System-based attacks

These are the attacks which are intended to compromise a computer or a computer
network. Some of the important system-based attacks are as follows-

1. Virus

It is a type of malicious software program that spread throughout the computer

files without the knowledge of a user. It is a self-replicating malicious computer
program that replicates by inserting copies of itself into other computer programs
when executed. It can also execute instructions that cause harm to the system.

2. Worm

It is a type of malware whose primary function is to replicate itself to spread to

uninfected computers. It works same as the computer virus. Worms often
originate from email attachments that appear to be from trusted senders.

3. Trojan horse

It is a malicious program that occurs unexpected changes to computer setting and

unusual activity, even when the computer should be idle. It misleads the user of its
true intent. It appears to be a normal application but when opened/executed some
malicious code will run in the background.

4. Backdoors

It is a method that bypasses the normal authentication process. A developer may

create a backdoor so that an application or operating system can be accessed for
troubleshooting or other purposes.

5. Bots

A bot (short for "robot") is an automated process that interacts with other network
services. Some bots program run automatically, while others only execute
commands when they receive specific input. Common examples of bots program
are the crawler, chatroom bots, and malicious bots.

Cyber threats are security incidents or circumstances with the potential to have a
negative outcome for your network or other data management systems.
Examples of common types of security threats include phishing attacks that result
in the installation of malware that infects your data, failure of a staff member to
follow dataprotection protocols that cause a data breach, or even a tornado that
takes down yourcompany’s data headquarters, disrupting access.

Vulnerabilities are the gaps or weaknesses in a system that make threats possible
and tempt threat actors to exploit them.
Types of vulnerabilities in network security include but are not limited to SQL
injections, server misconfigurations, cross-site scripting, and transmitting sensitive
data in a non- encrypted plain text format.
When threat probability is multiplied by the potential loss that may result, cyber
security experts, refer to this as a risk.

SECURITY VULNERABILITIES, THREATS AND ATTACKS –

Categories of vulnerabilities
 Corrupted (Loss of integrity)
 Leaky (Loss of confidentiality)
 Unavailable or very slow (Loss of availability)
– Threats represent potential security harm to an asset when vulnerabilities are exploited
 Attacks are threats that have been carried out
 Passive – Make use of information from the system without affecting system
resources
 Active – Alter system resources or affect operation
 Insider – Initiated by an entity inside the organization
 Outsider – Initiated from outside the perimeter
Active attacks: An active attack is a network exploit in which a hacker attempts
to make changes to data on the target or data en route to the target.

Types of Active attacks:

Masquerade: in this attack, the intruder pretends to be a particular user of a

system to gain access or to gain greater privileges than they are authorized for. A
masquerade may be attempted through the use of stolen login IDs and passwords,
through finding security gaps in programs or through bypassing the authentication
mechanism.

Session replay: In this type of attack, a hacker steals an authorized user’s log in
information by stealing the session ID. The intruder gains access and the ability to
do anything the authorized user can do on the website.

Message modification: In this attack, an intruder alters packet header addresses

to direct a message to a different destination or modify the data on a target
machine.

In a denial of service (DoS) attack, users are deprived of access to a network or

web resource. This is generally accomplished by overwhelming the target with
more traffic than it can handle.
 In a distributed denial-of-service (DDoS) exploit, large numbers of
compromised systems (sometimes called a botnet or zombie army) attack a single
target.

Passive Attacks: Passive attacks are relatively scarce from a classification

perspective, but can be carried out with relative ease, particularly if the traffic is
not encrypted.

Types of Active attacks:

Eavesdropping (tapping): the attacker simply listens to messages exchanged by

two entities. For the attack to be useful, the traffic must not be encrypted. Any
unencrypted information, such as a password sent in response to an HTTP request,
may be retrieved by the attacker.

Traffic analysis: the attacker looks at the metadata transmitted in traffic in order
to deduce information relating to the exchange and the participating entities, e.g.
the form of the exchanged traffic (rate, duration, etc.). In the cases where
encrypted data are used, traffic analysis can also lead to attacks by cryptanalysis,
whereby the attacker may obtain information or succeed in unencrypting the
traffic.

Software Attacks: Malicious code (sometimes called malware) is a type of

software designed to take over or damage a computer user's operating system,
without the user's knowledge or approval. It can be very difficult to remove and
very damaging. Common malware examples are listed in the following table:

Attack Characteristics
Virus A virus is a program that attempts to damage a computer system and replicate
itself to other computer systems. A virus:

 Requires a host to replicate and usually attaches itself to a host file

or a hard drive sector.
 Replicates each time the host is used.
 Often focuses on destruction or corruption of data.
 Usually attaches to files with execution capabilities such
as .doc, .exe, and .bat extensions.
 Often distributes via e-mail. Many viruses can e-mail themselves
to everyone in your address book.
 Examples: Stoned, Michelangelo, Melissa, I Love You.
Worm A worm is a self-replicating program that can be designed to do any number of
things, such as delete files or send documents via e-mail. A worm can
negatively impact network traffic just in the process of replicating itself. A
worm:

 Can install a backdoor in the infected computer.

 Is usually introduced into the system through a vulnerability.
 Infects one system and spreads to other systems on the network.
 Example: Code Red.
Trojan A Trojan horse is a malicious program that is disguised as legitimate software.
horse Discretionary environments are often more vulnerable and susceptible to
Trojan horse attacks because security is user focused and user directed. Thus
the compromise of a user account could lead to the compromise of the entire
environment. A Trojan horse:

 Cannot replicate itself.

 Often contains spying functions (such as a packet sniffer) or
backdoor functions that allow a computer to be remotely
controlled from the network.
 Often is hidden in useful software such as screen savers or games.
 Example: Back Orifice, Net Bus, Whack-a-Mole.
Logic A Logic Bomb is malware that lies dormant until triggered. A logic bomb is a
Bomb specific example of an asynchronous attack.

 A trigger activity may be a specific date and time, the launching

of a specific program, or the processing of a specific type of
activity.
 Logic bombs do not self-replicate.

Hardware Attacks:
Common hardware attacks include:

 Manufacturing backdoors, for malware or other penetrative

purposes; backdoors aren’t limited to software and hardware, but
they also affect embedded radio- frequency identification (RFID)
chips and memory
 Eavesdropping by gaining access to protected memory without
opening other hardware
 Inducing faults, causing the interruption of normal behavior
 Hardware modification tampering with invasive operations
 Backdoor creation; the presence of hidden methods for bypassing normal
computer authentication systems
 Counterfeiting product assets that can produce extraordinary operations
and those made to gain malicious access to systems.
Cyber Threats-Cyber Warfare: Cyber warfare refers to the use of digital
attacks -- like computer viruses and hacking -- by one country to disrupt the
vital computer systems of another, with the aim of creating damage, death and
destruction. Future wars will see hackers using computer code to attack an
enemy's infrastructure, fighting alongside troops using conventional weapons
like guns and missiles.
Cyber warfare involves the actions by a nation-state or international
organization to attack and attempt to damage another nation's computers or
information networks through, for example, computer viruses or denial-of-
service attacks.
Cyber Crime:
Cybercrime is criminal activity that either targets or uses a computer, a
computer network or a networked device. Cybercrime is committed by
cybercriminals or hackers who want to make money. Cybercrime is carried out
by individuals or organizations.
Some cybercriminals are organized, use advanced techniques and are highly
technically skilled. Others are novice hackers.
Cyber Terrorism:
Cyber terrorism is the convergence of cyberspace and terrorism. It refers to
unlawful attacks and threats of attacks against computers, networks and the
information stored therein when done to intimidate or coerce a government or
its people in furtherance of political or social objectives.
Examples are hacking into computer systems, introducing viruses to
vulnerable networks, web site defacing, Denial-of-service attacks, or terroristic
threats made via electronic communication.
Cyber Espionage:
Cyber spying, or cyber espionage, is the act or practice of obtaining secrets
and information without the permission and knowledge of the holder of the
information from

individuals, competitors, rivals, groups, governments and enemies for personal,

economic, political or military advantage using methods on the Internet.
 CYBERCRIMES: MOBILE AND WIRELESS

INTRODUCTION. Why should mobile devices be protected? Every day, mobile

devices are lost, stolen, and infected. Mobile devices can store important business
and personal information, and are often be used to access University systems,
email, banking
Proliferation of mobile and wireless devices:
 people hunched over their smartphones or tablets in cafes, airports,
supermarkets and even at bus stops, seemingly oblivious to anything or
anyone around them.
 They play games, download email, go shopping or check their bank
balances on the go.
They might even access corporate networks and pull up a document or two on
their mobile gadgets
Today, incredible advances are being made for mobile devices. The trend is for
smaller devices and more processing power. A few years ago, the choice was
between a wireless phone and a simple PDA. Now the buyers have a choice
between high-end PDAs with integrated wireless modems and small phones with
wireless Web-browsing capabilities. A long list of options is available to the
mobile users. A simple hand-held mobile device provides enough computing
power to run small applications, play games and music, and make voice calls. A
key driver for the growth of mobile technology is the rapid growth of business
solutions into hand-held devices.
As the term "mobile device" includes many products. We first provide a clear
distinction among the key terms: mobile computing, wireless computing and
hand-held devices. Figure below helps us understand how these terms are related.
Let us understand the concept of mobile computing and the various types of
devices.
Mobile computing is "taking a computer and all necessary files and software out
into the field." Many types of mobile computers have been introduced since
1990s. They are as follows:

1. Portable computer: It is a general-purpose computer that can be easily

moved from one place to another, but cannot be used while in transit, usually
because it requires some "setting- up" and an AC power source.
2. Tablet PC: It lacks a keyboard, is shaped like a slate or a paper notebook and
has features of a touchscreen with a stylus and handwriting recognition
software. Tablets may not be best suited for applications requiring a physical
keyboard for typing, but are otherwise capable of carrying out most tasks that
an ordinary laptop would be able to perform.
3. Internet tablet: It is the Internet appliance in tablet form. Unlike a Tablet PC,
the Internet tablet does not have much computing power and its applications
suite is limited. Also it cannot

replace a general-purpose computer. The Internet tablets typically feature an MP3

and video player, a Web browser, a chat application and a picture viewer.
4. Personal digital assistant (PDA): It is a small, usually pocket-sized,
computer with limited functionality. It is intended to supplement and
synchronize with a desktop computer, giving access to contacts, address book,
notes, E-Mail and other features.
5. Ultramobile (PC): It is a full-featured, PDA-sized computer running a
general-purpose operating system (OS).
6. Smartphone: It is a PDA with an integrated cell phone functionality. Current
Smartphones have a wide range of features and installable applications.
7. Carputer: It is a computing device installed in an automobile. It operates as a
wireless computer, sound system, global positioning system (GPS) and DVD
player. It also contains word processing software and is Bluetooth compatible.
8. Fly Fusion Pentop computer: It is a computing device with the size and
shape of a pen. It functions as a writing utensil, MP3 player, language
translator, digital storage device and calculator.
Trends in Mobility:
Mobile computing is moving into a new era, third generation ( 3G), which
promises greater variety in applications and have highly improved usability as
well as speedier networking. "iPhone" from Apple and Google-led "Android"
phones are the best examples of this trend and there are plenty of other
developments that point in this direction. This smart mobile technology is rapidly
gaining popularity and the attackers (hackers and crackers) are among its biggest
fans.
It is worth noting the trends in mobile computing; this will help readers to readers
to realize the seriousness of cybersecurity issues in the mobile computing domain.
Figure below shows the different types of mobility and their implications.

The new technology 3G networks are not entirely built with IP data security.
Moreover, IP data world when compared to voice-centric security threats is new to
mobile operators. There are

numerous attacks that can be committed against mobile networks and they can
originate from two primary vectors. One is from outside the mobile network - that
is, public Internet, private networks and other operator's networks - and the other
is within the mobile networks- that is, devices such as data-capable handsets and
Smartphones, notebook computers or even desktop computers connected to the 3G
network.
Popular types of attacks against 3G mobile networks are as follows:
1. Malwares, viruses and worms: Although many users are still in the transient
process of switching from 2G,2.5G2G,2.5G to 3G,3G, it is a growing need to
educate the community people and provide awareness of such threats that exist
while using mobile devices. Here are few examples of malware(s) specific to
mobile devices:
 Skull Trojan: I targets Series 60 phones equipped with the Symbian mobile OS.
  Cabir Worm: It is the first dedicated mobile-phone worm infects phones
running on Symbian OS and scans other mobile devices to send a copy of
itself to the first vulnerable phone it finds through Bluetooth Wireless
technology. The worst thing about this worm is that the source code for the
Cabir-H and Cabir-I viruses is available online.
 Mosquito Trojan: It affects the Series 60 Smartphones and is a cracked
version of "Mosquitos" mobile phone game.
 Brador Trojan: It affects the Windows CE OS by creating a svchost. exe
file in the Windows start-up folder which allows full control of the device.
This executable file is conductive to traditional worm propagation vector
such as E-Mail file attachments.
 Lasco Worm: It was released first in 2005 to target PDAs and mobile
phones running the Symbian OS. Lasco is based on Cabir's source code
and replicates over Bluetooth connection.

2. Denial-of-service (DoS): The main objective behind this attack is to make the
system unavailable to the intended users. Virus attacks can be used to damage
the system to make the system unavailable. Presently, one of the most
common cyber security threats to wired Internet service providers (iSPs) is a
distributed denial-of-service (DDos) attack .DDoS attacks are used to flood the
target system with the data so that the response from the target system is either
slowed or stopped.
3. Overbilling attack: Overbilling involves an attacker hijacking a subscriber's
IP address and then using it (i.e., the connection) to initiate downloads that are
not "Free downloads" or simply use it for his/her own purposes. In either case,
the legitimate user is charged for the activity which the user did not conduct or
authorize to conduct.
4. Spoofed policy development process (PDP): These of attacks exploit the
vulnerabilities in the GTP [General Packet Radio Service (GPRS) Tunneling
Protocol].
5. Signaling-level attacks: The Session Initiation Protocol (SIP) is a signaling
protocol used in IP multimedia subsystem (IMS) networks to provide Voice
Over Internet Protocol (VoIP) services. There are several vulnerabilities with
SIP-based VolP systems.

Credit Card Frauds in Mobile and Wireless Computing Era:

These are new trends in cybercrime that are coming up with mobile computing -
mobile commerce (M-Commerce) and mobile banking (M-Banking). Credit card
frauds are now becoming commonplace given the ever-increasing power and the
ever-reducing prices of the mobile hand-held devices, factors that result in easy
availability of these gadgets to almost anyone. Today belongs to "mobile
compüting," that is, anywhere anytime computing. The developments in wireless
technology have fuelled this new mode of working for white collar workers. This
is true for credit card processing too; wireless credit card processing is a

relatively new service that will allow a person to process credit cards
electronically, virtually anywhere. Wireless credit card processing is a very
desirable system, because it allows businesses to process transactions from mobile
locations quickly, efficiently and professionally. It is most often used by
businesses that operate mainly in a mobile environment

There is a system available from an Australian company "Alacrity" called closed-

loop environment for for wireless (CLEW). Figure above shows the flow of events
with CLEW which is a registered trademark of Alacrity used here only to
demonstrate the flow in this environment.

As shown in Figure, the basic flow is as follows:

1. Merchant sends a transaction to bank
2. The bank transmits the request to the authorized cardholder
3. The cardholder approves or rejects (password protected)
4. The bank/merchant is notified
5. The credit card transaction is completed.

Security Challenges Posed by Mobile Devices:

Mobility brings two main challenges to cybersecurity: first, on the hand-held
devices, information is being taken outside the physically controlled environment
and second remote access back to the protected environment is being granted.
Perceptions of the organizations to these cybersecurity challenges are important in
devising appropriate security operating procedure. When people are asked about
important in managing a diverse range of mobile devices, they seem to be thinking
of the ones shown in below figure.
As the number of mobile device users increases, two challenges are presented: one
at the device level called "micro challenges" and another at the organizational
level called "macro- challenges."
Some well-known technical challenges in mobile security are: managing the
registry settings and configurations, authentication service security, cryptography
security, Lightweight Directory Access Protocol (LDAP) security, remote access
server (RAS) security, media player control security, networking application
program interface (API), security etc.
Registry Settings for Mobile Devices:
Let us understand the issue of registry settings on mobile devices through an
example: Microsoft Activesync is meant for synchronization with Windows-
powered personal computers (PCs) and Microsoft Outlook. ActiveSync acts as the
"gateway between Windows- powered PC and Windows mobile-powered device,
enabling the transfer of applications such as Outlook information, Microsoft
Office documents, pictures, music, videos and applications from a user's desktop
to his/her device.
In addition to synchronizing with a PC, ActiveSync can synchronize directly with
the Microsoft exchange server so that the users can keep their E-Mails, calendar,
notes and contacts updated wirelessly when they are away from their PCs. In this
context, registry setting becomes an important issue given the ease with which
various applications allow a free flow of information.

Authentication Service Security:

There are two components of security in mobile computing: security of devices
and security in networks. A secure network access involves authentication
between the device and the base stations or Web servers. This is to ensure that
only authenticated devices can be connected to the network for obtaining the
requested services. No Malicious Code can impersonate the service provider to
trick the device into doing something it does not mean to. Thus, the networks also
play a crucial role in security of mobile devices.
Some eminent kinds of attacks to which mobile devices are subjected to are: push
attacks, pull attacks and crash attacks.
Authentication services security is important given the typical attacks on mobile
devices through wireless networks: Dos attacks, traffic analysis, eavesdropping,
man-in-the-middle attacks and session hijacking. Security measures in this
scenario come from Wireless Application Protocols (WAPs), use of VPNs, media
access control (MAC) address filtering and development in 802.xx standards.

Attacks on Mobile-Cell Phones:

 Mobile Phone Theft:
 Mobile phones have become an integral part of everbody's life and the mobile
phone has transformed from being a luxury to a bare necessity. Increase in the
purchasing power and availability of numerous low cost handsets have also
lead to an increase in mobile phone users. Theft of mobile phones has risen
dramatically over the past few years. Since huge

section of working population in India use public transport, major locations

where theft occurs are bus stops, railway stations and traffic signals.
The following factors contribute for outbreaks on mobile devices:
1. Enough target terminals: The first Palm OS virus was seen after the
number of Palm OS devices reached 15 million. The first instance of a
mobile virus was observed during June 2004 when it was discovered that
an organization "Ojam" had engineered an antipiracy Trojan virus in older
versions of their mobile phone game known as Mosquito. This virus sent
SMS text messages to the organization without the users' knowledge.
2. Enough functionality: Mobile devices are increasingly being equipped
with office functionality and already carry critical data and applications,
which are often protected insufficiently or not at all. The expanded
functionality also increases the probability of malware.
3. Enough connectivity: Smartphones offer multiple communication
options, such as SMS, MMS, synchronization, Bluetooth, infrared (IR) and
WLAN connections. Therefore, unfortunately, the increased amount of
freedom also offers more choices for virus writers.

 Mobile - Viruses
 Concept of Mishing
 Concept of Vishing
 Concept of Smishing
 Hacking - Bluetooth

Organizational security Policies and Measures in Mobile Computing Era:

Proliferation of hand-held devices used makes the cybersecurity issue graver than
what we would tend to think. People have grown so used to their hand-helds they
are treating them like wallets! For example, people are storing more types of
confidential information on mobile computing devices than their employers or
they themselves know; they listen to music using their-hand-held devices.One
should think about not to keep credit card and bank account numbers, passwords,
confidential E-Mails and strategic information about organization, merger or
takeover plans and also other valuable information that could impact stock values
inthe mobile devices. Imagine the business impact if an employee's USB,
pluggable drive or laptop was lost or stolen, revealing sensitive customer data
suchas credit reports, social securitynumbers (SSNs) and contact information.
Operating Guidelines for Implementing Mobile Device Security Policies
In situations such as those described above, the ideal solution would be to prohibit
all confidential data from being stored on mobile devices, but this may not always
be practical. Organizations can, however, reduce the risk that confidential
information will be accessed from lost or stolen mobile devices through the
following steps:
1. Determine whether the employees in the organization need to use mobile
computing devices at all, based on their risks and benefits within the
organization, industry and regulatory environment.
2. Implement additional security technologies, as appropriate to fit both the
organization and the types of devices used. Most (and perhaps all) mobile
computing devices will need to have their native security augmented with
such tools as strong encryption, device passwords and physical locks.
Biometrics techniques can be used for

authentication and encryption and have great potential to eliminate the

challenges associated with passwords.
3. Standardize the mobile computing devices and the associated security tools
being used with them. As a matter of fundamental principle, security
deteriorates quickly as the tools and devices used become increasingly
disparate.
4. Develop a specific framework for using mobile computing devices, including
guidelines for data syncing, the use of firewalls and anti-malware software and
the types of information that can be stored on them.
5. Centralize management of your mobile computing devices. Maintain an
inventory so that you know who is using what kinds of devices.,
6. Establish patching procedures for software on mobile devices. This can
often be simplified by integrating patching with syncing or patch
management with the centralized
7. Provide education and awareness training to personnel using mobile devices.
People cannot be expected to appropriately secure their information if they
have not been told how.

Organizational Policies for the Use of Mobile Hand-Held Devices

There are many ways to handle the matter of creating policy for mobile devices.
One way is creating distinct mobile computing policy. Another way is including
such devices existing policy. There are also approaches in between where mobile
devices fall under both existing policies and a new one.In the hybrid approach, a
new policy is created to address the specific needs of the mobile devices but more
general usage issues fall under general IT policies. As a part of this approach, the
"acceptable use" policy for other technologies is extended to the mobile devices.
Companies new to mobile devices may adopt an umbrella mobile policy but they
find over time the the they will need to modify their policies to match the
challenges posed by different kinds of mobile hand-held devices. For example,
wireless devices pose different challenges than non-wireless Also, employees who
use mobile devices more than 20%% of the time will have different requirements
than less-frequent users. It may happen that over time, companies may need to
create separate policies for the mobile devices on the basis of whether they
connect wirelessly and with distinctions for devices that connect to WANs and
LANs .