Cyber Security

Protecting computer networks and systems from theft, damage, or misdirection is called “cyber security.” This includes protecting hardware, software, and electronic data, as well as the disruption or misdirection of the services provided by the networks and systems.

The primary goal of cyber security is to secure devices such as smartphones, laptops, tablets, computers, and other similar devices, as well as the services they provide, from theft or destruction. Because electronic devices such as smartphones, laptops, and the Internet are becoming more and more common, cyber security is becoming increasingly crucial in everyday life. As a result, it is now more vital than ever to take precautionary measures to keep cyber criminals from gaining access to our accounts, data, and services. Furthermore, for government agencies, cybersecurity has proven to be a critical investment. Government agencies now have new methods to work, communicate with citizens, and improve overall operations thanks to technology.

Cybercrime

• They are criminal offences that can be committed against persons, businesses, or institutions through the use of the internet, computers, or mobile technologies, among other means
• A cybercrime is a type of crime that involves the use of computers and networks. A wide range of acts, from unlawfully downloading music files to stealing money from online bank accounts, are included in this classification
• Non-monetary offences are also included in the scope of cybercrime
• Employment frauds, defamation of an individual on social media, matrimonial frauds, the theft and misuse of sensitive personal data (Aadhaar numbers, credit/debit card numbers, bank account credentials and so on), and the distribution of computer viruses are examples of what is included in this category, among others

Categories of Cybercrime

Individual cybercrime, property cybercrime, and government cybercrime are the three basic categories into which cybercrime falls. The types of approaches that are utilised, as well as the levels of complexity, differ based on the category.

• Property: This is analogous to a criminal illegally holding a person’s bank or credit card details. The hacker takes a person’s bank details to steal money, make online purchases, or execute phishing scams to collect people’s information. They could even employ malicious software to access a secure web page
• Individual: This type of cybercrime includes one person spreading malicious or unlawful content online. This includes cyberstalking, pornography, and human trafficking
• Government: Cybercrime perpetrated against the government is regarded as an attack on the sovereignty of the nation in which it was done. Hacking, gaining access to secret information, cyber warfare, cyber terrorism, and the use of pirated software are all examples of cybercrimes committed against the government

Types of Cyber Attacks

Exploit kits:

• To take control of a user’s computer, exploit kits need a vulnerability (software issue)
• Criminals can buy them online and use them against anyone with a computer
• The exploit kits are available on dark web hacker sites and are routinely updated

Online scams:

• These frequently come in the shape of adverts or spam emails with unrealistic reward or money offers
• Online scams include “too good to be true” offers that when clicked might enable malware to interfere and compromise data

Illegal/Prohibited content:

• This cybercrime involves offenders exchanging and spreading unpleasant and offensive content
• Offensive content includes adult sexual behaviour, violent videos, and criminal activity 
• Illegal content includes terrorism-related content and child exploitation stuff
• This type of content appears on both the public and dark webs

Phishing:

• Phishing is a sort of identity theft that focuses on users unknowingly providing personal information or details that can be used for malicious reasons. It is frequently accomplished by creating a phoney website, email, or text message purporting to represent a legitimate business
•  A scammer might use a fake website that looks like the real website on the surface. Personal information, such as social security numbers, account numbers, login IDs and passwords, may be sent to this site by visitors who think they are talking to a real business. This site is not safe. The scammers then use the information people give them to steal their money, identity, or both, or to sell it to other criminals

 PUPs:

• PUPS, or Potentially Unwanted Programs, are a type of malware. Malware is malicious software that is meant to harm or destroy computers and computer systems. The term “malware” is an abbreviation for “malicious software”
• Bundled or junkware software often contains the PUP malware, which is also known as a Potentially Unwanted Application (PUA), as well as junkware and bundleware itself. The user may not be aware that unwanted programmes have been installed
• They may contain spyware or adware, thus installing antivirus software is advised

Cyberstalking:

• Cyberstalking is defined as the act of harassing and intimidating a chosen victim over the internet or other electronic methods
• Cyberstalkers typically use social media, websites, and search engines to frighten and terrify users

Identity Theft:    

• When criminals steal a victim’s personal information in order to carry out their crimes, this is known as identity theft. Using this stolen information, a criminal assumes the identity of the victim and engages in a variety of fraudulent acts on their behalf
• Identity theft is committed by cyber thieves through the use of sophisticated cyber assault strategies such as social engineering, phishing, and malicious software. Fraudulently obtained mail, dumpster diving, and listening in on phone calls in public places are all examples of rudimentary strategies used by thieves to steal identities
• The ultimate goal of many cyber attacks is to steal enough information about a target that the attacker can use that information to assume their identity and commit fraudulent activities on their behalf. The unfortunate reality is that most people are only made aware of their identity theft when they seek to establish a bank account or apply for a job, receive a call from a collection agency, or request a replacement credit card

Botnets:

• Botnets are compromised computer networks controlled remotely by hackers
• A botnet attack is a sort of cyber attack that is carried out by a number of internet-connected devices that are under the direction of an evil actor. Botnets are nothing more than a collection of connected gadgets
• The network is used for cyber attacks when cyber thieves introduce malware into the network in order to control them as a group as part of a coordinated effort  

DDoS Attacks:

• When a server, service, or network is the target of a distributed denial-of-service (DDoS) attack, a flood of internet traffic is sent in an attempt to interrupt normal traffic  
• Malware on users’ PCs creates large networks of compromised devices known as Botnets
•  Infected servers and networks can experience a denial-of-service attack as a result of the botnet sending requests to the IP address of the targeted servers and networks
• It can be difficult to tell attack traffic apart from typical Internet traffic because each bot is a valid Internet device

MITM Attacks:

• The term “man in the middle” (MITM) refers to an assault in which a perpetrator places himself in the middle of a communication between a user and an application in order to listen in or to mimic one of the participants, giving the impression that regular information flow is taking place
• Personal information, such as passwords, account information, and credit card numbers, is the primary objective of an attack. Users of financial apps, SaaS enterprises, e-commerce sites, and other websites where signing in is required are often targeted

National Cyber Security Strategy 2020

• The government plans to release the National Cyber Security Strategy 2020 in 2020
• India’s digital economy is quickly increasing, and technology is being adopted everywhere. According to a McKinsey Global Institute report, India is the world’s second-fastest digital adapter out of 17 digital economies  
• It is the goal of the National Cyber Security Strategy 2020 to increase cyber awareness and cybersecurity by implementing more strict auditing procedures. Organisations’ security features will be scrutinised more thoroughly by cyber auditors appointed by the government than is currently required by law
• Table-top cyber crisis management exercises will be conducted on a frequent basis to promote the idea that cyber attacks can occur on a regular basis

Attack on Kudankulam Power Plant

• In September 2019, the NPCIL admitted to a malware attack on one of the systems of the Kudankulam nuclear power project in Tamil Nadu
• There have been at least 30 documented daily cyber-attacks on India’s electricity sector, including the discovery of malicious software in NPCIL’s system
• NPCIL was attacked by Dtrack malware
• Indications of a targeted attack include hardcoded credentials for KNPP’s internal network
• Azeroth virus was linked to North Korea’s Lazarus Group

Conclusion

The worldwide cyber threat is evolving rapidly, with more data breaches every year. The most common targets were medical services, retailers, financial sector and government agencies, among others. However, every organisation that uses networks might be attacked for customer data, corporate espionage, or customer strikes. Using strong passwords is effective in mitigating cybersecurity threats. Other measures include controlling access, putting up a firewall, using security software, updating programs and systems regularly apart from consistent monitoring of intrusion.