Introduction About The Cyber Attacks And What They Do
Why do cyber-attacks happen?
- In addition to cybercrime, cyber attacks can also be associated with cyber
warfare or cyber terrorism, like hacktivists. Motivations can vary, in other
words. And in these motivations, there are three main categories: criminal,
political, and personal.
- Criminally motivated attackers seek financial gain through money theft, data
theft, or business disruption. Likewise, the personally motivated, such as
disgruntled current or former employees, will take money, data, or a mere chance
to disrupt a company's system. However, they primarily seek retribution.
Socio-political motivated attackers seek attention for their causes. As a
result, they make their attacks known to the public-also known as hacktivism.
Other cyber-attack motivations include espionage, spying-to gain an unfair
advantage over competitors-and intellectual challenge.
Who is behind cyber attacks?
External cyber threats include:
- Criminal organizations, state actors, and private persons can launch
cyberattacks against enterprises. One way to classify cyber-attack risks is by
outsider versus insider threats.
- Organized criminals or criminal groups
- Professional hackers, like state-sponsored actors
- Amateur hackers, like hacktivists
Insider threats are users who have authorized and legitimate access to a
company's assets and abuse them either deliberately or accidentally. They
- Employees careless of security policies and procedures
- Disgruntled current or former employees
- Business partners, clients, contractors, or suppliers with system access
What do cyber attackers target?Cyberattacks happen because organizations, state actors, or private persons want
one or many things, like:
- Business financial data
- Clients lists
- Customer financial data
- Customer databases, including personally identifiable information (PII)
- Email addresses and login credentials
- Intellectual property, like trade secrets or product designs
- IT infrastructure access
- IT services, to accept financial payments
- Sensitive personal data
- US government departments and government agencies
What can cyber attacks do?
If successful, cyber-attacks can damage enterprises. They can cause valuable
downtime, data loss or manipulation, and money loss through ransoms. Further,
downtime can lead to major service interruptions and financial losses.
- DoS, DDoS, and malware attacks can cause system or server crashes.
- DNS tunneling and SQL injection attacks can alter, delete, insert or steal data
into a system.
- Phishing and zero-day exploit attacks allow attackers entry into a system to
cause damage or steal valuable information.
- Ransomware attacks can disable a system until the company pays the attacker a
As an illustration, DarkSide, a ransomware gang, attacked Colonial Pipeline, a
large US refined products pipeline system, on April 29, 2021. Through a virtual
private network (VPN) and compromised password (link resides outside of ibm.com),
this pipeline cyberattack gained entry into the company's networks and disrupted
In effect, DarkSide shut down the pipeline that carries 45%
of the gas, diesel, and jet fuel supplied to the US east coast. They soon
followed their shutdown with a ransom note, demanding almost USD 5 Million
Bitcoin cryptocurrency, which Colonial Pipeline paid, (link resides outside of
After all, Colonial Pipeline hired a third-party cybersecurity firm and informed
federal agencies and US law enforcement. USD 2.3 million of the ransom paid was
Types Of Cyber-Attacks In India
Ransomware is a malware designed to use encryption to force the target of the
attack to pay a ransom demand. Once present on the system, the malware encrypts
the user's files and demands payment in exchange for the decryption key. Since
modern encryption algorithms are unbreakable with the technology available, the
only way to recover the encrypted files is to restore the data from a backup (if
available) or to pay the ransom demand.
Ransomware has become one of the most visible and prolific types of malware, and
the COVID-19 pandemic provided an environment in which this type of malware has
thrived. In recent years, some ransomware variants have also evolved to perform
"double extortion" attacks. Maze, Sodinokibi/REvil, Doppler Paymer, Nemty, and
other ransomware variants steal copies of files before encryption, threatening
to breach them if the user refuses to pay the ransom demand. While this trend
began in late 2019 with Maze, it has continued to grow as more groups adopted it
Ransomware is a type of malware but far from the only type. Malware comes in a
variety of different forms and can be used to achieve several different
objectives. Malware variants may be designed to do anything from collecting and
stealing sensitive information to presenting unwanted ads to causing permanent
damage to an infected machine.
The most common types of malware vary from one year to another as different
types of attacks become more or less profitable to attackers.
In 2020, the most
common forms of malware include:
Malware that uses the victim's computer to mine cryptocurrency
and make a profit for the attacker.
- Mobile Malware:
Malware targeting mobile devices, including malicious
applications and attacks exploiting SMS and social media apps.
- Botnet Malware:
Malware that infects a system and adds it to a botnet, where it
participates in cyberattacks and other illegal activity under the command of the
- Info stealers:
Malware that collects sensitive information from an infected
computer and sends it to the malware operator.
- Banking Trojans:
Malware that specifically targets financial information and
attempts to steal banking website credentials and similar information.
Malware that encrypts the files on a user's computer and demands
payment for the decryption key.
- Fileless Attacks
Antivirus solutions commonly attempt to detect malware on a device by inspecting
each file on the device for signs of malicious content. Fileless malware
attempts to bypass this approach to threat detection by not using a file.
Instead, the malware is implemented as a set of commands to functions that are
built into the infected computer. This enables the malware to achieve the same
objectives but can make it harder to detect for some defensive solutions.
The main differentiator of fileless malware is its lack of files; it performs
many of the same functions as traditional malware. For example, FritzFrog – a
fileless peer-to-peer (P2P) botnet malware detected in August-2020 – is designed
to infect systems and mine cryptocurrency.
Phishing is one of the most common methods that attackers use to gain access to
a target system. Often, it is easier to trick a user into clicking on a
malicious link or opening an attachment than it is to locate and successfully
exploit a vulnerability in an organization's network. Phishing attacks can
achieve a variety of goals, including credential theft, malware delivery,
financial fraud, and theft of sensitive data.
Phishing has historically been the most common method for cyberattackers to
launch a campaign due to its ease of use and high success rate. During the
COVID-19 pandemic, this trend only accelerated as cybercriminals took advantage
of employees working from outside the office and the climate of uncertainty
regarding the virus.
The COVID-19 pandemic also amplified the effect of common phishing lures. For
example, Black Friday and Cyber Monday are commonly exploited pretexts for
phishers, and the rise in online shopping due to COVID-19 made it especially
effective in 2020. As a result, the volume of phishing emails doubled in the
weeks leading up to Black Friday and Cyber Monday compared to the beginning of
the previous month.
- Man-in-the-Middle (MitM) Attack
Many network protocols are protected against eavesdroppers by encryption, which
makes the traffic impossible to read. A Man-in-the-Middle (MitM) attack bypasses
these protections by breaking a connection into two pieces. By creating a
separate, encrypted connection with the client and the server, an attacker can
read the data sent over the connection and modify it as desired before
forwarding it to its destination.
MitM attacks can be defeated using protocols like HTTPS. However, the rise of
mobile makes this a more dangerous attack vector. Mobile apps provide little or
no visibility to their users regarding their network connections and maybe use
insecure protocols for communication that are vulnerable to MitM attacks.
- Malicious Apps
Many organizations focus their cybersecurity efforts on computers, but mobile
devices are a growing threat to an organization's cybersecurity. As employees
increasingly use mobile devices to do their work and access sensitive company
data, malicious mobile applications are increasingly dangerous. These
applications can do anything that desktop malware can, including stealing
sensitive data, encrypting files with ransomware, and more.
In 2020, mobile malware was the second most common type of malware worldwide.
The most common mobile malware variants – including helper, PreAMp, and Necro –
are all Trojans with additional functionality, including ad fraud and click
fraud. Mobile malware commonly takes advantage of vulnerabilities in mobile
operating systems, like the remote code execution (RCE) vulnerability fixed in a
batch of 43 Android Patches in January 2021.
Inside the Top Cyber Threats
Cybercriminals are constantly innovating, and the top cyber threats that
organizations face change regularly as attackers adapt to changing
Beyond the Top Threats
This list of top threats is not exhaustive and does not cover all active threats
to access cybersecurity. Examples of other common cybersecurity threats include:
How does the Cyber Kill Chain Works?
- DNS Tunneling
- DNS Spoofing
- SQL injection
- Jailbreaking and Rooting
- OS exploits
There are several core stages in the cyber kill chain. They range from
reconnaissance (often the first stage in a malware attack) to the lateral
movement (moving laterally throughout the network to get access to more data) to
data exfiltration (getting the data out). All of your common attack vectors –
whether phishing or brute force or the latest strain of malware – trigger
activity on the cyber kill chain.
The observation stage: attackers typically assess the situation from the
outside-in, to identify both targets and tactics for the attack, they make this
list, not specifically, but they almost target their next fish to be caught up
in their trap.
Based on what the attackers discovered in the reconnaissance phase, they're able
to get into your systems: often leveraging malware or security vulnerabilities
and through this, they can tack up your information and discover or can explore
your website check or findings of articles, etc.
The act of exploiting vulnerabilities, and delivering malicious code onto the
system, to get a better foothold on what they were trying to catch up into your
system so that they can further ahead collect your information.
Attackers often need more privileges on a system to get access to more data and
permissions: for this, they need to escalate their privileges often to an Admin
this can work more on the admin of some of the groups like on telegram or
WhatsApp to get the whole of information to either defame your group or
something like that.
Once they're in the system, attackers can move laterally to other systems and
accounts to gain more leverage: whether that's higher permissions, more data, or
greater access to systems.
Obfuscation / Anti-forensics
To successfully pull off a cyberattack, attackers need to cover their tracks,
and in this stage, they often lay false trails, compromise data, and clear logs
to confuse and/or slow down any forensics team.
Denial of Service
Disruption of normal access for users and systems, to stop the attack from being
monitored, tracked, or blocked.
The extraction stage: getting data out of the compromised system.
Cyber Attacks Data Breaches In India
SIM Swap Fraud
In August 2018, two men from Navi Mumbai were arrested for cybercrime. They were
involved in fraudulent activities concerning money transfers from the bank
accounts of numerous individuals by getting their SIM card information through
These fraudsters were getting the details of people and were later blocking
their SIM Cards with the help of fake documents post which they were carrying
out transactions through online banking.
They were accused of transferring 4 crore Indian Rupees effectively from various
accounts. They even dared to hack the accounts of a couple of companies.
Prevention: The information required for such a scheme is gathered via various
public domains and is misused later. Sharing personal information with unknown
applications and domains can help in minimizing the risk of having your personal
information reaching people with malicious content.
Fraudsters use the victim's information in various scams and trick them into
fraudulent activities. It is advisable therefore that the site where the
individual is entering his banking or other details should be verified for
authenticity, as scammer uses the fake site to get the information directly from
Provisions Of Law And Acts Under The Indian Legal System:
Indian Penal Code On Cyber Terrorism:
- Section 292 of IPC
- Section 354C of IPC
- Section 354D of IPC
Acts Under The Information And Technology Act, 2000:
Cyber Crimes Under Special Acts
- Hacking and Data Theft: Sections 439 (h) and 66 of the IT Act
- Tampering with Computer Source Document: Section 65 of the IT Act
- Receipt of Stolen Property: Section 66B of the IT Act
- Identity Theft and Cheating by Personation: Section 66C of the IT Act.
- Section 66D of the IT Act
- Violation of Privacy: Section 66E of the IT Act
- Obscenity: Sections 67, 67A, and 67B of the IT Act
- Cyber Terrorism: Section 66F of the IT Act
- Section 419
- Section 420 of IPC
- Section 468 of IPC
- Section 469 of IPC
- Section 500 of IPC
- Section 504 of IPC
- Section 506 of IPC
- Section 509 of IPC
Other cyber laws in India
- Online sale of Drugs under Narcotic Drugs and Psychotropic Substances Act
- Online sale of Arms under Arms Act
Apart from The Information Technology Act 2000 and the Indian Penal Code 1860,
there are various other laws relating to cybercrime in India. There are many
civil laws as well as Tort laws related to the same. They are as follows:
Applicability of IT Act and IPC both in Cybercrime
- Common law (governed by the general principles of law)
- The Information Technology (Amendment) Act, 2008 and 2009
- The Information Technology (Removal of difficulties) Order, 2002
- The Information Technology (Certifying Authorities) Rules, 2000
- The Information Technology (Certifying Authorities) Regulations, 2001
- The Information Technology (Securities Procedure) Rules, 2004
- The Bankers` Book Evidence Act, 1891
- The Reserve Bank of India Act, 1934
- Various laws relating to IPRs
Now, the greatest ambiguity ever relating to the applicability of both
Information and Technology Act, 2000 and Indian Penal Code, 1860 simultaneously
in the Cyber Crimes is prevalent these days also in front of Hon'ble Judiciary.
The ambiguity was resolved by the Hon'ble High Court of Bombay on 6 Nov 2018
which explicitly delivered its Judgment, in the case of Data Theft being lodged
by a Kolhapur-based company that develops software for the hospital management
against its employees alleging data theft resulting in wrongful losses to the
Company. The provisions of IPC for the crime of cheating, breach of trust, and
theft were invoked, even when it was in purview, and were also tried under
Section 43 and Section 66 of the IT Act.
The High Court highly relied on the
decision of Hon'ble Supreme Court of India in the famous case of Sharat Babu
Digumar v. NCT of Delhi
, and said that "Prosecuting the petitioners under the
both IPC and IT Act would be a brazen violation of protection against the double
jeopardy, and we are also having a special law in the form of IT Act for
specifically curbing and preventing the cyber crimes, in such circumstances
prosecution under both the laws for the same offense is unconstitutional."
Even on 24 March 2015 the Hon'ble Supreme Court of India, gave a verdict
striking-off Section 66-A of the Information and Technology Act, 2000 as
unconstitutional in its entirety. It was done due to its massive misuse by the
Investigating Authorities against innocent individuals.
Recently Hon'ble High Court of Bombay also ruled that the Admins of the Whatsapp
Groups cannot be held liable for posting any fake or obscene messages by the
members in the group under Section 66-A of the IT Act, 2000 as they cannot be
punished for the offense which they haven't committed, however giving instant
reaction or removing the member immediately from the Group, or enable only admin
can post feature is obligatory on the Admin to justify his bonafide intention in
the eyes of law.
The second wave of the pandemic has hit India hard from a cybersecurity
perspective. There has been a rise in recent cyber-attacks in India in 2021,
with cybercriminals taking advantage of the situation and finding new ways to
breach data. If we analyze the news of cyber-attacks in 2021, we will observe
increased COVID-19 cyber threats and supply chain attacks.
Impact On The Society Because Of Cyber Attacks:
Cyber attacks in India have notably been a very serious and rising issue in
India. This has been damaging society at the higher end. The main aim according
to me of all these cyber attacks is to defame individuals for financial gains or
for the satisfaction of one's revenge from that individual. Talking about
gaining fast monetary or financial benefits is most likely to increase the
threat of cyber attacks. These cyber attackers have a chain through which they
follow up the steps and reach their targets.
These chains of cyber-attackers
have a lot in common. The phishing type which is also a type of cyber-attack
does not have any hard-core rule or section under which the criminals can get
convicted and the aggrieved party may get relief but rather the Delhi High Court
had made the act of Phishing illegal under the Indian Law. The cyberattack has
risen massively in the past few years where the cases of bankrupts, defamation,
cybercrimes, cyber terrorism, financial scams, illegally spoiling or violating
the cyber-security were seen at the greater end.
The reason behind the cyberattacks is black money. The security given to the cyber branches and also
to the computers in the corporate are at higher cost and security, but still,
the cybercriminals are to be seen to trespass this boundary of security and to
make their way through the computers to capture the information, especially any
such person or company-related security information to defame the other person
or the company. Many important files are seen to be leaked from the saved files
they use the virus technology that is to be inserted inside the track of the
computer so that they can get to the information which they want for their use.
Personal satisfaction and the other person's defamation of their image or about
their company defamation is the main goal behind the cyber attacks in India
especially. Society on the other hand plays a very important role. Whenever any
such crimes take place or else occur in the society the people living in the
society at large take it as massive destruction.
And according to me, any such
irregular change which, is negative, especially crimes such as cyber-attacks
negatively places the society, people's mentality changes according to the
crimes which take place it places a negative impact on society, to this our
legal system should take much stronger and unbiased decisions against any such
crimes, so that there will be a lesser negative impact on people about this such
crimes and more trust and support form the Judiciary, there are law firms who
have special protection for such crimes so that their data which are gathered by
them of their clients are not breached at any cost and also certain firms to
this like the other firms can also take up this kind of security of inserting
the SQL injection to their computers, or also to take up the IP's and IPE'S
Cyber attacks and cyber terrorisms are the activities that are enough to
devastate one's life or property at a time, people nowadays have gone too far
with technology, having smart gadgets, and to use those gadgets smartly and
appropriately, people have now started to think to use theses gadgets not with a
thought to gain information or use it for help but rather to torcher and disrupt
people's life and their property, in the above research paper I have mentioned
several phases and supply and kill chains of these cyber terrorists, which are
Before finding an appropriate solution for the said cyberattacks and
maintaining your private data and information related to your property which may
be of anything, let us see what are the defects which are modified as the
loopholes where these attackers take a big turn and they are your android or IoS
systems where you keep your information in some apps which thereafter take your
passwords and details ahead for protecting such data, this is one of the biggest
traps where the attackers take these steps into their data system in their
computers and take your information, they have big connections and a hardcore
knowledge of the Cyberworld through which they can heed your every activity on
I think that the most critique of these are the apps that take advantage of
your jitteriness while you are surfing. For instance when you are probably
looking out for a research paper or for some of the information that you want to
search or copy-paste from a website, now when you are doing this they will track
your internet surfing and when you want to explore such information while you
are on their tracking trap they may give you a notification which says accept
for which due to your jitteriness you accept that cookie on the
Internet, and now you are one of the fish caught up in their trap, these are
called the Internet Cookie
which are not really to buck up but rather
these are the cookies which take up your information which you may want to
pursue and then give it to the respective website, while this happens the
hackers or attacker have a close watch out on their surf and when they catch you
in their range it's simpler to get your information to hack the app through
which your are taking up some information or posting something, they track your
surfing due to the activity procedures and thereafter hack your apps.
Google sometimes while you are surfing on the Internet gives you an alarm for
such websites which are not known or are unknown or dangerous but people still
go out for such websites and get themselves track.
Fast Internet, Hyperness, low offline workload, and moving towards lightning
speed technology has given rise to such problems and an easy way to gain more
and more money and make pockets a gold treasure to these cyber attackers.