Abstract
The umbrella of Cyberspace has covered the human race in its entirety. Now the population around the world cannot imagine their life without online transactions, social media, online banking systems, cloud computing and web portals. A threat of human attack can be avoided to a certain extent but a threat of cyber-attack due to its anonymous nature often goes unregulated. Multinational companies, Banks, Government sites, and other sensitive infrastructures which rely on Network Computing Technologies often become prey of cyber-attacks. This paper discusses past incidents of cyber-attacks which shook the whole country and showed doors of new vulnerabilities.
With the advancement of technology, there is a parallel evolution of cyber-attacks. WannaCry, Petya Ransomware, Cyber espionage and Zombie attacks are the few examples of new-age cyber-attacks. Poorly defined cyber-attacks encourage perpetrators to fearlessly commit cyber-attacks. Lack of cyber deterrence is one of the contributing factors in the recurring nature of cyber-attacks. Cyber-attacks have become rampant around the world especially in India as there are few or negligible legal consequences nationally and internationally. The pathetic condition of the computer systems in cyberspace in India calls for an immediate solution from the legislature. The purpose of this paper is threefold, first is to present a detailed study of a wide range of cyber-attacks. Second is to propose a list of precautionary measures to prevent upcoming cyber-attacks. The third is to provide a simplified solution to the affected parties of cyber-attacks.
INTRODUCTION
The Internet is now a basic amenity in everybody’s life. From social media to booking a bus ticket, the internet is acting as a medium for almost everything. As it is said that “With great powers comes great responsibility”, same goes with the technology. Narendra Modi‘s motto “Digital India” has made the whole country digitised by encouraging and inviting various cloud computing and mobile applications but the question of cybersecurity on these platforms still exist. In the past few years, India has witnessed many cyber-attacks like a ransomware attack, cyber espionage, malware attack, man-in middle attack and DOS attack.
Cyber-attacks are very different from that of conventional crimes as they are committed in virtual space. After comparing the conventional crimes with the new age cyber-attacks, one can easily deduce that due to the anonymous nature of the cyber-attacks the predators don’t get caught easily. Also, these Cyber-attacks are of global nature and these perpetrators are not bound to a particular area.
Data is the most critical element of any industry. This data involves both the personal and the sensitive information of users and industries respectively. Multinational companies, Banks, Government sites, and other critical infrastructures load most of their information online. If the attackers got access to this data both the reputation and market of the industry will be affected. The rate of vulnerability is directly proportional to the data being shared online.
India was ranked among the top five countries to be affected by cybercrime, according to a 22 October report by an online security firm ”Symantec Corp”.[1] In this paper, we analyse some of the known cyber-attacks that are happened in past in India and other cybercrimes that can potentially happen.
MAJOR TYPES OF CYBER-ATTACKS
- Ransomware Attacks
A study was conducted on 10 countries related to ransomware attacks by an endpoint security provider ‘Sophos’. This report reveals that in 2017, 67% of the Indian organisations were hit by ransomware[2]. In the Ransomware attack, Perpetrator uses the pernicious software to gain unauthorized access of the target computer, by exploiting its vulnerabilities. Perpetrator searches for crucial files in the system, then he encrypts or transforms these file by using complex algorithms in such a way that it becomes inaccessible to the user. The attacker then usually sends a notification to the company, as to how much ransom the company has to pay to get their data back. Files are kept locked and are made inaccessible until the user agrees to pay the ransom.[3]
WannaCry ransomware attack was first reported on 12th May 2017.[4] WannaCry is a new type of ransomware attack that infects the window computers. The Perpetrator encrypts the files present in the PC’s hard drive which makes it impossible for users to access. After which they blackmail the victim by demanding a ransom amount in bitcoins to decrypt the files.[5]
According to Symantec report 2017, India is 3rd most affected country from ransomware and this report shows that India was ranked 6th most affected country due to Petya ransomware attacks.[6] Petya ransomware attack was first reported on 27th June 2017.[7] Petya belongs to the family of ransomware that works by changing the Window’s system’s Master Boot Record (MBR). Due to such modification, the system goes down. When the user tries to reboot their PC, the modified MBR blocks the window to load. The computer screen exhibits an ASCII random note demanding the extortion money in Bitcoin from the user to get the decryption key.[8]
Prevention:
- Big corporations should find the vulnerabilities in the system and patch it accordingly. Users should update their system regularly so that the vulnerabilities can be checked and bugs can be fixed.
- Small Companies and Home Users should use a firewall to keep a check on the intruders and should use antivirus software to protect the system from any malicious activity. All the software should be updated timely, in order to ensure the safety of the computer system.
- Instead of giving the ransom to the attacker, the victim should contact law enforcement agencies.
- Start-ups, small companies and local small businesses to multinational companies should educate their employees about the ransomware attack and how they can protect their crucial files from being stolen.[9]
- Denial of service Attack (DOS Attack)
In DOS attack the perpetrator doesn’t need to break into the system and take unauthorized access of the target computer. Perpetrator sends huge number of packets of information to the target server so that the server becomes unable to respond to the requests. The server is completely blocked by the Perpetrator due to overloading of information, preventing it to respond the user’s requests.[10]
- (Distributed Denial of service Attack ) DDOS
In a DDOS attack, the attacker seeks to disable the target by simultaneously targeting from a large number of source computers. An individual control all these computers by preloading them with malicious codes like virus, worms and trojan horses. These contaminated computers are referred by different names like “zombies’, slaves, ’bots’’ etc. depending on the type of attack.[11]The the controller then instructs the infected computers to engage in the DOS attack.[12]Infected computers attack the target server by generating many requests, finally disabling the target server to respond to the actual requests.
- Zombie attack
A large number of infected computers referred to as ‘’zombies” are controlled by the attacker. Zombies then generate a flood of requests to the target server. Target servers then try to filter out the useless requests but due to the diverse nature of systems, it is unable to do so.[13]
Prevention from DOS attack
- Checking for vulnerabilities regularly is very crucial to prevent DOS attack. Companies should apply patches when vulnerabilities occur and users should update their system when new patches are announced.
- The firewall should be used by users and the owners of companies to catch spoof source addresses.
- Email attachments should be scanned thoroughly for malicious codes.[14]
- Malware Attack
This attack is also known as malicious software attack, where the user’s computer system or mobile devices are affected by exploiting the vulnerabilities of the system. This attack is a major threat to the security of information in the computer system. There are various types of malwares including virus, worms, trojan, etc. Using the malware, the perpetrator can have access to sensitive information like contact information, bank details etc. Malwares can be spread through various ways like external storage, internet etc. but most of the malwares are spread through the internet as it used very frequently.[15] India is ranked second where the number of malwares detected in mobile phones is concerned.[16]
There are various ways through which malwares can spread in Computer Systems[17]:-
1) USB Thumb Drives:- Thumb Drives can be used to propagate malwares into a computer system. This process uses the AutoRun feature to spread the malware in the entire system and is activated as soon as the operating system processes the USB device.
2) Web Browsing:- This is the most common method of spreading malware, where the malware propagates into a system through internet surfing. Malware can be present in various files which are downloaded from the internet such as unwanted software, malicious word files or pdfs, fake software etc.
3) Email Spear Phishing:- Email Spear Phishing is a method to perform malware attack on organizations seeking unauthorized access to sensitive information. This is an email spoofing fraud attempt, where the perpetrator performs the attack to get financial gain, military information and trade secret. The perpetrator sends phishing messages that are appeared to be coming from well-known and authentic sources such as PayPal or eBay.
Types of Malwares[18]
1) Adware:
This is a software that shows banner advertisements, every time when the program starts running. Thus, causing inconvenience for the user to use the program.
2) Backdoor:
This is a program which installs itself in such a manner that all the infected computers can be accessed and controlled from a remote location.
3) Browser Hijacker:
This term includes many malware software which is generally used to change your internet explorer settings. This is an external code which is responsible for changing the browser settings.
4) Grey ware:
This type of malware takes advantage of user out of his needs. User downloads the softwares which is considered as useful in some instances, but this software also contains components that have malicious or annoying contexts.
5) Hoax:
This is the most interesting software which alerts about malicious activity but later turns out to be a false alarm.
6) Rootkit
This is a software which cleverly hide the files, registry entries, running processes and other type of data. Now, the victim is unable to find his data on his system.
7) Smishing
This term is derived from “Phishing” + “SMS” which means phishing through SMS using cellular or mobile devices.
8) Spyware
This is a program which collects information about a user or an organization without the consent of that entity. The victim is not aware of the fact that someone is stealing his information.
9) Trojan
It is also known as Trojan Horse. This is a malicious computer program which tricks the user to install/use it. After the user installs it, the perpetrator has access to all the sensitive information of that user such as banking information, personal identity, passwords etc.
10) Virus
As the name suggest, this program is designed in such a way that it can multiply itself and can propagate from one file to another by linking itself to program files.
11) Worm
This is a malware program that replicate itself so that it can spread to other computers. This type of malware spread itself using a computer network. Worms corrupt or modify the system files on a targeted computer.
Prevention:
- Always install antivirus software and keep it up to date.
- Regularly run antivirus scan in order to detect malicious activity in the system.
- Use the latest operating system whether it is Windows, Unix etc. as the developer fix the bugs and security leaks.
- Always put a password on your Wifi as most of the attacks are performed on the network.
- Never open any email attachment from an unknown source. Don’t click on a link in an email, which is from an unsolicited source.
- Never use an open Wifi as it can be a malicious network.
- Always back up your files on a separate storage device so that in a worst scenario even if your system is attacked by the perpetrator, all the data can be still accessed.
- Always use a strong password so that no one can guess it.
- Man-in-the-middle(MitM) Attack
These attacks are done by the perpetrator, by inserting themselves in between the communication of client and server. Most common method of performing MitM attacks is “Session Hijacking” wherethe perpetrator hijacks the session between client and server, by making the server believe that he is a trusted client. Another way of performing a MitM attack is through “IP spoofing” where the perpetrator convince the system that it is communicating to a trusted entity.
Prevention: Encryption and Digital Certificates can be used to safeguard the system from such attacks, as it assures both confidentiality and integrity of communication.[19]
- Phishing and Spear Phishing Attack
Phishing attacks are done by sending fake emails to the victim, which looks so authentic that the user ends up giving his personal information to the perpetrator. Also, these emails can have malware in their attachment which can be loaded into your system
Spear Phishing Attack is more specific as perpetrator first study the target and then create a message which is so relevant that it is very hard to identify. Also, these attacks can be performed by making a clone website and fooling the user to enter his personal information.
Preventions:
1) Take your cursor over the link just to see the actual U.R.L
2) Do not share your email id at unknown platforms.[20]
- Drive-by attack
This is a very common attack through which malware can be installed into a system. Perpetrator finds an insecure website and inserts malicious code into HTTP pages. Now, whosoever visits this site will become the victim of such perpetrator. Now your data and your applications are under the control of the perpetrator.
Preventions
1) Always update your browser.
2) Don’t visit unknown sites as those websites can have malware.
file:///C:/Users/Lenovo/Downloads/DbD_01-03-2017-IJISP-APA-Proofread-Final.pdf
- Cyber Espionage
“Cyber-espionage is defined as the intentional use of computers or digital communications activities in an effort to gain access to sensitive information about an adversary or competitor for the purpose of gaining an advantage or selling the sensitive information for monetary reward.”[21] The attackers generally do not disturb the information of the computer network so that they get undetected by the user.
160. Kevin G. Coleman, Cyber Espionage Targets Sensitive Data, SIP TRUNKING (Dec. 29, 2008),http://siptrunking.tmcnet.com/topics/security/articles/47927-cyber-espionage-targetssensitive-data.htm.
Attackers of the foreign territory are difficult to prosecute as the attacks are conducted from the home country of the attacker. The states generally does not agree for their spies to be prosecuted under the foreign jurisdiction(jurisdiction of the offended state).
Prevention :( when attacker belongs to other territory)
- System probing- involves finding the vulnerabilities and valuable intelligence without causing any damage to the systems.
- The incursion into sensitive systems[22]
SUGGESTIONS
- The provisions under the IT Act, 2000 for cyber-attacks such as 43-A, 72A and other sections of IT Act, 2000 prescribe the punishment along with the fine for such crimes. But if the fine is compared to the loss suffered then it is very meagre. The compensation given should be proportional to the damages suffered.
- It is important to understand that domestic laws alone cannot combat the problem of cyber-attacks. Unfortunately in India, there is only one section that talks about extra-territorial jurisdiction. The Indian legislators should amend the existing laws and make new laws to enforce them on the non-state actors (global enforcement) as well. In the case of Cross-national cyber-attacks and cyberwars, international treaty related to the cyber-attacks should be made with three main features: (1) For the easy criminal prosecution of the cyber attackers across territorial boundaries, (2) Easy evidence collection, (3) Defining the terms like cyberwar and cyber-attack so that no defence can be taken by the attackers.[23]
- Several sections under IT Act, 2000 talks about punishments and fine, if someone commit cybercrime. Section 43 A of IT Act, 2000 discusses about the “Penalty and Compensation for damage to Computer, Computer System, etc. Section 72 of IT Act, 2000 talks about “Penalty for breach of confidentiality and privacy”. Section 72A of IT Act, 2000 talks about “ Punishment for disclosure of information in breach of lawful contract”. There are no sound laws to deal with such complicated and advanced cybercrimes such as Man in Middle Attack, Petya Ransomware Attack etc.
- All the Cyber Cells should be equipped with latest technology and devices in order to trace the perpetrator.
- Judges should be tech savvy and should be well acquainted with the information related to the technological crimes.
- Conclusion
The prodigious growth in technology and particularly in the internet technology have bought a revolution in the cyberworld. On one hand the technology is evolving and on the other hands perpetrators are becoming more intelligent. Cyber-attackers are so advance and hi-tech equipped that they can find vulnerabilities in almost any security system. After finding such vulnerabilities, the perpetrator exploit it and access the sensitive and personal information of the victim. The techniques which such attackers use are so advanced that it is very difficult to trace them down. Cyber-attacks are of global nature and these perpetrator are not bound to particular area. Even if the attacker’s location is traced jurisdictional issues arise as the perpetrators are present in their home country and attack was performed on different Country. To avoid such issues India have entered into various bilateral agreements like cyber agreement with Russia and a framework agreement with the U.S. The Prime Minister of our Country Mr. Narendra Modi is also making efforts to engage our country in various bilateral agreements such as Mr. Modi have visited Israel to sign Indo-Israel cyber framework. These bilateral Agreement have very limited scope therefore, our country need a multilateral treaty which will harmonize its laws and will deal with cybercrime at global level.
This paper have highlighted many instances where Indian Organizations are repeatedly attacked and its data is ceased until the ransom is paid to the perpetrator. This shows pathetic condition of our country and such situation reflects that the Indian organization’s security system is poorly equipped. Also, there is scarcity of sound laws which make our legal system inefficient and poor to deal with such matter. Law should also evolve with the development in technology. There are various types of cyber-attacks which are so complicated and advanced that it is almost impossible to catch the perpetrator such as Ransomware Attack, Man in the Middle Attack, Zombie Attack etc. Authors have discussed these cyber-attacks and the ways they are performed. Also, the authors has given certain precautionary measures for each cyber-attack. The authors have concluded their research by providing some solutions regarding the issues related to cyber-attacks.
[1] Dr VK Saraswat, Cyber Security, available at https://niti.gov.in/writereaddata/files/document_publication/CyberSecurityConclaveAtVigyanBhavanDelhi_1.pdf (last visited 11 April, 2019).
[2] SOPHOS, THE STATE OF ENDPOINT SECURITY TODAY, available at https://www.sophos.com/en-us/medialibrary/Gated-Assets/white-papers/endpoint-survey-report.pdf (last visited 11 April, 2019).
[3] Dr. Xin Luo Ph.D. and MBA & MSIS & Dr. Qinyu Liao PhD, Awareness Education as the Key to Ransomware Prevention, INFORMATION SYSTEMS SECURITY, 16:4, 195-202 (2007).
[4] https://www.cert-in.org.in/s2cMainServlet?pageid=PRESSLIST
[5] CERT, THE PETYA CYBER ATTACK, available at http://certmu.govmu.org/English/Documents/White%20Papers/PETYA%20CYBER%20ATTACK%20-%20CERTMU%20WHITEPAPER.pdf (last visited 11 April, 2019).
[6] SYMANTEC, INTERNET SECURITY THREAT REPORT RANSOMWARE 2018, available at https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-ransomware-2017-en.pdf (last visited 11 April, 2019).
[7] https://www.cert-in.org.in/s2cMainServlet?pageid=PRESSLIST
[8] CERT, THE PETYA CYBER ATTACK, available at http://cert-mu.govmu.org/English/Documents/White%20Papers/PETYA%20CYBER%20ATTACK%20-%20CERTMU%20WHITEPAPER.pdf (last visited 11 April, 2019).
[9] Dr. Xin Luo Ph.D. and MBA & MSIS & Dr. Qinyu Liao PhD, Awareness Education as the Key to Ransomware Prevention, INFORMATION SYSTEMS SECURITY, 16:4, 195-202 (2007).
[10] Joshua McLaurin, Making Cyberspace Safe for Democracy: The Challenge Posed by Denial-of-Service Attacks, 30 YALE L. & POL’Y REV. 211 (2011).
[11] Jennifer A. Chandler, Security in Cyberspace: Combatting Distributed Denial of Service Attacks, 1 U. OTTAWA L. & TECH. J. 231 (2003-2004).
[12] Joshua McLaurin, Making Cyberspace Safe for Democracy: The Challenge Posed by Denial-of-Service Attacks, 30 YALE L. & POL’Y REV. 211 (2011).
[13] Joshua McLaurin, Making Cyberspace Safe for Democracy: The Challenge Posed by Denial-of-Service Attacks, 30 YALE L. & POL’Y REV. 211 (2011).
[14] Jennifer A. Chandler, Security in Cyberspace: Combatting Distributed Denial of Service Attacks, 1 U. OTTAWA L. & TECH. J. 231 (2003-2004).
[15] Aru Okereke Eze and Chiaghana Chukwunonso E., Malware Analysis and Mitigation in Information Preservation, 20 IOSR-JCE 53, 53-62 (2018).
[16] India Ranks 3rd among Nations Facing Most Cyber Threats: Symantec, THE ECONOMIC TIMES, https://economictimes.indiatimes.com/tech/internet/india-ranks-3rd-among-nations-facing-most-cyber-threats-symantec/articleshow/63616106.cms (last visited 11 April, 2019).
[17] Aru Okereke Eze and Chiaghana Chukwunonso E., Malware Analysis and Mitigation in Information Preservation, 20 IOSR-JCE 53, 53-62 (2018).
[18] Samanvay Gupta, Types of Malware and its Analysis, 4 IJSER (2013).
[19] Jeff Melnick, Top 10 Most Common Types of Cyber Attacks, NETWRIX, https://blog.netwrix.com/2018/05/15/top-10-most-common-types-of-cyber-attacks/ (last visited 11 April, 2019).
[20]Robin Gonzalez and Michael E. Locasto, An interdiscplinary study of phishing and spear-phishing attacks, https://cups.cs.cmu.edu/soups/2015/papers/eduGonzales.pdf (last visited 11 April, 2019).
[21] Kevin G. Coleman, Cyber Espionage Targets Sensitive Data, SIP TRUNKING (Dec. 29, 2008),http://siptrunking.tmcnet.com/topics/security/articles/47927-cyber-espionage-targetssensitive-data.htm.
[22] Joshua McLaurin, Making Cyberspace Safe for Democracy: The Challenge Posed by Denial-of-Service Attacks, 30 YALE L. & POL’Y REV. 211 (2011).
[23] Oona A. Hathaway et al., The Law of Cyber-Attack, 100 CALIF. L. REV. 817 (2012).