catfishing What is a catfish?

A catfish is someone who sets up a fake online profile to

trick people who are looking for love, usually to get money out of them.

MFA Multifactor Authentication

Malware attack
Malware, short for malicious software, is an umbrella term used to refer to a hostile or
intrusive program or file that's designed to exploit devices at the expense of the user and
to the benefit of the attacker. There are various forms of malware that all use evasion and
obfuscation techniques designed to not only fool users, but also elude security controls so
they can install themselves on a system or device surreptitiously without permission.

Currently, the most feared form is ransomware, a program that attackers use to encrypt a
victim's files and then demand a ransom payment in order to receive the decryption key.
Because of ransomware's prominence, it's covered in more detail below in its own
section. The following are some other common types of malware:

 Rootkit. Unlike other malware, a rootkit is a collection of software tools used to open
a backdoor on a victim's device. That enables the attacker to install additional
malware, such as ransomware and keyloggers, or to gain remote access to and control
of other devices on the network. To avoid detection, rootkits often disable security
software. Once the rootkit has control over a device, it can be used to send spam
email, join a botnet or collect sensitive data and send it back to the attacker.

 Trojan. A Trojan horse is a program downloaded and installed on a computer that

appears harmless but is, in fact, malicious. Typically, this malware is hidden in an
innocent-looking email attachment or free download. When a user clicks on the
attachment or downloads the program, the malware is transferred to their computing
device. Once inside, the malicious code executes whatever task the attacker designed
it to perform. Often, this is to launch an immediate attack, but it can also create a
backdoor for the hacker to use in future attacks.
 Spyware. Once installed, spyware monitors the victim's internet activity, tracks login
credentials and spies on sensitive information -- all without the user's consent or
knowledge. For example, cybercriminals use spyware to obtain credit card and bank
account numbers and to get passwords. Government agencies in many countries also
use spyware -- most prominently, a program named Pegasus -- to spy on activists,
politicians, diplomats, bloggers, research laboratories and allies.

Security
teams need to be prepared for all of these cyberattacks.
2. Ransomware attack
Ransomware is usually installed when a user visits a malicious website or opens a
doctored email attachment. Traditionally, it exploits vulnerabilities on an infected device
to encrypt important files, such as Word documents, Excel spreadsheets, PDFs, databases
and system files, making them unusable. The attacker then demands a ransom in
exchange for the decryption key needed to restore the locked files. The attack might
target a mission-critical server or try to install the ransomware on other devices
connected to the network before activating the encryption process so they're all hit
simultaneously.
To increase the pressure on victims, attackers also often threaten to sell or leak data
exfiltrated during an attack if the ransom isn't paid. In fact, in a shift in ransomware
tactics, some attackers are now relying solely on data theft and potential public
disclosures to extort payments without even bothering to encrypt the data. That change
might have contributed to record-breaking numbers of ransomware attacks reported in
2023 by cybersecurity vendors and researchers. Check Point Research said 10% of
organizations worldwide were targeted by attempted attacks.

Everyone is a possible ransomware target, from individuals and small businesses to large
organizations and government agencies. The attacks can have a seriously damaging
impact. In a well-known incident, the WannaCry ransomware attack in 2017 affected
organizations in over 150 countries with the disruption to hospitals costing the U.K.'s
National Health Service alone around $111 million. More recently, the U.K.'s Royal Mail
fell victim to a ransomware attack in 2023 that encrypted crucial files, preventing
international shipments for six weeks. Royal Mail refused to pay the initial ransom
demand of $80 million or subsequent reduced amounts but said it spent almost $13
million on remediation work and security improvements. In addition, data stolen in the
attack was posted online.

Also in 2023, a ransomware attack on MGM Resorts International cost the hotel and
casino company an estimated $100 million, disrupted its operations and resulted in the
theft of personal information on customers. Caesars Entertainment negotiated a ransom
payment of $15 million after a similar attack in an effort to prevent stolen data from
being published online, according to The Wall Street Journal. Ransomware is such a
serious problem that the U.S. government in 2021 created a website
called StopRansomware that provides resources to help organizations prevent attacks, as
well as a checklist on how to respond to one.

3. Password attack
Despite their many known weaknesses, passwords are still the most common
authentication method used for computer-based services, so obtaining a target's password
is an easy way to bypass security controls and gain access to critical data and systems.
Attackers use various methods to illicitly acquire passwords, including these:

 Brute-force attack. An attacker can try well-known passwords, such as

password123, or ones based on information gathered from a target's social media
posts, like the name of a pet, to guess user login credentials through trial and error. In
other cases, they deploy automated password cracking tools to try every possible
combination of characters.

 Dictionary attack. Similar to a brute-force attack, a dictionary attack uses a

preselected library of commonly used words and phrases, depending on the location
or nationality of the victim.

 Social engineering. It's easy for an attacker to craft a personalized email or text
message that looks genuine by collecting information about someone from their social
media posts and other sources. As a form of social engineering, these messages can be
used to obtain login credentials under false pretenses by manipulating or tricking the
person into disclosing the information, particularly if they're sent from a fake account
impersonating someone the victim knows.

 Keylogging. A keylogger is a software program that secretly monitors and logs every
keystroke by users to capture passwords, PIN codes and other confidential
information entered via the keyboard. This information is sent back to the attacker via
the internet.

 Password sniffing. A password sniffer is a small program installed on a network that

extracts usernames and passwords sent across the network in cleartext. While still
used by attackers, it's no longer the threat it used to be because most network traffic is
now encrypted.

 Stealing or buying a password database. Hackers can try to breach an

organization's network defenses to steal its database of user credentials and then either
use the data themselves or sell it to others.
In a 2023 survey by TechTarget's Enterprise Strategy Group research division, 45% of
the 377 respondents said they knew user accounts or credentials had been compromised
in their organization during the past 12 months, while 32% suspected they had been. Of
all those respondents, 59% said such compromises led to successful cyberattacks. Also,
Verizon's "2023 Data Breach Investigations Report" found that using stolen credentials
was by far the top way in which attackers accessed systems in breached organizations
with 49% of 4,291 documented breaches involving their use.

4. DDoS attack
A distributed denial-of-service (DDoS) attack involves the use of numerous compromised
computer systems or mobile devices to target a server, website or other network resource.
The goal is to slow it down or crash it completely by sending a flood of messages,
connection requests or malformed packets, thereby denying service to legitimate users.

Almost 7.9 million DDoS attacks were launched in the first half of 2023, a 31% year-
over-year increase, according to a report by performance management and security
software vendor Netscout. Political or ideological motives are behind many of the
attacks, but they're also used to seek ransom payments -- in some cases, attackers threaten
an organization with a DDoS attack if it doesn't meet their ransom demand. Attackers are
also harnessing the power of AI tools to improve attack techniques and direct their
networks of slave machines to perform DDoS attacks accordingly. Worryingly, AI is now
being used to enhance all forms of cyberattacks, although it has potential cybersecurity
uses, too.

5. Phishing
In phishing, an attacker masquerades as a reputable organization or individual to trick an
unsuspecting victim into handing over valuable information, such as passwords, credit
card details and intellectual property. Based on social engineering techniques, phishing
campaigns are easy to launch and surprisingly effective. Emails are most commonly used
to distribute malicious links or attachments, but phishing attacks can also be conducted
through text messages (SMS phishing, or smishing) and phone calls (voice phishing, or
vishing).

Spear phishing targets specific people or companies, while whaling attacks are a type of
spear phishing aimed at senior executives in an organization. A related attack is the
business email compromise (BEC) in which an attacker poses as a top executive or other
person of authority and asks employees to transfer money, buy gift cards or take other
actions. The FBI's Internet Crime Complaint Center puts phishing and BEC attacks in
separate categories. In 2022, the last year for which data has been released, it received
21,832 complaints about BEC attacks with total losses of more than $2.7 billion and
300,497 phishing complaints that generated $52 million in losses.

6. SQL injection attack

Any website that is database-driven -- and that's the majority of websites -- is susceptible
to SQL injection attacks. A SQL query is a request for some action to be performed on a
database, and a well-constructed malicious request can create, modify or delete the data
stored in the database. It can also read and extract data such as intellectual property,
personal information of customers or employees, administrative credentials and private
business details.

SQL injection continues to be a widely used attack vector. It was third on the 2023
Common Weakness Enumeration (CWE) Top 25 list of the most dangerous software
weaknesses, which is maintained by The Mitre Corp. In 2023, according to the website
CVEdetails.com, more than 2,100 SQL injection vulnerabilities were added to the CVE
database, a separate catalog of common vulnerabilities and exposures that Mitre also
manages. In a high-profile example of a SQL injection attack, attackers used one of those
new vulnerabilities to gain access to Progress Software's MoveIt Transfer web
application, leading to data breaches at thousands of organizations that use the file
transfer software.

7. Cross-site scripting
This is another type of injection attack in which an attacker adds a malicious script to
content on a legitimate website. Cross-site scripting (XSS) attacks occur when an
untrusted source is able to inject code into a web application and the malicious code is
then included in webpages that are dynamically generated and delivered to a victim's
browser. This enables the attacker to execute scripts written in languages such as
JavaScript, Java and HTML in the browsers of unsuspecting website users.

Attackers can use XSS to steal session cookies, which lets them pretend to be victimized
users. But they can also distribute malware, deface websites, seek user credentials and
take other damaging actions through XSS. In many cases, it's combined with social
engineering techniques, such as phishing. A constant among common attack vectors, XSS
ranked second on the CWE Top 25 list for 2023.

8. Man-in-the-middle attack
In a man-in-the-middle (MitM) attack, the attacker secretly intercepts messages between
two parties -- for example, an end user and a web application. The legitimate parties
believe they're communicating directly with each other, but in fact, the attacker has
inserted themselves in the middle of the electronic conversation and taken control of it.
The attacker can read, copy and change messages, including the data they contain, before
forwarding them on to the unsuspecting recipient, all in real time.

A successful MitM attack enables attackers to capture or manipulate sensitive personal

information, such as login credentials, transaction details, account records and credit card
numbers. Such attacks often target the users of online banking applications and e-
commerce sites, and many involve the use of phishing emails to lure users into installing
malware that enables an attack.

9. URL interpretation/URL poisoning

It's easy for attackers to modify a URL in an effort to access information or resources.
For example, if an attacker logs in to a user account they've created on a website and can
view their account settings at https://www.awebsite.com/acount?user=2748, they can
easily change the URL to, say, https://www.awebsite.com/acount?user=1733 to see if
they can access the account settings of the corresponding user. If the site's web server
doesn't check whether each user has the correct authorization to access the requested
resource, particularly if it includes user-supplied input, the attacker likely will be able to
view the account settings of every other user on the site.

A URL interpretation attack, also sometimes referred to as URL poisoning, is used to

gather confidential information, such as usernames and database records, or to access
admin pages that are used to manage a website. If an attacker does manage to access
privileged resources by manipulating a URL, it's commonly due to an insecure direct
object reference vulnerability in which the site doesn't properly apply access control
checks to verify user identities.

10. DNS spoofing

The DNS enables users to access websites by mapping domain names and URLs to the IP
addresses that computers use to locate sites. Hackers have long exploited the insecure
nature of DNS to overwrite stored IP addresses on DNS servers and resolvers with fake
entries so victims are directed to an attacker-controlled website instead of the legitimate
one. These fake sites are designed to look exactly like the sites that users expected to
visit. As a result, victims of a DNS spoofing attack aren't suspicious when asked to enter
their account login credentials on what they think is a genuine site. That information
enables the attackers to log in to user accounts on the sites being spoofed.

11. DNS tunneling

Because DNS is a trusted service, DNS messages typically travel through an
organization's firewalls in both directions with little monitoring. However, this means an
attacker can embed malicious data, such as command-and-control messages, in DNS
queries and responses to bypass -- or tunnel around -- security controls. For example, the
hacker group OilRig, which has suspected ties to Iran, is known to use DNS tunneling to
maintain a connection between its command-and-control server and the systems it's
attacking.
A DNS tunneling attack uses a tunneling malware program deployed on a web server
with a registered domain name. Once the attacker has infected a computer behind an
organization's firewall, malware installed there attempts to connect to the server with the
tunneling program, which involves a DNS request to locate it. This provides a connection
for the attacker into a protected network.

There also are valid uses for DNS tunneling -- for example, antivirus software vendors
send malware profile updates in the background via DNS tunneling. As a result, DNS
traffic must be monitored to ensure that only trusted traffic is allowed to flow through a
network.

12. Botnet attack

A botnet is a group of internet-connected computers and networking devices that are
infected with malware and controlled remotely by cybercriminals. Vulnerable IoT
devices are also being compromised by attackers to increase the size and power of
botnets. They're often used to send email spam, engage in click fraud campaigns and
generate malicious traffic for DDoS attacks.

When the Meris botnet was discovered in 2021, for example, security researchers at
software vendor Cloudflare said attackers were using it to launch DDoS attacks against
about 50 different websites daily. Meris is also responsible for some of the largest DDoS
attacks on record thanks to its use of HTTP pipelining and its size, which was estimated
at about 250,000 bots in 2021. The objective for creating a botnet is to infect as many
devices as possible and then use the combined computing power and resources of those
devices to automate and magnify malicious activities.

13. Watering hole attack

In what's known as a drive-by attack, an attacker uses a security vulnerability to add
malicious code to a legitimate website so that, when users go to the site, the code
automatically executes and infects their computer or mobile device. It's one form of
a watering hole attack in which attackers identify and take advantage of insecure sites
that are frequently visited by users they wish to target -- for example, employees or
customers of a specific organization or even in an entire sector, such as finance,
healthcare and the military.

Because it's hard for users to identify a website that has been compromised by a watering
hole attack, it's a highly effective way to install malware on their devices. With the
prospective victims trusting the site, an attacker might even hide the malware in a file that
users intentionally download. The malware in watering hole attacks is often a remote
access Trojan that gives the attacker remote control of infected systems.

14. Insider threat

Employees and contractors have legitimate access to an organization's systems, and some
have an in-depth understanding of its cybersecurity defenses. This can be used
maliciously to gain access to restricted resources, make damaging system configuration
changes or install malware. Insiders can also inadvertently cause problems through
negligence or a lack of awareness and training on cybersecurity policies and best
practices.

It was once widely thought that insider threat incidents outnumbered attacks by outside
sources, but that's no longer the case. Verizon's 2023 data breach report said external
actors were responsible for more than 80% of the breaches that were investigated.
However, insiders were involved in 19% of them -- nearly one in five. Some of the most
prominent data breaches have been carried out by insiders with access to privileged
accounts. For example, Edward Snowden, a National Security Agency contractor with
administrative account access, was behind one of the largest leaks of classified
information in U.S. history starting in 2013. In 2023, a member of the Massachusetts Air
National Guard was arrested and charged with posting top-secret and highly classified
military documents online.

15. Eavesdropping attack

Also known as network or packet sniffing, an eavesdropping attack takes advantage of
poorly secured communications to capture traffic in real time as information is
transmitted over a network by computers and other devices. Hardware, software or a
combination of both can be used to passively monitor and log information and
"eavesdrop" on unencrypted data from network packets. Network sniffing can be a
legitimate activity done by network administrators and IT security teams to resolve
network issues or verify traffic. However, attackers can exploit similar measures to steal
sensitive data or obtain information that enables them to penetrate further into a network.

To enable an eavesdropping attack, phishing emails can be used to install malware on a

network-connected device, or hardware can be plugged into a system by a malicious
insider. An attack doesn't require a constant connection to the compromised device -- the
captured data can be retrieved later, either physically or by remote access. Due to the
complexity of modern networks and the sheer number of devices connected to them, an
eavesdropping attack can be difficult to detect, particularly because it has no noticeable
impact on network transmissions.

16. Birthday attack

This is a type of cryptographic brute-force attack for obtaining digital signatures,
passwords and encryption keys by targeting the hash values used to represent them. It's
based on the "birthday paradox," which states that, in a random group of 23 people, the
chance that two of them have the same birthday is more than 50%. Similar logic can be
applied to hash values to enable birthday attacks.

A key property of a hash function is collision resistance, which makes it exceedingly

difficult to generate the same hash value from two different inputs. However, if an
attacker generates thousands of random inputs and calculates their hash values, the
probability of matching stolen values to discover a user's login credentials increases,
particularly if the hash function is weak or passwords are short. Such attacks can also be
used to create fake messages or forge digital signatures. As a result, developers need to
use strong cryptographic algorithms and techniques that are designed to be resistant to
birthday attacks, such as message authentication codes and hash-based message
authentication codes.

1. Viruses – A Virus is a malicious executable code attached to another

executable file. The virus spreads when an infected file is passed from
system to system. Viruses can be harmless or they can modify or delete
data. Opening a file can trigger a virus. Once a program virus is active, it
will infect other programs on the computer.
2. Worms – Worms replicate themselves on the system, attaching
themselves to different files and looking for pathways between computers,
such as computer network that shares common file storage areas. Worms
usually slow down networks. A virus needs a host program to run but
worms can run by themselves. After a worm affects a host, it is able to
spread very quickly over the network.
3. Trojan horse – A Trojan horse is malware that carries out malicious
operations under the appearance of a desired operation such as playing
an online game. A Trojan horse varies from a virus because the Trojan
binds itself to non-executable files, such as image files, and audio files.
4. Ransomware – Ransomware grasps a computer system or the data it
contains until the victim makes a payment. Ransomware encrypts data in
the computer with a key that is unknown to the user. The user has to pay
a ransom (price) to the criminals to retrieve data. Once the amount is paid
the victim can resume using his/her system
5. Adware – It displays unwanted ads and pop-ups on the computer. It
comes along with software downloads and packages. It generates
revenue for the software distributer by displaying ads.
6. Spyware – Its purpose is to steal private information from a computer
system for a third party. Spyware collects information and sends it to the
hacker.
7. Logic Bombs – A logic bomb is a malicious program that uses a trigger
to activate the malicious code. The logic bomb remains non-functioning
until that trigger event happens. Once triggered, a logic bomb implements
a malicious code that causes harm to a computer. Cybersecurity
specialists recently discovered logic bombs that attack and destroy the
hardware components in a workstation or server including the cooling
 fans, hard drives, and power supplies. The logic bomb overdrives these
devices until they overheat or fail.
8. Rootkits – A rootkit modifies the OS to make a backdoor. Attackers then
use the backdoor to access the computer distantly. Most rootkits take
advantage of software vulnerabilities to modify system files.
9. Backdoors – A backdoor bypasses the usual authentication used to
access a system. The purpose of the backdoor is to grant cyber criminals
future access to the system even if the organization fixes the original
vulnerability used to attack the system.
10. Keyloggers – Keylogger records everything the user types on his/her
computer system to obtain passwords and other sensitive information and
send them to the source of the keylogging program.
 Type
 What It Does
 Real-World Example
 Ransomware
 Disables victim's access to data until ransom is paid
 RYUK
 Fileless Malware
 Makes changes to files that are native to the OS
 Astaroth
 Spyware
 Collects user activity data without their knowledge
 DarkHotel
 Adware
 Serves unwanted advertisements
 Fireball
 Trojans
 Disguises itself as desirable code
 Emotet
 Worms
 Spreads through a network by replicating itself
 Stuxnet
 Rootkits
 Gives hackers remote control of a victim's device
 Zacinlo
 Keyloggers
 Monitors users' keystrokes
 Olympic Vision
 Bots
 Launches a broad flood of attacks
 Echobot
 Mobile Malware
 Infects mobile devices
 Triada
  Wiper Malware
 Erases user data beyond recoverability.
 WhisperGate
Syntactic attacks[edit]
Viruses[edit]
Main article: Computer virus

A virus is a self-replicating program that can attach itself to another program or file in order to
reproduce. The virus can hide in unlikely locations in the memory of a computer system and attach
itself to whatever file it sees fit to execute its code. It can also change its digital footprint each time it
replicates making it harder to track down in the computer.
Worms[edit]
Main article: Computer worm

A worm does not need another file or program to copy itself; it is a self-sustaining running program.
Worms replicate over a network using protocols. The latest incarnation of worms make use of known
vulnerabilities in systems to penetrate, execute their code, and replicate to other systems such as
the Code Red II worm that infected more than 259 000 systems in less than 14 hours. [36] On a much
larger scale, worms can be designed for industrial espionage to monitor and collect server and traffic
activities then transmit it back to its creator.
Trojan horses[edit]
Main article: Trojan horse (computing)

A Trojan horse is designed to perform legitimate tasks but it also performs unknown and unwanted
activity. It can be the basis of many viruses and worms installing onto the computer as keyboard
loggers and backdoor software. In a commercial sense, Trojans can be imbedded in trial versions of
software and can gather additional intelligence about the target without the person even knowing it
happening. All three of these are likely to attack an individual and establishment through emails, web
browsers, chat clients, remote software, and updates.
Semantic attacks[edit]
Semantic attack is the modification and dissemination of correct and incorrect information.
Information modified could have been done without the use of computers even though new
opportunities can be found by using them. To set someone in the wrong direction or to cover your
tracks, the dissemination of incorrect information can be utilized.

Types of Cyber Attacks

A cyber-attack is an exploitation of computer systems and networks. It uses
malicious code to alter computer code, logic or data and lead to cybercrimes,
such as information and identity theft.

We are living in a digital era. Now a day, most of the people use computer
and internet. Due to the dependency on digital things, the illegal computer
activity is growing and changing like any type of crime.
Cyber-attacks can be classified into the following categories:

Web-based attacks
These are the attacks which occur on a website or web applications. Some of
the important web-based attacks are as follows-

1. Injection attacks

It is the attack in which some data will be injected into a web application to
manipulate the application and fetch the required information.

Example- SQL Injection, code Injection, log Injection, XML Injection etc.

2. DNS Spoofing

DNS Spoofing is a type of computer security hacking. Whereby a data is

introduced into a DNS resolver's cache causing the name server to return an
incorrect IP address, diverting traffic to the attacker?s computer or any other
computer. The DNS spoofing attacks can go on for a long period of time
without being detected and can cause serious security issues.

3. Session Hijacking

It is a security attack on a user session over a protected network. Web

applications create cookies to store the state and user sessions. By stealing
the cookies, an attacker can have access to all of the user data.

4. Phishing

Phishing is a type of attack which attempts to steal sensitive information like

user login credentials and credit card number. It occurs when an attacker is
masquerading as a trustworthy entity in electronic communication.

5. Brute force

It is a type of attack which uses a trial and error method. This attack
generates a large number of guesses and validates them to obtain actual
data like user password and personal identification number. This attack may
be used by criminals to crack encrypted data, or by security, analysts to test
an organization's network security.
6. Denial of Service

It is an attack which meant to make a server or network resource unavailable

to the users. It accomplishes this by flooding the target with traffic or
sending it information that triggers a crash. It uses the single system and
single internet connection to attack a server. It can be classified into the
following-

Volume-based attacks- Its goal is to saturate the bandwidth of the

attacked site, and is measured in bit per second.

Protocol attacks- It consumes actual server resources, and is measured in

a packet.

Application layer attacks- Its goal is to crash the web server and is
measured in request per second.

7. Dictionary attacks

This type of attack stored the list of a commonly used password and
validated them to get original password.

8. URL Interpretation

It is a type of attack where we can change the certain parts of a URL, and
one can make a web server to deliver web pages for which he is not
authorized to browse.

9. File Inclusion attacks

It is a type of attack that allows an attacker to access unauthorized or

essential files which is available on the web server or to execute malicious
files on the web server by making use of the include functionality.

10. Man in the middle attacks

It is a type of attack that allows an attacker to intercepts the connection

between client and server and acts as a bridge between them. Due to this,
an attacker will be able to read, insert and modify the data in the intercepted
connection.

System-based attacks
These are the attacks which are intended to compromise a computer or a
computer network. Some of the important system-based attacks are as
follows-

1. Virus

It is a type of malicious software program that spread throughout the

computer files without the knowledge of a user. It is a self-replicating
malicious computer program that replicates by inserting copies of itself into
other computer programs when executed. It can also execute instructions
that cause harm to the system.

2. Worm

It is a type of malware whose primary function is to replicate itself to spread

to uninfected computers. It works same as the computer virus. Worms often
originate from email attachments that appear to be from trusted senders.

3. Trojan horse

It is a malicious program that occurs unexpected changes to computer

setting and unusual activity, even when the computer should be idle. It
misleads the user of its true intent. It appears to be a normal application but
when opened/executed some malicious code will run in the background.

4. Backdoors

It is a method that bypasses the normal authentication process. A developer

may create a backdoor so that an application or operating system can be
accessed for troubleshooting or other purposes.

5. Bots

A bot (short for "robot") is an automated process that interacts with other
network services. Some bots program run automatically, while others only
execute commands when they receive specific input. Common examples of
bots program are the crawler, chatroom bots, and malicious bots.