Cyber Security

Ms. Nabeela Bibi

What is Cyber Attack?
A cyberattack is any intentional effort to steal,
expose, alter, disable, or destroy data,
applications, or other assets through
unauthorized access to a network, computer
system or digital device.
Evolution of Cyber Attacks
● Go through links as discussed in class.
● https://www.manageengine.com/log-management/cyber-security-attacks/history-of-c
yber-attacks.html
● https://www.codecademy.com/article/evolution-of-cybersecurity
Types of Cyber attacks
● Cybercriminals use many sophisticated tools and techniques to start cyberattacks
against enterprise IT systems, personal computers, and other targets. Some of the
most common types of cyberattacks include:
○ Malware
○ Social engineering
○ Denial-of-service attacks
○ Account compromise
○ Man-in-the-middle attacks
○ Supply chain attacks
Malware
● Malware is malicious software that can render infected systems inoperable. Malware
can destroy data, steal information, or even wipe files critical to the operating
system’s ability to run. Malware comes in many forms, including:
○ Trojan horses
○ Ransomware
○ Scareware
○ Spyware
○ Rootkits
○ Virus
○ Worms
Trojan Horse
Trojan horses disguise themselves as useful programs or hide within legitimate software to trick
users into installing them. A remote access Trojan (RAT) creates a secret back door on the
victim’s device, while a dropper Trojan installs additional malware once it has a foothold.
A Trojan horse:
● Cannot replicate itself.
● Often contains spying functions (such as a packet sniffer) or backdoor functions that allow a
computer to be remotely controlled from the network.
● Often is hidden in useful software such as screen savers or games.
● Example: Back Orifice, Net Bus, Whack-a-Mole.
Ransomware
Ransomware is sophisticated malware that uses strong encryption to hold data or systems
hostage. Cybercriminals then demand payment in exchange for releasing the system and
restoring functionality. According to IBM’s X-Force Threat Intelligence Index,
ransomware is the second most common type of cyberattack, accounting for 17% of
attacks.
Scareware
● Scareware uses fake messages to frighten victims into downloading malware or
passing sensitive information to a fraudster.
Spyware
● Spyware is a type of malware that secretly gathers sensitive information, like
usernames, passwords, and credit card numbers. It then sends this information back to
the hacker.
Rootkits
• Rootkits are malware packages that allow hackers to gain administrator-level
access to a computer’s operating system or other assets.
Virus
● A virus is a program that attempts to damage a computer system and replicate itself to other
computer systems. A virus:
● Requires a host to replicate and usually attaches itself to a host file or a hard drive sector.
● Replicates each time the host is used.
● Often focuses on destruction or corruption of data.
● Usually attaches to files with execution capabilities such as .doc, .exe, and .bat extensions.
● Often distributes via e-mail. Many viruses can e-mail themselves to everyone in your address
book.
● Examples: Stoned, Michelangelo, Melissa, I Love You.
Worms
● Worms are self-replicating malicious code that can automatically spread
between apps and devices.
● A worm can negatively impact network traffic just in the process of replicating itself.
A worm:
● Can install a backdoor in the infected computer.
● Is usually introduced into the system through a vulnerability.
● Infects one system and spreads to other systems on the network.
● Example: Code Red.
Social Engineering Attacks
● Social engineering attacks manipulate people into doing things that they shouldn’t do,
like sharing information they shouldn’t share, downloading software they shouldn’t
download, or sending money to criminals.
Phishing
● Phishing is one of the most pervasive social engineering attacks. According to
the Cost of a Data Breach report, it is the second most common cause of breaches.
● The most basic phishing scams use fake emails or text messages to steal users’
credentials, exfiltrate sensitive data, or spread malware.
● Phishing messages are often designed to look as though they’re coming from a
legitimate source. They usually direct the victim to click a hyperlink that takes them
to a malicious website or open an email attachment that turns out to be malware.
Cybercriminals have also developed more sophisticated methods of phishing.
● Spear phishing is a highly targeted attack that aims to manipulate a specific
individual, often by using details from the victim’s public social media profiles to
make the ruse more convincing.
● Whale phishing is a type of spear phishing that specifically targets high-level
corporate officers.
● In a business email compromise (BEC) scam, cybercriminals pose as executives,
vendors, or other business associates to trick victims into wiring money or sharing
sensitive data.
Denial-of-service attacks
● Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks flood a
system's resources with fraudulent traffic. This traffic overwhelms the system,
preventing responses to legitimate requests and reducing the system's ability to
perform. A denial-of-service attack may be an end in itself or a setup for another
attack.
Account compromise
● Account compromise is any attack in which hackers hijack a legitimate user's account
for malicious activity.
● Cybercriminals can break into a user's account in many ways. They can steal
credentials through phishing attacks or buy stolen password databases off the dark
web.
● They can use password attack tools like Hashcat and John the Ripper to break
password encryptions or stage brute force attacks, in which they run automated scripts
or bots to generate and test potential passwords until one works.
Man-in-the-middle (MiTM) Attack
● In a man-in-the-middle (MiTM) attack, also called an "eavesdropping attack," a
hacker secretly intercepts communications between two people or between a user and
a server. MitM attacks are commonly carried out via unsecured public wifi networks,
where it's relatively easy for threat actors to spy on traffic.
Supply Chain Attacks
● Supply chain attacks are cyberattacks in which hackers breach a company by targeting its
software vendors, material suppliers, and other service providers. Because vendors are often
connected to their customers' networks in some way, hackers can use the vendor's network as
an attack vector to access multiple targets at once.
● For example, in 2020, Russian state actors hacked the software vendor SolarWinds and
distributed malware to its customers under the guise of a software update (link resides
outside ibm.com). The malware allowed Russian spies to access the sensitive data of various
US government agencies using SolarWinds' services, including the Treasury, Justice, and
State Departments.
Cross-site scripting (XSS)
● Cross-site scripting (XSS) attacks insert malicious code into a legitimate web page or
web application. When a user visits the site or app, the code automatically runs in the
user's web browser, usually stealing sensitive information or redirecting the user to a
spoofed, malicious website. Attackers frequently use JavaScript for XSS attacks.
SQL injection attacks
● SQL injection attacks use Structured Query Language (SQL) to send malicious
commands to a website's or app's backend database. Hackers input the commands
through user-facing fields like search bars and login windows. The commands are
then passed to the database, prompting it to return private data like credit card
numbers or customer details.
Zero-day exploits
● Zero-day exploits take advantage of zero-day vulnerabilities, which are vulnerabilities
either unknown to the security community or identified but not yet patched. These
vulnerabilities can exist for days, months, or years before developers learn about the
flaws, making them prime targets for hackers.
DNS spoofing attacks
● DNS spoofing attacks, also called "DNS poisoning," covertly edit DNS records to
replace a website's real IP address with a fake one. When victims try to visit the real
site, they're unknowingly delivered to a malicious copy that steals their data or
spreads malware.
Impact of Cyber Attacks at Individual Level
1. Financial Losses: Individuals may suffer financial losses due to theft of personal information such
as credit card details, bank account credentials, or identity theft.
2. Identity Theft: Cyber attacks can result in identity theft, where personal information is used to
impersonate the victim for fraudulent activities, leading to damage to credit scores and financial
reputation.
3. Privacy Breaches: Individuals may experience breaches of privacy as cyber attackers gain
unauthorized access to personal data, including sensitive information such as medical records,
private communications, or personal photos.
4. Emotional Distress: Victims of cyber attacks may experience emotional distress, anxiety, or trauma
due to the violation of their privacy and the feeling of being violated.
5. Reputation Damage: If personal information or embarrassing data is leaked online as a result of a
cyber attack, individuals may suffer reputational damage, impacting their personal and professional
lives.
6. Potential Physical Harm: In extreme cases, cyber attacks on individuals, such as those targeting
medical devices or connected infrastructure (e.g., smart home systems), can result in physical harm
or endangerment of life.
Impact of Cyber Attacks at Organizational Level
1. Financial Losses: Cyber attacks on organizations can result in significant financial losses due to
theft of funds, disruption of business operations, and costs associated with incident response,
recovery, and potential legal liabilities.
2. Reputation Damage: Organizations may suffer reputational damage due to breaches of customer
data or failure to protect sensitive information, leading to loss of trust among customers, partners,
and stakeholders.
3. Operational Disruption: Cyber attacks can disrupt business operations, causing downtime, loss of
productivity, and disruption of supply chains, leading to direct financial losses and long-term impacts
on competitiveness.
4. Intellectual Property Theft: Organizations may face intellectual property theft through cyber
attacks, resulting in loss of competitive advantage, compromised innovation, and potential legal
battles.
5. Regulatory Compliance Issues: Cyber attacks can lead to non-compliance with data protection
regulations, resulting in fines, penalties, and legal consequences for organizations.
6. Damage to Infrastructure: Certain cyber attacks, such as those targeting critical infrastructure or
industrial systems, can cause physical damage, disruption of essential services, and even endanger
lives.
Thank you!