16 Dec

Main Types of Cyber Threats on the Basis of Mechanisms Used

< General Studies Home Page 

Contents

• Malware
• Advanced Persistent Threat (APT) 
• Denial of Service
• Ransomware
• Cryptojacking
• Acoustic Side Channel Attacks

---

Malware

Malware (Malicious Software) is any program of file that is harmful to a computer user. It includes computer viruses, worms, Trojan horses and spyware.

• These malicious programs can perform a variety of functions, including stealing, encrypting or deleting sensitive data, altering or hijacking core computing functions and monitoring users’ computer activities.
• Virus
  • A virus is a malware that can execute itself and spreads by infecting other programs of file. Viruses are typically attached to an executable file or a word document. They often
    spread via P2P file sharing, infected websites, and email attachment downloads.
  • Once a virus finds its way onto your system, it will remain dormant until the infected host file or program is activated, which in turn makes the virus active enabling it to run
    and replicate on your system.
• Worm is a type of malware that can self-replicate without a host program. Worms typically spread without any human interaction or directives from malware author.
• Trojan Horse is a malicious program that is designed to appear as a legitimate program. Once activated following installation, trojans can execute their malicious functions.
• Spyware is a kind of malware that is designed to collect information and data (including intellectual property data) on users and observe their activity without users’ knowledge.
• Ransomware is a sophisticated malware that bypasses the traditional layers of security and makes the user’s computer files inaccessible by either locking them up or encrypting them. The user is then asked to pay a “ransom” to the cybercriminals to regain access to the data.
  • • E.g. WannaCry (May 2017)
    • Ransomware attacks on AIIMS in Dec 2022.
• Rootkit is a type of malware designed to obtain administrator level access to the victim’s system. Once installed, the program gives threat actor the root or privileged access to the system.

Advanced Persistent Threat (APT)

• An APT is a prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period of time.
• The intention of an APT attack is usually to monitor network activity and steal data rather than to cause damage to the network or organization.
• They typically target organizations in sectors such as national defense, manufacturing and financial industry as these companies deal with high-value information, including IPR, military plans etc.

Denial of Service (Distributed denial of Service)

It is an attack in which a malicious bot sends more traffic to a targeted IP address that the programmers who planned its data buffers anticipated someone might send. The target becomes unable to resolve legitimate requests.

Ransomware

What is Ransomware?

• It is a type of malicious software, used by criminals, to infect a computer system by blocking
  access to the stored data by encrypting the files. A ransom is then demanded from the owner in exchange of the decryption key.

How serious was the AIIMS ransomware attack?

• At least five of the AIIMS’ servers that hosted data related to more than three crore patients
  were compromised.

How serious are ransomware attacks?

• Cybersecurity firm Trellix, in its third quarter global report, had identified 25 major ransomware in circulation. As per Interpol, Ransomware was the second highest ranking threat after money laundering, at 66%. It is also expected to increase the most (72%).
• In India, several cases of ransomware attacks targeting commercial and critical infrastructure have been reported in the recent past.
  • In May 2022, SpiceJet had faced such threat.
  • In April 2022, Oil India, a PSU was targeted.

Cryptojacking

Definition:

• It is a cyber-attack wherein a computing device is hijacked and controlled by the attacker and its resources are used to illicitly mine cryptocurrency.
• In most cases, the malicious program is installed when the user clicks on an unsafe link or visits an infected website – and unknowingly provides access to their internet-connected device.

Why has Cryptojacking incidents gone up?

• The crackdown on other kinds of attacks like ransomware has forced cybercriminals to look for alternative methods.
• Cryptojacking involves lower risk and promises higher returns.
  • Unsuspecting users across the world see their devices get unaccountably slower, but it’s hard to tie to criminal activity, much less point to the source.

Way Forward:

Increase awareness of Cyber Hygiene and enhance cyber security (already discussed in details.

Acoustic Side Channel Attacks

Understanding Side Channel Attacks (SCAs):

• SCAs are methods of hacking a cryptographic algorithm based on analysis of auxiliary systems used in the encryption method. It can be done by collections of signals emitted by devices, including electromagnetic waves, power consumption, mobile sensors as well as sound from keyboards and printers to target devices. Once collected, these signals are used to interpret signals that can be then used to compromise the security of a device.
• Studies have shown that when a classifier is trained on keystrokes by a nearby phone, it achieves an accuracy of 95%, the highest accuracy seen without the use of a language model.

In Acoustic Side Channel Attacks (ASCAs), the sound of clicks generated by a keyboard is used to analyze keystrokes and interpret what is being types to leak sensitive information.

• These attacks are very dangerous as sound from keyboards are readily available and their misuse is under-estimated by users.
• Penetration of laptops have also made it more risky as same laptop models tends to have the same key making it easier to AI Deep Learning to deal with it.

ASCAs are not new and have been used since 1950s when acoustics emanating from encryption devices were used to crack their security. But, with new technologies like deep learning the threats have enhanced.

How can users protect against ASCAs?

• No explicit means of defence but some measures like touch-based typing of passwords can
  reduce vulnerability.
• Creating stronger passwords that use a combination of lower- and upper-case letters can solve the problems to some extent.
• Avoid easily recognizable phrases which can make it easier for AI models to predict the text.