CyberSecurity Research

The small-sized gadgets (IoT – Internet of Things) of the complex interconnected digital web have become intrusive in our personal lives, changing to a virtual lifestyle. Imagine that they are more than the world population. The computers, laptops, iPods, tablets, and IoT are vulnerable to malware like trojans, viruses, worms, spyware, further leads to espionage, and sabotage by hackers, state-sponsored actors, non-state actors, and terrorists.

The new technological advancement and evolution of the Internet have significantly diminished our privacy and confidentiality in the cyber-space. The cybercriminals exploit the vulnerabilities and commit economic, financial, political, and personal cybercrimes. The threat to security leads to loss of confidentiality, integrity, and availability (CIA) and raises a concern to bring 100% secure cyber world.

Thus there is an urgent need to safeguard confidential or official information and to make cyberspace risk-free. The awareness, knowledge, measures, guidance, and guidelines can help to detect security breaches. Essentially a system must have a Firewall, IDPS (Intrusion Detection and Prevention System), UTM (Unified Threat Management) & Antivirus.

Security Measures – Configure Operating System, File System, and Network to Maximum Security

• Install patches or upgrades regularly.
• Properly manage users with root or admin access and implement a strict password policy. The password strength is a function of length, complexity, and unpredictability. Use password creators to create and manager to manage them. Always keep the password secret and never leave password notes on the desk, keyboard, or mobile. Set substantial secret questions and answers. Furthermore, disable auto-login.
• Setup Access Control Rights.
• Separate partition for data.
• Antivirus or Antispyware on individual servers or host machines checks all incoming traffic for any viruses/worms/trojans or malicious code. Always update the Antivirus database of signatures to recognize new threats.
  Trusted Antivirus available for Free: Microsoft Security Essential
• Firewall: Logically isolates internal from external network based on the system administrator's configured explicit directions or rules. The administrator regularly monitors and analyzes firewall activities. The users, program, service, port, or protocol on LAN, wireless, remote access, or VPN receives or sends traffic based on these rules matching criteria. These rules allow or block the connection or allow it if secured through Internet Protocol security (IPSec).
• IDPS & UTM: Passively monitors and analyzes traffic or events by listening to and examining the packets entering or exiting the network or system.
  IDPS detects and prevents attacks by looking for intrusion attempts based on signatures or patterns. It can lead to high positives; hence it requires careful tuning of network conditions.
  UTM has advanced features like URL or keyword filtering.
• Encryption Tools:- Login to the authentic sites via secure connection https
  • Trueencrypt/Veraencrypt: Encrypt any information
  • BitLocker Drive Encryption: It uses an AES encryption algorithm with a 128-bit key to encrypt drives and is included with Windows 10, Server 2008, Server 2008 R2, Server 2012, Server 2012 R2 operating system.
• Computer Name: It should not reveal company or individual identity.
• Guard Wireless Connectivity: Use WPA2 or better encryption methods and Media Access Control (MAC) binding.
• Conceal Personal information on Social Networking Sites to avoid misuse. Don't accept the stranger's friend request.
• Social Engineering: Hackers gain information by impersonating (spoof) or tricking techniques. After that, perform malicious activities like phishing or spear-phishing and email hoaxes to threaten, steal financial or confidential information. Often victims share their credentials, personal data, or sensitive information without being skeptical or cross-checking.
• Information on Smartphones: A mobile contains everything like contacts, messages, passwords, banking, and personal data. It's like a nightmare, losing a mobile. Don't grant too many privileges to third-party apps. They often spy on you using enabled geo-location.

Security Threats

Risk Threats on Small Scale

• Adware: Most public services or free hosting providers host advertisements containing adult or non-adult materials. Although it's considered a low-risk threat, such pop-ups are annoying.
• Hacking Bluetooth Connection: Using Bluetooth technology, hackers get unauthorized access to a specific mobile phone, laptop, or PDA (Personal Digital Assistant).
  Bluejacking: Using Bluetooth technology, hackers connect to Bluetooth-enabled devices and send some message to another such device. Although it does not damage the privacy or device system, the threat-risk is calculated based on transmitted message content.
  Bluesnarfing: Hackers get access to personal files like photos, contacts, and SMS.
• Scareware
  • Fake Anti-Virus: A threat common to Mac users where a scary message tells them the computer is virus infected and motivates them to purchase bogus anti-virus, which does nothing.
  • Fake Anti-malware: Scare the victim to purchase a bogus-anti-malware to remove malware infection it claims.
• WORMS: Designed to spread within a network or even the Internet and use up computer hard-disk space or most bandwidth.

High-Risk Threats i.e on large scale

• Backdoor: Hackers bypass all regular authentication services by exploiting a vulnerability. Once the backdoor gets installed, the hacker carries out its malicious activities like installing malware infection as it eases the transfer efforts of those threats.
• Dropper: A program designed to install malware or a backdoor into a victim's computer.
• Exploit A software programmed to attack specific vulnerabilities.
• BOTNET: The infected machine (through malware infection or drive-by downloads) called a bot or victim computer used for large-scale attacks like DDoS.
• Viruses: A malicious self-replicating program aims to destroy a victim's device.
  • Boot Sector Virus: Malicious code is placed at Master Boot Record (MBR) and executes during system bootup.
  • A virus document spreads mostly through document files. Thus advised not to open .exe files when you feel it is suspicious.
• Malware
  • Trojan Malware: Takes control of a web browsing session and is extremely dangerous when a victim does banking transactions. The Zeus and Spy Eye Trojan family threats can hide from antivirus detection and steal essential banking data.
  • Crimeware: After taking control of a victim's computer, hacker plants trojan to commit cybercrime.
  • Spyware: A malware to spy on a victim's computer for information.
• Phishing: A fake website designed to look almost similar to an actual website to trick the user into entering username and password to the counterfeit login form, thus stealing victim identity. The state sent out will go to an attacker-controlled server.
• Malvertising uses an online advertisement to spread malware. It involves injecting malicious or malware-laden advertisements into legitimate online advertising networks or webpages.
• WABBITS:
  • Form Bomb
  • DDoS (Distributed Denial of Service): Hackers send tons of traffic to a server or network, causing it to crash or gets interrupted.
• Pharming
  • DNS Poisoning: Compromised DNS redirects traffic to the attacker's website.
  • Edited Host File: Redirects to another website even ‘Google.com' is opened in a web browser.
• Keylogger: A subfunction of powerful trojan, which keeps a record of every keystroke made on keyboard and hacker uses it to steal login credentials like username and password.
• Mousetrapping: Web browser gets trapped to a particular website; even if you open another website or try clicking the forward/backward button or close browser and re-open, it will automatically redirect you back. The browser homepage is set to this website.
• Obfuscated Spam: A spam email looks very genuine is obfuscated so that it does not look like any spamming message to trick the potential victim into clicking.
• Chain Letters: Threatens or exploits the victim emotionally to forward a message to contacts
• Dialer: Uses the Internet modem to dial international numbers or send SMS to premium numbers.

CyberSecurity

IAR (Information Asset Register)

Registers information assets (electronic & physical) for an entity, including data assets (customer information, database admin, server admin), information processing and facilities, components such as software assets, human-resources assets, and other details such as physical location, license details, business value, etc.

IAR Necessity/Requirement

• Review & Manage IAR Register On Regular Basis: Most security concerned businesses ask each department to maintain IAR and review at least once a year. Audit your information mentioned in Soft/Hard documents, computers, or any mobile device with their classification, owner, custodian, and location. The IAR information is required to avoid risks and recover from a disaster.
• Asset Custodian: The asset owner organization assigns the responsibility with proper access control and ensures periodic review of access following the set classification level and control policy.
• Classification Level & Control Policy: Identify the confidential information based on criticality value, legal and protection requirement with technical and physical control. An organization must have the policy to classify information, procedure, and source.

Risk Register