Information Technology and Ethics/Cyber-Crimes

Types of CybercrimeEdit

Crime has evolved with the advancements of the internet and social media. The parallel between technology and the types of crimes that are committed is astonishing. As technology became more readily available to the masses, the types of crimes committed shifted over time. Over time, a clear distinction has been formed based on the involvement of cybertechnology in crime. Crimes that would not exist or be possible without the existence of cybertechnology are true Cybercrimes. To be most accurate, these crimes can be classified as cyberspecific crimes. Crimes that can be committed that do not necessarily need cybertechnology to be possible, but are made easier by its existence, are known as cyber-related crimes. Of Cyber-related crimes, there are two distinct categories that can be identified. The first are Cyber-assisted crimes. These are crimes in which cybertechnology is simply used to aid a crime, such as committing tax fraud or being assaulted with a computer. The other category is known as Cyberexacerbated crimes, which are crimes that have increased significantly due to cybertechnology. [1]

Cyber-assisted CrimesEdit

Cyber-assisted crimes are the most basic crimes that can be committed with the use of cybertechnology. Put simply, these are essentially normal crimes that have occurred throughout time on a regular basis. The only difference is that cybertechnology has played some small part in the crime. Property damage, for example, is one kind of cyber-assisted crime. If someone destroys your computer or cell-phone, it constitutes as property damage but can also be classified as a cyber-assisted crime. Similarly, if you are assaulted with a phone, printer, computer or other device, the attack constitutes as assault but can also be classified as a Cyber-assisted crime.

The most common type of cyber-assisted crime that you will see is fraud. Fraud typically is a crime that does not require much thought to actually commit. As a crime, it has always been relatively easy to commit. With the use of cybertechnology, it only becomes much easier to actually carry out from start to finish.

Cyberexacerbated CrimesEdit

Cyberexacerbated crimes are a type of cyber-related crime, but they are much worse than cyber-assisted crimes. These crimes have increased significantly due to cybertechnology. Most crimes have evolved to maintain their own categories due to the shear volume of crimes and their slight uniqueness due to their ease with the use of cybertechnology.

Cyberbullying is defined as the “intentional and repeated harm inflicted on people through the use of computers, cellular telephones, and other electronic devices.” [2] Previously something that happened offline only, cyberbullying is a huge crime that leads to victims suffering from low self-esteem, depression, and sometimes even driving them to commit suicide. With the use of the internet, it is possible for people to receive thousands of hateful comments from individuals at a single time.

Cyberstalking is exactly what one would think, except occuring in a digital space. Cybertechnology allows for criminals to keep tabs on people, watching all of their online activity and making it very uncomfortable for victims to even want to utilize things such as their own personal social media. Perhaps the most disconcerting thing is that the perpetrator can always be online.

Internet pedophilia and pornography are some of the more disturbing cyberexacerbated crimes. Due to the ability for communities of like minded individuals to be easily formed online, pedophiles are able to form online communities and facilitate the creation and dissemination of child pornography.

Cyberspecific CrimesEdit

Cyberspecific crimes don’t exist without the internet as we know it. Because of that, these are the most unique cybercrimes and could be considered as the only “true” cybercrimes. Cybertrespassing is one of these crimes. At its core, cybertrespassing takes its roots from actual trespassing. Essentially, perpetrators gain access to stores of information that they otherwise should not have access to because of the lack of permissions. The reason why this is so dangerous is because it opens the door for cybertrespassing to easily become a data breach if information is taken.

Cybervandalism is another form cyberspecific crime. Taking its roots from actual vandalism, cybervandalism began harmlessly with the defacing of websites on the internet. While annoying, it didn’t necessarily present any damage. It wasn’t until cyberattacks with the intent of harming computers were created that cybervandalism became a huge issue.

Types of Cyber AttacksEdit

Viruses are pieces of computer programming code that causes a computer to behave in an undesirable way. Viruses can be attached to files or stored in the computer’s memory. Viruses may be programmed to different things such when they are downloaded or activated by a specific action for example viruses attached to file will infect that computer and any file created or modified on that machine. Viruses may also have programmed to display a message when certain activities are performed to execute the virus. Worms like viruses bury themselves in the memory of a machine and then duplicates itself with help from any help. It can send itself through emails and other connections. Phishing is when hackers try to obtain financial or other confidential information from Internet users, typically by sending an e-mail that looks as if it is from a legitimate organization, usually a financial institution, but contains a link to a fake Web site that replicates the real one. These con - artists urge the recipient of such emails to take action for rewards or avoid consequences. Hackers may use a backdoor within a computer system that is vulnerable, this allows them to remain undetected while they access important information. Key-logger programs allow attackers to view information that has been logged into a particular machine undetected. Botnets are a collection of computers that could be spread around the world they are connected to the internet, they are controlled by one single computer.



Malware is a term denoted for malicious software that spreads from computers and interferes with computer operations. Malware may be destructive, for example, deleting files or causing system ‘crashes’, but may also be used to steal personal data.

Forms of malwareEdit

  • Viruses: are a standout amongst the most surely understood sorts of malware. A computer virus is like a flu virus designed to spread from host to host by replicating itself. [1]They require a host, (for example, a document, file or spreadsheet) in a computer to go about as a 'carrier', yet they can't contaminate a computer without human activity to run or open the tainted record. In more technical term, a computer virus is a malicious code programmed to alter the way the computer operates and designed to spread form one system to another. A virus operates by inserting or attaching itself to a legitimate program or document that supports macros in orders to execute the code. In this process, virus can cause damaging effects and cripple the host entirely after it made copies of itself.

Once a virus has successfully attached to a program, file, or document, the virus will lie dormant until circumstances cause the computer or device to execute its code. For a virus to infect your computer, you have to run the infected program, which in turn causes the virus code to be executed. This means that a virus can remain dormant on your computer, without showing major signs or symptoms. However, once the virus infects your computer, the virus can infect other computers on the same network. Stealing passwords or data, logging keystrokes, corrupting files, spamming your email contacts, and even taking over your machine are just some of the devastating and irritating things a virus can do.

  • Worms: are likewise self-replicating programs, yet they can spread independently, inside and between computers, without requiring a host or any human activity. The effect of worms can hence be more extreme than viruses, creating destruction crosswise over entire networks. Worms can likewise be utilized to drop trojans onto the network framework. A computer worm infection spreads without user interaction. All that is necessary is for the computer worm to become active on an infected system. Before the widespread use of networks, computer worms were spread through infected storage media, such as floppy diskettes, which, when mounted on a system, would infect other storage devices connected to the victim system. USB drives are still a common vector for computer worms.[3] Computer worms often rely on the actions of, and vulnerabilities in, networking protocols to propagate. For example, the WannaCry ransomware worm exploited a vulnerability in the first version of the Server Message Block (SMBv1) resource sharing protocol implemented in the Windows operating system. Once active on a newly infected computer, the WannaCry malware initiates a network search for new potential victims: systems that respond to SMBv1 requests made by the worm. The worm can continue to propagate within an organization in this way. When a bring your own device is infected, the worm can spread to other networks.
  • Difference between Worms and Viruses: As defined in the "Security of the Internet" report, released in 1996 by the CERT Division of the Software Engineering Institute at Carnegie Mellon University, Computer Worms "are self-replicating programs that spread with no human intervention after they are started." In contrast, "Viruses are also self-replicating programs, but usually, require some action on the part of the user to spread inadvertently to other programs or systems." After a computer worm loads and begins running on a newly infected system, it will typically follow its prime directive: to remain active on an infected system for as long as possible and to spread to as many other vulnerable systems as possible
  • Trojans: are a type of malware that gives off an impression of being genuine projects yet encourage illicit access to a computer. They can perform capacities, for example, taking information, without the client's learning and may trap clients by undertaking a normal errand while really undertaking covered up, unapproved activities. Unlike a computer virus, a Trojan horse is not able to replicate itself, nor can it propagate without an end user's assistance. This is why attackers must use social engineering tactics to trick the end user into executing the Trojan. Typically, the malware programming is hidden in an innocent-looking email attachment or free download. When the user clicks on the email attachment or downloads the free program, the malware that is hidden inside is transferred to the user's computing device. Once inside, the malicious code can execute whatever task the attacker designed it to carry out.

The term Trojan horse stems from Greek mythology. According to legend, the Greeks built a large wooden horse that the people of Troy pulled into the city. During the night, soldiers who had been hiding inside the horse emerged, opened the city's gates to let their fellow soldiers in and overran the city. Here is one example of how a Trojan horse might be used to infect a personal computer, the victim receives an official-looking email with an attachment. The attachment contains malicious code that is executed as soon as the victim clicks on the attachment. Because nothing bad happens and the computer continues to work as expected, the victim does not suspect that the attachment is a Trojan horse and his computing device is now infected. The malicious code resides undetected until a specific date or until the victim carries out a specific action, such as visiting a banking website. At that time, the trigger activates the malicious code and carries out its intended action. Depending upon how the Trojan has been created, it may delete itself after it has carried out its intended function, it may return to a dormant state or it may continue to be active.

Some of the notable trojan

  1. Netbus – 1998 (published)
  2. Sub7 by Mobman – 1999 (published)
  3. Back Orifice – 1998 (published)
  4. Y3K Remote Administration Tool by E&K Tselentis – 2000 (published)
  5. Beast – 2002 (published)
  6. Bifrost Trojan – 2004 (published)
  7. DarkComet – 2008 (published)
  8. Blackhole exploit kit – 2012 (published)
  9. Gh0st RAT – 2009 (published)
  10. MegaPanzer BundesTrojaner – 2009 (published)
  • Spyware: is programming that attacks clients' security by get-together touchy or individual data from tainted frameworks and observing the sites went by. This data may then be transmitted to outsiders. Spyware can now and again be covered up inside adware (free and here and there undesirable programming that obliges you to watch commercials keeping in mind the end goal to utilize it). One case of spyware is key-logging programming, which catches, and advances keystrokes made on a computer, empowering gathering of touchy information, for example, passwords or ledger points of interest. Another sort of spyware catches screenshots of the casualty's computer. Spyware is thought to be a standout amongst the most perilous types of malware as its goal is simply to attack protection.
  • Adware (short for advertising-supported software): is a type of malware that automatically delivers advertisements. Common examples of adware include pop-up ads on websites and advertisements that are displayed by software. Often times software and applications offer “free” versions that come bundled with adware. Most adware is sponsored or authored by advertisers and serves as a revenue generating tool. While some adware is solely designed to deliver advertisements, it is not uncommon for adware to come bundled with spyware (see below) that is capable of tracking user activity and stealing information. Due to the added capabilities of spyware, adware/spyware bundles are significantly more dangerous than adware on its own.
  • Rootkit: is a type of malicious software designed to remotely access or control a computer without being detected by users or security programs. Once a rootkit has been installed it is possible for the malicious party behind the rootkit to remotely execute files, access/steal information, modify system configurations, alter software (especially any security software that could detect the rootkit), install concealed malware, or control the computer as part of a botnet. Rootkit prevention, detection, and removal can be difficult due to their stealthy operation. Because a rootkit continually hides its presence, typical security products are not effective in detecting and removing rootkits. As a result, rootkit detection relies on manual methods such as monitoring computer behavior for irregular activity, signature scanning, and storage dump analysis. Organizations and users can protect themselves from rootkits by regularly patching vulnerabilities in software, applications, and operating systems, updating virus definitions, avoiding suspicious downloads, and performing static analysis scans.


Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. There are various forms of phishing attacks on channels such as emails, social software, websites, portable storage devices and cell phones. There are several different ways of trying to drive users to a fake website:

Types of Phishing attacksEdit

  • Spam e-mail, a spoof email which will distract customers to look similar to a bank email, or from any financial institution.
  • Hostile profiling, a targeted version of the above method: the cyber criminal exploits web sites that use e-mail addresses for user registration or secret key reminders and directs the phishing trick at specific users (requesting that they affirm passwords, etc.). Introduce a Trojan that edits the hosts file, so that when the casualty tries to browse to their bank‟s web site, they are re-directed to the fake site.
  • ‘Spear phishing’, an attack on a specific organization in which the phisher simply asks for one employee‟s details and uses them to gain wider access to the rest of the network.[4]
  • 'Whale Fishing' is a type of spear phishing where the target of the attack is someone with a high profile within a company or organization. These individuals are usually the CEO, CFO, COO, etc, because they will have sensitive information that once stolen, will be used for a malicious reason such as ransom.[5]
  • Traditional type of phishing attack is Not all phishing attacks work in the manner just described.
  • The “rock-phish" gang3 has adapted its attack strategy to evade detection and maximize phishing site accessibility. It has separated out the elements of the attack while including redundancy in the face of take-down requests. The pack first purchases a number of area names with short, generally meaningless, names, for example, The email spam then contains a long URL, for example, where the main part of the URL is intended to make the site appear genuine and a mechanism, for example, `wildcard DNS‟ can be used to resolve every single such variation to a specific IP address. It then maps each of the space names to a dynamic pool of compromised machines as per a pack controlled name server. Each compromised machine runs an intermediary system that relays requests to a backend server system. This server is loaded with a large number (up to 20 at a time) of fake bank websites, all of which are available from any of the stone phish machines. However, which bank site is reached depends solely upon the URLpath, after the main „/‟. (Because the group uses proxies, the real servers – that hold all the web pages and collate the stolen data – can be located anywhere.)

Password AttacksEdit

Password attacks are as they sound an external entity trying to gain access to any particular systems by cracking or guessing the user’s password. These attacks are very prominent in the current world scenario since, weak and easily known terms can be guessed as well as methods such as brute force can be carried out as raw processing power is readily available from high power computers available in the market. This type of attack works without any type of malicious software or code to run on the user’s system. These attacks are run on the hacker’s computers which use softwares and methodologies to crack the end user’s password thus gaining access into their secure accounts.

Types of Password AttacksEdit

  • Guessing

Even though there may be numerous ways and means which may be used to crack passwords and get through the loopholes that may exist in the system, the easiest and most non-technical but still the most effective way proven to get through any access control mechanism is to guess the most commonly used passwords. For many users passwords are more of a pain to remember rather than a security concern. Hence, most of such users use easy to remember passwords such as their birthdate, wife’s/husband’s name, pet’s name, same as the username or even the term ‘password’. All of such mentioned or related entries are easy prey to the password guessing technique. Another point to be noted in this approach is that, this technique will only work when the hacker is aware about certain things of its target or the target is very well known. This gives him/her the leverage to hack into the target’s account with some commonly tried guesses. Another thing to be kept in mind is that, when the hacker gets through a single account, there are many a times high chances that the affected person has kept the same login credentials for multiple accounts for which the hacker may also get access to.

  • Dictionary Attacks

Dictionary attacks are based on the assumption that most of the passwords that are used in accounts are a permutation and combination of a given set of numbers like birthdates, etc. and details like addresses, first and last names, pet’s name, child’s name, etc. So how a Dictionary attack works is by choosing the word from the given dictionary of characters and numbers and having a code manipulate them into various combinations which are then tried to gain access to the corresponding account.[6] Here the problem lies in the fact that a dictionary attack unlike other password attacks only has a given set of dictionary from which it can pick out values and arrange/rearrange them in multiple ways to crack the password. The good thing is that even if one character in the entire password lies outside the dictionary, this attack is bound to fail. But, since the dictionary of words is limited the attack takes place at a rapid rate.

  • Brute Force Attacks

Brute Force attacks are the least preferred type of password attacks for a simple reason that they are very inefficient. A brute force attack basically checks all of the permutations and combinations from the very beginning. Thus, these type of attacks require a lot of time as well as a lot of processing power. Plus, most of the mechanisms that exist in the current times are smart enough to actually alert the user if a brute force attack is in progress as it will have to check all of the wrong choices before reaching to the desired value. These attacks are still much considerate when the length of the password is less than or equal to 4 characters. But, things start going out of hand when the maximum length of the password increases. To put things into perspective, assuming only alphabetical characters, all in capitals or all in lower-case, it would take 267 (8,031,810,176) guesses.[7] Also, in these cases there are many assumptions of whether the length of the password is known. Also, other constraints that may cause alteration of result and increase of complexity would be if there are numerical values allowed, are there lower and upper cases involved, are there special characters involved, etc. On the brighter side of things, the way how a brute force attacks works it is assured that it will find the password at the end of the attack, though the timeline it will get to it is very vague indeed.

Denial-of-Service(DOS) AttacksEdit

A Denial-of-Service(DoS) attack inhibits the authorized users from accessing the system mostly by flooding the existing system with huge amounts of gibberish data/requests resulting into a blockage in the system. This attack basically overloads the system with an overwhelming quantity of data packets which is not anticipated by the server which results into a slowdown or a block.[8] This may result into a slow internet connection which may hamper the authorized user to access critical data like emails or files over FTP, etc. This may cause huge losses in both time and money. Such attacks are rarely used to hack systems from the authorized users but there have been cases where such DoS attacks were deployed to lock down the network and gain access to the vulnerable firewalls. These attacks are not easy to identify as they may be easily be confused with slower internet connection, etc. and may persist in an environment for as long as months.

Along with the regular DoS attacks, there is a different type of DoS attack called as a Distributed Denial-of-Service(DDoS). This attack is very similar to a regular DoS attack in the sense that even they act as a slowdown by throwing overwhelming amount of data packets at the target.[8] But, the basic distinguish is that DDoS are much more efficient and dangerous since they operate from an entire affected network rather than from a single affected user. Hence, the DDoS is very difficult to dodge for any system since there is data coming in from multiple sources at the same time. Unlike other kinds of cyberattacks, DDoS assaults don't attempt to breach your security perimeter. Rather, they aim to make your website and servers unavailable to legitimate users. DDoS can also be used as a smokescreen for other malicious activities and to take down security appliances, breaching the target’s security perimeter. DDoS assaults often last for days, weeks and even months at a time, making them extremely destructive to any online organization. Amongst other things, DDoS attacks can lead to loss of revenues, erode consumer trust, force businesses to spend fortunes in compensations and cause long-term reputation damage. The differences between DoS and DDoS are substantive and worth noting. In a DoS attack, a perpetrator uses a single Internet connection to either exploit a software vulnerability or flood a target with fake requests—usually to exhaust server resources (e.g., RAM and CPU).

On the other hand, distributed denial of service (DDoS) attacks are launched from multiple connected devices that are distributed across the Internet. These multi-person, multi-device barrages are generally harder to deflect, mostly due to the sheer volume of devices involved. Unlike single-source DoS attacks, DDoS assaults tend to target the network infrastructure in an attempt to saturate it with huge volumes of traffic. DDoS attacks also differ in the manner of their execution. Broadly speaking, DoS attacks are launched using home-brewed scripts or DoS tools (e.g., Low Orbit Ion Canon), while DDoS attacks are launched from botnets — large clusters of connected devices (e.g., cell phones, PCs or routers) infected with malware that allows remote control by an attacker.

DoS attacks can be divided into two general categories:

1. Application layer attacks (a.k.a., layer 7 attacks) can be either DoS or DDoS threats that seek to overload a server by sending a large number of requests requiring resource-intensive handling and processing. Among other attack vectors, this category includes HTTP floods, slow attacks (e.g., Slowloris or RUDY) and DNS query flood attacks. Gaming website hit with a massive DNS flood, peaking at over 25 million packets per second The size of application layer attacks is typically measured in requests per second (RPS), with no more than 50 to 100 RPS being required to cripple most mid-sized websites.

2. Network layer attacks (a.k.a., layer 3–4 attacks) are almost always DDoS assaults set up to clog the “pipelines” connecting your network. Attack vectors in this category include UDP flood, SYN flood, NTP amplification and amplification attacks, and more. Any of these can be used to prevent access to your servers, while also causing severe operational damages, such as account suspension and massive overage charges. DDoS attacks are almost always high-traffic events, commonly measured in gigabits per second (Gbps) or packets per second (PPS). The largest network layer assaults can exceed 200 Gbps; however, 20 to 40 Gbps are enough to completely shut down most network infrastructures.

Man in the Middle (MITM)Edit

A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway. The goal of an attack is to steal personal information, such as login credentials, account details and credit card numbers. Targets are typically the users of financial applications, SaaS businesses, e-commerce sites and other websites where logging in is required. Information obtained during an attack could be used for many purposes, including identity theft, unapproved fund transfers or an illicit password change. Additionally, it can be used to gain a foothold inside a secured perimeter during the infiltration stage of an advanced persistent attack (APT) assault. Broadly speaking, a MITM attack is an equivalent of a mailman opening your bank statement, writing down your account details and then resealing the envelope and delivering it to your door.

A Standard Man in the Middle Attack

Man in the Middle Attack ProgressionEdit

Successful MITM execution has two distinct phases: interception and decryption.


The first step intercepts user traffic through the attacker’s network before it reaches its intended destination. The most common (and simplest) way of doing this is a passive attack in which an attacker makes free, malicious WiFi hotspots available to the public. Typically named in a way that corresponds to their location, they aren’t password protected. Once a victim connects to such a hotspot, the attacker gains full visibility to any online data exchange. Attackers wishing to take a more active approach to interception may launch one of the following attacks:

  • IP spoofing involves an attacker disguising himself as an application by altering packet headers in an IP address. As a result, users attempting to access a URL connected to the application are sent to the attacker’s website.
  • ARP spoofing is the process of linking an attacker’s MAC address with the IP address of a legitimate user on a local area network using fake ARP messages. As a result, data sent by the user to the host IP address is instead transmitted to the attacker.
  • DNS spoofing, also known as DNS cache poisoning, involves infiltrating a DNS server and altering a website’s address record. As a result, users attempting to access the site are sent by the altered DNS record to the attacker’s site.
  • Eavesdropping attacks are when an attacker intercepts a victim’s network traffic as their sensitive data travels from the victim’s device to their intended destination. This is usually done through software that monitors the network traffic of the victim while they are connected to a weakly encrypted or unencrypted network like a public WI-FI hotspot.[9]

After the interception, any two-way SSL traffic needs to be decrypted without alerting the user or application. A number of methods exist to achieve this:

HTTPS spoofing sends a phony certificate to the victim’s browser once the initial connection request to a secure site is made. It holds a digital thumbprint associated with the compromised application, which the browser verifies according to an existing list of trusted sites. The attacker is then able to access any data entered by the victim before it’s passed to the application.

  • SSL BEAST (browser exploit against SSL/TLS) targets a TLS version 1.0 vulnerability in SSL. Here, the victim’s computer is infected with malicious JavaScript that intercepts encrypted cookies sent by a web application. Then the app’s cipher block chaining (CBC) is compromised so as to decrypt its cookies and authentication tokens.
  • SSL hijacking occurs when an attacker passes forged authentication keys to both the user and application during a TCP handshake. This sets up what appears to be a secure connection when, in fact, the man in the middle controls the entire session.
  • SSL stripping downgrades a HTTPS connection to HTTP by intercepting the TLS authentication sent from the application to the user. The attacker sends an unencrypted version of the application's site to the user while maintaining the secured session with the application. Meanwhile, the user’s entire session is visible to the attacker.

Man in the Middle Attack PreventionEdit

Blocking MITM attacks requires several practical steps on the part of users, as well as a combination of encryption and verification methods for applications.

For users, this means:

  • Avoiding WiFi connections that aren’t password protected.
  • Paying attention to browser notifications reporting a website as being unsecured.
  • Immediately logging out of a secure application when it’s not in use.
  • Not using public networks (e.g., coffee shops, hotels) when conducting sensitive transactions.

For website operators, secure communication protocols, including TLS and HTTPS, help mitigate spoofing attacks by robustly encrypting and authenticating transmitted data. Doing so prevents the interception of site traffic and blocks the decryption of sensitive data, such as authentication tokens. It is considered best practice for applications to use SSL/TLS to secure every page of their site and not just the pages that require users to log in. Doing so helps decreases the chance of an attacker stealing session cookies from a user browsing on an unsecured section of a website while logged in.'


Ransomware is a type of malicious software from crypto virology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called crypto viral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. The earliest variants of ransomware were developed in the late 1980s, and payment was to be sent via snail mail. Today, ransomware authors order that payment be sent via cryptocurrency or credit card.

There are several different ways that ransomware can infect your computer. One of the most common methods today is through malicious spam, or malspam, which is unsolicited email that is used to deliver malware. The email might include booby-trapped attachments, such as PDFs or Word documents. It might also contain links to malicious websites.

Malspam uses social engineering in order to trick people into opening attachments or clicking on links by appearing as legitimate—whether that’s by seeming to be from a trusted institution or a friend. Cybercriminals use social engineering in other types of ransomware attacks, such as posing as the FBI in order to scare users into paying them a sum of money to unlock their files.

Another popular infection method, which reached its peak in 2016, is Malvertising. Malvertising, or malicious advertising, is the use of online advertising to distribute malware with little to no user interaction required. While browsing the web, even legitimate sites, users can be directed to criminal servers without ever clicking on an ad. These servers catalog details about victim computers and their locations, and then select the malware best suited to deliver. Often, that malware is ransomware.

Types of ransomwareEdit

There are three main types of ransomware, ranging in severity from mildly off-putting to Cuban Missile Crisis dangerous. They are as follows:


Scareware, as it turns out, is not that scary. It includes rogue security software and tech support scams. You might receive a pop-up message claiming that malware was discovered and the only way to get rid of it is to pay up. If you do nothing, you’ll likely continue to be bombarded with pop-ups, but your files are essentially safe.

A legitimate cybersecurity software program would not solicit customers in this way. If you don’t already have this company’s software on your computer, then they would not be monitoring you for ransomware infection. If you do have security software, you wouldn’t need to pay to have the infection removed—you’ve already paid for the software to do that very job.

Screen lockers

Upgrade to terror alert orange for these guys. When lock-screen ransomware gets on your computer, it means you’re frozen out of your PC entirely. Upon starting up your computer, a full-size window will appear, often accompanied by an official-looking FBI or US Department of Justice seal saying illegal activity has been detected on your computer and you must pay a fine. However, the FBI would not freeze you out of your computer or demand payment for illegal activity. If they suspected you of piracy, child pornography, or other cybercrimes, they would go through the appropriate legal channels.

Encrypting ransomware

This is the truly nasty stuff. These are the guys who snatch up your files and encrypt them, demanding payment in order to decrypt and redeliver. The reason why this type of ransomware is so dangerous is because once cybercriminals get ahold of your files, no security software or system restore can return them to you. Unless you pay the ransom—for the most part, they’re gone. And even if you do pay up, there’s no guarantee the cybercriminals will give you those files back.

Notable Example of Ransomware:

  1. Reveton
  2. CryptoLocker
  3. Cryptowall
  4. Fusob
  5. WannaCry
  6. Petya
  7. Bad Rabbit

Drive-by DownloadsEdit

The term drive-by download gives us all the insights as to how a malware can infect the whole system when a user simply clicks on a website that runs the malicious code. There are various stages as to how this malware infects the system. The first stage is called the entry point as explained above. The second stage is called the distribution where some of the most trusted sites are compromised to redirect to the sites controlled by the hackers. The third stage is called the exploit stage where the browser succumbs to the exploit kit which lets the hackers know about the security vulnerability that it can easily attack.[10] The following stage is the infection stage where the hacker is well aware of the vulnerability point and it downloads the payload package which installs itself into the computer. The final stage is the execution of the downloaded program which is designed to make money for the masters.[10]

Website Application AttacksEdit

Web Attacks - Better known as Web application attacks in which an attacker exploits the vulnerabilities of a website’s code to steal personal or sensitive information from the website’s own databases through various methods. [11]

SQL Injection Attacks

SQL or Structured Query Language is used in programming to allow the user to create, manipulate, and delete databases. Attackers usually take try to take advantage of a website that has a data input field, web form, or even a search bar. Normal users would generally input data like their name, phone, or identification number while on the other hand, an attacker uses the the same input field and try to gain access to the website’s database by entering SQL prompts or queries. If the input field is not tested properly, this allows an attacker to execute specific SQL commands that can retrieve, change, or delete any information within the compromised database.[12]

Cross-Site Scripting Attacks

Cross-Site Scripting (XSS) - Cross-Site Scripting is another web attack in which a potential attacker exploits the vulnerabilities of the website or web application. While SQL Injection is an attack that targets the website’s database, an XSS attack targets the users who visits these websites directly. Attackers achieve this by embedding malicious code or scripts on the website where a user will most likely interact with with; the most common choice would be an input field. Once compromised, an attacker will have control over the victim’s browser. With it they can view the browser history, cookies could be stolen, impart trojans, remote control the victim’s computer, etc.[13]


We live in an era, where cyber security is a momentous issue. Cybercrimes are becoming the new normal what makes you think that you will be spared by cyber criminals? we have suggested some steps to remember for the rest of your life to safe guard yourself from very common cyber-attacks. so, let’s get back to the original question?

How to protect yourself from cyber-attacks? or how to protect yourself online?

1. Instead of ‘Passwords’, Use ‘Passphrases’ for Different websites

Use different user ID/password combinations for different accounts and avoid writing them down. you can create more complicated passwords by combining letters, numbers, special characters (minimum 8 characters in total) and change them on a regular basis.

Using pass-phrases is a wonderful idea, sentences such as ILoveFacebookSoMuch are very hard to crack!

You probably don’t want to remember too many passwords for too many websites. You can create your own format for passwords. for example: yourname(xx)@websitename, where xx is any 2 digits random number

2. Secure your computer/laptop physically and by:

Activating your firewall

A Firewall works exactly as the name suggests. it monitors all the incoming and outgoing traffic towards your computer. If your antivirus doesn’t include a firewall, make sure you have windows firewall ‘Activated’.

3. Never upload your personal data ‘unencrypted’ to dropbox, google drive or any online file sharing services.

It takes not more than 5 minutes to encrypt a zip file or any single file such as a photo, video or a document with AES-256-bit encryption. But it saves you from getting your personal data leaked. And you can relax even if these big companies face a data breach. If using windows, use bit locker to encrypt hard disk drives with important data!

you may use this software to encrypt your files:

4. Crosscheck your Social-Media security settings

Make sure your social networking profiles (e.g. Facebook, Twitter, YouTube, google+ etc.) are set to private. Check your security settings. never post sensitive information about you online. Once it is on the Internet, it is there forever commenting on various website may show up after 2 years in google search result of your name try a google search for your name with double quotes. for example:

5. Do not procrastinate update installations (even the “installing 127 of 1204” ones)

Keep your applications and operating system (e.g. Windows, Mac, Linux) updated with the latest security updates. These updates are not just limited to adding new features to your system, but it comes with security patches for vulnerabilities in your operating system. keep common software’s /plugins such as flash player, Microsoft Office ‘up to date’ as they are widely used, hackers are always finding ways to exploit their vulnerabilities.

6. Wi-Fi-The most vulnerable network Ever!!

Always secure your Wi-Fi with secure password, WPA2 encryption, etc. Do NOT use public Wifi for transactions, if not properly configured, every wifi is vulnerable.

Review and modify default settings and passwords. Never use public wifi, if you have some personal /secret information in your personal/office laptop, they are vulnerable. Avoid conducting financial or corporate transactions on these networks.

7. Encrypt your data (Important)

Use encryption for your most sensitive files such as tax returns or financial records, make regular back-ups of all your important data, and store it in another location. Do not leave your credit card around that tempts children to use them.

[wpdevart_like_box profile_id=”792637984138412″ connections=” show” width=”300″ height=”150″ header=” small” cover_photo=”show” locale=”en_US”]

8. Secure your Mobile Devices Physically and Digitally.

Be aware that your mobile device is vulnerable to viruses and hackers. Take care of the security even though you download apps ONLY from ‘Google Play store’. Worst case scenario is getting your phone camera hacked and the hackers may steal the photographs which THEY took from your mobile.

9. Protect your e-identity, look for https://

Be cautious when giving out personal information such as your name, number, address or financial information on the Internet. Make sure that websites are secure and using https. The address will be look like this.

https is essential for websites which involve financial transactions. it means the data you send and receive is encrypted.

make sure that you’ve enabled privacy settings (e.g. when accessing/using social networking sites).

10. Do NOT store your card details on websites

If a website insists for storing your credit card information, so that your transactions can be processed faster next time, back off! you will never want to find your credit card information if that website’s database is dumped on pastebin or ghostbin like websites. try searching for last 6 or 8 digits of your credit cards numbers in google with double quotes to make sure that your credit card info is not available on the internet.(it may be available in deepweb).

11. Got hacked??Call the right person/ lawyer / LEA for help

Don’t panic! If you are a victim, if you come to know about any illegal Internet content (e.g. child exploitation) or if you suspect a computer crime, identity theft or a financial scam, report that to respected law enforcement agency. If you have any problems with your personal computer, ask for help only to a trusted person or a certified technician.

12. Never Trust E-mails

Do not trust emails which offers prize money through lotteries of which you are not a participant. Similarly, don’t pay for the job works which you are not in correspondence through official channels. Don’t give your credit card number(s) and CVV numbers online unless the site is a secured and reputable site. Sometimes a tiny icon of a padlock appears to symbolize a higher level of security but it may be just an image. This icon is not a guarantee of a secure site, but might provide you some assurance.

13. Do not share a code received accidentally via 2 step verifications!

Enable 2 step verification. In addition to entering your password, you are also asked to enter a verification code sent via SMS to your phone (if logged in from an unusual device). So a hacker might crack your password, stealing your password may be an easy task for some hackers, but hacking into your android and read the OTP /security code sent via SMS can be a tough job. Hackers might try to get that code from you using social engineering. But don’t forward that code to anyone.

14. Ignore pop-ups, drive-by downloads while Surfing

Pop-ups are another challenge to cyber security, they can contain malicious software which can trick a user into verifying something. If you download software setup file which can’t have a 1.2 MB size. Then you should check for the file name and source of it. This is known as a drive-by download. Always ignore pop-ups offering things like site surveys on e-commerce sites, as they are sometimes where the malicious code is.

15. Review your credit card statements

Even after taking care of these, make sure you are not already being hacked! look for your credit card /bank statements. Don’t ignore even if a small amount is deducted suspiciously, report may be part of a salami which small fraction of money is stolen from millions of people.

Share these tips, and comment here to add some extras! we are looking forward to add new tips to this article.

Types of Cyber CriminalsEdit

Script kiddiesEdit

These kinds of hackers can be anyone who is encouraged by the urge of immaturity to become a wannabe hacker. They have less technical knowledge and urge to run the scripts which have been pre-compiled so that there will be disturbances in the software. [14]They lack the technical expertise to even understand what the software was meant to work for which lets them hack the systems which are very weakly secured.


These are the daily scamming emails that we come across. Whenever we have to login into our email inbox we receive probably more emails from the scammers which offer different proposals for discounted trips or medicines, timeshares or personal ads.


They are not direct criminals but commit the crime of wasting one's time. Spammers flood the email inbox with ads and everything gibberish possible. They are not dangerous in any particular way but they are always considered to be annoying and time-consuming. [14]Spammers are even responsible for bringing in a real financial cost by bringing in the necessity to install expensive and unstable anti-spam technologies.

Hacker activist groupsEdit

They are often called as the 'Hacktivists'. They can be considered as petty criminals who always are on the try to prove their destructive behavior wherein they steal confidential information and release it publicly. They generally work anonymously and are responsible for creating tools that makes the hacking easier.[14]


The most prominent example of such activities are when we receive notification about our account expiring and where we have to update our information. This is not really the case. It's all the activities of the phisher to extract personal information or the identity. There has been survey about this which says that there are around 20,000 to 30,000 phishing websites found every month.

Political/Religious/Commercial groupsEdit

These groups can be categorized into the ones which do not aim at financial gain. They generally aim at developing malware for political success. One of the finest examples of such a malware is Stuxnet! This malware was found in Iran’s atomic program but it was believed to be originated from some foreign government.[14] These can not be thought as harmless as they can have losses on the political, religion or commercial level.

Professional CybercriminalsEdit

These kind of people are the most dangerous ones as they have proper technical expertise and know what they want to harm and how to harm. These are a group which can consist of technologists who have turned themselves into cybercriminals. They do the most damage to government, financial institutions or e-commerce businesses. They can be responsible for the most number of crimes than the rest combined.

Reason for AttacksEdit

The complexity of networks, computers, operating systems, applications and other technology are interconnected and driven by many lines of code. This increases the number of back-doors with the more equipment attached. Inability to keep up with the change in technology, leaves little room for IT Professional to quickly find solutions for problems. A reliance on products with known vulnerabilities allows entrance into networks and personal computers before programmers are able to create a patch.

Impact on BusinessEdit

The downtime required to repair networks that have been attacked, may harm the business's productivity, revenue, financial performance and damage the companies reputation. The impact on business may range from low to extreme impact. For example downtime that has minor impact on business may mean that minimal amount of systems are affected.While on the other side of the coin is the extreme impact on business,the company's future is at stake and cost of recover is inconsequential. Here is a list of cost involved of downtime:

  • Direct Losses
  • Loss of future earnings
  • Billing losses of revenue
  • Cash flow
  • Stock price
  • Overtime costs
  • Loss of reputation

Prevention and DetectionEdit



A firewall guards the companies network from outside intrusion and to prevent employees from accessing prohibited sites. Intrusion prevention systems prevent attacks by blocking viruses and other threats from getting into the network. Antivirus software prevents viruses from infecting a computer by scanning for virus signatures. For antivirus to be effective it must be up-to-date and uniformly deployed across the enterprise.


Intrusion protection system is software or hardware that monitors system resources, it identifies possible intrusions into the system from either within or outside of the organization.there are three types of intrusion systems:

  • NIDS (Network intrusion detection system) identifies intrusions through network traffic and monitors multiple hosts.
  • HIDS (Host based intrusion detection system) identifies intrusions by reviewing host activities.
  • SIDS (Stack based intrusion system) examines packets as they pass through the TCP/IP stack.

Security AuditEdit

A company's network is a means of communication and sharing of information. However it comes under attack everyday by professional or novice hackers with intention to use company information or databases for their own fortune. But it is not compromised only by external individuals but also sometimes by personnel present in the company. When performing your audit you will use any security policy that your organization has as a basis for the work you are undertaking. You need to treat the policy initially as a threat. The Security Audit is a policy based monitoring of existing procedures and practices of sites and accessing the risk associated by these actions. There are a number of steps that need to be performed in order to complete a security audit. For example:

  1. Preparation
  2. Review policy and documents
  3. Discussion (interviews)
  4. Technical Investigation
  5. Report Presentation
  6. Post Audit actions

To address issues related to security of company's network auditing is one of the many steps need to be taken by a company.

Types of AuditsEdit

Self Audit (Informal Audit): Every company has few servers providing services to the company. To monitor these processes every company develops some type of self-audit process to follow on regular basis. Some companies have software to monitor all the process and then register entire logs to be evaluated later by professionals. Based on these audit results if a bad on incorrect event is detected, you can even have the event undone and the initiator’s account event locked out. The collectors will send all the daily logs to a consolidator once a day where you will be able to create numerous reports and graphs surrounding your security events. You can also use this for Trends and Analysis.

Information technology Audits (Formal IT Audit; Formal Auditing is mostly done by companies like KPMG, Deloitte and other auditing firms): The purpose of an internal audit is to provide operations management with an independent review of the adequacy and effectiveness of the operations’ internal controls.[15] The IT audit is basically external auditing in which external auditors will be hired to perform all the required auditing operations. These auditors contact internal auditing department and make their auditing requirements known to the company. At the conclusion of the audit, usually an oral report is conducted with the management, accompanied by a written report. At this time the company must plan actions to take in response to the report or decide whether they wish to assume the risks involved. Once auditing is done and the report is presented, all the concerned individuals should meet to discuss that what actions issues will arise from it and what steps need to be taken to take care of it.[16]


  1. Tavani, Herman T. Ethics and Technology: Controversies, Questions, and Strategies for Ethical Computing. Wiley, 2016.
  2. Cyberbullying. (2017). Funk & Wagnalls New World Encyclopedia, 1p. 1.
  3. TLP White, "An introduction to Malware" Page 4 accessed 4/26/2016 at
  4. Gunter Ollmann, "The Phishing Guide" Strategy IBM Internet Security Systems Page 20 accessed 4/26/2016 at
  5. “What Is Whaling? - Definition from Techopedia.” at
  6. Sam Martin and Mark Tokutomi, "Password Cracking" University of Arizona Page 5 accessed 4/26/2016 at
  7. Will, Mitchell "Password Cracking" University of Denver, Computer Science BootCamp accessed 4/25/2016 at
  8. a b Qijun Gu and Peng Liu, "Denial of Service Attacks" Texas State University & Pennsylvania State University Page 4 accessed 4/26/2016 at
  9. Frankenfield, Jake. “Eavesdropping Attack.” Investopedia, Investopedia, 12 Mar. 2019 at
  10. a b Tom's Guide Staff “Drive-By Downloads: How They Attack and How to Defend Yourself” (March 06, 2014) accessed 4/25/2016 at,news-18329.html
  11. “Web Application Attack: What Is It and How to Defend against It?” Acunetix at
  12. “Sql Injection: Vulnerabilities & How To Prevent Sql Injection Attacks.” Veracode, 25 Apr. 2019, at
  13. “Cross-Site Scripting (XSS) Tutorial: Learn About XSS Vulnerabilities, Injections and How to Prevent Attacks.” Veracode, 18 Apr. 2019 at
  14. a b c d John, Edwards “The top 10 kinds of Cybercriminals” (September 2007) accessed 4/26/2016 at
  15. Page, Pam “Security Auditing: A Continuous Process” SANS Institute InfoSec Reading Room 24 May 2003 accessed 7/30/2013 at
  16. Kapp, Justin “How to conduct a security audit” PC Network Advisor Issue 120 (July 2000) Page 3 accessed 7/30/2013 at

New References:



  1. Malware 101 : What is a Virus?? at
  2. Computer Worm, Margaret Rouse Computer Worm?? at
  3. Trojan Horse, Margaret Rouse-Trojan Horse at
  4. MITM, Man in the Middle Attack (MITM) at
  5. DDoS, Distributed Denial of service (DDoS) at
  6. Ransomware, Ransomware - What is it all about? at