Cyber Security Report
Cyber Security Report
Cyber Security Report
INTRODUCTION
Strengthening the trust framework, including information security and network security,
authentication, privacy and consumer protection, is a prerequisite for the development of
the Information Society and for building confidence among users of ICTs. A global culture of
cybersecurity needs to be promoted, developed and implemented in cooperation with all
stakeholders and international expert bodies.
This statement from the 2003 WSIS Declaration of Principles, This is the rule of the data
revolution: for every action to store, secure, and use data, there is an equal or greater
reaction to steal data. It has been proven repeatedly — as recently as the Equifax data
breach. Data has changed from forms and documents to bioinformatics and digital
transaction histories. Protection has moved from file cabinets and lockboxes to virtual
storage spaces on secluded servers with stringent encryption. Malicious parties have
likewise transitioned from physical break-ins to ransomware, DDoS attacks, botnets and
other nefarious acts. Companies are acutely aware of cybersecurity’s importance, especially
those operating via cloud and edge computing models or utilizing IOT technology. The
subject has introduced anxiety for business leadership and consumers alike, with few having
full confidence about safe engagement in a digital, data-driven age. This white paper will
address those concerns, outlining the stages of security, and introduce exciting technology
that could ameliorate tension and stymy hackers.
1.1 Background
A cyber attack is deliberate exploitation of computer systems, technology-
dependent enterprises and networks. Cyber attacks use malicious code to alter
computer code, logic or data, resulting in disruptive consequences that can
compromise data and lead to cybercrimes, such as information and identity theft.
Cyber attack is also known as a computer network attack (CNA). Cyber attacks
occurred targeting banks and broadcasting companies in South Korea on March 20.
The malware involved in these attacks brought down multiple websites and
interrupted bank transactions by overwriting the Master Boot Record (MBR) and all
the logical drives on the infected servers rendering them unusable. It was reported
that 32,000 computers had been damaged and the exact amount of the financial
damage has not yet been calculated. More serious is that we are likely to have
greater damages in case of occurring additional attacks, since exact analysis of cause
is not done yet. APT(Advanced Persistent Threat), which is becoming a big issue due
to this attack, is not a brand new way of attacking, but a kind of keyword standing
for a trend of recent cyber attacks. In this paper, we show some examples and
features of recent cyber attacks and describe phases of them. Finally, we conclude
that only the concept of security intelligence can defend these cyber threats .
1.2 Setting the stage: cybersecurity in the past and
present
Cyber security has come a long way since 1988, when Robert Tappan Morris
attempted to gauge how big the Internet was by releasing one of the first
recognised worms to infect the world’s nascent cyber infrastructure.
The worm relied upon weaknesses in the UNIX system to replicate itself.
Once infected, computers slowed down to the point of being unusable.
Tappan became the first person convicted under the United States Computer
Fraud and Abuse Act.
Since then, we have seen an increase in cyber hacking and subsequent
scams taking us beyond individual “Geeks” gaining access and criminals
looking for easy money, to a new cyber underworld of transnational networks
and state-sponsored cyber spies.
In the process, sophisticated hackers continue to gain access to personal,
banking and government information as well as military and industrial secrets.
No sector of cyber has gone untouched.
A major shift in cyber attacks occurred in October 2010 with the release and
detection of the Stuxnet worm. Stuxnet specifically targeted programmable
logic controllers (PLCs) that control of vast array of automated processes
including factory floor, chemical plants, oil refineries, pipelines, electrical grid
systems and, in this case, Siemens PLCs that controlled Iranian centrifuges
for separating nuclear material.
More than 32 lakh debit cards issued to various Indian banks were
compromised earlier last year, which resulted in the loss of Rs 1.3 crore in
fraudulent transactions as reported by the National Payments Corporation of
India (NPCI). These hacks These hacks went undetected for months, allowing
the hackers to continuously extract money off these user accounts as well as
infect other bank operations with malicious software. Twitter accounts around
the world were hacked. The most noteworthy for India was the attack by an
infamous hacker group known as Legion. The group attacked Twitter and
email accounts of prominent public figures such as Congress vice president
Rahul Gandhi and businessman Vijay Mallya. Legion offered details of
upcoming attacks and promised more dumps of Twitter information in future.
Banking in Bangladesh was also not spared as one of the largest financial
crimes online took place early last year, resulting in $81 million “liberated”
from the banks and “reinvested” in places such as the Philippines, Sri Lanka,
and other parts of asia.
Mark Zuckerberg, co-founder of Facebook had both his Twitter and Pinterest
accounts breached multiple times throughout the year. Why? Because he
3reused the same password. Yahoo suffered two major data thefts in 2016. In
September hackers compromised over 500 million Yahoo user accounts, and
successfully attacked again in December compromising more than 1 billion
accounts. Information compromised included usernames, email addresses,
date of birth, passwords, phone numbers, and security questions.
State-sponsored Russian hackers made a big splash across the US by
hacking into the Democratic and Republican National Committees’ email
archives through repeated phishing attacks. They accessed over 60,000
emails and released them through WikiLeaks. WikiLeaks later published
these emails, attempting to influence election results in favour of Donald
Trump.
October 21, 2016 now claims the distinction as the date of one of the largest
cyber attacks on record as websites such as Twitter, Netflix, Airbnb, Reddit,
SoundCloud, and others were temporarily shut down. This threefold attack
interrupted websites and caused outages across the United States and
Europe.
The newly emerging Internet of Things (IoT) and its associated devices were
also slammed by attacks on the servers of DYN, the company controlling the
largest portion of the Internet’s domain name servers (DNS), and thereby
highlighting future vulnerabilities across the IoT.
Exciting new technologies
The new year promises to bring a host of exciting new technologies as Apple,
Amazon and Google began entering products into the smart home technology
(IoT) markets. Thousands of new virtual reality games and applications will be
released, and machine learning and artificial intelligence will expand
exponentially in the workplace, ushering in extraordinary efficiencies.
With all the new technologies, we will still face the same old cyber security
vulnerabilities. Each year, the technologies excite us and provide new twists
for cyber security as the technologies become so commonplace that people
forget about security.
Doug Shadel, a leading expert on fraud in the US summed up what security
experts fear most, “We’re concerned that people are trading security for
convenience… People are doing things on free Wi-Fi that are really alarming.”
The current year will offer extraordinary opportunities for data breaches, many
of which have already occurred in 2016, but we were unaware of them.
Previously stolen information will continue to make its way into the news.
Cyber vulnerabilities in national infrastructure will also invite more incidents of
cyber warfare while IoT vulnerabilities will expand opportunities for cyber
attacks. And yes, our old friends, the individual hackers, will become more
innovative providing a year of increasingly creative cyber breaches. Now is
the time to brush up on cyber training, change your passwords and begin your
own personal crusade for cyber security.
Privacy
This primarily involves you controlling who (if anyone) sees what activities you engage in
online. In other words, “they” can see who you are, but not what information or websites
you access or seek out.
Why it Matters: Privacy
Privacy: control over other’s knowledge of what you are doing. Privacy has always been
important an important concept, even before the internet entered into almost every aspect
of our lives. However, when using the internet the significance of privacy and our idea about
what’s private and public can be unclear. Just this past March, the Senate passed a bill
allowing ISPs to track, gather, and sell whatever information a user sends through their
wires. What’s perhaps worse is that they can now do this without asking permission. No
wonder 91% of Americans believe that consumers have lost control of how personal
information is collected and used by companies. While some of the data being shared by
these companies seems harmless (depending on your level of paranoia), some of it does
contain more sensitive stuff like a history of your locations, what prescriptions you take,
what apps you use most, who you’re friends with on social media, and etc. Even if you feel
you have nothing to hide, there are still good reasons to feel privacy is an important issue. In
fact, a better question to ask might be why anyone would want your information. Motive,
after all, determines the nature of intent, and not everyone’s intentions are necessarily bad
Most of the time this data will be sold to advertisers who use it to build datasets that help
streamline their ads and services. While this does help enhance and personalize your online
exploration, it also lumps you into a complex demographic and determines what information
you access by creating their own online ecosystem of information — also known as a
“bubble.” The effects, in other words, can be limiting in ways. In addition to advertisers,
government surveillance also gathers information of online users, reportedly for the sake of
counter-terrorism. This issue alone has created many mixed feelings among internet users.
When people know (or even think) they’re being watched, they tend to act like they’re being
watched. While this might help keep domestic terrorism at bay, it also stifles intellectual
freedom and starts to take on shades of information control. Either way, what’s largely at
stake with the issue of privacy is how the issue determines how our society functions.
Privacy, for better or worse, allows groups to organize and share ideas freely. Sacrificing our
control over what should be private and what should be public could very well place aspects
of our freedom at risk. The issue of privacy centers on you having control over the
information about you and your online activities and how it’s used. In fact, as we become
more reliant on online transactions concerning money or medical information, the issue of
privacy becomes more important as we have more to lose.
Anonymity
This is essentially when you opt to have your online actions seen, but keep your identity
hidden. In short, “they” can see what you do, but not who you are.
pseudo-anonymity
Pseudo-anonymity is the appearance – but not the reality--of anonymity online.
Many sites or services that allow anonymous posting stipulate that the
administrators can provide police with user IP addresses, GPS coordinates, device
details and data and time for each message if supported by a search warrant, court
order or subpoena. Some sites also make user info available to other businesses
and advertisers.
While pseudo-anonymity can be good for civil liberties, privacy and security, some
users may exploit it to be abusive to other users or to vandalize sites. On truly
anonymous sites, such behavior can be hard to regulate as users can return almost
indefinitely. On pseudo-anonymous sites, however, administrators have access to
information that can be used to ban users and keep them from returning.
Threat :
A threat refers to a new or newly discovered incident with the potential to do harm to a system or
your overall organization. There are three main types of threats – natural threats (e.g., floods or a
tornado), unintentional threats (such as an employee mistakenly accessing the wrong information)
and intentional threats. There are many examples of intentional threats including spyware, malware,
adware companies or the actions of a disgruntled employee. In addition, worms and viruses are also
categorized as threats, because they could potentially cause harm to your organization through
exposure to an automated attack, as opposed to one perpetrated by humans. Most recently, on May
12, 2017, the WannaCry Ransomware Attack began bombarding computers and networks across the
globe and has since been described as the biggest attack of its kind. Cyber criminals are constantly
coming up with creative new ways to compromise your data as seen in the 2017 Internet Security
Threat Report. Although these threats are generally outside of one’s control and difficult to identify
in advance, it is essential to take appropriate measures to assess threats regularly. Here are some
ways to do so and podcasts (like Techgenix Extreme IT) that cover these issues as well as join
professional associations so they can benefit from breaking news feeds, conferences and webinars.
You should also perform regular threat assessments to determine the best approaches to protecting
a system against a specific threat, along with assessing different types of threats. In addition,
penetration testing involves modeling real-world threats in order to discover vulnerabilities.
Vulnerability
A vulnerability refers to a known weakness of an asset (resource) that can be exploited by one or
more attackers. In other words, it is a known issue that allows an attack to be successful. For
example, when a team member resigns and you forget to disable their access to external accounts,
change logins or remove their names from company credit cards, this leaves your business open to
both intentional and unintentional threats. However, most vulnerabilities are exploited by
automated attackers and not a human typing on the other side of the network. Testing for
vulnerabilities is critical to ensuring the continued security of your systems by identifying weak
points and developing a strategy to respond quickly. Here are some questions to ask when
determining your security vulnerabilities: Is your data backed up and stored in a secure off-site
location? Is your data stored in the cloud? If yes, how exactly is it being protected from cloud
vulnerabilities? What kind of network security do you have to determine who can access, modify or
delete information from within your organization? What kind of antivirus protection is in use? Are
the licenses current? Is it running as often as needed? Do you have a data recovery plan in the event
of a vulnerability being exploited? Understanding your vulnerabilities is the first step to managing
your risk.
Risk
Risk refers to the potential for loss or damage when a threat exploits a vulnerability. Examples of risk
include financial losses as a result of business disruption, loss of privacy, reputational damage, legal
implications and can even include loss of life. Risk can also be defined as follows:
Assess risk and determine needs. When it comes to designing and implementing a risk assessment
framework, it is critical to prioritize the most important breaches that need to be addressed.
Although frequency may differ in each organization, this level of assessment must be done on a
regular, recurring basis. Include a total stakeholder perspective. Stakeholders include the business
owners as well as employees, customers and even vendors. All of these players have the potential to
negatively impact the organization (potential threats) but at the same time they can be assets in
helping to mitigate risk. Designate a central group of employees who are responsible for risk
management and determine the appropriate funding level for this activity. Implement appropriate
policies and related controls and ensure that the appropriate end users are informed of any and all
changes. Monitor and evaluate policy and control effectiveness. The sources of risk are everchanging
which means your team must be prepared to make any necessary adjustments to the framework.
This can also involve incorporating new monitoring tools and techniques.
The internet was born around 1960‟s where its access was limited to few scientist, researchers and
the defence only. Internet user base have evolved expontinanlty. Initially the computer crime was
only confined to making a physical damage to the computer and related infrastructure. Around
1980‟s the trend changed from causing the physical damaging to computers to making a computer
malfunction using a malicious code called virus. Till then the effect was not so widespread beacouse
internet was only comfined to defence setups, large international companies and research
communities. In 1996, when internet was launched for the public, it immeditly became populer
among the masses and they slowly became dependent on it to an extent that it have changed their
lifestyle. The GUIs were written so well that the user don‟t have to bother how the internet was
functioning. They have to simply make few click over the hyber links or type the desired information
at the desired place without bothering where this data is stored and how it is sent over the internet
or wether the data can accessed by another person who is conneted to the internet or wether the
data packet sent over the internet can be snoofed and tempered. The focus of the computer crime
shifted from marely damaging the computer or destroying or manipulating data for personal benefit
to financial crime. These computer attacks are incresing at a rapid pase. Every second around 25
computer became victim to cyber attack and around 800 million individuals are effected by it till
2013. CERT-India have reported around 308371 Indian websites to be hacked between 2011-2013. It
is also estimated that around $160 million are lost per year due to cyber crime. This figure is very
conservative as most of the cases are never reported. Accoring to the 2013-14 report of the standing
committee on Information Technology to the 15th Lok Sabha by ministry of communication and
information technology, India is a third largest number do Intrernet users throughout the world with
an estimated 100 million internet users as on June, 2011 and the numbers are growing rapidly. There
are around 22 million broadband connections in India till date operated by around 134 major
Internet Service Providers(ISPs). Before discussing the matter further, let us know what the cyber
crime is? The term cyber crime is used to describe a unlawful activity in which computer or
computing devices such as smartphones, tablets, Personal Digital Assistants(PDAs), etc. which are
stand alone or a part of a network are used as a tool or/and target of criminal acitivity. It is often 16
commited by the people of destructive and criminal mindset either for revenge, greed or adventure.
The cyber criminal could be internal or external to the organization facing the cyber attack. Based on
this fact, the cyber crime could be categorized into two types:
Insider Attack: An attack to the network or the computer system by some person with authorized
system access is known as insider attack. It is generally performed by dissatisfied or unhappy inside
employees or contractors. The motive of the insider attack could be revenge or greed. It is
comparitively easy for an insider to perform a cyber attack as he is well aware of the policies,
processes, IT architecture and wealness of the security system. Moreover, the attacker have an
access to the network. Therefore it is comparatively easy for a insider attacker to steel sensitive
information, crash the network, etc. In most of the cases the reason for insider attack is when a
employee is fired or assigned new roles in an organization, and the role is not reflected in the IT
policies. This opens a vernability window for the attacker. The insider attack could be prevented by
planning and installing an Internal intrusion detection systems (IDS) in the organization.
External Attack: When the attacker is either hired by an insider or an external entity to the
organization, it is known as external attack. The organization which is a victim of cyber attack not
only faces financial loss but also the loss of reputation. Since the attacker is external to the
organization, so these attackers usually scan and gathering information.An expreicend
network/security administrator keeps regual eye on the log generated by the firewalls as extertnal
attacks can be traced out by carefully analysinig these firewall logs. Also, Intrusion Detection
Systems are installed to keep an eye on external attacks.
The cyber attacks can also be classified as structure attacks and unstructured attacks based on the
level of maturity of the attacker. Some of the authors have classified these attacks as a form of
external attacks but there is precedence of the cases when a structured attack was performed by an
internal employee. This happens in the case when the competitor company wants the future
strategy of an organization on certain points. The attacker may strategically gain access to the
company as an employee and access the required information.
Unstructured attacks: These attacks are generally performed by amatures who don‟t have any
predefined motives to perform the cyber attack. Usually these amatures try to test a tool readily
available over the internet on the network of a random company.
Structure Attack: These types of attacks are performed by highly skilled and experienced people and
the motives of these attacks are clear in their mind. They have access to sophisticated tools and
technologies to gain access to other networks without being noticed by their Intrusion Detection
Systems(IDSs). Moreover, these attacker have the necessary expertise to develop or modify the
existing tools to satisfy their purpose. These types of attacks are usually performed by professional
criminals, by a country on other rival countries, politicians to damage the image of the rival person
or the country, terrorists, rival companies, etc
a. Money: People are motivated towards committing cyber crime is to make quick and easy money.
b. Revenge: Some people try to take revenge with other person/organization/society/ caste or
religion by defaming its reputation or bringing economical or physical loss. This comes under the
category of cyber terrorism.
c. Fun: The amateur do cyber crime for fun. They just want to test the latest tool they have
encountered.
d. Recognition: It is considered to be pride if someone hack the highly secured networks like defense
sites or networks.
e. Anonymity- Many time the anonymity that a cyber space provide motivates the person to commit
cyber crime as it is much easy to commit a cyber crime over the cyber space and remain anonymous
as compared to real world. It is much easier to get away with criminal activity in a cyber world than
in the real world. There is a strong sense of anonymity than can draw otherwise respectable citizens
to abandon their ethics in pursuit personal gain.
f. Cyber Espionage: At times the government itself is involved in cyber trespassing to keep eye on
other person/network/country. The reason could be politically, economically socially motivated.
Although the forms of illegal computer activity are growing and changing like any type of crime,
there are several established categories. Cybersecurity teams should have dedicated methods of
management as it relates to each vulnerability
Viruses are the oldest form of cyber-attacks and the most popularized in early media. They are lines
of code embedded in malware or phishing hooks. When opened, they disrupt a computer’s normal
operating habits. A virus functions like someone else took over, giving the wrong or jibberish
commands. An example of this is Stuxnet, which deployed in 2009. Planted in the network of the
Iranian uranium enrichment facility, it manipulated its digital surroundings before transferring to
computers in industrial equipment. There, it wrought havoc on physical objects by giving them
commands that broke them, such as increasing pressure commands on valves in centrifuges.
Malware is a catchall term that means “malicious software.” Malware can be spyware, ransomware
or adware, among many things, and it can carry a virus. Rather than embedding itself into the
operating system or hard drive like a virus, it installs itself and runs as a software. Ransomware is
malware that closes a computer, network, or other system until a ransom has been paid and the
hacker deactivates the ransomware. In 2017, a ransomware called WannaCry infected tens of
thousands of computers in 74 countries, exploiting a vulnerability in Windows software. It even shut
down the British National Health System.
Malware stands for “Malicious Software” and it is designed to gain access or installed into the
computer without the consent of the user. They perform unwanted tasks in the host computer for
the benefit of a third party. There is a full range of malwares which can seriously degrade the
performance of the host machine. There is a full range of malwares which are simply written to
distract/annoy the user, to the complex ones which captures the sensitive data from the host
machine and send it to remote servers. There are various types of malwares present in the Internet.
Some of the popular ones are:
1. Adware It is a special type of malware which is used for forced advertising. They either redirect
the page to some advertising page or pop-up an additional page which promotes some product or
event. These adware are financially supported by the organizations whose products are advertised. 1
2.Spyware It is a special type of which is installed in the target computer with or without the user
permission and is designed to steal sensitive information from the target machine. Mostly it gathers
the browsing habits of the user and the send it to the remote server without the knowledge of the
owner of the computer. Most of the time they are downloaded in to the host computer while
downloading freeware i.e. free application programmes from the internet. Spywares may be of
various types; It can keeps track of the cookies of the host computer, it can act as a keyloggers to
sniff the banking passwords and sensitive information, etc.
3. Browser hijacking software There is some malicious software which are downloaded along with
the free software offered over the internet and installed in the host computer without the
knowledge of the user. This software modifies the browsers setting and redirect links to other
unintentional sites.
4. Worms They are a class of virus which can replicate themselves. They are different from the virus
by the fact that they does not require human intervention to travel over the network and spread
from the infected machine to the whole network. Worms can spread either through network, using
the loopholes of the Operating System or via email. The replication and spreading of the worm over
the network consumes the network resources like space and bandwidth and force the network to
choke.
5. Trojan Horse Trojan horse is a malicious code that is installed in the host machine by pretending
to be useful software. The user clicks on the link or download the file which pretends to be a useful
file or software from legitimate source. It not only damages the host computer by manipulating the
data but also it creates a backdoor in the host computer so that it could be controlled by a remote
computer. It can become a part of botnet(robot-network), a network of computers which are
infected by malicious code and controlled by central controller. The computers of this network
which are infected by malicious code are known as zombies. Trojans neither infect the other
computers in the network nor do they replicate.
6. Scareware Internet has changed how we talk, shop, play etc. It has even changed the way how
the criminal target the people for ransom. While surfing the Internet, suddenly a pop-up alert
appears in the screen which warns the presence of dangerous virus, spywares, etc. in the user‟s
computer. As a remedial measure, the message suggests the used download the full paid version of
the software. As the user proceeds to download, a malicious code, known as scareware is
downloaded into the host computer. It holds the host computer hostage until the ransom is paid.
The malicious code can neither be uninstalled nor can the computer be used till the ransom is paid.
Is phishing malware?
Phishing is the process that can introduce malware or open someone to cyber theft. Phishers trick
unsuspecting users by posing as a legitimate entity, the hook. The hook may be a spam e-mail,
malicious ad, a fake phone call, or even a printed document with false website data. Once someone
responds to these hooks, consequences may occur: malware downloaded or personal information
stolen. Phishing can also occur on social media. A common phishing scheme is called “The Nigerian
Scam” or 419: a family member of a Nigerian man e-mails asking for money to help free the man,
transfer money out of Nigeria or return him to his rightful place as a royal heir. Clicking on the
included link will initiate a phishing scam that steals money and personal information.
A Denial of Service (DoS) attack is when a malicious source makes it impossible for a computer,
server or website to access the internet. A Distributed Denial of Services (DDoS) attack does the
same thing, but with a distributed architecture. Viruses or malware infect thousands of computers
and give them similar directions, making a botnet. The botnet directs all participating computers to
go to the organization targeted. Overwhelmed by sudden increase in site visits, the site may shut
down or freeze. Other methods of DDoS attacks include sending less computers to visit the site, but
they are tasked with asking cumbersome requests, likewise slowing down the site. It prevents
legitimate users from being able to access the documents or resources on it. One of the first, and
most notorious, DDoS attacks happened to the Church of Scientology. Anonymous, a vigilante hacker
group, shut down the religious organization’s website, momentarily preventing anyone from
learning more about the group.
Advanced Persistent Threats, or APTs, are long, directed cyber-attacks that are most often state
sponsored. These types of attacks usually begin with a network probe. An organization or individual
illegally, and surreptitiously, accesses an organization’s local area network or internal internet. This
individual may have gotten in through an employee access gateway or found a vulnerability through
other means. The hacker will lurk on the network, hiding from detection, while it maps the
information stored there and implements malicious measures. Often, results of APTs include theft,
such as the Equifax Security Breach or the HBO breach that released Game of Thrones episodes.
These are the most dangerous cyber-attacks.
Malicious Insider
Hackers are actively advertising for help from specific company’s employees to join the
dark side. Desperate people can do desperate things. Good people can do bad things.
In fact, this survey showed that 20% of employees would sell their corporate credentials,
44% of which would be willing to do it for less than $1,000, and some for as little as
$100.
Inadvertent Insider
Not all insider threats are malicious, sometime people just make mistakes, or fall victim
to common social engineering tactics, such as phishing, vendor spoofing, or pretexting.
People are typically the weakest link in security because human nature makes us
vulnerable.
Hacker
Hackers are opportunistic, and typically get a thrill from gaining access to secured
systems. They are looking to prove themselves, and do it for bragging rights. There
efforts don’t always have a malicious intent. Professional “white hat” hackers can be
employed by companies to perform penetration tests to identify vulnerabilities and other
weaknesses. Performing regular vulnerability assessments and penetration tests is an
important part of your cybersecurity program and can help inform your cybersecurity
strategy.
White Hat: white hat hackers are the persons who hack the system to find the security
vulnerabilities of a system and notify to the organizations so that a preventive action can be
taken to protect the system from outside hackers. White hat hackers may be paid employee of
an organization who is employed to find the security loop-holes, or may be a freelancer who
just wants to prove his mantle in this field. They are popular known as ethical hackers.
Black Hat: in contrast to the white hat, the black hat hack the system with ill intentions.
They may hack the system for social, political or economically motivated intentions. They
find the security loopholes the system, and keep the information themselves and exploit the
system for personal or organizational benefits till organization whose system is compromised
is aware of this, and apply security patches. They are popularly known as crackers.
Grey Hat: Grey hat hackers find out the security vulnerabilities and report to the site
administrators and offer the fix of the security bug for a consultancy fee.
Blue hat: A blue hat hacker is someone outside computer security consulting firms who is
used to bug-test a system prior to its launch, looking for exploits so they can be closed.
Cybercriminal
Cybercriminals are opportunistic, and are motivated by financial gain. The growth
of cybercrime-as-a-service(CaaS) means little technological expertise is needed to
become a very successful cybercriminal today. CaaS has become a thriving services
economy, fueled by a global marketplace featuring a breathtaking range of services. It’s
also swelled the criminal ranks, thanks to high salaries for developers, exploding
revenues for CaaS companies, and complicit buyers, ever-more willing to show the
money.
Cyber Hacktivist
Hacktivist attacks are targeted, and are often perpetrated to promote a political agenda
or a social change. They are often looking to disrupt services and bring attention to a
cause, such as free speech, human rights, or freedom of information. Anonymous is
well-known for their hacktivist activities.
Cyber Terrorist
These targeted attacks are motivated by a political, religious, or ideological cause. The
goal is to intimidate a government or a section of the public, and they can interfere with
critical infrastructure.
5.1.1 AUTHENTICATION
It is a process of identifying an individual and ensuring that the individual is the same who he/she
claims to be. A typical method for authentication over internet is via username and password. With
the increase in the reported cases of cyber crime by identity theft over internet, the organizations
have made some additional arrangements for authentication like One Time Password(OTP), as the
name suggest it is a password which can be used one time only and is sent to the user as an SMS or
an email at the mobile number/email address that he have specified during the registration process.
It is known as two-factor authentication method and requires two type of evidence to
authentication an individual to provide an extra layer of security for authentication. Some other
popular techniques for two-way authentication are: biometric data, physical token, etc. which are
used in conjunction with username and password.
The authentication becomes more important in light of the fact that today the multinational
organizations have changed the way the business was to be say, 15 years back. They have offices
present around the Globe, and an employee may want an access which is present in a centralized
sever. Or an employee is working from home and not using the office intranet and wants an access
to some particular file present in the office network. The system needs to authenticate the user and
based on the credentials of that user, may or may not provide access to the used to the information
he requested. The process of giving access to an individual to certain resources based on the
credentials of an individual is known as authorization and often this process is go hand-in-hand with
authorization. Now, one can easily understand the role of strong password for authorization to
ensure cyber security as an easy password can be a cause of security flaw and can bring the whole
organization at high risk. Therefore, the password policy of an organization should be such that
employees are forced to use strong passwords (more than 12 characters and combination of
lowercase and uppercase alphabets along with numbers and special characters) and prompt user to
change their password frequently. In some of the bigger organizations or an organization which
deals in sensitive information like defence agencies, financial institutions, planning commissions, etc.
a hybrid authentication system is used which combines both the username and password along with
hardware security measures like biometric system, etc. Some of the larger organizations also use
VPN(Virtual Private Network), which is one of the method to provide secure access via hybrid
security authentication to the company network over internet.
5.1.2 ENCRYPTION
It is a technique to convert the data in unreadable form before transmitting it over the internet. Only
the person who have the access to the key and convert it in the readable form and read it. Formally
encryption can be defined as a technique to lock the data by converting it to complex codes using
mathematical algorithms. The code is so complex that it even the most powerful computer will take
several years to break the code. This secure code can safely be transmitted over internet to the
destination. The receiver, after receiving the data can decode it using the key. The decoding of the
complex code to original text using key is known as decryption. If the same key is used to lock and
unlock the data, it is known as symmetric key encryption. In symmetric key encryption, the after
coding of data, the key is sent to the destination user via some other medium like postal service,
telephone, etc. because if the key obtained by the hacker, the security of the data is compromised.
Key distribution is a complex task because the security of key while transmission is itself an issue. To
avoid the transfer of key a method called asymmetric key encryption, also known as public key
encryption, is used. In asymmetric key encryption, the key used to encrypt and decrypt data are
different. Every user posse‟s two keys viz. public key and private key. As the name suggest, the
public key of every user is known to everyone but the private key is known to the particular user,
who own the key, only. Suppose sender A wants to send a secret message to receiver B through
internet. A will encrypt the message using B‟s public key, as the public key is known to everyone.
Once the message is encrypted, the message can safely be send to B over internet. As soon as the
message is received by B, he will use his private key to decrypt the message and regenerate the
original message.
5.1.4 ANTIVIRUS
There are verities of malicious programs like virus, worms, trojan horse, etc that are spread over
internet to compromise the security of a computer either to destroy data stored into the computer
or gain financial benefits by sniffing passwords etc. To prevent these malicious codes to enter to
your system, a special program called an anti-virus is used which is designed to protect the system
against virus. It not only prevents the malicious code to enter the system but also detects and
destroys the malicious code that is already installed into the system. There are lots of new viruses
coming every day. The antivirus program regularly updates its database and provides immunity to
the system against these new viruses, worms, etc.
5.1.5 FIREWALL
It is a hardware/software which acts as a shield between an organization‟s network and the internet
and protects it from the threats like virus, malware, hackers, etc. It can be used to limit the persons
who can have access to your network and send information to you. There are two type of traffic in
an organization viz. inbound traffic and outbound traffic. Using firewall, it is possible to configure
and monitor the traffic of the ports. Only the packets from trusted source address can enter the
organization‟s network and the sources which are blacklisted and unauthorized address are denied
access to the network. It is important to have firewalls to prevent the network from unauthorized
access, but firewall does not guarantee this until and unless it is configured correctly. A firewall can
be implemented using hardware as well as software or the combination of both.
Hardware Firewalls: example of hardware firewalls are routers through which the network is
connected to the network outside the organization i.e. Internet.
Software Firewalls: These firewalls are installed and installed on the server and client machines and
it acts as a gateway to the organizations‟ network.
In the operating system like Windows 2003, Windows 2008 etc. it comes embedded with the
operating system. The only thing a user need to do is to optimally configure the firewall according to
their own requirement. The firewalls can be configured to follow “rules” and “policies” and based on
these defined rules the firewalls can follow the following filtering mechanisms.
Proxy- all the outbound traffic is routed through proxies for monitoring and controlling the packet
that are routed out of the organization.
Packet Filtering- based on the rules defined in the policies each packet is filtered by their type,
port information, and source & destination information. The example of such characteristics is IP
address, Domain names, port numbers, protocols etc. Basic packet filtering can be performed by
routers.
Stateful Inspection: rather than going through all the field of a packet, key features are defined.
The outgoing/incoming packets are judged based on those defined characteristics only.
The firewalls are an essential component of the organizations‟ network. They not only protect the
organization against the virus and other malicious code but also prevent the hackers to use your
network infrastructure to launch DOS attacks.
5.1.6 STEGANOGRAPHY
It is a technique of hiding secret messages in a document file, image file, and program or protocol
etc. such that the embedded message is invisible and can be retrieved using special software. Only
the sender and the receiver know about the existence of the secret message in the image. The
advantage of this technique is that these files are not easily suspected. There are many applications
of steganography which includes sending secret messages without ringing the alarms, preventing
secret files from unauthorized and accidental access and theft , digital watermarks for IPR issues,
etc. Let us discuss how the data is secretly embeded inside the cover file( the medium like image,
video, audio, etc which is used for embed secret data) without being noticed. Let us take an example
of an image file which is used as a cover mediem. Each pixel of a high resolution image is
represented by 3 bytes(24 bits). If the 3 least significant bits of this 24 bits are altered and used for
hiding the data, the resultant image, after embeded the data into it, will have unnoticible change in
the image quality and only a very experienced and tranined eyes can detect this change. In this way,
evcery pixel can be used to hide 3 bits of information. Similerly, introducing a white noise in an audio
file at regular or randon interval can be used to hide data in an audio or video files. There are various
free softwares available for Steganography. Some of the popular ones are: QuickStego, Xiao,
Tucows, OpenStego, etc.
Prediction is the easiest way to start securing data. Appraising data, identifying potential parties that
would have interest in it, and anticipating events that may trigger attacks are all predictive
measures. However, there are also more technical forms of prediction. These methods will be
supported by the application of AI and other technologies to analyze surrounding activity instead of
personal security. This may include analyzing dark data produced in a workplace to accurately gauge
or identify malicious actors.
Prevention is the most common form of cyber security, but is often inefficient or insufficient. This
line of defense includes unique passwords with frequent changes, encryption of all data
transmissions across any network, firewalls, securely developed applications, restricted access to
data, limited authorizations, regular security testing and tightly secured stored data. Prevention also
means establishing an information security policy and network security protocols that are strictly
adhered to. An organization is only as safe as its least careful employee with access.
Detection is the most important aspect of protection. It is the 24/7 surveillance of vulnerable targets
and gateways. Organizations should run “fire drills” of hacking frequently, weekly if not daily, to test
their response systems. No software or network is fully patched or protected, so finding the gaps in
protection is essential. Detection includes having a dedicated development security operation
(DevSecOps) team, where security begins from day one of development. Gone are the days of
creating a product or service and securing it from the outside, relying on a lengthy chain of
communication. Having a one-stop unit that secures its products and detects future vulnerabilities
means faster secure response time.