1) Computer worms and types of computer worms

Worm: A self-replicating program. A worm is a malicious computer program that replicates itself usually over a computer
network. An attacker may use a worm to accomplish the following tasks;

--TYPES OF COMPUTER WORMS

Computer worms are categorized into following types on the basis of distributed systems.

1. Email Worms

The email box is worked as a client for worm. It has infected link or it contains some attachment in which the worm is
present and after its open the worm gets download into the system. The contacts also search by this worm and infect
system and sends links so that those systems are also destroyed. This types of worms may have double extensions like mp4
or video extensions so that the user believes it to be media extensions. This type of worm contains short link to open

the mail it does not have a downloadable link. With this link is worm is downloaded, and either it deletes the data or
modifies the same and the network is destroyed. A famous example is of ILOVEYOU email

worm which infected computers in 2000.

2. Internet Worms

In a technological era, everyone knows about Internet and it is used as a medium to connect with the other machines for
vulnerable search and affect them. If the system does not installed antivirus that systems

are affected easily with these worms. The local area connection or the internet are used to spread the worm in the
network.

3. File-Sharing Network Worms

In some cases, user downloads the files from some unknown sources like any link or device such type of files or devices may
have the worms which locates a shared folder and destroys other files. The

worms are replicated when another system downloads that worm contains file from the same network, And the same
process is repeated for all the systems until it reaches to all files or folders in the network.

These worms may have the extensions like media files or other hence users attract to download the same thinking that they
are an extension of the files. A famous example of this type of worm is worm ‘Phatbot’ which infected computers in 2004
through sharing files. The personal information such as credit card details and destroyed through this

worms on an unprecedented scale.

4. Instant Message and Chat Room Worms

In this types of worms, the user gets an invitation through some link via email or contact it act like human and chat with the
other machine via messages. After accepting the invitation and opens the message or

link, the system is infected. This worms contains the downloadable attachments or link of any website. User can have easily
destroy the worm by changing the security setting or changing the password or

simply deleting the messages.

5. IRC Worms

The full form of IRC is Internet Relay Chat this was a messaging application that was a created unique trend once. This
worms are responsible for destroying the contact list of IRC as this worms worked in the email and Instant. To destroy this
worm’s user needs to scan the system and update the security settings and identify the same. Installation of best antivirus
can be a solution to this worms also the application should be always update with its software.

2) Virus and types of viruses

--A vir
us is a computer program that attaches itself to legitimate programs and files without the user’s consent. Viruses can
consume computer resources such as memory and CPU time. The attacked programs and files are said to be “infected”. A
computer virus may be used to;
 • Access private data such as user id and passwords
• Display annoying messages to the user
• Corrupt data in your computer
• Log the user’s keystrokes

Here are the list of different types of computer viruses:

1. Boot Sector Virus: Boot sector virus infect the boot sector of storage devices like hard drives and floppy disks. When an

infected device is booted, the virus is loaded into memory, allowing it to infect other storage devices connected to the

computer.
2. Browser Hijacker: The browser hijacker virus modifies browser settings, redirects searches, and displays unwanted ads. It

aims to control user browsing behavior for malicious purposes.

3. Direct Action Virus: Direct action virus attaches itself to executable files and activates whenever an infected file is executed,

spreading to other files in the same directory.

4. Encrypted Virus: An encrypted virus uses encryption techniques to hide its malicious code, making it difficult to detect by

antivirus software and increasing its chances of successful infection.

5. File Infector Virus: File infectors infect executable files, such as .exe or .dll files, by embedding their code. Once the infected

file is executed, the virus becomes active and can potentially infect other files.

6. Macro Virus: Macro viruses infect files that contain macros, such as documents or spreadsheets. When the infected file is

opened, the macro virus executes its code, potentially causing damage.

7. Multipartite Virus: Multipartite virus infects the boot sector of a computer’s hard drive and executable files, making it difficult

to remove.

8. Polymorphic Virus: A polymorphic virus can change its code or signature while maintaining its malicious function. It creates

numerous slightly different copies of itself, making it more challenging to detect and remove by antivirus software.

9. Resident Virus: A resident virus embeds itself in the computer’s memory and remains active even after the infected

program has finished executing, allowing it to infect other files and systems.
10. Web Scripting Virus: A web scripting virus exploits vulnerabilities in web scripting languages, such as JavaScript, to execute

malicious code on websites and infect visitors’ devices with malware or steal their information.

3) What is trojan and types of trojans?

Trojans are deceptive programs that appear to perform one function, but in fact perform another, malicious function.
They might be disguised as free software, videos or music, or seemingly legitimate advertisements. The term
“trojan virus” is not technically accurate; according to most definitions, trojans are not viruses. A virus is a program
that spreads by attaching itself to other software, while a trojan spreads by pretending to be useful software or
content. Many experts consider spyware programs, which track user activity and send logs or data back to the
attacker, as a type of trojan. Trojans can act as standalone tools for attackers, or can be a platform for other
malicious activity. For example, trojan downloaders are used by attackers to deliver future payloads to a victim’s
device. Trojan rootkits can be used to establish a persistent presence on a user’s device or a corporate net work.

Types of Trojans

The first trojan was seen in the wild was ANIMAL, released in 1975. Since then, many millions of trojan variants have
emerged, which may be classified into many types. Here are some of the most common types.

Downloader Trojan

A downloader trojan downloads and deploy other malicious code, such as rootkits, ransomware or keyloggers. Many types
of ransomware distribute themselves via a “dropper”, a downloader trojan that installs on a user’s computer and deploys
other malware components.

A dropper is often the first stage in a multi-phase trojan attack, followed by the installation of another type of trojan that
provides attackers with a persistent foothold in an internal system. For example, a dropper can be used to inject a
backdoor trojan into a sensitive server.
 Backdoor Trojan

A backdoor trojan opens up a secret communication tunnel, allowing the local malware deployment to communicate with
an attacker’s Command & Control center. It may allow hackers to control the device, monitor or steal data, and deploy
other software.

Spyware

Spyware is software that observes user activities, collecting sensitive data like account credentials or banking details. The y
send this data back to the attacker. Spyware is typically disguised as useful software, so it is generally considered as a
type of trojan.

Rootkit Trojans

Rootkit trojans acquire root-level or administrative access to a machine, and boots together with the operating system, or
even before the operating system. This makes them very difficult to detect and remove.

DDoS Attack Trojan (Botnet)

A DDoS trojan turns the victim’s device into a zombie participating in a larger botnet. The attacker’s objective is to harvest
as many machines as possible and use them for malicious purposes without the knowledge of the device owners —typically
to flood servers with fake traffic as part of a Distributed Denial of Service (DoS) attack.

Trojan Horse Malware Examples

Following are some of the fastest-spreading and most dangerous trojan families.

Zeus

Zeus/Zbot is a malware package operating in a client/server model, with deployed instances calling back home to the Zeus
Command & Control (C&C) center. It is estimated to have infected over 3.6 million computers in the USA, including
machines owned by NASA, Bank of America and the US Department of Transportation.

Zeus infects Windows computers, and sends confidential data from the victim’s computer to the Zeus server. It is
particularly effective at stealing credentials, banking details and other financial information and transmit them to the
attackers.

The weak point of the Zeus system is the single C&C server, which was a primary target for law enforcement agencies.
Later versions of Zeus added a domain generation algorithm (GDA), which lets Zbots connect to a list of alternative
domain names if the Zeus server is not available.

Zeus has many variants, including:

• Zeus Gameover—a peer-to-peer version of the Zeus botnet without a centralized C&C.
• SpyEye—designed to steal money from online bank accounts.
• Ice IX—financial malware that can control content in a browser during a financial transaction, and extract credentials
and private data from forms.
• Citadel—an open-source variant of Zeus that has been worked on and improved by a community of cybercriminals, and
was succeeded by Atmos.
• Carberp—one of the most widely spread financial malware in Russia. Can exploit operating system vulnerabilities to gain
root access to target systems.
• Shylock—uses a domain generation algorithm (DGA), used to receive commands from a large number of malicious
servers.

ILOVEYOU

ILOVEYOU (commonly referred to as the “ILOVEYOU virus”) was a trojan released in 2000, which was used in the world’s
most damaging cyberattack, which caused $8.7 billion in global losses.
The trojan was distributed as a phishing email, with the text “Kindly check the attached love letter coming from me”, with
an attachment named “ILOVEYOU” that appeared to be a text file. Recipients who were curious enough to open the
attachment became infected, the trojan would overwrite files on the machine and then send itself to their entire contact
list. This simple but effective propagation method caused the virus to spread to millions of computers .

Cryptolocker

Cryptolocker is a common form of ransomware. It distributes itself using infected email attachments; a common message
contains an infected password-protected ZIP file, with the password contained in the message. When the user opens the
ZIP using the password and clicks the attached PDF, the trojan is activated. It searches for files to encrypt on local drives
and mapped network drives, and encrypts the files using asymmetric encryption with 1024 or 2048 -bit keys. The attackers
then demand a ransom to release the files.

Stuxnet

Stuxnet was a specialized Windows Trojan designed to attack Industrial Control Systems (ICS). It was allegedly used to
attack Iran’s nuclear facilities. The virus caused operator monitors to show business as usual, while it changed the speed
of Iranian centrifuges, causing them to spin too long and too quickly, and destroying the equipment.

4) What is Malware and how to prevent malware attacks?

Malware is software that infects computer systems to damage, disable or exploit the computer or network to: Steal, encrypt or delete
sensitive information, Hijack or alter core system functions, Monitor user activity without permission, Extort money, Introduce spam
or forced advertising

1. Install anti-virus and anti-spyware software.

Anti-virus and anti-spyware programs scan computer files to identify and remove malware. Be sure to:

• Keep your security tools updated.

• Immediately remove detected malware.
• Audit your files for missing data, errors, and unauthorized additions.

2. Use secure authentication methods.

The following best practices help keep accounts safe:

• Require strong passwords with at least eight characters, including an uppercase letter, a lowercase letter, a number and a sy mbol
in each password.
• Enable multi-factor authentication, such as a PIN or security questions in addition to a password.
• Use biometric tools like fingerprints, voiceprints, facial recognition and iris scans.
• Never save passwords on a computer or network. Use a secure password manager if needed.

3. Use administrator accounts only when absolutely necessary.

Malware often has the same privileges as the active user. Non-administrator accounts are usually blocked from accessing the most
sensitive parts of a computer or network system. Therefore:

• Avoid using administrative privileges to browse the web or check email.

• Log in as an administrator only to perform administrative tasks, such as to make configuration changes.
• Install software using administrator credentials only after you have validated that the software is legitimate and secure.
 4. Keep software updated.

No software package is completely safe against malware. However, software vendors regularly provide patches and updates to cl ose
whatever new vulnerabilities show up. As a best practice, validate and install all new software patches:

• Regularly update your operating systems, software tools, browsers and plug-ins.
• Implement routine maintenance to ensure all software is current and check for signs of malware in log reports.

5. Control access to systems.

There are multiple ways to regulate your networks to protect against data breaches:

• Install or implement a firewall, intrusion detection system (IDS) and intrusion prevention system (IPS).
• Never use unfamiliar remote drives or media that was used on a publicly accessible device.
• Close unused ports and disable unused protocols.
• Remove inactive user accounts.
• Carefully read all licensing agreements before installing software.

6. Adhere to the least-privilege model.

Adopt and enforce the principle of least-privilege: Grant users in your organization the minimum access to system capabilities,
services and data they need to complete their work.

7. Limit application privileges.

A hacker only needs an open door to infiltrate your business. Limit the number of possible entryways by restricting applicati on
privileges on your devices. Allow only the application features and functions that are absolutely necessary to get work done.

8. Implement email security and spam protection.

Email is an essential business communication tool, but it’s also a common malware channel. To reduce the risk of infection:

• Scan all incoming email messages, including attachments, for malware.

• Set spam filters to reduce unwanted emails.
• Limit user access to only company-approved links, messages and email addresses.

9. Monitor for suspicious activity.

Monitor all user accounts for suspicious activity. This includes:

• Logging all incoming and outgoing traffic

• Baselining normal user activity and proactively looking for aberrations
• Investigating unusual actions promptly

10. Educate your users.

At the end of the day, people are the best line of defense. By continually educating users, you can help reduce the risk that they will be
tricked by phishing or other tactics and accidentally introduce malware into your network. In particular:

• Build awareness of common malware attacks.

• Keep users up to date on basic cybersecurity trends and best practices.
• Teach users how to recognize credible sites and what to do if they stumble onto a suspicious one.
• Encourage users to report unusual system behavior.
• Advise users to only join secure networks and to use VPNs when working outside the office.

5) What is Dos and DDos Attack?

DOS Attack is a denial of service attack, in this attack a computer sends a massive amount of traffic to a victim’s computer and
shuts it down. Dos attack is an online attack that is used to make the website unavailable for its users when done on a websi te.
This attack makes the server of a website that is connected to the internet by sending a large number of traffic to it. A denial-of-
service attack, or DoS attack, is any attack that aims to prevent access to a service for legitimate users. That service might be a
website, an email account, a network, or a device. The attack can target any potential users of the service, or one user in p articular. For
example, a DoS attack could target one person’s device to prevent them from accessing the internet, or it could target a website to
deny access to all of its visitors.Attackers can use DoS attacks to make companies lose business, or hold companies to ransom by
threatening attack. They might also use DoS attacks to distract their victim from other types of attacks, for example, as a c over to break
into a server and steal sensitive data. Sometimes this form of attack has political motivations, for example, the hacker collective
Anonymous uses DoS and DDoS attacks to take down government and corporate websites that they disagree with. There are lots of
different ways of conducting a DoS attack, but broadly, they fall into two types:

Sending illegitimate data (teardrop attack)

• Flooding the victim with data (flooding attack)

In a teardrop attack, the attacker sends data to the victim that the victim doesn’t know how to process. It spends so long or so many
resources trying to interpret the data that the service slows down or stops. For example, the attacker might send large data packets,
broken down into fragments to be reassembled by the victim. The attacker might change how the packet is broken down so that the
victim doesn’t know how to reassemble it.

In a flooding attack, the attacker floods the victim with so many messages that it overwhelms them. The service slows down or stops
for legitimate users, because it cannot handle so many simultaneous demands.

DoS attacks are difficult to defend against. One technique to defend against flooding is to rate limit users, which means only allowing
individuals to send a certain number of requests per minute. However, the distributed denial -of-service attack helps attackers to get
round this defence.

2. DDOS Attack means distributed denial of service in this attack dos attacks are done from many different locations using many
systems In a distributed denial-of-service (or DDoS) attack, the attacker carries out a DoS attack using several computers. These
computers are often infected bots, which we discussed in the previous step.Controlling lots of computers at the same time allows an attacker
to send a greater number of messages, which increases the chances of their DoS attack being effective. Also, the bots that th e attacker
controls could be located anywhere in the world and would all have separate IP addresses. This means that protections like rate limiting won’t
stop the attack.In a standard DoS attack, if the victim can identify the attacker, they might be able to block their messages. However, when the
attacker is made up of lots of different computers, the victim might not be able to tell the difference between the bots and the legitimate users.
Sometimes websites just receive a high quantity of traffic because lots of people want to use their service, and it can be ex tremely difficult to
tell when this is happening and when a DDoS attack is taking place. In addition, even if the victim is able to identify a few bots, they can’t stop
the attack unless they can identify all of them.

Waterhole Attack

A watering hole attack is a targeted attack designed to compromise users within a specific industry or group of users by infe cting websites
they typically visit and luring them to a malicious site. The end goal is to infect the user’s computer with malware and gain access to the
organization’s network. Watering hole attacks, also known as strategic website compromise attacks, are limited in scope as th ey rely on an
element of luck. They do however become more effective, when combined with email prompts to l ure users to websites.

How Do Watering Hole Attacks Work?

The term watering hole attack got came from the animal kingdom where predators in the wild will wait by a watering hole to at tack their prey.
Cyber attackers that are attempting opportunistic watering hole attacks for financial gain or to build their botnet can achieve their goals by
compromising popular consumer websites. But the targeted attackers that are after more than financial gains tend to focus on public websites
that are popular in a particular industry, such as an industry conference, industry sta ndards body, or a professional discussion board. Similar to
animals in the wild, hackers wait for users to visit the infected website to attack them. They will look for a known vulnerab ility on the website,
compromise the site, and infect it with their malware before they lie in wait for baited users to attack.

Attackers will even prompt users to visit the sites by sending them ‘harmless’ and highly contextual emails directing them to specific parts of the
compromised website. Often, these emails do not come from the attackers themselves, but through the compromised website’s automatic email
notifications and newsletters that go out on a constant basis. This makes detection of the email lures particularly problematic.

As with targeted website bating attacks, typically the user’s machine is transparently compromised via a drive-by download attack that provides
no clues to the user that his or her machine has been attacked. This can make defending against watering hole attacks challen ging for
organizations. Without protection against these attacks, websites can be infected for months or even years before they are detected.

Watering hole attacks have been gaining momentum in recent years. And while these bating attacks are often used for financial gain as hackers
steal personal data such as personal identifiable information (PII) and banking information, some attacks are for other reasons, such as political
motivation. Religious communities, political party websites, and the media have all been victims of recent attacks. And the v ictims of these attacks
were not only the sites they targeted but the users who visited their sites and were unwittingly compromised as well.
How Can Organizations Protect Against Watering Hole Attacks?

Organizations can protect themselves against watering hole attacks with advanced targeted attack protection solutions. Web gateways to defend
the enterprise against opportunistic drive-by downloads that match a known signature or known bad reputation can provide some detection
capability against opportunistic watering hole attacks. To defend against more sophisticated attackers, enterprises should consider
more dynamic malware analysis solutions that check for malicious behavior on the most suspicious destination websites that user’s browse to.

To protect against targeted email lures to watering hole attacks, look for an email solution that can apply similar dynamic malware analysis at the
time of email delivery and at click-time by the users. Additionally, to defend the organization effectively, the solution must provide for
mechanisms to protect the user whether or not they are on the corporate network and traversing through on-premises security controls.

How to Prevent These Attacks?

1. Conduct Periodic VAPT: Vulnerability Assessment and Penetration Testing (VAPT) this testing techniques can help user to make sure
that the security controls provide satisfactory protection against application and browser-based threats like watering hole attacks.

2. Keep the Systems Updated: the updates keep all the system’s hardware and software up-to-date including latest security updates 117 and
patches. If you can’t have done this, then weaknesses in your Trojans and Other Attacks security infrastructure and lead to cyber-attacks.

3. Be Wary of Third-party Traffic: the verified process only processed with this as the all third-party traffic, no matter where it comes
from, should be treated as untrusted until and unless it has been otherwise verified.

4. Enable MFA: always imply with the Multi-Factor Authentication (MFA) to the overall system as it secures the organization’s networks.
With this the you can reduce the impact of watering hole attacks in case the attackers manage to steal the user credentials of your
employees.

5. Establish a Cyber Resilient Work Environment: always train and educate your employees after done appointment about watering hole
attacks so they can be more vigilant during the work. Train staff with proper cyber security awareness training is the best way of creating a
cyber resilient work environment

BRUTE FORCE ATTACK

The term “brute force” define the simplistic way in which the attack takes place. The attack is held with guessing credentials to gain
unauthorized access. Primitive as they are, brute force attacks can be very effective. The attack in brute force use bots to do their bidding.
With this type of attack, the attackers will have a list of real or commonly used credentials and assign their bots to attack websites using
these credentials.

In manual brute force credential cracking is time-consuming, and this can be done through using brute force attack software and tools to
aid them. With the tools the attacker will attempt things like inputting numerous password combinations and accessing web applications by
searching for the correct session ID, among others.

How Brute Force Attacks Work

This attack is held with guessing login passwords. Brute force password cracking is done here.

For most online systems, a suggestion user to set the password is: the password should be of 8 character and it should contain at least one capital letter
one small letter and one special character. If the password is not strong or complex it can be easily guess by the attacker. a guessing of password will be
difficult for attacker if the user makes it very complex and confidential. Hence the good practice is changing the password f requently

Types of Brute Force Attacks

Brute force attack is always deals with cracking the password and gaining the access of the system. But there are some more types of
attacks are present in the brute force.

1. Rainbow Table Attacks :- Rainbow table attacks are unique as they don’t target passwords; instead, they are used to target the hash
function, which encrypts the credentials. The table is a precomputed dictionary of plain text passwords and corresponding hash values.
Hackers can then see which plain text passwords produce a specific hash and expose them. When a user enters a password, it converts
into a hash value. If the hash value of the inputted password matches the stored hash value, the user authenticates. Rainbow table
attacks exploit this process.
2. Dictionary Attack :- In this type of attack, it is having dictionary of all possible passwords and tests them all. In this the attacker will
try every possible combination, with an assumption of common passwords. The attacker builds the common password dictionary and
iterate the inputs. With the password dictionary the attacker will improve his chances of getting successful in hacking the websites.
Hence this need a large number of attempts against multiple targets.

3. Simple Brute Force Attack :- All the local file access can be gain from this type of attack, as there is unlimited access of attempts. It
can have done through passing or inputting all possible password one at a time.
4. Hybrid Brute Force Attack :- The combination of the two attacks that are dictionary and simple brute force attack is called as hybrid
brute force attack. It uses feature of dictionary attack of using an external logic, and moves on to modify passwords of simple brute
force attack. In this the attacker is having the list of possible password rather than testing every password, he will assume that the
changes in the letter and numbers to guess the password.

5. Reverse Brute Force Attack :- The reverse brute force attack flips the method of guessing passwords on its head. Rather than guessing
the password, it will use a generic one and try to brute force a username.

6. Credential Recycling:- As the name implies credential recycling is using the same credential twice, if user is not following the criteria
of setting the password and changing the password frequently it leads to use same password next time and make the attacker easier to
guess the password, as the attacker is having the possible password list with himself.

WHAT IS PHISHING ATTACK

Phishing” refers to an attempt to steal sensitive information, typically in the form of usernames, passwords, credit card num bers, bank
account information or other important data in order to utilize or sell the stolen information. By masquerading as a rep utable source with
an enticing request, an attacker lures in the victim in order to trick them, similarly to how a fisherman uses bait to catch a fish.

1. Email phishing:- In Email phishing the attacks can be done through email. The Email is sent to the user, the attacker will register a
fake domain that mimics a genuine organisation and sends thousands of generic requests. The fake domain created by the attacker
involves character substitution, like using ‘r’ and ‘n’ together with no space ‘rn’ which look exactly like ‘m’. In many of the cases, the
attacker creates a unique domain that includes the legitimate organisation’s name in the URL. The example below is sent from
‘olivia@meeshosupport.com’. The user or recipient might see the word ‘Meesho’ in the sender’s address and assume that it was a
genuine email. User should always identify the user by checking the mail sender’s address to spot a phishing email, and also check the
content of the mail in which may have a link or download an attachment.

2. Spear phishing:- Another type of email phishing is, spear phishing which describes malicious emails sent to a specific person. Here
Criminals have the following information about the victim: • Their name; • Employment place; • Title of the Job; 121 • Email address;
and• Specific information about their job role. The attacker has the above information so he addresses the individual by name, knows
that their job role involves making bank transfers on behalf of the company.

3. Whaling :- Taking aim at senior executives, who are targeted by Whaling attacks. Instead of using tricks such as fake links and
malicious URLs aren’t helpful in this instance, as criminals are attempting to imitate senior staff. This type of attack on emails also
commonly use the pretext of a busy CEO who wants an employee to do them a favour. Emails such as the above might not be as
sophisticated as spear phishing emails, but they play on employees’ willingness to follow instructions from their boss. Recipients might
suspect that something is amiss but are too afraid to confront the sender to suggest that they are being unprofessional.

4. Smishing and vishing :- Smishing and vishing both are the attack done by emails instead of telephones as the method of
communication. In Smishing attacker sending text messages (the content of which is much the same as with email phishing), whereas
in vishing attacker give a telephone call for conversation. Most common technique of smishing is sending pretexts messages
supposedly from your bank alerting you to suspicious activity. In the above example, the message contains the information about new
payee added to the account and have a link to prevent the user if he has not done that transaction it prevents the further damage. But all
the time it is not trustable however, the link directs the recipient to a website controlled by the fraudster and designed to capture your
banking details.

5. Angler phishing :- A new type of attack vector, the growing user of social media offers several ways for criminals to trap people. Fake
URLs; cloned websites, posts, and tweets; and instant messaging (which is essentially the same as smishing) can all be used to persuade
people to divulge sensitive information or download malware. Attackers are always use the data that people post on social media to
 create highly targeted attacks. The following example demonstrates; angler phishing which is often made possible due to the number of
people containing organisations directly on social media with complaints.

FAKE WAP

Fake WAP (Wireless Access Point) is a type of hacking attack in which the hacker sets up a wireless router with a convincingly legitimate
name in a public spot where people might connect to it. A fake WAP hack takes place in public spaces where there is free Wi-Fi. This includes your
local coffee shop, the airport, and shopping centers. You just download a program. In some instances, you don’t even have to download a program as
most phones already have this built into them. It is called a ‘hot spot’ in common parlance. Once a device is setup to broadcast its own Wi-Fi signal is
when the true hacking will start. Hackers will then use another tool, one which is usually built into Aircrack-NG Suite, for jamming and
deauthentication. Once the local Wi-Fi signal has been jammed or deauthenticated they can then force you to connect to the wireless access point that
they have set up. This is where problems start.

How to avoid this technique •Get the correct Wi-Fi. When you are in a public setting you will no doubt find a number of open Wi-Fi networks.
Be sure to find the person responsible for administering it before you connect. Make sure that you are connecting to an official Wi-Fi account using
the correct name. •Unique passwords. The most basic fake WAP hack can be easily thwarted by simply creating new passwords for each account. If
you can’t do that, do yourself a favor and do not connect to the wireless access point. •Using encryption. Encryption does not have to be scary. It is
just another tool that is used in today’s modern world. The easiest way to get encryption on public Wi-Fi is by using a VPN service. These tools will
automatically encrypt all of the data that you send over any Wi-Fi network. This isn’t just beneficial to protect yourself against a fake WAP, but a
number of other possible hacks and online tracking activities. •VPN blockage.You will know for certain that you do not want to be on a Wi-Fi
network when it blocks you from using a VPN. Even if it is a legitimate Wi-Fi access point, the owner still doesn’t want you to protect yourself.

•Spoofing. Another common problem is that once you connect to a Wi-Fi network it sends you to spoof websites. Again, this can be where they ask
for login details. •Auto connect. You have to turn off the auto connect on your computer. It will want to connect to the most powerful signal in your
area. A hacker can make their WAP the most powerful quite easily with a single command line

EAVESDROPPING

An eavesdropping attack occurs when a hacker intercepts, deletes, or modifies data that is transmitted between two device s.
Eavesdropping, also known as sniffing or snooping, relies on unsecured network communications to access data in transit
between devices.
The data transfer between two devices can be altered, delete or intercepts through an eavesdropping attack by hacker. Eavesdropping,
also known as sniffing or snooping, which relies on untrusted or unsecured network communications to access data in transit between
devices. The further explanation of the definition of "attacked with eavesdropping", it typically occurs when a user connects to a network
in which traffic is not secured or encrypted and sends sensitive business data to a colleague. across an open network, the data is
transmitted which gives an attacker the 123 opportunity to exploit a vulnerability and intercept it via various methods
Eavesdropping Methods

1. Pickup Device :- The Attackers get the information of the user by using devices that pick up sound or images, such as microphones
and video cameras, and convert them into an electrical format to eavesdrop on targets. As we know it is an electrical device which is run
on power consumption and set in the target room, which eliminates the need for the attacker to access the room to recharge the device or
replace its batteries. In some of the devices they have the capability of storing digital information and transmitting it to a listening post.
Sometimes attackers can also make use of mini amplifiers that enable them to remove background noise.

2. Transmission Link :- With the help of transmission link the connection between a pickup device and the attacker’s receiver can be
tapped for eavesdropping purposes. Radio frequency is used to make the transmission or a wire, which includes active or unused
telephone lines, electrical wires, or ungrounded electrical conduits. Some of the transmitters can operate continuously, but a more
sophisticated approach involves remote activation.

3. Listening Post :- A listening post is used to transmit conversations intercepted by bugs on telephones. When a user makes telephone
call or telephone is picked to take a call, it automatically triggers a recorder that is automatically turned off when the call is ended.
Listening posts are secure areas in which signals can be monitored, recorded, or retransmitted by the attacker for processing purposes. It
can be located anywhere from the next room to the telephone up to a few blocks away. The listening post will have voice-activated
equipment available to eavesdrop on and record any activity.

4. Weak Passwords :- Attacker can get the unauthorized access of user account if the passwords is week, which gives them a route enter
into corporate systems and networks. This may lead to hackers being able to compromise confidential communication channels, intercept
activity and conversations between colleagues, and steal sensitive or valuable business data.

5. Open Networks :- If the users desperately connect to open networks on which they don’t need any password or encryption techniques
to transmit data provide an ideal situation for attackers to eavesdrop. Attackers always monitor user activity and snoop on
communications that take place on the network.

Prevention techniques of Eavesdropping Attacks

1. Military-grade encryption: Encryption is one of the best ways to prevent eavesdropping attacks while doing transmission and private
conversations. This will restrict attackers' ability to read data exchanged between two parties. For example, military-grade encryption
provides 256-bit encryption, which is near impossible for an attacker to decode.
 2. Spread awareness: As much as organization spread awareness among the employees that much the environment will be secure ov er
the network. Organization should conduct the training session to train the employees about the security measures. It makes employees are
aware of the risks and dangers of cybersecurity which is a crucial first line in protecting organizations from any cyberattack.

3. Network segmentation: Organizations must do the network segmentation so that it can limit the possibilities of attackers
eavesdropping on networks by restricting their availability. this enables the limits the resources to only the people that require access to
them. For example, people on a marketing team do not require access to HR systems and people on the IT team do not need view to
financial information. Network segmentation divides the network up, which decongests traffic, prevents unwanted activity, and improves
security by preventing unauthorized access.

4. Avoid shady links: Related to spreading awareness is the need to avoid shady or untrusted links. Eavesdropping attackers can spread
malicious software that includes eavesdropping malware through shady links. Users should only download official software from trusted
resources and providers, and only download applications from official app stores.

5. Update and patch software: Attackers can also exploit vulnerabilities in software to target organizations and users. This makes it
crucial to turn on automatic updates and ensure all software is patched immediately as a new release or update is availabl e.

6. Physical security: The office spaces of the organizations can also protect their data and users through physical security measures. This
is crucial to protecting the office from unauthorized people who may drop physical bugs on desks, phones, and more.

7. Shielding: The risk of eavesdropping through computer radiation can be prevented by installing security measures and shielding. For
example, TEMPEST-protected computers enable organizations to block unintended radiation and keep their data and users secure.

MAN-IN-THE-MIDDLE (MITM) ATTACK

A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation between
a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal
exchange of information is underway. The goal of an attack is to steal personal information, such as login credentials,
account details and credit card numbers. Targets are typically the users of financial applications, SaaS businesses, e -
commerce sites and other websites where logging in is required. Information obtained during an attack could be used for
many purposes, including identity theft, unapproved fund transfers or an illicit password change.

The two main types of MITM attacks:

Active session attack :- While using internet connection two devices are communicated with each other via network, where the attacker
involve in the communication and stops the original client from communicating with the server and act as normal and collect all the
sensitive information from both the client and then replaces himself within the session

Passive session attack :- In this attack the hacker is passive in nature where he only monitors the data flowing across the network without
interrupting the actual communication as well as he is not modifying any messages, he just collect all the data which are transferred to
between the clients.

Technology involved in Man-in-the-Middle Attacks

1. Rogue Access Point :- The rough access point is the virtual point prepare through wi-fi where the computers cab be connected
automatically to wi-fi without any authorization of an administrator and introduce a security threat. By doing this the data transfer over
the network monitor by the rough access point and steal sensitive information.
2. Address Resolution Protocol (ARP) Spoofing :- ARP is a protocol where the MAC address of a particular device can be find whose
IP address is known. when two devices are connected with each other over network they also connected with the MAC address. so that
the ARP packets can be forged to connect and the hacker will intercept, modify, and drop the incoming messages.
3. Domain Name System (DNS) Spoofing :- In Domain Name System (DNS) spoofing the hacker theft sensitive data or login credentials
by distracting user from original website to fake website. In this user think that the website is trusted website and pass his login
credentials as the website is looking real. The main aim of the hacker is to divert traffic from the real site or capture user login credentials
and other data. This can be done by altering the IP addresses stored in the DNS server with the ones under the control of the attacker.
Hence when a user tries to access a particular website, they get directed to the malicious website placed by the attacker in the spoofed
DNS server.
4. Email Hijacking :- In this type of attack the attacker gain access to a user’s email account and watch communications to and from the
account. He continuously monitors the transaction or communication between the clients and when he gets opportunity he theft data or
transfer the funds from users account.
5. Internet Control Message Protocol (ICMP) :- redirection The network devices are compromised in ICMP. The router gets
compromised during the communication or transmission between the clients, the data packets are misplaced during the transaction and its
pretend to be successfully translated the message.
6. Dynamic Host Configuration Protocol (DHCP) spoofing:- DHCP dynamically assigns IP addresses while establishes the connection
between the clients. In this the attacker’s computer is issued as a DHCP server and sends forged DHCP acknowledgments to any
connecting nodes.
7. SSL stripping :- It is a secure cryptographic protocol in which the data is transferred over the secure network. In this the HTTP request
is altered by the attacker by encrypting the connection between two parties. In this the attacker intervenes in this redirection of HTTP to
HTTPS and allocates himself between the server and client. While the victim and attacker will be in an unsecured connection, the
attacker maintains an HTTPS connection with the server.

Following are some Best Practices to Stay Safe from Man-in-theMiddle Attacks For Individuals
• Always used SSL/TLS secure website for doing any transformation of message.
• Every secure website has its SSL certificate which is active and issued by a trusted certificate authority. Ensure that while using it.
• Freely available VPNs or proxy servers has virus. Be alert while using it. • Always update the latest version of your web b rowser.
• Don’t connect your devices with free wireless hotspots in public locations such as coffee shops, hotels or airports.
• While using public Wi-Fi hotspots, don’t enter any sensitive data like account credentials and try to avoid downloads and online
payments.
• Use Bluetooth connection very carefully

BUFFER OVERFLOW
Buffer is sequential sections of computing memory that hold data temporarily as it is transferred between locations. It is also called as
buffer overrun. When the amount of data storage is exceeded with memory and there is no space for upcoming data, to handle this
situation the buffer overflow concept is used, as it holds the extra sequential data into adjacent memory location and as and when it
requires it passes to the process.

Buffer Overflow Attack

When attacker needs to manipulate the coding error to carry out malicious actions and compromise the affected system he is altering the
application’s execution path and overwrites elements of its memory, which amends the program’s execution path to damage existing files
or expose data. It is typically involves violating programming languages and overwriting the bounds of the buffers they exist on.
Types of Buffer Overflow Attacks
1. Stack-based buffer overflows: in this type of attack, the attacker sends data containing malicious code to an application, which stores
the data in a stack buffer. In this the buffer overwrites the data on the stack, including its return pointer, which hands control of transfers
to the attacker.
2. Heap-based buffer overflows: A heap-based attack is more difficult to carry out than the stack-based approach. It involves the attack
flooding a program’s memory space beyond the memory it uses for current runtime operations.
3. Format string attack: A format string exploit takes place when an application processes input data as a command or does not validate
input data effectively. This enables the attacker to execute code, read data in the stack, or cause segmentation faults in the application.
This could trigger new actions that threaten the security and stability of the system.
Preventions against Buffer Overflows
While developing the application using a security measures into the code of the program, also using built in protection while choosing
programming language and always test the code for detecting the errors and also fix the same and rerun the code.
While writing code avoid using standard library functions that have not been bounds-checked, which includes gets, scanf, and strcpy as
they have memory bound. Always write a code in modern operating system and deploy runtime protection that enables additional
security against buffer overflows with the following techniques.
1. Address space layout randomization (ASLR): the executable code location is accessed by this address and moves at random around
locations of data regions to randomize address spaces, which makes overflow attacks almost impossible.
2. Data execution prevention: This method prevents an attack from being able to run code in non-executable regions by flagging areas of
memory as executable or non-executable.
3. Structured exception handling overwrite protection (SEHOP): Attackers may look to overwrite the structured exception handling
(SEH), which is a built-in system that manages hardware and software exceptions.

DNS POISONING
DNS poisoning is a hacker technique that manipulates known vulnerabilities within the domain name system (DNS). When it's com pleted, a
hacker can reroute traffic from one site to a fake version. And the contagion can spread due to the way the DNS works.
DNS poisoning is a type of spoofing attack in which hackers impersonate another device, client or user. This disguise then ma kes
it easier to do things like intercept protected information or interrupt the normal flow of web traffic.
In a DNS cache poisoning attack, hackers alter a domain name system (DNS) to a “spoofed” DNS so that when a legitimate user
goes to visit a website, instead of landing on their intended destination they actually end up at an entirely different site. Usually,
this happens without users even knowing, as the fake sites are often made to look like the real ones.
Think of it like telling someone you live at a certain address and then going to that neighborhood and changing around all of the
street names and house numbers so that they actually end up in at the wrong address or a completely different house.
 Once the attack is underway, diverting traffic to the illegitimate server, hackers can then accomplish malicious activities l ike a
man in the middle attack (e.g. stealing secure login information for bank websites), installing a virus onto visitors’ comput ers to
cause immediate damage, or even installing a worm to spread the damage to other devices.
HOW DNS POISONING WORKS:-
Every device and server has a unique internet protocol (IP) address, which is a series of numbers used as identifiers in comm unications. Every
website has a domain name (e.g. www.keyfactor.com) that sits on top of that to make it easy for internet users to visit the websites they want.
The domain name system (aka DNS) then maps the domain name that users enter to the appropriate IP address to properly route their traffic,
all of which gets handled through DNS servers.
DNS poisoning takes advantage of weaknesses in this process to redirect traffic to an illegitimate IP address. Specifically, hackers gain access to
a DNS server so that they can adjust its directory to point the domain name users enter to a different, inco rrect IP address.
Once someone gains access to a DNS server and begins redirecting traffic, they are engaging in DNS spoofing. DNS cache poisoning takes this
one step further. When DNS cache poisoning happens, a user’s device places the illegitimate IP address in its cache (aka memory). This means
that the device will automatically direct the user to the illegitimate IP address — even after the issue is resolved.
The biggest weakness that allows this type of attack to occur is the fact that the entire system for routing web traffic was built more for scale
than for security. The current process is built on what’s called the User Datagram Protocol (UDP), a process that does not require senders or
recipients to verify they are ready to communicate or verify who they are. This vulnerability allows hackers to fake identity information (which
requires no additional verification) and step into the process to start redirecting DNS servers.
While this is absolutely an enormous vulnerability, it is not as simple as it sounds. To pull this off effectively, a hacker must respond to a request
within a few milliseconds before the legitimate source kicks in and include in their response detailed information like the port the DNS resolver
is using and the request ID number.
What Are the Risks of DNS Poisoning?
Data Theft
An attacker can have the user redirected to a phishing website that can collect the user’s private information. When the user enters it, it gets
sent to the attacker, who can then use it or sell it to another criminal.
Malware Infection
A cyber criminal may have the user sent to a website that infects their computer with malware. This can be done through drive-by
downloads, which automatically put the malware on the user’s system or through a malicious link on the site that installs mal ware, such as
a Trojan virus or a botnet.
Halted Security Updates
An attacker can spoof an internet security provider’s site. This way, when the computer attempts to visit the site to update its security, it will
be sent to the wrong one. As a result, it does not get the security update it needs, leaving it exposed to attacks.
Censorship
Censorship can be executed via manipulation of the DNS as well. For instance, in China, the government changes the DNS to mak e sure
only approved websites can be viewed within China.

ARP Poisoning
ARP Poisoning (also known as ARP Spoofing) is a type of cyber attack carried out over a Local Area Network (LAN) that involves
sending malicious ARP packets to a default gateway on a LAN in order to change the pairings in its IP to MAC address table. ARP
Protocol translates IP addresses into MAC addresses. Because the ARP protocol was designed purely for efficiency and not for security,
ARP Poisoning attacks are extremely easy to carry out as long as the attacker has control of a machine within the target LAN or is directly
connected to it.

The attack itself consists of an attacker sending a false ARP reply message to the default network gateway, informing it that his or her
MAC address should be associated with his or her target's IP address (and vice-versa, so his or her target's MAC is now associated with the
attacker's IP address). Once the default gateway has received this message and broadcasts its changes to all other devices on the network,
all of the target's traffic to any other device on the network travels through the attacker's computer, allowing the attacker to inspect or
modify it before forwarding it to its real destination. Because ARP Poisoning attacks occur on such a low level, users targeted by ARP
Poisoning rarely realize that their traffic is being inspected or modified. Besides Man-in-the-Middle Attacks, ARP Poisoning can be used
to cause a denial-of-service condition over a LAN by simply intercepting or dropping and not forwarding the target's packets.
Ways to Protect from ARP Poisoning
1. Understand the Spoofing Process:- First hacker find out the MAC address with the IP address of a legitimate computer or server to
sends a false ARP message over a local network, and can start receiving data that was intended for the seemingly-legitimate IP address.
Now you can monitor the abnormal activity on your server and try to determine what information the hacker is targeting. With this
continue monitor process one can get clues what type of data might be vulnerable to any attack, not just ARP spoofing.
2. Identify the Spoofing Attack :- Now the main thing is to find out what kind of attack is targeting your device after knowing how ARP
spoofing works and what to look for, it’s also crucial to identify. The similar attack process is always following through the ARP spoofing;
they can vary in how they access your devices. After determining the experience of attack one can identify the best course for prevention
and resolution. There are 3 types of attack can make your system destroy.
3. Rely on Virtual Private Networks :- One way to prevent ARP spoofing is to rely on Virtual Private Networks (VPNs) to work on
confidential data. Connect always with VPN rather than Internet Service Provider (ISP) in order to connect to website, as when you use a
VPN, you’re using an encrypted tunnel that largely blocks your activity from ARP spoofing hackers. If any user travel frequently avoid
using public WiFi hotspots while working with sensitive information or data, always use VPN.
4. Use a Static ARP :- Making the static ARP entry in your server can help reduce the risk of spoofing. If the organization is having
regular client with whom they regularly communicate, in such cases setting up a static ARP entry creates a permanent entry in your ARP
cache that can help add a layer of protection from spoofing. A CISCO router can help determine the ARP spoofing event is occurring with
the help of ARP information.
5. Get a Detection Tool:- Use of detection tool is even more preventing method rather than having the knowledge and techniques of
ARP spoofing, as it will not always help to detect a spoofing attack. Always focusing of prevention doesn’t give the result hence; make
sure you have a detection method in place. With the detection tool spoofing attack is finding early and you can work on stopping its tracks.
6. Avoid Trust Relationships :- You can also add one extra layer of security by using the on private logins and passwords to identify users
rather than rely on IP trust relationships that automatically connect to other devices to play a role of transmit and share information.
Because when the connection is established with another machine through IP addresses, it’s easy for a hacker to infiltrate and spoof your
ARP.
7. Set-Up Packet Filtering :- In some cases ARP attackers will send ARP packets across the LAN that contain an attacker’s MAC address
and the victim’s IP address. After the packet has sent, an attacker can start receiving data or wait and remain relatively undetected as they
ramp up to launch a followup attack. Packet filtering and inspection deals with cache poisoned packets before they reach their destination.
8. Look at Your Malware Monitoring Settings :- The antivirus and malware tools are also very helpful in preventing attacks against ARP
spoofing. Always keep eye on the setting of malware monitoring and look for categories and selections that monitor for suspicious ARP
traffic from endpoints. You should also enable any ARP spoofing prevention options and stop any endpoint processes that send suspicious
ARP traffic.

IDENTITY THEFT

Identity theft is the crime of obtaining the personal or financial information of another person to use their identity to com mit
fraud, such as making unauthorized transactions or purchases. Identity theft is committed in many different ways and its
victims are typically left with damage to their credit, finances, and reputation.
Types of Identity
Theft Identity theft is always deals with the user’s personal information like login credentials which is unavoidable in today’s day in age.
Following are some common forms of identity theft and steps you can take to mitigate your risk.
1. Financial Identity Theft :- Financial identity theft is the most common type of identity theft. It always deals with the financial
information of the user like credit card or debit card or some virtual card like gift card, vouchers etc. In this hacker will always claiming
the credit card information and try to alter the credit score of the targeted user. This can be damaging to a victim’s credit score and their
ability to get a loan in the future. In 2014, identity thieves stole $16 billion from 12.7 million identity fraud victims, according to Javelin
Strategy & Research.
2. Medical Identity Theft :- Medical identity theft occurs when the hackers get the information details of someone who has the insurance or
mediclaims. He uses another individual’s personally identifiable information to fraudulently obtain medical service, prescription drugs or
medical insurance coverage. Users should always make the information related to the medical history or insurance confidential. So that
noon will get the benefit of yours sensitive data. As he pretends to be the patient and taking all the advantages provided by the insurer.
3. Criminal Identity Theft :- This type of theft can be done through the criminal by giving the false information to police at the time they
are arrested. For that they use state-issued identity documents or credentials that they have stolen from someone else, or they have simply
created a fake ID. If this type of fraud works, the criminal charges could be filed against the identity theft victim, and the real criminal may
be off the hook.
4. Child Identity Theft :- This type of theft done with the minor people who are dependent on their parent. This can be done though the
minor’s personal information like child’s age, name or birth date. In many cases, some parents are having the habit of keeping password of
child name or birth date hence the attacker gets the information of child and do the theft. This type of fraud can not detect early as most
children don’t discover the problem until they become adults.
5. Identity Cloning & Concealment :- This identity cloning makes the person’s double role in the real world like happens in movies. They
clone the identity of someone simply hide their true identity. These may be people who are hiding from creditors, illegal immigrants, or
people who just want to become “anonymous” for other reasons. In some cases they search the identity like the same as they have and do
the photo morphing n social media and act as they are the real one.
6. Synthetic Identity Theft :- Synthetic identity theft is a type of identity theft where identities are completely or partially fabricated. This
usually means the thief combines a real Social Security number with a name and birthdate that don’t match those listed with the number.
Synthetic identity theft is sometimes more difficult to recognize because it usually doesn’t show up on the victim’s credit report directly.
Often, the credit report becomes a completely new file with the credit bureau or possibly as a sub-file on just one of the victim’s credit
reports. The primary victim of synthetic identity theft is the creditors who grant the lines of credit. Individual victims are usually affected if
their name gets confused with a synthetic identity, or if negative information in a credit report sub-file damages their credit score.
What are IoT attacks?
IoT devices are manufactured to fulfill the general needs of an organization; therefore, they lack strict security protocols. Attackers have been
using this advantage to break into the system of an organization through any of the weak IoT devices.
IoT attacks are cyber-attacks that gain access to users' sensitive data with the help of any IoT device. Attackers usually install malware on the
device, harm the device, or gain access to further personal data of the company.
For instance, an attacker may gain access to an organization's temperature control system through a security loophole in any IoT device. He can
then influence the temperature of the rooms connected to the appropriate device.
What are the different types of IoT attacks?
Some of the most common IoT attacks have been listed below:

• Physical tampering: Hackers can access the physical location of the devices and easily steal data from them. In addition, they can install
malware on the device or break into the network by accessing the ports and inner circuits of the device.
• Eavesdropping: The attacker can use a weak connection between the server and an IoT device. They can intercept the network traffic and
gain access to sensitive data. Using an eavesdropping attack, the intruder can also spy on your conversations using the data of the microphone
and camera IoT device.
• Brute-force password attacks: Cybercriminals can break into your system by trying different combinations of common words to crack the
password. Since IoT devices are made without security concerns in mind, they have the simplest password to crack.
• Privilege escalation: Attackers can gain access to an IoT device by exploiting vulnerabilities, such as an operating system oversight,
unpatched vulnerabilities, or a bug in the device. They can break into the system and crawl up to the admin level by further exploiting
vulnerabilities and gaining access to the data that can be helpful for them.
• DDoS: Zombified IoT devices and botnets have made DDoS attacks easier than before. It is when a device is made unavailable to the u ser due
to an immense traffic flow.
• Man-in-the-middle attack: By exploiting insecure networks, cybercriminals can access the confidential data being passed by the device to
the server. The attacker can modify these packets to disrupt communication.
• Malicious code injection: Cybercriminals can exploit an input validation flaw and add malicious code to that place. The application can run
the code and make unwanted changes to the program

BOT and BOTNETS do from book

STEGANOGRAPHY

Steganography is a way of keeping information secret or media to avoid detection. It comes from the Greek words steganos, whi ch means “covered”
or “hidden,” and graph, which means “to write.” Hence, “hidden writing.” With the help of steganography we can hide text, video, images, or even
audio data. It’s a one type of data abstraction where we will give access to the user as per their requirement not the hoe document. Although the
technique is used in data structure where we can hide data from user. Hence it is used in cyber security to protect the data from the unauthorized
user.
Steganography categorized into five types:
• Text Steganography:- In this type of steganography it makes use of white spaces, capital letters, tabs, and other characters to hide
data.
● Audio Steganography:- Audio steganography is deals with digital audio formats which is used by audio manager like WAVE, MIDI,
and AVI MPEG, using echo hiding, parity coding, and LSB coding, to name a few.
• Video Steganography:- Video steganography making use of video formats like H.264, Mp4, MPEG, and AVI to hide data. And also it
employs pictures to carry concealed data.
• Image Steganography :- In this type the tool which is used is pixel intensities to hide information.
• Network Steganography :- Network protocols use TCP, UDP, and IP as carriers

STEGANOGRAPHY TECHNIQUES
1. Secure Cover Selection :- Secure Cover Selection comes with finding the correct block of image to carry malware to destroy the
data. After this the hackers always compare their chosen image medium with the malware blocks. If an image block is exactly matches
with the malware, the hackers use that image block to fit it into the carrier image, then he will create an identical image infected with
the malware. This image subsequently passes quickly through threat detection methods.
2. Least Significant Bit:- The technique is look like put-down action, however, in this scenario the grayscale is considered as well as it
refers to pixels. When the image is readable at that time the grayscale image pixels are distributed into eight bits, and the last bit, the
eighth one, is called the Least Significant Bit. And this bit is used by hackers to embed malicious code because the overall pixel value
will be reduced by only one, and this small change cannot be guess by human and the difference in the image cannot be detected. So,
the normal user doesn’t know about the image is carrying something dangerous within.
3. Palette-Based Technique :- It is just like the Least Significant Bit technique, in this Palette-Based Technique it basically relies on
images. Hackers embed their message with image in palette-based with using extensions such as GIF, making it difficult for
cybersecurity threat hunters or ethical hackers to detect the attack.

TYPES OF SOCIAL ENGINEERING

1)Physical social engineering

Social engineering is the term used for a broad range of malicious activities accomplished through human interactions.
It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information .
The fake IT guy
This i s where a h acke r sh ows u p at y ou r wo rkpl ace p retend ing to be an IT tec hni ci an, t here t o che ck a
comp ute r, ser ver, p ri nte r or othe r netw ork de vi ce. Man y sm ar t devi ce s aut omat ic all y ‘ cr y f or he lp’ when
they need m ain tena nce, wh ich give s these k ind s of att ack s pla us ibi lit y.

Sometime s these atta cke rs wi ll gi ve fake seri al o r dev ice n umbe rs to lend c reden ce to t hei r vi sit . And
somet imes t hat wi ll be en oug h to le t them th rou gh. M ost com pan ies will r un a che ck on the nu mber s fi rs t,
but wha t i f the at ta cker has d one s ome ‘dump ste r div ing’ be fore han d? If they’ ve wa ded th ro ugh y ou r
comp any’ s ru bbi sh sk ips and fou nd leg iti mate se ria l an d devi ce nu m bers o n di sca rded boxes , they’ l l be
able to pas s yo ur f ir st te st. And i f it’ s the o nly test requi red, they’ re in.

Tailgating
Tailga tin g is w here an una uth or ised pe rso n fo ll ows an aut ho rised per son i nto a sec ure a rea. Th is
happen s na tu ral ly when mul tip le people p ass th rou gh d oor s. The pe r son a t the f ro nt sw ipes a n ID c ard or
taps in a c ode an d the pe rs on beh ind fol lows th rou gh th e open d oo r, enteri ng t he area w ith out hav ing
presen ted an y kin d of iden tif ic ati on. T his is mo st l ikel y to h appen in r esident ial bui ldi ngs, but happe ns
freq uentl y in co mmer cia l bu ild ing s to o.

The ‘coffee trick’

The ‘coffee t ri ck’ is a mo re sop his ti cated fo rm o f ta ilga ti ng. It’ s whe re an una uth or ised pe rs on h old ing a
cup o f c of fee in eac h ha nd wal ks t owar ds a n of fi ce doo r. A n un su spe cti ng per so n pas sin g th ro ugh or
walkin g nea rby w ill, w ant ing t o be hel pfu l, h old i t open fo r the m. Vo il a, the at ta cker h as a cces s. Th is i s
cla ssi c so ci al eng ineer ing —p reyi ng o n peop le’ s pr ocl iv ity fo r kin dnes s.

Shoulder surfing

This i s as i t so und s: wa tc hin g the u nsu spec tin g vi cti m whi le they’ re enter ing p assw ord s an d ot her
sensi tive i nf orm ati on . B ut i t does n’t ha ve to be a t cl ose r ange —li tera ll y loo kin g ove r thei r s hou lder . It
cou ld be f rom a di stan ce — us ing b ino cu la rs o r hi dden c amer as .

Dumpster diving

As ment ione d earl ier, dump ste r div ing is whe re att acke rs g o th ro ugh you r co mpa ny’ s rubb is h ski ps
look ing fo r do cumen ts con tai nin g sens it ive o r co nf ident ial inf or mat io n. They t hen u se thi s in fo rma tio n to
gain a cce ss t o yo ur com pan y.

Theft of documents
This c an h appen if y ou lea ve pape rs a nd do cu ments ly ing a ro und a n d a vis ito r t o yo ur b ui ldi ng sees
somet hin g they sho uld n’t. O r wo rse, the y stea l the d oc umen t on t hei r way th rou gh.

Remote Social Engineering Test

Remote Social Engineering is ideally performed on a semi-annual basis to provide an accurate representation of your employees’ security
awareness. It includes a wide range of attacks, each specially designed to give important information on employee reactions.
There are several options for remote social engineering:
Option 1: Phone-based Phishing:- Digital Defense will place calls to your internal staff members and, upon request, to your suppliers to
assess their security awareness. We specifically attempt to obtain information that could be used to gain unauthorized or falsely
authorized access to your network resources or data.

Option 2: Vishing :- Digital Defense will send targeted emails with an action request for the user to call a local number for more
information. Digital Defense answers the call and conducts social engineering (i.e. “vishing”). We specifically attempt to obtain
information that could be used to gain unauthorized or falsely authorized access to your network resources or data.

Option 3: Web-based Phishing :- In this Digital Defense the hacker will send targeted emails with an action request for the user to visit a
website which is designed to elicit sensitive information (i.e. phishing). This method involves creating a custom website whi ch looks and
feels like your intranet or public site and then capturing the input provided.

Option 4: Email-based Phishing :- In this Digital Defense the hacker will send email to targeted employees with an action request for the
user to reply back to the message with information (i.e. phishing). Data is then captured and analyzed for sensitivity
USB Drops (physical initiation and remote analysis) :- With the help of USB drives digital defense check and load the data with custom-
developed software that, when inserted into a computer, will auto run and transmit the username, hostname, and IP address in a secure
fashion to Digital Defense. The aim is to determine how susceptible staff are to opening these USB drives. Digital Defense will report on
the number of incidents of users running this software, the associated user name, system name, and IP address.

HYBRID SOCIAL ENGINEERING ATTACK

Now a days, Fraud phone calls are increasing day by day and gets high popularity. They create these bogus “bank’ calls is to get and
utilize personal identification information stolen using malware to give fraudsters credibility with this they collect the missing
information required to success their scams.
The general phenomenon of stealing data using is can be done through one channel such as the web and making use of different channel
or context such as social engineering attacks. To get defend against the new wave of hybrid attacks requires both technology ae used such
as to detect malware and vigilance from the users of online services.
In old days Traditional financial malware fraud can be done through by starting identifying the targeted bank and learning how their
online banking service operations are performed. Once all the information get by fraudsters they do the study and understand the online
banking flows and security Trojans and Other Attacks processes, a fraudulent aim is to design and prepare corresponding malware attack
with configuration. At the last, the bank clients are infected with the malware and fraud starts its execution sequence.
In the other forms of financial malware the fraud work in reverse order. Here the maware is first infect in the victims’ machines and
malware logs online activity and banking credentials, and then the fraudsters use that credential data fished from malware logs to access
online banking sites and perpetrate fraud.
However, the problem with this method is, in many cases, the data collected by the malware is insufficient to commit the actual fraud:
The one time password (OTP) authentication credentials originally collected are no longer valid
Banks require Transaction Signing to transfer money
Additional authentication data is required by the bank when logging in from a new IP address.
The professional caller services are used by attackers to obtain the missing data required to make a successful online fraud. They may
prepare or train their staff to do the advertisement offers a phone service with professional callers, fluent in English and European
languages, who can impersonate male and female, as well as old and young voices. As per the customer requirement these hackers were
giving calls to private customers, banks, shops, post offices and any other organisations. They’ll also going to prepare the spoof phone
numbers to accept calls in case victims should want to call back for any reason. Although the actual caller’s scripts are not shared in the
forum advertisement we can imagine scripts used to collect the missing data would look something like:
1: Caller establishing credibility :- In this step the hacker is having the basic information of the user as the hacker gain data by the
malware to gain credibility, for example the hacker will ask “Are you John Smith, living at their address, with credit card n umber ending
with 2345?”
Step 2: Caller collects missing data Once the caller has established credibility, they will go on to collect:
a) The SMS OTP – for example “you just get one OTP via SMS can you give me that OTP so that we can make sure you are John
Smith, or can you please read it for me?”
b) Collect other additional authentication information from the user such as “to verify you, can you please give me the last four digits of
your card number?”
c) They can also demand the user to generate a transaction signing code with fraudulent payee and amount information, for example “We
need to calibrate your transaction signing reader so could you please enter the following details online and then tell us what happens