Introduction About The Cyber Attacks And What They Do

Why do cyber-attacks happen?

• In addition to cybercrime, cyber attacks can also be associated with cyber warfare or cyber terrorism, like hacktivists. Motivations can vary, in other words. And in these motivations, there are three main categories: criminal, political, and personal.
   
• Criminally motivated attackers seek financial gain through money theft, data theft, or business disruption. Likewise, the personally motivated, such as disgruntled current or former employees, will take money, data, or a mere chance to disrupt a company's system. However, they primarily seek retribution. Socio-political motivated attackers seek attention for their causes. As a result, they make their attacks known to the public-also known as hacktivism.

Other cyber-attack motivations include espionage, spying-to gain an unfair advantage over competitors-and intellectual challenge.

Who is behind cyber attacks?

• Criminal organizations, state actors, and private persons can launch cyberattacks against enterprises. One way to classify cyber-attack risks is by outsider versus insider threats.

Outsider threats
External cyber threats include:

• Organized criminals or criminal groups
• Professional hackers, like state-sponsored actors
• Amateur hackers, like hacktivists

Insider threats
Insider threats are users who have authorized and legitimate access to a company's assets and abuse them either deliberately or accidentally. They include:

• Employees careless of security policies and procedures
• Disgruntled current or former employees
• Business partners, clients, contractors, or suppliers with system access

What do cyber attackers target?

Cyberattacks happen because organizations, state actors, or private persons want one or many things, like:

• Business financial data
• Clients lists
• Customer financial data
• Customer databases, including personally identifiable information (PII)
• Email addresses and login credentials
• Intellectual property, like trade secrets or product designs
• IT infrastructure access
• IT services, to accept financial payments
• Sensitive personal data
• US government departments and government agencies

What can cyber attacks do?

If successful, cyber-attacks can damage enterprises. They can cause valuable downtime, data loss or manipulation, and money loss through ransoms. Further, downtime can lead to major service interruptions and financial losses.

For example:

• DoS, DDoS, and malware attacks can cause system or server crashes.
• DNS tunneling and SQL injection attacks can alter, delete, insert or steal data into a system.
• Phishing and zero-day exploit attacks allow attackers entry into a system to cause damage or steal valuable information.
• Ransomware attacks can disable a system until the company pays the attacker a ransom.

As an illustration, DarkSide, a ransomware gang, attacked Colonial Pipeline, a large US refined products pipeline system, on April 29, 2021. Through a virtual private network (VPN) and compromised password (link resides outside of ibm.com), this pipeline cyberattack gained entry into the company's networks and disrupted pipeline operations.

In effect, DarkSide shut down the pipeline that carries 45% of the gas, diesel, and jet fuel supplied to the US east coast. They soon followed their shutdown with a ransom note, demanding almost USD 5 Million Bitcoin cryptocurrency, which Colonial Pipeline paid, (link resides outside of ibm.com).

After all, Colonial Pipeline hired a third-party cybersecurity firm and informed federal agencies and US law enforcement. USD 2.3 million of the ransom paid was recovered.

Types Of Cyber-Attacks In India

1. Ransomware
   Ransomware is a malware designed to use encryption to force the target of the attack to pay a ransom demand. Once present on the system, the malware encrypts the user's files and demands payment in exchange for the decryption key. Since modern encryption algorithms are unbreakable with the technology available, the only way to recover the encrypted files is to restore the data from a backup (if available) or to pay the ransom demand.
   
   Ransomware has become one of the most visible and prolific types of malware, and the COVID-19 pandemic provided an environment in which this type of malware has thrived. In recent years, some ransomware variants have also evolved to perform "double extortion" attacks. Maze, Sodinokibi/REvil, Doppler Paymer, Nemty, and other ransomware variants steal copies of files before encryption, threatening to breach them if the user refuses to pay the ransom demand. While this trend began in late 2019 with Maze, it has continued to grow as more groups adopted it throughout 2020.
    
2. Malware
   Ransomware is a type of malware but far from the only type. Malware comes in a variety of different forms and can be used to achieve several different objectives. Malware variants may be designed to do anything from collecting and stealing sensitive information to presenting unwanted ads to causing permanent damage to an infected machine.
   The most common types of malware vary from one year to another as different types of attacks become more or less profitable to attackers.
   
   In 2020, the most common forms of malware include:
   
   • Cryptominers:
     Malware that uses the victim's computer to mine cryptocurrency and make a profit for the attacker.
      
   • Mobile Malware:
     Malware targeting mobile devices, including malicious applications and attacks exploiting SMS and social media apps.
      
   • Botnet Malware:
     Malware that infects a system and adds it to a botnet, where it participates in cyberattacks and other illegal activity under the command of the botnet controller.
      
   • Info stealers:
     Malware that collects sensitive information from an infected computer and sends it to the malware operator.
      
   • Banking Trojans:
     Malware that specifically targets financial information and attempts to steal banking website credentials and similar information.
      
   • Ransomware:
     Malware that encrypts the files on a user's computer and demands payment for the decryption key.
     
      
3. Fileless Attacks
   Antivirus solutions commonly attempt to detect malware on a device by inspecting each file on the device for signs of malicious content. Fileless malware attempts to bypass this approach to threat detection by not using a file. Instead, the malware is implemented as a set of commands to functions that are built into the infected computer. This enables the malware to achieve the same objectives but can make it harder to detect for some defensive solutions.
   
   The main differentiator of fileless malware is its lack of files; it performs many of the same functions as traditional malware. For example, FritzFrog � a fileless peer-to-peer (P2P) botnet malware detected in August-2020 � is designed to infect systems and mine cryptocurrency.
    
4. Phishing
   Phishing is one of the most common methods that attackers use to gain access to a target system. Often, it is easier to trick a user into clicking on a malicious link or opening an attachment than it is to locate and successfully exploit a vulnerability in an organization's network. Phishing attacks can achieve a variety of goals, including credential theft, malware delivery, financial fraud, and theft of sensitive data.
   
   Phishing has historically been the most common method for cyberattackers to launch a campaign due to its ease of use and high success rate. During the COVID-19 pandemic, this trend only accelerated as cybercriminals took advantage of employees working from outside the office and the climate of uncertainty regarding the virus.
   
   The COVID-19 pandemic also amplified the effect of common phishing lures. For example, Black Friday and Cyber Monday are commonly exploited pretexts for phishers, and the rise in online shopping due to COVID-19 made it especially effective in 2020. As a result, the volume of phishing emails doubled in the weeks leading up to Black Friday and Cyber Monday compared to the beginning of the previous month.
    
5. Man-in-the-Middle (MitM) Attack
   Many network protocols are protected against eavesdroppers by encryption, which makes the traffic impossible to read. A Man-in-the-Middle (MitM) attack bypasses these protections by breaking a connection into two pieces. By creating a separate, encrypted connection with the client and the server, an attacker can read the data sent over the connection and modify it as desired before forwarding it to its destination.
   
   MitM attacks can be defeated using protocols like HTTPS. However, the rise of mobile makes this a more dangerous attack vector. Mobile apps provide little or no visibility to their users regarding their network connections and maybe use insecure protocols for communication that are vulnerable to MitM attacks.
    
6. Malicious Apps
   Many organizations focus their cybersecurity efforts on computers, but mobile devices are a growing threat to an organization's cybersecurity. As employees increasingly use mobile devices to do their work and access sensitive company data, malicious mobile applications are increasingly dangerous. These applications can do anything that desktop malware can, including stealing sensitive data, encrypting files with ransomware, and more.

In 2020, mobile malware was the second most common type of malware worldwide. The most common mobile malware variants � including helper, PreAMp, and Necro � are all Trojans with additional functionality, including ad fraud and click fraud. Mobile malware commonly takes advantage of vulnerabilities in mobile operating systems, like the remote code execution (RCE) vulnerability fixed in a batch of 43 Android Patches in January 2021.

Inside the Top Cyber Threats
Cybercriminals are constantly innovating, and the top cyber threats that organizations face change regularly as attackers adapt to changing circumstances.

Beyond the Top Threats
This list of top threats is not exhaustive and does not cover all active threats to access cybersecurity. Examples of other common cybersecurity threats include:

• DNS Tunneling
• DNS Spoofing
• SQL injection
• Jailbreaking and Rooting
• OS exploits

How does the Cyber Kill Chain Works?
There are several core stages in the cyber kill chain. They range from reconnaissance (often the first stage in a malware attack) to the lateral movement (moving laterally throughout the network to get access to more data) to data exfiltration (getting the data out). All of your common attack vectors � whether phishing or brute force or the latest strain of malware � trigger activity on the cyber kill chain.

Reconnaissance
The observation stage: attackers typically assess the situation from the outside-in, to identify both targets and tactics for the attack, they make this list, not specifically, but they almost target their next fish to be caught up in their trap.

Intrusion
Based on what the attackers discovered in the reconnaissance phase, they're able to get into your systems: often leveraging malware or security vulnerabilities and through this, they can tack up your information and discover or can explore your website check or findings of articles, etc.

Exploitation
The act of exploiting vulnerabilities, and delivering malicious code onto the system, to get a better foothold on what they were trying to catch up into your system so that they can further ahead collect your information.

Privilege Escalation
Attackers often need more privileges on a system to get access to more data and permissions: for this, they need to escalate their privileges often to an Admin this can work more on the admin of some of the groups like on telegram or WhatsApp to get the whole of information to either defame your group or something like that.

Lateral Movement
Once they're in the system, attackers can move laterally to other systems and accounts to gain more leverage: whether that's higher permissions, more data, or greater access to systems.

Obfuscation / Anti-forensics
To successfully pull off a cyberattack, attackers need to cover their tracks, and in this stage, they often lay false trails, compromise data, and clear logs to confuse and/or slow down any forensics team.

Denial of Service
Disruption of normal access for users and systems, to stop the attack from being monitored, tracked, or blocked.

Exfiltration
The extraction stage: getting data out of the compromised system.

Cyber Attacks Data Breaches In India

SIM Swap Fraud
In August 2018, two men from Navi Mumbai were arrested for cybercrime. They were involved in fraudulent activities concerning money transfers from the bank accounts of numerous individuals by getting their SIM card information through illegal means.

These fraudsters were getting the details of people and were later blocking their SIM Cards with the help of fake documents post which they were carrying out transactions through online banking.

They were accused of transferring 4 crore Indian Rupees effectively from various accounts. They even dared to hack the accounts of a couple of companies.

Prevention: The information required for such a scheme is gathered via various public domains and is misused later. Sharing personal information with unknown applications and domains can help in minimizing the risk of having your personal information reaching people with malicious content.

Fraudsters use the victim's information in various scams and trick them into fraudulent activities. It is advisable therefore that the site where the individual is entering his banking or other details should be verified for authenticity, as scammer uses the fake site to get the information directly from prospective victims

Provisions Of Law And Acts Under The Indian Legal System:

Indian Penal Code On Cyber Terrorism:

• Section 292 of IPC
• Section 354C of IPC
• Section 354D of IPC

Acts Under The Information And Technology Act, 2000:

1. Hacking and Data Theft: Sections 439 (h) and 66 of the IT Act
2. Tampering with Computer Source Document: Section 65 of the IT Act
3. Receipt of Stolen Property: Section 66B of the IT Act
4. Identity Theft and Cheating by Personation: Section 66C of the IT Act.
5. Section 66D of the IT Act
6. Violation of Privacy: Section 66E of the IT Act
7. Obscenity: Sections 67, 67A, and 67B of the IT Act
8. Cyber Terrorism: Section 66F of the IT Act
9. Section 419
10. Section 420 of IPC
11. Section 468 of IPC
12. Section 469 of IPC
13. Section 500 of IPC
14. Section 504 of IPC
15. Section 506 of IPC
16. Section 509 of IPC

Cyber Crimes Under Special Acts

• Online sale of Drugs under Narcotic Drugs and Psychotropic Substances Act
• Online sale of Arms under Arms Act

Other cyber laws in India
Apart from The Information Technology Act 2000 and the Indian Penal Code 1860, there are various other laws relating to cybercrime in India. There are many civil laws as well as Tort laws related to the same. They are as follows:

• Common law (governed by the general principles of law)
• The Information Technology (Amendment) Act, 2008 and 2009
• The Information Technology (Removal of difficulties) Order, 2002
• The Information Technology (Certifying Authorities) Rules, 2000
• The Information Technology (Certifying Authorities) Regulations, 2001
• The Information Technology (Securities Procedure) Rules, 2004
• The Bankers` Book Evidence Act, 1891
• The Reserve Bank of India Act, 1934
• Various laws relating to IPRs

Applicability of IT Act and IPC both in Cybercrime
Now, the greatest ambiguity ever relating to the applicability of both Information and Technology Act, 2000 and Indian Penal Code, 1860 simultaneously in the Cyber Crimes is prevalent these days also in front of Hon'ble Judiciary. The ambiguity was resolved by the Hon'ble High Court of Bombay on 6 Nov 2018 which explicitly delivered its Judgment, in the case of Data Theft being lodged by a Kolhapur-based company that develops software for the hospital management against its employees alleging data theft resulting in wrongful losses to the Company. The provisions of IPC for the crime of cheating, breach of trust, and theft were invoked, even when it was in purview, and were also tried under Section 43 and Section 66 of the IT Act.

The High Court highly relied on the decision of Hon'ble Supreme Court of India in the famous case of Sharat Babu Digumar v. NCT of Delhi, and said that "Prosecuting the petitioners under the both IPC and IT Act would be a brazen violation of protection against the double jeopardy, and we are also having a special law in the form of IT Act for specifically curbing and preventing the cyber crimes, in such circumstances prosecution under both the laws for the same offense is unconstitutional."

Even on 24 March 2015 the Hon'ble Supreme Court of India, gave a verdict striking-off Section 66-A of the Information and Technology Act, 2000 as unconstitutional in its entirety. It was done due to its massive misuse by the Investigating Authorities against innocent individuals.

Recently Hon'ble High Court of Bombay also ruled that the Admins of the Whatsapp Groups cannot be held liable for posting any fake or obscene messages by the members in the group under Section 66-A of the IT Act, 2000 as they cannot be punished for the offense which they haven't committed, however giving instant reaction or removing the member immediately from the Group, or enable only admin can post feature is obligatory on the Admin to justify his bonafide intention in the eyes of law.

The second wave of the pandemic has hit India hard from a cybersecurity perspective. There has been a rise in recent cyber-attacks in India in 2021, with cybercriminals taking advantage of the situation and finding new ways to breach data. If we analyze the news of cyber-attacks in 2021, we will observe increased COVID-19 cyber threats and supply chain attacks.

Impact On The Society Because Of Cyber Attacks:

Cyber attacks in India have notably been a very serious and rising issue in India. This has been damaging society at the higher end. The main aim according to me of all these cyber attacks is to defame individuals for financial gains or for the satisfaction of one's revenge from that individual. Talking about gaining fast monetary or financial benefits is most likely to increase the threat of cyber attacks. These cyber attackers have a chain through which they follow up the steps and reach their targets.

These chains of cyber-attackers have a lot in common. The phishing type which is also a type of cyber-attack does not have any hard-core rule or section under which the criminals can get convicted and the aggrieved party may get relief but rather the Delhi High Court had made the act of Phishing illegal under the Indian Law. The cyberattack has risen massively in the past few years where the cases of bankrupts, defamation, cybercrimes, cyber terrorism, financial scams, illegally spoiling or violating the cyber-security were seen at the greater end.

The reason behind the cyberattacks is black money. The security given to the cyber branches and also to the computers in the corporate are at higher cost and security, but still, the cybercriminals are to be seen to trespass this boundary of security and to make their way through the computers to capture the information, especially any such person or company-related security information to defame the other person or the company. Many important files are seen to be leaked from the saved files they use the virus technology that is to be inserted inside the track of the computer so that they can get to the information which they want for their use.

Personal satisfaction and the other person's defamation of their image or about their company defamation is the main goal behind the cyber attacks in India especially. Society on the other hand plays a very important role. Whenever any such crimes take place or else occur in the society the people living in the society at large take it as massive destruction.

And according to me, any such irregular change which, is negative, especially crimes such as cyber-attacks negatively places the society, people's mentality changes according to the crimes which take place it places a negative impact on society, to this our legal system should take much stronger and unbiased decisions against any such crimes, so that there will be a lesser negative impact on people about this such crimes and more trust and support form the Judiciary, there are law firms who have special protection for such crimes so that their data which are gathered by them of their clients are not breached at any cost and also certain firms to this like the other firms can also take up this kind of security of inserting the SQL injection to their computers, or also to take up the IP's and IPE'S security.

Critical Evaluation:
Cyber attacks and cyber terrorisms are the activities that are enough to devastate one's life or property at a time, people nowadays have gone too far with technology, having smart gadgets, and to use those gadgets smartly and appropriately, people have now started to think to use theses gadgets not with a thought to gain information or use it for help but rather to torcher and disrupt people's life and their property, in the above research paper I have mentioned several phases and supply and kill chains of these cyber terrorists, which are menacing.

Before finding an appropriate solution for the said cyberattacks and maintaining your private data and information related to your property which may be of anything, let us see what are the defects which are modified as the loopholes where these attackers take a big turn and they are your android or IoS systems where you keep your information in some apps which thereafter take your passwords and details ahead for protecting such data, this is one of the biggest traps where the attackers take these steps into their data system in their computers and take your information, they have big connections and a hardcore knowledge of the Cyberworld through which they can heed your every activity on the Internet.

I think that the most critique of these are the apps that take advantage of your jitteriness while you are surfing. For instance when you are probably looking out for a research paper or for some of the information that you want to search or copy-paste from a website, now when you are doing this they will track your internet surfing and when you want to explore such information while you are on their tracking trap they may give you a notification which says accept this cookie for which due to your jitteriness you accept that cookie on the Internet, and now you are one of the fish caught up in their trap, these are called the Internet Cookie which are not really to buck up but rather these are the cookies which take up your information which you may want to pursue and then give it to the respective website, while this happens the hackers or attacker have a close watch out on their surf and when they catch you in their range it's simpler to get your information to hack the app through which your are taking up some information or posting something, they track your surfing due to the activity procedures and thereafter hack your apps.

Google sometimes while you are surfing on the Internet gives you an alarm for such websites which are not known or are unknown or dangerous but people still go out for such websites and get themselves track.

Fast Internet, Hyperness, low offline workload, and moving towards lightning speed technology has given rise to such problems and an easy way to gain more and more money and make pockets a gold treasure to these cyber attackers.