2. Fundamentals of Cybersecurity
Track objective:
1. The objective of this course is to provide students with practical and theoretical knowledge of cyber attacks.
2. The learner will understand key terms and concepts in cyber law, intellectual property and cyber crimes,
trademarks, and domain theft.
3. The learner will understand the principles of web security.
4. The learner will be able to incorporate approaches for incident analysis and response.
Course outcomes:
This Track course has been designed and expects the engineering graduates:
1.To know the Importance of Cyber Security.
2.Challenges in Cyber Security.
3.To be able to find the importance of ethical hacking tools
4.Understanding the ethical hacking process
5.May easily apply methods for authentication, access control, intrusion detection, and prevention
3. Fundamentals of Cybersecurity
Module-1: Introduction to cyber security
Module-2: Cyber attacks and protection tools
Module-3: Cyber Risks and Incident Management
Module-4: Overview of Firewalls
Module-5: Artificial Intelligence in Cybersecurity
4. Fundamentals of Cybersecurity
Reference Books:
• Donaldson, S., Siegel, S., Williams, C.K., Aslam, A., “Enterprise Cybersecurity -
How to Build a Successful Cyber defense Program Against Advanced Threats”
• Nina Godbole, Sumit Belapure, “Cyber Security”, Willey
5. Module 1:Introduction to cyber security
Importance of cybersecurity
Challenges in cyber security
CIA Triad
Security architecture
Security operations
Cyber Terrorism
Foundations of Cyber Security Concepts:
Essential Terminologies: Risks, Breaches, Threats, Attacks,
Exploits.
Information Gathering (Social Engineering, Foot Printing &
Scanning).
6. What is Cyber Security:
The technique of protecting internet-connected systems such as
computers, servers, mobile devices, electronic systems, networks, and
data from malicious attacks is known as cybersecurity. We can divide
cybersecurity into two parts one is cyber, and the other is security. Cyber
refers to the technology that includes systems, networks, programs, and
data. And security is concerned with the protection of systems, networks,
applications, and information. In some cases, it is also called electronic
information security or information technology security.
Some other definitions of cybersecurity are:
"Cyber Security is the body of technologies, processes, and practices
designed to protect networks, devices, programs, and data from attack,
theft, damage, modification or unauthorized access.“
"Cyber Security is the set of principles and practices designed to protect
our computing resources and online information against threats."
7. Why is Cyber Security important?
Today we live in a digital era where all aspects of our lives depend on the network, computers and other electronic
devices, and software applications. All critical infrastructure such as the banking system, healthcare, financial
institutions, governments, and manufacturing industries use devices connected to the Internet as a core part of
their operations. Some of their information, such as intellectual property, financial data, and personal data, can be
sensitive to unauthorized access or exposure that could have negative consequences. This information gives
intruders and threat actors to infiltrate them for financial gain, extortion, political or social motives, or just
vandalism.
Cyber-attack is now an international concern that hacks the system, and other security attacks could endanger the
global economy. Therefore, it is essential to have an excellent cybersecurity strategy to protect sensitive
information from high-profile security breaches. Furthermore, as the volume of cyber-attacks grows, companies
and organizations, especially those that deal with information related to national security, health, or financial
records, need to use strong cybersecurity measures and processes to protect their sensitive business and personal
information.
8. Cyber Security Challenges
Today cybersecurity is the main component of the country's overall national security and economic security
strategies. In India, there are so many challenges related to cybersecurity. With the increase of cyber-attacks,
every organization needs a security analyst who makes sure that their system is secured. These security analysts
face many challenges related to cybersecurity such as securing confidential data of government organizations,
securing the private organization servers, etc.
The recent important cybersecurity challenges are described below:
9. 1. Ransomware Evolution
Ransomware is a type of malware in which the data on a victim's computer is locked, and payment is
demanded before the ransom data is unlocked. After successful payment, access rights are returned to the
victim. Ransomware is the bane of cybersecurity, data professionals, IT, and executives.
Ransomware attacks are growing day by day in the areas of cybercrime. IT professionals and business
leaders need to have a powerful recovery strategy against malware attacks to protect their organizations. It
involves proper planning to recover corporate and customers' data and applications as well as reporting any
breaches against the Notifiable Data Breaches scheme. Today's DRaaS solutions are the best defense
against ransomware attacks. With the DRaaS solutions method, we can automatically back up our files,
easily identify which backup is clean, and launch a fail-over with the press of a button when malicious
attacks corrupt our data.
10. 2. Blockchain Revolution
Blockchain technology is the most important invention in the computing era. It is the first time in human history
that we have a genuinely native digital medium for peer-to-peer value exchange. The blockchain is a technology
that enables cryptocurrencies like Bitcoin. The blockchain is a vast global platform that allows two or more parties
to do a transaction or do business without needing a third party for establishing trust.
It is difficult to predict what blockchain systems will offer in regard to cybersecurity. The professionals in
cybersecurity can make some educated guesses regarding blockchain. As the application and utility of blockchain in
a cybersecurity context emerges, there will be a healthy tension but also complementary integrations with
traditional, proven, cybersecurity approaches.
3. IoT Threats
IoT stands for Internet of Things. It is a system of interrelated physical devices that can be accessed through the
internet. The connected physical devices have a unique identifier (UID) and have the ability to transfer data over a
network without any requirements for human-to-human or human-to-computer interaction. The firmware and
software which is running on IoT devices make consumers and businesses highly susceptible to cyber-attacks.
When IoT things were designed, it is not considered in mind about used in cybersecurity and for commercial
purposes. So every organization needs to work with cybersecurity professionals to ensure the security of their
password policies, session handling, user verification, multifactor authentication, and security protocols to help in
managing the risk.
11. 4. AI Expansion
AI short form is Artificial intelligence. John McCarthy, father of Artificial Intelligence defined AI: as "The
science and engineering of making intelligent machines, especially intelligent computer programs."
It is an area of computer science that is the creation of intelligent machines that do work and react like humans.
Some of the activities related to artificial intelligence include speech recognition, Learning, Planning, Problem-
solving, etc. The key benefit of AI in our cybersecurity strategy has the ability to protect and defend an
environment when a malicious attack begins, thus mitigating the impact. AI takes immediate action against
malicious attacks at a moment when a threat impacts a business. IT business leaders and cybersecurity strategy
teams consider AI as a future protective control that will allow our business to stay ahead of the cybersecurity
technology curve.
5. Serverless Apps Vulnerability
Serverless architecture and apps is an application that depends on third-party cloud infrastructure or on a back-
end service such as google cloud function, Amazon web services (AWS) lambda, etc. The serverless apps invite
the cyber attackers to spread threats on their system easily because the users access the application locally or off-
server on their device. Therefore it is the user responsible for the security precautions while using serverless
applications.
The serverless apps do nothing to keep the attackers away from our data. The serverless application doesn't help
if an attacker gains access to our data through a vulnerability such as leaked credentials, a compromised insider
or by any other means than serverless.
12. Cyber Security Goals:
Cyber Security's main objective is to ensure data protection. The security community provides a
triangle of three related principles to protect the data from cyber-attacks. This principle is called
the CIA triad. The CIA model is designed to guide policies for an organization's information
security infrastructure. When any security breaches are found, one or more of these principles has
been violated.
We can break the CIA model into three parts: Confidentiality, Integrity, and Availability. It is
actually a security model that helps people to think about various parts of IT security. Let us
discuss each part in detail.
13. 1.Confidentiality
Confidentiality is equivalent to privacy that avoids unauthorized access of information. It involves ensuring the
data is accessible by those who are allowed to use it and blocking access to others. It prevents essential
information from reaching the wrong people. Data encryption is an excellent example of ensuring
confidentiality.
The data being sent over the network should not be accessed by unauthorized individuals. The attacker may try
to capture the data using different tools available on the Internet and gain access to your information. A primary
way to avoid this is to use encryption techniques to safeguard your data so that even if the attacker gains access
to your data, he/she will not be able to decrypt it. Encryption standards include AES(Advanced Encryption
Standard) and DES (Data Encryption Standard). Another way to protect your data is through a VPN tunnel. VPN
stands for Virtual Private Network and helps the data to move securely over the network.
14. Tools for Confidentiality Encryption
Encryption is a method of transforming information to make it unreadable for
unauthorized users by using an algorithm. The transformation of data uses a
secret key (an encryption key) so that the transformed data can only be read by
using another secret key (decryption key). It protects sensitive data such as
credit card numbers by encoding and transforming data into unreadable cipher
text. This encrypted data can only be read by decrypting it. Asymmetric-key
and symmetric-key are the two primary types of encryption.
Access control
Access control defines rules and policies for limiting access to a system or to
physical or virtual resources. It is a process by which users are granted access
and certain privileges to systems, resources or information. In access control
systems, users need to present credentials before they can be granted access
such as a person's name or a computer's serial number. In physical systems,
these credentials may come in many forms, but credentials that can't be
transferred provide the most security.
15. Authentication
Authentication is a process that ensures and confirms a user's identity or role that someone has. It can be done in a number of
different ways, but it is usually based on a combination of-
•something the person has (like a smart card or a radio key for storing secret keys),
•something the person knows (like a password),
•something the person is (like a human with a fingerprint).
Authentication is the necessity of every organizations because it enables organizations to keep their networks secure by
permitting only authenticated users to access its protected resources. These resources may include computer systems,
networks, databases, websites and other network-based applications or services.
Authorization
Authorization is a security mechanism which gives permission to do or have something. It is used to determine a person or
system is allowed access to resources, based on an access control policy, including computer programs, files, services, data
and application features. It is normally preceded by authentication for user identity verification. System administrators are
typically assigned permission levels covering all system and user resources. During authorization, a system verifies an
authenticated user's access rules and either grants or refuses resource access.
Physical Security
Physical security describes measures designed to deny the unauthorized access of IT assets like facilities, equipment,
personnel, resources and other properties from damage. It protects these assets from physical threats including theft,
vandalism, fire and natural disasters.
16. 2.Integrity:
This principle ensures that the data is authentic, accurate, and safeguarded from unauthorized modification by threat actors or accidental
user modification. If any modifications occur, certain measures should be taken to protect the sensitive data from corruption or loss and
speedily recover from such an event. In addition, it indicates making the source of information genuine.
integrity involves making sure your data is trustworthy and free from tampering. The integrity of your data is maintained only if the data is
authentic, accurate, and reliable.
For example, if your company provides information about senior managers on your website, this information needs to have integrity. If it is
inaccurate, those visiting the website for information may feel your organization is not trustworthy. Someone with a vested interest in
damaging the reputation of your organization may try to hack your website and alter the descriptions, photographs, or titles of the
executives to hurt their reputation or that of the company as a whole.
Compromising integrity is often done intentionally. An attacker may bypass an intrusion detection system (IDS), change file configurations
to allow unauthorized access, or alter the logs kept by the system to hide the attack. Integrity may also be violated by accident. Someone
may accidentally enter the wrong code or make another kind of careless mistake. Also, if the company’s security policies, protections, and
procedures are inadequate, integrity can be violated without any one person in the organization accountable for the blame.
To protect the integrity of your data, you can use hashing, encryption, digital certificates, or digital signatures. For websites, you can
employ trustworthy certificate authorities (CAs) that verify the authenticity of your website so visitors know they are getting the site they
intended to visit.
A method for verifying integrity is non-repudiation, which refers to when something cannot be repudiated or denied. For example, if
employees in your company use digital signatures when sending emails, the fact that the email came from them cannot be denied. Also, the
recipient cannot deny that they received the email from the sender.
17. Tools for Integrity: Backups
Backup is the periodic archiving of data. It is a process of making copies of data or
data files to use in the event when the original data or data files are lost or destroyed.
It is also used to make copies for historical purposes, such as for longitudinal studies,
statistics or for historical records, or to meet the requirements of a data retention
policy. Many applications especially in a Windows environment, produce backup files
using the.BAK file extension.
Checksums
A checksum is a numerical value used to verify the integrity of a file or a data transfer.
In other words, it is the computation of a function that maps the contents of a file to a
numerical value. They are typically used to compare two sets of data to make sure that
they are the same. A checksum function depends on the entire contents of a file. It is
designed in a way that even a small change to the input file (such as flipping a single
bit) is likely to result in different output values.
Data Correcting Codes
It is a method for storing data in such a way that small changes can be easily detected
and automatically corrected.
18. 3. Availability
This principle makes the information to be available and useful for its authorized people always. It ensures that
these accesses are not hindered by system malfunction or cyber-attacks.
Even if data is kept confidential and its integrity maintained, it is often useless unless it is available to those in
the organization and the customers they serve. This means that systems, networks, and applications must be
functioning as they should and when they should. Also, individuals with access to specific information must be
able to consume it when they need to, and getting to the data should not take an inordinate amount of time.
If, for example, there is a power outage and there is no disaster recovery system in place to help users regain
access to critical systems, availability will be compromised. Also, a natural disaster like a flood or even a severe
snowstorm may prevent users from getting to the office, which can interrupt the availability of their workstations
and other devices that provide business-critical information or applications. Availability can also be
compromised through deliberate acts of sabotage, such as the use of denial-of-service (DoS) attacks or
ransomware.
To ensure availability, organizations can use redundant networks, servers, and applications. These can be
programmed to become available when the primary system has been disrupted or broken. You can also enhance
availability by staying on top of upgrades to software packages and security systems. In this way, you make it
less likely for an application to malfunction or for a relatively new threat to infiltrate your system. Backups and
full disaster recovery plans also help a company regain availability soon after a negative event.
19. Tools for Availability
•Physical Protections
•Computational Redundancies
1. Physical Protections
Physical safeguard means keeping information available even in the event of physical
challenges. It ensures sensitive information and critical information technology are housed in
secure areas.
2. Computational redundancies
It is applied as a fault-tolerant against accidental faults. It protects computers and storage
devices that serve as fallbacks in the case of failures.
20. Cyber Security Architecture?
Cybersecurity architecture, which is also known as "network security
architecture," is a framework that specifies a computer network's
organizational structure, standards, policies, and functional behavior,
incorporating both security and network aspects. The way various
internal modules of your cyber or computer system are organized,
synchronized, and connected is often referred to as cybersecurity
architecture. A cybersecurity architectural framework is a part of the
overall architecture of a system. It's created and built to help with the
overall design of a product or system.
Security architecture aids in the positioning of security controls and
breach countermeasures, as well as how they relate to your
company's broader systems framework. The primary goal of these
controls is to maintain the quality attributes of your essential system,
such as confidentiality, integrity, and availability. It's also the
collaboration of hardware and software expertise with programming
talents, research abilities, and policy development.
To have a clearer comprehension of what is cyber security
architecture, let us delve into the component crucial to security
architecture.
21. Component of Cyber Security Architecture
Proper and effective cybersecurity architecture, as per Internal Auditors, consists of three essential components.
These are the people, processes, and tools that work together to safeguard the assets of your firm. Your security
architecture must be guided by your security policy in order to effectively align these components. defining
your security architecture expectations, implementation strategy, and enforcement strategy
A security policy is a declaration that specifies how each entity interacts with one another, what activities each
entity is allowed to perform, the level of security that is necessary for a system, and the measures that should be
performed if these security protocols are not satisfied.
The following components make up a successful and well-planned security architecture:
•Threat response, disaster recovery, configurations, account creation and maintenance, and cybersecurity
surveillance are all areas where the direction is needed.
•Management of identity.
•Those who are subject to the security architecture's domain have been decided upon for inclusion and
exclusion.
•Border control and access.
•Validating and Adjusting the architecture
•Training
22. Features of Cyber Security Architecture
Let us discuss some of the key features of cyber security architecture in the following points:
1. Network Elements
•Network nodes: including computers, gateways, routers, modems, NICs, hubs, repeaters, bridges, switches, etc.
•Network communication protocols: HTTP, HTTPS, IMAP, FTP, DNS, DHCP, TCP/IP.
•Network connections linking nodes applying specific protocols
•Network topology of nodes including point-to-point, chain, circular, and hybrid.
2. Security Elements
•Cyber security devices like Intrusion Detection Systems or Intrusion Protection Systems, Firewalls, Encryption or Decryption Devices,
etc.
•Software for cyber security including anti-virus, spyware, and anti-malware.
•Securing network communication protocols like IMAP, HTTPS, HTTP, FTTP, DNS, DHCP, TCP/IP, etc.
•Implementing robust encryption techniques such as end-to-end encryption, blockchain, and zero privacy knowledge.
3. Security Frameworks and Standards:
•Cyber security architectural framework standards such as ISO IEC 27000-Series and NIST (RMF) Risk Management Framework SP 800-
37.
•Technical standards concerning software choices for cyber security
4. Security Policies and Procedures
These are security policies and procedures that are addressed at your company and enforced. A cybersecurity architecture should ideally be
defined and simulatable using an industry-standard architectural modeling language, according to the Cybersecurity Forum (e.g., SysML,
UML2).
23. The phases of the security architecture framework and procedure are as follows:
•Architecture Risk Assessment: This section assesses the impact of critical business assets, hazards, and the
consequences of vulnerabilities and security threats on your firm.
•Security Design and Architecture: At this stage, security services' design and architecture are constructed
to aid in the protection of your organization's assets while also facilitating business risk exposure targets and
goals.
•Implementation: Cybersecurity services and procedures are operated, implemented, monitored, and
managed during the implementation phase. The architecture is built to ensure that security rules and policies,
security architecture decisions, and risk assessments are all completely implemented and effective throughout
time.
•Operations and Monitoring: Threat and vulnerability management, as well as threat management, are used
to monitor, oversee, and manage the operational state, as well as examine the impact of the system's security.
24. Cyber terrorism
What is cyber terrorism?
Cyber terrorism (also known as digital terrorism) is defined as disruptive attacks
by recognized terrorist organizations against computer systems with the intent of
generating an alarm, panic, or physical disruption of the information system.
While we’ve become used to hearing about cyber attacks, cyber terrorism instills a
different type of worry. Computer hackers have long worked to gain access to
classified information for financial gain, meaning terrorists could do the same
The internet can be used by terrorists to finance their operations, train other
terrorists, and plan terror attacks. The more mainstream idea of cyber terrorism is
the hacking of government or private servers to access sensitive information or
even siphon funds for use in terror activities. However, there is currently no
universally accepted definition of cyber terrorism.
Examples of cyber terrorism
•Introduction of viruses to vulnerable data networks.
•Hacking of servers to disrupt communication and steal sensitive information.
•Defacing websites and making them inaccessible to the public thereby
causing inconvenience and financial losses.
•Hacking communication platforms to intercept or stop communications
and make terror threats using the internet.
•Attacks on financial institutions to transfer money and cause terror.
25. How big is the threat of cyber terrorism?
Since cyber terrorism does not involve the actual use of physical violence to inflict harm on innocents, most
individuals are unaware of what it means and how dangerous it can be.
With the steady shift towards online services to reduce costs and improve efficiency, and the continual
developments in cyberspace, there are ever increasing ways for IT systems to be compromised
How businesses can defend against cyber terrorism
•Use strong passwords – there is software capable of guessing thousands of passwords in seconds, so a
complicated password is a strong password. Follow password best practices, change them regularly and avoid using
the same password for multiple logins
•Follow cyber security news - Keep up to date with cyber news and government warnings. Knowing the latest
threats help you prepare for potential acts of terrorism
•Create a culture of cyber awareness - all employees should be actively engaged in cyber security education and
attend regular training. Stress the importance of staying vigilant and be on the lookout for anything suspicious
•Vet all third-party vendors - a business’s cyber security posture is only as strong as their third-party vendors.
Businesses should demand transparency from vendors regarding cyber security practices before signing contracts or
conducting any business.
26. How to know if you’ve been hacked
Whether it's your email, social media or some other type of online service, there are many things
that can alert you to the fact that someone else is accessing your account. Things to look out for
include:
•Being locked out of the account is an obvious indication that something has gone wrong
•Logins or attempted logins from strange locations or at unusual times
•Changes to your security settings and messages sent from your account that you don’t recognize.
27. What to do if you've been hacked
If one of your accounts has been hacked, don't worry, follow the below step by step guide to help you regain control and protect
yourself against future attacks.
•Update your devices - the operating systems and apps on the devices you use should all be updated. These updates will install the
latest security fixes. If you have it installed, you can run a scan with up-to-date antivirus software. This is not usually necessary for
phones and tablets.
•Contact your provider - if you can't access your account, go to the account provider homepage, and find a link to their help or
support pages. These will detail the account recovery process. If you can't find what you need on the service's website, try a search
engine like Google or Bing. For example, ‘Facebook account hacked.’ Then follow the links to the service's own advice.
•If your email account was hacked - once you've regained control, check your email filters and forwarding rules. It is a common trick
for the person hacking an account to set up an email forwarding rule that sends a copy of all your received emails to them. Information
on how to do this should be found in your provider's help pages
•Change passwords - once you have confirmed there are no unwanted email forwarding rules in place, change the passwords on all
accounts which have the same password as the hacked account. Then change the passwords for all the other accounts that send
password reminders/resets to the hacked account
•Set up 2-factor authentication - this provides an extra layer of protection against your account being hacked in the future - see guide
on using 2-factor authentication (external link)
•Notify your contacts - get in touch with your account contacts, friends, or followers to let them know you’ve been hacked. This will
help them to avoid being hacked themselves. You should contact the people you know regardless of whether you managed to restore
your account or not
•If you cannot recover your account - you may choose to create a new one. Once you've done this, it's important to notify your
contacts that you are using a new account. Make sure to update any bank, utility services or shopping websites with your new details
•Contact action fraud - If you feel that you have been affected by an online crime you can report a cyber incident to Action
Fraud (external link) using their online fraud reporting tool.
28. Cyber Security Operations:
1.Digital Forensics Services
2.Vulnerability and Risk Assessment
3.Internal and External Penetration Testing
4.Conifiguration management, design and remediation
5.Malicious Code Review
Cyber security operations(CSOC) works on establishing situational awareness ,provides command
and control,advanced and actionable threat intelligence.
29. What is Digital Forensics?
Digital Forensics is defined as the process of preservation, identification, extraction, and documentation of computer
evidence which can be used by the court of law. It is a science of finding evidence from digital media like a computer,
mobile phone, server, or network. It provides the forensic team with the best techniques and tools to solve complicated
digital-related cases.
Digital Forensics helps the forensic team to analyzes, inspect, identifies, and preserve the digital evidence residing on
various types of electronic devices.
Objectives of computer forensics
Here are the essential objectives of using Computer forensics:
•It helps to recover, analyze, and preserve computers and related materials in such a manner that it helps the investigation
agency to present them as evidence in a court of law.
•It helps to postulate the motive behind the crime and the identity of the main culprit.
•Designing procedures at a suspected crime scene helps you to ensure that the digital evidence obtained is not corrupted.
•Data acquisition and duplication: Recovering deleted files and deleted partitions from digital media to extract the
evidence and validate them.
•Helps you to identify the evidence quickly, and also allows you to estimate the potential impact of the malicious activity
on the victim
•Producing a computer forensic report which offers a complete report on the investigation process.
• Preserve the evidence by following the chain of custody.
30. Process of Digital forensics
Digital forensics entails the following steps:
•Identification
•Preservation
•Analysis
•Documentation
•Presentation
31. Types of Digital Forensics
Three types of digital forensics are:
Disk Forensics:
It deals with extracting data from storage media by searching active, modified, or deleted files.
Network Forensics:
It is a sub-branch of digital forensics. It is related to monitoring and analysis of computer network
traffic to collect important information and legal evidence.
Wireless Forensics:
It is a division of network forensics. The main aim of wireless forensics is to offers the tools need to
collect and analyze the data from wireless network traffic.
Database Forensics:
It is a branch of digital forensics relating to the study and examination of databases and their related
metadata.
Malware Forensics:
This branch deals with the identification of malicious code, to study their payload, viruses, worms,
Email Forensics
Deals with recovery and analysis of emails, including deleted emails, calendars, and contacts.
Memory Forensics:
It deals with collecting data from system memory (system registers, cache, RAM) in raw form and
carving the data from Raw dump.
Mobile Phone Forensics:
It mainly deals with the examination and analysis of mobile devices. It helps to retrieve phone and
contacts, call logs, incoming, and outgoing SMS/MMS, Audio, videos, etc.
32. Example Uses of Digital Forensics
In recent time, commercial organizations have used digital forensics in
following a type of cases:
•Intellectual Property theft
•Industrial espionage
•Employment disputes
•Fraud investigations
•Inappropriate use of the Internet and email in the workplace
•Forgeries related matters
•Bankruptcy investigations
•Issues concern with the regulatory compliance
33. 2. Vulnerability and Risk Assessment
What are vulnerability assessments?
Understanding your vulnerabilities is just as vital as risk assessment because vulnerabilities
can lead to risks. The ISO/IEC 27000:2018 standard defines a vulnerability as a weakness of
an asset or control that can be exploited by one or more threats. For example, an untrained
employee or an unpatched employee might be thought of as a vulnerability since they can be
compromised by a social engineering or malware threat. Research from Statista reveal that
80% of enterprise representatives believe their own employees and users are the weakest link
in in their organization’s data security.
34. The Risk Assessment
A risk assessment identifies, analyzes, and evaluates risk. It takes into consideration the impact and likelihood
of a threat exploiting a vulnerability. A risk assessment also requires a skilled professional to conduct it properly.
The purpose is to:
•Identify what assets could be affected by a cyber attack including intellectual property, customer and HR data,
server hardware, application systems, laptops, etc.
•Determine the various threats and vulnerabilities that could affect those selected assets.
•Prioritize security efforts and ensure that selected cyber security solutions, policies, and safeguards
are appropriate for the risks at hand.
A risk assessment offers businesses a report on their risk rating and recommended controls to reduce their risk.
It is a more comprehensive look at an organization’s vulnerabilities, outlining the complete view of its exposure.
This process requires more than tools, but a cohesive look at a business’ threshold of risk with analysis by a
seasoned professional.
Defining the scope of the risk assessment is a critical first step of the process. While conducting a risk
assessment of all assets is possible for a small company, it is unrealistic for a large corporation. The scope
clearly defines what is covered and not covered during the assessment process such as which systems,
applications, network appliances, databases, hardware, etc. A risk assessment could be limited to the web
application infrastructure for instance. The intended audience of the report should be considered in defining the
scope as well.
A risk assessment helps ensure that resources are targeted at the remediation efforts that are most appropriate for
a specific organization. It is also designed to allocate resources according to priority
and reasonableness suitable to each unique situation.
35. 1. Penetration Testing:
Penetration testing is a cybersecurity procedure during which a team of specialists checks networks,
software, hardware, applications, etc. for security weaknesses. Essentially, penetration testing is ethical
hacking performed for the benefit of the company that orders the test on its own systems.
Penetration testing, also known as ethical hacking, is the practice of checking the security weaknesses of
application software, networks, computers and devices, wireless systems, and employees. Penetration tests
can be either external or internal depending on the goal of the project.
An external penetration test researches and attempts to exploit vulnerabilities that could be performed by an
external user without proper access and permissions. An internal penetration test is similar to a vulnerability
assessment, however, it takes a scan one step further by attempting to exploit the vulnerabilities and
determine what information is actually exposed
36. WHAT IS AN EXTERNAL PENETRATION TEST?
An external penetration test is a pentest conducted without any insider
knowledge or access into the company’s networks and systems. Essentially,
the person who performs external pentest acts just like a hacker who might
aim to attack the company. Except, in the case of a pentest, the goal is to
identify and attempt to exploit vulnerabilities without causing any actual
damage to the company. As a result, an external pentest allows to accurately
assess what vulnerabilities outside threat actors can exploit and what
information hackers can manage to access.
External penetration testing consists of testing vulnerabilities to review the
chances of being attacked by any remote attacker. By exploiting the found
vulnerabilities it identifies the information being exposed to outsiders.
COMMON EXTERNAL PENETRATION TESTS
Some examples of external penetration tests that are commonly conducted
by cybersecurity officials include identity management testing, assessment
of cryptography weakness, authorization and authentication testing, error
handling assessment and many others.
These tests are typically performed using IDS/IPS testing, footprinting,
manual testing, password strength assessment, system, port and service
scanning and others
37. Examples of external penetration tests include:
•Configuration & Deployment Management Testing
•Identity Management Testing
•Authentication Testing
•Authorization Testing
•Session Management Testing, Input Validation Testing
•Testing for weak Cryptography
•Business Logic Testing
•Client Side Testing
•Testing for Error Handling.
Testing methodologies include:
•Foot printing
•Checking for public information and other information leakages.
•System Scanning/Port Scanning/Service Scanning for vulnerabilities
•Manual testing identified vulnerabilities.
•IDS/IPS Testing
•Password Strength Testing
38. WHAT IS AN INTERNAL PENETRATION TEST?
An internal penetration test is a procedure conducted to evaluate what kinds of vulnerabilities a threat actor with inside
access to the company’s networks and systems can exploit and what information he or she can access. Typically, threat
actors with internal access can include rogue employees, contractors, staff and even clients.
An internal penetration test uses a different way of dealing with the attacks and comes into the picture after completion of an external
penetration test. In this test, the main focus is to identify what could be accomplished by an attacker who has internal access to your
network.
Prior to engaging with a vendor consider having the following checklist of items available:
•Your goals for performing a pen test.
•The number of internal workstations on the network.
•The number of servers.
•The total number of internal and external IPs.
WHAT IS TESTED DURING AN INTERNAL PENTEST?
When conducting an internal penetration test, a cybersecurity team will analyze wireless networks, servers,
computer systems and other devices, firewalls, IDS/IPS and even employee behavior and procedures. Once the
vulnerabilities in those components are identified, the cybersecurity professionals will try to exploit them to
identify the extent of potential unauthorized access and damage that could arise from it.
40. What is cybersecurity risk?
Cybersecurity risk is the probability of exposure, loss of critical assets and sensitive
information, or reputational harm as a result of a cyber attack or breach within an
organization’s network. Across industries, cybersecurity must remain top of mind and
organizations should work to implement a cybersecurity risk management strategy to protect
against constantly advancing and evolving cyber threats.
Cyber risk commonly refers to any risk of financial loss, disruption or damage to the
reputation of an organization resulting from the failure of its information technology systems
41. What is a security breach?
A security breach is any incident that results in unauthorized access to computer data, applications, networks or
devices. It results in information being accessed without authorization. Typically, it occurs when an intruder is able
to bypass security mechanisms.
Technically, there's a distinction between a security breach and a data breach. A security breach is effectively a
break-in, whereas a data breach is defined as the cybercriminal getting away with information. Imagine a burglar;
the security breach is when he climbs through the window, and the data breach is when he grabs your pocketbook
or laptop and takes it away.
Confidential information has immense value. It's often sold on the dark web; for example, names and credit card
numbers can be bought, and then used for the purposes of identity theft or fraud. It's not surprising that security
breaches can cost companies huge amounts of money. On average, the bill is nearly $4m for major corporations.
It's also important to distinguish the security breach definition from the definition of a security incident. An incident
might involve a malware infection, DDOS attack or an employee leaving a laptop in a taxi, but if they don't result
in access to the network or loss of data, they would not count as a security breach.
42. Examples of a security breach
When a major organization has a security breach, it always hits the headlines. Security breach examples include the
following:
•Equifax - in 2017, a website application vulnerability caused the company to lose the personal details of 145 million
Americans. This included their names, SSNs, and drivers' license numbers. The attacks were made over a three-month
period from May to July, but the security breach wasn't announced until September.
•Yahoo - 3 billion user accounts were compromised in 2013 after a phishing attempt gave hackers access to the
network.
•eBay saw a major breach in 2014. Though PayPal users' credit card information was not at risk, many customers'
passwords were compromised. The company acted quickly to email its users and ask them to change their passwords
in order to remain secure.
•Dating site Ashley Madison, which marketed itself to married people wishing to have affairs, was hacked in 2015. The
hackers went on to leak a huge number of customer details via the internet. Extortionists began to target customers
whose names were leaked; unconfirmed reports have linked a number of suicides to exposure by the data breach.
•Facebook saw internal software flaws lead to the loss of 29 million users' personal data in 2018. This was a
particularly embarrassing security breach since the compromised accounts included that of company CEO Mark
Zuckerberg.
•Marriott Hotels announced a security and data breach affecting up to 500 million customers' records in 2018. However,
its guest reservations system had been hacked in 2016 - the breach wasn't discovered until two years later.
•Perhaps most embarrassing of all, being a cybersecurity firm doesn't make you immune - Czech company
Avast disclosed a security breach in 2019 when a hacker managed to compromise an employee's VPN credentials.
This breach didn't threaten customer details but was instead aimed at inserting malware into Avast's products.
A decade or so ago, many companies tried to keep news of security breaches secret in order not to destroy consumer
confidence. However, this is becoming increasingly rare. In the EU, the GDPR (General Data Protection Regulations)
require companies to notify the relevant authorities of a breach and any individuals whose personal data might be at
risk. By January 2020, GDPR had been in effect for just 18 months, and already, over 160,000 separate data breach
notifications had been made - over 250 a day.
43. Types of security breaches
There are a number of types of security breaches depending on how access has been
gained to the system:
•An exploit attacks a system vulnerability, such as an out-of-date operating system.
Legacy systems which haven't been updated, for instance, in businesses where
outdated and versions of Microsoft Windows that are no longer supported are being
used, are particularly vulnerable to exploits.
•Weak passwords can be cracked or guessed. Even now, some people are still using
the password 'password', and 'pa$$word' is not much more secure.
•Malware attacks, such as phishing emails can be used to gain entry. It only takes
one employee to click on a link in a phishing email to allow malicious software to
start spreading throughout the network.
•Drive-by downloads use viruses or malware delivered through a compromised or
spoofed website.
•Social engineering can also be used to gain access. For instance, an intruder phones
an employee claiming to be from the company's IT helpdesk and asks for the
password in order to 'fix' the computer.
44. How to protect yourself
against a security
breach
Although no one is
immune to a data breach,
good computer security
habits can make you less
vulnerable and can help
you survive a breach with
less disruption. These tips
should help you prevent
hackers from breaching
your personal security on
your computers and other
devices.
45. •Use strong passwords, which combine random strings of upper and lower-case
letters, numbers, and symbols. They are much more difficult to crack than simpler
passwords. Don't use passwords that are easy to guess, like family names or
birthdays. Use a Password Manager to keep your passwords secure.
•Use different passwords on different accounts. If you use the same
password, a hacker who gains access to one account will be able to get into all
your other accounts. If they have different passwords, only that one account will
be at risk.
•Close accounts you don't use rather than leaving them dormant. That
reduces your vulnerability to a security breach. If you don't use an account, you
might never realize that it has been compromised, and it could act as a back door
to your other accounts.
•Change your passwords regularly. One feature of many publicly reported
security breaches is that they occurred over a long period, and some were not
reported until years after the breach. Regular password changes reduce the risk
you run from unannounced data breaches.
•If you throw out a computer, wipe the old hard drive properly. Don't just
delete files; use a data destruction program to wipe the drive completely,
overwriting all the data on the disk. Creating a fresh installation of the operating
system will also wipe the drive successfully.
46. •Back up your files. Some data breaches lead to the encryption of files and a ransomware
demand to make them available again to the user. If you have a separate backup on a
removable drive, your data is safe in the event of a breach.
•Secure your phone. Use a screen lock and update your phone's software regularly. Don’t root
or jailbreak your phone. Rooting a device gives hackers the opportunity to install their own
software and to change the settings on your phone.
•Secure your computer and other devices by using anti-virus and anti-malware
software.Kaspersky Antivirus is a good choice to keep your computer free from infection and
ensure that hackers can't get a foothold in your system.
•Be careful where you click. Unsolicited emails which include links to websites may be
phishing attempts. Some may purport to be from your contacts. If they include attachments or
links, ensure they're genuine before you open them and use an anti-virus program on
attachments.
•When you're accessing your accounts, make sure you're using the secure
HTTPS protocol and not just HTTP.
•Monitoring your bank statements and credit reports helps keep you safe. Stolen data can
turn up on the dark web years after the original data breach. This could mean an identity theft
attempt occurs long after you've forgotten the data breach that compromised that account.
•Know the value of your personal information and don't give it out unless necessary. Too
many websites want to know too much about you; why does a business journal need your exact
date of birth, for instance
47. What are Cybersecurity Threats?
A cybersecurity threat is the threat of
malicious attack by an individual or
organization attempting to gain access to a
network, to corrupt data or steal confidential
information.
No company is immune from cyber attacks
and the data breaches that can result. Some
cyberattacks can even destroy computer
systems.
As cyber threats become increasingly
sophisticated, your business must implement
the security needed to safeguard its data and
networks.
48. 1) Malware
Malware attacks are the most common cyber security threats. Malware is defined as malicious
software, including spyware, ransomware, viruses, and worms, which gets installed into the system
when the user clicks a dangerous link or email. Once inside the system, malware can block access
to critical components of the network, damage the system, and gather confidential information,
among others.
2) Phishing
Cybercriminals send malicious emails that seem to come from legitimate resources. The user is then
tricked into clicking the malicious link in the email, leading to malware installation or disclosure of
sensitive information like credit card details and login credentials.
3) Spear Phishing
Spear phishing is a more sophisticated form of a phishing attack in which cybercriminals target only
privileged users such as system administrators and C-suite executives.
4) DNS Attack
A DNS attack is a cyberattack in which cybercriminals exploit vulnerabilities in the Domain Name
System (DNS). The attackers leverage the DNS vulnerabilities to divert site visitors to malicious
pages (DNS Hijacking) and remove data from compromised systems (DNS Tunneling).
49. 5) Man in the Middle Attack
Man in the Middle (MitM) attack occurs when cyber criminals place themselves between a two-
party communication. Once the attacker interprets the communication, they may filter and steal
sensitive data and return different responses to the user.
6) Denial of Service Attack
Denial of Service attacks aims at flooding systems, networks, or servers with massive traffic,
thereby making the system unable to fulfill legitimate requests. Attacks can also use several
infected devices to launch an attack on the target system. This is known as a Distributed Denial
of Service (DDoS) attack.
7) SQL Injection
A Structured Query Language (SQL) injection attack occurs when cybercriminals attempt to
access the database by uploading malicious SQL scripts. Once successful, the malicious actor
can view, change, or delete data stored in the SQL database.
8) Ransomware
Ransomware is a type of malware attack in which the attacker locks or encrypts the victim’s
data and threatens to publish or block access to data unless a ransom is paid. Learning more
about ransomware threats can help companies prevent and cope with them better.
50.
51. 1) Nation States
Cyber attacks by a nation can inflict detrimental impact by disrupting communications, military activities, and everyday
life.
2) Criminal Groups
Criminal groups aim to infiltrate systems or networks for financial gain. These groups use phishing, spam, spyware, and
malware to conduct identity theft, online fraud, and system extortion.
3) Hackers
Hackers explore various cyber techniques to breach defenses and exploit vulnerabilities in a computer system or network.
They are motivated by personal gain, revenge, stalking, financial gain, and political activism. Hackers develop new types
of threats for the thrill of challenge or bragging rights in the hacker community.
4) Terrorist Groups
Terrorists conduct cyber attacks to destroy, infiltrate, or exploit critical infrastructure to threaten national security,
compromise military equipment, disrupt the economy, and cause mass casualties.
5) Hacktivists
Hacktivists carry out cyberattacks in support of political causes rather than for financial gain. They target industries,
organizations, or individuals who don’t align with their political ideas and agenda.
6) Malicious Insiders
97% of surveyed IT leaders expressed concerns about insider threats in cyber security. Insiders can include employees,
third-party vendors, contractors, or other business associates who have legitimate access to enterprise assets but misuse
that accesses to steal or destroy information for financial or personal gain.
7) Corporate Spies
Corporate spies conduct industrial or business espionage to either make a profit or disrupt a competitor’s business by
attacking critical infrastructure, stealing trade secrets, and gaining access.
53. 1) Create an Insider Threat Program
Creating an insider threat program is imperative for organizations to prevent employees from misusing their access privileges to steal or destroy
corporate data. The IT security team should not delay and gain the approval of top management to deploy policies across departments.
2) Train employees
Employees are the first line of defense against cyber threats for every organization. Thus, organizations must conduct comprehensive
cybersecurity awareness programs to train employees in recognizing and responding to cyber threats. This dramatically improves an
organization’s security posture and cyber resilience.
3) Maintain Compliance
Irrespective of the level of cybersecurity an organization implements, it must always maintain compliance with data regulations that apply to its
industry and geographical location. The organization must stay informed about the evolving compliance regulations to leverage its benefits.
4) Build a Cyber Incident Response Plan
In the present digital era, no organization is exempt from cyberattacks. Thus, organizations of all sizes must build an effective Cyber Security
Incident Response Plan (CSIRP) to navigate cyber adversaries. It enables businesses to prepare for the inevitable, respond to emerging threats,
and recover quickly from an attack.
5) Regularly Update Systems and Software
As cyber threats are evolving rapidly, your optimized security network can become outdated within no time, putting your organization at the risk
of cyberattack. Therefore, regularly update the security network and the associated systems and software.
6) Backup Data
Backing up data regularly helps reduce the risk of data breaches. Back up your website, applications, databases, emails, attachments, files,
calendars, and more on an ongoing and consistent basis.
7) Initiate Phishing Simulations
Organizations must conduct phishing simulations to educate employees on how to avoid clicking malicious links or downloading attachments. It
helps employees understand the far-reaching effects of a phishing attack on an organization.
8) Secure Site with HTTPS
Organizations must encrypt and secure their website with an SSL (Secure Sockets Layer) certificate. HTTPS protects the integrity and
confidentiality of data between the user and the website.
54. What is a Cyber Attack?
A common cyber attack definition is the process of attempting to steal data or gaining unauthorized access
to computers and networks using one or more computers. A cyber attack is often the first step an attacker
takes in gaining unauthorized access to individual or business computers or networks before carrying out a
data breach.
The goal of a cyber attack is either to disable the target computer and take it offline or gain access to the
computer’s data and infiltrate connected networks and systems. Cyber attacks also differ broadly in their
sophistication, with cyber criminals launching both random and targeted attacks on businesses. Attackers
deploy a wide range of methods to begin a cyber attack, such as denial of service, malware, phishing, and
ransomware.
Cyber-attacks have several negative effects. When an attack is carried out, it can lead to data breaches,
resulting in data loss or data manipulation. Organizations incur financial losses, customer trust gets
hampered, and there is reputational damage. To put a curb on cyberattacks, we implement cybersecurity.
Cybersecurity is the method of safeguarding networks, computer systems, and their components from
unauthorized digital access.
The COVID-19 situation has also had an adverse impact on cybersecurity. According
to Interpol and WHO, there has been a notable increase in the number of cyberattacks during the COVID-
19 pandemic.
55. Types of Cyber Attacks:
1. Malware Attack
This is one of the most common types of cyberattacks. “Malware” refers to malicious software viruses
including worms, spyware, ransomware, adware, and trojans.
The trojan virus disguises itself as legitimate software. Ransomware blocks access to the network's key
components, whereas Spyware is software that steals all your confidential data without your knowledge.
Adware is software that displays advertising content such as banners on a user's screen.
Malware breaches a network through a vulnerability. When the user clicks a dangerous link, it downloads an
email attachment or when an infected pen drive is used.
Let’s now look at how we can prevent a malware attack:
•Use antivirus software. It can protect your computer against malware. Avast Antivirus, Norton Antivirus,
and McAfee Antivirus are a few of the popular antivirus software.
•Use firewalls. Firewalls filter the traffic that may enter your device. Windows and Mac OS X have their
default built-in firewalls, named Windows Firewall and Mac Firewall.
•Stay alert and avoid clicking on suspicious links.
•Update your OS and browsers, regularly.
56. 2. Phishing Attack
Phishing attacks are one of the most prominent widespread types of cyberattacks. It is a type of social engineering attack
wherein an attacker impersonates to be a trusted contact and sends the victim fake mails.
Unaware of this, the victim opens the mail and clicks on the malicious link or opens the mail's attachment. By doing so,
attackers gain access to confidential information and account credentials. They can also install malware through a phishing
attack.
Phishing attacks can be prevented by following the below-mentioned steps:
•Scrutinize the emails you receive. Most phishing emails have significant errors like spelling mistakes and format changes
from that of legitimate sources.
•Make use of an anti-phishing toolbar.
•Update your passwords regularly.
57. 3. Password Attack
It is a form of attack wherein a hacker cracks your password with various programs and password cracking tools like
Aircrack, Cain, Abel, John the Ripper, Hashcat, etc. There are different types of password attacks like brute force
attacks, dictionary attacks, and keylogger attacks.
Listed below are a few ways to prevent password attacks:
•Use strong alphanumeric passwords with special characters.
•Abstain from using the same password for multiple websites or accounts.
•Update your passwords; this will limit your exposure to a password attack.
•Do not have any password hints in the open.
4. Man-in-the-Middle Attack
A Man-in-the-Middle Attack (MITM) is also known as an eavesdropping attack. In this attack, an attacker comes in
between a two-party communication, i.e., the attacker hijacks the session between a client and host. By doing so,
hackers steal and manipulate data.
As seen below, the client-server communication has been cut off, and instead, the communication line goes through the
hacker.
MITM attacks can be prevented by following the below-mentioned steps:
•Be mindful of the security of the website you are using. Use encryption on your devices.
•Refrain from using public Wi-Fi networks.
58. 5. SQL Injection Attack
A Structured Query Language (SQL) injection attack occurs on a database-driven website when the hacker manipulates a
standard SQL query. It is carried by injecting malicious code into a vulnerable website search box, thereby making the
server reveal crucial information.
This results in the attacker being able to view, edit, and delete tables in the databases. Attackers can also get administrative
rights through this.
To prevent a SQL injection attack:
•Use an Intrusion detection system, as they design it to detect unauthorized access to a network.
•Carry out a validation of the user-supplied data. With a validation process, it keeps the user input in check.
6. Denial-of-Service Attack
A Denial-of-Service Attack is a significant threat to companies. Here, attackers target systems, servers, or networks and
flood them with traffic to exhaust their resources and bandwidth.
When this happens, catering to the incoming requests becomes overwhelming for the servers, resulting in the website it
hosts either shut down or slowing down. This leaves the legitimate service requests unattended.
It is also known as a DDoS (Distributed Denial-of-Service) attack when attackers use multiple compromised systems to
launch this attack.
Let’s now look at how to prevent a DDoS attack:
•Run a traffic analysis to identify malicious traffic.
•Understand the warning signs like network slowdown, intermittent website shutdowns, etc. At such times, the organization
must take the necessary steps without delay.
•Formulate an incident response plan, have a checklist and make sure your team and data center can handle a DDoS attack.
•Outsource DDoS prevention to cloud-based service providers.
59. 7. Insider Threat
As the name suggests, an insider threat does not involve a third party but an insider. In
such a case; it could be an individual from within the organization who knows
everything about the organization. Insider threats have the potential to cause
tremendous damages.
Insider threats are rampant in small businesses, as the staff there hold access to multiple
accounts with data. Reasons for this form of an attack are many, it can be greed, malice,
or even carelessness. Insider threats are hard to predict and hence tricky.
To prevent the insider threat attack:
•Organizations should have a good culture of security awareness.
•Companies must limit the IT resources staff can have access to depending on their job
roles.
•Organizations must train employees to spot insider threats. This will help employees
understand when a hacker has manipulated or is attempting to misuse the organization's
data.
60. 8. Cryptojacking
The term Cryptojacking is closely related to cryptocurrency. Cryptojacking takes place
when attackers access someone else’s computer for mining cryptocurrency.
The access is gained by infecting a website or manipulating the victim to click on a
malicious link. They also use online ads with JavaScript code for this. Victims are
unaware of this as the Crypto mining code works in the background; a delay in the
execution is the only sign they might witness.
Cryptojacking can be prevented by following the below-mentioned steps:
•Update your software and all the security apps as cryptojacking can infect the most
unprotected systems.
•Have cryptojacking awareness training for the employees; this will help them detect
crypto jacking threats.
•Install an ad blocker as ads are a primary source of cryptojacking scripts. Also have
extensions like MinerBlock, which is used to identify and block crypto mining scripts.
61. How to Prevent Cyber Attacks?
Although we had a look at several ways to prevent the different types of cyberattacks we discussed, let's summarize and look at a few
personal tips which you can adopt to avoid a cyberattack on the whole.
1.Change your passwords regularly and use strong alphanumeric passwords which are difficult to crack. Refrain from using too complicated
passwords that you would tend to forget. Do not use the same password twice.
2.Update both your operating system and applications regularly. This is a primary prevention method for any cyber attack. This will remove
vulnerabilities that hackers tend to exploit. Use trusted and legitimate Anti-virus protection software.
3.Use a firewall and other network security tools such as Intrusion prevention systems, Access control, Application security, etc.
4.Avoid opening emails from unknown senders. Scrutinize the emails you receive for loopholes and significant errors.
5.Make use of a VPN. This makes sure that it encrypts the traffic between the VPN server and your device.
6.Regularly back up your data. According to many security professionals, it is ideal to have three copies of your data on two different media
types and another copy in an off-site location (cloud storage). Hence, even in the course of a cyber attack, you can erase your system’s data
and restore it with a recently performed backup.
7.Employees should be aware of cybersecurity principles. They must know the various types of cyberattacks and the ways to tackle them.
8.Use Two-Factor or Multi-Factor Authentication. With two-factor authentication, it requires users to provide two different authentication
factors to verify themselves. When you are asked for over two additional authentication methods apart from your username and password,
we term it multi-factor authentication. This proves to be a vital step to securing your account.
9.Secure your Wi-Fi networks and avoid using public Wi-Fi without using a VPN.
10.Safeguard your mobile, as mobiles are also a cyberattack target. Install apps from only legitimate and trusted sources, and make sure to
keep your device updated.
62. What is an Exploit?
An exploit is a piece of software, data or sequence of commands that takes
advantage of a vulnerability to cause unintended behavior or to gain unauthorized
access to sensitive data.
Once vulnerabilities are identified, they are posted on Common Vulnerabilities and
Exposures (CVE).
CVE is a free vulnerability dictionary designed to improve global cyber
security and cyber resilience by creating a standardized identifier for a given
vulnerability or exposure.
63. What are the Different Types of Exploits?
1.Hardware: Poor encryption, lack of configuration management or firmware vulnerability.
2.Software: Memory safety violations (buffer overflows, over-reads, dangling pointers), input
validation errors (code injection, cross-site scripting (XSS), directory traversal, email injection,
format string attacks, HTTP header injection, HTTP response splitting, SQL injection), privilege-
confusion bugs (clickjacking, cross-site request forgery, FTP bounce attack), race conditions
(symlink races, time-of-check-to-time-of-use bugs), side channel attacks, timing attacks and user
interface failures (blaming the victim, race conditions, warning fatigue).
3.Network: Unencrypted communication lines, man-in-the-middle attacks, domain
hijacking, typosquatting, poor network security, lack of authentication or default passwords.
4.Personnel: Poor recruiting policy and process, lack of security awareness training, poor
adherence to information security policy, poor password management or falling for common social
engineering attacks like phishing, spear phishing, pretexting, honey trapping, smishing, water holing
or whaling.
5.Physical site: Poor physical security, tailgating and lack of keycard access control
64. How can Protect System from Exploits?
Here are a few methods to get proactive about exploit protection, such as:
1.Stay up-to-date: Regularly update the operating system and all the various applications we have installed. After a zero-day exploit
becomes known to the software vendor and a patch is released, the onus is upon the individual user to patch and update their software.
Zero-day exploits become more dangerous and widespread after they become public knowledge because a broader group of threat actors are
taking advantage of the exploit. Check back with your software providers and see if there are any updates or patches available.
If possible, go into your software settings and turn auto-updates on so these updates happen automatically in the background without any
extra effort on your part. This will eliminate the amount of lag time between when a vulnerability is announced and when it’s patched.
Cybercriminals prey on people who forget or don’t know to update and patch their software.
2.Upgrade your software: In some cases, a software application becomes so old and unwieldy the software maker stops supporting it,
which means any additional bugs that are discovered will not be fixed. Make sure the maker still supports your software. If it isn’t, upgrade
to the latest version or switch to something else that does the same thing.
3.Stay safe online: Make sure Microsoft SmartScreen or Google Safe Browsing are enabled for your web browser of choice. Your browser
will check every site you visit against the blacklists maintained by Microsoft and Google and steer you away from sites known to dish up
malware. Useful anti-malware tools, such as Malwarebytes.
4.Use it or lose it: If you aren’t using the software anymore, then delete it from your computer.
5.Install official apps. When it comes to staying safe on your mobile device, stick to authorized apps only. Generally speaking, though,
stick with approved apps that have been vetted by Apple and Google.
6.Use anti-exploit software: Use good anti-malware programs, such as Malwarebytes for Mac, Malwarebytes for Windows, Malwarebytes
for iOS, and Malwarebytes for Android can proactively recognize and block malicious software from taking advantage of vulnerabilities on
your computer.
65. What’s information gathering?
When it comes to getting a clear information gathering concept, the simplest way to define it would be the process of
collecting information about something you are interested in. A practical example: gathering information with your eyes is
called visual perception. In the same way, in the digital world, a lot of information can be gathered in different ways, not
with your senses, but with several methods, tools and techniques.
For those in the cybersecurity industry, this is the first step to take during the earlier stages of any hacking
activity (both cracking and ethical hacking), when any black- or white-hat researcher needs to gain as much
information as possible about the desired target.
While it’s a fun activity for some researchers, information gathering is also one of the most time-consuming
tasks during the intel-recon process, and that is why time management is so important.
What are the objectives of information gathering in cybersecurity?
Any basic cybersecurity information gathering process often includes these two types of data collection
goals:
1.Collecting network data: Such as public, private and associated domain names, network hosts, public and
private IP blocks, routing tables, TCP and UDP running services, SSL certificates, open ports and more.
2.Collecting system-related information: This includes user enumeration, system groups, OS hostnames,
OS system type (probably by fingerprinting), system banners (as seen in the banner grabbing blog post), etc.
66. Information gathering techniques and methods
Ethical hackers use a big variety of techniques and tools to get this precious information about their targets, as
well as locations and data collection software they’ll be using towards the information gathering goal.
How do gather information?
•Social engineering: This includes in-person chat, phone conversations and email spoofing attacks. What all these
methods have in common is the psychology of human weakness, needed to get maximum data about the target.
•Search engines: Web crawlers can be used to fetch information about anything, and this includes companies,
persons, services, and even real hacks, as seen in our previous article about Google Hacking.
•Social networks: Facebook, Twitter, LinkedIn and other social networks are great sources of information to build
a profile, especially when targeting individuals.
•Domain names: These are registered by organizations, governments, public and private agencies, and people.
Therefore, they’re a great starting point when you want to investigate someone. Personal information, associated
domains, projects, services and technologies can be found by inspecting domain name information.
•Internet servers: authoritative DNS servers are a great source of information, as they often include every single
surface point exposed to the Internet—which means a direct link to related services such as HTTP, email, etc. In
our previous article about passive DNS, we analyzed the importance of DNS servers, and especially passive DNS-
recon services, such as the ones we offer here at SecurityTrails.
All these techniques are really useful when combined with enterprise security tools. Keep reading to discover how
to maximize your information gathering results by using some really cool infosec utilities.
