Introduction to Cyberethics

Cyberethics refers to the moral principles and best practices that guide responsible, safe and lawful use of computers, networks and digital technologies.

• Promotes responsible and respectful use of the internet and digital resources.
• Ensures protection of privacy, data and digital identities.
• Encourages lawful and ethical behavior in online activities.
• Addresses misuse of technology and cyber misconduct.
• Supports trust, security and fairness in the digital environment.

Principles of Cyberethics

1. Privacy: Ensures personal data and information remain secure and protected from unauthorized access or misuse, while respecting individual privacy rights in digital environments.

2. Integrity: Promoting honesty and accuracy in digital communications, transactions and content. This includes avoiding the creation or spread of false information and ensuring data is not altered without authorization.

3. Accountability: Individuals and organizations should be held accountable for their actions in the digital space. This includes taking responsibility for digital content, behavior and the consequences of online actions.

4. Security: Protecting systems, networks and data from cyberattacks, unauthorized access and vulnerabilities. Cybersecurity measures must be implemented to safeguard the digital environment.

5. Access: Ensuring equal access to digital resources and technology for everyone, regardless of socioeconomic status, geographic location or other barriers. The digital divide should be minimized to promote inclusivity.

6. Digital Responsibility: Encouraging ethical behavior in the use of technology, including respecting others' intellectual property rights, avoiding cyberbullying and ensuring the responsible use of online platforms and tools.

Breaches of Cyberethics

1. Man In The Middle

Man-in-the-Middle (MITM) is a cyber attack where an attacker secretly intercepts communication between two parties without their knowledge, allowing them to view or manipulate sensitive information being exchanged.

• Intercepts data such as passwords, financial details or messages
• Can alter or inject information during communication
• May impersonate one of the communicating parties
• Commonly occurs on unsecured Wi-Fi or unencrypted connections

2. Drive-By Downloads

Drive-by Downloads are a type of cyber attack where malware is automatically downloaded onto a user’s device without their knowledge or consent, usually when they visit a compromised or malicious website.

• Exploits vulnerabilities in browsers, plugins or outdated software
• Installs malware without requiring user interaction or approval
• Often delivered through compromised or malicious websites
• Can lead to data theft, system control loss or further infections

3. Malvertising

Malvertising is a cyber attack technique where malicious code is embedded into online advertisements that appear on legitimate websites. When users click or even view these ads, they may be redirected to harmful websites or have malware silently installed on their devices.

• Injects malicious code into legitimate ad networks
• Redirects users to phishing or malicious websites
• Can trigger automatic malware downloads without user intent
• Exploits trusted websites to reach a wide audience

4. Rogue Software

Rogue Software is a type of malicious program that pretends to be legitimate software (like antivirus or system tools) to deceive users into trusting it and taking harmful actions such as installing malware or paying for fake services.

• Uses social engineering tactics like fear-based pop-ups
• Often installs additional unwanted or harmful software silently
• May block legitimate system functions to appear “urgent” or “fixable” only by payment
• Difficult to remove without proper security tools

5. DDoS (Distributed Denial of Service)

Denial of Service (DoS/DDoS) attacks aim to make a network or website unavailable by overwhelming it with massive volumes of traffic. These attacks are typically coordinated using compromised systems controlled remotely by an attacker through a central management structure.

• Attack traffic is generated using botnets made of infected devices
• Coordination happens via Command and Control (C&C) servers
• Can target websites, servers or entire networks
• Results in degraded performance or complete service outage

6. Password Attacks

These attacks aim to steal or guess the passwords of individuals or organizations. Techniques include:

• Brute Force Attack (trying all possible combinations)
• Dictionary attacks (using common words or phrases)
• Keylogging (recording keystrokes to capture passwords)

7. Phishing

Phishing is a cyber attack where an attacker sends a deceptive email containing a fake link that mimics a legitimate website (such as a bank or email service) to trick the victim into clicking it and entering sensitive information, which is then captured to gain unauthorized access to the victim’s real account.

• Uses fake but realistic-looking emails and links
• Redirects users to counterfeit login pages
• Steals credentials like usernames, passwords and card details
• Enables unauthorized access to real accounts

8. Malware

Software created with harmful intent is designed to damage or disrupt computers and networks. It exists in many forms such as:

• Ransomware is malicious software that encrypts a victim's files or locks them out of their system then, demands a ransom to restore access to the data. Often threatens permanent destruction or public release of sensitive information if ransom remains unpaid.
• Spyware is designed to secretly monitor and collect personal information, such as login credentials, browsing habits and financial data, without the user's consent. Can result in identity theft, financial loss and privacy violations.
• Adware automatically displays unwanted ads, usually as pop-ups or banners, on the user's device. These ads are often intrusive and can disrupt the user experience, slow down performance or even redirect the user to malicious sites.
• Worms are self-replicating programs that spread through networks and devices without needing human interaction. They can spread quickly and consume bandwidth, often causing significant damage by exploiting vulnerabilities in operating systems or applications.
• Trojans disguise themselves as legitimate software or files to trick users into downloading and executing them. Once activated, they can steal data, provide remote access to attackers or install additional malware on the system.
• Botnets are networks of compromised devices, often referred to as "zombies," controlled by a central attacker. These infected devices can be used for various malicious purposes, such as sending spam emails, launching DDoS attacks or stealing sensitive information without the user’s knowledge.