ABES Engineering College, Ghaziabad

B. Tech Even Semester Sessional Test-2

ST-2 Solution of Cyber Security BCC-401

Section-A

1. Define SQL injection attack in detail. How an SQL injection attack is performed?

• Structured Query Language (SQL) is a database computer language designed for managing
data in relational database management systems (RDBMS).
• SQL injection is a code injection technique that exploits a security vulnerability occurring
in the database layer of an application.
• SQL injection attacks are also known as SQL insertion attacks.
• Attackers target the SQL servers – common database servers used by many organizations
to store confidential data.
• The prime objective behind SQL injection attack is to obtain the information while
accessing a database table that may contain personal information such as credit card
numbers, social security numbers or passwords.
• During an SQL injection attack, Malicious Code is inserted into a web form field or the
website’s code.
• For example, when a user logs in with username and password, an SQL query is sent to
the database to check if a user has valid name and password.
• With SQL injection, it is possible for an attacker to send crafted username and/or password
field that will change the SQL query.

Steps for SQL Injection Attack

Following are some steps for SQL injection attack:

• The attacker looks for the webpages that allow submitting data, that is, login page, search
page, feedback, etc. The attacker also looks for the webpages that display the HTML
commands such as POST or GET by checking the site’s source code.
• To check the source code of any website, right click on the webpage and click on “view
source” – source code is displayed in the notepad. The attacker checks the source code of
the HTML, and look for “FORM” tag in the HTML code.
• Everything between the <FORM> and </FORM> and have potential parameters that might
be useful to find the vulnerabilities.
• The attacker inputs a single quote under the text box provided on the webpage to accept
the username and password. This checks whether the user-input variable is interpreted
literally by the server. If the response is an error message such as use “a” = “a” then the
website is found to be susceptible to an SQL injection attack.
 2. Explain wireless attacks along with this also explain types of wireless attack.

• Wireless technologies have become increasingly popular in day-to-day business

and personal lives.
• Hand-held devices such as the PDAs allow individuals to access calendars, E-Mail
addresses, phone number lists and the Internet.
• Wireless networks extend the range of traditional wired networks by using radio
waves to transmit data to wireless-enabled devices such as laptops and PDAs.
• Wireless networks are generally composed of two basic elements o access points
(APs) and o other wireless-enabled devices, such as laptops radio transmitters and
receivers to communicate or “connect” with each other.
• APs are connected through physical wiring to a conventional network, and they
broadcast signals with which a wireless device can connect.
• Wireless access to networks has become very common by now in India – for
organizations and for individuals.
Types of wireless attack
1. Sniffing: The attacker usually installs the sniffers remotely on the victim’s system and
conducts activities such as:

• Passive scanning of wireless network;

• detection of SSID;

• colleting the MAC address;

• collecting the frames to crack WEP.

2. Spoofing: The attacker often launches an attack on a wireless network by simply creating
a new network with a stronger wireless signal and a copied SSID in the same area as a
original network. Different types of Spoofing are as follows.

• MAC address Spoofing

• IP Spoofing:

• Frame Spoofing:
3. Man-in-the-middle attack (MITM): It refers to the scenario wherein an attacker on host
A inserts A between all communications – between hosts X and Y without knowledge of X
and Y. All messages sent by X do reach Y but through A and vice versa. The objective behind
this attack is to merely observe the communication or modify it before sending it out.
4. Encryption cracking: It is always advised that the first step to protect wireless networks is
to use WPA encryption. The attackers always devise new tools and techniques to
deconstruct the older encryption technology, which is quite easy for attackers due to
continuous research in this field. Hence, the second step is to use a long and highly
randomized encryption key; this is very important. It is a little pain to remember long
random encryption; however, at the same time these keys are much harder to crack.
3. Illustrate the difference between cryptography and steganography.

4. Define DoS and DDoS attack in detail.

• In this type of criminal act, the attacker floods the bandwidth of the victim’s
network or fills his E-Mail box with Spam mail depriving him of the services he is
entitled to access or provide.
• The attackers typically target sites or services hosted on high-profile web servers
such as banks, credit card payment gateways, mobile phone networks and even
root name servers.
• Buffer overflow technique is employed to commit such kind of criminal attack
known as Spoofing.
• The term IP address Spoofing refers to the creation of IP packets with a forged
(spoofed) source IP address with the purpose of concealing the ID of the sender
or impersonating another computing system.
• A packet is a formatted unit of data carried by a packet mode computer network.
• The attacker spoofs the IP address and floods the network of the victim with
repeated requests.
• As the IP address is fake, the victim machine keeps waiting for response from the
attacker’s machine for each request.
• This consumes the bandwidth of the network which then fails to serve the
legitimate requests and ultimately breaks down.
DDoS Attacks
• In a DDoS attack, an attacker may use your computer to attack another computer.
• By taking advantage of security vulnerabilities or weaknesses, an attacker could take
control of your computer.
• He/she could then force your computer to send huge amounts of data to a website or
send Spam to particular E-Mail addresses.
• The attack is “distributed” because the attacker is using multiple computers, including
yours, to launch the DoS attack.
• A DDoS attack is a distributed DoS wherein a large number of zombie systems are
synchronized to attack a particular system.
• The zombie systems are called “secondary victims” and the main target is called “primary
victim.”
• Malware can carry DDoS attack mechanisms – one of the better-known examples of this
is MyDoom.
• Botnet is the popular medium to launch DoS/DDoS attacks.
• Attackers can also break into systems using automated tools that exploit flaws in
programs that listen for connections from remote hosts.

5. Explain phishing and its types in detail? How to stay protected against
phishing?

Phishing is a common type of cyber attack that targets individuals through email, text messages,
phone calls, and other forms of communication. A phishing attack aims to trick the recipient into
falling for the attacker’s desired action, such as revealing financial information, system login
credentials, or other sensitive information.

As a popular form of social engineering, phishing involves psychological manipulation and

deception whereby threat actors masquerade as reputable entities to mislead users into
performing specific actions. These actions often involve clicking links to fake websites,
downloading and installing malicious files, and divulging private information, like bank account
numbers or credit card information.

Since the mid-1990s, the term “phishing” has been used to identify hackers who use fraudulent
emails to “fish for” information from unsuspecting users. However, phishing attacks have become
increasingly sophisticated and are now broken down into different types, including email
phishing, spear phishing, smishing, vishing, and whaling. Each type is characterized by specific
channels and methods of execution – email, text, voice, social media, etc. – all with a similar
underlying intention.
Types of Phishing Attacks

Phishing has evolved into more than simple credential and data theft. How an attacker lays out a
campaign depends on the type of phishing. Types of phishing include:

• Email phishing: the general term given to any malicious email message meant to trick
users into divulging private information. Attackers generally aim to steal account
credentials, personally identifiable information (PII) and corporate trade secrets. However,
attackers targeting a specific business might have other motives.

• Spear phishing: these email messages are sent to specific people within an
organization, usually high-privilege account holders, to trick them into divulging sensitive
data, sending the attacker money or downloading malware.

• Whaling (CEO fraud): these messages are typically sent to high-profile employees of
a company to trick them into believing the CEO or other executive has requested to
transfer money. CEO fraud falls under the umbrella of phishing, but instead of an attacker
spoofing a popular website, they spoof the CEO of the targeted corporation.

• Pharming: pharming is a two-phase attack used to steal account credentials. The first
phase installs malware on a targeted victim and redirects them to a browser and a spoofed
website where they are tricked into divulging credentials. DNS poisoning is also used to
redirect users to spoofed domains.

• Malware: users tricked into clicking a link or opening an attachment might download
malware onto their devices. Ransomware, rootkits or keyloggers are common malware
attachments that steal data and extort payments from targeted victims.

• Smishing: using SMS messages, attackers trick users into accessing malicious sites from
their smartphones. Attackers send a text message to a targeted victim with a malicious
link that promises discounts, rewards or free prizes.

• Vishing: attackers use voice-changing software to leave a message telling targeted

victims that they must call a number where they can be scammed. Voice changers are also
used when speaking with targeted victims to disguise an attacker’s accent or gender so
that they can pretend to be a fraudulent person.

Phishing Prevention

Preventing phishing attacks requires a combination of user training to recognize the warning signs
and robust cybersecurity systems to stop payloads. Email filters are helpful with phishing, but
human prevention is still necessary in cases of false negatives.
A few ways your organization can prevent being a victim of phishing:

• Train users to detect a phishing email: a sense of urgency and requests for personal data,
including passwords, embedded links and attachments, are all warning signs. Users must
be able to identify these warning signs to defend against phishing.

• Avoid clicking links: instead of clicking a link and authenticating into a web page directly
from an embedded link, type the official domain into a browser and authenticate directly
from the manually typed site.

• Use anti-phishing email security: artificial intelligence scans incoming messages, detects
suspicious messages and quarantines them without allowing phishing messages to reach
the recipient’s inbox.

• Change passwords regularly: users should be forced to change their passwords every 30-
45 days to reduce an attacker’s window of opportunity. Leaving passwords active for too
long gives an attacker indefinite access to a compromised account.

• Keep software and firmware up-to-date: software and firmware developers release
updates to remediate bugs and security issues. Always install these updates to ensure
known vulnerabilities are no longer present in your infrastructure.

• Install firewalls: firewalls control inbound and outbound traffic. Malware installed from
phishing silently eavesdrops and sends private data to an attacker, but a firewall blocks
malicious outgoing requests and logs them for further review.

• Avoid clicking on popups: attackers change the location of the X button on a popup
window to trick users into opening a malicious site or downloading malware. Popup
blockers stop many popups, but false negatives are still possible.

• Be cautious about giving out credit card data: unless you know the site is completely
trustworthy, never give credit card data to a website you don’t recognize. Any site
promising gifts or money back should be used with caution.

6. Define Password cracking? Along with this also explain methods of Password cracking.
What are the effective ways to protect against password cracking?
Password cracking (also called password hacking) is an attack vector that involves hackers
attempting to crack or determine a password for unauthorized authentication. Password hacking
uses a variety of programmatic techniques, manual steps, and automation using specialized tools
to compromise a password. These password cracking tools are referred to as ‘password crackers’.
Increasingly, these tools are leveraging AI to improve password cracking speed and efficiency.
Passwords can also be stolen via other tactics, such as by memory-scraping malware, shoulder
surfing, third party breaches, and tools like Redline password stealer.
A password can refer to any string of characters or secret used to authenticate an authorized user
to a resource. Passwords are typically paired with a username or other mechanism to provide
proof of identity. This combination is referred to as credentials.
Common Password Attack Methods
Random Guesses
Usernames are the portion of credentials that do not change, and are also highly predictable,
regularly taking the form of first initial plus surname. Usernames are commonly an email address,
something widely communicated. An attacker now has half the details needed to log into many
of your systems. All that’s missing is the password.
A random password guess rarely succeeds unless it’s a common password or based on a
dictionary word. Knowing information about the target identity enhances the likelihood of a
successful guess by a threat actor. This information is gathered from social media, direct
interaction, deceptive conversation, or even data aggregated from prior breaches.
The most common variants for passwords susceptible to guessing include these common
schemas:
• The word “password” or basic derivations like “p@ssw0rd”
• Derivations of the account owner’s username, including initials. This may include subtle
variations, such as numbers and special characters.
• Reformatted or explicit birthdays for the user or their relatives, most commonly, offspring
or other special dates
• Memorable places or events
• Relatives’ names and derivations with numbers or special characters, when presented
together
• Pets, colors, foods, or other important items to the individual
While automated password cracking tools are not necessary for password guessing attacks, they
will improve the success rate.
Password guessing attacks tend to leave evidence in event logs and result in auto-locking of an
account after “n” attempts. When account holders reuse passwords across multiple resources
with poor password hygiene practices, the risks of password guessing and lateral
movement dramatically increase.

2. Dictionary Attacks
Dictionary attacks are an automated technique utilizing a password list against a valid account to
reveal the password. The list itself is a dictionary of words. Basic password crackers use lists of
common single words, like “baseball,” to crack a password, hack an account, and launch the
nefarious mission of the threat actor.
If the threat actor knows the targeted account's password length and complexity requirements,
the dictionary is customized to the target. Advanced password crackers often use a dictionary and
mix in numbers and symbols to mimic a real-world password with complexity requirements.
An effective dictionary attack tool lets a threat actor:
• Set complexity requirements for length, character requirements, and character set
• Manually add words and combinations of words/names customized for the target
• Target common misspellings of frequently used words that may have symbols replaced or
added
• Operate in multiple languages
A weakness of dictionary attacks is that they rely on real words and derivations supplied by the
user of the default dictionary. If the real password is fictitious, uses multiple languages, or uses
more than one word or phrase, it should thwart a dictionary attack.
The most common method to mitigate the threat of a dictionary attack is account lockout
attempts. After “n” times of wrong attempts, a user’s account is automatically locked for a period
of time and, after multiple lockouts, requires human intervention. The account must be manually
unlocked by an authority, like the help desk or via an automated password reset solution.
However, the lockout setting is sometimes disabled. Thus, if logon failures aren't monitored in
event logs, a dictionary attack is an effective attack vector for a threat actor.
3. Brute Force
Brute force password attacks utilize a programmatic method to try all possible combinations for
a password. This method is efficient for passwords that are short in string (character) length and
complexity. This can become infeasible, even for the fastest modern systems, with a password of
eight characters or more.
If a password only has alphabetical characters, including capital letters or lowercase, odds are it
would take 8,031,810,176 guesses to crack. This assumes the threat attacker knows the password
length and complexity requirements. Other factors include numbers, case sensitivity, and special
characters in the localized language.
With the proper parameters dialed in, a brute force attack will always find the password,
eventually. The computing power required and length of time it takes often renders brute force
tests a moot by the time it has completed. The time it takes to perform attacks is determined by
the time it takes to generate all possible password permutations. Then, the response time of the
target system is factored in based on serial or multithreaded requests.
Brute force password attacks tend to be the least efficient method for hacking a password. Thus,
threat actors use them as a last resort.
4. Credential Stuffing
Credential stuffing is an automated hacking technique that utilizes stolen credentials. These
credentials are comprised of lists of usernames, email addresses, and passwords. Attackers often
purchase “combo lists” on the dark web that provide these prepackaged email/password combos.
The technique generally leverages automation to submit login requests directed against an
application and to capture successful login attempts for future exploitation.
Credential stuffing attacks do not attempt to brute force or guess any passwords. The threat actor
automates authentication based on previously discovered credentials using customized tools,
typically with passwords obtained from the dark web from previous third-party breaches. This
approach can entail launching millions of attempts to determine where a user potentially reused
their credentials on another website or application.
Credential stuffing attacks prey on password reuse. These attacks only succeed because so many
users reuse the same credential combinations across multiple sites without any form of MFA.
5. Password Spraying
Password spraying is a credential-based attack that attempts to access many accounts by using a
few common passwords. Conceptually, this is the opposite of a brute force password attack. Brute
force attempts to gain authorized access to a single account by repeatedly pumping large
quantities of password combinations.
Section B
1. Explain authentication service security? What measures can be taken to enhance
the security of authentication services?
Authentication service security is a critical component of cybersecurity that focuses on verifying
the identity of users before granting them access to a system or service. This process is essential
for ensuring that only authorized individuals can interact with sensitive data and resources,
thereby safeguarding against unauthorized access and potential security breaches.
There are several methods commonly used in authentication service security to verify user
identities:
1. Passwords: Users are required to enter a unique combination of characters known only to them
to gain access. It is crucial to use strong, complex passwords and enforce regular password
changes to enhance security.
2. Biometrics: This involves using physical characteristics such as fingerprints, facial recognition,
or iris scans to authenticate users. Biometric data is unique to each individual, making it a highly
secure form of authentication.
3. Two-Factor Authentication (2FA): In addition to a password, users must provide a second form
of verification, such as a code sent to their mobile device, to access the system. This adds an extra
layer of security by requiring something the user knows (password) and something they have
(mobile device).

4. Multi-Factor Authentication (MFA): Similar to 2FA, MFA requires users to provide multiple
forms of verification, such as a password, biometric scan, and a security question. This further
strengthens security by combining different authentication factors.
By implementing strong authentication service security measures, organizations can protect their
sensitive data from unauthorized access, data breaches, and cyber threats. It helps maintain the
confidentiality of information by ensuring that only authorized users can view or modify data.
Additionally, authentication service security enhances data integrity by verifying the authenticity
of users and prevents data tampering. Lastly, it contributes to the availability of information by
ensuring that systems are accessed only by legitimate users, reducing the risk of downtime due
to security incidents.
Overall, authentication service security plays a crucial role in maintaining the overall security
posture of an organization and is essential for protecting valuable assets and maintaining trust
with users.
2. What are the various security implications for organizations related to mobile
devices?
Mobile devices are susceptible in ways that desktop and laptop computers are not. Smartphones
and tablets go everywhere with their owners. Devices are exposed to unknown people,
unsecured WiFi access points, and a number of other potential threats, including:

• Malware – Malicious codes that find their way onto mobile devices through spam, links, and
rogue programs installed from third-party sources.

Trojan malware can get into a mobile device through downloads, SMS messaging, or social
network links. From there the malware can spread to other devices on a business network,
exposing everything to hackers.

According to VMWare’s Airwatch tech blog, U.S. mobile malware rates are currently increasing by
75 percent year-over-year. OSX (iPhone and Mac products) received five times more malware in
2015 than in the five years prior.

• Attacks – Many of the same exploits (software, data or a sequence of commands designed to
cause harm) used by hackers to access laptops can be used to access mobile devices. Exploits
typically focus on WiFi hotspots, Bluetooth, NFC (Near Field Communication), and social
engineering (i.e. “Hey, can I borrow your phone to call my mom?”).

• Physical Access – The easiest way for a hacker to gain access to a secure network is via physical
access, which is as easy as grabbing a lost or unattended mobile device.
 3. Discuss the types of attacks of against mobile/cell phones.
There are several types of attacks that can target mobile/cell phones, posing security risks to users
and their data. Some common types of attacks against mobile phones include:
1. Malware: Malicious software, such as viruses, worms, and trojans, can infect a mobile phone
through malicious apps, email attachments, or compromised websites. Malware can steal
sensitive information, track user activities, or even take control of the device.
2. Phishing: Phishing attacks involve tricking users into providing sensitive information, such as
login credentials or financial details, by posing as a legitimate entity through emails, text
messages, or fake websites. Phishing attacks can lead to identity theft or financial loss.
3. Man-in-the-Middle (MitM) Attacks: In MitM attacks, an attacker intercepts communication
between a mobile phone and a server to eavesdrop on sensitive information or manipulate data.
This can occur over unsecured Wi-Fi networks or compromised cellular networks.
4. Smishing: Smishing attacks involve sending malicious links or attachments via text messages to
mobile phone users, tricking them into downloading malware or providing personal information.
Smishing attacks are often used in conjunction with phishing attacks.
5. Bluejacking and Bluesnarfing: Bluejacking involves sending unsolicited messages or files to
Bluetooth-enabled devices, while bluesnarfing involves unauthorized access to a device's data,
such as contacts, messages, or photos, through Bluetooth connections. Both attacks exploit
Bluetooth vulnerabilities.
6. Wi-Fi Eavesdropping: Attackers can intercept unencrypted Wi-Fi communications to capture
sensitive information, such as login credentials or financial details, transmitted by mobile phones.
This can occur in public Wi-Fi hotspots or compromised networks.
By being aware of these types of attacks and taking preventive measures, such as keeping
software up to date, avoiding suspicious links or downloads, using secure Wi-Fi networks, and
implementing security features like biometric authentication or encryption, mobile phone users
can better protect themselves against potential security threats.

4. Discuss what organizations can do toward safeguarding their information systems in the
mobile computing paradigm.

Organizations can take several steps to safeguard their information systems in the mobile
computing paradigm:

1. Mobile Device Management (MDM): Implementing MDM solutions allows organizations to

manage and secure mobile devices used by employees. This includes enforcing security policies,
remotely wiping devices in case of loss or theft, and ensuring that devices are up-to-date with
security patches.
2. Mobile Application Management (MAM): Utilizing MAM solutions enables organizations to
control and secure the applications used on mobile devices. This includes whitelisting approved
apps, monitoring app usage, and enforcing security policies for app access.

3. Data Encryption: Encrypting data stored on mobile devices and transmitted over networks can
help protect sensitive information from unauthorized access. Organizations should implement
strong encryption protocols to safeguard data at rest and in transit.

4. Secure Authentication: Implementing strong authentication methods, such as biometrics, two-

factor authentication, or multi-factor authentication, can help ensure that only authorized users
can access organizational resources from mobile devices.

5. Mobile Security Policies: Establishing clear mobile security policies and guidelines for
employees can help promote secure mobile computing practices within the organization. This
includes rules for device usage, data handling, and reporting security incidents.

6. Regular Security Audits: Conducting regular security audits and vulnerability assessments of
mobile devices, applications, and networks can help identify and address security weaknesses
before they are exploited by attackers.

7. Employee Training: Providing security awareness training to employees on mobile security best
practices, such as avoiding public Wi-Fi networks, using secure passwords, and recognizing
phishing attempts, can help mitigate security risks associated with mobile computing.

By implementing these measures and staying vigilant about mobile security threats, organizations
can effectively safeguard their information systems in the mobile computing paradigm and
protect sensitive data from potential breaches and cyber attacks.