Author- Mrinal Khamkher
College- Army Institute of Law
In this digital era, the internet usage is speedily increasing.
With the increase in internet usage, malicious practices on the internet are also growing up day by day. Those malicious practices on digital platforms are known as Cyber attacks. These Cyber attacks aren’t a replacement factor, however, because the internet usage is going to be deeply interlinking in our lives and societies, it’s changing into necessary to maximize the preventive measures to protect our systems from those attacks too.
This paper is an endeavor to classify most of those threats, besides, analyze and characterize intruders and attacks facing the internet and online services.
Keywords: Internet Usage, Cyber attack, hacking, Cyber-security, Security threats, malicious practices.
The internet has become an integral part of today’s generation of people; from human activity through instant messages and emails to banking, traveling, finding out, and searching, the internet has touched each side of life. With the growing use of the internet by individuals, to protect vital data has become a necessity. A system that’s not having proper and authentic security controls is often infected with malicious attack and so any variety of data are often accessed in moments. A variety of infected sites and malicious websites are often seen daily that infects and permit hackers to achieve prohibited access to different computer systems.
The most objectives of such a variety of system attackers or hackers are to steal counsel, to form prohibited financial transactions, to destroy or to vary information, and therefore the like. System attackers are often terrorists, crackers, or recreational hackers. They need a range of tools which will damage or infect the computer;
Sometimes, they use malicious logic or virus to achieve unauthorized access to a system or device. For example, gap email attachments that carry the virus, clicking malicious links or websites, or accidentally downloading a dangerous program are common ways that through which advice connected with the internet are often infected and information is often taken. Even a tiny low mistake in securing information or unhealthy social networking will persuade to be extraordinarily dangerous.
If accounts don’t seem to be properly secured, it makes it easier for attackers or unauthorized users to unfold viruses or socially built attacks that are designed to steal information and even cash. Such kinds of problems highlight the necessity for cyber-security as an important approach in protecting and preventing information from getting used unsuitably.
WHAT IS CYBER ATTACK
A cyber-attack may be a malicious and deliberate attempt by an individual or organization to breach the personal or private system or device of another individual or organization. Usually, the attacker the victim’s network with an intention to get a wrongful gain maliciously.
Types of cyber crime
These cyber crimes are mainly of three types:
Identity stealing– When private information of a person is stolen without that person’s knowledge or consent with an intention to withdraw his money from his bank or to misuse his identity in any crime with a malicious purpose, that is called Identity stealing.
Cyberterrorism – If a threat of extortion or any kind of threat harm is being caused to a person, group, organization, institution, or the state or the Government, it is called Cyber Terrorism. In most of the cases, it includes a well-planned attack followed by a long term made plan or strategy on the Government offices or high profile company’s computer system.
Cyberbullying – If a teenager or a minor defames, intimidates, or harasses someone online through any chat rooms, video calls, instant messaging, or any other social network then this offense is called Cyberbullying.
Cyberstalking– When the same offense of cyberbullying is done by adults, it is called cyberstalking.
Hacking –Nowadays, this is the most common cyber crime in the whole world. If a person gets the control of another’s device or electronic system without his knowledge or consent to make a wrongful gain through that possession over that control on the device, then it is called hacking. This is not a threat that is being caused only on individuals, it’s a common headache for many sectors including the government and private too.
Defamation through a digital platform – Every individual has his or her right to freedom of speech on internet platforms, but if their statements cross the line of limit and harm another’s reputation by his statement, then that will fall under this crime.
Copyright – At present everyone is sharing their contents, thoughts, or creativities online. In case if you bring your shared content under the shadow of copyright or simply if you want your content copyrighted, then if anyone brings and uses that content as his own or claims it to be owned by him without your consent or permission, he may infringe the Copyright Law.
Common Procedures of Cyber attack
So, now the question is how do the cyber attackers gain control of another’s computer systems? What procedures do they use?
Here are some common methods used to threaten cyber-security:
. Malware: Malware mainly indicates any malicious software. This is one of the most common cyber threats, malware is actually a software that cyber criminals or hackers create to damage other’s systems. Often spread via an unsolicited email attachment or legitimate-looking download, malware may be used by cyber criminals to make money or in politically motivated cyber attacks.
There are a number of different types of malware, including:
. Phishing: Phishing could be a sort of hacking once cybercriminals target victims with emails that seem to be from a legitimate company soliciting for sensitive data.
. SQL injection: SQL (structured language query) injection is one kind of cyber attack. It is mainly used to grab control of and steal information from a system or database. Cyber-attacker stake advantages of these in data-driven applications to insert harmful malicious code into a database via this type of malicious SQL code. This process gives them access to the private information contained in the database of a system.
· Virus: Virus is a self-replicating program that goes and attaches itself to any clean file and spreads throughout a system by manipulating or affecting files with any kind of malicious codes.
· Trojans: This is one kind of malware that is disguised as any legitimate or authorized software. Cyber attackers deceive users to upload these Trojans into their computer or any other system where they can damage or collect any data from that.
· Spyware: It is mainly a program that secretly collects data unethically of what a user does so that cyber attackers can use this information. Mainly they spy through these Spywares illegally. For example, spyware can collect credit card details.
· Ransomware: It is one type of malware that locks down a user’s files and data in a system. They, then, threaten of erasing those important data unless the demanded ransom is paid.
· Adware: This is one kind of advertising software that can be used to spread malware to a system through an advertisement.
· Botnets: This is a network of malware-infected computers. Cyber attackers perform tasks online without the user’s permission with their help.
. Man-in-the-middle attack: A man-in-the-middle attack is one type of cyber attack where an attacker sets up a communication between two individual systems to steal data. For say, on an unsecured Wifior broadband network, an attacker could intercept data by passing from the victim’s system and the network.
. Denial-of-service attack: A denial-of-service attack is where cybercriminals prevent a computer system from fulfilling legitimate requests by overwhelming the networks and servers with traffic. This renders the system unusable, preventing an organization from carrying out vital functions.
A denial-of-service attack is where cyber attackers prevent a computing system from fulfilling legitimate requests by getting control of the networks and servers of the system with traffic. This renders the system unusable, stopping a corporation from completing important functions.
Latest cyber crime
What are the newest cyber threats that individuals and organizations got to guard against? Here are a number of the foremost recent cyber threats that the U.K., U.S., and Australian governments have reported on.
The U.S. Department of Justice (DoJ) charged the leader of a cyber-criminal group as they held a global Dridex malware attack. This dangerous and harmful campaign affected a lot of individuals, the government and so business worldwide in December 2019.
Dridex malware is one type of trojan. It affects computers mainly by sending phishing emails or any kind of existing malware code. For the first time, it attacked in 2014. It is capable of stealing passwords of any system, personal data, banking details of individuals, and many such private data for fraudulent transactions or withdrawals. From 2014, it has caused massive financial loss to many sectors of the society including government to corporate, from layman to renowned businessmen.
Because of the fear of Dridex attacks in the whole world, the U.K.’s National Cyber-Security Centre advises the public to “ensure devices are patched, anti-virus is turned on and up to date and files are backed up”.
This year in February 2020, the FBI issued a warning for U.S. citizens that they should be aware of a new type of fraud committed through various dating sites, their apps. Cybercriminals usually take the advantage of people who are searching for their partners. They manipulate them to provide their personal data and they give those data to them with good faith.
The FBI reports this romance cyber attacks victimized 114 people in New Mexico in 2019, with financial losses over $1.6 million.
In 2019, there was a threat to Emotet malware that was spread globally. The Australian National Security team firstly informed about that attack.
Emotet is nothing but a trojan that can steal information and also attach and spread other malware. Emotet mainly attacks through easy to crack passwords. To be saved from this attack, it’s mandatory to set up strong passwords for the system or devices.
WHAT IS CYBER-SECURITY:
Cyber-security means setting up a defense system in servers, electronic systems, networks, computers, or any kind of data from various cyber attacks.
In today’s world, cyber-security is incredibly vital owing to some security threats and cyber-attacks. Cyber-security is vital as a result of not solely it helps to secure info however conjointly our system from virus attack. At present, it is so much important that this term is popular in all sectors, whether it is the government sector to business sectors.
KINDS OF CYBER-SECURITY:
Cyber-security may be divided into a couple of common classes; e.g-
· Application security: It indicates the practice of keeping software and hardware attack-free from malicious attacks. In this process of setting the security, there are dedicated applications that may provide the access to the information when it’s designed to safeguard. Sure-fire security begins in the foremost design stage of these applications before the programs or devices are deployed.
· Network security: This is the process of securing an electronic system from intruders, whether or not targeted attackers or expedient malware.
· Operational security: This means the processes through which we protect the information saved in our system.
. Denial-of-service attack: A denial-of-service attack is a cyber attack where attackers suddenly increase the number of traffics to jam the bandwidth. As a result, the system is unable to fulfill legitimate requests. Attackers can also use multiple compromised devices to launch this attack. This is known as a distributed-denial-of-service (DDoS) attack.
· Information security: It safeguards the integrity and privacy of information saved as data, both in the storage and in transit.
· Disaster recovery and business continuity: This indicates the outline of how a corporation responds to a cyber-security incident or the other event that causes the loss of operations or information. Disaster recovery policies dictate how the organization restores its operations and knowledge to come back to constant operative capability as before the event. Business continuity is that the set up of the organization when it falls back, whereas it is making an attempt to control while there are no bound resources.
· End-user education: This is the most vital factor in cyber-security. Anyone may accidentally or without knowing, put a virus to a secured system or device not being failed to follow good security practices. To make users educated about some security measures, i.e- to delete suspicious emails, not to plug in an unknown USB drives or various other important lessons. It is very important for security purposes.
WHY CYBER-SECURITY IS SO IMPORTANT?
Today in this internet world, cyber-security has become one of the most important things for people, also as organizations (such as military, government, business houses, educational and financial institutions, corporations, and others) that collect and store a good range of confidential data on computers and transmit that to other computers across different networks. For families, the protection of youngsters and relations from cyber crime has become substantially important. For private, protected information that would impact social life also as personal finance is important.
The internet has provided a good array of learning opportunities, but there are risks too. Photos, videos, and other personal information shared by an individual on social networking sites such as Facebook, Twitter can be inappropriately used by others may lead to serious and even life-threatening incidents.
Social networking sites became the foremost popular medium for sharing information and connecting with people. But these sites have created varied opportunities for cyber crimes, compromised personal identities, and knowledge leakage. Therefore, it’s important for people to know the way to protect against cyber threats, and must also comprehend the difference between the virtual and the world.
One should find out how to guard computers and private information against being hacked and will engage inappropriate online behavior so as to eliminate chances of cyber threats and thereby creating a safer online environment.
Many business organizations, mainly small and medium-size businesses face critical challenges in protecting data. Limited financial and technological resources make it difficult for them to upgrade the security system and to remain updated with technology.
However, it’s better to spread awareness towards cyber-security and proper planning can convince be very beneficial for such business organizations in protecting their information and trade secrets from being disclosed. Many small business organizations are now taking initiatives to protect their information from being accessed illegally.
Cyber-security is equally important for local, state, and central government as these organizations maintain a huge amount of confidential data and records concerning the country and its citizens. Yet several government organizations face difficulty in protecting data because of inadequate secured infrastructure, limited funding, and lack of security awareness.
Stealing confidential data or sensitive information, digital by terrorists from government organizations, as well as digital spying can lead to serious threats to a country. For this reason, cyber-security is of paramount importance for government organizations also and is a vital asset to the nation
The increasing use of the web and social media has made cyber-security even more important than it had been before. Growing cyber threats such as data theft, phishing scams, and other cyber vulnerabilities demand that users should remain vigilant about protecting data. It is essential to know the numerous sort of risks and vulnerabilities that exists within the Internet world. For every user, it’s important to think before connecting to someone using an online medium. Users should also think before sharing any information with other users through the web.
How to prevent cyber attack
There are some of the prime and most essential safety tips to follow to prevent cyber attacks-
1. Set strong passwords: Ensure your passwords are not easily crackable. It must be an alpha-numeric password as per the terminology.
2. Always Use good anti-virus: Always using good security software can give you the relaxation from any tension while you are not regularly checking your security measures. So, software like Quick Heal Total Security, Kaspersky Total Security, Avast, etc will detect and removes threats and give you extra security. And always keep your security software updated also for the best level of protection.
3. Keep your software and operating system updated: Updated software has a lower chance to be affected by a cyber attack, as they are up to date by the software developers themselves, which enhances cyber-security. And also if the same updated software for many individual’s systems is being affected by those attacks, then more or less the developer will have the responsibility. So, in that case, you will have an extra margin of security or guarantee of security.
4. Never open any email attachment sent from unknown sources: In most of the cases, malware attack is caused by sending malicious emails. So, it would increase the chance of affection in many cases if you open an unauthorized email attachment on your device.
5. Never click on links in emails from unknown senders or unfamiliar websites: This is a very common way that malware is spread just like the previous one.
6. Avoid using unsecureWifinetworks in public places: It’s very dangerous to use an open wifi network at a public place. That is a very easy way to constitute a man-in-the-middle attack through an open Wifi.
7. End-user protection: End-user protection or endpoint security is a crucial aspect of cyber-security. After all, it is often an individual (the end-user) who accidentally uploads malware or another form of the cyber threat to their desktop, laptop, or mobile device.
So, how do cyber-security protects end-users and systems? First, cyber-security depends on cryptographic protocols to encrypt emails, files, and other important data. This not only protects information in transit but also guards against loss or theft.
In addition, end-user security software scans computers for pieces of malicious code, quarantines this code, then removes it from the machine. Security programs can even detect and take away malicious code hidden in Master Boot Record (MBR) and are designed to encrypt or wipe data from a computer’s disk drive.
Electronic security protocols also specialize in real-time malware detection. Many use heuristic and behavioral analysis to watch the behavior of a program and its code to defend against viruses or Trojans that change their shape with each execution (polymorphic and metamorphic malware). Security programs can confine potentially malicious programs to a virtual bubble break away a user’s network to research their behavior and find out how to raised detect new infections.
LAWS IN INDIA THAT DEAL WITH CYBER CRIME
There was no specific statute in INDIA that deals with Cyber crime directly. But as day by day cyber crimes are increasing, there arose a need for strict and statutory laws that can regulate malicious activities on the online platform. In this need, for protecting our internet information, the “INFORMATION TECHNOLOGY ACT, 2000” [ITA- 2000] was enacted. The main agenda was to protect the field of e-commerce, e-governance, e-banking, or online private sectors and to punish those criminals who commit these crimes or attack. The above Act was again amended in the form of the IT Amendment Act, 2008 [ITAA-2008] later.
As per the Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules 2013 (the CERT Rules), The Computer Emergency Response Team (CERT-In) was formed as the nodal agency with the responsibility to collect, analysis and investigate the information of cyber-attack cases and also to take emergency steps at that time.
There are a few different rules based on the IT Law that also deal with-
The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 (the SPDI Rules)
The Information Technology (Information Security Practices and Procedures for Protected System) Rules 2018 (the Protected System Rules)
Information Technology (Intermediaries Guidelines) Rules, 2011 (the Intermediaries Guidelines)
There are other laws that have cyber-security related provisions; e.g-
The Indian Penal Code 1860 (IPC)- A few sections of this Act deals with cyber offenses like cheating through online platforms, criminal intimations, online theft of information, or defamation, etc.),
The Companies Management and Administration Rules 2014 (the CAM Rules)-It is drafted under the Companies Act 2013. It regulates companies to ensure that their electronic information as well as their security systems are secured from any kind of unauthorized access or temperament.
Besides these Acts, there are a few sector-specific regulations too. These regulations are issued by different authority Boards like the Reserve Bank of India (RBI), the Insurance Regulatory and Development Authority of India Act 1999 (IRDA), the Department of Telecommunication (DOT) and the Securities Exchange Board of India (SEBI), these ensure the customers as well as companies that their security standard will remain up to mark and will be maintained by their own authorized regulating bodies. They ensure the security in different sectors like different banks, many insurance companies, various telecoms service providers, and the specifically listed entities.
Nowadays the number of people internet usage is increasing like wood- fire. With internet usage, the dark side of this, which is the cyber attacks are also increasing every year. So now cyber-security is one of the biggest needs of the world as cyber-security threats are very dangerous to the country’s security as well as the individuals. We have seen lakhs of people being victimized to tons of, money because of these attacks. Moreover, we have read so many times in the newspaper that the Government system has been hacked or has been attacked! And day by day these are increasing. So, this is the high time to be aware and spread awareness ton prevent Cyber attacks.
1. Swati Shalini, What are the Cyber Laws in India?, MY ADVO (Sep. 02, 2020, 11:19 AM), https://www.myadvo.in/blog/what-is-the-cyber-law-in-india/
2. Margaret Rouse, cyber crime, Tech Target (Sep. 02, 2020, 11:25 AM) https://searchsecurity.techtarget.com/definition/cyber crime
3. Josh Fruhlinger, What is a cyber attack? Recent examples show disturbing trends, CSO(Sep. 02, 2020, 12:05 PM) https://www.csoonline.com/article/3237324/what-is-a-cyber-attack-recent-examples-show-disturbing-trends.html
4.Aprajita Rana and Rohan Bagai, Cyber-security in India, LEXOLOGY (Sep. 02, 2020, 12:35 PM) https://www.lexology.com/library/detail.aspx?g=4cd0bdb1-da7d-4a04-bd9c-30881dd3eadf#:~:text=India%20does%20not%20have%20a,and%20the%20cyber crimes%20associated%20therewith.
5. Vinod Joseph and Deeya Ray, Cyber Crimes Under The IPC And IT Act – An Uneasy Co-Existence, MONDAQ (Sep. 02, 2020, 01:30 PM) https://www.mondaq.com/india/it-and-internet/891738/cyber-crimes-under-the-ipc-and-it-act–an-uneasy-co-existence
If you have any queries regarding this blog, feel free to ASK US