The document discusses cyber security threats such as malware, phishing, denial of service attacks, and weak security practices. It describes common attack methods like SQL injection, distributed denial of service attacks, and cross-site scripting. The document also covers hacking tools, the attack lifecycle, common defenses, safety tips, and security models to protect against cyber attacks.

1. Know your Attacker
Submitted by: Arun Velayudhan

2. What is cyber security ?
Cyber security practice is to provide solution to protect any
enterprise information systems to make it secure and hack
free.
To provide best practices which addresses secure
interoperability, usability and privacy continues to be need of
the hour.
www.learnfact.in

3. Type of Attacks
• Malware
– A malicious code that damages/disables and steals information from the computer
– Botnets, Viruses, Trojan horses, backdoor, spyware and adware are some examples
of malwares
• Phishing
– Disclosing confidential information or downloading malware by clicking on a hyperlink
in the message.
• Spear Phishing
– Same as phishing but more targeted where the attacker learns about the victim and
impersonates someone he or she knows and trusts.
• Man in the middle attack
– Attacker establishes a position between the sender and recipient of electronic
messages and interrupt them.
• Denial of service attack
• SQL injection
• Zero day exploit
– A zero-day vulnerability is a software security flaw but doesn’t have a patch in place to
fix the flaw.
• DNS tunneling
www.learnfact.in

4. Type of Attacks
• Non technical attacks
– Physical attacks like entering your secured building etc.
• Network attacks
– Unsecured Wireless access point
– Exploiting via ports
– Installing network analyzer and capturing the packet
• Operating System attacks
– Missing patches
– Cracking password and weak security implementation
• Application attacks
– Mobile App attacks
– Web Application
www.learnfact.in

5. Attack Carriers
• File Transfer Apps
• Instant messaging Apps
• Webmail
• Social Media platforms
• Micro blogging
• Collaboration Apps
www.learnfact.in

6. Common Attack
• SQL injection attack
– SQL Injection is a type of cyber-attack that targets databases through SQL
statements
– executed via a website interface
– Poorly coded are prone to SQL injection attacks
• Distributed Denial-of-Service (DDoS)
– Acts like a traffic jam
– Flooding the network traffic
• Cross-site scripting (XSS) attacks
– Data enters a Web application through an untrusted source, most frequently
a web request.
• Weak security practices and undisclosed vulnerabilities
www.learnfact.in

7. Hackers
• Black hat hackers
– External unauthorized users try to compromise your environment
• White hat hackers
– White-hat hackers are often referred to as ethical hackers
• Grey hat hackers
– Grey hats exploit networks and computer systems in the way that black hats
do, but do so without any malicious intent, disclosing all loopholes and
vulnerabilities to law enforcement agencies or intelligence agencies.
www.learnfact.in

8. Common Hacking Tools
• Rootkits
– Rootkit is 2 different words. Root and Kit.
– Rootkit is a set of tools that enables root- or administrator-level access on a
computer system
– Allows hackers to gain remote access via backdoor
• Key loggers
– records every key pressed on a system
– key loggers arrive as malware that allows cybercriminals to steal sensitive
data.
– Key loggers can capture credit card numbers, personal messages, mobile
numbers etc.
www.learnfact.in

9. Attack lifecycle
• Infection
– Luring users to click on a bad link
– Infect the target system with malware
• Persistence
– Rootkits and bootkits are installed on compromised systems
• Communication
– Communicating with other infected systems
• Command and Control
– Capture the infected systems and enable command and control over the
infected systems to extract stolen data
www.learnfact.in

10. Common Defense mechanism
• Firewall
• Intrusion prevention
• Antivirus
• Content Filtering
• Web Application Firewall
www.learnfact.in

11. Common safety tips
• Keep updated your security patches regularly
• Avoid easy and dictionary password. Use strong
passwords.
• Avoid opening attachments from unknown sender or
recipient
www.learnfact.in

12. Protection Strategy
• Design best security policy
• Application controls
• User controls
• Network controls
• End Point controls
• Enforce drive-by-download protection
• Track unknown and unclassified URLs
www.learnfact.in

13. Security Methods & Models
• OWASP ( www.owasp.org)
• SecureITree (https://www.amenaza.com)
• OpenGroup (https://www.opengroup.org)
www.learnfact.in

14. Mail: info@learnfact.in
Mail: arun.velayudhan@tutelage.co.in
Web: www.learnfact.in
Web: www.cybkey.com
Thank You
Contact us for:
Cyber security managed services
Cyber Security Training