DOCSLIB.ORG

Intro to Cyber Security - Basics

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Intro to Cyber Security - Basics INTRO TO CYBER SECURITY - BASICS Easy Cyber Sec - The Best Cybersecurity Training in your language www.easycybersec.com Phone: +91 – 9597723169 WhatsApp: +91 – 9791956182 www.easycybersec.com Join us today for the best hacking course Phone: +91 – 9597723169 WhatsApp: +91 – 9791956182 This book aims to introduce you to the basic concepts of ethical hacking & cybersecurity. As the title says, this is just an informational book, for more detailed contents and learning join us at Easy Cyber Sec. 1 www.easycybersec.com Join us today for the best hacking course Phone: +91 – 9597723169 WhatsApp: +91 – 9791956182 Contents Introduction .................................................................................................................................................. 6 How Seriously Should You Take Threats to Network Security? ................................................................ 7 Threats, Vulnerability, Attacks .................................................................................................................. 9 Vulnerabilities ....................................................................................................................................... 9 Threats ................................................................................................................................................ 12 Exploits ................................................................................................................................................ 13 Pivoting ............................................................................................................................................... 14 Statistics .................................................................................................................................................. 15 Malwares..................................................................................................................................................... 17 Case Study ............................................................................................................................................... 17 Introduction ............................................................................................................................................ 23 Malware .................................................................................................................................................. 24 Why They Want Your Workstation ..................................................................................................... 25 Intent Is Hard To Detect ...................................................................................................................... 26 It’s A Business ...................................................................................................................................... 27 Elk Cloner ............................................................................................................................................ 29 A Brief History Of Malware ................................................................................................................. 31 Computer Virus ....................................................................................................................................... 35 Attack Phase ........................................................................................................................................ 37 Boot Sector Virus ................................................................................................................................ 38 Macro Virus ......................................................................................................................................... 40 Executable Infectors............................................................................................................................ 41 Multipartite Virus ................................................................................................................................ 43 Encrypted Virus ................................................................................................................................... 44 Polymorphic Viruses ........................................................................................................................... 44 Sparse Infector Virus ........................................................................................................................... 45 Spacefiller Virus................................................................................................................................... 45 Batch Files ........................................................................................................................................... 46 Worm ...................................................................................................................................................... 48 Trojan Horse ............................................................................................................................................ 54 Bots, Botnets and Zombies ..................................................................................................................... 68 2 www.easycybersec.com Join us today for the best hacking course Phone: +91 – 9597723169 WhatsApp: +91 – 9791956182 Logic bombs ............................................................................................................................................ 71 Adware .................................................................................................................................................... 73 Spyware ................................................................................................................................................... 74 Rogue Security Software ......................................................................................................................... 77 Keyloggers ............................................................................................................................................... 78 Form Grabbing ........................................................................................................................................ 81 Typosquatting ......................................................................................................................................... 82 Spoofing .................................................................................................................................................. 82 Phishing ................................................................................................................................................... 85 Spamming ............................................................................................................................................... 88 Sniffing .................................................................................................................................................... 89 Pharming ................................................................................................................................................. 89 Man-in-the-Middle.................................................................................................................................. 90 Repudiate ................................................................................................................................................ 90 Zero Day Vulnerability............................................................................................................................. 91 Ransomware ............................................................................................................................................... 92 Denial of service ........................................................................................................................................ 106 Ping Flood Attack .............................................................................................................................. 108 Smurf Attack ..................................................................................................................................... 109 Ping of Death ..................................................................................................................................... 110 SYN flood ........................................................................................................................................... 111 Distributed Denial of Service ............................................................................................................ 113 Advanced Persistent Threats .................................................................................................................... 114 What is an APT? .................................................................................................................................... 115 How relevant are APTs? ........................................................................................................................ 116 How do APT attacks work? ................................................................................................................... 116 Phase 1: Incursion ............................................................................................................................
Load more

Recommended publications
  • Identifying Threats Associated with Man-In-The-Middle Attacks During Communication Between a Mobile Device and the Back End Server in Mobile Banking Applications
    IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661, p- ISSN: 2278-8727Volume 16, Issue 2, Ver. IX (Mar-Apr. 2014), PP 35-42 www.iosrjournals.org Identifying Threats Associated With Man-In-The-Middle Attacks during Communication between a Mobile Device and the Back End Server in Mobile Banking Applications Anthony Luvanda1,*Dr Stephen Kimani1 Dr Micheal Kimwele1 1. School of Computing and Information Technology, Jomo Kenyatta University of Agriculture and Technology, PO Box 62000-00200 Nairobi Kenya Abstract: Mobile banking, sometimes referred to as M-Banking, Mbanking or SMS Banking, is a term used for performing balance checks, account transactions, payments, credit applications and other banking transactions through a mobile device such as a mobile phone or Personal Digital Assistant (PDA). Mobile banking has until recently most often been performed via SMS or the Mobile Web. Apple's initial success with iPhone and the rapid growth of phones based on Google's Android (operating system) have led to increasing use of special client programs, called apps, downloaded to the mobile device hence increasing the number of banking applications that can be made available on mobile phones . This in turn has increased the popularity of mobile device use in regards to personal banking activities. Due to the characteristics of wireless medium, limited protection of the nodes, nature of connectivity and lack of centralized managing point, wireless networks tend to be highly vulnerable and more often than not they become subjects of attack. This paper proposes to identify potential threats associated with communication between a mobile device and the back end server in mobile banking applications.
    [Show full text]
  • Fortinet's March Threatscape Report Shows Domination of Ransomware and Troublesome Zero-Day
    Fortinet's March Threatscape Report Shows Domination of Ransomware and Troublesome Zero-Day Rise of Ransomware Is Primarily Driven by Bredolab and Pushdo Botnets SUNNYVALE, CA, Apr 01, 2010 (MARKETWIRE via COMTEX News Network) -- Fortinet(R) (NASDAQ: FTNT) -- a leading network security provider and worldwide leader of unified threat management (UTM) solutions -- today announced its March 2010 Threatscape report showed domination of ransomware threats with nine of the detections in the malware top ten list resulting in either scareware or ransomware infesting the victim's PC. Fortinet observed the primary drivers behind these threats to be two of the most notorious botnet "loaders" -- Bredolab and Pushdo. Another important finding is the aggressive entrance of a new zero-day threat in FortiGuard's top ten attack list, MS.IE.Userdata.Behavior.Code.Execution, which accounted for 25 percent of the detected activity last month. Key threat activities for the month of March include: -- SMS-based Ransomware High Activity: A new ransomware threat -- W32/DigiPog.EP -- appeared in Fortinet's top ten malware list. DigiPog is an SMS blocker using Russian language, locking out a system and aggressively killing off popular applications like Internet Explorer and Firefox until an appropriate code is entered into a field provided to the user. To obtain the code, a user must send an SMS message to the provided number, receiving a code in return. Upon execution, DigiPog registers the user's MAC address with its server. It is the first time that SMS-based ransomware enters Fortinet's top ten list, showing that the rise of ransomware is well on its way.
    [Show full text]
  • MALWARE ACTIVITY DETECTION THROUGH BROWSER EXTENSION Jayanth Betha1, Prakash Andavolu2, Mariyala V V Gupta3 Department of Computer Science and Engineering, St
    MALWARE ACTIVITY DETECTION THROUGH BROWSER EXTENSION Jayanth Betha1, Prakash Andavolu2, Mariyala V V Gupta3 Department of Computer Science and Engineering, St. Martin’s Engineering College, India. Abstract stretch out beyond the contaminated PC. A The drastic growth in Internet users and Malware infection may aim to damage the files Digital assets worldwide has created on storage devices; however, a keylogger is opportunities for cybercriminals to break utilized to take individual data, such as email into systems. The massive increase in ID's or passwords. While there are numerous malware and cybercrime is seen all over the approaches used to secure against keyloggers, globe; people have become more dependent this study mainly focuses on the detection of on the web environment. Malware (Malicious keyloggers. This research report will provide an Software), is a software that opens the door in-depth study on types of secretly monitoring for cybercriminals to access sensitive malware (keyloggers). A browser based solution information from the computing devices. In (browser extension) is needed to detect and alert the current technology-dependent world, the user about the keyloggers. attacks upon sensitive user information have In today’s technology-dependent world, continued to grow over time steadily. A attacks upon sensitive user information have common threat to data security is Malware. continued to evolve steadily over time. A Symantec discovered more than 430 million common threat to data security is Malware. new unique pieces of malware in 2015, up 36 According to (Symantec’s 2016 Internet percent from the year before. The objective of Security Threat Report. (n.d.).
    [Show full text]
  • PC Anti-Virus Protection 2011
    PC Anti-Virus Protection 2011 12 POPULAR ANTI-VIRUS PROGRAMS COMPARED FOR EFFECTIVENESS Dennis Technology Labs, 03/08/2010 www.DennisTechnologyLabs.com This test aims to compare the effectiveness of the most recent releases of popular anti-virus software1. The products include those from Kaspersky, McAfee, Microsoft, Norton (Symantec) and Trend Micro, as well as free versions from Avast, AVG and Avira. Other products include those from BitDefender, ESET, G-Data and K7. The tests were conducted between 07/07/2010 and 22/07/2010 using the most up to date versions of the software available. A total of 12 products were exposed to genuine internet threats that real customers could have encountered during the test period. Crucially, this exposure was carried out in a realistic way, reflecting a customer’s experience as closely as possible. For example, each test system visited real, infected websites that significant numbers of internet users were encountering at the time of the test. These results reflect what would have happened if those users were using one of the seven products tested. EXECUTIVE SUMMARY Q Products that block attacks early tended to protect the system more fully The nature of web-based attacks means that the longer malware has access to a system, the more chances it has of downloading and installing further threats. Products that blocked the malicious and infected websites from the start reduced the risk of compromise by secondary and further downloads. Q 100 per cent protection is rare This test recorded an average protection rate of 87.5 per cent. New threats appear online frequently and it is inevitable that there will be times when specific security products are unable to protect from some of these threats.
    [Show full text]
  • Asia-Europe Meeting
    Asia-Europe Meeting Topic A: Identifying, Sharing and Remediating Faults in Cybersecurity Topic B: Tackling Local, Regional and Global Hunger MUNUC 32 TABLE OF CONTENTS ______________________________________________________ Letter from the Chair………………………………………………………….. 3 Topic A ………………………………………………………………………..… 4 Statement of the Problem…………………………………………….. 4 History of the Problem……………………………………….…..…….. 9 Past Actions…………………………………………………………….. 14 Possible Solutions………………………………………………………. 18 Bloc Positions…………………………………………………………… 20 Glossary…………………………………………………………………. 22 Topic B ………………………………………………………………...………. 23 Statement of the Problem…………………………………………….23 History of the Problem………………………………………………… 28 Past Actions…………………………………………………………….. 31 Possible Solutions………………………………………………………. 33 Bloc Positions…………………………………………………………… 35 Glossary…………………………………………………………………. 37 Bibliography……………………………………….…………………………. 38 2 Asia-Europe Meeting | MUNUC 32 LETTER FROM THE CHAIR ______________________________________________________ Dear Delegates, Welcome to the Asia-Europe Meeting Forum, or ASEM, at MUNUC 32! My name is Randolph Ramirez, and I usually go by Randy. I am a third year here at The University of Chicago studying Statistics and Political Science. I was born and raised in Wilton, Connecticut, and coming out to attend UChicago was my first trip out to Illinois! All throughout high school I was heavily involved in Model Congress, and partaking in MUNUC my first year here helped transition me into the world of Model UN! I am certain that this conference and committee will be a success, and I cannot wait to experience it with you all! The Asia-Europe Meeting Forum will offer a multitude of experiences, problems, solutions, and overall will hopefully give a descriptive look into the affairs of the two regions. Throughout this experience, I hope delegates learn the various factors that make solving the issues of cybersecurity and huger instability a difficult endeavor, and how best to go about solving them.
    [Show full text]
  • The Botnet Chronicles a Journey to Infamy
    The Botnet Chronicles A Journey to Infamy Trend Micro, Incorporated Rik Ferguson Senior Security Advisor A Trend Micro White Paper I November 2010 The Botnet Chronicles A Journey to Infamy CONTENTS A Prelude to Evolution ....................................................................................................................4 The Botnet Saga Begins .................................................................................................................5 The Birth of Organized Crime .........................................................................................................7 The Security War Rages On ........................................................................................................... 8 Lost in the White Noise................................................................................................................. 10 Where Do We Go from Here? .......................................................................................................... 11 References ...................................................................................................................................... 12 2 WHITE PAPER I THE BOTNET CHRONICLES: A JOURNEY TO INFAMY The Botnet Chronicles A Journey to Infamy The botnet time line below shows a rundown of the botnets discussed in this white paper. Clicking each botnet’s name in blue will bring you to the page where it is described in more detail. To go back to the time line below from each page, click the ~ at the end of the section. 3 WHITE
    [Show full text]
  • A Review Paper on Effective Behavioral Based Malware Detection and Prevention Techniques for Android Platform
    International Journal of Engineering Research and Technology. ISSN 0974-3154 Volume 10, Number 1 (2017) © International Research Publication House http://www.irphouse.com A Review Paper on Effective Behavioral Based Malware Detection and Prevention Techniques for Android Platform Mr. Sagar Vitthal Shinde1 M.Tech Comp. Department of Technology, Shivaji University, Kolhapur, Maharashtra, India. Email id: [email protected] Ms. Amrita A. Manjrekar2 Assistant Professor, Department of Technology, Shivaji University, Kolhapur, Maharashtra, India. Email Id: [email protected] Abstract late). It has been recently reported that almost 60% of Android is most popular platform for mobile devices. existing malware send stealthy premium rate SMS messages. Smartphone’s and mobile tablets are rapidly indispensable in Most of these behaviors are exhibited by a category of apps daily life. Android has been the most popular open sources called Trojanized that can be found in online marketplaces mobile operating system. On the one side android users are not controlled by Google. However, also Google Play, the increasing, but other side malicious activity also official market for Android apps, has hosted apps which have simultaneously increasing. The risk of malware (Malicious been found to be malicious [1] [21]. apps) is sharply increasing in Android platform, Android Existing system consist of some limited features of android mobile malware detection and prevention has become an app, malware detection is based on behavioral base. The important research topic. Some malware attacks can make the malware detection and prevention process is also static which phone partially or fully unusable, cause unwanted SMS/MMS create some problems such as it increase false positive rate.
    [Show full text]
  • An Analysis of the Asprox Botnet
    An Analysis of the Asprox Botnet Ravishankar Borgaonkar Technical University of Berlin Email: [email protected] Abstract—The presence of large pools of compromised com- motives. Exploitable vulnerabilities may exist in the Internet puters, also known as botnets, or zombie armies, represents a infrastructure, in the clients and servers, in the people, and in very serious threat to Internet security. This paper describes the way money is controlled and transferred from the Internet the architecture of a contemporary advanced bot commonly known as Asprox. Asprox is a type of malware that combines into traditional cash. Many security firms and researchers are the two threat vectors of forming a botnet and of generating working on developing new methods to fight botnets and to SQL injection attacks. The main features of the Asprox botnet mitigate against threats from botnets [7], [8], [9]. are the use of centralized command and control structure, HTTP based communication, use of advanced double fast-flux service Unfortunately, there are still many questions that need to networks, use of SQL injection attacks for recruiting new bots be addressed to find effective ways of protecting against the and social engineering tricks to spread malware binaries. The threats from botnets. In order to fight against botnets in future, objective of this paper is to contribute to a deeper understanding of Asprox in particular and a better understanding of modern it is not enough to study the botnets of past. Botnets are botnet designs in general. This knowledge can be used to develop constantly evolving, and we need to understand the design more effective methods for detecting botnets, and stopping the and structure of the emerging advanced botnets.
    [Show full text]
  • C&C Botnet Detection Over
    C&C Botnet Detection over SSL Riccardo Bortolameotti University of Twente - EIT ICT Labs masterschool [email protected] Dedicated to my parents Remo and Chiara, and to my sister Anna 2 Abstract Nowadays botnets are playing an important role in the panorama of cyber- crime. These cyber weapons are used to perform malicious activities such fi- nancial frauds, cyber-espionage, etc... using infected computers. This threat can be mitigated by detecting C&C channels on the network. In literature many solutions have been proposed. However, botnet are becoming more and more complex, and currently they are trying to move towards encrypted solutions. In this work, we have designed, implemented and validated a method to detect botnet C&C communication channels over SSL, the se- curity protocol standard de-facto. We provide a set of SSL features that can be used to detect malicious connections. Using our features, the results indicate that we are able to detect, what we believe to be, a botnet and ma- licious connections. Our system can also be considered privacy-preserving and lightweight, because the payload is not analyzed and the portion of an- alyzed traffic is very small. Our analysis also indicates that 0.6% of the SSL connections were broken. Limitations of the system, its applications and possible future works are also discussed. 3 4 Contents 1 Introduction 7 1.1 Problem Statement . .9 1.2 Research questions . 10 1.2.1 Layout of the thesis . 11 2 State of the Art 13 2.1 Preliminary concepts . 13 2.1.1 FFSN .
    [Show full text]
  • Web Warriors – CBC Documentary
    Cyber Crime Unit The federal government has suffered a nearly 680 percent increase in cyber security breaches in the past six years. 1 Computer Security Risks • A computer security risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability • A cybercrime is an online or Internet-based illegal act Hackers Crackers Script Kiddies Corporate Spies Unethical Cyberextortionists Cyberterrorists Employees Pages 556 - 557 Discovering Computers 2011: Living in a Digital World 2 Chapter 11 3 HACKER Someone who gets into another persons computer or network ILLEGALLY. Say their intent is to improve SECURITY. Have advanced COMPUTER and NETWORK skills. CRACKER 4 Someone who gets into another persons computer or network ILLEGALLY. Their intent is to: 1. GET RID OF data 2. STEAL information 3.Other SPITEFUL acts. Have advanced COMPUTER and NETWORK skills. 5 SCRIPT KIDDIE Not as knowledgeable as a cracker but has the SAME intent. Often use PREWRITTEN hacking and cracking software packages to crack into computers. 6 CYBEREXTORTIONIST Uses EMAIL as a channel for BLACKMAIL. If they are not paid a sum of money, they threaten to: 1. REVEAL confidential material 2. TAKE ADVANTAGE OF a safety flaw 3. BEGIN an attack that will compromise a organization’s network 7 CYBERTERRORIST They use the INTERNET or NETWORK to destroy or damage computers for GOVERNMENTAL motives. Targets may be: 1. Nation’s AIR TRAFFIC system 2. ELECTRICITY-generating companies 3. TELECOMMUNICATION infrastructure 8 CORPORATE SPYS Have OUTSTANDING computer and networking skills and are hired to break into a specific computer and ROB its exclusive FILES and information or to help identify SAFETY risks in their own ORGANIZATION.
    [Show full text]
  • Not So Secure! Research Report on End-Point Compromises and the Risk to Internet Banking
    Not so secure! Research report on end-point compromises and the risk to Internet banking Special research report. August 2016 Internet Banking has grown by leaps and bounds in India. India had over 400 million Internet users by the beginning of 2016 as per a report by IAMAI and IMRB. This is the highest number of Internet banking users in any country. While having a high number of Internet banking users indicates healthy adoption of IT and reduced costs for banks, it also means that this population is vulnerable to cyberthreats which can put their hard-earned money at risk. One of the biggest addressable risks which users face is man-in-the-browser and end-point compromise attacks. “Virtual keyboards are ineffective in preventing the theft of end-user credentials and banks need to look at end point security more holistically. End-point compromise is an attack in which the end user’s computer and, in many cases these days, a browser is compromised using a simple program—generally a browser plugin or browser extension. The program is designed to steal the Internet banking credentials of the end users. Our security research team looked at the Internet banking websites of 26 banks in India. We found that over 21 banks have inadequate mechanisms to detect or prevent attacks which could compromise the end user credentials. This finding has significant implications as the end user is generally gullible, and many users can be made to download a browser extension/plugin which is capable of capturing banking credentials. Mechanisms which are currently prevalent, such as the virtual keyboard, which were long considered a protection against such attacks, were found to be inadequate to prevent these attacks.
    [Show full text]
  • ESCUELA SUPERIOR POLITÉCNICA DEL LITORAL Facultad De
    ESCUELA SUPERIOR POLITÉCNICA DEL LITORAL Facultad de Ingeniería en Electricidad y Computación Maestría en Seguridad Informática Aplicada “DISEÑO E IMPLEMENTACIÓN DE UN SISTEMA DE DEFENSA CONTRA ATAQUES DE DENEGACIÓN DE SERVICIO DISTRIBUIDO EN LA RED PARA UNA EMPRESA DE SERVICIOS.” TESIS DE GRADO PREVIA A LA OBTENCIÓN DEL TÍTULO DE: MAGISTER EN SEGURIDAD INFORMÁTICA APLICADA KAROL PAMELA BRIONES FUENTES OMAR ANTONIO CÓRDOVA BALÓN GUAYAQUIL – ECUADOR 2015 ii AGRADECIMIENTO A Dios, A nuestras familias. iii DEDICATORIA A nuestras familias. iv TRIBUNAL DE SUSTENTACIÓN MSIG. LENIN FREIRE COBO DIRECTOR DEL MSIA MSIG. ROKY BARBOSA DIRECTOR DE TESIS MSIG. ALBERT ESPINAL SANTANA MIEMBRO PRINCIPAL v DECLARACIÓN EXPRESA “La responsabilidad del contenido de esta Tesis de Grado, me corresponde exclusivamente; y, el patrimonio intelectual de la misma, a la ESCUELA SUPERIOR POLITÉCNICA DEL LITORAL” ING. KAROL BRIONES FUENTES CI 0921279162 vi DECLARACIÓN EXPRESA “La responsabilidad del contenido de esta Tesis de Grado, me corresponde exclusivamente; y, el patrimonio intelectual de la misma, a la ESCUELA SUPERIOR POLITÉCNICA DEL LITORAL” ING. OMAR CORDOVA CI 0922892161 vii RESUMEN Internet ha revolucionado la forma en que operan los negocios en la actualidad. Gran cantidad de datos son transmitidos a nivel mundial en tiempo real, como es el caso de las compañías en línea, las cuales dependen de la disponibilidad de sus servicios las veinticuatro horas del día, los trescientos sesenta y cinco días del año para que sus clientes se mantengan conectados de diversas maneras y sin interrupciones. Pero, este nuevo mundo de mayores velocidades, grandes volúmenes de datos y alta disponibilidad de los servicios, trae consigo oportunidades para los criminales cibernéticos, cuyo objetivo es aprovechar el mínimo fallo en los sistemas que operan dentro de la gran red mundial.
    [Show full text]