Tag: cybersecurity

Safeguard yourself knowing Cyber security!

As per Information Technology Act, 2000, “Cyber security means protecting information,
equipment, devices computer, computer resource, communication device and information
stored therein from unauthorized access, use, disclosure, disruption, modification or
destruction.”

This contains an image of: {{ pinTitle }}


1.1. Cyberspace
India’s Cyber Security Policy 2013 defines cyberspace as a complex environment comprising
interaction between people, software and services, supported by worldwide distribution of
information and communication technology devices and networks.

Common Cyber Threats


1.2. Cyber threats
Cyber threats can be disaggregated into four baskets based on the perpetrators and their
motives – Cyber Espionage, Cyber Crime, Cyber Terrorism, Cyber Warfare.
1.2.1. Cyber Crime/ Cyber Attacks
Cyber-attack is “any type of offensive maneuver employed by individuals or whole organizations
that targets computer information systems, infrastructures, computer networks with an
intention to damage or destroy targeted computer network or system.”
These attacks can be labeled either as Cyber-campaign, Cyber-warfare or Cyber-terrorism
depending upon the context, scale and severity of attacks. Cyber-attacks can range from
installing spyware on a PC to attempts to destroy the critical infrastructure of entire nations.
1.2.2. Cyber terrorism
Acts of Terrorism related to cyber space or act of terrorism executed using Cyber technologies is
popularly known as ‘cyber terrorism’.
“Cyber terrorism is the convergence of terrorism and cyber space. It is generally
understood to mean unlawful attacks and threats of attacks against computers,
networks, and information stored therein when done to intimidate or coerce a
government or its people in furtherance of political or social objectives, Further, to
qualify as cyber terrorism, an attack should result in violence against persons or
property or at least cause enough harm to generate fear, Serious attacks against critical
infrastructures could be acts of cyber terrorism depending upon their impact.”
It should be noted here that if they create panic by attacking critical systems/infrastructure,
there is no need for it to lead to violence. In fact such attacks can be more dangerous.
Besides, terrorists also use cyberspace for purposes like planning terrorist attacks, recruiting
sympathizers, communication purposes, command and control, spreading propaganda in form
of malicious content online to brain wash, funding purposes etc. It is also used as a new arena
for attacks in pursuit of the terrorists’ political and social objectives.

This contains an image of: {{ pinTitle }}

Cyber Security has assumed strategic and critical importance because of following reasons:
• Cyberspace has become key component in the formulation and execution of public policies.
• It is used by government to process and store sensitive and critical data which if
compromised can have devastating impact.
• Taking down cyberspace will result into disruption of many critical public services like railways,
defense systems, communication system, banking and other financial system etc.
• Several states are developing the capabilities in the area of cyber attacks which can alter
outcomes in the battlefield.
• Individuals are using internet based services at a growing pace making them vulnerable to
cybercrimes, such as- online bank frauds, surveillance, profiling, violation of privacy etc.

Government has taken a number of steps to acquire and increase capacity in the field of
cyber security. Some of which are discussed below.

National Cybersecurity Policy 2013

Information Technology Act 2000 (As Amended in 2008)

National Telecom Policy 2012,etc.

CYBERSECURITY AND ITS THREE PRINCIPLES

CYBERSECURITY

In today’s world, many organizations use the network to store, gather and share information. As more data is gathered and stored, the protection of this information is significant. To protect these data, the field of cybersecurity is introduced. Cybersecurity is a practice of protecting your computers, mobile phones, servers, data, and other electronic devices from malicious attacks. On a personal level, you have to protect your identity, data, and computer devices. At the industrial level, it is everyone’s responsibility to protect their organization’s data. In the modern world, protecting our data and privacy is really important. This field provides a wide range of opportunities due to the increasing reliance on computers and the internet. Cybersecurity can also be called network security, information security, and information technology security. Any information about you can be considered as data. It may be educational, medical, employment, and financial data. Sometimes the data which you stored in your computing device can be profitable to others. By hacking your device, they get access to your data and they may threaten you. So it’s your responsibility to be aware of the cyber world.

CIA TRIAD

The three main principles of cybersecurity are confidentiality, integrity, and availability. (CIA Triad). This provides the guidelines for data security for an organization.

CONFIDENTIALITY

Confidentiality ensures the privacy of data by restricting unauthorized access to the data. So, the term confidentiality can also be termed as privacy. An organization’s policies should restrict the access to data only to the authorized person and ensure that the data is only viewed by those authorized individuals. For example, a Java programmer in a company should not have access to view the personal details of other employees in that company. In addition to this, an organization has to make sure that proper training is given to the employees to protect themselves and company from the cyber-attacks. Some of the methods to ensure confidentiality is data encryption, create strong passwords (a word containing uppercase and lowercase letters, special symbols, and digits with a minimum of 8 characters), multifactor authentication, and be aware of fraudulent emails.

INTEGRITY

 Integrity ensures the accuracy, consistency, and trustworthiness of the data. Data integrity can also be referred to as data quality. Data undergoes varieties of stages include storage, retrieval, update, and transfer. During these states, data must remain unaltered. The need for data integrity varies among different organizations. For instance, Instagram does not verify its user profiles whereas in the bank and financial sectors data integrity is indispensable, and in the medical field it is the matter of life and death. Loss of data integrity may cause severe problems to the organization. So it is important to ensure data integrity. Data integrity can be compromised by human error (input), transferring from one device to another device, or by any cyber-attacks. Data integrity can be verified using a checksum. It verifies the strings of characters in a file after they have been transferred from one device to another device.

AVAILABILITY

Availability is the principle that explains the availability of data at the point when users needed. Proper mitigation plans should be done in case of sudden attacks to recover from it quickly as possible. The denial-of-service (DoS attacks) can threaten system availability. An organization can ensure its availability of data by proper maintenance of equipment, keeping the software and operating system up to date, mitigation plans, new technological implementations and performing hardware repairs, and keeping backups of data.

4 Types of Viruses and How to Deal With Them

Viruses are undesirable programs that damage computer files and processes and are potentially a huge breach of privacy.

What is a Resident Virus? (with pictures)

I will talk about 4 extremely common viruses and how to get rid of them if you have a contaminated device. 

Generally speaking, it is good practice to not fall victim to viruses altogether by avoiding downloading files from unregistered/unknown developers through the internet. I personally, make it a point to avoid downloading torrent files and never access http websites. Keep an eye out for the ‘s’ after ‘http’, it could make a world of difference. Keeping the above in mind would reduce the chances of you being a victim to a virus.

Resident Virus

The resident virus sets up shop in the system’s memory (RAM) and slows your laptop down significantly. If the host application is completely shut down, the virus will still run in the background. Sometimes the resident virus does massive damage quickly and is easy to notice. Other times, the virus spreads widely and may go unnoticed for a large duration of time.

The resident virus is very difficult to get rid of. Due to how deep it is embedded into the system, finding an antivirus that would remove this is tough. For more stubborn versions of this, it may be necessary to call in experts to remove the virus before resorting to resetting the device as a guaranteed remedy.

Multipartite Virus

One of the most dangerous and harmful viruses for your computer is a multipartite virus. This virus infects executable files and may even infect the RAM similar to a resident virus. The virus works to attack both components at the same time, making it one to watch out for.

An antivirus is your knight in shining armour. Because the virus attacks your files and your memory, it is very difficult to manually trace the virus and is best done through an antivirus. To avoid spreading the virus to multiple devices, all files that have been transferred from the infected device to others via USB should be deleted. 

Browser Hijackers 

Browsers hijackers change the settings of the user without their permission and expose the user to unwanted websites, advertisements and sometimes even pop-ups. Browser hijackers normally come in the form of free software online and sometimes even unverified browser extensions.

Reinstallation of the infected browser(s) may allow for the browser hijacker to not latch on to the re-installed version. It is further advised to uninstall the files that brought the hijackers along with them. In some more advanced versions of the virus, the harms of the virus may be seen even if all browsers are closed and initiate pop-ups all over the screen. In such a situation, it is advisable to reinstall the operating system.

Overwrite Virus

As the name might suggest, the overwrite virus edits existing files and overwrites it with absolutely random and useless data. This is a virus that you absolutely do not want on your work computer as in it’s worst form it is also capable of completely deleting files with little to no hope of recovery.

The overwrite virus is treatable by any standard antivirus and would not require a hard reset of your device no matter the severity of the situation. It would be advisable to delete files that introduced the virus in the system as the virus is a form of malware.

Takeaway

Antiviruses do not discriminate. We have all ignored getting an antivirus set up on our devices. It’s clearly a good investment to protect your daily driver and privacy especially in a digital world like today’s where online safety is a rising concern. Stay Safe!

What Role Do Cookies and Privacy Policies Play in Data Breach? (Part-3)

GENERAL DATA PROTECTION REGULATION

According to the General Data Protection Regulation, there will be only one way for all businesses operating in Europe to comply with all data protection regulations starting in May 2018.

Stronger rules on data protection mean,

  • Individuals have more influence over their personal information.
  • A level playing field benefits companies.

The GDPR establishes seven guidelines for the lawful processing of personal data. The collection, arrangement, structuring, storage, modification, consultation, usage, contact, mixture, limitation, erasure, or destruction of personal data are all examples of processing. As a result, the seven values are as follows:

  1. Lawfulness, fairness, and transparency
  2. Purpose limitation
  3. Data minimization
  4. Accuracy
  5. Storage limitation
  6. Integrity and confidentiality(security)
  7. Accountability

Principles are the center of the GDPR; they guide regulations and compliant processing.

Europe’s General Data Protection Regulation (GDPR) suggested a realistic alternative that is similar to this (GDPR). It would only happen if a technical company creates software that does not monitor users by default and offers them the option to “opt-out.” Instead, the consumer could willingly “opt-in” to be monitored in order to receive targeted advertising. As a result, privacy is the default setting. A mishmash of mentioned methods with GDPR directives may also be a viable solution. Even if users “opt in” for surveillance, they should be given the name and contact information for the organisation that is tracking them, as well as the option to “opt out.” A price for the users’ personal data, if they ask for it, may be a design that protects the user’s privacy.

CONCLUSION

Cookies allow others to see your information. When people Google how to take data from cookies, they will learn how to do so. Several videos and websites will assist in the extraction of knowledge. People sometimes disregard privacy policies because they are lengthy. Many applications will take advantage of it because people embrace it without even looking at it. Normal people can protect themselves from hackers by using private servers like FreedomBox. In Europe, there are also rules that assist citizens in gaining control of their data and preventing it from being leaked. We should be protected from these dangers, and we should not allow strangers into our private lives without our permission.

Cybersecurity

Cybersecurity is the practice of protecting yourself cyber-attacks, that are targeted to access, change, steal away your inestimable information. The information could be used to extort money, interrupt normal business, or intrude elections. It is challenging because now technology can reach out to the common people far easier than ever before, the amount of data transferring over the internet is unprecedented. Even governments, military, corporates organizations are collecting your precious data for your good as they say. A significant amount of this data is sensitive and if bad guys have access to it, this could be used in many malevolent ways. People are relying more and more upon the internet, for a business, a better lifestyle, but nothing is free. The lucidity comes with a cost. With the data getting bulkier getting every moment, leaks are always possible and you could not protect yourself against attacks due to leaks. The data transferred over the internet is encrypted with keys about which only the sender and receiver know about it. The fight is to secure the key either by increasing the length of key or introducing as much randomization as possible. Both these ways have their limitations. Longer key makes the transfer speed slow and also the CPU has to do more work making the system slow. While randomization because the ways to randomize are limited. Some ciphers used to encrypt are-

  • Substitution Cipher
  • Caesar cipher
  • Monoalphabetic cipher
  • Polyalphabetic cipher
  • Vigener cipher

But the limitations of many ciphers is that key size is small which makes them susceptible to brute force attack. Brute force attacks are attempts to create every possible key by trying each and every permutation. This is a last resort for the hackers since it is tedious and time taking.Some cybersecurity threats are- 

  • Phishing- The practice of sending fraudulent emails that seem authentic but are designed to steal away the login data or credit card information. The data entered is transferred to the fraud address rather than the authentic address.
  • Side-channel attacks- Side-channel attacks are determined to extract information that devices are leaking out. Everything around us is now digital, which relies on electricity, and we all know that magnetism is complementary to electricity. We send data packets over the internet that interferes with the magnetic fields of those appliances which in turn affects the electrical appliance, we are not sensitive to the changes that are caused due to this but other electronic appliances are. Types of equipment are engineered to read the variation caused which could be used to read inside the data packet or use it to read the keys. Also, the vibrations in the mechanical parts of the devices cause an acoustic noise called ‘coiled whine’ which is in sync with the computation going on. Since cryptoanalysts design secure pathways by making some assumptions, but hackers violate those assumptions to ease off their tasks of ramming into the gates of cryptography.
  • Malware- Softwares like viruses, trojans, or spyware designed to gain unauthorized access and cause damage to the system. 
  • Ransomware- Most notorious as it blocks access to the file or the system until the Ransom is paid. The main problem is, paying the ransom doesn’t guarantee access to the files or the system.
  • Social engineering- This attack relies on human interaction. The users are tricked to leak their personal and sensitive data themselves most common being romance scams. Where attackers disguised as users of chat rooms, dating sites trick the victim to leak their data.

The systems used are not secure since they are antiquated. With the advancements in technology, the attackers have enhanced themselves but not the systems used by institutions due to financial obstructions. In 2014, a blast furnace of the German steel plant was shut down remotely by hackers that led to massive damage. Authorities suggested hackers used phishing as well as social engineering to infiltrate the plant. Wannacry the most notorious of the ransom wares recently hit the world hard leaving many banks, health infrastructures aghast. A report published by Group-IB in February 2020 suggested that credit card details of 460,000 users were put on sale on the dark web. many of those details have been collected through bank portals. You can’t defend yourself from being attacked, all you can do is be vigil. Don’t open up spam emails, use credit cards and debit cards judiciously, and never try to leak your data. These steps won’t ensure you being protected from cyberthreats but sure could make you a less appetizing prey.