Category: CEH

CEH

2020 Top 10 Cyber Attacks in India

info savvy

2020 Top 10 Cyber Attacks in India most typical forms of It like MalwarePhishingMan-In-The-Middle Attack, Denial-of-service attack etc. Such are the Attacks that you’ll learn in this article as well as you’ll get to understand what are cyber attacks with the assistance of its types.

What are the Cyber Attacks?

Cyber Attack is defined as an attack originated by a digital system against another digital device, website, or the other digital system and compromises its privacy, reliability or the info stored in it. A cyber attack can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks.

Types of Cyber Attacks

Cyber-attacks are often of varied types. you would like to remember of all those sorts of cyberattacks to ensure your highest safety and security.

Related Product: Certified Ethical Hacker | CEH Certification

1) Malware

Malware is taken under consideration as software that’s intentionally developed to disrupt computer, server, client, or network.
Malware is often within the type of scripts, executable codes, active content, and other malicious software.

These codes are often computer worms, viruses, ransomware, Trojan horses, adware, spyware, or scareware. Malware, because the name suggests, is meant with a malicious intent to cause damage to the website/computer user.

The most prominent damages caused by malware are:

  • As ransomware, it blocks access to key components of the network.
  • Installs harmful software/malware
  • As spyware, they’re going to steal valuable information from your system (spyware) ;
  • They will damage certain hardware components of your system and make them inoperable.

2) Phishing

The main aim of Phishing is to steal restricted and private information like MasterCard details, login ids, and passwords, etc.
By impersonating oneself as a reliable establishment in transmission. it’s usually done through email spoofing or instant messaging.
They carry a link that directs users to a fake website which looks almost like the legitimate site and asks them to enter personal and secure information. it’s a fraudulent activity intended to cheat users.
They bait the users by claiming to be from a reliable third group like auction sites, online payment processors, social internet sites, banks, or IT administrators.
You need to be aware and acknowledged with such fraudulent activities to bypass any such fraud activities.

3) Man-In-The-Middle Attack

In Man-in-the-middle (MitM) the invader covertly modifies the chats and dialogues between two people that are communicating with one another.
In a Man-in-the-middle attack, the communicators are made to believe that they’re directly communicating with one another with none interference from any third party.
But the reality is that the entire communication is controlled by the invader while making the communicators believe that they’re talking to one another. it’s also referred to as eavesdropping.

The Entry Points For MITM

  • The invaders can easily take control of o private chats over an unsecured public Wi-Fi. Invaders can inset between the device and therefore the network and may take control of the private hats within the network. The communicators without having any idea pass all the conversation to the invaders.
  • It also can be done through malware. In such cases, the invader installs software on the victim’s device to process all his information.

What are the Cyber attack  is a part Certified Ethical Hacking v10(CEH v10) training you learn the cyber security attacks and their impact.

4) Denial-of-service attack

In denial-of-service attack (DoS attack) the offender tries to form digital assets inaccessible to its anticipated users. The offender provisionally interrupts services of a number who is linked to the online. It involves overflowing the besieged machine with surplus applications to burden it from fulfilling the legitimate requests.

Also Read:  Concepts of Denial-of-Service Attack & Distributed Denial of Service Attack

5) SQL Injection attack

A Structured command language (SQL) injection attack allows the intruders to run malicious SQL statements. These SQL statements can require over the database server.
Using SQL injection intruders can overcome application security measures.
It allows them to undergo the validation and approval process of any web application.
It also allows them to recover the whole data from their database. It also gives access to intruders to feature, modify, and delete data within the database.
An SQL Injection allows intruders to fiddle with various databases including MySQL, Oracle, SQL Server, or others. it’s widely used by attackers to urge access over:

  • Personal data
  • Intellectual property
  • Customer information
  • Trade secrets and more

Read More : https://info-savvy.com/2020-top-10-cyber-attacks-in-india/

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

CEH

Information Security Incidents

info savvy

Information Security Incidents may be a network or host activity that potentially threatens the Information Security Incidents of knowledge. Keep on network devices and systems with regard to confidentiality, integrity, and accessibility. It’d be any real or suspected adverse event in regard to the safety of laptop systems or networks. It’s a violation or close at hand threat that has the potential to impact laptop security policies, acceptable use policies, or normal Information Security Incidents practices.

Malicious Code or corporate executive Threat Attacks: Malicious code attack could be a kind of attack that’s generated by malicious programs like viruses, worm, and worms. Insiders can even use malicious code to realize body privileges, capture passwords, and alter audit logs to hide their tracks. Malicious code attacks also are referred to as as program threats. The intention behind this sort of attacks is to change or destroy the info, hide or steal knowledge. Acquire unauthorized access and harm resources of the system or network.

Insider threats to your network generally involve those who work as staff or contractors of your company. They belong in your facilities and that they usually have user accounts in your networks. They understand things concerning your organization that outsiders sometimes don’t–the name of your network administrator. That specific applications you utilize what type of network configuration you’ve got, that vendors you’re employed with. External cyber attackers sometimes ought to fingerprint your network, analysis info concerning. Your organization, socially engineer sensitive knowledge from your staff, and acquire malicious access to any user account. Even those with the smallest amount of privileges. Thus internal attackers have already got benefits that external attackers lack.

Also read this blog Top 10 Most Common Types of Cyber Attacks

Unauthorized Access:

Unauthorized access refers to the process of obtaining illegal access to the systems to steal or harm data. Associate aggressor can do this by victimization network sniffers to capture network traffic to spot and procure encrypted usernames, passwords, and so on. Unauthorized access incidents embody secret attacks, session hijacking, and network sniffing.Unauthorized access may occur if a user makes an attempt to access district of system they must not be accessing. Once trying to access that space, they might be denied access Associate in nursing probably see an unauthorized access message.
Some system directors came upon alerts to allow them to grasp once there’s Associate in nursing unauthorized access try, so they will investigate the explanation. These alerts will facilitate stop hackers from gaining access to a secure or confidential system. Several secure systems can also lock associate degree account that has had too several unsuccessful login makes an attempt.

Unauthorized Usage of Services:

in this kind of incidents, Associate in nursing assailant uses another user’s account to attack the system or network. It’s the violation of associate degree organization’s system policies by misusing the resources provided to the users or workers. This might embody victimization associate degree workplace laptop to transfer movies or to store pirated computer code. Removing contents announce by another- user, harassing alternative users, gaining credentials or personal data of different use-s, a-id so on. Inappropriate usage incidents embrace privilege increase, insider attacks, and sharing of critical data.If you report stealing of a debit card inside two business days of after you notice the card missing, your liability is proscribed to $50. If you don’t, your potential liability will increase to $500. You risk unlimited liability if you fail to report unauthorized card dealings .That seems on your statement among sixty days of that statement being mail-clad to you.

Email-based Abuse:

during this kind of incidents, Associate in nursing attacker creates a pretend web site mimicking the legitimate web site and sends the ….website links to the users to steal sensitive data like user credentials, checking account details, and credit card details. This sort of incidents includes unsought business email known as Spam, and phishing mails.

Espionage:

undercover work involves stealing the proprietary data of any organization and spending a similar to different organizations with the motive of negatively impacting its name or for a few monetary profits.

Fraud and Theft:

this sort of incidents involves thieving or loss of quality or instrumentality that Contains hint. The motive behind fraud and thieving is to achieve management over and misuse the data systems like access management systems, inventory systems, monetary information, and phone phone equipment.

Employee Sabotage Associate in Nursing Abuse:

The actions performed an worker to abuse systems embody removing hardware or services of a computing system, deliberately creating incorrect information entry, deliberately deleting information or altering data, inserting logic bombs to delete data, applications., and system files, crashing systems, and so on.

Related Product : Certified Ethical Hacker | CEH Certification

Network and Resource Abuses:

during this variety of incidents. Associate in nursing aggressor uses the network and resources for getting crucial organization details, or in some situations they even create the network services or resources out of stock to the legitimate users by flooding a lot of traffic to the servers or applications. Network and resource abuse incidents embody denial-of-service (DoS) attacks, network scanning, and so on. Resource misconfiguration Abuses.

Read More : https://www.info-savvy.com/information-security-incidents/

————————————————————————————————

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ

CEH

What is Defense in Depth? & How Defense in depth Works

info savvy

Defense in depth may be a security strategy during which security professionals use many protection layers throughout associate information system. This strategy uses the military principle that it’s more difficult for associate enemy to defeat a fancy. Multi-layered defense system than to penetrate one barrier. Defense-in-depth helps to stop direct attacks against associate information system. It’s knowledge as a result of a possibility in one layer only leads the offender to successive layer. If a hacker gains access to a system, defense-in-depth minimizes any adverse impact and provides directors and engineer’s time to deploy new or updated countermeasures to stop a repeat of intrusion.

How Defense in depth Works

a layered approach to security can be apply to all or any levels of IT systems. From the lone laptop computer accessing the web from the coffee shop to the fifty thousand user enterprise. WAN, Defense in depth will considerably improve your security profile.No organization will be ever be absolutely protect by one layer of security. Wherever one door could also be closed, others are left wide open, and hackers can realize these vulnerabilities very quickly. You use a series of various defenses along, like firewalls, malware scanners, intrusion detection systems, encryption and integrity auditing solutions. You effectively shut the gaps that are created by relying on a singular security solution.

Elements of defense in depth

Security Policies and Procedures

In initial layer of defense organization must setup benchmarks, standards, policy . In some scenarios the legal rules, and also the best practices as baseline standard. Later these become actual normal for any organization. Internationally totally different standards are recognized for security data like international organization for standardization (ISO), Payment Card business (PCI) information Security standard (DSS), Control Objectives for data and connected Technology (COBIT) and plenty of a lot of. Ever y customary or regulation features a general implementation cycle.

Physical Security

It not only involved with protection the doors and sitting of guard however additionally include security of server space, laptop computer and desktop protection, and human factors.

Perimeter and Network

Security Rectification of network is core element in securing IT organization as shown in Fig three between major network segments. It starts with covering design against well-known and obvious network attacks. The perimeter of network traffic should be filter by stat-full examination of firewalls, intrusion detection mechanisms. Malware identification and obstruction technologies, filtering of close dangerous contents. To defense network perimeter it’s necessary to grasp what a network would possibly face in terms of attacks and threats. Once properly organized this layer shield data assets by allowing solely those activities that ar needed to continue business operations.

Related Product Certified Ethical Hacker | CEH Certification

Observation and work of Events

Security design remains incomplete while not correct watching and work system. Network and Security operations should be ceaselessly monitor for sign of any doable intrusion. Effective alerts and alarms will solely be generate with correct implementation of watching of security controls. Rather than simply parsing logs from one device to different complete preparation of observation system. Directors must review important logs on every day to observe advanced intrusion or threats to system.

Host Security

Host security is very important as rectification of network in security design. Antivirus, anti-malware, host intrusion detection and interference mechanism, host based mostly firewalls and package hardening should be enforced.

Session Security

It provides restrictions over a user at intervals a singular session and it’s important in internet security. Cryptographic-ally robust, applicable key and session identifiers are the simplest controls wont to implement session security. A complete guideline during this regard is offered on OWSAP.

Application Security

Security of users, data concerning credit cards, restriction on rights, vulnerability analysis, input validation, backup and restoration, passwords and access management lists (ACLs) are the controls that supports implementation of security of application.

Information Security

information outpouring interference business supported encoding like Triple encoding standard (DES) should be enforced to shield private information of organization and user together with credit card data.

Defense-in-depth architecture: Layered security

Defense-in-depth security architecture is based on controls that are designed to protect the physical, technical and administrative aspects of your network.

Physical controls – These controls include security measures that prevent physical access to IT systems, such as security guards or locked doors.

Technical controls – Technical controls include security measures that protect network systems or resources using specialized hardware or software, such as a firewall appliance or antivirus program.

Administrative controls – Administrative controls are security measures consisting of policies or procedures directed at an organization’s employees, e.g., instructing users to label sensitive information as “confidential”.
Additionally, the following security layers help protect individual facets of your network:

Access measures – Access measures include authentication controls, bio metrics, timed access and VPN.

Workstation defenses – Workstation defense measures include antivirus and anti-spam software.

Data protection – Data protection methods include data at rest encryption, hashing, secure data transmission and encrypted backups.

Perimeter defenses – Network perimeter defenses include firewalls, intrusion detection systems and intrusion prevention systems.

Monitoring and prevention – The monitoring and prevention of network attacks involves logging and auditing network activity, vulnerability scanners, sand boxing and security awareness training.

Also read this topic Top 10 Most Common Types of Cyber Attacks

The Benefits of Defense in Depth

A multi-layered approach are often tailored to totally different levels of security. Not each quality must be fully secure; instead, only the most business crucial assets, like proprietary and lead, will be protected by the foremost restricted settings.
If one system fails, there area unit different systems functioning. It’s not possible to ensure the safety of any single style of security application; there square measure continuously vulnerabilities and exploits. By mistreatment multiple systems to mitigate injury, the organization will make sure that although one (or multiple) systems fail, the system itself continues to be protected.

Read More : https://www.info-savvy.com/defense-in-depth/

————————————————————————————————

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ

CEH

Top categories which includes in Information Warfare

info savvy

The term information warfare or Info War refers to the use of information and communication technologies (ICT) for competitive advantages over an opponent.Examples of information warfare weapons include viruses, worms, Trojan horses, logic bombs, trap doors, nano machines and microbes, electronic jamming, and penetration exploits and tools.

information,warfare into the following categories:

Command and control warfare (C2 warfare): In the computer security industry. C2 warfare refers to the impact an attacker possesses over a compromised system or network that they control.

Intelligence-based warfare:

Intelligence-based warfare is a sensor-based technology that directly corrupts technological systems. According to Libicki, “intelligence-based warfare” is a warfare that consists of the design, protection. Denial of systems that seek sufficient knowledge to dominate the battle space.

Also Read this Blog Climbing the Cyber Security Certification Ladder

Electronic warfare:

According to Libicki, electronic warfare uses radio electronic and cryptographic techniques to degrade communication. Radio electronic techniques attack the physical means of sending information. Whereas cryptographic techniques use bits and bytes to disrupt the means of sending information.

Psychological warfare:

Psychological warfare is the use of various techniques such as propaganda. A -id terror to demoralize one’s adversary in an attempt to succeed in the battle.

Hacker warfare:

According to Libicki, the purpose of this type of warfare can vary from shutdown of systems, data errors, theft of information, theft of services, system monitoring, false messaging, and access to data. Hackers generally use viruses, logic bombs, and sniffers to perform these attacks.According to Libicki, the purpose of this type of warfare can vary from shutdown of systems, data errors, theft of information, theft of services, and access to data. Hackers generally use viruses, logic bombs, Trojan horses, and sniffers to perform these attacks.

Economic warfare:

According Libicki, economic information warfare can affect the economy of a business or nation by blocking the flow of information. This could be especially devastating to organizations that do a lot of business in the digital world.

Related Product Certified Ethical Hacker | CEH Certification

Cyber warfare:

Libicki defines cyber warfare as the use of information systems against the virtual personas of individuals or groups. It is the broadest of all information warfare and includes information terrorism, semantic attacks. Simulate-warfare (simulated war, for example, acquiring weapons for mere demonstration rather than actual use).
Each form of the information warfare, mentioned above, consists of both defensive and offensive strategies.

Defensive data Warfare:

Involves all methods and actions to defend against attacks on ICT assets. Information warfare has become just about similar with revolution in data technologies, its potential to rework military ways and capabilities. There is a growing agreement that national prosperity, if not survival, depends on our ability to effectively leverage info technology.In some quarters, IW has even been related to the investing of knowledge technologies to realize larger effectiveness and efficiency. This has stretched that means of information warfare to the limit and has sowed For this reason. This treatment of the topic uses the term “information strategies” to ask the popularity and utilization of knowledge and information technologies as associate instrument of national power .

Offensive data Warfare:

Involves attacks against ICT assets of associate opponent. The set of activities carried out by people and teams with specific political and strategic objectives geared toward the integrity, handiness and confidentiality of information collected, keep and transferred inside information systems connected. Further, Valerie and Knights stress that info and Offensive Information Warfare area unit closely interlinked and kind a mutual.

Read More : https://www.info-savvy.com/information-warfare/

————————————————————————————————————————–

This Article Posted By

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ

CEH

Scope and Limitations of Ethical Hacking

info savvy

Ethical hacking

Scope and Limitations of Ethical Hacking, It is a structured and organized security assessment, usually as part of a penetration test. Security audit and is a crucial component of risk assessment, and information systems security best practices. It is used to identify risks and highlight remedial actions, and also to reduce Information and Communications Technology (ICT) costs by resolving those vulnerabilities.An ethical hacker should understand the penalties of unauthorized hacking into a system. No ethical hacking activities related to a network-penetration check or security audit should begin till a signed official document giving the ethical hacker specific permission to perform the hacking activities is received from the target organization. Ethical hackers got to be considered with their hacking skills and acknowledge the implications of misusing those skills. Pc crimes are generally classified into 2 categories: crimes facilitated by a computer and crimes wherever the pc is that the target.Security experts broadly categorize computer crimes into two categories Crimes facilitated by a computer and those in which the computer is the target. As with all kinds of events or procedures, moral hacking additionally has its darker side.

Also Read:-What is Ethical Hacking? & Types of Hacking
Related Product:- Certified Ethical Hacker | CEH Certification

The probable drawbacks of ethical hacking include:

  • The ethical hacker could turn unscrupulous and use the information they gain to execute malicious hacking activities.
  • Since hacker has access to an organization or individual’s financial and business-critical information. He/she will misuse it within the worst case situations.
  • There is usually a risk that the ethical hacker could send and/or place malicious code, viruses, malware and alternative harmful things on a computer system.

Though the on tops of risks are not universal, enterprises. People should take these into thought before availing the services of an ethical hacker. The ethical hacker must follow certain rules to fulfill the ethical and moral obligations.

An ethical hacker must do the following:

  • Gain authorization from the client and have a signed contract giving the tester permission to perform the test.
  • Maintain confidentiality when performing the test and follow a Nondisclosure Agreement (NDA) . The client for the confidential information disclosed during the Test. The information gathered might contain sensitive information and the ethical hacker must not disclose. Any information about the test or the confidential company data to a third party.
  • Perform the test up to but not beyond the agreed-upon limits. For example, ethical hackers should perform DoS attacksonly if they have previously been agreed upon with the client. Loss of revenue, goodwill, worse could befall an organization. Whose servers or applications are unavailable to customers because of the testing.

The following steps provide a framework for performing a security audit of an organization. Which will help in ensuring that the test is organized, efficient, and ethical.

  1. Talk to the client, and discuss the needs to be addressed during the testing.
  2. Prepare and sign NDA documents with the client.
  3. Organize an ethical hacking team, and prepare a schedule for testing.
  4. Conduct the test.
  5. Analyze the results of the testing, and prepare a report.
  6. Present the report findings to the client.

Read More : https://www.info-savvy.com/scope-and-limitations-of-ethical-hacking/

————————————————————————————————————————–

This Blog Article is posted byInfosavvy2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us –www.info-savvy.com

https://g.co/kgs/ttqPpZ

CEH

Essential Terminology in Cyber security

info savvy

Here are some terms and their definition, you must know before you start studying ethical hacking. As cyber security technology grows and expands, so does the vocabulary associated with it.

Hack Value:

It is the notion among hackers that one thing is price doing or is interesting. Hack value will be a playful disruption. It’s additionally maintenance for the imagination, surprise the far side tedium of living in a client, dominated culture.It crossovers between different fields and practices, regard their achievements and approaches inhacking instead of specific genres. Like alternative chapters a number of the artworks and comes exist their own right, inside and outside of gallery context.Alternative examples either play with or disrupt things through cultural enactments of communication with others. These embody publications, farming, food distribution and public heritage sites. All the comes and works studied are social. Some are political and a few are participatory.This includes works that use digital networks and physical environments also as written matter. What binds these examples along isn’t solely the adventures. They initiate once experimenting with alternative ways that of seeing, being and thinking.They additionally share common intentions to loosen the restrictions, distractions and interactions dominating. The cultural interfaces, facades and structures in our everyday surroundings. Hack value is the notion among hackers to evaluate something that is worth doing or is interesting. Hackers derive great satisfaction from breaking down the toughest network of cyber security . They consider it their accomplishment as no one can do.

Also Read this Blog 6 Quick Methodology For Web Server Attack

Vulnerability:

Vulnerability is the existence of weakness, design when exploited, leads to an unexpected and undesirable event compromising . Simply that allows an attacker to enter the system by bypassing various user authentications. Vulnerability comes from the Latin word for “wound,” values. Vulnerability is that the state of being open to injury, or showing as if you’re. It would be emotional, like admitting that you are loving with somebody who would possibly solely such as you as a friend, or it will be literal, just like the vulnerability of a soccer goal that is unprotected by any defensive players. Vulnerability is that the existence of a weakness (design or implementation error) which will result in a surprising event compromising the protection of the system.

Exploit:

An exploit is breach of IT system security through vulnerabilities, in the context of an attack on system or network. Exploitation is that the next step in an attacker’s playbook when finding a vulnerability. Exploits are the means that through that a vulnerability may be leveraged for malicious activity by hackers; these include pieces of software system, sequences of commands, or maybe open supply exploit kits.An exploit could be a code that takes advantage of a software vulnerability or security flaw.It’s written either by cyber security researchers as a proof-of-concept threat or by malicious actors to be used in their operations. When used, exploits enable an intruder to remotely access a network and gain elevated privileges, or move deeper into the network.It also refers to malicious software or commands that can cause unanticipated behavior of legitimate software or hardware through attackers taking advantage of the vulnerabilities. Exploit could be a breach of an IT system of cyber security through vulnerabilities.

Payload:

Payload is the part of a malware or an exploit code that performs the intended malicious actions, which can include creating backdoor access to a victim’s machine, damaging or deleting files, committing data theft and hijacking computer. Hackers use various methods to execute the payload. Payload is that the part of an exploit code that performs a supposed malicious action. For example, they can activate a logic bomb, execute an infected program, or use an unprotected computer connected to a network.In computing, a payload is that the carrying capability of a packet or different transmission information unit. The term has its roots within the military and is usually related to the capability of practicable malicious code to try and do injury. Technically, the payload of a particular packet or different protocol information unit (PDU) is that the actual transmitted information sent by act endpoints; network protocols additionally specify the most length allowed for packet payloads.

Related Product Certified Ethical Hacker | CEH Certification

Zero-Day Attack:

in a Zero-Day attack, the attacker exploits vulnerabilities in a computer application before the software developer can release a patch for them.A Zero-Day attack is an attack that exploits the PC vulnerability before software engineer releases a patch.Based on common usage of exploit terms, an exploit is said as a zero-day exploit once it’s wont to attack a vulnerability that has been identified however not yet patched, additionally called a zero-day vulnerability.

Daisy Chaining:

It involves gaining access to one network and/or computer and then using the same information to gain access to multiple networks and computers that information. Daisy chaining involves gaining access to a network and /or laptop and so exploitation constant data to realize access to multiple networks and computers that contain desirable data.

Doxing:

Doxing is publication in person identifiable data concerning a private or organization. It refers to gathering and publishing personally identifiable information such as an individual’s name and email address, or other sensitive information pertaining to an entire organization. People with malicious intent collect this information from publicly accessible channels such as the databases, social media and the Internet.

Bot:

A “bot” (a contraction of “robot”) is a software application or program that can be controlled remotely to execute or automate predefined tasks. Hackers use buts as agents that carry out malicious activity over the Internet. Attackers use infected machines to launch distributed denial-of-service (DDoS) attacks, key logging, spying, etc. bot could be a software system application which will be controlled remotely to execute or alter predefined tasks.

Read More : https://www.info-savvy.com/essential-terminology-in-cyber-security/

——————————————————————————————————————-

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

CEH

5 Phases of Hacking

info savvy

This article explains 5 steps of Hacking phases taking an example of a Hacker trying to hack… for example Reconnaissance, Scanning, Gaining Access, Maintaining Access, Fearing Tracks…

 There are five Hacking phases:

  • Reconnaissance
  • Scanning
  • Gaining Access
  • Maintaining Access
  • Clearing Tracks

Hacking Phase 1: Reconnaissance

Reconnaissance refers to the preparatory phase in which an attacker gathers as much information as possible about the target prior to launching the attack. In this phase, the attacker draws on competitive intelligence to learn more about the target. It could be the future point of return, noted for ease of entry for an attack when more about the target is known on a broad scale. Reconnaissance target range may include the target organization’s clients, employees, operations, network, and systems.This phase allows attackers to plan the attack. This may take some time as the attacker gathers as much information as possible. Part of this reconnaissance may involve social engineering. A social engineer is a person who convinces people to reveal information such as unlisted phone numbers, passwords, and other sensitive information. For instance, the hacker could call the target’s Internet service provider and, using whatever personal information previously obtained, convince the customer service representative that the Hackingphases is actually the target, and in doing so, obtain even more information about the target.Another reconnaissance technique is dumpster diving. Dumpster diving is, simply enough, looking through an organization’s trash for any discarded sensitive information. Attackers can use the Internet to obtain information such as employees’ contact information, business partners, technologies currently in use, and other critical business knowledge. But dumpster diving may provide them with even more sensitive information, such as user names, passwords, credit card statements, bank statements, ATM receipts, Social Security numbers, private telephone numbers, checking account numbers, and any number of other things.Searching for the target company’s web site in the Internet’s Who is database can easily provide hackers with the company’s IP addresses, domain names, and contact information.

Hacking Phase 2: Gaining Access

during this Hacking phases designs the blueprint of the network of the target with the assistance of information collected throughout section one and section two. The hacker has finished enumerating and scanning the network and currently decides that they need a some choices to achieve access to the network.This section is wherever an attacker breaks into the system/network exploitation numerous tools or strategies. once getting into a system, he has got to increase his privilege to administrator level therefore he will install an application he desires or modify information or hide information. In section three the attacker would exploit a vulnerability to achieve access to the target. This usually involves taking management of 1 or a lot of network devices to extract information from the target or use that device to perform attacks on alternative targets.

Hacking Phase 3: Scanning

Scanning is the phase immediately preceding the attack. Here, the attacker uses the details gathered during reconnaissance to scan the network for specific information. Scanning is a logical extension of active reconnaissance, and in fact, some experts do not differentiate scanning from active reconnaissance. There is a slight difference, however, in that scanning involves more in-depth probing on the part of the attacker. Often the reconnaissance and scanning phases overlap, and it is not always possible to separate the two. An attacker can gather critical network information such as the mapping of systems, routers, and firewalls by using simple tools such as the standard Windows utility Trace route. Alternatively, they can use tools such as Cheops to add additional information to trace route’s results.Port scanners detect listening ports to find information about the nature of services running on the target machine. The primary defense technique against port scanners is to shut down services that are not required, as well as to implement appropriate port filtering. However, attackers can still use tools to determine the rules implemented by the port filtering.

Also Read  : What is Ethical Hacking? & Types of Hacking
Related Product : Certified Ethical Hacker | CEH Certification

Hacking Phase 4: Maintaining Access

Maintaining access refers to the phase when the attacker tries to retain his or her ownership of the system. Once an attacker gains access to the target system with administrator level privileges (thus owning the system), he or she is able to use both the system and its resources at will, and can either use the system as a launch pad to scan and exploit other systems, or to keep a low profile and continue exploiting the system. Both these actions can cause a great amount of damage. For instance, the hacker could implement a sniffer to capture all network traffic, including Telnet and FTP (file transfer protocol) sessions with other systems, and then transmit that data wherever he or she pleases.Attackers who choose to remain undetected remove evidence of their entry and install a backdoor or a Trojan to gain repeat access. They can also install rootkits at the kernel level to gain full administrative access to ten target computer. Rootkits gain access at the operating system level, while a Trojan horse gains access at the application level. Both rootkits and Trojans require users to install them locally. In Windows systems, most Trojans install themselves as a service and run as local system, with administrative access.

Read More : https://www.info-savvy.com/5-phases-of-hacking/

————————————————————————————————————

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us –www.info-savvy.com

https://g.co/kgs/ttqPpZ

CEH

Top 10 Most Common Types of Cyber Attacks

info savvy

Top 10 Most Common Types of Cyber Attacks has various categories of information security threats, such as network threats, host threats, and application threats, and various attack vectors, such as viruses, worms, botnets, that might affect an organization’s information security.This section introduces you to the motives, goals, and objectives of information security Cyber Attacks, top information security attack vectors, information security threat categories, and the types of Cyber Attacks on a system Below is a list of information security attack vectors through which an attacker can gain access to a computer or network server to deliver a payload or malicious outcome.

A cyber attack is any sort of offensive action that targets computer information systems, infrastructures, computer networks or personal computer devices, using various methods to steal, alter or destroy data or information systems. These cyber attacks you can learn in CEH v10.

Top 10 Most Common Types of Cyber Attacks

1.Cloud Computing Threats:

Cloud computing provides several benefits, like speed and efficiency via dynamic scaling. However it additionally raises a number of issues regarding security threats, like information breaches, human error, malicious insiders, account hijacking, and DDoS attacks. Clouded computing is an on-demand delivery of IT capabilities in which IT infrastructure and applications are provided to subscribers as a metered service over a network. Clients can store sensitive information on the cloud. Flaw in one Client’s application cloud could potentially allow attackers to access another client’s data.

2.Advanced Persistent Threats (APT):

Advanced Persistent Threat (APT) is an Cyber attacks that focuses on stealing information from the victim machine without its user being aware of it. These attacks are generally targeted at large companies and government networks. APT attacks are slow in nature, so the effect on computer performance and Internet connections is negligible. APTs exploit vulnerabilities in the applications running on a computer, operating system, and embedded systems.

3.Viruses and Worms:

Viruses and worms are the most prevalent networking threats, capable of infecting a network within seconds. A virus is a self-replicating program that produces a copy of itself by attaching to another program, computer boot sector or document. A worm is a malicious program that replicates,Executes and spreads across network connections. A computer worm could be a standalone malware computer program that replicates itself so as to unfold to alternative computers. Often, it uses a computer network to spread itself, looking forward to security failures on the target computer to access it. Viruses make their way into the computer when the attacker shares a malicious file containing it with the victim through the Internet, or through any removable media. Worms enter a network when the victim downloads a malicious file, opens a Spam mail or browses a malicious website.

4.Ransomware:

Ransom ware is a type of a malware, which restricts access to the computer system’s files and folders and demands an online ransom payment to the malware creator(s) in order to remove the restrictions. Ransom ware could be a subset of malware during which the information on a victim’s computer is locked, usually by encoding, and payment is demanded before the ransomed information is decrypted and access is came back to the victim. The motive for ransom ware attacks is almost continually financial, and in contrast to alternative kinds of Cyber Attacks, the victim is sometimes notified that AN exploit has occurred and is given directions for the way to endure the attack It is generally spread via malicious attachments to email messages, infected software applications, infected disks or compromised websites.

5.Mobile Threats:

Attackers are increasingly focusing on mobile devices, due to the increased Adoption of smart phones for business and personal use and their comparatively fewer security controls. Users may download malware applications (APKs) onto their smartphones, which can damage other applications and data and convey sensitive information to attackers. Attackers can remotely access a smartphone’s camera and recording app to view user activities and track voice communications, which can aid them in an attack.Like viruses and spyware that may infect your computer, there are a variety of security threats that may have an effect on mobile devices. We tend to divide these mobile threats into many categories: application-based threats, web-based threats, network-based threats and physical threats.

6.Botnet:

An attacker can usually target computers not safeguarded with firewalls and/or anti-virus software. A botnet manipulator will get management of a computer in a variety of ways in which, however most often will therefore via viruses or worms. Botnets are important as a result of they need become tools that each hackers and arranged crime use to perform extralegal activities on-line. As an example, hackers use botnets to launch coordinated denial-of-service attacks, while organized crime uses botnets as ways in which to spam, or send a phishing attack that’s then used for determine theft. A botnet is a huge network of compromised systems used by attackers to perform denial-of-service attacks. Bots, in a botnet, perform tasks such as uploading viruses, sending mails with botnets attached to them, stealing data, and so on. Antivirus programs might fail to find—or even scan for—spyware or botnets. Hence, it is essential to deploy programs specifically designed to find and eliminate such threats.

Also Read :Top cyber security certifications of 2020 in India
Related Product : Certified Ethical Hacker | CEH Certification

7.Insider Attack:

Insiders that perform attacks have a definite advantage over external attackers because they need approved system access and additionally is also familiar with network architecture and system policies/procedures. Additionally, there is also less security against insider attacks as a result of several organizations specialize in protection from external attacks.An insider attack is an attack by someone from within an organization who has authorized access to its network and is aware of the network architecture.Insider threats to your network usually involve those who work as workers or contractors of your company. They belong in your facilities and that they often have user accounts in your networks. They understand things regarding your organization that outsiders sometimes don’t–the name of your network administrator, that specific applications you use, what variety of network configuration you’ve got, that vendors you’re employed with.

Read More : https://www.info-savvy.com/top-10-most-common-types-of-cyber-attacks/

———————————————————

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.comhttps://g.co/kgs/ttqPpZ

CEH

10 Steps to Cyber Security

info savvy

10 steps to cyber security During this blog, we explain and provide advice on the way to start Risk management regime, Secure configuration, Home and mobile working, Incident management, Malware prevention, Managing user privileges, Monitoring, Network security, etc…

10 steps to cyber security is a part Certified Ethical Hacking v10(CEH v10) training you learn the cyber security attacks and their impact.

As technology continues to evolve so also do the opportunities and challenges it provides. We are at a crossroads as we move from a society already entwined with the internet to the coming age of automation, Big Data, and the Internet of Things (IoT).Despite the threat of viruses and malware almost since the dawn of computing, awareness of the security and sanctity of data with computer systems didn’t gain traction until the explosive growth of the internet, whereby the exposure of so many machines on the web provided a veritable playground for hackers to test their skills – bringing down websites, stealing data, or committing fraud. It’s something we now call cyber crime.Since then, and with internet penetration globally at an estimated 3.4 billion users (approximately 46% of the world’s population2), the opportunities for cyber crime have ballooned exponentially.Combating this is a multi-disciplinary affair that spans hardware and software through to policy and people – all of it aimed at both preventing cyber crime occurring in the first place, and minimizing its impact when it does. This is the practice of cyber security.

Also Read: Concept of Security, Cyber Space & Cyber Crime

Related Product : Certified Ethical Hacker | CEH Certification

Defining and communicating your Board’s Information Risk Management Regime is central to your organisation’s overall cyber security. CESG recommend you review this regime – together with the nine associated security area described below – in order to protect your business against the majority of cyber threats.

Following 10 Steps to Cyber Security

  1. Network Security Protect your networks against external and internal attack. Manage the network primer. Filter out unauthorized access and malicious contents. Monitor and test security controls.
  2. Malware Protection Produce relevant policy and establish anti-malware defenses that are applicable and relevant to all business areas. Scan for malware across the organisation.
  3. Monitoring Establish a monitoring strategy and produce supporting policies. Continuously monitor all ICT system and networks. Analyse logs for unusual activity that could indicate an attack.
  4. Incident Management Establish an incident response and disaster recover capability. Produce and test incident management plans. Provide specialist training to the incident management team. Report criminal incidents to law enforcement
  5. User Education and Awareness Produce user policies covering acceptable and secure use of the organisation’s systems. Establish a staff training programmer. Maintain user awareness of the cyber risks.
  6. Home and Mobile Working Develop a mobile working policy and train staff to adhere to it. Apply the secure baseline to all devices. Protect data both in transit and at rest 10 Steps to Cyber Security
  7. Secure Configuration Apply security patches and ensure that the secure configuration of all ICT systems is maintained. Create a system inventory & define a base line build for all ICT devices.
  8. Removable Media Controls Produce a policy to control all access to removable media. Limit media types and use. Scan all media for malware before imported on the corporate system.
  9. Managing User Privileges Establish account management processes and limit the number of privileged accounts. Limit user privileges and monitor user activity. Control access to activity and audit logs.
  10. Information Risk Management Regime Establish and effective governance structure and determine your risk appetite. Maintain boards engagement with cyber risk. Produce supporting information risk management policies.

Read More : https://www.info-savvy.com/10-steps-to-cyber-security/
——————————————————————————————————————————
This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ

CEH

What are different types of attacks on a system

info savvy

Many approaches exist to gain access are different types of attacks on a system. One common requirement for all such approaches is that the attacker finds and exploits a system’s weakness or vulnerability.

Types of attacks on a system

1. Operating System Attacks

Today’s Operating Systems (OS) are loaded with features and are increasingly complex. While users take advantage of these features, they are prone to more vulnerabilities, thus enticing attackers. Operating systems run many services such as graphical user interfaces (GUIs) that support applications and system tools, and enable Internet access. Extensive tweaking is required to lock them down. Attackers constantly look for OS vulnerabilities that allow them to exploit and gain access to a target system or network. To stop attackers from compromising the network, the system or network administrators must keep abreast of various new exploits and methods adopted by attackers, and monitor the networks regularly.By default, most operating systems’ installation programs install a large number of services and open ports. This situation leads attackers to search for vulnerabilities. Applying patches and hot fixes is not easy with today’s complex networks. Most patches and fixes tend to solve an immediate issue. In order to protect the system from operating system attacks in general, it is necessary to remove and/or disable any unneeded ports and services.

Some OS vulnerabilities include:
 Buffer overflow vulnerabilities
 Bugs in the operating system
 An unmatched operating systemAttacks performed at the 05 level include:
 Exploiting specific network protocol implementations
 Attacking built-in authentication systems
 Breaking file-system security
 Cracking passwords and encryption mechanisms

2. Misconfiguration Attacks

Security misconfiguration or poorly configured security controls might allow attackers to gain unauthorized access to the system, compromise files, or perform other unintended actions. Misconfiguration vulnerabilities affect web servers, application platforms, databases, networks, or frameworks that may result in illegal access or possible system takeover. Administrators should change the default configuration of the devices before deploying them in the production network. To optimize the configuration of the machine, remove any unneeded services or software. Automated scanners detect missing patches, misconfigurations, use of default accounts, unnecessary services, and so on.

Also Read : Top 10 Most Common Types of Cyber Attacks
Related Product : Certified Ethical Hacker | CEH Certification

3. Application-Level Attacks

Software developers are often under intense pressure to meet deadlines, which can mean they do not have sufficient time to completely test their products before shipping them, leaving undiscovered security holes. This is particularly troublesome in newer software applications that come with a large number of features and functionalities, making them more and more complex. An increase in the complexity means more opportunities for vulnerabilities. Attackers find and exploit these vulnerabilities in the applications using different tools and techniques to gain unauthorized access and steal or manipulate data.Security is not always a high priority to software developers, and they handle it as an “add-on” component after release. This means that not all instances of the software will have the same level of security. Error checking in these applications can be very poor (or even nonexistent), which leads to:

  • Buffer overflow attacks
  • Sensitive information disclosure
  • Denial-of-service attacks
  • SQL injection attacks
  • Cross-site scripting
  • Phishing
  • Session hijacking
  • Parameter/form tampering
  • Man-in-the-middle attacks
  • Directory traversal attacks
  • SQL injection attacks

4. Shrink-Wrap Code Attacks

Software developers often use free libraries and code licensed from other sources in their programs to reduce development time and cost. This means that large portions of many pieces of software will be the same, and if an attacker discovers vulnerabilities in that code, many pieces of software are at risk.
Attackers exploit default configuration and settings of the off-the-shelf libraries and code. The problem is that software developers leave the libraries and code unchanged. They need to customize and fine-tune every part of their code in order to make it not only more secure, but different enough so that the same exploit will not work. An attack can be active or passive. An “active attack” attempts to alter system resources or affect their operation. A “passive attack” attempts to learn or make use of information from the system but does not affect system resources (e.g., wiretapping).you can learn all types of attack in CEH v10 location in Mumbai. The infosavvy provides the certified Ethical hacking training and EC Council Certification.  

5. Man-in-the-middle (MitM) attack

A MitM attack occurs when a hacker inserts itself between the communications of a client and a server. Here are some common types of man-in-the-middle attacks:Session hijackingIn this type of MitM attack, an attacker hijacks a session between a trusted client and network server. The attacking computer substitutes its IP address for the trusted client while the server continues the session, believing it’s communicating with the client. as an example , the attack might unfold like this:1. A client connects to a server.
2. The attacker’s computer gains control of the client.
3. The attacker’s computer disconnects the client from the server.
4. The attacker’s computer replaces the client’s IP address with its own IP address and spoofs the client’s sequence numbers.
5. The attacker’s computer continues dialog with the server and therefore the server believes it’s still communicating with the client.

IP Spoofing

IP spoofing is used by an attacker to convince a system that it’s communicating with a known, trusted entity and provide the attacker with access to the system. The attacker sends a packet with the IP source address of a known, trusted host rather than its own IP source address to a target host. The target host might accept the packet and act upon it.

Replay

A replay attack occurs when an attacker intercepts and saves old messages then tries to send them later, impersonating one among the participants. this sort can be easily countered with session timestamps or nonce (a random number or a string that changes with time).Currently, there’s no single technology or configuration to stop all MitM attacks. Generally, encryption and digital certificates provide an efficient safeguard against MitM attacks, assuring both the confidentiality and integrity of communications. But a man-in-the-middle attack are often injected into the center of communications in such how that encryption won’t help — for instance , attacker “A” intercepts public key of person “P” and substitute it together with his own public key. Then, anyone wanting to send an encrypted message to P using P’s public key’s unknowingly using A’s public key. Therefore, A can read the message intended for P then send the message to P, encrypted in P’s real public key, and P will never notice that the message was compromised. additionally , A could also modify the message before resending it to P. As you’ll see, P is using encryption and thinks that his information is protected but it’s not, due to the MitM attack.So, how can you confirm that P’s public key belongs to P and to not A? Certificate authorities and hash functions were created to solve this problem. When person 2 (P2) wants to send a message to P, and P wants to be sure that A won’t read or modify the message which the message actually came from P2, the following method must be used:

  1. P2 creates a symmetric key and encrypts it with P’s public key.
  2. P2 sends the encrypted symmetric key to P.
  3. P2 computes a hash function of the message and digitally signs it.
  4. P2 encrypts his message and therefore the message’s signed hash using the symmetric key and sends the whole thing to P.
  5. P is able to receive the symmetric key from P2 because only he has the private key to decrypt the encryption.
  6. P, and only P, can decrypt the symmetrically encrypted message and signed hash because he has the symmetric key.
  7. he’s ready to verify that the message has not been altered because he can compute the hash of received message and compare it with digitally signed one.
  8. P is additionally ready to convince himself that P2 was the sender because only P2 can sign the hash in order that it’s verified with P2 public key.

6. Phishing and spear phishing attacks

Phishing attack is that the practice of sending emails that appear to be from trusted sources with the goal of gaining personal information or influencing users to do something. It combines social engineering and technical trickery. It could involve an attachment to an email that loads malware onto your computer. It could even be a link to an illegitimate website which will trick you into downloading malware or handing over your personal information.Spear phishing may be a very targeted sort of phishing activity. Attackers take the time to conduct research into targets and make messages that are personal and relevant. due to this, spear phishing are often very hard to spot and even harder to defend against. one among the only ways in which a hacker can conduct a spear phishing attack is email spoofing, which is when the information within the “From” section of the e-mail is falsified, making it appear as if it’s coming from someone you recognize , like your management or your partner company. Another technique that scammers use to add credibility to their story is website cloning — they copy legitimate websites to fool you into entering personally identifiable information (PII) or login credentials.

To reduce the danger of being phished, you’ll use these techniques:

  • Critical thinking — don’t accept that an email is that the real deal just because you’re busy or stressed otherwise you have 150 other unread messages in your inbox. Stop for a moment and analyze the e-mail.
  • Hovering over the links — Move your mouse over the link, but don’t click it! Just let your mouse cursor h over over the link and see where would actually take you. Apply critical thinking to decipher the URL.
  • Analyzing email headers — Email headers define how an email need to your address. The “Reply-to” and “Return-Path” parameters should lead to the same domain as is stated within the email.
  • Sandboxing — you’ll test email content during a sandbox environment, logging activity from opening the attachment or clicking the links inside the e-mail .

Read More : https://www.info-savvy.com/what-are-different-types-of-attacks-on-a-system/

———————————————————
This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ