Menu

Cyber Security Threats & Cyber Crimes Revision Notes

Cybersecurity is the practice of protecting systems, networks, and data from digital attacks. In the digital age, understanding these vulnerabilities is critical for business continuity.

 1. Malware & Executable-Based Threats

Malware (Malicious Software) is designed to cause damage or gain unauthorized access.

  • Computer Virus:

    • Nature: Attaches itself to a legitimate host program.

    • ❌ Cannot run independently.

    • Action: Spreads when the host program is executed ——->Damages/corrupts data.

  • Worm:

    • Nature: A complete, independent program. ✅ Does not need a host.

    • Action: Self-replicating ——->Spreads across networks automatically to consume bandwidth or steal data.

  • Trojan Horse:

    • Nature: Disguised as legitimate software.

    • Action: Hidden malicious function——->Creates a “backdoor” for hackers once the user executes it.

  • Spyware:

    • Action: Secretly monitors user activity (keylogging, browsing)——->Steals sensitive info like credit card details.

  • Adware:

    • Action: Displays unwanted advertisements (pop-ups)——-> Primarily designed to generate revenue for the developer.

 2. Network & Communication Channel Threats

These attacks target the flow of data and system availability.

  • Denial-of-Service (DoS):

    • Goal: Make a system/network inaccessible to legitimate users.

    • Method: Flooding a targeted server with massive traffic ——-> Server crashes.

    • DDoS (Distributed DoS): Uses multiple computers (Botnets) globally to launch the attack.

  • Phishing:

    • Nature: Social Engineering.

    • Method: Sending fake emails/links that look like they are from trusted sources (Banks, PayPal) ——-> Steals login credentials.

  • IP Spoofing:

    • Method: Attacker sends packets with a falsified source IP address ——-> Tricks the system into thinking the sender is a “trusted” entity.

  • Sniffing/Man-in-the-Middle (MitM):

    • Method: Intercepting data as it travels over a communication channel.

 3. Server & Programming Threats

These target the back-end infrastructure and application logic.

  • SQL Injection (SQLi):

    • Target: Back-end Database.

    • Method: Inserting malicious SQL code into web input fields——-> Allows attacker to view, change, or delete database records.

  • Rootkit:

    • Goal: Gain administrator-level access (root access) while remaining hidden.

  • Zero-Day Attack:

    • Nature: Targets a previously unknown vulnerability in software.

    • Timeline: Attack happens before the developer has a chance to create a fix (patch).

 4. Specialized Cyber Crimes & Scams (High MCQ Potential)

  • Salami Attack: Small, unnoticeable financial alterations (e.g., deducting 10 paise from every account) $\rightarrow$ Accumulates to a huge sum over time.

  • Data Diddling: Modifying raw data prior to computer processing (e.g., changing figures in a balance sheet)——-> Changing it back after processing to hide the crime.

  • Ransomware: Encrypts user data ——-> Demands payment (usually Bitcoin) to provide the decryption key. (Examples: WannaCry, Petya).

  • Cyber Stalking: Repeatedly following/harassing an individual via emails, chat rooms, or social media.

  • Email Bombing: Sending thousands of emails to a victim ——-> Crashes the email server or account.

  • Logic Bomb: Malicious code that stays dormant until a specific event or date triggers it.

🇮🇳 5. India’s Cyber Security Framework

  • CERT-In (Indian Computer Emergency Response Team):

    • Founded: 2004.

    • Role: National nodal agency for responding to computer security incidents, forecasting threats, and issuing guidelines.

  • NIC (National Informatics Centre): Provides network backbone and e-governance support to the Indian government.

  • NISAP: Mandatory security policy for government and critical infrastructures.

  • IUSCSF (Indo-US Cyber Security Forum): Bilateral cooperation to control cybercrime.

 Potential MCQ Hotspots

  1. Virus vs. Worm: Remember: Virus needs a Host; Worm is Independent.

  2. Salami vs. Data Diddling: Salami is for Small thefts; Diddling is Modifying data before entry.

  3. Phishing: Always involves Social Engineering and Deceptive links.

  4. SQL Injection: Always targets the Database.

  5. CERT-In: Know the year (2004) and its role as a Response Team.

Found a mistake? We work hard to ensure all notes are 100% accurate but still If you spot an error or have a suggestion, please [click here to report it].

By LuNotes – crafted with love. ❤️

Get Notified When New Notes Are Uploaded.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *