Introduction_to_CyberSecurity and Applications.pdf
ranapoonam1
59 views
40 slides
Sep 16, 2024
Slide 1 of 40
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
About This Presentation
Introduction to Cybersecurity
Slide Content
Introduction to
Cyber Security
By:
Prof. (Dr.) Poonam Panwar
University School of Computing
Cyber Security
By:
Prof. (Dr.) Poonam Panwar
University School of Computing
What is Cyber Security?
The technique of protecting internet-connected systems such as computers,
servers, mobile devices, electronic systems, networks, and data from
malicious attacks is known as cybersecurity. We can divide cybersecurity into
two parts one is cyber, and the other is security. Cyber refers to the
technology that includes systems, networks, programs, and data. And
security is concerned with the protection of systems, networks, applications,
and information. In some cases, it is also calledelectronic information
securityorinformation technology security.
04/09/24 Prof.(Dr.) Poonam Panwar2
The technique of protecting internet-connected systems such as computers,
servers, mobile devices, electronic systems, networks, and data from
malicious attacks is known as cybersecurity. We can divide cybersecurity into
two parts one is cyber, and the other is security. Cyber refers to the
technology that includes systems, networks, programs, and data. And
security is concerned with the protection of systems, networks, applications,
and information. In some cases, it is also calledelectronic information
securityorinformation technology security.
04/09/24 Prof.(Dr.) Poonam Panwar2
Some other definitions of
cybersecurity
"CyberSecurityisthebodyoftechnologies,processes,andpractices
designedtoprotectnetworks,devices,programs,anddatafromattack,
theft,damage,modificationorunauthorizedaccess.”
"CyberSecurityisthesetofprinciplesandpracticesdesignedtoprotect
ourcomputingresourcesandonlineinformationagainstthreats."
04/09/24 Prof.(Dr.) Poonam Panwar3
cybersecurity
"CyberSecurityisthebodyoftechnologies,processes,andpractices
designedtoprotectnetworks,devices,programs,anddatafromattack,
theft,damage,modificationorunauthorizedaccess.”
"CyberSecurityisthesetofprinciplesandpracticesdesignedtoprotect
ourcomputingresourcesandonlineinformationagainstthreats."
04/09/24 Prof.(Dr.) Poonam Panwar3
04/09/24 Prof.(Dr.) Poonam Panwar4
Types of Cyber Security
Everyorganization'sassetsarethecombinationsofavarietyofdifferentsystems.Thesesystemshavea
strongcybersecurityposturethatrequirescoordinatedeffortsacrossallofitssystems.Therefore,wecan
categorizecybersecurityinthefollowingsub-domains:
•NetworkSecurity:Itinvolvesimplementingthehardwareandsoftwaretosecureacomputernetwork
fromunauthorizedaccess,intruders,attacks,disruption,andmisuse.Thissecurityhelpsan
organizationtoprotectitsassetsagainstexternalandinternalthreats.
•ApplicationSecurity:Itinvolvesprotectingthesoftwareanddevicesfromunwantedthreats.This
protectioncanbedonebyconstantlyupdatingtheappstoensuretheyaresecurefromattacks.
Successfulsecuritybeginsinthedesignstage,writingsourcecode,validation,threatmodeling,etc.,
beforeaprogramordeviceisdeployed.
04/09/24 Prof.(Dr.) Poonam Panwar5
Everyorganization'sassetsarethecombinationsofavarietyofdifferentsystems.Thesesystemshavea
strongcybersecurityposturethatrequirescoordinatedeffortsacrossallofitssystems.Therefore,wecan
categorizecybersecurityinthefollowingsub-domains:
•NetworkSecurity:Itinvolvesimplementingthehardwareandsoftwaretosecureacomputernetwork
fromunauthorizedaccess,intruders,attacks,disruption,andmisuse.Thissecurityhelpsan
organizationtoprotectitsassetsagainstexternalandinternalthreats.
•ApplicationSecurity:Itinvolvesprotectingthesoftwareanddevicesfromunwantedthreats.This
protectioncanbedonebyconstantlyupdatingtheappstoensuretheyaresecurefromattacks.
Successfulsecuritybeginsinthedesignstage,writingsourcecode,validation,threatmodeling,etc.,
beforeaprogramordeviceisdeployed.
04/09/24 Prof.(Dr.) Poonam Panwar5
Types of Cyber Security
•InformationorDataSecurity:Itinvolvesimplementingastrongdatastorage
mechanismtomaintaintheintegrityandprivacyofdata,bothinstorageand
intransit.
•Identitymanagement:Itdealswiththeprocedurefordeterminingthelevel
ofaccessthateachindividualhaswithinanorganization.
•OperationalSecurity:Itinvolvesprocessingandmakingdecisionsonhandling
andsecuringdataassets.
•MobileSecurity:Itinvolvessecuringtheorganizationalandpersonaldata
storedonmobiledevicessuchascellphones,computers,tablets,andother
similardevicesagainstvariousmaliciousthreats.Thesethreatsare
unauthorizedaccess,devicelossortheft,malware,etc.
04/09/24 Prof.(Dr.) Poonam Panwar6
•InformationorDataSecurity:Itinvolvesimplementingastrongdatastorage
mechanismtomaintaintheintegrityandprivacyofdata,bothinstorageand
intransit.
•Identitymanagement:Itdealswiththeprocedurefordeterminingthelevel
ofaccessthateachindividualhaswithinanorganization.
•OperationalSecurity:Itinvolvesprocessingandmakingdecisionsonhandling
andsecuringdataassets.
•MobileSecurity:Itinvolvessecuringtheorganizationalandpersonaldata
storedonmobiledevicessuchascellphones,computers,tablets,andother
similardevicesagainstvariousmaliciousthreats.Thesethreatsare
unauthorizedaccess,devicelossortheft,malware,etc.
04/09/24 Prof.(Dr.) Poonam Panwar6
Types of Cyber Security
•CloudSecurity:Itinvolvesinprotectingtheinformationstoredinthedigitalenvironmentorcloudarchitecturesfortheorganization.ItusesvariouscloudserviceproviderssuchasAWS,Azure,Google,etc.,toensuresecurityagainstmultiplethreats.
•DisasterRecoveryandBusinessContinuityPlanning:Itdealswiththeprocesses,monitoring,alerts,andplanstohowanorganizationrespondswhenanymaliciousactivityiscausingthelossofoperationsordata.Itspoliciesdictateresumingthelostoperationsafteranydisasterhappenstothesameoperatingcapacityasbeforetheevent.
•UserEducation:Itdealswiththeprocesses,monitoring,alerts,andplanstohowanorganizationrespondswhenanymaliciousactivityiscausingthelossofoperationsordata.Itspoliciesdictateresumingthelostoperationsafteranydisasterhappenstothesameoperatingcapacityasbeforetheevent.
04/09/24 Prof.(Dr.) Poonam Panwar7
•CloudSecurity:Itinvolvesinprotectingtheinformationstoredinthedigitalenvironmentorcloudarchitecturesfortheorganization.ItusesvariouscloudserviceproviderssuchasAWS,Azure,Google,etc.,toensuresecurityagainstmultiplethreats.
•DisasterRecoveryandBusinessContinuityPlanning:Itdealswiththeprocesses,monitoring,alerts,andplanstohowanorganizationrespondswhenanymaliciousactivityiscausingthelossofoperationsordata.Itspoliciesdictateresumingthelostoperationsafteranydisasterhappenstothesameoperatingcapacityasbeforetheevent.
•UserEducation:Itdealswiththeprocesses,monitoring,alerts,andplanstohowanorganizationrespondswhenanymaliciousactivityiscausingthelossofoperationsordata.Itspoliciesdictateresumingthelostoperationsafteranydisasterhappenstothesameoperatingcapacityasbeforetheevent.
04/09/24 Prof.(Dr.) Poonam Panwar7
Importance of Cyber Security
Todayweliveinadigitalerawhereallaspectsofourlivesdependonthe
network,computerandotherelectronicdevices,andsoftwareapplications.All
criticalinfrastructuresuchasthebankingsystem,healthcare,financial
institutions,governments,andmanufacturingindustriesusedevicesconnected
totheInternetasacorepartoftheiroperations.Someoftheirinformation,
suchasintellectualproperty,financialdata,andpersonaldata,canbesensitive
forunauthorizedaccessorexposurethatcouldhavenegativeconsequences.
Thisinformationgivesintrudersandthreatactorstoinfiltratethemforfinancial
gain,extortion,politicalorsocialmotives,orjustvandalism.
04/09/24 Prof.(Dr.) Poonam Panwar8
Todayweliveinadigitalerawhereallaspectsofourlivesdependonthe
network,computerandotherelectronicdevices,andsoftwareapplications.All
criticalinfrastructuresuchasthebankingsystem,healthcare,financial
institutions,governments,andmanufacturingindustriesusedevicesconnected
totheInternetasacorepartoftheiroperations.Someoftheirinformation,
suchasintellectualproperty,financialdata,andpersonaldata,canbesensitive
forunauthorizedaccessorexposurethatcouldhavenegativeconsequences.
Thisinformationgivesintrudersandthreatactorstoinfiltratethemforfinancial
gain,extortion,politicalorsocialmotives,orjustvandalism.
04/09/24 Prof.(Dr.) Poonam Panwar8
04/09/24 Prof.(Dr.) Poonam Panwar9
Importance of Cyber Security
Cyber-attackisnowaninternationalconcernthathacksthesystem,and
othersecurityattackscouldendangertheglobaleconomy.Therefore,itis
essentialtohaveanexcellentcybersecuritystrategytoprotectsensitive
informationfromhigh-profilesecuritybreaches.Furthermore,asthe
volumeofcyber-attacksgrows,companiesandorganizations,especially
thosethatdealwithinformationrelatedtonationalsecurity,health,or
financialrecords,needtousestrongcybersecuritymeasuresand
processestoprotecttheirsensitivebusinessandpersonalinformation.
04/09/24 Prof.(Dr.) Poonam Panwar10
Cyber-attackisnowaninternationalconcernthathacksthesystem,and
othersecurityattackscouldendangertheglobaleconomy.Therefore,itis
essentialtohaveanexcellentcybersecuritystrategytoprotectsensitive
informationfromhigh-profilesecuritybreaches.Furthermore,asthe
volumeofcyber-attacksgrows,companiesandorganizations,especially
thosethatdealwithinformationrelatedtonationalsecurity,health,or
financialrecords,needtousestrongcybersecuritymeasuresand
processestoprotecttheirsensitivebusinessandpersonalinformation.
04/09/24 Prof.(Dr.) Poonam Panwar10
Cyber Security Goals
Cyber Security'smainobjective is to ensure data protection. The
security community provides a triangle of three related principles to
protect the data from cyber-attacks. This principle is called theCIA
triad. The CIA model is designed to guide policies for an organization's
information security infrastructure. When any security breaches are
found, one or more of these principles has been violated.
04/09/24 Prof.(Dr.) Poonam Panwar11
Cyber Security'smainobjective is to ensure data protection. The
security community provides a triangle of three related principles to
protect the data from cyber-attacks. This principle is called theCIA
triad. The CIA model is designed to guide policies for an organization's
information security infrastructure. When any security breaches are
found, one or more of these principles has been violated.
04/09/24 Prof.(Dr.) Poonam Panwar11
CIA triad
We can break theCIA model into three parts: Confidentiality, Integrity,
and Availability. It is actually a security model that helps people to think
about various parts of IT security. Let us discuss each part in detail.
04/09/24 Prof.(Dr.) Poonam Panwar12
We can break theCIA model into three parts: Confidentiality, Integrity,
and Availability. It is actually a security model that helps people to think
about various parts of IT security. Let us discuss each part in detail.
04/09/24 Prof.(Dr.) Poonam Panwar12
CIA triad
04/09/24 Prof.(Dr.) Poonam Panwar13
04/09/24 Prof.(Dr.) Poonam Panwar13
Confidentiality
Confidentialityisequivalenttoprivacythatavoidsunauthorizedaccess
ofinformation.Itinvolvesensuringthedataisaccessiblebythosewho
areallowedtouseitandblockingaccesstoothers.Itpreventsessential
informationfromreachingthewrongpeople.Dataencryptionisan
excellentexampleofensuringconfidentiality.
04/09/24 Prof.(Dr.) Poonam Panwar14
Confidentialityisequivalenttoprivacythatavoidsunauthorizedaccess
ofinformation.Itinvolvesensuringthedataisaccessiblebythosewho
areallowedtouseitandblockingaccesstoothers.Itpreventsessential
informationfromreachingthewrongpeople.Dataencryptionisan
excellentexampleofensuringconfidentiality.
04/09/24 Prof.(Dr.) Poonam Panwar14
Integrity
This principle ensures that the data is authentic, accurate, and
safeguarded from unauthorized modification by threat actors or
accidental user modification. If any modifications occur, certain
measures should be taken to protect the sensitive data from corruption
or loss and speedily recover from such an event. In addition, it indicates
to make the source of information genuine.
04/09/24 Prof.(Dr.) Poonam Panwar15
This principle ensures that the data is authentic, accurate, and
safeguarded from unauthorized modification by threat actors or
accidental user modification. If any modifications occur, certain
measures should be taken to protect the sensitive data from corruption
or loss and speedily recover from such an event. In addition, it indicates
to make the source of information genuine.
04/09/24 Prof.(Dr.) Poonam Panwar15
Availability
This principle makes the information to be available and useful for its
authorized people always. It ensures that these accesses are not
hindered by system malfunction or cyber-attacks.
04/09/24 Prof.(Dr.) Poonam Panwar16
This principle makes the information to be available and useful for its
authorized people always. It ensures that these accesses are not
hindered by system malfunction or cyber-attacks.
04/09/24 Prof.(Dr.) Poonam Panwar16
Types of Cyber Security Threats
Athreatincybersecurityisamaliciousactivitybyanindividualor
organizationtocorruptorstealdata,gainaccesstoanetwork,ordisrupts
digitallifeingeneral.Thecybercommunitydefinesthefollowingthreats
availabletoday:
04/09/24 Prof.(Dr.) Poonam Panwar17
Athreatincybersecurityisamaliciousactivitybyanindividualor
organizationtocorruptorstealdata,gainaccesstoanetwork,ordisrupts
digitallifeingeneral.Thecybercommunitydefinesthefollowingthreats
availabletoday:
04/09/24 Prof.(Dr.) Poonam Panwar17
Malware
Malware means malicious software, which is the most common cyber attacking
tool. It is used by the cybercriminal or hacker to disrupt or damage a legitimate
user's system. The following are the important types of malware created by the
hacker:
•Virus:Itisamaliciouspieceofcodethatspreadsfromonedevicetoanother.It
cancleanfilesandspreadsthroughoutacomputersystem,infectingfiles,stoles
information,ordamagedevice.
•Spyware:Itisasoftwarethatsecretlyrecordsinformationaboutuseractivitieson
theirsystem.Forexample,spywarecouldcapturecreditcarddetailsthatcanbe
usedbythecybercriminalsforunauthorizedshopping,moneywithdrawing,etc.
•Trojans:Itisatypeofmalwareorcodethatappearsaslegitimatesoftwareorfile
tofoolusintodownloadingandrunning.Itsprimarypurposeistocorruptorsteal
datafromourdeviceordootherharmfulactivitiesonournetwork.
04/09/24 Prof.(Dr.) Poonam Panwar18
Malware means malicious software, which is the most common cyber attacking
tool. It is used by the cybercriminal or hacker to disrupt or damage a legitimate
user's system. The following are the important types of malware created by the
hacker:
•Virus:Itisamaliciouspieceofcodethatspreadsfromonedevicetoanother.It
cancleanfilesandspreadsthroughoutacomputersystem,infectingfiles,stoles
information,ordamagedevice.
•Spyware:Itisasoftwarethatsecretlyrecordsinformationaboutuseractivitieson
theirsystem.Forexample,spywarecouldcapturecreditcarddetailsthatcanbe
usedbythecybercriminalsforunauthorizedshopping,moneywithdrawing,etc.
•Trojans:Itisatypeofmalwareorcodethatappearsaslegitimatesoftwareorfile
tofoolusintodownloadingandrunning.Itsprimarypurposeistocorruptorsteal
datafromourdeviceordootherharmfulactivitiesonournetwork.
04/09/24 Prof.(Dr.) Poonam Panwar18
Malware
•Ransomware:It'sapieceofsoftwarethatencryptsauser'sfilesanddataonadevice,
renderingthemunusableorerasing.Then,amonetaryransomisdemandedbymaliciousactorsfordecryption.
•Worms:Itisapieceofsoftwarethatspreadscopiesofitselffromdevicetodevicewithout
humaninteraction.Itdoesnotrequirethemtoattachthemselvestoanyprogramtosteal
ordamagethedata.
•Adware:Itisanadvertisingsoftwareusedtospreadmalwareanddisplaysadvertisements
onourdevice.Itisanunwantedprogramthatisinstalledwithouttheuser'spermission.
Themainobjectiveofthisprogramistogeneraterevenueforitsdeveloperbyshowingthe
adsontheirbrowser.
•Botnets:Itisacollectionofinternet-connectedmalware-infecteddevicesthatallow
cybercriminalstocontrolthem.Itenablescybercriminalstogetcredentialsleaks,
unauthorizedaccess,anddatatheftwithouttheuser'spermission.
04/09/24 Prof.(Dr.) Poonam Panwar19
•Ransomware:It'sapieceofsoftwarethatencryptsauser'sfilesanddataonadevice,
renderingthemunusableorerasing.Then,amonetaryransomisdemandedbymaliciousactorsfordecryption.
•Worms:Itisapieceofsoftwarethatspreadscopiesofitselffromdevicetodevicewithout
humaninteraction.Itdoesnotrequirethemtoattachthemselvestoanyprogramtosteal
ordamagethedata.
•Adware:Itisanadvertisingsoftwareusedtospreadmalwareanddisplaysadvertisements
onourdevice.Itisanunwantedprogramthatisinstalledwithouttheuser'spermission.
Themainobjectiveofthisprogramistogeneraterevenueforitsdeveloperbyshowingthe
adsontheirbrowser.
•Botnets:Itisacollectionofinternet-connectedmalware-infecteddevicesthatallow
cybercriminalstocontrolthem.Itenablescybercriminalstogetcredentialsleaks,
unauthorizedaccess,anddatatheftwithouttheuser'spermission.
04/09/24 Prof.(Dr.) Poonam Panwar19
04/09/24 Prof.(Dr.) Poonam Panwar20
Phishing
Phishingisatypeofcybercrimeinwhichasenderseemstocomefroma
genuineorganizationlikePayPal,eBay,financialinstitutions,orfriendsand
co-workers.Theycontactatargetortargetsviaemail,phone,ortextmessage
withalinktopersuadethemtoclickonthatlinks.Thislinkwillredirectthem
tofraudulentwebsitestoprovidesensitivedatasuchaspersonalinformation,
bankingandcreditcardinformation,socialsecuritynumbers,usernames,and
passwords.Clickingonthelinkwillalsoinstallmalwareonthetargetdevices
thatallowhackerstocontroldevicesremotely.
04/09/24 Prof.(Dr.) Poonam Panwar21
Phishingisatypeofcybercrimeinwhichasenderseemstocomefroma
genuineorganizationlikePayPal,eBay,financialinstitutions,orfriendsand
co-workers.Theycontactatargetortargetsviaemail,phone,ortextmessage
withalinktopersuadethemtoclickonthatlinks.Thislinkwillredirectthem
tofraudulentwebsitestoprovidesensitivedatasuchaspersonalinformation,
bankingandcreditcardinformation,socialsecuritynumbers,usernames,and
passwords.Clickingonthelinkwillalsoinstallmalwareonthetargetdevices
thatallowhackerstocontroldevicesremotely.
04/09/24 Prof.(Dr.) Poonam Panwar21
Phishing
04/09/24 Prof.(Dr.) Poonam Panwar22
04/09/24 Prof.(Dr.) Poonam Panwar22
Man-in-the-middle (MITM) attack
Aman-in-the-middleattackisatypeofcyberthreat(aformofeavesdropping
attack)inwhichacybercriminalinterceptsaconversationordatatransfer
betweentwoindividuals.Oncethecybercriminalplacesthemselvesinthe
middleofatwo-partycommunication,theyseemlikegenuineparticipants
andcangetsensitiveinformationandreturndifferentresponses.Themain
objectiveofthistypeofattackistogainaccesstoourbusinessorcustomer
data.Forexample,acybercriminalcouldinterceptdatapassingbetweenthe
targetdeviceandthenetworkonanunprotectedWi-Finetwork.
04/09/24 Prof.(Dr.) Poonam Panwar23
Aman-in-the-middleattackisatypeofcyberthreat(aformofeavesdropping
attack)inwhichacybercriminalinterceptsaconversationordatatransfer
betweentwoindividuals.Oncethecybercriminalplacesthemselvesinthe
middleofatwo-partycommunication,theyseemlikegenuineparticipants
andcangetsensitiveinformationandreturndifferentresponses.Themain
objectiveofthistypeofattackistogainaccesstoourbusinessorcustomer
data.Forexample,acybercriminalcouldinterceptdatapassingbetweenthe
targetdeviceandthenetworkonanunprotectedWi-Finetwork.
04/09/24 Prof.(Dr.) Poonam Panwar23
04/09/24 Prof.(Dr.) Poonam Panwar24
Man-in-the-middle (MITM) attack
Man-in-the-middle (MITM) attack
Distributed denial of service (DDoS)
Itisatypeofcyberthreatormaliciousattemptwherecybercriminalsdisrupt
targetedservers,services,ornetwork'sregulartrafficbyfulfillinglegitimate
requeststothetargetoritssurroundinginfrastructurewithInternettraffic.
HeretherequestscomefromseveralIPaddressesthatcanmakethesystem
unusable,overloadtheirservers,slowingdownsignificantlyortemporarily
takingthemoffline,orpreventinganorganizationfromcarryingoutitsvital
functions.
04/09/24 Prof.(Dr.) Poonam Panwar25
Itisatypeofcyberthreatormaliciousattemptwherecybercriminalsdisrupt
targetedservers,services,ornetwork'sregulartrafficbyfulfillinglegitimate
requeststothetargetoritssurroundinginfrastructurewithInternettraffic.
HeretherequestscomefromseveralIPaddressesthatcanmakethesystem
unusable,overloadtheirservers,slowingdownsignificantlyortemporarily
takingthemoffline,orpreventinganorganizationfromcarryingoutitsvital
functions.
04/09/24 Prof.(Dr.) Poonam Panwar25
Distributed denial of service (DDoS)
04/09/24 Prof.(Dr.) Poonam Panwar26
04/09/24 Prof.(Dr.) Poonam Panwar26
Brute Force
Abruteforceattackisacryptographichack
thatusesatrial-and-errormethodtoguessall
possiblecombinationsuntilthecorrect
informationisdiscovered.Cybercriminals
usuallyusethisattacktoobtainpersonal
informationabouttargetedpasswords,login
info,encryptionkeys,andPersonal
IdentificationNumbers(PINS).
04/09/24 Prof.(Dr.) Poonam Panwar27
Abruteforceattackisacryptographichack
thatusesatrial-and-errormethodtoguessall
possiblecombinationsuntilthecorrect
informationisdiscovered.Cybercriminals
usuallyusethisattacktoobtainpersonal
informationabouttargetedpasswords,login
info,encryptionkeys,andPersonal
IdentificationNumbers(PINS).
04/09/24 Prof.(Dr.) Poonam Panwar27
SQL Injection (SQLI)
SQLinjectionisacommonattackthat
occurswhencybercriminalsuse
maliciousSQLscriptsforbackend
databasemanipulationtoaccess
sensitiveinformation.Oncetheattackis
successful,themaliciousactorcanview,
change,ordeletesensitivecompany
data,userlists,orprivatecustomer
detailsstoredintheSQLdatabase.
04/09/24 Prof.(Dr.) Poonam Panwar28
SQLinjectionisacommonattackthat
occurswhencybercriminalsuse
maliciousSQLscriptsforbackend
databasemanipulationtoaccess
sensitiveinformation.Oncetheattackis
successful,themaliciousactorcanview,
change,ordeletesensitivecompany
data,userlists,orprivatecustomer
detailsstoredintheSQLdatabase.
04/09/24 Prof.(Dr.) Poonam Panwar28
Domain Name System (DNS) attack
ADNSattackisatypeofcyberattackin
whichcybercriminalstakeadvantage
offlawsintheDomainNameSystemto
redirectsiteuserstomaliciouswebsites
(DNShijacking)andstealdatafrom
affectedcomputers.Itisasevere
cybersecurityriskbecausetheDNS
systemisanessentialelementofthe
internetinfrastructure.
04/09/24 Prof.(Dr.) Poonam Panwar29
ADNSattackisatypeofcyberattackin
whichcybercriminalstakeadvantage
offlawsintheDomainNameSystemto
redirectsiteuserstomaliciouswebsites
(DNShijacking)andstealdatafrom
affectedcomputers.Itisasevere
cybersecurityriskbecausetheDNS
systemisanessentialelementofthe
internetinfrastructure.
04/09/24 Prof.(Dr.) Poonam Panwar29
Latest Cyber Threats
ThefollowingarethelatestcyberthreatsreportedbytheU.K.,U.S.,andAustralian
governments:
•RomanceScams:TheU.S.governmentfoundthiscyberthreatinFebruary2020.
Cybercriminalsusedthisthreatthroughdatingsites,chatrooms,andapps.They
attackpeoplewhoareseekinganewpartneranddupingthemintogivingaway
personaldata.
•DridexMalware:ItisatypeoffinancialTrojanmalwareidentifiesbytheU.S.
inDecember2019thataffectsthepublic,government,infrastructure,andbusiness
worldwide.Itinfectscomputersthroughphishingemailsorexistingmalwareto
stealsensitiveinformationsuchaspasswords,bankingdetails,andpersonaldatafor
fraudulenttransactions.TheNationalCyberSecurityCentreoftheUnitedKingdom
encouragespeopletomakesuretheirdevicesarepatched,anti-virusisturnedon
anduptodate,andfilesarebackeduptoprotectsensitivedataagainstthisattack.
04/09/24 Prof.(Dr.) Poonam Panwar30
ThefollowingarethelatestcyberthreatsreportedbytheU.K.,U.S.,andAustralian
governments:
•RomanceScams:TheU.S.governmentfoundthiscyberthreatinFebruary2020.
Cybercriminalsusedthisthreatthroughdatingsites,chatrooms,andapps.They
attackpeoplewhoareseekinganewpartneranddupingthemintogivingaway
personaldata.
•DridexMalware:ItisatypeoffinancialTrojanmalwareidentifiesbytheU.S.
inDecember2019thataffectsthepublic,government,infrastructure,andbusiness
worldwide.Itinfectscomputersthroughphishingemailsorexistingmalwareto
stealsensitiveinformationsuchaspasswords,bankingdetails,andpersonaldatafor
fraudulenttransactions.TheNationalCyberSecurityCentreoftheUnitedKingdom
encouragespeopletomakesuretheirdevicesarepatched,anti-virusisturnedon
anduptodate,andfilesarebackeduptoprotectsensitivedataagainstthisattack.
04/09/24 Prof.(Dr.) Poonam Panwar30
EmotetMalware
Emotetisatypeofcyber-attackthat
stealssensitivedataandalsoinstalls
othermalwareonourdevice.The
AustralianCyberSecurityCentre
warnednationalorganizations
aboutthisglobalcyberthreatin
2019.
04/09/24 Prof.(Dr.) Poonam Panwar31
Emotetisatypeofcyber-attackthat
stealssensitivedataandalsoinstalls
othermalwareonourdevice.The
AustralianCyberSecurityCentre
warnednationalorganizations
aboutthisglobalcyberthreatin
2019.
04/09/24 Prof.(Dr.) Poonam Panwar31
Systems that can be affected by
security breaches and attacks:
•Communication:Cyberattackerscanusephonecalls,emails,textmessages,and
messagingappsforcyberattacks.
•Finance:Thissystemdealswiththeriskoffinancialinformationlikebankandcredit
carddetail.Thisinformationisnaturallyaprimarytargetforcyberattackers.
•Governments:Thecybercriminalgenerallytargetsthegovernmentinstitutionsto
getconfidentialpublicdataorprivatecitizeninformation.
•Transportation:Inthissystem,cybercriminalsgenerallytargetconnectedcars,
trafficcontrolsystems,andsmartroadinfrastructure.
•Healthcare:Acybercriminaltargetsthehealthcaresystemtogettheinformation
storedatalocalclinictocriticalcaresystemsatanationalhospital.
•Education:Acybercriminalstargeteducationalinstitutionstogettheirconfidential
researchdataandinformationofstudentsandemployees.
04/09/24 Prof.(Dr.) Poonam Panwar32
security breaches and attacks:
•Communication:Cyberattackerscanusephonecalls,emails,textmessages,and
messagingappsforcyberattacks.
•Finance:Thissystemdealswiththeriskoffinancialinformationlikebankandcredit
carddetail.Thisinformationisnaturallyaprimarytargetforcyberattackers.
•Governments:Thecybercriminalgenerallytargetsthegovernmentinstitutionsto
getconfidentialpublicdataorprivatecitizeninformation.
•Transportation:Inthissystem,cybercriminalsgenerallytargetconnectedcars,
trafficcontrolsystems,andsmartroadinfrastructure.
•Healthcare:Acybercriminaltargetsthehealthcaresystemtogettheinformation
storedatalocalclinictocriticalcaresystemsatanationalhospital.
•Education:Acybercriminalstargeteducationalinstitutionstogettheirconfidential
researchdataandinformationofstudentsandemployees.
04/09/24 Prof.(Dr.) Poonam Panwar32
The 7 Industries Most Vulnerable to
Cyberattacks
04/09/24 Prof.(Dr.) Poonam Panwar33
Cyberattacks
04/09/24 Prof.(Dr.) Poonam Panwar33
Benefits of Cyber Security
Thefollowingarethebenefitsofimplementingandmaintainingcybersecurity:
•Cyberattacksanddatabreachprotectionforbusinesses.
•Dataandnetworksecurityarebothprotected.
•Unauthorizeduseraccessisavoided.
•Afterabreach,thereisafasterrecoverytime.
•End-userandendpointdeviceprotection.
•Regulatoryadherence.
•Continuityofoperations.
•Developers,partners,consumers,stakeholders,andworkershavemorefaithinthe
company'sreputationandtrust.
04/09/24 Prof.(Dr.) Poonam Panwar34
Thefollowingarethebenefitsofimplementingandmaintainingcybersecurity:
•Cyberattacksanddatabreachprotectionforbusinesses.
•Dataandnetworksecurityarebothprotected.
•Unauthorizeduseraccessisavoided.
•Afterabreach,thereisafasterrecoverytime.
•End-userandendpointdeviceprotection.
•Regulatoryadherence.
•Continuityofoperations.
•Developers,partners,consumers,stakeholders,andworkershavemorefaithinthe
company'sreputationandtrust.
04/09/24 Prof.(Dr.) Poonam Panwar34
04/09/24 Prof.(Dr.) Poonam Panwar35
Cyber Safety Tips
Letusseehowtoprotectourselveswhenanycyberattackshappen.Thefollowing
arethepopularcybersafetytips:
•Conductcybersecuritytrainingandawareness:Everyorganizationmusttrain
theirstaffsoncybersecurity,companypolicies,andincidentreportingforastrong
cybersecuritypolicytobesuccessful.Ifthestaffdoesunintentionalorintentional
maliciousactivities,itmayfailthebesttechnicalsafeguardsthatresultinan
expensivesecuritybreach.Therefore,itisusefultoconductsecuritytrainingand
awarenessforstaffthroughseminars,classes,andonlinecoursesthatreduce
securityviolations.
•Updatesoftwareandoperatingsystem:Themostpopularsafetymeasureisto
updatethesoftwareandO.S.togetthebenefitofthelatestsecuritypatches.
04/09/24 Prof.(Dr.) Poonam Panwar36
Letusseehowtoprotectourselveswhenanycyberattackshappen.Thefollowing
arethepopularcybersafetytips:
•Conductcybersecuritytrainingandawareness:Everyorganizationmusttrain
theirstaffsoncybersecurity,companypolicies,andincidentreportingforastrong
cybersecuritypolicytobesuccessful.Ifthestaffdoesunintentionalorintentional
maliciousactivities,itmayfailthebesttechnicalsafeguardsthatresultinan
expensivesecuritybreach.Therefore,itisusefultoconductsecuritytrainingand
awarenessforstaffthroughseminars,classes,andonlinecoursesthatreduce
securityviolations.
•Updatesoftwareandoperatingsystem:Themostpopularsafetymeasureisto
updatethesoftwareandO.S.togetthebenefitofthelatestsecuritypatches.
04/09/24 Prof.(Dr.) Poonam Panwar36
Cyber Safety Tips
•Useanti-virussoftware:Itisalsousefultousetheanti-virussoftwarethatwill
detectandremovesunwantedthreatsfromyourdevice.Thissoftwareisalways
updatedtogetthebestlevelofprotection.
•Performperiodicsecurityreviews:Everyorganizationensuresperiodicsecurity
inspectionsofallsoftwareandnetworkstoidentifysecurityrisksearlyina
secureenvironment.Somepopularexamplesofsecurityreviewsareapplication
andnetworkpenetrationtesting,sourcecodereviews,architecturedesign
reviews,andredteamassessments.Inaddition,organizationsshouldprioritize
andmitigatesecurityvulnerabilitiesasquicklyaspossibleaftertheyare
discovered.
•Usestrongpasswords:Itisrecommendedtoalwaysuselongandvarious
combinationsofcharactersandsymbolsinthepassword.Itmakesthepasswords
arenoteasilyguessable.
04/09/24 Prof.(Dr.) Poonam Panwar37
•Useanti-virussoftware:Itisalsousefultousetheanti-virussoftwarethatwill
detectandremovesunwantedthreatsfromyourdevice.Thissoftwareisalways
updatedtogetthebestlevelofprotection.
•Performperiodicsecurityreviews:Everyorganizationensuresperiodicsecurity
inspectionsofallsoftwareandnetworkstoidentifysecurityrisksearlyina
secureenvironment.Somepopularexamplesofsecurityreviewsareapplication
andnetworkpenetrationtesting,sourcecodereviews,architecturedesign
reviews,andredteamassessments.Inaddition,organizationsshouldprioritize
andmitigatesecurityvulnerabilitiesasquicklyaspossibleaftertheyare
discovered.
•Usestrongpasswords:Itisrecommendedtoalwaysuselongandvarious
combinationsofcharactersandsymbolsinthepassword.Itmakesthepasswords
arenoteasilyguessable.
04/09/24 Prof.(Dr.) Poonam Panwar37
Cyber Safety Tips
•Donotopenemailattachmentsfromunknownsenders:Thecyberexpert
alwaysadvisesnottoopenorclicktheemailattachmentgettingfrom
unverifiedsendersorunfamiliarwebsitesbecauseitcouldbeinfectedwith
malware.
•AvoidusingunsecuredWi-Finetworksinpublicplaces:Itshouldalsobe
advisednottouseinsecurenetworksbecausetheycanleaveyouvulnerable
toman-in-the-middleattacks.
•Backupdata:Everyorganizationmustperiodicallytakebackupoftheirdata
toensureallsensitivedataisnotlostorrecoveredafterasecuritybreach.In
addition,backupscanhelpmaintaindataintegrityincyber-attacksuchas
SQLinjections,phishing,andransomware.
04/09/24 Prof.(Dr.) Poonam Panwar38
•Donotopenemailattachmentsfromunknownsenders:Thecyberexpert
alwaysadvisesnottoopenorclicktheemailattachmentgettingfrom
unverifiedsendersorunfamiliarwebsitesbecauseitcouldbeinfectedwith
malware.
•AvoidusingunsecuredWi-Finetworksinpublicplaces:Itshouldalsobe
advisednottouseinsecurenetworksbecausetheycanleaveyouvulnerable
toman-in-the-middleattacks.
•Backupdata:Everyorganizationmustperiodicallytakebackupoftheirdata
toensureallsensitivedataisnotlostorrecoveredafterasecuritybreach.In
addition,backupscanhelpmaintaindataintegrityincyber-attacksuchas
SQLinjections,phishing,andransomware.
04/09/24 Prof.(Dr.) Poonam Panwar38
04/09/24 Prof.(Dr.) Poonam Panwar39
Thank You
04/09/24 Prof.(Dr.) Poonam Panwar40
04/09/24 Prof.(Dr.) Poonam Panwar40
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 59
- Slides 40
- Age 461 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
85 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
78 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
76 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
62 views
21
Know for Certain
DaveSinNM
36 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
41 views