Case no-1

“MINIDUKE” exposes EU cybersecurity gaps

When over 20 European countries, including Ukraine, Belgium,

Portugal, and Romania……………..

Problem: Large number of vulnerable users of online financial services, ease of creating bogus
Web sites.

Solutions:

1. Deploy enemy of phishing programming, benefits, and a staggered confirmation

framework to distinguish dangers and diminish phishing endeavors.

2. Deploying new apparatuses, advances, and security techniques, alongside

teaching purchasers, expands unwavering quality and client certainty.

3. Demonstrates IT’s job in fighting digital wrongdoing.

4. Illustrates computerized innovation as a major aspect of a staggered arrangement

just as its constraints in beating disheartened purchasers.

Case no-2

Stunex and the changing face of cyberwarfare

IN July 2010, reports surfaced about a Stuxnet worm that had been
targeting Iran’s nuclear facilities …………………………….

Q1: Is cyberwarfare a serious problem? Why or why not?

Cyber warfare is certainly a difficult issue that ought to be tended to. With innovation that being used
worldwide to control the rockets and fighting, having a digital danger is as genuine as or much more
genuine than having a physical risk. Cyber warfare can likewise go about as an impetus and instigate a
full-scale strike of dread on different nations. The most noticeable dangers so far include:

Stuxnet cleared out around one-fifth of Iran's atomic rotators by making them turn at too high a speed.
The harm was tremendous and hopeless; it was accepted to have a postponed Iran's capacity to make
atomic arms by as much as five years.

Effective assaults on the FAA aircraft framework, incorporating one out of 2006 that incompletely closed
down air traffic information frameworks in Alaska.

Gatecrashers effectively entered the Pentagon's $300 billion Joint Strike Fighter task and took a few
terabytes of information identified with structure and gadgets frameworks.

Digital government operatives invaded the U.S. electrical framework in April 2009 and left behind
programming projects whose reason for existing is indistinct.

Q2: Assess the management, organization, and technology factors that have created this problem.

Management:

From an administration angle, there is no expansion center around guaranteeing that arrangements are
set up to counteract cyberwarfare assaults from happening in an association as of not long ago. An
expanded center is basic to be set up to forestall this. The clients of focused frameworks are still too
thoughtless about security and don't do what's needed to ensure their frameworks while the
cybercriminals has no deficiency these days as the innovation is getting increasingly advance.

Organization:

The association is left defenseless and potential physical mischief to clients and laborers turns into a
social issue that must be tended to by the association. For examples, U.S. has no reasonable strategy
about how the nation would react to a calamitous degree of digital assault. Despite the fact that the U.S.
Congress is thinking about enactment to toughen digital security guidelines, the principles are yet
inadequate to protect against assaults.

Technology:

The progression of innovation these days and continually being promptly accessible to the open has
made cyberwarfare bound to happen. Innovation has brought the significant issue of digital assault and
the headway of innovation will possibly exacerbating things later on if security is not being progressed
admirably.

Q3: What makes Stuxnet different from other cyberwarfare attacks? How serious a threat is this
technology?

A large portion of the cyberwarfare assaults are just endeavoring to take data and reconnaissance,
Stuxnet is even able to taint the very well verified PC frameworks that pursue industry best works on
making it almost difficult to safeguard. Stuxnet's crucial to enact just PCs that ran Supervisory Control
and Data Acquisition. One section was intended to lay torpid for extensive stretches, at that point
accelerate Iran's atomic rotators so they spun fiercely crazy. Another covertly recorded what ordinary
activities at the atomic plant looked like and afterward played those accounts back to plant
administrators so doubtlessly the axes were working typically when they were really destroying
themselves. With this kind of cyberwarfare assault, a whole nation could be wrecked and without
acknowledgment, from back to front.

Q4: What solutions have been proposed for this problem? Do you think they will be effective? Why or
why not?

The arrangements have been proposed for this issue expressed underneath:

Congress is thinking about enactment that would require all basic framework organizations to meet
more up to date, harder cybersecurity norms. As cyberwarfare innovations create and become further
developed, the measures forced by this enactment will probably be inadequate to shield against assaults.

Numerous security specialists accept that U.S. digital security isn't efficient. A few distinct offices,
including the Pentagon and the National Security Agency (NSA), have their sights on being the main
office in the on-going endeavors to battle cyberwarfare. The principal home office intended to facilitate
government digital security endeavors, called Cybermob, was enacted in May 2010 in the desire for
settling this authoritative tangle. It will arrange the activity and insurance of military and Pentagon PC
systems. It will arrange endeavors to limit access to government PCs and ensure frameworks that run the
stock trades, clear worldwide financial exchanges, and deal with the aviation authority framework. Its
definitive objective will be to counteract calamitous digital assaults against the U.S. A few insiders
recommend that it probably will not have the option to adequately compose the administrative
organizations without direct access to the President, which it presently needs.
Case no -3
MWEB business: hacked

BMWEB launched in 1997, became South Africa’s leading ISP in 1998. It

has establishes it’s as a company that provides a cutting edge
network……………………………………..

Q1: What technology issues led to the security breach at MWEB?

Innovation gives that prompted the security rupture at MWEB will be MWEB Business endorsers' record
subtleties were undermined when programmers distributed their logon and secret word subtleties on
the web. MWEB past electronic self-administration the executives framework redistribute to Internet
Solution not yet move to the new MWEB organize. Therefore, the explanation is programmers accessed
Web based Internet Solutions self-administration the executives framework and it prompted security
break that MWEB does not have complete control.

Q2: What is the possible business impact of this security breach for both MWEB and its customers?

Impact to the business:

The security rupture gives a major effect for both MWEB Business and its clients. The conceivable
business effect of this security rupture for MWEB is this security break powers MWEB to advise their
clients and locate the potential answers for the issue and to cooperate with Internet Solution to
illuminate those issues. MWED would lose trust from their clients and it is difficult to restore the
confidence structure the clients.

Moreover, they have to quickly actualize appropriate arrangements and controls of their frameworks
and simultaneously they have to get ready for legitimate activity and budgetary dangers. It gets a major
change the organization and it may influence their business schedules. In this way, those effects will be
the danger to client maintenance and notoriety.
Effect to the clients:

Clients may need to confront the issue of losing of their own data, which is security for them.
Simultaneously, they are looking with burden in regards to the issues since they need to reproduce or
change their secret word and confronting the probability of the administration could not be gotten to.
Clients would likewise lose their sure and trust on th administrations given by MWED later on.

Q3: If you were an MWEB customer, would you consider MWEB’s response to the security breach to be
acceptable? Why or why not?

If I am MWEB customer, I would consider MWEB’s response to the security breach to be acceptable.
There were several reasons for the considerations:

1. MWEB reacted rapidly to the hacking episode. MWEB likewise has been reaching their clients to reset
their passwords, as an additional safety effort.

2. Plus, they rushed to take note of that no close to home data was lost and that none of MWEB's
customers endured any misfortunes as their usernames and passwords had been reproduced and
changed.

3. Besides, MWEB effectively repulses 5,000 assaults per day. Moreover, MWEB was working intimately
with Internet Solutions to explore the nature and wellspring of the break to guarantee that it does not
occur once more.

Q4: What should MWEB do in the future to avoid similar incidents?

To maintain a strategic distance from comparable occurrences later on, MWEB should executes state-of-
the-art security or gadgets or convention to their system, for example, computerized testaments,
interruption identification framework, Management Information System (MIS) review, standard and
intensive testing and to wrap things up, improved character the executives. In addition, MWEB ought to
proactively make prompt move to assess the degree of the rupture and to restrict any harms.
Simultaneously, MWEB ought to continually encourage its clients to be careful with respect to their
online information and security. Additionally, MWEB should working intimately with Internet Solutions to
examine the nature and wellspring of the break.
These proposals or suggestions are critical to evade comparable occurrences later on.

Case no-4
Information security threats and policies in Europe

The IT sector is one of the key drivers of the European economy. It

has been established that 60 percent of Europeans use internet
regularly………………………………..

1.) What is a botnet?

In the expression "botnet" as utilized here, the "bot" is short for robot. A solitary bot is a product
program that can, when secretly introduced on an individual's PC, execute certain predefined directions.
Botnet is a system of self-sufficient malevolent programming specialist there are under the influence of
a bot officer. The system is made by introducing malware that adventures the vulnerabilities of Web
servers, working frameworks, or application to assume responsibility for the tainted PCs.

2.) Describe some of the main points of the Digital Agenda of Europe.

The primary concern of the Digital Agenda of Europe is to characterize the key job that data and
correspondence advances will play in 2020.The activity calls of a solitary, open Europe computerized
showcase. Another objective is that broadband speed of 30Mbps be accessible to all European resident
by 2020 in term of security, the activity is thinking about the execution of measure to ensure protection
and the foundation of a well-working system of CERT to counteract cybercrime and react viably to digital
assaults. The European Commission has proposed a Digital Agenda. Its primary goal is to build up a
computerized single market so as to create shrewd, reasonable and comprehensive development in
Europe.

What are the obstacles hindering the Digital Agenda?

 fragmented digital markets;

 lack of interoperability;

 rising cybercrime and risk of low trust in networks;

  lack of investment in networks;

 insufficient research and innovation efforts;

 lack of digital literacy and skills;

 missed opportunities in addressing societal challenges

3.) Explain how a cyber-attack can be carried out.

There are 3 basic parts to a cyber-attack:

1. Access: a method to get inside or gain access to a network or system

2. Vulnerability: some part of the system that the attacker can take advantage of or manipulate

3. Payload: the purpose of the attack, namely, what exactly is the target and how significant will
the damage

There are many other forms cyber-attacks may take.

Denial Of Service assault happens when "an assailant endeavors to keep authentic clients from getting
to data or administrations." This is normally practiced when the aggressor over-burdens a framework
with solicitations to see data. This would be a case of a remote assault.

Spear phishing is another straightforward strategy by which an assault may access a PC framework or
system. When some data about an objective is obtained, an email is sent indicating to be from an
authentic organization requesting data, for example, usernames and passwords to banking sites or
system logins.

Backdoors, or hooks, are placed inside a computer or network in order to create a vulnerability that can
be exploited later on.

Tampering with basic electronics is a simple type of cyber-attack. It is also possible that such software or
even hardware could be installed into electronics by the original manufacturer

4.) Describe some of the weaknesses exploited by malware.

Malware, known as Stuxnet is a shorthand term that includes a wide range of vindictive programming.
This incorporates infections, worms, Trojan ponies, spyware, and every single other kind of
programming that get put onto your PC without you knowing it. Some of shortcomings of malware is it
covered up in alternate ways to executable projects (documents with expansion. Ink) was executed
naturally when the substance of a tainted USB drive was shown as the malware is proliferated by means
of USB.