Threats in Networks

Objective
• Identify and understand the threats posed to
information security

• Identify and understand the more common

attacks associated with those threats
• Terminology
• Vulnerability: Weakness or fault that can lead to an
exposure

• Threat: Generic term for objects, people who pose

a potential danger to an asset (via attacks)

• Threat agent: Specific object, person who poses

such a danger (by carrying out an attack)
• DDoS attacks are a threat; if a hacker carries out a DDoS attack, he’s
a threat agent

•   Risk: Probability that “something bad” happens times expected

damage to the organization

• Unlike vulnerabilities/exploits; e.g., a web service running on a

server may have a vulnerability, but if it’s not connected to the
network, risk is 0.0
• Exposure: a successful attack
• Vector: how the attack was carried out, e.g., malicious email
attachment
• Threats ::
• Scam through Internet
• Hacking leading to loss of confidentiality and
identity theft.
• Exposing kids to various risks like online
Bullying, disclosure of personal information,
cyber-stalking, access to inappropriate
content, child abuse,etc.
• Major Social networking Risks are ::
• Spam
• Scams
• Phishing
• Clickjacking
• Malicious applications
• Phishing ::

This technique is generally carried out by sending

fake emails and redirecting to spoofed websites
and prompt the user to enter personal information,
which look and feel similar to original sites, but in-
fact they are not. This is also as example of social
engineering techniques used to mislead users.
 
Types of Phishing :

Website forgery :::

Website Forgery is a type of web based attack where the

phisher builds a website that is completely independent
or a replica of a legitimate website, with the goal of
deceiving a user by extracting information that could be
used to defraud or launch other attacks upon the victim.
• Tabnabbing -- Tabnabbing is a computer
exploit and phishing attack, which persuades
users to submit their login details and
passwords to popular websites by
impersonating those sites and convincing the
user that the site is genuine
• Malicious applications ::

Hackers sometimes install malicious software on

the public computers in Internet café to get
sensitive information from the users who are
visiting that particular Café.
• Clickjacking :
• Technique of tricking a Web user into clicking
on something different from what the user
perceives they are clicking on, thus potentially
revealing confidential information or taking
control of their computer 
• Criteria of cyber crime
• Assault by Threat: Threatening a person with
fear there lives or family through the use of
computer net work such as email, videos, or
phone
• Cyber Contraband. Transferring illegal item
through the internet (such as technology) that
are banned in some location
• Cyber Laundering : It is a electronic transfer of
illegally obtained money with the intention of
hiding its source and possible and destination.
• Cyber Stalking: It is express or implied physical
threat that create fear through the use of 
computer technology such as email, phones,
text massage, web camp, website etc.
• Cyber Theft: It means using a computer to steal .This includes activities
related to breaking and entering DNS cache poisoning, embezzlement
and unlawful appropriation, espionage, identity theft fraud, malicious 
hacking, plagiarism and piracy .
• Examples include,
• Advertising or soliciting prostitution through the internet. It is against
the law to access prostitution through the internet because the process
of accessing the Internet crosses state and sometimes national borders.
• Drug sales, both illegal and prescribed, through the internet are illegal
except as a customer through a state licensed pharmacy.
• Computer based fraud is different from theft because the victim
voluntarily gives the money or property to the criminals.
• Online Gambling: Gambling through the
internet is a violation of law because the
gambling service provider requires electronic
payment through the use of credit card, Debit
card, or other electronic fund transfer which is
illegal.
• Cyber Trespass: Here, someone accesses computer
network recourse without their authorization or
permission of the owner but does not alert disturb,
misuse, or damage the data or system. This is
hacking for the purpose of entering into electronic
network without permission. Example- Using a
wireless internet connection at a hotel in which
you are staying and accessing the hotel privet files
with out disturbing them . This is called snooping.
• Cyber Vandalism: Damaging or destroying
data rather than stealing misusing them is
called cyber vandalism .This can be included a
situation where network service are disturbed
or stopped. Delibarately putting malicious
code (viruses,Torjans) into a computer
network to monitor ,follow, disturbed stop
,perform any other without the permission of
the owner of the network.
• Link manipulation:
Most method of Phishing use some form of
technical deception designed to make a link in
an e-mail belonging to the spoofed organization
Misspelled URLs or the use of sub domain are
common trick used by phisher.
• Filter evasion:
• Attack strings that can be used to bypass a
filter and still pass malicious data to the target
application

• Exp: SQL Injection

• Website Forgery: Once a victim visits the
Phishing website deception is not over. Some
Phishing scam use java scripts commands in
order to alter the address bar. This is done
either by placing a picture of a legitimate URL
over the address bar, or by closing the original
address bar and opening a new one with the
legitimate URL.
• Phone Phishing: Not all Phishing attacks
require a fake website. Message that claimed
to be from a bank old user to dial a phone
number regarding problem with their
bank account. Once the phone number was
dialed, prompts told user to enter their
account number and PIN.
• Identity theft : Someone impersonating by
using your personal information
• Methods are,
 Shoulder surfing
 Snagging
 Dumpster driving
 Social engineering
 Hitech-methods – Trojan horse etc.
 Online Spying tools
 Cookies
 Web bugs
 Spyware
 Spam
 Hardware Threats
 Power-related Threats
 Theft and vandalism
 Natural disasters
 Threats to data
 Malware – viruses, worms, Trojan horses etc
 Cybercrime
 Hacking – By Sniffing, Social engineering,
Spoofing
 Social engineering – phishing
 Spoofing – IP spoofing
 Cyberterrorism