Cyber Security – Unit 2 Notes

Introduction: Cybersecurity is the practice of protecting computer systems, networks and data from
unauthorized access or damage 1 . In today’s digital world, attackers use sophisticated techniques to
steal information or disrupt systems. For example, a major breach in 2017 exposed personal data of 147
million people 2 . The annual global cost of cybercrime is skyrocketing – estimated at \$8.4 trillion in
2022 and projected to exceed \$23 trillion by 2027 3 . Such figures underscore why cybersecurity is
critical for individuals, businesses and governments. According to security experts, effective cyber
defense involves safeguarding the Confidentiality, Integrity and Availability (CIA) of data 4 (see
below). However, rapidly evolving threats and a shortage of skilled professionals make cybersecurity
challenging.

Figure: Modern cybersecurity involves protecting digital devices and networks (image: security technology
illustration).

Importance and Challenges in Cyber Security

• Why it matters: Cyber attacks can ruin company reputation and lead to legal consequences 5 .
Businesses now spend heavily on security (e.g. worldwide security spending was \$184 billion in
2024 and expected to reach \$294 billion by 2028 6 ). This reflects how vital protecting data,
finances and critical infrastructure has become.
• Key challenges: Threats continuously evolve – from sophisticated state-sponsored attacks to
common fraud. The human factor (phishing, social engineering) remains a weak link. Many
organizations face a talent gap in cybersecurity expertise. Ensuring up-to-date defenses against
unknown vulnerabilities and attack methods is an ongoing battle.

Cyberspace and Cyber Threats

Cyberspace: This is the virtual environment of interconnected information systems and networks,
including the Internet and all online services. One definition describes cyberspace as “a time-dependent
set of interconnected information systems and the human users” interacting with them 7 . In other
words, cyberspace spans all digital communication (email, web, cloud, social media, industrial controls,
etc.).

Cyber Threats: A cyber threat is any action or event that can compromise digital security. Threats can be
malware (viruses, ransomware), network attacks (DDoS, man-in-the-middle), or human-driven schemes
(phishing, insider attacks). A cyberattack is a malicious attempt to access or damage computer systems
without authorization 8 . Common motives include financial gain (stealing credit card data), espionage
(stealing secrets), or disruption (disabling services). For example, in the 2013 Target breach, attackers
first sniffed network traffic for credentials, then used stolen vendor logins to install malware and steal
customer credit cards 9 10 .

The CIA Triad (Core Goals)

• Confidentiality: Ensuring information is accessible only to authorized users. Encryption, access

controls and secure protocols help protect confidentiality.

1
 • Integrity: Ensuring data remains accurate and unaltered except by authorized changes.
Integrity checks and permissions prevent unauthorized modification.
• Availability: Ensuring systems and data are available when needed (uptime). Redundancy,
backups and robust architectures guard availability against attacks or failures.
Together, these three principles guide all security efforts 4 : data must be kept secret (C),
accurate (I), and accessible to legitimate users (A).

Cyber Warfare

Cyber warfare involves state-sponsored attacks between countries. It is “usually defined as a cyber
attack or series of attacks that target a country” and has the potential to disrupt critical government
and civilian infrastructure 11 . Such attacks can cripple power grids, communications or military
systems. Typically, one nation’s military or intelligence group launches cyber operations (like espionage
or sabotage) against another 12 . For example, the Stuxnet computer worm (circa 2010) is a famous
cyber weapon that targeted Iranian nuclear facilities. In cyber warfare, motives range from stealing
state secrets (espionage) to “logic bombs” aiming for destruction. Unlike isolated hacks, cyber warfare is
deliberate and often has geopolitical objectives 11 .

Hackers and Cyber Crimes

Types of Hackers

Hackers are individuals who use technical skills to exploit systems. They are commonly categorized by
intent:
- White Hat (Ethical) Hackers: Skilled security experts hired to test and improve system defenses. They
“explore and improve systems” and share their findings to enhance cybersecurity 13 . Their work (e.g.
penetration testing) helps patch vulnerabilities before criminals can exploit them.
- Black Hat Hackers (Crackers): Malicious attackers who breach systems for personal gain or harm.
They “break into a system for benefits,” often stealing data or causing damage 14 . Black hats create
and use malware to steal information, defraud users or disrupt services.
- Gray Hat Hackers: Those who work in between – e.g. finding vulnerabilities without permission. A
gray hat might breach a system without consent but then notify the owner (sometimes asking for
payment) 15 . Their actions are still illegal, since they lack prior authorization, even if no harm is
intended.
- Script Kiddies and Others: Inexperienced hackers (often called “script kiddies”) who use pre-made
hacking tools. They typically lack deep skills and rely on existing malware. Script kiddies’ intentions are
usually malicious (like vandalism or bragging) but they just run others’ code 16 . Other hacker types
include Hacktivists (political motives), State-sponsored (military/government hackers), and Insider
Threats (disgruntled employees).

Figure: Hackers often hide behind anonymity (image: illustration of people in Guy Fawkes masks, symbolizing
concealed identity).

Hackers vs. Crackers

The term “cracker” specifically refers to malicious hackers (i.e. black hats). While “hacker” can be generic,
white-hat hackers are ethical and black-hat crackers are evil 14 . A handy way to distinguish: hackers
improve security (or explore systems legally) 13 , whereas crackers illegally breach systems for
personal gain 14 . Crackers often use stolen tools and avoid legal accountability, while hackers may be
certified professionals (like “Certified Ethical Hackers”) working openly to protect systems 17 .

2
Cyber Attacks and Vulnerabilities

A vulnerability is a flaw or weakness in a system that attackers can exploit (e.g. unpatched software
bugs, weak passwords, misconfigurations). Attackers scan and probe networks to find such
vulnerabilities. Common cyber-attacks include:
- Phishing: Trick users into revealing credentials or installing malware.
- Denial-of-Service (DoS): Flood a service so legitimate users cannot access it.
- SQL Injection, XSS: Exploit coding flaws to run unauthorized queries or scripts.
While specific attacks vary, they all rely on exploiting vulnerabilities (known or zero-day) in networks and
applications. Defense requires regular updates, strong authentication, and intrusion detection systems.

Malware Threats
Malware is malicious software designed to harm systems or steal data. Key types include:
- Virus: A piece of code that attaches itself to legitimate programs or files and executes when the host
runs 18 . Viruses require human action to spread (e.g. opening an infected file). Once active, they can
corrupt data, delete files or replicate into other programs 19 .
- Worm: A standalone program that self-replicates without needing a host file 20 . Worms exploit
network or OS vulnerabilities to spread automatically across machines (e.g. via email or open network
shares). Because they don’t need user action, worms can multiply rapidly and consume bandwidth or
system resources 20 .
- Trojan Horse: Malicious software disguised as legitimate (e.g. a fake utility or game) 21 . Unlike
viruses, Trojans do not self-replicate. They trick users into installing them. Once inside, Trojans can open
backdoors, steal sensitive data (passwords, banking info) or give remote control to the attacker 21 . For
example, a Trojan might appear as a useful PDF reader but silently log keystrokes.
- Backdoor: A hidden method (or program) that bypasses normal authentication to grant access to a
system 22 . Attackers plant backdoors to maintain future access. For instance, a Trojan might open a
backdoor listener on a secret port, allowing the attacker to connect later. In short, a backdoor is any
method that “gets around normal security measures” to give high-level access 22 .
- Other Malware: Spyware, ransomware, rootkits, etc., are also serious threats. Rootkits and
steganography (hiding data in images) help malware stay hidden on infected systems 23 24 .

Phases and Techniques of Attack

Cyber attacks often follow a chain of steps. Key phases include:

• Sniffing (Reconnaissance): Capturing network traffic to gather information. Using packet

sniffers, attackers can intercept data on the network (like usernames, session cookies) 25 .
Sniffing is akin to tapping phone lines; it allows attackers to steal sensitive traffic (HTTP, FTP
passwords, emails) if not encrypted 25 .

• Gaining Access: Once vulnerabilities are identified, attackers bypass access controls to enter a
system. Common methods are password cracking (brute force, dictionary attacks), social
engineering (phishing for credentials), or exploiting known software flaws 26 . The goal is to
gain at least a low-privileged user account on the target.

• Escalating Privileges: After initial access, attackers seek higher rights (e.g. root or admin). They
exploit system flaws or misconfigurations to elevate privileges 26 . With administrative access,
attackers can view sensitive files, install malicious programs, or modify system settings 27 26 .

3
 • Executing Malicious Applications: Attackers then install or run malware to maintain and
expand their access. Techniques include deploying Trojans, spyware, backdoors or keyloggers
28 . For example, a Trojan might create a remote shell, or a keylogger might record all

keystrokes. These tools help the attacker stay connected to the system and perform harmful
actions remotely 28 .

• Hiding Malicious Files: To avoid detection, attackers conceal their activities. They use rootkits
and steganography to hide malware and logs 23 . Rootkits, for example, can embed deep in the
OS to hide files and processes 23 . Attackers may also encrypt or rename files so antivirus scans
miss them.

• Covering Tracks: Finally, attackers erase evidence of their presence. This includes clearing log
files, disabling auditing, and removing or tampering with records 29 30 . By wiping or
manipulating logs, the attackers make it difficult for system administrators to trace the intrusion
29 . This ensures they can remain hidden for future exploits.

Each phase can be countered with proper defenses (network encryption against sniffing, strong
passwords and patching against privilege escalation, file integrity monitoring against hiding, etc.). As
noted in security studies, attackers “wipe out the entries” of their activities in system logs to stay
undetected 30 .

Sample Exam Questions and Answers

1. Q: What is Cyber Security, and why is it important? Describe major challenges in ensuring cyber
security.
A: Cyber security is the practice of protecting computer systems, networks and data from
unauthorized access or attack. It’s important because modern society relies on digital systems
for banking, healthcare, infrastructure, and personal communication. A breach can cause
financial loss, legal issues, or threats to safety (for example, hacking medical devices).
Cybercrime costs are enormous – global cybercrime losses were over \$4.88 million per incident
on average in 2024 31 , and are projected to rise dramatically. Major challenges include the rapid
evolution of threats (new malware, AI-driven attacks), human factors (e.g. phishing targets
unaware users), and resource gaps (shortage of skilled security professionals). Defending all
endpoints (computers, phones, IoT devices) and keeping up with frequent software
vulnerabilities add to the difficulty.

2. Q: Explain the CIA Triad in Cyber Security with examples.

A: The CIA Triad is a foundational model:

3. Confidentiality: Ensures only authorized parties can read data. Example: Encrypting medical
records so only doctors with a key can view them.
4. Integrity: Ensures data is accurate and unaltered. Example: Using checksums or digital
signatures so that bank transaction data can’t be tampered with undetected.

5. Availability: Ensures systems and data are accessible when needed. Example: Having redundant
servers and DDoS protection so an online service stays up even under attack.
All three are crucial. For instance, a hospital must keep patient data secret (confidentiality),
ensure it isn’t corrupted (integrity), and have systems running 24/7 (availability).

4
 6. Q: Define “cyberspace”. List common cyber threats and give real-world examples.
A: Cyberspace refers to the interconnected network of information systems (computers, servers,
networks, and human users) that make up the Internet and other digital environments 7 .
Common threats include:

7. Malware (Viruses, Worms, Trojans): Programs that damage or steal data. Example: The
“ILOVEYOU” virus (2000) was a worm that caused billions in damage by infecting millions of PCs
via email.
8. Phishing: Fake emails/websites that trick users into giving credentials. Example: Many large data
breaches start with employees falling for phishing mails that capture login passwords.
9. Ransomware: Malware that encrypts files and demands payment. Example: The 2017 WannaCry
attack infected hundreds of thousands of computers worldwide, encrypting files until a ransom
was paid.
10. Denial-of-Service (DoS/DDoS): Overloading a service to make it unavailable. Example: Mirai
botnet outages (2016) disrupted major websites and took down large portions of the Internet
temporarily.
11. SQL Injection/XSS: Attacks on web applications to steal databases or hijack sessions. Example:
Attackers exploiting a website flaw to extract customer records or credit card info.

12. Insider Threats: Employees or contractors who misuse access. Example: A disgruntled worker
copying proprietary code or leaking company secrets.

13. Q: What is cyber warfare? How is it different from ordinary cybercrime? Give examples.
A: Cyber warfare involves nation-state actors using cyber attacks as part of military or political
conflict. It usually targets a country’s critical infrastructure (power grids, communications,
defense) to cause disruption or gather intelligence 11 . Unlike ordinary cybercrime (which is
often financially motivated and by individual criminals), cyber warfare has geopolitical aims. For
example, the Stuxnet attack (circa 2010) reportedly involved state actors embedding a computer
worm to sabotage Iran’s nuclear centrifuges. Another example is the Russian cyber attacks on
Ukraine’s power grid (2015), which caused widespread blackouts. Cyber warfare actions can even
cause physical damage or loss of life, and are sometimes called the “5th domain” of warfare.

14. Q: Describe types of hackers. How do “white hat” hackers differ from “black hat” hackers and
“crackers”?
A: Types of hackers include:

15. White Hat (Ethical) Hackers: Security professionals who legally hack systems to find
vulnerabilities and improve defenses. They may work for companies doing “penetration testing”.
16. Black Hat Hackers: Criminals who illegally break into systems for personal gain or mischief.
Often steal data or install malware for profit.
17. Gray Hat Hackers: Those who operate between legal and illegal – for example, hacking a site
without permission but then notifying the owner (sometimes asking for a reward). Their intent
may not be malicious, but they haven’t followed the law.

18. Script Kiddies: Inexperienced hackers who use existing tools. They usually don’t understand the
code fully but run others’ malware for fun or to cause trouble.
The term “cracker” specifically refers to malicious hackers (black hats) whose goal is criminal. In
summary, white hats protect and never damage data, whereas black hats (crackers) are
unethical and break the law 32 33 .

5
 19. Q: Explain how a hacker might gain control of a system: include sniffing, access, privilege escalation,
and covering tracks.
A: A typical hacking sequence:

20. Sniffing: The attacker first monitors network traffic, using a packet sniffer to intercept
unencrypted data 25 . This may reveal login credentials or system info. Sniffing is like
wiretapping digital communications.
21. Gaining Access: Next, the attacker exploits a vulnerability or cracks a password to enter the
system 26 . For instance, they might guess weak passwords (brute force) or use stolen
credentials from the sniffing phase.
22. Escalating Privileges: Once inside as a normal user, the attacker looks for ways to become an
administrator (privilege escalation). They exploit OS flaws or misconfigurations so they gain full
control 26 . Higher privileges allow them to view sensitive files, install software, etc.
23. Executing Malware: The attacker installs malicious tools (Trojans, backdoors, keyloggers) to
maintain remote access and carry out their goals 28 . For example, they might place a backdoor
Trojan so they can re-enter the system at will.
24. Hiding Files: To stay hidden, they use techniques like rootkits or steganography to conceal
malware files and activities 23 . This prevents antivirus and admins from easily spotting their
presence.

25. Covering Tracks: Finally, they erase evidence. They clear system logs and disable auditing to
hide their actions 29 . This ensures that the breach is not discovered and the attacker remains
undetected.

26. Q: Define viruses, worms, trojan horses, and backdoors. How do they differ?
A:

27. Virus: Malicious code that attaches itself to a legitimate program or file 18 . It requires the host
program to run in order to activate. It can then corrupt files or spread to other programs (usually
via user actions like opening infected files).
28. Worm: A standalone malware that self-replicates without needing a host or user action 20 .
Worms exploit network connections or vulnerabilities to propagate automatically between
computers, often causing network congestion or system crashes.
29. Trojan Horse: Malicious software disguised as something harmless 21 . It does not replicate
itself. Instead, users are tricked into installing it. Once inside, it can steal data, create a backdoor,
or perform other harmful actions.
30. Backdoor: A hidden entry point into a system that bypasses normal security (often installed by
malware). It lets attackers gain high-level access at will 22 . For example, a Trojan might install a
backdoor so the attacker can later log in without alerting defenses.
In summary, viruses need a host program and user action to spread, worms spread
automatically on networks, Trojans masquerade as benign applications, and backdoors are
secret methods for persistent access 18 22 .

1 2 4 5 6 8 What is Cybersecurity and Why is It Important? | SNHU

https://www.snhu.edu/about-us/newsroom/stem/what-is-cyber-security

3 31 35 cybersecurity statistics to lose sleep over in 2025

https://www.techtarget.com/whatis/34-Cybersecurity-Statistics-to-Lose-Sleep-Over-in-2020

7 CCDCOE
https://ccdcoe.org/library/publications/cyberspace-definition-and-implications/

6
 9 5 Phases of Hacking - GeeksforGeeks
https://www.geeksforgeeks.org/ethical-hacking/5-phases-hacking/

10 23 24 26 27 28 29 30 eccouncil.org
https://www.eccouncil.org/wp-content/uploads/2023/03/System-Hacking.pdf

11 12 What is Cyber Warfare | Types, Examples & Mitigation | Imperva

https://www.imperva.com/learn/application-security/cyber-warfare/

13 14 17 32 33 Difference between Hackers and Crackers - GeeksforGeeks

https://www.geeksforgeeks.org/computer-networks/difference-between-hackers-and-crackers/

15 16 Types of Hackers: White Hat, Black Hat, Gray Hat & More
https://www.avg.com/en/signal/types-of-hackers

18 19 20 21 Difference Between Virus, Worm and Trojan Horse - GeeksforGeeks

https://www.geeksforgeeks.org/computer-networks/difference-between-virus-worm-and-trojan-horse/

22 Backdoor computing attacks – Definition & examples | Malwarebytes

https://www.malwarebytes.com/backdoor

25 Sniffing attack - Wikipedia

https://en.wikipedia.org/wiki/Sniffing_attack