Concept of Security Cyber Space & Cyber Crime in this Cyber crime refers to the series of social group attacking each cyber space and cyber crime security. Cyber crime refers to criminal activity done exploitation computers and also the net. It conjointly involves criminal access (unauthorized access, transmissions of pc knowledge, to, from or at intervals a computing system .
Understanding Security as a process
Security is a process, not an end state. Security is the process of maintaining standard level of apparent risk. No organization can be considered “secure” for any time beyond the last verification of adherence to its security policy. If your manager asks, “Are we secure?” you should answer, “Let me check.” If he or she asks, “Will we have a tendency to be secure tomorrow?” you should answer, “I don’t know.” Such honesty will not be popular, but this mind-set will produce greater success for the organization in the long run
Security Features
• Confidentiality: It is roughly equivalent to privacy. Measures undertaken to confirm confidentiality are designed to stop sensitive data from reaching the incorrect folks, whereas ensuring that the proper folks will actually get it: Confidentiality is assurance that data is shared solely among approved persons or organizations.
• Integrity: Assurance that the information is authentic and complete. Integrity In information security, data integrity means maintaining and assuring the accuracy and consistency of data over its entire life-cycle
.• Availability: Assurance that the systems responsible for delivering, storing and processing information are accessible when needed, by those who need them. Availability of knowledge refers to making sure that approved parties are able to access the data once required.
Concept of Cyberspace:
With the arrival and growth of electronic transmission, the word “cyberspace” has entered into everyday formulation. But what does this word signify? I begin by sketching equivalence between physical area and Internet, showing that they share the ideas of place, distance, size and route in common. With this mutual framework in place, I’m going on to look at numerous theories substantial, relational, physicist and Kantian concerning the character of physical area. We see that, whereas Internet shares a number of the properties of physical area isolated by every of those theories, still it cannot be subsumed under any one theory. We also see that cyberspace exhibits several novel properties, projecting it far beyond the scope of any existing theory and setting it apart as an exciting Cyberspace is “the environment in which communication over computer network happens.“And almost everybody in one way or the other is connected to it.
Computer crime, or cybercrime, is any offence committed over a computer and a network. Computers are utilized in the commission of a criminal offense, or it may be the target.To better cybercrime understand, you can refer to below example.Commonwealth bank, australia – march 2011:- automatic teller machines (atms) spat outtens of thousands of free dollars in sydney tuesday after a computer glitch turned into a nightmare for the commonwealth bank. It security believe that it is a consequence of hacking.As per University of Maryland, Cyber security, also referred to as information technology security, focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change or destruction.The state of being protected against the criminal or unauthorized use of electronic information, or the measures taken to achieve this.‘Some folks have argued that the threat to cyber security has been somewhat inflated’.
In this article you will learn Social Networking Sites, Insider Threats, Type of Insider Threats and Insider Attack Effective etc.
Impersonation on Social Networking Sites
Today social networking sites are widely used by many people that allow them to build online profiles, share information, pictures, blog entries, music clips, and so on. Thus, it is relatively easier for an attacker to impersonate someone, The victim is likely to trust them and eventually reveal information that would help the attacker gain access to a system.This section describes how to perform social engineering through impersonation using various social networking sites such as Facebook, LinkedIn, and Twitter, and highlights risks these sites pose to corporate networks. Social Engineering through Impersonation on Social Networking Sites : As social networking sites such as Facebook, Twitter, and LinkedIn are widely used, attackers used them as a vehicle for impersonation. There are two ways an attacker can use an impersonation strategy on social networking sites:
– By creating a fictitious profile of the victim on the social media site
– By stealing the victim’s password or indirectly gaining access to the victim’s social media account
Social networking sites are a treasure trove for attackers because people share their personal and professional information on these sites, such as name, address, mobile number, date of birth, project details, job designation, company name, location, etc. The more information people share on a social networking site, the more likely an attacker would impersonate them to launch attacks against them, their associates, or organization. They may also try to join the target organization’s employee groups to extract corporate data.In general, the information attackers gather from social networking sites include organization details, professional details, contacts and connections, and personal details and use the information to execute other forms of social engineering attacks.Know more about network sniffing by becoming an EC-Council Certified Ethical Hacker from Infosavvy, Mumbai“Social Networking helps reach people Easier and Quicker”
Impersonation on Facebook
Facebook is a well-known social networking site or service that connects people to other people. It is widely used to communicate with friends, and share and upload photos, links, and videos. To impersonate users on Facebook, attackers use nicknames instead of their real names. They create fake accounts and try to add “Friends” to view others’ profiles to obtain critical and valuable information.
The steps an attacker takes to lure a victim into revealing sensitive information:
– Attackers create a fake user group on Facebook identified as ‘Employees of the target company
– Using a false identity, attacker then proceeds to ‘friend,” or invite employees to the fake group, “Employees of the company”
– Users join the group and provide their credentials such as date of birth, educational and employment backgrounds, spouses’ names, etc.
– Using the details of any one of the employees, an attacker can compromise a secured facility to gain access to the building
– Attackers create a fake account and scan details on profile pages of various targets on social networking sites such as LinkedIn and Twitter to engage in spear phishing, impersonation, and identity theft.
Social Networking Threats to Corporate Networks
Before sharing data on a social networking site or enhancing their channels, groups, or profiles, private and corporate users should be aware of the following social or technical security risks they could face.
–Data Theft: Social networking sites are huge database accessed by many people worldwide, increasing the risk of information exploitation.
–Involuntary Data Leakage: In the absence of a strong policy that sets dear lines between personal and corporate content, employees may unknowingly post sensitive data about their company on social networking sites that might help an attacker to launch an attack on the target organization.
–Targeted Attacks: Attackers use the information posted on social networking sites to launch targeted attacks on specific users or companies.
–Network Vulnerability: All social networking sites are subject to flaws and bugs, such as login issues and Java vulnerabilities, which attackers could exploit. This could, in turn cause vulnerabilities in the organization’s network.
–Spam and Phishing: Employees using work e-mail IDs on social networking sites will most probably receive spam and become targets of phishing attacks, which could compromise the organization’s network.
–Modification of Content: In the absence of proper security measures and efforts to preserve identity, blogs, channels, groups, profiles, and others can be spoofed or hacked.
–Malware Propagation: Social networking sites are ideal platforms for attackers to spread viruses, buts, worms, Trojans, spyware, and other malware.
–Business Reputation: Attackers can falsify an organization and/or employee information on social networking sites, resulting in loss of reputation.
–Infrastructure and Maintenance costs: Using social networking sites entails added infrastructure and maintenance resources for organizations to ensure that defensive layers are in place as safeguards.
–Loss of Productivity: Organizations must monitor employees’ network activities to maintain security and ensure that such activities do not misuse system and company resources.
Insider Threats
An insider is any employee (trusted person) having access to critical assets of an organization. An insider attack involves using privileged access to violate rules or intentionally cause a threat to the organization’s information or information systems. Insiders can easily bypass security rules, corrupt valuable resources, and access sensitive information. It is difficult to figure out an insider attack. Insider attacks may also cause great loss to the company. About 60% of attacks occur from behind the firewall. It is easier to launch an insider attack, and preventing such attacks is difficult.Insider attacks are generally performed by:
–Privileged Users: Attacks may come from most trusted employees of the company such as managers, system administrators, who have access to company’s confidential data, with a higher probability to misusing the data, either intentionally or unintentionally.
–Disgruntled Employees: Attacks may come from unhappy employees or contract workers. Disgruntled employees, who intend to take revenge on their company, first acquire information, and then wait for the right time to compromise the organization’s resources.
–Companies: where insider attacks are common include credit card companies, health-care companies, network service providers, as well as financial and exchange service providers,
–Terminated Employees: Some employees take valuable information about the company with them when terminated. These employees access company’s data even after termination using backdoors, malware, or their old credentials because they are not disabled.
–Accident-Prone Employees: Accidentally if an employee has lost his device or an email is send to incorrect recipients or system loaded with confidential data is left logged-in, leads to unintentional data disclosure.
–Third Parties: Third parties like remote employees, partners, dealers, vendors, etc, have access to company’s information. Security of the systems used by them and about the persons accessing company’s information is unpredictable.
–Undertrained Staff: A trusted employee becomes an unintentional insider due to lack of cyber security training. He/she fails to adhere to cyber security policies, procedures, guidelines, and best practices.
“Don’t use social media to impress people; use it to impact people.”-Dave Willis
Reasons for Insider Attacks
–Financial GainAn attacker performs insider threat mainly for financial gain. The insider sells sensitive information of the company to its competitor, steals a colleague’s financial details for personal use, or manipulates companies or personnel financial records.
–Steal Confidential DataA competitor may inflict damage to the target organization, steal critical information, or put them out of business, by just finding a job opening, preparing someone to get through the interview, and having that person hired by the competitor.
–RevengeIt takes only one disgruntled person to take revenge and your company is compromised. Attacks may come from unhappy employees or contract workers with negative opinions about the company.
–Become Future CompetitorCurrent employees may plan to start their own competing business and by using company’s confidential data. These employees may access and alter company’s clients list.
–Perform Competitors BiddingDue to corporate espionage, even the most honest and trustworthy employees are forced to reveal company’s critical information by offering them bribery or through blackmailing.
–Public AnnouncementA disgruntled employee may want to announce a political or social statement and leak or damage company’s confidential data.
Infosavvy Cyber Security & IT Management Trainings 