Where Do Cyber Threats Come

From?
An assault on an IT asset, network, intellectual
property, or any other type of sensitive data may
also be classified as a "cyber-threat" which
describes the potential of an attack to take place.
Cyber threats may come from within an
organization's network as well as from unidentified
parties in other countries.
Numerous actors pose a danger to the internet, including the following:

• Hostile Nation-States
• Terrorist Groups
• Corporate Spies and Organized Crime Organizations
• Hacktivists
• Disgruntled Insiders
• Hackers
• Natural Disasters
• Accidental Actions of Authorized Users
Cyber Squatting
• To register and use domain names that resemble trademarks
and service marks without authorization from the trademark
owners is a criminal offence
• Squatting on another's trademark in bad faith is known as
"cybersquatting," and it involves registering, trading, or
otherwise making use of an Internet domain name that belongs
to the trademark owner.
• "Squatting" is the act of occupying an unoccupied location or
building without permission, according to Wikipedia.
Cyber Warfare

Cyber warfare is considered to be an act of

cyber-attack or a series of cyber-attacks. If this
assault is successful, it might harm or even
destroy government and civilian infrastructure
and critical systems.
Types of Cyber Warfare Attacks
Cyber Terrorism

Disruption of computer networks, particularly those

using personal computers linked to the Internet,
might be considered an act of Internet terrorism.
These kinds of assaults may be carried out using a
wide number of methods, such as phishing,
computer viruses and worms, malicious software,
hardware devices, and programming scripts.
Cyber-crime
Using computers or the internet to engage in criminal behavior is referred to as cyber-crime.
To conduct cyber attacks, criminal organizations utilize strategies such as social engineering
and malware such as phishing, as well as a wide range of other methods.

“The only system which is truly secure is one which is

switched off and unplugged, locked in a titanium safe, buried
in a concrete bunker, and is surrounded by nerve gas and
very highly paid armed guards. Even then, I wouldn’t stake
my life on it.”
- Professor Gene Spafford*
In what ways are you most likely to experience
cyber-crime as a regular computer and mobile
device user?
• You have a weak password on an account or a smart device or if you visit a
website that has been hacked, you might be infected.
• Email is by far the most common means of transmitting cyber-crime.
According to the “Federal Bureau of Investigation” (FBI), email fraud is
the second most costly form of cyber-crime.
• In addition to phishing scams and malware sent through dubious files or
links, email fraud may also take the shape of digital extortion,
ransomware, and other types of malicious software.

The Dark Web Any area of the internet (websites, e-stores, forums, etc.)
that cannot be found by a standard search engine like Google or Bing is
known as the "deep web." The dark web, or "darknet," is a subset of the deep
web that can only be accessed via a specialized browser such as Tor. The
anonymity provided by the dark web makes it a haven for criminals, even if it
is not unlawful in and of itself
Classification of Cyber-Crimes

Email Spoofing
Due to the architecture of email systems, spoofing is feasible. Email servers can't detect whether a
sender address is authentic or faked since it's issued by a client application. Email spoofing attempts
to fool recipients into thinking the email is coming from someone they know or trust, usually a
coworker, vendor, or well-known company. The attacker takes advantage of the recipient's
confidence and begs for information or some other action. Click here for details

There are three main parts to an email; they are:

 The sender's address

 The name and address of the receiver
 The email's body
The Reply-To field is another common phishing component. This field may also be
used in a phishing attempt since it can be configured by the sender. A different email
address than the sender's may be specified in the Reply-To address, which is used by most
email clients.
Spamming
In the practice of spamming, emails and other digital delivery systems and broadcast
media are sent to a large audience in great quantities without the recipient's consent
or knowledge. Online forums, instant messaging, and mobile text messaging are
just a few examples of the many forms of spam that are included in this
broad category.
Spammers are those who produce electronic spam. The practice of
sending unsolicited bulk messages without any discernible
pattern is known as spam, which refers to the inappropriate use of
electronic messaging networks (including most broadcast media and digital
delivery systems). Even though junk e-mail is the most common kind of
spam, the term "spam" may also refer to comparable abuses that occur in
other forms of media, such as spam in instant messages, Usenet newsgroups,
and online search engines.
What kinds of spam are there?

 Email Spam

 SEO Spam

 Content Spam

 Link Spam

 Social Networking Spam

 Mobile Spam

 Messaging Spam
Cyber Defamation

Slander is to make a false remark against someone that damages their

reputation, basically, Defamatory statements that are given in the form of vocal
statements

Whereas

Libel is to publish or write a false statement that harms someone's reputation.

Basically, a defamatory statement published in writing,
Internet Time Theft

An internet time/bandwidth thief is someone who illegally accesses

the internet connection of another person.

Access to an ISP user ID and password obtained by hacking or unlawful

methods is used to get unauthorized Internet access, which falls under
the general category of "hacking".
Data Diddling

Data diddling is a kind of computer fraud that involves intentionally altering the
numbers entered into a database. When filing tax forms or other financial records,
its common practice to inflate or understate revenue or expenditures in order to
gain an advantage for the firm or person concerned.

When it comes to fraud, data diddling is unique in that it only pertains to the
falsification of data at the time of input.
Espionage

The act of obtaining secret or private information (intelligence) from non-

public sources or exposing the same without the authorization of the information's
owner in order to make some tangible advantage is known as espionage, spying,
or intelligence gathering. The term "espionage" may also be used to describe the
process of obtaining information.
Hacking

A common definition of hacking is obtaining unauthorized access

to a computer system or a user's account to compromise digital
devices and networks. Theft of data and unlawful conduct are the
most prevalent outcomes of hacking;
Types of Hacking/Hackers
Black Hat Hackers

In the hacking world, hackers are known as the "bad guys" because of their actions

White Hat Hackers

The "good people" in the hacker community, white hats are those who actively work to thwart
the gains of the bad guys. Known as "ethical hackers" they use their specialized skills to gain
access to networks in order to assess their level of security. Security weaknesses can be
discovered and patched before black hat hackers can take use of them.
Computer Sabotage

Computer sabotage refers to the act of intentionally interfering with the

operation of a computer or a telecommunications system by entering data into a
computer, changing that data, erasing or suppressing it, or erasing or suppressing
computer programs. This may also include tampering with computer systems.

Online Frauds

"online fraud" refers to fraudulent actions like identity theft and financial scams that
are carried out via the use of the internet.
Tips to Avoid Online Frauds
1. Use up-to-date versions of security software, web browsers, and
operating systems.
2. Use a strong password
3. Never open attachments or pop-up windows from sources you don't
trust.
4. Avoid publishing personal information
5. Use a password to secure your home's wireless network
6. Use a secure online shopping website
7. Check the privacy rules of the website before giving away any
personal information.
E-Mail bombing

Sending a large number of e-mails with the intention of flooding the

recipient's e-mail account (in the case of an individual) or their mail
servers (in the case of an organization) is what is generally understood to
be the act of "bombing" an e-mail account with e-mails
Different types of Mail Bomb attacks

1. Mass mailing
2. List linking
3. ZIP bombing
4. Reply all
5. Attachment
How do you defend against mail bombs?
Computer Network intrusion

Network Intrusion Attack Techniques

1. Living off the Land

2. Multi-Routing
3. Buffer Overwriting
4. Covert CGI Scripts-Common Gateway Interface (CGI), which enables servers to route user requests to
appropriate programs and to receive data back from those applications.
5. Protocol-Specific Attacks: Protocols including ARP, IP, TCP, UDP, and ICMP, as well as a variety of
application protocols, might unintentionally offer holes for network intrusions
6. Traffic Flooding
7. Trojan horse Malware: Backdoors that are created by Trojan horse infections allow hackers to access
systems and any data that may be exposed
8. Worms: Viruses and worms are two of the simplest and most destructive ways to infiltrate a network
Password Sniffing

Password sniffing is a method that employs a particular

software program that lets a hacker who is watching and
recording network traffic acquire usernames and passwords
without doing anything.
Type of credit card frauds

1. Pickpocketing or physical theft

2. Skimming Card Information
3. Phishing and other scams
4. Carding or cyber-attacks
Credit Card Frauds

How is credit card information usually stolen?

• Skimming: On the credit card swipe machine, the skimmer is retained by the
swindlers to steal customer data. Whenever you use your credit card to make a
purchase, this gadget will record that information.
• Dumpster diving: Thieves may steal your credit card information if you throw away
your bills or other papers that include your entire credit card number.
• Hacking: Customers' credit card information may be stolen from businesses you've
transacted with or from organizations that handle credit card payments. As a result,
they'll commit hacking crimes.
• Phishing: In phishing, people are tricked into divulging their personal information to
fraudsters who then use that information against them.
Identify Theft
The fraudulent use of another person's identity is called
identity theft.

How to protect yourself from identity theft ?

Types of Identity Thefts

• Criminal Identity Theft

• Senior Identity Theft
• Driver’s license ID Identity Theft
• Medical Identity Theft
• Tax Identity Theft
• Social Security Identity Theft
• Synthetic Identity Theft
• Financial Identity Theft