Introduction to Cyber Security

Cyber Security refers to the process of protecting computers, mobile devices, networks,
data, and online systems from unauthorized access, attacks, or damage. In today’s digital
world, almost all activities—banking, shopping, communication, government services,
education, and business—depend on the internet. As technology has grown, the number of
cyber-attacks has also increased. Therefore, cyber security has become a very important field
for individuals, companies, and governments..

Cyber Security is extremely important in today’s digital world because most personal,
business, and government activities are done online. Every day huge amounts of data such as
passwords, bank details, personal identity, business secrets, and government information are
stored on computers and the internet. If this information is not protected, hackers can steal,
misuse, or destroy it. This is why cyber security plays a major role in ensuring safety.

Importance of Cyber Security:

1. Protects Sensitive Data: Secures personal information, financial details, and business
records from unauthorized access.
2. Prevents Financial Loss: Cyber-attacks like ransomware and fraud can cause huge
money loss; security reduces these risks.
3. Maintains Privacy: Ensures that personal information remains private and safe.
4. Ensures Business Continuity: Protects companies from system failures and keeps their
services running smoothly.
5. Builds Trust: Customers trust organizations that protect their data properly.
6. Protects National Security: Government systems, military data, and critical
infrastructure depend on strong cyber security.

Even though cyber security is important, it faces many challenges.

Challenges in Cyber Security:

1. Increasing Number of Attacks: Hackers are becoming smarter and using advanced
tools.
2. New Threats Every Day: Malware, phishing, ransomware, and social engineering
attacks keep changing.
3. Lack of Awareness: Many users do not follow simple safety practices like strong
passwords and safe browsing.
4. Shortage of Skilled Professionals: There are fewer trained cyber security experts
compared to the growing demand.
5. Complex and Large Networks: Big organizations have huge systems that are difficult
to secure completely.
6. Insider Threats: Employees or internal users can misuse data intentionally or by
mistake.
7. Cost of Security Tools: Advanced security solutions are expensive for small
businesses.
Cyberspace is the virtual world created by computers, the internet, mobile phones, networks,
and online services. It is not a physical place; it is a digital environment where people communicate,
share information, shop, study, and work. Examples of cyberspace include websites, emails, social
media, online banking, cloud storage, and apps. Cyberspace connects millions of devices worldwide.
This makes life easy but also creates risks like hacking, cyber fraud, fake news, data theft, and
cyberbullying. Therefore, cyberspace must be protected with strong laws, cyber security policies,
awareness programs, and secure technologies.

Cyber Threats
Cyber threats are dangers or harmful activities that try to damage systems or steal data. These threats
target individuals, companies, or governments to create trouble or gain financial benefits.

Types of Cyber Threats:

 Malware: harmful software like viruses, worms, trojans.

 Phishing: fake messages or emails to steal passwords.
 Ransomware: locks your data and demands money.
 DDoS Attack: overloads a system so it stops working.
 Password Attacks: trying to guess or crack passwords.
 Insider Threats: misuse by employees.

1. Malware

 Harmful software created to damage systems or steal data.

 Includes viruses, worms, trojans, spyware, adware.
 Spreads through downloads, infected files, USBs, or websites.
 Can slow systems, delete files, or steal personal information.
 Requires antivirus and safe browsing habits to prevent.

2. Phishing

 Fake emails, messages, or websites used to steal login details.

 Looks like real bank or company messages.
 Tricks users into clicking links or giving passwords.
 Often leads to identity theft or financial loss.
 Prevention: check sender, avoid unknown links, use 2FA.

3. Ransomware

 Malware that locks or encrypts your data.

 Demands money (ransom) to unlock files.
 Spreads through email attachments or unsafe downloads.
 Causes major data loss in companies and hospitals.
 Backup data and avoid suspicious files to stay safe.
4. DDoS Attack (Distributed Denial of Service)

 Attackers overload a website or server with traffic.

 Makes the service slow or completely unavailable.
 Uses many infected computers (botnets).
 Targets banks, gaming sites, companies.
 Protection: firewalls, traffic filtering, strong network security.

5. Password Attacks

 Attempts to guess or crack passwords.

 Common methods: brute force, dictionary attack, keylogging.
 Used to access accounts without permission.
 Weak passwords are easily cracked.
 Use strong passwords + 2FA to prevent attacks.

6. Insider Threats

 Security risk caused by employees or trusted users.

 They misuse access to steal or leak data.
 May be intentional (malicious) or accidental.
 Hard to detect because they already have permission.
 Need monitoring, strict access control, awareness training.

Cyber threats can cause data loss, money loss, reputation damage, and system breakdowns.
That’s why cyber security is needed everywhere.

Cyber Warfare

Cyber warfare is the use of digital attacks by one country to damage another country’s systems.
Instead of physical war with weapons, cyber warfare uses computers to attack defense networks,
power grids, communication, banking systems, and government websites.

Countries use cyber warfare to steal secret information, spread confusion, shut down services, or
weaken the enemy. These attacks are dangerous because they are silent, fast, and difficult to
trace. Proper cyber defense systems and trained cyber armies are required to protect nations.

The CIA Triad is the most important model in cyber security. It has three parts:
1. Confidentiality: Only authorized people can access the data.
2. Integrity: Information should not be changed or corrupted.
3. Availability: Data and systems must be available whenever needed.

All security policies, tools, and methods are designed based on the CIA Triad. It ensures safe
data flow, correct
4. CIA Triadinformation, and uninterrupted services
5. Cyber Terrorism

Cyber terrorism means using the internet and computers to create fear, chaos, or destruction for
political, religious, or extremist purposes. Terrorists target power stations, hospitals, military
networks, transport systems, and public websites to cause panic.

Cyber terrorists may also spread false information, leak sensitive data, or attack critical services.
These attacks can harm national security, public safety, and the economy. Governments use cyber
laws, intelligence, monitoring systems, and strong security to fight cyber terrorism.

6. Cyber Security of Critical Infrastructure –

Critical infrastructure includes essential systems such as electricity, water supply, transportation,
healthcare, communication, and banking. If these systems stop working, the entire country suffers.
Because these systems are connected to networks, they are targeted by hackers.

Cyber security protects critical infrastructure by using monitoring tools, firewalls, backup systems,
encryption, and emergency recovery plans. Governments set strict rules to protect these systems. A
secure infrastructure ensures public safety and smooth operation of the nation.

7. Cyber Security – Organizational Implications

Organizations depend on digital systems for daily operations. Cyber attacks can cause huge
financial loss, data breaches, downtime, and damage to reputation. Therefore, companies must
implement strong cyber security.

Organizations need security policies, regular software updates, employee training, access controls,
and backup plans. They must follow legal rules like IT Act, privacy laws, and security standards.
Good cyber security improves customer trust, protects data, and ensures smooth business
operations.

 Financial Losses

Cyber-attacks can cause huge monetary losses due to data theft, fraud, system downtime, and
recovery costs.

When an organization is hacked, customers lose trust, affecting brand image and future business.

 Legal and Compliance Issues

Organizations must follow cybersecurity laws and data protection rules; failure leads to penalties
and legal actions.

 Operational Disruption

Attacks.like ransomware
Damage or DDoS can shut down operations, stopping services and production.
to Reputation

 Need for Strong Security Policies :Organizations must create cyber policies, employee
training, backups, and incident response plans to stay protected.
Hackers and Cyber Crimes – Types of Hackers
A hacker is a person who uses computer skills to access systems or networks without permission.
Hacking can be done for good purposes or for harmful activities. Cyber crimes are illegal
activities performed using computers, networks, or the internet. Understanding the types of
hackers helps in identifying the nature of attacks and preventing cyber crimes.

Hackers are mainly classified by their intent, meaning why they hack. Some hackers help
improve security, while others try to steal data or cause damage. The major types of hackers are:

1. White Hat Hackers (Ethical Hackers)

These are good hackers who help organizations find weaknesses in their systems. They hack
legally with permission. Their goal is to improve security. Companies hire them for penetration
testing.

2. Black Hat Hackers (Malicious Hackers)

These are bad hackers who break into systems to steal data, damage networks, or make money
illegally. They perform cyber crimes like identity theft, ransomware attacks, online fraud, and
data breaches.

3. Grey Hat Hackers

They are in-between white hat and black hat. They hack systems without permission but do not
cause serious harm. Sometimes they report the weaknesses but still break rules.

4. Script Kiddies

These are beginner hackers who do not have advanced knowledge. They use ready-made tools
and scripts created by other hackers to attack systems. Their intention is mostly fun or to show
off.

5. Hacktivists

These hackers attack systems for social, religious, or political reasons. Their purpose is to
spread a message or protest against an organization or government.

7. State-Sponsored / Government Hackers

These hackers work for a country’s government. Their aim is to spy on other nations, steal
confidential data, or conduct cyber warfare.

⭐ Hackers and Crackers –

Hackers and Crackers –
2
In the world of computers and cyber security, the terms hackers and crackers are often used.
Even though people think both are the same, they are actually different based on their purpose and
behaviour. Both use computer skills, but one uses them for good and the other for bad activities.

⭐Hackers

A hacker is a skilled computer expert who understands programming, networks, and operating
systems deeply. Hackers explore systems mainly to improve security or to study how they work.
Many hackers help organizations to find weaknesses in their systems before real criminals can
misuse them.

✔Types of Hackers:

1. White Hat Hackers:

Also known as ethical hackers. They work legally with permission to test systems and find
vulnerabilities.
2. Grey Hat Hackers:
They break into systems without permission but usually do not cause serious harm. They
work between good and bad intentions.
3. Black Hat Hackers:
These hackers enter systems illegally to steal data, damage systems, or earn money. They
knowingly break laws and cause cyber crimes.

Hackers mainly focus on learning, problem-solving, and strengthening security.

⭐Crackers

Crackers are malicious users who break into systems to cause harm. Unlike hackers, the main
goal of a cracker is to destroy, steal, or misuse data. Crackers break passwords, bypass software
protections, disable security systems, and damage networks. They often perform illegal activities
for money, revenge, or personal gain.

✔Common Activities of Crackers:

 Breaking software licenses (pirated software)

 Removing copy protection
 Cracking passwords
 Creating viruses and malware
 Damaging websites or servers
 Stealing credit card or banking information

⭐Difference
Crackers are considered the real
Between cyber criminals
Hackers because
and Crackers their
(Key actions directly harm individuals,
Points)
companies, and governments.
1. Cyber-Attacks and Vulnerabilities
Cyber-attacks are deliberate attempts made by hackers or cybercriminals to break into computer
systems, networks, or applications with the intention of stealing information, damaging data,
disturbing operations, or gaining unauthorized access. In today’s digital world, cyber-attacks have
become very common because everything is connected to the internet—banking, government
services, education, business, health, communication, and even daily life activities. When attackers
find any weakness, they exploit it to gain control over systems. These weaknesses are known as
vulnerabilities.

A vulnerability is any flaw or loophole in a system that allows an attacker to break through the
security and perform malicious actions. Vulnerabilities can exist in software, hardware, networks,
passwords, configurations, or even human behavior. For example, outdated software might have
bugs that hackers can exploit, a weak password like "12345" can be easily cracked, or a
misconfigured firewall may leave systems open to attack. Attackers scan systems to find such
vulnerabilities, and once they find them, they launch cyber-attacks.

To prevent cyber-attacks, organizations implement security measures such as firewalls, antivirus

software, intrusion detection systems, strong encryption, multifactor authentication, regular software
updates, and strict cybersecurity policies. Training employees about safe online behavior is also
essential because humans are often the easiest target.

2. Malware Threats

Malware, short for “malicious software,” refers to any harmful program designed to enter a system
without permission and perform unwanted activities. Malware threats are among the most common
and dangerous cyber risks today because they can steal data, damage systems, disable security, and
give hackers full control over devices. Malware can enter through infected email attachments, unsafe
downloads, malicious websites, USB drives, or social engineering tricks.

There are many types of malware. Viruses , Worms ,Trojans ,Ransomware ,Spyware ,Adware.
,Rootkits

The primary goal of malware is to harm, steal, or take control. Some malware steals passwords,
banking information, or personal identity data. Others destroy files or slow down the computer’s
performance. Some malware allows remote attackers to access the device anytime, acting like a
secret backdoor. Ransomware is especially dangerous because it can lock important hospital files,
government data, or business documents, stopping operations completely.

Sniffing is a cyber-attack method where the attacker captures and monitors data traveling over a
network. Every time you send information—like passwords, messages, emails, or credit card
details—it travels through network cables or Wi-Fi signals in the form of data packets. Sniffing tools
allow hackers to “listen” to these packets and steal important information [Link] can be
passive or active. In passive sniffing, the attacker simply listens and captures data without
interfering in the communication. It is very hard to detect because no changes are made in the
[Link] active sniffing, the attacker manipulates the network traffic using techniques like ARP
3. Sniffing
poisoning or MAC spoofing to redirect packets through their device.
4. Gaining Access

Gaining access is the phase in a cyber-attack where the attacker successfully enters a system,
application, or network. Before this step, attackers usually perform scanning and enumeration to
find vulnerabilities. Once they identify weaknesses, they attempt different techniques to break in.

Attackers use methods like password cracking (using tools to guess passwords), exploiting
software vulnerabilities, social engineering tricks, fake login pages, and brute-force attacks. If a
system has weak or default passwords like “admin123,” attackers can easily gain access. They
may also exploit bugs in operating systems or applications that allow unauthorized entry.

5. Escalating Privileges

Privilege escalation occurs when an attacker who has gained basic access to a system tries to get
higher-level permissions such as administrator or root access. With admin privileges, attackers can
do anything—install programs, delete files, change security settings, and hide their presence.

There are two types: vertical and horizontal. Vertical escalation is when a normal user account
becomes an admin. Horizontal escalation is when the attacker moves from one user’s account to
another with higher privileges.

To prevent privilege escalation, organizations should limit admin accounts, apply the principle of
least privilege, update systems regularly, and use monitoring tools to detect unusual behavior.

6. Executing Applications

Once attackers gain high-level access, they begin executing applications or scripts to perform
malicious actions. These applications include keyloggers (to record keystrokes), malware
installers, ransomware scripts, and remote access programs.

Attackers use command-line tools, scripts, or pre-compiled programs to perform tasks like
downloading files, scanning the system, or disabling security. They may use PowerShell, Bash, or
Python scripts to automate malicious activity.

Execution allows attackers to steal data, spy on users, and maintain long-term access. Detecting
unauthorized application execution requires strong endpoint protection, application whitelisting,
and security monitoring.

7. Hiding Files

To continue using the system without being caught, attackers hide their files using high-level
techniques. They rename malicious files to look like system files, store them deep inside system
directories, or use rootkits that hide files from the operating system itself.

File hiding is important because it prevents antivirus software from detecting malicious
components. Attackers modify file attributes, use encryption, or store malware inside legitimate-
looking files. Some advanced malware even removes its own traces after execution
8. Covering Tracks

Covering tracks means removing all signs of the attack. Hackers delete logs, clear command
history, remove temporary files, and erase malware evidence. They may use tools to wipe logs or
modify them to make everything appear normal.

Covering tracks helps attackers escape detection and maintain long-term access. It also makes
forensic investigations difficult. To defend against this, organizations use secure logs, centralized
logging servers, and monitoring tools that detect suspicious behavior.

9. Worms
A worm is a self-spreading malware that moves across networks without human action. Worms
exploit vulnerabilities in operating systems or applications. Once inside one computer, the worm
scans the network for more devices and infects them automatically.

Worms consume resources, slow down networks, and can deliver payloads that steal data or install
backdoors.

Famous worms like WannaCry caused global damage by exploiting unpatched systems.

To prevent worms, systems must be updated regularly, firewalls must be used, and network traffic
should be monitored. Worms spread rapidly, so detecting them early is important.

10. Trojans
A Trojan appears to be a useful program but contains hidden malicious code. Users install it
thinking it is safe, but once executed, it performs harmful actions. Trojans are used to steal
information, control systems, install malware, or create backdoors.

Common Trojan examples include fake games, fake antivirus programs, fake banking apps, or
cracked software downloads. Trojans cannot spread themselves; they rely on users installing them.
Attackers often combine Trojans with phishing techniques to trick users.

Using verified software sources, scanning downloads, and avoiding unknown attachments helps
prevent Trojan infections.

A virus attaches itself to clean files and spreads when that file is opened. It needs human action,
such as running a program or opening a document. Viruses corrupt files, slow down systems, and
replicate across devices through file transfer.

Viruses can display messages, destroy data, modify system behavior, and spread through USB
drives, emails, or infected applications. Some viruses are harmless pranks, while others are highly
destructive.
11. Viruses
To prevent viruses, users must use antivirus software, avoid pirated applications, and keep systems
updated.
12. Backdoors

A backdoor is a hidden entry point created by attackers to re-enter a system

anytime without authentication. Once installed, a backdoor gives complete remote
control to the attacker. They can upload files, steal data, run commands, or install
additional malware.

Backdoors are often installed through Trojans, worms, or privilege escalation.

They are difficult to detect because they are designed to hide. Advanced
backdoors encrypt their communication and use legitimate-looking processes to
avoid detection.
Ethical Hacking – Concepts
3
1. Authorized Hacking
o Ethical hacking is hacking done with permission to find weaknesses.
2. Identify Security Weaknesses
o Aim is to detect vulnerabilities before real attackers use them.
3. Uses Same Tools as Hackers
o Ethical hackers use scanning tools, penetration tests, and attack methods like real
hackers—but for good purposes.
4. Protects Systems and Data
o Helps strengthen network, applications, servers, and data security.
5. Follows Legal and Professional Rules
o Must follow laws, company policies, and never harm systems.

Ethical Hacking – Scope (Short Notes)

1. Network Security Testing

o Checking routers, firewalls, Wi-Fi, servers for weaknesses.
2. Web Application Testing
o Finding bugs in websites like SQL injection, XSS, broken authentication.
3. Wireless Security
o Testing Wi-Fi encryption, passwords, and unauthorized access.
4. Social Engineering Tests
o Checking if employees can be tricked via phishing, fake calls, etc.
5. Risk Assessment & Reporting
o Preparing reports on security gaps and giving suggestions to fix them.
Threats and Attack Vectors
1. Meaning of Threats

 A threat is any potential danger that can damage an organization's data, systems, network,
or operations.
 It may come from hackers, malware, employees, or even natural disasters.
 Threats reduce security and can cause data loss, financial loss, or service downtime.

2. Types of Threats

a) Technical Threats

 Malware, ransomware, viruses, worms, trojans, rootkits.

 Targets computers, servers, and data.

b) Human Threats

 Social engineering, phishing, insider misuse, weak passwords.

 Happens due to mistakes or deliberate actions of people.

c) Physical Threats

 Theft of devices, hardware damage, fire, flood, power failure.

 Affects availability of systems.

d) Network Threats

 DDoS attacks, Man-in-the-Middle attacks, network sniffing, packet injection.

3. Meaning of Attack Vectors

 An attack vector is the route or method used by attackers to enter or exploit a system.
 It is like the “pathway” that allows the hacker to perform an attack.
 Understanding attack vectors helps organizations block the entry points.

4. Types of Attack Vectors

a) Phishing & Social Engineering : Fake emails/messages used to trick users into giving
passwords or clicking malicious links.

b) Malware Infected Files : Users download harmful files from emails, websites, pirated
software, or USB drives.

c) Weak Passwords : Hackers use brute force, dictionary attacks, or password spraying to
guess weak passwords.
 .

d) Unpatched Systems

 Old software with vulnerabilities becomes an easy entry point for attackers.

e) Network-based Vectors

 Open ports, unsecured Wi-Fi, rogue access points, and poor firewall configuration.

f) Insider Threats

 Employees intentionally or accidentally misuse their access, causing security breaches.

5. Impact of Threats and Attack Vectors

 Data theft or data loss.

 Financial loss due to ransomware or fraud.
 Loss of customer trust and reputation.
 Service disruption or system downtime.
 Legal issues if sensitive data is leaked.

6. Prevention Measures

 Strong passwords + 2FA.

 Regular software updates and patches.
 Antivirus and firewall protection.
 Employee awareness training (phishing, social engineering).
 Secure backup and recovery plans.
Information Assurance –
Information Assurance (IA) means protecting information by ensuring it is safe, reliable, and
available at all times.

 It focuses on preventing data loss, unauthorized access, and system failures.

Key Points (Point-Wise)

1. Ensures CIA Triad

 IA protects Confidentiality (only authorized access),

 Integrity (no alteration), and
 Availability (accessible when needed).

2. Risk Management

 Identifies possible threats, vulnerabilities, and weaknesses.

 Helps organizations reduce or avoid risks that may harm data.

3. Policies and Procedures

 IA involves creating rules for handling data, passwords, backups, and network use.
 Ensures employees follow proper security practices.

4. Security Controls

 Technical controls (firewalls, encryption, antivirus).

 Administrative controls (training, access rules).
 Physical controls (locks, CCTV, restricted entry).

5. Monitoring and Detection

 IA includes monitoring systems for suspicious activity.

 Helps detect attacks like malware, unauthorized access, and data leaks.

6. Data Backup and Recovery

 Keeps backup copies of important data.

 Ensures quick recovery during failures, hacking, or disasters.

7. Compliance with Laws

 IA ensures organizations follow cybersecurity laws, standards, and industry regulations.


[Link] legal
Protects penaltiesOperations
Business and protects customer trust.
Threat Modeling is a structured approach used to find security threats and weaknesses in a
system. It helps developers and organizations understand possible attacks and plan protections early
in the design or development stage.

. Goals of Threat Modeling

 Identify who might attack (hackers, insiders).

 Understand what they want (data, system access, money).
 Find how they can attack (attack vectors).
 Build defenses to prevent damage.

3. Steps in Threat Modeling

a) Identify Assets

Determine what needs protection: data, servers, passwords, user accounts, applications.

b) Create Architecture Diagram

Visualize data flow, components, network structure, entry/exit points.

c) Identify Threats

Look for dangers like data theft, DDoS, malware, spoofing, tampering, privilege misuse.

d) Identify Vulnerabilities

Weak passwords, unpatched software, insecure APIs, open ports, poor access control.

e) Assess Risks 5. Benefits of Threat Modeling

Measure impact and likelihood.  Reduces system weaknesses early.
 Saves cost by fixing issues before deployment.
High-risk threats get priority.
 Improves overall security posture.
 Helps meet industry security standards.
f) Plan Mitigation
Protects users, data, and business operations.
Add firewalls, encryption, authentication, patches, monitoring, backup, etc.

4. Popular Threat Modeling Methods

b) DREAD c) Attack Trees
a) STRIDE (Microsoft Model)
 Shows how an
 Spoofing  Damage potential
 Reproducibility attacker can reach
 Tampering
 Exploitability the main goal using
 Repudiation
 Affected users multiple paths.
 Information Disclosure
 Denial of Service  Discoverability
 Elevation of Privilege
1. Introduction
Enterprise Information Security Architecture (EISA) is a strategic framework used by
organizations to design and manage security in a consistent, structured, and scalable manner. It
integrates security policies, processes, and technologies with overall business goals.

2. Objectives of EISA

 Provide a complete security blueprint for the organization.

 Ensure all IT systems follow the same standards and rules.
 Reduce risks and support secure business operations.
 Help meet legal and regulatory compliance.

3. Layers/Views of EISA

a) Business Architecture

 Understanding business goals, processes, and services.

b) Information Architecture

 Data flow, storage, access requirements, and data protection needs.

c) Application Architecture

 How applications operate, communicate, and enforce security.

d) Technology/Security Architecture

 Hardware, networks, operating systems, and security controls.

5. Benefits of Enterprise Information Security Architecture

 Improves security consistency across the organization.

 Reduces risks by identifying weaknesses early.
 Ensures compliance with laws (ISO, IT Act).
 Enhances decision-making for new technologies.
 Helps manage large and complex IT environments.
 Supports secure digital transformation and cloud adoption.
VAPT – :Vulnerability Assessment and Penetration Testing (VAPT) is a
critical cybersecurity process used by organizations to detect security weaknesses and test how
attackers can exploit them. It improves system security by identifying vulnerabilities before
hackers do.

2. Vulnerability Assessment (VA)

a) Definition :A systematic process of scanning systems, networks, and applications to

find security weaknesses.

b) Features

Mostly automated using tools like Nessus, OpenVAS, Nikto.

Finds misconfigurations, weak passwords, outdated software, unpatched systems.

c) Purpose

To identify all possible vulnerabilities without exploiting them.

d) Output

A list of vulnerabilities categorized into low, medium, high, and critical.

3. Penetration Testing (PT)

a) Definition :A manual + automated technique where ethical hackers exploit

vulnerabilities to check real-world attack possibilities.

b) Types Importance of VAPT

 Black Box – no internal knowledge.  Prevents cyber-attacks.

 White Box – complete internal knowledge.  Strengthens overall security
 Grey Box – partial knowledge. posture.
 Helps organizations meet
c) Methods compliance (ISO, PCI-DSS).
 Protects data, systems, and
 Network penetration testing business operations.
 Web application penetration testing  Reduces financial and
 Wireless testing reputational loss.
 Social engineering testing

d) Purpose

 To understand impact, damage level, and how deep an attacker can go.
SOCIAL ENGINEERING
 Social Engineering is the technique of manipulating people to reveal confidential
information or perform actions that harm security.
 Instead of hacking computers, the attacker hacks human psychology.
 It is one of the biggest causes of security breaches today.

Key Points (Important for Exams)

1. Human-Based Attacks

 Direct interaction with people.

 Attackers pretend to be staff, IT support, or delivery personnel.
 Example: Asking for password "to fix your computer".

2. Computer-Based Attacks

 Using digital methods to trick victims.

 Example: Fake emails, fake websites, malicious links, pop-up messages.
⭐ Prevention Methods
⭐ Impacts of Social Engineering
 Awareness training for employees.
 Theft of personal data and passwords.  Do not share passwords or OTPs.
 Financial loss, fraud, unauthorized access.  Verify identity of callers/visitors.
 Malware infection and data breaches.  Use strong authentication (2FA).
 Damage to organization's reputation.  Report suspicious emails and links.
 Implement strict physical security.
2. Targets of Social Engineering

1. Employees

Staff members with access to systems and data.,Attackers trick them through emails, calls, fake
links.

2. High-Level Executives (CEO, CFO, Managers)

 Targeted for high-impact attacks such as CEO Fraud or Business Email Compromise.
 They have financial authority and sensitive information.

3. IT & Technical Staff

They have admin privileges.,If tricked, hackers gain full system access.

4. Customers / General Public

Targeted through phishing, fake messages, lottery scams, online frauds.

5. System Vulnerable Points

Types of Social Engineering
Social engineering is the technique of manipulating people to reveal confidential information or
perform actions that help attackers. Instead of hacking computers, attackers hack humans.

1. Phishing
 Most common social engineering attack.
 Fake emails, messages, or links are sent to trick users into giving passwords, OTPs, or
financial details.
 Looks like it is from a trusted source (bank, company, or friend).
 Example: “Your account will be blocked. Click this link.”

2. Spear Phishing
 A targeted form of phishing.
 Attacker chooses a specific person (employee, manager) and sends a personalized message.
 Uses personal details to appear more convincing.
 Higher success rate because the message looks real.

3. Whaling
 Phishing attack on high-profile targets like CEOs, Directors, Senior Managers.
 Attackers pretend to be executives or government officials.
 Aim: steal confidential data or approve financial transactions.

4. Vishing (Voice Phishing)

 Done through phone calls.
 Attackers pretend to be bank representatives, government officers, or customer care.
 Aim: steal PIN, OTP, bank details, Aadhaar numbers, etc .

5. Smishing (SMS Phishing)

 Attack done through text messages.
 Contains harmful links, fake offers, lottery messages, or payment alerts.
 Example: “Your KYC is expired. Update now.”

6. Pretexting
 Attacker creates a fake story (pretext) to gain trust.
 Pretends to be an IT technician, police officer, HR staff, or bank official.
 Uses this fake identity to extract sensitive data .
7. Baiting
 Attacker offers something attractive to trap the victim.
 Victim is “baited” by free downloads, free Wi-Fi, gifts, or USB devices.
 When used, malware gets installed.

8. Quid Pro Quo (Something-for-Something)

 Attacker offers a benefit in exchange for information.
 Example: “I will fix your computer; please give me your login password.”
 Used in fake tech-support scams.

9. Tailgating (Piggybacking)
 Attacker physically follows an employee into a restricted office area without ID.
 Uses politeness (“Please hold the door”) to enter secure zones.

10. Shoulder Surfing

 Attacker watches the victim’s screen or keypad to steal PIN, password, ATM code.
 Happens in public places, ATMs, offices .
1. Insider Attack
An insider attack is a security attack carried out by someone inside the organization — such as
an employee, contractor, vendor, or partner — who already has authorized access to systems and
data.

They misuse their access to steal, leak, or damage information.

Types of Insider Attacks

1. Malicious Insider

 Employee intentionally harms the organization for personal gain, revenge, or money.
 Example: stealing customer data and selling it.

2. Negligent Insider

 Unintentional mistakes by employees.

 Example: clicking phishing links, weak passwords, losing company laptop.

3. Compromised Insider

 An attacker steals an employee’s login credentials.

 Hacker then acts as an "insider" without the employee knowing.

4. Third-party Insider

 Vendors, contractors, cleaning staff, or temporary workers who have access to systems or
physical spaces.

⭐Examples of Insider Attacks

 Data theft (customer records, financial files).

 Leaking confidential documents.
 Deleting or modifying data.
 Installing malicious software.
 Sharing passwords or allowing unauthorized access.
 Sabotaging systems.

Impact of Insider Attacks

 Major financial loss.

 Leakage of sensitive data.
 Damage to reputation.
 Loss of trust from customers.

⭐
Legal penalties for data breaches.
 System outages or destruction.
2. Preventing Insider Threats
⭐1. Strong Access Control :Give access based on Principle of Least Privilege (PoLP) →
employees get only what they [Link] review access rights.

⭐2. User Activity Monitoring

 Monitor login patterns, downloads, USB usage, email activity, failed login attempts.
 Use SIEM tools to detect unusual behavior.

⭐3. Multi-Factor Authentication (MFA)

 Adds an extra layer of security.

 Prevents misuse of stolen passwords.

⭐4. Employee Training & Awareness

 Train staff about phishing, social engineering, safe internet usage.

 Regular security awareness sessions.

⭐5. Data Loss Prevention (DLP) Tools

 Prevent employees from sending sensitive data outside the company.

 Blocks copying data to USB, email, or cloud.

⭐6. Background Checks

 Verify employees during hiring.

 Reduce chances of hiring harmful or risky individuals.

⭐7. Segregation of Duties

 Break critical tasks among multiple employees so no one has full control.
 Helps prevent fraud.

⭐8. Incident Response Plan

 Have a clear plan for detecting, reporting, and responding to insider attacks.
 Helps minimize damage quickly.

⭐9. Regular Audits & Policy Enforcement

 Audit logs, permissions, devices, and compliance with security rules.

 Take strict action against violations.

⭐10. Encryption & Secure Backups

 Encrypt sensitive data to prevent misuse.

 Maintain offline and secure backups in case insiders delete or corrupt data.