Scribd
Upload
8 views7 pages

Common Cyber Threats and Impacts

Full lesson

Uploaded by

Kunyi Kelvin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
8 views7 pages

Common Cyber Threats and Impacts

Full lesson

Uploaded by

Kunyi Kelvin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

INFORMATION AND NETWORK

SECURITY ASYNCHRONOUS
ASSIGNMENT

20th August 2023

Kunyi Kelvin Mbutu


21BCAH0001 - BCA 2021, Sem -V
Question A: Provide real-world examples/Cases of common cyber threats and their
potential impact on individuals and organizations.
Threat begins when one attempt to gain unauthorised access, steal data, or damage computers,
computer networks, or other computing systems through a series of actions known as a cyber-
attack. Using one or more tactics, techniques, and procedures (TTPs), the attack can be carried
out by an individual or a group.
Below are 5 real-world examples/cases of cyber threats and their potential impacts.

Malware
Malware is any malicious software that is installed on your device after a user may click on a
dangerous link inadvertently or open an attachment. There are many forms that malware can
take, with some of the most common being Viruses and Trojans.

In July 2016, a Japanese travel agency, JTB Corp, suffered a data breach compromising almost
93 million user records. The data breach was a result of an employee opening a malicious
document which he received via a phishing email. The malicious document included a trojan
horse, that is designed to steal user information. It was reported that 7.93 million user records
from Japanese Travel Agency were compromised.
Ransomware Attacks
Ransomware is a specific type of malware that gains control of your system and blocks access to
your files. It can infect your computer from an email attachment or through a bad website. Upon
infection, a ‘ransom note’ pops up, offering to restore your system back to normal in exchange
for compensation.

The image above is an example of Ransomware and this was called the WannaCry attack. At the
time it was the biggest ransomware attack ever. It hit earlier in 2017 in over 150 countries and
over 200,000 organizations. The hackers found an exploit in older Windows operating systems
that had already reached its end of life. When an operating system reaches its end of life, it
means the company is no longer making security updates.
Man in the Middle Attacks
The man in the middle attack is where a cybercriminal is intercepting your data or information
while it is being sent from one location to another (ie. communications system to a server).
This type of attack is very common with vulnerable Wi-Fi connections like at coffee shops,
hotels, and restaurants.

In 2017, credit score company Equifax removed its apps from Google and Apple after a breach
resulted in the leak of personal data. It was found that the attackers were intercepting data, in the
form of a man in the middle attack, as users accessed their accounts.

Distributed Denial of Service (DDoS)


Here, the criminals are basically trying to overload the system you would have in place, either it
be a website, server, etc., with traffic. This will typically cause the system to crash or shutdown,
resulting in downtime. These types of attacks typically do not result in stolen information. Most
of the time, it is meant to shut your system down, resulting in lost revenue from downtime and
recovering your files.

On Sept. 9, 2021, there was a huge cyber attack on the Russian Tech powerhouse, Yandex, and is
believed to be the biggest DDoS attack ever seen. Yandex reported that their “experts did
manage to repel a record attack of nearly 22 million requests per second (RPS). This is the
biggest known attack in the history of the internet.”
Password Attacks
This can be described as any attack designed to steal a user’s passwords or credentials. There are
basic techniques that even non-hackers can use like manual guessing where a bad actor can guess
your password based on the information they learn from your social media. Or even basic
shoulder surfing, where someone literally watches you as you type in your password, or even if
you have a sticky note of your password on your desk.
There are more advanced techniques like a brute force attack where a hacker has a program that
can guess literally millions of passwords at a time.

Back in August of 2021, the Canada Revenue Agency was a victim of a password cyber-attack,
whereas their online systems were shut down for several days, and over 5000 accounts were
compromised! This was due to the technique called credential stuffing. This is where the hackers
buy or steal users’ passwords from other sources and data breaches, and they use those
passwords to try to log into the CRA accounts. This can be a huge problem, especially if users
use the same password across multiple platforms.
Question B: Discuss how cybercriminals exploit human behavior to gain unauthorized
access to sensitive information.

Cybercriminals are well aware of the fact that humans can often be the weakest link in the
cybersecurity chain. They exploit various psychological and behavioral traits to manipulate
individuals into getting sensitive information. Here are some common tactics they use to gain
unauthorized access to sensitive information:

1. Phishing: It is one of the most prevalent tactics used by cybercriminals. They send deceptive
emails that appear to be from legitimate sources, often imitating banks, social media platforms,
or other trusted organizations. These emails typically contain urgent or enticing messages that
prompt recipients to click on malicious links, leading them to fake websites designed to steal
login credentials or personal information.

2. Spear Phishing: Here, cybercriminals customize their messages to target specific individuals
or organizations. They gather information from social media, public records, or other sources to
create highly personalized and convincing messages. This level of personalization increases the
likelihood that the recipient will trust the message and take the desired action.

3. Baiting: Cybercriminals take advantage of people's curiosity or desire for free items by
offering enticing downloads, such as free software, music, movies, or other digital content. These
downloads often contain malware that can compromise the victim's system and provide the
attacker with unauthorized access.

4. Impersonation: Attackers might pose as a trusted entity, such as a bank representative, tech
support agent, or even a coworker, to gain access to sensitive information. They use this tactic to
exploit people's willingness to help and comply with authority figures.

5. Social Engineering: This involves manipulating individuals into giving confidential


information by exploiting their emotions, fears, or desires. Attackers might claim to be in a
position of authority, create a sense of urgency, or even threaten the victim to elicit the desired
information.

6. Tailgating and Piggybacking: In physical security breaches, cybercriminals might physically


follow an authorized person into a restricted area (tailgating) or gain unauthorized access by
accompanying a legitimate user (piggybacking).
7. Credential Stuffing: Cybercriminals use lists of usernames and passwords obtained from
previous data breaches and try these combinations on various online accounts. Since many
people reuse passwords across multiple accounts, this tactic can be remarkably effective.

To counter these tactics, individuals and organizations need to prioritize cybersecurity education
and awareness.
Regular training sessions can help people recognize suspicious behavior and be cautious when
interacting with unsolicited messages or requests for sensitive information. Technical solutions
like multi-factor authentication (MFA) and advanced email filtering can also provide an extra
layer of protection against these types of attacks.

You might also like