CYBER SECURITY A Seminar Report Seminar Report submitted in partial fulfilment of the requirements for the award of the degree of B.Tech. in Nalanda Institute of Engineering under Biju Patnaik University of Technology By JAGATJIT BARIK Regd. No.: 2001297128 Under the Guidance of Prof. Narottam Sahu (H.O.D, Dept of Computer Science Engineering) DEPARTMENT OF COMPUTER SCIENCE ENGINEERING NALANDA INSTITUTE OF TECHNOLOGY BHUBANESWAR, ODISHA 2023 DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING NALANDA INSTITUTE OF TECHNOLOGY (An Affiliated College of Biju Patnaik University of Technology, Odisha) Buddhist Villa, Chandaka Bhubaneswar -754005 D EC LA R ATION I hereby declare that the matter in the project entitled “Cyber Security" is an original work done and the embodied record has not been submitted to any other university for the award of any other degree. Jagatjit Barik Regd. No.- 2001297128 DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING NALANDA INSTITUTE OF TECHNOLOGY (An Affiliated College of Biju Patnaik University of Technology, Odisha) Buddhist Villa, Chandaka Bhubaneswar -754005 CERTIFICATE This is to certify that the seminar work entitled Cyber Security" presented by JAGATJIT BARIK, bearing Regd. no. -2001297128 a student in 4th year B.Tech in Computer Science Engineering at Nalanda Institute of Technology has completed successfully. This partially fulfils the requirements of a Bachelor of Technology in Computer Science Engineering under the Biju Patnaik University of Technology, Rourkela, Odisha. I wish his success in all future endeavours. Prof. Narottam Sahu SUPERVISOR Dept. of Computer Science Engineering Nalanda Institute of Technology Bhubaneshwar HEAD OF THE DEPARTMENT Computer Science Engineering Nalanda Institute of Technology Bhubaneshwar CONTENTS Acknowledgement 6 Abstract •What is cyber Security 1.So What 7 9 10 12 13 14 15 2.CyberCrime • Malware • Ransomeware • Bots • •Physical Cyber-Attack 16 •Social Engineering 17 •Other Avenues Of Attack 21 1.How can You Protect •Raise Awareness 22 •References 30 31 Acknowledgement I would like to express my deep and sincere gratitude to my guide, Prof. Narottam Sahu, H.O.D of the Computer Science Department of Engineering for his unflagging support and continuous encouragement throughout the seminar. Without his guidance and persistent help, this report would not have been possible. I would like to thank Dr Rabindra Kumar Dalei, Principal of Nalanda Institute of Technology, and Prof. Shakti Charan Panda of Nalanda Institute of Technology, Bbsr for helping me during the presentation and making facilities available for the seminar. I must acknowledge the faculties and staff of the Computer Science Department of Engineering for their cooperation, constructive criticism and valuable suggestion during the work. Lastly, I word run to express my gratitude to my Parents and friends for their direct and indirect help during the preparation of the seminar report. JAGATJIT BARIK Regd. No- 2001297128 ABSTRACT breaches and hacking to malware and phishing attacks. The seminar will also highlight the role of cybersecurity in protecting personal information, business data, and national security. Furthermore, we will explore various preventive measures and best practices to enhance cybersecurity at an individual and organizational level. The objective of this seminar is to foster a comprehensive understanding of cybersecurity and promote responsible digital citizenship. We believe that with knowledge comes power - the power to protect ourselves and our digital world. To minimize these cybercrimes, a few techniques are listed which give an idea of how cyber security works. As the saying goes, Check yourself, before you wreck yourself. To prevent any cyber-attacks and accidents we should follow some cyber ethics which will be discussed. So, the aim is to give us a basic idea about cyber security and its related topics. Keywords: Cyber Security, Cyber Crimes, Cyber Ethics Jagatjit Barik Student Signature Guide Signature CYBERSECURITYAWARENESS What Is Cybersecurity Awareness Month? Cybersecurity Awareness Month raises awareness about the importance of cybersecurity across our Nation. Cybersecurity“SoWhat?” Did You Know? Antivirus software is available for mobile devices, which are an easy, common target for hackers and other bad actors. Cybersecurity Common Sense Being safe online isn’t so different from being safe in the physical world! Keep Calm and Trust Your Gut! Commonly Used Terms Bad Actor Hacker Cyber Attack 10 Do YourPart. #BeCyberSmart Cybersecurity starts with YOU and is everyone’s responsibility. Therearecurrentlyanestimated 5.2 billioninternetusers or 63% oftheworld’s population. 11 CYBERCRIME Whatis it? Cybercrime is any crime which is committed electronically. Examples Identity theft Child sexual abuse materials Financial theft Intellectualproperty violations Malware Malicious social engineering This can include… Theft Fraud Sometimes even murder Whyshouldyoucare? Crime is a danger offline and on! Cyber self-defense basics can go a long way to keeping you and your data out of the hands of bad actors. 12 MALWARE Whatis it? Examples Ransomware Adware Botnets Rootkits Spyware Viruses Worms Any software intended to… Damage Disable Or give someone unauthorized access to your computer or other internet-connected device Whyshouldyoucare? Most cybercrime begins with some sort of malware. You, your family, and your personal information is almost certainly at risk if malware finds its way onto your computer or devices. 13 RANSOMWARE Whatis it? Malware designed to make data or hardware inaccessible to the victim until a ransom is paid. Examples Cryptolocker Winlock Cryptowall Reveton Bad rabbit Crysis Wannacry Whyshouldyoucare? Often downloaded as malicious email links Damage to both financial stability and reputation No guarantee that you will get your data back, even if you pay Often used as a decoy for other malicious activity 14 BOTS Whatis it? Bots are a type of program used for automating tasks on the internet. Did You Know? Not all bots are bad. When you use asearch engine, these results are made possible by the help of bots “crawling” the internet and indexing content. Chatbots like Siri and Alexa are another common type of “good” bot. Whyshouldyoucare? Malicious bots can: Gather passwords Log keystrokes Obtain financial information Hijack social media accounts Use your email to send spam Open back doors on the infected device 15 PHYSICALCYBERATTACKS Whatis it? Did You Know? Anything connected to the internet is potentially vulnerable, from escooters to laptops to cargo ships. Physical cyber attacks use hardware, external storage devices, or other physical attack vectors to infect, damage, or otherwise compromise digital systems. This can include… USB storage devices CD/DVD Internet of Things (IoT) Whyshouldyoucare? Easy to overlook Difficult to identify and detect Extremely difficult to remove Can do anything from installing ransomware, to sending copies of or modifying information systems, to dismantling networks 16 SOCIALENGINEERING Whatis it? Examples Phishing Pretexting Baiting Quid pro quo Tailgating Inside job Swatting Cybercriminals can take advantage of you by using information commonly available through… Social media platforms Location sharing In-person conversations Whyshouldyoucare? Your privacy isn’t just a luxury – it’s a security measure Attacks can be successful with little to no programming knowledge or ability Technological security measures can only protect you so much – you are your best defense 17 PHISHING Whatis it? Examples Emails Text messages Phone calls Social media messages and posts Suspicious hyperlinks Fake messages from a seemingly trusted or reputable source designed to convince you to… Reveal information Give unauthorized access to a system Click on a link Commit to a financial transaction Whyshouldyoucare? Extremely common Can have severe consequences Devil‘s in the details 18 WouldThis Email FoolYou? From Legitimate-Looking-Source@notquiteyourworkemail.com Subject Ugent IT Update: Software Vulnerability Software Update Good afternoon Tom, Avulneribilityhasbeen identified in “BigNameSoftware” that allows an attacker to record callsandvideos from your computer without your knowldge. Please install the attacked update by the endof the day or your workstation willbelocked. Wehave also created app for all employees to determan if they been affected by this vulnerability. Clickhere to runthe app. www.fakewebsite.com/gotcha.exe Sincerely, Click or tapto follow link. BossMann Your Company ITDepartment REPLY 19 SWATTING Whatis it? An attack centered around location sharing in which bad actors call the police claiming the victim has committed a crime… Bomb Threat Examples Your location is embedded as metadata in every picture you take with your phone. Turn location services off when you aren’t using them to make it more difficult for bad actors to view this information. Armed Intruder Violent Incident Whyshouldyoucare? Physical and immediate consequences Sometimes was intended merely as a prank Arrest and serious injury can result Reduce risk by sharing your location only with trusted individuals, and share vacation photos only after you’ve returned safely home 20 OTHER AVENUES OFATTACK Whatis it? Examples Smart devices Mobile phone Thermostat Vehicles Gaming consoles Printers Medical equipment Industrial systems Internet of everything Any device connected to your network Information collection Remote access Bluetooth Open ports Whyshouldyoucare? Your network can be used to attack someone else Any device that stores information or is connected to the internet can be a vulnerability Assume that you are vulnerable, and take measures to understand and mitigate risk Don‘t be the “low-hanging fruit” 21 HowCanYouBetter Protect Yourself Online? Secure your networks. Stay up to date. Wireless routers are a way for cybercriminals to access online devices. Keep software updated to the latest versions and set security software to run regular scans. If You Connect It, Protect It. Double your login protection. One proven defense against intrusion is updating to the latest virus protection software. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. 15 PasswordTips Did You Know? Password or credential stuffing is a cyberattack that tries “stuffing” already comprised username and passwords fromone site into another site inhopes that the user uses the same logininformation across platforms. ****** Use different passwords on different systems and accounts ****** Use the longest password allowed ****** Use a mix of uppercase and lowercase letter, numbers, and symbols ****** Reset your password every few months ****** Use a password manager 23 Cybersecurit y Awareness MonthTheme Theme: DoYourPart. #BeCyberSmart. 24 CybersecurityAwareness October 1: Official Kick-off WEEK1: Weekof October 4 Be Cyber Smart. WEEK2: Weekof October 11 Fight the Phish! WEEK3: WeekofOctober18 Explore. Experience. Share.(Cybersecurity CareerAwareness Week) WEEK4: Weekof October 25 Cybersecurity First 25 Week1: Be CyberSmart. 26 Week2: Fight thePhish! 27 Week3: Explore. Experience . Share. Cybersecurity CareerAwareness Week 28 Week4: Cybersecurit y First. 29 RaiseAwareness andGetInvolved Becomea CybersecurityMonth Champion PromoteCybersecurityAwareness Monthonsocial media; usethe#BeCyberSmarthashtag Volunteertospeakat CybersecurityAwareness MonthEngagements Pass oncybersecuritytips toyourfriends, family, andcoworkers 30 REFERENCE Visit cisa.gov/cybersecurity-awareness-month or staysafeonline.org/cybersecurity-awareness-month/ for more resources. 31