Threat of cyber war
From time to time it is discussed in the media that such a website has been hacked or hackers from China or Pakistan have captured and disabled it for some time. Recently, there was news of the hacking of the website of the ruling party BJP in the country... and it was not long before the UPSC website was also hacked. Such cyber attacks are increasing continuously in India.
What is Cyber Attack?
The phrase 'cyber attack' is used to describe attacks carried out over the Internet in terrorist activities. These include deliberate large-scale disruption of a computer network through means such as a computer virus, especially a personal computer connected to the Internet. A cyber attack can be defined more generally as a computer crime that targets and damages a computer network without harming real-world infrastructure, property, and anyone's life. It is also called hacking.
What is hacking?
Hacking is a process in which the hacker steals the information of another person without his permission. To do this, he hacks the personal information of that person by breaking them. Hacking is considered illegal, but sometimes hacking is also done for good work. Through this, many types of crimes are committed by cyber criminals.
Who is a hacker?
Most of the people have no idea who a hacker is and what he does...how he does it. Actually... when starting hacking, most hackers do it as a hobby, all the time there is no money motive behind it. In the desire to make an identity among other hackers or in the race to tell themselves better than others, they remain here in the greed of hacking. Hacking also starts due to the power of technology in your bus. Although hackers know everything about what is right and what is wrong, yet they are engaged in this work. Due to lack of social acceptance or looking weak due to some reason, youth also step into the field of hacking.
three types of hackers
White Hat Hacker: Hackers falling in this category do good work, that is, they are appointed to protect the people. They are kept by the government or by any organization, they are also known as ethical hackers.
Black Hat Hackers: These hackers are also called crackers. They do illegal work by misusing their efficiency. For example, stealing someone's personal information, hacking someone's account and using those information online to earn money.
Gray hat hackers: This category of hackers are a combination of black and white, which work well for some time and sometimes do illegal work.
What is Phishing?
It has been termed as online forgery in Hindi. Under this, criminals send fake e-mails or messages through phishing, which are similar to a reputable company, your bank, credit card, online shopping. If caution is not taken, then they are sure to fall into the trap. The purpose of these fake e-mails or messages is to steal the Personally Identifiable Information of people. Under this, personal information of a person comes, including name, e-mail. User ID, password, mobile number, address, bank account number, ATM/debit or credit card number and their PIN number and date of birth etc.
What is ransomware?
Ransomware is a type of ransomware software. It is made in such a way that it encrypts all the files on any computer system. It starts demanding ransom as soon as the software encrypts these files and threatens to corrupt all the files on that computer if a certain amount is not paid. After that these files are not accessible to the computer user until he pays the ransom amount. This type of virus can be transmitted by downloading a file from a suspicious location.
National Cyber Security Policy
Recognizing cyber threats, the Government of India released the National Cyber Security Policy in 2013, six years ago, in which key strategies were adopted to protect the country's cyber security infrastructure. These policies include setting up of a 24-hour National Critical Information Protection Center (NCEIPC) to act as a nodal agency for critical information security infrastructure in the country. At present, there is no Joint Working Group on Cyber Security in the country and no autonomous body on Cyber Security has been constituted.
How many types of cyber attacks are there?
Phishing:
This is the most common method of online attack used by hackers. In phishing, the attacker masquerades as a trusted source and sends a malicious email that appears legitimate at first glance. The hacker behind sending such a genuine looking email has the purpose of getting the user's name, password, credit card and other banking details.
An example of a common phishing attack might be an email about the expiration of your social media account password. The email is likely to include a link that seems legitimate at first, but if looked carefully, you may notice some manipulation of its spelling.
Let's say the hacker pretends to be from Instagram and sends password expiry mail. In this case, the URL may contain the name of Instagram as Instagarm/Instagrom/Instagam, etc. Apart from this, there is also a possibility that some such email id may also come - 'instagram@gmail.com', which is not an official Instagram contact.
Smishing:
Smishing is a method of carrying out a phishing attack, most commonly via an SMS. Usually SMS claims that the user has won a lottery and to get the same the user needs to provide his/her details. If you click on such links, the website (which may also appear legitimate) may steal your personal information without your consent. It is important that you read such emails carefully and avoid clicking on seemingly suspicious URLs.
Malware:
It is malicious software, as the name suggests, a software that uses payloads to gain access to the victim's data. This software installs a program that includes various types of malware such as ransomware, spyware, trojans, worms, etc., which are designed to damage the system or network or delete and hijack the system's data.
Ransomware is the most commonly used malware used to steal data. Once malware is installed in the system, it hunts for sensitive information and encrypts it. Then a pop-up message appears on the system asking for ransom. Hackers often threaten to delete the data or sell it online if the victim refuses to pay the ransom. After this, if he pays the requested amount, then there is a possibility of the victim accessing his data again, although there is no guarantee that the hacker will give your data back or delete them from his system.
Denial of Service (DoS): A DoS attack is a brute force attack that aims to throttle the traffic of a system or website and make it offline. Attackers can flood a system or website with excessive traffic or send altered information that triggers a crash, leaving it inaccessible to the rest.
In computer networks Attackers in computer networks can use a Distributed DoS (DDoS) name for DoS attacks. Like DoS, DDoS saturates the bandwidth with excessive traffic from multiple systems connected to the main server thus clogging the network and then bringing it down. The goal of this type of attack is to ensure that the traffic of the victim network or website is reduced or used to target the rest of the network.
Man-in-the-Middle (MITM):
In this the attacker reveals a communication between two parties. These parties can be between two users or one user and one application or one system. The attacker presents himself as one of two entities, making it appear that both legitimate parties are communicating with each other.
The attacker tracks the communication between the two (as if they are sitting in the middle), thus taking access to all the information shared between the two parties. The goal of such attacks is to obtain personal and sensitive information from the victim, which usually includes banking and finance information.
To avoid such attacks, make sure you are connected to a secure internet connection. Visit websites with HTTPS protocol which uses different encryption levels to avoid any kind of spoofing attacks.
SQL Injection and Cross-Site Scripting (XSS):
In a SQL injection attack, the hacker attacks the database of a vulnerable website to obtain sensitive information. The attacker uses malicious code to target the SQL vulnerabilities of any database, thus gaining access to all the data stored in the database for successful implementation.
In the case of an XSS attack, the attacker targets a web application that delivers malicious code to a web browser. The web browser acts as a bridge to execution and the code is injected only when the user visits the attacked website. During such attacks, sensitive information that the user enters on the website can be hijacked without the knowledge of the website or the users.
How to protect yourself from Cyber Attacks?
>> Do not share your sensitive information like email id, password, credit card details etc on forums or websites.
>> Make sure your password is strong and not something that can be easily guessed. For example, avoid using common passwords like your name, date of birth or 12345 for important accounts. Instead, use different character and number combinations.
>>Before clicking on the link, make sure that the website is valid. Check for any spelling mistakes in the message or in the URL.
>> Update your system with the latest software update. These updates are aimed at fixing existing bugs and also improve system security.
>> Keep scanning your system frequently using reliable anti-virus software.
>> Do not open or reply to spam messages and emails.
>> Avoid using open Wi-Fi. These networks are not secure and hackers can easily inject a malicious code to gain access to your data.
>> Use a Virtual Private Network (VPN) that creates a secure tunnel between you and the website
salient features
Creating a secure environment for electronic transactions, building trust and confidence and guiding the actions of stakeholders to protect the cyber world.
A framework has been prepared for comprehensive, collaborative and collective action to deal with cyber security issues at all levels in the country.
The policy recognizes the need for such objectives and strategies that need to be adopted at the national and international level.
The vision and mission of this policy is to make the cyber world safe and resilient for citizens, businesses and governments.
To set the goal of making the nation safe from cyber attacks and plugging the loopholes.
To enhance cooperation and coordination amongst all stakeholders within the country.
Setting objectives and strategies in support of the national cyber security vision and mission.
Frameworks and initiatives have been developed that can be taken forward at the government level, at the sector level and through public-private partnerships.
This will enable national level monitoring of trends such as cyber security compliance, cyber attacks, cyber crime and cyber infrastructure.
Cybercrime is an illegal act, where a computer is used as a means or a target, or both. It can be said that it is a broad concept in which a computer or computer network is used as a means, target or place of criminal activity.
Today, the dangers of cyberspace are no longer imaginary. Incidents such as virtual terrorism, burglary and leaks of information of military and economic importance have proved that many countries in the world may have to bear the brunt of not making adequate arrangements to prevent intrusion into electronic networks of information.
Call it cyber or virtual war, now its threat is real. There is no doubt that the biggest challenge of the future will be cyber warfare. Cyber war means those criminal and terrorist activities conducted through the Internet, through which a person or organization tries to harm the country, the world and the society.
Today, all the operations of information and information are being done through the Internet. In such a situation, the winner will be the one who will be able to break into the enemy's computer network and deal with attacks conducted on the Internet by hackers.
Comments
Post a Comment