Sr.

Title
No.
1. What is Cyber Threat?
2. Where do cyber threats come from?
3. Types of Cyber Threats
4. Consequences of Cyberattacks on Industries
5. Top Cyber Attack in History
6. Introduction to Cyber Security
7. Need of cyber security
8. Critical Components of a Cybersecurity Strategy
9.
Trends Changing Cyber Security

10. AI in Cybersecurity
11.
Advanced Threat Detection

12.
Cyberattack & their remedies

13.
References

POSSIBLE CYBER THREATS TO THE INDUSTRIES AND

EASTIBLISHMENTS
What is a Cyber Threat?

-A cyber threat or cybersecurity threat is a malicious act intended to steal or

damage data or disrupt the digital wellbeing and stability of an enterprise. Cyber
threats include a wide range of attacks ranging from data breaches, computer
viruses, denial of service, and numerous other attack vectors.
-Anything with the potential to cause serious harm to a computer system,
networks, or other digital assets of an organization or individual is a cyber
threat.
-Cyber threats also refer to a potential cyberattack that aims to gain
unauthorized access, disrupt, steal, or damage an IT asset, intellectual property,
computer network, or any other form of sensitive data.
-Cyber threats can, in fact, result in electrical blackouts, military equipment
failure, or breaches of national security secrets.
-They can disrupt computer and phone networks or paralyze the systems,
making data unavailable.
-They can also cause the theft of sensitive, valuable data such as medical
records and other personally identifiable information of consumers and
employees across the world.

Where do cyber threats come from?

Cybersecurity threats come from a variety of places, people, and contexts.

Malicious cyber threat actors can include:

Criminal organizations
Organized groups of hackers aim to break into organizations for financial gain.
These cyber threat actors use phishing, spam, spyware, and malware for
extortion, theft of private information, and online scams that are run like
corporations, with large numbers of employees developing attack vectors and
executing attacks

Nation-states
Hostile countries can launch cyber attacks against local companies and
institutions to interfere with communications, cause disorder, and inflict
damage.

Terrorist organization
Terrorists conduct cyber attacks aimed at destroying or abusing critical
infrastructure, threatening national security, disrupting economies, and causing
bodily harm to citizens

Hacktivists
Hacktivists activities range across political ideals and issues. Most hacktivist
groups are concerned with spreading propaganda rather than damaging
infrastructure or disrupting services. Their goal is to support their political
agenda rather than cause maximum damage to an organization.

Hackers
Individual hackers target organization using a variety of attack techniques.They
are usually motivated by personal gain, revenge, financial gain, or political
activity .Hackers often develop new threats, to advance their criminal ability
and improve their personal standing in the hacker community.

Rogue insiders
Employees with legitimate access to company assets abuse their privileges to
steal information or damage electronic assets for economic or personal gain.
This insider threats may be the target organization's employees, contractors,
suppliers, or partners.
 Fig .1. Sources of cyber security

Types of Cyber Threats

 Fig.2. Types of cyber threats

1. Malware attacks

Malware is a program inserted into a system intending to compromise data

confidentiality, integrity, or availability.
Attackers may embed malware in app downloads, mobile websites, or phishing
emails and text messages. Once compromised, a mobile device can give the
malicious actor access to personal information, location data, financial accounts,
and more.
Here are some common types of malware:

Virus: This type of malware attaches itself to clean files and spreads throughout
a computer system as those files are executed. It can quickly corrupt or delete
data on a device.
Worm: Worms infect entire networks of devices either by local networks or
through the internet. They operate by exploiting vulnerabilities in operating
systems.

Trojan: Unlike viruses, Trojans don't replicate themselves, but they can be just
as destructive. They disguise themselves as legitimate software but act
maliciously once inside the device.

Spyware: As its name implies, this type of malware spies on users. It can gather
data like user habits, logins, credit card information, and other personal details.
It is designed to steal private information from a computer system for a third
party. It collects information and sends it to the hacker, often without the users
knowledge.

Ransomware: This malware locks and encrypts a victims data , system or file
rendering them unusable until the attackers receive a ransom payment and
demands payment (ransom) to restore access.

Cryptojacking: Attackers deploy software on a victim's device, and begin

using their computing resources to generate cryptocurrency, without their
knowledge.

Adware: It displays unwanted ads and pop-ups on the computer. It often comes
bundled with software downloads and generates revenue for the software
distributor by displaying ads.

Rootkit: These are designed to gain administrative access to a device. Once

they do, they become deeply embedded and are difficult to detect and remove.

Botnet: This is a network of compromised devices that are controlled remotely

by an attacker, usually to carry out large-scale attacks or to send spam.

Fileless Malware: Unlike traditional malware that relies on files, fileless

malware resides in a system's RAM and exploits legitimate programs to infect a
computer.

Mobile Malware: As mentioned in the article snippet you provided, this targets
mobile devices and can include a range of malicious code types tailored for this
department.
 Fig.3.Types of Malware

2. Social Engineering Attacks

Social engineering remains one of the most dangerous hacking techniques

cybercriminals employ, largely because it relies on human error rather than
technical vulnerabilities. The victim provides sensitive information or ittingly
installs malware on their device because the attacker poses as a legitimate actor.
Types of social engineering attacks:

Phishing: It is a cyberattack that leverages email, phone, SMS, social media

or other form of personal communication to entice users to click a malicious
link, download infected files or reveal personal information, such as
passwords or account numbers.Phishing attacks use emails to trick the
recipient into disclosing confidential information or downloading malware by
clicking on a hyperlink in the message.

a. Spear Phishing: A more sophisticated form of phishing where the attacker

learns about the victim and impersonates someone he or she knows and
trusts.

b. Vishing (voice phishing): The imposter uses the phone to trick the target
into disclosing sensitive data or grant access to the target system. Vishing
typically targets older individuals but can be employed against anyone.
c. Smishing (SMS phishing): The attacker uses text messages as a means of
deceiving the victim.

Baiting: It is a type of social engineering attack wherein scammers make

false promises to users in order to lure them into revealing personal
information or installing malware on the system . Baiting scams can be in the
form of tempting ads or online promotions, such as free game or movie
downloads, music streaming or phone upgrades.

Whaling: It is a type of phishing attack that also leverages personal

communication to gain access to a user’s device or personal information.
This type of attack requires a significant amount of research on that
individual, which is usually done by reviewing their social media activity
and other public behavior.

Honeytrap: It is a social engineering technique that specifically targets

individuals looking for love on online dating websites or social media. The
criminal befriends the victim by creating a fictional persona and setting up a
fake online profile. Over time, the criminal takes advantage of the
relationship and tricks the victim into giving them money, extracting
personal information, or installing malware.

Pretexting: It is a form of social engineering that involves composing

plausible scenarios, or pretext, that are likely to convince victims to share
valuable and sensitive data.

Tailgating: It is also called "piggybacking", an unauthorized person closely

follows an authorized person into an area containing sensitive information or
valuable assets. Tailgating can be conducted in person, for example, a threat
actor can follow an employee through an unlocked door. But tailgating can also
be a digital tactic, such as when a person leaves a computer unattended while
still logged in to a private account or network.

3. Man in the middle

It is a type of attack that can be used to steal sensitive information or control

your online activity without your knowledge . It occurs when a hacker inserts
themselves into the communication between two parties who are trying to
exchange information. This can happen on public Wifi networks where hackers
can easily intercept the traffic of other users on the same network. Once the
hacker is in the middle of communication they can do a number of things. They
can steal information such as passwords , credit card numbers or other personal
data. They can also modify the communication altering the email or messages.
There are several attack types that can fall into the category of MITM. The
most notable are:

HTTPS Spoofing: The attacker tricks the victim into believing their connection
is secure by substituting a fake SSL/TLS certificate.

SSL/TLS Stripping: Downgrades HTTPS traffic to HTTP, intercepting and

reading unencrypted data.

ARP Spoofing: Sends fake ARP messages to associate the attacker’s MAC
address with a target IP, intercepting local network traffic.

DNS Spoofing/Poisoning: Redirects DNS queries to malicious servers, leading

victims to fake websites.

Session Hijacking: Steals session cookies or tokens to impersonate a legitimate

user in an active session.

Man-in-the-Browser (MITB): Malware alters browser activity, intercepting or

manipulating transactions in real-time.

Wi-Fi MITM (Evil Twin Attack): Creates a fake Wi-Fi hotspot to intercept
communications from connected devices.

Email Hijacking: Intercepts email exchanges to manipulate or steal sensitive

information.

Replay Attacks: Captures and retransmits valid data to repeat actions or disrupt
communication.

Fake Certificate Authority (CA): Uses a fraudulent CA to sign fake

certificates, tricking victims into trusting malicious connections.
 Fig.4.Man in the Middle

4. Injection Attack and their types:

Injection attacks are a class of cyber threats where malicious data is inserted
into a system to manipulate its execution. These attacks often exploit weak
input validation and can result in data breaches, unauthorized access, and
system compromise.
Types of injection attack:

SQL Injection (SQLi): Attackers insert malicious SQL queries into input fields
to manipulate databases and can result in unauthorized data access, deletion, or
modification.

Command Injection: Exploits insecure handling of user input in system

commands and allows attackers to execute arbitrary OS-level commands.

Cross-Site Scripting (XSS): Injects malicious scripts into web applications,

affecting users browsers and can steal cookies, session tokens, or redirect users
to phishing sites.

Code Injection: Attackers inject executable code into an application and can
modify the behavior of software or execute unauthorized functions.

LDAP Injection: Exploits weaknesses in LDAP (Lightweight Directory Access

Protocol) queries and can lead to unauthorized authentication bypass or data
retrieval.

XML Injection: Manipulates XML-based applications to extract sensitive data

or modify structure.

HTTP Header Injection: Injects malicious headers into HTTP responses,

potentially leading to redirections or cache poisoning.

5. Denial of service (DOS) attack:

A Denial-of-Service (DoS) attack is a type of cyberattack where an attacker

attempts to make a network, system, or service unavailable to legitimate users
by overwhelming it with excessive requests. The goal is to exhaust the target’s
resources, causing a slowdown or total shutdown.

Types of DOS attack.

Volumetric Attacks: It floods the target with massive amounts of traffic,
consuming bandwidth. Example: UDP Flood, ICMP (Ping) Flood, and DNS
Amplification Attacks

Protocol Attacks: Protocol attacks exploit weaknesses in network protocols to

use up server resources. Examples are SYN floods and the Ping of Death. In a
SYN flood, attackers send many SYN requests to a server but don’t complete
the handshake, leaving the server stuck with half-open connections. The Ping
of Death involves sending oversized packets to crash or disrupt the target
server.

Application-Layer Attacks: Application layer attacks target specific

applications or services, causing them to crash or become very
slow. Examples include HTTP floods and Slowloris. In an HTTP
flood, attackers send many HTTP requests to a web server,
consuming its resources. Slowloris keeps many connections to
the server open by sending incomplete HTTP requests,
preventing the server from handling new, legitimate requests.

Distributed Denial-of-Service (DDoS) Attack

A DDoS attack is an advanced form of DoS where multiple compromised

devices (botnets) are used to attack the target simultaneously. This makes it
harder to block the attack since the traffic comes from multiple sources.

Fig.5. Types of DDoS Attacks

Consequences of Cyberattacks on Industries

1. Financial Losses
The financial impact of a cyberattack can be devastating for businesses.
Immediate costs include remediation efforts, such as hiring cybersecurity
experts, recovering or replacing compromised systems, and potential ransom
payments. Long-term costs may involve lost revenue due to downtime, legal
fees, and fines for non-compliance with data protection regulations.

2. Reputation Damage
A cyberattack can severely damage a company’s reputation, leading to a loss of
trust among customers, partners, and investors. This can result in lost business,
as well as difficulties in attracting new customers or securing investments.

3. Operational Disruptions
Cyberattacks can cause significant operational disruptions, such as systems
downtime or loss of critical data. These disruptions can hinder a company’s
ability to deliver products and services, affecting customer satisfaction and
potentially leading to contractual penalties.

Top Cyber Attack in History

1. From April 27, 2007 Estonia, the European country faced the series of
cyber attack that lasted for weeks

Unprecedental levels of internet traffic took down:

 Estonian bank’s online service

 Media outlets
 Broad Casters
 Government Bodies

 Botnets sent massive waves of spam and vast amount of automated

online requests
 Russia is believed to be behind these cyber attacks

2. On December 23rd , 2015, Several Part of Ukraine Witnessed a power

Outage
  This was not a typical out; it was indeed the result of a cyber attack
 Information system of three energy distribution companies in Ukraine
were compromised it is the first known victorious cyber attacks on a
power grid
 The hackers sent out phishing emails to the power companies
 30 substations were switched off about 2,30,000 people were left in the
dark for about 1 to 6 hours
 U.S investigators believed that Russia based hackers were responsible
for this
 Experts have warned that other countries could also be vulnerable to
such attacks

3. SONY PICTURES CYBER ATTACK:

 Sony is one of the biggest entertainment studios in the world, which

releases movies now and then. Sony pictures came into the
limelight in 2014 when they decided to release a movie named "The
Interview" which was a comedy storyline to assassinate the
North Korean leader Kim Jong Un. Sony Pictures office in Los Angeles
received a message on their computers saying "We have
obtained all your internal data including your secrets and top-secrets" and
were asked to obey the order otherwise the data would be leaked.
 This attack was done by a Korean group of hackers called "Guardians
of Peace". The attackers threatened to leak the information about each
employee, emails, and passwords of every employee, Scripts of
unreleased movies, and more confidential data.
 Due to these threats, Sony Pictures canceled the release of the movie.
These attackers used malware to get all the data from Sony Pictures, it
is said that they used Server Message Block(SMB) worm tool to
conduct the attack on Sony Pictures.
 They installed backdoors to listen to every crucial information and gain
access to every confidential document.
It is also said that the attackers stole more than 100 Tbs of data and more
than fifty thousand(50,000) social security numbers from this attack .

4. THE NASA CYBER ATTACK

 The NASA Cyber Attack took place in the year 1999 which
caused a three-week computer shutdown in NASA, all of
the systems that were used in NASA were shut down by
this Cyberattack. This attack was launched by a 15-
 year-old boy from Florida named jonathan james who
used the internet name “comrade”.
1. Jonathan James who used the internet name “c0mrade”.
At first, he penetrated the US Department of Defence’s
computers and
 At first, he penetrated the US Department of Defence’s computers
and he installed a backdoor on the servers which
allowed him to intercept thousand of official
government emails including usernames and
passwords.
 The backdoor helped James steal NASA software and
then crack the computers at NASA which cost NASA a
loss of $41,000 as the systems were shut down for
three weeks.
 Jonathan James was the first person to carry out a hack
against NASA.
 Later in 2000 James was arrested from his home in
Florida and was sentenced to seven months of house
arrest until he was 18.

5. ADOBE CYBER ATTACK

 In the year 2013, Adobe witnessed one of the biggest data breach
cyberattacks. The attackers stole the usernames and passwords of almost 30
million users and also stole 3 million credit card details, they also breached
almost 150 million accounts worldwide.
 One of the reasons why attackers were able to steal the information so
easily was the shifting of Adobe to cloud services which made adobe
vulnerable.
 Other mistakes that led to these attacks were that Adobe used the same
encryption key for a similar password which means if more than one user
has the same password, obtaining the password of just one is sufficient to
breach other accounts as well.
 The hackers also stole the source codes for Adobe Acrobat, Photoshop, and
Coldfusion. The attackers used the vulnerabilities such as usage of Block
cipher to get the user credentials, they also used the hints that were set by
the users to steal the passwords and other confidential information from the
users.

6. WANNACRY RANSOMWARE CYBER ATTACK

  WannaCry Ransomware cyber attack was caused by the WannaCry
Cryptoworm .It all began at 1:14 m (IST) on 12 May 2017 and within 24
hours it had already affected over 2,00,000 computers across 150 countries.
 The WannaCry Ransomware utilizes the vulnerabilities present in Windows
Operating System(vulnerable SMB Port) which is the most commonly used
Operating System nowadays, the cyber attack locked the victim out of their
systems and encrypted the data from the device and then demand ransom in
the form of bitcoins in exchange for data recovery.
 After this cyber attack Microsoft released emergency patches to halt the
attack.After a certain period of time a kill switch was discovered which
helped in stoping the spread of the cyptoworm. Most of the cyber security
experts linked this cyber attack to a North etc.

Cyber Security

Introduction to Cyber Security

It is the protection of internet connected systems including hardware, software
and program or data from cyber attacks.

CYBER SECURITY

cyber security
(computer system (system security/ network security
network program or data) program or data security)

Also, it protects digital system ,networks and data from unauthorized access,
theft or damage. It involves implementing various measures and technologies to
ensure the confidentiality, integrity and availability of information stored and
processed on computer system. Three critical aspects of cyber security are:
1. Prevention: Implementing security measures to prevent unauthorized
access or breaches.
2. Detection: Identifying potential threats and vulnerabilities in a system.
 3. Response: Taking necessary actions to mitigate the impact of a security
incident.
Need of cyber security
1. To protect private data
2. To protect intellectual data
3. To protect banking and financial data
4. National security
5. Global security
6. Protect sensitive data

Critical Components of a Cybersecurity Strategy

A robust cybersecurity strategy is essential for businesses and organizations to

protect their digital assets, maintain customer trust, and comply with
regulations. Here are the basic critical components that a successful
cybersecurity strategy has:

1. Risk Assessment: Understanding your organization’s risks is the foundation

of a solid cybersecurity strategy. Conduct a thorough risk assessment to identify
potential threats, vulnerabilities, and the potential impact on your organization.
This will help you prioritize your efforts and allocate resources effectively.

2. Security Policies and Procedures: Develop clear, comprehensive security

policies and procedures that outline the roles and responsibilities of employees,
the acceptable use of technology, and the steps to take in case of a security
incident. Regularly review and update these policies to reflect changes in
technology and the threat landscape.

3. Network and Endpoint Security: Implement strong network and endpoint

security measures, including firewalls, intrusion detection and prevention
systems, anti-malware software, and secure Wi-Fi access. Regularly update and
patch software to address known vulnerabilities.

4. Access Controls: Establish strict access controls to limit access to sensitive

data and systems. Implement role-based access controls, multi-factor
authentication, and regular audits of user privileges to minimize the risk of
unauthorized access.
5. Data Encryption: Encrypt sensitive data at rest and in transit to protect it
from unauthorized access and potential breaches. Encryption adds another layer
of security, making it more difficult for unlawful parties and attackers to access
sensitive information.

6. Incident Response Plan: Develop a well-defined incident response plan that

outlines your organization’s steps in case of a security breach. This plan should
include clear communication protocols, roles and responsibilities, and
guidelines for remediation and recovery.

7. Third-Party Risk Management: Assess the cybersecurity posture of your

third-party vendors and partners, as they can introduce vulnerabilities to your
organization’s security. Establish strict security requirements for third parties
and regularly review their compliance.

By incorporating these critical components into your cybersecurity strategy,

your organization will be better equipped to protect its digital assets, maintain
customer trust, and reduce the risk of costly security incidents.

TRENDS CHANGING CYBER SECURITY

Here mentioned below are some of the trends that are having a huge impact on
cyber security.

Web servers: Data-stealing attacks, many of which get the attention of media,
are also a big threat. Now, we need a greater emphasis on protecting web
servers and web applications. Web servers are especially the best platform for
these cyber criminals to steal the data. Hence one must always use a safer
browser especially during important transactions in order not to fall as a prey
for these crimes.

Computing and its services: This latest trend presents a big challenge for
cyber security, as traffic can go around traditional points of inspection .
Additionally, as the number of applications available in the cloud grows, policy
controls for web applications and cloud services will also need to evolve in
order to prevent the loss of valuable information.

Mobile Networks: Further mobile networks are highly prone to these cyber
crimes a lot of care must be taken in case of their security issues. Mobile
networks Today we are able to connect to anyone in any part of the world. But
for these mobile networks security is a very big concern.

AI in Cybersecurity
AI is revolutionizing cybersecurity by enhancing threat detection, prevention,
and response. Unlike traditional systems, AI leverages advanced data analysis,
machine learning (ML), and neural networks to identify patterns, detect
anomalies, and predict potential attacks.

 Advanced Threat Detection: Real-time analysis of large datasets to uncover

cyber threats.
 Machine Learning: Adaptive models improve accuracy and reduce false
positives.
 Neural Networks: Simulate brain functionality for intrusion detection and
behavior analysis.
 Automation: Handles repetitive tasks, allowing experts to focus on complex
challenges.
 Predictive Analytics: Anticipates attack vectors for proactive defense.
 AI offers a dynamic, intelligent, and efficient approach to combat evolving
cyber threats.

Advanced Threat Detection

One of the main purposes of using artificial intelligence for cybersecurity is
for advanced threat detection. Traditional security is often based on static rules
and signatures, trying to keep up with the dynamic and evolving tactics of
cybercriminals. Artificial intelligence is crucial for quickly analyzing massive
data sets and identifying patterns that indicate potential security breaches
Machine learning algorithms, a subset of artificial intelligence, are adept at
analyzing massive data sets to identify disturbing patterns that may indicate
cyberthreats. This enables you to detect and respond to threats
Predictive Analysis and Risk Assessment
AI works based on data and current trends to forecast potential future
threats. By analyzing patterns and identifying vulnerabilities, AI helps by
actively respond to security threats before they appear in actual attacks. This
predictive analytics plays a main role in setting security measures, allocating
resources efficiently and creating more resilient cybersecurity.
Cyberattack & their remidies:

1. Phishing Attacks

Remedies:

Employee training on recognizing phishing emails.

Use email filters to detect and block phishing attempts.

Implement Multi-Factor Authentication (MFA) for secure access.

2. Ransomware Attacks

Remedies:

Regularly back up critical data and store it offline.

Install and update anti-ransomware software.

Segment networks to prevent the spread of ransomware.

Educate employees on safe browsing and downloading practices.

3. Denial of Service (DoS) & Distributed Denial of Service (DDoS) Attacks

Remedies:

Use DDoS protection services and cloud-based solutions.

Implement rate limiting and traffic monitoring systems.

Have a response plan in place to mitigate downtime.

4. Insider Threats

Remedies:
Restrict access to critical data based on job roles (least privilege principle).

Monitor and log user activities with anomaly detection.

Conduct regular security awareness programs.

5.Supply Chain Attacks

Remedies:

Conduct security assessments of third-party vendors.

Implement strict access controls for external partners.

Regularly audit and monitor supply chain risks.

6. Man-in-the-Middle (MitM) Attacks

Remedies:

Use end-to-end encryption for communication.

Secure networks with VPNs and strong authentication.

Avoid using public Wi-Fi for business operations.

7. Zero-Day Exploits

Remedies:

Keep software and operating systems updated.

Use Intrusion Detection and Prevention Systems (IDPS).

Employ threat intelligence to detect and mitigate risks.

8. SQL Injection & Web Attacks

Remedies:
Use parameterized queries and input validation.

Implement Web Application Firewalls (WAF).

Regularly test and secure web applications.

9. Credential Stuffing

Remedies:

Enforce strong, unique passwords and MFA.

Implement login attempt monitoring and anomaly detection.

Encourage employees to use password managers.

References:

1. https://www.spiceworks.com/it-security/vulnerability-management/
articles/what-is-cyber-threat/
2. https://preyproject.com/blog/what-are-cyber-threats-how-they-affect-you-
what-to-do-about-them
3. https://www.crowdstrike.com/en-us/cybersecurity-101/social-
engineering/types-of-social-engineering-attacks/
4. https://www.nu.edu/blog/what-is-cybersecurity/#:~:text=Cybersecurity
%20protects%20digital%20systems%2C%20networks,and%20processed
%20on%20computer%20systems.
5. https://www.ibm.com/think/topics/cyberthreats-types
6. https://www.researchgate.net/publication/
260126665_A_Study_Of_Cyber_Security_Challenges_And_Its_Emergin
g_Trends_On_Latest_Technologies