Professional Documents
Culture Documents
A Study of Cyber Attacks and Cyber Security: New Trends and The Current Digital Era
A Study of Cyber Attacks and Cyber Security: New Trends and The Current Digital Era
Abstract:
A cyber-attack is a terrible attempt to break up, damage, or want computer system, network, or
digital device to get unlicensed approach. Cyber-attacks encompass a range of strategies,
including but not limited to malware infections, phishing schemes, denial of service attacks,
ransomware, and social engineering tactics. These malicious actions have the potential to
inflict substantial harm on individuals, businesses, and even entire systems or networks
nations, resulting in financial loss, identity theft, loss of reputation, and loss of critical data.
Cyber-attacks are becoming increasingly mundane, and cybercriminals are constantly
developing new technologies to bypass security measures and exploit attacks in computer
systems easily. To protect against cyber-attacks, individuals and organizations must
implement robust cybersecurity measures, including firewalls, antivirus software, data
encryption, access control, and employee training programs.
1. INTRODUCTION
A cyber-attack refers to any unauthorized effort aimed at accessing computer systems or
digital computing systems networks, intended to A cyber-attack is an act aimed at either
damaging or taking control of computer systems or obstructing their normal operation
manipulation or still data stored within these systems can be targeted by individuals or groups
launching cyber-attacks from virtually any location, utilizing one or more methods or tools
different methods. Hack into Government agencies, defense and advanced technology firms,
or criminal activities resulting in financial losses exceeding $1 million. To provide robust
security one has to understand the nature of cyber-attacks, an individual who employs a
computer to illicitly access data without proper authorization. Cyber-attacks occur every
39sec, with one hacker attack on the Internet on average, according to the University of
Maryland [1]. Now, how does this attack happen? Apparently, the hacker uses malicious code
Page | 1
and software to change computer code, logic, and data. With the advance use of the Internet
and smart technology, cyber-attacks are increasing with the highest amount of significant
cyber-attack since 2006. Nearly two-thirds of IT security professionals believe that a
successful cyber-attack is going to happen in 2019. Then, in 2018, the United States
experienced a significant surge in cyber-attacks, reporting 30 incidents during that year alone.
In May 2020, the NSA identified a case where Russian hackers were actively extracting
sensitive information from U.S. organizations, exploiting a vulnerability within a widely used
email server. In June 2020, Malicious software, or malware, was employed to execute cyber-
attacks targeting the digital infrastructure of nine human rights organizations based in India
acts. His keystrokes were logged, audio recorded, and his personal credentials were stolen. In
December 2020, Funke Media Group, one of Germany's major media organizations, became
the target of a ransomware attack, causing significant disruption and damage. About 6,000
computers were viruses, bringing job to a halt in the organization editorial offices
Additionally, several of its major printing facilities were also affected Cybercrime is projected
to result in a staggering economic cost of approximately $10.5 trillion to the global economy
by the year 2025. annually. That's about $20 million every minute.[2]
Cyber-attacks is a digital landscape, are consistently grabbing attention in the news, and the
reality is that anyone who uses a computer can potentially fall victim to such attacks. These
attacks come in various forms and can affect individuals at any time. sort of cyber tanks
ranging from.
Now, let’s talk about different types of cyberattack and how to prevent from attacks.
The hacker inserts themselves between your network connection, effectively positioning themselves
within the data flow and online login credentials such as the server. Amount details, or credit
card numbers, in real time.
Example: You don't have mobile data, so you need to connect to public Wi-Fi. Then you
have to buy something from a random online store. And in a few days, your bank account
Page | 2
balance drops to zero.
Prevent:
Always use a secure and trusted internet connection when accessing
sensitive information
Install and use reputable antivirus and anti-malware software on your device.
Avoid connecting to public Wi-Fi.
Verify the authenticity of websites and emails before sharing personal information or
clicking on links.
Use encrypted communication methods such as SS and HTTPS to protect against
MitM attacks.
1.1.2 Phishing
Phishing attacks are In cases of cyber-terrorism, attackers may employ deceptive phone calls
or emails containing clickable links to deceive their targets to get sensitive and confidential
information like passwords, credit cards, etc.
Example: You receive An email allegedly sent by a bank, urgently requesting you to update
your credit card PIN within a 24-hour timeframe. This is a security measure that recognizes
the severity of the message that you follow from your current credit card PIN and the link in
the email when the allegedly updated giveaway.
How it works: Phishing attacks start with a fraudulent message, which can be transmitted via
email or chat application, even using SMS conversations to take the form of legitimate
sources. Regardless of the way the message is transmitted, it targets the victim in a way that
prompts them to open malicious links and provide important information on the necessary
website.
Prevent:
Checked the link in the email for authenticity and that it redirected to a secure
website running the HTTPS protocol.
Even the message should not be heeded.
Page | 3
Avoid entering private information on random websites.
Pop-up windows no matter how legitimate they are.
Example: This can happen when you visit a website, open an email attachment, or click a
link.
How it’s work: If your browser is running an outdated and vulnerable version of Flash,
visiting a website can become a potential threat. In
such cases, the specific version of Flash can be
targeted for exploitation, and upon visiting the site,
Flash may activate to clandestinely download
something in the background, such as ransomware,
which is then automatically executed, causing an
infection in your system. Another avenue of risk is
through compromised ad networks. While browsing a
familiar news site, for instance, an advertisement on
the right side of the screen could exploit a
vulnerability in your browser, initiating a download that infects your system. Given the
ease of execution and the susceptibility of users, drive-by attacks pose a significant
security risk. Fig. 1 Drive-by download attack
Downloads of this kind can be discreetly embedded within seemingly innocent and ordinary
websites. You could receive a link via email, text message, or a social media post, enticing you
to check out something intriguing on a particular site. As you engage with the content, such as
reading an article or enjoying a cartoon, the download quietly installs itself on your computer
without your knowledge.
Prevent:
Ensure Keeping your internet browser and operating system current and regularly
updated is essential.
Reduce the number of browser add-ons used.
Page | 4
1.1.4 Botnet attacks
Botnet systems These are networks where attackers have introduced malware, resulting in a
collection of compromised systems. into that are controlled by hacker the hacker use the
computers to do things like send spam email launch denial service attacks or even steal
personal information. Botnet attacks can be very serious and they’re becoming more and
more common so it’s important to be aware of them.
Example: In 2019, a botnet assault impacted several Indian organizations, including banks,
financial institutions, and government entities.
How it’s work: Uses a network of infected computers
known as Bots to carry out a malicious action the Bots
are usually controlled by a cybercriminal
who can use them to launch a variety of attacks botnet
attacks are usually launched by sending out emails or
messages that contain malware When the recipient
clicks the link or opens the attachment, their computer
gets compromised by the malware. and becomes part of
the botnet the cybercriminal then has control of the bot
and can use it to carry out various attacks. Botnet attacks
can be very damaging and can cause a lot of disruption Fig.2 Botnet attack
Use firewall.
Practice safe browsing habits.
Use strong passwords.
How it’s work: Imagine a scenario where a hacker is targeting a website that contains
sensitive data stored in its database. The website includes a login page, and the hacker suspects
that this login page provides a potential entry point to access the valuable database. In typical
web application architecture, the login page serves as a gateway for users to access their
accounts. When users input their username and password and click the login button, a series of
steps occur.
Prevent:
Validate input.
Parameterized queries.
Prepared statement.
Fig.5 SQL Injection attack
Escape all user supplied input.
Page | 8
How it’s work: When we visit a website, we send a request to the website to access the
requested data and then responses is displayed in our web browser in cross site scripting
attacks attackers inject malicious code into the website after the counting to the type of cross
side scripting attack perform malicious code is then sent to the victim or it gets stored on the
website and then When someone visits the website that malicious script gets executed on the
visitors device. The most common location where attackers insert their malicious code on
websites is search fields input fields like the form of the websites or comment section or any
page that displays user supplied data.
Prevent:
Validate user input: Ensure that any data receive from user input is validated on both
the client-site and server-side.
Use output encoding: On user generated content that is displayed on the website
should be properly encoded.
Implement Content Security Policy (CSP) and its purpose in specifying which
resources are permitted to be loaded by a web page.
Make cookies as HTTPS-only: Cookies can be used to store session information
Keep software updated.
Password attacks represent a prevalent and serious threat to user account authentication. In
2020, they played a significant role in data breaches, accounting for more than 81% of
reported incidents. These attacks exploit vulnerabilities in the authentication systems, often
combining flawed authorization mechanisms with automated tools to guess and crack
passwords. Threat actors, including cybercriminals, utilize password-based authentication
mechanisms as a primary means to gain unauthorized access to sensitive user information.
Example: Yahoo data breaches between 2013 and 2014 that compromised the personal
information, including passwords, of the three billion Yahoo user accounts. The attackers used
a variety of techniques, including phishing and stolen credentials, to gain access to the user
data.
How it’s work: A hacker wants to gain access to a user’s bank account. They might start by
using the explanation of a brute force attack, which involves attempting every conceivable
character combinations until they find the correct password. If that doesn’t work, they might
try a dictionary attack using a list of common passwords or personal information about the
Page | 9
user to guess the password.
If those methods fail, the hacker might try a phishing
attack. They might send an email to the user, pretending
to be from the bank, and ask them to click on a link to
log into their account. The link takes the Redirecting a
user to a counterfeit login page that closely mimics the
appearance of the genuine ones, but is actually controlled
by the hacker. When the users enter their password, the
hacker captures it, and can use it to access the user
account.
Prevent:
Use strong, Unique passwords. Fig. 6 Password Attack
Example: In 2006 Mirai botnet attack flooded Domain name system (DNS) provider Dyn’s
servers with traffic, making multiple high-traffic website such as Twitter, Amazon, and
Netflix to become inaccessible to the users.
How it’s work: In the early days of network computing, an individual could easily disrupt
users and websites through a method called a "Denial of Service" (DoS) attack. This involved
a single attacker focusing on a single target, utilizing just one computer and internet
connection. The attacker flooded the target server with packets, sending a high volume of
requests that closely resembled legitimate ones. This flood of requests overwhelmed the
server, making it challenging for the system to distinguish between valid and invalid requests.
The primary goal of a DoS attack was to saturate the server's bandwidth and computing
Page | 10
resources to the point where it became inaccessible to other users.
Prevent:
Strong network security measures.
Deploying Using a Content Delivery Network (CDN) to efficiently distribute and
manage web traffic across numerous servers.
Using rate-limiting
Using blacklists or IP filtering.
Educating users on best practices for network security, such as not clicking on the
species links or downloading unknown files.
How it’s work: In a Distributed Denial of Service (DDoS) attack, the targeted server faces an
onslaught of traffic from multiple sources, ultimately overwhelming it. This onslaught
consumes the server's vital system resources, such as CPU and memory, and monopolizes
network bandwidth. Consequently, legitimate users trying to access the server experience
service denial. This manifests as slow-loading web pages and the familiar spinning "lag
wheel" on their screens.
So, how do attackers enlist other computers to participate in a DDoS attack? They employ
malicious software, crafting malware programs distributed across the internet, often hiding
them in websites or email attachments. When a vulnerable computer accesses these infected
sources or opens tainted email attachments, the malware silently installs itself without the
Page | 11
user's awareness. This recruitment process forms an army of compromised computers known
as a botnet.
A botnet isn't confined to just a few machines; it can encompass hundreds or even thousands
of computers scattered globally. This vast network can be controlled like an army awaiting
instructions from the attacker, who operates as a centralized command and control center for
the botnet. The attacker issues commands to all these computers, directing them to launch an
attack at a specific date and time. Once the designated moment arrives, the orchestrated DDoS
attack commences.
The duration of a DDoS attack can vary widely, lasting for hours or even days, depending on
the attacker's goals and resources.
Prevent:
Implementing anti-DDoS solutions such as firewalls.
Monitoring network traffic for unusual patterns and behaviors that may indicate
an attack.
Enabling rate – limiting and traffic filtering to block traffic from suspicious
sources.
Not open any link that you are not known of.
Mitigate the attacks.
A data breach is a security incident that involves the unauthorized access or exposure of
sensitive or protected information, particularly personal data. It occurs when individuals or
entities gain access to this information without the proper authorization. Data breaches can
affect anyone, from individuals to government organizations, and can take various forms.
For instance, one significant concern is insider threats, where employees or former employees,
sometimes out of dissatisfaction, engage in activities that compromise data security. An
Page | 12
example is an employee using a colleague's computer to access files without permission, even
if no information is shared externally. Such unauthorized access is considered a breach,
whether intentional or not. Additionally, data breaches can also result from malicious insiders
who purposely access and share data with harmful intentions, even if they have legitimate
authorization to use that data.
The COVID-19 pandemic has brought about a shift in work culture, with remote work
becoming more widespread and accepted. However, this transition has given rise to new
security challenges across various industries. Enterprises are increasingly recognizing the
critical importance of cybersecurity in protecting sensitive data. The year 2020, in particular,
saw a notable increase in serious data breaches, underlining the urgency of robust
cybersecurity measures in our evolving digital landscape.
In July 15, 2020, Twitter accounts were hacked as part of a Bitcoin Scam, resulting in a
significant data breach [3].
In April 2020, credential-based data breach compromise over 500,000 Zoom accounts leading
to various malicious activities such as phishing attacks [4].
T-Mobile reported a data breach in August 2021 that compromise personal information of over
50 million customers due to unauthorized access to its systems [5].
How it’s work: A data breach happens when a person or group of people gain access to
sensitive or secure data. Usually that financial data or personal data. Credit card information,
banking information, what we call personally identifiable information or P.I.I. and that things
like your Social Security number, your date of birth, address health records.
So, most data are now stored in the cloud. We’re putting in a space where technically you can
access it anywhere, and that gives access not just to the employees who are working
everywhere and even anywhere, but to people who might want to gain unauthorized access.
Prevent:
Update your software and upgrade your devices as soon as options are available.
Use encrypted cloud services
Use strong passwords and multi-factor authentication.
Use a VPN, antivirus and firewall
Inform low enforcement when experience a hack.
Page | 13
Avoid clicking suspicious links.
Example: The Tesla company experience executive checking attack in 2018 Where attacker
hacked into Tesla’s Kubernetes console to mine cryptocurrency by using the company’s cloud
computing resources without their knowledge.
How it’s work: Crypto Jackers can happen in two ways, one method is similar to a malware.
Clicking on a malicious link within an email can lead to the surreptitious installation of crypto
mining code on your computer. Once your device is infected, the crypto miner operates
continuously, covertly using your computer's resources to mine cryptocurrency in the
background. Another method known as drive-by crypto mining shares similarities with
malicious advertising exploits. In this approach, hackers insert JavaScript code into a
webpage, enabling them to mine cryptocurrency on the devices of visitors to that webpage.
The 2023 SonicWall Cyber Threat Report from SonicWall Capture Labs highlights a
concerning trend. According to the report, there was a significant 43% year-over-year increase
in cryptojacking attempts during 2022. This statistic underscores the growing prevalence of
cryptojacking as a cyber threat and the importance of staying vigilant against such attacks
.Prevent:
Install and use reputable antivirus and antimalware software.
Keep up-to-date your software and devices.
Don’t click on any suspicious links or attachments.
Use ad-blocking extensions on your web browser.
Page | 14
This malicious act occurs when a hacker gains unauthorized access to data transmitted
between two devices, potentially leading to data interception, deletion, or modification.
Example: A hacker uses software or hardware to intercept and listen in on someone’s phone
or video call without their knowledge or consent.
How it’s work: Technically done by using specialized hardware or software to capture and
analyze network traffic or by physically tapping in the communicate line. The attacker can
then use information obtained through eavesdropping for malicious Purposes, such as stealing
sensitive data or conducting further attacks.
Prevent:
Example: Crypto mining malware attack is the “Smominru” botnet, which infected 526,000
computers and generated millions of dollars in cryptocurrency for its operators.
The “Smominru” crypto-mining malware infected over half a million machines in 2020.
How it’s work: essentially crypto mining Cryptocurrency mining involves the utilization of
computational power to generate new blocks in the blockchain, particularly in
cryptocurrencies like Bitcoin. As the blockchain expands, additional computational resources
are required for this process. However, crypto mining crosses into malicious territory when it
Page | 15
leverages the computational power of others without their explicit consent. Cybercriminals
have taken a keen interest in harnessing the computing capabilities of compromised systems
for cryptocurrency mining purposes. Their targets encompass a wide range of devices,
including Windows servers, laptops, Android devices, and even Internet of Things (IoT)
endpoints.
Prevent:
Humans are vulnerable, not the machines, machines just do what you program them to do, so
there is no way to actually exploit them. But 90%, or actually 95% of all cyberattacks and
scams happen because of human vulnerabilities.
Page | 16
2.5 Check Website URL
A secure website’s URL should begin with “https” rather than “http”. You can use the URL
Constructor to check if a string is a valid URL.[6]
Page | 17
3.5 Public Safety Risk
Public safety can be directly threatened by cyberattacks that compromise medical care, cause
accidents, or cause service interruptions [7].
4.4 Back It Up
Safeguard your precious digital assets, including work, music, photos, and more, by creating
electronic copies and securely storing them. Remember the 3-2-1 rules: keep at least 3 copies
of your data, with 2 backpack copies on different media storage, 1 of which is located offsite
Page | 18
[8].
For law enforcement organizations all across the world, cybercrime is a serious issue that has
become increasingly challenging. The following are some significant challenges with
cybercrime and law enforcement:
Page | 19
The technical complexity of cybercrime investigations is another issue facing law enforcement
organizations. Investigations may need specialized technical knowledge and equipment
because cybercriminals frequently employ sophisticated techniques to hide their identities and
cover their tracks.[8][9]
Despite these challenges, law enforcement agencies around the world are working to develop
new cybercrime strategies and tools to combat cybercrime. This includes collaboration with
the private sector, increased investment in technology and training, and the creation of
international cooperation agreements and protocols. However, because cybercrime is
continually evolving, law enforcement organizations must continue to be alert and flexible in
their attempts to counter this expanding threat.[11]
Cyberattack on All India Institute of Medical Science (AIIMS) and Safdarjung Hospital
After the recent cyberattack at all India Institute of Medical Science (AIIMS) Delhi,
Safdarjung Hospital officials reported a cyberattack targeting the hospital hit by a cyberattack
in mid-November, official said on Friday.
However, the damage was not as server as it had been for the AIIMS hospitalIn contrast to
AIIMS, the cyberattack that occurred at Safdarjung Hospital was not a ransomware attack,
but it did result in the hospital's IP being blocked. Services at Safdarjung Hospital have not
been severely impacted, as the hospital has been able to maintain its outpatient services
through manual operations. However, at AIIMS, the server remains inaccessible since the
cyberattack on November 23. This has necessitated the shift to manual operation mode for all
hospital services, including inpatient care and laboratory services. It is anticipated that
services will gradually resume manually in the middle of the coming week. As part of
recovery efforts, approximately 3000 computers have undergone scanning, and antivirus
software has been deployed to enhance future security measures [13].
Fig.7 Safdarjung Cyber Attack and AIIMS Ransomware Attack
Page | 23
filing from the company's Mumbai headquarters. Tata Power, a subsidiary of the
multinational conglomerate Tata Group, is India's largest integrated power firm,
headquartered in Mumbai and serving over 12 million customers through its distribution
networks. On October 14, Tata Power confirmed that it had fallen victim to a cyberattack
that affected certain IT systems.
6.7
6.8 The Hive ransomware group has claimed responsibility for this recent attack on Tata
Power and has initiated the release of stolen employee data. The disclosure of this stolen
data implies that any attempts to negotiate a ransom payment were unsuccessful.
The compromised employee data includes
sensitive details like Aadhaar national identity
card numbers, tax account numbers, salary
records, residential addresses, and contact
numbers. This leaked information, made
available on Hive's dark web leak platform on
October 24, extends to encompass engineering
blueprints, financial and banking documents,
client records, and certain private keys. In
response to growing cybersecurity concerns, the
central government has established a Computer
Fig.12 Cyberattack on Tata Power
Emergency Response Team under the Ministry
of Power to serve as the primary agency responsible for coordinating all cybersecurity-
related matters.
1. https://pin.it/5Vetdlf
2. https://pin.it/4Y50lsE
3. https://pin.it/60tJMc9
4. https://theprint.in/india/indias-had-its-worst-year-of-cyberattacks-but-2023-will-see-
govt-firms-ramp-up-defences/1286441/#google_vignette
5. https://en.m.wikipedia.org/wiki/2020_Twitter_account_hijacking#:~:text=On%20July
6. %2015%2C%202020%2C%20between,to%20promote%20a%20bitcoin%20scam.
7. https://yourstory.com/2020/04/zoom-hacked-accounts-selling-dark-web-privacy-
nightmare
8. https://www.t-mobile.com/news/network/cyberattack-against-tmobile-and-our-
customers
9. https://pin.it/5fPzG5Z
10. https://en.m.wikipedia.org/wiki/Cyberattack#:~:text=An%20organization%20can%20 be
%20vulnerable,to%20errors%20in%20the%20output
11. https://pin.it/1t3h1u6
12. https://cybercrime.gov.in/#:~:text=National%20police%20helpline%20number%20is,
Cyber%20Crime%20Helpline%20is%201930
13. https://www.itgovernance.eu/blog/en/cyber-attacks-and-data-breaches-in-review-
march-2023
14. https://economictimes.indiatimes.com/tech/technology/aiims-cyber-attack-took-place-
due-to-improper-network-segmentation-govt-in-rs/articleshow/97805598.cms
15. https://m.timesofindia.com/india/after-cyberattack-on-aiims-icmr-website-faces-6000-
hacking-attempts/amp_articleshow/96031036.cms
16. https://www.vinchin.com/en/news/indian-second-largest-airline-spicejet-faced-cyber-
attack-hundreds-of-passengers-stranded.html
17. https://timesofindia.indiatimes.com/city/guwahati/assam-cyberattack-in-oil-indias-
headquarters-attackers-demand-over-rs-57-crore-as-
ransom/articleshow/91067771.cms
18. https://trak.in/tags/business/2021/03/15/tech-mahindra-hit-by-ransomware-attack-
spends-rs-5-cr-to-restore-servers-will-govt-pay/
19. https://techcrunch.com/2022/10/25/tata-power-hive-ransomware/
Page | 25
20. Fig.7 https://twitter.com/ANI/status/1595421417411325953?lang=en
21. Fig.8https://twitter.com/MirrorNow/status/1600122931434110977?ref_src=twsrc%5E tfw
22. Fig.9 https://twitter.com/flyspicejet/status/1529394577127645188?lang=en
23. Fig.10 https://twitter.com/bitinning/status/1514860988167712772
24. Fig.11 https://twitter.com/ET_CIO/status/1371687734973067266
25. Fig.12 https://twitter.com/Reuters/status/1580953250118963202
REFERENCES
Page | 26