Cyber Security (20AIM754A)

• Syllabus:
Module 1: INTRODUCTION: Cyber Security – History of Internet – Impact of
Internet – CIA Triad; Reason for Cyber Crime – Need for Cyber Security –
History of Cyber Crime; Cybercriminals – Classification of Cybercrimes – A
Global Perspective on Cyber Crimes; Cyber Laws – The Indian IT Act –
Cybercrime and Punishment.
Module 2:ATTACKS AND COUNTER MEASURES: OSWAP; Malicious Attack
Threats and Vulnerabilities: Scope of Cyber-Attacks – Security Breach –
Types of Malicious Attacks – Malicious Software – Common Attack Vectors –
Social engineering Attack – Wireless Network Attack – Web Application
Attack – Attack Tools – Counter measures
• Module 3:RECONNAISSANCE: Harvester – Who is – Net craft – Host –
Extracting Information from DNS – Extracting Information from E-mail
Servers – Social Engineering Reconnaissance; Scanning – Port Scanning –
Network Scanning and Vulnerability Scanning – Scanning Methodology –
Ping Sweer Techniques – Nmap Command Switches – SYN – Stealth – XMAS
– NULL – IDLE – FIN Scans – Banner Grabbing and OS Finger printing
Techniques.
• Module 4:INTRUSION DETECTION: Host -Based Intrusion Detection –
Network -Based Intrusion Detection – Distributed or Hybrid Intrusion
Detection – Intrusion Detection Exchange Format – Honeypots – Example
System Snort
• Module 5:INTRUSION PREVENTION: Firewalls and Intrusion Prevention
Systems: Need for Firewalls – Firewall Characteristics and Access Policy –
Types of Firewalls – Firewall Basing – Firewall Location and Configurations
– Intrusion Prevention Systems – Example Unified Threat Management
Products
• Text-Books:
1. Patrick Engebretson, “The Basics of Hacking and Penetration Testing: Ethical Hacking and
Penetration Testing Made easy”, Elsevier, 2011.
2. Kimberly Graves, “CEH Official Certified Ethical hacker Review Guide”, Wiley Publishers 2007
3. William Stallings, Lawrie Brown, “Computer Security Principles and Practice”, Third Edition,
Pearson Education, 2015.

Reference Books:
1) Anand Shinde, “Introduction to Cyber Security Guide to the World of Cyber Security”, Notion
Press, 2021.
2) Nina Godbole, Sunit Belapure, “Cyber Security: Understanding Cyber Crimes, Computer
Forensics and Legal Perspectives”, Wiley Publishers, 2011.
3) David Kim, Michael G. Solomon, “Fundamentals of Information Systems Security”, Jones
&Bartlett Learning Publishers, 2013.
Module 1
• INTRODUCTION: Cyber Security – History of Internet – Impact of Internet
– CIA Triad; Reason for Cyber Crime – Need for Cyber Security – History of
Cyber Crime; Cybercriminals – Classification of Cybercrimes – A Global
Perspective on Cyber Crimes; Cyber Laws – The Indian IT Act – Cybercrime
and Punishment.
Which is the third largest economy?
Importance of Cyber Security
“The only system which is truly secure is one which is switched off and
unplugged, locked in a titanium safe, buried in a concrete bunker, and is
surrounded by nerve gas and very highly paid armed guards. Even then, I
wouldn’t stake my life on it.”

Professor Gene Spafford

In security matters:
• There is nothing like absolute security
• We are only trying to build comfort levels, because security costs money
and lack of it costs much more
• Comfort level is a manifestation of efforts as well as a realization of
their effectiveness & limitations
Importance of Cyber Security
The Internet allows an attacker to work from anywhere on the planet.

Risks caused by poor security knowledge and practice:

Identity Theft
Monetary Theft
Legal Ramifications (for yourself and your organization)
Sanctions or termination if policies are not followed

According to the SANS Institute, the top vectors for vulnerabilities available
to a cyber criminal are:
Web Browser
IM Clients
Web Applications
Excessive User Rights
 Cyber Security
• Cyber security refers to the body of technologies, processes, and practices
designed to protect networks, devices, programs, and data from attack,
damage, or unauthorized access.
Cyber Security
Cyber Security is Safety
• Security: We must protect our computers and data in the same way
that we secure the doors to our homes.
• Safety: We must behave in ways that protect us against risks and
threats that come with technology.
What is a Secure System? (CIA Triad)
• Confidentiality – restrict access to
authorized individuals
• Integrity – data has not been altered
in an unauthorized manner
• Availability – information can be
accessed and modified by authorized
individuals in an appropriate
Availability timeframe
CIA Triad

Confidentiality Example:
Criminal steals
customers’
usernames,
passwords, or credit
card information

Protecting
information
from
unauthorized
access and
disclosure
CIA Triad

Integrit
y
Protecting
information
from
unauthorized
modification
Example:
Someone alters payroll
information or a
proposed product
design
CIA Triad
Availability Example:
Your
customers
are unable to
access your
online
services
Preventing
disruption in
how
information
is accessed
What is the CIA Triad in Cyber Security?

The CIA security triad model is constructed close to the

principles of confidentiality, integrity, and availability of
information are essential to the function of the business, and
the CIA triad splits these three concepts into individual focal
points.
In cybersecurity, the CIA refers to the CIA triad, a vision that
concentrates on the balance between the confidentiality,
integrity, and availability of data under the protection of your
information security structure.
Threats and Vulnerabilities
•  What are we protecting our and our stakeholders information
from?
• Threats: Any circumstances or events that can potentially
harm an information system by destroying it, disclosing the
information stored on the system, adversely modifying data,
or making the system unavailable
• Vulnerabilities: Weakness in an information system or its
components that could be exploited.
What is cybercrime?
• Cybercrime is criminal activity that either targets or uses a computer, a
computer network or a networked device.
• Most cybercrime is committed by cybercriminals or hackers who want to
make money.
• However, occasionally cybercrime aims to damage computers or networks
for reasons other than profit. These could be political or personal.
• Cybercrime can be carried out by individuals or organizations. Some
cybercriminals are organized, use advanced techniques and are highly
technically skilled. Others are novice hackers.
List of main causes of cyber crime
• Alleviate Boredom
• Due to experiment as a nature of teenagers
• Make quick money
• Cyber terrorism
• Negligence
• Loss of evidence
• Easy to access
What are the types of cybercrime?
Types of cybercrime include:
• Email and internet fraud.
• Identity fraud (where personal information is stolen and used).
• Theft of financial or card payment data.
• Theft and sale of corporate data.
• Cyberextortion (demanding money to prevent a threatened attack).
• Ransomware attacks (a type of cyberextortion).
• Cryptojacking (where hackers mine cryptocurrency using resources they
do not own).
• Cyberespionage (where hackers access government or company data).
• Interfering with systems in a way that compromises a network.
• Infringing copyright.
• Illegal gambling.
• Selling illegal items online.
• Soliciting, producing, or possessing child pornography.
Cybercrime involves one or both of the following:
• Criminal activity targeting computers using viruses and other
types of malware.
• Criminal activity using computers to commit other crimes.
Need for Cyber Security
• With the vision of a trillion-dollar digital component, accounting for one-
fifth of the $5-trillion national economy, the importance of cyberspace
in India would only keep growing as Indians have taken to mobile
broadband like fish to water, driven by affordable tariffs, low-cost
smartphones and a spurt in availability of audio-visual content in Indian
languages.
• Financial services, payments, health services, etc are all connected to
digital mediums; and due to Covid-19, this is expected to increase.
• There has been a rapid increase in the use of the online
environment where millions of users have access to internet
resources and are providing contents on a daily basis.
• To ensure critical infrastructure system do not collapse under any
situation.
• To ensure Business continuity.
• For the success of government initiatives like Digital India, Make in India
and Smart Cities.
• To balance Individual’s rights, liberty and privacy.
Growing Importance:
• Cyber security spends in India are rising rapidly because of the massive
digitisation movement.
• The ransomware attacks in the past have added to the urgency of these
spends.
• Cyber-space remains a key area for innovation.
• The government’s push for Digital India have pushed demand for cyber
security talent.
Volume and Complexity of Cyber Attacks

• As cyber-attacks volume and complexity increase,

cybersecurity's importance also increases.
• Cybersecurity is critical because it helps to protect
organizations and individuals from cyber attacks.
• Cybersecurity can help to prevent data breaches, identity
theft, and other types of cybercrime.
• Organizations must have strong cybersecurity measures to
protect their data and customers.
1.Technology Innovation
It allows companies to maintain a competitive advantage and
keep their products and services safe from competitors.
2. Cloud Transformation
As organizations move more critical data and applications to the
cloud, they must know the latest cybersecurity threats and how
to protect themselves.
3. Impact on Business Operations
The increase in internet usage has led to a rise in cyber-attacks,
which can significantly impact business operations.
4. Maintaining Customer and Employee Trust:
To maintain this trust, businesses must invest in cybersecurity measures to
protect customer and employee data. This may include installing firewalls,
encrypting data, and creating secure passwords.
5. Securing Financial Position of the Organization:
The importance of cybersecurity to ensure an organization's financial
position cannot be understated.
In today's interconnected world, where sensitive data is often stored
digitally, a breach in security can have disastrous consequences.
Not only can it lead to the loss of crucial data, but it can also damage an
organization's reputation and bottom line.
A cyberattack can result in the loss of customer confidence, increased
costs, and a drop in stock value.
6. Staying Strong Amidst Competition
By investing in cybersecurity, businesses can improve their
security posture and make it more difficult for attackers to
penetrate their systems.
As a result, it can give them a competitive edge over companies
that have not invested in cybersecurity.
7. Avoiding Fines and Penalties
By implementing strong cybersecurity measures, companies and
individuals can help to safeguard their data and avoid potential
fines and penalties.
8. Preserve the Organization's Ability to Function:
Organizations face many potential risks regarding their ability to
function correctly.
One of the most significant risks is a cyber attack. Cybersecurity
is critical because it helps protect organizations from these
attacks.
loss of important data,
the disruption of operations,
and financial losses.
• Overall, cybersecurity is important because it helps protect
organizations from the many risks they face.
• By having strong cybersecurity measures in place,
organizations can reduce the chances of a successful attack
and minimize the damage that an attack can cause.
Cyber Criminals and its types

• Cyber crime is taken very seriously by law enforcement.

• the standard cyber criminals were teenagers or hobbyists in
operation from a home laptop, with attacks principally
restricted to pranks and malicious mischief.
• Attackers are individuals or teams who attempt to exploit
vulnerabilities for personal or financial gain.
Types of Cyber Criminals:
1. Hackers:
The term hacker may refer to anyone with technical skills,
however, it typically refers to an individual who uses his or her
skills to achieve unauthorized access to systems or networks so
as to commit crimes.
 White Hat Hackers:
• White hat attackers burgled networks or PC systems to get
weaknesses so as to boost the protection of those systems.
• The owners of the system offer permission to perform the
burglary, and they receive the results of the take a look at.
• These hackers utilize their programming aptitudes for a good
and lawful reason.
• These hackers may perform network penetration tests in an
attempt to compromise networks to discover network
vulnerabilities.
• Security vulnerabilities are then reported to developers to fix
them and these hackers can also work together as a blue team

• They always use the limited amount of resources which are

ethical and provided by the company, they basically perform
pentesting only to check the security of the company from
external sources.
• Gray Hat Hackers:
• Grey hat attackers are somewhere between white and black
hat attackers.
• Grey hat attackers could notice a vulnerability and report it to
the owners of the system if that action coincides with their
agenda.
• These hackers carry out violations and do seemingly deceptive
things however not for individual addition or to cause harm.
• These hackers may disclose a vulnerability to the affected
organization after having compromised their network and they
may exploit it .
• Black Hat Hackers:
• black hat attackers make the most of any vulnerability for
embezzled personal, monetary or political gain.
• These hackers are unethical criminals who violate network
security for personal gain.
• They misuse vulnerabilities to bargain PC frameworks.
Hackers always exploit the information or any data they got
from the unethical pentesting of the network.
2.Organized Hackers
• These criminals embody organizations of cyber criminals,
hacktivists, terrorists, and state-sponsored hackers.
• Cyber criminals are typically teams of skilled criminals
targeted on control, power, and wealth.
• These criminals are extremely subtle and organized, and
should even give crime as a service.
• These attackers are usually profoundly prepared and well-
funded.
3.Internet stalkers
• Internet stalkers are people who maliciously monitor the web
activity of their victims to acquire personal data.
• This type of cyber crime is conducted through the use of social
networking platforms and malware.
• that are able to track an individual’s PC activity with little or
no detection.
4.Disgruntled Employees
• Disgruntled employees become hackers with a particular
motive and also commit cyber crimes.
• It is hard to believe that dissatisfied employees can become
such malicious hackers.
• it is simple for disgruntled employees to do more damage to
their employers and organization by committing cyber crimes.
• The attacks by such employees brings the entire system down.
Cyber – Crime : A Global Perspective

• Cybersecurity constitutes one of the top five risks of most firms,

especially in Big Tech and Banking & Financial Services.
• Global cybercrime damage costs this year are expected to breach US $6
trillion an annum.
• That is almost one-fourth of the US GDP or twice the GDP of India.
• This is expected to scale up to US $10.5 trillion an annum by 2025.
• Cyber attackers are disrupting critical supply chains, at least 4 times
more than in 2019.
Malware

• Total Malware expected to exceed 1.2 billion samples in

2021 and is averaging approx.
• 18 million new malware samples every month (Source AV-Test).
Approximately 94 % of this malware is polymorphic,
• i.e., can constantly change its identifiable features to evade
detection.
Ransomware

• Average ransom payment peaked in Q3 2020 at ~US $234k but

decreased to ~US $154k in Q4 2020.
• The threat to leak exfiltrated data was up 43% during this
period.
• Sodinokibi, Egregor, Ryuk, Netwalker and Maze are the top-
ranked ransomware by market share.
Data Breach
• In 2020, the average cost of a data breach was ~US $3.9 million.
• Data privacy and cybersecurity risk are major concerns that are seeing
more regulation created, for example, GDPR (EU), PDP(India) etc.
• Unfortunately, data breaches take time to be detected.
Phishing

• More than 80% of reported security incidents were in the form of

phishing attempts
Cyber-crime: How does it impact India
• India is no exception to the global trends in cyber-crime and
expects cyber frauds to continue to rise in 2021.
• India ranks 11th worldwide in the number of attacks caused
by servers that were hosted in the country, with 2.3 million
incidents reported in Q1 2020.
• Cyberattacks reported in 2020 were up nearly three times
from 2019 and more than 20 times compared to 2016.
• According to the annual IBM X-Force Threat Intelligence Index,
• India reported the second-highest number of cyber-attacks after Japan
in the Asia-Pacific region in 2020,
• accounting for 7 percent of all cyber-attacks observed in Asia in 2020.
• A German cybersecurity firm, Greenbone Sustainable Resilience,
reported that medical records of over 120 million Indian patients
(mostly from Maharashtra and Karnataka) were leaked on the Internet.
• The leaked records included pictures of the patients, X-rays, CT scans
and MRIs.
• Stuart Solomon:- a Chinese group called Red Echo, “has been
seen to systematically utilize advanced cyber intrusion
techniques to quietly gain a foothold in nearly a dozen critical
nodes across the Indian power generation and transmission
infrastructure.”
• The firm claimed that the electricity outage in Mumbai on
13th October 2020, was orchestrated by Red Echo.
• Whether Red Echo was acting as a state actor or not, the
threat is nonetheless real.
• The latest one in the country is a fake SMS message, that
claims to offer an app to register for Covid-19 vaccination in
India.
• Once the link is clicked, this installs malicious code that gains
permissions to the user’s data, such as contact lists, and
spreads via SMS to the user’s contacts.
Mitigants
• We look at the mitigants from an individual and an
organisational perspective.
• Individuals:
• For home usage, some cyber etiquettes generally are good
enough to firstly avoid being attacked, and if one does become
a victim of cyber-crime, can minimize impact;
• Genuine hardware and genuine updated software;
• Full-service internet security suites are preferred;
• Usage of Virtual Private Networks is preferred, though this may
slow things down slightly;
• Avoiding spurious websites;
• Usage of strong passwords, with alphanumeric characters (mix
of the alphabet and numerals), symbols, not less than 8 words
but preferably 10 or more words, not repeating passwords
across sites;
• Avoid clicking on pictures on WhatsApp or other sites, that are
forwards;
• Minimizing sharing personal information on social media, to
prevent social engineering;
• Avoid losing data by backing it up periodically;
• To be extra cautious while outside work premises;
• And if one is unfortunate to have been a victim, report to local
authorities.
Organisations
• Organisations need a much more structured approach to
manage cybersecurity risks.
• Also, before commencing, it is important to realise that
Human errors (~95%) are a major cause of cybersecurity
breaches – any sophisticated programme that does not
consider this element will be fraught with deficiencies.
• Having cybersecurity management can help mitigate the risks
across the organization.
• A typical programme in a global organisation would mostly
involve the following, amongst other steps, though may not be
in any specific order:
• Hire skilled people;
• Launch a Cyber Security Programme;
• Start with identification of top cyber risks;
• Depending on the organisation’s risk appetite for cybercrime
risks, secure budgets for investments in infrastructure,
processes and training;
• Build processes to identify external and internal threats and
vulnerabilities, review vulnerability assessments, phishing tests,
penetration testing, etc.;
• Identify known and emerging threats that are likely risks for the
organisation;
• IoT Strategies, Network Strategy, Cloud Security and prevention
of DDoS attacks to prevent infrastructure;
• Assess shift to integrated security products;
• Assess Enterprise Application Security layers;
• Build awareness of cyber regulations and cybersecurity standards;
• Review SDLC from a security perspective;
• Review Source Codes;
• Implement Security control frameworks, complete with policy suites,
standards and procedures;
• GDPR assessments;
• Continuous threat monitoring through organisation’s Security
Operations Centres;
• Oversight of third parties’ physical and logical security; and
• Develop Cyber Incident and Crisis Response Mechanisms.
• Build resiliency models, to enable recovery in case of an actual
cyber-attack;
• Review access and identity management components;
• Review insurance/reinsurance arrangements for adequate coverage;
Zero Trust Model:
• Zero Trust Model assumes that a breach is inevitable or has
already occurred.
• This is recognizing internal and external threats.
• As a result, users get restricted access to corporate data, on a
need-to-know basis. It entails constant user monitoring, real-
time data protection, risk-based access controls, etc.
• Logically, Zero Trust Models are implemented to safeguard
critical networks, such as those associated with national
security.
Cyber crime laws in India

• In terms of cybersecurity, there are five main types of laws that must
be followed.
• Cyber laws are becoming increasingly important in countries such as
India which have extremely extensive internet use.
• There are strict laws that govern the use of cyberspace and supervise
the use of information, software, electronic commerce, and financial
transactions in the digital environment.
• India’s cyber laws have helped to enable electronic commerce and
electronic governance to flourish in India by safeguarding maximum
connectivity and minimizing security concerns.
• This has also made digital media accessible in a wider range of
applications and enhanced its scope and effectiveness.
Information Technology Act, 2000.
Section Offence Description Penalty
65 Tampering with If a person knowingly or intentionally conceals, Imprisonment up
computer source destroys or alters or intentionally or knowingly causes to three years,
documents another to conceal, destroy or alter any computer or/and with fine up
source code used for a computer, computer to ₹200,000
programme, computer system or computer network,
when the computer source code is required to be
kept or maintained by law for the time being in force.

66 Hacking with If a person with the intent to cause or knowing that Imprisonment up
computer system he is likely to cause wrongful loss or damage to the to three years,
public or any person destroys or deletes or alters any or/and with fine up
information residing in a computer resource or to ₹500,000
diminishes its value or utility or affects it injuriously
by any means, commits hack.
66B Receiving stolen computer A person receives or Imprisonment up to three
or communication device retains a computer years, or/and with fine up
resource or to ₹100,000
communication device
which is known to be
stolen or the person has
reason to believe is stolen.

66C Using password of another A person fraudulently uses Imprisonment up to three

person the password, digital years, or/and with fine up
signature or other unique to ₹100,000
identification of another
person.

66D Cheating using computer If a person cheats Imprisonment up to three

resource someone using a computer years, or/and with fine up
resource or to ₹100,000
communication.
66E
Publishing private images of others If a person captures, transmits or Imprisonment up to three years, or/and
publishes images of a person's private with fine up to ₹200,000
parts without his/her consent or
knowledge.

66F
Acts of cyberterrorism If a person denies access to an authorised Imprisonment up to life.
personnel to a computer resource,
accesses a protected system or introduces
contaminants into a system, with the
intention of threatening the unity,
integrity, sovereignty or security of India,
then he commits cyberterrorism.

67
Publishing information which is obscene in If a person publishes or transmits or Imprisonment up to five years, or/and
electronic form. causes to be published in the electronic with fine up to ₹1,000,000
form, any material which is lascivious or
appeals to the prurient interest or if its
effect is such as to tend to deprave and
corrupt persons who are likely, having
regard to all relevant circumstances, to
read, see or hear the matter contained or
embodied in it.
67A Publishing images If a person publishes or transmits Imprisonment up to seven years,
containing sexual acts images containing a sexual explicit or/and with fine up
act or conduct. to ₹1,000,000

67B Publishing child porn or predating If a person captures, publishes or Imprisonment up to five years,
children online transmits images of a child in a or/and with fine up
sexually explicit act or conduct. If to ₹1,000,000 on first conviction.
a person induces a child into a
sexual act. A child is defined as Imprisonment up to seven years,
anyone under 18. or/and with fine up
to ₹1,000,000 on second
conviction.

67C Failure to maintain records Persons deemed as intermediatary Imprisonment up to three years,
(such as an ISP) must maintain or/and with fine.
required records for stipulated
time. Failure is an offence.
Positive and negative aspects of the IT Act

This legislation contains the following benefits:

1.Several companies are now able to conduct e-commerce
without any fear because of the presence of this Act.
2. Digital signatures are now able to be used by corporations to
conduct online transactions. Digital signatures are officially
recognized and sanctioned by the Act.
3. issuance of Digital Signature Certificates under the Act.
4. the Act permits the companies to electronically file any of
their documents with any office, authority, body or agency
owned or controlled by the appropriate government by using the
electronic form prescribed by that government.
However, the said Act has a few problems:
• Section 66A is considered to be in accordance with Article 19(2) of the
Constitution of India since it does not define the terms ‘offensive’ and
‘menacing’. It did not specify whether or not these terms involved
defamation, public order, incitement or morality. As such, these terms are
open to interpretation.
• Considering how vulnerable the internet is, the Act has not addressed
issues such as privacy and content regulation, which are essential.
• A domain name is not included in the scope of the Act. The law does not
include any definition of domain names, nor does it state what the rights
and liabilities of domain name owners are.
• The Act doesn’t make any provision for the intellectual property rights of
domain name proprietors. In the said law, important issues pertaining to
copyright, trademark, and patent have not been addressed, therefore
creating many loopholes.
Indian Penal Code, 1860 (IPC):

If the IT Act is not sufficient to cover specific cyber crimes, law

enforcement agencies can apply the following IPC sections:
• Section 292: The purpose of this section was to address the
sale of obscene materials, however, in this digital age, it has
evolved to deal with various cyber crimes as well. A manner in
which obscene material or sexually explicit acts or exploits of
children are published or transmitted electronically is also
governed by this provision. The penalty for such acts is
imprisonment and fines up to 2 years and Rs. 2000,
respectively. The punishment for any of the above crimes may
be up to five years of imprisonment and a fine of up to Rs.
5000 for repeat (second-time) offenders.
• Section 354C: In this provision, cyber crime is defined as taking or publishing
pictures of private parts or actions of a woman without her consent. In this
section, voyeurism is discussed exclusively since it includes watching a
woman’s sexual actions as a crime.
• In the absence of the essential elements of this section, Section 292 of the IPC
and Section 66E of the IT Act are broad enough to include offences of an
equivalent nature. Depending on the offence, first-time offenders can face up
to 3 years in prison, and second-time offenders can serve up to 7 years in
prison.
• Section 354D: Stalking, including physical and cyberstalking, is described and
punished in this chapter. The tracking of a woman through electronic means,
the internet, or email or the attempt to contact her despite her disinterest
amounts to cyber-stalking.
• This offence is punished by imprisonment of up to 3 years for the first offence
and up to 5 years for the second offence, along with a fine in both cases.
• Section 379: The punishment involved under this section, for
theft, can be up to three years in addition to the fine. The IPC
Section comes into play in part because many cyber crimes
involve hijacked electronic devices, stolen data, or stolen
computers.
• Section 420: This section talks about cheating and dishonestly
inducing delivery of property. Seven-year imprisonment in
addition to a fine is imposed under this section on
cybercriminals doing crimes like creating fake websites and
cyber frauds. In this section of the IPC, crimes related to
password theft for fraud or the creation of fraudulent websites
are involved.
• Section 463: This section involves falsifying documents or
records electronically. Spoofing emails is punishable by up to 7
years in prison and/or a fine under this section.
• Section 465: This provision typically deals with the punishment
for forgery. Under this section, offences such as the spoofing
of email and the preparation of false documents in cyberspace
are dealt with and punished with imprisonment ranging up to
two years, or both.
• Section 468: Fraud committed with the intention of cheating
may result in a seven-year prison sentence and a fine. This
section also punishes email spoofing.
Cybersecurity Framework (NCFS):

• As the most credible global certification body, the

National Institute of Standards and Technology (NIST) has
approved the Cybersecurity Framework (NCFS) as a framework
for harmonizing the cybersecurity approach.
• To manage cyber-related risks responsibly, the NIST
Cybersecurity Framework includes guidelines, standards, and
best practices.
• According to this framework, flexibility and affordability are
of prime importance. Moreover, it aims at fostering resilience
and protecting critical infrastructure by implementing the
following measures:
• A better understanding, management, and reduction of the risks
associated with cybersecurity.
• Prevent data loss, misuse, and restoration costs.
• Determine the most critical activities and operations that must be
secured.
• Provides evidence of the trustworthiness of organizations that
protect critical assets.
• Optimize the cybersecurity return on investment (ROI) by
prioritizing investments.
• Responds to regulatory and contractual requirements
• Assists in the wider information security program.
Importance of cyber crime laws

The following points can highlight the importance of cyber laws:

• An important goal of any cyber law is to prosecute those who
undertake illegal activities using the internet.
• In the cases involving a violation of cyber law, the action is taken
against the individual on the basis of his location and how was he
involved in that violation.
• Prosecuting or retracting hackers is the most important thing since
most cyber crimes are beyond the reach of a felony, which is not a
crime.
• The use of the internet is also associated with security concerns and
there are even some malicious individuals who want to gain
unauthorised access to the computer device and commit fraud using
it in the future.
Need for cyber crime laws in India

Cyberlaw may be required in the following circumstances:

• Due to the fact that all the transactions associated with stocks are now
executed in demat format, anyone who is involved with these
transactions is protected by cyber law in the event of any fraudulent
transactions.
• Almost all Indian companies have electronic records. A company may
need this law to prevent the misuse of such data.
As a result of the rapid development of technology, various government
forms are being filled out electronically, such as income tax returns and
service tax returns. Anybody can misuse those forms by hacking
government portal sites, and thus, cyberlaw is required under which legal
action can be taken.
• Shopping today is done through credit cards and debit cards.
Unfortunately, some frauds perpetrated by means of the internet
clone these credit cards and debit cards. The cloning of a credit or
debit card is a technique that allows someone to obtain your
information via the Internet. This can be prevented by cyberlaw as
under Section 66C of the IT Act, there is 3-year imprisonment along
with a fine up to one lakh rupees if anyone tries to make use of
any electronic password fraudulently or dishonestly.
• Business transactions are typically carried out by means of digital
signatures and electronic contracts. The misuse of digital
signatures and electronic contracts can be easily accomplished by
anyone involved with them. Cyberlaw provides protection against
these types of scams.
Module 2
• Module 2:ATTACKS AND COUNTER MEASURES: OSWAP;
Malicious Attack Threats and Vulnerabilities: Scope of Cyber-
Attacks – Security Breach – Types of Malicious Attacks –
Malicious Software – Common Attack Vectors – Social
engineering Attack – Wireless Network Attack – Web
Application Attack – Attack Tools – Counter measures
What is OWASP?

• The Open Web Application Security Project (OWASP) is a non-

profit organization founded in 2001, with the goal of helping
website owners and security experts protect web applications
from cyber attacks.
• OWASP has 32,000 volunteers around the world who perform
security assessments and research.
Why is the OWASP Top 10 Important?

• OWASP Top 10 is a research project that offers rankings of and

remediation advice for the top 10 most serious
web application security dangers.
• The report is founded on an agreement between security
experts from around the globe.
• The risks are graded according to the severity of the
vulnerabilities, the frequency of isolated security defects, and
the degree of their possible impacts.
• Employing the Top 10 into its software development life cycle
(SDLC) shows a general valuing of the industry’s best practices
for secure development.
• The aim of the report is to provide web application security experts
and developers with an understanding into the most common
security risks so that they can use the findings of the report as part
of their security practices.
• This can help limit the presence of such known risks within their
web applications.
• OWASP manages the Top 10 list and has been doing so since 2003.
• They update the list every 2-3 years, in keeping with changes and
developments in the AppSec market.
• OWASP provides actionable information and acts as an important
checklist and internal Web application development standard for a
lot of the largest organizations in the world.
What is New in OWASP Top 10 2021?

• The OWASP Top 10 is in order of importance—A01 is, according

to OWASP, the most important vulnerability, A02 is the second
most important, etc.
• Green arrows are vulnerabilities that were promoted in
importance
• Orange arrows are vulnerabilities that were demoted in
importance
• Yellow broken line arrows are vulnerabilities removed and
merged into other categories.
Which vulnerabilities remained in the list but changed
position?
• UP: Broken Access Control moved up from #5 to #1, because
OWASP discovered 94% of applications have an access control
weakness.
• UP: Cryptographic Failures, renamed from “Sensitive Data
Exposure”, moved from #3 to #2. This reflects the increasing
importance of encryption in modern applications.
• UP: Security Misconfiguration moved up from #6 to #5. 90% of
applications tested by OWASP had security-related
misconfigurations.
• DOWN: Security Logging and Monitoring Failures, previously
named “Insufficient Logging and Monitoring”, moved up from
#10 to #6, based on data from the OWASP industry survey.
• DOWN: Injection moved down from #1 to #3, even though 94%
of applications tested had some type of injection vulnerability.
• DOWN: Vulnerable and Outdated Components, previously
named “Using Components with Known Vulnerabilities”, moved
up from #9 to #6, based on OWASP’s community survey.
• DOWN: Identification and Authentication Failures, renamed
from “Broken Authentication”, moved down from #2 to #7, due
to growing use of standard authentication frameworks.
Which vulnerabilities are new or have been removed
from the list?
• NEW: Insecure Design is a new vulnerability, entering the list at
#4. This reflects the growing focus on “shifting left” and
integrating security into the entire development lifecycle.
• NEW: Software and Data Integrity Failures entered the list at
#8, focusing on the integrity of software updates and CI/CD
pipelines. This is a response to the huge impact of supply chain
attacks.
• NEW: Server-Side Request Forgery entered the list at #10. This
was the #1 result voted by users in the OWASP community survey.
• REMOVED: Cross-Site Scripting and XML External Entities
(XXE) are removed and merged into other categories (Injection
and Security Configuration, respectively).
A01:2021—Broken Access Control

• Broken access control means that attackers can gain access to

user accounts and act as users or administrators, and that
regular users can gain unintended privileged functions.
• Strong access mechanisms ensure that each role has clear and
isolated privileges.
• Mitigating Broken Access Control
• Deny access by default, except for public resources
• Build strong access control mechanisms and reuse them across
the application
• Disable server directory listing and do not store sensitive data
in root
• Rate limit API and controller access
• Validate JWT tokens after logout
A02:2021—Cryptographic Failures

• Cryptographic Failures, previously known as

Sensitive Data Exposure, covers the protection of data in
transit and at rest.
• This includes passwords, credit card numbers, health records,
personal information and other sensitive information.
• It is especially important for organizations covered by
standards like PCI Data Security Standards (PCI DSS) or
data privacy regulations like the EU
General Data Protection Regulation (GDPR).
• Mitigating Cryptographic Failures:
• Identify sensitive data and apply appropriate security controls.
• Don’t store sensitive data unless absolutely needed━discard
sensitive data, use tokenization or truncation.
• Encrypt all sensitive data at rest using strong encryption
algorithms, protocols and keys.
• Encrypt data in transit using secure protocols like TLS and
HTTP HSTS.
• Disable caching for sensitive data.
• Store passwords using strong, salted hashing functions like
Argon2, scrypt and bcrypt.
A03:2021—Injection

• An injection vulnerability in a web application allows attackers

to send hostile data to an interpreter, causing that data to be
compiled and executed on the server. A common form of
injection is SQL injection.
• Preventing Injection Attacks
• Use a safe API which avoids the use of the interpreter entirely
• Use positive or “whitelist” server-side input validation
• Escape special characters
• Use LIMIT and other SQL controls within queries to prevent
mass disclosure of records in case of SQL injection.
A04:2021—Insecure Design

• Insecure Design is a category of weaknesses that originate

from missing or ineffective security controls.
• Some applications are built without security in mind. Others
do have a secure design, but have implementation flaws that
can lead to exploitable vulnerabilities.
• By definition, an insecure design cannot be fixed by proper
implementation or configuration.
• This is because it is lacking basic security controls that can
effectively protect against important threats.
• Preventing insecure design
• Establish a secure software development lifecycle (SSDLC)
• Leverage application security practices from early stages of
software development
• Create a library of secure design patterns, and use it to build
new applications
• Leverage threat modeling to design critical features like
authentication and access control
• Integrate security concerns and controls into all user stories
A05:2021—Security Misconfiguration

• Security Misconfiguration is a lack of security hardening across the

application stack.
• This can include improper configuration of cloud service permissions,
enabling or installing features that are not required, and default
admin accounts or passwords.
• This now also includes XML External Entities (XXE), previously a
separate OWASP category.
• Preventing security misconfiguration
• Establish a hardening process for applications, which is fast
and easy to deploy
• Configure development, QA, and production identically (with
different credentials)
• All systems should have a minimal setup without unnecessary
features and components
• Configurations should be regularly updated, applying patches
and security advisories
• Establish an automated process to verify secure configurations
in all environments
A06:2021—Vulnerable and Outdated Components
• Vulnerable and Outdated Components, previously known as
“Using Components with Known Vulnerabilities,” includes
vulnerabilities resulting from unsupported or outdated
software.
• Anyone who builds or uses an application without knowing its
internal components, their versions, and whether they are
updated, is exposed to this category of vulnerabilities.
• Preventing vulnerable and outdated components
• Remove unused dependencies, features, components, and files
from applications.
• Maintain an inventory of components and their versions, both on
the client side and server side, using software composition analysis
(SCA) tools
• Continuously scan libraries and their dependencies for vulnerable
components
• Only use components from official sources, and prefer signed
packages
• Urgently remediate vulnerabilities, remove affected components,
or apply a virtual patch
A07:2021—Identification and Authentication Failures

• Identification and Authentication Failures, previously known as

Broken Authentication, this category now also includes security
problems related to user identities.
• Confirming and verifying user identities, and establishing
secure session management, is critical to protect against many
types of exploits and attacks.
• Mitigating Broken Authentication
• Implement multi-factor authentication
• Do not deploy systems with default credentials
• Check for a list of the top 10,000 worst passwords
• Use the guidelines in NIST 800-63 B section 5.1.1 for
Memorized Secrets
• Harden all authentication-related processes like registration
and credential recovery
• Limit or delay failed login attempts
A08:2021—Software and Data Integrity Failures

• Software and Data Integrity Failures involve code and infrastructure

that are vulnerable to integrity violations.
• This includes software updates, modification of sensitive data, and
CI/CD pipeline changes performed without validation.
• An insecure CI/CD pipeline can lead to unauthorized access,
introduction of malware, and other severe vulnerabilities.
• There is a global concern around applications with automatic
updates. In several cases, attackers broke into the supply chain and
created their own malicious updates.
• Thousands of organizations were compromised by downloading
updates and applying these
malicious updates to previously trusted applications, without
integrity validation.
• Preventing software and data integrity failures
• Use digital signatures or similar mechanisms to verify software
or data is from the expected source and has not been altered.
• Ensure libraries and dependencies, such as npm or maven, are
pulling from trusted repositories
• Establish a review process for code and configuration changes
• Ensure that your CI/CD pipeline has proper configuration and
access controls
A09:2021—Security Logging and Monitoring Failures

• Security Logging and Monitoring Failures, previously named

“Insufficient Logging and Monitoring”, involves weaknesses in
an application’s ability to detect security risks and respond to
them.
• Breaches cannot be detected without logging and monitoring.
Failures in this category affect visibility, alerting, and
forensics.
• Preventing security logging and monitoring failures
• Ensure login, access control, and server-side input validation is
logged
• Ensure logs contain enough context to identify suspicious
behavior and enable in-depth forensic analysis.
• Ensure logs are in a format compatible with log management
solutions
• Take measures to prevent attackers from tampering with log
data
A10:2021—Server Side Request Forgery

• A Server-Side Request Forgery (SSRF) vulnerability occurs when

a web application pulls data from a remote resource based on
a user-specified URL, without validating the URL.
• Even servers protected by a firewall, VPN, or network
access control list (ACL) can be vulnerable to this attack, if
they accept unvalidated URLs as user inputs.
• Preventing Server Side Request Forgery
• Avoid accepting URLs in client inputs, and if absolutely necessary,
sanitize inputs
• Isolate any remote resource access functionality in a separate
network to reduce impact
• Use “deny by default” firewall policies to block unwanted Internet
traffic
• Use a positive allow list with URL schema, port, and destination
• Disable HTTP redirections
• Never return raw responses to clients
Threat, vulnerability and risk
Threat is what an organization is defending itself against.
Denial-of-Service (DoS) Attacks: A DoS attack is an attempt to
make a computer or network resource unavailable to users. They
can be carried out using various methods, including flooding the
target with requests or traffic or exploiting vulnerabilities in the
network or system.
Distributed Denial-of-Service (DDoS) Attacks: A DDoS attack is
similar to a DoS attack, but multiple computers or devices, known
as zombies, are used to carry out the attack. A large number of
requests or traffic from the zombies can overwhelm the target,
thus denying access to legitimate users.
• Vulnerabilities are the gaps or weaknesses that undermine an
organization’s IT security efforts.
• Common types of network vulnerabilities include unpatched
software flaws, weak passwords, and open ports.
• e.g. a firewall flaw that lets hackers into a network.
• Risk refers to the calculated assessment of potential threats to
an organization’s security and vulnerabilities within its
network and information systems.
Types of Malicious Attacks
• Malware — or malicious software — is any program or code that
is created with the intent to do harm to a computer, network
or server. Malware is the most common type of cyberattack,
mostly because this term encompasses many subsets such as
ransomware, trojans, spyware, viruses, worms, keyloggers,
bots, cryptojacking, and any other type of malware attack
that leverages software in a malicious way.
Best Practices to Defend Against Malware
Tips for how best to defend against each type. In general, here are some
of the most frequent best practices to protect against malware:
• Update all network, application, and device software promptly
• When alerted to potential vulnerabilities, patch promptly
• Boost your organization’s IT literacy with ongoing cybersecurity training
so they recognize the threats posed by malware attacks
• Architect a premium network security tool like SASE that encompasses
SD-WAN, CASB, secure web gateways, ZTNA, FWaaS, and
microsegmentation
• Consider anti-malware solutions that can aid your existing
infrastructure
• Understand malware is a reality; prepare for the worst, and plan your
response to a malware attack
Adware

• Adware, also known as malvertising, is a type of malware that

downloads or displays advertisements to the user interface.
Rather than stealing data, adware is more of an irritant forcing
users to see unwanted ads. Most users are familiar with adware
in the form of unclosable browser pop-ups. Users sometimes
unknowingly infect themselves with adware installed by default
when they download and install other applications.
How To Defend Against Adware
• Install an antivirus solution that includes anti-adware
capabilities. Disable pop-ups on your browsers, and pay attention
to the installation process when installing new software, making
sure to un-select any boxes that will install additional software
by default.
Backdoors
• A backdoor is a trojan that offers an attacker remote access into the victim’s
device. Most device or software manufacturers place backdoors in their
products intentionally and for a good reason. If needed, company personnel
or law enforcement can use the backdoor to access the system when needed.
• However, in a bad actor’s hands, a backdoor can do anything the user does.
• Backdoors can also be installed by other types of malware, such as viruses or
rootkits.
How To Defend Against A Backdoor
• Backdoors are among the most challenging types of threats to protect
against.
• Experts say the best defense is a multi-pronged network security strategy
that includes a firewall, anti-malware software, network monitoring,
intrusion detection and prevention (IDPS), and data protection.
Bots and Botnets

• Bots are software performing automated tasks, making attacks known as

“botnets” deadly for victims. In cybersecurity, a bot typically refers to an
infected device containing malicious software.
• Without the user’s knowledge or permission, a bot can corrupt the device.
• Botnet attacks are targeted efforts by an army of bots, directed by their bot
herder.
How To Defend Against Botnets
• Organizations can help prevent their computers from becoming part of a
botnet by installing anti-malware software, using firewalls, keeping software
up-to-date, and forcing users to use strong passwords.
• Network monitoring software can also help determine when a system has
become part of a botnet.
• Always change the default passwords for any IoT devices you install before
extended use.
Browser Hijacker

• A browser hijacker also called “hijackware,” noticeably changes the behavior of your
web browser.
• This change could be sending you to a new search page, slow-loading, changing your
homepage, installing unwanted toolbars, directing you to sites you did not intend to
visit, and displaying unwanted ads.
• Attackers can make money off advertising fees, steal information from users, spy, or
direct users to websites or apps that download more malware.
How To Defend Against A Browser Hijacker
• Be careful when installing new software on your system. Many browser hijackers
piggyback on wanted software, much like adware does.
• Ensure you install and run anti-malware software on your system and maintain high-
security settings for browser activity.
• Because hijackware is related to your browser, therein lies the solution to
exterminating a browser hijacker.
• If your antivirus software fails to notice a new strain, you can reinstall the browser. If
that fails to work, clearing the contents of the device might be required.
Bug

• Bugs are a generic term for flaws in segments of code. All

software has bugs, and most go unnoticed or are mildly
impactful to the user. Sometimes, however, a bug represents a
severe security vulnerability, and using software with this type
of bug can open your system up to attacks.
How To Defend Against Bugs
• The best way to minimize potentially nasty bugs is consistent
updates for your software. With vulnerabilities at the top of
software vendors’ minds, they are quick to release patches to
prevent user systems damage. For organizations writing or
configuring their code, it’s imperative to follow best practices
for secure code and potentially seek third-party review.
Crimeware

• Some vendors use “crimeware” to refer to malware that is criminally executed

and often financially benefits the attacker.
• Much like malware, it is an inclusive category that encompasses a wide variety
of malicious software. Unlike ransomware, it might be a criminal operation that
does not involve the collection of a ransom.
• As a term, crimeware encompasses much of the malware types listed in this
article.
How To Defend Against Crimeware
• Best network security practices are essential, including using anti-malware,
firewalls, intrusion prevention and detection (IPDS), network and log
monitoring, data protection, security information and event management
(SIEM), and threat intelligence.
• Cybersecurity vendors like Panda Security suggest the best way to defend
against crimeware is using a combination of antivirus, anti-spyware, firewalls,
and threat detection technology.
• Keyloggers
• A keylogger is a software program that records all of the keys a
user touches. This exposed data includes everything from emails
and documents typed to passwords entered for authentication
purposes. By obtaining sensitive authentication access, attackers
can break into the vendor network or user account.
• How To Defend Against A Keylogger
• Good password hygiene is one of the best ways to prevent access
to keyloggers. Using strong passwords that you update regularly
can go a long way towards keeping you safe. You should also use a
network firewall and an anti-malware solution.
• Malicious Mobile Apps
• In the sea of apps available today, not all of them are desirable, and the
problem is even more acute with third-party app stores. While app store
vendors try to prevent malicious apps from becoming available, some
inevitably slip through. These apps can steal user information, attempt to
extort money from users, gain access to corporate networks, force users to
view unwanted ads, or engage in other undesirable activity types.
• How To Defend Against A Malicious Mobile App
• User education is one of the most powerful tools for preventing malicious
mobile apps. By avoiding third-party app stores and investigating app data
before downloading, users can significantly mitigate this risk. Deploying
mobile anti-malware and a company-wide mobile security plan is essential for
large organizations.
Phishing and Social Engineering
• Phishing and social engineering are a type of email attack that
attempts to trick users into divulging passwords, downloading
an attachment or visiting a website that installs malware on
their systems. More targeted efforts at specific users or
organizations are known as spear phishing. Because the goal is
to trick the user, attackers will research the victim to
maximize trick potential, often using spoofing to make the
email seem legit.
How To Defend Against Phishing
• Because phishing relies on social engineering — tricking users
into doing something — employee training is one of the best
defenses against these attacks. Users should deploy anti-spam
and anti-malware solutions, and staff should know not to
divulge personal information or passwords in email messages.
Training about downloading attachments or clicking website
links in messages, even if they appear to come from a known
source, is imperative given phishing attackers often pretend to
be a company or person known to the victim. Email is also
usually how ransomware works.
E

Examples Of Phishing Malware Attacks

Phishing Type Description

Most common type, using an email headline with a sense of
urgency from a known contact. This attack blends legitimate
Deceptive Phishing
links with malicious code, modifies brand logos, and evades
detection with minimal content.
As noted, spear phishing targets specific users or
organizations by exploring social media, recording out-of-
Spear Phishing
office notifications, compromising API tokens, and housing
malicious data in the cloud.
Even more targeted than spear phishing, whaling targets
chief officers of an organization by infiltrating the network,
Whaling
exposing the supply chain, and following up the malicious
email with a phone call to give it legitimacy.

Targeting victims over the phone, vishing is the use of Voice

Vishing over Internet Protocol (VoIP), technical jargon, and ID
spoofing to trick a caller into revealing sensitive information.

Smishing also targets phone users, but this one comes in the
form of malicious text messages. Smishing attacks often
Smishing
include triggering the download of a malicious app, link to
data-stealing forms, and faux tech support.
Moving away from trying to trick users, pharming leverages
cache poisoning against the DNS, using malicious email code
Pharming
to target the server and compromise web users’ URL
requests.
Common Attack Vectors
• In cybersecurity, an attack vector is a method of achieving
unauthorized network access to launch a cyber attack. Attack
vectors allow cybercriminals to exploit system vulnerabilities
to gain access to sensitive data,
personally identifiable information (PII), and other valuable
information accessible after a data breach.
• An attack vector is a path or means by which a cyber criminal
can gain unauthorized access to a network or system.
What is the difference between an attack vector and an attack
surface?

• hackers to exploit vulnerabilities and can lead to security

incidents.
• The attack surface, on the other hand, refers to the sum of all
possible attack vectors.
• Confidentiality, Integrity, and Availability: A successful attack
achieves the desired result by violating at least one of the
three principles.
Common Attack Vector
• social engineering
• Email scams and attachments
• Compromised or weak credentials
• Unsecured wifi networks
• Outdated software and operating systems
• Ransomware
• Third-party breaches
• Configuration weaknesses
• Zero-day vulnerabilities
• Distributed Denial of Service (DDoS)
• SQL injections
• Cross-Site Scripting (XSS)
How Do Attackers Exploit Attack Vectors?

• In general, attack vectors can be split into passive or active

attacks:
• Passive Attack Vector Exploits
• Passive attack vector exploits are attempts to gain access or
make use of information from the system without affecting
system resources, such as typosquatting, phishing, and other
social engineering-based attacks.
• Active Attack Vector Exploits
• Active cyber attack vector exploits are attempts to alter a
system or affect its operation such as malware, exploiting
unpatched vulnerabilities, email spoofing,
man-in-the-middle attacks, domain hijacking, and ransomware
.
How to Defend Against Common Attack Vectors

• The following cyber defense strategies will help you block frequently
abused entry points and also highlight possible regions in your ecosystem
that might be housing attack vectors.
• Create secure IoT credentials
• Use a password manager
• Educate employees
• Identify and shut down data leaks
• Detect and remediate all system vulnerabilities
• Keep antivirus software updated
• Keep third-party software regularly updated
Wireless Network Attack

What is a wireless network attack?

• wireless networks are much more vulnerable to attacks and
intruders.
• Commonly known as wireless network attacks, penetration
and intrusion acts that target wireless networks pose serious
threats. Wireless network attacks aim to capture the
information sent across the network and/or intrude with the
traffic of information.
Wireless Eavesdropping (Passive Attacks)
• Attackers use tools like packet sniffers to intercept and monitor wireless
communications between devices. By capturing data packets transmitted
over the air, they can potentially obtain sensitive information, such as
login credentials, financial data, or personal information.
Wireless Spoofing (Man-in-the-Middle Attacks)
• In these attacks, the attacker positions themselves between the wireless
client and the legitimate access point, intercepting and manipulating
data transmissions. The attacker may then relay the information back
and forth, making it appear as if they are the legitimate access point.
This enables them to snoop on data or perform other malicious actions
unnoticed.
Wireless Jamming (Denial-of-Service Attacks)
• Attackers flood the wireless frequency spectrum with
interference signals, disrupting legitimate communications
between devices and access points. By creating excessive noise,
they can render the wireless network unusable for legitimate
users.
Rogue Access Points
• Attackers set up unauthorized access points, mimicking
legitimate ones, to deceive users into connecting to them. Once
connected, the attacker can eavesdrop, capture data, or launch
further attacks on the unsuspecting users.
Brute-Force Attacks
• Attackers try various combinations of passwords or encryption
keys in rapid succession until they find the correct one to gain
unauthorized access to the wireless network.
WEP/WPA Cracking
• Attackers exploit vulnerabilities in older wireless security
protocols like Wired Equivalent Privacy (WEP) and Wi-Fi
Protected Access (WPA) to gain unauthorized access to
encrypted wireless networks.
Evil Twin Attacks
• Attackers create fake access points with names similar to
legitimate ones, tricking users into connecting to the malicious
network. Once connected, the attacker can intercept sensitive
data or execute further attacks.
De-authentication/Disassociation Attacks
• Attackers send forged deauthentication or disassociation
frames to wireless devices, forcing them to disconnect from
the network, leading to service disruptions or potential
vulnerabilities when devices automatically reconnect.
Safeguarding Your Digital Domain
• Update your computer often
• Use MAC filtering
• Disable SSID broadcasting
• Use WPA2 encryption
• Disable file sharing
• Enable WEP encryption
Web Application Attack
• Despite their advantages, web applications do raise a number
of security concerns stemming from improper coding.
• Serious weaknesses or vulnerabilities allow criminals to gain
direct and public access to databases in order to churn
sensitive data – this is known as a web application attack.
• As stated, websites depend on databases to deliver the
required information to visitors.
• If web applications are not secure, i.e. vulnerable to at least
one of the various forms of hacking techniques, then your
entire database of sensitive information is at serious risk of a
web application attack.