Cyber, short for "cyberspace," refers to the virtual realm created by computer systems and networks where digital information is stored, transmitted, and processed. It encompasses the interconnected digital infrastructure that enables communication, data exchange, and online activities on a global scale.
In the cyber world, individuals, businesses, governments, and organizations interact and engage in a wide range of activities. This includes accessing information, communicating with others, conducting transactions, sharing media, and participating in online communities. The cyber domain has become an integral part of modern society, shaping various aspects of our lives and transforming how we work, learn, entertain, and connect with one another.
Cybersecurity is a crucial aspect of the cyber landscape. With the increasing reliance on digital technologies, protecting sensitive information and systems from unauthorized access, cyber attacks, and data breaches has become paramount. Cybersecurity measures involve implementing various techniques, such as encryption, firewalls, antivirus software, intrusion detection systems, and user authentication protocols, to safeguard networks, devices, and data from potential threats.
The term "cyber" is often associated with cybersecurity-related topics, such as cybercrime, cyber warfare, and cyber threats. Cybercrime refers to criminal activities conducted in the digital realm, such as hacking, identity theft, phishing, and ransomware attacks. Cyber warfare involves using cyber techniques to disrupt or sabotage the digital infrastructure of an adversary, including targeting critical systems, networks, or information. Cyber threats encompass any potential danger or vulnerability in the cyber domain that can lead to unauthorized access, data breaches, or disruptions to digital services.
Furthermore, the field of cybersecurity extends beyond protection and defense. It also includes proactive measures like ethical hacking, threat intelligence, vulnerability assessment, incident response, and security policy development. Cybersecurity professionals play a vital role in safeguarding digital assets and mitigating risks associated with the ever-evolving cyber landscape.
As technology continues to advance and more devices become interconnected through the Internet of Things (IoT), the cyber domain is expanding, presenting both opportunities and challenges. It is essential for individuals, businesses, and governments to stay vigilant, adopt best practices, and remain adaptable in order to navigate the complexities of the cyber world effectively.
1. About Cyber
Cyberspace
Cyberspace is a global and dynamic domain (subject to constant change) characterized by the combined use of
electrons and the electromagnetic spectrum, whose purpose is to create, store, modify, exchange, share, and extract,
use, eliminate information and disrupt physical resources.
Cyberspace includes:
1.Physical infrastructures and telecommunications devices that allow for the connection of technological and
communication system networks, understood in the broadest sense (SCADA devices, smartphones/tablets, computers,
servers, etc.);
2.computer systems (see point a) and the related (sometimes embedded) software that guarantee the domain's basic
operational functioning and connectivity;
3.Networks between computer systems;
4.Networks of networks that connect computer systems (the distinction between networks and networks of networks
is mainly organizational);
5.The access nodes of users and intermediaries routing nodes;
6.Constituent data (or resident data).
2. Cont.….
• Often, in common parlance (and sometimes in commercial language), networks of
networks are called the Internet (with a lowercase i), while networks between computers
are called intranet. Internet (with a capital I, in journalistic language sometimes called the
Net) can be considered a part of the system a).
• A distinctive and constitutive feature of cyberspace
• Cyberspace is that no central entity exercises control over all the networks that make up
new domain. Just as in the real world there is no world government, cyberspace lacks an
institutionally predefined hierarchical center. To cyberspace, a domain without a
hierarchical ordering principle, we can, therefore, extend the definition of international
politics coined by Kenneth Waltz: as being "with no system of law enforceable." This
does not mean that the dimension of power in cyberspace is absent, or that power is
dispersed and scattered into a thousand invisible streams, or that it is evenly spread across
myriad people and organizations, as some scholars had predicted.
• Cyberspace is characterized by a precise structuring of hierarchies of power
• Virtual world
• Cyberspace is a new domain for second life (Wertheim, 1999). It’s different physical
space. A User can make electronic personality as long as they have a time and energy
(Kollock, 2001), because electronic personality consists of user’s information. Based on
anonymity, Individual in web can expresses his or her personality. In cyberspace, a user is
able to have several electronic personalities, and acts them (Wertheim, 1999).
3. Cont.…
• Reality of virtual world
• A User believes that cyber personality exists and cyberspace is part of real world (Wertheim, 1999). The confidence can make
activities on cyberspace fall into a state of absorption. The more a state of absorption, a boundary between of cyberspace and
physical space disappears. In addition to having a role, people take part in activities on cyberspace (Hang, 2000). It makes
cyberspace feel more reality.
• Interaction(Social interaction and entertainment)
• Cyberspace is a new domain for social interaction and entertainment (Wertheim, 1999). When it’s used as private space, common
value or idea makes social network. Social interactions of this kind are chatting on internet community, on-line game, and club on
website, and so on. Through these activities, people throughout world have cyber social interaction (Hang, 1999; 2001).
• Community for common interests
• People desire space to share their idea and information for business or work (Wertheim, 1999). Website or internet network is used
for this. A work or information on web is shared and utilized for everyone’s each goal.
• Public space equality
• Web is impartial space. There are not racial or religious or sex prejudice. Horizontal relationship exists between members in
cyberspace. Activities and benefits (Social communication and information, and so on) on cyberspace are open to everyone who can
use it.
• Destruction of public communications (negative)
• People in cyberspace give loose to communicate each other. There is not a supervisor or controller. So public communication can be
break and intergenerational communication gap is able to become serious. So far, there is not a rule or a regulation about cyber
communication. And anonymity makes control of communication in cyberspace impossible.
• Cyber egoism (negative)
• In fact, nobody can control or regulate actions on cyberspace. There is possibility of cyber egoism and irresponsible behaviors have
a negative effect (Wertheim, 1999; Park 2001) on realities of life. So far, there is not a rule or a regulation about cyber
communication. And nobody can punish a criminal act on web.
4. • Information Source
• Systematizing or structuralizing of information
• Information of cyberspace builds up network around nodes (Buchanan, 2002). The node means
what kind of information, which contents, and so on. Information on web is systematized or
structuralized around these nodes
• User as a knowledge creator
• In cyberspace, anybody can be a writer or an author (Jung, 2008), and anybody can show their
music or essay that they have created. Users on web make information as well as take it. A
boundary between user and creator is ambiguous.
• Web resource accessibility
• Web resource is open to everyone (Wertheim, 1999). In cyberspace, information is shared and
circulated free.
• Information Standardizing
• For more use, Information in cyberspace needs to be standardized (Wertheim, 1999). Currently
Most of web contents are produced as standardized form. So user can apply them without
converting.
• Hypertext
• World Wide Web is huge network that is connected each site as hypertext link through hypertext,
without map of information, user can get web resource easily.
• accessibility is low).
5. What Is Cyber-security?
What Is Cyber-security?
• Cyber-security is the practice of protecting systems, networks, and programs from digital attacks. These
cyber-attacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money
from users; or interrupting normal business processes. Implementing effective cyber-security measures is
particularly challenging today because there are more devices than people, and attackers are becoming more
innovative.
What is cyber-security all about?
• A successful cyber-security approach has multiple layers of protection spread across the computers, networks,
programs, or data that one intends to keep safe. In an organization, the people, processes, and technology
must all complement one another to create an effective defense from cyber-attacks. A unified threat
management system can automate integrations across select Cisco Security products and accelerate key
security operations functions: detection, investigation, and remediation.
• People
• Users must understand and comply with basic data security principles like choosing strong passwords, being
wary of attachments in email, and backing up data. Learn more about basic cyber-security principles.
6. • Processes
• Organizations must have a framework for how they deal with both attempted and successful cyber-attacks.
One well-respected framework can guide you. It explains how you can identify attacks, protect systems,
detect and respond to threats, and recover from successful attacks. Watch a video explanation of the NIST
cyber-security framework (1:54)
• Technology
• Technology is essential to giving organizations and individuals the computer security tools needed to protect
themselves from cyber-attacks. Three main entities must be protected: endpoint devices like computers, smart
devices, and routers; networks; and the cloud. Common technology used to protect these entities include next-
generation firewalls, DNS filtering, malware protection, antivirus software, and email security solutions.
• Why is cyber-security important?
• In today’s connected world, everyone benefits from advanced cyber-defense programs. At an individual level,
a cyber-security attack can result in everything from identity theft, to extortion attempts, to the loss of
important data like family photos. Everyone relies on critical infrastructure like power plants, hospitals, and
financial service companies. Securing these and other organizations is essential to keeping our society
functioning. Everyone also benefits from the work of cyber-threat researchers, like the team of 250 threat
researchers at Talos, who investigate new and emerging threats and cyber-attack strategies. They reveal new
vulnerabilities, educate the public on the importance of cyber-security, and strengthen open source tools.
Their work makes the Internet safer for everyone.
•
7. What is a Cyber Attack?
• What is a Cyber Attack?
• A cyber-attack is an assault launched by cybercriminals using one or more computers against a single or
multiple computers or networks. A cyber-attack can maliciously disable computers, steal data, or use a
breached computer as a launch point for other attacks. Cybercriminals use a variety of methods, including
malware, phishing, ransomware, denial of service, among other methods.
• Types of Cyber Attacks
• Cyber-attacks can be of various types. You need to be aware of all those types of cyber-attacks to guarantee
your utmost safety and security.
1. Malware
• Malware is considered as software that is intentionally developed to disrupt computer, server, client, or
computer network. Malware can be in the form of scripts, executable codes, active content, and other
malicious software. These codes can be computer worms, viruses, ransomware, Trojan horses, adware,
spyware, or scare ware. Malware, as the name suggests, is designed with a malicious intent to cause damage
to the website/computer user.
• The most prominent damages caused by malware are:
• As ransomware, it blocks access to key components of the network.
• Installs harmful software/malware
• As spyware, they can steal valuable information from your system (spyware)
• They can damage certain hardware components of your system and make them inoperable.
8. 2. Phishing
• The main aim of Phishing is to steal restricted and private information such as credit card details, login ids,
and passwords, etc.It is usually done through email spoofing or instant messaging.They carry a link that
directs users to a fake website which looks similar to the legitimate site and asks them to enter personal and
secure information. It is a fraudulent activity intended to cheat users.They bait the users by claiming to be
from a reliable third group such as auction sites, online payment processors, social web sites, banks, or IT
administrators. You need to be well aware and acknowledged with such fraudulent activities to bypass any
such fraud activities.
3. Man-In-The-Middle Attack
• In Man-in-the-middle (MitM) the invader covertly modifies the chats and dialogues between two people who
are communicating with each other. In a Man-in-the-middle attack, the communicators are made to believe
that they are directly communicating with each other without any interference from any third party. But the
truth is that the whole communication is controlled by the invader while making the communicators believe
that they are talking to each other. It is also known as eavesdropping.
4. Denial-of-service attack
• In denial-of-service attack (DoS attack) the offender tries to make digital assets inaccessible to its anticipated
users. The offender provisionally interrupts services of a host who is linked to the Internet. It involves
overflowing the besieged machine with surplus applications to burden it from fulfilling the legitimate
requests.
9. 5. SQL Injection attack
• A Structured Query Language (SQL) injection attack allows the intruders to run malicious SQL statements. These SQL statements have the
power to take over the database server. Using SQL injection intruders can overcome application security measures. It allows them to pass
through the validation and approval process of any web application.It also allows them to recover the entire data from their database. It also
gives access to intruders to add, modify, and delete data in the database.An SQL Injection allows intruders to fiddle with various databases
including MySQL, Oracle, SQL Server, or others. It is widely used by attackers to get access over:
• Personal data
• Intellectual property
• Customer information
• Trade secrets and more.
6. Zero-Day Attack
• The zero-day vulnerability is a defect in the software, hardware or even the firmware. It is hidden from the teams responsible for fixing this
bug. It is referred to as zero-day as it has a zero day time gapped between the times it is detected and the first attack.
7. Cross-Site Scripting
• In Cross-Site Scripting (XSS) attacks the malicious scripts are embedded to reliable websites. The intruders send malicious code to different
users by embedding them into a trusted website usually as a browser side script. The web browser cannot recognize this malicious script
and has no idea that it is unreliable, and hence it executes the script as it comes from a trusted source. But alas these malicious scripts have
powers to access any session tokens, cookies, or any other secret information that is used by that site.
8. Credential Reuse Attack
• With almost every personal account asking for Ids and passwords, we tend to reuse them for various accounts. Though it is a big NO, we
tend to reuse one id and password for many accounts. Reusing the same password can be a big threat to your security. The intruders can
steal your usernames and passwords from a hacked website and they get a chance to log in to your other account using the same id n
passwords. And if you have reused them they get a golden opportunity to peek into your private accounts including your bank account,
email, your social media accounts, and many others. And we really do not need to tell you how hazardous it could be! So follow password
security best practices and avoid using the same id and password for multiple accounts. You can use Password managers to manage the
various IDs you use.
10. 9. Password Attack
• Passwords are the main gateways to securely enter into your personal accounts. Getting access to these passwords is
an age-old and most convenient way to intrude into someone’s private account. Our passwords are usually connected
to our life’s incidents, people and places and hackers take benefit of such details. They can even sniff into the
network to gain access to unencrypted passwords. Attackers can use either of the below given two approaches to get
hack your passwords:
• Brute-force
• Brute force is just like any other guessing game where you apply your wits and logic and expect that one of your
guesses might work.
• Dictionary attack
• In such attacks, attackers use a dictionary of common passwords to intrude into the user’s computer and network.
• The attackers copy encrypted file having the list of passwords, and use it to a dictionary of frequently used
passwords. They then compare the results to take hold of the user’s password.
• The account lockout policy is the best method to evade such risks as it locks your account after a few wrong
attempts and hence securing your accounts.
11. 10.Drive-By Download Attack
• Drive-by –download attack is a common method used by hackers to spread malicious scripts or codes on
user’s systems. Attackers embed a malicious script into an insecure website’s pages. Whenever you visit such
websites, the scripts will automatically install on your system or might redirect you to a website that is
controlled by the attacker. These attacks can occur by visiting a website, a pop-up window or an email
message. Drive-by downloads do not require users input to get activated. It does not require you to
download/open any malicious attachment. It uses an operating system/ web browser with inadequate security
features.
• To avoid the risk of drive-by download attack you should:
• Keep operating systems and browsers up to date
• Avoid suspicious websites.
• Try to use known websites as much as possible.
• Don’t download unnecessary programs and apps.
• Keep minimal plug-ins.