Cyber Attacks
What is Cyber Attack?⌗
A cyber attack is a cybercriminal attack that uses one or more computers to target a single or numerous computers or networks. A cyber attack can be used to intentionally disable machines, steal data, or launch additional attacks from a compromised computer. To establish a cyberattack, cybercriminals utilise various methods, including malware, phishing, ransomware, and denial of service, among others.
Types of Cyber Attack⌗
There are many types of attacks that are common in the IT sector. Such as :-
- Malware
- Phishing
- Man-in-the-Middle(MITM)
- Denial-of-Service
- SQL injection
- Zero-day-Exploit
- DNS Tunneling
- Password attack
- Cross-site Scripting
- Rootkits
- Internet of Things(IoT) attack and many more.
How is a cyber-attack done?⌗
Many Cyber attacks are opportunistic, and attackers exploit the computer system. This may entail locating weaknesses in a website’s code that allow them to install their code and circumvent security or authentication procedures. It could also mean they use a vulnerable third-party site to install ‘malware,’ which is explicitly designed to harm a computer system. Phishing, or extracting personal information under false pretences, is another frequent approach to acquiring a system. For example, you may receive what appears to be a legitimate email asking you to update your password, but it was actually sent by hackers seeking to deceive you. In a Denial of Service attack, vast amounts of traffic are sent to a system to crash it. A system can only handle so many requests at one time and will eventually crash. Once it is done, users can no longer access the service, which leads to a considerable loss.
Attacks in history⌗
The first attack on the list is The destruction of the Melissa Virus. The Melissa Virus was one of the first and most dangerous cyber dangers. In 1999, programmer David Lee Smith released the Melissa Virus by giving consumers a file that Microsoft Word could open. Hundreds of organisations, including Microsoft, were severely harmed by the virus. The cost of fixing the compromised systems is projected to be over $80 million. Do you think that only your computers can be exploited by attackers? No, even NASA’s computers can be attacked by attackers. This attack is called NASA Cyber attack. James Jonathan, at 15 years old, hacked NASA’s computers and shut them down for 21 days in 1999. During the hack, 1.7 million pieces of software were downloaded, costing the space giant $41,000 to replace. The next attack was on Google China in mid-December 2009. Hackers got access to multiple Google business systems, stealing confidential information. In April 2007, Estonia saw what is claimed to be the first cyber attack on a whole country, with around 58 Estonian websites, including government, banking, and media services, going offline.
Recent attacks⌗
The first attack on the list is from Spain. Authorities in Spain have issued a warning about a phishing campaign that impersonates WhatsApp in order to deceive consumers into installing a malware. The recipients are advised to get copies of their chats and call records from a website that only sells the NoPiques virus. The NoPiques (“Do not chop”) malware is packaged in a.zip archive that infects vulnerable devices when opened and run. Next attack was in a hotel company. The prominent hotel company has experienced a data breach for the second time in two years. The information of 5.2 million guests was obtained via the login credentials of two workers at a franchise property, according to a statement made by Marriott on March 31. The incident, according to the alert, compromised a Marriott programme used to provide guest services. Next attack on the list was happened on May 12, the healthcare insurance behemoth informed victims that it had become the victim of a ransomware attack. Logins, personal information, and tax information had been effectively exfiltrated by threat actors. The attack affected eight Magellan Health companies, and it is possible that 365,000 patients were affected. “Magellan found it had been the victim of a ransomware assault on April 11, 2020. After sending a phishing email impersonating a Magellan client on April 6, the unauthorised actor acquired access to Magellan’s systems, “According to the letter. The company, which employs over 10,000 people, stated that no fraud or misuse of personal information had occurred at the time of the letter. Phishing, a primary attack vector, became more sophisticated throughout the year as threat actors improved their impersonation abilities.
Now time for letting know about a famous attack. In July, three people broke into the famous social media platform in an embarrassing event that resulted in several high-profile Twitter accounts hijacking. The attackers stole employees' credentials and gained access to the company’s internal management systems through a social engineering attack, later confirmed by Twitter to be phone phishing; dozens of high-profile accounts were hacked, including those of former President Barack Obama, Amazon CEO Jeff Bezos, and Tesla and SpaceX CEO Elon Musk. The threat actors then utilised the accounts to spread bitcoin frauds worth over $100,000 on Twitter. Two weeks after the breach, the Department of Justice (DoJ) arraigned the three suspects and charged 17-year-old Graham Ivan Clark as an adult for the attack he allegedly “masterminded,” according to authorities.
How to keep your phones safe from Cyber Attack⌗
Do not open suspicious URLs
If you receive an invitation to click on a URL in the next 15 minutes to win a prize or vacation, and it seems toyou it’s too good to be true, it probably is. Do not open any links, even if they appear to be from a friend, and do not feel compelled to make hasty and perhaps dangerous decisions.
Avoid using free WiFi networks
When you connect to a hotel’s free WiFi network or a public WiFi network in a restaurant or shopping mall, always check with the staff what the name of the official free WiFi network is. Cyber attackers sitting close by can introduce fake WiFi access points with the network name very close to a legitimate one, like “C0ffeeshop” instead of “Coffeeshop”. Fake WiFi networks can ask you to provide personal information such as email addresses and passwords.
Beware of software you install
Many apps require access to your phone’s camera and images before they can be installed. If you don’t trust the app’s creator, it’s best not to install it because your device will be vulnerable to external tampering and sensitive data theft. Ensure that the permissions granted are appropriate for the downloaded application’s purpose. You may or may not be able to modify this permission once the application has been installed.
Do not make sensitive transactions using public WiFi networks
Cyber criminals can use the same WiFi network to sniff and decode personal sensitive data accessed via your mobile device if some mobile applications are incorrectly created or configured. Even if you use a secure HTTPS connection, some applications may not be fully vetted, allowing a cyber attacker to intercept your online traffic between you and the application’s servers.
Do not leave your mobile device with strangers for charging
Your data can be transmitted to another device without awareness when you leave your phone to charge in public places. It is preferable to utilise a power bank rather than handing up your phone to strangers, even if they appear pleasant.