Cybersecurity

G.S. Oreku
Types of Cyber Attacks
2023

1
 What is Cyber Attacks?
When there is an unauthorized system/network
access by a third party, we term it as a cyber
attack. The person who carries out a cyberattack
is termed as a hacker/attacker.

Cyber-attacks have several negative effects.

When an attack is carried out, it can lead to data
breaches, resulting in data loss or data
manipulation. Organizations incur financial
losses, customer trust gets hampered, and there
is reputational damage. To put a curb on
cyberattacks, we implement cybersecurity.
Cybersecurity is the method of safeguarding
networks, computer systems, and their
components from unauthorized digital access.

The COVID-19 situation has also had an adverse

impact on cybersecurity. According to Interpol
and WHO, there has been a notable increase in
the number of cyberattacks during the COVID-19 2
pandemic.
 How Often Do Cyber Attacks
Occur?

Cyber attacks are becoming increasingly

common in our modern digital world. They can
cause severe damage to individuals, businesses,
and governments. People launch cyber

When there is an unauthorized system/network

access by a third party, we term it as a cyber
attack. The person who carries out a cyberattack is
termed as a hacker/attacker.

3
 Why do people launch Cyber
Attacks ?

There are many reasons why people launch

cyber attacks, including financial gain,
espionage, activism, and sabotage. In some
cases, cyber-attacks may be politically
motivated to cause damage to their
opponents.

4
 What happens During Cyber
Attacks ?

During a cyber attack, the attacker gains

unauthorized access to a computer system,
network, or device for stealing, modifying, or
destroying data. The attacker may use a
variety of tactics, including malware,
social engineering, or exploiting
vulnerabilities in software or systems.

5
 How do Cyber Attacks
happens ?

Cyber attacks can happen in various

methods. For instance, a hacker can use
phishing methods to trick a user into clicking
a malicious link or entering their login
credentials into a fake website. Alternatively,
a hacker may cause damage to the
vulnerability in the software to access other
devices to steal sensitive information.

6
 What is Botnet?

A network for compromised devices is called

a botnet or "bots," which is controlled by a
single attacker or in a group. These bots can
attack the systems of smartphones and
other devices connected to the internet.

Web-based attack: Performed using a

network of bots to launch website
attacks, like DDoS attacks to flood a
website with traffic, and web scraping,
where the attacker can steal essential
data from websites using bots.
System-based attack: Attackers use
botnets to infect and control the systems
of other devices and spread malware, like
ransomware or spyware, and steal
sensitive data.

7
 Malware Attack?

This is one of the most common types of cyberattacks. “Malware” refers to malicious
software viruses including worms, spyware, ransomware, adware, and trojans.

The trojan virus disguises itself as legitimate software. Ransomware blocks access to
the network's key components, whereas Spyware is software that steals all your
confidential data without your knowledge. Adware is software that displays advertising
content such as banners on a user's screen.
Malware breaches a network through a vulnerability. When the user clicks a dangerous
link, it downloads an email attachment or when an infected pen drive is used.

Let’s now look at how we can prevent a malware attack:

 Use antivirus software. It can protect your computer against malware. Avast
Antivirus, Norton Antivirus, and McAfee Antivirus are a few of the popular antivirus
software.
 Use firewalls. Firewalls filter the traffic that may enter your device. Windows and
Mac OS X have their default built-in firewalls, named Windows Firewall and Mac
Firewall. 8
 Stay alert and avoid clicking on suspicious links.
 Phishing Attack?

Phishing attacks are one of the most prominent widespread types of cyberattacks. It is
a type of social engineering attack wherein an attacker impersonates to be a trusted
contact and sends the victim fake mails.

Unaware of this, the victim opens the mail and clicks on the malicious link or opens
the mail's attachment. By doing so, attackers gain access to confidential information
and account credentials. They can also install malware through a phishing attack.

Phishing attacks can be prevented by following the below-mentioned steps:

 Scrutinize the emails you receive. Most phishing emails have significant errors like
spelling mistakes and format changes from that of legitimate sources.
 Make use of an anti-phishing toolbar.
 Update your passwords regularly.

9
 Password Attack?

It is a form of attack wherein a hacker cracks your password with various programs
and password cracking tools like Aircrack, Cain, Abel, John the Ripper, Hashcat, etc.
There are different types of password attacks like brute force attacks, dictionary
attacks, and keylogger attacks.

Listed below are a few ways to prevent password attacks:

 Use strong alphanumeric passwords with special characters.
 Abstain from using the same password for multiple websites or accounts.
 Update your passwords; this will limit your exposure to a password attack.
 Do not have any password hints in the open.

10
 Man-in-the-Middle Attack?

A Man-in-the-Middle Attack (MITM) is also known as an eavesdropping attack. In this

attack, an attacker comes in between a two-party communication, i.e., the attacker
hijacks the session between a client and host. By doing so, hackers steal and
manipulate data.

As seen below, the client-server communication has been cut off, and instead, the
communication line goes through the hacker.

MITM attacks can be prevented by following the below-mentioned steps:

 Be mindful of the security of the website you are using. Use encryption on your
devices.
 Refrain from using public Wi-Fi networks.

11
 SQL Injection Attack?

A Structured Query Language (SQL) injection attack occurs on a database-driven

website when the hacker manipulates a standard SQL query. It is carried by injecting a
malicious code into a vulnerable website search box, thereby making the server reveal
crucial information.

This results in the attacker being able to view, edit, and delete tables in the databases.
Attackers can also get administrative rights through this.

To prevent a SQL injection attack:

 Use an Intrusion detection system, as they design it to detect unauthorized access
to a network.
 Carry out a validation of the user-supplied data. With a validation process, it keeps
the user input in check.

12
 Denial-of-Service Attack?

A Denial-of-Service Attack is a significant threat to companies. Here, attackers target

systems, servers, or networks and flood them with traffic to exhaust their resources
and bandwidth.

When this happens, catering to the incoming requests becomes overwhelming for the
servers, resulting in the website it hosts either shut down or slow down. This leaves
the legitimate service requests unattended.

It is also known as a DDoS (Distributed Denial-of-Service) attack when attackers use

multiple compromised systems to launch this attack.

Let’s now look at how to prevent a DDoS attack:

 Run a traffic analysis to identify malicious traffic.
 Understand the warning signs like network slowdown, intermittent website
shutdowns, etc. At such times, the organization must take the necessary steps
without delay.
 Formulate an incident response plan, have a checklist and make sure your team 13
and data center can handle a DDoS attack.
 Insider Threat

As the name suggests, an insider threat does not involve a third party but an insider.
In such a case; it could be an individual from within the organization who knows
everything about the organization. Insider threats have the potential to cause
tremendous damages.

Insider threats are rampant in small businesses, as the staff there hold access to
multiple accounts with data. Reasons for this form of an attack are many, it can be
greed, malice, or even carelessness. Insider threats are hard to predict and hence
tricky.

To prevent the insider threat attack:

 Organizations should have a good culture of security awareness.
 Companies must limit the IT resources staff can have access to depending on their
job roles.
 Organizations must train employees to spot insider threats. This will help
employees understand when a hacker has manipulated or is attempting to misuse
the organization's data. 14
 Cryptojacking

The term Cryptojacking is closely related to cryptocurrency. Cryptojacking takes place

when attackers access someone else’s computer for mining cryptocurrency.

The access is gained by infecting a website or manipulating the victim to click on a

malicious link. They also use online ads with JavaScript code for this. Victims are
unaware of this as the Crypto mining code works in the background; a delay in the
execution is the only sign they might witness.

Cryptojacking can be prevented by following the below-mentioned steps:

 Update your software and all the security apps as cryptojacking can infect the most
unprotected systems.
 Have cryptojacking awareness training for the employees; this will help them
detect crypotjacking threats.
 Install an ad blocker as ads are a primary source of cryptojacking scripts. Also have
extensions like MinerBlock, which is used to identify and block crypto mining
scripts.
15
 Zero-Day Exploit

A Zero-Day Exploit happens after the announcement of a network vulnerability; there

is no solution for the vulnerability in most cases. Hence the vendor notifies the
vulnerability so that the users are aware; however, this news also reaches the
attackers.

Depending on the vulnerability, the vendor or the developer could take any amount of
time to fix the issue. Meanwhile, the attackers target the disclosed vulnerability. They
make sure to exploit the vulnerability even before a patch or solution is implemented
for it.

Zero-day exploits can be prevented by:

 Organizations should have well-communicated patch management processes. Use
management solutions to automate the procedures. Thus it avoids delays in
deployment.
 Have an incident response plan to help you deal with a cyberattack. Keep a
strategy focussing on zero-day attacks. By doing so, the damage can be reduced or
completely avoided.
16
 Watering Hole Attack

The victim here is a particular group of an organization, region, etc. In such an attack,
the attacker targets websites which are frequently used by the targeted group.
Websites are identified either by closely monitoring the group or by guessing.

After this, the attackers infect these websites with malware, which infects the victims'
systems. The malware in such an attack targets the user's personal information. Here,
it is also possible for the hacker to take remote access to the infected computer.

Let's now see how we can prevent the watering hole attack:
 Update your software and reduce the risk of an attacker exploiting vulnerabilities.
Make sure to check for security patches regularly.
 Use your network security tools to spot watering hole attacks. Intrusion prevention
systems(IPS) work well when it comes to detecting such suspicious activities.
 To prevent a watering hole attack, it is advised to conceal your online activities. For
this, use a VPN and also make use of your browser’s private browsing feature. A
VPN delivers a secure connection to another network over the Internet. It acts as a
shield for your browsing activity. NordVPN is a good example of a VPN. 17
 Contin…
Spoofing

An attacker impersonates someone or something else to access sensitive information

and do malicious activities. For example, they can spoof an email address or a network
address.

Identity-Based Attacks

Perform to steal or manipulate others' personal information, like login someone's PINs to
steal unauthorized access to their systems.

Code Injection Attacks

Performed by inserting malicious code into a software application to manipulate data. For
example, the attacker puts malicious code into a SQL database to steal data.

Supply Chain Attacks 18

Exploit software or hardware supply chain vulnerabilities to collect sensitive information.

 Contin…
DNS Tunneling

Attacker uses the Domain Name System (DNS) to bypass security measures and
communicate with a remote server.

DNS Spoofing

Cyberattack in which an attacker manipulates the DNS records from a website to control its
traffic.

IoT-Based Attacks

Exploit vulnerabilities in the Internet of Things (IoT), like smart thermostats and security
cameras, to steal data.

Ransomware

Encrypt the victim's data and demands payment in exchange.

19
 Contin…
Distributed Denial of Service (DDos) Attacks

Flood a website with traffic to make it unavailable to legitimate users and to exploit
vulnerabilities in the specific network.

Spamming

Send unauthentic emails to spread phishing scams.

Corporate Account Takeover (CATO)

Hackers use stolen login credentials to access others' bank accounts.

Automated Teller Machine (ATM) Cash Out

Hackers get close to a bank's computer systems to withdraw large amounts of cash from
ATMs.

Whale-Phishing Attacks

Target high-profile individuals like executives or celebrities using sophisticated 20

social engineering techniques to get sensitive information.
 Contin…
Spear-Phishing Attacks:

Target specific individuals or groups under an organization. Attackers use social engineering
techniques to get sensitive information.

URL Interpretation

A web browser interprets a URL (Uniform Resource Locator) and requests the corresponding
web page to exploit vulnerabilities in the URL interpretation.

Session Hijacking

The hacker gets access to a user's session ID to authenticate the user's session with a web
application and take control of the user's session.

Brute Force Attack

An attacker gets unauthorized access to a system by trying various passwords until the
correct one is found. It can be highly effective against weak passwords.
21
 Contin…
Web Attacks

Targets websites and can insert SQL injection, cross-site scripting (XSS) and file inclusion.

Trojan Horses

Malware that appears to be a legitimate program but which contains malicious code. Once
installed, it can perform malicious actions like stealing data and controlling the system.

Drive-by Attacks

The user's system is flooded with malware by visiting its compromised website to exploit
vulnerabilities in other software to insert the malware without the user's knowledge.

Cross-Site Scripting (XSS) Attacks

An attacker inserts unauthorized code into a legitimate website to access the user's information
to steal sensitive information like the user's passwords and credit card details.
22
 Contin…
Eavesdropping Attacks

An attacker intercepts communication between two parties to access sensitive information.

Birthday Attack

A cryptographic attack exploits the birthday paradox to access a collision in a hash function. The
attacker successfully generates two inputs to get the same output hash value. This can be used
to compromise to bypass access controls.

Volume-Based Attacks

The attacker floods a system with heavy data to make it inaccessible to legitimate users. For
instance, DDoS attacks in which various compromised computers flood a specific website with
traffic to crash it.

Protocol Attacks:

Exploits vulnerabilities in network protocols to gain unauthorized access to a system or disrupt

its regular operation. Examples include the Transmission Control Protocol (TCP) SYN Flood attack
and the Internet Control Message Protocol (ICMP) Flood attack. 23
 Contin…
Application Layer Attacks

Targets the application layer of a system, aiming to exploit vulnerabilities in applications or web
servers.

Dictionary Attacks

An attacker attempts to guess a user's password by trying a list of common words. This attack
becomes successful because many users use weak or easy passwords.

Virus

Malicious software can replicate itself and spread to other computers. Viruses can cause
significant damage to systems, corrupt files, steal information, and more.

Worm

Replicates itself and spreads to other computers, but unlike viruses, worms don't require human
interaction. 24
 Contin…
Backdoors

This vulnerability allows attackers to bypass standard authentication procedures and gain
unauthorized access to a system or network.

Bots

These software programs automate network or internet tasks. They can be used for malicious
purposes, such as Distributed Denial of Service (DDoS) attacks.

Business Email Compromise (BEC)

Targets businesses and organizations by using email. The attackers impersonate a trusted source
to trick the victim into transferring funds or sensitive information to the attacker.

Cross-Site Scripting (XSS) Attacks

Targets web applications by injecting malicious code into a vulnerable website to steal sensitive
information or to perform unauthorized attacks.
25
 Contin…
AI-Powered Attacks

Use artificial intelligence and machine learning to bypass traditional security measures.

Rootkits

Provide attackers privileged access to a victim's computer system. Rootkits can be used to hide
other types of malware, such as spyware or keyloggers, and can be challenging to detect and
remove.

Spyware

Is malware designed to collect sensitive information from a victim's computer system. This can
include passwords, credit card numbers, and other sensitive data.

Social Engineering

is a technique cybercriminals use to manipulate users to make them divulge sensitive

information or perform actions that are not in their best interest.
26
 Contin…
Keylogger

Is a malware designed to capture keystrokes a victim enters on their computer system. This can
include passwords, credit card numbers, and other sensitive data.

Botnets

Are networks of compromised computers controlled by a single attacker. Botnets can launch
distributed denial of service (DDoS) attacks, steal sensitive information, or perform other
malicious activities.

Emotet

Is malware designed to steal sensitive information and spread it to other computers on a

network. Emotet is often spread through phishing emails and can be very difficult to detect and
remove.

Adware

Is malware that displays unwanted advertisements on a victim's computer system. Adware can 27
be annoying and disruptive, but it's generally less harmful than other types of malware.
 Contin…
Fileless Malware

Doesn’t rely on files to infect a victim's computer system. Instead, fileless malware executes
malicious code using existing system resources, such as memory or registry keys.

Angler Phishing Attacks

Target individuals or organizations using highly targeted and personalized emails. Angler
phishing attacks can be difficult to detect and are often successful in stealing sensitive
information.

Advanced Persistent Threat (APT)

Is a cyberattack characterized by long-term, persistent access to a victim's computer system.

APT attacks are highly sophisticated and difficult to detect and remove.

28
Current state of
Cybersecurity

Phishing attacks are still

number 1

Ransomware attacks are

on the rise

Social Engineering is the

leading attack vector for
scams

29
Cost of Cybersecurity Attacks

30
Phishing Attacks

Phishing emails
e.g. COVID 19 vaccines

Vishing
e.g. Computer technician call to
fix a virus on your machine

Smishing
e.g. TRA text messages to claim a
tax refund
31
Phishing Examples
Phishing Examples
 Ransomware
Type of malware that encrypts data specifically
asking for payment in order to restore access.

How? Protect
Yourself
Email Regular backups
attachments

Website Updates
downloads

Email links Verify emails

Website links Don’t PAY!

34
 Why is Cyber Security so important?

• Everything is CONNECTED!

• Personal documents

• Identity

• Finances

• Digital footprint

35
How can I protect
myself?
 Passwords

• Long and strong. Passphrases

• Enable 2FA where possible
• Change default passwords
• Don’t reuse passwords across accounts
• Use a Password manager (LastPass is FREE)
 Updates

• Ensure all devices are on their latest updates.

• Turn on AUTOMATIC UPDATES
• Make time for updates
• Spring clean your apps regularly
 Be aware of Scams

1. Phishing - email
2. Vishing – phone call
3. Smishing – text messages

Look out for:

4. Urgency
5. Asking for personal/financial information
6. Unsolicited
7. Contain links and downloadable files
8. Bad grammar
9. Too good to be true
 Search Yourself (Digital
Footprint)

• Privacy controls
• Be mindful of what you share
• Review app privacy collection
 Creating a Cyber secure home checklist

• Are my devices secure?

• Using VPN to access University systems?
• Beware of using FREE Wi-Fi
• Do I have anti virus installed?
• Am I backing up my important files? Cloud & Local
• Are my devices up to date?
• Enable two-factor authentication (2FA) where possible
• STOP. THINK BEFORE YOU CLICK.
 Helpful Websites

• Scamwatch
• Stay Smart Online
• SANS Security Awareness Blog
Thank you!