Cyber Space: The Virtual World.

The Cyber World, or cyberspace, is more than just the Internet. It refers to an online environment where many participants are involved in social interactions and have the ability to affect and influence each other. People interact in cyberspace through the use of digital media or Social media.

Like in Real-world we live needs security or police to protect the public and private assets, in the same way, we need security or police to protect one from fraud, bullying, harassment in the cyber world. In a world of cyberspace, we live through infinitely complex virtual networks or webs, barely able to trace where our information is coming from and going so we need cyber police to protect us from online thefts, Fraud, Rumor mongers, and anti-social elements. No matter through Cyber networks or in cyberspace whole world is in one place but it has its own consequences.

Network Security /Cyber Security

is the protection of computer systems and networks from information disclosure, theft of or damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.

The field is becoming more significant due to the increased reliance on computer systems, the Internet, and wireless network standards such as Bluetooth and Wi-Fi, and due to the growth of “smart” devices, including smartphones, televisions, and the various devices that constitute the “Internet of things”. Owing to its complexity, both in terms of politics and technology, cybersecurity is also one of the major challenges in the contemporary world

Cyber-attacks or Threats

Most of the vulnerabilities that have been discovered are documented in the Common Vulnerabilities and Exposures (CVE) database. An exploitable vulnerability is one for which at least one working attack or “exploit” exists. Vulnerabilities can be researched, reverse-engineered, hunted, or exploited using automated tools or customized scripts. To secure a computer system, it is important to understand the attacks that can be made against it

Backdoor

A backdoor in a computer system, a cryptosystem, or an algorithm, is any secret method of bypassing normal authentication or security controls. They may exist for many reasons, including by original design or from poor configuration. They may have been added by an authorized party to allow some legitimate access, or by an attacker for malicious reasons; but regardless of the motives for their existence, they create a vulnerability. Backdoors can be very hard to detect, and the detection of backdoors is usually discovered by someone who has access to application source code or intimate knowledge of the Operating System of the computer.

Denial-of-service attack

Denial of service attacks (DoS) is designed to make a machine or network resource unavailable to its intended users. Attackers can deny service to individual victims, such as by deliberately entering a wrong password enough consecutive times to cause the victim’s account to be locked, or they may overload the capabilities of a machine or network and block all users at once. While a network attack from a single IP address can be blocked by adding a new firewall rule, many forms of Distributed denial of service (DDoS) attacks are possible, where the attack comes from a large number of points — and defending is much more difficult. Such attacks can originate from the zombie computers of a botnet or from a range of other possible techniques, including reflection and amplification attacks, where innocent systems are fooled into sending traffic to the victim.

Eavesdropping

Eavesdropping is the act of surreptitiously listening to a private computer “conversation” (communication), typically between hosts on a network. For instance, programs such as Carnivore and NarusInSight have been used by the FBI and NSA to eavesdrop on the systems of internet service providers. Even machines that operate as a closed system (i.e., with no contact to the outside world) can be eavesdropped upon via monitoring the faint electro-magnetic transmissions generated by the hardware; TEMPEST (Telecommunications Electronics Materials Protected from Emanating Spurious Transmissions) is a specification by the NSA referring to these attacks.

Phishing/Social Engineering

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details directly from users by deceiving the users. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose “look” and “feel” are almost identical to the legitimate one. The fake website often asks for personal information, such as log-in details and passwords. This information can then be used to gain access to the individual’s real account on the real website. Preying on a victim’s trust, phishing can be classified as a form of social engineering. Attackers are using creative ways to gain access to real accounts. A common scam is for attackers to send fake electronic invoices to individuals showing that they recently purchased music, apps, or others, and instructing them to click on a link if the purchases were not authorized

Spoofing

Spoofing is the act of masquerading as a valid entity through falsification of data (such as an IP address or username), in order to gain access to information or resources that one is otherwise unauthorized to obtain. There are several types of spoofing, including:

• Email spoofing, where an attacker forges the sending (From, or source) address of an email.
• IP address spoofing, where an attacker alters the source IP address in a network packet to hide their identity or impersonate another computing system.
• MAC spoofing, where an attacker modifies the Media Access Control (MAC) address of their network interface to obscure their identity or to pose as another.
• Biometric spoofing, where an attacker produces a fake biometric sample to pose as another user

Privilege escalation

Privilege escalation describes a situation where an attacker with some level of restricted access is able to, without authorization, elevate their privileges or access level. For example, a standard computer user may be able to exploit a vulnerability in the system to gain access to restricted data; or even become “root” and have full unrestricted access to a system.

Tampering

Tampering describes a malicious modification or alteration of data. So-called Evil Maid attacks and security services planting of surveillance capability into routers are examples

Malware

Malicious software (malware) installed on a computer can leak personal information, can give control of the system to the attacker, and can delete data permanently

Systems at risk

Financial systems

The computer systems of financial regulators and financial institutions like SWIFT, investment banks, and commercial banks are prominent hacking targets for cybercriminals interested in manipulating markets and making illicit gains. Web sites and apps that accept or store credit card numbers, brokerage accounts, and bank account information are also prominent hacking targets, because of the potential for immediate financial gain from transferring money, making purchases, or selling the information on the black market. In-store payment systems and ATMs have also been tampered with in order to gather customer account data and PINs.

Government

Government and military computer systems are commonly attacked by activists and foreign powers. Local and regional government infrastructure such as traffic light controls, police and intelligence agency communications, personnel records, student records, and financial systems are also potential targets as they are now all largely computerized. Passports and government ID cards that control access to facilities that use RFID can be vulnerable to cloning

Consumer devices

Desktop computers and laptops are commonly targeted to gather passwords or financial account information or to construct a botnet to attack another target. Smartphones, tablet computers, smartwatches, and other mobile devices such as quantified self devices like activity trackers have sensors such as cameras, microphones, GPS receivers, compasses, and accelerometers which could be exploited, and may collect personal information, including sensitive health information. WiFi, Bluetooth, and cell phone networks on any of these devices could be used as attack vectors, and sensors might be remotely activated after a successful breach.

The increasing number of home automation devices such as the Nest thermostat are also potential targets.

Noble Attacks/Breaches

Robert Morris and the first computer worm

In 1988, only 60,000 computers were connected to the Internet, and most were mainframes, minicomputers, and professional workstations. On 2 November 1988, many started to slow down, because they were running a malicious code that demanded processor time and that spread itself to other computers — the first internet “computer worm”.[150] The software was traced back to 23-year-old Cornell University graduate student Robert Tappan Morris Jr. who said: “he wanted to count how many machines were connected to the Internet”.

Stuxnet attack

In 2010, the computer worm is known as Stuxnet reportedly ruined almost one-fifth of Iran’s nuclear centrifuges. It did so by disrupting industrial programmable logic controllers (PLCs) in a targeted attack. This is generally believed to have been launched by Israel and the United States to disrupt Iranian’s nuclear program — although neither has publicly admitted this.

Global surveillance disclosures

In early 2013, documents provided by Edward Snowden were published by The Washington Post and The Guardian exposing the massive scale of NSA global surveillance. There were also indications that the NSA may have inserted a backdoor in a NIST standard for encryption. This standard was later withdrawn due to widespread criticism. The NSA additionally were revealed to have tapped the links between Google’s data centers.

Ashley Madison breach

In July 2015, a hacker group known as “The Impact Team” successfully breached the extramarital relationship website Ashley Madison, created by Avid Life Media. The group claimed that they had taken not only company data but user data as well. After the breach, The Impact Team dumped emails from the company’s CEO, to prove their point, and threatened to dump customer data unless the website was taken down permanently.” When Avid Life Media did not take the site offline the group released two more compressed files, one 9.7GB and the second 20GB. After the second data dump, Avid Life Media CEO Noel Biderman resigned; but the website remained to function.

Also in 2019 ZOOM, an online video calling App that was used by students, teachers, and many other authorities was hacked by DARK WEB ISRAEL BASED HACKERS and targeted the users who were using it and took data of almost 20 million users. Many countries ordered a ban on the said platform and shifted to other apps/platforms.

Computer protection/Cyber Protection (countermeasures)

In computer security, a countermeasure is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken

Security measures

In order to ensure adequate security, the confidentiality, integrity, and availability of a network, better known as the CIA triad, must be protected and is considered the foundation of information security. To achieve those objectives, administrative, physical, and technical security measures should be employed. The amount of security afforded to an asset can only be determined when its value is known.

Fire Walls/Exit Procedures

Today, computer security comprises mainly “preventive” measures, like firewalls or an exit procedure. A firewall can be defined as a way of filtering network data between a host or a network and another network, such as the Internet, and can be implemented as software running on the machine, hooking into the network stack (or, in the case of most UNIX-based operating systems such as Linux, built into the operating system kernel) to provide real-time filtering and blocking. Another implementation is a so-called “physical firewall”, which consists of a separate machine filtering network traffic. Firewalls are common amongst machines that are permanently connected to the Internet.

Secure coding

In software engineering, secure coding aims to guard against the accidental introduction of security vulnerabilities. It is also possible to create software designed from the ground up to be secure. Such systems are “secure by design”. Beyond this, formal verification aims to prove the correctness of the algorithms underlying a system, important for cryptographic protocols

Conclusion

Despite this, we have grown advanced in the field of science and technology there are also fears and consequences there. With every positive side, there is also a negative side present So, We have to use each and everything c cautiously taking its ill effects and negative effects into consideration.