Cyber security or information technology security are the techniques of protecting computers, networks, programs and data from unauthorised access or attacks that are aimed at the exploitation of cyber-physical systems and critical information infrastructure.
Cyber threat
- A cyber threat or cyber security threat is defined as a malicious act intended to steal or damage data or disrupt the digital well-being and stability of an enterprise.
- Cyber threats include a wide range of attacks ranging from data breaches, to computer viruses, denial of service, and numerous other attack vectors.
Types of Cyber Threat
Cyber threats can be disaggregated, based on the perpetrators and their motives, into four baskets:
- Cybercrime
- Cyber terrorism
- Cyber warfare
- Cyber espionage
Methods of Cyber Crime and Cyber Terrorism
Hacking
Hacking is an attempt to exploit a computer system or a private network inside a computer. Simply put, it is the unauthorised access to or control over computer network security systems for some illicit purpose.
Viruses
It is a malicious program where it replicates itself and aims to only destroy a computer. The ultimate goal of a virus is to ensure that the victim’s computer will never be able to operate properly or even at all.
Trojans
A trojan is one of the most complicated threats of all. It has the ability to hide from antivirus detection and steal important banking data to compromise your bank account. If the Trojan is really powerful, it can take over your entire security system as well.
Computer Worms
A computer worm is a type of malware that spreads copies of itself from computer to computer. A worm can replicate itself without any human interaction. For example, Stuxnet.
Denial of Service
Denial-of-Service (DoS) is an attack targeted at depriving legitimate users of online services. It is done by flooding the network or server with useless and invalid authentication requests which eventually bring the whole network down, resulting in no connectivity. As a result of this, users are prevented from using a service.
Phishing
A fake website which is designed to look almost like the actual website is a form of a phishing attack. The idea of this attack is to trick the user into entering their username and password into the fake login form which serves the purpose of stealing the identity of the victim.
Email Related Attacks
Crimes using emails form the larger threat to cyberspace. Spreading rumours, luring people with wrong information, issuing threats and posing defamatory messages, etc. are some types of email-related attacks.
Social Engineering Attacks
Tricking computer users into revealing computer security or private information, e.g. passwords, email
addresses, etc. by exploiting the natural tendency of a person to trust and/or by exploiting a person’s emotional response.
Whaling
A whaling attack is a targeted attempt to steal sensitive information from a company such as financial information or personal details about employees, typically for malicious reasons. It is called “whaling” because of the size of the targets relative to those of typical phishing attacks, “whales” are carefully chosen because of their authority and access within the company.
Encrypted Messages
Terrorists, fundamentalists, insurgents, rebels etc. use encryption to mask the data they want to store or communicate. It is not an easy task trying to decrypt the encrypted messages.
IP Spoofing
IP spoofing refers to connection hijacking through a fake Internet Protocol (IP) address. IP spoofing is the action of masking a computer’s IP address so that it looks like it is authentic. During this masking process, the fake IP address sends what appears to be a malevolent message coupled with an IP address that appears to be authentic and trusted.
Skimming
Skimming is the illegal copying of information, from the magnetic strips found on credit cards and debit cards. Card skimming is considered a more direct version of a phishing scam. Store clerks who skim cards may do so by having customers swipe their cards more than once, or by taking the card to another location within the store. Card skimming may also occur when a perpetrator rigs an ATM with a card skimmer. The end result of card skimming is unauthorized access to finances through the technique of illegal copying of debit and credit cards.
Ransomware
Ransomware is a form of malicious software that locks up the files on your computer, encrypts them, and demands that you pay to get your files back. The world has seen several major Ransomware attacks in 2017, notable mentions are Wanna Decryptor, WannaCry, and Petya.
Challenges to India’s cyber security infrastructure
- Structural
1. Absence of any geographical constraints.
2. Lack of uniformity in devices used for internet access.
- Administrative
- Lack of national-level architecture for cybersecurity
- Security audit does not occur periodically, nor does it adhere to international standards.
- The appointment of the National Cyber Security Coordinator in 2014 has not been supplemented by creating liaison officers in states.
- Procedural
- Lack of awareness in local police of various provisions of IT Act, 2000, and also of IPSC related to cybercrime.
- Lack of data protection regime.
- Human Resource Related
- Inadequate awareness among people about the security of devices and online transactions.
steps were taken by India to strengthen cyber security
- Section 66F of ITA: Specific provision dealing with the issue of cyber terrorism that covers denial of access, unauthorized access, the introduction of computer contaminants leading to harm to persons, property, critical infrastructure, disruption of supplies, and ‘sensitive data’ thefts. Provides for punishment which may extend to life imprisonment.
- National Cyber Security Policy 2013: Policy document drafted by the Department of Electronics and Information Technology. Established National Critical Information Infrastructure Protection Centre (NCIIPC) to improve the protection and resilience of the country’s critical infrastructure information; Create a workforce of 5 lakh professionals skilled in cybersecurity in the next 5 years.
- National Critical Information Infrastructure Protection Centre (NCIIPC): It has been set up to enhance the protection and resilience of the Nation’s Critical information infrastructure. It functions under the National Technical Research Organization (NTRO).
- Computer Security through CERT-IN: Organization under the Ministry of Electronics and Information Technology with the objective of securing Indian cyberspace. The purpose of CERT-In is to respond to computer security incidents, report on vulnerabilities and promote effective IT security practices throughout the country. According to the provisions of the Information Technology Amendment Act 2008, CERT-In is responsible for overseeing the administration of the Act.
- Cyber Surakshit Bharat Initiative: It was launched in 2018 with an aim to spread awareness about cybercrime and build capacity for safety measures for Chief Information Security Officers (CISOs) and frontline IT staff across all government departments.
- Cyber Crisis Management Plan (CCMP): It aims at countering cyber threats and cyber-terrorism.
- National Cyber Coordination Centre (NCCC): It seeks to generate necessary situational awareness of existing and potential cyber security threats and enable timely information sharing for proactive, preventive and protective actions by individual entities. National Cyber Security Coordinator (NCSC) under National Security Council Secretariat (NSCS) coordinates with different agencies at the national level for cyber security matters.
- Cyber Swachhta Kendra: This platform was introduced for internet users to clean their computers and devices by wiping out viruses and malware.
- Information Security Education and Awareness Project (ISEA): Training of personnel to raise awareness and to provide research, education, and training in the field of Information Security.
Critical Information Infrastructure (Cll)
Critical Information Infrastructure generally refers to: Information and Communication Technology systems that are essential to the operations of national and international Critical Infrastructures. Some examples include:
- Telecommunication networks;
- Transportation;
- Financial services; and
- Industrial Control Systems/SCADA (Supervisory,
Control and Data Acquisition) used to manage energy production and distribution, chemical manufacturing and refining processes.
| Sector | Critical Infrastructure |
|---|---|
| Transportation | Civil Aviation Railways Shipping |
| Power and Energy | Thermal Power Hydroelectric Power Nuclear Power Petroleum/Natural Gas Power Grid Refineries |
| Information and Communications Technology | Public Switched Telephone Network (PSTN) Satellite Communication Network Backbone Mobile Telephony Broadcasting |
| Banking, Financial Services and Insurance | Reserve Bank of India Stock Exchanges Banking Clearing Houses Payment Gateways |
| e-Governance and Strategic Public Enterprises | NIC e-Governance Infrastructure |
Popular Cyber-Attack Tools
| Tools | Description |
|---|---|
| Spyware | Malware is designed to spy on the victim’s computer. |
| Scareware | It is something that is planted into your system and immediately informs you that you have hundreds of infections, which you actually don’t have, to trick you into purchasing a bogus anti-malware. |
| Keylogger | It keeps a record of every keystroke you made on your keyboard. |
| Adware | Is a form of threat where your computer will start popping out a lot of advertisements. |
| Backdoor | It is a form of the method where once a system is vulnerable to this method, the attacker will be able to bypass all the regular authentication services. |
| Botnet | It is installed by a BotMaster to take control of all the computer bots via the Botnet infection. |
| Dropper | It is designed to drop into a computer and install something useful to the attacker such as Malware or backdoors. |
| Cookies | It is just something used by most websites to store something on your computer. |
| Bluesnarfing | The act of stealing personal data, specifically calendar and contact information, from a Bluetooth-enabled device. |
| Bluejacking | It will connect to your Bluetooth device and send some messages to another Bluetooth device. |
| DDoS | To send millions of traffic to a single server to cause the system to down with certain security features disabled so that they can do their data stealing. |
| Virus Document | Viruses today can be spread through document files as well, especially PDF documents. |
| Mousetrapping | It will trap your web browser to a particular website only. If you try to type another website, it will automatically redirect you back. |
| SQL Injection | It is about infecting a website which is vulnerable to this attack. It will gain unauthorized access to the database and the attacker can retrieve all the valuable information stored in the database. |
| Botnet | A botnet is something which is installed by a BotMaster to take control of all the computer bots via the Botnet infection. The result of this threat is the victim’s computer, which is the bot, will be used for a large-scale attack like DDoS. |
| Crimeware | Crimeware is a form of Malware where it takes control of your computer to commit a computer crime. Instead of the hacker himself committing the crime, it plants a Trojan or whatever the Malware is called to order you to commit a crime instead. |
