Types of Cyber Attacks

-

Types of Cyber Attacks


There are several effective methods for disrupting computer systems. We are talking of a method known as cyber attack, or computer network attack , which uses malicious computer code to disrupt computer processing, or steal data. 
A brief description of three different methods are shown here. However, as technology changes, future distinctions between these methods may begin to blur.
An attack against computers may be targeted or un-targeted
(i) disrupt equipment and hardware reliability, (ii) change processing logic, or (iii) steal or corrupt data. The methods discussed here are chosen based on the technology asset against which each attack mode is directed, and the effects each method can produce. The assets affected or effects produced can sometimes overlap for different attack methods. 

  • Conventional kinetic weapons can be directed against computer equipment, a computer facility, or transmission lines to create a physical attack that disrupts the reliability of equipment. 
  • The power of electromagnetic energy, most commonly in the form of an electromagnetic pulse (EMP), can be used to create an electronic attack (EA) directed against computer equipment or data transmissions. By overheating circuitry or jamming communications, EA disrupts the reliability of equipment and the integrity of data. 
  •  Malicious code can be used to create a cyber attack, or computer network attack , directed against computer processing code, instruction logic, or data. The code can generate a stream of malicious network packets that can disrupt data or logic through exploiting a vulnerability in computer software, or a weakness in the computer security practices of an organization. This type of cyber attack can disrupt the reliability of equipment, the integrity of data, and the confidentiality of communications.
Un-targeted attacks
 In un-targeted attacks, attackers indiscriminately target as many devices, services or users as possible. They do not care about who the victim is as there will be a number of machines or services with vulnerabilities. To do this, they use techniques that take advantage of the openness of the Internet, which include:

  • phishing - sending emails to large numbers of people asking for sensitive information (such as bank details) or encouraging them to visit a fake website 
  •  water holing - setting up a fake website or compromising a legitimate one in order to exploit visiting users 
  •  ransomware - which could include disseminating disk encrypting extortion malware 
  •  scanning - attacking wide swathes of the Internet at random

WHO MIGHT BE ATTACKING YOU? 
States, states sponsored hackers or cyber criminals interested in making money through fraud or from the sale of valuable information. Industrial competitors and foreign intelligence services, interested in gaining an economic advantage for their companies or countries. Hackers who find interfering with computer systems an enjoyable challenge. Hacktivists who wish to attack companies for political or ideological motives. Employees, or those who have legitimate access, either by accidental or deliberate misuse. 

Stages of an attack 
A number of attack models describe the stages of a cyber attack (the Cyber Kill Chain® produced by Lockheed Martin is a popular example ). 
Simplified model that describes the four main stages present in most cyber attacks: 

  • Survey - investigating and analysing available information about the target in order to identify potential vulnerabilities 
  •  Delivery - getting to the point in a system where a vulnerability can be exploited 
  •  Breach - exploiting the vulnerability/vulnerabilities to gain some form of unauthorised access 
  •  Affect - carrying out activities within a system that achieve the attacker’s goal Survey Attackers will use any means available 
Cyber Attacks Allegedly Targeted Power Stations in Ukraine 
A cyber attack last month in Ukraine caused a significant portion of the
country's power grid to go offline. 
This attack, if verified, is a window into the future of cyber warfare.  At the start of any modern military campaign, a primary objective of the aggressor is to "take out power and communications" by
blowing up power plants and communications hubs. This is a top priority because, once power and communications are disabled, a country's ability to coordinate defense and mount counter attacks is severely disabled.
Cyber weapons can be pre-positioned inside power companies to do the job of a missile, before a nation even knows it is under attack. U.S. Power Systems' computers have been breached and infected first by Russian hackers and later by other adversaries. Some of the malware they installed is likely still in place and being updated as more attackers attempt to gain control.

Comments

Post a Comment

Popular posts from this blog

What to do when police does not take your FIR?

-
Image
What to do when FIR is not taken by the Police ? A First Information Report is the first legal document that initiates criminal proceedings. The first information received about the commission of a cognizable offense has to be noted down by a Police Officer. It is called as  First Information Report under Section 154 of CRPC. Cognizable and Non-Cognizable Offences: Cognizable offences  are offences where the police can arrest the accused without any warrant. In such offences, the police can Suo-moto take cognizance of the offence and it does not require any sanction from the court in order to begin the investigation. On the other hand,  Non-Cognizable  offences are those in which police cannot make an arrest without taking prior assent from the court. Schedule I of the Criminal Procedure Code clearly distinguishes which offenses are cognizable and which are not. According to section 154(1) of the Criminal Procedural Code,  an FIR can be filed only in cognizable offenses.  Schedule 1 of
Read more

Consumer Dispute resolution under the Telecom Act 2023

-
Image
The Telecommunications Act of 2023 has strengthened the dispute resolution framework by introducing an online grievance redressal system. The aim is to expedite the resolution of conflicts between telecommunications companies and consumers while ensuring transparency in the redressal process. Following an inquiry, a telecom company found violating license or service terms may incur severe penalties, spectrum holdings cancellation, service restrictions, or even be prohibited from providing telecom services, depending on the seriousness of the breach.  How does the online grievance redressal system operate, and who plays key roles?   An Adjudicating Officer (AO), appointed by the Centre and not below the rank of joint secretary, will conduct inquiries to resolve disputes between telecom service providers and consumers. Additionally, a separate Designated Appeals Committee (DAC) will be formed, consisting of officers at the rank of additional secretaries. Individuals dissatisfied with an
Read more

Police Closure Report in Cyber Crime cases

-
Police Closure Reports after investigation in cyber crime cases : 1. Art 21 of the Constitution guarantees fundamental right to life and personal liberty. This article of Constitution has been interpreted by the Judiciary with widest amplitude so as to include several other rights such as right to food and shelter, and other rights and most importantly the right to fair trial which includes the right to fair investigation. In Anbaizhagan’s case, the apex court observed that, ‘if the criminal trial is not free and fair and not free from bias the judicial fairness and the criminal justice system would be at stake, shaking the confidence of the public in the system and woe would be the rule of law’, 1 Trial should be fair to all concerned and ‘denial of fair trial is as much an injustice to the accused as is to the victim and the society. 2 2. The right to fair trial includes ‘Fair Investigation’, 3 Fair trial and fair investigation are pre-requisites to get justice which the parties de
Read more