1. Cyber Attack
• an attempt by hackers to damage or destroy a
computer network or system.
• A cyber-attack is an exploitation
of computer systems and networks.
• It uses malicious code to alter computer code,
logic or data and lead to cybercrimes, such as
information and identity theft.
2. Types of cybercrime
Here are some specific examples of the different types of cybercrime:
• Email and internet fraud.
• Identity fraud (where personal information is stolen and
used).
• Theft of financial or card payment data.
• Theft and sale of corporate data.
• Cyberextortion (demanding money to prevent a threatened
attack).
• Ransomware attacks (a type of cyberextortion).
• Cryptojacking (where hackers mine cryptocurrency using
resources they do not own).
• Cyberespionage (where hackers access government or
company data).
3. Most Common types of Cyber-attacks
CyberAttack
types
DoS and DDoS attack
XSS attack
SQL Injection attack
Man-in-the-Middle attack
Birthday attack
Password attack
Eavesdropping attack
Phishing and spear
phishing attack
Drive-by download
attack
3
4. DoS and DDoS Attack
4
• DoS makes the system unresponsive to the
actual service requests
• It does so by overpowering the system resources
• DDoS attack is similar to the DoS attack
• Difference is that the attack is launched from a
series of host machines
5. DoS and DDoS Attack types
Dos and
DDoS Attack
Types
SYN flood
Attack
TCP SYN
flood attack Tear Drop
attack
Smurf
attack
Ping of death
attack
Botnets
5
6. SYN flood attack
• This attack compromises the
initial handshake process
• It makes the server unavailable
for the actual traffic
• It sends SYN packets repeatedly
and eventually overwhelms the
targeted server
6
7. TCP SYN flood attack
• During TCP connection establishment the attacker
fills up the target machine with multiple connection
requests
• It makes target machine to timeout, awaiting for
permission to connect from the server
7
8. Tear Drop attack
• It is a DoS attack where fragmented packets
are sent to a target machine
• This makes the victim’s computer to crash
overwhelming with packets
IP Header
Packet #1
Packet #2
IP Header
IP ID = x
Packet length = 820
Fragment offset = 0
More fragments = 1
IP ID = x
Packet length = 820
Fragment offset = 800
More fragments = 0
8
9. Smurf attack
9
• It is a DoS attack which involves IP spoofing
• A Ping is issued to the entire IP Broadcast
addresses
• It stimulates response to the ping packet and
the target computer
• The process is repeated and automated to
generate large amount of network congestion
11. Ping of death attack
• It happens when the network packets are used
to ping the target machine with large packet size
11
12. Botnets
• Botnets are millions of computers compromised
with viruses by the hacker who is under control
of DDoS attacks
• As these bots can be located anywhere, they
are generally very difficult to identify
12
13. Cross-site scripting attack (XSS Attack)
1
2 3
4
5
13
Attacker
Website
Website Visitor
Attacker discovers a website
for having script injection
vulnerabilities.
The Attacker injects a payload
in the website’s database with
malicious JavaScript that
steals cookies.
The website transmits the
victim’s browser the page with
the attacker’s payload. The
victim’s browser executes the
malicious scripts.
After script execution victim sends
his cookie to the attacker.
The attacker extracts victim’s
cookie, after which he use it
for session hijacking.
14. SQL injection attack
14
• This attack is most common in database-driven
websites
• Here SQL query is executed to the database
as the input from the client and the server
• It mostly works if a website uses dynamic SQL
15. Man-in-the-middle attack (MITM Attack)
• This happens when a hacker manipulates the
traffic by being in between the client and server
15
16. Types of MITM Attack
MitMAttacks
Session
Hijacking
IP Spoofing
Replay
Attack
16
17. Session hijacking
17
• This happens when a hacker hijacks the
established connection between a client and
server
• The attacker changes the IP address for a
trusted client
• Then it makes the computer believe it is
communicating with the actual server
19. IP Spoofing Attack
• It is used to convince the victim that he or she
is connected to a trusted and known entity
19
20. Replay Attacks
• It is also known as play-back attack
• It happens when a data transmission is hacked
and purposely delayed or repeated
20
21. Birthday attack
21
• Message
produced by the hash function
Digest (MD) of fixed length is
message
• It uniquely characterizes the
independent of its length
• The birthday attack refers to the probability that
two random message generates have the
same Message Digest
22. Password attack
• It happens by guessing passwords randomly or
in systematic manner
Brute-forceAttack
DictionaryAttack
22
23. Eavesdropping attack
• Hacking of user confidential information sent
over the network
• It occurs through the interruption of network
traffic
Eavesdropping
Attack
Active
Eavesdropping
Attack
Passive
Eavesdropping
Attack
23
24. Phishing and Spear Phishing attacks
24
• Sending an email in the name of trusted
sources by an attacker is known as phishing
• When a phishing attack is conducted on a
targeted audience it is spear phishing
• This forces user to download malicious
program on victim systems exposing personal
data
26. Major Cyber attacks in india
• Cosmos Bank Cyber Attack in Pune
• UIDAI Aadhaar Software Hacked
• ATM System Hacked
• Bib B Amitabh Bachchan ‘s Twitter Account
Hacked! --Social media hack
• Facebook database leak data of 419 million users
• Personal Data Exposed from JustDial Database
27. • Cyber Security Measures for Organizations to
Prevent Cyber Attacks
• 1)Educate employees on the emerging cyber attacks with security
awareness training.
• 2) Keep all software and systems updated from time to time with
the latest security patches.
• 3)Get regular Vulnerability Assessment and Penetration
Testing to patch and remove the existing vulnerabilities in the
network and web application
• .
• 4)Limit employee access to sensitive data or confidential
information and limit their authority to install the software.
• 5)Use highly strong passwords for accounts and make sure to
update them at long intervals.
28. Conclusion
28
•We are living in digital era and digital technology
has transformed our lives promoting the need for
Cyber Security
• Cyber Attacks have started affecting most of the
systems today because of the dependency on
technology
• It is very important to know what are Cyber Attacks
and how the Cyber Attacks affect the system
2. Teardrop attacksA teardrop attack involves the hacker sending broken and disorganized IP fragments with overlapping, over-sized payloads to the victims machine. The intention is to obviously crash operating systems and servers due to a bug in the way TCP/IP fragmentation is re-assembled. All operating systems many types of servers are vulnerable to this type of DOS attack, including Linux.
Recently, grocery delivery platform Bigbasket faced a data breach where over 2 Cr users data was compromised
375 cyberattacks
'India sees 375 cyberattacks everyday'17-Nov-2020
Government data shows that in 2019 alone, India witnessed 3.94 lakh instances of cybersecurity breaches. In terms of hacking of state and central government websites, Indian Computer Emergency Response Team (CERT-In) data shows that a total of 336 websites belonging to central ministries, departments and state governments were hacked between 2017 and 2019
2018 started with a massive data breach of personal records of 1.1 Billion Indian Aadhaar cardholders. UIDAI revealed that around 210 Indian Government websites had leaked Aadhaar details of people online. Data leaked included Aadhaar, PAN and mobile numbers, bank account numbers, IFSC codes and mostly every personal information of all individual cardholders. If it wasn’t enough shocking, anonymous sellers were selling Aadhaar information of any person for Rs. 500 over Whatsapp. Also, one could get any person’s Aadhaar car printout by paying an extra amount of Rs.300.
Around mid-2018, Canara bank ATM servers were targeted in a cyber attack. Almost 20 lakh rupees were wiped off from various bank accounts.
here can be a question that social media profiles are subjected to hacking all the time. But with Amitabh Bachan’s statitude the hack became controversial and was announced as one of the Cyber Attacks on IndiaLately, Amitabh Bachchan’s twitter handle got hacked and the perpetrators posted hateful messages putting everybody in shock.
An unprotected API end was the issue in this incident. Justdial one of India’s leading local search platform let a loose end which exposed all of their user data who accessed their services through the web, mobile, and their phone number.
Leaked data includes name, email, number, address gender, etc. the shocking part according to reports is that since 2015 the API has been exposed like this.