CYBERSECURITY

CONCEPTS
& COMMON ATTACK TYPES
BISF 2107 BSD 2206 BAC 2209
What is Cyber Security?
Cyber Security is the technique of protecting internet-connected
systems such as computers, servers, mobile devices, electronic systems,
networks and data from malicious attacks.
Cyber Security are the processes and practices designed to protect
networks, devices, programs and data from attack, theft, damage,
modification or unauthorized access."
Cyber Security is the set of principles and practices designed to protect
computing resources, online and offline information against threats.
Cybersecurity is the concept of protecting information and technology
systems from attacks, damages or unauthorized access.
Cont…
We can divide cybersecurity into two parts one is cyber, and the other is
security.
Cyber refers to the technology that includes systems, networks, programs,
and data.
& security is concerned with the protection of systems, networks,
applications, and information. In some cases, it is also called electronic
information security or information technology security.
A cyber attack is when an individual or an organization deliberately and
maliciously attempts to breach the information system of another individual
or organization. While there is usually an economic goal, some recent
attacks show destruction of data as a goal.
Cybersecurity Challenges
CYBERCRIME
What is Cybercrime?
It is an unlawful action against any person using a computer, its
systems, and its online or offline applications. It occurs when
information technology is used to commit an offense.
However, the act is only considered Cybercrime if it is intentional and
not accidental.
Cybercrime also refers to all the activities done with criminal intent in
cyberspace. Because of the anonymous nature of the internet,
criminals engage in a variety of criminal activities.
Cybercrime can be committed against an individual or a group; it can
also be committed against government and private organizations.
It may be intended to harm someone’s reputation, physical harm, or
even mental harm.
However, the largest threat of cybercrime is on the financial security
of an individual as well as the government.
Cybercrime causes loss of billions of USD every year.
Types of Cybercrime
Cybercrime can occur in various ways. Here, is some most common cybercrime attack mode:
Hacking: It is an illegal practice by which a hacker breaches the computer’s security system of
someone for personal interest.
Unwarranted mass-surveillance: Mass surveillance means surveillance of a substantial fraction
of a group of people by the authority especially for the security purpose, but if someone does it
for personal interest, it is considered as cybercrime.
Child pornography: It is one of the most heinous crimes that is brazenly practiced across the
world. Children are sexually abused and videos are being made and uploaded on the Internet.
Child grooming: It is the practice of establishing an emotional connection with a child especially
for the purpose of child-trafficking and child prostitution.
Software Piracy: Theft of software by illegally copying genuine programs or counterfeiting. It
also includes the distribution of products intended to pass for the original.
Cont…
Denial Of Service Attack: In this cyberattack, the cyber-criminal uses
the bandwidth of the victim’s network or fills their e-mail box with
spammy mail. Here, the intention is to disrupt their regular services.
Phishing: Phishing is a technique of extracting confidential
information from the bank/financial institutional account holders by
illegal ways.
Spoofing: It is an act of getting one computer system or a network to
pretend to have the identity of another computer. It is mostly used to
get access to exclusive privileges enjoyed by that network or
computer.
Cont…
 Copyright infringement: If someone infringes someone’s
protected copyright without permission and publishes that with
his own name, is known as copyright infringement.
 Money laundering: Illegal possession of money by an individual
or an organization is known as money laundering. It typically
involves transfers of money through foreign banks and/or
legitimate business. In other words, it is the practice of
transforming illegitimately earned money into the legitimate
financial system.
Cyber-extortion: When a hacker hacks someone’s email server, or
computer system and demands money to reinstate the system, it is
known as cyber-extortion.
 Cyber-terrorism: Normally, when someone hacks government’s
security system or intimidates government or such a big organization
to advance his political or social objectives by invading the security
system through computer networks, it is known as cyber-terrorism.
ATTACKS
We may face attacks from a wide variety of approaches and angles.
When we look at what exactly makes up an attack, we can break it
down according to the type of attack that it represents, the risk the
attack represents, and the controls we might use to mitigate it.
Categories of Attacks
When we look at the types of attacks we might face, we can
generally place them into one of four categories: interception,
interruption, modification and fabrication.
Each category can affect one or more of the principles of the CIA
triad.
Additionally, the lines between the categories of attack and the
particular effects they can have are somewhat blurry. Depending on
the attack in question, we might argue for it to be included in more
than one category, or have more than one type of effect.
INTERCEPTION
Interception attacks allow unauthorized users to access our data, applications, or
environments and are primarily an attack against confidentiality. Interception might take the
form of unauthorized file viewing or copying, eavesdropping on phone conversations, or
reading e-mail, and can be conducted against data at rest or in motion.
Properly executed, interception attacks can be very difficult to detect.

INTERRUPTION
Interruption attacks cause our assets to become unusable or unavailable for our use, on a
temporary or permanent basis. Interruption attacks often affect availability but can be an
attack on integrity as well. In the case of a DoS attack on a mail server, we would classify this
as an availability attack. In the case of an attacker manipulating the processes on which a
database runs in order to prevent access to the data it contains, we might consider this an
integrity attack, due to the possible loss or corruption of data, or we might consider it a
combination of the two.
We might also consider such a database attack to be a modification attack rather than an
interruption attack.
 MODIFICATION
Modification attacks involve tampering with our asset. Such attacks might primarily be
considered an integrity attack but could also represent an availability attack. If we access a file in
an unauthorized manner and alter the data it contains, we have affected the integrity of the data
contained in the file. However, if we consider the case where the file in question is a
configuration file that manages how a particular service behaves, perhaps one that is acting as a
Web server, we might affect the availability of that service by changing the contents of the
file. If we continue with this concept and say the configuration we altered in the file for our Web
server is one that alters how the server deals with encrypted connections, we could even make
this a confidentiality attack.

 FABRICATION
Fabrication attacks involve generating data, processes, communications, or other similar
activities with a system. Fabrication attacks primarily affect integrity but could be considered an
availability attack as well. If we generate spurious information in a database, this would be
considered to be a fabrication attack. We could also generate e-mail, which is commonly used as
a method for propagating malware, such as we might find being used to spread a worm. In the
sense of an availability attack, if we generate enough additional processes, network traffic, e-
Common Types of Cybersecurity Attacks
1. Malware
The term “malware” encompasses various types of attacks including spyware,
viruses and worms. Malware uses a vulnerability to breach a network when a user
clicks a “planted” dangerous link or email attachment, which is used to install
malicious software inside the system.
Malware and malicious files inside a computer system can:
 Deny access to the critical components of the network
 Obtain information by retrieving data from the hard drive
 Disrupt the system or even rendering it inoperable
Malware is so common that there is a large variety the most common types being:
Viruses—these infect applications attaching themselves to the initialization
sequence. The virus replicates itself, infecting other code in the computer
system. Viruses can also attach themselves to executable code or associate
themselves with a file by creating a virus file with the same name but with
an .exe extension, thus creating a trap which carries the virus.
Trojans—a program hiding inside a useful program with malicious
purposes. It doesn’t replicate itself and they are commonly used to
establish a backdoor to be exploited by attackers.
Worms— They are self-contained programs that propagate across
networks and computers. Worms are often installed through email
attachments, sending a copy of themselves to every contact in the infected
computer email list. They are commonly used to overload an email server
and achieve a denial-of-service attack.
Ransomware—a type of malware that denies access to the victim
data, threatening to publish or delete it unless a ransom is paid.
Advanced ransomware uses crypto viral extortion, encrypting the
victim’s data so that it is impossible to decrypt without the decryption
key.
Spyware—a type of program installed to collect information about
users, their systems or browsing habits, sending the data to a remote
user. The attacker can then use the information for blackmailing
purposes or download and install other malicious programs from the
web.
2. Phishing
Phishing attacks are extremely common and involve sending mass amounts of fraudulent emails to
unsuspecting users, disguised as coming from a reliable source.
The fraudulent emails often have the appearance of being legit, but link the recipient to a malicious
file or script (payload), designed to grant attackers access to your device to control it or gather recon,
install malicious scripts/files, or to extract data such as user information, financial info, and more.
Phishing attacks can also take place via social networks and other online communities, via direct
messages from other users with a hidden intent.
There are several different types of phishing attacks, including:
 Spear Phishing—targeted attacks directed at specific companies and/or individuals.
 Whaling—attacks targeting senior executives and stakeholders within an organization.
 Pharming—leverages DNS cache poisoning to capture user credentials through a fake login landing
page.
Phishing attacks can also take place via phone call (voice phishing) and via text message (SMS
phishing).
3. Man-in-the-Middle (MitM) Attacks
Occurs when an attacker intercepts a two-party transaction, inserting
themselves in the middle. From there, cyber attackers can steal and
manipulate data by interrupting traffic.
This type of attack usually exploits security vulnerabilities in a
network, such as an unsecured public Wi-Fi, to insert themselves
between a visitor’s device and the network.
The problem with this kind of attack is that it is very difficult to
detect, as the victim thinks the information is going to a legitimate
destination. Phishing or malware attacks are often leveraged to carry
out a MitM attack.
4. Denial-of-Service (DOS) Attack
DOS attacks work by flooding systems, servers, and/or networks with
traffic to overload resources and bandwidth. This result is rendering
the system unable to process and fulfill legitimate requests. In
addition to denial-of-service (DoS) attacks, there are also distributed
denial-of-service (DDoS) attacks.
A DDoS attack is launched from several infected host machines with
the goal of achieving service denial and taking a system offline, thus
paving the way for another attack to enter the network/environment.
5. SQL Injections
This occurs when an attacker inserts malicious code into a server
using server query language (SQL) forcing the server to deliver
protected information.
This type of attack usually involves submitting malicious code into an
unprotected website comment or search box. Secure coding practices
such as using prepared statements with parameterized queries is an
effective way to prevent SQL injections.
6. Zero-day Exploit
A Zero-day Exploit refers to exploiting a network vulnerability when it
is new and recently announced, before a patch is released and/or
implemented.
Zero-day attackers jump at the disclosed vulnerability in the small
window of time where no solution/preventative measures exist.
Thus, preventing zero-day attacks requires constant monitoring,
proactive detection, and agile threat management practices.
7. Password Attack
Passwords are the most widespread method of authenticating access to a secure
information system, making them an attractive target for cyber attackers. By
accessing a person’s password, an attacker can gain entry to confidential or critical
data and systems, including the ability to manipulate and control data/systems.
Password attackers use a myriad of methods to identify an individual password,
including using social engineering, gaining access to a password database, testing the
network connection to obtain unencrypted passwords, or simply by guessing,
“brute-force attack.”
A brute-force attack employs a program to try all the possible variants and
combinations of information to guess the password.
Another common method is the dictionary attack, when the attacker uses a list of
common passwords to attempt to gain access to a user’s computer and network.
Account lockout best practices and two-factor authentication are very useful at
preventing a password attack.
8. Cross-site Scripting (XSS attack)
A cross-site scripting attack sends malicious scripts into content from
reliable websites.
The malicious code joins the dynamic content that is sent to the
victim’s browser.
Usually, this malicious code consists of JavaScript code executed by
the victim’s browser.
9. Rootkits
Rootkits are installed inside legitimate software, where they can gain
remote control and administration-level access over a system.
The attacker then uses the rootkit to steal passwords, keys, credentials
and retrieve critical data.
Since rootkits hide in legitimate software, once you allow the program
to make changes in your OS, the rootkit installs itself in the system
(host, computer, server, etc.) and remains dormant until the attacker
activates it or it’s triggered through a persistence mechanism.
Rootkits are commonly spread through email attachments and
downloads from insecure websites.
10. Internet of Things (IoT) Attacks
While internet connectivity across almost every imaginable device
creates convenience and ease for individuals, it also presents a
growing—almost unlimited—number of access points for attackers to
exploit and wreak havoc.
The interconnectedness of things makes it possible for attackers to
breach an entry point and use it as a gate to exploit other devices in
the network.
Safety tips
 Use antivirus software
 Insert firewalls, pop up blocker
 Uninstall unnecessary software
 Maintain backup
 Check security settings
 Use secure connection
 Open attachments carefully
 Use strong passwords & don’t give personal information
• Thank you