Module 1: Introduction to Cyber Security

What is Cyber Security?

The technique of protecting internet-connected systems such as computers, servers, mobile devices,
electronic systems, networks, and data from malicious attacks is known as cybersecurity. It is also called
electronic information security or information technology security.
Cyber refers to the technology that includes systems, networks, programs, and data. And security is concerned
with the protection of systems, networks, applications, and information.

Some other definitions of cybersecurity are:

"Cyber Security is the body of technologies, processes, and practices designed to protect networks, devices,
programs, and data from attack, theft, damage, modification or unauthorized access."
"Cyber Security is the set of principles and practices designed to protect our computing resources and online
information against threats."

Types of Cyber Security

Every organization's assets are the combinations of a variety of different systems. These systems have a strong
cybersecurity posture that requires coordinated efforts across all of its systems. Therefore, we can categorize
cybersecurity in the following sub-domains:
○ Network Security: It involves implementing the hardware and software to secure a computer network
from unauthorized access, intruders, attacks, disruption, and misuse. This security helps an
organization to protect its assets against external and internal threats.
○ Application Security: It involves protecting the software and devices from unwanted threats. This
protection can be done by constantly updating the apps to ensure they are secure from attacks.
Successful security begins in the design stage, writing source code, validation, threat modeling, etc.,
before a program or device is deployed.
○ Information or Data Security: It involves implementing a strong data storage mechanism to maintain
the integrity and privacy of data, both in storage and in transit.
○ Identity management: It deals with the procedure for determining the level of access that each
individual has within an organization.
○ Operational Security: It involves processing and making decisions on handling and securing data
assets.
○ Mobile Security: It involves securing the organizational and personal data stored on mobile devices
such as cell phones, computers, tablets, and other similar devices against various malicious threats.
These threats are unauthorized access, device loss or theft, malware, etc.
○ Cloud Security: It involves protecting the information stored in the digital environment or cloud
architectures for the organization. It uses various cloud service providers such as AWS, Azure, Google,
etc., to ensure security against multiple threats.
○ Disaster Recovery and Business Continuity Planning: It deals with the processes, monitoring, alerts,
and plans to how an organization responds when any malicious activity is causing the loss of
operations or data. Its policies dictate resuming the lost operations after any disaster happens to the
same operating capacity as before the event.
 ○ User Education: It deals with the process of educating the users of the systems, networks and data, so
that the chance of cyber attacks will be minimized.

Importance of Cyber Security

Today we live in a digital era where all aspects of our lives depend on the network, computer and other
electronic devices, and software applications. All critical infrastructure such as the banking system, healthcare,
financial institutions, governments, and manufacturing industries use devices connected to the Internet as a
core part of their operations. Some of their information, such as intellectual property, financial data, and
personal data, can be sensitive for unauthorized access or exposure that could have negative consequences.
This information gives intruders and threat actors to infiltrate them for financial gain, extortion, political or
social motives, or just vandalism.
Cyber-attack is now an international concern that hacks the system, and other security attacks could endanger
the global economy. Therefore, it is essential to have an excellent cybersecurity strategy to protect sensitive
information from high-profile security breaches. Furthermore, as the volume of cyber-attacks grows,
companies and organizations, especially those that deal with information related to national security, health,
or financial records, need to use strong cybersecurity measures and processes to protect their sensitive
business and personal information.

Cyber Security Goals

Cyber Security's main objective is to ensure data protection. The security community provides a triangle of
three related principles to protect the data from cyber-attacks. This principle is called the CIA triad. The CIA
model is designed to guide policies for an organization's information security infrastructure. When any
security breaches are found, one or more of these principles has been violated.
We can break the CIA model into three parts: Confidentiality, Integrity, and Availability. It is actually a security
model that helps people to think about various parts of IT security. Let us discuss each part in detail.

Confidentiality
Confidentiality is equivalent to privacy that avoids unauthorized access of information. It involves ensuring the
data is accessible by those who are allowed to use it and blocking access to others. It prevents essential
information from reaching the wrong people. Data encryption is an excellent example of ensuring
confidentiality.
Integrity
This principle ensures that the data is authentic, accurate, and safeguarded from unauthorized modification by
threat actors or accidental user modification. If any modifications occur, certain measures should be taken to
protect the sensitive data from corruption or loss and speedily recover from such an event. In addition, it
indicates to make the source of information genuine.
Availability
This principle always makes the information available and useful for its authorized people. It ensures that
these accesses are not hindered by system malfunction or cyber-attacks.

Types of Cyber Security Threats

A threat in cybersecurity is a malicious activity by an individual or organization to corrupt or steal data, gain
access to a network, or disrupts digital life in general. The cyber community defines the following threats
available today:

Malware
Malware means malicious software, which is the most common cyber attacking tool. It is used by the
cybercriminal or hacker to disrupt or damage a legitimate user's system. The following are the important types
of malware created by the hacker:
○ Virus: It is a malicious piece of code that spreads from one device to another. It can clean files and
spreads throughout a computer system, infecting files, stoles information, or damage device.
○ Spyware: It is a software that secretly records information about user activities on their system. For
example, spyware could capture credit card details that can be used by the cybercriminals for
unauthorized shopping, money withdrawing, etc.
○ Trojans: It is a type of malware or code that appears as legitimate software or file to fool us into
downloading and running. Its primary purpose is to corrupt or steal data from our device or do other
harmful activities on our network.
○ Ransomware: It's a piece of software that encrypts a user's files and data on a device, rendering them
unusable or erasing. Then, a monetary ransom is demanded by malicious actors for decryption.
○ Worms: It is a piece of software that spreads copies of itself from device to device without human
interaction. It does not require them to attach themselves to any program to steal or damage the data.
 ○ Adware: It is an advertising software used to spread malware and displays advertisements on our
device. It is an unwanted program that is installed without the user's permission. The main objective of
this program is to generate revenue for its developer by showing the ads on their browser.
○ Botnets: It is a collection of internet-connected malware-infected devices that allow cybercriminals to
control them. It enables cybercriminals to get credentials leaks, unauthorized access, and data theft
without the user's permission.
Phishing
Phishing is a type of cybercrime in which a sender seems to come from a genuine organization like PayPal,
eBay, financial institutions, or friends and co-workers. They contact a target or targets via email, phone, or text
message with a link to persuade them to click on that links. This link will redirect them to fraudulent websites
to provide sensitive data such as personal information, banking and credit card information, social security
numbers, usernames, and passwords. Clicking on the link will also install malware on the target devices that
allow hackers to control devices remotely.
Man-in-the-middle (MITM) attack
A man-in-the-middle attack is a type of cyber threat (a form of eavesdropping attack) in which a cybercriminal
intercepts a conversation or data transfer between two individuals. Once the cybercriminal places
themselves in the middle of a two-party communication, they seem like genuine participants and can get
sensitive information and return different responses. The main objective of this type of attack is to gain access
to our business or customer data. For example, a cybercriminal could intercept data passing between the
target device and the network on an unprotected Wi-Fi network.
Distributed denial of service (DDoS)
It is a type of cyber threat or malicious attempt where cybercriminals disrupt targeted servers, services, or
network's regular traffic by fulfilling legitimate requests to the target or its surrounding infrastructure with
Internet traffic. Here the requests come from several IP addresses that can make the system unusable,
overload their servers, slowing down significantly or temporarily taking them offline, or preventing an
organization from carrying out its vital functions.
Brute Force
A brute force attack is a cryptographic hack that uses a trial-and-error method to guess all possible
combinations until the correct information is discovered. Cybercriminals usually use this attack to obtain
personal information about targeted passwords, login info, encryption keys, and Personal Identification
Numbers (PINS).
SQL Injection (SQLI)
SQL injection is a common attack that occurs when cybercriminals use malicious SQL scripts for backend
database manipulation to access sensitive information. Once the attack is successful, the malicious actor can
view, change, or delete sensitive company data, user lists, or private customer details stored in the SQL
database.
Domain Name System (DNS) attack
A DNS attack is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system.
When successful, they can hinder the functionality of DNS servers, redirect users to malicious websites
without their knowledge or gain unauthorized access to an organization's resources, such as sensitive or
confidential data.

Latest Cyber Threats

The following are the latest cyber threats reported by the U.K., U.S., and Australian governments:
Romance Scams
The U.S. government found this cyber threat in February 2020. Cybercriminals used this threat through dating
sites, chat rooms, and apps. They attack people who are seeking a new partner and duping them into giving
away personal data.

Dridex Malware
It is a type of financial Trojan malware identifies by the U.S. in December 2019 that affects the public,
government, infrastructure, and business worldwide. It infects computers through phishing emails or existing
malware to steal sensitive information such as passwords, banking details, and personal data for fraudulent
transactions. The National Cyber Security Centre of the United Kingdom encourages people to make sure their
devices are patched, anti-virus is turned on and up to date, and files are backed up to protect sensitive data
against this attack.
Emotet Malware
Emotet is a type of cyber-attack that steals sensitive data and also installs other malware on our device. The
Australian Cyber Security Centre warned national organizations about this global cyber threat in 2019.
The following are the system that can be affected by security breaches and attacks:
○ Communication: Cyber attackers can use phone calls, emails, text messages, and messaging apps for
cyberattacks.
○ Finance: This system deals with the risk of financial information like bank and credit card details. This
information is naturally a primary target for cyber attackers.
○ Governments: The cybercriminal generally targets the government institutions to get confidential
public data or private citizen information.
○ Transportation: In this system, cybercriminals generally target connected cars, traffic control systems,
and smart road infrastructure.
○ Healthcare: A cybercriminal targets the healthcare system to get the information stored at a local clinic
to critical care systems at a national hospital.
○ Education: Cybercriminals target educational institutions to get their confidential research data and
information of students and employees.
Benefits of Cyber Security
○ Cyberattacks and data breach protection for businesses.
○ Data and network security are both protected.
○ Unauthorized user access is avoided.
○ After a breach, there is a faster recovery time.
○ End-user and endpoint device protection.
○ Regulatory adherence.
○ Continuity of operations.
○ Developers, partners, consumers, stakeholders, and workers have more faith in the company's
reputation and trust.
What is Vulnerability Assessment?
A vulnerability assessment helps identify, classify, and prioritize vulnerabilities in network infrastructure,
computer systems, and applications. A vulnerability is a security weaknesses that might expose the
organization to cyber threats or risks. Vulnerability assessments often employ automated testing tools such as
network security scanners, showing the results in a vulnerability assessment report.
Vulnerability assessments provide organizations with the necessary knowledge, awareness and risk
backgrounds to understand and react to threats to their environment.

Importance of vulnerability assessments

Vulnerability assessments provide organizations with details on security weaknesses in their environments.
They also provide directions on how to assess the risks associated with those weaknesses. This process offers
the organization a better understanding of assets, security flaws and overall risk, reducing the likelihood a
cybercriminal will breach their systems.
Types of vulnerability assessments
Vulnerability assessments discover different types of system or network vulnerabilities. The assessment
process includes using a variety of tools, scanners and methodologies to identify vulnerabilities, threats and
risks.
Types of vulnerability assessment scans include the following:
● Network-based scans identify possible network security attacks. This type of scan can also detect
vulnerable systems on wired or wireless networks.
● Host-based scans locate and identify vulnerabilities in servers, workstations or other network
hosts. This scan usually examines ports and services that could be visible on network-based scans.
It offers greater visibility into the configuration settings and patch history of scanned systems, even
legacy systems.
● Wireless network scans focus on points of attack in wireless network infrastructure. In addition to
identifying rogue access points, a wireless network scan also validates a company's network is
securely configured.
● Application scans test websites to detect known software vulnerabilities and incorrect
configurations in network or web applications.
● Database scans identify weak points in a database to prevent malicious attacks, such as SQL
injection attacks.
How does a vulnerability assessment work?
There are three primary objectives of a vulnerability assessment.
1. Identify vulnerabilities ranging from critical design flaws to simple misconfigurations.
2. Document the vulnerabilities so that developers can easily identify and reproduce the findings.
3. Create guidance to assist developers with remediating the identified vulnerabilities.
Vulnerability testing can take various forms. One method is Dynamic Application Security Testing (DAST). A
dynamic analysis testing technique that involves executing an application (most commonly a Web application),
DAST is performed specifically to identify security defects by providing inputs or other failure conditions to
find defects in real time. Conversely, Static Application Security Testing (SAST) is the analysis of an
application’s source code or object code in order to identify vulnerabilities without running the program.
The two methodologies approach applications very differently. They are most effective at different phases of
the software development life cycle (SDLC) and find different types of vulnerabilities. For example, SAST
detects critical vulnerabilities such as cross-site scripting (XSS) and SQL injection earlier in the SDLC. DAST, on
the other hand, uses an outside-in penetration testing approach to identify security vulnerabilities while Web
applications are running.
Another method of vulnerability assessment in and of itself, penetration testing entails goal-oriented security
testing. Emphasizing an adversarial approach (simulating an attacker’s methods), penetration testing pursues
one or more specific objectives (e.g., capture the flag).
Vulnerability assessments vs. penetration tests
A vulnerability assessment often includes a pen testing component to identify vulnerabilities in an
organization's personnel, procedures or processes. These vulnerabilities might not normally be detectable
with network or system scans. The process is sometimes referred to as vulnerability assessment/penetration
testing, or VAPT.
Pen testing is not sufficient as a complete vulnerability assessment and is, in fact, a separate process. A
vulnerability assessment aims to uncover vulnerabilities in a network and recommend the appropriate
mitigation or remediation to reduce or remove the risks.
Types of cybersecurity roles
Computer forensic analyst
A computer forensic analyst is a professional who assesses devices and systems and finds methods for
recovering data.
IT security specialist
An information technology security specialist works with a team of IT professionals to develop strategies for
protecting devices and systems within an organization from cyberattacks.
Security manager
A security manager is a leader who oversees security measures within an organization.
Security engineer
Security engineers are technical professionals with developed understandings of computer networking and
operating systems.
Security consultant
Security consultants are highly knowledgeable security professionals who help organizations identify ways in
which they can improve their security measures.
Security administrator
A security administrator, or security manager, is someone who manages security solutions.
Information security analyst
An information security analyst gathers and assesses data to learn more about an organization's security
profile.
Network security engineer
A network security engineer focuses on how devices and computers connect to one another using the
internet.
Machine learning engineer
A machine learning engineer designs, creates and implements algorithms for artificial intelligence.

Critical thinking in cyber security

Critical thinking enables cyber security experts to assess risks, evaluate evidence, and make informed
decisions that protect individuals and organisations from potential threats.
The role of critical thinking in cyber security
Critical thinking plays a fundamental role in cyber security by enabling professionals to approach problems and
scenarios systematically and analytically.
By applying critical thinking, experts can identify system vulnerabilities, evaluate the effectiveness of security
measures, and devise strategies to mitigate risks.
Moreover, critical thinking allows for identifying patterns, connections, and potential threats that may go
unnoticed by others.
Need of cybersecurity
Cybersecurity is essential for protecting our digital assets, including sensitive personal and financial
information, intellectual property, and critical infrastructure. Cyberattacks can have serious consequences,
including financial loss, reputational damage, and even physical harm.
Cyber security is vital in any organization, no matter how big or small the organization is. Due to increasing
technology and increasing software across various sectors like government, education, hospitals, etc.,
information is becoming digital through wireless communication networks.
The importance of cyber security is to secure the data of various organizations like email, yahoo, etc., which
have extremely sensitive information that can cause damage to both us and our reputation. Attackers target
small and large companies and obtain their essential documents and information. Cybersecurity has become
increasingly important in today’s interconnected world. As more and more data is stored and transmitted
electronically, the risk of cyber-attacks has also increased.
Cybersecurity Trends in 2024
1. Rise of AI and Machine Learning: More cybersecurity tools are using artificial intelligence (AI) and machine
learning to detect and respond to threats faster than humans can. These technologies can analyze patterns
and predict potential attacks, making them a valuable asset in protecting sensitive data.
2. Increase in Ransomware Attacks: Ransomware, where hackers lock you out of your data until you pay a
ransom, is becoming more common. Companies and individuals alike need to back up their data regularly and
invest in security measures to avoid falling victim to these attacks.
3. Cloud Security: As more businesses move their data to the cloud, ensuring this data is secure is a top
priority. This includes using strong authentication methods and regularly updating security protocols to
protect against breaches.
4. Internet of Things (IoT) Vulnerabilities: With more devices connected to the internet, like smart home
gadgets and wearable tech, there’s an increased risk of cyberattacks. Ensuring these devices have updated
security features is crucial.
5. Zero Trust Security: This approach assumes that threats could come from inside or outside the network, so
it constantly verifies and monitors all access requests. It’s becoming a standard practice to ensure a higher
level of security.
6. Cybersecurity Skills Gap: There is a growing need for skilled cybersecurity professionals. As cyber threats
become more sophisticated, the demand for experts who can protect against these threats is higher than
ever.
7. Regulatory Compliance: New regulations are being introduced worldwide to protect personal data.
Companies must stay informed about these laws to ensure they comply and avoid hefty fines.

Cyber Security Today

Latest Cybersecurity News And Articles

Military-themed Email Scam Spreads Malware to Infect Pakistani Users

Researchers have uncovered a new phishing campaign, named PHANTOM#SPIKE, targeting individuals in
Pakistan. The campaign utilizes military-themed phishing documents to initiate the infection process.

SneakyChef' APT Slices Up Foreign Affairs With SugarGh0st

The group initially used a modified version of Gh0st RAT, called "SugarGh0st RAT," to target South Korea and
the Ministry of Foreign Affairs in Uzbekistan since late August last year.

New Threat: A Deep Dive Into the Zergeca Botnet

Zergeca is a botnet implemented in Golang and supports six different attack methods, as well as proxying,
scanning, self-upgrading, file transfer, reverse shell, and collecting sensitive device information.
Decoding the Caesar Cipher Skimmer
A new variation of the "gtag" credit card skimming attack, known as the "Caesar Cipher Skimmer," has been
detected on multiple CMS platforms including WordPress, Magento, and OpenCart.

Information Technology Act, 2000 (India)

The Information Technology Act, 2000 also Known as an IT Act is an act proposed by the Indian Parliament
reported on 17th October 2000. This Information Technology Act is based on the United Nations Model Law
on Electronic Commerce 1996 (UNCITRAL Model) which was suggested by the General Assembly of the United
Nations by a resolution dated 30th January 1997. It is the most important law in India dealing with Cybercrime
and E-Commerce.
The main objective of this act is to carry out lawful and trustworthy electronic, digital, and online transactions
and alleviate or reduce cybercrimes. The IT Act has 13 chapters and 94 sections. The last four sections which
start from ‘section 91 – section 94’, deal with the revisions to the Indian Penal Code 1860.
The IT Act, of 2000 has two schedules:
● First Schedule: Deals with documents to which the Act shall not apply.
● Second Schedule: Deals with electronic signature or electronic authentication method.
What are the Features of The Information Technology Act, 2000?
The features of The IT Act, 2000 are as follows:
1. The digital signature has been changed to an electronic signature to make it a greater generation-
impartial act.
2. It elaborates on offenses, penalties, and breaches.
3. It outlines the Justice Dispensation Systems for cyber crimes.
4. The Information Technology Act defines in a new segment that a cyber cafe is any facility wherein
access to the net is offered by any person inside the normal business to the general public.
5. It offers the constitution of the Cyber Regulations Advisory Committee.
6. The Information Technology Act is based totally on The Indian Penal Code, of 1860, The Indian
Evidence Act, of 1872, The Bankers’ Books Evidence Act, of 1891, The Reserve Bank of India Act, of
1934, and many others.
7. It adds a provision to Section 81, which states that the provisions of the Act shall have overriding
effect. The provision states that nothing contained inside the Act shall limit any person from
exercising any right conferred under the Copyright Act, of 1957.
The Offenses and the Punishments in IT Act 2000
The offenses and the punishments that fall under the IT Act, of 2000 are as follows:-
1. Tampering with the computer source documents.
2. Directions of Controller to a subscriber to extend facilities to decrypt information.
3. Publishing of information that is obscene in electronic form.
4. Penalty for breach of confidentiality and privacy.
5. Hacking for malicious purposes.
6. Penalty for publishing Digital Signature Certificate false in certain particulars.
7. Penalty for misrepresentation.
8. Confiscation.
9. Power to investigate offenses.
 10. Protected System.
11. Penalties for confiscation are not to interfere with other punishments.
12. Act to apply for offense or contravention committed outside India.
13. Publication for fraud purposes.
14. Power of Controller to give directions.
Punishment For Cyber Crime
In order to control the rise in cybercrime cases, specific punishments are imposed under the India Penal Code,
1860 and the Information Technology Act 2000. Below are the Sections that identify the punishments imposed
on an individual committing cybercrime.
Under The Indian Penal Code
● Section 292: This Section deals with the sale of obscene materials either in the form of a book, paper,
drawing, writing, pamphlet, painting, etc., or sexually explicit acts harming the surroundings. An
individual or a group involved in such an offence is punished with imprisonment and a fine. On a first
conviction, the punishment is imprisonment for two years and Rs. 2000 fine whereas on a second or
subsequent conviction, the punishment is imprisonment for a term that may extend to five years and
Rs. 5,000 fine.
● Section 354C: It deals with the offence of voyeurism, where an individual watches or captures, or
publicizes the image of a woman engaged in a private Act without her consent. Under the provisions of
this Section of IPC, such an offender or criminal is punished with imprisonment of 1 to 3 years and 3 to
7 years for first-time and second-time offenders respectively.
● Section 354D: This section deals with stalking both physical and cyberstalking. As per this Section, “Any
man who follows a woman and contacts, or attempts to contact such woman to foster personal
interaction repeatedly despite a clear indication of disinterest by such woman or monitors the use by a
woman of the interest, email or any other form of electronic communication, commits the offence of
stalking.” An offender will be punished with imprisonment that may extend to three years for the first
offender and five years for the second offender.
● Section 379: If a person commits theft either electronically or physically, he or she will be punished
under the provisions of this Section. It states that “whoever commits theft shall be punished with
imprisonment of either description for a term which may extend to three years or with fine, or with
both.”
● Section 411: If a person receives any stolen property such as a computer, mobile phone, or data then
he or she will be punished for three years or fine or both.
● Section 419: This Section deals with fraud such as email phishing or committing the crime of password
theft for impersonating and collecting data for personal benefit. According to this Section, “Whoever
cheats by personation shall be punished with imprisonment of either description for a term which may
extend to three years, or with fine, or with both.”
● Section 420: It also deals with fraud cases especially ‘cheating and dishonestly inducing delivery of
property’. Whoever dishonestly induces one’s property, “the person deceived to deliver any property
to any person r to make or alter or destroy the whole or any part of a valuable security… and which is
capable of being converted into a valuable security, shall be punished with imprisonment of either
description for a term which may extend to seven years, and shall also be liable to fine.”
● Section 465: The punishment for forgery, email spoofing, preparation of false documents, etc., are
dealt with in Section 465 of the IPC. It states that anyone who commits forgery should be punished
with imprisonment extending to two years, a fine, or both.
● Section 468: This Section deals with the forgery of documents or electronic records for committing
other serious crimes such as cheating. As per the provisions of this Section, whoever commits such a
 crime shall be punished with imprisonment which may extend to seven years with a fine. It is a non-
bailable offence.
● Section 469: According to this Section, forgery for the purpose of harming reputation is a punishable
offence. Section 469 states that “Whoever commits forgery, 1[intending that the document or
electronic record forged] shall harm the reputation of any party, or knowing that it is likely to be used
for that purpose, shall be punished with imprisonment of either description for a term which may
extend to three years, and shall also be liable to fine.”
● Section 500: It states that “Whoever defames another shall be punished with simple imprisonment for
a term which may extend to two years, or with fine, or with both.” This means that any individual who
sends abusive messages or defamatory content via email or any other electronic form is dealt with as
per the provisions of Section 500 of the IPC.
● Section 504: If anyone insults, tries to provoke, or threatens another person with the motive of
affecting their peace via any electronic form of communication will be attracted by Section 504 of the
IPC. As per its provisions, an individual involved in such an offence is punished with imprisonment
which may extend to two years or a fine or both.
● Section 506: This Section deals with the ‘punishment for criminal intimidation’. If an individual tries to
intimidate another individual shall be punished with imprisonment which may extend to two years or a
fine or both. This criminal intimidation can either be physical or through electronic means.
● Section 509: It states that “Whoever intending to insult the modesty of any woman, utters any word,
makes any sound or gesture, or exhibits any object, intending that such word or sound shall be heard,
or that such gesture or object shall be seen, by such woman, or intrudes upon the privacy of such
woman, shall be punished with simple imprisonment for a term which may extend to one year, or with
fine, or with both.”
Under the Information Technology Act
● Section 43 (a-h): It covers 8 instances (a-h) where “If any person without the permission of the owner
or any other person who is in charge of a computer, computer system or computer network,”
● Section 65: ‘Tampering with computer source documents’ is an offence that is punishable under
Section 65 of the Information Technology Act. It states that “Whoever knowingly or intentionally
conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy, or alter
any computer source code used for a computer, computer programme, computer system, or computer
network when the computer source code is required to be kept or maintained by law for the time
being in force, shall be punishable with imprisonment up to three years, or with fine which may extend
up to two lakh rupees, or with both”.
● Section 66 (A-F): This Section deals with punishments for computer-related offences such as sending
offensive messages, receiving stolen computer resources, identity theft, cheating by impersonation,
violation of privacy, and cyber-terrorism, punishments may extend to three years imprisonment or a
fine of up to 5 lakhs, or both.
● Section 67 (A-B): This Section of the Information Technology Act deals with the punishments related to
the publishing or transmitting of obscene material containing sexually explicit act, etc., in an electronic
format. The punishment on the first conviction is imprisonment which may extend to three years and
with a fine extending to 5 lakh rupees. The punishment on the second conviction is imprisonment
which may extend to five years and with a fine extending to 10 lakh rupees.

Cyber Security Models

We’ve highlighted three of the most popular primary cybersecurity models that organizations globally follow
to reach a maturity program level. We also laid out three of the more common secondary, industry-specific
cybersecurity models.
Common Cybersecurity Model Types
 ● NIST
● ISO 27000
● CIS 20
● HIPAA
● PCI-DSS
● GDPR

What is cybersecurity program maturity

A mature cybersecurity program is one where the processes, tools, and people are all aligned and working
together so that the program is successful at mitigating risk. A mature program has buy-in from executive
leadership, but also has goals that are felt across the entire organization. There will always be risks and
vulnerabilities that plague mature cybersecurity programs, but there are actionable and agreed upon plans in
place that partners and vendors agree to when working with a mature cybersecurity program.
The specifics of program maturity boil down to the cybersecurity model chosen and what is counted as
mature for each model. Cybersecurity models also can outline the order in which different steps should
happen to reach program maturity.
Primary Frameworks
NIST Cyber Security Framework
National Institute of Standards and Technology (NIST) is a cybersecurity model commonly used by
organizations in the US. Establishing and communicating your organization’s tolerance for risk is key to
increase program maturity, in accordance to this model. The NIST framework also accounts for the rapidly
changing nature of cybersecurity threats, and advises its followers to continuously adjust their monitoring
techniques and remediation strategies to match the ongoing threat environment.
The NIST cybersecurity model follows five key phases to reaching a mature security management program:
1. Identify - In the first phase, organizations establish a business-wide approach to cybersecurity
management, including an understanding of the current risks to the network, what sensitive
information lives throughout the organization, and what critical business operations exist that need to
be protected from cybersecurity threats
2. Protect - The next step in building program maturity according to NIST’s cybersecurity model is to
organize and define the defenses necessary to protect the identified critical pieces of your security
program.
3. Detect - This phase is probably what most organizations dive right into when it comes to cybersecurity
program management, including establishing the most effective and encompassing monitoring tools to
identify risks efficiently and effectively.
4. Respond - The fourth step to increase program maturity according to NISTs cybersecurity model is to
tackle the threats to your organization. This is more than just patching your network, but means proper
containment of the impact of malicious activity.
5. Recover - Just as detection and remediation are important to program maturity, having it in your
management process to schedule time to recover and reflect on damages will allow for real program
improvements and better protection of your network in the future.
The NIST cybersecurity model acknowledges the current practices most organizations use to protect their
network. Instead of starting new, it guides organizations to better use what they’re already doing and add in
the right steps to reach program maturity.
ISO 27000
ISO 27000 is an international standard, created by the Internal Organization for Standardization (ISO) to
highlight best practices for information security management systems. This cybersecurity model is more
popular among organizations in the European Union, and focuses attention on the three main areas of a
mature cybersecurity management program: people, processes, and technology. The recommendations of the
ISO 27000 cybersecurity model is broken down into the following areas for security managers to use best
practices to reach program maturity:
● Security risk assessment
● Security policy
● Asset management
● Human resources security
● Physical and environmental security
● Communications and operations management
● Access control
● Information systems acquisition, development, and maintenance
● Information security incident management
● Business continuity management
Similarly to the NIST framework, ISO 27000 guides organizations beyond the typical cybersecurity
management practices to include greater information security standards and protections. ISO 27000 includes
management of critical physical and operational security measures, and is broken down into ISO 27000 Series
to get more specific into the actual implementation and design of this cybersecurity model.
CIS 20
The final cybersecurity model many organizations follow to reach program maturity is the CIS 20. Designed by
the Center for Internet Security after the US defense industry experienced a data breach in 2008, the CIS 20 is
a series of 20 controls deemed critical to protect an organization’s network from expansive cyber attacks.
The CIS 20 is broken down into 3 main categories of controls:
1. Basic Controls (like inventory control, continuous vulnerability management, and controlled employee
privileges)
2. Foundational Controls (like malware defenses, data protection, or wireless access controls)
3. Organizational Controls (like training programs and creation of incident response teams)
Major types of cyberattacks
Cyberattacks can have motives other than financial gain. Some cyberattacks focus on destroying or gaining
access to critical data.
Organizations and individuals face the following types of typical cyberattacks:
1. Malware
Cyberattackers use harmful software such as spyware, viruses, ransomware, and worms known as malware to
access your system's data. When you click on a malicious attachment or link, the malware can install itself and
become active on your device.
2. Phishing
Phishing attacks rely on communication methods like email to convince you to open the message and follow
the instructions inside. If you follow the attackers’ instructions, they gain access to personal data, such as
credit cards, and can install malware on your device.
3. Spoofing
Cyber attackers will sometimes imitate people or companies to trick you into giving up personal information.
This can happen in different ways. A common spoofing strategy involves using a fake caller ID, where the
person receiving the call doesn’t see that the number is falsified. Other spoofing methods include subverting
facial recognition systems, using a fake domain name, or creating a fake website.
4. Backdoor Trojan
Backdoor Trojan attacks involve malicious programs that can deceptively install malware or data and open up
what’s referred to as the “backdoor” to your computer system. When attackers gain access to the backdoor,
they can hijack the device without it being known to the user.
5. Ransomware
Ransomware is malicious software that cyberattackers can install on your device, allowing them to block your
access until you pay the attackers a ransom. However, paying the ransom doesn’t guarantee the removal of
the software, so experts often advise individuals not to pay the ransom if possible.

6. Password attacks
Password attacks can be as simple as someone correctly guessing your password or other methods such as
keylogging, where attackers can monitor the information you type and then identify passwords. An attacker
can also use the aforementioned phishing approach to masquerade as a trusted site and try to fool you into
revealing your account credentials.
7. Internet of Things attack
Communication channels between connected IoT components can be susceptible to cyberattacks and the
applications and software found on IoT devices. Since IoT devices are in connection with one another through
the internet and may have limited security features, there is a larger attack surface that attackers can target.
8. Cryptojacking
Cryptojacking involves gaining unauthorized use of a computer system, usually through malware that allows
the attacker to use the computer's resources for mining cryptocurrency. Mining cryptocurrency can come with
significant operational costs, so cryptojacking provides attackers with a way to avoid these expenses.
9. Drive-by download
Drive-by download attacks occur when you download malicious code to your device through an app, website,
or operating system with flawed security systems. This means you could do nothing wrong and still be a victim
of a drive-by download since it can occur due to a lack of security measures on a site you believe to be safe.
10. Denial-of-service attack
A denial-of-service attack causes an entire device or operating system to shut down by overwhelming it with
traffic, causing it to crash. Attackers don’t often use this method to steal information. Instead, it costs the
victim time and money to get their systems up and running again. Cybercriminals typically use this method
when the target is a trade organization or government entity.
Hacking organizations
1. Anonymous
2. Lizard Squad
3. APT28 (Fancy Bear)
4. Lazarus Group
5. Equation Group
6. Shadow Brokers
7. APT1 (Comment Crew)
8. Syrian Electronic Army (SEA)
9. Carbanak (Anunak)
10. DarkHotel
 ● Anonymous, originating in 2003, Anonymous was created as a group for people who fought for the
right to privacy.
● Anonymous Sudan, a hacktivist group that claims to act against anti-Muslim activities, but allegedly
is Russian backed and neither linked to Sudan nor Anonymous.
● Bangladesh Black Hat Hackers, founded in 2012.
● Chaos Computer Club (CCC), founded in 1981, it is Europe's largest association of hackers with
7,700 registered members.
● Conti one of the most prolific ransomware groups of 2021, according to the FBI.[1]
● Cozy Bear, a Russian hacker group believed to be associated with one or more intelligence agencies
of Russia.
● Croatian Revolution Hackers, a now-defunct group of Croatian hackers credited with one of the
largest attacks to have occurred in the Balkans.
● Cult of the Dead Cow, also known as cDc or cDc Communications, is a computer hacker and DIY
media organization founded in 1984 in Lubbock, Texas.
● Cyber Partisans, a Belarusian hacktivist group that emerged in 2020, that performed attacks on the
Belarusian government and governmental agencies.
● DarkSide, a cybercriminal hacking group, believed to be based in Eastern Europe, that targets
victims using ransomware and extortion.
● DCLeaks, claims to be a group of "American hacktivists (though indicted individuals were found to
be in Russia) who respect and appreciate freedom of speech, human rights and government of the
people."
● Decocidio is an anonymous, autonomous collective of hacktivists who are part of Earth First!, a
radical environmental protest organization, and adheres to Climate Justice Action.
● Derp, a hacker group that attacked several game sites in late 2013.

Internet Security Threats:

There are several types of threats on the internet, including:
1. Malware: Malware is malicious software that is designed to disrupt or damage computer systems.
It includes viruses, worms, Trojan horses, ransomware, and spyware.
2. Phishing: Phishing is a tactic used by cybercriminals to steal personal information, such as
usernames, passwords, and credit card numbers. This is often done by sending emails or messages
that appear to be from a legitimate source, but are actually designed to trick the recipient into
giving up their information.
3. Hacking: Hacking involves gaining unauthorized access to a computer system or network. This can
be done through exploiting vulnerabilities in software or using social engineering tactics to trick
users into giving up their login credentials.
4. Denial of Service (DoS) attacks: A DoS attack is designed to overwhelm a computer system or
network with traffic, making it unable to function properly. This can be done by sending a large
number of requests to a server, or by flooding a network with traffic.
5. Social engineering: Social engineering is the use of psychological manipulation to trick users into
giving up their personal information. This can include tactics such as phishing, pretexting, and
baiting.
6. Botnets: A botnet is a network of compromised computers that can be used to carry out various
malicious activities, such as DDoS attacks, spamming, and stealing personal information.
 7. Insider threats: Insider threats involve individuals within an organization who use their access to
confidential information for malicious purposes, such as stealing data or causing damage to the
network.

The Cyber Kill Chain

The cyber kill chain is a series of steps that trace stages of a cyberattack from the early reconnaissance stages
to the exfiltration of data. The kill chain helps us understand and combat ransomware, security breaches, and
advanced persistent attacks (APTs).
Lockheed Martin derived the kill chain framework from a military model – originally established to identify,
prepare to attack, engage, and destroy the target.
How the Cyber Kill Chain Works
There are several core stages in the cyber kill chain. They range from reconnaissance (often the first stage in a
malware attack) to lateral movement (moving laterally throughout the network to get access to more data) to
data exfiltration (getting the data out). All of your common attack vectors – whether phishing or brute force
or the latest strain of malware – trigger activity on the cyber kill chain.
Each stage is related to a certain type of activity in a cyber attack, regardless of whether it’s an internal or
external attack:
Each phase of the kill chain is an opportunity to stop a cyberattack in progress: with the right tools to detect
and recognize the behavior of each stage, you’re able to better defend against a systems or data breach.
Reconnaissance
In every heist, you’ve got to scope the joint first. Same principle applies in a cyber-heist: it’s the preliminary
step of an attack, the information gathering mission. During reconnaissance, an attacker is seeking
information that might reveal vulnerabilities and weak points in the system. Firewalls, intrusion prevention
systems, perimeter security – these days, even social media accounts – get ID’d and investigated.
Reconnaissance tools scan corporate networks to search for points of entry and vulnerabilities to be exploited.
Intrusion
Once you’ve got the intel, it’s time to break in. Intrusion is when the attack becomes active: attackers can send
malware – including ransomware, spyware, and adware – to the system to gain entry. This is the delivery
phase: it could be delivered by phishing email, it might be a compromised website or that really great coffee
shop down the street with free, hacker-prone wifi. Intrusion is the point of entry for an attack, getting the
attackers inside.
Exploitation
You’re inside the door, and the perimeter is breached. The exploitation stage of the attack…well, exploits the
system, for lack of a better term. Attackers can now get into the system and install additional tools, modify
security certificates and create new script files for nefarious purposes.
Privilege Escalation
What’s the point of getting in the building, if you’re stuck in the lobby? Attackers use privilege escalation to
get elevated access to resources. Privilege escalation techniques often include brute force attacks, preying on
password vulnerabilities, and exploiting zero day vulnerabilities. They’ll modify GPO security settings,
configuration files, change permissions, and try to extract credentials.
Lateral Movement
You’ve got the run of the place, but you still need to find the vault. Attackers will move from system to system,
in a lateral movement, to gain more access and find more assets. It’s also an advanced data discovery mission,
where attackers seek out critical data and sensitive information, admin access and email servers – often using
the same resources as IT and leveraging built-in tools like PowerShell – and position themselves to do the
most damage.
Obfuscation (anti-forensics)
Put the security cameras on a loop and show an empty elevator so nobody sees what’s happening behind the
scenes. Cyber-attackers do the same thing: conceal their presence and mask activity to avoid detection and
thwart the inevitable investigation. This might mean wiping files and metadata, overwriting data with false
timestamps (timestomping) and misleading information, or modifying critical information so that it looks like
the data was never touched.
Denial of Service
Jam the phone lines and shut down the power grid. Here’s where the attackers target the network and data
infrastructure, so that the legitimate users can’t get what they need. The denial of service (DoS) attack
disrupts and suspends access, and could crash systems and flood services.
Exfiltration
Always have an exit strategy. The attackers get the data: they’ll copy, transfer, or move sensitive data to a
controlled location, where they do with the data what they will. Ransom it, sell it on ebay, send it to wikileaks.
It can take days to get all of the data out, but once it’s out, it’s in their control.

Cyber Warfare
Cyber warfare is usually defined as a cyber attack or series of attacks that target a country. It has the potential
to wreak havoc on government and civilian infrastructure and disrupt critical systems, resulting in damage to
the state and even loss of life.
There is, however, a debate among cyber security experts as to what kind of activity constitutes cyber warfare.
The US Department of Defense (DoD) recognizes the threat to national security posed by the malicious use of
the Internet but doesn’t provide a clearer definition of cyber warfare. Some consider cyber warfare to be a
cyber attack that can result in death.
Cyber warfare typically involves a nation-state perpetrating cyber attacks on another, but in some cases, the
attacks are carried out by terrorist organizations or non-state actors seeking to further the goal of a hostile
nation. There are several examples of alleged cyber warfare in recent history, but there is no universal, formal,
definition for how a cyber attack may constitute an act of war.
7 Types of Cyber Warfare Attacks
Espionage
Refers to monitoring other countries to steal secrets. In cyber warfare, this can involve using botnets or spear
phishing attacks to compromise sensitive computer systems before exfiltrating sensitive information.
Sabotage
Government organizations must determine sensitive information and the risks if it is compromised. Hostile
governments or terrorists may steal information, destroy it, or leverage insider threats such as dissatisfied or
careless employees, or government employees with affiliation to the attacking country.
Denial-of-service (DoS) Attacks
DoS attacks prevent legitimate users from accessing a website by flooding it with fake requests and forcing the
website to handle these requests. This type of attack can be used to disrupt critical operations and systems
and block access to sensitive websites by civilians, military and security personnel, or research bodies.
Electrical Power Grid
Attacking the power grid allows attackers to disable critical systems, disrupt infrastructure, and potentially
result in bodily harm. Attacks on the power grid can also disrupt communications and render services such as
text messages and communications unusable.
Propaganda Attacks
Attempts to control the minds and thoughts of people living in or fighting for a target country. Propaganda can
be used to expose embarrassing truths, spread lies to make people lose trust in their country, or side with
their enemies.
Economic Disruption
Most modern economic systems operate using computers. Attackers can target computer networks of
economic establishments such as stock markets, payment systems, and banks to steal money or block people
from accessing the funds they need.
Surprise Attacks
These are the cyber equivalent of attacks like Pearl Harbor and 9/11. The point is to carry out a massive attack
that the enemy isn’t expecting, enabling the attacker to weaken their defenses. This can be done to prepare
the ground for a physical attack in the context of hybrid warfare.

Examples of Cyber Warfare Operations

Here are several well-publicized examples of cyber warfare in recent times.
Stuxnet Virus
Stuxnet was a worm that attacked the Iranian nuclear program. It is among the most sophisticated cyber
attacks in history. The malware spread via infected Universal Serial Bus devices and targeted data acquisition
and supervisory control systems. According to most reports, the attack seriously damaged Iran’s ability to
manufacture nuclear weapons.
Sony Pictures Hack
An attack on Sony Pictures followed the release of the film “The Interview”, which presented a negative
portrayal of Kim Jong Un. The attack is attributed to North Korean government hackers. The FBI found
similarities to previous malware attacks by North Koreans, including code, encryption algorithms, and data
deletion mechanisms.
Bronze Soldier
In 2007, Estonia relocated a statue associated with the Soviet Union, the Bronze Soldier, from the center of its
capital Tallinn to a military cemetery near the city. Estonia suffered a number of significant cyber attacks in the
following months. Estonian government websites, media outlets, and banks were overloaded with traffic in
massive denial of service (DoS) attacks and consequently were taken offline.
Fancy Bear
CrowdStrike claims that the Russian organized cybercrime group Fancy Bear targeted Ukrainian rocket forces
and artillery between 2014 and 2016. The malware was spread via an infected Android application used by the
D-30 Howitzer artillery unit to manage targeting data.
Ukrainian officers made wide use of the app, which contained the X-Agent spyware. This is considered to be a
highly successful attack, resulting in the destruction of over 80% of Ukraine’s D-30 Howitzers.
Enemies of Qatar
Elliott Broidy, an American Republican fundraiser, sued the government of Qatar in 2018, accusing it of
stealing and leaking his emails in an attempt to discredit him. The Qataris allegedly saw him as an obstacle to
improving their standing in Washington.
According to the lawsuit, the brother of the Qatari Emir was alleged to have orchestrated a cyber warfare
campaign, along with others in Qatari leadership. 1,200 people were targeted by the same attackers, with
many of these being known “enemies of Qatar”, including senior officials from Egypt, Saudi Arabia, the United
Arab Emirates, and Bahrain.

Social engineering
Social engineering is the term used for a broad range of malicious activities accomplished through human
interactions. It uses psychological manipulation to trick users into making security mistakes or giving away
sensitive information.
Social engineering attacks happen in one or more steps. A perpetrator first investigates the intended victim to
gather necessary background information, such as potential points of entry and weak security protocols,
needed to proceed with the attack. Then, the attacker moves to gain the victim’s trust and provide stimuli for
subsequent actions that break security practices, such as revealing sensitive information or granting access to
critical resources.

Social engineering prevention

Social engineers manipulate human feelings, such as curiosity or fear, to carry out schemes and draw victims
into their traps. Therefore, be wary whenever you feel alarmed by an email, attracted to an offer displayed on
a website, or when you come across stray digital media lying about. Being alert can help you protect yourself
against most social engineering attacks taking place in the digital realm.
Moreover, the following tips can help improve your vigilance in relation to social engineering hacks.
 Don’t open emails and attachments from suspicious sources – If you don’t know the sender in
question, you don’t need to answer an email. Even if you do know them and are suspicious about their
message, cross-check and confirm the news from other sources, such as via telephone or directly from
a service provider’s site. Remember that email addresses are spoofed all of the time; even an email
purportedly coming from a trusted source may have actually been initiated by an attacker.
Use multifactor authentication – One of the most valuable pieces of information attackers seek are
user credentials. Using multi factor authentication helps ensure your account’s protection in the event
of system compromise. Imperva Login Protect is an easy-to-deploy 2FA solution that can increase
account security for your applications.
Be wary of tempting offers – If an offer sounds too enticing, think twice before accepting it as fact.
Googling the topic can help you quickly determine whether you’re dealing with a legitimate offer or a
trap.
Keep your antivirus/antimalware software updated – Make sure automatic updates are engaged, or
make it a habit to download the latest signatures first thing each day. Periodically check to make sure
that the updates have been applied, and scan your system for possible infections.

Threat protection
Whether your business operates data centers around the globe or in the cloud, engages customers over the
web, or supports an increasingly mobile workforce, you rely on the internet to connect people, applications,
and user experiences. Superior threat protection solutions are critical in a business landscape where security
threats are constantly evolving and requirements are continually changing.

Threat protection with Akamai

Akamai’s portfolio of cybersecurity solutions keeps your IT environment safe from cyberthreats — without
compromising on performance.