Cyber Attacks PDF

Summary

This document provides an overview of cyber attacks, including their classification, motivations, and various types. It details common cyber attacks such as phishing, whaling, malware attacks, and more. The document discusses different types of attacks, providing insights with a focus on security concerns.

Full Transcript

JTO Ph-II DNIT Cyber Attacks

CHAPTER 4 : CYBER ATTACKS

4.1 OBJECTIVE
The objectives of this chapter is to understand
 Cyber attack and its classification
 Reason for cyber attack
 Types of cyber attack
 Hacking and types of hackers
 Some famous cyber attack

4.2INTRODUCTION TO CYBER ATTACK
 A cyber attack is “an attack initiated from a computer against a website, computer system
or individual computer … that compromises the confidentiality, integrity or availability
of the computer or information stored on it. Cyber attacks take many forms.
 Their objectives include:
 Gaining, or attempting to gain, unauthorized access to a computer system or its data.
 Unwanted disruption or denial of service attacks, including the take down of entire web
sites.
 Installation of viruses or malware - that is malicious code on a computer system.
 Unauthorized use of a computer system for processing or storing data.
 Changes to the characteristics of a computer system‟s hardware, firmware or software
without the owner‟s knowledge, instruction or consent, and
 Inappropriate use of computer systems by employees or former employees.

4.3CLASSIFICATION OF CYBER ATTACK

Broadly Cyber attack can be classified in two categories :
 Insider Attack: An attack to the network or the computer system by some person with
authorized system access is known as insider attack. It is generally performed by
dissatisfied or unhappy inside employees or contractors. The motive of the insider attack
could be revenge or greed. It is comparatively easy for an insider to perform a cyber
attack as he is well aware of the policies, processes, IT architecture and weakness of the
security system. Moreover, the attacker has an access to the network. Therefore it is
comparatively easy for a insider attacker to steel sensitive information, crash the network,
etc. In most of the cases the reason for insider attack is when a employee is fired or
assigned new roles in an organization, and the role is not reflected in the IT policies. This

JTO PH-II IT Version Page 45 of 131
For Restricted Circulation
 JTO Ph-II DNIT Cyber Attacks

opens a vulnerability window for the attacker. The insider attack could be prevented by
planning and installing an internal intrusion detection system (IDS) in the organization.
 External Attack: When the attacker is either hired by an insider or an external entity to
the organization, it is known as external attack. The organization which is a victim of
cyber attack not only faces financial loss but also the loss of reputation. Since the attacker
is external to the organization, so these attackers usually scan and gathering information.
An experienced network/security administrator keeps regular eye on the log generated by
the firewalls as external attacks can be traced out by carefully analyzing these firewall
logs. Also, Intrusion Detection Systems are installed to keep an eye on external attacks.

 The cyber attacks can also be classified as structure attacks and unstructured attacks
based on the level of maturity of the attacker.

 Unstructured attacks: These attacks are generally performed by amatures who don‟t have
any predefined motives to perform the cyber attack. Usually these amatures try to test a
tool readily available over the internet on the network of a random company.
 Structure Attack: These types of attacks are performed by highly skilled and experienced
people and the motives of these attacks are clear in their mind. They have access to
sophisticated tools and technologies to gain access to other networks without being
noticed by their Intrusion Detection Systems(IDSs). Moreover, these attacker have the
necessary expertise to develop or modify the existing tools to satisfy their purpose. These
types of attacks are usually performed by professional criminals, by a country on other
rival countries, politicians to damage the image of the rival person or the country,
terrorists, rival companies, etc.

4.4 REASONS FOR CYBER ATTACKS
 Cyber crimes have turned out to be a low-investment, low-risk business with huge
returns. Now-a-days these structured crimes are performed are highly organized. There
are many reasons which act as a catalyst in the growth of cyber crime. Some of the
prominent reasons are:
 Money: People are motivated towards committing cyber crime is to make quick and easy
money.
 Revenge: Some people try to take revenge with other person/organization/society/ caste
or religion by defaming its reputation or bringing economical or physical loss. This
comes under the category of cyber terrorism.
 Fun: The amateur do cyber crime for fun. They just want to test the latest tool they have
encountered.
 Recognition: It is considered to be pride if someone hack the highly secured networks
like defense sites or networks.
 Anonymity- Many time the anonymity that a cyber space provide motivates the person to
commit cyber crime as it is much easy to commit a cyber crime over the cyber space and
remain anonymous as compared to real world.
It is much easier to get away with criminal activity in a cyber world than in the real world. There
is a strong sense of anonymity than can draw otherwise respectable citizens to abandon their
ethics in pursuit personal gain.

JTO PH-II IT Version Page 46 of 131
For Restricted Circulation
 JTO Ph-II DNIT Cyber Attacks

 Cyber Espionage: At times the government itself is involved in cyber trespassing to keep
eye on other person/network/country. The reason could be politically, economically
socially motivated.

4.5VARIOUS TYPES OF CYBER ATTACK
In this Section we will discuss various types of cyber attacks:

 Phishing attacks
During a standard phishing attack, a malicious hacker tries to trick the victim into believing he is
trustworthy, in order for the user to do a certain action.

The most famous of these is the “Nigerian prince” scam. In case you haven’t heard of it, the malicious
hacker claims to be a wealthy Nigerian who requires your help in transferring tens of millions of dollars
out of his home country. As a reward for your service, the “prince” will send you a hefty sum of money.

All you have to do is to provide him with some personal and a small fee to process the money transfer,
and you’re rich for life!Of course, it’s all a scam. There is no Nigerian prince or tens of millions of dollars.
The only real money in the scheme is the “processing fee” you provide.

In a phishing attack, an attacker may send you an email that appears to be from someone you
trust, like your boss or a company you do business with. The email will seem legitimate, and it will
have some urgency to it (e.g. fraudulent activity has been detected on your account). In the email,
there will be an attachment to open or a link to click. Upon opening the malicious attachment, you’ll
thereby install malware in your computer. If you click the link, it may send you to a legitimate-looking
website that asks for you to log in to access an important file—except the website is actually a trap
used to capture your credentials when you try to log in.

 Whaling
Whaling is a more refined version of phishing. This time around, a malicious hacker targets a specific,
high value person, such as the CEO of a company or a high-ranking politician. In order to carry out a
whaling attack, the malicious hacker gathers as much information about the target as possible, such as
details about friends, occupation, passions, hobbies and so on, just so the victim has a higher chance of
clicking the link or opening the attachment.

Whaling is a niche pursuit for cybercriminals, but a highly profitable one.

 Malware attacks and infections
Malware stands for “Malicious Software” and it is designed to gain access or installed into the computer
without the consent of the user. They perform unwanted tasks in the host computer for the benefit of a
third party. There is a full range of malwares which are simply written to distract/annoy the user, to the

JTO PH-II IT Version Page 47 of 131
For Restricted Circulation
 JTO Ph-II DNIT Cyber Attacks

complex ones which captures the sensitive data from the host machine and send it to remote servers.
There are various types of malwares present in the Internet.

Adware - It is a special type of malware which is used for forced advertising. They either redirect
the page to some advertising page or pop-up an additional page which promotes some product or
event. These adware are financially supported by the organizations whose products are advertised.
Spyware - It is a special type of which is installed in the target computer with or without the user
permission and is designed to steal sensitive information from the target machine. Mostly it gathers the
browsing habits of the user and the send it to the remote server without the knowledge of the owner of
the computer. Most of the time they are downloaded in to the host computer while downloading
freeware i.e. free application programs from the internet. Spywares may be of various types; It can
keeps track of the cookies of the host computer, it can act as a key-loggers to sniff the banking
passwords and sensitive information, etc.

Figure 18: Types of Malware

Virus - A virus is a malicious code written to damage/harm the host computer by deleting or appending
a file, occupy memory space of the computer by replicating the copy of the code, slow down the
performance of the computer, format the host machine, etc. It can be spread via email attachment, pen
drives, digital images, e-greeting, audio or video clips, etc. A virus may be present in a computer but it
cannot activate itself without the human intervention. Until and unless the executable file(.exe) is
execute, a virus cannot be activated in the host machine.

Worms - They are a class of virus which can replicate themselves. They are different from the virus by
the fact that they does not require human intervention to travel over the network and spread from the
infected machine to the whole network. Worms can spread either through network, using the loopholes

JTO PH-II IT Version Page 48 of 131
For Restricted Circulation
 JTO Ph-II DNIT Cyber Attacks

of the Operating System or via email. The replication and spreading of the worm over the network
consumes the network resources like space and bandwidth and force the network to choke.

Trojan horse - Trojan horse is a malicious code that is installed in the host machine by pretending to be
useful software. The user clicks on the link or download the file which pretends to be a useful file or
software from legitimate source. It not only damages the host computer by manipulating the data but
also it creates a backdoor in the host computer so that it could be controlled by a remote computer. It
can become a part of botnet(robot-network), a network of computers which are infected by malicious
code and controlled by central controller. The computers of this network which are infected by
malicious code are known as zombies. Trojans neither infect the other computers in the network nor do
they replicate.

 Rootkits
Rootkits are malware that infect your PC on a deeper level, in order for them to be
undetectable.Computers are structured in layers. A program can only modify other software from the
same layer or above, but not from a deeper one, since it doesn’t have access. For instance, a program
like Excel, Photoshop or Word aren’t able to modify underlying software such as the software drivers for
graphic cards or sound cards.

The deepest layer is the BIOS, which controls a PC’s boot-up procedure and other software aspects.
Rootkits usually target this access layer since an antivirus program has a very difficult time finding and
removing the rootkit.

Rootkits can enslave computers into a botnet, listen in on a user’s internet traffic, or make other types
of malware undetectable. It’s safe to say they are the worst type of malware infection out there.

 Ransomware
The most widespread types of ransomware encrypt all or some of the data on your PC, and then asks for
a large payment (the ransom) in order to restore access to your data.

This type of malware has experienced a wild surge in popularity, in large part thanks to anonymous
cryptocurrencies, such as Bitcoin.

 Denial-of-service (DoS/DDoS) attacks
Short for (Distributed) Denial of Service, these sort of cyber attacks seek to disrupt the Internet use of a
user or service, by flooding its connection with useless information such as enormous amount of login
attempts or excessive amount of traffic.

JTO PH-II IT Version Page 49 of 131
For Restricted Circulation
 JTO Ph-II DNIT Cyber Attacks

Unlike a DoS attack, a DDoS relies on a large number of devices that can simultaneously assault the
target, hence the name “Distributed” since the attacker’s res are spread across many computers or
other devices.

Most cases involving DDoS attacks involve a botnet that has a sufficient amount of enslaved devices
capable of launching a concerted attack.

 Botnet
A botnet is a network of infected computers that are enslaved to a single command & control
center.The computers in a botnet act in unison, so that they all do the same thin
simultaneously.Malicious hackers use botnets for some of the nefarious cybercrimes out there, such as
DDoS attacks, mass farming for Bitcoin or for gathering user data.

Figure 19: DDOS Attack

 Man-in-the-middle attack

Man-in-the-middle (MitM) attacks, also known as eavesdropping attacks, occur when attackers insert
themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal
data.

JTO PH-II IT Version Page 50 of 131
For Restricted Circulation
 JTO Ph-II DNIT Cyber Attacks

Two common points of entry for MitM attacks:

1. On unsecure public Wi-Fi, attackers can insert themselves between a visitor’s device and the network.
Without knowing, the visitor passes all information through the attacker.

2. Once malware has breached a device, an attacker can install software to process all of the victim’s
information.

4.6 SPOOFING ATTACK
Spoofing is the act of disguising a communication or identity so that it appears to be associated with a
trusted, authorized source. Spoofing attacks can take many forms, from the common email spoofing
attacks that are deployed in phishing campaigns to caller ID spoofing attacks that are often used to
commit fraud. Attackers may also target more technical elements of an organization’s network, such as
an IP address, domain name system (DNS) server, or Address Resolution Protocol (ARP) service, as part
of a spoofing attack.

 IP address spoofing attacks

In an IP spoofing attack, an attacker will send IP packets from a spoofed IP address to hide their true
identity. Attackers most often use IP address spoofing attacks in DoS attacks that overwhelm their target
with network traffic. In such an attack, a malicious actor will use a spoofed IP address to send packets to
multiple network recipients. The owner of the real IP address is then flooded with all of the responses,
potentially experiencing a disruption in network service. An attacker may also spoof a computer or
device’s IP address in an attempt to gain access to a network that authenticates users or devices based
on their IP address.

 ARP spoofing attacks

Address Resolution Protocol (ARP) resolves an IP address to its physical Media Access Control (MAC)
address for the purpose of transmitting data across a Local Area Network (LAN). In an ARP spoofing
attack, a malicious actor sends spoofed ARP messages across a local area network for the purposes of
linking their own MAC address with a legitimate IP address. That way, the attacker can steal or modify
data that was meant for the owner of that IP address.

An attacker wishing to pose as a legitimate host could also respond to requests they should not be able
to respond to using their own MAC address. With some precisely placed packets, an attacker can sniff
the private traffic between two hosts. Valuable information can be extracted from the traffic, such as
exchange of session tokens, yielding full access to application accounts that the attacker should not be

JTO PH-II IT Version Page 51 of 131
For Restricted Circulation
 JTO Ph-II DNIT Cyber Attacks

able to access. ARP spoofing is sometimes employed in MITM attacks, DoS attacks, and session
hijacking.

 DNS server spoofing attacks

In much the same way ARP resolves IP addresses to MAC addresses on a LAN, the Domain Name System
(DNS) resolves domain names to IP addresses. When conducting a DNS spoofing attack, an attacker
attempts to introduce corrupt DNS cache information to a host in order to impersonate that host’s
domain name—for example, www.onlinebanking.com. Once that domain name has been successfully
spoofed, the attacker can then use it to deceive a victim or gain unauthorized access to another host.

DNS spoofing can be used for a MITM attack in which a victim inadvertently sends sensitive information
to a malicious host, thinking they are sending that information to a trusted source. Or, the victim may be
redirected to a site that contains malware. An attacker who has already successfully spoofed an IP
address could have a much easier time spoofing DNS simply by resolving the IP address of a DNS server
to the attacker’s own IP address.

 SQL Injection Attack

A Structured Query Language (SQL) injection occurs when an attacker inserts malicious code into
a server that uses SQL and forces the server to reveal information it normally would not. An attacker
could carry out a SQL injection simply by submitting malicious code into a vulnerable website search
box.

 URL Injection Attack
During a URL injection, a malicious hacker infects a website by creating new pages in it.
These pages in turn contain malicious links, spammy words or even malicious code that forces
visitors on the page to be part of a DDoS attack or redirects them to a different website. A malicious
hacker can do a URL injection thanks to weaknesses in IT infrastructure, such as WordPress plugins or
within any other type of HTML code.

 Cross site scripting (XSS) Attack
Also known as an XSS attack, cross site scripting requires a blackhat hacker inject malicious
code into an otherwise trustworthy web page. Once a user does a certain action (such as leaving a
comment), then the malicious code in the web page springs into action, infecting the user itself.
A malicious hacker infects the web page by exploiting vulnerabilities in the page’s code or any
web plugins that happened to be installed.

JTO PH-II IT Version Page 52 of 131
For Restricted Circulation
 JTO Ph-II DNIT Cyber Attacks

4.7HACKING AND HACKERS
A commonly used hacking definition is the act of compromising digital devices and networks
through unauthorized access to an account or computer system. Hacking is not always a malicious act,
but it is most commonly associated with illegal activity and data theft by cyber criminals.
Hacking refers to the misuse of devices like computers, smart phones, tablets, and networks to
cause damage to or corrupt systems, gather information on users, steal data and documents, or
disrupt data-related activity.
A traditional view of hackers is a lone rogue programmer who is highly skilled in coding and
modifying computer software and hardware systems. But this narrow view does not cover the true
technical nature of hacking. Hackers are increasingly growing in sophistication, using stealthy attack
methods designed to go completely unnoticed by cyber security software and IT teams. They are also
highly skilled in creating attack vectors that trick users into opening malicious attachments or links
and freely giving up their sensitive personal data.

 Hackers
A Hacker is a person who finds and exploits the weakness in computer systems and/or networks
to gain access. Hackers are usually skilled computer programmers with knowledge of computer
security.
Hackers can be classified into three different categories:
 Black Hat Hacker
 White Hat Hacker
 Grey Hat Hacker

 Black Hat Hackers
Black hat hackers are the "bad guys" of the hacking scene. They go out of their way to discover
vulnerabilities in computer systems and software to exploit them for financial gain or for more
malicious purposes, such as to gain reputation, carry out corporate espionage, or as part of a nation-
state hacking campaign.
These individuals’ actions can inflict serious damage on both computer users and the
organizations they work for. They can steal sensitive personal information, compromise computer and
financial systems, and alter or take down the functionality of websites and critical networks.

 White Hat Hackers
White hat hackers can be seen as the “good guys” who attempt to prevent the success of black
hat hackers through proactive hacking. They use their technical skills to break into systems to assess
and test the level of network security, also known as ethical hacking. This helps expose vulnerabilities
in systems before black hat hackers can detect and exploit them.
The techniques white hat hackers use are similar to or even identical to those of black hat
hackers, but these individuals are hired by organizations to test and discover potential holes in their
security defenses.

 Grey Hat Hackers

JTO PH-II IT Version Page 53 of 131
For Restricted Circulation
 JTO Ph-II DNIT Cyber Attacks

Grey hat hackers sit somewhere between the good and the bad guys. Unlike black hat hackers,
they attempt to violate standards and principles but without intending to do harm or gain financially.
Their actions are typically carried out for the common good. For example, they may exploit a
vulnerability to raise awareness that it exists, but unlike white hat hackers, they do so publicly. This
alerts malicious actors to the existence of the vulnerability.

4.8 SOME FAMOUS CYBER ATTACKS
In this section, we will discuss some of the common cyber crimes and frauds incidents over internet
so that you could appreciate how these little ignorance could lead to a big disaster.

1. Paypal, an international online money transfer service, which allows you to safely transfer
money through an Internet using various encryption techniques and provides an alternative to
other traditional payment methods like cheques, money orders, etc. It have an active user base
of over 100 million active users in 190 countries and performs over 9 million payments daily. It is
a convenient medium for trading particularly of the buyers and sellers are from different
countries and have different currencies.
Romanion Hacker TinKode aka Razvan Cernaianu, explioted a loophole in the code of the
chargeback process of PayPal. Due to this, a user can double its money en every attempt.
Suppose the users have Rs.1000, thus using this loophole, the amount will be doubled to
Rs.2000 in the first attempt. Now this Rs. 2000 will be doubled to Rs. 4000 in the second
attempt. Further Rs. 4000 will be doubled to Rs. 8000. Likewise this process will continue
endlessly.

2. Iran’s nuclear facility at Natanz was attacked by virus, Stuxnet which is belived to be developed
by US (Shubert, 2011). It was not possible to inject the virus though the Internet as the network
of the the Iran‟s necluer facility is a private network and was isolated from rest of the world.
The virus first infacted the third party utility which is used by Natanz facility and gained assess to
the network. The virus was designed to attack a specific system software which controls the
operation of Siemens controllers. The virus speeds up or slow down the centrifuges and thus
wearing them out prematurely. Moreover, it hijacked the system and send false signals about
the health and status of the nuclear plant. Therefore, by the time the effect of the virus was
detected, it was too late and the virus have done much harm to the nuclear facility.
3. Can you belive a fake tweet message can cost $136 billiion loss within seconds (Fisher, 2013).
The US stock markets crashed in response to a fake twitter message send via hacked twitter
account of Associated Press, USA which reported two explosions in the White House and that
President Barack Obama had been injured. Later, Syrian Electronic Army, a terrorist group
claimed responsibility on its own Twitter feed for the AP hack. The hacking was performed by
sending a phishing e-mail. As soon as the link in the phishing e-mail was clicked, a spyware was
installed in the computer and the information stored in the system were sent to remote servers.
Using this information the account of AP was hacked and the hoax was created which
effected sentiments of the investor of NY Stock Exchange and resulted in heavy loss.

JTO PH-II IT Version Page 54 of 131
For Restricted Circulation
 JTO Ph-II DNIT Cyber Attacks

4. The 2014 Cyber Attack on Yahoo -In 2014, Yahoo witnessed one of the biggest cyber attacks of
the year when 500M accounts were compromised. However, it is reported that basic
information and passwords were stolen, whereas bank information was not.
5. 2017 WannaCry Ransomware Cyber Attack - One of the biggest ransomware of all time took
place in 2017, when around 200,000 computers were affected in more than 150 countries. This
outbreak had a massive impact across several industries and had a global cost of about 6B
pounds!
6. Romance Scams - The U.S. government found this cyber threat in February 2020. Cybercriminals
used this threat through dating sites, chat rooms, and apps. They attack people who are seeking
a new partner and duping them into giving away personal data.

4.9CONCLUSION
The Internet has spurred a huge wave of innovation, and has made all of our lives so
much easier. Unfortunately, criminals have often times innovated at the same speed, or even faster,
coming up with newer and more powerful ways to take away your hard earned cash, or control your
information. Fortunately, there’s a lot you can do to avoid these attacks.

JTO PH-II IT Version Page 55 of 131
For Restricted Circulation