Cyber attacks are we really secure by Prithviraj Ahir

Are we really secure?? -By Prithviraj Gohel & Dixita Raiyani

Warning Notice This book contains contents which are only for educational and research purpose. Not to misuse or violate the information inside this book. If any violation is done than no author or publisher is responsible. Please first refer to laws of your state/country/provinces before utilizing this resources. If your intentions is to use this information for any destructive purpose or any activities which is harmful to anyone than please in the name of God leave this book and go and just bang your head, I repeat leave now. Else if you want to increase your knowledge and know more than proceed further. Thank You.

110 pages on Cyber Attacks

About the author Prithviraj Gohel and Dixita Raiyani currently and pursuing Software Engineering and by forming a great team they have been working on various projects Our aim to write this book is to spread knowledge about cyber-attacks and how to prevent them. You can see videos on YouTube channel “Infotainment” https://www.youtube.com/channel/UCrrbhnWWNYYu5u3KRmuWf EA Our new series of various titles after this are coming soon… Mail at- prithvigohel25@gmail.com

110 pages on Cyber Attacks

Acknowledgement I heartily thanks to my best friend Dixita for joining me in this task and for inspiring and motivating me to work ahead. I really appreciate the effort she gave to complete our first step towards a grand project. And further to work together. I know no one walks alone in their path there are their loved ones who will help them along the way. We gratefully thanks to our parents, brothers, sisters for their blessings and believing us on the task we did. Thanks to Sir Mufaddlal Coatwala who guided motivated to write book. And Special thanks to the experts and my dear readers keep reading gain knowledge and be ready for more titles coming soon.

110 pages on Cyber Attacks

Table of Contents

Contents INSIDE THIS BOOK… ....................................................................................... 5 FIRST LET US SEE MOST BASIC AND COMMON CYBER-ATTACKS. .......................... 6 MALWARE: ................................................................................................... 7 PHISHING AND IT’S TYPES: .............................................................................. 8 PHISHING TECHNIQUES ................................................................................ 13 HOW TO PREVENT PHISHING ATTACKS .......................................................... 17 BRUTE-FORCE ............................................................................................. 19 SQL-INJECTION .......................................................................................... 21 TYPES OF SQL INJECTION ATTACKS............................................................... 22 HOW TO PREVENT SQL INJECTION ATTACKS ................................................. 24 CROSS-SITE SCRIPTING (XSS)....................................................................... 26 TYPES OF CROSS-SITE SCRIPTING ATTACKS .................................................... 28 HOW TO PREVENT CROSS-SITE SCRIPTING ATTACKS ....................................... 32 DENIAL OF SERVICE (DOS) .......................................................................... 33 PREVENTION FROM DOS ATTACKS:............................................................... 35 SESSION HIJACKING AND MAN-IN-THE-MIDDLE ATTACKS ............................... 35 TYPES OF MAN-IN-THE-MIDDLE ATTACKS ....................................................... 37 MAN-IN-THE-MIDDLE ATTACK TECHNIQUES ................................................... 40 PREVENTING MAN-IN-THE-MIDDLE ATTACKS.................................................. 42 CREDENTIAL REUSE...................................................................................... 43 TIMELINE OF MAJOR CYBER-ATTACKS TILL NOW: ............................................. 45 THERE ARE POSSIBILITIES OF THIS 8 FUTURE ATTACKS WHICH WILL OCCUR IN A MASSIVE WAY. ............................................................................................ 71 NOW WE WILL SEE MOST FAMOUS HACK-TOOLS IN DETAIL ................................ 80 WHO ARE CYBER-ATTACKERS? .................................................................... 88 STATE SPONSORED HACKS ............................................................................ 88 HACKTIVISM ............................................................................................... 88 CYBERCRIMINALS ........................................................................................ 89 LET US SEE ONE MORE LIST OF THE CYBER-ATTACKS .......................................... 90 SO IN ORDER TO SELECT BEST ANTIVIRUS YOU SHOULD CHECK COME POINTS FOR BEST SELECTION AND SECURITY. ................................................................... 104 HERE ARE SOME LINKS TO DOWNLOAD THE TOOLS MENTIONED ABOVE ............ 107

110 pages on Cyber Attacks

Inside this book… As the usage of technology increased from centuries to centuries it gave benefits to mankind, yet as there is two sides of everything technology also has its good and bad side which depends on how it is used either for construction or for destruction. No doubt there are people who misuse it. We are talking about the increasing amount of “Cyber Attacks” happening rapidly. From the time the computer especially the internet era began people learnt about hacking i.e. to enter another person’s system illegally and from which cyber-attacks took birth.

Talking about recent attacks it was affected through a tortures game called “Blue Whale” it was made in such a way that people who play it at last have to die. Here hackers have mostly targeted people who have less will powers and whose mind can easily be manipulated. They either blackmail or tell them to die so either way victim will get mad and chose path of death. Due to this mostly teenage children where targeted.

Another massive cyber-attack held which was known as “Wanna cry, Ransom ware attack” in May 2017 (We will talk about it later in this short and sweet book) this attack made millions of loss. 110 pages on Cyber Attacks

All this made me compelled to write “110 pages of cyberattacks” because my fellow humans should also be aware about different cyber-attacks. It will make people aware about different hacking attacks and everyone including your little ones could know from learning phase so their future will get secured and they are already prepared if any future cyber-attacks affect the world. Now we know how dreadful a cyber-attack can be, let’s deep…

see in

First let us see most basic and common Cyber-Attacks. Of course later we will also know by which tools this attacks can be performed (This is only for education purpose so you can prevent this attacks in future)         

Malware Phishing Brute Force Cross-Site Scripting(XSS) Denial of Service(DoS) Session Hijacking SQL-Injection Man in the middle Credential Reuse Social Engineering/Cyber Fraud

110 pages on Cyber Attacks

Malware: You can say â&#x20AC;&#x153;Malwareâ&#x20AC;? is a type of software that once entered your system gains full control and have access to all your details. This can be in form of viruses or ransomware-we will know it in detail further. If you've ever seen an antivirus alert pop up on your screen, or if you've mistakenly clicked a malicious email attachment, then you've had a close call with malware. Hackers love to use malware to gain a foothold in users' computers as they can get all the details about victim they want

Hackers will use a variety of methods to get malware into your computer, but at some stage it often requires the user to take an action to install the malware. This can include clicking a link to download a file, or opening an attachment that may look harmless (like a Word document or PDF attachment), but actually has a malware installer hidden within.

110 pages on Cyber Attacks

Phishing and it’s types:

After reading about malware you may not click any unknown link or attachment and feel that you can outsmart hacker. But no he/she is hacker or say hacker they are too ready for this so they created “Phishing” attack. This attack creates an illusion to victim that they are on the right website, but no my friends it’s the same looking page user want to see for a site let’s see in detail…

110 pages on Cyber Attacks

In a phishing attack, a hacker may send you an email that appears to be from someone you trust, like your boss or a company you do business

with. The email will seem similar, and it will have some urgency to it (e.g. fraudulent activity has been detected on your account). In the email, there will be an attachment to open or a link to click. Upon 110 pages on Cyber Attacks

opening the malicious attachment, you’ll thereby install malware in your computer. If you click the link, it may send you to a same looking website that asks for you to log in to access an important file—except the website is actually a trap used to capture your credentials when you try to log in. So after Login your details of that form will go to the hacker and they can use your identity. To identify the phishing, if you get from any email, identify properly if it is from trusted person or no, also they make malicious URL look similar to authenticate URL. Often Phishing is done on large number of users. That is to attack on mass target by sending bulk messages or emails. This can be thought of as a “quantity over quality” approach, requiring minimal preparation by the hacker, with the expectation that at least a few of the targets will fall victim to it (making the minimal up-front effort attractive even though the expected gain for the hacker isn’t usually all that big). Phishing attacks typically engage the user with a message intended to solicit a specific response (usually a mouse click) via an emotion or desire, such as:   

“You could win a $50 gift card of shopping” (greed) “Your Purchase Order has been approved” (confusion) “Your account will be cancelled if you do not log in immediately” (concern, sense of urgency)

Hackers have innovated on phishing attacks over the years, coming up with variations that require more up-front effort by the hacker but result in either a higher rate of victims or a higher value “payout” per victim (or both!).

110 pages on Cyber Attacks

Spear Phishing

When a phishing attack is customized to target an organization or specific individual(s), itâ&#x20AC;&#x2122;s referred to as spear phishing.

Here the hacker tries to be as authenticate and as real as possible by gathering information of trusted organization or companies, their email, logos, photos, etc. and shows that the link or mail they sent to victim are real and trusted to make victim believe.

110 pages on Cyber Attacks

Whaling

As a variation of the spear phishing attack, whaling targets an organization’s senior or C-level executives. Whaling attacks typically take specific responsibilities of these executive roles into consideration, using focused messaging to trick the victim. When a whaling attack successfully dupes a target, the hacker’s windfall can be substantial (e.g. high-level credentials to company accounts, company secrets, etc.).

Clone Phishing Another variation on spear phishing attacks is clone phishing. In this attack, targets are presented with a copy (or “clone”) of a similar message they had received earlier, but with specific changes the hacker has made in an attempt to attack the target (e.g. malicious attachments, invalid URL links, etc.). Because this attack is based on a previously seen, similar message, it can be effective in duping a target.

110 pages on Cyber Attacks

And More over Hackers continue to seek out new and creative ways to target unsuspecting computer users. A recent phishing attack involved a Google Doc that was received via email from a user known to the target, but would then try to gain the targetâ&#x20AC;&#x2122;s Google login credentials (and also spam itself out to all emails in the targetâ&#x20AC;&#x2122;s address book). And more passive attack types, like pharming, can result in the same losses as other phishing attacks.

Phishing Techniques Hackers use a number of mechanisms to phish their targets, including email, social media, instant messaging, texting, and infected websitesâ&#x20AC;&#x201D;some attacks are even carried out using old school phone calls.

110 pages on Cyber Attacks

Link Spoofing One common deception the hackers use is making a malicious URL appear similar to an authentic URL, increasing the likelihood that a user will not notice the slight difference(s) and click the malicious URL.

While some of these manipulated links can be easily identified by targeted users who know to “check before they click” e.g. authentic URL facebook.com vs. shady URL faceb00k.com, things like homograph attacks, which take advantage of characters that look alike, can reduce the efficacy of visual detection.

Website Spoofing Links aren’t the only item that hackers can spoof. Websites can be spoofed to appear as if they are the authentic, similar site by utilizing things such as Flash or JavaScript, allowing hackers to control how the URL is displayed to the targeted user. This means that the site could show the same URL even though the user is actually visiting the malicious website. 110 pages on Cyber Attacks

Cross-Site Scripting (XSS) takes this attack one step further: XSS attacks exploit vulnerabilities in the similar website itself, which allows the hacker to present the actual website (showing the similar URL, similar security certificates, etc.) and then quietly steal the credentials the user provides.

Malicious and Covert Redirects Redirects are a way hackers can force a userâ&#x20AC;&#x2122;s browser to interact with an unexpected website. Malicious redirects typically involve a website that is normally visited by the targeted user, but then forcibly redirects all visitors to the undesired, hacker-controlled website. A hacker can accomplish this by compromising a website with their own redirection code or by discovering an existing bug on the target website that allows a forced redirect though specially crafted URLs, for example. 110 pages on Cyber Attacks

As the name implies, secret redirects make it less obvious to the target user that they are interacting with a hacker’s site. A common scenario of a covert redirect would be where a hacker compromises an existing website by giving a new action to an existing “Log in with your Social Media account” button that a user might click in order to leave a comment. This new action collects the social media login credentials the user provided and sends them to the hacker’s website before proceeding to the actual social media website, leaving the targeted user none the wiser.

110 pages on Cyber Attacks

How to Prevent Phishing Attacks

The following suggestions are designed to prevent phishing attacks from succeeding: Continuous User Education and Exercise 

Transform all users (from the CEO on down) into one of your best assets in the fight against phishing attacks. Involve users in periodic security awareness training and education (as well as reeducation) on how to identify and avoid phishing scams, complemented with regular, unannounced phishing “exercises” to reinforce and apply what they’ve learned. This will ensure users have up-to-date awareness on the latest phishing attacks and actually do what they should when they come across one.

Filter Suspicious Attachments 

Remove and quarantine incoming attachments known to be utilized in malicious ways before they reach your users.

Filter on Malicious URLs 

Quarantine messages that contain malicious URLs. Similarly, make sure to safely resolve any URLs from link shorteners (e.g. 110 pages on Cyber Attacks



bit.ly, goo.gl, etc.) to ensure they don’t resolve to malicious URLs. In an attempt to bypass filters, some hackers will send a phishing message that contains no text in the body and one large picture (in which the picture itself contains text, which will be ignored by some filter technology). Newer “character recognition”-based filter technology can detect these messages and filter on them.

Promote Good Credential Behavior   

Do not use weak passwords. Enforce recurring password changes for users. If your users are currently only using a single level of authentication, consider moving them to a two-step verification (2SV) or two-factor authentication (2FA; even better than 2SV) solution. Additionally, it's also good practice to regularly scan user and infrastructure systems for malware and keep them current on software updates/patches. All this attacks may sound scary but with proper knowledge of them you can prevent them from affecting your systems. 110 pages on Cyber Attacks

Brute-Force Brute Force is an attack we can say trial and error it tries all the possible combination of all characters to get user login password, PIN-Personal Identification Number,etc.

110 pages on Cyber Attacks

Brute force attacks may be used by criminals to crack encrypted data, or by security analysts to test an organization's network security. A brute force attack is also known as brute force cracking or simply brute force.

Automated Software is used here to try all the possible combinations to crack the code. It needs powerful computation as it takes time. One example of a type of brute force attack is known as a dictionary attack, which might try all the words in a dictionary. Other forms of

brute force attack might try commonly-used passwords or combinations of letters and numbers. 110 pages on Cyber Attacks

Preventive measures for Brute Force Attacks   

Requiring users to create complex passwords Limiting the number of times a user can unsuccessfully attempt to log in Temporarily locking out users who exceed the specified maximum number of failed login attempts

SQL-Injection SQL- Structured Query Language greatly used to communicate with databases. As we know many of servers use SQL to store and manage critical data for websites and services in their databases.

Now what SQL injection attack does is targets this kind of servers by malicious code to get private information from server. This is especially problematic if the server stores private customer information from the website, such as credit card numbers, usernames and passwords (credentials), or other personally identifiable information, which are tempting and profitable targets for a hacker. An SQL injection attack works by exploiting any one of the known SQL vulnerabilities that allow the SQL server to run malicious code. For example, if a SQL server is vulnerable to an injection attack, it may be possible for an hacker to go to a website's search box and type in code that would force the site's SQL server to dump all of its stored usernames and passwords for the site.

110 pages on Cyber Attacks

A successful hacker may take on a compromised target include: bypassing authentication, exfiltration /stealing data, modifying or corrupting data, deleting data, running arbitrary code, or gaining root access to the system itself. Databases are commonly targeted for injection through an application (such as a website, which requests user input and then does a lookup in a database based on that input), but they can also be targeted directly. SQL injection attacks are listed on the OWASP Top Ten list of application security risks that companies are fighting with.

Types of SQL Injection Attacks SQL injection attacks can be carried out in a number of ways. Hackers may observe a system’s behavior before selecting a particular attack method. Un-sanitized Input Un-sanitized input is a common type of SQLi attack in which the hacker provides user input that isn’t properly sanitized for characters that should be escaped, and/or the input isn’t validated to be the type that is correct/expected.

110 pages on Cyber Attacks

For example, a website used to pay bills online might request the user’s account number in a web form and then send that to the database to pull up the associated account information. While this works for users who are properly entering their account number, it leaves the door open for hackers. For example, if someone decided to provide an account number of ‘1’ = ‘1”, that would result in a query string of: “SELECT * FROM customers WHERE account = ‘1’ = ‘1’;” Due to the ‘1’ = ‘1’ always evaluating to TRUE, sending this statement to the database will result in the data for all customers being returned instead of just a single customer. Blind SQL Injection Also referred to as Inferential SQL Injection, a Blind SQL injection attack doesn’t reveal data directly from the database being targeted. Rather, the hacker closely examines indirect clues in behavior.

Details within HTTP responses, blank web pages for certain user input, and how long it takes the database to respond to certain user input are all things that can be clues depending on the goal of the hacker. They could also point to another SQLi attack avenue for the hacker to try.

110 pages on Cyber Attacks

Out-of-Band Injection This attack is bit more complex and may be used by a hacker when they cannot achieve their goal in a single, direct query-response attack. Typically, a hacker will craft SQL statements which, when presented to the database, will trigger the database system to create a connection to an external server the hacker controls. In this fashion, the hacker can harvest data or potentially control behavior of the database. A Second Order Injection is a type of Out-of-Band Injection attack. In this case, the hacker will provide an SQL injection that will get stored and executed by a separate behavior of the database system. When the secondary system behavior occurs (it could be something like a timebased job or something triggered by other typical admin or user use of the database) and the hacker’s SQL injection is executed, that’s when the “reach out” to a system the hacker controls happens.

How to Prevent SQL Injection Attacks The following suggestions can help prevent an SQL injection attack from succeeding:

110 pages on Cyber Attacks

Don’t use dynamic SQL   

Avoid placing user-provided input directly into SQL statements. Prefer prepared statements and parameterized queries, which are much safer. Stored procedures are also usually safer than dynamic SQL.

Sanitize user-provided inputs  

Properly escape those characters which should be escaped. Verify that the type of data submitted matches the type expected.

Don’t leave sensitive data in plaintext  

Encrypt private/confidential data being stored in the database. This also provides another level of protection just in case an hacker successfully ex-filtrates sensitive data.

Limit database permissions and privileges  

Set the capabilities of the database user to the bare minimum required. This will limit what a hacker can do if they manage to gain access.

Avoid displaying database errors directly to the user 

Hackers can use these error messages to gain information about the database.

Use a Web Application Firewall (WAF) for web applications that access databases   

This provides protection to web-facing applications. It can help identify SQL injection attempts. Based on the setup, it can also help prevent SQL injection attempts from reaching the application (and, therefore, the database).

110 pages on Cyber Attacks

Use a web application security testing solution to routinely test web apps that interact with databases 

Doing so can help catch new bugs or regressions that could allow SQL injection.

Keep databases updated to the latest available patches 

This prevents hackers from exploiting known weaknesses and bugs present in older versions.

SQL injection is a popular attack method for rivals, but by taking the proper precautions such as confirming data is encrypted, that you protect and test your web applications, and that you’re up to date with patches, you can take meaningful steps toward keeping your data secure.

Cross-Site Scripting (XSS)

Similar to an SQL injection attack, this attack also involves injecting malicious code into a website, but in this case the website itself is not being attacked. Instead, the malicious code the hacker has injected only runs in the user's browser when they visit the attacked website, and it goes after the victim directly, not the website. One of the most common ways an attacker can deploy a cross-site scripting attack is by injecting malicious code into a comment or a 110 pages on Cyber Attacks

script that could automatically run. For example, they could embed a link to a malicious JavaScript in a comment on a blog. Cross-site scripting attacks can significantly damage a websiteâ&#x20AC;&#x2122;s reputation by placing the users' information at risk without any indication that anything malicious even occurred. Any sensitive information a user sends to the site such as their credentials, credit card information, or other private data can be hijacked via cross-site scripting without the website owners realizing there was even a problem in the first place.

Because of its wide support across many web browsers and platforms, JavaScript has been a popular choice for XSS attack authors, but an attack can be crafted with any language that is supported by browsers. While XSS attacks have been around for over 15 years, theyâ&#x20AC;&#x2122;ve proven to be highly effective and are still frequently observed as a common and viable attack method these days.

110 pages on Cyber Attacks

Types of Cross-Site Scripting Attacks Reflected XSS A reflected XSS attack involves a vulnerable website accepting data (i.e. malicious script) sent by the target’s own web browser to attack the target with. Because the malicious script is sent by the client itself and is not stored on the vulnerable server, this type of attack is also referred to as “non-persistent.” A simple example of a reflected XSS attack could involve an attacker crafting up a URL that passes a small, malicious script as a query parameter to a website that has a search page vulnerable to XSS: http://vulnerablesite.com/search?search_term=”<script>(bad-things here)</script>”

The attacker then needs to have targets visit this URL from their web browsers. This could be accomplished by sending an email containing the URL (with plausible reason to trick the user into clicking it) or publishing the URL to a public, non-vulnerable website for targets to click. 110 pages on Cyber Attacks

When a target does click the link, the vulnerable site accepts the query parameter “search_term”, expecting that the value is something the target is interested in searching the vulnerablesite.com site for, when in reality the value is the malicious script. The search page then, as most website search pages will do when a user is searching for something, displays “Searching for <seach_term>...”, but because the vulnerable site didn’t clean the search_term value, the malicious script is injected into the webpage that the target’s browser is loading and is then executed by the target’s browser.

Persistent XSS As the name implies, a persistent XSS attack is stored on the vulnerable server itself. Unlike a reflected attack, where the malicious script is sent by the target, users of a vulnerable website or web app can be attacked during their usual interactions with the vulnerable site/app.

A simple example of a persistent XSS attack could involve an attacker posting a message to a forum hosted on a vulnerable website. Rather than a usual, harmless post, this post content contains the attacker’s 110 pages on Cyber Attacks

malicious script. When a user visits this post, their web browser loads and executes the malicious script. As you can see, a key differentiator between reflected and persistent XSS attacks is that persistent XSS attacks consider all users of a vulnerable site/app as targets for attack.

DOM-Based XSS Another type of XSS attack is DOM-based, where the vulnerability exists in the client-side scripts that the site/app always provides to visitors. This attack differs from reflected and persistent XSS attacks in that the site/app doesnâ&#x20AC;&#x2122;t directly serve up the malicious script to the targetâ&#x20AC;&#x2122;s browser. In a DOM-based XSS attack, the site/app has vulnerable client-side scripts which deliver the malicious script to the

110 pages on Cyber Attacks

target’s browser. Similar to a reflected attack, a DOM-based attack does not store the malicious script on the vulnerable server itself. A simple example of a DOM-based XSS attack could involve the same setup for the reflected XSS example scenario above. The attacker creates a URL with a malicious script as the “search_term” and solicits it to potential targets. Once a target clicks the URL, their browser loads the site search page and the vulnerable client-side processing scripts.

While the “search_term” is still provided as a query parameter to the site back end for processing, the site itself does not generate the web page with the injected malicious script. Instead, the site’s vulnerable client-side scripts are designed to locally (in the target’s browser) dynamically substitute in the search term value (i.e. the malicious script) in the target’s rendered search page, causing the target’s browser to load and execute the attacker’s script. DOM-based XSS attacks highlight the fact that XSS vulnerabilities aren’t limited to server-side software.

110 pages on Cyber Attacks

How to Prevent Cross-Site Scripting Attacks The following suggestions can help safeguard your users against XSS attacks: Clear user input:  

Validate to catch potentially malicious user-provided input. Encode output to prevent potentially malicious user-provided data from triggering automatic load-and-execute behavior by a browser.

Limit use of user-provided data: 

Only use where it’s necessary.

Utilize the Content Security Policy: 

Provides additional levels of protection and mitigation against XSS attempts.

Regularly use a web vulnerability scanning tool to identify XSS vulnerabilities in your software. While XSS attacks continue to be a popular and successful methods of attack, a bit of thoughtful design and testing can go a long way in keeping your website or web application from being vulnerable and keeping users protected.

110 pages on Cyber Attacks

Denial of Service (DoS) Imagine that you are stuck in a massive traffic jam like it happens in china where traffic occurs for 16 days or more. The road can't handle the massive amount of traffic, and as a result it gets so backed up that pretty much no one can leave. In short any attack that causes system unavailability.

That's essentially what happens to a website during a denial of service (DoS) attack. If you flood a website with more traffic than it was built to handle, you'll overload the website's server and it'll be impossible for the website to serve up its content to visitors who are trying to access it. This can happen for harmless reasons of course, say if a massive news story breaks and a newspaper's website gets overloaded with traffic from people trying to find out more. But often, this kind of traffic overload is malicious, as an attacker floods a website with an overwhelming amount of traffic to essentially shut it down for all users. In some instances, these DoS attacks are performed by many computers at the same time. This scenario of attack is known as a Distributed Denial of Service Attack (DDoS). This type of attack can be even more difficult to overcome due to the attacker appearing from many different IP addresses around the world simultaneously, making determining the source of the attack even more difficult for network administrators. 110 pages on Cyber Attacks

Let’s see about “How Friday’s Massive DDoS Attack on the U.S. Happened.”

Mirai and a number of other malware variants targeting IoT devices are leveraging default passwords to infect these devices. Attackers are scanning the internet looking for devices that ship with default credentials that are easily brute-forced. Attackers can quickly enlist over 100,000 devices in just a day due to aggressive scanning, resulting in massive botnets that are always online.

See more details about this attack on below link https://blog.radware.com/security/2016/10/fridays-massive-ddosattack-u-s-happened/

110 pages on Cyber Attacks

Prevention from DOS attacks:    

Analyze the traffic of site frequently. Watch your performance metrics. Use tools which can detect fast traffic. Assure your Scalability.

A10 Networks is a leader in application delivery networking, providing a range of high-performance application networking solutions that help organizations ensure that their data center applications and networks remain highly available, accelerated and secure. Founded in 2004, A10 Networks is based in San Jose, Calif., and serves customers globally with offices worldwide.

Session Hijacking and Man-in-the-Middle Attacks When you're on the internet, your computer has a lot of small backand-forth transactions with servers around the world letting them know who you are and requesting specific websites or services. In return, if everything goes as it should, the web servers should respond to your request by giving you the information you're accessing. This process, or session, happens whether you are simply browsing or when you are logging into a website with your username and password.

110 pages on Cyber Attacks

The session between your computer and the remote web server is given a unique session ID, which should stay private between the two parties; however, an attacker can hijack the session by capturing the session ID and posing as the computer making a request, allowing them to log in as an unsuspecting user and gain access to unauthorized information on the web server. There are a number of methods an attacker can use to steal the session ID, such as a cross-site scripting attack used to hijack session IDs. An attacker can also opt to hijack the session to insert themselves between the requesting computer and the remote server, pretending to be the other party in the session. This allows them to intercept information in both directions and is commonly called a man-in-themiddle attack.

Now by simple example let us understand about this attack. “There are two friends ‘Tom’ and ‘Jerry’. They were having a great conversation but third one ‘Spike’ wants to overhear the conversation but also remain transparent. Spike could tell Tom that he was Jerry and tell Jerry that he was Tom. This would lead Tom to believe he’s speaking to Jerry, while actually revealing his part of the conversation to Spike. Spike could then gather information from this, alter the response, and pass the message along to Jerry (who thinks he’s talking 110 pages on Cyber Attacks

to Tom). As a result, Spike is able to transparently hijack their conversation.

Types of Man-in-the-Middle Attacks Rogue Access Point Devices equipped with wireless cards will often try to auto connect to the access point that is emitting the strongest signal. Attackers can set up their own wireless access point and trick nearby devices to join its

domain. All of the victimâ&#x20AC;&#x2122;s network traffic can now be manipulated by the attacker. This is dangerous because the attacker does not even have to be on a trusted network to do thisâ&#x20AC;&#x201D;the attacker simply needs a close enough physical proximity. 110 pages on Cyber Attacks

ARP Spoofing ARP is the Address Resolution Protocol. It is used to resolve IP addresses to physical MAC (media access control) addresses in a local area network. When a host needs to talk to a host with a given IP address, it references the ARP cache to resolve the IP address to a MAC address. If the address is not known, a request is made asking for the MAC address of the device with the IP address.

An attacker wishing to pose as another host could respond to requests it should not be responding to with its own MAC address. With some precisely placed packets, an attacker can sniff the private traffic between two hosts. Valuable information can be extracted from the traffic, such as exchange of session tokens, yielding full access to application accounts that the attacker should not be able to access.

110 pages on Cyber Attacks

MDNS Spoofing

Multicast DNS is similar to DNS, but it’s done on a local area network (LAN) using broadcast like ARP. This makes it a perfect target for spoofing attacks. The local name resolution system is supposed to make the configuration of network devices extremely simple. Users don’t have to know exactly which addresses their devices should be communicating with; they let the system resolve it for them. Devices such as TVs, printers, and entertainment systems make use of this protocol since they are typically on trusted networks. When an app needs to know the address of a certain device, such as tv.local, an attacker can easily respond to that request with fake data, instructing it to resolve to an address it has control over. Since devices keep a local cache of addresses, the victim will now see the attacker’s device as trusted for a duration of time.

110 pages on Cyber Attacks

DNS Spoofing

Similar to the way ARP resolves IP addresses to MAC addresses on a LAN, DNS resolves domain names to IP addresses. When using a DNS spoofing attack, the attacker attempts to introduce corrupt DNS cache information to a host in an attempt to access another host using their domain name, such as www.ebanking.com. This leads to the victim sending sensitive information to a malicious host, with the belief they are sending information to a trusted source. An attacker who has already spoofed an IP address could have a much easier time spoofing DNS simply by resolving the address of a DNS server to the attackerâ&#x20AC;&#x2122;s address.

Man-in-the-Middle Attack Techniques Sniffing

Attackers use packet capture tools to inspect packets at a low level. Using specific wireless devices that are allowed to be put into monitoring mode can allow an attacker to see packets that are not intended for it to see, such as packets addressed to other hosts. 110 pages on Cyber Attacks

Packet Injection

An attacker can also leverage their deviceâ&#x20AC;&#x2122;s monitoring mode to inject malicious packets into data communication streams. The packets can blend in with valid data communication streams, appearing to be part of the communication, but malicious in nature. Packet injection usually involves first sniffing to determine how and when to craft and send packets. Session Hijacking

Most web applications use a login mechanism that generates a temporary session token to use for future requests to avoid requiring the user to type a password at every page. An attacker can sniff sensitive traffic to identify the session token for a user and use it to make requests as the user. The attacker does not need to spoof once he has a session token.

110 pages on Cyber Attacks

SSL Stripping

Since using HTTPS is a common safeguard against ARP or DNS spoofing, attackers use SSL stripping to intercept packets and alter their HTTPS-based address requests to go to their HTTP equivalent endpoint, forcing the host to make requests to the server unencrypted. Sensitive information can be leaked in plain text.

Preventing Man-in-the-Middle Attacks Strong WEP/WAP Encryption on Access Points Having a strong encryption mechanism on wireless access points prevents unwanted users from joining your network just by being nearby. A weak encryption mechanism can allow an attacker to brute-force his way into a network and begin man-in-themiddle attacking. The stronger the encryption implementation, the safer. Virtual Private Network VPNs can be used to create a secure environment for sensitive information within a local area network. They use key-based encryption to create a subnet for secure communication. This way, even if an attacker happens to get on a network that is shared, he will not be able to decipher the traffic in the VPN.

110 pages on Cyber Attacks

Force HTTPS HTTPS can be used to securely communicate over HTTP using public-private key exchange. This prevents an attacker from having any use of the data he may be sniffing. Websites should only use HTTPS and not provide HTTP alternatives. Users can install browser plugins to enforce always using HTTPS on requests. Public Key Pair Based Authentication Public key pair based authentication like RSA can be used in various layers of the stack to help ensure whether the things you are communicating with are actually the things you want to be communicating with.

Credential Reuse

Users today have so many logins and passwords to remember that it’s appealing to reuse credentials here or there to make life a little easier. Even though for security best practices generally recommend that you have unique passwords for all your applications and websites, many people still reuse their passwords—a fact attackers depend on.

Once attackers have a collection of usernames and passwords from a breached website or service (easily acquired on any number of black market websites on the internet), they know that if they use these same credentials on other websites there’s a chance they’ll be able to log in. 110 pages on Cyber Attacks

No matter how tempting it may be to reuse credentials for your email, bank account, and your favorite sports forum, itâ&#x20AC;&#x2122;s possible that one day the forum will get hacked, giving an attacker easy access to your email and bank account. When it comes to credentials, variety is essential.

Password managers are available and can be helpful when it comes to managing the various credentials you use. So, friends this was just a short glimpse to most commonly use cyberattacks further we will see many new attacks, their tools and most important thing how to prevent them. How we can be secure from them. But first letâ&#x20AC;&#x2122;s have a look on timeline of first major cyber-attack until now.

110 pages on Cyber Attacks

TimeLine of major cyber-attacks till now:

It covers important and noteworthy events in the history of hacking and cracking, and we will see what attacks might be possible in future.

1903 Magician and inventor Nevil Maskelyne disrupts John Ambrose Fleming's public demonstration of Guglielmo Marconi's purportedly secure wireless telegraphy technology, sending insulting Morse code messages through the auditorium's projector. 1932 Polish cryptologists Marian Rejewski, Henryk Zygalski and Jerzy RĂłĹźycki broke the Enigma machine code. 1939 Alan Turing, Gordon Welchman and Harold Keen worked together to develop the Bombe (on the basis of Rejewski's works on Bomba). The Enigma machine's use of a reliably small key space makes it vulnerable to brute force.

110 pages on Cyber Attacks

1943 René Carmille, comptroller general of the Vichy French Army, hacked the punched card system used by the Nazis to locate Jews. 1955 At MIT, “hack” first came to mean fussing with machines. The minutes of an April, 1955, meeting of the Tech Model Railroad Club state that "Mr. Eccles requests that anyone working or hacking on the electrical system turn the power off to avoid fuse blowing. 1957 Joe "Joybubbles" Engressia, a blind seven-year-old boy with perfect pitch, discovered that whistling the fourth E above middle C (a frequency of 2600 Hz) would interfere with AT&T's automated telephone systems, thereby inadvertently opening the door for phreaking. Various phreaking boxes are used to interact with automated telephone systems.

1963 The first ever reference to malicious hacking is 'telephone hackers' in MIT's student newspaper, The Tech of hackers trying up the lines with Harvard, configuring the PDP-1 to make free calls, war dialing and accumulating large phone bills. 1965 – William D. Mathews from MIT found a vulnerability in a CTSS running on an IBM 7094. The standard text editor on the system was designed to be used by one user at a time, working in one directory, and so created a temporary file with a constant name for all instantiations of the editor. The flaw was discovered when two system programmers were editing at the same time and the temporary files for the message-of-the day and the password 110 pages on Cyber Attacks

file became swapped, causing the contents of the system CTSS password file to display to any user logging into the system. 1971 John T. Draper (later nicknamed Captain Crunch), his friend Joe Engressia, and blue box phone phreaking hit the news with an Esquire Magazine feature story. 1979 Kevin Mitnick breaks into his first major computer system, the Ark, the computer system Digital Equipment Corporation (DEC) used for developing their RSTS/E operating system software. 1980 The FBI investigates a breach of security at National CSS. The New York Times, reporting on the incident in 1981, describes hackers as technical experts; skilled, often young, computer programmers, who almost whimsically probe the defenses of a computer system, searching out the limits and the possibilities of the machine. Despite their seemingly subversive role, hackers are a recognized asset in the computer industry, often highly prized The newspaper describes white hat activities as part of a "mischievous but perversely positive 'hacker' tradition". When a National CSS employee revealed the existence of his password cracker, which he had used on customer accounts, the company chastised him not for writing the software but for not disclosing it sooner. The letter of reprimand stated that "The Company realizes the benefit to NCSS and in fact encourages the efforts of employees to identify security weaknesses to the VP, the directory, and other sensitive software in files". 1981 Chaos Computer Club forms in Germany. Lan Murphy aka Captain Zap, was the first cracker to be tried and convicted as a felon. Murphy broke into AT&T's computers 110 pages on Cyber Attacks

in 1981 and changed the internal clocks that metered billing rates. People were getting late-night discount rates when they called at midday. Of course, the bargain-seekers who waited until midnight to call long distance were hit with high bills. 1983 The 414s break into 60 computer systems at institutions ranging from the Los Alamos National Laboratory to Manhattan's Memorial Sloan-Kettering Cancer Center. The incident appeared as the cover story of Newsweek with the title "Beware: Hackers at play". As a result, the U.S. House of Representatives held hearings on computer security and passed several laws. The group â&#x20AC;&#x153;Kilobaudâ&#x20AC;? is formed in February, kicking off a series of other hacker groups which form soon after. The movie WarGames introduces the wider public to the phenomenon of hacking and creates a degree of mass paranoia of hackers and their supposed abilities to bring the world to a screeching halt by launching nuclear ICBMs. The U.S. House of Representatives begins hearings on computer security hacking. In his Turing Award lecture, Ken Thompson mentions "hacking" and describes a security exploit that he calls a "Trojan horse".

110 pages on Cyber Attacks

1984 Someone calling himself Lex Luthor founds the Legion of Doom. Named after a Saturday morning cartoon, the LOD had the reputation of attracting "the best of the best"â&#x20AC;&#x201D;until one of the most talented members called Phiber Optik feuded with Legion of Doomer Erik Bloodaxe and got 'tossed out of the clubhouse'. Phiber's friends formed a rival group, the Masters of Deception. The Comprehensive Crime Control Act gives the Secret Service jurisdiction over computer fraud. Cult of the Dead Cow forms in Lubbock, Texas, and begins publishing its ezine. The hacker magazine 2600 begins regular publication, right when TAP was putting out its final issue. The editor of 2600, "Emmanuel Goldstein" (whose real name is Eric Corley), takes his handle from the leader of the resistance in George Orwell's 1984. The publication provides tips for would-be hackers and phone phreaks, as well as commentary on the hacker issues of the day. Today, copies of 2600 are sold at most large retail bookstores. 110 pages on Cyber Attacks

The Chaos Communication Congress, the annual European hacker conference organized by the Chaos Computer Club, is held in Hamburg, Germany. William Gibson's groundbreaking science fiction novel Neuromancer, about "Case", a futuristic computer hacker, is published. Considered the first major cyberpunk novel, it brought into hacker jargon such terms as "cyberspace", "the matrix", "simstim", and "ICE".

1985 â&#x20AC;&#x153;Kilobaudâ&#x20AC;? is re-organized into The P.H.I.R.M., and begins sysopping hundreds of BBSs throughout the United States, Canada, and Europe. The online 'zine Phrack is established. The Hacker's Handbook is published in the UK. The FBI, Secret Service, Middlesex County NJ Prosecutor's Office and various local law enforcement agencies execute seven search warrants concurrently across New Jersey on July 12, 1985, seizing equipment from BBS operators and users alike for "complicity in computer theft", under a newly passed, and yet untested criminal statue. This is famously known as the Private Sector Bust, or the 2600 BBS Seizure, and implicated the Private Sector BBS sysop, Store Manager (also a BBS sysop), Beowulf, Red Barchetta, The Vampire, the NJ Hack Shack BBS sysop, and the Treasure Chest BBS sysop. 1986 After more and more break-ins to government and corporate computers, Congress passes the Computer Fraud and Abuse Act, which makes it a crime to break into computer systems. The law, however, does not cover juveniles. Robert Schifreen and Stephen Gold are convicted of accessing the Telecom Gold account belonging to the Duke of Edinburgh under the Forgery and 110 pages on Cyber Attacks

Counterfeiting Act 1981 in the United Kingdom, the first conviction for illegally accessing a computer system. On appeal, the conviction is overturned as hacking is not within the legal definition of forgery. Arrest of a hacker who calls himself The Mentor. He published a now-famous treatise shortly after his arrest that came to be known as the Hacker's Manifesto in the e-zine Phrack. This still serves as the most famous piece of hacker literature and is frequently used to illustrate the mindset of hackers. Astronomer Clifford Stoll plays a pivotal role in tracking down hacker Markus Hess, events later covered in Stoll's 1990 book The Cuckoo's Egg.

1987 The Christmas Tree EXEC "worm" causes major disruption to the VNET, BITNET and EARN networks. 1988 The Morris Worm. Graduate student Robert T. Morris, Jr. of Cornell University launches a worm on the government's ARPAnet (precursor to the Internet). The worm spreads to 6,000 networked computers, clogging government and university systems. Robert Morris is dismissed from Cornell, sentenced to three years probation, and fined $10,000. 110 pages on Cyber Attacks

First National Bank of Chicago is the victim of $70-million computer theft. The Computer Emergency Response Team (CERT) is created by DARPA to address network security. The Father Christmas over DECnet networks.

(computer

worm)

spreads

1989 Jude Milhon (aka St Jude) and R. U. Sirius launch Mondo 2000, a major '90s tech-lifestyle magazine, in Berkeley, California. The politically motivated WANK worm spreads over DECnet. Dutch magazine Hack-Tic begins. The Cuckoo's Egg by Clifford Stoll is published. The detection of AIDS (Trojan horse) is the first instance of a ransomware detection. 1990 Operation Sundevil introduced. After a prolonged sting investigation, Secret Service agents swoop down on organizers and prominent members of BBSs in 14 U.S. cities including the Legion of Doom, conducting early-morning raids and arrests. The arrests involve and are aimed at cracking down on creditcard theft and telephone and wire fraud. The result is a breakdown in the hacking community, with members informing on each other in exchange for immunity. The offices of Steve Jackson Games are also raided, and the roleplaying sourcebook GURPS Cyberpunk is confiscated, possibly because the government fears it is a "handbook for computer crime". Legal battles arise that prompt the formation of the Electronic Frontier Foundation, including the trial of Knight Lightning. 110 pages on Cyber Attacks

Australian federal police tracking Realm members Phoenix, Electron and Nom are the first in the world to use a remote data intercept to gain evidence for a computer crime prosecution. The Computer Misuse Act 1990 is passed in the United Kingdom, criminalizing any unauthorized access to computer systems. 1992 Release of the movie Sneakers, in which security experts are blackmailed into stealing a universal decoder for encryption systems. One of the first ISPs MindVox opens to the public. Bulgarian virus writer Dark Avenger wrote 1260, the first known use of polymorphic code, used to circumvent the type of pattern recognition used by antivirus software, and nowadays also intrusion detection systems.

Publication of a hacking instruction manual for penetrating TRW credit reporting agency by Infinite Possibilities Society (IPS) gets Dr. Ripco, the sysop of Ripco BBS mentioned in the IPS manual, arrested by the United States Secret Service. 1993 The first DEF CON hacking conference takes place in Las Vegas. The conference is meant to be a one-time party to say good-bye to BBSs (now replaced by the Web), but the gathering was so popular it became an annual event. AOL gives its users access to Usenet, precipitating Eternal September. 1994 Summer: Russian crackers siphon $10 million from Citibank and transfer the money to bank accounts around the world. Vladimir 110 pages on Cyber Attacks

Levin, the 30-year-old ringleader, uses his work laptop after hours to transfer the funds to accounts in Finland and Israel. Levin stands trial in the United States and is sentenced to three years in prison. Authorities recover all but $400,000 of the stolen money. Hackers adapt to emergence of the World Wide Web quickly, moving all their how-to information and hacking programs from the old BBSs to new hacker web sites. AOHell is released, a freeware application that allows a burgeoning community of unskilled script kiddies to wreak havoc on America Online. For days, hundreds of thousands of AOL users find their mailboxes flooded with multimegabyte email bombs and their chat rooms disrupted with spam messages. December 27: After experiencing an IP spoofing attack by Kevin Mitnick, computer security expert Tsutomu Shimomura started to receive prank calls that popularized the phrase "My kung-fu is stronger than yours". 1995 The movies “The Net” and “Hackers” are released. February 22: The FBI raids the "Phone Masters". 1996 Hackers alter Web sites of the United States Department of Justice (August), the CIA (October), and the U.S. Air Force (December). Canadian hacker group, Brotherhood, breaks into the Canadian Broadcasting Corporation. The U.S. General Accounting Office reports that hackers attempted to break into Defense Department computer files some 110 pages on Cyber Attacks

250,000 times in 1995 alone. About 65 percent of the attempts were successful, according to the report. The MP3 format gains popularity in the hacker world. Many hackers begin setting up sharing sites via FTP, Hotline, IRC and Usenet. Crypto-virology is born with the invention of the crypto-viral extortion protocol that would later form the basis of modern Ransomware. 1997 A 15-year-old Croatian youth penetrates computers at a U.S. Air Force base in Guam.[35] June: Eligible Receiver 97 tests the American government's readiness against cyberattacks. December: Information Security publishes first issue. First high-profile attacks on Microsoft's Windows NT operating system

110 pages on Cyber Attacks

In response to the popularity of sharing MP3 music files online, the Recording Industry Association of America begins cracking down on file sharing.

1998January: Yahoo! notifies Internet users that anyone visiting its site in recent weeks might have downloaded a logic bomb and worm planted by hackers claiming a "logic bomb" will go off if computer hacker Kevin Mitnick is not released from prison. February: The Internet Software Consortium proposes the use of DNSSEC (domain-name system security extensions) to secure DNS servers.

110 pages on Cyber Attacks

May 19: The seven members of the hacker think tank known as L0pht testify in front of the US congressional Government Affairs committee on "Weak Computer Security in Government". June: Information Security publishes its first annual Industry

Survey, finding that nearly three-quarters of organizations suffered a security incident in the previous year. September: Electronic Disturbance Theater, an online political performance-art group, attacks the websites of The Pentagon, Mexican president Ernesto Zedillo, and the Frankfurt Stock Exchange, calling it conceptual art and claiming it to be a protest against the suppression of the Zapatista Army of National Liberation in southern Mexico. EDT uses the FloodNet software to bombard its opponents with access requests. October: "U.S. Attorney General Janet Reno announces National Infrastructure Protection Center."

110 pages on Cyber Attacks

1999 Software security goes mainstream In the wake of Microsoft's Windows 98 release, 1999 becomes a banner year for security (and hacking). Hundreds of advisories and patches are released in response to newfound (and widely publicized) bugs in Windows and other commercial software products. A host of security software vendors release anti-hacking products for use on home computers. U.S. President Bill Clinton announces a $1.46 billion initiative to improve government computer security. The plan would establish a network of intrusion detection monitors for certain federal agencies and encourage the private sector to do the same. January 7: The "Legion of the Underground" (LoU) declares "war" against the governments of Iraq and the People's Republic of China. An international coalition of hackers (including Cult of the Dead Cow, 2600's staff, Phrack's staff, L0pht, and the Chaos Computer Club) issued a joint statement condemning the LoU's declaration of war. The LoU responded by withdrawing its declaration. A hacker interviewed by Hilly Rose during the radio show Coast to Coast AM (then hosted by Art Bell) exposes a plot by al-Qaeda to derail Amtrak trains. This results in all trains being forcibly stopped over Y2K as a safety measure. March: The Melissa worm is released and quickly becomes the most costly malware outbreak to date. July: Cult of the Dead Cow releases Back Orifice 2000 at DEF CON August: Kevin Mitnick, "the most wanted man in cyberspace" sentenced to 5 years, of which over 4 years had already been spent pre-trial including 8 months solitary confinement. 110 pages on Cyber Attacks

September: Level Seven Crew hacks the U.S. Embassy in China's website and places racist, anti-government slogans on embassy site in regards to 1998 U.S. embassy bombings. September 16: The United States Justice sentences the "Phone Masters".

Department

October: American Express introduces the "Blue" smart card, the industry's first chip-based credit card in the US. 2000 May: The ILOVEYOU worm, also known as VBS/Loveletter and Love Bug worm, is a computer worm written in VBScript. It infected millions of computers worldwide within a few hours of its release. It is considered to be one of the most damaging worms ever. It originated in the Philippines; made by an AMA Computer College student for his thesis. September: Computer hacker Jonathan James became the first juvenile to serve jail time for hacking. 2001 Microsoft becomes the prominent victim of a new type of hack that attacks the domain name server. In these denial-of-service attacks, the DNS paths that take users to Microsoft's websites are corrupted. February: A Dutch cracker releases the Anna Kournikova virus, initiating a wave of viruses that tempts users to open the infected attachment by promising a sexy picture of the Russian tennis star. April: FBI agents trick two into coming to the U.S. and revealing how they were hacking U.S. banks. July: Russian programmer Dmitry Sklyarov is arrested at the annual Def Con hacker convention. He was the first person 110 pages on Cyber Attacks

criminally charged with violating the Digital Millennium Copyright Act (DMCA). August: Code Red worm, infects tens of thousands of machines. 2002 January: Bill Gates decrees that Microsoft will secure its products and services, and kicks off a massive internal training and quality control campaign. May: Klez.H, a variant of the worm discovered in November 2001, becomes the biggest malware outbreak in terms of machines infected, but causes little monetary damage. June: The Bush administration files a bill to create the Department of Homeland Security, which, among other things, will be responsible for protecting the nation's critical IT infrastructure. August: Researcher Chris Paget publishes a paper describing "shatter attacks", detailing how Windows' un-authenticated messaging system can be used to take over a machine. The paper raises questions about how securable Windows could ever be. It is however largely derided as irrelevant as the vulnerabilities it described are caused by vulnerable applications (placing windows on the desktop with inappropriate privileges) rather than an inherent flaw within the Operating System. 2003 The hacktivist group â&#x20AC;&#x153;Anonymousâ&#x20AC;? was formed.

110 pages on Cyber Attacks

March: Cult of the Dead Cow and Hacktivismo are given permission by the United States Department of Commerce to export software utilizing strong encryption. 2004 July: North Korea claims to have trained 500 hackers who successfully crack South Korean, Japanese, and their allies' computer systems. 2005 April 2: Rafael NĂşĂąez (aka RaFa), a notorious member of the hacking group World of Hell, is arrested following his arrival at Miami International Airport for breaking into the Defense Information Systems Agency computer system on June 2001. September 13: Cameron Lacroix is sentenced to 11 months for gaining access to T-Mobile's network and exploiting Paris Hilton's Sidekick. November 3: Jeanson James Ancheta, whom prosecutors say was a member of the "Botmaster Underground", a group of script kiddies mostly noted for their excessive use of bot attacks and propagating vast amounts of spam, was taken into custody after being lured to FBI offices in Los Angeles. 110 pages on Cyber Attacks

2006 January: One of the few worms to take after the old form of malware, destruction of data rather than the accumulation of zombie networks to launch attacks from, is discovered. It had various names, including Kama Sutra (used by most media reports), Black Worm, Mywife, Blackmal, Nyxem version D, Kapser, KillAV, Grew and CME-24. The worm would spread through e-mail client address books, and would search for documents and fill them with garbage, instead of deleting them to confuse the user. It would also hit a web page counter when it took control, allowing the programmer who created it as well as the world to track the progress of the worm. It would replace documents with random garbage on the third of every month. It was hyped by the media but actually affected relatively few computers, and was not a real threat for most users. May: Jeanson James Ancheta receives a 57-month prison sentence, and is ordered to pay damages amounting to $15,000.00 to the Naval Air Warfare Center in China Lake and the Defense Information Systems Agency, for damage done due to DDoS attacks and hacking. Ancheta also had to forfeit his gains to the government, which include $60,000 in cash, a BMW, and computer equipment. May: The largest defacement in Web History as of that time is performed by the Turkish hacker iSKORPiTX who successfully hacked 21,549 websites in one shot. July: Robert Moore and Edwin Pena featured on America's Most Wanted with Kevin Mitnick presenting their case commit the first VoIP crime ever seen in the USA. Robert Moore served 2 years in federal prison with a $152,000.00 restitution while Edwin Pena was sentenced to 10 years and a $1 million restitution. September: Viodentia releases FairUse4WM tool which would remove DRM information off Windows Media Audio (WMA) 110 pages on Cyber Attacks

files downloaded from music services such as Yahoo! Unlimited, Napster, Rhapsody Music and Urge. 2007 May 17: Estonia recovers from massive denial-of-service attack June 13: FBI Operation Bot Roast finds over 1 million botnet victims June 21: A spear phishing incident at the Office of the Secretary of Defense steals sensitive U.S. defense information, leading to significant changes in identity and message-source verification at OSD. August 11: United Nations website hacked by Turkish Hacker Kerem125.

2008 January 17: Project Chanology; Anonymous attacks Scientology website servers around the world. Private documents are stolen from Scientology computers and distributed over the Internet. March 7: Around 20 Chinese hackers claim to have gained access to the world's most sensitive sites, including The Pentagon. They operated from an apartment on a Chinese Island.

110 pages on Cyber Attacks

March 14: Trend Micro website successfully hacked by Turkish hacker Janizary (aka Utku). 2009 April 4: Conficker worm infiltrated millions of PCs worldwide including many government-level top-security computer networks 2010 January 12: Operation Aurora Google publicly reveals that it has been on the receiving end of a "highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google"

June: Stuxnet The Stuxnet worm is found by VirusBlokAda. Stuxnet was unusual in that while it spread via Windows computers, its payload targeted just one specific model and type of SCADA systems. It slowly became clear that it was a cyber 110 pages on Cyber Attacks

attack on Iran's nuclear facilities - with most experts believing that Israel was behind it - perhaps with US help. December 3: The first Malware Conference, MALCON took place in India. Founded by Rajshekhar Murthy, malware coders are invited to showcase their skills at this annual event supported by the Government of India. An advanced malware for Symbian OS is released by hacker A0drul3z. 2011 The hacker group Lulz Security is formed. April 9: Bank of America website got hacked by a Turkish hacker named JeOPaRDY. An estimated 85,000 credit card numbers and accounts were reported to have been stolen due to the hack. Bank officials say no personal customer bank information is available on that web-page. Investigations are being conducted by the FBI to trace down the incriminated hacker. April 17: An "external intrusion" sends the PlayStation Network offline, and compromises personally identifying information (possibly including credit card details) of its 77 million accounts, in what is claimed to be one of the five largest data breaches ever. Computer hacker sl1nk releases information of his penetration in the servers of the Department of Defense (DoD), Pentagon, NASA, NSA, US Military, Department of the Navy, Space and Naval Warfare System Command and other UK/US government websites. September: Bangladeshi hacker TiGER-M@TE made a record in defacement history by hacking 700,000 websites in a single shot. October 16: The YouTube channel of Sesame Street was hacked, streaming pornographic content for about 22 minutes.

110 pages on Cyber Attacks

November 1: The main phone and Internet networks of the Palestinian territories sustained a hacker attack from multiple locations worldwide. November 7: The forums for Valve's Steam service were hacked. Redirects for a hacking website, Fkn0wned, appeared on the Steam users' forums, offering "hacking tutorials and tools, porn, free giveaways and much more.

December 14: Five members of the Norwegian hacker group Noria was arrested, allegedly suspected for hacking into the email account of the militant extremist Anders Behring Breivik (who perpetrated the 2011 attacks in the country) 2012 Iranian hackers retaliate against Stuxnet by releasing Shamoon, a virus that damages 35,000 Saudi AramCo computers and stops the company for a week. A Saudi hacker, 0XOMAR, published over 400,000 credit cards online, and threatened Israel to release 1 million credit cards in the future. In response to that incident, an Israeli hacker published over 200 Saudi's credit cards online. January 7: "Team Appunity", a group of Norwegian hackers, got arrested for breaking into and publishing the user database of Norway's largest prostitution website. February 3: Marriott was hacked by a New Age ideologist, Attila Nemeth who was resisting against the New World Order where 110 pages on Cyber Attacks

he said that corporations are allegedly controlling the world. As a response Marriott reported him to the United States Secret Service. February 8: Foxconn is hacked by a hacker group, "Swagg Security", releasing a massive amount of data including email and server logins, and even more alarming - bank account credentials of large companies like Apple and Microsoft. Swagg Security stages the attack just as a Foxconn protest ignites against terrible working conditions in southern China. May 24: WHMCS is hacked by UGNazi, they claim that the reason for this is because of the illegal sites that are using their software.

May 31: MyBB is hacked by newly founded hacker group, UGNazi, the website was defaced for about a day, they claim their reasoning for this was because they were upset that the forum board Hackforums.net uses their software. June 5: The social networking website LinkedIn has been hacked and the passwords for nearly 6.5 million user accounts are stolen by cybercriminals. As a result, a United States 110 pages on Cyber Attacks

grand jury indicted Nikulin and three unnamed co-conspirators on charges of aggravated identity theft and computer intrusion. December 17: Computer hacker sl1nk announced that he has hacked a total of 9 countries' SCADA systems. The proof includes 6 countries: France, Norway, Russia, Spain, Sweden and the United States. 2013 The social networking website Tumblr is attacked by hackers. Consequently, 65,469,298 unique emails and passwords were leaked from Tumblr. The data breach's legitimacy is confirmed by computer security researcher Troy Hunt. 2014 February 7: The bitcoin exchange Mt.Gox filed for bankruptcy after $460 million was apparently stolen by hackers due to "weaknesses in [their] system" and another $27.4 million went missing from its bank accounts. October: The White House computer system was hacked. It was said that the FBI, the Secret Service, and other U.S. intelligence agencies categorized the attacks "among the most sophisticated attacks ever launched against U.S. government systems. November 24: In response to the release of the film The Interview, the servers of Sony Pictures are hacked by a hacker group calling itself "Guardian of Peace". November 28: The website of the Philippine telecommunications company Globe Telecom was hacked to acquaint for the poor internet service they are distributing.

110 pages on Cyber Attacks

2015 June: the records of 21.5 million people, including social security numbers, dates of birth, addresses, fingerprints, and securityclearance-related information, are stolen from the United States Office of Personnel Management. Most of the victims are employees of the United States government and unsuccessful applicants to it. The Wall Street Journaland the Washington Post report that government sources believe the hacker is the government of China. July: The servers of extramarital affairs website Ashley Madison were breached. 2016 February: The 2016 Bangladesh Bank heist attempted to take US$951 million from Bangladesh Bank, and succeeded in getting $101 million - although some of this was later recovered. July 22: Wikileaks published the documents from the 2016 Democratic National Committee email leak. July 29: a group suspected coming from China launched hacker attacks on the website of Vietnam Airlines. September: Hacker Ardit Ferizi is sentenced to 20 years in prison after being arrested for hacking U.S. servers and passing the leaked information to members of ISIL terrorist group back in 2015. October: The 2016 Dyn cyber-attack is being conducted with a botnet consisting of IOTs infected with Mirai by the hacktivist groups SpainSquad, Anonymous, and New World Hackers, reportedly in retaliation for Ecuador's rescinding Internet access to WikiLeaks founder Julian Assange at their embassy in London, where he has been granted asylum. 110 pages on Cyber Attacks

2017 February: The Cloudbleed bug was discovered by Google Project Zero team. April: A hacker group calling itself "The Dark Overlord" posted unreleased episodes of Orange Is the New Black TV series online after they failed to extort online entertainment company Netflix. May: WannaCry ransomware attack started on Friday, 12 May 2017, and has been described as unprecedented in scale, infecting more than 230,000 computers in over 150 countries.

May: 25,000 digital photos and ID scans relating to patients of the Grozio Chirurgija cosmetic surgery clinic in Lithuania were obtained and published without consent by an unknown group demanding ransoms. Thousands of clients from more than 60 countries were affected. The breach turned attention to weaknesses in Lithuania's information security. June: 2017 Petya cyberattack. July:2017 A massive cyber-attack in terms of games they started, known as â&#x20AC;&#x153;Blue whaleâ&#x20AC;? occurred from Russian domains where victim gets ready for suicide, Here hacker torture and blackmail the victim, most of targeted victim where children and mentally weak type of people. 110 pages on Cyber Attacks

So, this was the timeline of attacks until now, let us see what types of cyber-attacks can occur in future.

There are possibilities of this 8 future attacks which will occur in a massive way. As per foxbusiness.com article Jason Glassberg says about 8 possible attacks like thisâ&#x20AC;Ś

Cyber-Jacking. Why bother physically hijacking a plane, when you can simply cyberjack it? The mysterious disappearance of Malaysian Air flight 370 had

110 pages on Cyber Attacks

some speculating that it might have been hacked, and while that’s unrealistic in this case, future attacks probably will leverage some type of cyber attack to pull it off. This could range from exploiting the plane’s flight management system, to attacking ground-based systems that the plane relies on, spoofing or interfering with air traffic control transmissions or infecting the air traffic control system with fake “ghost” planes and making real planes disappear (as discovered by researcher Brad ‘Renderman’ Haines in 2012).

Human Malware There’s a good chance that at some point in the near future, humans will be infected with malware. How could this happen? If you rely on a WiFi-enabled medical implant (e.g., pacemaker, cardioverterdefibrillator, insulin pump, etc.), your body could be physically harmed by a cyber-attack on that device. Researchers have already demonstrated that it’s possible for a determined hacker to break into your implant and hurt or kill you. But down the road, this threat could become even easier to distribute.

110 pages on Cyber Attacks

New research released earlier this year by the University of Liverpool found that itâ&#x20AC;&#x2122;s possible to spread computer viruses via WiFi routers. Infected WiFi routers could pose a serious long-term risk - particularly with implant patients. In the future, a compromised WiFi network (at a hospital or the Starbucks across the street) could be used to spread medical viruses to patients.

Cyber Assault As networked appliances, home automation systems and wearables become more widespread, hackers will have another way to invade

110 pages on Cyber Attacks

your life - and physically harm you. Because all of these rely on basic operating systems or firmware to work properly and are connected to the Internet, they can be remotely controlled by hackers - as has been demonstrated already by numerous researchers, including a home appliance ‘botnet’ recently discovered by one security firm. These attacks could include things like raising or lowering the thermostat, shutting off or malfunctioning appliances (like turning off the refrigerator or bypassing the temperature restriction on the water heater), causing wearables to overheat or making augmented reality glasses flicker bright blinding lights in your eyes. In most cases, these wouldn’t put a person’s life at risk, but they could cause physical harm, not to mention make you feel unsafe in your own home. Consider this cyber-stalking taken to the next level.

Cyber Extortion.

With so much of our personal lives, work and finances tied up in online accounts, anyone who’s able to take over those accounts is in a great position to demand a ransom payment.“Ransomware” attacks are already taking place throughout Europe and, more recently, in the U.S. with the so-called ‘CryptoLocker’ virus.

110 pages on Cyber Attacks

These attacks are not very common today, but expect them to become as widespread as email spam in the next five to 10 years. However, in the future, these attacks could become considerably more dangerous, potentially including home, car and smart grid meter jacking attacks followed by payment demands to make them stop.

Car Sploiting.

Viruses are likely to become a more serious problem for our cars in the near future. As cars become more computerized, their systems (which also include Windows, Android, iOS and BlackBerry operating systems) are more vulnerable to attacks, and automotive viruses and malware are likely to spread.

110 pages on Cyber Attacks

Earlier this year, a Formula One racing team had to cut its preseason test short after the vehicle became infected with malware. Ford (F) is taking the threat so seriously that it’s already begun testing its car systems against possible hacks. In fact, automotive malware actually goes all the way back to 2007 when TomTom first discovered its navigation devices had been infected. In the not so distant future, car viruses could become a real nuisance for drivers - and car anti-virus is likely to be a regular feature in most car models.

Brick Attacks.

When it comes to bank fraud, account takeovers and stolen credit card numbers aren’t the only thing you’ll have to worry about. What if your account was completely erased from the bank’s records? In the “brick attack," hackers don’t just try to steal money or information--they just destroys it. They do so by infecting the computers and servers that store this data with malware that renders them completely useless, unable to be turned on again (i.e., ‘bricks’). 110 pages on Cyber Attacks

Saudi Aramco, the world’s largest oil company, was already hit with a brick attack in 2012, which destroyed 30,000 computers. And in December 2013, the National Security Agency claimed it had foiled a plot by foreign adversaries to “brick” computers all across the U.S. Now imagine attackers hitting a major retail bank and targeting customer account information. It could happen in the not so distant future.

Identity Theft Squared.

You think it’s bad now with identity theft? Well, just wait. Right now, biometric security (e.g., fingerprint scanners, retina scans, voice prints, 110 pages on Cyber Attacks

etc.) is limited to a few consumer devices, but once it becomes a key way to authenticate your online accounts, biometric data will become an important commodity to the criminal underground. Genetic data theft is also an increasing risk as more consumers sign up for genetic testing and their data is stored on vulnerable networks.

Mini-Power Outages.

As more homes transition to ‘smart appliances and meters’ they could also become vulnerable to new types of criminal tampering. Two key features of today’s smart meters that could be taken advantage of by hackers are their ability to wirelessly update the firmware and remotely disconnect users. This could allow attackers to corrupt the smart meters of individual homes, running up bogus charges or causing the electrical system to malfunction, shut down or surge (frying all of your outlets and anything connected to them). They could also allow attackers to disconnect homes at will. The above were short glimpse of future possible cyber-attacks. Let’s see which tools are there which makes this attacks possible. 110 pages on Cyber Attacks

A List of hacking tools and for which attack they are used for Web Vulnerability Scanners: Burp Suite, Firebug, AppScan, OWASP Zed, Paros Proxy, Nikto, Grendel-Scan Vulnerability Exploitation Tools: Netsparker, sqlmap, Core Impact, WebGoat, BeEF Forensic Tools: Helix3 Pro, EnCase, Autopsy

Port Scanners: Unicornscan, NetScanTools, Angry IP Scanner Traffic Monitoring Tools: Nagios, Ntop, Splunk, Ngrep, Argus Debuggers: IDA Pro, WinDbg, Immunity Debugger, GDB Rootkit Detectors: DumpSec, Tripwire, HijackThis Encryption Tools: KeePass, OpenSSL, OpenSSH/PuTTY/SSH, Tor Password Crackers: 110 pages on Cyber Attacks

John the Ripper, Aircrack, Hydra, Ophcrack Remember all this tools can mostly be worked on Linux OS, and some of them work with Windows and IOS like different OS. All this information is for knowledge purpose so use it for your security.

Now we will see most famous hack-tools in detail Metasploit: We can say it is collection of exploit tools. A tool used to build your own custom tools. It is quiet popular as it allows you to locate vulnerabilities at different platforms.

Metasploit is backed by more than 200,000 users and contributors that help you to know and uncover the weaknesses in your system. It works with Windows, Linux and OS-X. 110 pages on Cyber Attacks

This top hacking tool package of 2017 lets you simulate real-world attacks to tell you about the weak points and finds them. As a penetration tester, it pin points the vulnerabilities with Nexpose closedâ&#x20AC;&#x201C; loop integration using top remediation reports. Using the open source Metasploit framework, users can build their own tools and take the best out of this multi-purpose hacking tool. Acunetix WVS:

It is a type of web vulnerability scanner (WVS), which scans and finds defect or say flaws in the website like cross â&#x20AC;&#x201C;site scripting, SQL injection and other vulnerabilities. This fast and easy to use tool scans WordPress websites from more than 1200 vulnerabilities in WordPress.

110 pages on Cyber Attacks

Acunetix comes with a Login Sequence Recorder that allows one to access the password protected areas of websites. The new AcuSensor technology used in this tool allows you to reduce the false positive rate. Such features have made Acunetix WVS a preferred hacking tools that you need to check out in 2017. Commonly Works with windows Os. N-map(Network mapping tool):

It is a port scanning tool that allows efficient network discovery and security auditing. It uses raw IP packets to determine firewall used by 110 pages on Cyber Attacks

host, network of host along with their OS and other information. Supported in Windows, Linux and OS-x. Last year, Nmap won multiple security products of the year awards and was featured in multiple movies including The Matrix Reloaded, Die Hard 4, and others. Available in the command line, Nmap executable also comes in an advanced GUI avatar. WireShark It is a packet crafting tool that discovers vulnerability within a network and probes firewall rule-sets. Wireshark was originally known as Ethereal, as it helps you to read live data from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others.

It also comes in command line version known as TShark. Better works with Linux, Windows Os-x. 110 pages on Cyber Attacks

OclHashcat

It is better for the one who does frequent password cracking, also this people are aware of such tools. Till now oclHashcat is world’s fastest password cracking tool with world’s first and only GPGPU based engine. For using the tool, NVIDIA users require ForceWare 346.59 or later and AMD users require Catalyst 15.7 or later. This tool employs following attack modes for cracking:     

Straight Combination Brute-force Hybrid dictionary + mask Hybrid mask + dictionary

Mentioning another major feature, oclHashcat is an open source tool under MIT license that allows an easy integration or packaging of the common Linux distros. Works better with Linux, Windows and OS-x.

110 pages on Cyber Attacks

Maltego

Maltego is an open source forensics platform that offers rigorous mining and information gathering to paint a picture of cyber threats around you. Maltego excels in showing the complexity and severity of points of failure in your infrastructure and the surrounding environment. Maltego is a great hacker tool that analyzes the real world links between people, companies, websites, domains, DNS names, IP addresses, documents and whatnot. Based on Java, this tool runs in an easy-to-use graphical interface with lost customization options while scanning. Supported with Windows, Mac, Linux.

110 pages on Cyber Attacks

Social Engineer Toolkit This Python-driven tool is the standard tool for social engineering penetration tests with more than two million downloads. It automates the attacks and generates disguising emails, malicious web pages and more.

Also featured on “Mr. Robot”, TrustedSec’s Social-Engineer Toolkit is an advanced framework for simulating multiple types of social engineering attacks like credential harvestings, phishing attacks, and more. On the show, ‘Elliot’ is seen using the SMS spoofing tool from the Social-Engineer Toolkit. Partially supported with Mac and Windows and fully functions in Linux.

110 pages on Cyber Attacks

W3af W3af is a free and open source web application security scanner thatâ&#x20AC;&#x2122;s widely used by hackers and penetration testers. W3af stands for web application attack and audit framework. Using this hacking tool, one can get security vulnerability information that can be further used in penetration testing engagements. W3af claims to identify more than 200 vulnerabilities (including the likes of cross-site scripting, SQL Injection, PHP misconfigurations, guessable credentials, and unhandled application errors) and make a web application (and website) more secure.

W3af comes both in command line and graphical user interface to suit the needs of a hacker. In less than 5 clicks and using the predefined profile for the beginners, one can audit the security of a web application. As itâ&#x20AC;&#x2122;s well documented, the new users can easily find their way. Being an open source hacking tool, an experienced developer can play with the code, add new features, and create something new. W3af is available for Linux, BSD, and OS X. On Windows, its older versions are supported. All the above mentioned tools most of them are open source tools. Also there are many private tools made for government security services.

110 pages on Cyber Attacks

Who are Cyber-Attackers?

The vast majority of cybercriminal groups launch cyber attacks in order to make money. But, there are other groups out there who aren’t interested in money making. Some just wants destruction among people lives or they do just to satisfy their desire of attack.

State sponsored hacks In the constant fight for geopolitical power, cyber attacks are a favorite tool in a nation’s arsenal. Hacking another country is a cleaner and more quiet process than sending in tanks and soldiers, while still giving tangible results. One of the most high-profile such state sponsored hacks is the Stuxnet worm we talked about earlier. Nobody managed to conclusively identify the source of the infection, but most analysts claim the United States and Israel created Stuxnet as a joint effort.

Hacktivism Some hackers aren’t interested in money, nor do they work for governments. Instead, they seek to advance a social cause or mission, and are not ashamed to hack into governments or organizations they deem to be standing in the way. 110 pages on Cyber Attacks

These causes vary from group to group. Most hacktivist groups claim to protect free speech, democracy and transparency. One of the most well-known hacker groups out there is “Anonymous”, a loosely organized organization that has protested against tougher copyright laws, child pornography and various corporations.

Cybercriminals The biggest group of malicious hackers by far. Cybercriminals seek to make a quick buck by using any of the malicious methods mentioned above.

Usually, a cybercriminal will specialize, such as spam messages, phishing, login attacks and so on. Another thing to take into account is that malicious hackers don’t really operate as lone wolves. There is an entire so called “malware economy”, where cybercriminals trade and sell hacking tools, leaked email databases, phone numbers and even DDoS as a service. 110 pages on Cyber Attacks

Let us see one more list of the cyber-attacks: Indiscriminate attacks: These attacks are wide-ranging, global and do not seem to discriminate among governments and companies.   

 

Operation Shady RAT World of Hell Red October, discovered in 2012, was reportedly operating worldwide for up to five years prior to discovery, transmitting information ranging from diplomatic secrets to personal information, including from mobile devices.

Wanna-Cry ransomware attack on 12 May 2017 affecting hundreds of thousands of computers in more than 150 countries. 2017 Petya cyberattack

110 pages on Cyber Attacks

Destructive Attacks: These attacks relate to inflicting damage on specific organizations.

Great Hacker War, and purported "gang war" in cyberspace  LulzRaft, hacker group known for a low impact attack in Canada  Operation Ababil, conducted against American financial institutions  TV5Monde April 2015 cyberattack  Vulcanbot  Shamoon, a modular computer virus, was used in 2012 in an attack on 30,000 Saudi Aramco workstations, causing the company to spend a week restoring their services.  Wiper – in December 2011, the malware successfully erased information on hard disks at the Oil Ministry's headquarters.  Stuxnet - A malicious computer worm believed to be a jointly built American-Israeli cyber weapon. Designed to sabotage Iran's nuclear program with what would seem like a long series of unfortunate accidents Cyberwarfare 

110 pages on Cyber Attacks

These are politically motivated destructive attacks aimed at sabotage and espionage.

   

  

2007 cyberattacks on Estonia, wide-ranging attack targeting government and commercial institutions 2010 cyberattacks on Burma, related to the 2010 Burmese general election 2010 Japan–South Korea cyberwarfare 2013 Singapore cyberattacks, attack by Anonymous "in response to web censorship regulations in the country, specifically on news outlets"

OpIsrael, a broad "anti-Israel" attack Cyberattacks during the Russo-Georgian War July 2009 cyberattacks, against South Korea and the United States 110 pages on Cyber Attacks

Operation Olympic Games, against Iranian nuclear facilities, allegedly conducted by the United States Government espionage 

These attacks relate to stealing information from/about government organizations.

      

2008 cyberattack on United States, cyber espionage targeting U.S. military computers Cyber attack during the Paris G20 Summit, targeting G20-related documents including financial information GhostNet Moonlight Maze Operation Newscaster, cyber espionage covert operation allegedly conducted by Iran Operation Cleaver, cyberwarfare covert operation allegedly conducted by Iran Shadow Network, attacks on India by China

110 pages on Cyber Attacks

 

Titan Rain, targeting defense contractors in the United States Google – in 2009, the Chinese hackers breached Google's corporate servers gained access to a database containing classified information about suspected spies, agents, and terrorists under surveillance by the US government.

Gauss trojan, discovered in 2012 is a state-sponsored computer espionage operation that uses state-of-the-art software to extract a wealth of sensitive data from thousands of machines located mostly in the Middle East.

Office of Personnel Management data breach—Dec 2014 breach of data on U.S. government employees A six-month-long cyber-attack on the German parliament for which the Sofacy Group is suspected took place in December 2014. Vestige is also suspected to be behind a spear phishing attack in August 2016 on members of the Bundestag and multiple political parties such as Linken-faction leader Sahra Wagenknecht, Junge Union and the CDU of Saarland.

110 pages on Cyber Attacks

Authorities fear that sensitive information could be gathered by hackers to later manipulate the public ahead of elections such as Germany's next federal election due in September 2017. Stolen e-mail addresses and login credentials These attacks relate to stealing login information for specific web resources.  



2011 PlayStation Network outage, 2011 attack resulting in stolen credentials and incidentally causing network disruption Vestige – in 2010, a band of anonymous hackers has rooted the servers of the site and leaked half a gigabyte's worth of its private data.

IEEE – in September 2012, it exposed user names, plaintext passwords, and website activity for almost 100,000 of its members. Living-Social – in 2014, the company suffered a security breach that has exposed names, e-mail addresses and password data for up to 50 million of its users. Adobe – in 2013, Hackers obtained access to Adobe's networks and stole user information and downloaded the source code for some of Adobe programs. It attacked 150 million customers. Rock-You – in 2009, the company experienced a data breach resulting in the exposure of over 32 million user accounts. 110 pages on Cyber Attacks



Yahoo! – in 2012, hackers posted login credentials for more than 453,000 user accounts. Again in January 2013 and in January 2014.

Stolen credit card and financial data 

2016 Indian Banks data breach- It was estimated 3.2 million debit cards were compromised. Major Indian banks- SBI, HDFC Bank, ICICI, YES Bank and Axis Bank were among the worst hit.



2014 JPMorgan Chase data breach, allegedly conducted by a group of Russian hackers MasterCard – in 2005, the company announced that up to 40 million cardholders may have had account information stolen due to one of its payment processors being hacked. VISA and MasterCard – in 2012, they warned card-issuing banks that a third-party payments processor suffered a security breach, affecting up to 10 million credit cards. Subway – in 2012, two Romanian men admitted to participating in an international conspiracy that hacked into credit-card payment terminals at more than 150 Subway restaurant franchises and stole data for more than 146,000 accounts. Star-Dust – in 2013, the botnet compromised 20,000 cards in active campaign hitting US merchants.



110 pages on Cyber Attacks



Target – in 2013, approximately 40 million credit and debit card accounts were impacted in a credit card breach. According to another estimate, it compromised as many as 110 million Target customers. Goodwill Industries – in September 2014, the company suffered from a credit card data breach that affected the charitable retailer's stores in at least 21 states. Another two retailers were affected. Home Depot – in September 2014, the cybercriminals that compromised Home Depot's network and installed malware on the home-supply company's point-of-sale systems likely stole information on 56 million payment cards.

Now we will see more about security tools used to prevent our systems The Irony is that the tools used for cyber-attacks can also be used as the security tools. It depends on person which way he/she uses it.

Information gathering tools: 

Google dorks – Using advanced operators in the Google search engine to locate specific strings of text within search results.



Maltego- as mentioned earlier. 110 pages on Cyber Attacks



FOCA – A tool used to find metadata and hidden information in the documents its scans.



http://checkusernames.com/ – Check the use of a brand or username on 160 social networks.



https://haveibeenpwned.com/ – Check if an account has been compromised in a data breach.



https://www.beenverified.com/ – Search people & public records.



Shodan – Search engine for Internet-connected devices. This is a very popular service among security researchers. Shodan continually crawls and indexes devices on the internet.



Censys – A search engine that allows computer scientists to ask questions about the devices and networks that compose the internet. 110 pages on Cyber Attacks



Gephi – Visualization and exploration software for all kinds of graphs and networks.



Fierce – A DNS reconnaissance tool for finding target IPs associated with a domain.



BuiltWith – Find out what websites are built with and which tools are used in it.



Wappalyzer – A cross-platform utility that uncovers the technologies used on websites.



https://aw-snap.info/ – Tools for owners of hacked websites to help find malware and recover their site.



http://themecheck.org/ – A quick service that lets you verify WordPress themes for security and code quality.



theHarvester – Gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN.



Cymon.io – Tracker of malware, phishing, botnets, spam, and more.



Mnemonic - Mnemonic is a useful tool that can find which websites are hosted at a specific IP or which IPs host a website.

Vulnerability scanning and penetration testing tools 

WPScan – A black box WordPress vulnerability scanner.



Sqlmap – An open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. 110 pages on Cyber Attacks



BeEF – A penetration testing tool that focuses on the web browser.



Firefox Hackbar – A simple security audit / penetration test tool.



Burp Suite - Burp Suite is a very well known and powerful framework used to perform security audits and analysis on web applications. It includes a proxy that can intercept traffic and allow you to modify it on the fly. It includes a huge variety of exploit and penetration testing tools.



OpenVAS – An open source vulnerability scanner and manager.



Fiddler – A free web debugging proxy.



Joomscan – Detect Joomla CMS vulnerabilities and analyze them.



Kum0nga – A simple Joomla scan.



Arachni – A feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications. 110 pages on Cyber Attacks

Forensics and log analysis



Lnav – An advanced log file viewer.



Mandiant Highlighter – A free log file analysis tool.



Wp-file-analyser – Find modified, missing and extra files in a WordPress directory.



Auditd – Access monitoring and accounting for Linux.



Araxis Merge – Advanced 2 and 3-way file comparison (diff), merging and folder synchronization.



WinMerge – An Open Source differencing and merging tool for Windows.



DiffNow – Compare files online. 110 pages on Cyber Attacks

Code and malware analysis



CyberChef – The Cyber Swiss Army Knife. CyberChef is a tool that is developed by GCHQ, the British intelligence agency. It can help de-obfuscate malware and other code.



UnPHP – A free service for analyzing obfuscated and malicious PHP code.



UnPacker – JavaScript unpacker.



Jsunpack – A generic JavaScript unpacker.



JSBeautifier – An online JavaScript beautifier.



https://www.base64decode.org/ – Base64 Decode and Encode. Base64 encoding is a way to encode anything into an encoded string of (what appears to be) random characters. Anyone who is repairing hacked sites or responding to incidents uses base64 decoding several times a day to expose malicious code that has been base64 encoded. This tool can help decode base64 encoding.



https://www.urldecoder.org/ – URL Decode and Encode 110 pages on Cyber Attacks



http://lombokcyber.com/en/detools/decode-sourcecop – Decode SourceCop v3.x This is a tool that decodes a specific type of PHP encoding that may prove useful during a hacked site investigation.



regex101 – Develop and test regular expressions.



regexpal – Another site to develop and test regular expressions.



HashKiller – Online hash cracking service. Useful to reverse engineer hashes into passwords.



Noscript – Noscript is a Firefox extension that allows Javascript, Java and Flash to only be executed by websites that you define and trust.



Awesome Forensics – A curated list of awesome free (mostly open source) forensic analysis tools and resources.



Awesome-incident-response – A curated list of tools and resources for security incident response, aimed to help security analysts and DFIR teams.



OSINT Framework – OSINT is short for ‘open source intelligence’. This site provides a graphical directory of OSINT resources.

110 pages on Cyber Attacks

And on the top of all “Kali Linux”:

Kali Linux is a linux distribution that is the favorite of penetration testers and security analysts world-wide. It is a linux distribution that comes packed with security analysis tools. If you want to learn about cyber security, Kali should be one of your starting points. In our next version we will know more about Kali Linux and how to use it. Now let’s talk about little security there are also many Antiviruses which gives protection against system viruses as well as online web attacks, but than also there are hackers which can break this walls of antivirus and attack the systems of victims. Even sometimes it is reality that some of the antiviruses are basically a type of viruses means the company to gain its popularity and promote their product creates the antivirus in such a way that it installs the virus automatically and removes it.

So in order to select best Antivirus you should check come points for best selection and security. Unfortunately, not all antivirus products provide a reliable, usable solution that delivers an adequate level of protection against malware. When measured against the following criteria, even the market’s top 10 antivirus solutions may achieve very different scores:

110 pages on Cyber Attacks

Reliability: Even the most thorough antivirus solution can prove to be absolutely useless if it conflicts with other software that’s running in your computer. If these conflicts lead to a malfunction or temporary suspension in the antivirus protection processes, that could leave you vulnerable. Usability: If the day-to-day operation of an antivirus solution requires special skills, it may be impractical for many users. Any antivirus product that is awkward to use, asks the user complex questions or needs the user to make difficult decisions, is likely to increase the chances of ‘operator errors’. In some cases, if the antivirus software is too difficult to run, the user may simply disable it.

110 pages on Cyber Attacks

Comprehensive protection: An antivirus solution should deliver constant protection for all computer domains, all types of files and all network elements that could be subject to attack by a computer virus or other malware. The program should be able to detect malicious code and also protect all channels or entry points to the computer — including email, the Internet, FTP and more. Quality of protection: Whether you need an Apple or Windows antivirus security solution, each needs to be able to operate in an aggressive environment that is constantly changing — with new computer viruses, worms and Trojan viruses that can be much more complex than previously known malware, and may include new ways of avoiding the actions of antivirus programs. Quality of protection partly depends on the following:    

Effectiveness of malware detection processes Frequency and regularity of updates Ability to remove infections from the computer Efficiency in delivering computer protection – without significant impact on the computer’s performance

110 pages on Cyber Attacks

So, friends this doesn’t end here there are many more things other than cyber attacks we can say that the world of internet is very vast along with security we have to see many various points too. It is upto us how we use this things. Like every thing has it’s own two sides same way the ocean of webinternet has one good and another very deep and dark side, This will all be in description in our upcoming version of book which is going to be publish soon.

Here are some links to download the tools mentioned above

https://tools.kali.org/tools-listing http://blacklisthackers.com/download-free-hacking-tools/ http://www.aircrack-ng.org/ https://www.acunetix.com/vulnerability-scanner/ https://www.netsparker.com/web-vulnerability-scanner/

No doubt that in writing this book we have searched and took reference from many sources we are thankful to them. Again repeating that these information are for knowledge purpose and education purpose only, not to violate by misusing it. Still there is a question are we really secure?????? “Believe in Karma do good get good, do bad and be ready for worst.” Hope you guys really enjoyed and are satisfied there are still many more techniques which we have mentioned in next version. So be ready for that until enjoy this believe in yourself. 110 pages on Cyber Attacks

Bibliography Wikipedia Concise-courses Heimdalsecurity Wordfence and many more

110 pages on Cyber Attacks