Cyber Attacks PDF
Document Details
Uploaded by ProdigiousQuantum
null
Tags
Summary
This document provides an overview of cyber attacks, including their classification, motivations, and various types. It details common cyber attacks such as phishing, whaling, malware attacks, and more. The document discusses different types of attacks, providing insights with a focus on security concerns.
Full Transcript
JTO Ph-II DNIT Cyber Attacks CHAPTER 4 : CYBER ATTACKS 4.1 OBJECTIVE The objectives of this chapter is to understand Cyber attack and its classification Reason for cyber...
JTO Ph-II DNIT Cyber Attacks CHAPTER 4 : CYBER ATTACKS 4.1 OBJECTIVE The objectives of this chapter is to understand Cyber attack and its classification Reason for cyber attack Types of cyber attack Hacking and types of hackers Some famous cyber attack 4.2INTRODUCTION TO CYBER ATTACK A cyber attack is “an attack initiated from a computer against a website, computer system or individual computer … that compromises the confidentiality, integrity or availability of the computer or information stored on it. Cyber attacks take many forms. Their objectives include: Gaining, or attempting to gain, unauthorized access to a computer system or its data. Unwanted disruption or denial of service attacks, including the take down of entire web sites. Installation of viruses or malware - that is malicious code on a computer system. Unauthorized use of a computer system for processing or storing data. Changes to the characteristics of a computer system‟s hardware, firmware or software without the owner‟s knowledge, instruction or consent, and Inappropriate use of computer systems by employees or former employees. 4.3CLASSIFICATION OF CYBER ATTACK Broadly Cyber attack can be classified in two categories : Insider Attack: An attack to the network or the computer system by some person with authorized system access is known as insider attack. It is generally performed by dissatisfied or unhappy inside employees or contractors. The motive of the insider attack could be revenge or greed. It is comparatively easy for an insider to perform a cyber attack as he is well aware of the policies, processes, IT architecture and weakness of the security system. Moreover, the attacker has an access to the network. Therefore it is comparatively easy for a insider attacker to steel sensitive information, crash the network, etc. In most of the cases the reason for insider attack is when a employee is fired or assigned new roles in an organization, and the role is not reflected in the IT policies. This JTO PH-II IT Version Page 45 of 131 For Restricted Circulation JTO Ph-II DNIT Cyber Attacks opens a vulnerability window for the attacker. The insider attack could be prevented by planning and installing an internal intrusion detection system (IDS) in the organization. External Attack: When the attacker is either hired by an insider or an external entity to the organization, it is known as external attack. The organization which is a victim of cyber attack not only faces financial loss but also the loss of reputation. Since the attacker is external to the organization, so these attackers usually scan and gathering information. An experienced network/security administrator keeps regular eye on the log generated by the firewalls as external attacks can be traced out by carefully analyzing these firewall logs. Also, Intrusion Detection Systems are installed to keep an eye on external attacks. The cyber attacks can also be classified as structure attacks and unstructured attacks based on the level of maturity of the attacker. Unstructured attacks: These attacks are generally performed by amatures who don‟t have any predefined motives to perform the cyber attack. Usually these amatures try to test a tool readily available over the internet on the network of a random company. Structure Attack: These types of attacks are performed by highly skilled and experienced people and the motives of these attacks are clear in their mind. They have access to sophisticated tools and technologies to gain access to other networks without being noticed by their Intrusion Detection Systems(IDSs). Moreover, these attacker have the necessary expertise to develop or modify the existing tools to satisfy their purpose. These types of attacks are usually performed by professional criminals, by a country on other rival countries, politicians to damage the image of the rival person or the country, terrorists, rival companies, etc. 4.4 REASONS FOR CYBER ATTACKS Cyber crimes have turned out to be a low-investment, low-risk business with huge returns. Now-a-days these structured crimes are performed are highly organized. There are many reasons which act as a catalyst in the growth of cyber crime. Some of the prominent reasons are: Money: People are motivated towards committing cyber crime is to make quick and easy money. Revenge: Some people try to take revenge with other person/organization/society/ caste or religion by defaming its reputation or bringing economical or physical loss. This comes under the category of cyber terrorism. Fun: The amateur do cyber crime for fun. They just want to test the latest tool they have encountered. Recognition: It is considered to be pride if someone hack the highly secured networks like defense sites or networks. Anonymity- Many time the anonymity that a cyber space provide motivates the person to commit cyber crime as it is much easy to commit a cyber crime over the cyber space and remain anonymous as compared to real world. It is much easier to get away with criminal activity in a cyber world than in the real world. There is a strong sense of anonymity than can draw otherwise respectable citizens to abandon their ethics in pursuit personal gain. JTO PH-II IT Version Page 46 of 131 For Restricted Circulation JTO Ph-II DNIT Cyber Attacks Cyber Espionage: At times the government itself is involved in cyber trespassing to keep eye on other person/network/country. The reason could be politically, economically socially motivated. 4.5VARIOUS TYPES OF CYBER ATTACK In this Section we will discuss various types of cyber attacks: Phishing attacks During a standard phishing attack, a malicious hacker tries to trick the victim into believing he is trustworthy, in order for the user to do a certain action. The most famous of these is the “Nigerian prince” scam. In case you haven’t heard of it, the malicious hacker claims to be a wealthy Nigerian who requires your help in transferring tens of millions of dollars out of his home country. As a reward for your service, the “prince” will send you a hefty sum of money. All you have to do is to provide him with some personal and a small fee to process the money transfer, and you’re rich for life!Of course, it’s all a scam. There is no Nigerian prince or tens of millions of dollars. The only real money in the scheme is the “processing fee” you provide. In a phishing attack, an attacker may send you an email that appears to be from someone you trust, like your boss or a company you do business with. The email will seem legitimate, and it will have some urgency to it (e.g. fraudulent activity has been detected on your account). In the email, there will be an attachment to open or a link to click. Upon opening the malicious attachment, you’ll thereby install malware in your computer. If you click the link, it may send you to a legitimate-looking website that asks for you to log in to access an important file—except the website is actually a trap used to capture your credentials when you try to log in. Whaling Whaling is a more refined version of phishing. This time around, a malicious hacker targets a specific, high value person, such as the CEO of a company or a high-ranking politician. In order to carry out a whaling attack, the malicious hacker gathers as much information about the target as possible, such as details about friends, occupation, passions, hobbies and so on, just so the victim has a higher chance of clicking the link or opening the attachment. Whaling is a niche pursuit for cybercriminals, but a highly profitable one. Malware attacks and infections Malware stands for “Malicious Software” and it is designed to gain access or installed into the computer without the consent of the user. They perform unwanted tasks in the host computer for the benefit of a third party. There is a full range of malwares which are simply written to distract/annoy the user, to the JTO PH-II IT Version Page 47 of 131 For Restricted Circulation JTO Ph-II DNIT Cyber Attacks complex ones which captures the sensitive data from the host machine and send it to remote servers. There are various types of malwares present in the Internet. Adware - It is a special type of malware which is used for forced advertising. They either redirect the page to some advertising page or pop-up an additional page which promotes some product or event. These adware are financially supported by the organizations whose products are advertised. Spyware - It is a special type of which is installed in the target computer with or without the user permission and is designed to steal sensitive information from the target machine. Mostly it gathers the browsing habits of the user and the send it to the remote server without the knowledge of the owner of the computer. Most of the time they are downloaded in to the host computer while downloading freeware i.e. free application programs from the internet. Spywares may be of various types; It can keeps track of the cookies of the host computer, it can act as a key-loggers to sniff the banking passwords and sensitive information, etc. Figure 18: Types of Malware Virus - A virus is a malicious code written to damage/harm the host computer by deleting or appending a file, occupy memory space of the computer by replicating the copy of the code, slow down the performance of the computer, format the host machine, etc. It can be spread via email attachment, pen drives, digital images, e-greeting, audio or video clips, etc. A virus may be present in a computer but it cannot activate itself without the human intervention. Until and unless the executable file(.exe) is execute, a virus cannot be activated in the host machine. Worms - They are a class of virus which can replicate themselves. They are different from the virus by the fact that they does not require human intervention to travel over the network and spread from the infected machine to the whole network. Worms can spread either through network, using the loopholes JTO PH-II IT Version Page 48 of 131 For Restricted Circulation JTO Ph-II DNIT Cyber Attacks of the Operating System or via email. The replication and spreading of the worm over the network consumes the network resources like space and bandwidth and force the network to choke. Trojan horse - Trojan horse is a malicious code that is installed in the host machine by pretending to be useful software. The user clicks on the link or download the file which pretends to be a useful file or software from legitimate source. It not only damages the host computer by manipulating the data but also it creates a backdoor in the host computer so that it could be controlled by a remote computer. It can become a part of botnet(robot-network), a network of computers which are infected by malicious code and controlled by central controller. The computers of this network which are infected by malicious code are known as zombies. Trojans neither infect the other computers in the network nor do they replicate. Rootkits Rootkits are malware that infect your PC on a deeper level, in order for them to be undetectable.Computers are structured in layers. A program can only modify other software from the same layer or above, but not from a deeper one, since it doesn’t have access. For instance, a program like Excel, Photoshop or Word aren’t able to modify underlying software such as the software drivers for graphic cards or sound cards. The deepest layer is the BIOS, which controls a PC’s boot-up procedure and other software aspects. Rootkits usually target this access layer since an antivirus program has a very difficult time finding and removing the rootkit. Rootkits can enslave computers into a botnet, listen in on a user’s internet traffic, or make other types of malware undetectable. It’s safe to say they are the worst type of malware infection out there. Ransomware The most widespread types of ransomware encrypt all or some of the data on your PC, and then asks for a large payment (the ransom) in order to restore access to your data. This type of malware has experienced a wild surge in popularity, in large part thanks to anonymous cryptocurrencies, such as Bitcoin. Denial-of-service (DoS/DDoS) attacks Short for (Distributed) Denial of Service, these sort of cyber attacks seek to disrupt the Internet use of a user or service, by flooding its connection with useless information such as enormous amount of login attempts or excessive amount of traffic. JTO PH-II IT Version Page 49 of 131 For Restricted Circulation JTO Ph-II DNIT Cyber Attacks Unlike a DoS attack, a DDoS relies on a large number of devices that can simultaneously assault the target, hence the name “Distributed” since the attacker’s res are spread across many computers or other devices. Most cases involving DDoS attacks involve a botnet that has a sufficient amount of enslaved devices capable of launching a concerted attack. Botnet A botnet is a network of infected computers that are enslaved to a single command & control center.The computers in a botnet act in unison, so that they all do the same thin simultaneously.Malicious hackers use botnets for some of the nefarious cybercrimes out there, such as DDoS attacks, mass farming for Bitcoin or for gathering user data. Figure 19: DDOS Attack Man-in-the-middle attack Man-in-the-middle (MitM) attacks, also known as eavesdropping attacks, occur when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data. JTO PH-II IT Version Page 50 of 131 For Restricted Circulation JTO Ph-II DNIT Cyber Attacks Two common points of entry for MitM attacks: 1. On unsecure public Wi-Fi, attackers can insert themselves between a visitor’s device and the network. Without knowing, the visitor passes all information through the attacker. 2. Once malware has breached a device, an attacker can install software to process all of the victim’s information. 4.6 SPOOFING ATTACK Spoofing is the act of disguising a communication or identity so that it appears to be associated with a trusted, authorized source. Spoofing attacks can take many forms, from the common email spoofing attacks that are deployed in phishing campaigns to caller ID spoofing attacks that are often used to commit fraud. Attackers may also target more technical elements of an organization’s network, such as an IP address, domain name system (DNS) server, or Address Resolution Protocol (ARP) service, as part of a spoofing attack. IP address spoofing attacks In an IP spoofing attack, an attacker will send IP packets from a spoofed IP address to hide their true identity. Attackers most often use IP address spoofing attacks in DoS attacks that overwhelm their target with network traffic. In such an attack, a malicious actor will use a spoofed IP address to send packets to multiple network recipients. The owner of the real IP address is then flooded with all of the responses, potentially experiencing a disruption in network service. An attacker may also spoof a computer or device’s IP address in an attempt to gain access to a network that authenticates users or devices based on their IP address. ARP spoofing attacks Address Resolution Protocol (ARP) resolves an IP address to its physical Media Access Control (MAC) address for the purpose of transmitting data across a Local Area Network (LAN). In an ARP spoofing attack, a malicious actor sends spoofed ARP messages across a local area network for the purposes of linking their own MAC address with a legitimate IP address. That way, the attacker can steal or modify data that was meant for the owner of that IP address. An attacker wishing to pose as a legitimate host could also respond to requests they should not be able to respond to using their own MAC address. With some precisely placed packets, an attacker can sniff the private traffic between two hosts. Valuable information can be extracted from the traffic, such as exchange of session tokens, yielding full access to application accounts that the attacker should not be JTO PH-II IT Version Page 51 of 131 For Restricted Circulation JTO Ph-II DNIT Cyber Attacks able to access. ARP spoofing is sometimes employed in MITM attacks, DoS attacks, and session hijacking. DNS server spoofing attacks In much the same way ARP resolves IP addresses to MAC addresses on a LAN, the Domain Name System (DNS) resolves domain names to IP addresses. When conducting a DNS spoofing attack, an attacker attempts to introduce corrupt DNS cache information to a host in order to impersonate that host’s domain name—for example, www.onlinebanking.com. Once that domain name has been successfully spoofed, the attacker can then use it to deceive a victim or gain unauthorized access to another host. DNS spoofing can be used for a MITM attack in which a victim inadvertently sends sensitive information to a malicious host, thinking they are sending that information to a trusted source. Or, the victim may be redirected to a site that contains malware. An attacker who has already successfully spoofed an IP address could have a much easier time spoofing DNS simply by resolving the IP address of a DNS server to the attacker’s own IP address. SQL Injection Attack A Structured Query Language (SQL) injection occurs when an attacker inserts malicious code into a server that uses SQL and forces the server to reveal information it normally would not. An attacker could carry out a SQL injection simply by submitting malicious code into a vulnerable website search box. URL Injection Attack During a URL injection, a malicious hacker infects a website by creating new pages in it. These pages in turn contain malicious links, spammy words or even malicious code that forces visitors on the page to be part of a DDoS attack or redirects them to a different website. A malicious hacker can do a URL injection thanks to weaknesses in IT infrastructure, such as WordPress plugins or within any other type of HTML code. Cross site scripting (XSS) Attack Also known as an XSS attack, cross site scripting requires a blackhat hacker inject malicious code into an otherwise trustworthy web page. Once a user does a certain action (such as leaving a comment), then the malicious code in the web page springs into action, infecting the user itself. A malicious hacker infects the web page by exploiting vulnerabilities in the page’s code or any web plugins that happened to be installed. JTO PH-II IT Version Page 52 of 131 For Restricted Circulation JTO Ph-II DNIT Cyber Attacks 4.7HACKING AND HACKERS A commonly used hacking definition is the act of compromising digital devices and networks through unauthorized access to an account or computer system. Hacking is not always a malicious act, but it is most commonly associated with illegal activity and data theft by cyber criminals. Hacking refers to the misuse of devices like computers, smart phones, tablets, and networks to cause damage to or corrupt systems, gather information on users, steal data and documents, or disrupt data-related activity. A traditional view of hackers is a lone rogue programmer who is highly skilled in coding and modifying computer software and hardware systems. But this narrow view does not cover the true technical nature of hacking. Hackers are increasingly growing in sophistication, using stealthy attack methods designed to go completely unnoticed by cyber security software and IT teams. They are also highly skilled in creating attack vectors that trick users into opening malicious attachments or links and freely giving up their sensitive personal data. Hackers A Hacker is a person who finds and exploits the weakness in computer systems and/or networks to gain access. Hackers are usually skilled computer programmers with knowledge of computer security. Hackers can be classified into three different categories: Black Hat Hacker White Hat Hacker Grey Hat Hacker Black Hat Hackers Black hat hackers are the "bad guys" of the hacking scene. They go out of their way to discover vulnerabilities in computer systems and software to exploit them for financial gain or for more malicious purposes, such as to gain reputation, carry out corporate espionage, or as part of a nation- state hacking campaign. These individuals’ actions can inflict serious damage on both computer users and the organizations they work for. They can steal sensitive personal information, compromise computer and financial systems, and alter or take down the functionality of websites and critical networks. White Hat Hackers White hat hackers can be seen as the “good guys” who attempt to prevent the success of black hat hackers through proactive hacking. They use their technical skills to break into systems to assess and test the level of network security, also known as ethical hacking. This helps expose vulnerabilities in systems before black hat hackers can detect and exploit them. The techniques white hat hackers use are similar to or even identical to those of black hat hackers, but these individuals are hired by organizations to test and discover potential holes in their security defenses. Grey Hat Hackers JTO PH-II IT Version Page 53 of 131 For Restricted Circulation JTO Ph-II DNIT Cyber Attacks Grey hat hackers sit somewhere between the good and the bad guys. Unlike black hat hackers, they attempt to violate standards and principles but without intending to do harm or gain financially. Their actions are typically carried out for the common good. For example, they may exploit a vulnerability to raise awareness that it exists, but unlike white hat hackers, they do so publicly. This alerts malicious actors to the existence of the vulnerability. 4.8 SOME FAMOUS CYBER ATTACKS In this section, we will discuss some of the common cyber crimes and frauds incidents over internet so that you could appreciate how these little ignorance could lead to a big disaster. 1. Paypal, an international online money transfer service, which allows you to safely transfer money through an Internet using various encryption techniques and provides an alternative to other traditional payment methods like cheques, money orders, etc. It have an active user base of over 100 million active users in 190 countries and performs over 9 million payments daily. It is a convenient medium for trading particularly of the buyers and sellers are from different countries and have different currencies. Romanion Hacker TinKode aka Razvan Cernaianu, explioted a loophole in the code of the chargeback process of PayPal. Due to this, a user can double its money en every attempt. Suppose the users have Rs.1000, thus using this loophole, the amount will be doubled to Rs.2000 in the first attempt. Now this Rs. 2000 will be doubled to Rs. 4000 in the second attempt. Further Rs. 4000 will be doubled to Rs. 8000. Likewise this process will continue endlessly. 2. Iran’s nuclear facility at Natanz was attacked by virus, Stuxnet which is belived to be developed by US (Shubert, 2011). It was not possible to inject the virus though the Internet as the network of the the Iran‟s necluer facility is a private network and was isolated from rest of the world. The virus first infacted the third party utility which is used by Natanz facility and gained assess to the network. The virus was designed to attack a specific system software which controls the operation of Siemens controllers. The virus speeds up or slow down the centrifuges and thus wearing them out prematurely. Moreover, it hijacked the system and send false signals about the health and status of the nuclear plant. Therefore, by the time the effect of the virus was detected, it was too late and the virus have done much harm to the nuclear facility. 3. Can you belive a fake tweet message can cost $136 billiion loss within seconds (Fisher, 2013). The US stock markets crashed in response to a fake twitter message send via hacked twitter account of Associated Press, USA which reported two explosions in the White House and that President Barack Obama had been injured. Later, Syrian Electronic Army, a terrorist group claimed responsibility on its own Twitter feed for the AP hack. The hacking was performed by sending a phishing e-mail. As soon as the link in the phishing e-mail was clicked, a spyware was installed in the computer and the information stored in the system were sent to remote servers. Using this information the account of AP was hacked and the hoax was created which effected sentiments of the investor of NY Stock Exchange and resulted in heavy loss. JTO PH-II IT Version Page 54 of 131 For Restricted Circulation JTO Ph-II DNIT Cyber Attacks 4. The 2014 Cyber Attack on Yahoo -In 2014, Yahoo witnessed one of the biggest cyber attacks of the year when 500M accounts were compromised. However, it is reported that basic information and passwords were stolen, whereas bank information was not. 5. 2017 WannaCry Ransomware Cyber Attack - One of the biggest ransomware of all time took place in 2017, when around 200,000 computers were affected in more than 150 countries. This outbreak had a massive impact across several industries and had a global cost of about 6B pounds! 6. Romance Scams - The U.S. government found this cyber threat in February 2020. Cybercriminals used this threat through dating sites, chat rooms, and apps. They attack people who are seeking a new partner and duping them into giving away personal data. 4.9CONCLUSION The Internet has spurred a huge wave of innovation, and has made all of our lives so much easier. Unfortunately, criminals have often times innovated at the same speed, or even faster, coming up with newer and more powerful ways to take away your hard earned cash, or control your information. Fortunately, there’s a lot you can do to avoid these attacks. JTO PH-II IT Version Page 55 of 131 For Restricted Circulation