Information Technology and Ethics/Cyber-Crimes
<
Information Technology and Ethics
Jump to navigation
Jump to search
Contents
· 1Types of Cybercrime
· 1.1Cyber-assisted Crimes
· 1.2Cyberexacerbated Crimes
· 1.3Cyberspecific Crimes
· 2Types of Cyber Attacks
· 2.1Malware
· 2.1.1Viruses
· 2.1.2Worms
· 2.1.3Trojans
· 2.1.4Spyware
· 2.1.5Adware
· 2.1.6Rootkit
· 2.2Phishing
· 2.2.1Types of Phishing Attacks
· 2.3Password Attacks
· 2.3.1Types of Password Attacks
· 2.3.1.1Dictionary Attacks
· 2.3.1.2Brute Force Attacks
· 2.3.1.3Hybrid/Combinatorial Attacks
· 2.4Denial-of-Service(DOS) Attacks
· 2.4.1DoS Attack Categories
· 2.4.2HTTP Attack
· 2.4.2.1Working of HTTP Attacks
· 2.4.2.2Mitigating HTTP Attacks
· 2.5Man in the Middle (MITM)
· 2.5.1Man in the Middle Attack Progression
· 2.5.1.1Interception
· 2.5.1.2Decryption
· 2.5.2Man in the Middle Attack Prevention
· 2.6Ransomware
· 2.6.1Types of ransomware
· 2.7Drive-by Downloads
· 2.8Website Application Attacks
· 2.8.1SQL Injection Attacks
· 2.8.1.1Types of SQL Injection Attacks
· 2.8.1.1.1
# 1 In-band SQLi
· 2.8.1.1.2
# 2 Inferential SQLi (Blind SQLi)
· 2.8.1.1.3
# 3 Out-of-Band SQLi
· 2.8.2Cross-Site Scripting Attacks
· 2.9Safeguards
· 3Types of Cyber Criminals
· 3.1Who are cyber criminals?
· 3.1.1Black Hat
· 3.1.2Identity Thieves
· 3.1.3Cyber Terrorism
· 3.1.4Internet Stalkers
· 3.1.5Script kiddies
· 3.1.6Scammers
· 3.1.7Spammers
· 3.1.8Hacker activist groups
· 3.1.9Phishers
· 3.1.10Political/Religious/Commercial groups
· 3.1.11Professional Cybercriminals
· 4Reason for Attacks
· 4.1Political
· 4.2Social and Cultural
· 4.3Economic
· 5Impact on
· 6Prevention and Detection
· 6.1Prevention
· 6.2Detection
· 6.3Security Audit
· 6.3.1Types of Audits
· 7References
Types of Cybercrime[
edit
|
edit source
]
Crime has evolved with the advancements of the internet and social media. The parallel between technology and the types of crimes that are committed is astonishing. As technology became more readily available to the masses, the types of crimes committed shifted over time. A clear distinction has been formed based on the involvement of cybertechnology in crime. Crimes that would not exist or be possible without the existence of cybertechnology are true Cybercrimes. To be most accurate, these crimes can be classified as cyberspecific crimes. Crimes that can be committed that do not necessarily need cybertechnology to be possible, but are made easier by its existence, are known as cyber-related crimes. Of Cyber-related crimes, there are two distinct categories that can be identified. The first are Cyber-assisted crimes. These are crimes in which cybertechnology is simply used to aid a crime, such as committing tax fraud or being assaulted with a computer. The other category is known as Cyberexacerbated crimes, which are crimes that have increased significantly due to cybertechnology.
[1]
Cyber-assisted Crimes[
edit
|
edit source
]
Cyber-assisted crimes are the most basic crimes that can be committed with the use of cybertechnology. Put simply, these are essentially normal crimes that have occurred throughout time on a regular basis. The only difference is that cybertechnology has played some small part in the crime. Property damage, for example, is one kind of cyber-assisted crime. If someone destroys your computer or cell-phone, it constitutes as property damage but can also be classified as a cyber-assisted crime. Similarly, if you are assaulted with a phone, printer, computer or other device, the attack constitutes as assault but can also be classified as a Cyber-assisted crime.
The most common type of cyber-assisted crime that you will see is fraud. Fraud typically is a crime that does not require much thought to actually commit. As a crime, it has always been relatively easy to commit. With the use of cybertechnology, it only becomes much easier to actually carry out from start to finish.
Cyberexacerbated Crimes[
edit
|
edit source
]
Cyberexacerbated crimes are a type of cyber-related crime, but they are much worse than cyber-assisted crimes. These crimes have increased significantly due to cybertechnology. Most crimes have evolved to maintain their own categories due to the shear volume of crimes and their slight uniqueness due to their ease with the use of cybertechnology.
Cyberbullying is defined as the “intentional and repeated harm inflicted on people through the use of computers, cellular telephones, and other electronic devices.”
[2]
Previously something that happened offline only, cyberbullying is a huge crime that leads to victims suffering from low self-esteem, depression, and sometimes even driving them to commit suicide. With the use of the internet, it is possible for people to receive thousands of hateful comments from individuals at a single time.
Cyberstalking is exactly what one would think, except occuring in a digital space. Cybertechnology allows for criminals to keep tabs on people, watching all of their online activity and making it very uncomfortable for victims to even want to utilize things such as their own personal social media. Perhaps the most disconcerting thing is that the perpetrator can always be online.
Internet pedophilia and pornography are some of the more disturbing cyberexacerbated crimes. Due to the ability for communities of like minded individuals to be easily formed online, pedophiles are able to form online communities and facilitate the creation and dissemination of child pornography.
Cyberspecific Crimes[
edit
|
edit source
]
Cyberspecific crimes don’t exist without the internet as we know it. Because of that, these are the most unique cybercrimes and could be considered as the only “true” cybercrimes. Cybertrespassing is one of these crimes. At its core, cybertrespassing takes its roots from actual trespassing. Essentially, perpetrators gain access to stores of information that they otherwise should not have access to because of the lack of permissions. The reason why this is so dangerous is because it opens the door for cybertrespassing to easily become a data breach if information is taken.
Cybervandalism is another form cyberspecific crime. Taking its roots from actual vandalism, cybervandalism began harmlessly with the defacing of websites on the internet. While annoying, it didn’t necessarily present any damage. It wasn’t until cyberattacks with the intent of harming computers were created that cybervandalism became a huge issue.
Types of Cyber Attacks[
edit
|
edit source
]
Viruses are pieces of computer programming code that causes a computer to behave in an undesirable way. Viruses can be attached to files or stored in the computer’s memory. Viruses may be programmed to different things such when they are downloaded or activated by a specific action for example viruses attached to file will infect that computer and any file created or modified on that machine. Viruses may also have programmed to display a message when certain activities are performed to execute the virus. Worms like viruses bury themselves in the memory of a machine and then duplicates itself with help from any help. It can send itself through emails and other connections. Phishing is when hackers try to obtain financial or other confidential information from Internet users, typically by sending an e-mail that looks as if it is from a legitimate organization, usually a financial institution, but contains a link to a fake Web site that replicates the real one. These con - artists urge the recipient of such emails to take action for rewards or avoid consequences. Hackers may use a backdoor within a computer system that is vulnerable, this allows them to remain undetected while they access important information. Key-logger programs allow attackers to view information that has been logged into a particular machine undetected.
Botnets
are a collection of computers that could be spread around the world they are connected to the internet, they are controlled by one single computer.
PhishingTrustedBank
Malware[
edit
|
edit source
]
Malware is a term denoted for malicious software that spreads from computers and interferes with computer operations. Malware may be destructive, for example, deleting files or causing system ‘crashes’, but may also be used to steal personal data. Below is an outline of the most common forms of malware.
Viruses[
edit
|
edit source
]
Viruses are a standout amongst the most surely understood sorts of malware. A computer virus is like a flu virus designed to spread from host to host by replicating itself. [1]They require a host, (for example, a document, file or spreadsheet) in a computer to go about as a 'carrier', yet they can't contaminate a computer without human activity to run or open the tainted record. In more technical term, a computer virus is a malicious code programmed to alter the way the computer operates and designed to spread form one system to another. A virus operates by inserting or attaching itself to a legitimate program or document that supports macros in orders to execute the code. In this process, virus can cause damaging effects and cripple the host entirely after it made copies of itself.
Once a virus has successfully attached to a program, file, or document, the virus will lie dormant until circumstances cause the computer or device to execute its code. For a virus to infect your computer, you have to run the infected program, which in turn causes the virus code to be executed. This means that a virus can remain dormant on your computer, without showing major signs or symptoms. However, once the virus infects your computer, the virus can infect other computers on the same network. Stealing passwords or data, logging keystrokes, corrupting files, spamming your email contacts, and even taking over your machine are just some of the devastating and irritating things a virus can do.
Worms[
edit
|
edit source
]
Worms are also self-replicating programs, yet they can spread independently, inside and between computers, without requiring a host or any human activity. The effect of worms can therefore be more extreme than viruses, creating destruction across entire networks. Worms can also be utilized to drop trojans into the network. Before the widespread use of networks, computer worms were spread through infected storage media, such as floppy diskettes. When mounted on a system, these floppies would infect other storage devices connected to the victim system. USB drives are still a common vector for computer worms.
[3]
Computer worms often rely on the actions of, and vulnerabilities in, networking protocols to propagate. For example, the WannaCry ransomware worm exploited a vulnerability in the first version of the Server Message Block (SMBv1) resource sharing protocol implemented in the Windows operating system. Once active on a newly infected computer, the WannaCry malware initiates a network search for new potential victims: systems that respond to SMBv1 requests made by the worm. The worm can continue to propagate within an organization in this way. When a bring your own device is infected, the worm can spread to other networks.
Difference between Worms and Viruses: As defined in the "Security of the Internet" report, released in 1996 by the CERT Division of the Software Engineering Institute at Carnegie Mellon University, Computer Worms "are self-replicating programs that spread with no human intervention after they are started." In contrast, "Viruses are also self-replicating programs, but usually, require some action on the part of the user to spread inadvertently to other programs or systems." After a computer worm loads and begins running on a newly infected system, it will typically follow its prime directive: to remain active on an infected system for as long as possible and to spread to as many other vulnerable systems as possible
Trojans[
edit
|
edit source
]
Trojans are a type of malware that gives off an impression of being genuine projects yet encourage illicit access to a computer. They can perform capacities, for example, taking information, without the client's learning and may trap clients by undertaking a normal errand while really undertaking covered up, unapproved activities. Unlike a computer virus, a Trojan horse is not able to replicate itself, nor can it propagate without an end user's assistance. This is why attackers must use social engineering tactics to trick the end user into executing the Trojan. Typically, the malware programming is hidden in an innocent-looking email attachment or free download. When the user clicks on the email attachment or downloads the free program, the malware that is hidden inside is transferred to the user's computing device. Once inside, the malicious code can execute whatever task the attacker designed it to carry out.
The term Trojan horse stems from Greek mythology. According to legend, the Greeks built a large wooden horse that the people of Troy pulled into the city. During the night, soldiers who had been hiding inside the horse emerged, opened the city's gates to let their fellow soldiers in and overran the city. Here is one example of how a Trojan horse might be used to infect a personal computer, the victim receives an official-looking email with an attachment. The attachment contains malicious code that is executed as soon as the victim clicks on the attachment. Because nothing bad happens and the computer continues to work as expected, the victim does not suspect that the attachment is a Trojan horse and his computing device is now infected. The malicious code resides undetected until a specific date or until the victim carries out a specific action, such as visiting a banking website. At that time, the trigger activates the malicious code and carries out its intended action. Depending upon how the Trojan has been created, it may delete itself after it has carried out its intended function, it may return to a dormant state or it may continue to be active.
Some notable trojans
1. Netbus – 1998 (published)
2. Sub7 by Mobman – 1999 (published)
3. Back Orifice – 1998 (published)
4. Y3K Remote Administration Tool by E&K Tselentis – 2000 (published)
5. Beast – 2002 (published)
6. Bifrost Trojan – 2004 (published)
7. DarkComet – 2008 (published)
8. Blackhole exploit kit – 2012 (published)
9. Gh0st RAT – 2009 (published)
10. MegaPanzer BundesTrojaner – 2009 (published)
Spyware[
edit
|
edit source
]
Spyware is programming that attacks clients' security by get-together touchy or individual data from tainted frameworks and observing the sites went by. This data may then be transmitted to outsiders. Spyware can now and again be covered up inside adware (free and here and there undesirable programming that obliges you to watch commercials keeping in mind the end goal to utilize it). One case of spyware is key-logging programming, which catches, and advances keystrokes made on a computer, empowering gathering of touchy information, for example, passwords or ledger points of interest. Another sort of spyware catches screenshots of the casualty's computer. Spyware is thought to be a standout amongst the most perilous types of malware as its goal is simply to attack protection.
Adware[
edit
|
edit source
]
Adware (short for advertising-supported software) is a type of malware that automatically delivers advertisements. Common examples of adware include pop-up ads on websites and advertisements that are displayed by software. Often times software and applications offer “free” versions that come bundled with adware. Most adware is sponsored or authored by advertisers and serves as a revenue generating tool. While some adware is solely designed to deliver advertisements, it is not uncommon for adware to come bundled with spyware (see below) that is capable of tracking user activity and stealing information. Due to the added capabilities of spyware, adware/spyware bundles are significantly more dangerous than adware on its own.
Rootkit[
edit
|
edit source
]
A rootkit is a type of malicious software designed to remotely access or control a computer without being detected by users or security programs. Once a rootkit has been installed it is possible for the malicious party behind the rootkit to remotely execute files, access/steal information, modify system configurations, alter software (especially any security software that could detect the rootkit), install concealed malware, or control the computer as part of a botnet. Rootkit prevention, detection, and removal can be difficult due to their stealthy operation. Because a rootkit continually hides its presence, typical security products are not effective in detecting and removing rootkits. As a result, rootkit detection relies on manual methods such as monitoring computer behavior for irregular activity, signature scanning, and storage dump analysis. Organizations and users can protect themselves from rootkits by regularly patching vulnerabilities in software, applications, and operating systems, updating virus definitions, avoiding suspicious downloads, and performing static analysis scans.
Phishing[
edit
|
edit source
]
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. There are various forms of phishing attacks on channels such as emails, social software, websites, portable storage devices and cell phones. There are several different ways of trying to drive users to a fake website:
Types of Phishing Attacks[
edit
|
edit source
]
· Spam e-mail, a spoof email which will distract customers to look similar to a bank email, or from any financial institution.
· Hostile profiling, a targeted version of the above method: the cyber criminal exploits web sites that use e-mail addresses for user registration or secret key reminders and directs the phishing trick at specific users (requesting that they affirm passwords, etc.). Introduce a Trojan that edits the hosts file, so that when the casualty tries to browse to their bank‟s web site, they are re-directed to the fake site.
· ‘Spear phishing’, an attack on a specific organization in which the phisher simply asks for one employee‟s details and uses them to gain wider access to the rest of the network.
[4]
· 'Whale Fishing' is a type of spear phishing where the target of the attack is someone with a high profile within a company or organization. These individuals are usually the CEO, CFO, COO, etc, because they will have sensitive information that once stolen, will be used for a malicious reason such as ransom.
[5]
· Traditional type of phishing attack is Not all phishing attacks work in the manner just described.
· The “rock-phish" gang3 has adapted its attack strategy to evade detection and maximize phishing site accessibility. It has separated out the elements of the attack while including redundancy in the face of take-down requests. The pack first purchases a number of area names with short, generally meaningless, names, for example, lof80.info. The email spam then contains a long URL, for example,
http://www.bank.com.id123.lof80.info/vr
where the main part of the URL is intended to make the site appear genuine and a mechanism, for example, `wildcard DNS‟ can be used to resolve every single such variation to a specific IP address. It then maps each of the space names to a dynamic pool of compromised machines as per a pack controlled name server. Each compromised machine runs an intermediary system that relays requests to a backend server system. This server is loaded with a large number (up to 20 at a time) of fake bank websites, all of which are available from any of the stone phish machines. However, which bank site is reached depends solely upon the URLpath, after the main „/‟. (Because the group uses proxies, the real servers – that hold all the web pages and collate the stolen data – can be located anywhere.)
Password Attacks[
edit
|
edit source
]
Password attacks are when an entity tries to gain access to any particular systems by cracking or guessing the user’s password. These attacks are very prominent since, weak and easily known terms can be guessed as well as methods such as brute force can be carried out as raw processing power is readily available from high power computers available in the market. This type of attack works without any type of malicious software or code to run on the user’s system. These attacks are typically run on the hacker’s computers utilizing specialized software, hardware (such as GPUs), and methodologies to crack the end user’s password in order to gain access to said accounts.
Types of Password Attacks[
edit
|
edit source
]
Dictionary Attacks[
edit
|
edit source
]
Dictionary attacks are primarily based in two methodologies: generally common passwords and user specific keywords. Generally common passwords are passwords which people tend to use commonly. Due to the fact that many people reuse passwords and use generally simple passwords, lists of plaintext passwords have accrued over the course of decades of leaks. These plaintext passwords can then be hashed (and perhaps salted first) and compared to a password hash which was generated with an unknown password. Due to the likelihood that one has utilized an existing, common password, comparing the hashes of common passwords with unknown hashes can be quite effective. Among the plaintext dictionaries of passwords on the internet, rockyou.txt is perhaps one of the most famous. It originates from when the social application site RockYou was hacked in 2009, when the hacker leaked 32 million user accounts.
[6]
In the case of a hash not using a salt, one may use a dictionary of hashed passwords called a "rainbow table" in place of hashing common passwords themselves. This is much faster than dealing with plaintext dictionaries, but does not permit for any form of hybrid or combination attack. One may also use a plaintext wordlist which is made from targetted information about a victim such as their social security number, name, or date of birth. This information may be gathered from social engineering through phishing or vishing, open source intelligence techniques, or previous data breaches (including old plaintext passwords and personal details).
Brute Force Attacks[
edit
|
edit source
]
A brute force attack checks all of the permutations of a string of certain length, made of certain types of characters. Thus, these type of attacks require an enormous amount of time to complete as well as a lot of processing power. In addition to time and capability constraints, brute force attacks being done directly to a software system (such as brute forcing a website with hydra) are easily detectable and easy to mitigate. While uncomplicated passwords with a length of less than 8 are generally weak to brute force attacks, longer passwords become unmanageable, even for expensive password cracking rigs. Beyond this, it is uncommon to know exactly the length or characters that have gone into a password, so it is usually necessary to cycle through different password lengths.
Hybrid/Combinatorial Attacks[
edit
|
edit source
]
One of the most effective forms of password cracking is a hybrid or combinatorial attack. It is referred to as such due to its approach of combining wordlists and reasonable brute forcing techniques together to create likely, targeted hashes. Rather than utilizing only brute force or a single wordlist, it is possible with many advanced password cracking utilities, such as HashCat, to apply complex sets of rules and combinations to given input in order to create a likely password output. For example, by knowing that users typically add numbers or special characters to the very end of a password, or replace certain letters with numbers (such as o with zero), it is possible to take a given wordlist and apply rules to it to create likely alternatives to known, popular passwords. On top of this, it is possible to combine wordlists together to create wordlists with multiple words in each entry, such as cool and dog becoming cooldog. An example of combining complex, realistic rulesets with a targeted wordlist in popular media is demonstrated in the very first episode of Mr Robot, when the main character cracks the password of another character in the show. It ends up with the password being "Dylan_2791", the name of the character's favorite artist and the year of the character's birth backwards. By adding capitalization, reversing, and special character placement to a strong wordlist, one can form a deadly attack, obvious from the 24 second crack time of the aforementioned password.
[7]
Denial-of-Service(DOS) Attacks[
edit
|
edit source
]
A Denial-of-Service(DoS) attack inhibits the authorized users from accessing the system mostly by flooding the existing system with huge amounts of gibberish data/requests resulting in a blockage in the system. This attack overloads the system with an overwhelming quantity of data packets which is not anticipated by the server which results into a slowdown or a block.
[8]
This may result in a slow internet connection which may hamper the authorized user to access critical data like emails or files over FTP, etc. This may cause huge losses in both time and money. Such attacks are rarely used to hack systems from authorized users but there have been cases where such DoS attacks were deployed to lock down the network and gain access to the vulnerable firewalls. These attacks are not easy to identify as they may be easily be confused with a slower internet connection, etc. and may persist in an environment for as long as months.
Along with the regular DoS attacks, there is a different type of DoS attack called a Distributed Denial-of-Service(DDoS). This attack is very similar to a regular DoS attack in the sense that even they act as a slowdown by throwing an overwhelming amount of data packets at the target.
[8]
But, the basic distinction is that DDoS is much more efficient and dangerous since they operate from an entire affected network rather than from a single affected user. Hence, the DDoS is very difficult to dodge for any system since there is data coming in from multiple sources at the same time. Unlike other kinds of cyberattacks, DDoS assaults don't attempt to breach your security perimeter. Rather, they aim to make your website and servers unavailable to legitimate users. DDoS can also be used as a smokescreen for other malicious activities and to take down security appliances, breaching the target’s security perimeter. DDoS assaults often last for days, weeks, and even months at a time, making them extremely destructive to any online organization. Amongst other things, DDoS attacks can lead to loss of revenues, erode consumer trust, force businesses to spend fortunes in compensations, and cause long-term reputation damage. The differences between DoS and DDoS are substantive and worth noting. In a DoS attack, a perpetrator uses a single Internet connection to either exploit a software vulnerability or flood a target with fake requests—usually to exhaust server resources (e.g., RAM and CPU).
On the other hand, distributed denial of service (DDoS) attacks are launched from multiple connected devices that are distributed across the Internet. These multi-person, multi-device barrages are generally harder to deflect, mostly due to the sheer volume of devices involved. Unlike single-source DoS attacks, DDoS assaults tend to target the network infrastructure in an attempt to saturate it with huge volumes of traffic. DDoS attacks also differ in the manner of their execution. Broadly speaking, DoS attacks are launched using home-brewed scripts or DoS tools (e.g., Low Orbit Ion Canon), while DDoS attacks are launched from botnets — large clusters of connected devices (e.g., cell phones, PCs or routers) infected with malware that allows remote control by an attacker.
DoS Attack Categories[
edit
|
edit source
]
DoS attacks can be divided into two general categories:
1. Application layer attacks (a.k.a., layer 7 attacks) can be either DoS or DDoS threats that seek to overload a server by sending a large number of requests requiring resource-intensive handling and processing. Among other attack vectors, this category includes HTTP floods, slow attacks (e.g., Slowloris or
RUDY
) and
DNS query flood
attacks. Gaming website hit with a massive DNS flood, peaking at over 25 million packets per second The size of application-layer attacks is typically measured in requests per second (RPS), with no more than 50 to 100 RPS being required to cripple most mid-sized websites.
2. Network layer attacks (a.k.a., layer 3–4 attacks) are almost always DDoS assaults set up to clog the “pipelines” connecting your network. Attack vectors in this category include
UDP flood
,
SYN flood
,
NTP amplification
and
amplification
attacks, and more. Any of these can be used to prevent access to your servers, while also causing severe operational damages, such as account suspension and massive overage charges. DDoS attacks are almost always high-traffic events, commonly measured in gigabits per second (Gbps) or packets per second (PPS). The largest network layer assaults can exceed 200 Gbps; however, 20 to 40 Gbps are enough to completely shut down most network infrastructures.
HTTP Attack[
edit
|
edit source
]
What is an HTTP attack? HTTP flood attack is when an attacker overwhelms a server by sending in a huge amount of requests to the target server. Once the server is saturated and unable to respond to any more requests, DoS will occur when a user sends in an additional request.
HTTP flood attack is the OSI model layer 7 attacks. That is the application layer and this layer deals with internet protocols like HTTP. HTTP is commonly used to load browser website, and it is nerve-breaking to mitigate application-layer attacks since it is difficult to differentiate between normal user traffic versus malicious traffic. To maximize the effect of this attack, attackers usually create bots to leverage their timing of sending in the request at the same time. This results in overloading the server.
Working of HTTP Attacks[
edit
|
edit source
]
There are two types of HTTP flood attacks:
1. HTTP GET attack - Multiple users or bots tend to send a tremendous amount of requests to access some form of an asset from the target server. The request could be regarding accessing images, files, music, reports, and many more. Denial-of-Service is successful when the target server is inundated with the incoming traffic and is unable to process any more requests.
2. HTTP POST attack - Unlike the HTTP GET attack, the users send in forms in large quantities. The incoming forms are usually login or data forms that need to be pushed into a persistence layer. That persistence layer is usually a database where all the queries to run to process the data. That process is relatively intense compared to the bandwidth through which the forms are sent. This results in Denial-of-Services when the target website/server is unable to process any more forms.
Mitigating HTTP Attacks[
edit
|
edit source
]
HTTP attacks, as mentioned above, are dealt with in layer 7 of the OSI model. The application layer is complex and with that tremendous amount of traffic, it gets nerve-breaking to differentiate between normal users and the bots. Many attacks can be stopped by setting up JavaScript computational challenges such as captcha. These could be set up at login pages, sign-ups, and other kinds of forms too. Other way to mitigate HTTP attacks is to use a Web Application Firewall (WAF). WAF manages IP reputation and blocks the incoming malicious traffic on-the-fly.
Man in the Middle (MITM)[
edit
|
edit source
]
A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway. The goal of an attack is to steal personal information, such as login credentials, account details and credit card numbers. Targets are typically the users of financial applications, SaaS businesses, e-commerce sites and other websites where logging in is required. Information obtained during an attack could be used for many purposes, including identity theft, unapproved fund transfers or an illicit password change. Additionally, it can be used to gain a foothold inside a secured perimeter during the infiltration stage of an advanced persistent attack (APT) assault. Broadly speaking, a MITM attack is an equivalent of a mailman opening your bank statement, writing down your account details and then resealing the envelope and delivering it to your door.
A Standard Man in the Middle Attack
Man in the Middle Attack Progression[
edit
|
edit source
]
Successful MITM execution has two distinct phases: interception and decryption.
Interception[
edit
|
edit source
]
The first step intercepts user traffic through the attacker’s network before it reaches its intended destination. The most common (and simplest) way of doing this is a passive attack in which an attacker makes free, malicious WiFi hotspots available to the public. Typically named in a way that corresponds to their location, they aren’t password protected. Once a victim connects to such a hotspot, the attacker gains full visibility to any online data exchange. Attackers wishing to take a more active approach to interception may launch one of the following attacks:
· IP spoofing involves an attacker disguising himself as an application by altering packet headers in an IP address. As a result, users attempting to access a URL connected to the application are sent to the attacker’s website.
· ARP spoofing is the process of linking an attacker’s MAC address with the IP address of a legitimate user on a local area network using fake ARP messages. As a result, data sent by the user to the host IP address is instead transmitted to the attacker.
· DNS spoofing, also known as DNS cache poisoning, involves infiltrating a DNS server and altering a website’s address record. As a result, users attempting to access the site are sent by the altered DNS record to the attacker’s site.
· Eavesdropping attacks are when an attacker intercepts a victim’s network traffic as their sensitive data travels from the victim’s device to their intended destination. This is usually done through software that monitors the network traffic of the victim while they are connected to a weakly encrypted or unencrypted network like a public WI-FI hotspot.
[9]
Decryption[
edit
|
edit source
]
After the interception, any two-way SSL traffic needs to be decrypted without alerting the user or application. A number of methods exist to achieve this:
HTTPS spoofing sends a phony certificate to the victim’s browser once the initial connection request to a secure site is made. It holds a digital thumbprint associated with the compromised application, which the browser verifies according to an existing list of trusted sites. The attacker is then able to access any data entered by the victim before it’s passed to the application.
· SSL BEAST (browser exploit against SSL/TLS) targets a TLS version 1.0 vulnerability in SSL. Here, the victim’s computer is infected with malicious JavaScript that intercepts encrypted cookies sent by a web application. Then the app’s cipher block chaining (CBC) is compromised so as to decrypt its cookies and authentication tokens.
· SSL hijacking occurs when an attacker passes forged authentication keys to both the user and application during a TCP handshake. This sets up what appears to be a secure connection when, in fact, the man in the middle controls the entire session.
· SSL stripping downgrades a HTTPS connection to HTTP by intercepting the TLS authentication sent from the application to the user. The attacker sends an unencrypted version of the application's site to the user while maintaining the secured session with the application. Meanwhile, the user’s entire session is visible to the attacker.
Man in the Middle Attack Prevention[
edit
|
edit source
]
Blocking MITM attacks requires several practical steps on the part of users, as well as a combination of encryption and verification methods for applications.
For users, this means:
· Avoiding WiFi connections that aren’t password protected.
· Paying attention to browser notifications reporting a website as being unsecured.
· Immediately logging out of a secure application when it’s not in use.
· Not using public networks (e.g., coffee shops, hotels) when conducting sensitive transactions.
For website operators, secure communication protocols, including TLS and HTTPS, help mitigate spoofing attacks by robustly encrypting and authenticating transmitted data. Doing so prevents the interception of site traffic and blocks the decryption of sensitive data, such as authentication tokens. It is considered best practice for applications to use SSL/TLS to secure every page of their site and not just the pages that require users to log in. Doing so helps decreases the chance of an attacker stealing session cookies from a user browsing on an unsecured section of a website while logged in.'
Ransomware[
edit
|
edit source
]
Ransomware
is a type of malicious software from crypto virology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called crypto viral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. The earliest variants of ransomware were developed in the late 1980s, and payment was to be sent via snail mail. Today, ransomware authors order that payment be sent via cryptocurrency or credit card.
There are several different ways that ransomware can infect your computer. One of the most common methods today is through malicious spam, or malspam, which is unsolicited email that is used to deliver malware. The email might include booby-trapped attachments, such as PDFs or Word documents. It might also contain links to malicious websites.
Malspam uses social engineering in order to trick people into opening attachments or clicking on links by appearing as legitimate—whether that’s by seeming to be from a trusted institution or a friend. Cybercriminals use social engineering in other types of ransomware attacks, such as posing as the FBI in order to scare users into paying them a sum of money to unlock their files.
Another popular infection method, which reached its peak in 2016, is Malvertising. Malvertising, or malicious advertising, is the use of online advertising to distribute malware with little to no user interaction required. While browsing the web, even legitimate sites, users can be directed to criminal servers without ever clicking on an ad. These servers catalog details about victim computers and their locations, and then select the malware best suited to deliver. Often, that malware is ransomware.
Types of ransomware[
edit
|
edit source
]
There are three main types of ransomware, ranging in severity from mildly off-putting to Cuban Missile Crisis dangerous. They are as follows:
Scareware
Scareware, as it turns out, is not that scary. It includes rogue security software and tech support scams. You might receive a pop-up message claiming that malware was discovered and the only way to get rid of it is to pay up. If you do nothing, you’ll likely continue to be bombarded with pop-ups, but your files are essentially safe.
A legitimate cybersecurity software program would not solicit customers in this way. If you don’t already have this company’s software on your computer, then they would not be monitoring you for ransomware infection. If you do have security software, you wouldn’t need to pay to have the infection removed—you’ve already paid for the software to do that very job.
Screen lockers
Upgrade to terror alert orange for these guys. When lock-screen ransomware gets on your computer, it means you’re frozen out of your PC entirely. Upon starting up your computer, a full-size window will appear, often accompanied by an official-looking FBI or US Department of Justice seal saying illegal activity has been detected on your computer and you must pay a fine. However, the FBI would not freeze you out of your computer or demand payment for illegal activity. If they suspected you of piracy, child pornography, or other cybercrimes, they would go through the appropriate legal channels.
Encrypting ransomware
This is the truly nasty stuff. These are the guys who snatch up your files and encrypt them, demanding payment in order to decrypt and redeliver. The reason why this type of ransomware is so dangerous is because once cybercriminals get ahold of your files, no security software or system restore can return them to you. Unless you pay the ransom—for the most part, they’re gone. And even if you do pay up, there’s no guarantee the cybercriminals will give you those files back.
Notable Example of Ransomware:
1.
Reveton
2.
CryptoLocker
3.
Cryptowall
4.
Fusob
5.
WannaCry
6.
Petya
7.
Bad Rabbit
Drive-by Downloads[
edit
|
edit source
]
The term drive-by download gives us all the insights as to how a malware can infect the whole system when a user simply clicks on a website that runs the malicious code. There are various stages as to how this malware infects the system. The first stage is called the entry point as explained above. The second stage is called the distribution where some of the most trusted sites are compromised to redirect to the sites controlled by the hackers. The third stage is called the exploit stage where the browser succumbs to the exploit kit which lets the hackers know about the security vulnerability that it can easily attack.
[10]
The following stage is the infection stage where the hacker is well aware of the vulnerability point and it downloads the payload package which installs itself into the computer. The final stage is the execution of the downloaded program which is designed to make money for the masters.
[10]
Website Application Attacks[
edit
|
edit source
]
Web Attacks - Better known as Web application attacks in which an attacker exploits the vulnerabilities of a website’s code to steal personal or sensitive information from the website’s own databases through various methods.
[11]
SQL Injection Attacks[
edit
|
edit source
]
SQL or Structured Query Language is used in programming to allow the user to create, manipulate, and delete databases. Attackers usually take try to take advantage of a website that has a data input field, web form, or even a search bar. Normal users would generally input data like their name, phone, or identification number while on the other hand, an attacker uses the same input field and try to gain access to the website’s database by entering SQL prompts or queries. If the input field is not tested properly, this allows an attacker to execute specific SQL commands that can retrieve, change, or delete any information within the compromised database.
[12]
Types of SQL Injection Attacks[
edit
|
edit source
]
SQLi vulnerability is one of the oldest and most common types of web security issues. There are several types of SQL Injection Attacks:
# 1 In-band SQLi[
edit
|
edit source
]
This is the most simple and common type of SQL Injection. Through this, an attacker can use the same communication channel to execute the attack and gather information.
In-bank SQLi is further categorized in two common types of In-band SQLi attacks.
· Error-based SQLi
· Union-based SQLi
# 2 Inferential SQLi (Blind SQLi)[
edit
|
edit source
]
This attack is time-consuming and dangerous compared to the other SQL Injections. In this attack, an attacker is not able to see results on the web application but can rather communicate directly with the database and make changes to the database structure. Those changes are made using payloads and the results are seen as the web application responses to the database.
This attack is further categorized into two attacks:
· Content-based Blind SQL Injection
· Time-based Blind SQL Injection
# 3 Out-of-Band SQLi[
edit
|
edit source
]
This is not a very common type of SQL Injection. This attack depends on the features of the database server that the web application is using.
Cross-Site Scripting Attacks[
edit
|
edit source
]
Cross-Site Scripting (XSS) - Cross-Site Scripting is another web attack in which a potential attacker exploits the vulnerabilities of the website or web application. While SQL Injection is an attack that targets the website’s database, an XSS attack targets the users who visit these websites directly. Attackers achieve this by embedding malicious code or scripts on the website where a user will most likely interact with; the most common choice would be an input field. Once compromised, an attacker will have control over the victim’s browser. With it they can view the browser history, cookies could be stolen, impart trojans, remote control the victim’s computer, etc.
[13]
Safeguards[
edit
|
edit source
]
We live in an era, where cyber security is a momentous issue. Cybercrimes are becoming the new normal nowadays.so what makes you think that you will be spared by cyber criminals? we have suggested some steps to remember for the rest of your life to safe guard yourself from very common cyber-attacks. so, let’s get back to the original question?
How to protect yourself from cyber-attacks? or how to protect yourself online?
1. Instead of ‘Passwords’, Use ‘Passphrases’ for Different websites
Use different user ID/password combinations for different accounts and avoid writing them down. you can create more complicated passwords by combining letters, numbers, special characters (minimum 8 characters in total) and change them on a regular basis.
Using pass-phrases is a wonderful idea, sentences such as ILoveFacebookSoMuch are very hard to crack!
You probably don’t want to remember too many passwords for too many websites. You can create your own format for passwords. for example: yourname(xx)@websitename, where xx is any 2 digits random number
2. Secure your computer/laptop physically and by:
Activating your firewall
A Firewall works exactly as the name suggests. it monitors all the incoming and outgoing traffic towards your computer. If your antivirus doesn’t include a firewall, make sure you have windows firewall ‘Activated’.
3. Never upload your personal data ‘unencrypted’ to dropbox, google drive or any online file sharing services.
It takes not more than 5 minutes to encrypt a zip file or any single file such as a photo, video or a document with AES-256-bit encryption. But it saves you from getting your personal data leaked. And you can relax even if these big companies face a data breach. If using windows, use bit locker to encrypt hard disk drives with important data!
you may use this software to encrypt your files: https://www.aescrypt.com/download/
4. Crosscheck your Social-Media security settings
Make sure your social networking profiles (e.g. Facebook, Twitter, YouTube, google+ etc.) are set to private. Check your security settings. never post sensitive information about you online. Once it is on the Internet, it is there forever commenting on various website may show up after 2 years in google search result of your name try a google search for your name with double quotes. for example: http://bfy.tw/mnR
5. Do not procrastinate update installations (even the “installing 127 of 1204” ones)
Keep your applications and operating system (e.g. Windows, Mac, Linux) updated with the latest security updates. These updates are not just limited to adding new features to your system, but it comes with security patches for vulnerabilities in your operating system. keep common software’s /s such as flash player, Microsoft Office ‘up to date’ as they are widely used, hackers are always finding ways to exploit their vulnerabilities.
6. Wi-Fi-The most vulnerable network Ever!!
Always secure your Wi-Fi with secure password, WPA2 encryption, etc. Do NOT use public Wifi for transactions, if not properly configured, every wifi is vulnerable.
Review and modify default settings and passwords. Never use public wifi, if you have some personal /secret information in your personal/office laptop, they are vulnerable. Avoid conducting financial or corporate transactions on these networks.
7. Encrypt your data (Important)
Use encryption for your most sensitive files such as tax returns or financial records, make regular back-ups of all your important data, and store it in another location. Do not leave your credit card around that tempts children to use them.
[wpdevart_like_box profile_id=”792637984138412″ connections=” show” width=”300″ height=”150″ header=” small” cover_photo=”show” locale=”en_US”]
8. Secure your Mobile Devices Physically and Digitally.
Be aware that your mobile device is vulnerable to viruses and hackers. Take care of the security even though you download apps ONLY from ‘Google Play store’. Worst case scenario is getting your phone camera hacked and the hackers may steal the photographs which THEY took from your mobile.
9. Protect your e-identity, look for https://
Be cautious when giving out personal information such as your name, number, address or financial information on the Internet. Make sure that websites are secure and using https. The address will be look like this.
https://www.facebook.com.
https is essential for websites which involve financial transactions. it means the data you send and receive is encrypted.
make sure that you’ve enabled privacy settings (e.g. when accessing/using social networking sites).
10. Do NOT store your card details on websites
If a website insists for storing your credit card information, so that your transactions can be processed faster next time, back off! you will never want to find your credit card information if that website’s database is dumped on pastebin or ghostbin like websites. try searching for last 6 or 8 digits of your credit cards numbers in google with double quotes to make sure that your credit card info is not available on the internet.(it may be available in deepweb).
11. Got hacked??Call the right person/ lawyer / LEA for help
Don’t panic! If you are a victim, if you come to know about any illegal Internet content (e.g. child exploitation) or if you suspect a computer crime, identity theft or a financial scam, report that to respected law enforcement agency. If you have any problems with your personal computer, ask for help only to a trusted person or a certified technician.
12. Never Trust E-mails
Do not trust emails which offers prize money through lotteries of which you are not a participant. Similarly, don’t pay for the job works which you are not in correspondence through official channels. Don’t give your credit card number(s) and CVV numbers online unless the site is a secured and reputable site. Sometimes a tiny icon of a padlock appears to symbolize a higher level of security but it may be just an image. This icon is not a guarantee of a secure site, but might provide you some assurance.
13. Do not share a code received accidentally via 2 step verifications!
Enable 2 step verification. In addition to entering your password, you are also asked to enter a verification code sent via SMS to your phone (if logged in from an unusual device). So a hacker might crack your password, stealing your password may be an easy task for some hackers, but hacking into your android and read the OTP /security code sent via SMS can be a tough job. Hackers might try to get that code from you using social engineering. But don’t forward that code to anyone.
14. Ignore pop-ups, drive-by downloads while Surfing
Pop-ups are another challenge to cyber security, they can contain malicious software which can trick a user into verifying something. If you download software setup file which can’t have a 1.2 MB size. Then you should check for the file name and source of it. This is known as a drive-by download. Always ignore pop-ups offering things like site surveys on e-commerce sites, as they are sometimes where the malicious code is.
15. Review your credit card statements
Even after taking care of these, make sure you are not already being hacked! look for your credit card /bank statements. Don’t ignore even if a small amount is deducted suspiciously, report that.it may be part of a salami attack.in which small fraction of money is stolen from millions of people.
Share these tips, and comment here to add some extras! we are looking forward to add new tips to this article.
Types of Cyber Criminals[
edit
|
edit source
]
Who are cyber criminals?[
edit
|
edit source
]
Before diving into the types of cybercriminals, we must be able to recognize who are they? A cybercriminal could be groups or individuals who commit crimes which means they break the law. Many people would think that all hackers are criminals, that is not true. There are two general types of hackers, good hackers who work with the originations in order to detect vulnerabilities that exist in their systems and improve their protection, an example of good hackers is White Hat. The other type of hackers is individuals who are breaking into a computer or devises without any permission from the owner to cause harm, an example of bad hackers Black Hat. After understanding the different types of crimes and attacks. In this section, we will introduce the most common types of cybercriminals.
Black Hat[
edit
|
edit source
]
The most popular type of cybercriminals is Black Hat. Black Hat is the group responsible for bad images about hackers. This group exploits to any system for a negative intention. They have different reasons for attacking such as change public databases, stealing credit card information, this group is looking for fame or gain money through exploiting the vulnerability in the internet framework
[14]
. This group committed many cybercrimes such as robbed banks and invaluable private data.
Identity Thieves[
edit
|
edit source
]
Identity thieves could be individuals or groups of people who are trying to steal personal information such as address, phone numbers, social security numbers, and credit card numbers. They utilize this data to impersonating their victims in order to make a money transaction. This kind of cybercriminals is one of the oldest cybercrimes
[15]
.
Cyber Terrorism[
edit
|
edit source
]
Cyber Terrorism is a cyberattack that has been developed for a political reason in order to steal or/and corrupt government or corporate computers and network data. As a result, this attack could make damage businesses, countries, and organizations. The fundamental difference between a cyber-attack and cyber terrorism is that cyber terrorism is politically supported while cyber-attack is just a group of people who attempt to gain money utilizing illegal methodology
[15]
.
Internet Stalkers[
edit
|
edit source
]
Internet Stalkers are individuals who are monitoring their victims’ activities on the internet in order to terrorize and/or acquire personal information. This kind of cybercrime occurs by utilizing social network platforms and malware. There are many different reasons for doing this kind of cybercrimes, the main two reasons are bribery, slander, or both
[15]
.
Script kiddies[
edit
|
edit source
]
These kinds of hackers can be anyone who is encouraged by the urge of immaturity to become a wannabe hacker. They have less technical knowledge and urge to run the scripts which have been pre-compiled so that there will be disturbances in the software.
[16]
They lack the technical expertise to even understand what the software was meant to work for which lets them hack the systems which are very weakly secured.
Scammers[
edit
|
edit source
]
These are the daily scamming emails that we come across. Whenever we have to login to our email inbox we receive probably more emails from the scammers which offer different proposals for discounted trips or medicines, timeshares or personal ads.
Spammers[
edit
|
edit source
]
They are not direct criminals but commit the crime of wasting one's time. Spammers flood the email inbox with ads and everything gibberish possible. They are not dangerous in any particular way but they are always considered to be annoying and time-consuming.
[16]
Spammers are even responsible for bringing in a real financial cost by bringing in the necessity to install expensive and unstable anti-spam technologies.
Hacker activist groups[
edit
|
edit source
]
They are often called as the 'Hacktivists'. They can be considered as petty criminals who always are on the try to prove their destructive behavior wherein they steal confidential information and release it publicly. They generally work anonymously and are responsible for creating tools that makes the hacking easier.
[16]
Phishers[
edit
|
edit source
]
The most prominent example of such activities are when we receive notification about our account expiring and where we have to update our information. This is not really the case. It's all the activities of the phisher to extract personal information or the identity. There has been survey about this which says that there are around 20,000 to 30,000 phishing websites found every month.
Political/Religious/Commercial groups[
edit
|
edit source
]
These groups can be categorized into the ones which do not aim at financial gain. They generally aim at developing malware for political success. One of the finest examples of such a malware is Stuxnet! This malware was found in Iran’s atomic program but it was believed to be originated from some foreign government.
[16]
These can not be thought as harmless as they can have losses on the political, religion or commercial level.
Professional Cybercriminals[
edit
|
edit source
]
These kind of people are the most dangerous ones as they have the proper technical expertise and know what they want to harm and how to harm. These are a group which can consist of technologists who have turned themselves into cybercriminals. They do the most damage to government, financial institutions or e-commerce businesses. They can be responsible for the most number of crimes than the rest combined.
Reason for Attacks[
edit
|
edit source
]
Traditionally, mitigation efforts for cyber-attacks have been focused on securing systems and monitoring network traffic for malicious activity; recently, however, researchers have recognized that understanding the social, political, economic, and cultural (SPEC) conflicts that motivate cyber-attacks may enhance mitigation strategies
[17]
.
Political[
edit
|
edit source
]
Political cyber-attacks can be committed by an individual actor, political group — e.g., extremist groups —, or a state. The motivations for these attacks can be diverse and complicated but can be broken down into basic categories. Researchers out of the University of Nebraska have created the following categories for politically motivated attacks not committed by a state: protests against political actions, protests against laws or public documents, and outrage against acts related to physical violence
[18]
.
· Protests Against Political Actions: This category is primarily comprised of attacks in response to certain political actions or positions taken by governments, politicians, corporations, or special interest groups. A common example of this kind of attack is the defacing of political candidates' websites by individuals or groups that disagree with the candidates' policy stances, but these attacks may be as serious as the 1998 attack on India’s Bhabha Atomic Research Center(BARC) by anti-nuclear activists.
· Protests Against s or Public Documents: These attacks are typically a response to the passing of an unpopular law. Upon the passing of the Communications Decency Act in 1996, several protesters were involved in repeatedly deleting the content of the law off the United States Department of Justice's website.
· Outrage Against Acts Related to Physical Violence: This is the largest and most common category of politically-motivated cyber-attacks, and is closely associated with extremist groups. These attacks are motivated by acts of violence — typically committed by a government — and are meant to be retaliatory. Attacks on military infrastructure by anti-war protestors, attacks on government infrastructure by extremist groups such as ISIL, etc. all fall into this category. In 1990, Chinese hackers attacked U.S. government sites in response to the purportedly accidental bombing of a Chinese embassy.
Social and Cultural[
edit
|
edit source
]
Socially-motivated cyber-attacks typically stem from socio-cultural conflict, which within a culture tends to stem from competition between individuals or groups over incompatible goals, scarce resources, or power. Conflicts between different cultures — cross-cultural conflict — such as the Israeli-Palestinian or Taiwanese-Chinese conflicts can also spawn socially motivated cyber-attacks
[19]
Economic[
edit
|
edit source
]
Economically-motivated attacks can be motivated by the economic situation of the attacker — in the same capacity that someone may rob a gas station if they are broke — or by individuals', nations', or groups' frustration with governments or perceived corporate greed. The former includes attacks on financial institutions, ransom-ware attacks, or phishing for individual consumers' banking information, and typically aims to leverage some form of economic gain for the attacker, while the latter includes attacks on stock markets, corporations, and other global financial institutions for the sake of doing damage. The former is more common amongst individuals, while the latter is commonly perpetrated by groups or governments
[20]
.
Espionage attacks are often split between the political and economic categories, but tend to be grouped with the latter. These attacks are typically committed by states, with the target being other states, and garner useful scientific, strategic, or economic information. Prior examples of this kind of attack include the 2003 Titan Rain incident, where Chinese actors successfully accessed government databases in the United States and United Kingdom, including N.A.S.A.'s, and procured aviation vehicle designs and flight-planning software
[21]
.
Impact on [
edit
|
edit source
]
The downtime caused by attacks may harm the business's productivity, revenue, financial performance, and damage the companies reputation. The impact on business may range from low to extreme impact. For example, downtime that has a minor impact on business may mean that a minimal amount of systems are affected. While on the other side of the coin is the extreme impact on business, the company's future is at stake, and the cost of recovery is inconsequential. The following is a list of the costs of downtime:
· Cash flow: The day to day cash flow would come to a halt if the company is heavily reliant on computer systems to perform business processes.
· Loss of reputation: For companies that provide critical services, downtime of their services can significantly damage their relationship with their customers and supporters.
· Stock price: A prolonged downtime can have a negative effect on a companies stock prices especially if this downtime is frequent.
· Loss of future earnings: A halt on production along with an unfavorable reputation can affect potential customers as well as current customers which then leads to a loss of future earnings.
· Legal Impacts: Some companies may have legal and regulatory responsibilities tied to their services. A breach can inadvertently cause a company to become uncompliant with some of these regulations.
· Industry Specific: In some industries such as the healthcare industry, downtime can affect something as crucial as patient lives.
A company can perform a Impact Analysis (BIA) to determine and evaluate these risks in the case of an attack and be better prepared for them. While downtime can become the main priority for a company, the next steps are to ensure that their system's security are more robust than they were before. The response and repairs of attacks can become costly for companies. This is the case regardless of how major or minor the attack is. If any vulnerabilities are found it is expected to have these vulnerabilities mitigated. The following is a list of possible costs of attack response:
· Hiring third-party businesses to identify risks and create security protocols or customizable solutions.
· Regular testing and monitoring.
· Buying protective software/hardware (eg. Antivirus).
· Upgrading systems or overhauling procedures.
Prevention and Detection[
edit
|
edit source
]
Prevention[
edit
|
edit source
]
Firewall
There are many tools to prevent a cybercrime from happening. A firewall guards the company's network from outside intrusion, and prevents employees from accessing prohibited sites. Intrusion prevention systems prevent attacks by blocking viruses and other threats from getting into the network. Antivirus software prevents viruses from infecting a computer by scanning for virus signatures. For antivirus to be effective it must be up-to-date and uniformly deployed across the enterprise.
Detection[
edit
|
edit source
]
Intrusion protection system is software or hardware that monitors system resources. It identifies possible intrusions into the system from either within or outside of the organization. There are three types of intrusion systems:
· NIDS (Network Intrusion Detection System) identifies intrusions through network traffic and monitors multiple hosts.
· HIDS (Host-based Intrusion Detection System) identifies intrusions by reviewing host activities.
· SIDS (Stack-based Intrusion System) examines packets as they pass through the TCP/IP stack.
Security Audit[
edit
|
edit source
]
A company's network is a means of communication and sharing of information. However it comes under attack everyday by professional or novice hackers with intention to use company information or databases for their own fortune. But it is not compromised only by external individuals but also sometimes by personnel present in the company.
Audits in cybersecurity are an essential measurement of information security compliance. An audit helps measure the confidentiality, integrity and availability of information in an organization. An information system audit helps ensure the effective, efficient, secure and reliable operation of the information technology that is critical to an organization's success. An audit will determine the areas of improvement for security of information. Audits are done to ensure the organization has implemented controls and that they are effective.
In any given audit, the auditor should have a good understanding of the internal controls already in place. This helps the auditor determine the tests that they would be performing. The auditor should be aware of any factors that can affect their audit. For a successful audit to take place, there are many things the auditor should obtain an understanding of. These include the control environment, the risk assessment process, the information system, the control activities, and the monitoring of internal control. There are a number of steps that need to be performed in order to complete a security audit. For example:
1. Define audit
2. Define possible threats
3. Discussion (interviews)
4. Technical Investigation
5. Report Presentation
6. Post Audit Actions and Recommendations
Types of Audits[
edit
|
edit source
]
Self Audit (Informal Audit): Every company has few servers providing services to the company. To monitor these processes every company develops some type of self-audit process to follow on a regular basis. Some companies have software to monitor all the process and then register entire logs to be evaluated later by professionals. Based on these audit results if a bad or incorrect event is detected, you can even have the event undone and the initiator’s account even locked out. The collectors will send all the daily logs to a consolidator once a day where you will be able to create numerous reports and graphs surrounding your security events. You can also use this for trends and analysis.
Information Technology Audits The purpose of an internal audit is to provide operations management with an independent review of the adequacy and effectiveness of the operations’ internal controls.The IT audit is basically external auditing in which external auditors will be hired to perform all the required auditing operations. These auditors contact the internal auditing department and make their auditing requirements known to the company. At the conclusion of the audit, an oral and written report are conducted with the management. At this time the company must plan actions to take in response to the report or decide whether they wish to assume the risks involved. Once auditing is done and the report is presented, all the concerned individuals should meet to discuss what next steps are required to ensure the safety of the company's assets.
References[
edit
|
edit source
]
1.
↑
Tavani, Herman T. Ethics and Technology: Controversies, Questions, and Strategies for Ethical Computing. Wiley, 2016.
2.
↑
Cyberbullying. (2017). Funk & Wagnalls New World Encyclopedia, 1p. 1.
3.
↑
TLP White, "An introduction to Malware" Page 4 accessed 4/26/2016 at
https://www.cert.gov.uk/wp-content/uploads/2014/08/An-introduction-to-malware.pdf
4.
↑
Gunter Ollmann, "The Phishing Guide" Strategy IBM Internet Security Systems Page 20 accessed 4/26/2016 at
http://www-935.ibm.com/services/us/iss/pdf/phishing-guide-wp.pdf
5.
↑
“What Is Whaling? - Definition from Techopedia.” Techopedia.com at
https://www.techopedia.com/definition/28643/whaling/
6.
↑
RockYou Hack: From Bad To Worse at
https://techcrunch.com/2009/12/14/rockyou-hack-security-myspace-facebook-passwords/
7.
↑
What Mr. Robot can teach us all about security at
https://www.kaspersky.com/blog/mr-robot-safety-tips/19713/
8. ↑ Jump up to:
a
b
Qijun Gu and Peng Liu, "Denial of Service Attacks" Texas State University & Pennsylvania State University Page 4 accessed 4/26/2016 at
https://s2.ist.psu.edu/paper/ddos-chap-gu-june-07.pdf
9.
↑
Frankenfield, Jake. “Eavesdropping Attack.” Investopedia, Investopedia, 12 Mar. 2019 at
https://www.investopedia.com/terms/e/eavesdropping-attack.asp/
10. ↑ Jump up to:
a
b
Tom's Guide Staff “Drive-By Downloads: How They Attack and How to Defend Yourself” (March 06, 2014) accessed 4/25/2016 at
http://www.tomsguide.com/us/driveby-download,news-18329.html
11.
↑
“Web Application Attack: What Is It and How to Defend against It?” Acunetix at
https://www.acunetix.com/websitesecurity/web-application-attack/
12.
↑
“Sql Injection: Vulnerabilities & How To Prevent Sql Injection Attacks.” Veracode, 25 Apr. 2019, at
https://www.veracode.com/security/sql-injection/
13.
↑
“Cross-Site Scripting (XSS) Tutorial: Learn About XSS Vulnerabilities, Injections and How to Prevent Attacks.” Veracode, 18 Apr. 2019 at
https://www.veracode.com/security/xss/
14.
↑
BestIPHider. (2019, February 21). BLACK HAT HACKER: EVERYTHING YOU SHOULD KNOW. Retrieved from BestIPHider:
https://bestiphider.com/types-of-hackers/black-hat-hacker/
15. ↑ Jump up to:
a
b
c
Norwich University Online (2017, February 13). Who Are Cyber Criminals? Retrieved from Norwich University Online:
https://online.norwich.edu/academic-programs/resources/who-are-cyber-criminals
16. ↑ Jump up to:
a
b
c
d
John, Edwards “The top 10 kinds of Cybercriminals” (September 2007) accessed 4/26/2016 at
http://www.itsecurity.com/features/top-10-cybercriminals-091007/
17.
↑
Kumar, Sumeet. "Approaches to Understanding the Motivations Behind Cyber Attacks." Department of Electrical and Computer Engineering, Carnegie Mellon University, 2013. Accessed 26 April 2020 at
http://casos.cs.cmu.edu/publications/papers/2016ApproachestoUnderstanding.pdf
. Invalid tag; name “kumar” defined multiple times with different content
18.
↑
Ghandi et al. “Dimensions of Cyber-Attacks: Cultural, Social, Economic, and Political.” University of Nebraska, 07 March 2011. Accessed 26 April 2020 at
https://www.academia.edu/21848823/Dimensions_of_Cyber-Attacks_Cultural_Social_Economic_and_Political
. Invalid tag; name “ghandi” defined multiple times with different content
19.
↑
Ghandi et al. “Dimensions of Cyber-Attacks: Cultural, Social, Economic, and Political.” University of Nebraska, 07 March 2011. Accessed 26 April 2020 at
https://www.academia.edu/21848823/Dimensions_of_Cyber-Attacks_Cultural_Social_Economic_and_Political
.
20.
↑
Konraadt et al. “Phishing: An economic analysis of cybercrime perpetrators.” Computers & Security, Volume 58, May 2016. Accessed 26 April 2020 at
https://www.sciencedirect.com/science/article/pii/S0167404815001844
. Invalid tag; name “konraadt” defined multiple times with different content
21.
↑
“Titan Rain.” Council on Foreign Relations. Accessed 26 April 2020 at
https://www.cfr.org/interactive/cyber-operations/titan-rain
.
tag defined in
New References:
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
1.
↑
Malware 101 : What is a Virus?? at
https://us.norton.com/internetsecurity-malware-what-is-a-computer-virus.html
2.
↑
Computer Worm, Margaret Rouse Computer Worm?? at
https://searchsecurity.techtarget.com/definition/worm
3.
↑
Trojan Horse, Margaret Rouse-Trojan Horse at
https://searchsecurity.techtarget.com/definition/Trojan-horse
4.
↑
MITM, Man in the Middle Attack (MITM) at
https://www.incapsula.com/web-application-security/man-in-the-middle-mitm.html
5.
↑
DDoS, Distributed Denial of service (DDoS) at
https://www.incapsula.com/ddos/denial-of-service.html
6.
↑
Ransomware, Ransomware – What is it all about? at
7.
↑
RockYou Hack: From Bad To Worse at
8.
↑
What Mr. Robot can teach us all about security at
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.
Read moreEach paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.
Read moreThanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.
Read moreYour email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.
Read moreBy sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.
Read more