6 most dangerous cyberattacks

TARWALA INSIYA Z.

T.Y.-C.E-1 110410107028

INDEX

1) INTRODUCTION2) CRYPTOLOCKER3) SPEAR PHISHING4) TIMTHUMB ATTACK5) MANIPULATING BEEF TOOLKIT6) SEO POISONING7) PHISHING + SOCIAL ATTACK

Cyber-attack is any type of offensive maneuver employed by individuals or whole organizations that targets computer information systems, infrastructures, computer networks, and personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system.

These can be labelled as either cyberwarfare or cyberterrorism in different context. Cyber-attacks can range from installing spyware on a PC to attempts to destroy the infrastructure of entire nations.

Cyber-attacks have become increasingly sophisticated and dangerous and a preferred method of attacks against large groups by attackers.

INTRODUCTION

CryptoLocker

The CryptoLocker virus can be a lethal one-two punch: It seizes control of your computer files and threatens to erase them unless you pay a ransom.

Cybercriminals email you a PDF attachment. If you open the attachment, it installs malware on your hard drive that lets hackers access your computer files. The files are then encrypted and you're unable to access them.

Within two days, the hackers will email saying if you don't pay up, your documents will be deleted.

Attackers typically demand payment via hard-to-trace Bitcoin -- a virtual currency -- and not in cash or credit card.

Small businesses are particularly vulnerable to this attack because many haven't adequately protected file-sharing between employees.So if one employee's computer is compromised, then every document that the company owns can be locked.

Spear Phishing

Spear Phishing is a targeted attack using emails that look like they're from someone in your company or a commonly used business.

So instead of an email from a random bank about your non-existent account, hackers send an email that looks like it's from the HR office in your firm or a service like Groupon or Travelocity.

If you click the link in the email, it takes you to a fake page, and hackers are able to attach malware to your browser.They'll verify your email address and check your browser history.

If you logged into your online bank account just prior to the attack, for example, cybercriminals might send a fraudulent email saying you need to change your password for security reasons. Now they've just captured your banking information.

Additionally, hackers can use your online activity to determine which social networks you use and where you shop most frequently, and then send more phishing emails that look like they've originated from those sites.

Timthumb attack

In this attack, hackers exploit a security flaw in a popular file used by Wordpress and other website-building platforms to crop and resize images ("Timthumb.php," thus the name).

Hackers use the security hole to install malicious code or files into a website or server. From there, they can launch spear phishing campaigns and denial-of-service attacks -- where hackers overwhelm a website's server by flooding it with requests, making the site unresponsive.

Timthumb attacks have hit millions of websites over the last two years, most of which have been small businesses.

Business owners often don't even know that their sites have been infected because it works silently, adding that the security flaw can be fixed with a patch.

By then, the damage has been done. Moreover, an infected website that's launching DoS attacks also runs the risk of being blacklisted by Google.

Manipulating BeEf Toolkit

BeEF Toolkit, short for Browser Exploitation Framework, is software that experts use to test the security of a firm's network. But cybercriminals can also use it to steal trade secrets or financial information from unsuspecting businesses.

Hackers will send a carefully crafted phishing email with a malicious link. When the link is clicked on, it activates the BeEF Toolkit software, which hooks on to your browser and allows hackers to shadow your activity.

Hackers are then able to see your most-visited websites, your searches and your other online activity without you knowing it. In some cases, cybercriminals can also inject malware that sniffs for passwords on the computer.

Most small businesses aren't aware that patches exist to fix these loopholes. So Businesses need to become more aggressive about securing their browsers.

SEO poisoning

SEO begins with hackers isolating keywords that are generating buzz on Google and other search engines. They then create malicious URLs about this topic so that search engines will index it alongside other results.

Suppose thousands of people are Googling "Miley Cyrus." In this attack, cybercriminals would create dummy websites about her that are loaded with malware.

If you're searching for Miley and unwittingly click on one of these links, the malware could be used to hack into your computer or install spyware.

There's another risk to small businesses. Because SEO poisoning floods search results with bad links, it could push legitimate results down.

Suppose you sell Miley Cyrus T-shirts online and you're expecting an uptick in business when "Miley Cyrus" is a hot search trend, But with so many bad results that come up, people might not even get to [your] link.

Phishing + social attack

Hackers have upped the ante with this targeted attack, using personal phone calls in addition to traditional emails.

It begins as a regular phishing email to people with financial roles, such as an accountant or a CFO.

The scary part is that even if you think the email is suspicious and don't click on it, you haven't escaped the attack.

The criminals pretend to be a vendor of the [targeted] company and will convince you that you have a payment due on an old invoice. The victim gets a follow-up email with an attachment disguised as the invoice.

If you click on the attachment, it will install malware on your computer. Then the hackers can get information such like the login and password for bank accounts and steal funds.

THANK YOU