What is a Cyber Attack?

• An attack launched from one or more

computers against another computer, multiple
computers or networks
• Two broad types:
– Disable the target computer or knock it offline
– To get access to the target computer's data and
perhaps gain admin privileges on it

Source:
https://www.csoonline.com/article/3237324/what-is-a-cyber-attack-recent-examples-show-disturbing-trends.html
Author:
Josh Fruhlinger is a writer and editor who lives in Los Angeles
My gmail password compromised! 
And it doesn’t end there! 
And not there either!! 
 What is Cyber Security?
Cyber security refers to the body of
technologies, processes, and practices designed
to protect networks, devices, programs, and
data from attack, damage, or unauthorized
access. Cyber security may also be referred to as
information technology security

Source:
https://digitalguardian.com/blog/what-cyber-security
Author:
Nate Lord is the former editor of Data Insider and is currently an account manager covering the southeast, Great Lakes,
and Latin America regions at Digital Guardian
 The Importance of Cyber Security
• Government, military, corporate, financial, and
medical organizations collect, process, and store
unprecedented amounts of data on computers and
other devices
• Data can be sensitive information
– intellectual property
– financial data
– personal information or other types of data
• Unauthorized access or exposure could have
negative consequences
Source: https://digitalguardian.com/blog/what-cyber-security
Author: Nate Lord
 The Importance of Cyber Security
(contd..)
• Organizations transmit sensitive data across networks
and to other devices in the course of doing businesses
• Cyber security describes the discipline dedicated to
protect information and systems used to process or
store it
• Companies and organizations, that are tasked with
safeguarding information relating to national security,
health, or financial records, need to take steps to
protect their sensitive business and personnel
information
Source: https://digitalguardian.com/blog/what-cyber-security
Author: Nate Lord
 Challenges Of Cyber Security
• Network security
• Application security
• Endpoint security
• Data security
• Identity management
• Database and infrastructure security
• Cloud security
• Mobile security
• Disaster recovery/business continuity planning
• End-user education

Source: https://digitalguardian.com/blog/what-cyber-security
Author: Nate Lord
 Protect Against What?

Unauthorised
Modification

Unauthorised
Deletion

Unauthorised
Access

Source: https://www.edureka.co/cybersecurity-certification-training
 The CIA Triad

Source: https://www.edureka.co/cybersecurity-certification-training
 Steps to Fix a Crime

Identify

Analyse
&
Evaluate

Treat

Source: https://www.edureka.co/cybersecurity-certification-training
 Vulnerability, Threat and Risk
• Vulnerability refers to the weakness of an asset that can be
exploited by one or more attackers
– Bugs or defects in hardware or software

• A threat is any event that has the potential to bring harm to

an organization or individual
– Natural threats, Intentional threats, Unintentional threats
• Risk refers to the potential for loss or damage when a threat
exploits a vulnerability
– Risk = Threat x Vulnerability
• Risk Management is the key to cyber security

Source: https://www.edureka.co/cybersecurity-certification-training
Types of Cyber Attacks
• Malware
• Phishing
• Cryptojacking
• Denial of Service attacks
• Man in the middle attacks
• SQL injection
 Malware
• Malware can refer to any kind of software, no
matter how it's structured or operated, that "is a
designed to cause damage to a single computer,
server, or computer network
• There are various varieties of malware which is
distinguished from one another by the means by
which they reproduce and spread.
• These attacks may grant the attacker root access
so they can control the system remotely.
Source: https://www.csoonline.com/article/3237324/what-is-a-cyber-attack-recent-examples-show-disturbing-trends.html
Author: Josh Fruhlinger
Types of Malware
Computer Worm
1. A computer worm is a standalone malware computer
program that replicates itself in order to spread to
other computers
2. Worms almost always cause at least some harm to
the network, even if only by consuming bandwidth
3. Many worms are designed only to spread, and do not
attempt to change the systems they pass through.
4. Worms spread by exploiting vulnerabilities in
operating systems
Types of Malware (contd..)
Ransomware
1. Ransomware is a type of malicious software from cryptovirology
that threatens to publish the victim's data or perpetually block
access to it unless a ransom is paid.
2. Advanced malware uses a technique called cryptoviral extortion,
in which it encrypts the victim's files, making them inaccessible,
and demands a ransom payment to decrypt them.
3. Ransomware attacks are typically carried out using a Trojan that is
disguised as a legitimate file that the user is tricked into
downloading or opening when it arrives as an email attachment
Types of Malware (contd..)
Targeted threats
1. Targeted threats are a class of malware destined for
one specific organization or industry.
2. A type of crimeware, these threats are of particular
concern because they are designed to capture
sensitive information.
3. Government organisations are the most targeted
sector.
4. Targeted attacks often employ similar methods found
in traditional online threats such as malicious emails,
compromised or malicious sites, exploits, and
malware.
 Examples of Malware
Mydoom
1. Mydoom, also known as W32.MyDoom@mm, Novarg, Mimail.R and
Shimgapi, is a computer worm affecting Microsoft Windows.
2. It was first sighted on January 26, 2004
How it works:
• Mydoom is primarily transmitted via e-mail
• Appears as a transmission error!
• The mail contains an attachment that, if executed, resends the worm to e-
mail addresses found in local files such as a user's address book.
• It also copies itself to the "shared folder" of peer-to-peer file sharing
application Kazaa in an attempt to spread that way.

Source: http://edition.cnn.com/2004/TECH/internet/01/28/mydoom.spreadwed/
Author: Jeordan Legon
How it looks!
 Phishing
• It is a technique by which cybercriminals craft emails
to fool a target into taking some harmful action.
• The recipient might be tricked into downloading
malware that's disguised as an important document,
which will takes the user to a fake website which asks
for a username and passwords

Source: https://www.csoonline.com/article/3237324/what-is-a-cyber-attack-recent-examples-show-disturbing-trends.html
Author: Josh Fruhlinger
Examples of Phishing
Bank of America
Fake
 Real

Source : https://www.cyren.com/blog/articles/analysis-of-an-online-phishing-attack-targeting-bank-of-america-customers-
1248
 Cryptojacking
• It is a specialized attack that involves getting
someone else's computer to do the work of
generating cryptocurrency for you
• The attackers will either install malware on the
victim's computer to perform the necessary
calculations, or sometimes run the code in JavaScript
that executes in the victim's browser

Source: https://www.csoonline.com/article/3237324/what-is-a-cyber-attack-recent-examples-show-disturbing-trends.html
Author: Josh Fruhlinger
 How it works?

Source: https://hackernoon.com/cryptojacking-59a5b65d61fe
Examples of Cryptojacking
• In January 2018, a crypto mining botnet infected computers in
Russia, India and Taiwan. It is estimated that half-million
computers were infected, the amount of mined
cryptocurrency was valued at $3.6 million.
• In February 2018, a cyber security firm that operates in Spain
was victim to cryptojacking. WannaMine was the script used
to infect the machines which was used to mine the
cryptocurrency “Monero”.
 Denial Of Service Attack
• It is a brute force method to try stop some online
service from working properly
• Attackers might send so much traffic to a website or
so many requests to a database that it overwhelms
those systems ability to function, making them
unavailable to anybody.

Source: https://www.csoonline.com/article/3237324/what-is-a-cyber-attack-recent-examples-show-disturbing-trends.html
Author: Josh Fruhlinger
 Example of Denial Of Service Attack
Mafiaboy
1. Michael Calce is a security expert from Île Bizard, Quebec who launched
a series of highly publicized denial-of-service attacks in February 2000
against large commercial websites, including Yahoo!, Fifa.com,
Amazon.com, Dell, Inc., E*TRADE, eBay, and CNN.
2. On February 7, 2000, Calce targeted Yahoo! with a project he named
Rivolta, meaning "riot" in Italian.
3. Rivolta was a denial-of-service attack in which servers become
overloaded with different types of communications to the point where
they become unresponsive to commands.
4. Mafiaboy's Rivolta managed to shut down Yahoo! for almost an hour

Source: https://hackstory.net/Mafiaboy
Author: Kevin Johnson
 Man In The Middle Attack
• It is a method by which attackers manage to
interpose themselves secretly between the user and
a web service they're trying to access
• Customer – Hotel – WiFi – Bank transactions –
Hacker – Theft of credentials

Source: https://www.csoonline.com/article/3237324/what-is-a-cyber-attack-recent-examples-show-disturbing-trends.html
Author: Josh Fruhlinger
 Man In The Middle Attack (contd..)

Source : https://www.incapsula.com/web-application-security/man-in-the-middle-mitm.html
 Example of Man In The Middle Attacks
A logistics company
1. A logistics company at Govandi recently lost $16,000, or Rs10.89 lakh, to
an unidentified attacker who hacked its official email account to seek an
early payment from its client in Italy.
2. Man-in-the-middle attack involving hacking an official e-mail account of
a company and finding out about its upcoming transactions with other
companies.
3. The representatives of both companies would communicate through e-
mails.
4. Attacker – hacked Gmail account – gave account details of a bank
account in a foreign country.
Source: https://www.hindustantimes.com/mumbai-news/man-in-the-middle-case-mumbai-firm-loses-rs10-89-lakh-to-
online-fraudster/story-xp3AcjLmnh0vAeY8rUIWYO.html
Author: Jayprakash S Naidu
 SQL Injection
• A mean by which an attacker can exploit a
vulnerability to take control of a victim's database.
• In a SQL injection attack, a hacker will, for instance,
write some SQL commands into a web form that's
asking for name and address information
• If the web site and database aren't programmed
correctly, the database might try to execute those
commands.

Source: https://www.csoonline.com/article/3237324/what-is-a-cyber-attack-recent-examples-show-disturbing-trends.html
Author: Josh Fruhlinger
 Example of SQL Injection
Internet passwords
1. Russian hackers amass over a billion internet passwords -
obtained from 420000 websites
2. Detected by – Hold security – a firm in Milwaukee
3. Credentials – captured on mass scale using botnets
(networks of zombie computers that have been infected
with a computer virus).
4. Infected user – visits a website – criminals command –
botnet to test that website to see if it is vulnerable to SQL
injection
5. If vulnerable – criminal flag the site and return later to
extract the full contents of the database.
Source: https://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-
internet-credentials.html
Author: Nicole Perlroth
 Case of British Airways
• Bookings made between August 21 and September 5
were attacked.
• Around 3.8 lakhs payment details encrypted.
• Suffered a massive computer system failure
15months prior to the incident
• Threat detection firm ,labelled the criminals as
Magecart(web based skimming experts)
• Mimicking the victim site
• Cross-site scripting
Sources:
https://www.wired.com/story/british-airways-hack-details/
https://www.riskiq.com/blog/labs/magecart-british-airways-breach
 Case of Marriott
What happened?
• Data breach of up to 500 million customers
• Names, email ID, phone number, passport numbers accessed.
• 8th September 2018,hotel received an alert from internal security
• Unauthorized access noticed since 2014
Counter Measures
• Conducted an investigation with leading security experts.
• Sent mails to affected customers
• Free Web Watcher Enrollment-Access to a tool that monitors internet sites
where personal information is shared and generates an alert to the
consumer if evidence of personal information is found.

Sources:
https://www.forbes.com/sites/kateoflahertyuk/2018/11/30/marriott-breach-what-happened-how-serious-is-it-and-who-
is-impacted/#1384c2eb7d25
https://www.packetlabs.net/case-study-marriott-data-breach/
Case of Equifax
• EQUIFAX is one of the three big American credit agency
• It is a consumer reporting agency is an organization
providing information on individuals' borrowing and
bill-paying habits.
• Credit information such as a person’s previous loan
performance is a powerful tool to predict his or her
future behavior.
• Such credit information institutions reduce the effect
of asymmetric information between borrowers and
lenders, and alleviate problems of adverse selection
and moral hazard.
 Case of Equifax (contd..)
• Equifax on Sept. 7 announced the cyber security incident, one of
the largest in history. Unauthorized data access occurred from mid-
May through July 2017. The breach was discovered on July 29.
• Hackers were able to access personal data of 143 million Equifax
customers.
1. Names
2. Social Security numbers
3. Birth dates
4. Addresses
5. Driver’s license numbers (in some cases).
• Plus CREDIT CARD details of 209000 people.

Source:
https://www.nbcnews.com/business/consumer/how-did-equifax-hack-even-happen-n801331
 Case of Equifax (contd..)
• Apache Struts is a popular Open Source framework for creating
enterprise-grade Java Web applications.
• Apache Struts powers front- and back-end applications and Internet
of Things (IoT) devices for many of the world's most visible financial
institutions, government organizations, technology service
providers, telecommunications agencies, and Fortune 100
companies.
• Following this announcement, additional claims stated that the
breach was caused by Software code CVE-2017-5638, an exploit in
Apache Struts that was disclosed on 4 September 2017.
• Apache Struts CVE-2017-5638 vulnerability was patched on 7
March 2017, the same day it was announced.
Sources:
https://blogs.apache.org/foundation/entry/media-alert-the-apache-software
https://nakedsecurity.sophos.com/2017/03/14/how-a-serious-apache-vulnerability-struts-its-stuff/
https://www.usatoday.com/story/money/2017/09/14/equifax-identity-theft-hackers-apache-struts/665100001/
 Case of Equifax (contd..)
• The data compromise was due to (Equifax's) failure to
install the security updates provided in a timely
manner.
• This is an act of utter negligence.
• Equifax just Failed to save data of the customers.
• One simple software update could have saved them.
• Patch bugs when and how they are discovered.
• Lack of awareness
Sources:
https://qz.com/1073221/the-hackers-who-broke-into-equifax-exploited-a-nine-year-old-security-flaw/
https://arstechnica.com/information-technology/2017/09/massive-equifax-breach-caused-by-failure-to-patch-two-month-
old-bug/
 Case of Adult Friend Finder
• It is an adult online dating website, which
operates the digital service FriendFinder.
• The site was breached in mid-October2016.
• More than 412.2 million accounts were hacked.
• Hackers collected 20 years of data on six
databases that included names, email addresses
and passwords.
• Most of the passwords were protected only by
the weak SHA-1 hashing algorithm.

Source:
https://www.csoonline.com/article/2925833/adult-friend-finder-confirms-data-breach-3-5-million-records-exposed.html
 What is a Hash Function?
• A hash function is any function that can be used to map data
of arbitrary size onto data of a fixed size.
• he values returned by a hash function are called hash
values, hash codes, digests, or simply hashes.
Source: Hashing in Computer Science: Fifty Years of Slicing and Dicing
Author: Alan G. Konheim

What is SHA -1?

• In cryptography, SHA-1 (Secure Hash Algorithm 1) is a
cryptographic hash function which takes an input and
produces a 160-bit (20-byte) hash value known as a message
digest – typically rendered as a hexadecimal number, 40 digits
long.
Source: The first collision for full SHA-1
Author: Marc Stevens, Elie Bursztein, Pierre Karpman, Ange Albertini, Yarik Markov.
SHA-1
 A Common Cyber Attack

Source: How to Detect a Cyber Attack Before It’s Too Late

Author: Damien
https://securityzap.com/detect-cyber-attack-late/
 Ways that employees can detect a
Cyber Attack
1. Slow connections
2. Follow safe email protocol
3. Check for login irregularities
4. Report mysterious pop-ups
5. Extend cybersecurity training to mobile
devices

Source: How to Detect a Cyber Attack Before It’s Too Late

Author: Damien
https://securityzap.com/detect-cyber-attack-late/
 Some tips to keep you safe in the
Cyber World
1. You Are A Target.
2. Eight Characters Is Not Enough.
3. Lock It Up.
4. Practice Safe Clicking.
5. Beware Of Browsing.
6. Back It Up.
7. Physical Cyber Safety.
8. Stay On Top Of Your Accounts.
Source:
https://www.cybintsolutions.com/10-important-cyber-security-tips-users/