Saturday 27 August 2022

Chapter-3 Cyber Threats and Security

0 comments

 Chapter-3 Cyber Threats and Security

CHAPTER NO.3 CYBER THREATS AND SECURITY


INTRODUCTION

In addition to the use of computers in the present time, the Internet has been used in every field. As the technological age is advancing, the use of the Internet is also increasing. There is no area where there is no Internet access.While the use of the Internet has accelerated thefunctioning of all sectors and is saving time and money, but overuse of it has led to a number of technical risks which in the technical language have led to cyber threats also called attacks.This is a matter of concern and to know about these threats/attacks, it is important to knowabout the techniques and precautions to be taken to deal with these threats/attacks and to implement these techniques and precautions. Let us read about cyber threats/attacks in this lesson and the techniques and precautions to be taken to prevent them.


3.2 WHAT IS CYBER?

Before learning about cyber threats/attacks and defence techniques, it's important to know what cyber is. However, the word cyber does not have a clear literal meaning and is itself a unique word, The world of internet is usually called cyber. The word cyber is derived from the Greek word ‘cybemetic’ {i.c., e-touch), which means a self-controlled scientific system of communication. Therefore, the self-controlled system of communication and computer-based technologies in the world of the Internet has also been renamed Cyber, and there are many other names cyber threats (webservers), cyber-attacks (webservers) cyber-space, cyber-crime (web firmware), cyber security (web site shredding) have been linked. We will now learn about cyber threats (webservers) in this lesson.



3.3 CYBER THREATS / ATTACKS

As mentioned above, we have expressed concern about the increasing use of the Intemet and the cyber threats/attacks it may cause. Now you have to know what these cyber threats/attacks are. In the world of the Internet, those possibilities and desperate attempts are categorized as cyber threats/attacks which harm online computer networks and computer based systems with the help of the Intemet.Due to the changing nature and use of online technologies day to day,cyber threats have taken many forms and cannot be categorized into one category.Next we will read about the different types:-



3.3.1 Cyber Threat/Attack Types

As we have read above, online technologies are changing day by day in the Internet or

cyber environment, and their changing forms are creating new risks every day as cyber



criminals embrace every new technology as their own, non-linear and Internet-based online systems are being targeted by malicious efforts that are leading to cyber threats/attacks. Some of these risks are currently being posed.


3.3.L.1 Stalking : Stalking (shot a locking) Stalking is an English language word that

means chase or fall behind. So, in a series of cyber threats/attacks, when a person makes any kind of harassment to another person against his will, with the use of the Internet based application/software, it is called Stalking.Like forcing someone to post unwanted messages or other content via social media, and forcing confidential information of any kind.


3.3.1.2 Piracy : In a series of cyber threats, when person copies software or other computer based material without the permission and wishes of his original owner, he sells his duplicate copy for his own business interests, leaving the real owner in the lurch. This type of cybercrime is called piracy. As of now, piracy of content such as different software, audio and video has become commonplace.


3.3.1.3 Phishing : The word phishing is an English-language word that means trapping.

This is a type of online fraud in which any kind of confidential or personal information is solicited by a user from an unknown address via e-mail or some other way, such as a username,password and CREDIT card or debit card number etc. If a person comes in this roundabout and sends such information to the Fisher, then the Fisher may deduct the amount from his account.This type of online threat is called phishing.


3.3.1.4 Hacking ; Hacking is also an English-language word that means to cut or bite.When a cyber-criminal uses some kind of technology to steal and misuse someone's person software, personal account, any kind of online ID(s) or website, it is called Hacking.



3.3.L5 Spamming : Spamming is also a word in the English language which means waste or rubbish, whenever an individual or company sends unwanted emails or messages to an unknown person or group of persons and is repeatedly incited to an item and asked to adopt a process, Could be harmed by obtaining its confidential information. This type of action is called spamming. For example, by sending an e-mail or message repeatedly from an unknown company asking them to join the company


3.3.1.6 Email Spoofing : Email spoofing is the creation of e-mail messages with a foreget sender address. In this revolt, many less aware users share some kind of confidential information at such an address and suffer the consequences,


3.3.1.7 Denial of Service Attack /DOS Attack : Denials of Service Attack is a type of

online attack that targets a server computer or computer network, and information about its crash is accessed by the user connected to it. These types of attacks are most commonly found in the banking sector, commerce and high level organizations.


3.3.L8 Web Jacking : Web jacking is also an unauthorized operation, such as high

jacking, in which a backer makes unauthorized alterations to any other web site for his own benefit and changes the information contained on that web site.In the past, web hackers hacked websites of the Ministry of Information Technology and the Bombay Crime Branch.


3.3.1.9 Internet Time-Theft : Intemet time theft is an unauthorized online operation in

which a user's personal name and password is used by another person to access the Internet without his knowledge of the Internet account. Nowadays these practices have become commonplace due to the convenience of Wi-Fi internet service.


3.3.L.10 Salami Attack : Salami Attack is one of the dangerous online attacks, This is an action that is very difficult to identify. These types of online attacks are most commonly seen in the banking sector. Such online attacks target credit or debit card information of a bank's customers in a manner that a small amount of money goes out of their accounts into the account of the opener, and the customer does not even know about it because in such online attacks those customers’ accounts are targeted where the amount is often more and the transactions are frequent.


3.3.L11 Data Diddling : Diddling means nesting or destroying. In the world of cyber-attacks, data diddling is called a maladaptive process in which a cyber-attacker nullifies or transmits information online or other information being consumed by a cyber-attacker, using its information as input.Results are obtained according to personal interests. This type of cyber action is called data diddling.


3.4 CAUSES OF CYBER THREATS/ATTACKS

With the increasing technology and use of the Internet, the number of cyber-attacks is

increasing day by day and new cyber-attacks are occurring on a daily basis. It is also important to know what are the reasons or shortcomings behind it, because before leaning how to avoid cyber-attacks one has to find out why and how these cyber-attacks are taking place, then one must take any appropriate measures to prevent them. Now we know the reasons for cyber-attacks.


3.4.1 Easy Access to the Internet

One of the biggest reasons behind the rise of cyber-attacks is the easy access to the internet because nowadays it has become very easy for everyone to use the internet and with the advent of different internet service providers in the market; the internet service pack is much lower.Rates are obtained at home only which is creating a golden opportunity for cyber criminals Because of the easy access to the Internet, everyone is spending a lot of time on the internet and also sharing various types of personal information on the internet, which empowers cyber attackers to carry out cyber-attacks.


3.4.2 Lack of Technical Information

One of the reasons for the increase in cyber-attacks is the lack of technical knowledge; due to the easy access to the Internet nowadays that people are using,those who have no technical knowledge at all and who openly access such links or web sites without any thought. Where they are asked to enter some confidential information such as credit/debit card numbers and passwords and they get caught up in the cyber attacker's behaviour, due to this they may suffer loss.


3.4.3 Non-Use of Security and Privacy

One of the reasons behind the cyber-attacks is that many Internet users do not use any kind of security or privacy when using the internet, so cyber attackers can easily access their computer or any kind of online accounts. And they are harming them.


3.4.4 Criminal Wisdom or Feeling of Revenge

Cyber-attacks are also on the rise because of the criminal intelligence and revenge of many people in the present day as the current physical attacks of any political or commercial ventures are harming their opponents through cyber-attacks.In addition, criminals are resorting to cyber-attacks to fulfil their financial or business interests because such attacks do not require any physical effort and they can harm their opponent while sitting at home.


3.4.5 Ignorance of IT Crime and Law

The prevalence of cyber-attacks is also increasing as more and more people are exposed to IT. No knowledge of the crime and the laws involved. They do not know what punishment or fine they may face if they commit some kind of cyber-crime. Even with this ignorance many people are joining the world of cyber-crime, IT Laws and Rules has been deployed in various countries - India, Canada, the United States, China and Japan - to curb the growing cyber-attacks or crimes. Laws are made.In India IT Act 2000 has been created which is also called the ITA 2000, which contains several types of articles regarding IT crimes.

3.4.6 Excessive Use of Mobile Technology and Social Media

One of the reasons for the increase in cyber-attacks is the overuse of mobile technology and social media. Mobile phones and social media are now being used worldwide in large numbers, which is likely to increase the number of cyber-attacks. Because mobile phone users can easily access social media using the Internet, which is happening on a widespread level, the app host to access social media on mobile phones. And sometimes the mobile phone user accidentally shares any confidential information or fills the information requested after clicking on a link, is submitted. Cyber-attack is done by cyber criminals on the base of this information which causes financial or mental harm to a user.


3.5 MALWARE AND ITS VARIANTS

As we have already discussed in this text, cyber-attacks/threats, their types and the reasons for their existence.And we have also learned what kind of harm can result from attacks or threats. Now it is important to know how these attacks/threats exist, what kind of techniques/programs are used by cyber criminals to generate these attacks/threats and how do these techniques/programs work in a cyber-attack Give rise to danger.


3.5.1 Malware & its types

Malware is made up of a combination of two words in English, mal(malicious) and ware

(a software), a short form of a combination of a malicious (harmful) and a software. In a computer-based system, a group of malicious programs are called malware.

Which are somehow created by people from the criminal world to harm the computer-

based system and adversely affect or destroy the computer-based system.Computer viruses are a common example of malware. Finally, we can say that malware is a malicious computer software.According to the changing and evolving forms of technology nowadays, criminals around the globe are developing a variety of sophisticated software to harm modern computer-based systems that are accessing computers in a variety of different ways. The following are the different names given to these methods based on the way software is operating and damaging computer-based systems.


3.5.1.1 Adware : Adware are malicious programs/software that infects the computer

system by means of an add-on that infects the computer. These are entered into the computer when a user clicks on an unwanted add-on while surfing on the Internet.


3.5.L.2 Spyware : Spy is an English word that means ‘work secretly’. It is obvious from the literal sense that spyware is also malicious software that gets infiltrated into a computer without permission.And the computer user doesn't even know that his or her confidential information or data is going to an unknown person.This is how software acts like a spy and is called spyware.


3.5.L3 Viruses : As we all know that the meaning of virus is bacteria as well as we also know that if any type of virus enters the human body then infection in the body can spread which can be serious.Like That the computer virus also completely ruins the computer's operating system. These are those softwares which get attached to the software and ruin computer data and also the working and even some time they are so dangerous as they destroy computer's operating system.


3.5.1.4 Ransomware : The word ransom in English means ‘shrifty’. It literally means

ransom ware which means malicious programs /software that log into the computer and lock the entire computer system or any necessary document.The criminals who deliver such software to someone's computer ask for money in exchange for unlocking the computer and hence such malicious software is called ransomware.


3.5.1.5 Computer Worms : Worms mean "worm". Based on this literal meaning, computer worms are a type of computer virus that are more serious than computer viruses.They act like a slow poison and they slowly erupt into the computer system, and the computer user is unaware that a program has been accessed on his computer. It is then that he realizes that his computer is corrupted immediately.


3.5.1.6 Trojan Horse : Trojan Horse is an application malware and is a type of computer virus. Which enters the computer via a network via a fake e-mail or add-on, and it initially behaves in a friendly way with the computer user.And then the control of the computer is removed from the actual user and handed over to his owner. These types of malware are sent to other people's computers via a network by committing cyber criminals to corrupt, damages or steal any kind of confidential data.


3.5.L7 Browser Hacking / Hi- Jacking Software : Browser hacking or hijacking software are malware that hack or hi-jack a user's web browser and change their browser settings without their consent and allow them to automatically open the web sites which they do not like to open.


3.5.1.8 Stealware : Steal is an English-language word meaning ‘theft'.According to this literal meaning, stealware is malware that is created to steal or divert information about any kind of security information.This malware usually affects the exchange of moncy in the banking sector such as sending money to a well-known person's account. And malware, called stealware, turns its back on the account of a cyber-criminal who has developed this steelware,and it doesn't happen too often.After learing about the malware above, we have learned that cyber criminals have created and used a variety of malicious software to fulfil their personal interests that affect computer based systems in various ways.We also have to learn to avoid these side effects. Now let's read about cyber-attacks and ways to protect against the malicious software used in these attacks.


3.6 CYBER SECURITY AND TECHNIQUES

As we have read above and know that there is a proliferation (increase) of cyber-attacks in the world of the internet today, and these attacks are matters of grave concern. There is also a need to take some action to prevent these attacks, and some software and technology that can help protect our entire computer system from cyber-attacks. Now let's read about cyber security and techniques and know how to prevent cyber-attacks.



3.6.1 What is Cyber-Security Techniques & its types?

There are various attempts to prevent cyber-attacks and various techniques or software are used to do so.The various technologies used to prevent cyber-attacks are collectively called cyber security. Cyber security comes with all kinds of efforts to prevent computer-based systems from nesting, data theft and other types of cyber threats. As such, it is clear that all technologies used in computer-based systems to protect the computer-based system from cyber-attacks are cyber security. Now before you know what techniques are used in computer based systems to prevent cyber-attacks? It is important to know what a cyber-security technology is and what its role is in computer based. systems.



Cyber security techniques are computer software/programs or special instructions that are installed on a computer as a security guard of a computer system and applied to a computer system to prevent any cyber-attack or any other attack. To avoid being deceived not only a single technique is used but there are many different techniques available today. Now let's read about some different types of computer techniques.



3.6.L.1 Authentication ; Authentication is a security technique in which computer users

have full authority over who is allowed to use their computer system or their Networks and who is such a sophisticated protection technique is implemented in a computer based system,Then only those individuals who have been granted authentication by the host/owner can access the computer system or Network and the person who has no authentication cannot access that computer system or Networks.


3.6.1.2 Strong Password : A simple and straightforward technique to prevent any kind of abuse under a computer-based system is to use a strong password for all kinds of IDs and user names, as the password will be as complicated and hard to hack as a hacker or cyber-criminal to break or hack it.As far as any ID's password should be a combination of alphabets, digits and special symbols. The password for any type of ID should not be private name, date of birth or mobile number. Hackers or cyber criminals can easily steal and misuse such simple passwords.Examples of hard passwords can be as follows: axzy9356


3.6.1.3 Encryption : This is a security technique that can be used if any computer-based system has a user name or ID's password is invoked so whenever such data or password is entered anywhere using a computer-based system, this security technology will turn it into an unrecognizable special symbol .Which only the filling person or the real user can

understand, and even if the unknown person is sitting near, he has no idea what he wrote. Such techniques are typically e-mail ID, password or banking ID. Passwords are applied so that no unknown person can misuse them.

3.6.L.4 Antivirus : Antivirus is a software that protects our computer against any kind of virus. It is also called anti-malware because any virus is a malware against which it works and does not allow the virus to come into the computer even if it comes by scanning the computer with the help of this antivirus, we can eliminate it.

These types of software have no other function in the computer system but they simply protect the computer from the virus.Currently there are various types of antivirus software available such as AVG, Avira, Macfee, Kaspersky, Ad-Aware, Norton etc.


3.6.L5 Firewall ; A firewall is a security used in computer-based systems that protects

computers and computer networks from viruses or any other type of cyber-attack. It protects our computer from all kinds of malware by being a strong wall, and doesn't allow any unauthorized person to access our computer or Network. This is a security technique when we use the Intemet to block traffic or malware from accessing our computer and prevent it from entering our computer. Currently, two types of firewall are used in computer based systems which are known as hardware firewall and software firewall. At present, a hardware firewall is already embedded in any network device used for networking, which protects all the computers connected to that network against viruses or any other type of malware. Software firewalls now include pre-existing operating systems such as Windows 7,8,10 Vista and Windows XP, which protect our computer.


3.6.1.6 Digital Signatures : Now a days time has come to be known as Digital Era because most of the work has gone online and even signatures have become digital. This is a security technique used to authenticate a user to a computer-based system with a digital code and to transmit or verify of the data and any other online documents.This digital signature security technology is used mostly in the banking sector and other financial transactions.The DDO now submits and verifies employees’ pay bills online via digital signatures.It is a very innovative and important security technology that protects computer systems in financial operations.



3.7 CYBERSPACE AND WWW

Where there is talk of cyber-attacks/threats or cyber-security, it is important to talk about cyberspace as there are many kinds of doubts in the minds of people about cyberspace.Someone thinks that the Internet is cyberspace and someone gives (The World Wide Web/WWW) the name of cyberspace.To some extent these concerns are also true because if viewed, the Internet,the World Wide Web, and cyberspace are both related to the global network and are also fully related to each other.Only people are confused about their existence.To overcome this apprehension, let's now understand what cyberspace is and how it differs from the World Wide Web.


3.7.1 Cyberspace

There is no physical object in the world of cyberspace internet, nor can it be defined as a physical object.Cyberspace is the Emotional or Virtual electronic environment in the world of Internet in which all Internet users interact to each other. It is an electronic space with no physical location in which all Internet Related activities are performed. Now we also know how it is different from The World Wide Web/WWW.



3.7.2 WWW

The World Wide Web is also an important term in the Internet world. It is also called the

lonely web in the common language.As its name implies, it is a worldwide phenomenon and is a term different from cyberspace. Although the World Wide Web is also an electronic term, it can also be defined as a physical term,because anywhere in the world of the Internet the World Wide Web is a place or information system connected to the Internet where all the links of html documents (webpages) and URLs (Uniform Resource Locator) that means Web Addresses of all web servers connected to the intemet are stored It is only through the (World Wide Web) that an electronic environment is created called cyberspace, and within this environment, users connected to the Internet interact.



3.8 INFORMATION TECHNOLOGY ACT 2000 OR ITA 2000

In view of the increasing technology and Internet usage in India and the cyber threats posed by this use.In order to bring the use of information technology to the forefront of legal and logical congruence with the use of information technology, the Central Government of India passed an Act on October 17, 2000, which was named as IT (Information Technology)Act 2000. This Act is also known as ITA 2000. It is an Act related to cybercrime and electronic commerce. Later in October 2008, the Act was amended to give the entire control of information technology (IT) in India to the frm CERT-IN(ndian Computer Emergency Response Team).This modification is a complete IT Act 2008 has come to be known.But this Act 2008 is an improved version of IT as it is based on IT Act 2000 is the same. The above IT act made by Government of India, contains certain provisions of the Information Technology and there are certain objectives of the establishment of this Act. Now let's get to the information about those goals and characteristics.



3.8.1 Objectives of the IT Act

1. Legalizing electronic information and data communications.

2. Facilitate the storage of data or information online.

3. Recognize digital signatures for authentication of a document or other information.

4, To establish a legal framework for cyber-crime prevention.

5. Recognizing the Electronic Funds Transfer Policy at Banks.

6. Facilitate submission of forms electronically to government departments or agencies.

7. Implementation of Electronic Commerce Across India

8. Promoting the Electronic Business in India.


3.8.2 Features of the IT Act

1. Digital Signatures are legally recognized in the Act.

2. It gives full approval and recognition to all types of financial transactions made

through secure electronic media.

3. This IT Act is fully concerned with cybercrime and electronic commerce.

4. The Act establishes a Cyber Appeal Regulation Tribunal that deals with cyber-appeal.

5. The Act provides for legal recognition of government offices and agencies filling and

submitting forms online.

6. According to this Act, a hearing against the order of the Cyber Appeal Regulation

Tribunal can only take place in the Supreme Court.

7. The Act also applies to offenses committed outside India that are related to India in some Way.

8. The Act also legalizes online records and storage.

9. The act recognizes electronic communications.

10. It recognizes the electronic funds transfer technology in the banking sector.

Pointseho

1. The Internet-based or computer-based. automated control Commaunication system is called Cyber.

2.  Cyber-attacks/threats are called malicious attempts by unauthorized individuals to harm computer-based systems via the Internet.

3. Stalking, Piracy, Phishing, Hacking, Spamming, Email-spoofing, Denial of service attack/DOS attack,Web Jacking, Internet time theft, Salami Attack ,Data Diddling are types of cyber attacks

4. The most common cause of cyber-attacks or threats is the lack of technical information available to the public.

5. Malware is often referred to as a malicious software or program that damages computer-based systems.

6. Adware, computer viruses, spyware, ransom wate, stealware, computer worms, Trojan-Horse, browser hacking, etc. are all malwares. A set of software or Instructions used to protect against cyber-attacks or threats is called cyber security and technology.

8. Firewall, Strong-password,authentication, antivirus, encryption, and digital signature techniques can be used for cyber security.

9. Cyber space is an electronic environment in the world of internet.

10. The World Wide Web is a comprehensive information system where all the URLs/Web Addresses and Html documents(Webpages) are stored.

11. IT Act 2000(NTA 2000) was passed by the Goverment of India on October 17, 2000.

12, IT Act 2008 (NTA 2008) a new IT Act is implemented through making the Amendments in IT Act 2000.SEASAIRGERS


Part-A

1, Multiple Choice Questions:


1. Cyber word is taken among which of these?

a. Cybercrime

b. Cybernetic

c. Cyber-attack

d. Cyber security

2 Copying and selling of software or any computer-based material is known as:

a. Phishing

b. Stalking

c. Piracy

d. Hacking


3. A malware which acts like a spy in computer system:

a. Spyware

b. Computer virus

c. Adware

d. Ransom ware


4. Which type of security technique which converts password to special signs?

a. Strong password

b. Firewall

c. Digital signature

d. ‘Encryption


5. IT act 2000 is known by which another name?

a. IT act 2008

b. ITA 2000

c. Information act

d. Income tax act


6 An electronic environment in which internet users communicate with each other:

a. World Wide Web

b. Internet

c. Cyber space

d. Cyber cafe


2. Fill in the Blanks:

1 corrupt the computer system.

2 is a digital code which is used to Transmit or verify documents online.

3. Antivirus software keeps our computer safe from

4. ____ saat as secure wall in the computer system.

5. Any unauthorized person alters the website with the use of _.

6. URL's of severs connected with intemet are stored at


3. Very Short Answer Type Questions

I.‘ When first IT act comes into?

IL Name any two antiviruses?

I. Write full form of CERT-IN.

IV. Write the complete form of ITA 2000.


Part-B

4. Short Answer Type Questions. (Write the answers in 4-5 lines)

1. What is piracy? Define it?

2. What do you know about web jacking?

3. What are Salami attacks?

4. Give a brief description about antivirus software?

5. Differentiate between cyber space and WWW(World Wide Web)?

6. Tell four Objectives of IT Act 20007


Part-C

5. Long Answer Type Questions. (Write the answers in 10-15 lines)

1. What are the Cyber Attacks? Describe five types of Cyber Attacks?

2 Describe the Causes of Cyber Attacks in Detail?

3. What is Malware? Describe five types of Malwares?

4. What is Cyber Security?Describe five types of Cyber Security Techniques?

5. What is IT Act 20007Describe its Features?