Session #1

Overview of cybersecurity and

cyberattacks including real-life examples of
cyberattacks
PREPARED BY
Chris Kim of CYROBE, LLC

1
Table of Contents
1. What is a Cyberattack?
2. What is a Cybersecurity?
3. Types of Cyberattacks
– 10 most known cyberattacks
4. Real-life examples of cyberattacks

2
1. What is a Cyberattack?
• A cyberattack refers to an attempt to compromise,
Definition disrupt, or damage a computer system, network, or
electronic device using various techniques and methods.
• Cyberattacks are usually carried out by hackers,
cybercriminals, or state-sponsored groups with the aim of
Adversary stealing sensitive data, financial information, or
intellectual property, causing financial harm, or disrupting
critical services.
• A cyberattack targets individuals, businesses, government
Target agencies, or critical infrastructure.
• A cyberattack results in loss of data, financial loss,
Result business, and reputational damage to name a few.
3
1. What is a Cyberattack? (Cyberattack sequence)

4
1. What is a Cyberattack? (Details of cyberattack sequence)

5
2. What is a Cybersecurity?
• Cybersecurity refers to the practice of
protecting computer systems, networks,
electronic devices, and digital information
from unauthorized access, theft, damage, or
disruption.
• The goal of cybersecurity is to ensure the
confidentiality, integrity, and availability of
digital assets, as well as to prevent
cyberattacks and mitigate their impact.
• Cybersecurity measures such as firewalls,
antivirus software, and encryption can help
prevent and mitigate the impact of
cyberattacks.
6
Modelling cybersecurity
3. Types of Cyberattacks 1) Malware Attack
• Malware Attack refers to malicious software
viruses including worms, spyware, Ransomware,
adware, and trojans, etc.
• The trojan virus disguises itself as legitimate
software. Ransomware blocks access to the
network's key components, whereas Spyware is
software that steals all your confidential data
without your knowledge.
• Malware breaches a network through a
vulnerability. When the user clicks a dangerous
link, it downloads an email attachment or when an
infected drive is used.

7
3. Types of Cyberattacks 2) Phishing Attack
• Phishing attacks are one of the most prominent
widespread types of cyberattacks. It is a type of
social engineering attack where in an attacker
impersonates to be a trusted contact and sends
the victim fake mails.
• Unaware of this, the victim opens the mail and
clicks on the malicious link or opens the mail's
attachment. By doing so, attackers gain access to
confidential information and account credentials.
They can also install malware through a phishing
attack.

8
3. Types of Cyberattacks 3) Password Attack
• Password Attack is a form of attack wherein a
hacker cracks your password with various
programs and password cracking tools like
Aircrack, Cain, Abel, John the Ripper, Hashcat, etc.
• There are different types of password attacks like
Password Spraying, brute force attacks, dictionary
attacks, and keylogger attacks.

Password Spraying
9
3. Types of Cyberattacks 4) Man-in- the Middle Attack
• A Man-in-the-Middle Attack (MITM) is also known
as an eavesdropping attack.
• In this attack, an attacker comes in between a two-
party communication, i.e., the attacker hijacks the
session between a client and host. By doing so,
hackers steal and manipulate data.
• The client-server communication has been cut
off, and instead, the communication line goes
through the hacker.

Man-in-the-Middle Attack
10
3. Types of Cyberattacks 5) SQL Injection Attack
• A Structured Query Language (SQL) injection
attack occurs on a database-driven website when
the hacker manipulates a standard SQL query.
• It is carried by injecting a malicious code into a
vulnerable website search box, thereby making
the server reveal crucial information.
• This results in the attacker being able to view, edit,
and delete tables in the databases.
• Attackers can also get administrative rights
through this SQL Injection Attack.

SQL Injection Attack

11
3. Types of Cyberattacks 6) Denial-of-Service Attack
• A Denial-of-Service Attack is a significant threat to
companies.
• Attackers target systems, servers, or networks
and flood them with traffic to exhaust their
resources and bandwidth.
• Catering to the incoming requests becomes
overwhelming for the servers, resulting in the
website it hosts either shut down or slow down.
This leaves the legitimate service requests
unattended.
• Also known as a DDoS (Distributed Denial-of-
Service) attack when attackers use multiple
Denial-of-Service Attack
compromised systems to launch this attack.
12
3. Types of Cyberattacks 7) Insider Treat
• An insider threat does not involve a third party but
an insider. In such a case; it could be an individual
from within the organization who knows
everything about the organization.
• Insider threats have the potential to cause
tremendous damages.
• Insider threats are rampant in small businesses, as
the staff there hold access to multiple accounts
with data.
• Reasons for this form of an attack are many, it can
be greed, malice, or even carelessness. Insider
threats are hard to predict and hence tricky.
Insider Threat
13
3. Types of Cyberattacks 8) Cryptojacking
• Cryptojacking is closely related to cryptocurrency.
Cryptojacking takes place when attackers access
someone else’s computer for mining
cryptocurrency.
• The access is gained by infecting a website or
manipulating the victim to click on a malicious link.
• Attackers also use online ads with JavaScript code
for this.
• Victims are unaware of this as the Crypto mining
code works in the background; a delay in the
Cryptojacking execution is the only sign they might witness.

14
3. Types of Cyberattacks 9) Zero-Day Exploit
• A Zero-Day Exploit happens after the
announcement of a network vulnerability; there is
no solution for the vulnerability in most cases.
Hence the vendor notifies the vulnerability so that
the users are aware; however, this news also
reaches the attackers.
• The vendor or the developer could take any
amount of time to fix the issue.
• Meanwhile, the attackers target the disclosed
vulnerability. They make sure to exploit the
vulnerability even before a patch or solution is
implemented for it.
Zero-Day Exploit
15
3. Types of Cyberattacks 10) Watering Hole Attack
• The attacker targets websites which are frequently
used by the targeted group. Websites are
identified either by closely monitoring the group
or by guessing.
• Attackers infect these websites with malware,
which infects the victims' systems.
• The malware in such an attack targets the user's
personal information. Here, it is also possible for
the hacker to take remote access to the infected
computer.

Watering Hole Attack

16
4. Real-life Examples of cyberattacks
• Business: Business Social Media Site
• When: June 2021
• Type of Attack: Zero-Day
• Damage:
➢ Affected 700 million users
➢ More than 90 percent of LinkedIn’s user base.
A criminal group scraped data by exploiting the
site’s API. Since then, the group has publicly
released a data set of around 500 million users
while threatening to sell the full set of
LinkedIn Zero-Day Attack
data(profiles, emails, phone numbers, etc)
related to all 700 million exploited accounts.17
4. Real-life Examples of cyberattacks
• Business: Wireless data communication and wired
products (router & switch)
• When: June 2015
• Type of Attack: Phishing Email
• Damage:
➢ Employee impersonation and fraudulent requests
from an outside entity targeting the Company’s
finance department.
➢ Resulted in transfers of funds aggregating $46.7M
held by a Company subsidiary incorporated in
Phishing Email (Spoofing)
Hong Kong to other overseas accounts held by
third parties. 18