Upload
mardhiah-ramlan
View
213
Download
0
Embed Size (px)
Citation preview
8/16/2019 It Repor2t
1/19
Table of ContentsINTRODUCTION................................................................................................................1
PHISHING......................................................................................................................... 2
DEFINITION OF PHISHING..............................................................................................2
HOW THEY WORK?........................................................................................................ 2
NEGATIVE EFFECT OF PHISHING....................................................................................3
SAFEGUARD AGAINST PHISHING......................................................................................3
MALWARE.........................................................................................................................5
DEFINITION OF MALWARE..............................................................................................5
TYPES OF MALWARE......................................................................................................5
SIGNS OF ATTACK.......................................................................................................... 6
NEGATIVE EFFECT OF MALWARE...................................................................................6
SAFEGUARD AGAINST MALWARE......................................................................................7
HACKING.......................................................................................................................... 8
DEFINITION OF HACKER................................................................................................ 8
TYPES OF HACKER.........................................................................................................8
DEFINITION OF HACKING...............................................................................................
GOOD THINGS OF HACKING..........................................................................................
NEGATIVE EFFECT OF HACKING....................................................................................
SAFEGUARD AGAINST HACKING.....................................................................................11
CONCLUSION..................................................................................................................12
REFERENCES..................................................................................................................13
APPENDI!.......................................................................................................................1"
8/16/2019 It Repor2t
2/19
INTRODUCTION
Today, people rely on computers to create, store, and manage critical information. Thus, it isimportant that computers and the data they store are accessible and available when needed. It also
is crucial that users take measures to protect their computers and data from loss, damage, and
misuse. A computer security risk is any event or action that could cause a loss of or damage to
computer hardware, software, data, information, or processing capability.
Internet and network attacks that jeopardize security include computer viruses, worms,
Trojan horses, and rootkit, phishing, and hacking. The following pages address these computer
security risks and suggest measures organizations and individuals can take to protect their
computers while on the Internet or connected to a network.
1
8/16/2019 It Repor2t
3/19
PHISHING
DEFINITION OF PHISHING
In computing, phishing is the fraudulent acquisition, through deception, of sensitive personal
information such as passwords and credit card details, by masquerading as someone trustworthy
with a real need for such information.
The term phishing is sometimes said to stand for password harvesting fishing. !till other
theories accredit the term phishing to originate from the name "rien #hish who was the first to
allegedly use psychological techniques to steal credit card numbers in the $%&'s. (thers believe
that "rien #hish was not a real person but a fictional character used by scammers to identify each
other.
The term was coined in the mid $%%')s by crackers attempting to steal A(* accounts. An
attacker would pose as an A(* staff member and send an instant message to a potential victim.
The message would ask the victim to reveal his or her password, for instance to verify your
account or to confirm billing information. (nce the victim gave over the password, the attacker
could access the victim)s account and use it for criminal purposes, such as spamming.
HOW THEY WORK?
There are numerous reasons why phishing works so well, starting with the ability of the scammers
to play mind tricks on victims, in order to lure them into trouble. #hishers can use tempting offers,
like complimentary giveaways, in order to bait users. This is a very efficient method, as many people
would likely take advantage of a free offer.
A scammer can also use the buzz around a certain topic or event + take, for eample, the large-
scale scam that occurred after the IA /orld 0up. In the summer of 1'$2, a phishing site imitating
the official IA web page, prompted users to sign a petition in defense of *uis Albert !uarez, the
star forward on the 3ruguay national team. In order to sign the petition, a user had to fill out the
online form, which required one4s name, country, mobile phone number, and email.Another scam
website offered its visitors an opportunity to download an e-ticket to the championship. 0licking the
link would then download a Trojan, which would hijack critical personal and financial data.
In order to reach those users who are wise to phishers4 tricks, cybercriminals use another efficient
tool with an immense reach originating from the victim4s friends4 accounts + for instance, on social
networks.
According to 5aspersky *ab, over 678 of the anti-phishing module alerts in 1'$6 reacted to
phishing websites faking social media pages. (ut of over 9'' million attempts to access a phishing
site that we were able to detect, 118 of cases dealt with fake acebook pages.:refer appendi;
Another etremely fruitful method that is used to fool a victim into clicking on a phishing link is
creating a sense of urgency and panic. This could be done in a scenario where a scammer
2
http://blog.kaspersky.com/1-in-5-phishing-attacks-targets-facebook/http://securelist.ru/analysis/obzor/20052/obmanshhiki-v-socialnyx-setyax/http://blog.kaspersky.com/1-in-5-phishing-attacks-targets-facebook/http://securelist.ru/analysis/obzor/20052/obmanshhiki-v-socialnyx-setyax/
8/16/2019 It Repor2t
4/19
threatens his victim with blocking their user profile or even a bank account. To enhance the
efficiency of such an approach, the criminals also resort to so-called
8/16/2019 It Repor2t
5/19
=ote that the fact that the website is using encryption doesn)t necessarily mean that the website islegitimate. It only tells you that data is being sent in encrypted form.
• /e '%t!o%s +!t# em!"s nd person" dt
Dost banks have a security page on their website with information on carrying out safe transactions,
as well as the usual advice relating to personal data? never let anyone know your #I=! orpasswords, do not write them down, and do not use the same password for all your online accounts. Avoid opening or replying to spam emails as this will give the sender confirmation they havereached a live address. 3se common sense when reading emails. If something seems implausibleor too good to be true, then it probably is.
• Keep ,o%r 'omp%ter se'%re
!ome phishing emails or other spam may contain software that can record information on yourinternet activities :spyware; or open a )backdoor) to allow hackers access to your computer:Trojans;. Installing anti-virus software and keeping it up to date will help detect and disablemalicious software, while using anti-spam software will stop phishing emails from reaching you. It is
also important, particularly for users with a broadband connection, to install a firewall. This will helpkeep the information on your computer secure while blocking communication from unwantedsources. Dake sure you keep up to date and download the latest security patches for your browser.If you don)t have any patches installed, visit your browser)s website, for eample users of Internetplorer should go to the Dicrosoft website.
• A"+,s report s%sp!'!o%s 't!v!t,
If you receive a suspicious email, forward it to the spoofed organization :many companies have adedicated email address for reporting such abuse;.
"
https://www.sophos.com/en-us/error/404.aspx?item=web%3A%7B3918508D-4604-42F4-9088-5ACC4268CFCE%7D@enhttps://www.sophos.com/en-us/error/404.aspx?item=web%3A%7B356E88C3-50AD-4152-A278-052C812F5962%7D@enhttp://www.microsoft.com/security/http://www.microsoft.com/security/https://www.sophos.com/en-us/error/404.aspx?item=web%3A%7B3918508D-4604-42F4-9088-5ACC4268CFCE%7D@enhttps://www.sophos.com/en-us/error/404.aspx?item=web%3A%7B356E88C3-50AD-4152-A278-052C812F5962%7D@enhttp://www.microsoft.com/security/
8/16/2019 It Repor2t
6/19
0A.WARE
DEFINITION OF 0A.WARE
Dalware :for malicious software; is any program or file that is harmful to a computer user. Thus,malware includes computer v!r%ses1 +orms1 Tro2n #orses nd root)!t that gather information
about a computer user without permission.
TYPES OF 0A.WARE
!ome types of malware are?
E A computer v!r%s is a potentially damaging computer program that affects, or infects, a computer
negatively by altering the way the computer works without the user4s knowledge or permission. (nce
the virus infects the computer, it can spread throughout and may damage files and system software,
including the operating system.
E A +orm is a program that copies itself repeatedly, for eample in memory or on network, using up
resources and possibly shutting down the computer or network.
E A Tro2n #orse :named after the Freek myth; is a program that hides within or looks like a legitimate
program. A certain condition or action usually triggers the Trojan horse. 3nlike a virus or worm, a Trojan
horse does not replicate itself to other computers.
E A root)!t is a program that hides in a computer and allows someone from a remote location to take
full control of the computer. (nce the rootkit is installed, the rootkit author can eecute programs,
change settings, monitor activity, and access files on the remote computer. Although rootkits can have
legitimate uses, such as in law enforcement, their use in nefarious and illegal activities is growing
rapidly.
or eample, DyGoom and "laster are wormsH Delissa has elements of a virus, worm, and Trojan
horse.
5
8/16/2019 It Repor2t
7/19
SIGNS OF ATTACK
34 PC s"o+do+ns + 0omputer that has been infected by malware : virus,worms,and Trojan;
will running tasks that take up a lot of resources making the computer system run more
slowly than usual. The computer has virus if the system slowdown without any resources-heavy application.
54 Comp%ter -one %nst("e- Dalware messes around with important files that halt the
computer running properly. The computer crashes when user tried to run specific
application or particular files.
64 Rndom", 'onne'ted to vr!o%s +e(s!tes + Dalware force-connect he computer to
websites in the background and send information back and forth with these sources.
74 Ever,t#!n- seems per&e't", norm" - !ome types of malware do their best to hide allactivity, leaving no visible traces. ven when user don)t notice anything unusual, it)s
possible that a )bot on user system may be quietly awaiting instruction from its command
and control system, or a @emote Access Trojan may be harvesting user personal
information.
NEGATIVE EFFECT OF 0A.WARE
34 Comp%ter Inst(!"!t, 8 If infected by a virus or worm, user4s computer can become unstable. Ifuser4s computer ineplicably crashes, spontaneously reboots, won)t shut down, won)t restart or
is eperiencing other repeated malfunctions, malware can be the cause of such turmoil.
54 .oss o& Pr!v', 8 !ome malware is designed to create a tet log based on user key strokes,
which can reveal email addresses and account passwords. These tet logs can then be scanned
by hackers and used to send email to user4s contacts. If user has an online account that has
been compromised, user may have malware that enabled the process on hisBher computer.
64 Ident!t, 9 F!nn'!" T#e&t 8 !pyware infections can lead to the access of personal information
and financial account details, which can then be used to commit identity theft and fraudulent
crimes. Cou may be unaware your information has been leaked until you monitor your financial
accounts and see unauthorized behaviour.
6
8/16/2019 It Repor2t
8/19
SAFEGUARD AGAINST 0A.WARE
Dethods that guarantee a computer or network is safe from computer viruses and other
malware simply do not eist. 3sers can take several precautions, however, to protect their home
and work computers and mobile devices from these malicious infections. The following paragraphsdiscuss these precautionary measures.
$. =ever start a computer with removable media inserted in the drives or plugged in the ports,
unless the media are uninfected.
1. =ever open an e-mail attachment unless you are epecting it and it is from a trusted source.
6. !et the macro security in programs so that you can enable or disable macros. nable macros
only if the document is from a trusted source and you are epecting it.
2. Install an antivirus program on all of your computers.3pdate the software and the virus signature files regularly.
7. !can all downloaded programs for viruses and other
malware.
9. If the antivirus program flags an e-mail attachment as
infected, delete or quarantine the attachment immediately.
. "efore using any removable media, scan the media for
malware. ollow this procedure even for shrink-wrapped
software from major developers. !ome commercial softwarehas been infected and distributed to unsuspecting users.
&. Install a personal firewall program.
%. !tay informed about new virus alerts and virus hoaes.
7
Popular AntivirusProgram# AJF Anti-Jirus
# avastK Antivirus
# "itdefender
# 0A Anti-Jirus
# 5aspersky Anti-Jirus
# DcAfee Jirus!can
# =orton AntiJirus
# Trend Dicro AntiJirus
# Jeira AntiJirus
8/16/2019 It Repor2t
9/19
HACKING
DEFINITION OF HACKER
A hacker is a term that first started being used in the $%9's and being described a programmer orsomeone who hacked computer code. *ater the term evolved into an individual who had an
advanced understanding of computers, networking, programming, or hardware, but did not have
any malicious intent.
Today, a malicious hacker is usually referred to as a black hat or criminal hacker, which describes
any individual who illegally breaks into computer system to damage or steal information. !ome
people who consider themselves let may refer to themselves as a haord , h2'rs , or >aLLorM.
>owever, often these users are nothing more than script kiddies.
TYPES OF HACKER
WHITE HAT
A /hite >at hacker is a computer network security professional and has non malicious intent
whenever he breaks into security system. A white hat hacker has deep knowledge in 0omputer
=etworking, =etwork #rotocol and system Administration. /hite >at hacker has also good
knowledge in hacking tools and knows how to program hacking tools.
A /hite >at hacker has the skill to break into networks but he uses his skills to protect organization.
/.ACK HAT:
A "lack >at hacker , also known as a cracker , is a computer professional with deep knowledge in
computer networking , network protocols and system administration :atleast three or four operation
system and very good skills in scripting and programming;."lack hat are also has good knowledge
in many hacking toolos and know how to program hacking tools. A "lack >at hacker uses his skills
for unethical reasons.
ample? To steal research data from a company, To steal money from credit card , >acks email
accounts etc.
GREY HAT:
A Frey >at hacker is someone who iss between white hat hacker and black hat hacker. Frey >at
hackers normally do the hacking without the permissions from the administration of the network he
is hacking. "ut he will epose the network vulnerabilities to the network admins and offer a fi for
the vulnerability for money.
SCRIPT KIDDIE:
8
8/16/2019 It Repor2t
10/19
A !cript 5iddie I basically a hacker amateur who doesn4t has much knowledge to program tool to
breaks into computer networks.
HACKTIVIST
A >activist is a hacker with political intention. The hacktivist has the same tools as the hacker. The
primary intention of a hacktivist is to bring public attention to a political matter.
PHREAKER:
#hreaker is a telecom network hacker who hacks a telephone system illegally to make calls without
paying for them.
DEFINITION OF HACKING
>acking is unauthorized use of computer and network resources :The term NhackerO originally
meant a very gifted programmer. In recent years through, with easier access to multiple systems, it
now has negative implication;. #eople who engage in computer hacking activities are often called
hackers. There are two kinds of hackers which are good hackers and bad hackers.
GOOD THINGS OF HACKING
The most of us would never have thought there was never a good side to hacking. /ell there is ,
such as individual and organizations that conduct security audits and research and publishing their
findings for the security industry and to also help new users who aren4t familiar with security , thi can
also help us be a steps ahead to protect the online society from eploits and security risks.
NEGATIVE EFFECT OF HACKING
>acker and cracker are often referred to across the world ass the big threat for online business and
the online society. The effects are as following?
E&&e'ts on !nd!v!d%"? according to "anks :$%%; these are cases where individual information is
sold and used for bad purposes like using their account ./hile !eo :1''$; focuses on psychology of
individual after being hacked and that they will always have the fear being monitored when
accessing internet and information, added to that the privacy of users can be easily penetrated.
E&&e't on 'ompn,? the company4s server will be broken due to huge traffic causing customer
frustration and hurt the company reputation. !ame for software theft that cause bankruptcy to
companies which spend million to develop and create software that sadly later on is stolen and
copied for cheap prices. The main problem is that some companies hire or use hackers to break into
other competitor system to steal precious information.
E&&e't o& 'o%ntr!es? since we are living in information society where all our daily activities are
controlled by technology, there will be a great damage if a vital system broken by hacking attacks.
"reaking main system might result in collapse of countries "ank :$%%;.
REA. CASE
(n (ctober 1'$2, hackers steal more than P$.1 million from $ automated teller machines :ATDs;
in Dalaysia. A *atin American gang of cyber criminals were able to eploit a way to hack and steal
millions of dollars from $ automated teller machines :ATD; in Dalaysia. ATDs of at least $ bank
branches belonging to 3nited (verseas "ank, Affin "ank, Al @ajhi "ank and "ank of Islam werereportedly hacked into by the *atin American gang.
8/16/2019 It Repor2t
11/19
0losed-circuit television :00TJ; footage from the banks showed that 1-6 *atin American men, who
were involved in the crime, entered and withdraw money from these ATD4s one after another."ukit
Aman 0ommercial 0rime Investigation Gepartment chief 0omm Gatuk Dortadza =azarene told
"ernama that the suspects used a computer malware known as Nulssm.eeO to hack into the ATDs.NThe suspects were found to have opened the top panel of the machine without using a key and
inserted a compact disc into the machine4s processing centre which caused the ATD4s system to
reboot,O he told "ernama, Tuesday morning, The !tar reported.
A !elangor 0ommercial 0rime Investigation Gepartment spokesman said that an investigation is still
going on. In the meantime police were able to recover one of the ATD cards which were used by the
hackers to withdraw the money. !ince it was the ATD which was rebooted to default, no customers4
data was compromised in the hack, police are investigating the scene and believes the gang
members are still in the country.
1$
8/16/2019 It Repor2t
12/19
SAFEGUARD AGAINST HACKING
>ow can individuals protect or make it more difficult for hackers to access their informationQ
>ere are tips that can help you protect against these attacks?
3: 0)e ,o%r pss+ord #rder to #')>ard passwords include upper and lower case letters, numbers and special characters. They
should be at least eight characters in length. They should also not spell out words easy for hackers
to find, like your pet4s name or the name of a family member.
5: C#n-e ,o%r pss+ord re-%"r", A very common mistake made by users is to create one hard password, but then never change
it. @emembering a long list of complicated passwords can be difficult. "ut no password is
unbreakable. >ackers are better able hack multiple accounts if those accounts all have the same
password. A password management service, like Gashlane or #assword"o, can help you keep
track of hard passwords. These services permit users to easily store and secure their passwords.
6: C"er ,o%r (ro+ser #!stor,This goes for all the devices you use in a day + your home computer, your work computer, or
your friend4s i#ad. Internet browsers like irefo or 0hrome keep track of where you4ve been and
what you4ve done online. They keep records of every site you visited. Information about what you
sent from or saved on your computer can be kept for days or weeks. It is very easy for anyone who
sees that information to steal a detailed record of your online activities.
7: Do not %se &ree W!8F!
An increasing number of public places now offer free wireless access to the Internet. (ften, auser does not need a password to connect to these wireless networks. These services might be
useful, but they4re also an easy way for hackers to access everything on your device. 3nless you
really need it, it is best not to use it.
;: Use HTTPS>TT#! is officially known as Nhyper-tet transfer protocol secure.O It is similar to >TT#, which is
used to enter Internet addresses. >TT#! adds an etra layer of security and encryption while
online. 0ommunications between users and sites that support >TT#! are encrypted. The
information is also authenticated. That means that >TT#! can determine whether or not a website
is real.
8/16/2019 It Repor2t
13/19
12
8/16/2019 It Repor2t
14/19
CONC.USION
As a conclusion, a cyber-security attack, in a simple terms, is an attack on our computer
systems originating from malicious acts of an anonymous source. 0yber-attack allows for an illegal
access to our digital device, while gaining access or control of our digital device. As we know, cyber-attacks was created by humans, and
8/16/2019 It Repor2t
15/19
REFERENCES
https?BBsecuritylockdownblog.wordpress.comB1'$2B'%B$'Bvarious-internet-and-network-attacks-and-
how-you-can-safeguard-against-these-attacksB
https?BBcybersafety1'$2.wordpress.comB1'$2B'%B$$Bwhat-are-various-internet-and-network-attacks-
and-how-can-users-safeguard-against-these-attacksB
http?BBwww.forbes.comBsitesBjaymcgregorB1'$2B'B1&Bthe-top-7-most-brutal-cyber-attacks-of-1'$2-
so-farBR1%6b$d1$a9
https?BBheimdalsecurity.comBblogB$1-true-stories-that-will-make-you-care-about-cyber-securityB
http?BBwww.komando.comBtipsB$1$92B7-signs-you-have-a-computer-virusBall
>ttps?BBen.wikipedia.orgBwikiBphishing
>ttps?BBrfa.blog.com
https?BBnetcraft.comBanti.phishang
>ttps?BBcomputingBsmb-securityBarticlesB9229.asp
http?BBwww.techworm.netB1'$2B$'B$-atms-hacked-in-malaysia.html
http?BBwww.therakyatpost.comBnewsB1'$7B'$B19Bmalaysian-airlines-website-hackedB
1"
8/16/2019 It Repor2t
16/19
APPENDI>
15
8/16/2019 It Repor2t
17/19
16
H%& F'()&*++
E*/0+) %
8/16/2019 It Repor2t
18/19
17
8/16/2019 It Repor2t
19/19
18