1. IMPACT OF VULNERABILITIES ON CYBER WORLD: SURVEY
Palak Agrawal, Varun Bhave, Ankit Yadav
Swami Vivekanand College of Engineering
Rajiv Gandhi Technical Unversity
Indore, India
Palakagrawal0410@gmail.com, varun4110@gmail.com, akkishowtime@gmail.com
Abstract— the term Cyber security has become the main concern
for us in 21st
century. With increasing cybercrime, cyber security has
become major areas of concern for common man, government as well
as big organizations. In this paper we have provided a brief survey of
the cyber-attacks and cybercrimes and the losses associated with
them, also we have discussed various preventions that one should
take and emerging technologies used to keep track of various
activities over a network
I. INTRODUCTION
In the last decade the technology has evolved in a way
never imagined by a common man, especially network
technology. The ever increasing need of data and information
and the urge to know it ‘all’ has been a major factor in this
drastic evolution. But as these technologies are expanding, the
risks involved with these technologies are increasing too. By
risks in broad sense refer to the compromised security; though
there are several professional security solution providing
companies that provides quite good ways to ensure your
security on a network and other aspects but they can only
ensure your device safety at a surface level
SECURITY THREATS:
There are some developers who develop malicious codes and
device new ways to compromise your security and steal your
valuable data maybe for their own purpose or for a third party
in exchange of money.
These people are popularly known as ‘Hackers’ which may be
a security professional(who has certainly lost his track) or a
self-taught programmer writing malicious codes to breach the
security.
MAJOR THREATS TO PRIVACY
1. Virus
2. Spam
3. Spoofing, Phishing and Pharming
4. Spyware
5. Keystroke logging
6. Adware
7. Botnet
8. Worm
9. Trojan Horse
10. Blended Threat
11. Denial of Service attack
WHY ARE YOU A TARGET?
Information, whether personal or business related, is
becoming increasingly valuable to criminals. where personal
information such as bank accounts, credit cards, social
security number is stored, whether on your pc or with a
trusted third party such as bank, retailer or government
agencies, a cyber-criminal can attempt to steal that
information which would be used for identity theft, credit
card fraud or fraudulent withdrawals from bank accounts,
among other crimes. [1]There are various cyber-attacks are
going on all around the world.
Use of malicious codes, software by the hackers easily affect
our system through networks. As far as security goes, today a
person is most worried by the chances to get his private
information exposed on a network. The cost of malicious
cyber activity involves more than the loss of financial assets or
intellectual property.
Cybercrimes against common people, various industries, over
computer and mobile platform, banks and other financial
institutions probably cost many hundreds of millions of dollars
every year. Cyber theft of intellectual property and Business-
confidential information probably costs developed economies
billions of dollars.
In spite of the fact we have many security solutions with us
and also a modern user is quite aware of the various threats
’out’ there, then too we become victims of these threats
somewhere down the lane; and the major question is why it
happens..?, are we fool to fall in these traps again and again or
we do not care what goes inside the things we use to get the
information on the network..!
“The simple reason for increase in network insecurity is, the
most activities that happen over a network with us are really
not in our control, as we believe them to be..!
2. PROBLEM DOMAIN
In this paper we have confined our problem domain up to
damage at global level on mobile platforms and personal
computers due to cyber threats.
HOW FRAUD WORKS?
A Popular Approach of getting Victims Information:
Malware coder writes a malicious code to exploit the
computer vulnerability and install a Trojan. With the help of
this Trojan hacker hacks the system of any organization or any
industry. The victim uses its personal details for any banking
transaction which is been gathered by the hacker through the
malicious software which has been already injected in the
2. 40.68
21
10.59
5.51
5
4.73
3.5
3.3
2.61 2.19
Percentage
China UN Geramany
Iran India Brazil
France Egypt Vietnam
Canada
victim’s system. Now the hacker is having all the banking
credential of the victim. With the help of the Proxy server he
logged in into victims account and transferred the money into
money mule’s account.
Fig 2.1 [2] Shows how a fraudulent perform fraud
WEB INJECTION PROCESS USED IN WATERING
HOLE ATTACKS
Fig 2.2 [3] Web injection process used in Watering hole attack
WHEN YOU ARE MOST VULNERABLE ON
NETWORK?
0 20 40 60
Surf Internet
Share files
Access social networks
Online shopping
Mobile payement
Percentage
Percentage
Fig 2.3 [4] Shows the Vulnerability on Network
Above bar graph shows the vulnerable areas on network
where mobile users can be affected. All the areas are a
favourable for hackers around the globe to inject the malicious
content in the user’s device.
WHY IT OCCURS?
According to [3]:
1/3 of the users use unsecure payment methods for
online shopping.
1/3 people use unsecure passwords for their social
networking and email services.
4/10 people admit that they do not download apps
from trusted sources.
These unsecure methods of accessing network leads to
information disclosure due to various techniques used by
hackers like SQL injection, path disclosure, price
manipulation and cross-site scripting etc. According to [3]:
The increase in mobile malware family in 2011-2012 has
increased by 58%.
TOP TEN SOURCE COUNTRIES FOR DDOS
ATTACKS
Fig 2.4[5] Top source countries for DDOS attacks
3. 0 10 20 30 40
USA
Mexico
Brazil
Europe
South Africa
Russia
India
China
Japan
Australia
Losses(Billions $)
MALWARE ATTACKS (IN %):
8.13
14.24
73.13
2.9 1.43
malwareattacks
worms
virus
Trojan horses
Adware/spyware
Fig 2.4 [6] Malware Attacks (in %)
VULNERABILITY AND MALWARE ATTACKSON
MOBILE PLATFORMS:
0 50 100 150
Apple ios
Android
windows
Blackberry
Chart Title
Malware Attacks Vulnerability
Fig 2.5 [7] Malware Attacks on Mobile
LOSSES
GLOBAL PRICE TAG OF CONSUMER CYBERCRIME:
Fig 2.6 [8] Shows losses (in billions $) all over the Globe
“Cyber-crime or spying on the network is clearly causing a lot
of pain in asses of governments, businesses and individual
users, factoring in data theft, clean-up costs, damage of
popular brands, loss of customers and more to count.
In total the range for cyber-crimes loss to the global economy
is between $100 billion and $500 billion.”[9]
3. PREVENTIVE METHODS
SECURITY SOLUTIONS WE HAVE NOW:
Antivirus Solutions
Firewalls
Malware Scanners
Cryptography techniques
Authentication of Files/documents
Access control and identity management.
Ciphering technology.
EMERGING TECHNOLOGIES TO ENSURE CYBER
SECURITY:
MOVING TARGET TECHNOLOGIES:
They aim to constantly change the surface of attack on a
network, increasing in cost for attacker and decreasing the
predictabilities and vulnerabilities at any time (NITRD 2013)
[10]
REMOTE AGENT TECHNOLOGIES:
Also known as mobile agents which actively monitor the
network’s security. [10]
REAL TIME FORENSIC ANALYSIS:
It allows us to reproduce the incident, the cause and effects of
the event to analyse them further (UMUC 2012). [10]
4. CONCLUSION
Cyber security is now the major concern for the common man
as well as the government and industries. The significant
increase in cybercrime not only affect us on the network level
but also gives rise to real life crimes and plays major factor in
disturbing persons social life.
There cannot be a single path of attaining cyber security,
collective measures at a global level should be taken to
maximize security. Today a government of a country should
be more concerned about ‘Cyber War’ rather than any ‘World
War’, because as much we need to increase the man power,
armoury and nuclear power of country, together we also need
to strengthen the cyber security as it can affect us internally
and globally.
4. 5. REFRENCES:
[1]’Why are you a target ‘available at
msisac.cisecurity.org/newsletters/2011-07.cfm, access on 2nd
Jan’14.
[2] ‘Working of fraudulent performing fraud’-available at-
http://www.fbi.gov/news/stories/2010/october/cyber-banking-
fraud/cyber-banking- fraud-graphic, access on 5th
Jan’14.
[3]’Places which are vulnerable in the network’ available at -
Symantec internet security threat report 2013(2012 trends,
volume 18, published on April 2013), access on 7th
Jan’14.
[4] ‘Vulnerability on Network’ available at - 2012 Norton
cybercrime report (European mobile insight, published April
2013), access on 8th
Jan’14.
[5]’Source Country for DDoS Attack’ available at-
www.foxbusiness.com/technology/ 2013/04/17/intensity-
ddos-attacks-explode-in-first-quarter-average-bandwidth-
surges-61/ , access on 10th
Jan’14.
[6]’Malware attacks (in %)’ available at- Ammal security
reports, Panda labs, 2011, access on 12th
Jan’14.
[7]’Malware attacks on mobile platform’ available at-
http://gcn.com/articles/2013/04/19/iphone-vulnerabilities-
android-most-attacked.aspx, access on 15th
Jan’14.
[8]’Global Price tag of Consumer Cyber Crime’ available at-
securityaffairs.co/wordpress/18475/cyber-crime/2013-nortan-
repot.html, access on 17th
Jan’14.
[9]’Cybercrime losses’ available at-
http://www.hpenterprisesecurity.com/collateral/report/HPEnte
rpriseSecurity_Report_HPArcSightFirstAnnualCostCyberCri
meStudyPonemon.pdf, access on 20th
Jan’14.
[10]’Emerging Technology to ensure cyber Security’
available at
http://researchedsolution.wordpress.com/2013/09/14/emerging
-cybersecurity-technologies/ , access on 24th
Jan’14