Name: Snehal Fadale

Roll no: 04 (BEIT)

Content Beyond Syllabus: Case Study on Real Time Attack

A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to

alter computer code, logic or data and lead to cybercrimes, such as information and identity
theft.

We are living in a digital era. Now a day, most of the people use computer and internet. Due
to the dependency on digital things, the illegal computer activity is growing and changing like
any type of crime.

Cyber-attacks can be classified into the following categories:

Web-based attacks:

These are the attacks which occur on a website or web applications. Some of the important
web-based attacks are as follows-

1. Injection attacks

It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.

Example- SQL Injection, code Injection, log Injection, XML Injection etc.
2. DNS Spoofing

DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a
DNS resolver's cache causing the name server to return an incorrect IP address, diverting traffic
to the attacker’s computer or any other computer. The DNS spoofing attacks can go on for a
long period of time without being detected and can cause serious security issues.

3. Session Hijacking

It is a security attack on a user session over a protected network. Web applications create
cookies to store the state and user sessions. By stealing the cookies, an attacker can have access
to all of the user data.

4. Phishing

Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a trustworthy
entity in electronic communication.

5. Brute force

It is a type of attack which uses a trial and error method. This attack generates a large number
of guesses and validates them to obtain actual data like user password and personal
identification number. This attack may be used by criminals to crack encrypted data, or by
security, analysts to test an organization's network security.

6. Denial of Service

It is an attack which meant to make a server or network resource unavailable to the users. It
accomplishes this by flooding the target with traffic or sending it information that triggers a
crash. It uses the single system and single internet connection to attack a server. It can be
classified into the following-

Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is
measured in bit per second.

Protocol attacks- It consumes actual server resources, and is measured in a packet.

Application layer attacks- Its goal is to crash the web server and is measured in request per
second.

7. Dictionary attacks

This type of attack stored the list of a commonly used password and validated them to get
original password.

8. URL Interpretation

It is a type of attack where we can change the certain parts of a URL, and one can make a web
server to deliver web pages for which he is not authorized to browse.

9. File Inclusion attacks

It is a type of attack that allows an attacker to access unauthorized or essential files which is
available on the web server or to execute malicious files on the web server by making use of
the include functionality.

10. Man in the middle attacks

It is a type of attack that allows an attacker to intercepts the connection between client and
server and acts as a bridge between them. Due to this, an attacker will be able to read, insert
and modify the data in the intercepted connection

❖ What is a Phishing Attack?

Phishing is a kind of technique where Attacker also called as Phisher tries to gain access or
sensitive information from user or victim. This attack comes under Social Engineering attack
where personal confidential data such as login credentials, credit card details, etc are tried to
gain from the victim with human interaction by an attacker. It happens in this way, the attacker
dupes a victim into opening a malicious link via an email, instant message on apps like
WhatsApp or from a text message. Clicking on the link may lead to install malicious software,
exposing the sensitive information, freezing of system which is called a Ransomware attack.
The goal of this attack is mostly due to the bad intentions of the attacker. This may include
shutting down the system, gaining the funds, money, harming the third-party victim in any
possible way.
Phishing is of the simplest kind of cyberattack but still effective and dangerous. As the phishers
try to exploit the users directly, which does not involve exploiting the technical vulnerability.
Nowadays everyone is having access to the Internet and Digital Evolution is taking place, one
should have proper knowledge of this kind of Attacks to avoid any kind of loss in the future.

Types of Phishing Attack

While there are varieties of Phishing Attacks, the aim is the same, “to gain something”. Some
major types include:

1. Spear Phishing

Spear Phishing attack is specifically targeted on Individual or organization. It targets the

specific group where everyone is having certain in common. In a spear phishing, Attackers
often collect personal information about their target and use it. This increases the probability
of success as victim tricks into believing the information.

2. Whaling

Spear Phishing attack which is targeted mainly on Higher level targets such as Senior
Executives, CEO’s, etc is known as Whaling.

3. Clone Phishing

In this attack, Attacker clones the original email which was delivered previously and modifies
it in such a way that it looks legitimate but contains malicious link or malware. Then sends it
to target while still maintaining the sender address by address spoofing. The mail looks like it
was re-send of original with some or no changes.

4. Phone Phishing

This attack is carried out by sending a text message and asking to provide confidential
information. Or by a voice calling to the victim and faking as some genuine official person, the
attacker asks the user to provide sensitive details or asks to perform some activity.

The former is called as SMS phishing and later one is called Voice Phishing.
❖ Phishing Attacks Effects/consequences on organization

The dangers of being phished are now widely known, but the extent of the damage is often
misunderstood. Successful phishing involves the scammer gaining unauthorized access to an
organization’s private information, which they then use for personal gain. Some of the most
common pieces of information that phishers steal is bank account details. Once obtained,
phishers may be able to use this information to withdraw money from the account or to make
an online transaction using the victim’s money.

The global financial impact of phishing is hard to estimate. Large businesses are most
susceptible to losing large sums of money; one report by the Ponemon Institute estimates that
in the first quarter of 2016 successful phishing attacks collected up to $3.7 million per attack
on a large organization.[1] Smaller organizations also fall victim to attacks regularly, as they
may not have the resources to build sophisticated security networks or awareness schemes to
prevent their staff from falling for the scams.
Phishers often scam large companies by impersonating company managers and sending emails
to lower-ranked staff. They order their staff to transfer funds to accounts that are actually
controlled by the phishers. This type of phishing, often called “whaling,” can cause the business
to lose huge sums of money––sometimes even millions of dollars. The Austrian aircraft
manufacturer FACC is a prime example of this: they were phished out of $54 million in January
2016. Their CEO was fired later that year due to the incident and the repercussions on the
company’s image.

❖ Data loss in Phishing Attack

• Data loss is the destruction of important or private information that has been stored on
a computer or network.
• Data loss can be caused by external factors, such as a power outage, theft, or a broad-
based phishing attack.
• Data loss can be caused by human error, such as when a person opens an email that has
a virus attached, or when antivirus software has expired, or when a person drops a
computer or spills liquid on it.
❖ Ways on how to detect phishing attacks

Phishing is the most dangerous form of cyber-crime. Much as people are aware of phishing, a
good number still fall victims of this longstanding method of cyber-crime. Thirty-two percent
of all cyber-attacks involves phishing, according to the Verizon’s 2019 data breach report.

• Legitimate site dosn’t ask sensitive information through emails

Scammers will always ask for your sensitive information through the email. The
majority will be sent an email with an attachment or link. They will instruct you to
follow the link. Therein, you will be requested to follow the link. This link takes you to
a secondary website where you’ll be required to fill in your information.

Take note that not a legitimate website can do such heinous activity. If you closely
scrutinize such emails, you’ll notice the contents sound and feel generic.

• Legitimate companies refer to you by your first or last name

Have you ever received an email with a salutation like “dear customer” or “dear valued
member?” without a second thought, always dismiss such emails or sent them to the
spam folder a soon as possible.

Such generic salutations are typical to hackers. Since they do not know your name,
they’ll try to use a general terminology. Something general is always fraudulent.

Legitimate companies will always address you directly – by your name. Besides, the
company will give directions on how to contact them, probably via the phone.

You need to be vigilant because some hackers avoid the salutation part altogether. This
is common in cases of advertisements.

• Check grammar and spelling

The legitimate website has a clear command of language because they employ experts
to craft emails they sent to their customers. That means that their emails are well written
and specific.
 However naïve you are, always check on grammar, spelling, and message delivered
through an email. Anything imperfect is a sign of a scam.

• Companies use domain emails

Receivers of emails should always check who the sender of the email is. Company
emails are unique. This is how to detect phishing attacks.

Legitimate companies have an email address that has domain names. Phishers are very
clever. They might change only a single letter. Hover your mouse over the sender’s
address to ensure that the origin of the email matches that of the legitimate site.

A single letter causes a significant change in an email. If you notice something sinister,
dismiss the email.

• Redirecting emails
Phishers at times send emails coded as a hyperlink. When you click on such emails
(anywhere), it will send you to a fake web page. In some instances, it will download
spam onto your computer.

• Emails with unsolicited attachments

A legitimate company never sends you unnecessary attachments. If they require any
information from you, they’ll inform you to download from their website.

However, in some instances, a company might send you an attachment. So this may
pose a risk. The most common information send through an email is the white paper.
Such paper requires you to download.

What you must do is to check for some types of files that are high risk, e.g., .scr, .zip,
and .exe, among others.
 • Links must match legitimate URLs
It is important that you double-check every email to ascertain its authenticity before
clicking on it. If it is otherwise, do not click on it.

❖ How to protect your information

• Conduct a training session at your company. Train your employees through. You can
apply mock phishing scenarios

• Install SPAM filters, which detects virus and blocks sender of such emails.

• Ensure that your systems are up-to-date by using the latest security patches and updates.

• Install vibrant antivirus solution, monitor it’s status and schedule signature updates on
all equipment

• Develop a security policy that includes but not limited to password expiration and
complexity

• Using web filters to block malicious attempts.

• Encrypt all sensitive company information

• Convert HTML email into text-only messages

• Employees that are telecommuting require updated systems. So, provide it for them.

• Two-factor authentication must be deployed to prevent hackers who have compromised

as users credential from ever gaining access.

• Browser ad-on and extensions can be enabled on browsers that prevent users from
clicking on malicious links