Scribd
Upload
25 views8 pages

Cyber Attack

The document discusses phishing attacks and how they can target individuals or organizations. It provides examples of email phishing, spear phishing, and whaling attacks. It also describes how Ubiquiti Network fell victim to a $46.7 million whaling attack and the lessons learned from it about implementing security best practices like multi-factor authentication, access controls, employee training, and monitoring for unusual activity.

Uploaded by

tyagiishika216
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
25 views8 pages

Cyber Attack

The document discusses phishing attacks and how they can target individuals or organizations. It provides examples of email phishing, spear phishing, and whaling attacks. It also describes how Ubiquiti Network fell victim to a $46.7 million whaling attack and the lessons learned from it about implementing security best practices like multi-factor authentication, access controls, employee training, and monitoring for unusual activity.

Uploaded by

tyagiishika216
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Cyber Attack

BY
Ishika Tyagi , ROLL NO. – 23/HIS/27
BA(H) HISTORY , SEM- II
PHISING ATTACK

“Phishing” refers to an attempt to steal sensitive


information, typically in the form of usernames,
passwords, credit card numbers, bank account
information or other important data in order to
utilize or sell the stolen information. By
masquerading as a reputable source with an
enticing request, an attacker lures in the victim in
order to trick them, similarly to how a fisherman
uses bait to catch a fish.
The most common examples of phishing are used
to support other malicious actions, such as on-
path attack and cross-site scripting attacks.
These attacks typically occur via email or instant
message
TYPES OF PHISING ATTACK
Email phishing
Most phishing attacks are sent by email. The crook will register a fake domain that mimics a genuine
organization and sends thousands of generic requests. The fake domain often involves character
substitution, like using ‘r’ and ‘n’ next to each other to create ‘rn’ instead of ‘m’.
Spear phishing
There are two other, more sophisticated, types of phishing involving email.
The first, spear phishing, describes malicious emails sent to a specific person. Criminals who do this will
already have some or all of the following information about the victim:
•Their name, Place of employment ,Job title
•Email address; and
•Specific information about their job role.
Whaling
Whaling attacks are even more targeted, taking aim at senior executives. Although the end goal of
whaling is the same as any other kind of phishing attack, the technique tends to be a lot subtler.
Tricks such as fake links and malicious URLs aren’t helpful in this instance, as criminals are attempting to
imitate senior staff.
Smishing and vishing
With both smishing and vishing, telephones replace emails as the method of communication.
Smishing involves criminals sending text messages (the content of which is much the same as with
email phishing), and vishing involves a telephone conversation.
One of the most common smishing pretexts are messages supposedly from your bank alerting you to
suspicious activity.
Ubiquity Network social engineering attack

In another BEC , A San Jose-based technology company, Ubiquity Network, was


subjected to a whaling attack on June 5, 2015. Impersonating a senior member of the
company, the scammers sent an email to a member of staff in the financial
department of the company’s subsidiaries based in Hong Kong, who fell prey to the
scammers’ scheme. The attackers impersonated the company’s CEO and lawyer and
instructed the company’s Chief Accounting Officer to make a series of transfers to
close a secret acquisition.
Over the course of 17 days, the company made 14 wire transfers to accounts in Russia,
Hungary, China and Poland. The company reported transfers of funds totaling an
estimated $46.7 million that was held by the company’s subsidiary incorporated in
Hong Kong to other overseas accounts. The scheme only came to light after the U.S.
Federal Bureau of Investigation (FBI) contacted Ubiquity to inform them that the
agency suspected that the company had been a victim of fraud.
According to Ubiquiti statement, “this fraud resulted in transfers of funds aggregating
$46.7 million held by a Company subsidiary incorporated in Hong Kong to other
overseas accounts held by third parties. As soon as the Company became aware of this
fraudulent activity it initiated contact with its Hong Kong subsidiary’s bank and promptly
initiated legal proceedings in various foreign jurisdictions. As a result of these efforts, the
Company has recovered $8.1 million of the amounts transferred.”

“The Company may be limited in what information it can disclose due to the
investigation. The Company believed that is an isolated event and does not believe its
technology systems have been compromised or that Company data has been
exposed.”
WAYS TO PREVENT
The FBI’s advisory on these scams urges businesses to adopt two-step or two-factor
authentication for email, where available, and/or to establish other communication
channels — such as telephone calls — to verify significant transactions.
Businesses are also advised to exercise restraint when publishing information about
employee activities on their Web sites or through social media, as attackers perpetrating
these schemes often will try to discover information about when executives at the targeted
organization will be traveling or otherwise out of the office.
Ubiquiti noted that as a result of its investigation, the company and its audit committee and
advisors concluded that its internal control over financial reporting were ineffective due to
one or more material weaknesses, though it didn’t disclose what measures it took to close
those security gaps.
LESSONS LEARNT
1.Invest in robust cybersecurity measures: The attack highlighted the importance of investing
in strong cybersecurity defenses. Companies should regularly update their security systems,
conduct thorough risk assessments, and implement multi-layered security protocols to mitigate
the risk of breaches.
2.Enhance employee training: Employees are often the weakest link in cybersecurity defenses.
Providing comprehensive training on cybersecurity best practices, such as recognizing phishing
attempts and practicing good password hygiene, is crucial in preventing successful
cyberattacks.
3.Implement strict access controls: Limiting access to sensitive systems and data can help
minimize the damage caused by a cyberattack. Implementing strict access controls, including
strong authentication methods and least privilege principles, can reduce the risk of
unauthorized access.
4.Monitor for unusual activity: Early detection of cyber threats is essential for mitigating their
impact. Implementing robust monitoring systems that can detect unusual activity or deviations
from normal behavior can help organizations identify and respond to cyberattacks more
effectively.
Conclusion
Cyber security is a critical aspect of modern business and everyday life. As
demonstrated by various cyberattacks on companies like Ubiquiti and
numerous others, the consequences of insufficient cyber security measures
can be severe, ranging from financial losses and reputational damage to
compromise of sensitive data and disruption of essential services.
Furthermore, given the dynamic nature of cyber threats, continuous vigilance
and adaptation are crucial. Cyber security is not a one-time task but an
ongoing process that requires constant monitoring, evaluation, and
improvement. By staying informed about emerging threats, adopting industry
best practices, and collaborating with cyber security experts and peers,
organizations and individuals can better mitigate risks and safeguard against
cyber attacks

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy