It Repor2t

8/16/2019 It Repor2t

1/19

Table of ContentsINTRODUCTION................................................................................................................1

PHISHING......................................................................................................................... 2

DEFINITION OF PHISHING..............................................................................................2

HOW THEY WORK?........................................................................................................ 2

NEGATIVE EFFECT OF PHISHING....................................................................................3

SAFEGUARD AGAINST PHISHING......................................................................................3

MALWARE.........................................................................................................................5

DEFINITION OF MALWARE..............................................................................................5

TYPES OF MALWARE......................................................................................................5

SIGNS OF ATTACK.......................................................................................................... 6

NEGATIVE EFFECT OF MALWARE...................................................................................6

SAFEGUARD AGAINST MALWARE......................................................................................7

HACKING.......................................................................................................................... 8

DEFINITION OF HACKER................................................................................................ 8

TYPES OF HACKER.........................................................................................................8

DEFINITION OF HACKING...............................................................................................

GOOD THINGS OF HACKING..........................................................................................

NEGATIVE EFFECT OF HACKING....................................................................................

SAFEGUARD AGAINST HACKING.....................................................................................11

CONCLUSION..................................................................................................................12

REFERENCES..................................................................................................................13

APPENDI!.......................................................................................................................1"


2/19

INTRODUCTION

Today, people rely on computers to create, store, and manage critical information. Thus, it isimportant that computers and the data they store are accessible and available when needed. It also

is crucial that users take measures to protect their computers and data from loss, damage, and

misuse. A computer security risk is any event or action that could cause a loss of or damage to

computer hardware, software, data, information, or processing capability.

Internet and network attacks that jeopardize security include computer viruses, worms,

Trojan horses, and rootkit, phishing, and hacking. The following pages address these computer

security risks and suggest measures organizations and individuals can take to protect their

computers while on the Internet or connected to a network.

1


3/19

PHISHING

DEFINITION OF PHISHING

In computing, phishing is the fraudulent acquisition, through deception, of sensitive personal

information such as passwords and credit card details, by masquerading as someone trustworthy

with a real need for such information.

The term phishing is sometimes said to stand for password harvesting fishing. !till other

theories accredit the term phishing to originate from the name "rien #hish who was the first to

allegedly use psychological techniques to steal credit card numbers in the $%&'s. (thers believe

that "rien #hish was not a real person but a fictional character used by scammers to identify each

other.

The term was coined in the mid $%%')s by crackers attempting to steal A(* accounts. An

attacker would pose as an A(* staff member and send an instant message to a potential victim.

The message would ask the victim to reveal his or her password, for instance to verify your

account or to confirm billing information. (nce the victim gave over the password, the attacker

could access the victim)s account and use it for criminal purposes, such as spamming.

HOW THEY WORK?

There are numerous reasons why phishing works so well, starting with the ability of the scammers

to play mind tricks on victims, in order to lure them into trouble. #hishers can use tempting offers,

like complimentary giveaways, in order to bait users. This is a very efficient method, as many people

would likely take advantage of a free offer.

A scammer can also use the buzz around a certain topic or event + take, for eample, the large-

scale scam that occurred after the IA /orld 0up. In the summer of 1'$2, a phishing site imitating

the official IA web page, prompted users to sign a petition in defense of *uis Albert !uarez, the

star forward on the 3ruguay national team. In order to sign the petition, a user had to fill out the

online form, which required one4s name, country, mobile phone number, and email.Another scam

website offered its visitors an opportunity to download an e-ticket to the championship. 0licking the

link would then download a Trojan, which would hijack critical personal and financial data.

In order to reach those users who are wise to phishers4 tricks, cybercriminals use another efficient

tool with an immense reach originating from the victim4s friends4 accounts + for instance, on social

networks.

According to 5aspersky *ab, over 678 of the anti-phishing module alerts in 1'$6 reacted to

phishing websites faking social media pages. (ut of over 9'' million attempts to access a phishing

site that we were able to detect, 118 of cases dealt with fake acebook pages.:refer appendi;

Another etremely fruitful method that is used to fool a victim into clicking on a phishing link is

creating a sense of urgency and panic. This could be done in a scenario where a scammer

2

http://blog.kaspersky.com/1-in-5-phishing-attacks-targets-facebook/http://securelist.ru/analysis/obzor/20052/obmanshhiki-v-socialnyx-setyax/http://blog.kaspersky.com/1-in-5-phishing-attacks-targets-facebook/http://securelist.ru/analysis/obzor/20052/obmanshhiki-v-socialnyx-setyax/


4/19

threatens his victim with blocking their user profile or even a bank account. To enhance the

efficiency of such an approach, the criminals also resort to so-called


5/19

=ote that the fact that the website is using encryption doesn)t necessarily mean that the website islegitimate. It only tells you that data is being sent in encrypted form.

• /e '%t!o%s +!t# em!"s nd person" dt

Dost banks have a security page on their website with information on carrying out safe transactions,

as well as the usual advice relating to personal data? never let anyone know your #I=! orpasswords, do not write them down, and do not use the same password for all your online accounts. Avoid opening or replying to spam emails as this will give the sender confirmation they havereached a live address. 3se common sense when reading emails. If something seems implausibleor too good to be true, then it probably is.

• Keep ,o%r 'omp%ter se'%re

!ome phishing emails or other spam may contain software that can record information on yourinternet activities :spyware; or open a )backdoor) to allow hackers access to your computer:Trojans;. Installing anti-virus software and keeping it up to date will help detect and disablemalicious software, while using anti-spam software will stop phishing emails from reaching you. It is

also important, particularly for users with a broadband connection, to install a firewall. This will helpkeep the information on your computer secure while blocking communication from unwantedsources. Dake sure you keep up to date and download the latest security patches for your browser.If you don)t have any patches installed, visit your browser)s website, for eample users of Internetplorer should go to the Dicrosoft website.

• A"+,s report s%sp!'!o%s 't!v!t,

If you receive a suspicious email, forward it to the spoofed organization :many companies have adedicated email address for reporting such abuse;.

"

https://www.sophos.com/en-us/error/404.aspx?item=web%3A%7B3918508D-4604-42F4-9088-5ACC4268CFCE%7D@enhttps://www.sophos.com/en-us/error/404.aspx?item=web%3A%7B356E88C3-50AD-4152-A278-052C812F5962%7D@enhttp://www.microsoft.com/security/http://www.microsoft.com/security/https://www.sophos.com/en-us/error/404.aspx?item=web%3A%7B3918508D-4604-42F4-9088-5ACC4268CFCE%7D@enhttps://www.sophos.com/en-us/error/404.aspx?item=web%3A%7B356E88C3-50AD-4152-A278-052C812F5962%7D@enhttp://www.microsoft.com/security/


6/19

0A.WARE

DEFINITION OF 0A.WARE

Dalware :for malicious software; is any program or file that is harmful to a computer user. Thus,malware includes computer v!r%ses1 +orms1 Tro2n #orses nd root)!t that gather information

about a computer user without permission.

TYPES OF 0A.WARE

!ome types of malware are?

E A computer v!r%s is a potentially damaging computer program that affects, or infects, a computer

negatively by altering the way the computer works without the user4s knowledge or permission. (nce

the virus infects the computer, it can spread throughout and may damage files and system software,

including the operating system.

E A +orm is a program that copies itself repeatedly, for eample in memory or on network, using up

resources and possibly shutting down the computer or network.

E A Tro2n #orse :named after the Freek myth; is a program that hides within or looks like a legitimate

program. A certain condition or action usually triggers the Trojan horse. 3nlike a virus or worm, a Trojan

horse does not replicate itself to other computers.

E A root)!t is a program that hides in a computer and allows someone from a remote location to take

full control of the computer. (nce the rootkit is installed, the rootkit author can eecute programs,

change settings, monitor activity, and access files on the remote computer. Although rootkits can have

legitimate uses, such as in law enforcement, their use in nefarious and illegal activities is growing

rapidly.

or eample, DyGoom and "laster are wormsH Delissa has elements of a virus, worm, and Trojan

horse.

5


7/19

SIGNS OF ATTACK

34 PC s"o+do+ns + 0omputer that has been infected by malware : virus,worms,and Trojan;

will running tasks that take up a lot of resources making the computer system run more

slowly than usual. The computer has virus if the system slowdown without any resources-heavy application.

54 Comp%ter -one %nst("e- Dalware messes around with important files that halt the

computer running properly. The computer crashes when user tried to run specific

application or particular files.

64 Rndom", 'onne'ted to vr!o%s +e(s!tes + Dalware force-connect he computer to

websites in the background and send information back and forth with these sources.

74 Ever,t#!n- seems per&e't", norm" - !ome types of malware do their best to hide allactivity, leaving no visible traces. ven when user don)t notice anything unusual, it)s

possible that a )bot on user system may be quietly awaiting instruction from its command

and control system, or a @emote Access Trojan may be harvesting user personal

information.

NEGATIVE EFFECT OF 0A.WARE

34 Comp%ter Inst(!"!t, 8 If infected by a virus or worm, user4s computer can become unstable. Ifuser4s computer ineplicably crashes, spontaneously reboots, won)t shut down, won)t restart or

is eperiencing other repeated malfunctions, malware can be the cause of such turmoil.

54 .oss o& Pr!v', 8 !ome malware is designed to create a tet log based on user key strokes,

which can reveal email addresses and account passwords. These tet logs can then be scanned

by hackers and used to send email to user4s contacts. If user has an online account that has

been compromised, user may have malware that enabled the process on hisBher computer.

64 Ident!t, 9 F!nn'!" T#e&t 8 !pyware infections can lead to the access of personal information

and financial account details, which can then be used to commit identity theft and fraudulent

crimes. Cou may be unaware your information has been leaked until you monitor your financial

accounts and see unauthorized behaviour.

6


8/19

SAFEGUARD AGAINST 0A.WARE

Dethods that guarantee a computer or network is safe from computer viruses and other

malware simply do not eist. 3sers can take several precautions, however, to protect their home

and work computers and mobile devices from these malicious infections. The following paragraphsdiscuss these precautionary measures.

$. =ever start a computer with removable media inserted in the drives or plugged in the ports,

unless the media are uninfected.

1. =ever open an e-mail attachment unless you are epecting it and it is from a trusted source.

6. !et the macro security in programs so that you can enable or disable macros. nable macros

only if the document is from a trusted source and you are epecting it.

2. Install an antivirus program on all of your computers.3pdate the software and the virus signature files regularly.

7. !can all downloaded programs for viruses and other

malware.

9. If the antivirus program flags an e-mail attachment as

infected, delete or quarantine the attachment immediately.

. "efore using any removable media, scan the media for

malware. ollow this procedure even for shrink-wrapped

software from major developers. !ome commercial softwarehas been infected and distributed to unsuspecting users.

&. Install a personal firewall program.

%. !tay informed about new virus alerts and virus hoaes.

7

Popular AntivirusProgram# AJF Anti-Jirus

# avastK Antivirus

# "itdefender

# 0A Anti-Jirus

# 5aspersky Anti-Jirus

# DcAfee Jirus!can

# =orton AntiJirus

# Trend Dicro AntiJirus

# Jeira AntiJirus


9/19

HACKING

DEFINITION OF HACKER

A hacker is a term that first started being used in the $%9's and being described a programmer orsomeone who hacked computer code. *ater the term evolved into an individual who had an

advanced understanding of computers, networking, programming, or hardware, but did not have

any malicious intent.

Today, a malicious hacker is usually referred to as a black hat or criminal hacker, which describes

any individual who illegally breaks into computer system to damage or steal information. !ome

people who consider themselves let may refer to themselves as a haord , h2'rs , or >aLLorM.

>owever, often these users are nothing more than script kiddies.

TYPES OF HACKER

WHITE HAT

A /hite >at hacker is a computer network security professional and has non malicious intent

whenever he breaks into security system. A white hat hacker has deep knowledge in 0omputer

=etworking, =etwork #rotocol and system Administration. /hite >at hacker has also good

knowledge in hacking tools and knows how to program hacking tools.

A /hite >at hacker has the skill to break into networks but he uses his skills to protect organization.

/.ACK HAT:

A "lack >at hacker , also known as a cracker , is a computer professional with deep knowledge in

computer networking , network protocols and system administration :atleast three or four operation

system and very good skills in scripting and programming;."lack hat are also has good knowledge

in many hacking toolos and know how to program hacking tools. A "lack >at hacker uses his skills

for unethical reasons.

ample? To steal research data from a company, To steal money from credit card , >acks email

accounts etc.

GREY HAT:

A Frey >at hacker is someone who iss between white hat hacker and black hat hacker. Frey >at

hackers normally do the hacking without the permissions from the administration of the network he

is hacking. "ut he will epose the network vulnerabilities to the network admins and offer a fi for

the vulnerability for money.

SCRIPT KIDDIE:

8


10/19

A !cript 5iddie I basically a hacker amateur who doesn4t has much knowledge to program tool to

breaks into computer networks.

HACKTIVIST

A >activist is a hacker with political intention. The hacktivist has the same tools as the hacker. The

primary intention of a hacktivist is to bring public attention to a political matter.

PHREAKER:

#hreaker is a telecom network hacker who hacks a telephone system illegally to make calls without

paying for them.

DEFINITION OF HACKING

>acking is unauthorized use of computer and network resources :The term NhackerO originally

meant a very gifted programmer. In recent years through, with easier access to multiple systems, it

now has negative implication;. #eople who engage in computer hacking activities are often called

hackers. There are two kinds of hackers which are good hackers and bad hackers.

GOOD THINGS OF HACKING

The most of us would never have thought there was never a good side to hacking. /ell there is ,

such as individual and organizations that conduct security audits and research and publishing their

findings for the security industry and to also help new users who aren4t familiar with security , thi can

also help us be a steps ahead to protect the online society from eploits and security risks.

NEGATIVE EFFECT OF HACKING

>acker and cracker are often referred to across the world ass the big threat for online business and

the online society. The effects are as following?

E&&e'ts on !nd!v!d%"? according to "anks :$%%; these are cases where individual information is

sold and used for bad purposes like using their account ./hile !eo :1''$; focuses on psychology of

individual after being hacked and that they will always have the fear being monitored when

accessing internet and information, added to that the privacy of users can be easily penetrated.

E&&e't on 'ompn,? the company4s server will be broken due to huge traffic causing customer

frustration and hurt the company reputation. !ame for software theft that cause bankruptcy to

companies which spend million to develop and create software that sadly later on is stolen and

copied for cheap prices. The main problem is that some companies hire or use hackers to break into

other competitor system to steal precious information.

E&&e't o& 'o%ntr!es? since we are living in information society where all our daily activities are

controlled by technology, there will be a great damage if a vital system broken by hacking attacks.

"reaking main system might result in collapse of countries "ank :$%%;.

REA. CASE

(n (ctober 1'$2, hackers steal more than P$.1 million from $ automated teller machines :ATDs;

in Dalaysia. A *atin American gang of cyber criminals were able to eploit a way to hack and steal

millions of dollars from $ automated teller machines :ATD; in Dalaysia. ATDs of at least $ bank

branches belonging to 3nited (verseas "ank, Affin "ank, Al @ajhi "ank and "ank of Islam werereportedly hacked into by the *atin American gang.


11/19

0losed-circuit television :00TJ; footage from the banks showed that 1-6 *atin American men, who

were involved in the crime, entered and withdraw money from these ATD4s one after another."ukit

Aman 0ommercial 0rime Investigation Gepartment chief 0omm Gatuk Dortadza =azarene told

"ernama that the suspects used a computer malware known as Nulssm.eeO to hack into the ATDs.NThe suspects were found to have opened the top panel of the machine without using a key and

inserted a compact disc into the machine4s processing centre which caused the ATD4s system to

reboot,O he told "ernama, Tuesday morning, The !tar reported.

A !elangor 0ommercial 0rime Investigation Gepartment spokesman said that an investigation is still

going on. In the meantime police were able to recover one of the ATD cards which were used by the

hackers to withdraw the money. !ince it was the ATD which was rebooted to default, no customers4

data was compromised in the hack, police are investigating the scene and believes the gang

members are still in the country.

1$


12/19

SAFEGUARD AGAINST HACKING

>ow can individuals protect or make it more difficult for hackers to access their informationQ

>ere are tips that can help you protect against these attacks?

3: 0)e ,o%r pss+ord #rder to #')>ard passwords include upper and lower case letters, numbers and special characters. They

should be at least eight characters in length. They should also not spell out words easy for hackers

to find, like your pet4s name or the name of a family member.

5: C#n-e ,o%r pss+ord re-%"r", A very common mistake made by users is to create one hard password, but then never change

it. @emembering a long list of complicated passwords can be difficult. "ut no password is

unbreakable. >ackers are better able hack multiple accounts if those accounts all have the same

password. A password management service, like Gashlane or #assword"o, can help you keep

track of hard passwords. These services permit users to easily store and secure their passwords.

6: C"er ,o%r (ro+ser #!stor,This goes for all the devices you use in a day + your home computer, your work computer, or

your friend4s i#ad. Internet browsers like irefo or 0hrome keep track of where you4ve been and

what you4ve done online. They keep records of every site you visited. Information about what you

sent from or saved on your computer can be kept for days or weeks. It is very easy for anyone who

sees that information to steal a detailed record of your online activities.

7: Do not %se &ree W!8F!

An increasing number of public places now offer free wireless access to the Internet. (ften, auser does not need a password to connect to these wireless networks. These services might be

useful, but they4re also an easy way for hackers to access everything on your device. 3nless you

really need it, it is best not to use it.

;: Use HTTPS>TT#! is officially known as Nhyper-tet transfer protocol secure.O It is similar to >TT#, which is

used to enter Internet addresses. >TT#! adds an etra layer of security and encryption while

online. 0ommunications between users and sites that support >TT#! are encrypted. The

information is also authenticated. That means that >TT#! can determine whether or not a website

is real.


13/19

12


14/19

CONC.USION

As a conclusion, a cyber-security attack, in a simple terms, is an attack on our computer

systems originating from malicious acts of an anonymous source. 0yber-attack allows for an illegal

access to our digital device, while gaining access or control of our digital device. As we know, cyber-attacks was created by humans, and


15/19

REFERENCES

https?BBsecuritylockdownblog.wordpress.comB1'$2B'%B$'Bvarious-internet-and-network-attacks-and-

how-you-can-safeguard-against-these-attacksB

https?BBcybersafety1'$2.wordpress.comB1'$2B'%B$$Bwhat-are-various-internet-and-network-attacks-

and-how-can-users-safeguard-against-these-attacksB

http?BBwww.forbes.comBsitesBjaymcgregorB1'$2B'B1&Bthe-top-7-most-brutal-cyber-attacks-of-1'$2-

so-farBR1%6b$d1$a9

https?BBheimdalsecurity.comBblogB$1-true-stories-that-will-make-you-care-about-cyber-securityB

http?BBwww.komando.comBtipsB$1$92B7-signs-you-have-a-computer-virusBall

>ttps?BBen.wikipedia.orgBwikiBphishing

>ttps?BBrfa.blog.com

https?BBnetcraft.comBanti.phishang

>ttps?BBcomputingBsmb-securityBarticlesB9229.asp

http?BBwww.techworm.netB1'$2B$'B$-atms-hacked-in-malaysia.html

http?BBwww.therakyatpost.comBnewsB1'$7B'$B19Bmalaysian-airlines-website-hackedB

1"


16/19

APPENDI>

15


17/19

16

H%& F'()&*++

E*/0+) %


18/19

17


19/19

18

Documents

It Repor2t