2. Outline
Introduction to Cyber Security
CIA in Cyber Security
Major Security Problem - Cyber Attack
Types of Cyber Attack
Major Cyber attacks in INDIA
Cyber Security as Profession
2
3. What is the
meaning of
the word
CYBER
What is the need
of Cyber Security
What are the
security
problems in
Cyber field
How to
implement and
maintain
Security of a
Cyber field
around us.
4. It is acombining form relating to information
technology, the Internet, and virtual reality.
Meaning of the Word CYBER
5. Introduction to Cyber Security
â˘The term Cyber Security is used to refer to the
security offered through on-line services to
protect your information.
â˘Cyber Security is protection against the criminal
or unauthorized use of electronic data
5
6. Why Cyber Security is important?
6
⢠Cyber Security is not a one-time process to
achieve
⢠It is an ever growing challenge encountered
from time to time
⢠When old problems are fixed and rectified, new
targeted attacks challenge the Cyberspace
⢠Cyber security is a process by itself and not the
end
8. Top Five Risks- Global Instability
⢠According to the World Economic Forumâs Global
Risk Report 2018, Cyber-attacks are 3rd threat the
World is facing today after natural disasters
Top 5
Risks
Natural disaster
Extreme
weather
conditions
Cyber-Attacks
Data frauds
Failure to
address climate
change
8
9. Definition of Cyber Attack
9
CIA of the
Internet or
⢠It refers to compromise in the
resources or data stored in a
Intranet connected computer
⢠Deliberate exploitation of computer system
resources, networks and technology connected
through WWW
⢠Compromises data by injecting malicious code
into the actual code
10. First- Major Cyber Attack
10
⢠The Morris worm (1988) is the first known
major cyber-attack
⢠It was used as a weakness in the UNIX system
and it replicated itself
⢠The worm was developed by Robert T
apan
Morris
⢠He was the first person ever to be convicted
under the US computer fraud and abuse act
15. Hackers
In common a hacker is a person who breaks
into computers, usually by gaining access to
administrative controls.
16. How To prevent hacking
It may be impossible to prevent computer hacking,
however effective security controls including strong
passwords, and the use of firewalls can helps.
17. Malware
The word "malware" comes from the term
"MALicious softWARE."
Malware is any software that infects and damages a
computer system without the owner's knowledge or
permission.
18. To Stop Malware
Download anti-malware program that also
helps prevent infections.
Activate Network Threat Protection,
Firewall, Antivirus.
19. Trojan Horses
Trojan horses are
email viruses that can
duplicate themselves,
steal information, or
harm the computer
system.
These viruses are the
most serious threats to
computers
20. How to Avoid Trojans
Security suites,
such as Avast
Internet Security,
will prevent you
from downloading
Trojan Horses.
21. Most Common types of Cyber-attacks
CyberAttack
types
DoS and DDoS attack
XSS attack
SQL Injection attack
Man-in-the-Middle attack
Birthday attack
Password attack
Eavesdropping attack
Phishing and spear
phishing attack
Drive-by download
attack
21
28. Major Cyber attacks in india
Cosmos Bank Cyber Attack in Pune
UIDAI Aadhaar Software Hacked
ATM System Hacked
Bib B Amitabh Bachchan âs Twitter Account
Hacked! --Social media hack
Facebook database leak data of 419 million users
Personal Data Exposed from JustDial Database
Data Breach in BIGBASKET
29. Cyber Security Measures for Organizations to
Prevent Cyber Attacks
1)Educate employees on the emerging cyber attacks with security
awareness training.
2) Keep all software and systems updated from time to time with the
latest security patches.
3)Get regular Vulnerability Assessment and Penetration Testing to
patch and remove the existing vulnerabilities in the network and web
application
.
4)Limit employee access to sensitive data or confidential information
and limit their authority to install the software.
5)Use highly strong passwords for accounts and make sure to update
them at long intervals.
32. Network Attack Prevention Tips
Install Software Updates
Use Unique Password
Use Two Factor AUTHENTICATION
USE STRONG PASSSWORD and PASSWORD
MANAGER
Use a firewall for your Internet connection.
Browse Safely Online and Clear Browser after
Leaving Computer
33. Tools used for Cyber Security
Common tools
used to prevent
Data Leakage
Passwords
Anti-Virus/ Anti-Malware Software
Software Patches
Firewalls
Authentication
Encryption
33
39. Conclusion
39
â˘We are living in digital era and digital technology
has transformed our lives promoting the need for
Cyber Security
⢠Cyber Attacks have started affecting most of the
systems today because of the dependency on
technology
⢠It is very important to know what are Cyber Attacks
and how the Cyber Attacks affect the system
Confidentiality is roughly equivalent to Confidentiality measures are designed to prevent sensitive information from unauthorized access attempts.
It is common for data to be categorized according to the amount and type of damage that could be done if it fell into the wrong hands. More or less stringent measures can then be implemented according to those categories.
Integrity involves maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle. Data must not be changed in transit, and steps must be taken to ensure data cannot be altered by unauthorized people (for example, in a breach of confidentiality).
Availability means information should be consistently and readily accessible for authorized parties. This involves properly maintaining hardware and technical infrastructure and systems that hold and display the information.
The attacker can do any of the following after gaining access to your network:
⢠Block the traffic, resulting in a loss of access to the network by authorized users.
⢠Send invalid data to applications or network services causing unexpected behavior of the applications or services.
⢠Flood a computer or the entire network with traffic until an overload happens causing shutdown.
DOS ATTACK TYPES
1. (S)SYN floodA SYN flood is a type of DOS attack in which an attacker sends a series of SYN requests to a targetâs system in an attempt to use vast amounts of server resources to make the system unresponsive to legitimate traffic.
2. Teardrop attacksA teardrop attack involves the hacker sending broken and disorganized IP fragments with overlapping, over-sized payloads to the victims machine. The intention is to obviously crash operating systems and servers due to a bug in the way TCP/IP fragmentation is re-assembled. All operating systems many types of servers are vulnerable to this type of DOS attack, including Linux.
3. Low-rate Denial-of-Service attacksDonât be fooled by the title, this is still a deadly DoS attack! The Low-rate DoS (LDoS) attack is designed to exploit TCPâs slow-time-scale dynamics of being able to execute the retransmission time-out (RTO) mechanism to reduce TCP throughput. In short, a hacker can create a TCP overflow by repeatedly entering a RTO state through sending high-rate and intensive bursts â whilst at slow RTO time-scales. The TCP throughput at the victim node will be drastically reduced while the hacker will have low average rate thus making it difficult to be detected.
4. Internet Control Message Protocol (ICMP) floodInternet Control Message Protocol (ICMP) is a connectionless protocol used for IP operations, diagnostics, and errors. An ICMP Flood â the sending of an abnormally large number of ICMP packets of any type (especially network latency testing âpingâ packets) â can overwhelm a target server that attempts to process every incoming ICMP request, and this can result in a denial-of-service condition for the target server.
5. Peer-to-peer attacksA peer-to-peer (P2P) network is a distributed network in which individual nodes in the network (called âpeersâ) act as both suppliers (seeds) and consumers (leeches) of resources, in contrast to the centralized clientâserver model where the client server or operating system nodes request access to resources provided by central servers
Security Solutions
Monitoring the packets to save your server from the entrance of the counterfeit packets.
Timely upgrading of the security patches on your hostâs operating system.
Beware of running of your server very close to the last level of the capacity.
Attacker is monitoring, capturing and controlling data sent between you and the person whom you are communicating with transparently
At low levels of communication on the network layer, computers might not be able to determine with whom they are exchanging data.
Attacker assumes your identity and attempts to gather as much information as possible, while the person youâre communicating with thinks it is you.
Man-In-The-Middle (MITM) attack is the type of attack where attackers intrude into an existing communication between two computers and then monitor, capture, and control the communication. In Man-in-the-middle attack, an intruder assumes a legitimate users identity to gain control of the network communication. The other end of the communication path might believe it is you and keep on exchanging the data.
Man-in-the-Middle (MITM) attacks are also known as "session hijacking attacks", which means that the attacker hijacks a legitimate user's session to control the communication.
A man-in-the-middle attack occurs when someone between you and the person with whom you are communicating is actively monitoring, capturing, and controlling your communication transparently.
When computers are communicating at low levels of the network layer, the computers might not be able to determine with whom they are exchanging data exactly.
For example, the attacker can re-route a data exchange.
Man-in-the-middle attacks are like someone assuming your identity in order to read your communications. The person on the other end may believe it is you because the attacker might be actively replying as you to keep the exchange going and get the desired information.
This attack is capable of the same damage as an application-layer attack.
Security Solutions
Many preventive methods are available for Man-In-The-Middle (MITM) attack and some are listed below.
⢠Public Key Infrastructure (PKI) technologies,
⢠Verifying delay in communication
⢠Stronger mutual authentication
Using Public Key Infrastructures based authentications. It not only protects the applications from eavesdropping and other attacks but also validates the applications as a trusted one. Both the ends are authenticated hence preventing (MITM) Man-in-the-middle-attack.
Setting up passwords and other high level secret keys in order to strengthen the mutual authentication.
Time testing techniques such as Latency examination with long cryptographic hash functions confirming the time taken in receiving a message by both the ends. Suppose if the time taken by a message to be delivered at one end is 20 seconds and if the total time taken exceeds up to 60 seconds then it proves the existence of an attacker.
The ability to inject packets into the Internet with a false source address is known as IP spoofing,
IP spoofing is used by an attacker to convince a system that it is communicating with a known, trusted entity and provide the attacker with access to the system. The attacker sends a packet with the IP source address of a known, trusted host instead of its own IP source address to a target host. The target host might accept the packet and act upon it.
IP Address Spoofing Attacks
IP address spoofing is one of the most frequently used spoofing attack methods. In an IP address spoofing attack, an attacker sends IP packets from a false (or âspoofedâ) source address in order to disguise itself. Denial-of-service attacks often use IP spoofing to overload networks and devices with packets that appear to be from legitimate source IP addresses.
There are two ways that IP spoofing attacks can be used to overload targets with traffic. One method is to simply flood a selected target with packets from multiple spoofed addresses. This method works by directly sending a victim more data than it can handle. The other method is to spoof the targetâs IP address and send packets from that address to many different recipients on the network. When another machine receives a packet, it will automatically transmit a packet to the sender in response. Since the spoofed packets appear to be sent from the targetâs IP address, all responses to the spoofed packets will be sent to (and flood) the targetâs IP address.
IP spoofing attacks can also be used to bypass IP address-based authentication. This process can be very difficult and is primarily used when trust relationships are in place between machines on a network and internal systems. Trust relationships use IP addresses (rather than user logins) to verify machinesâ identities when attempting to access systems. This enables malicious parties to use spoofing attacks to impersonate machines with access permissions and bypass trust-based network security measures.
Security Solutions
Filtering of packets entering into the network is one of the methods of preventing Spoofing. In other hand, filtering of incoming and outgoing traffic should also be implemented.
ACLs helps prevent Spoofing by not allowing falsified IP addresses to enter.
Accreditation to encryption should be provided in order to allow only trusted hosts to communicate with.
SSL certificates should be used to reduce the risk of spoofing at a greater extent.
SQL (pronounced âsequelâ) stands for structured query language; itâs a programming language used to communicate with databases. Many of the servers that store critical data for websites and services use SQL to manage the data in their databases. A SQL injection attack specifically targets this kind of server, using malicious code to get the server to divulge information it normally wouldnât. This is especially problematic if the server stores private customer information from the website, such as credit card numbers, usernames and passwords (credentials), or other personally identifiable information, which are tempting and lucrative targets for an attacker.
An SQL injection attack works by exploiting any one of the known SQL vulnerabilities that allow the SQL server to run malicious code. For example, if a SQL server is vulnerable to an injection attack, it may be possible for an attacker to go to a website's search box and type in code that would force the site's SQL server to dump all of its stored usernames and passwords for the site.Â
SQL injection attack is another type of attack to exploit applications that use client-supplied data in SQL statements. Here malicious code is inserted into strings that are later passed to database application for parsing and execution. The common method of SQL injection attack is direct insertion of malicious code into user-input variables that are concatenated with SQL commands and executed. Another type of SQL injection attack injects malicious code into strings and are stored in tables. An SQL injection attack is made later by the attacker.
Following example shows the simplest form of SQL injection.
var UserID;UserID = Request.form ("UserID");var InfoUser = "select * from UserInfo where UserID = '" + UserID + "'";
If the user fills the field with correct information of his UserID (F827781), after the script execution the above SQL query will look like
SELECT * FROM UserInfo WHERE UserID = 'F827781'
Consider a case when a user fills the field with the below entry.
F827781; drop table UserInfo--
After the execution of the script, the SQL code will look like
SELECT * FROM UserInfo WHERE UserID = ' F827781';drop table UserInfo--
This will ultimately result in deletion of table UserInfo
XSS attacks use third-party web resources to run scripts in the victimâs web browser or scriptable application. Specifically, the attacker injects a payload with malicious JavaScript into a websiteâs database. When the victim requests a page from the website, the website transmits the page, with the attackerâs payload as part of the HTML body, to the victimâs browser, which executes the malicious script. For example, it might send the victimâs cookie to the attackerâs server, and the attacker can extract it and use it for session hijacking. The most dangerous consequences occur when XSS is used to exploit additional vulnerabilities. These vulnerabilities can enable an attacker to not only steal cookies, but also log key strokes, capture screenshots, discover and collect network information, and remotely access and control the victimâs machine.
Beware! Cyber security attacks in India grew 194% in 2020
Recently, grocery delivery platform Bigbasket faced a data breach where over 2 Cr users data was compromised
375 cyberattacks
'India sees 375 cyberattacks everyday'17-Nov-2020
Government data shows that in 2019 alone, India witnessed 3.94 lakh instances of cybersecurity breaches. In terms of hacking of state and central government websites, Indian Computer Emergency Response Team (CERT-In) data shows that a total of 336 websites belonging to central ministries, departments and state governments were hacked between 2017 and 2019
2018 started with a massive data breach of personal records of 1.1 Billion Indian Aadhaar cardholders. UIDAI revealed that around 210 Indian Government websites had leaked Aadhaar details of people online. Data leaked included Aadhaar, PAN and mobile numbers, bank account numbers, IFSC codes and mostly every personal information of all individual cardholders. If it wasnât enough shocking, anonymous sellers were selling Aadhaar information of any person for Rs. 500 over Whatsapp. Also, one could get any personâs Aadhaar car printout by paying an extra amount of Rs.300.Â
Â
Around mid-2018, Canara bank ATM servers were targeted in a cyber attack. Almost 20 lakh rupees were wiped off from various bank accounts.
here can be a question that social media profiles are subjected to hacking all the time. But with Amitabh Bachanâs statitude the hack became controversial and was announced as one of the Cyber Attacks on IndiaLately, Amitabh Bachchanâs twitter handle got hacked and the perpetrators posted hateful messages putting everybody in shock.
An unprotected API end was the issue in this incident. Justdial one of Indiaâs leading local search platform let a loose end which exposed all of their user data who accessed their services through the web, mobile, and their phone number.
Leaked data includes name, email, number, address gender, etc. the shocking part according to reports is that since 2015 the API has been exposed like this.
1.Metasploit Framework â an open source tool for exploit development and penetration testing Metasploit is well known in the security community. Metasploit has exploits for both server and client based attacks; with feature packed communication modules (meterpreter) that make pwning systems fun! The framework now includes Armitage for point and click network exploitation. This is the go to tool if you want to break into a network or computer system.
Defending against Metasploit:
Keep all software updated with the latest security patches.
Use strong passwords on all systems.
Deploy network services with secure configurations.
2.Ettercap â a suite of tools for man in the middle attacks (MITM). Once you have initiated a man in the middle attack with Ettercap use the modules and scripting capabilities to manipulate or inject traffic on the fly. Sniffing data and passwords are just the beginning; inject to exploit FTW!
Defending against Ettercap:
Understand that ARP poisoning is not difficult in a typical switched network.
Lock down network ports.
Use secure switch configurations and NAC if risk is sufficient.
3.sslstrip â using HTTPS makes people feel warm, fuzzy and secure. Using sslstrip this security can be attacked, reducing the connection to an unencrypted HTTP session, whereby all the traffic is readable. Banking details, passwords and emails from your boss all in the clear. Even includes a nifty feature where the favicon on the unencrypted connection is replaced with a padlock just to make the user keep that warm and fuzzy feeling.
Defending against sslstrip:
Be aware of the possibility of MITM attacks (arp, proxies / gateway, wireless).
Look for sudden protocol changes in browser bar. Not really a technical mitigation!
4.evilgrade â another man in the middle attack. Everyone knows that keeping software updated is the way to stay secure. This little utility fakes the upgrade and provides the user with a not so good update. Can exploit the upgrade functionality on around 63 pieces of software including Opera, Notepad++, VMware, Virtualbox, itunes, quicktime and winamp! It really whips the llamas ass!
Defending against evilgrade:
Be aware of the possibility of MITM attacks (arp attacks, proxy / gateway, wireless).
Only perform updates to your system or applications on a trusted network.
5. 5.Social Engineer Toolkit â makes creating a social engineered client side attack way too easy. Creates the spear phish, sends the email and serves the malicious exploit. SET is the open source client side attack weapon of choice.
Defending against SET:
User awareness training around spear phishing attacks.
Strong Email and Web filtering controls.
6.sqlmap â SQL Injection is an attack vector that has been around for over 10 years. Yet it is still the easiest way to get dumps of entire databases of information. Sqlmap is not only a highly accurate tool for detecting sql injection; but also has the capability to dump information from the database and to even launch attacks that can result in operating system shell access on the vulnerable system.
Defending against sqlmap:
Filter all input on dynamic websites (secure the web applications).
Use mod_proxy or other web based filtering controls to help block malicious injection attacks (not ideal as often able to bypass these web application firewalls (WAF).
7. Cain and Abel â Cracking passwords, sniffing VOIP and Man in the Middle (MITM) attacks against RDP are just a few examples of the many features of this Windows only tool.
Defending against Cain and Abel:
Be aware of the possibility of MITM attacks (arp attacks, untrusted proxy / gateway, wireless).
Use strong passwords everywhere.