MODULE 1

THREAT
S
WHAT IS THREAT?

◼ A computer security threat refers to any possible malicious attack that seeks to unlawfully access data, disrupt
digital operations or damage information.
◼ Cyber attackers can use an individual’s or a company’s sensitive data to steal information or gain access to their
financial accounts.
◼ Computer security threats are potential threats to computer’s efficient operation and performance.
THE TYPES OF COMPUTER SECURITY THREATS
◼ Threat is a possible security violation that might exploit the vulnerability of a system or asset. The origin of the threat
may be accidental, environmental (natural disaster), human negligence, or human failure. Difference types of security
threats are an interruption, interception, fabrication, and modification.
◼ The following are the types of computer security threats:
◼ Physical Threats
◼ A physical danger to computer systems is a potential cause of an occurrence/event that could result in data loss or
physical damage.
◼ It can be classified as:
◼ Internal: Short circuit, fire, non-stable supply of power, hardware failure due to excess humidity, etc.
◼ External: Disasters such as floods, earthquakes, landslide, etc.
◼ Human: Destroying of infrastructure and/or hardware, thefts, disruption, and unintentional/intentional errors.
NON-PHYSICAL THREATS

◼ A non-physical threat is a potential source of an incident that could result in:

◼ Hampering of the business operations that depend on computer systems.
◼ Sensitive – data or information loss
◼ Keeping track of other’s computer system activities illegally.
◼ Hacking id & passwords of the users, etc.
THE TYPES OF NON-PHYSICAL THREATS ARE:

◼ Denial of Service (DoS)

◼ Man in the middle
◼ Malware
◼ SQL injection
◼ Spyware
◼ Phishing
◼ Ransomeware
◼ Key-loggers
◼ Virus ◼ Cryptojacking
◼ Worms ◼ Rootkits

◼ Trojan ◼ Emotet
◼ Password attacks
MALWARE

◼ Malware means malicious software.

◼ It is a type of computer program that infiltrates and damages systems without the users’ knowledge.
◼ Malware is activated when a user clicks on a malicious link or attachment, which leads to installing
dangerous software.
◼ Malware tries to go unnoticed by either hiding or not letting the user know about its presence on the
system.
◼ It may notice that the system is processing at a slower rate than usual.
SPYWARE

◼ Spyware is a type of computer program that tracks, records, and reports a user’s activity (offline and online)
without their permission for the purpose of profit or data theft.
◼ Spyware can be acquired from a variety of sources, including websites, instant chats, and emails.
◼ A user may also unwittingly obtain spyware by adopting a software program’s End User License Agreement.
◼ Adware is a sort of spyware that is primarily utilized by advertising.
◼ When go online, it keeps track of web browsing patterns in order to compile data on the types of websites visit.
RANSOMWARE

◼ Ransomware is a data-encrypting program that demands payment to release the

infected data. The overall sum of ransom demands will have reached $1.4 billion in
2020, with an average sum to rectify the damage reaching up to $1.45 million.
Ransomware is the third most popular type of malware used in data breaches and
is employed in 22% of the cases.
◼ A user or organization is denied access to their own systems or data via encryption.
◼ The attacker typically demands a ransom be paid in exchange for a decryption key to
restore access, but there is no guarantee that paying the ransom will actually restore
full access or functionality.
VIRUS

A Virus is a “program that is loaded onto your computer without your knowledge and runs against your wishes

◼ It is a program that replicates itself and infects computer’s files and programs, rendering them inoperable.
◼ It is a type of malware that spreads by inserting a copy of itself into and becoming part of another program.
◼ It spreads with the help of software or documents.
◼ They are embedded with software and documents and then transferred from one computer to another using the
network, a disk, file sharing, or infected e-mail.
◼ They usually appear as an executable file.
HOW DOES A COMPUTER GET A VIRUS?

◼ Even if you’re careful, you can pick up computer viruses through normal Web activities like:

• Sharing music, files, or photos with other users

• Visiting an infected website
• Opening spam email or an email attachment
• Downloading free games, toolbars, media players and other system utilities
• Installing mainstream software applications without thoroughly reading license agreements
WORMS

▪ Computer worms are similar to viruses in that they replicate themselves and can inflict similar damage.
▪ Unlike viruses, which spread by infecting a host file, worms are freestanding programs that do not require a host
program or human assistance to proliferate.
▪ Worms don’t change programs, instead, they replicate themselves over and over.
▪ They just eat resources to make the system down.
HOW DO COMPUTER WORMS WORK?

▪ Worms can be transmitted via software vulnerabilities. Or computer worms could arrive as attachments in spam
emails or instant messages (IMs). Once opened, these files could provide a link to a malicious website or
automatically download the computer worm. Once it’s installed, the worm silently goes to work and infects the
machine without the user’s knowledge.
▪ Worms can modify and delete files, and they can even inject additional malicious software onto a computer.
Sometimes a computer worm’s purpose is only to make copies of itself over and over — depleting system
resources, such as hard drive space or bandwidth, by overloading a shared network.
TROJAN

▪ A Trojan Horse Virus is a type of malware that downloads onto a computer disguised as a legitimate program
▪ A Trojan horse is malicious software that is disguised as a useful host program.
▪ A Trojan horse, often known as a Trojan, is malicious malware or software that appears to be legal yet has the
ability to take control of your computer.
▪ A Trojan is a computer program that is designed to disrupt, steal, or otherwise harm your data or network.
▪ When the host program is run, the Trojan performs a harmful/unwanted action.
DENIAL OF SERVICE (DOS)

▪ A Denial of Service attack is one in which an attacker tries to prohibit legitimate users from obtaining
information or services.
▪ An attacker tries to make a system or network resource unavailable to its intended users in this
attack.
▪ The web servers of large organizations such as banking, commerce, trading organizations, etc. are the
victims.
◼ Victims of DoS attacks often target web servers of high-profile organizations such as banking,
commerce, and media companies, or government and trade organizations. Though DoS attacks do not
typically result in the theft or loss of significant information or other assets, they can cost the victim a
great deal of time and money to handle.
◼ There are two general methods of DoS attacks: flooding services or crashing services. Flood attacks
occur when the system receives too much traffic for the server to buffer, causing them to slow down
and eventually stop.
 MAN IN THE MIDDLE

◼ A man-in-the-middle (MITM) attack occurs when hackers

insert themselves into a two-party transaction.
◼ After interrupting the traffic, they can filter and steal data.
◼ MITM attacks often occur when a visitor uses an unsecured
public Wi-Fi network.
◼ Attackers insert themselves between the visitor and the
network, and then use malware to install software and use
data maliciously.
 SQL INJECTION

◼ A Structured Query Language (SQL) injection is a type of

cyber attack that results from inserting malicious code into a
server that uses SQL.
◼ When infected, the server releases information.
◼ Submitting the malicious code can be as simple as entering it
into a vulnerable website search box.
◼ What is SQL Injection Attack?
◼ SQL injection is a common attack vector that allows
users with malicious SQL code to access hidden
information by manipulating the backend of
databases. This data may include sensitive business
information, private customer details, or user lists.
◼ A successful SQL injection can result in deletion of
entire databases, unauthorized use of sensitive
data, and unintended granting of administrative
rights to a database.
◼ This results in the SQL query:

◼ SELECT * FROM products WHERE category = 'Gifts' OR 1=1--' AND released = 1

◼ The modified query will return all items where either the category is Gifts, or 1 is equal to 1. Since 1=1 is always
true, the query will return all items.
PHISHING

◼ Phishing is a type of attack that is frequently used to obtain

sensitive information from users, such as login credentials and
credit card details.
◼ They deceive users into giving critical information, such as bank
and credit card information, or access to personal accounts, by
sending spam, malicious Web sites, email messages, and instant
chats.
◼ Phishing attacks use fake communication, such as an email, to
trick the receiver into opening it and carrying out the
instructions inside, such as providing a credit card number.
◼ The goal is to steal sensitive data like credit card and login
information or to install malware on the victim’s machine.
KEY-LOGGERS

◼ Keyloggers can monitor a user’s computer activity in real-time.

◼ Keylogger is a program that runs in the background and records every keystroke made by a user, then sends the
data to a hacker with the intent of stealing passwords and financial information.
◼ Keyloggers are often used as a spyware tool by cybercriminals to steal personally identifiable information (PII),
login credentials and sensitive enterprise data.
KEY-LOGGERS

◼ Keyloggers can monitor a user’s computer activity in real-time.

◼ Keylogger is a program that runs in the background and records every keystroke made by a user, then sends the
data to a hacker with the intent of stealing passwords and financial information.
◼ Keyloggers are often used as a spyware tool by cybercriminals to steal personally identifiable information (PII),
login credentials and sensitive enterprise data.
TYPES OF KEYLOGGERS

◼ A hardware-based keylogger is a small device that serves as a connector between the keyboard and the
computer.
◼ A keylogging software program does not require physical access to the user's computer for installation. It
can be purposefully downloaded by someone who wants to monitor activity on a particular computer, or it can
be malware downloaded unwittingly and executed as part of a rootkit or remote administration Trojan (RAT)
CRYPTOJACKING

◼ Cryptojacking is a type of cybercrime that involves the unauthorized use of people's devices (computers,
smartphones, tablets, or even servers) by cybercriminals to mine for cryptocurrency. Like many forms of
cybercrime, the motive is profit, but unlike other threats, it is designed to stay completely hidden from the
victim.
◼ Attackers deploy software on a victim’s device, and begin using their computing resources to generate
cryptocurrency, without their knowledge.
◼ Affected systems can become slow and cryptojacking kits can affect system stability.
ROOTKITS

◼ A rootkit is a type of malware designed to give hackers access to and control over a target device. Although
most rootkits affect the software and the operating system, some can also infect your computer’s hardware and
firmware. Rootkits are adept at concealing their presence, but while they remain hidden, they are active.
◼ A rootkit is a program or a collection of malicious software tools that give a threat actor remote access to and
control over a computer or other system. Although this type of software has some legitimate uses, such as
providing remote end-user support, most rootkits open a backdoor on victims' systems to introduce malicious
software -- including viruses, ransomware, keylogger programs or other types of malware -- or to use the system
for further network security attacks.
◼ Rootkits, which can be purchased on the dark web, can be installed during phishing attacks or employed as
a social engineering tactic to trick users into giving the rootkits permission to be installed on their systems, often
giving remote cybercriminals administrator access to the system. Once installed, a rootkit gives the remote actor
access to and control over almost every aspect of the operating system (OS).
 Hackers install rootkits on target machines in a number of ways:
1.The most common is through phishing or another type of social engineering
attack. Victims unknowingly download and install malware that hides within
other processes running on their machines and give the hackers control of
almost all aspects of the operating system.
2.Another way is through exploiting a vulnerability – i.e., a weakness in
software or an operating system that has not been updated – and forcing the
rootkit onto the computer.
3.Malware can also be bundled with other files, such as infected PDFs, pirated
media, or apps obtained from suspicious third-party stores.
EMOTET

◼ Emotet is a computer malware program that was originally developed in the form of a banking Trojan. The goal
was to access foreign devices and spy on sensitive private data. Emotet has been known to deceive basic antivirus
programs and hide from them. Once infected, the malware spreads like a computer worm and attempts to
infiltrate other computers in the network.
◼ Emotet is a Trojan that is primarily spread through spam emails (malspam). The infection may arrive either via
malicious script, macro-enabled document files, or malicious link. Emotet emails may contain familiar branding
designed to look like a legitimate email. Emotet may try to persuade users to click the malicious files by using
tempting language about “Your Invoice,” “Payment Details,” or possibly an upcoming shipment from well-known
parcel companies.
◼ Emotet continues to be among the most costly and destructive malware.
PASSWORD ATTACKS

◼ With the right password, a cyber attacker has access to a wealth of information.
◼ Cyber attackers that relies heavily on human interaction and often involves tricking people into breaking standard
security practices.
◼ Other types of password attacks include accessing a password database or outright guessing.
HOW TO MAKE YOUR SYSTEM SECURE?

Ans) In order to keep your system data secure and safe, you should take the following measures:
1. Always keep a backup of your data.
2. Install firewall software and keep it updated every time.
3. Make use of strong and difficult to crack passwords (having capital & small alphabets, numbers, and special characters).
4. Install antivirus/ anti-spyware and keep it updated every time.
5. Timely scan your complete system.
6. Before installing any program, check whether it is safe to install it (using Antivirus Software).
7. Take extra caution when reading emails that contain attachments.
8. Always keep your system updated.