1.

INTRODUCTION
Strengthening the trust framework, including information security and network security,
authentication, privacy and consumer protection, is a prerequisite for the development of
the Information Society and for building confidence among users of ICTs. A global culture of
cybersecurity needs to be promoted, developed and implemented in cooperation with all
stakeholders and international expert bodies.

This statement from the 2003 WSIS Declaration of Principles, This is the rule of the data
revolution: for every action to store, secure, and use data, there is an equal or greater
reaction to steal data. It has been proven repeatedly — as recently as the Equifax data
breach. Data has changed from forms and documents to bioinformatics and digital
transaction histories. Protection has moved from file cabinets and lockboxes to virtual
storage spaces on secluded servers with stringent encryption. Malicious parties have
likewise transitioned from physical break-ins to ransomware, DDoS attacks, botnets and
other nefarious acts. Companies are acutely aware of cybersecurity’s importance, especially
those operating via cloud and edge computing models or utilizing IOT technology. The
subject has introduced anxiety for business leadership and consumers alike, with few having
full confidence about safe engagement in a digital, data-driven age. This white paper will
address those concerns, outlining the stages of security, and introduce exciting technology
that could ameliorate tension and stymy hackers.

1.1 Background
A cyber attack is deliberate exploitation of computer systems, technology-
dependent enterprises and networks. Cyber attacks use malicious code to alter
computer code, logic or data, resulting in disruptive consequences that can
compromise data and lead to cybercrimes, such as information and identity theft.
Cyber attack is also known as a computer network attack (CNA). Cyber attacks
occurred targeting banks and broadcasting companies in South Korea on March 20.
The malware involved in these attacks brought down multiple websites and
interrupted bank transactions by overwriting the Master Boot Record (MBR) and all
the logical drives on the infected servers rendering them unusable. It was reported
that 32,000 computers had been damaged and the exact amount of the financial
damage has not yet been calculated. More serious is that we are likely to have
greater damages in case of occurring additional attacks, since exact analysis of cause
is not done yet. APT(Advanced Persistent Threat), which is becoming a big issue due
to this attack, is not a brand new way of attacking, but a kind of keyword standing
for a trend of recent cyber attacks. In this paper, we show some examples and
features of recent cyber attacks and describe phases of them. Finally, we conclude
that only the concept of security intelligence can defend these cyber threats .
1.2 Setting the stage: cybersecurity in the past and
present
Cyber security has come a long way since 1988, when Robert Tappan Morris
attempted to gauge how big the Internet was by releasing one of the first
recognised worms to infect the world’s nascent cyber infrastructure.
The worm relied upon weaknesses in the UNIX system to replicate itself.
Once infected, computers slowed down to the point of being unusable.
Tappan became the first person convicted under the United States Computer
Fraud and Abuse Act.
Since then, we have seen an increase in cyber hacking and subsequent
scams taking us beyond individual “Geeks” gaining access and criminals
looking for easy money, to a new cyber underworld of transnational networks
and state-sponsored cyber spies.
In the process, sophisticated hackers continue to gain access to personal,
banking and government information as well as military and industrial secrets.
No sector of cyber has gone untouched.
A major shift in cyber attacks occurred in October 2010 with the release and
detection of the Stuxnet worm. Stuxnet specifically targeted programmable
logic controllers (PLCs) that control of vast array of automated processes
including factory floor, chemical plants, oil refineries, pipelines, electrical grid
systems and, in this case, Siemens PLCs that controlled Iranian centrifuges
for separating nuclear material.

More than 32 lakh debit cards issued to various Indian banks were
compromised earlier last year, which resulted in the loss of Rs 1.3 crore in
fraudulent transactions as reported by the National Payments Corporation of
India (NPCI). These hacks These hacks went undetected for months, allowing
the hackers to continuously extract money off these user accounts as well as
infect other bank operations with malicious software. Twitter accounts around
the world were hacked. The most noteworthy for India was the attack by an
infamous hacker group known as Legion. The group attacked Twitter and
email accounts of prominent public figures such as Congress vice president
Rahul Gandhi and businessman Vijay Mallya. Legion offered details of
upcoming attacks and promised more dumps of Twitter information in future.
Banking in Bangladesh was also not spared as one of the largest financial
crimes online took place early last year, resulting in $81 million “liberated”
from the banks and “reinvested” in places such as the Philippines, Sri Lanka,
and other parts of asia.
Mark Zuckerberg, co-founder of Facebook had both his Twitter and Pinterest
accounts breached multiple times throughout the year. Why? Because he
3reused the same password. Yahoo suffered two major data thefts in 2016. In
September hackers compromised over 500 million Yahoo user accounts, and
successfully attacked again in December compromising more than 1 billion
accounts. Information compromised included usernames, email addresses,
date of birth, passwords, phone numbers, and security questions.
State-sponsored Russian hackers made a big splash across the US by
hacking into the Democratic and Republican National Committees’ email
archives through repeated phishing attacks. They accessed over 60,000
emails and released them through WikiLeaks. WikiLeaks later published
these emails, attempting to influence election results in favour of Donald
Trump.
October 21, 2016 now claims the distinction as the date of one of the largest
cyber attacks on record as websites such as Twitter, Netflix, Airbnb, Reddit,
SoundCloud, and others were temporarily shut down. This threefold attack
interrupted websites and caused outages across the United States and
Europe.
The newly emerging Internet of Things (IoT) and its associated devices were
also slammed by attacks on the servers of DYN, the company controlling the
largest portion of the Internet’s domain name servers (DNS), and thereby
highlighting future vulnerabilities across the IoT.
Exciting new technologies
The new year promises to bring a host of exciting new technologies as Apple,
Amazon and Google began entering products into the smart home technology
(IoT) markets. Thousands of new virtual reality games and applications will be
released, and machine learning and artificial intelligence will expand
exponentially in the workplace, ushering in extraordinary efficiencies.
With all the new technologies, we will still face the same old cyber security
vulnerabilities. Each year, the technologies excite us and provide new twists
for cyber security as the technologies become so commonplace that people
forget about security.
Doug Shadel, a leading expert on fraud in the US summed up what security
experts fear most, “We’re concerned that people are trading security for
convenience… People are doing things on free Wi-Fi that are really alarming.”
The current year will offer extraordinary opportunities for data breaches, many
of which have already occurred in 2016, but we were unaware of them.
Previously stolen information will continue to make its way into the news.
Cyber vulnerabilities in national infrastructure will also invite more incidents of
cyber warfare while IoT vulnerabilities will expand opportunities for cyber
attacks. And yes, our old friends, the individual hackers, will become more
innovative providing a year of increasingly creative cyber breaches. Now is
the time to brush up on cyber training, change your passwords and begin your
own personal crusade for cyber security.

1.2 What is cybersecurity?

Tentative Definitions
Cyber security, also referred to as information technology security, focuses on
protecting computers, networks, programs and data from unintended or
unauthorized access, change or destruction.
University of Maryland University College
Cyber
“Cyber-” is a prefix derived from the word “cybernetics” and has acquired the
general meaning of “through the use of a computer”. Cybernetics is the theory
of communication and control of regulatory feedback that studies
communication and control in living beings and in the machines built by
humans and is the precursor of complexity thinking in the investigation of dynamic
systems, using feedback and control concepts. The “cyber-” prefix is often
used synonymously with “cyberspace”.
Security
The word “security” in general usage is synonymous with “being safe”, but as
a technical term “security” means not only that something is secure, but that it
has been secured. For example, in telecommunication, the term “security” has
the following meaning: A condition that results from the establishment and
maintenance of protective measures that ensure a state of inviolability from
hostile acts or influences.20 “National security”, on the other hand, can be
defined in an objective sense as the absence of threat to a society’s core values, and
in a subjective sense as the absence of fear that these values will be attacked.It also
describes the measures taken by a state to ensure its survival and general well-being.

Cybersecurity is the collection of tools, policies, security concepts, security safeguards,

guidelines, risk management approaches, actions, training, best practices, assurance and
technologies that can be used to protect the cyber environment and organization and user’s
assets. Organization and user’s assets include connected computing devices, personnel,
infrastructure, applications, services, telecommunications systems, and the totality of
transmitted and/or stored information in the cyber environment.
 Cybersecurity strives to ensure the attainment and maintenance of the security properties
of the organization and user’s assets against relevant security risks in the cyber
environment.
 The general security objectives comprise the following:
o Availability
o Integrity, which may include authenticity and non-repudiation
o Confidentiality
Cyber security is the name for the safeguards taken to avoid or reduce any disruption from
an attack on data, computers or mobile devices. Cyber security covers not only safeguarding
confidentiality and privacy, but also the availability and integrity of data, both of which are
vital for the quality and safety of care. Security breaches can occur when we use paper
records, send information using fax machines and even verbally. However, the
consequences of security breaches with digital information are potentially far more severe,
as information can be distributed more easily and to a far wider audience.
 2. Why is cybersecurity important?
Why is cyber security important all of a sudden? Not that long ago, it was primarily
something for only the techies to worry about. Corporate leaders widely viewed it as
the responsibility of their IT department. Many thought – perhaps naively, it now
seems – that so long as the right firewalls, antivirus packages and encryption tools
were in place, they could leave IT security to the experts and focus on the other
myriad elements of running a business.
Presumably, you’re now very much aware that cyber security is something nobody
can afford to ignore. Unless you hide from the world’s media, you must know that
hacks and data breaches regularly affect firms of all sizes. Often these incidents are
significant enough to make the front pages, causing irreparable reputational damage
to the companies involved.
If you’re not worried about cyber security, you should be.
So what’s changed?
Fundamentally, we’re living in a far more technologically-advanced world than we
were as recently as a decade ago. If you need convincing of this, consider the fact
that the iPad has only been around since 2010, and the iPhone only came out a few
years before that. Average broadband speeds have increased by roughly five-fold in
the last decade, making it possible for businesses and individuals to do far more
online.
A particularly valid example of the change that this has facilitated is the rise in cloud
services. Nowadays, most businesses take for granted such things as easy online
document sharing, email that’s available on every device, and databases accessible
from everywhere. While the years have seen enterprises increasing deployment of
business-critical applications in the cloud, Amazon’s Elastic Compute Cloud has only
been available since 2006.
The rise of cybercrime
This rise in the widespread use of technology brought with it a rise in cybercrime. For
hackers, the possibilities increased exponentially, along with the potential rewards.
At one end of the scale, you have “script kiddies” hoping for a modest payday from
unleashing some ransomware on a single computer. At the other, there are “state-
sponsored” hackers, who’ve switched to cybercrime as a method of war, viewing it
as “cheaper, faster and easier than traditional conflict.”
The fact that cybercrime now permeates every facet of society shows why cyber
security is crucially important.
Damage to companies
There have been so many hacks and data breaches in recent years that it’s easy to
produce a laundry list of household name brands and organizations that have been
affected There have been so many hacks and data breaches in recent years that it’s
easy to produce a laundry list of household name brands and organizations that
have been affected.
Just a few examples are:
Equifax, the global credit ratings agency who experienced a data breach that
affected a staggering 147 Million customers. The costs of recovering from the hack
were recently estimated at $439 Million.
The UK National Health Service (NHS), which was temporarily brought to its knees
with a relatively rudimentary ransomware attack, resulting in cancelled operations
and considerable clean-up costs. This specific attack became particularly
embarrassing for the UK government, when it emerged that “basic IT security” could
have prevented it.
Yahoo, the web giant that suffered a breach affecting every one of its three Billion
customer accounts. Direct costs of the hack ran to around $350 Million, and while it’s
harder to quantify reputational damage, it’s probably fair to say that Yahoo is not the
first port of call for consumers seeking a safe and secure place to host an email
account!
While these are just a few examples of the many headline-grabbing hacks of recent
years, it’s important to remember that there are plenty more that don’t make the front
page but still harm or destroy companies of all sizes. While Wired reports
on cybercrime incidents at smaller companies such as MyHeritage, a DNA testing
firm, Typeform, a survey company, and the UK’s University of Greenwich, there are
thousands of other hacks that don’t even make the news.
In fact, one particularly chilling statistic is that there are now over 4000 hacks every
single day using ransomware alone. It’s extremely misguided for anyone to think
their company couldn’t be affected.
Endless statistics
t’s incredibly easy to find cybercrime statistics to shock and surprise people and
Iprove strong reasons for cyber security. In fact, it’s fair to wonder if people may
have become a little desensitized to them, or that the sheer scale of the numbers
makes them hard to take in.
For starters, it’s estimated that the global cost of cybercrime for 2017 added up to
around $600 Billion. The number mounts up every year, and by 2021 pundits are
suggesting a figure of $6 Trillion per year.
But perhaps it’s better to focus on statistics that are more relatable to you personally
– in your role in your business, for example:
How about the fact that 54% of firms had their network or data compromised last
year? If you’re one of the few people yet to experience being in the thick of such an
attack, the fact that it happens to more than half of companies in a year suggests it
could well be your turn soon.
Or, perhaps you could keep yourself awake by considering the average cost of
recovering from a cyber attack, which is estimated at $5 Million. If you run a smaller
business, this might seem like an enormous figure, but these things are proportional.
Plenty of small businesses could be wiped out by a bill of $50,000. This is reflected
in a final statistic that’s widely quoted: 60% of small businesses who experience a
major cybercrime incident go out of business shortly after.
3. Know Yourself – The Threat and Vulnerability Landscape

3.1 Resources Vs Security :

Time Money & Resources are Precious to us. So we want to spend a little of
our resources as possible on security.
Security is not the end goal. The goal is to be getting on with the things that
we want to actually do. Such as surfing the web or running the business.
Most organization are not in the business of security. Security is simply an
enabler to do business & to do the things that we want to do. We don’t want
security for sake of it.
We don’t want to apply too much security or too little security. We want to
optimize our use of our resources so they optimally protect our assets.

3.2 What is Privacy, Anonymity & Pseudo Anonymity ?

Anonymity, privacy, and security in the online world are at least as important as in the real
world. If you need proof, just Google “doxing.” Credit card numbers and “personal” photos
are just a few of the things you can lose if you don’t take your privacy and security seriously
online. So how did scams based on stolen personal information become a Billion-dollar
industry? And why don’t the 65% of Americans online who use Google bother to read the
terms, which reveal that they are literally tracking your movements
(https://www.google.com/maps/timeline)? The answer: most people simply don’t
understand how to stay safe on the digital tools they use, and why the difference between
anonymity, privacy, and security even matters across the various digital services they use. To
make matters more confusing, these terms often get tossed around and used
interchangeably to describe how we respond to widespread online threats like malware and
identity theft. The purpose of this post is to help distinguish between privacy, anonymity,
and security so you can stay safe in your various online activities

Privacy
This primarily involves you controlling who (if anyone) sees what activities you engage in
online. In other words, “they” can see who you are, but not what information or websites
you access or seek out.
Why it Matters: Privacy
Privacy: control over other’s knowledge of what you are doing. Privacy has always been
important an important concept, even before the internet entered into almost every aspect
of our lives. However, when using the internet the significance of privacy and our idea about
what’s private and public can be unclear. Just this past March, the Senate passed a bill
allowing ISPs to track, gather, and sell whatever information a user sends through their
wires. What’s perhaps worse is that they can now do this without asking permission. No
wonder 91% of Americans believe that consumers have lost control of how personal
information is collected and used by companies. While some of the data being shared by
these companies seems harmless (depending on your level of paranoia), some of it does
contain more sensitive stuff like a history of your locations, what prescriptions you take,
what apps you use most, who you’re friends with on social media, and etc. Even if you feel
you have nothing to hide, there are still good reasons to feel privacy is an important issue. In
fact, a better question to ask might be why anyone would want your information. Motive,
after all, determines the nature of intent, and not everyone’s intentions are necessarily bad
Most of the time this data will be sold to advertisers who use it to build datasets that help
streamline their ads and services. While this does help enhance and personalize your online
exploration, it also lumps you into a complex demographic and determines what information
you access by creating their own online ecosystem of information — also known as a
“bubble.” The effects, in other words, can be limiting in ways. In addition to advertisers,
government surveillance also gathers information of online users, reportedly for the sake of
counter-terrorism. This issue alone has created many mixed feelings among internet users.
When people know (or even think) they’re being watched, they tend to act like they’re being
watched. While this might help keep domestic terrorism at bay, it also stifles intellectual
freedom and starts to take on shades of information control. Either way, what’s largely at
stake with the issue of privacy is how the issue determines how our society functions.
Privacy, for better or worse, allows groups to organize and share ideas freely. Sacrificing our
control over what should be private and what should be public could very well place aspects
of our freedom at risk. The issue of privacy centers on you having control over the
information about you and your online activities and how it’s used. In fact, as we become
more reliant on online transactions concerning money or medical information, the issue of
privacy becomes more important as we have more to lose.

Anonymity
This is essentially when you opt to have your online actions seen, but keep your identity
hidden. In short, “they” can see what you do, but not who you are.

Why it Matters: Anonymity

Anonymity: obscuring your identity while participating in public or private activities. Since
the earliest days of the internet, online anonymity has been a hot-button issue mainly
revolving around the boundaries between free speech and censorship. as obscuring our
identity can bring out the best and worst in all of us. On one side, some argue against
anonymity’s false representations of the self and the lack of accountability for online actions
that anonymity offers. Others see regulating/banning anonymity as an obstruction of free
speech and the ability to anonymously express yourself without incurring retribution to your
day-to-day life (i.e. job, marriage, community standing, etc.) In the last few years this seems
to have intensified as anonymous hate speech and cyberbullying have become more
common, easier to publish, and harder to legislate. Anonymity, some argue, allows (or even
encourages) individuals to act outside of social norms and cultural expectations in order to
express more hurtful and dangerous ideas without social retribution. Some of the efforts to
curb this behavior include Facebook introducing its “real name” policy to provide a safer
space, and Twitter’s banning of Conservative editor and pundit, Milo Yiannopoulos,
attempting to draw a line between free speech and harassment. While forcing people out of
hiding might seem like a move in the right direction, it also prevents individuals on Social
 Media sites (and elsewhere) from hiding their identity to prevent online bullying and threats
from people who know them personally. Not only this, but it will also inhibit people’s
willingness to voice and explore controversial messages without fear of losing their jobs or
hurting their friends and family. In fact, banning anonymity can potentially prevent open
discussions and inhibit free expression for the average individual. On a greater scale,
banning anonymity will hinder whistleblowers from calling out social and/or corporate
injustices, or leaking important information that would otherwise remain unknown to the
public. If this seems like a pretty murky issue with no clear-cut solution, it is. Again, hiding
our identity can bring out the best and worst in all of us, but how people use their
anonymity online is ultimately up to the individual.

pseudo-anonymity
Pseudo-anonymity is the appearance – but not the reality--of anonymity online.

Most commonly, pseudo-anonymity enables anonymous posting and commenting.

Pseudo-anonymous users have no visible identifier, and information that can be
linked to them is only available to service providers or site administrators (unless the
users themselves provide such information in their messages). However, that
doesn't mean that messages can't be traced back to their sources. Users are
generally required to provide some form of ID for sign up and IP address are
typically logged and saved.

Many sites or services that allow anonymous posting stipulate that the
administrators can provide police with user IP addresses, GPS coordinates, device
details and data and time for each message if supported by a search warrant, court
order or subpoena. Some sites also make user info available to other businesses
and advertisers.

While pseudo-anonymity can be good for civil liberties, privacy and security, some
users may exploit it to be abusive to other users or to vandalize sites. On truly
anonymous sites, such behavior can be hard to regulate as users can return almost
indefinitely. On pseudo-anonymous sites, however, administrators have access to
information that can be used to ban users and keep them from returning.

Pseudo anonymity is related to pseudonymity, the more commonly seen system, in

which users are identified by something other than their actual names.
3.3 IT Security Vulnerability vs Threat vs Risk:

Threat :

A threat refers to a new or newly discovered incident with the potential to do harm to a system or
your overall organization. There are three main types of threats – natural threats (e.g., floods or a
tornado), unintentional threats (such as an employee mistakenly accessing the wrong information)
and intentional threats. There are many examples of intentional threats including spyware, malware,
adware companies or the actions of a disgruntled employee. In addition, worms and viruses are also
categorized as threats, because they could potentially cause harm to your organization through
exposure to an automated attack, as opposed to one perpetrated by humans. Most recently, on May
12, 2017, the WannaCry Ransomware Attack began bombarding computers and networks across the
globe and has since been described as the biggest attack of its kind. Cyber criminals are constantly
coming up with creative new ways to compromise your data as seen in the 2017 Internet Security
Threat Report. Although these threats are generally outside of one’s control and difficult to identify
in advance, it is essential to take appropriate measures to assess threats regularly. Here are some
ways to do so and podcasts (like Techgenix Extreme IT) that cover these issues as well as join
professional associations so they can benefit from breaking news feeds, conferences and webinars.
You should also perform regular threat assessments to determine the best approaches to protecting
a system against a specific threat, along with assessing different types of threats. In addition,
penetration testing involves modeling real-world threats in order to discover vulnerabilities.

Vulnerability

A vulnerability refers to a known weakness of an asset (resource) that can be exploited by one or
more attackers. In other words, it is a known issue that allows an attack to be successful. For
example, when a team member resigns and you forget to disable their access to external accounts,
change logins or remove their names from company credit cards, this leaves your business open to
both intentional and unintentional threats. However, most vulnerabilities are exploited by
automated attackers and not a human typing on the other side of the network. Testing for
vulnerabilities is critical to ensuring the continued security of your systems by identifying weak
points and developing a strategy to respond quickly. Here are some questions to ask when
determining your security vulnerabilities: Is your data backed up and stored in a secure off-site
location? Is your data stored in the cloud? If yes, how exactly is it being protected from cloud
vulnerabilities? What kind of network security do you have to determine who can access, modify or
delete information from within your organization? What kind of antivirus protection is in use? Are
the licenses current? Is it running as often as needed? Do you have a data recovery plan in the event
of a vulnerability being exploited? Understanding your vulnerabilities is the first step to managing
your risk.

Risk

Risk refers to the potential for loss or damage when a threat exploits a vulnerability. Examples of risk
include financial losses as a result of business disruption, loss of privacy, reputational damage, legal
implications and can even include loss of life. Risk can also be defined as follows:

Risk = Threat X Vulnerability X Consequences

Assess risk and determine needs. When it comes to designing and implementing a risk assessment
framework, it is critical to prioritize the most important breaches that need to be addressed.
Although frequency may differ in each organization, this level of assessment must be done on a
regular, recurring basis. Include a total stakeholder perspective. Stakeholders include the business
owners as well as employees, customers and even vendors. All of these players have the potential to
negatively impact the organization (potential threats) but at the same time they can be assets in
helping to mitigate risk. Designate a central group of employees who are responsible for risk
management and determine the appropriate funding level for this activity. Implement appropriate
policies and related controls and ensure that the appropriate end users are informed of any and all
changes. Monitor and evaluate policy and control effectiveness. The sources of risk are everchanging
which means your team must be prepared to make any necessary adjustments to the framework.
This can also involve incorporating new monitoring tools and techniques.

4. Know Your Enemy – Cyber Attacks, Cyber Crimes &

Adversaries :

4.1 INTRODUCTION TO CYBER CRIME

The internet was born around 1960‟s where its access was limited to few scientist, researchers and
the defence only. Internet user base have evolved expontinanlty. Initially the computer crime was
only confined to making a physical damage to the computer and related infrastructure. Around
1980‟s the trend changed from causing the physical damaging to computers to making a computer
malfunction using a malicious code called virus. Till then the effect was not so widespread beacouse
internet was only comfined to defence setups, large international companies and research
communities. In 1996, when internet was launched for the public, it immeditly became populer
among the masses and they slowly became dependent on it to an extent that it have changed their
lifestyle. The GUIs were written so well that the user don‟t have to bother how the internet was
functioning. They have to simply make few click over the hyber links or type the desired information
at the desired place without bothering where this data is stored and how it is sent over the internet
or wether the data can accessed by another person who is conneted to the internet or wether the
data packet sent over the internet can be snoofed and tempered. The focus of the computer crime
shifted from marely damaging the computer or destroying or manipulating data for personal benefit
to financial crime. These computer attacks are incresing at a rapid pase. Every second around 25
computer became victim to cyber attack and around 800 million individuals are effected by it till
2013. CERT-India have reported around 308371 Indian websites to be hacked between 2011-2013. It
is also estimated that around $160 million are lost per year due to cyber crime. This figure is very
conservative as most of the cases are never reported. Accoring to the 2013-14 report of the standing
committee on Information Technology to the 15th Lok Sabha by ministry of communication and
information technology, India is a third largest number do Intrernet users throughout the world with
an estimated 100 million internet users as on June, 2011 and the numbers are growing rapidly. There
are around 22 million broadband connections in India till date operated by around 134 major
Internet Service Providers(ISPs). Before discussing the matter further, let us know what the cyber
crime is? The term cyber crime is used to describe a unlawful activity in which computer or
computing devices such as smartphones, tablets, Personal Digital Assistants(PDAs), etc. which are
stand alone or a part of a network are used as a tool or/and target of criminal acitivity. It is often 16
commited by the people of destructive and criminal mindset either for revenge, greed or adventure.

4.1.1 Classification of Cyber Crimes

The cyber criminal could be internal or external to the organization facing the cyber attack. Based on
this fact, the cyber crime could be categorized into two types:

Insider Attack: An attack to the network or the computer system by some person with authorized
system access is known as insider attack. It is generally performed by dissatisfied or unhappy inside
employees or contractors. The motive of the insider attack could be revenge or greed. It is
comparitively easy for an insider to perform a cyber attack as he is well aware of the policies,
processes, IT architecture and wealness of the security system. Moreover, the attacker have an
access to the network. Therefore it is comparatively easy for a insider attacker to steel sensitive
information, crash the network, etc. In most of the cases the reason for insider attack is when a
employee is fired or assigned new roles in an organization, and the role is not reflected in the IT
policies. This opens a vernability window for the attacker. The insider attack could be prevented by
planning and installing an Internal intrusion detection systems (IDS) in the organization.

External Attack: When the attacker is either hired by an insider or an external entity to the
organization, it is known as external attack. The organization which is a victim of cyber attack not
only faces financial loss but also the loss of reputation. Since the attacker is external to the
organization, so these attackers usually scan and gathering information.An expreicend
network/security administrator keeps regual eye on the log generated by the firewalls as extertnal
attacks can be traced out by carefully analysinig these firewall logs. Also, Intrusion Detection
Systems are installed to keep an eye on external attacks.

The cyber attacks can also be classified as structure attacks and unstructured attacks based on the
level of maturity of the attacker. Some of the authors have classified these attacks as a form of
external attacks but there is precedence of the cases when a structured attack was performed by an
internal employee. This happens in the case when the competitor company wants the future
strategy of an organization on certain points. The attacker may strategically gain access to the
company as an employee and access the required information.

Unstructured attacks: These attacks are generally performed by amatures who don‟t have any
predefined motives to perform the cyber attack. Usually these amatures try to test a tool readily
available over the internet on the network of a random company.

Structure Attack: These types of attacks are performed by highly skilled and experienced people and
the motives of these attacks are clear in their mind. They have access to sophisticated tools and
technologies to gain access to other networks without being noticed by their Intrusion Detection
Systems(IDSs). Moreover, these attacker have the necessary expertise to develop or modify the
existing tools to satisfy their purpose. These types of attacks are usually performed by professional
criminals, by a country on other rival countries, politicians to damage the image of the rival person
or the country, terrorists, rival companies, etc

4.1.2 Reasons for Commission of Cyber Crimes

There are many reasons which act as a catalyst in the growth of cyber crime. Some of the prominent
reasons are:

a. Money: People are motivated towards committing cyber crime is to make quick and easy money.
b. Revenge: Some people try to take revenge with other person/organization/society/ caste or
religion by defaming its reputation or bringing economical or physical loss. This comes under the
category of cyber terrorism.

c. Fun: The amateur do cyber crime for fun. They just want to test the latest tool they have
encountered.

d. Recognition: It is considered to be pride if someone hack the highly secured networks like defense
sites or networks.

e. Anonymity- Many time the anonymity that a cyber space provide motivates the person to commit
cyber crime as it is much easy to commit a cyber crime over the cyber space and remain anonymous
as compared to real world. It is much easier to get away with criminal activity in a cyber world than
in the real world. There is a strong sense of anonymity than can draw otherwise respectable citizens
to abandon their ethics in pursuit personal gain.

f. Cyber Espionage: At times the government itself is involved in cyber trespassing to keep eye on
other person/network/country. The reason could be politically, economically socially motivated.

4.2 Types of Cyber-Attacks

Although the forms of illegal computer activity are growing and changing like any type of crime,
there are several established categories. Cybersecurity teams should have dedicated methods of
management as it relates to each vulnerability

What are viruses?

Viruses are the oldest form of cyber-attacks and the most popularized in early media. They are lines
of code embedded in malware or phishing hooks. When opened, they disrupt a computer’s normal
operating habits. A virus functions like someone else took over, giving the wrong or jibberish
commands. An example of this is Stuxnet, which deployed in 2009. Planted in the network of the
Iranian uranium enrichment facility, it manipulated its digital surroundings before transferring to
computers in industrial equipment. There, it wrought havoc on physical objects by giving them
commands that broke them, such as increasing pressure commands on valves in centrifuges.

Is malware different from a virus?

Malware is a catchall term that means “malicious software.” Malware can be spyware, ransomware
or adware, among many things, and it can carry a virus. Rather than embedding itself into the
operating system or hard drive like a virus, it installs itself and runs as a software. Ransomware is
malware that closes a computer, network, or other system until a ransom has been paid and the
hacker deactivates the ransomware. In 2017, a ransomware called WannaCry infected tens of
thousands of computers in 74 countries, exploiting a vulnerability in Windows software. It even shut
down the British National Health System.

MALWARE AND ITS TYPE

Malware stands for “Malicious Software” and it is designed to gain access or installed into the
computer without the consent of the user. They perform unwanted tasks in the host computer for
the benefit of a third party. There is a full range of malwares which can seriously degrade the
performance of the host machine. There is a full range of malwares which are simply written to
distract/annoy the user, to the complex ones which captures the sensitive data from the host
machine and send it to remote servers. There are various types of malwares present in the Internet.
Some of the popular ones are:

1. Adware It is a special type of malware which is used for forced advertising. They either redirect
the page to some advertising page or pop-up an additional page which promotes some product or
event. These adware are financially supported by the organizations whose products are advertised. 1
2.Spyware It is a special type of which is installed in the target computer with or without the user
permission and is designed to steal sensitive information from the target machine. Mostly it gathers
the browsing habits of the user and the send it to the remote server without the knowledge of the
owner of the computer. Most of the time they are downloaded in to the host computer while
downloading freeware i.e. free application programmes from the internet. Spywares may be of
various types; It can keeps track of the cookies of the host computer, it can act as a keyloggers to
sniff the banking passwords and sensitive information, etc.
3. Browser hijacking software There is some malicious software which are downloaded along with
the free software offered over the internet and installed in the host computer without the
knowledge of the user. This software modifies the browsers setting and redirect links to other
unintentional sites.

4. Worms They are a class of virus which can replicate themselves. They are different from the virus
by the fact that they does not require human intervention to travel over the network and spread
from the infected machine to the whole network. Worms can spread either through network, using
the loopholes of the Operating System or via email. The replication and spreading of the worm over
the network consumes the network resources like space and bandwidth and force the network to
choke.

5. Trojan Horse Trojan horse is a malicious code that is installed in the host machine by pretending
to be useful software. The user clicks on the link or download the file which pretends to be a useful
file or software from legitimate source. It not only damages the host computer by manipulating the
data but also it creates a backdoor in the host computer so that it could be controlled by a remote
computer. It can become a part of botnet(robot-network), a network of computers which are
infected by malicious code and controlled by central controller. The computers of this network
which are infected by malicious code are known as zombies. Trojans neither infect the other
computers in the network nor do they replicate.

6. Scareware Internet has changed how we talk, shop, play etc. It has even changed the way how
the criminal target the people for ransom. While surfing the Internet, suddenly a pop-up alert
appears in the screen which warns the presence of dangerous virus, spywares, etc. in the user‟s
computer. As a remedial measure, the message suggests the used download the full paid version of
the software. As the user proceeds to download, a malicious code, known as scareware is
downloaded into the host computer. It holds the host computer hostage until the ransom is paid.
The malicious code can neither be uninstalled nor can the computer be used till the ransom is paid.

Is phishing malware?

Phishing is the process that can introduce malware or open someone to cyber theft. Phishers trick
unsuspecting users by posing as a legitimate entity, the hook. The hook may be a spam e-mail,
malicious ad, a fake phone call, or even a printed document with false website data. Once someone
responds to these hooks, consequences may occur: malware downloaded or personal information
stolen. Phishing can also occur on social media. A common phishing scheme is called “The Nigerian
Scam” or 419: a family member of a Nigerian man e-mails asking for money to help free the man,
transfer money out of Nigeria or return him to his rightful place as a royal heir. Clicking on the
included link will initiate a phishing scam that steals money and personal information.

What are DoS and DDoS attacks?

A Denial of Service (DoS) attack is when a malicious source makes it impossible for a computer,
server or website to access the internet. A Distributed Denial of Services (DDoS) attack does the
same thing, but with a distributed architecture. Viruses or malware infect thousands of computers
and give them similar directions, making a botnet. The botnet directs all participating computers to
go to the organization targeted. Overwhelmed by sudden increase in site visits, the site may shut
down or freeze. Other methods of DDoS attacks include sending less computers to visit the site, but
they are tasked with asking cumbersome requests, likewise slowing down the site. It prevents
legitimate users from being able to access the documents or resources on it. One of the first, and
most notorious, DDoS attacks happened to the Church of Scientology. Anonymous, a vigilante hacker
group, shut down the religious organization’s website, momentarily preventing anyone from
learning more about the group.

What are Advanced Persistent Threats?

Advanced Persistent Threats, or APTs, are long, directed cyber-attacks that are most often state
sponsored. These types of attacks usually begin with a network probe. An organization or individual
illegally, and surreptitiously, accesses an organization’s local area network or internal internet. This
individual may have gotten in through an employee access gateway or found a vulnerability through
other means. The hacker will lurk on the network, hiding from detection, while it maps the
information stored there and implements malicious measures. Often, results of APTs include theft,
such as the Equifax Security Breach or the HBO breach that released Game of Thrones episodes.
These are the most dangerous cyber-attacks.

4.3 Cyber Adversaries

When threat hunting, you must first understand the adversaries you’re facing. While their
techniques may be very similar, what motivates them can be very different.
Understanding these motivations can provide you with a better understanding of where
and when a cyber attacker may strike or when an unwitting accomplice takes measures
that present undue risk to the organization.
If you can determine who would want to do you harm and what you have that’s valuable
to them, you can better protect your business. Let's take a look at 6 common
adversaries that you could be pursuing during a hunt.

Malicious Insider

An insider attack that is malicious in nature, and is typically perpetrated by disgruntled,

troubled, or just greedy insiders. This is a targeted attack, motivated by financial gain or
grievance.

Hackers are actively advertising for help from specific company’s employees to join the
dark side. Desperate people can do desperate things. Good people can do bad things.
In fact, this survey showed that 20% of employees would sell their corporate credentials,
44% of which would be willing to do it for less than $1,000, and some for as little as
$100.

Inadvertent Insider

Not all insider threats are malicious, sometime people just make mistakes, or fall victim
to common social engineering tactics, such as phishing, vendor spoofing, or pretexting.
People are typically the weakest link in security because human nature makes us
vulnerable.

Motivations aside, these regular network activities, typically administrative and

maintenance-related in nature, often conspire to introduce excessive security exposure
that is at odds with the organization’s level of risk tolerance.

Hacker

Hackers are opportunistic, and typically get a thrill from gaining access to secured
systems. They are looking to prove themselves, and do it for bragging rights. There
efforts don’t always have a malicious intent. Professional “white hat” hackers can be
employed by companies to perform penetration tests to identify vulnerabilities and other
weaknesses. Performing regular vulnerability assessments and penetration tests is an
important part of your cybersecurity program and can help inform your cybersecurity
strategy.

White Hat: white hat hackers are the persons who hack the system to find the security
vulnerabilities of a system and notify to the organizations so that a preventive action can be
taken to protect the system from outside hackers. White hat hackers may be paid employee of
an organization who is employed to find the security loop-holes, or may be a freelancer who
just wants to prove his mantle in this field. They are popular known as ethical hackers.

Black Hat: in contrast to the white hat, the black hat hack the system with ill intentions.
They may hack the system for social, political or economically motivated intentions. They
find the security loopholes the system, and keep the information themselves and exploit the
system for personal or organizational benefits till organization whose system is compromised
is aware of this, and apply security patches. They are popularly known as crackers.

Grey Hat: Grey hat hackers find out the security vulnerabilities and report to the site
administrators and offer the fix of the security bug for a consultancy fee.

Blue hat: A blue hat hacker is someone outside computer security consulting firms who is
used to bug-test a system prior to its launch, looking for exploits so they can be closed.

Cybercriminal

Cybercriminals are opportunistic, and are motivated by financial gain. The growth
of cybercrime-as-a-service(CaaS) means little technological expertise is needed to
become a very successful cybercriminal today. CaaS has become a thriving services
economy, fueled by a global marketplace featuring a breathtaking range of services. It’s
also swelled the criminal ranks, thanks to high salaries for developers, exploding
revenues for CaaS companies, and complicit buyers, ever-more willing to show the
money.

Cyber Hacktivist

Hacktivist attacks are targeted, and are often perpetrated to promote a political agenda
or a social change. They are often looking to disrupt services and bring attention to a
cause, such as free speech, human rights, or freedom of information. Anonymous is
well-known for their hacktivist activities.

According to this article, hacktivism can be described as digital disobedience or “hacking

for a cause.” While some think of this as being a form of harmless protest, it can be
disruptive. “It’s criminal trespassing.”

Cyber Terrorist

These targeted attacks are motivated by a political, religious, or ideological cause. The
goal is to intimidate a government or a section of the public, and they can interfere with
critical infrastructure.

According to TechTarget, the FBI defines a cyber-terrorist attack as explicitly designed

to cause physical harm to individuals. Targets include the banking industry, military
installations, power plants, air traffic control centers, and water systems. Some
consider Stuxnet, the malicious worm used to attack Iran’s nuclear program, an example
of cyberterrorism.

5. Cybersecurity Measures & Its Techniques

5.1 CYBER SECURITY TECHNIQUES
There are many cyber security techniques to combat the cyber security attacks. The next section
discusses some of the popular techniques to counter the cyber attacks.

5.1.1 AUTHENTICATION
It is a process of identifying an individual and ensuring that the individual is the same who he/she
claims to be. A typical method for authentication over internet is via username and password. With
the increase in the reported cases of cyber crime by identity theft over internet, the organizations
have made some additional arrangements for authentication like One Time Password(OTP), as the
name suggest it is a password which can be used one time only and is sent to the user as an SMS or
an email at the mobile number/email address that he have specified during the registration process.
It is known as two-factor authentication method and requires two type of evidence to
authentication an individual to provide an extra layer of security for authentication. Some other
popular techniques for two-way authentication are: biometric data, physical token, etc. which are
used in conjunction with username and password.

The authentication becomes more important in light of the fact that today the multinational
organizations have changed the way the business was to be say, 15 years back. They have offices
present around the Globe, and an employee may want an access which is present in a centralized
sever. Or an employee is working from home and not using the office intranet and wants an access
to some particular file present in the office network. The system needs to authenticate the user and
based on the credentials of that user, may or may not provide access to the used to the information
he requested. The process of giving access to an individual to certain resources based on the
credentials of an individual is known as authorization and often this process is go hand-in-hand with
authorization. Now, one can easily understand the role of strong password for authorization to
ensure cyber security as an easy password can be a cause of security flaw and can bring the whole
organization at high risk. Therefore, the password policy of an organization should be such that
employees are forced to use strong passwords (more than 12 characters and combination of
lowercase and uppercase alphabets along with numbers and special characters) and prompt user to
change their password frequently. In some of the bigger organizations or an organization which
deals in sensitive information like defence agencies, financial institutions, planning commissions, etc.
a hybrid authentication system is used which combines both the username and password along with
hardware security measures like biometric system, etc. Some of the larger organizations also use
VPN(Virtual Private Network), which is one of the method to provide secure access via hybrid
security authentication to the company network over internet.

5.1.2 ENCRYPTION
It is a technique to convert the data in unreadable form before transmitting it over the internet. Only
the person who have the access to the key and convert it in the readable form and read it. Formally
encryption can be defined as a technique to lock the data by converting it to complex codes using
mathematical algorithms. The code is so complex that it even the most powerful computer will take
several years to break the code. This secure code can safely be transmitted over internet to the
destination. The receiver, after receiving the data can decode it using the key. The decoding of the
complex code to original text using key is known as decryption. If the same key is used to lock and
unlock the data, it is known as symmetric key encryption. In symmetric key encryption, the after
coding of data, the key is sent to the destination user via some other medium like postal service,
telephone, etc. because if the key obtained by the hacker, the security of the data is compromised.
Key distribution is a complex task because the security of key while transmission is itself an issue. To
avoid the transfer of key a method called asymmetric key encryption, also known as public key
encryption, is used. In asymmetric key encryption, the key used to encrypt and decrypt data are
different. Every user posse‟s two keys viz. public key and private key. As the name suggest, the
public key of every user is known to everyone but the private key is known to the particular user,
who own the key, only. Suppose sender A wants to send a secret message to receiver B through
internet. A will encrypt the message using B‟s public key, as the public key is known to everyone.
Once the message is encrypted, the message can safely be send to B over internet. As soon as the
message is received by B, he will use his private key to decrypt the message and regenerate the
original message.

5.1.3 DIGITAL SIGNATURES

It is a technique for validation of data. Validation is a process of certifying the content of a
document. The digital signatures not only validate the data but also used for authentication. The
digital signature is created by encrypting the data with the private key of the sender. The encrypted
data is attached along with the original message and sent over the internet to the destination. The
receiver can decrypt the signature with the public key of the sender. Now the decrypted message is
compared with the original message. If both are same, it signifies that the data is not tempered and
also the authenticity of the sender is verified as someone with the private key(which is known to the
owner only) can encrypt the data which was then decrypted by his public key. If the data is
tempered while transmission, it is easily detected by the receiver as the data will not be verified.
Moreover, the massage cannot be re-encrypted after tempering as the private key, which is posses
only by the original sender, is required for this purpose. As more and more documents are
transmitted over internet, digital signatures are essential part of the legal as well as the financial
transition. It not only provides the authentication of a person and the validation of the document, it
also prevents the denial or agreement at a later stage. Suppose a shareholder instructs the broker
via email to sell the share at the current price. After the completion of the transaction, by any
chance, the shareholder reclaims the shares by claiming the email to be forge or bogus. To prevent
these unpleasant situations, the digital signatures are used.

5.1.4 ANTIVIRUS
There are verities of malicious programs like virus, worms, trojan horse, etc that are spread over
internet to compromise the security of a computer either to destroy data stored into the computer
or gain financial benefits by sniffing passwords etc. To prevent these malicious codes to enter to
your system, a special program called an anti-virus is used which is designed to protect the system
against virus. It not only prevents the malicious code to enter the system but also detects and
destroys the malicious code that is already installed into the system. There are lots of new viruses
coming every day. The antivirus program regularly updates its database and provides immunity to
the system against these new viruses, worms, etc.
5.1.5 FIREWALL
It is a hardware/software which acts as a shield between an organization‟s network and the internet
and protects it from the threats like virus, malware, hackers, etc. It can be used to limit the persons
who can have access to your network and send information to you. There are two type of traffic in
an organization viz. inbound traffic and outbound traffic. Using firewall, it is possible to configure
and monitor the traffic of the ports. Only the packets from trusted source address can enter the
organization‟s network and the sources which are blacklisted and unauthorized address are denied
access to the network. It is important to have firewalls to prevent the network from unauthorized
access, but firewall does not guarantee this until and unless it is configured correctly. A firewall can
be implemented using hardware as well as software or the combination of both.

Hardware Firewalls: example of hardware firewalls are routers through which the network is
connected to the network outside the organization i.e. Internet.

Software Firewalls: These firewalls are installed and installed on the server and client machines and
it acts as a gateway to the organizations‟ network.

In the operating system like Windows 2003, Windows 2008 etc. it comes embedded with the
operating system. The only thing a user need to do is to optimally configure the firewall according to
their own requirement. The firewalls can be configured to follow “rules” and “policies” and based on
these defined rules the firewalls can follow the following filtering mechanisms.

 Proxy- all the outbound traffic is routed through proxies for monitoring and controlling the packet
that are routed out of the organization.

 Packet Filtering- based on the rules defined in the policies each packet is filtered by their type,
port information, and source & destination information. The example of such characteristics is IP
address, Domain names, port numbers, protocols etc. Basic packet filtering can be performed by
routers.

 Stateful Inspection: rather than going through all the field of a packet, key features are defined.
The outgoing/incoming packets are judged based on those defined characteristics only.

The firewalls are an essential component of the organizations‟ network. They not only protect the
organization against the virus and other malicious code but also prevent the hackers to use your
network infrastructure to launch DOS attacks.

5.1.6 STEGANOGRAPHY

It is a technique of hiding secret messages in a document file, image file, and program or protocol
etc. such that the embedded message is invisible and can be retrieved using special software. Only
the sender and the receiver know about the existence of the secret message in the image. The
advantage of this technique is that these files are not easily suspected. There are many applications
of steganography which includes sending secret messages without ringing the alarms, preventing
secret files from unauthorized and accidental access and theft , digital watermarks for IPR issues,
etc. Let us discuss how the data is secretly embeded inside the cover file( the medium like image,
video, audio, etc which is used for embed secret data) without being noticed. Let us take an example
of an image file which is used as a cover mediem. Each pixel of a high resolution image is
represented by 3 bytes(24 bits). If the 3 least significant bits of this 24 bits are altered and used for
hiding the data, the resultant image, after embeded the data into it, will have unnoticible change in
the image quality and only a very experienced and tranined eyes can detect this change. In this way,
evcery pixel can be used to hide 3 bits of information. Similerly, introducing a white noise in an audio
file at regular or randon interval can be used to hide data in an audio or video files. There are various
free softwares available for Steganography. Some of the popular ones are: QuickStego, Xiao,
Tucows, OpenStego, etc.

5.2 Cybersecurity Measures

5.2.1 Can you predict a cyber-attack?

Prediction is the easiest way to start securing data. Appraising data, identifying potential parties that
would have interest in it, and anticipating events that may trigger attacks are all predictive
measures. However, there are also more technical forms of prediction. These methods will be
supported by the application of AI and other technologies to analyze surrounding activity instead of
personal security. This may include analyzing dark data produced in a workplace to accurately gauge
or identify malicious actors.

5.2.2 How do you prevent a cyber-attack?

Prevention is the most common form of cyber security, but is often inefficient or insufficient. This
line of defense includes unique passwords with frequent changes, encryption of all data
transmissions across any network, firewalls, securely developed applications, restricted access to
data, limited authorizations, regular security testing and tightly secured stored data. Prevention also
means establishing an information security policy and network security protocols that are strictly
adhered to. An organization is only as safe as its least careful employee with access.

5.2.3 How do you detect a cyber-attack?

Detection is the most important aspect of protection. It is the 24/7 surveillance of vulnerable targets
and gateways. Organizations should run “fire drills” of hacking frequently, weekly if not daily, to test
their response systems. No software or network is fully patched or protected, so finding the gaps in
protection is essential. Detection includes having a dedicated development security operation
(DevSecOps) team, where security begins from day one of development. Gone are the days of
creating a product or service and securing it from the outside, relying on a lengthy chain of
communication. Having a one-stop unit that secures its products and detects future vulnerabilities
means faster secure response time.

5.2.4 How do you respond to a cyber attack?

Response is the last line of cyber security and the second most important. Even if a vulnerability is
exploited, being able to respond quickly and effectively will save billions of dollars in the worst cases.
However, this is some of the least funded areas of cyber security in many organizations. The
response team should be comprised of IT professionals, members of a DevSecOps team with
intricate knowledge of the entry point, and cyber security experts who can evict the intruder and
shore up the protections. Response also includes client service teams that can reassure those
affected and help handle the potential damages from consequences. Responding by ignoring the
issue is the worst reaction.