Cyberattacks

Subject: Science and tech

Context:

Department of Telecommunications (DoT) has written to all web portals and websites within its ambit to conduct a security audit and submit a compliance certificate.

Concept:

• Most of these attacks are in the nature of DDOS (distributed denial of service), phishing, data exfiltration, remote access tool malware and keylogging.

Phishing

• It is the practice of sending fraudulent communications that appear to come from a reputable source, usually through email.
• The goal is to steal sensitive data like credit card and login information or to install malware on the victim’s machine.

DDOS (distributed denial of service)

• A denial-of-service attack floods systems, servers, or networks with traffic to exhaust resources and bandwidth.
• As a result, the system is unable to fulfill legitimate requests.
• Attackers can also use multiple compromised devices to launch this attack.

Data exfiltration

• Data exfiltration  is the unauthorized transfer of data from a computer.
• The transfer of data can be manual by someone with physical access to the computer or automated, carried out through malware over a network.

Key logging

• Keyloggers are a type of monitoring software designed to record keystrokes made by a user.
• One of the oldest forms of cyber threat, these keystroke loggers record the information type into a website or application and send to back to a third party.