CyberSecurity Research


The small-sized gadgets (IoT – Internet of Things) of the complex interconnected digital web have become intrusive in our personal lives, changing to a virtual lifestyle. Imagine that they are more than the world population. Computers, laptops, iPods, tablets, and IoT are vulnerable to malware like trojans, viruses, worms, and spyware. This further leads to espionage and sabotage by hackers, state-sponsored actors, non-state actors, and terrorists.

The new technological advancement and evolution of the Internet have significantly diminished our privacy and confidentiality in the cyber-space. The cybercriminals exploit the vulnerabilities and commit economic, financial, political, and personal cybercrimes. The threat to security leads to loss of confidentiality, integrity, and availability (CIA) and raises a concern about bringing a 100% secure cyber world.

Thus, there is an urgent need to safeguard confidential or official information and to make cyberspace risk-free. Awareness, knowledge, measures, guidance, and guidelines can help detect security breaches. A system must have a Firewall, IDPS (Intrusion Detection and Prevention System), UTM (Unified Threat Management), Antivirus, and antivirus measures – Configure the Operating System, File System, and Network to ensure Maximum Security.

  • Install patches or upgrades regularly.
  • Properly manage users with root or admin access and implement a strict password policy. The password strength is a function of length, complexity, and unpredictability. Use password creators to create and managers to manage them. Always keep the password secret and never leave password notes on the desk, keyboard, or mobile. Set substantial secret questions and answers. Furthermore, disable auto-login.
  • Setup Access Control Rights.
  • Separate partition for data.
  • Antivirus or Antispyware on individual servers or host machines checks all incoming traffic for viruses/worms/trojans or malicious code. Constantly update the Antivirus database of signatures to recognize new threats.
    Trusted Antivirus available for Free: Microsoft Security Essential
  • Firewall: Logically isolates internal from external network based on the system administrator’s configured explicit directions or rules. The administrator regularly monitors and analyzes firewall activities. The users, program, service, port, or protocol on LAN, wireless, remote access, or VPN receives or sends traffic based on these rules matching criteria. These rules allow or block the connection or allow it if secured through Internet Protocol security (IPSec).
  • IDPS & UTM: Passively monitors and analyzes traffic or events by listening to and examining the packets entering or exiting the network or system.
    IDPS detects and prevents attacks by looking for intrusion attempts based on signatures or patterns. It can lead to high positives; hence, it requires careful tuning of network conditions.
    UTM has advanced features like URL or keyword filtering.
  • Encryption Tools:- Login to the authentic sites via a secure connection. HTTP
    • TrueCrypt/Veraencrypt: Encrypt any information
    • BitLocker Drive Encryption: It uses an AES encryption algorithm with a 128-bit key to encrypt drives and is included with Windows 10, Server 2008, Server 2008 R2, Server 2012, Server 2012 R2 operating system.
  • Computer Name: It should not reveal company or individual identity.
  • Guard Wireless Connectivity: Use WPA2 or better encryption methods and Media Access Control (MAC) binding.
  • Conceal Personal information on Social Networking Sites to avoid misuse. Don’t accept the stranger’s friend request.
  • Social Engineering: Hackers gain information by impersonating (spoofing) or tricking techniques. After that, perform malicious activities like phishing, spear-phishing, and email hoaxes to threaten or steal financial or confidential information. Often, victims share their credentials, personal data, or sensitive information without being sceptical or cross-checking.
  • Information on Smartphones: A mobile contains everything like contacts, messages, passwords, banking, and personal data. Losing a mobile is like a nightmare. Don’t grant too many privileges to third-party apps. They often spy on you using enabled geo-location.

Security Threats

Risk Threats on Small Scale

  • Adware: Most public services or free hosting providers host advertisements containing adult or non-adult materials. Although it’s considered a low-risk threat, such pop-ups are annoying.
  • Hacking Bluetooth Connection: Using Bluetooth technology, hackers get unauthorized access to a specific mobile phone, laptop, or PDA (Personal Digital Assistant).
    Bluejacking    : Using Bluetooth technology, hackers connect to Bluetooth-enabled devices and send messages to another device. Although it does not damage the privacy or device system, the threat risk is calculated based on the content of the transmitted message.
    Bluesnarfing: Hackers get access to personal files like photos, contacts, and SMS.
  • Scareware
    • Fake Antivirus: A threat common to Mac users where a scary message tells them the computer is virus-infected and motivates them to purchase bogus Antivirus, which does nothing.
    • Fake Anti-malware: Scare the victim into purchasing a bogus anti-malware to remove the malware infection, it claims.
  • WORMS: Designed to spread within a network or even the Internet and use up computer hard disk space or most bandwidth.

High-risk threats, i.e. on a large scale

  • Backdoor: Hackers bypass all regular authentication services by exploiting a vulnerability. Once the backdoor gets installed, the hacker performs malicious activities, like installing malware infection, as it eases the transfer efforts of those threats.
  • Dropper: A program designed to install malware or a backdoor into a victim’s computer.
  • Exploit A software programmed to attack specific vulnerabilities.
  • BOTNET: The infected machine (through malware infection or drive-by downloads) called a bot or victim computer used for large-scale attacks like DDoS.
  • Viruses: A malicious self-replicating program aims to destroy a victim’s device.
    • Boot Sector Virus: Malicious code is placed at Master Boot Record (MBR) and executes during system bootup.
    • A virus document spreads mainly through document files. Thus, you are advised not to open .exe files when you feel it is suspicious.
  • Malware
    • Trojan Malware: This takes control of a web browsing session and is extremely dangerous when a victim does banking transactions. The Zeus and Spy Eye Trojan family threats can hide from antivirus detection and steal essential banking data.
    • Crimeware: After taking control of a victim’s computer, a hacker plants a trojan to commit cybercrime.
    • Spyware: Malware used to spy on a victim’s computer for information.
  • Phishing: A fake website designed to look almost similar to an actual website to trick the user into entering a username and password to the counterfeit login form, thus stealing the victim’s identity. The state sent out will go to an attacker-controlled server.
  • Malvertising uses an online advertisement to spread malware. It involves injecting malicious or malware-laden advertisements into legitimate online advertising networks or web pages.
  • WABBITS:
    • Form Bomb
    • DDoS (Distributed Denial of Service): Hackers send tons of traffic to a server or network, causing it to crash or get interrupted.
  • Pharming
    • DNS Poisoning: Compromised DNS redirects traffic to the attacker’s website.
    • Edited Host File: Redirects to another website even though Google.com is opened in a web browser.
  • Keylogger: A subfunction of a powerful trojan, which keeps a record of every keystroke made on the keyboard, and hackers use it to steal login credentials like username and password.
  • Mousetrapping: The web browser gets trapped to a particular website; even if you open another website, try clicking the forward/backward button, close the browser, and re-open it, it will automatically redirect you. The browser homepage is set to this website.
  • Obfuscated Spam: A spam email looks very genuine and is blurred, so it does not look like any spamming message to trick the potential victim into clicking.
  • Chain Letters: Threatens or exploits the victim emotionally to forward a message to contacts
  • Dialer: Uses the Internet modem to dial international numbers or send SMS to premium numbers.

CyberSecurity

IAR (Information Asset Register)

Registers information assets (electronic & physical) for an entity, including data assets (customer information, database admin, server admin), information processing and facilities, components such as software assets, human-resources assets, and other details such as physical location, license details, business value, etc.

IAR Necessity/Requirement
  • Review & Manage IAR Register Regularly: Most security-concerned businesses ask each department to maintain and review IAR at least once a year. Audit your information mentioned in Soft/Hard documents, computers, or any mobile device with their classification, owner, custodian, and location. The IAR information is required to avoid risks and recover from a disaster.
  • Asset Custodian: The asset owner organization assigns the responsibility with proper access control and ensures periodic access review following the set classification level and control policy.
  • Classification Level & Control Policy: Identify the confidential information based on criticality value and legal and protection requirements with technical and physical control. An organization must have a policy to classify information, procedures, and sources.

Risk Register