of Phishing Scams ◦ Fake Invoices and Payments: Attackers send fraudulent invoices that look like they come from trusted suppliers or vendors, tricking companies into paying money to the wrong account. ◦ IRS Scams: Attackers impersonate tax authorities (such as the IRS) and send emails or texts demanding immediate payment of "unpaid taxes" or asking for personal information to process a refund. ◦ Job Offer Scams: Attackers send fake job offers, asking the victim to provide personal information or pay fees to process applications. Phishing Toolkits ◦ A phishing toolkit is a ready-to-use collection of tools and templates that allows even less-skilled attackers to carry out phishing attacks. ◦ These toolkits often include fake website templates, email scripts, and instructions for distributing the phishing campaign. ◦ They are sold on the dark web or distributed among cybercriminals. Working of Toolkit: ◦ An attacker can easily set up a fake login page for popular websites like Google or Facebook. ◦ They can use the toolkit to send out mass phishing emails with links to these fake pages. ◦ When victims enter their credentials, the attacker collects them. Spy Phishing ◦ Spy phishing involves the use of spyware, which is secretly installed on the victim’s device through phishing attacks. ◦ Once installed, the spyware tracks the victim’s activities, steals sensitive information, and reports it back to the attacker. Example: A phishing email may trick the user into downloading an attachment that installs spyware. This spyware then captures keystrokes (keylogging) or takes screenshots of sensitive information like passwords. Real World Example of Phishing Target Phishing Attack on Gmail Users (2017) The phishing attack targeted Gmail users, where hackers sent fake emails that appeared to come from someone the victim knew. The email contained a link that, when clicked, opened a fake Google login page. Users entered their credentials, which were then stolen by the hackers. Many users fell for this because the email appeared so convincing and came from trusted contacts. Consequences of Phishing ◦ Financial Loss: Hackers can use stolen credit card details or bank login information to make unauthorized transactions, leading to significant financial damage. ◦ Identity Theft: Once a hacker has your personal information, they can impersonate you to open accounts, take loans, or commit other crimes in your name. ◦ Loss of Sensitive Data: For businesses, phishing can lead to the loss of confidential customer or employee data, which can damage their reputation and result in legal consequences. ◦ Infected Devices: Opening a malicious attachment or link can infect your computer with malware, which can steal your data or lock you out of your Protection from Phishing ◦ Be Skeptical of Emails: If you receive an unexpected email or message asking for personal information, don’t click on any links. Instead, contact the organization directly through official channels. ◦ Email Filtering: Use email filtering tools that can detect and block phishing emails before they reach the inbox. These tools often scan for suspicious content, such as spoofed email addresses, suspicious attachments, or malicious links. ◦ Check URLs: Hover over links to see the full URL before clicking. Make sure the website address looks legitimate and isn’t slightly altered (e.g., paypa1.com instead of paypal.com). Protection from Phishing ◦ Look for Red Flags: Check for spelling mistakes, odd email addresses, and unusual requests. Legitimate companies usually don’t ask for sensitive information over email. ◦ Use Two-Factor Authentication (2FA): Enable 2FA wherever possible. Even if a hacker steals your password, they would still need the second factor (like a code sent to your phone) to access your account. ◦ Keep Software Updated: Make sure your computer, phone, and apps are updated with the latest security patches to protect against phishing and other threats. 3. Email Spoofing ◦ Email spoofing is a type of cybercrime where attackers disguise an email to make it look like it’s coming from a trusted or familiar source. ◦ In simple terms, the attacker manipulates the "From" field in an email header, making the recipient believe that the email is from someone they know or trust, such as a colleague, bank, or service provider. ◦ The recipient thinks the letter is from a trusted person, but it's actually from a stranger with potentially harmful intentions. ◦ The goal is often to trick the recipient into providing sensitive information, clicking on a malicious link, or downloading a harmful attachment. How Email Spoofing Works? Creating a Fake Email: ◦ The attacker crafts an email and sets the "From" address to that of a legitimate sender. ◦ They might use official logos, signatures, and language styles to make the email look authentic. Content of the Email: ◦ The email might contain requests for sensitive information like login credentials, and account numbers, or ask you to click on a link. ◦ The content often looks professional and convincing, with logos, signatures, or even previous email thread conversations. Deceiving the Recipient: ◦ The victim sees the email in their inbox, believing it's from a trusted source. Motive of Email Spoofing The attacker intends to trick the recipient into: ◦ Clicking on a link that leads to a fake website (phishing) where personal information is stolen. ◦ Opening an attachment that contains malware or a virus. ◦ Sharing sensitive information like passwords or financial details, believing it is a genuine request. Examples of Email Spoofing ◦ Fake Bank Notification: You receive an email that looks like it's from your bank, stating that there's an issue with your account. The email asks you to click on a link to verify your account details. The link leads to a fake website designed to steal your login credentials. ◦ CEO Fraud: An employee receives an email that seems to be from their company's CEO, requesting an urgent wire transfer to a supplier. Believing it's a legitimate request, the employee transfers the money, which goes to the attacker’s account. ◦ Friend in Need Scam: You get an email from a friend's address claiming they’re travelling and have lost their wallet. They ask you to send money to help them out. In reality, your friend's email was spoofed, and the money would go to the scammer. Countermeasures - Email Spoofing ◦ Check the Email Address Carefully: Attackers may use email addresses that look similar to legitimate ones, with slight differences (e.g., [email protected] vs. [email protected]). ◦ Look for Generic Greetings: Legitimate organizations often address you by name. Be cautious of emails starting with "Dear Customer" or "Dear Friend". ◦ Beware of Urgent or Threatening Language: Messages that pressure you to act immediately ("Your account will be closed!") are red flags. Signs of Email Spoofing ◦ Inspect Links Before Clicking: Hover over links to see the actual URL. If it looks suspicious or doesn't match the legitimate website, don't click it. ◦ Poor Grammar and Spelling Mistakes: Professional organizations usually avoid typos and grammatical errors. ◦ Unexpected Attachments: Be wary of attachments you weren't expecting, especially from someone who doesn't usually send you attachments. Email Spoofing 4. DoS/ DDoS attacks DoS Attack ◦ A denial-of-service (DoS) attack is a type of cyber attack in which a malicious actor aims to render a computer or other device unavailable to its intended users by interrupting the device's normal functioning. ◦ A DoS attack is characterized by using a single computer to launch the attack. A DoS (Denial of Service) attack is when a single attacker sends an overwhelming amount of requests to a server or website. The server, not designed to handle so many requests at once, becomes overloaded and either slows down dramatically or crashes entirely. Example: Imagine a phone line. Normally, people call in one by one, and the system can handle it. But if a single person makes thousands of calls at the same time, the phone line gets clogged, and no one else can get 4. DoS/ DDoS attacks DDoS Attack A DDoS (Distributed Denial of Service) attack is a more powerful and dangerous version of a DoS attack. Instead of coming from just one attacker, it comes from multiple devices or computers around the world, making it harder to stop. ◦ The attacker infects multiple computers (often using malware) to form what’s called a "botnet." ◦ These infected computers are controlled remotely by the attacker and are used to launch the attack at the same time. ◦ This floods the target server with a massive amount of fake traffic, causing it to crash or become unreachable. Example: Instead of one person clogging the phone line, imagine hundreds or even thousands of people all calling at the same time. This makes it impossible for any legitimate calls to get through. DoS vs. DDoS attacks Real World Examples: DDoS attacks ◦ GitHub DDoS Attack (2018): One of the largest DDoS attacks ever recorded targeted GitHub, a popular platform for software developers. The attack sent over 1.35 terabits per second (Tbps) of traffic to GitHub’s servers, overwhelming them and making the platform unavailable for a short time. GitHub quickly responded by using anti- DDoS protection, but the scale of the attack was a reminder of how powerful these attacks can be. ◦ Dyn DDoS Attack (2016): In 2016, a massive DDoS attack targeted Dyn, a company that manages domain name systems (DNS). The attack used a botnet consisting of millions of infected IoT devices (such as security cameras and smart home devices). As a result, major websites like Twitter, Netflix, and Reddit became temporarily inaccessible for many users in the U.S. Impact of DoS/ DDoS attacks Website or Service Downtime: DoS and DDoS attacks can bring down websites, making them unavailable for users. This can be especially damaging for businesses that rely on their online presence for revenue (e.g., e-commerce websites, online services). Financial Loss: Businesses can lose revenue due to website downtime. They may also have to spend money on anti-DDoS solutions or repairing the damage caused by the attack. Reputation Damage: If a company’s website is constantly down due to attacks, customers may lose trust in the company’s ability to secure their data or provide reliable services. Cost of Recovery: Even after an attack is stopped, it can take time and resources to get everything back to normal. Servers may need to be repaired, and data may need to be restored. 5. Cyberstalking ◦ Cyberstalking is a type of cybercrime where someone uses the internet or other digital communication tools to harass, threaten, or intimidate another person. ◦ Unlike traditional stalking, which involves physical surveillance, cyberstalking happens online. ◦ It often occurs through social media, emails, text messages, or other online platforms. ◦ Cyberstalkers could be ex-partners, strangers, acquaintances or trolls. In simple terms, cyberstalking is when a person obsessively follows or monitors someone online, often making them feel scared or unsafe. Methods of Cyberstalking ◦ Unwanted Messages: The stalker sends repeated messages via email, social media, or text. Even when the victim doesn’t respond, the stalker sends messages, increasing the intensity over time. Example: Receiving dozens of emails daily from someone you don’t know, asking personal questions or making inappropriate comments. ◦ Social Media Monitoring: The stalker obsessively follows the victim’s social media activity, commenting on posts, liking every update, or even messaging the victim’s friends and family. They may try to insert themselves into the victim’s online life. Example: Someone constantly comments on every photo and post you make, even if you don’t know them well, and keeps messaging your friends Methods of Cyberstalking ◦ Harassment (Doxxing): Doxxing is when a stalker collects and publishes the victim’s personal information online, such as their home address, phone number, or place of work. This can expose the victim to real-world threats or harassment. Example: A stalker finds your home address and posts it on public forums, encouraging others to harass or harm you. ◦ Impersonation: The stalker might create fake accounts pretending to be the victim. They use these fake profiles to spread lies, defame the victim, or communicate with others under the victim’s identity. Example: Someone creates a fake Instagram account with your name and photos and sends inappropriate messages to your contacts. Methods of Cyberstalking ◦ Hacking and Tracking: In extreme cases, cyberstalkers may hack into the victim’s social media, email, or bank accounts. They may also use tracking software to monitor the victim’s location or online activity. Example: A stalker hacks into your email account to read your private messages or uses a tracking app to monitor your physical location without your consent. Examples of Cyberstalking in Business Corporate Espionage: In highly competitive industries, businesses sometimes fall victim to corporate cyberstalking where competitors monitor their online activities, steal trade secrets, or track the movements of key employees. This could include cyberstalkers trying to access company data by hacking into emails or online accounts. Negative Review Bombing: Some cyberstalkers engage in review bombing, where they flood the company’s product or service reviews with fake negative feedback. This can cause potential customers to lose trust in the business. False Social Media Accounts: A business might be targeted by someone who creates fake social media accounts in the company’s name, using them to spread false or damaging information. Impact of Cyberstalking on Business Reputation Damage: Online harassment and fake accounts can damage the company’s brand image, making it harder to attract customers and maintain trust with existing ones. Employee Stress and Productivity Loss: Employees who are targeted by cyberstalkers may experience high levels of stress, anxiety, and fear, which can affect their productivity and well-being. Financial Loss: Reputation damage, loss of customers, and even direct attacks on company systems (like DDoS) can result in substantial financial losses. Legal and Security Costs: Businesses may need to invest in stronger security measures, conduct investigations, and deal with legal consequences, Social Engineering ◦ Social engineering refers to the manipulation of people into performing actions or divulging confidential information, often for malicious purposes. ◦ Social engineering attacks typically exploit trust, fear, or urgency to persuade individuals to take actions they normally wouldn’t. In simple terms, it’s when someone tricks or deceives you into giving them sensitive information or access to your accounts, often by exploiting human psychology rather than technical vulnerabilities. Methods of Social Engineering ◦ Phishing: Attackers send fake emails or messages that appear to be from legitimate sources, tricking victims into clicking malicious links or providing personal information. Example: An email looks like it’s from your bank, asking you to verify your account details by clicking a link, which actually leads to a fraudulent website. ◦ Pretexting: The attacker creates a fabricated scenario to obtain information. They might impersonate a colleague, a vendor, or a service provider to gain trust and solicit sensitive data. Example: Someone calls an employee, pretending to be from the IT department, and asks for their login credentials to "fix" an issue. Methods of Social Engineering ◦ Baiting: This involves enticing victims with the promise of something enticing, like free software or gifts, to get them to provide their information or download malicious content. Example: Leaving USB drives in public places, labeled “Confidential,” hoping someone will plug them into their computer and unknowingly install malware. ◦ Tailgating: This physical security breach occurs when an unauthorized person follows an authorized individual into a restricted area, often by exploiting politeness or trust. Example: A stranger asks an employee to hold the door open for them, claiming to have forgotten their access card. Methods of Social Engineering ◦ Spear Phishing: Unlike general phishing, spear phishing targets specific individuals or organizations with personalized attacks, often using information gleaned from social media. Example: An attacker researches a company’s employees and sends a personalized email to a specific person, making the message seem legitimate and trustworthy. ◦ Impersonation: Impersonation involves a cybercriminal pretending to be someone else—such as a trusted colleague, authority figure, or service provider—to manipulate individuals into divulging sensitive information or granting access to secure systems, exploiting the victim's trust and familiarity. Example: The attacker may pretend to be an old colleague or new employee Real-world Examples: Social Engineering Target Data Breach (2013): Attackers gained access to Target’s systems by sending phishing emails to a third-party vendor. They used stolen credentials to infiltrate Target's network, leading to the theft of credit card information for millions of customers. Facebook and Google Scam (2013-2015): A Lithuanian man impersonated a large manufacturer in a series of fraudulent emails, tricking both Facebook and Google into transferring over $100 million to his accounts by posing as a trusted supplier. WannaCry Ransomware Attack (2017): While not solely a social engineering attack, the WannaCry ransomware spread rapidly due to users clicking on malicious links or opening infected attachments, showcasing the importance of awareness in preventing such attacks.

Cybersecurity Lecture Notes PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue