Cybersecurity Threats: Comprehensive Analysis and Solutions

Verified

Added on 2023/01/12

AI Summary

This report provides a comprehensive overview of cybersecurity threats, which are becoming increasingly important as more business activities move online. It discusses the importance of cybersecurity in protecting computer-based equipment and information from unauthorized access, change, or destruction. The report identifies four main types of cyber-attacks: Denial of Service, Malware, Worms and Trojan horses, Botnets and Phishing. It also explains the different categories of cybercrime, which includes crime against a single person, property crime, and crime against an organization. The report highlights various types of cybercrimes such as email spoofing, cyberstalking, cyberbullying, identity theft, phishing, pharming, and the impact of viruses. The report emphasizes the importance of planning, implementation, and review in cybersecurity to counter cyber-attacks effectively. The report also covers the importance of being aware of the latest threats and the necessity of protecting against scams and data theft.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

It is a very important to assure that nobody is trying to steal any type of data or else money
from any of the business activities that are moving online. For securing from these type of
threats it is very important to implement cyber security. Any type of unauthorised access or
any type of destruction that may happen to any of computer related equipment or networks,
cyber security acts in these purpose for protecting these systems. Cyber-attack can be of
different type that include theft as well as any type of unauthorised access to the computers or
to any such other devices. It also includes any type of remote attack which may happen on
various computer systems or else it can be on various websites and even it can be a third
party attack as on cloud devices. On a strike of cyber-attack it cause financial loss, the
recovery cost an even the replacement cost can be very high (Rid and Buchanan 2015). Even
the reputation of the company can go down and can also cause damage to any other
companies those are related to that company.
There are four types of attacks that generally occurs.
Denial of Service: This type of attacks creates damage generally to the computer networks or
else to the applications or to any systems and exhaust all the resources. Once this attack
happens to the systems, the hackers asks for an amount of money that is termed as ransom,
after which the access is given to the user.
Malware, Worms and Trojan horses: This type of attack happens on various websites those
are non-malicious, but after the attack the websites become malicious. This type of harmful
viruses are spread through emails, through various malicious websites or else through instant
message.
Botnets and zombies: In this case in the central controller which creates a robot network into
which a number of computers are connected. This type of computers are called zombies
botnets, these are made for stealing of data and it is also very difficult for detecting.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Scareware: These are the fake warning of security. This attacks are highly profitable for the
cyber criminals as because many of the users think these warnings to be real and thus follow
certain steps that are instructed regarding this threats.
This is an important factor for various companies in protecting themselves from any type of
scam threats, thief of data or else any type of other vulnerabilities. Planning is the only
solution from preventing this type of practises. In this planning it may include to know which
the information assets that are very critical and then to study that what will be exposed due to
this type of risks. The legal requirements and the compliance requirements are to be detected.
Implementing is another important factor that is to be noticed, such as what type of security
controls that is to be taken specifically for specific IT systems and all other outsource staffs
should know their responsibilities. After that also if any type of attack happens further, what
are the steps that is to be followed to protect their business from the attack.
Finally reviewing is an important factor that is always to be done. It is very important to test
the effectiveness of of the controls. Right after completion of monitoring any required actions
should be done regarding the problems monitored. Knowledge regarding the latest threats
should be kept into account. Thus by following all the above three process it will be easier to
counter any type of cyber-attacks.
In todays world computer is a part of human’s life. It is almost impossible to remove
computer from the life of people. The high rising technology made life much easier and helps
in connecting remotely through interconnected networks. There are certains ways through
which people are connected among themselves such as via smart devices etc. In these various
type of gadgets various important informations are stored, even they are used for booking
tickets, banking online, play games or can be used for shopping online. It also helps in
connecting of friends through Social Medias. Today’s network system made the

communication more simpler and thus various type of opportunities are provided depending
upon this. Numerous number of challenges and even threats are there regarding to these
usage of networks. These type of threats are known as cybercrime.
Any type of illegal activity that is done through the internet is termed as cybercrime. In this
case it includes identity theft which may cause steal of email id’s and the passwords as well,
after that the particular account may be used as fake and thus may use for any type of
criminal activities. Then there are various other type of threats available through the internet
which include any type of internet fraud, may order various goods on fake name and they can
also extract contacts. Even they can imitate currency, objects and documents of unknown
people for various bad intentions and may also harass the person.
Generally cybercrimes are divided into three different categories:
 Crime can be done on a single person
 Property crime
 An organisation or a society may also get affected by any crime
1. Crime done on a single person: In this case of offence a single or a particular person
gets affected. This type of crimes are committed in the following forms:
a. Email spoofing: Spoofing is meant by misleading. In this case of crime a message is
received by the receiver and the receiver gets to believe on that message. In actual
which is not true. This is a fake message message. When the user opens the particular
link that is attached with that message, the following system gets affected by virus.
b. Cyber Stalking: In this case harassment is done on the victim by the attacker through
various means of communications, including emails, blogs etc. It can be a known

person of the victim or it can be an unknown person aswell. There are various acts
the attacker performs in cyber stalking:
i. By posting various type of false information about the victim in the internet.
ii. Online activities of a particular person is monitored.
iii. Many types of virus are send in the victim’s system to damage his/her system.
iv. Giving different threats to victims or to the victim’s family.
v. Many type of cheap magazines are subscribed and even the attackers order different
items to humiliate the victims, and even they send these items to their home or into
their workplace.
Fact that is to be known: In case cyber trafficking, there happens various type of
crimes such as selling of drugs, various type of weapons and it can also be selling of
human beings. Various type of encrypted messages are delivered between the
attackers to perform their work and any type of such criminal activities. There are
certain criminals who builds various websites to perform such type of criminal
activities.
c. Cyber Bullying: Harassment or else harming through IT intentionally is known by the
term. This crime includes various type of spreading of rumours or even any type of
remarks those are insulting through emails or through any type of social media. This
acts arte done generally upon nationality, race, religion and gender as well.
i. Know more: Defamation is termed as a type of communication which is
intended to harm or to damage reputation of a particular person, or the
business, or else product, nation, government and religion as well.
2. Cybercrime that is done against property: Someone’s property stealing is a very
common practise in real life. In the world of internet also there are certain people who
intends to steal something valuable or to rob something. In general bank details of

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

various person are stolen thus illegally they withdraws money through internet. Even
this results in illegal practise of using other people’s credit cards or damage any
system by various harmful software.
a. Identity theft: In this case it is defined as if someone’s information is stolen or
being misused. All of those people who usually uses the internet for different bank
services, shops online and even transact cashes through online. In the informations
that are stolen, it includes the account number of a person, maybe the name of that
person, debit card or any type of such card’s number and even it can be the date of
birth of any people. After the informations are stolen, this information’s are used
for various UN lawful tasks such as illegally withdraw of money or any type of
such illegal works. This types of hacking are generally done by hacking the
network of the victim or by imposing a harmful software into the victims system.
i. Fact that is to be known: One type of program known as key logger which
is generally used for checking the keystroke and any type of other personal
information of the user.
b. In this type of attacks many types of military websites or any other government
websites get effected. Phishing: In this act any type of fraud email are send to the
user and make the user to believe on that email that it is from any trusted
organisation or from any trusted person. In the process the user is instructed to
visit a particular website where from it is instructed to give the user’s personal
details or update them. After this the attackers use this details for performing any
type of crimes.
i. Fact that is to be known: Vishing is a type of criminal practise which is
done in the telephone system by using social social influence. This type of
acts are done generally with the help of VoIP, and used to access on the

personal information of various people that includes accessing of debit
card details etc. This act is termed as a combination of phishing and voice.
c. Pharming: In this case a small code is installed in the victims system that redirect
the system to various malicious websites without any type of notification to the
victim. Thus this leads to get various type of personal information of the victim,
such as passwords, etc.
i. Let’s know more: In this case the victim is manipulated to perform various
unlawful tasks. This is termed as Social Engineering.
3. Organisations under cybercrimes: This type of attacks are highly planned and this acts
may cause huge amount of effect into the computer networks. Huge number of
civilians gets effected due this type of tasks.
a. Transmitting Virus: Computer virus is defined as a type of computer program or
else a number of computer programs that creates effect on a normal functioning
computer. This type of viruses generally effects or destroys the data. A type of
virus which is known as biological virus that enters to any of the computer system
without giving any type of notice to the user. Virus is illustrated as “Vital
Information Resources Under Seize”. Due to the spread of virus it affects the
processing speed of the computer system, hamper the programs, effect on data,
etc. The programs present in virus a self-replicating that expands automatically
and spread throughout the infected network and infects the data of the system,
files present in the system and all other types of effect. Making of the program of
the virus and implementing it into the network is a type of cybercrime. All of t6he
virus are to be executed. That when any virus is present in a computer system, it
will not affect the system until and unless the program is opened in the system.

i. Fact that is to be known: The most expensive virus in the present world is
called MyDoom. This virus have already caused a damage of around $38.5
billion.
Types of Virus:
There are various viruses which are classified into the following:
1. Boot Sector Virus: These are the types of virus which cause damage into the boot
sector of floppy discs or to the hard discs. There are small sections into which a hard
drive is divided. Of which boot sector is the first section. It consists of the record
known as master boot which results in reading of the operating system. While the
system is booted the boot sector virus activates and it destroys the data present in the
hard disks. The example of this type of virus are disk killer virus and the stone virus,
etc.
2. Program file virus: This is the program that infect the files that is to be executed,
specifically the files that have the extensions of .sys, .exe, .drv, .com etc. This are
viruses that loads into the memory and thus gets executed. This type of virus replicate
themselves and infect the files present in the system and cause them into permanent
damage. There are certain examples such as Cascade, etc.
3. Multipartite Virus: This is the virus which is a combination of Boot Sector virus and
Program File virus that are easily spread into multiple ways. This type of virus enters
the system and thus infects all the media present into the system. After causing
damage there this virus creates damage into the boot sector and starts to spread. The
after that goes to infect the hard drive and many more, which results in infection of
the executable files. Some examples are Tequila, Invader etc.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

More to know: In the list of crime ware application there are the bots, whih performs
a numerous number of tasks automatically and thus works for the cyber criminals.
4. Polymorphic virus: According to the name this type of virus can be of different forms
when they infect each and every times a different file. It also changes the virus’s
binary pattern so that detection is avoided. Some examples are Marburg, Elkern, etc.
5. Network virus: This are the viruses that spreads via LAN and also in the internet.
This are the types of virus that spreads while sharing of any type of file through the
network. After the completion of one attack of the virus it keeps o following the
network and thus find its new target. It keeps on affecting one after another virus. One
of the big example of this type of virus is called Nimba and there is another one called
SQl Slammer.
6. Macro Virus: In this type of virus there are various types of softwares present, such as
PowerPoint, Word. Suppose if a file is already infected, if anyone opens the file, the
virus instantly gets into main memory and gradually destroys the data that are stored
into the hard disk. There are a number of sequence of actions in present in the
program of the virus which if activated will severely affect the system. Some
examples of this type of virus are Bablas etc.
7. Cyber Vandalism: In the aim of performing various harmful tasks this is created with
various malicious programs into it. In the aim of doing any harm to the computer it in
inserted into the system that cause is erasing of all the data in the system and it may
also cause in stealing of the information from the system.
8. Hacking: It is the act which cause to an entry to the network that is illegal. Hackers
build up various programs and implement the programs into the system. There are
some different type of hackers who just does this type of crime just as for enjoyment

while others may have some type of serious intentions and cause various types of
serious damage as strealing of informations, transfer of money, etc.
9. Child Pornography: The computer network is used for the reason of distributing
various contents that may cause effect into mind of under aged children. There are
certain people present who are attracted to the children pornography and thus this lead
in happening of this type of harmful acts.
10. Cyber Squating: In this case anyone who have a goodwill, the advantage of this is
taken and thus use this goodwill to perform any unlawful act.
11. Forgery: This is a type of crime that defines if anyone have made any false copy of a
specific document, which includes Adhere card, Pan Card etc. Various types of
scanner is used to perform this type of tasks.
12. Cyber Extortion: This is an act which is specified as, if an attack is done on a victim,
after which a pay has been asked by the attackers to stop any of such further attack. It
is generally done in the way of blocking a particular system or any Ransomeware.
This attacks are performed by spreading of emails.
13. Cyber Terrorism: In this case terrorism act is done in the internet by using computers
that results to cause panic. It is done as the motive to cause a big effect over the
government or to do any social act such as any type of religious activities or national
activities.
Fact that is to be known: There is a term called Cyber espionage which is meant for
having secrets of any particular person, may be a competitor or as such (Danks and
Danks 2016). This creates exploitation that is illegal in the network.

Cyber Security:
It is the term that defines as collection of various type of technologies or processes which
have been structured in the means of protection of networks, data etc. from the attackers
(Bada, Sasse and Nurse 2019). This includes the following:
1. Antivirus: It is a type of program of computer. It is made for the aim of identification
of viruses and the way to prevent them and thus remove them. There are a number of
tasks that is done in the computer:
a. It scans the whole system and finds for any type of virus that is known to the
antivirus.
b. It also looks for any type of unwanted acts in the computer system and works on
that act.
c. Scan all the mails that are received in the system as because this emails may
contain files of virus into it.
d. There are few lists of computer virus which are used nowadays:
i. Quick Heal, Symantec Antivirus etc.
e. Antivirus Software features:
i. Scanning of the full system: This types of scan helps to scan the whole
system (Buczak and Guven 2015). These are usually done when the antivirus
have been installed in the system or at the time when the antivirus software
have been updated.
ii. Custom Scan: It is used for the users to scan the system as per the
requirements of the user.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

iii. Virus Definitions: The antivirus software’s which are installed into the
systems identifies the virus just by the definition of the virus. So a periodic
update is necessary for knowing of the new virus available.
iv. Actions that should be taken by an antivirus: Mainly there are three type of
action which is generally taken by the antivirus software. Those are as
follows:
1. Repair: In this case the virus which is identified is usually removed
from the system.
2. Delete: In this procedure the file into which the virus is found, the
whole file gets to be deleted along with the virus present into the file.
3. Quarantine: Whenever there is a doubt on a file, that the file may have
been affected by virus. The file is kept separated from all the other files
thus helps in stopping the spread of the virus.
2. Firewalls: This is a type of security-system present in a computer system that helps in
preventing of any unauthorised access. It can be used in both hardware and in
software. It is applied in the gateway of certain networks after which it helps in
protecting the network by controlling incoming traffic and outgoing traffic.
3. Encryption Software: At the time of data transmission in the network the privacy of
the data may be removed. Encryption is the technique that helps in protection of the
data. In this technique the data is transferred into a form of data type that is not easily
recognisable. The data that is encrypted can be termed as Cipher Text. In case of
reading of the data, the encrypted data is to be decrypted. This is the process
decryption.GnuPg is the software which can be used for encryption.
4. Biometrics: This one of the method which give allowance to an individual for any
kind of authorisation. In this process a particular person is recognised by any of

his/her individual characteristics. It can be implemented to a system, thus for
accessing the system biometrics of that individual is required.
5. Passwords: It is a type of process which include a sequence of numbers, symbols and
even alphabets that is unique for a specific password and can be used as a secure
access to any particular system. In case of protection strong sequence of password
should be set for better security.
6. Backups: It is a process of safety features of data that is to be applied. Keeping
backup of any data, or making a duplicate copy of data which will help in restoring of
the data if at any case the original data is lost.
More to know: Click jacking: it is a technique which is malicious for the user. In this
case the user is made to click onto something that will lead to some malicious acts
which may lead to any type of insecurities (Wu et al. 2016).
7. Cookies: A web server generally sends a text message to the web browser: The data is
stored in text file. The file is termed as cookie. This can be used to customize various
web pages. Not every time accessing the same website, the data is not to be filled
every time with the help of this cookies. This are a generally safe can be deleted any
time required. In any case if any unauthorised person reads this files, it may cause
harmful effects. Hackers uses cookies for getting the access into various sites and thus
can gather various information of the user. The practise of deleting the cookies is to
be done periodically to keep all the information available in the sites safe.
It is a technique to protect data. The data can include information of someone or something
that is stored. Network, servers are the different gateways to get into the data.

Cyber-attacks are the exploitations of those data. In many cases various business
organisations and even individuals are affected by this attacks.
This type of attack comes to practise almost every time. The organisations can be big or it can
be small over which cyber-attack may take place. It is important to be educated enough of
these type of attacks which will lead to counter the threats.
Cyber-attacks Type
There are 8 types of threat that occurs commonly.
1. Malware
a. Computer Virus
i. Email Attachments
ii. Software Downloads
iii. OS Vulnerabilities
b. Spyware
c. Adware
d. Worms
e. Trojan Horse
2. Phasing
a. Confidential Data are stolen
b. Harvesting of the Login Credential
c. Impersonating
3. Password Attacks
a. Attacks by Brute Force
b. Dictionary Attacks
c. Key logger Attacks

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4. DDoS
5. Man in the Middle
6. Drive-By Download
7. Advertising
8. Rogue Software
Malware: It is a term that defines all types of cyber-attacks that include Worms, Trojans
and even viruses. Simply it is defined that malware is consisted of coded, which is meant for
malicious act. According to the type of damage it is understandable that what is the malware
type and thus it become easy in dealing with such types of malware. Firstly, one type of a
malware is virus. It is a biological term which cause different malware functions in the
computer system. Once this type of malware is injected in a computer system, the virus
spreads of its own and thus cause damage to the whole network. This files appears as
accessible files which if opened it starts it action. One of the type of virus is Trojan. This act
as a secret software, if any software found that would cause damage to the virus it disguises,
thus detecting of this type of files is very difficult.
There is another type of malware known as worm. This is the malware which effects the
whole network, may be a local network or it can be throughout the internet. The malware
infects a machine, after that follows the next. Like this it keeps on infecting one after the.
Botnets are imposed to work with the attackers in implementing of this type of attacks.
As explained there are different types of virus which have different type of characters, thus
the process of removing the different malwares is also different. One of the most important
way to prevent the attacks of this malware is to stop clicking on different unknown links, and

open different unexpected files. Firewall are to be imposed in the network. Whatever
operating system is used it should be updated all time.
Solution to Malware:
i. Suspicious links
a. Clicking on suspicious links should be stopped.
b. Before entering into any URL, whether the URL is original or not must be
judged
ii. Updated Firewall
a. The firewall should always be kept updated
b. Firewall always prevent larger amount of data to stop passing of malware
contained in the file.
iii. Updated OS
a. It is to be noted that the computer is updated or not.
b. The OS should always be updated in a periodic manner.
Phishing- Generally happens as a data request from third party. Phishing attacks take place by
sending messages via e-mail, requesting the user to tap on the link and provide their personal
details. The phishing emails of recent days are following more sophisticated way, making it
undistinguishable for a user from permissible requests. Now those mails are generally
categorized as spam but can harm a user from every means than a general advertisement.
Those mails are coming just like as a mimic or spoof of credit card, mails from e-commerce
site and organization like Amazon, Facebook and Flipkart. Those mails are designed just like
the original one to make user confused and collect their important information, but on this
scam of phishing fake-mails are just a part of it. The phishing happens through a series of five
steps. The first part of the procedure is planning in which the fisher decides about his

potential target business, and plans on the procedure to find out the email address of the
consumers of the business. After finding out the target organization and selecting the
potential victims the fisher goes through the setup phase, in which he plans for a method
through which will be able to send them a message and collect the victim’s personal
information as a response of the message. Next step is execution, in which the fisher uses a
phony message wrapped in the message structure of reputed companies. After that fisher
records the information entered by the victim in his pop-up window or directed webpage, and
uses the hacked information to purchase illegally or attempt fraud case. From the old records
it came to light that about ¼th of the victim could not recover fully.
So, which are the exact procedure to prevent one from getting effected by fishing.
Solution to avoid fishing.
 At first go through the email address of the sender.
 Look thoroughly to identify the addressing, that are common and generalized.
 Every time hover over the button or link to find out the address in which it will
redirect.
The only possible option that one can keep him same is through gathering ideas on the
working procedure of phishing mails. Most of the phishing mails carries some properties,
which are very specific. The first property is having something that will follow a generalized
way to address the client. Next part is very reputable sources never send such messages, so if
one inspect about the sender mail id, though it stays written as Amazon but the original will
look something like management@mamazoncanada.ca which definitely not look like the
official address of Amazon and redirects someone to www.fakeamazon.com. Basically this
type of mail should be forwarded or acknowledged by the responsible authority is the mail is
found to be fake one.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Password Attacks: An attempt in the desire to decrypt or obtain a password of user to use for
illegal purpose is known as Password Attacks. Hackers use some strategies like- dictionary
attack, cracking programs, password attacks, and password sniffers to obtain their goal.
Password Cracking defines various procedures to discover the victim’s machine password.
The aim is achieved through the stored data or data that transported from victim’s end.
Cracking usually uses a sophisticated algorithm to recover password by continuously
guessing and trying different combination until it matches the original one. To gain the
unauthorised access to the victim’s system without his concern is the most aimed reason of
password cracking. Now it is marked as cyber-crime – as to hack password in the aim to get
access in bank accounts. In recent days there are 3 ways that are followed to attempt
password cracking. Brute-force attack is the first one in which the hacker uses a computer
algorithm or script which tries the possible combination of password that starts with the
password, which could be guessed on the first shot. Such as if one hacker could be able to
obtain the list of a company, it is easier for him to guess the probable username that one may
use and if anyone of them uses a password like three two one, it would be very easy and
quick to guess his password. The second one is known as dictionary attack in which the
hacker uses an algorithm or script that will cyclically try the probable combination of words,
which are commonly used. In comparison with the systematically search procedure of
proportional space in brut-force attack, in dictionary search a combination of possibilities
those are likely to bring success. The possibilities is obtained from a word list like dictionary.
In practice, the dictionary attack get succeed as most of the user got a tendency of using
password which are consist of short single word of dictionary or easily predictable
combination of words even a appended digit also. And the last one of the list is keylogger
attacks. In this case the hacker applies a sophisticated algorithm to track down all the

keystrokes by the user in an aim to store down all the information which even includes the
user’s login IDs and passkey. This attack differs from other two now only in the algorithm is
used as login program but also using a strong password isn’t a solution to this problem. As a
result an organisation or business must have an authentication procedure that depends upon
multiple factors.
Now a day the only way to protect oneself from the burning problem of hacking, the probable
solution is to practice the most efficient practice that is discussed in the password industry. So
to stay safe one must try to modify his password every day, should practice of using alpha
numeric characters at the time of deciding password and shouldn’t ever use actual dictionary
words. Using a garbage word that contains no meaning could be used in password to increase
security.
Remedy to Password attacks;
 By updating password
 Most efficient way to avoid being hacked is practicing to change password
on daily basics.
 Different password should be used for different account.
 By using Alpha Numeric
 Best practices must be followed in deciding password
 A practice of using verity of characters and proper use of Alpha-Numeric
must be followed
 By using out of dictionary word
 Using a word as a password which only understandable by the user could be
a great practice.
 Actual dictionary word as a password is prone to get effected.

DDoS: A DDoS attack or Distributed DOS (Denial of Service) or attacks to a dos fall in this
category, it is focused on disrupting the network service just like the name explains. Hackers
delivers a huge volume of traffic in the network, till it becomes overloaded losing the ability
to perform. To achieve the goal the hacker could follow many ways in which the most used
one is the distributed DoS attack. In this attack hacker uses multiple computing device to
deliver the data or traffic into the network to overload the system. Most of the time the user
doesn’t get a hint that his machine got hacked and taking part in DoS attack. The disrupted
network or the machine have could effect from many means like on security and access to
online portals. Many a time those DoS attacks in large scale have been used to s
Way of prevention
 By analyzing traffic
 By controlling traffic
 Proper recovery management
Man In the Middle Attack: By trespassing between the endpoints of information exchange
that is happening online, man-in-the-middle attack gives the hacker the comfort to obtain all
the information from an end user in the path of communicating with whom the user is
intended to/ as an example at the time of accessing bank accounts man in the middle
communicates with both user and the bank by impersonating one from the other. Thus, in this
case, the attacker could get all the sensitive information from both parties suck personal
information and even the bank account details.
How exactly, does it work! On the general cases the MITM hacker finds out an access point
that isn’t encrypted or not using any security measure or WEP WPA, then they spoof a
resolution protocol of address to obtain the information that is being transferred between the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

sending and receiving party. The protocol is used at the time when someone connects to his
gateway, from his device.
How exactly one can stay safe from MITM attack! One should get habituated in using
encrypted WAP which defines an access point that is also encrypted. The security of the
connection to the network must also be taken in the counter as when someone tries to
compromise with another security wall his first target is to inject SSDs and SC DPS into the
victim's website, which will tell upon the security protocol. So if one’s website doesn’t
contain something like HTTPS while accessing a website that is not secure could cause to
compromise the credentials and the results that one can take into consideration is by checking
thoroughly in the virtual private network that spoofed the entire IP and can access the internet
without any hazard.
MITM Prevention:
 The practice of using encrypted WAP.
 The practice of checking the connection’s security(HTTPS/HSTS)
 Invest wisely in the VPN.
Drive-by Download: This problem takes place on the vulnerable devices when they get
affected only be entering into a website. Depending upon the report by the Security
Intelligence of Microsoft and from taking in a counter of the reports by the older versions it is
concluded that Drive-by Exploits is at the top of the security issues list. Now just a visit to a
website that is compromised may be caused into installing the dangerous code on a device. If
one just access such an unauthorized webpage without aborting or tap in accept those
dangerous codes could start downloading at the background of the computing device. Drive-
by Download generally explains the downloading of malicious software or virus into the
devices without the concern of the authority. The outdated app, browser or webpage that have

security flaws are prone to get affected by Drive-by Download. Initially, a very small code
gets downloaded which is just a pathway to get connected to another machine, from where
the rest of the code is being downloaded in the target devices. Most of the time a webpage
carries different types of codes in the target that one of them would be able to fit the victim’s
security issues.
How the procedure takes place! When a site is visited a packet script gets triggered at the
time of connection TCP/IP through a 3-way Handshake. Next, the malware gets injected into
the system, by sending the last ACK packet which triggers the downloading.
One should practice avoiding malicious and dangerous websites visiting to stay safe from the
problem. That website could contain adult files or can offer the user the trip to the Bahamas
for free. The other way is to keep the browser and OS updated so that it will inform the user
if he enters into a malicious side, depending upon the safe search protocol. Another option is
to use updated anti-malware software like McAfee all-access.
Malvertising: In the security industry malvertising means the advertisement controlled by
hackers which are specially designed to infect businesses or people. By a report from the US
Senate, it was informed that any site could contain such ad and even stay in our daily used
sites in a trustable figure. With the development of technology those ads also got designed in
a manner that looks indistinguishable from a normal one, the only difference is those ads
have been designed by criminals to achieve unethical means.
If there is a distinguishable difference in the ad from the original company ad, one can easily
identify it. But on clicking those that will start downloading the malware code in the
background which is giving access of the computer to a criminal server, and the user gets
infected, which could cost into real harm.

The way to stop Malvertising: One should practice using ad blockers or the extension
installed on his browser, whatever kind he uses. All of the browsers like Mozilla, FireFox,
Chrome, and others offer the facility to the user. All browsers and other peripherals
applications should be kept updated and the other part is to judge situations depending on
common sense to avoid the nuisance. Any ad or site that offers free prizes should not be
opened as most of them could lead one to get infected.
Prevention
 Use of Adblocker
 Updating software in regular basics
 Implementation of common sensetand against individual or government.
Rouge Software: It is defined as a security software which is in a malicious form. Even it
creates fraud in the internet which leads to misleading of the users. The user’s starts to
believe that there may be a virus, and the user have to pay a certain amount in case of
removal of the virus or to get the removal tool. It is simply a scare that is created to the user
although it is not an original malware. This is the software which caused a very serious threat
of security starting from the year of 2008.
This is the scam which manipulate the users in downloading of the program available. This
downloads are generally available for free, sometimes even there are some versions which is
to be brought by money. The user’s mind gets manipulated even to download the file on
behalf of paying a certain amount. Even there are certain pop up that arises giving the
message that the system is out of security and by clicking on this pop up it will be managed
to secure the system. After this once this are opened and even installed the malwares get

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

infected into the system. In the case of prevention of this action updated versions of the
firewall is to be kept and it is to be checked periodically that the versions are updated or not.
Always trusted antivirus should be installed in to the system. There are three general ways
that will keep the system safe from thus type of attacks:
i. Updated Firewall
ii. Use of Effective versions of Antivirus
iii. General Distrust
Ransomware: In today’s world, the practise if ransomware is very common. It is a type
of malware which is diabolical and it is highly hitting the market in these days.
Generally a ransomware enters to the system through an email in which the virus is being
attached or sometimes it also enters the system or into the network through a Trojan horse
attack, that will further lock the whole system and after which will ask for a certain amount of
money on behalf of which the attackers will unlock the system (Scaife et al. 2016). Even there
are certain fake versions of ransomeware that are meant to just create panic among the users
thinking of that there can be a virus present into the system or into the network. Generally
there are certain pop up which delivers the message that there is a malware file identified in
the system. In account to the attempt that should be taken to get rid of these attacks are by
ignoring the pop up or by ignoring the warning message that is redirecting to open the link.
Even the message can be highly deliberate, saying that the system is being used to do any
type of illegal activities, and these type of messages will be shown as if it is sent from the
FBI, which redirects a solution, is to pay a penalty online. This absurd instructions are also
being followed by different people. While ransomware is more infectious, as this generally
locks the system and beside of which it do not even allow the user to access any of the file
present and those are also encrypted by them. One of the most infectious of all is the crypto

locker that was made in the year of 2013. Even after paying of the asked amount, at many
cases the files are not returned to the user. This ransomwares just take she bit coin and gets
off. Though there are certain ways which may result in removing the malware from the
system, thus can be done by booting the system in the safe mode or by using updated anti
malware software. If in any case an encrypted version of ransomware attacks the system, in
that case there would be no chance to save the system and the user have to follow all the steps
as directed by the attacker. Thus to prevent all the data from getting lost due to this attackers
the data should be backed up in the offline mode.
At a particular report created by the Symantec, in the year of 2016, to found that 57percent to
be consumers while the rest 43 percent are the organisations. This is the report that concludes
most of the victims are consumers.
There are different strategies that are followed by the attackers, they tried to impose different
ideas and different new ways for extortion.
Here are the main of all the methods that the attackers use today,
1) DDoS is a type of attack in which the websites are blocked and not opened until the
ransom is paid to the attackers. In this case huge amount of traffic is imposed to the
target website and this leading to the stoppage of the website. Here the traffics that is
imposed into the website does not care of to visit the particular website. The intention
of the traffic is to simply block the website. Thus accessing of the website is stopped,
which is termed as DoS. Besides the attack happens on to a single computer but the
traffic is created from different systems that is the reason it is called DDoS. After the
attack a message is sent to the user notifying that is the amount is not paid the attack
will not be removed.

2) Data Breach is another type of attack. In this case the attackers takes of all the data of
a particular network and demands of a ransom, and if not paid the data will be
released openly into the internet and everything relating to the company will be
exposed. The attackers gives the victim six chances to pay the ransom, if fails to do so
the data gets published.
3) Another type of attack that comes into account is DoSA, in this case a software is
built to encrypt all the data that is available and not decrypted till the ransom is being
paid. This type of denial attack is not distributed. In this case the attacker runs a
malware into the system of the victim. After which all the data gets unavailable for
the victim and then after the attacker asks for a ransom on behalf of returning the data
back. There is another form of this type of attack. This type of attack is called crypto
ransom type of attack. In this case the system is locked instead of encrypting the data.
In both of the cases the attackers asks for an amount of ransom on behalf of which the
data is released back to the victim.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Reference-
Bada, M., Sasse, A.M. and Nurse, J.R., 2019. Cyber security awareness campaigns: Why do they fail
to change behaviour?. arXiv preprint arXiv:1901.02672.
Buczak, A.L. and Guven, E., 2015. A survey of data mining and machine learning methods for cyber
security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), pp.1153-1176.
Danks, D. and Danks, J.H., 2016. Beyond machines: Humans in cyber operations, espionage, and
conflict.
Rid, T. and Buchanan, B., 2015. Attributing cyber attacks. Journal of Strategic Studies, 38(1-2), pp.4-
37.
Scaife, N., Carter, H., Traynor, P. and Butler, K.R., 2016, June. Cryptolock (and drop it): stopping
ransomware attacks on user data. In 2016 IEEE 36th International Conference on Distributed
Computing Systems (ICDCS) (pp. 303-312). IEEE.
Wu, L., Brandt, B., Du, X. and Ji, B., 2016, October. Analysis of clickjacking attacks and an effective
defense scheme for android devices. In 2016 IEEE Conference on Communications and Network
Security (CNS) (pp. 55-63). IEEE.