CYBER SECURITY & CYBER LAWS

First Step towards IT world

By CMC Pvt Ltd
MODULE -III
PARTICIPANTS MANUAL
Table of Contents

Chapter 1: Basic Cyber Security, Types of cyber threats.

Chapter 2: Cybercrime & Cyber laws.

Chapter 3: Computer virus & computer Worm.

Chapter 4: Targeted attacks, Spam & Phishing Scam.

Chapter 5: Malware type & classification tree.

Chapter 6: Data security & Solution.

Chapter 7: Web application

security. Chapter 8: Mobile Cyber-

attacks.

Chapter 9: Bluetooth attacks & its

security. Chapter 10: Cryptography & its

types.

1
 Chapter 1

Basic Cyber Security, Types of cyber threats.

Objective of this Chapter

 Introduction of Cyber security

 History of internet
 World wide web
 Type of cyber threats

2
What is Cyber Security?
Cyber security is the
practice of defending
computers, servers,
mobile devices,
electronic systems,
networks, and data from
malicious attacks. It's
also known as
information technology
security or electronic
information security.
The term applies in a
variety of contexts, from
business to mobile
computing, and can be
divided into a few
common categories.

Network security is the

practice of securing a computer network from intruders, whether
targeted attackers or opportunistic malware.

 Application security focuses on keeping software and devices free of

threats. A compromised application could provide access to the data
its designed to protect. Successful security begins in the design stage,
well before a program or device is deployed.
 Information security protects the integrity and privacy of data, both in
storage and in transit.
 Operational security includes the processes and decisions for handling
and protecting data assets. The permissions users have when
accessing a network and the procedures that determine how and
where data may be stored or shared all fall under this umbrella.
 Disaster recovery and business continuity define how an organization
responds to a cyber-security incident or any other event that causes
the loss of operations or data. Disaster recovery policies dictate how
the organization restores its operations and information to return to
the same operating capacity as before the event. Business continuity
is the plan the organization falls back on while trying to operate
without certain resources.
 End-user education addresses the most unpredictable cyber-security
factor: people. Anyone can accidentally introduce a virus to an
otherwise secure system by failing to follow good security practices.
Teaching users to delete suspicious email attachments, not plug in
unidentified USB drives, and various other important lessons is vital
for the security of any organization.

THE IMPORTANCE OF CYBER SECURITY

3
Cyber security is important because government, military, corporate,
financial, and medical organizations collect, process, and store unprecedented
amounts of data on computers and other devices. A significant portion of that
data can be sensitive information,

4
whether that be intellectual property, financial data, personal information, or
other types of data for which unauthorized access or exposure could have
negative consequences. An organization transmit sensitive data across
networks and to other devices in the course of doing businesses, and cyber
security describes the discipline dedicated to protecting that information and
the systems used to process or store it. As the volume and sophistication
of cyber-attacks grow, companies and organizations, especially those that
are tasked with safeguarding information relating to national security, health,
or financial records, needs to take steps to protect their sensitive business and
personnel information. As early as March 2013, the nation‘s top intelligence
officials cautioned that cyber-attacks and digital spying are the top threat to
national security, eclipsing even terrorism.

History of Internet
I don‘t know what the cold war between USA and Russia gave to the world,
but defiantly the internet is one of those very useful inventions whose
foundation was laid during cold war days. Russia launched the world‘s first
satellite, SPUTNIK into the space on 4th October, 1957. This was clearly the
victory of Russia over the cyber space and as a counter step, Advanced
Research Projects Agency, the research arm of Department of Defiance, United
States, declared the launch of ARPANET (Advanced Research Projects Agency
Network) in early 1960‟s. This was an experimental network and was designed
to keep the computers connected to the this network to communicate with
each other even if any of the node, due to the bomb attack, fails to respond.
The first message was sent over the ARPANET, a packing switching network, by
Leonard Kleinrock's laboratory at University of California, Los Angeles (UCLA).
You will be surprised to know that the fist message that was sent over internet
was ―LO‖. Actually they intended to send work
―LOGIN‖ and only the first two letters reached its destination at second
network node at Stanford Research Institute (SRI) and before the last three
letters could reach the destination the network was down due to glitch. Soon
the error was fixed and the message was resent and it

The major task that ARPANET have to play is to develop rules for
communication i.e. protocols for communicating over ARPANET. The
ARPANET in particular led to the development of protocols for
internetworking, in which multiple separate networks could be joined into
a network of networks. It resulted in the development if TCP/IP protocol
suite, which specifies the rules for joining and communicating over
APRANET.
Soon after, in 1986 NSF(national Science Foundation) backbone was created to
and five US universities‟ computing centres were connected to form NSFnet.
The participating Universities were:
 Princeton University -- John von Neumann National Supercomputer Center, JvNC
 Cornell University -- Cornell Theory Center, CTC
 University of Illinois at Urbana-Champaign -- National Center for
Supercomputing Applications, NCSA
 Carnegie Mellon University -- Pittsburgh Supercomputer Center, PSC
 General Atomics -- San Diego Supercomputer Center, SDSC
5
NFSnet, the successor of ARPAnet, become popular by 1990 and ARPANET was
decommissioned. There were many parallel networks developed by other
Universities and

6
other countries like United Kingdom. In 1965, National Physical
Laboratory(NPL) proposed a packing switching network.
Michigan Educational Research Information Triad formed MERIT network in
1966 which was funded and supported by State of Michigan and the National
Science Foundation (NSF). France also developed a packet switching network,
known as CYCLADES in 1973.

Now there were many parallel systems working on different protocols and the scientist were looking for
some common standard so that the networks could be interconnected. In 1978, TCP/IP protocol suits
were ready and by 1983, the TCP/IP protocols were adopted by ARPANET.
In 1981, the integration of two large networks took place. NFS developed Computer Science Network
(CSNET) and was connected to ARPANET using TCP/IP protocol suite. Now the network was not only
popular among the research community but the private played also took interest in the network. Initially
NFS supported speed of 56 kbit/s. It was upgraded to 1.5 Mbit/s in 1988 to
facilitate the growth of network by involving merit network, IBM, MCA and the
state of Michigan.
After the cooperates took realized the strength and merit of this network, they
particepitaqted in the development of the network to ripe its benefits. By late
1980s many Internet Service Providers (ISPs) emerged to provide the backbone
for carrying the network traffic. By 1991, NFSNET was expended and was
upgraded to 45Mbit/s. Many commercial ISPs provided backbone serive and
were popular among the corporate. To facilitate the commercial use of the
network, NFSNET was decommissioned in 1995 and now the Internet could
carry commercial traffic. Now more and more Universities and
research centres throughout the world connected to it. Now this network was
very popular amongs the research community and in 1991 National Research
and Education Network (NREN) was founded and the World Wide Web was
released. Initially the role of internet was only limited to file transfer. The credit
of internet what we see it today goes to Tim Berners-Lee who introduced
www.With the advent of www, there was a transformation on how the network
was used. Now this web of information can be used to retrieve any information
available over the internet. Software called, browser was developed to browse
the internet. It was developed by researchers at University of Illinois in 1992
and named as Mosaic. This browser enables to browse the internet the way we
browse it today.

World Wide Web

Sometimes we interchangeably use the term internet and world
wide web or simply the web, as it is popularly known as. But web is
only one of the several the utilities that internet provides. Some of
the popular service that internet provides other then web is e-mail,
usenet, messaging service, FTP, etc. The web use HTTP protocol to
communicate over internet and to exchange information. The web
was developed at CERN (Europeen de Reserches Nucleaires),
Switzerland) by a UK scientist Tim Berners-Lee in 1989. It consists
of all the public web sites and all the devices that access the web
content. WWW is an information sharing model which is developed
to exchange information over the internet. There are plenty of
7
public websites, which is a collection of web pages, available over
the internet. These web- pages contain plenty of information in a
form of text, videos, audio and picture format. These web pages are
access using a application software called a web browser. Some of
the examples of the popular web browser are: Internet explorer,
Chrome, Safari, Firefox, etc.

8
So this was a little indroduction about internet and how it functions.
Now let us discuss about cybercrime.

Types of cyber threats

The threats countered by cyber-security are three-fold:

1. Cybercrime includes single actors or groups targeting systems for financial

gain or to cause disruption.
2. Cyber-attack often involves politically motivated information gathering.
3. Cyber terrorism is intended to undermine electronic systems to cause panic or fear.

So, how do malicious actors gain control of computer system? Here are some
common methods used threaten cyber-security.

Cyber Security and the Internet of Things: Vulnerabilities, Threats,

Intruders and Attacks

9
 Chapter 2

Cybercrime & Cyber laws.

Objective of this Chapter

 Introduction of Cybercrime
 Risk & protect yourself of Cybercrime
 Cyber laws in India

10
What is Cybercrime?

Perhaps the most dangerous types of malware creators are the hackers and
groups of hackers that create malicious software programs in an effort to meet
their own specific criminal objectives. These cybercriminals create computer
viruses and Trojan programs that can:

 Steal access codes to bank accounts

 Advertise products or services on a victim‘s computer
 Illegally use an infected computer‘s resources – to develop and run:
 Spam campaigns
 Distributed Network Attacks (also called DDoS attacks)
 Blackmailing operations

How to protect yourself against Cybercrime?

With cybercriminals using so many techniques to attack users‘ computers and
data, multi- layer defenses are a necessity. Anti-malware solutions that
combine signature-based detection, heuristic analysis and cloud-assisted
technologies can do more to defend your devices and data against new,
sophisticated threats.

Kaspersky Lab is recognized for its world-class, multi-layer anti-malware

products that can protect a range of computers and devices against
cybercrime, including:

 Windows PCs
 Linux computers
 Apple Macs
11
 Smartphones
 Tablets

12
History of Cyber laws:

"Cyber" is a prefix used to describe a person, thing, or idea as part

of the computer and information age. Taken from kybernetes, Greek
word for "steersman" or "governor," it was first used in cybernetics,
a word coined by Norbert Wiener and his colleagues. The virtual
world of internet is known as cyberspace and the laws governing
this area are known as Cyber laws and all the netizens of this space
come under the ambit of these laws as it carries a kind of universal
jurisdiction. Cyber law can also be described as that branch of law
that deals with legal issues related to use of inter-networked
information technology. In short, cyber law is the law governing
computers and the internet.

The growth of Electronic Commerce has propelled the need for

vibrant and effective regulatory mechanisms which would further
strengthen the legal infrastructure, so crucial to the success of
Electronic Commerce. All these regulatory mechanisms and legal
infrastructures come within the domain of Cyber law.

Cyber law is important because it touches almost all aspects of

transactions and activities on and involving the internet, World
Wide Web and cyberspace. Every action and reaction in cyberspace
has some legal and cyber legal perspectives.

Cyber law encompasses laws relating to –

 Cyber crimes
 Electronic and digital signatures
 Intellectual property
 Data protection and privacy

Need for Cyber law

In today‘s techno-savvy environment, the world is becoming more

and more digitally sophisticated and so are the crimes. Internet was
initially developed as a research and information sharing tool and
was in an unregulated manner. As the time passed by it became
more transactional with e-business, e-commerce, e-governance and
e-procurement etc. All legal issues related to internet crime are dealt
with through cyber laws. As the number of internet users is on the
rise, the need for cyber laws and their application has also gathered
great momentum.

In today's highly digitalized world, almost everyone is affected by

cyber law. For Example:

 Almost all transactions in shares are in dreamt form.

 Almost all companies extensively depend upon their computer
networks And keep their valuable data in electronic form.
13
 Government forms including income tax returns, company law
forms etc. Are now filled in electronic form.
 Consumers are increasingly using credit cards for shopping.

14
  Most people are using email, cell phones and SMS messages for communication.
 Cybercrime cases such as online banking frauds, online
share trading Fraud, source code theft, credit card fraud, tax
evasion, virus attacks, Cyber sabotage, phishing attacks,
email hijacking, denial of service, Hacking, pornography etc.
are becoming common.
 Digital signatures and e-contracts are fast replacing
conventional Methods of transacting business.

Important terms related to cyber law

"Access" with its grammatical variations and cognate expressions

means gaining entry into, instructing or communicating with the
logical, arithmetical, or memory function resources of a computer,
computer system or computer network. (Sec.2(1)(a) of IT Act,
2000)

"Addressee" means a person who is intended by the originator to

receive the Electronic record but does not include any intermediary.
(Sec.2(1)(b) of IT Act, 2000)
"Affixing Electronic Signature" with its grammatical variations and
cognate expressions means adoption of any methodology or
procedure by a person for the purpose of authenticating an electronic
record by means of Electronic Signature. (Sec.2(1)(d) of IT Act, 2000)

"Asymmetric Crypto System" means a system of a secure key pair

consisting of a private key for creating a digital signature and a
public key to verify the digital signature. (Sec.2(1)(f) of IT Act, 2000)

"Certifying Authority" means a person who has been granted a license

to issue a Electronic Signature Certificate under section 24. (Sec.2(1)
(g) of IT Act, 2000)

"Communication Device" means Cell Phones, Personal Digital

Assistance (Sic), or combination of both or any other device used to
communicate, send or Transmit any text, video, audio, or image.
(Sec.2(1)(ha) of IT Act, 2000)

"Computer" means any electronic, magnetic, optical or other high-speed data

processing device or system which performs logical, arithmetic, and memory
functions by manipulations of electronic, magnetic or optical
impulses, and includes all input, output, processing, storage,
computer software, or communication facilities which are
connected or related to the computer in a computer system or
computer network (Sec.2(1)(i) of IT Act, 2000)

"Computer Network" means the interconnection of one or more

Computers or Computer systems or Communication device through-
(i) the use of satellite, microwave, terrestrial line, wire,
wireless or other communication media; and
15
(ii)terminals or a complex consisting of two or more interconnected
computers or communication device whether or not the
interconnection is continuously maintained. (Sec.2(1)(j) of IT Act,
2000)

"Computer Resource" means computer, communication device, computer

16
system, computer network, data, computer database or software.
(Sec.2(1)(k) of IT Act, 2000)

"Computer System" means a device or collection of devices,

including input and output support devices and excluding
calculators which are not programmable and capable of being used
in conjunction with external files, which contain computer
programmes, electronic instructions, input data, and output data,
that performs logic, arithmetic, data storage and retrieval,
communication control and other functions. (Sec.2(1)(l) of IT Act,
2000)

"Cyber cafe" means any facility from where access to the Internet is
offered by any person in the ordinary course of business to the
members of the public. (Sec.2(1)(na) of IT Act, 2000)

"Cyber Security" means protecting information, equipment, devices,

computer, computer resource, communication device and
information stored therein from unauthorized access, use, disclosure,
disruption, modification or destruction. (Sec.2(1)(nb) of IT Act, 2000)

"Data" means a representation of information, knowledge, facts,

concepts or instructions which are being prepared or have been
prepared in a formalized manner, and is intended to be processed, is
being processed or has been processed in a computer system or
computer network and may be in any form (including computer
printouts magnetic or optical storage media, punched cards, punched
tapes) or stored internally in the memory of the computer.

"Digital Signature" means authentication of any electronic record by a

subscriber by means of an electronic method or procedure in
accordance with the provisions of section 3. (Sec.2(1)(p) of IT Act,
2000)

"Electronic Form" with reference to information means any information

generated, sent, received or stored in media, magnetic, optical, computer
memory, micro film, computer generated micro fiche or similar device.
(Sec.2(1)(r) of IT Act, 2000)

"Electronic Record" means data, record or data generated, image or

sound stored, received or sent in an electronic form or micro film or
computer generated micro fiche. (Sec.2(1)(t) of IT Act, 2000)

"Electronic signature" means authentication of any electronic

record by a subscriber by means of the electronic technique
specified in the second schedule and includes digital signature.
(Sec.2(1)(ta) of IT Act, 2000)

"Function", in relation to a computer, includes logic, control,

arithmetical process, deletion, storage and retrieval and
17
communication or telecommunication from or within a computer.
(Sec.2(1)(u) of IT Act, 2000)

"Information" includes data, message, text, images, sound,

voice, codes, computer programmes, software and databases or
micro film or computer generated micro fiche. (Sec.2(1)(v) of IT
Act, 2000)

18
"Intermediary" with respect to any particular electronic records,
means any person who on behalf of another person receives, stores
or transmits that record or provides any service with respect to that
record and includes telecom
service providers, network service providers, internet service providers,
web hosting service providers, search engines, online payment sites,
online-auction
sites, online market places and cyber cafes. (Sec.2(1)(w) of IT Act, 2000)

"Key Pair", in an asymmetric crypto system, means a private key and

its mathematically related public key, which are so related that the
public key can verify a digital signature created by the private key.
(Sec.2(1)(x) of IT Act, 2000)

"Originator" means a person who sends, generates, stores or

transmits any electronic message or causes any electronic
message to be sent, generated, stored or transmitted to any other
person but does not include an intermediary. (Sec.2(1)(za) of IT
Act, 2000)

"Private Key" means the key of a key pair used to create a digital
signature. (Sec.2(1)(zc) of IT Act, 2000)

"Secure System" means computer hardware, software, and procedure that -:

(a) are reasonably secure from unauthorized access and misuse;
(b)provide a reasonable level of reliability and correct operation;
(c) are reasonably suited to performing the intended functions; and
(d)adhere to generally accepted security procedures. (Sec.2(1)(ze)
of IT Act, 2000)

"Subscriber" means a person in whose name the Electronic

Signature Certificate is issued. (Sec.2(1)(zg) of IT Act, 2000)

CYBER LAW IN INDIA

In India, cyber laws are contained in the Information Technology Act,

2000 ("IT Act") which came into force on October 17, 2000. The main
purpose of the Act is to provide legal recognition to electronic
commerce and to facilitate filing of electronic records with the
Government.

The following Act, Rules and Regulations are covered under cyber laws:
1. Information Technology Act, 2000
2. Information Technology (Certifying Authorities) Rules, 2000
3. Information Technology (Security Procedure) Rules, 2004
4. Information Technology (Certifying Authority) Regulations, 2001
19
 Chapter 3
Computer Virus & Computer Worm

Objective of this Chapter

 Computer Virus
 Viruses Spread
 Viruses
 Computer Worm
 Trojan Viruses

20
 What is a Computer Virus?
An important distinction between computer viruses and worms is that viruses
require an active host program or an already-infected and active operating
system in order for viruses to run, cause damage and infect other executable
files or documents, while worms are stand-alone malicious programs that can
self-replicate and propagate via computer networks, without human help.

Viruses are typically attached to an executable file or a word document. They

often spread via P2P file sharing, infected websites, and email attachment
downloads. Once a virus finds its way onto your system, it will remain dormant
until the infected host file or program is activated, which in turn makes the
virus active enabling it to run and replicate on your system.

Worms, on the other hand, don't need a host program in order for them to run,
self-replicate and propagate. Once a worm has made its way onto your system,
usually via a network connection or as a downloaded file, it can then make
multiple copies of itself and spread via the network or internet connection
infecting any inadequately-protected computers and servers on the network.
Because each subsequent copy of a network worm can also self- replicate,
infections can spread very rapidly via the internet and computer networks.

How Do Computer Viruses Spread?

The Viruses and Worms subclass of malicious software programs includes the following:

 Email-Worm
 IM-Worm
 IRC-Worm
 Net-Worm
 P2P-Worm
 Virus

Computer Worms
A computer worm is a standalone malware computer program that replicates
itself in order to spread to other computers. [1] It often uses a computer network
to spread itself, relying on security failures on the target computer
to access it. It will use this
machine as a host to scan and
infect other computers. When
these new worm-invaded
computers are controlled, the
worm will continue to scan and
infect other computers using these
computers as hosts, and this
behaviour will continue.[2]
Computer worms use recursive
methods to copy themselves
21
without host programs and
distribute themselves based on the
law of
exponential growth, thus controlling and infecting more and more computers in a short

22
time.[3] Worms almost always cause at least some harm to the network, even if
only by consuming bandwidth, whereas viruses almost always corrupt or
modify files on a targeted computer.

Most known computer worms are spread in one of the following ways:

 Files sent as email attachments

 Via a link to a web or FTP resource
 Via a link sent in an ICQ or IRC message
 Via P2P (peer-to-peer) file sharing networks
 Some worms are spread as network packets. These directly penetrate
the computer memory, and the worm code is then activated.
 Computer worms can exploit network configuration errors (for example, to copy
themselves onto a fully accessible disk) or exploit loopholes in operating system
and application security. Many worms will use more than one method in order to
spread copies via networks

Viruses:
Viruses can be divided according to the method that they use to infect a computer:
 File viruses
 Boot sector viruses
 Macro viruses
 Script viruses
 Any program within this subclass of malware can also have additional Trojan
functions.
How to protect yourself against Computer Viruses and Worms

It‘s recommended that you install anti-malware software on all of your devices –
including PCs, laptops, Macs and smartphones – and that your anti-malware solution
receives regular updates, in order to protect against the latest threats. A good anti-
malware software product – such
as Kaspersky Anti-Virus – will detect and prevent virus and worm infections on
your PC, while Kaspersky Internet Security for Android is an excellent choice for
protecting Android smartphones. Kaspersky Lab has products that protect the
following devices:

 Windows PCs
 Linux computers
 Apple Macs
 Smartphones
 Tablets
What is a Trojan Virus? A Trojan horse or Trojan is a type of
malware that is often disguised as
legitimate software. Trojans can be
employed by cyber-thieves and hackers
trying to gain access to users' systems.
Users are typically tricked by some form
of social engineering into loading and
executing Trojans on their systems. Once

23
activated, Trojans can enable cyber-
criminals to spy on you, steal your
sensitive data, and gain backdoor
access to your system. These actions
can include:

24
  Deleting data
 Blocking data
 Modifying data
 Copying data
 Disrupting the performance of computers or computer networks.
How Trojans can impact you
 Backdoor
A backdoor Trojan gives malicious users remote control over the infected computer.
They enable the author to do anything they wish on the infected computer –
including sending, receiving, launching and deleting files, displaying data and
rebooting the computer. Backdoor Trojans are often used to unite a group of victim
computers to form a botnet or zombie network that can be used for criminal
purposes.
 Exploit
Exploits are programs that contain data or code that takes advantage of a
vulnerability within application software that‘s running on your computer.
 Rootkit
Rootkits are designed to conceal certain objects or activities in your system. Often
their main purpose is to prevent malicious programs being detected – in order to
extend the period in which programs can run on an infected computer.
 Trojan-Banker
Trojan-Banker programs are designed to steal your account data for online banking
systems, e- payment systems and credit or debit cards.
 Trojan-DDoS
These programs conduct DoS (Denial of Service) attacks against a targeted web
address. By sending multiple requests – from your computer and several other
infected computers – the attack can overwhelm the target address… leading to a
denial of service.
 Trojan-Downloader
Trojan-Downloaders can download and install new versions of malicious programs
onto your computer – including Trojans and adware.
 Trojan-Dropper
These programs are used by hackers in order to install Trojans and / or viruses – or
to prevent the detection of malicious programs. Not all antivirus programs are
capable of scanning all of the components inside this type of Trojan.
 Trojan-FakeAV
Trojan-FakeAV programs simulate the activity of antivirus software. They are
designed to extort money from you – in return for the detection and removal of
threats… even though the threats that they report are actually non-existent.
 Trojan-GameThief
This type of program steals user account information from online gamers.
 Trojan-IM
Trojan-IM programs steal your logins and passwords for instant messaging
programs – such as ICQ, MSN Messenger, AOL Instant Messenger, Yahoo Pager,
Skype and many more.
 Trojan-Ransom
This type of Trojan can modify data on your computer – so that your computer
doesn‘t run correctly or you can no longer use specific data. The criminal will only
restore your computer‘s performance or unblock your data, after you have paid
them the ransom money that they demand.
 Trojan-SMS
These programs can cost you money – by sending text messages from your mobile
device to premium rate phone numbers.
 Trojan-Spy
Trojan-Spy programs can spy on how you‘re using your computer – for example, by
tracking the data you enter via your keyboard, taking screen shots or getting a list
of running applications.
 Trojan-Mailfinder
These programs can harvest email addresses from your computer.
 Other types of Trojans include:

25
 Trojan-ArcBomb
 Trojan-Clicker
 Trojan-Notifier
 Trojan-Proxy
 Trojan-PSW

26
 Chapter 4

Targeted attacks, Spam & Phishing Scam.

Objective of this Chapter

 Targeted attacks
 Who‘s being targeted
 Spam and a Phishing Scam – Definition
 Various Spam and a Phishing Scam

Targeted Attacks
Unlike mass computer virus attack
– that aim to infect as many s
computers as possible – targeted
attacks use a totally
different approach. Instead, targeted
attacks try to infect the network of a

single
targeted

company or organisation –
apply a specially developed or
Trojan agent to a single
server on the organisation‘s
network infrastructure.

27
Targeted Attacks:
Unlike mass
computer virus
attacks – that
aim to infect as
many computers
as possible –
targeted attacks
use a totally
different
approach.
Instead,
targeted attacks
try to infect the
network of a
single targeted
company or
organisation – or
apply a specially
developed Trojan agent to a single server on the organisation‘s network
infrastructure.

Who’s being targeted?

Cybercriminals often target businesses that process or store information that

can be exploited by the criminal for personal gain. Typical targets include:

 Banks
Criminals will attack a bank‘s servers or network, in order to access
information and illegally transfer funds from customers‘ bank accounts.
 Billing companies – such as telephone companies
when a billing company is singled out for an attack, the criminals are
generally looking to access customer accounts or steal valuable
information – such as customer databases, financial information or
technical data.
Getting past corporate security

Because large companies – that are normally the subject of targeted computer
virus attacks – will often have a high level of IT security, the cybercriminals
may need to employ some particularly cunning methods. With most
organizations benefiting from a firewall and other protective measures against
external attacks, the criminal may look for assistance from within the
organization:

 Phishing
Employees may unwittingly assist the criminal by responding to phishing
emails – that pretend to be from the company‘s IT department – asking the
28
 employee to enter their corporate system access password… for testing
purposes.
 Using a false identity
in some cases, criminals may use personal information that they‘ve
gathered from social networking websites, in order to assume the identity
of an employee‘s colleague
– so that the phishing request for usernames and passwords looks as if it
has genuinely been sent by a colleague. This helps to ensure that
employees do not become suspicious when asked to enter their password.

29
What is Spam and a Phishing Scam – Definition
Spam is the electronic equivalent of the ‗junk
mail‘ that arrives on your doormat or in your
post-box. However, spam is more than just
annoying. It can be dangerous – especially if
it‘s part of a phishing scam.

Spam emails are sent out in mass quantities

by spammers and cybercriminals that are
looking to do one or more of the following:
 Make money from the small percentage
of recipients that actually respond to the
message
 Run phishing scams – in order to
obtain passwords, credit card numbers,
bank account details and more
 Spread malicious code onto
recipients‘ computers

Here are some useful tips – from Kaspersky Lab‘s team of Internet security experts –
to help you reduce the amount of spam email you receive:

Various Spam and a Phishing Scam:

 Set up multiple email addresses
It‘s a good idea to have at least two email addresses:
 Private email address
this should only be used for personal correspondence. Because spammers
build lists of possible email addresses – by using combinations of obvious
names, words and numbers
– you should try to make this address difficult for a spammer to guess.
Your private address should not simply be your first and last name – and
you should protect the address by doing the following:
a) Never publish your private email address on publicly accessible online resources.
b) If you must publish your private address electronically, try to mask it –
in order to avoid having the address picked up by spammers. For
example,
‗[email protected]‘ is an easy address for spammers to find. Try writing it as
‗Joe-dot-Smith-at-yahoo.com‘ instead.
c) When you need to publish your private address on a website, it‘s safer to
do this as a graphics file rather than as a link.
d) If your private address is discovered by spammers – you should change
it. Although this may be inconvenient, changing your email address will
help you to avoid spam.
 Public email address
Use this address when you need to register on public forums and in chat
rooms, or to subscribe to mailing lists and other Internet services. The following
tips will also help you to reduce the volume of spam you receive via your public
email address:
a) Treat your public address as a temporary address. The chances are

30
 high that spammers will rapidly get hold of your public address –
especially if it is frequently being used on the Internet.
b) Don't be afraid to change your public email address often.
c) Consider using a number of public addresses. That way you‘ll have a better
chance of tracing which services may be selling your address to
spammers.

31
 Never respond to any spam
Most spammers verify receipt and log responses. The more you respond, the
more spam you‘re likely to receive.
 Think before you click ‘unsubscribe’
Spammers send fake unsubscribe letters, in an attempt to collect active
email addresses. If you click 'unsubscribe' in one of these letters, it may
simply increase the amount of spam you receive. Do not click on
'unsubscribe' links in emails that come from unknown sources.
 Keep your browser updated
Make sure that you use the latest version of your web browser and that all of
the latest Internet security patches have been applied.
 Use anti-spam filters
only open email accounts with providers that include spam filtering. Choose
an antivirus and Internet security solution that also includes advanced anti-
spam features.

32
 Chapter 5

Malware type & classification tree.

Objective of this Chapter

 Malware
 Malware type
 Malware protection
 Malware classification tree
 Malware Creators

33
 Malware definition:
Malware, short for malicious software, is a blanket term for viruses, worms,
trojans and other harmful computer programs hackers use to wreak
destruction and gain access to sensitive information. As Microsoft puts it,
"[malware] is a catch-all term to refer to any software designed to cause
damage to a single computer, server, or computer network." In other words,
software is identified as malware based on its intended use, rather than a
particular technique or technology used to build it.

This means that the question of, say, what the difference is between malware
and a virus misses the point a bit: a virus is a type of malware, so all viruses
are malware (but not every piece of malware is a virus).

Types of malware
There are a number of different ways of categorizing malware; the first is by
how the malicious software spreads. You've probably heard the words virus,
trojan, and worm used interchangeably, but as Symantec explains, they
describe three subtly different ways malware can infect target computers:

 A worm is a standalone piece of malicious software that reproduces itself and

spreads from computer to computer.
 A virus is a piece of computer code that inserts itself within the code of another
standalone program, then forces that program to take malicious action and
spread itself.
 A trojan is a program that cannot reproduce itself but masquerades as
something the user wants and tricks them into activating it so it can do its
damage and spread.

Malware can also be installed on a computer "manually" by the attackers

themselves, either by gaining physical access to the computer or using
privilege escalation to gain
remote administrator access.

34
Another way to categorize malware is by what it does once it has successfully
infected its victim's computers. There are a wide range of potential attack
techniques used by malware:

35
 Spyware is defined by Webroot Cybersecurity as "malware used for the purpose
of secretly gathering data on an unsuspecting user." In essence, it spies on your
behavior as you use your computer, and on the data you send and receive,
usually with the purpose of sending that information to a third party. A keylogger
is a specific kind of spyware that records all the keystrokes a user makes—great
for stealing passwords.
 A rootkit is, as described by TechTarget, "a program or, more often, a collection
of software tools that gives a threat actor remote access to and control over a
computer or other system." It gets its name because it's a kit of tools that
(generally illicitly) gain root
access (administrator-level control, in Unix terms) over the target system, and
use that power to hide their presence.
 Adware is malware that forces your browser to redirect to web advertisements,
which often themselves seek to download further, even more malicious software.
As The New York Times notes, adware often piggybacks onto tempting "free"
programs like games or browser extensions.
 Ransomware is a flavor of malware that encrypts your hard drive's files and
demands a payment, usually in Bitcoin, in exchange for the decryption key.
Several high-profile malware outbreaks of the last few years, such as Petya, are
ransomware. Without the decryption key, it's mathematically impossible for
victims to regain access to their files. So-
called scareware is a sort of shadow version of ransomware; it claims to have
taken control of your computer and demands a ransom, but actually is just using
tricks like browser redirect loops to make it seem as if it's done more damage
than it really has, and unlike ransomware can be relatively easily disabled.
 Cryptojacking is another way attackers can force you to supply them with
Bitcoin—only it works without you necessarily knowing. The crypto mining
malware infects your computer and uses your CPU cycles to mine Bitcoin for
your attacker's profit. The mining software may run in the background on your
operating system or even as JavaScript in a browser window.
 Malvertising is the use of legitimate ads or ad networks to covertly deliver malware
to unsuspecting users‘ computers. For example, a cybercriminal might pay to
place an ad on a legitimate website. When a user clicks on the ad, code in the
ad either redirects them to a malicious website or installs malware on their
computer. In some cases, the malware embedded in an ad might execute
automatically without any action from the user, a technique referred to as a
―drive-by download.‖

Any specific piece of malware has both a means of infection and a behavioral
category. So, for instance, WannaCry is a ransomware worm. And a particular
piece of malware might have different forms with different attack vectors: for
instance, the Emotet banking malware has been spotted in the wild as both a
trojan and a worm.

A look at the Center for Internet Security's top 10 malware offenders for
June of 2018 gives you a good sense of the types of malware out there. By
far the most common infection vector is via spam email, which tricks users
into activating the malware, Trojan-style. WannaCry and Emotet are the
most prevalent malware on the
list, but many others, including NanoCore and Gh0st, are what's called
Remote Access Trojans or RATs—essentially, rootkits that propagate like
Trojans. Cryptocurrency malware like CoinMiner rounds out the list.

How to prevent malware

36
With spam and phishing email being the primary vector by which
malware infects computers, the best way to prevent malware is make
sure your email systems are locked down tight—and your users know
how to spot danger. We recommend a combination of carefully checking
attached documents and restricting potentially

37
dangerous user behavior—as well as just familiarizing your users with
common phishing scams so that their common sense can kick in.

When it comes to more technical preventative measures, there are a number

of steps you can take, including keeping all your systems patched and
updated, keeping an inventory of hardware so you know what you need to
protect, and performing continuous vulnerability assessments on your
infrastructure. When it comes to ransom ware attacks in particular, one way
to be prepared is to always make backups of your files, ensuring that you'll
never need to pay a ransom to get them back if your hard drive is encrypted.

Malware protection
Antivirus software is the most widely known product in the category of
malware protection products; despite "virus" being in the name, most
offerings take on all forms of malware. While high-end security pros dismiss
it as obsolete, it's still the backbone of basic anti-malware defense. Today's
best antivirus software is from vendors Kaspersky Lab, Symantec and Trend
Micro, according to recent tests by AV-TEST.

When it comes to more advanced corporate networks, endpoint security

offerings provide defense in depth against malware. They provide not only
the signature-based malware detection that you expect from antivirus, but
anti-spyware, personal firewall, application control and other styles of host
intrusion prevention. Gartner offers a list of its top picks in this space, which
include products from Cylance, CrowdStrike, and Carbon Black.

How to detect malware

It's fully possible—and perhaps even likely—that your system will be
infected by malware at some point despite your best efforts. How can you tell
for
sure? CSO columnist Roger Grimes has written a deep dive into how to
diagnose your PC for potential malware that you might find helpful.

When you get to the level of corporate IT, there are also more advanced
visibility tools you can use to see what's going on in your networks and
detect malware infections.
Most forms of malware use the network to either spread or send information
back to their controllers, so network traffic contains signals of malware infection
that you might otherwise miss; there are a wide range of network monitoring
tools out there, with prices ranging from a few dollars to a few thousand.
There are also SIEM tools, which evolved from log management programs;
these tools analyze logs from various computers and appliances across your
infrastructure looking for signs of problems, including malware infection. SIEM
vendors range from industry stalwarts like IBM and HP Enterprise to smaller
specialists like Spelunk and Alien Vault.

Malware removal
How to remove malware once you're infected is in fact the million dollar
question. Malware removal is a tricky business, and the method can vary
depending on the type you're dealing with. CSO has information on how to
38
remove or otherwise recover
from rootkits, ransom ware, and crypto jacking. We also have a guide to
auditing your Windows registry to figure out how to move forward.

If you're looking for tools for cleansing your system, Tech Radar has a good
roundup of free offerings, which contains some familiar names from the
antivirus world along with newcomers like Malware bytes.

39
Malware Creators:

If you‘re
mystifie
d as to
why
someon
e would
want to
put so
much
effort
into
attackin
g your
comput
er
or your mobile device, let‘s take a moment to consider the type of people that become
malware creators… and how they benefit from creating malware.

Vandals, swindlers, blackmailers and other criminals

It‘s a sad fact that, sooner or later, malicious individuals will find a way to exploit
almost any invention or new technology – in order to cause damage or generate
revenues. As the legitimate use of computers, mobile devices and the Internet has
grown, so have the opportunities for vandals, swindlers, blackmailers and other
criminals to benefit from creating
computer viruses, worms, Trojans and other malware.

To find out more about what motivates the different types of malware creators – and
how their activities can affect you – please click on the links below:

 Computer Vandalism
 Petty Theft
 Cybercrime
 ‗Grey Market‘ Business

Malware examples:
We've already discussed some of the current malware threats looming large today.
But there is a long, storied history of malware, dating back to infected floppy disks
swapped by Apple II hobbyists in the 1980s and the Morris Worm spreading across
Unix machines in 1988. Some of the other high-profile malware attacks have
included:

 ILOVEYOU, a worm that spread like wildfire in 2000 and did more than
$15 billion in damage
 SQL Slammer, which ground internet traffic to a halt within minutes of its first
rapid spread in 2003
 Conficker, a worm that exploited unpatched flaws in Windows and leveraged a
variety of attack vectors – from injecting malicious code to phishing emails –
to ultimately crack passwords and hijack Windows devices into a botnet.
 Zeus, a late '00s key logger Trojan that targeted banking information

40
 Crypto Locker, the first widespread ransom ware attack, whose code
keeps getting repurposed in similar malware projects
 Stuxnet, an extremely sophisticated worm that infected computers worldwide
but only did real damage in one place: the Iranian nuclear facility at Natanz,
where it destroyed uranium-enriching centrifuges, the mission it was built for
by U.S. and Israeli intelligence agencies.

41
 Chapter 6

Data security & Solution

Objective of this Chapter

 What is Data security

 Data Solutions
 Data Risk Assessment
 Data Auditing
 General Data Protection Regulation

42
Why Data Security?

Organizations around the globe are investing heavily in information

technology (IT) cyber security capabilities to protect their critical assets.
Whether an enterprise needs to protect a brand, intellectual capital, and
customer information or provide controls for critical infrastructure, the means
for incident detection and response to protecting organizational interests have
three common elements: people, processes, and technology.
Data Security Solutions:

Micro Focus drives leadership in data

security solutions with over 80 patents
and 51 years of expertise. With advanced
data encryption, tokenization, and key
management to protect data across
applications, transactions, storage, and
big data platforms, big data solutions,
Micro Focus simplifies the protection of
sensitive data in even the most complex
use cases.

 Cloud data security – Protection platform that

allows you to move to the cloud securely while protecting data in cloud applications.
 Data encryption – Data-centric and tokenization security solutions that protect
data across enterprise, cloud, mobile and big data environments.
 Hardware security module -- Hardware security module that guards financial
data and meets industry security and compliance requirements.
 Key management -- Solution that protects data and enables industry regulation
compliance.
 Enterprise Data Protection – Solution that provides an end-to-end data-centric
approach to enterprise data protection.
 Payments Security – Solution provides complete point-to-point encryption and
tokenization for retail payment transactions, enabling PCI scope reduction.
 Big Data, Hadoop and IofT data protection – Solution that protects sensitive
data in the Data Lake – including Hadoop, Teradata, Micro Focus Vertica, and
other Big Data platforms.
 Mobile App Security - Protecting sensitive data in native mobile apps while
safeguarding the data end-to-end.
 Web Browser Security - Protects sensitive data captured at the browser, from the
point the customer enters cardholder or personal data, and keeps it protected
through the ecosystem to the trusted host destination.
 eMail Security – Solution that provides end-to-end encryption for email and mobile
messaging, keeping Personally Identifiable Information and Personal Health
Information secure and private.

Data Auditing

The question isn‘t if a security breach occurs, but when a security breach will
occur. When forensics gets involved in investigating the root cause of a breach,
having a data

43
auditing solution in place to capture and report on access control changes to
data, who had access to sensitive data, when it was accessed, file path, etc. are
vital to the investigation process.Alternatively, with proper data auditing
solutions, IT administrators can gain the visibility necessary to prevent
unauthorized changes and potential breaches.

44
Data Risk Assessment
Data risk assessments help companies identify their most overexposed sensitive
data and offer reliable and repeatable steps to prioritize and fix serious security
risks. The process starts with identifying sensitive data accessed via global groups,
stale data, and/or inconsistent permissions. Risk assessments summarize important
findings, expose data vulnerabilities, provide a detailed explanation of each
vulnerability, and include prioritized remediation recommendations.

Data Minimization:
The last decade of IT management has seen a shift in the perception of data.
Previously, having more data was almost always better than less. You could
never be sure ahead of time what you might want to do with it.
Today, data is a liability. The threat of a reputation-destroying data breach, loss
in the millions or stiff regulatory fines all reinforce the thought that collecting
anything beyond the minimum amount of sensitive data is extremely
dangerous.
To that end: follow data minimization best practices and review all data
collection needs and procedures from a business standpoint.

Purge Stale Data:

Data that is not on your network is data that can‘t be compromised. Put in
systems that can track file access and automatically archive unused files. In
the modern age of yearly acquisitions, reorganizations and ―synergistic
relocations,‖ it‘s quite likely that networks of any significant size have multiple
forgotten servers that are kept around for no good reason.

General Data Protection Regulation (GDPR)

The EU‘s General Data Protection Regulation covers the protection of EU citizen
personal data, such as social security numbers, date of birth, emails, IP
addresses, phone numbers, and account numbers. From a data security point
of view, here‘s what you should focus on to meet GDPR compliance:
 Data Classification – Know where sensitive personal data is stored.
It‘s critical to both protecting the data and also fulfilling requests to
correct and erase personal data, a requirement known as the right to
be forgotten.
 Continuous Monitoring –The breach notification requirement enlists data
controllers to report the discovery of a breach within 72 hours. You‘ll
need to spot unusual access patterns against files containing personal
data. Expect hefty fines if you fail to do so.
 Metadata – With the GDPR requirement to set a limit on data
retention, you‘ll need to know the purpose of your data collection.
Personal data residing on company systems should be regularly
reviewed to see whether it needs to be archived and moved to
cheaper storage or saved for the future.
45
 Data Governance – Organizations need a plan for data governance.
With data security by design as the law, organizations need to
understand who is accessing personal data in the corporate file
system, who should be authorized to access it and limit file permission
based on employees‘ actual roles and business need.

46
 Chapter 7

Web application security

Objective of this Chapter

 Web application
 Web application vulnerabilities
 Web application firewall
 Network and web application security solutions

47
What is web application security?

Web
application
security is the
process of
protecting
websites and
online
services
against
different
security
threats that
exploit
vulnerabilities
in an
application‘s
code.
Common
targets for
web
application
attacks are
content
management
systems (e.g., WordPress), database administration tools (e.g., phpMyAdmin) and SaaS
applications.
Perpetrators consider web applications high-priority targets due to:

 The inherent complexity of their source code, which increases the

likelihood of unattended vulnerabilities and malicious code
manipulation.
 High value rewards, including sensitive private data collected from
successful source code manipulation.
 Ease of execution, as most attacks can be easily automated and launched
indiscriminately against thousands, or even tens or hundreds of thousands of
targets at a time.
Organizations failing to secure their web applications run the risk of being
attacked. Among other consequences, this can result in information theft,
damaged client relationships, revoked licenses and legal proceedings.

Web application vulnerabilities:

Web application vulnerabilities are typically the result of a lack of input/output

sanitization, which are often exploited to either manipulate source code or
gain unauthorized access.

48
Such vulnerabilities enable the use of different attack vectors, including:

 SQL Injection – Occurs when a perpetrator uses malicious SQL code to manipulate
a backend database so it reveals information. Consequences include the
unauthorized viewing of lists, deletion of tables and unauthorized administrative
access.
 Cross-site Scripting (XSS) – XSS is an injection attack targeting users in order to
access accounts, activate Trojans or modify page content. Stored XSS occurs
when malicious code is injected directly into an application. Reflected XSStakes
place when malicious script is reflected off of an application onto a user‘s
browser.

49
  Remote File Inclusion – A hacker uses this type of attack to remotely inject a
file onto a web application server. This can result in the execution of malicious
scripts or code within the application, as well as data theft or manipulation.
 Cross-site Request Forgery (CSRF) – An attack that could result in an unsolicited
transfer of funds, changed passwords or data theft. It‘s caused when a malicious
web application makes a user‘s browser perform an unwanted action in a site to
which a user is logged on.

In theory, thorough input/output sanitization could eliminate all

vulnerabilities, making an application immune to unlawful manipulation.
However, complete sanitization usually isn‘t a practical option, since most
applications exist in a constant development state. Moreover, applications are
also frequently integrated with each other to create an increasingly complex
coded environment.
Web application security solutions and enforced security procedures, such as
PCI Data Security Standard (PCI DSS) certification, should be deployed to avoid
such threats.

Web application firewall (WAF)

Web application firewalls (WAFs) are hardware and software solutions used for
protection from application security threats. These solutions are designed to
examine incoming traffic to block attack attempts, thereby compensating for
any code sanitization deficiencies.
By securing data from theft and manipulation, WAF deployment meets key
criteria for PCI DSS certification. Requirement 6.6 states that all credit and
debit cardholder data held in a database must be protected.
Generally, deploying a WAF doesn‘t require making any changes to an
application, as it is placed ahead of its DMZ at the edge of a network. From
there, it acts as a gateway for all incoming traffic, blocking malicious requests

50
before they have a chance to interact with an application.
WAFs use several different heuristics to determine which traffic is given access
to an application and which needs to be weeded out. A constantly-updated
signature pool enables them to instantly identify bad actors and known attack
vectors.

51
Almost all WAFs can be custom-configured for specific use cases and security
policies, and to combat emerging (a.k.a., zero-day) threats. Finally, most
modern solutions leverage reputational and behavior data to gain additional
insights into incoming traffic WAFs are typically integrated with other security
solutions to form a security perimeter. These may include distributed denial of
service (DDoS) protection services that provide additional scalability required to
block high-volume attacks.
Web application security checklist:

In addition to WAFs, there are a number of methods for securing web

applications. The following processes should be part of any web application
security checklist:

 Information gathering – Manually review the application, identifying entry points

and client-side codes. Classify third-party hosted content.
 Authorization – Test the application for path traversals; vertical and horizontal
access control issues; missing authorization and insecure, direct object
references.
 Cryptography – Secure all data transmissions. Has specific data been encrypted?
Have weak algorithms been used? Do randomness errors exist?
 Denial of service – Improve an application‘s resilience against denial of service
threats by testing for anti-automation, account lockout, HTTP protocol DoS and
SQL wildcard DoS. This doesn‘t cover protection from high-volume DoS and DDoS
attacks, which are best countered by a combination of filtering solutions and
scalable resources.
Refer to the OWASP Web Application Security Testing Cheat Sheet for
additional information; it‘s also a valuable resource for other security-related
matters.
Imperva network and web application security solutions

52
Imperva offers an entire suite of web application and network security
solutions, all delivered via our cloud-based CDN platform.

53
  Web application firewall (WAF) – Managed 24/7 by our team of security
experts, Imperva cloud WAF uses crowdsourcing technology and IP
reputation to prevent attacks aiming to exploit application vulnerabilities.
This solution also comes complete with a custom rules engine, enabling
total on-the-fly control over all security policies.
 DDoS protection – Our multi-faceted DDoS mitigation services offer blanket
protection against all network layer and application DDoS attacks. Imperva
users can choose between DNS and BGP-enabled options to secure
websites, web applications and server infrastructure.
 Bot filtering – Malicious bots are used in mass-scale automated assaults,
accounting for over 90% of all application layer attacks. Imperva bot
filtering is a free service that uses advanced client classification, a
progressive challenge system and reputational scoring to identify and filter
out nefarious bot traffic.

Learning Objectives
After reading
Related Topics this article you will be able to

 Understand the concept of web application security


 Learn about web application vulnerabilities
 Understand WAFs
 See a web application security checklist
 Learn about Imperva network & web application solutions





54
 Chapter 8

Mobile Cyber-attacks

Objective of this Chapter

 Cyber Threats to Mobile Devices

 Spyware and Drive-By Downloads
 Free Wi-Fi Can Pose Threats
 Check Bank Statements and Mobile Charges
 Beware of Unfamiliar Apps
 Turn Off Unnecessary Features

55
Cyber Threats to Mobile Devices:

Many of the cyber threats that face mobile devices are simply the mobile
version of threats that face desktop computers. Still, it's helpful to review these
threats and some of the ways the attacks are customized for mobile devices.

From 2016 to 2020, the financial impact of fraud cases has multiplied several
folds, costing victims an annual total of $42 billion in 2020 according to PwC
global economic crime survey. The majority of that fraud involved some sort of
cybercrime.1 The majority of that fraud involved some sort of cybercrime.
When it comes to cybercrime, your mobile phone isn't exempt. When any
device is connected to the internet, as most phones are, the users of those
devices face many of the same threats as desktop computer users.
Keep reading to learn the types of cyber threats that affect mobile devices,
along with some ways to reduce your risk.

Mobile Ransom ware:

Ransom ware is a type of malware that locks up your device. Once you've been
infected, you lose your ability to access all of the data on your phone until you pay a
ransom to the criminal.
Depending on the type of ransom ware, you could lose your call history, contacts,
photos, messages, and many basic phone functions.
Even if you pay the ransom, there's no guarantee that your device will be fixed,
so it's best not to buy any software that pops up during a ransomware attack.

Scareware is similar to ransomware. The difference with scareware is that you

don't lose your access to data. Instead, a pop-up or similar message attempts
to scare you into believing you've been infected by a virus. The scareware will
advertise software to combat the viruses, but that software itself is the virus.
The key is to do nothing—as long as you don't download the scareware or give
out any personal information, you won't get a virus.

Spyware and Drive-By Downloads

Not all malware is as obvious as ransomware. Some malware is designed to go
unnoticed, and these viruses are known as spyware. Spyware can be installed
on your device without your knowledge by hackers. It can also be accidentally
installed while browsing the internet. This is known as a "drive-by download."
You think you're simply visiting a website, but the site clandestinely installs
spyware on your device.
56
Once it's on your device, spyware can track your device use and extract
personal data like locations and passwords. Whatever the spyware collects is
sent back to
the cybercriminal who created it.

57
Free Wi-Fi Can Pose Threats:
It may seem like a nice perk for a coffee shop or transit terminal to offer free
wireless internet and it is, but it's also a potential threat. Free Wi-Fi is often
unsecured, which allows hackers to place themselves between your device and
the Wi-Fi hotspot.4 Anything you do online while using the free connection could
be intercepted by bad actors. There's an app for everything, but not all of
those apps are convenient tools or benign entertainment. That time-killing
game you downloaded might be fun, but it might also be collecting intimate
details about you and sending them to advertisers or bad actors.
These apps ask for permissions and data access under the guise of improving
the app experience, but what they're actually doing is mining data to sell.
Falling victim to these scams is known as "data leakage." At best, this scam
results in increasingly invasive ads. At worst, sensitive data could end up in the
hands of criminals who use it to steal your identity.

Beware of Unfamiliar Apps:

Before downloading a new game to kill time, do a little research on the app and
the app's developer. Carelessly downloading apps invites spyware,
ransomware, and data leakage. By carefully researching what you're
downloading before you download it, you can prevent many of these attacks.
Simply plugging the developer's name into a search engine could help raise red
flags on suspicious software.
Update your software on your device when prompted. These updates often
include fixes to security vulnerabilities. They're usually quick, too, and failing to
run them can create an easy opening for hackers.
Before downloading a new game to kill time, do a little research on the app and
the app's developer. Carelessly downloading apps invites spyware,
ransomware, and data leakage. By carefully researching what you're
downloading before you download it, you can prevent many of these attacks.
Simply plugging the developer's name into a search engine could help raise red
flags on suspicious software.

Check Bank Statements and Mobile Charges:

The vast majority of identity theft cases and cybercrimes involve financial fraud. 1
That's why you need to regularly check your mobile charges, bank statements, and
any other financial accounts you have

58
Scrutinizing financial records goes beyond mobile device security, and it
should be a routine part of your security habits.

59
Turn Off Unnecessary Features:
Turn off any features you don't need at that moment. For instance, if you are
not using GPS, Bluetooth, or Wi-Fi, turn them off. This is especially important in
public spaces, such as in places with free Wi-Fi. If you do decide to use free Wi-
Fi, avoid accessing sensitive information through the network. For example,
don't do your banking or pay bills on a
public, unsecured network.
Mobile security is at the top of every company's worry list these days — and
for good reason: Nearly all workers now routinely access corporate data
from smartphones, and that means keeping sensitive info out of the wrong
hands is an increasingly intricate puzzle. The stakes, suffice it to say, are
higher than ever: The average cost of a corporate data breach is a whopping
$3.86 million, according to a 2018 report by the Ponemon Institute. That's
6.4 percent more than the estimated cost just one year earlier.
While it's easy to focus on the sensational subject of malware, the truth is
that mobile malware infections are incredibly uncommon in the real world —
with your odds of being infected significantly less than your odds of being
struck by lightning, according to one estimate. Malware currently ranks as the
least common initial action in data breach incidents, in fact, coming in behind
even physical attacks in Verizon's 2019 Data Breach Investigations Report.
That's thanks to both the nature of mobile malware and the inherent
protections built into modern mobile operating systems.

The more realistic mobile security hazards lie in some easily overlooked
areas, all of which are only expected to become more pressing:

1. Data leakage:
What makes the issue especially vexing is that it often isn't nefarious by nature;
rather, it's a matter of users inadvertently making ill-advised decisions about which
apps are able to see and transfer their information. The main challenge is how to
implement an app vetting process that does not overwhelm the administrator and
does not frustrate the users," says Dionisio Zumerle, research director for mobile
security at Gartner. He suggests turning to mobile t hreat defense (MTD) solutions —
products like Symantec's Endpoint Protection Mobile, CheckPoint's SandBlast
Mobile, and Zimperium's zIPS Protection. Such utilities scan apps for "leaky
behavior," Zumerle says, and can automate the blocking of problematic processes.
For that type of leakage, data loss prevention (DLP) tools may be the most effective
form of protection. Such software is designed explicitly to prevent the exposure of
sensitive information, including in accidental scenarios.

2. Social engineering:
The tried-and-true tactic of trickery is just as troubling on the mobile front as it is on
desktops. Despite the ease with which one would think social engineering cons could
be avoided, they remain astonishingly effective.
A staggering 91% of cybercrime starts with email, according to a 2018 report
by security firm FireEye. The firm refers to such incidents as "malware-less
attacks," since they rely on tactics like impersonation to trick people into
60
clicking dangerous links or providing sensitive info. Phishing, specifically, grew
by 65% over the course of 2017, the company says, and mobile users are at
the greatest risk of falling for it because of the way many mobile email clients
display only a sender's name — making it especially easy to spoof messages
and trick a person into thinking an email is from someone they know or trust.

61
3. Wi-Fi interference:
A mobile device is only as secure as the network through which it transmits data.
In an era where we're all constantly connecting to public Wi-Fi networks, that
means our info often isn't as secure as we might assume.
Just how significant of a concern is this? According to research by Wandera,
corporate mobile devices use Wi-Fi almost three times as much as they use cellular
data. Nearly a quarter of devices have connected to open and potentially insecure
Wi-Fi networks, and 4% of devices have encountered a man-in-the-middle attack —
in which someone maliciously intercepts communication between two parties —
within the most recent month. McAfee, meanwhile, says network spoofing has
increased "dramatically" as of late, and yet less than half of people bother to secure
their connection while traveling and relying on public networks.
"These days, it's not difficult to encrypt traffic," says Kevin Du, a computer science
professor at Syracuse University who specializes in smartphone security. "If you
don't have a VPN, you're leaving a lot of doors on your perimeters open."

4. Out-of-date devices:
Smartphones, tablets and smaller connected devices — commonly known as the
Internet of Things (IoT) — pose a new risk to enterprise security in that unlike
traditional work devices, they generally don't come with guarantees of timely and
ongoing software updates. This is true particularly on the Android front, where the
vast majority of manufacturers are embarrassingly ineffective at keeping their
products up to date — both with operating system (OS) updates and with the
smaller monthly security patches between them — as well as with IoT devices,
many of which aren't even designed to get updates in the first place.

5. Cryptojacking attacks:
A relatively new addition to the list of relevant mobile threats, cryptojacking is a
type of attack where someone uses a device to mine for cryptocurrency without the
owner's knowledge. If all that sounds like a lot of technical mumbo-jumbo, just know
this: The cryptomining process uses your company's devices for someone else's
gain. It leans heavily on your technology to do it — which means affected phones
will probably experience poor battery life and could even suffer from damage due to
overheating components.
While cryptojacking originated on the desktop, it saw a surge on mobile from late
2017 through the early part of 2018. Unwanted cryptocurrency mining made up a
third of all attacks in the first half of 2018, according to a Skybox Security analysis,
with a 70% increase in prominence during that time compared to the previous half-
year period. And mobile-specific cryptojacking attacks absolutely exploded between
October and November of 2017, when the number of mobile devices affected saw a
287% surge, according to a Wandera report.

6. Poor password hygiene:

You'd think we'd be past this point by now, but somehow, users still aren't
securing their accounts properly — and when they're carrying phones that
contain both company accounts and personal sign-ins, that can be particularly
problematic.
A recent survey by Google and Harris Poll found just over half of Americans, based
on the survey's sample, reuse passwords across multiple accounts. Equally
concerning, nearly a third aren't using 2FA (or don't know if they're using it —
which might be a little worse). Only a quarter of people are actively using a

62
password manager, which suggests the vast majority of folks probably don't have
particularly strong passwords in most places, since they're presumably
generating and remembering them on their own.

63
7. Physical device breaches:
Last but not least is something that seems especially silly but remains a disturbingly
realistic threat: A lost or unattended device can be a major security risk, especially if
it doesn't have a strong PIN or password and full data encryption.

8. Mobile ad fraud:
Mobile advertising generates a lot of revenue—about $57.9 billion in the first
half of 2019 alone according to an Interactive Advertising Bureau (IAB)
report. Cyber criminals follow the money, so it‘s no surprise they‘ve found
ways to siphon cash from mobile ad revenue streams. Estimates on how
much ad fraud costs vary, but Juniper Research projects a $100 billion loss per
year by 2023.
Ad fraud can take several forms, but the most common is using malware to
generate clicks on ads that appear to be coming from a legitimate user using
a legitimate app or website. For example, a user might download an app that
offers a legitimate service, such as a weather forecast or messaging. In the
background, however, that app generates fraudulent clicks on legitimate ads
that appear on the app. Publishers are typically paid by the number of ad
clicks they generate, so mobile ad fraud steals from companies‘ advertising
budgets and can deprive publishers of revenue.
The biggest victims are mobile advertisers and ad-supported publishers,
but ad fraud does harm to mobile users, too. As with cryptojacking, ad
fraud malware runs in the background and can slow a smartphone‘s
performance, drain its battery, incur higher data charges, or cause
overheating. Based on its own tracking data, security
vendor Upstream estimates that smartphone users lose millions of dollars
each year due to higher data charges from mobile ad malware.
The biggest victims are mobile advertisers and ad-supported publishers,
but ad fraud does harm to mobile users, too. As with cryptojacking, ad
fraud malware runs in the background and can slow a smartphone‘s
performance, drain its battery, incur higher data charges, or cause
overheating. Based on its own tracking data, security
vendor Upstream estimates that smartphone users lose millions of dollars
each year due to higher data charges from mobile ad malware.
The Upstream report recommends that users:
Android is by far the most popular platform for mobile ad fraud. According to
Upstream, these some of the most popular Android malicious apps to avoid:
 Regularly check their apps and delete any that look suspicious.
 Monitor data usage for unusual spikes.
 Install apps only from Google Play.
 Check an app‘s reviews, developer details, and list of requested
permissions before installing to make sure they all apply to the
app‘s stated purpose.
 Snaptube
 GPS Speedometer
 Free Messages, Video, Chat, Text for Messenger Plus
 Easy Scanner
64
 Weather Forecast
 Super Calculator
 Who Unfriended Me
 VidMate
 Quicktouch

65
 Chapter 9

Bluetooth attacks & its security.

Objective of this Chapter

 Bluetooth security
 What is Bluetooth attacks
 Type of Bluetooth attacks
 Common Bluetooth issue

66
Bluetooth security:
Bluetooth security is of
paramount importance as
devices are susceptible to
a variety of wireless and
networking attacking
including denial of service
attacks, eavesdropping,
man-in-the- middle
attacks, message
modification, and
resource
misappropriation.
Bluetooth security must also
address more specific
Bluetooth related attacks
that target known
vulnerabilities in Bluetooth
implementations and
specifications. These may
include attacks against
improperly secured Bluetooth implementations which can provide attackers with
unauthorized access.
Many users may not believe there is an issue with Bluetooth security, but hackers
may be able to gain access to information from phone lists to more sensitive
information that others may hold on Bluetooth enabled phones and other devices.
There are three basic means of providing Bluetooth security:
 Authentication: In this process the identity of the communicating
devices are verified. User authentication is not part of the main
Bluetooth security elements of the specification.
 Confidentiality: This process prevents information being
eavesdropped by ensuring that only authorised devices can access
and view the data.
 Authorisation: This process prevents access by ensuring that a
device is authorised to use a service before enabling it to do so.

67
Bluetooth attacks:

68
Common Bluetooth security issues:
There are a number of ways in which Bluetooth security can be penetrated,
often because there is little security in place. The major forms of Bluetooth
security problems fall into the following categories:

 Bluejacking: Bluejacking is often not a major malicious security problem,

although there can be issues with it, especially as it enables someone to get
their data onto another person's phone, etc. Bluejacking involves the sending
of a vCard message via Bluetooth to other Bluetooth users within the locality
- typically 10 metres. The aim is that the recipient will not realise what the
message is and allow it into their address book. Thereafter messages might
be automatically opened because they have come from a supposedly known
contact
 Bluebugging: This more of an issue. This form of Bluetooth security issue
allows hackers to remotely access a phone and use its features. This may
include placing calls and sending text messages while the owner does not
realise that the phone has been taken over.
 Car Whispering: This involves the use of software that allows hackers to send
and receive audio to and from a Bluetooth enabled car stereo system
In order to protect against these and other forms of vulnerability, the
manufacturers of Bluetooth enabled devices are upgrading he security to
ensure that these Bluetooth security lapses do not arise with their products.

69
70
 Chapter 10

Cryptography & its types.

Objective of this Chapter

 What is Cryptography
 Type of Cryptography
 Features Of Cryptography
 Different symmetric and asymmetric cryptography
 What problems does cryptography solve

71
Cryptography:
Cryptography is technique of securing information and communications
through use of codes so that only those person for whom the information is
intended can understand it and process it. Thus preventing unauthorized
access to information. The prefix ―crypt‖ means ―hidden‖ and suffix graphy
means ―writing‖.
In Cryptography the techniques which are use to protect information are
obtained from mathematical concepts and a set of rule based calculations
known as algorithms to convert messages in ways that make it hard to decode
it. These algorithms are used for cryptographic key generation, digital signing,
verification to protect data privacy, web browsing on internet and to protect
confidential transactions such as credit card and debit card transactions.
Techniques used For Cryptography:
In today‘s age of computers cryptography is often associated with the process
where an ordinary plain text is converted to cipher text which is the text made
such that intended receiver of the text can only decode it and hence this
process is known as encryption.
The process of conversion of cipher text to plain text this is known as decryption.
Features Of Cryptography are as follows:
1. Confidentiality:
Information can only be accessed by the
person for whom it is intended and no
other person except him can access it.
2. Integrity:
Information cannot be modified in storage
or transition between sender and intended
receiver without any addition to
information being detected.
3. Non-repudiation:
The creator/sender of information cannot
deny his or her intention to send
information at later stage.
4. Authentication:
The identities of sender and receiver
are confirmed. As well as
destination/origin of information is
confirmed.

Types Of Cryptography:
In general there are three types Of cryptography:
1. Symmetric Key Cryptography:
It is an encryption system where the sender and receiver of message use a
single common key to encrypt and decrypt messages. Symmetric Key
Systems are faster and simpler but the problem is that sender and receiver
have to somehow exchange key in a secure manner. The most popular
symmetric key cryptography system is Data Encryption System(DES).
2. Hash Functions:

72
There is no usage of any key in this algorithm. A hash value with fixed
length is calculated as per the plain text which makes it impossible for
contents of plain text to be recovered. Many operating systems use hash
functions to encrypt passwords.

73
3. Asymmetric Key Cryptography:
Under this system a pair of keys is used to encrypt and decrypt
information. A public key is used for encryption and a private key is used
for decryption. Public key and Private Key are different. Even if the public
key is known by everyone the intended receiver can only decode it because
he alone knows the private key.

What is the difference between symmetric and asymmetric

cryptography?
With symmetric cryptography, the same key is used for both encryption and
decryption. A sender and a recipient must already have a shared key that is
known to both. Key distribution is a tricky problem and was the impetus for
developing asymmetric cryptography. With asymmetric crypto, two different
keys are used for encryption and decryption. Every user in an asymmetric
cryptosystem has both a public key and a private key. The private key is kept
secret at all times, but the public key may be freely distributed.
Data encrypted with a public key may only be decrypted with the corresponding
private key. So, sending a message to John requires encrypting that message
with John‘s public key.
Only John can decrypt the message, as only John has his private key. Any data
encrypted with a private key can only be decrypted with the corresponding
public key. Similarly, Jane could digitally sign a message with her private key,
and anyone with Jane‘s public key could decrypt the signed message and
verify that it was in fact Jane who sent it.
Symmetric is generally very fast and ideal for encrypting large amounts of data
(e.g., an entire disk partition or database). Asymmetric is much slower and can
only encrypt pieces of data that are smaller than the key size (typically 2048
bits or smaller). Thus, asymmetric crypto is generally used to encrypt
symmetric encryption keys which are then used to encrypt much larger blocks
of data. For digital signatures, asymmetric crypto is generally used to encrypt
the hashes of messages rather than entire messages.
A cryptosystem provides for managing cryptographic keys including
generation, exchange, storage, use, revocation, and replacement of the keys.

What problems does cryptography solve?

A secure system should provide several assurances such as confidentiality, integrity,
and availability of data as well as authenticity and non-repudiation. When used
correctly, crypto helps to provide these assurances. Cryptography can ensure the
confidentiality and integrity of both data in transit as well as data at rest. It can also
authenticate senders and recipients to one another and protect against repudiation.
Software systems often have multiple endpoints, typically multiple clients, and one or
more back- end servers. These client/server communications take place over networks
that cannot be trusted. Communication occurs over open, public networks such as the
Internet, or private networks which may be compromised by external attackers or
malicious insiders.

74
It can protect communications that traverse untrusted networks. There are two main
types of attacks that an adversary may attempt to carry out on a network. Passive
attacks involve an attacker simply listening on a network segment and attempting to
read sensitive information as it travels. Passive attacks may be online (in which an
attacker reads traffic in real-time) or offline (in which an attacker simply captures
traffic in real-time and views it later—perhaps after spending some time decrypting
it). Active attacks involve an attacker impersonating a client or server,

75
intercepting communications in transit, and viewing and/or modifying the contents
before passing them on to their intended destination (or dropping them entirely).
The confidentiality and integrity protections offered by cryptographic protocols such
as SSL/TLS can protect communications from malicious eavesdropping and tampering.
Authenticity protections provide assurance that users are actually communicating
with the systems as intended. For example, are you sending your online banking
password to your bank or someone else?
It can also be used to protect data at rest. Data on a removable disk or in a database
can be encrypted to prevent disclosure of sensitive data should the physical media be
lost or stolen. In addition, it can also provide integrity protection of data at rest to

detect malicious tampering.

Cryptography techniques
Cryptography is closely related to the disciplines of cryptology and
cryptanalysis. It includes techniques such as microdots, merging words with
images, and other ways to hide information in storage or transit. However, in
today's computer-centric world, cryptography is most often associated with
scrambling plaintext (ordinary text, sometimes referred to as cleartext) into
ciphertext (a process called encryption), then back again (known as
decryption). Individuals who practice this field are known as cryptographers.

Modern cryptography concerns itself with the following four objectives:

1. Confidentiality: the information cannot be understood by anyone for

whom it was unintended

2. Integrity: the information cannot be altered in storage or transit between

sender and intended receiver without the alteration being detected

76
3. Non-repudiation: the creator/sender of the information cannot deny at a later
stage his or her intentions in the creation or transmission of the information

77
4. Authentication: the sender and receiver can confirm each other's
identity and the origin/destination of the information
Procedures and protocols that meet some or all of the above criteria are known
as cryptosystems. Cryptosystems are often thought to refer only to
mathematical procedures and computer programs; however, they also include
the regulation of human behavior, such as choosing hard-to-guess passwords,
logging off unused systems, and not discussing sensitive procedures with
outsiders.

78
79
.

80