UNIT1

Scan
Scan to
to open
open on
on
Studocu
S tudocu
 ❖ Introduction To Cyber-Crime
Cybercrime or a computer-oriented crime is a crime that includes a computer and a network.
The computer may have been used in the execution of a crime or it may be the target.
Cybercrime is the use of a computer as a weapon for committing crimes such as committing
fraud, identity theft, or breaching privacy.
Cybercrime encloses a wide range of activities, but these can generally be divided into two
categories:
• Crimes that aim at computer networks or devices. These types of crimes involve
different threats (like virus, bugs etc.) and denial-of-service (DoS) attacks.
• Crimes that use computer networks to commit other criminal activities. These types
of crimes include cyber stalking, financial fraud or identity theft.

Origin of the word cybercrime

"cyber" means computer and "crime" means something unfair and illegal,

Who are called as cyber criminal?

Cybercriminals hack and infiltrate computer systems with malicious intent, while hackers only
seek to find new and innovative ways to use a system, be it for good or bad.

Classification of Cyber Crime:

1. Cyber Terrorism –
Cyber terrorism is the use of the computer and internet to perform violent acts that result
in loss of life. This may include different type of activities either by software or hardware
for threatening life of citizens. In general, Cyber terrorism can be defined as an act of
terrorism committed through the use of cyberspace or computer resources.
2. Cyber Extortion –
Cyber extortion occurs when a website, e-mail server or computer system is subjected to
or threatened with repeated denial of service or other attacks by malicious hackers. These
hackers demand huge money in return for assurance to stop the attacks and to offer
protection.

()
3. Cyber Warfare –
Cyber warfare is the use or targeting in a battle space or warfare context of computers,
online control systems and networks. It involves both offensive and defensive operations
concerning to the threat of cyber attacks, espionage and sabotage.
4. Internet Fraud –
Internet fraud is a type of fraud or deceit which makes use of the Internet and could
include hiding of information or providing incorrect information for the purpose of
deceiving victims for money or property. Internet fraud is not considered a single,
distinctive crime but covers a range of illegal and illicit actions that are committed in
cyberspace.
5. Cyber Stalking –
This is a kind of online harassment wherein the victim is subjected to a barrage of online
messages and emails. In this case, these stalkers know their victims and instead of offline
stalking, they use the Internet to stalk. However, if they notice that cyber stalking is not
having the desired effect, they begin offline stalking along with cyber stalking to make
the victims’ lives more miserable.

Challenges of Cyber Crime:

• People are unaware of their cyber rights-
Cybercrime usually happen with illiterate people around the world who are unaware
about their cyber rights implemented by the government of that particular country.
• Anonymity-
Those who Commit cyber-crime are anonymous for us so we cannot do anything to
that person.
• Less numbers of case registered-
Every country in the world faces the challenge of cyber-crime and the rate of cyber
crime is increasing day by day because the people who even don’t register a case of
cyber crime and this is major challenge for us as well as for authorities as well.

()
 • No harsh punishment-
In Cyber crime there is no harsh punishment in every cases. But there is harsh
punishment in some cases like when somebody commits cyber terrorism in that case
there is harsh punishment for that individual. But in other cases there is no harsh
punishment so this factor also gives encouragement to that person who commits cyber
crime.

Prevention of Cyber Crime:

Below are some points by means of which we can prevent cyber crime:
• Use strong password –
Maintain different password and username combinations for each account and resist
the temptation to write them down. Weak passwords can be easily cracked using
certain attacking methods like Brute force attack, Rainbow table attack etc, So make
them complex. That means combination of letters, numbers and special characters.
• Use trusted antivirus in devices –
Always use trustworthy and highly advanced antivirus software in mobile and
personal computers. This leads to the prevention of different virus attack on devices.
• Keep social media private –
Always keep your social media accounts data privacy only to your friends. Also make
sure only to make friends who are known to you.
• Keep your device software updated –
Whenever you get the updates of the system software update it at the same time
because sometimes the previous version can be easily attacked.
• Use Secure Network–
Public Wi-Fi are vulnerable. Avoid conducting financial or corporate transactions on
these networks.
• Never open attachments in spam emails –
A computer gets infected by malware attacks and other forms of cybercrime is via
email attachments in spam emails. Never open an attachment from a sender you do
not know.
• Software should be updated –
Operating system should be updated regularly when it comes to internet security. This
can become a potential threat when cybercriminals exploit flaws in the system.
 ❖ Global Perspective on Cybercrimes
Cybercrime is a growing global issue that affects individuals, businesses, and governments
around the world. Cybercrime is a term used to describe criminal activities that are committed
using computers or the internet. This can include activities such as hacking, phishing, malware
distribution, online fraud, and identity theft, among others. In this answer, we will provide a
global perspective on cybercrime, including its impact, prevalence, and prevention.
Impact of Cybercrime:
The impact of cybercrime can be significant, both in terms of financial losses and damage to
reputation. According to a report by the Center for Strategic and International Studies, the
global cost of cybercrime was estimated to be around $600 billion in 2017. This includes costs
associated with stolen assets, lost productivity, and recovery from attacks. In addition to
financial losses, cybercrime can also result in damage to reputation, loss of intellectual
property, and disruption of critical infrastructure.
Prevalence of Cybercrime:
Cybercrime is a widespread issue that affects individuals, businesses, and governments around
the world. The number of cyber attacks has been steadily increasing over the years, with some
estimates suggesting that there are around 300,000 new malware samples being detected every
day. According to the 2020 Cost of Cybercrime Study by Accenture, the average number of
security breaches experienced by organizations increased by 11% between 2018 and 2019.
Cybercrime is also becoming more sophisticated, with the emergence of new threats such as
ransomware and advanced persistent threats (APTs).
Prevention of Cybercrime:
Preventing cybercrime requires a multi-faceted approach that includes both technical and non-
technical measures. Technical measures may include implementing strong passwords, using
encryption, regularly updating software and hardware, and using anti-malware software. Non-
technical measures may include raising awareness about cyber threats and providing training
to individuals and organizations on how to prevent and respond to cyber attacks. Governments
can also play a role in preventing cybercrime by enacting laws and regulations that deter cyber
criminals and hold them accountable for their actions.
In conclusion, cybercrime is a growing global issue that requires a concerted effort from
individuals, businesses, and governments to prevent and mitigate its impact. By raising
awareness about the risks of cybercrime and implementing effective prevention measures, we
can help to ensure that the internet remains a safe and secure place for everyone.

()
 ❖ Cybercrime Era: Survival Mantra for the Netizens

The 5P netizen mantra for online security is:

1) Precaution,
2) Prevention,
3) Protection,
4) Preservation
5) Perseverance.
These five "P's" — Precaution, Prevention, Protection, Preservation, and Perseverance —
represent a holistic approach to online security and overall resilience in the digital world. Let’s
explore each one in detail:
1. Precaution
• Act Before Threats Arise: Precaution is about anticipating risks and taking proactive
steps to safeguard against them. This includes being cautious about sharing personal
information, clicking on unfamiliar links, and downloading unknown files.
• Examples:
o Regularly update your privacy settings on social media.
o Use multi-layered authentication methods.
o Be cautious of unsolicited communications, particularly phishing attempts.
2. Prevention
• Stop Threats Before They Happen: Prevention involves putting measures in place to
minimize the chance of security incidents. It focuses on blocking threats from even
reaching your systems or data.
• Examples:
o Installing firewalls and antivirus software.
o Keeping software and systems patched and updated to close known
vulnerabilities.
o Educating yourself on the latest cyber threats to avoid risky behavior.
3. Protection
• Secure Your Digital Assets: Protection is about shielding your data, devices, and online
presence from harm. This involves using tools and practices to ensure ongoing security,
even when prevention fails.
• Examples:
o Encrypting sensitive files and communications.
o Using strong passwords and 2FA (Two-Factor Authentication) for all critical
accounts.
o Setting up secure backups in case of data loss or a cyberattack.
4. Preservation
• Maintain Integrity and Availability: Preservation focuses on maintaining the integrity,
availability, and longevity of your data and digital systems. It’s about ensuring your data
()
 remains safe and accessible, even in the face of potential attacks or mishaps.
• Examples:
o Regularly backing up your data to external drives or cloud services.
o Implementing redundancy for important systems to prevent downtime.
o Preserving the authenticity of your data by regularly checking for tampering or
unauthorized changes.
5. Perseverance
• Stay Resilient and Adapt: Perseverance is about maintaining a mindset of ongoing
vigilance and resilience. Cyber threats evolve, and it’s essential to stay committed to
security efforts over the long term, learning from incidents and adapting strategies as
needed.
• Examples:
o Continuously improving your cybersecurity practices based on new threats and
experiences.
o Staying updated with the latest trends and tools in cybersecurity.
o Remaining persistent in monitoring and managing your security posture, even
when no immediate threats are apparent.
o

Holistic Approach to Cybersecurity:

• Precaution prepares you for potential threats.
• Prevention blocks threats before they occur.
• Protection shields your assets when prevention isn't enough.
• Preservation ensures that data remains intact and accessible.
• Perseverance reminds you to stay vigilant and adaptable in the ever-changing digital
landscape.
Together, these "5 P's" create a comprehensive approach to surviving and thriving in the face of
modern cyber threats.

❖ What is cyber offense in cyber security?

Cyber offences are the illegitimate actions, which are carried out in a classy manner where
either the computer is the tool or target or both. Cyber-crime usually includes the following −
Unauthorized access of the computers. Data diddling. Virus/worms attack.

SECTION OFFENCE PUNISHMENT BAILABILITY AND

CONGIZABILITY
65 TAMPERING WITH COMPUTER SOURCE IMPRISONMENT UPTO 3 OFFENCE IS BAILABLE,
DOCUMENTS YEARS, OR/ AND WITH COGNIZABLE AND
FINE UPTO RS 2,00,000 /- TRIABLE BY COURT OF
JMFC
66 HACKING WITH COMPUTER SYSTEM IMPRISONMENT UPTO 3 OFFENCE IS BAILABLE,
YEARS, OR/ AND WITH COGNIZABLE
FINE UPTO RS 5,00,000 /-
66A SENDING OFFENSIVE MESSAGES IMPRISONMENT UPTO 3 OFFENCE IS BAILABLE,
THROUGH COMMUNICATION SERVICE YEARS, OR/ AND WITH COGNIZABLE AND
ETC. FINE. TRIABLE BY COURT OF
JMFC
66B RECEIVING STOLEN COMPUTER OR IMPRISONMENT UPTO 3 OFFENCE IS BAILABLE,
COMMUNICATION DEVICE. YEARS, OR/ AND WITH COGNIZABLE AND
FINE UPTO RS 1,00,000 /- TRIABLE BY COURT OF
JMFC
66C USING PASSWORD OF ANOTHER PERSON IMPRISONMENT UPTO 3 OFFENCE IS BAILABLE,
(IDENTITY THEFT) YEARS, OR/ AND WITH COGNIZABLE AND
FINE UPTO RS 1,00,000 /- TRIABLE BY COURT OF
JMFC
66D CHEATING USING CMPUTER RESOURCE IMPRISONMENT UPTO 3 OFFENCE IS BAILABLE,
YEAR, OR/ AND WITH COGNIZABLE AND
FINE UPTO RS 1,00,000 /- TRIABLE BY COURT OF
JMFC
66E PUBLISHING PRIVATE IMAGES OF OTHERS IMPRISONMENT UPTO 3 OFFENCE IS BAILABLE,
YEARS, OR/ AND WITH COGNIZABLE AND
FINE UPTO RS 2,00,000 /- TRIABLE BY COURT OF
JMFC
66F ACT OF CYBER TERRORISM IMPRISONMENT UPTO OFFENCE IS NON-
LIFE BAILABLE,COGNIZABLE
AND TRIABLE BY COURT
OF SESSIONS
67 PUBLISHING INFORMATION WHICH IS IMPRISONMENT UPTO 5 OFFENCE IS BAILABLE,
OBSCENE IN ELECTRONIC FORM YEARS, OR/ AND WITH COGNIZABLE AND
FINE UPTO RS 10,00,000 /- TRIABLE BY COURT OF
JMFC
67A PUBLISHING IMAGES CONTAINING IMPRISONMENT UPTO 7 OFFENCE IS NON-
SEXUAL ACTS YEARS, OR/ AND WITH BAILABLE,COGNIZABLE
FINE UPTO RS 10,00,000 /- AND TRIABLE BY COURT
OF JMFC
67B PUBLISHING CHILD PRON OR PREDATING IMPRISONMENT UPTO 5 OFFENCE IS NON-
CHILDREN ONLINE YEARS, OR/ AND WITH BAILABLE,COGNIZABLE
FINE UPTO RS 10,00,000 /- AND TRIABLE BY COURT
ON FIRST CONVICTION. OF JMFC
IMPRISONMENT UPTO 7
YEARS, OR/ AND WITH
FINE UPTO RS 10,00,000 /-
ON SECOND
CONVICTION
67C INTERMEDIAY INTENTIONALLY OR IMPRISIONMENT UPTO 3 OFFENCE IS BAILABLE
KNOWINGLY CONTRAVENING THE YEARS AND FINE. AND COGNIZABLE
DIRECTIONS ABOUT PRESERVATION AND
RETENTION OF INFORMATION
68 FAILURE TO COMPLY WITH THE IMPRISIONMENT UPTO 2 OFFENCE IS BAILABLE
DIECTIONS GIVEN BY CONTROLLER YEARS, OR/AND WITH AND NON-COGNIZABLE
FINE UPTO RS 100,000
69 FAILURE TO ASSIST THE AGENCY IMPRISIONMENT UPTO 7 OFFENCE IS NON-
REFERRED TO IN SUB SECTION (3) YEARS AND WITH FINE BAILABLE, COGNIZABLE
INREGARD INTERCEPTION OR
MONITORING OR DECRYOTING OF SNY
INFORMATION THROUGH ANY COMPUTER
RESOURCE
69A FAILURE OF THE INTERMDIARY TO IMPRISIONMENT UPTO 7 OFFENCE IS NON-
COMPLY WITH THE DIRECTION ISSUED YEARS AND WITH FINE BAILABLE, COGNIZABLE
FOR BLOCKING FOR PUBLC ACCESS OF
ANY INFORMATION THROUGH ANY
COMPUTER RESOURCE
69B INTERMEDIARY WHO INTENTIONALLY OR IMPRISIONMENT UPTO OFFENCE IS BAILABLE,
KNOWINGLY CONTRAVENES THE 73YEARS AND WITH COGNIZABLE
PROVISION OF SUB SECTION (2) IN FINE
REGARD MONITOR AND COLLECT
TRAFFIC DATA OR INFORMATION
THROUGH ANY COMPUTER RESOURCE
FOR CYBERSECURITY

()
70 SECURING ACCESS OR ATTEMPTING TO IMPRISONMENT UPTO 10 OFFENCE IS NON-
SECURE ACCESS TO A PROTECTED YEARS, OR/ AND WITH BAILABLE, COGNIZABLE
SYSTEM FINE.
70B INDIAN COMPUTER IMPRISIONMENT UPTO 1 OFFENCE IS BAILABLE,
EMERGENCYRESPONSE TEAM TO SERVE YEAR, OR/AND WITH NON-COGNIZABLE
AS NATIONAL AGENCY FOR INCIDENT FINE UPTO 1,00,000
RESPONSE.ANY SERVICE
PROVIDE,INTERMEDIARIES,DATA
CENTERSETC,WHO FAILSTO PROVE THE
INFORMATION CALLED FOR OR COMPLY
WITH THE DIRECTION ISSUED BY THE
CERT-IN
71 MISREPRESENTATION TO THE IMPRISIONMENT UPTO 2 OFFENCE IS BAILABLE,
CONTROLLER TO THE CERTIFYING YEARS, OR/AND WITH NON-COGNIZABLE
AUTHORITY FINE UPTO 1,000,00
72 BREACH OF CONFIDENTIALITY AND IMPRISIONMENT UPTO 2 OFFENCE IS BAILABLE,
PRIVACY YEARS, OR/AND WITH NON-COGNIZABLE
FINE UPTO 1,000,00
72A DISCLOSURE OF INFORMATION IN IMPRISIONMENT UPTO 3 OFFENCE IS BAILABLE,
BREACH OF LAWFUL CONTRACT YEARS, OR/AND WITH COGNIZABLE
FINE UPTO 5,00,000
73 PUBLISHING ELECTRONIC SIGNATURE IMPRISIONMENT UPTO 2 OFFENCE IS BAILABLE,
CERTIFICATE FALSE IN CERTAIN YEARS, OR/AND WITH NON-COGNIZABLE
PARTNERS FINE UPTO 1,00,000
74 PUBLICTION FOR FRAUDLENT PURPOSE IMPRISIONMENT UPTO 2 OFFENCE IS BAILABLE,
YEARS, OR/AND WITH NON-COGNIZABLE
FINE UPTO 1,00,000

❖ How criminals plan the attacks in cyber security ?

Criminals plan passive and active attacks.Active attacks are usually used to alter the system,
whereas passive attacks attempt to gain information about the target. Active attacks may
affect the availability, integrity and authenticity of data whereas passive attacks lead to
breaches of confidentiality.
The following phases are involved in planning cybercrime:
1. Reconnaissance (information gathering) is the first phase and is treated as passive
attacks.
2. Scanning and scrutinizing the gathered information for the validity of the information
as well as to identify the existing vulnerabilities.
3. Launching an attack (gaining and maintaining the system access).

()
1. Reconnaissance
The literal meaning of "Reconnaissance" is an act of reconnoitering- explore, often with the
goal of finding something or somebody (especially to gain information about an enemy or
potential enemy).
In the world of "hacking," reconnaissance phase begins with "Footprinting" - this is the
preparation toward preattack phase, and involves accumulating data about the target's
environment and computer architecture to find ways to intrude into that environment.
Footprinting gives an overview about system vulnerabilities and provides a judgment about
possible exploitation of those vulnerabilities. The objective of this preparatory phase is to
understand the system, its networking ports and services, and any other aspects of its security
that are needful for launching the attack.
Thus, an attacker attempts to gather information in two phases: passive and active attacks.
2. Passive Attacks
A passive attack involves gathering information about a target without his/her (individual's or
company's) knowledge. It can be as simple as watching a building to identify what time
employees enter the building's premises. However, it is usually done using Internet searches
or by Googling (i,e., searching the required information with the help of search engine
Google) an individual or company to gain information.
1. Google or Yahoo search: People search to locate information about employees.
2. Surfing online community groups like Orkut/Facebook will prove useful to gain the
information about an individual.
3. Organization's website may provide a personnel directory or information about key
employees, for example, contact details, E-Mail address, etc. These can be used in a
social engineering attack to reach the target.
4. Blogs, newsgroups, press releases, etc. are generally used as the mediums to gain
information about the company or employees.
5. Going through the job postings in particular job profiles for technical persons can
provide information about type of technology, that is, servers or infrastructure devices
a company maybe using on its network.
3. Active Attacks
An active attack involves probing the network to discover individual hosts to confirm the
information (IP addresses, operating system type and version, and services on the network)
gathered in the passive attack, phase. It involves the risk of detection and is also called
"Rattling the doorknobs" or "Active reconnaissance."

()
Active reconnaissance can provide confirmation to an attacker about security measures in
place,, but the process can also increase the chance of being caught or raise suspicion.
4. Scanning and Scrutinizing Gathered Information
Scanning is a key step to examine intelligently while gathering information about the target.
The objectives of scanning are as follows:
1. Port scanning: Identify open/close ports and services.
2. Network scanning: Understand IP Addresses and related information about the
computer network systems.
3. Vulnerability scanning: Understand the existing weaknesses in the system.
The scrutinizing phase is always called "enumeration" in the hacking world. The objective
behind this step is to identify:
1. The valid user accounts or groups;
2. Network resources and/or shared resources
3. OS and different applications that are running on the OS.
5. Attack (Gaining and Maintaining the System Access)
After the scanning and enumeration, the attack is launched using the following steps:
1. Crack the password
2. Exploit he password
3. Execute the malicious command/applications;
4. Hide the files (if required);
5. Cover the tracks - delete the access logs, so that there is no trail illicit activity.
Social engineering is the tactic of manipulating, influencing, or deceiving a victim in order to
gain control over a computer system, or to steal personal and financial information.

❖ What is social engineering?

Social engineering is a manipulation technique that exploits human error to obtain private
information or valuable data. In cybercrime, the human hacking scams entice unsuspecting
users to disclose data, spread malware infections, or give them access to restricted systems.
Attacks can occur online, in-person, and by other interactions. Social engineering scams are
based on how people think and act.
Hackers try to exploit the user's knowledge. Thanks to technology's speed, many consumers
and employees are not aware of specific threats such as drive-by downloads. Users cannot
realize the value of personal data like phone number. Many users are unsure of how best to
protect themselves and theirconfidential information.Social engineering attackers have two
goals:
 1. Subversion: Interrupting or corrupting data due to loss or inconvenience.
2. Theft: Obtaining valuable items such as information, access or
How does social engineering work?
Most social engineering attacks depend on real communication between attackers and victims.
Instead of using brute force methods to breach the data, the attacker prompts the user to
compromise.
The attack cycle gives the criminals a reliable process to deceive you. The stages of the social
engineering attack cycle are below:
o Prepare by gathering background information on a large group.
o Infiltrate by building trust, establishing a relationship or starting a conversation.
o Establish the victim once more to confront the attack with confidence and weakness.
o Once the user takes the desired action, release it.
Characteristics of Social Engineering Attack
Social engineering attack centerson the attacker's use of persuasion and confidence.
High emotions: Emotional manipulation gives attackers the upper hand in any conversation.
The below feelings are used equally to explain to you.
o Fear
o excitement
o Curiosity
o Anger
o Crime
o Sadness
Time-sensitive occasions or requests are other reliable tools in an attacker's arsenal.
Confidence: Credibility is invaluable and necessary for a social engineering attack. If the
attacker is lying to us, confidence plays an important role. They have done enough research to
prepare a narrative for us that is easy to believe and is unlikely to reduce suspicion.
Types of Social Engineering Attacks
Every type of cybersecurity attack involves some social engineering. For example, classic
email and virus scams are laden with social overtones. Some of the standard methods used
by social engineering attackers are below:
Phishing Attacks
Phishing attackers pretend to a trusted institution or person in an attempt to convince you to
uncover personal data and valuables.Attacks by using phishing are targeted in two ways:

()
 o Spam phishing is a widespread attack for some users. The attacks are non-personal
and try to capture any irresponsible person.
o Phishing and whaling use personal information to target particular users. The whaling
attacks are aimed at high-profile individuals such as celebrities, upper management and
higher government officials.Whether it is direct communication or by a fake website,
anything you share goes directly into the seamster's pocket.You can also be fooled
into the next stage of the phishing attack malware download. The methods used in
phishing are unique methods of delivery.
o Voice phishing (Wishing) phone calls can be an automated messaging system
recording all your inputs. The person can speak with you to build trust.
o SMS phishing (SMS) texts or mobile app messages may indicate a web link or follow-
up via a web link or phone number. A web link, phone number, or malware attachment
may be used.
o Angler phishing takes place on social media, where the attacker mimics the customer
service team of a trusted company. They interrupt your communication with a brand
and turn the conversations into private messages, where they escalate the attack.
o Search engine phishing attempts to place links to fake websites at the top of any search
results. The advertisements will be paid or use valid optimization methods to
manipulate search rankings.The links are given in email, text, social media
messages and online advertisements.
o In-session phishing appears as an interruption to the normal web browsing.For
example, you can see fake pop-ups on the webpages you are currently viewing.
Baiting Attack
Baiting abuses your natural curiosity of exposing yourself as an attacker. The potential for
something exclusive is used to exploit us. An attack involves infecting us with malware.
Popular methods of baiting are:
o USB drives are left in public places, such as libraries and parking lots.
o Email attachment with details with free offer.
Physical Breach Attack
Physical violations include attackers, who would otherwise present themselves as legitimate
to access unauthorized areas or information.
This type of attack is common in enterprise environments, like the government, businesses,
or other organizations. Attackers pretend to be a representative of a trusted vendor for the

()
company. Some attackers may have recently been fired in retaliation against their former
employers.
They obscure their identity but are reliable enough to avoid questions. It requires little research
on the part of the attacker and involves high risk. Therefore, if someone is attempting this
method, they have identified a clear potential for a highly valued reward if successful.
o Preceding Attack:Trusting uses a misleading identity as a "trust" to establish trusts,
such as applying directly to a vendor or facility employee. The approach requires the
attacker to interact with you more actively. Once exploited, they are convinced that you
are legitimate.
o Access tailgating attack: Tailgating or piggybacking is the act of trapping any
authorized staff member in a restricted-access area.
Quid pro quo Attack
The term quid pro quo roughly means "a favor for a favor," which refers to exchanging your
information for some reward or other compensation in exchange for phishing. Offer to
participate in giveaways or research studies may make you aware of this type of attack.
Exploitation comes from making you happy for something valuable that comes with little
investment on your end. However, the attacker does not reward your data for you.
DNS Spoofing and Cash Poisoning Attack
DNS spoofing manipulates your browser and web server to visit malicious websites when you
enter a valid URL. DNS cache poisoning attacksinfect our device with valid URLs or routing
instructions for multiple URLs to connect to fake websites.
Scareware Attack
Scareware is a form of malware that is used to scare you into taking action. The deceptive
malware uses dangerous warnings that report fake malware infections or claim that your
accounts have been compromised.
Water Hole Attack
Watering hole attacks infect popular web pages with malware to affect multiple users at the
same time. Carefully planning on the part of the attacker is required to find vulnerabilities of
the specific sites.
Website owners can choose to delay software updates to keep the software that they know are
stable. Hackers recently misuse this behavior to target vulnerabilities.
Unusual Social Engineering Methods
o Fax-based Phishing: When a bank's customers receive a fake email that claims to be
from the bank - asking the customer to confirm their access code - by regular email.

()
 The customer was asked to print out the form in an email, fill in their details and fax
the form to the cyber criminal's telephone number.
o Traditional Mail Malware Delivery: Cybercriminals use a home-delivery service to
deliver CDs infected with Trojan spyware in Japan. The disc was delivered to
customers of a Japanese bank. The addresses was firstly stolen from the bank's
database.
Examples of Social Engineering Attacks
Worm Attack
Cybercriminal aims to get the user's attention to the link or infected file - and then allure the
user to click on it.
o In 2000, the Lavalier worm overloaded on the email servers of many companies. The
victims received an email inviting them to open anattached love letter. When she
opened the attached file, the worm copied all the contacts in the victim's address book.
o In January 2004, the Mydoom email worm, which appeared on the Internet, used texts
that mimicked mail servers' technical messages.
Peer-to-Peer (P2P) Network Attack
P2P networks are used to distribute malware. A worm or any Trojan virus will appear on
the P2P network; its name will attract attention and allow users to download and launch the
file. For example:
o AIM and AOL Password Hacker.exe
o Microsoft CD Key Generator .exe
o Play station emulator crack.exe
How to Solve any Social Engineering Attack
To avoid social engineering, you have to practice self-awareness. Always slow down and think
before you do anything or react.
▪ Have my feelings increased? When you are particularly curious, scared, or excited,
you are less likely to evaluate your actions' results. If your emotional state is advanced,
consider it a red flag.
▪ Did the message come from a valid sender? Carefully inspect email addresses and
social media profiles when receiving suspicious messages. There could be characters
that mimic others, such as "torn@example.com" instead of "tom@example.com." Fake
social media profiles that mimic your friend's photo, and many details are also standard.

()
 ▪ Has my friend sent me the message? It is always good to ask the sender if they were
the actual sender of the message in question. They can be hacked, and they may not be
detected, or someone may impersonate their accounts.
▪ Are attachments or links suspicious? If a link or filename appears unclear or odd in
a message, rethinking the entire communication's authenticity. Besides, consider when
the message itself raises an odd reference, time, or other red flags.
▪ Can this person prove his identity? It applies both in-person and online, as physical
violations require that you ignore the attacker's identity.
Ways to Protect from Social Engineering
In addition to an attack, you must be proactive about your privacy and security. The following
are some important ways to protect against all types of cyberattacks:
Secure communication and account management habits
▪ Online communication is where you are insecure. Social media, email and text
messages are common goals, but you want to inter-person.
▪ Never click on any email or message link.
▪ Use multi-factor authentication. When only passwords are used to secure them, online
accounts are more secure. Multi-factor authentication adds additional layers to verify
its identity at account login. These "factors" may have biometrics such as fingerprints
or facial recognition or passcodes sent via text message.
▪ Use a strong password. Each of your passwords must be unique and complex. You are
using several types of characters, including uppercase, numbers, and symbols. Also,
you can opt for the more extended password option. You may want to use Password
Manager to store and remember them securely to manage all your custom passwords,.
▪ Avoid sharing your schools, pets, place of birth, or other personal details. You will
make it harder for the criminal to crack your account.
▪ Be very conscious of making online friendships.
Secure Network Usage Habits
▪ Compiled online networks may be another point of exploited vulnerability for
background research. To avoid you using your data, take protective measures for any
network you connect to.
▪ Never let strangers connect to the main Wi-Fi At home or workplace, access to guest
Wi-Fi connections should be provided. It allows secure and secure access to your
primary encrypted, password-protected connection.

()
 ▪ Never let strangers connect to your personal Wi-Fi network. At home or work, access
to guest Wi-Fi connections should be provided.
▪ Always use aVirtual Private Network (VPN). VPNs are services that provide you with
a private, encrypted "tunnel" over the Internet connection.
▪ Protect all the networked devices and services.
Safe Device Use Habits
Protect your mobile phone, tablet and other computer devices with the belowpoints:
▪ Use comprehensive Internet security software. If the social strategy succeeds, malware
infection is an expected outcome. To counter rootkits, Trojans and bots, it is essential
to employ high-quality Internet security solutions to eliminate infections and help track
their source.
▪ Never keep your devices insecure in public.
▪ Please keep all your software updated as soon as it becomes available. Quick updates
give your software the necessary security fixes. When you skip or delay an update to
the operating system or applications, you leave a security holes to target hackers.

❖ What is Cyber stalking ?

Cyberstalking is a technologically-based "attack" on one person who has been targeted
specifically for that attack for reasons of anger, revenge or control. Cyberstalking can take
many forms, including: harassment, embarrassment and humiliation of the victim.
Types of Cyber Stalking:
• Webcam Hijacking: Internet stalkers would attempt to trick you into downloading and
putting in a malware-infected file that may grant them access to your webcam. the method
is therefore sneaky that it’s probably you wouldn’t suspect anything strange.
• Observing location check-ins on social media: In case you’re adding location check-
ins to your Facebook posts, you’re making it overly simple for an internet stalker to
follow you by just looking through your social media profiles.
• Catfishing: Catfishing happens via social media sites, for example, Facebook, when
internet stalkers make counterfeit user-profiles and approach their victims as a
companion of a companion.
• Visiting virtually via Google Maps Street View: If a stalker discovers the victim’s
address, then it is not hard to find the area, neighbourhood, and surroundings by using
Street View. Tech-savvy stalkers don’t need that too.
• Installing Stalkerware:One more method which is increasing its popularity is the use of
Stalkerware. It is a kind of software or spyware which keeps track of the location, enable
 access to text and browsing history, make an audio recording, etc. And an important thing
is that it runs in the background without any knowledge to the victim.
• Looking at geotags to track location:Mostly digital pictures contain geotags which is
having information like the time and location of the picture when shot in the form of
metadata. Geotags comes in the EXIF format embedded into an image and is readable
with the help of special apps. In this way, the stalker keeps an eye on the victim and gets
the information about their whereabouts.
Protective Measures:
▪ Develop the habit of logging out of the PC when not in use.
▪ Remove any future events you’re close to attending from the social networks if they’re
recorded on online approaching events and calendars.
▪ Set strong and distinctive passwords for your online accounts.
▪ Cyber Stalkers can exploit the low security of public Wi-Fi networks to snoop on your
online activity. Therefore, avoid sending personal emails or sharing your sensitive info
when connected to an unsecured public Wi-Fi.
▪ Make use of the privacy settings provided by the social networking sites and keep all
info restricted to the nearest of friends.
▪ Do a daily search on the internet to search out what information is accessible regarding
you for the public to check.
▪ What is cyber café in cyber security?
▪ A cybercafe is a type of business where computers are provided for accessing the
internet, playing games, chatting with friends or doing other computer-related tasks.
Cybercrime or a computer-oriented crime is a crime that includes a computer and a network.
The computer may have been used in the execution of a crime or it may be the target.
Cybercrime is the use of a computer as a weapon for committing crimes such as committing
fraud, identity theft, or breaching privacy.

❖ What is a botnet? why is it used?

A botnet (short for “robot network”) is a network of computers infected by malware that are
under the control of a single attacking party, known as the “bot-herder.” Each individual
machine under the control of the bot-herder is known as a bot.
Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data,
send spam, and allow the attacker to access the device and its connection.
Common Botnet Actions Include:
• Email spam– though email is seen today as an older vector for attack, spam botnets
are some of the largest in size. They are primarily used for sending out spam
messages, often including malware, in towering numbers from each bot. The Cutwail
botnet for example, can send up to 74 billion messages per day. They are also used to
spread bots to recruit more computers to the botnet.
• DDoS attacks– leverages the massive scale of the botnet to overload a target network
or server with requests, rendering it inaccessible to its intended users. DDoS attacks
target organizations for personal or political motives or to extort payment in exchange
for ceasing the attack.
• Financial breach– includes botnets specifically designed for the direct theft of funds
from enterprises and credit card information. Financial botnets, like the ZeuS botnet,
have been responsible for attacks involving millions of dollars stolen directly from
multiple enterprises over very short periods of time.
• Targeted intrusions– smaller botnets designed to compromise specific high-value
systems of organizations from which attackers can penetrate and intrude further into
the network. These intrusions are extremely dangerous to organizations as attackers
specifically target their most valuable assets, including financial data, research and
development, intellectual property, and customer information.
Botnets are created when the bot-herder sends the bot from his command and control servers
to an unknowing recipient using file sharing, email, or social media application protocols or
other bots as an intermediary. Once the recipient opens the malicious file on his computer,
the bot reports back to command and control where the bot-herder can dictate commands to
infected computers. Below is a diagram illustrating these relationships:

()
A number of unique functional traits of bots and botnets make them well suited for long-term
intrusions. Bots can be updated by the bot-herder to change their entire functionality based on
what he/she would like for them to do and to adapt to changes and countermeasures by the
target system. Bots can also utilize other infected computers on the botnet as communication
channels, providing the bot-herder a near infinite number of communication paths to adapt to
changing options and deliver updates. This highlights that infection is the most important
step, because functionality and communication methods can always be changed later on as
needed.

As one of the most sophisticated types of modern malware, botnets are an immense
cybersecurity concern to governments, enterprises, and individuals. Whereas earlier malware
were a swarm of independent agents that simply infected and replicated themselves, botnets
are centrally coordinated, networked applications that leverage networks to gain power and
resilience. Since infected computers are under the control of the remote bot-herder, a botnet is
like having a malicious hacker inside your network as opposed to just a malicious executable
program.

❖ What do you understand by: botnets the fuel for cybercrime?

A botnet is a network of internet-connected devices that are infected with malware and
controlled by a single attacker, known as the bot-herder. The bot-herder can use the botnet to
perform a variety of malicious activities. Each of the infected devices is known as Bots, and a
hacker/cybercriminal known as the "Bot herder" remotely controls them. A bot is also called a
zombie, and a botnet is referred to as a zombie army.
How Does a Botnet Work?
Now that you have a good understanding of what is a botnet, it’s time to dive deeper into
learning how a botnet works. Below are the steps that are carried out to initiate a botnet
attack:
• Prepping the Botnet Army: The first step in creating a botnet is to infect as many
connected devices as possible, to ensure that there are enough bots to carry out the attack.
It uses the computing power of the infected devices for tasks that remain hidden to the
device owners. However, the fraction of bandwidth taken from a single machine isn't
sufficient, and hence the Botnet combines millions of devices to carry out large-scale
attacks. This way, it creates bots either by exploiting security gaps in software or websites
or phishing emails. They often deploy botnets through a trojan horse virus.
• Establishing the connection: Once it hacks the device, as per the previous step, it infects it
with a specific malware that connects the device back to the central botnet server. This
way, it connects all the devices within the botnet network, and they are ready to execute
the attack. A bot herder uses command programming to drive the bot's actions.
•
•

• Launching the attack: Once infected, a bot allows access to admin-level operations like
gathering and stealing user data, reading and writing system data, monitoring user
activities, performing DDoS attacks, sending spam, launching brute force attacks, crypto
mining, and so on.
 As seen in the above image, a bot herder initiates the attack by infecting several devices with
malicious code, which acts as the Botnet. In the next step, these devices take over and
conduct the final cyber attack. Therefore, even if you trace the cyberattack back in such a
scenario, you cannot trace the bot herder easily.
In the next segment of this tutorial on what is a botnet, you will dive deeper into
understanding botnets and look at the architecture of a botnet.
Botnet Architecture
A botnet architecture has developed over a while for improved working and slimmer chances
of getting traced. As seen previously, once it infects the desired number of devices, the
botmaster (bot herder) takes control of the bots using two different approaches.
• Client-Server Model

Fig: Client-server model

The client-server model is a traditional model that operates with the help of a command and
control (C&C) server and communication protocols like IRC. For example, IRC or Internet
Relay Chat sends automated commands to the infected bot devices.

()
Before engaging in a cyberattack, it frequently programs the bots to remain dormant and
await commands from the C&C server. When the bot herder issues a command to the server,
it is then relayed to the clients. Following this, the clients run the commands and report back
to the bot herder with the findings.
• The P2P Botnet

Fig: Peer-to-Peer Network

Instead of using C&C servers, we have the P2P approach. Here, controlling infected bots
involves a peer-to-peer network that relies on a decentralized approach. As seen in the above
image, bots are topologically interconnected and act as both C&C servers and clients. Today,
hackers adopt this approach to avoid detection and single-point failure.
In the P2P botnet approach, the infected devices scan for malicious websites or other devices.
The bot carefully probes random IP addresses until it comes in contact with another infected
machine. The bots then share updated commands or the latest versions of the malware.
The next part of this tutorial on what is a botnet will acquaint you with the famous botnets of
all time.
Famous Botnet Attacks
Now that you have understood how a botnet works, you can imagine how dangerous it can
be. The networks of enslaved devices are behind various dangerous cyber attacks. You will
now look at a few sophisticated botnets.
• Mirai
Mirai is one of the famous botnets associated with IoT devices. First found in 2016, it
primarily targets online consumer devices and has been used in some of the most disruptive
DDoS attacks.
• Mariposa

()
Emerged in 2009, the Mariposa botnet committed online scams and launch DDoS assaults. It
was also stealing personal account credentials from victims so that its operators could sell
them on the Dark Web.
• Zeus
This financial Trojan accounted for 90% of all global online bank fraud instances at their
peak. Emerging in July 2007, it was used to steal data from the United States Department of
Transportation.
• Storm
First identified in 200, Storm was one of the first P2P botnets with a massive network ranging
from 250,000 to 1 million infected devices. The Storm handled attacks from DDoS to identify
theft.
• 3ve
First discovered in 2016, 3ve was a different type of Botnet that did not steal data or money
and instead generated fake clicks on online advertisements hosted by fake websites.
Those were a few of the destructive and dangerous botnets in history. So, heading to the next
section of this tutorial on what is a botnet, you will learn how to protect yourself from a
botnet attack.
How to Protect Yourself from Botnets
You require an all-inclusive strategy ranging from good surfing habits to software updates to
anti-virus protection to prevent botnet infection. Listed below are some essential methods to
keep botnets away.
1. Updating your operating system is a good malware preventative measure.
2. Beware of phishing emails and avoid email attachments from suspicious sources.
3. Refrain from clicking on suspicious links and be careful about which site you use for
downloading information.
4. Install anti-virus, anti-spyware, and firewalls on your systems.
5. If you are a website owner, establish a multi-factor verification method and
implement DDoS protection tools. This will safeguard your website from botnet
attacks.
Attackers may infect your system with malware that grants remote access to a command and
control server. Once they have infected hundreds or even thousands of computers they can
establish a botnet, which can be used to send phishing emails, launch other cyber attacks,
steal sensitive data, or mine cryptocurrency

()
How Do Attackers Exploit Attack Vectors?
There are many ways to expose, alter, disable, destroy, steal or gain unauthorized access to
computer systems, infrastructure, networks, operating systems, and IoT devices.
In general, attack vectors can be split into passive or active attacks:
Passive Attack Vector Exploits
Passive attack vector exploits are attempts to gain access or make use of information from the
system without affecting system resources, such as typosquatting, phishing, and
other social engineering-based attacks.
Active Attack Vector Exploits
Active cyber attack vector exploits are attempts to alter a system or affect its operation such
as malware, exploiting unpatched vulnerabilities, email spoofing, man-in-the-middle
attacks, domain hijacking, and ransomware.
That said, most attack vectors share similarities:
• The attacker identifies a potential target
• The attacker gathers information about the target using social
engineering, malware, phishing, OPSEC, and automated vulnerability scanning
• Attackers use the information to identify possible attack vectors and create or use
tools to exploit them
• Attackers gain unauthorized access to the system and steal sensitive data or install
malicious code
• Attackers monitor the computer or network, steal information, or use computing
resources.
One often overlooked attack vector is your third and fourth-party vendors and service
providers. It doesn't matter how sophisticated your internal network security and information
security policies are — if vendors have access to sensitive data, they are a huge risk to your
organization.
This is why it is important to measure and mitigate third-party risks and fourth-party risks.
This means it needs to be part of your information security policy and information risk
management program.
Consider investing in threat intelligence tools that help automate vendor risk
management and automatically monitor your vendor's security posture and notify you if it
worsens.
Every organization now needs a third-party risk management framework, vendor
management policy, and vendor risk management program.

()
Before considering a new vendor perform a cybersecurity risk assessment to understand what
attack vectors you could be introducing to your organization by using them and ask about
their SOC 2 compliance.
How to Defend Against Common Attack Vectors
To address common attack vectors, security controls must spread across the majority of the
attack surface. The process begins by identifying all possible entry points into your private
network - a delineation that will differ across all businesses.
The following cyber defense strategies will help you block frequently abused entry points and
also highlight possible regions in your ecosystem that might be housing attack vectors.
• Create secure IoT credentials - Most IoT devices still use their predictable factory
login credentials, making them prime targets for DDoS attacks.
• Use a password manager - Password managers ensure login credentials are strong
and resilient to brute force attacks.
• Educate employees - To prevent staff from falling common for social engineering
and phishing tactics, they need to be trained on how to identify and report potential
cybercriminal activity. Humans will always be the weakest points in every security
program.
• Identify and shut down data leaks - Most businesses are unknowingly leaking
sensitive data that could facilitate data breaches. A data leak detection solution will
solve this critical security issue.
• Detect and remediate all system vulnerabilities - This should be done for both the
internal and external vendor networks. An attack surface monitoring solution can help
you do this.
• Keep antivirus software updated - Updates keep antivirus software informed of the
latest cyber threats roaming the internet.
• Keep third-party software regularly updated - Software updates contain critical
patches for newly discovered attack vectors. Many cyber attackers have achieved
success by abusing known vulnerabilities in out-of-date software.

()