Cyber_Threats_and_CountermeasuresSeminar.pdf
ruturaj6333
12 views
18 slides
Mar 01, 2025
Slide 1 of 18
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
About This Presentation
I want to give seminar on cyber threats and their contermeasures so provide ppt for that
Slide Content
Cyber Threats in Networking
and Countermeasures
Presented by:
1) Ruturaj Bhusari
2) Rushikesh Shipalkar
and Countermeasures
Presented by:
1) Ruturaj Bhusari
2) Rushikesh Shipalkar
Seminar Agenda
Introduction–Importance of cybersecurity
in networking
Cyber Threats Overview–Malware,
Phishing, DoS/DDoS, MitM, APTs
Case Studies–Real-world cyberattacks &
lessons learned
Countermeasures–Firewalls, Encryption,
MFA, Zero Trust, Awareness
Introduction–Importance of cybersecurity
in networking
Cyber Threats Overview–Malware,
Phishing, DoS/DDoS, MitM, APTs
Case Studies–Real-world cyberattacks &
lessons learned
Countermeasures–Firewalls, Encryption,
MFA, Zero Trust, Awareness
Introduction
• Importance of networking in modern systems.
• Why cybersecurity is crucial.
• Overview of the seminar.
•Fact: 95% of cybersecurity breaches are
caused by human error.
•Question: How secure do you think your
password is?
• Importance of networking in modern systems.
• Why cybersecurity is crucial.
• Overview of the seminar.
•Fact: 95% of cybersecurity breaches are
caused by human error.
•Question: How secure do you think your
password is?
Phishing Attacks
•Definition: A cyber attack that uses deceptive
emails, messages, or websites to trick users
into revealing sensitive information.
• Fake emails appear from legitimate sources.
• Victim enters credentials on a malicious login
page.
• Attackers steal credentials and gain
unauthorized access.
•Definition: A cyber attack that uses deceptive
emails, messages, or websites to trick users
into revealing sensitive information.
• Fake emails appear from legitimate sources.
• Victim enters credentials on a malicious login
page.
• Attackers steal credentials and gain
unauthorized access.
common types of phishing attacks:
1. Email Phishing
Most common type; attackers send fake emails impersonating legitimate organizations to steal credentials or infect systems.
2. Spear Phishing
A targeted attack aimed at specific individuals or organizations, using personalized information to appear more convincing.
3. Whaling
A type of spear phishing that targets high-profile individuals like CEOs, CFOs, or executives to gain sensitive company data.
4. Smishing (SMS Phishing)
Phishing attacks conducted via text messages (SMS), often containing malicious links or fake alerts.
5. Vishing (Voice Phishing)
Attackers use phone calls to trick victims into revealing sensitive information, often posing as bank officials or IT support.
6. Clone Phishing
A legitimate email is cloned, but with malicious links or attachments, and resent to trick the recipient into interacting.
7. Angler Phishing
Attackers use fake social media messages or comments to trick users into clicking on malicious links or revealing information.
8. Search Engine Phishing
Fraudulent websites appear in search results, tricking users into entering personal information.
9. Pharming
Attackers manipulate DNS settings to redirect users to fake websites that look like real ones to steal credentials.
1. Email Phishing
Most common type; attackers send fake emails impersonating legitimate organizations to steal credentials or infect systems.
2. Spear Phishing
A targeted attack aimed at specific individuals or organizations, using personalized information to appear more convincing.
3. Whaling
A type of spear phishing that targets high-profile individuals like CEOs, CFOs, or executives to gain sensitive company data.
4. Smishing (SMS Phishing)
Phishing attacks conducted via text messages (SMS), often containing malicious links or fake alerts.
5. Vishing (Voice Phishing)
Attackers use phone calls to trick victims into revealing sensitive information, often posing as bank officials or IT support.
6. Clone Phishing
A legitimate email is cloned, but with malicious links or attachments, and resent to trick the recipient into interacting.
7. Angler Phishing
Attackers use fake social media messages or comments to trick users into clicking on malicious links or revealing information.
8. Search Engine Phishing
Fraudulent websites appear in search results, tricking users into entering personal information.
9. Pharming
Attackers manipulate DNS settings to redirect users to fake websites that look like real ones to steal credentials.
Real-Life Example: Google &
Facebook Scam
• A hacker tricked employees from Google &
Facebook into sending over $100M.
• Used fake invoices & emails appearing
legitimate.
• Led to a massive financial loss before
discovery.
Facebook Scam
• A hacker tricked employees from Google &
Facebook into sending over $100M.
• Used fake invoices & emails appearing
legitimate.
• Led to a massive financial loss before
discovery.
Countermeasures for Phishing
Attacks
Verify URLs before clicking links.
Enable Multi-Factor Authentication (MFA).
Educate employees via phishing simulations.
Use email filtering solutions to detect fake
emails.
Attacks
Verify URLs before clicking links.
Enable Multi-Factor Authentication (MFA).
Educate employees via phishing simulations.
Use email filtering solutions to detect fake
emails.
Denial-of-Service (DoS) & DDoS
Attacks
• DoS: Overloads a system with excessive
requests, making it unavailable.
• DDoS: Uses multiple compromised devices
(botnets) to amplify attacks.
Attacks
• DoS: Overloads a system with excessive
requests, making it unavailable.
• DDoS: Uses multiple compromised devices
(botnets) to amplify attacks.
DDoS Attack: GitHub (2018)
• Attackers used a Memcached-based
amplification attack.
• Reached a peak of 1.35 Tbps of traffic.
• GitHub went down for 10 minutes before
mitigation.
• Attackers used a Memcached-based
amplification attack.
• Reached a peak of 1.35 Tbps of traffic.
• GitHub went down for 10 minutes before
mitigation.
Countermeasures for DDoS Attacks
Firewalls & Intrusion Prevention Systems.
DDoS Protection Services (Cloudflare, AWS
Shield).
Load Balancers & CDNs to distribute traffic.
Real-time monitoring & anomaly detection.
Firewalls & Intrusion Prevention Systems.
DDoS Protection Services (Cloudflare, AWS
Shield).
Load Balancers & CDNs to distribute traffic.
Real-time monitoring & anomaly detection.
Zero-Day Threats
• Exploits vulnerabilities before vendors can fix
them.
• Attackers use unknown security flaws to gain
access.
• No immediate patch available until discovered.
• Exploits vulnerabilities before vendors can fix
them.
• Attackers use unknown security flaws to gain
access.
• No immediate patch available until discovered.
Zero-Day Attack: Stuxnet (2010)
• Targeted Iran’s nuclear facilities.
• Exploited multiple zero-day vulnerabilities in
Windows.
• Caused 1,000+ centrifuges to malfunction,
delaying nuclear projects.
• Targeted Iran’s nuclear facilities.
• Exploited multiple zero-day vulnerabilities in
Windows.
• Caused 1,000+ centrifuges to malfunction,
delaying nuclear projects.
Countermeasures for Zero-Day
Attacks
Regular Software Updates & Patching.
Zero-Day Threat Detection Tools.
Intrusion Detection & Prevention Systems.
Network Segmentation to limit attack spread.
Attacks
Regular Software Updates & Patching.
Zero-Day Threat Detection Tools.
Intrusion Detection & Prevention Systems.
Network Segmentation to limit attack spread.
Brute Force Attack on Weak
Passwords
• Systematic guessing of all possible passwords.
• Uses automated tools like Hydra or Hashcat.
• Weak passwords get cracked quickly.
Passwords
• Systematic guessing of all possible passwords.
• Uses automated tools like Hydra or Hashcat.
• Weak passwords get cracked quickly.
Countermeasures for Brute Force
Attacks
Use strong passwords (mix of letters,
numbers, symbols).
Enable multi-factor authentication (MFA).
Limit login attempts & use CAPTCHAs.
Attacks
Use strong passwords (mix of letters,
numbers, symbols).
Enable multi-factor authentication (MFA).
Limit login attempts & use CAPTCHAs.
DNS Spoofing (DNS Cache
Poisoning)
• Attackers inject fake DNS records to redirect
users to fake websites.
• Users enter credentials into a malicious site,
leading to credential theft.
Poisoning)
• Attackers inject fake DNS records to redirect
users to fake websites.
• Users enter credentials into a malicious site,
leading to credential theft.
Countermeasures for DNS Spoofing
Use Secure DNS (DNSSEC).
Flush DNS Cache Regularly.
Use Encrypted DNS (DoH/DoT).
Verify URLs & check HTTPS certificates.
Use Secure DNS (DNSSEC).
Flush DNS Cache Regularly.
Use Encrypted DNS (DoH/DoT).
Verify URLs & check HTTPS certificates.
Conclusion
• Cyber threats in networking continue to
evolve.
• Proactive security measures can mitigate risks.
• Awareness & best practices are key to
protection.
•Thank you!
• Cyber threats in networking continue to
evolve.
• Proactive security measures can mitigate risks.
• Awareness & best practices are key to
protection.
•Thank you!
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 12
- Slides 18
- Age 290 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
41 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
45 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
40 views
14
Fertility awareness methods for women in the society
Isaiah47
38 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
37 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
39 views