NHÓM 8:

• Nguyễn Văn Dũng

• Nguyễn Quang Trường
• Trần Đại Nghĩa
• Phạm Duy Niên
• Trần Thị Ánh Hồng

CYBER ATTACK
 By February 2021 years there were more than
4.7 internet users

The average internet user spends 6 hours 43

minutes online every day.

By February 2021, there are more than 1.83

billion websites on the Internet.

E-commerce sales are expected to reach revenue of 4.9

million dollars by 2021.
The above statistics show that the internet is becoming
more popular and extremely important to people around
the world
And since then cyber attacks have become a very
worrying problem:
 January 2014 in South Korea’s banks, data of 100
million credit cards was stolen by hackers

In 2015, the social dating network tinder was riddled with

4 million user information, and 2016 second attack affected
100 times more when 400 million people information used
by cable.

In 2014, Russian hackers rated more than 1.2

billion login information from 420000 wedsite
worldwide.
 So what is cyber-attack?

Cyber-attacks are all forms of unauthorized access to a computer

system, website, database, network infrastructure, equipment
adopted by an individual or organization internet for illegal
purposes
What is hacker?
 A hacker is an individual who uses
computer, networking or other skills to
overcome a technical problem. The term
hacker may refer to anyone with technical
skills, but it often refers to a person who uses
his or her abilities to gain unauthorized
access to systems or networks in order to
commit crimes. A hacker may, for example,
steal information to hurt people via identity
theft, damage or bring down systems and,
often, hold those systems hostage to collect
ransom.

The term hacker has historically been a

divisive one, sometimes being used as a term
of admiration for an individual who exhibits
a high degree of skill, as well as creativity in
his or her approach to technical problems.
However, the term is more commonly
applied to an individual who uses this skill
for illegal or unethical purposes.
Subject attacked by
hacker.
Subjects attacked can be individuals,
businesses, organizations or the state.
Hackers will reach out through the
internal network (including computers,
devices, people). In the human element,
hackers can reach them through mobile
devices, social networks, and software
applications.
What is the purpose of a cyber
attack?
 1. Steal/Leak Information
One of the most common reasons for hackers to hack
is to steal or leak information. This could be data and
information about your customers, your internal
employees or even private data specific to your
business. These are cases where hackers typically go
after big targets in order to get the most attention.

2. Disrupt Services
Hackers have successfully taken down many
services by creating bots that overwhelm a server
with traffic, thus, leading to a crash.
3. Make a Point
The hackers who fall into this category are
very interesting. They don't care about money
or data. They seem to feel that they have a
higher purpose in life. They want to steal
information or disrupt your network in order to
make a point.

4. Money
Hackers not only hack businesses and ask for ransom but
they also try hacking into regular user accounts and try to
take advantage of things like online banking, online
retail, etc. where financial transactions are involved.
What is a Network Attack?

A network attack is an attempt to gain unauthorized access to an organization’s

network, with the objective of stealing data or perform other malicious activity.
There are two main types of network attacks:
• Passive: Attackers gain access to a network and can monitor or steal sensitive
information, but without making any change to the data, leaving it intact.
• Active: Attackers not only gain unauthorized access but also modify data, either
deleting, encrypting or otherwise harming it
 COMMON TYPES OF CYBER ATTACKS TODAY

Malware attack Phishing attack Man-in-the-Middle attack

SQL injection Zero day attack

 Malware Attack
• A malware attack is when a
cybercriminal installs hidden
malware on someone else's
device to steal personal
information or damage the
device.
• Some common malware is
Viruses, Worms, Trojans,
Ransomware,….
 Malware identification markers

• The computer runs slowly, the

processing speed of the
operating system decreases
• You are annoyed by pop-up
ads, more specifically Adware
• Hard drive capacity decreased
abnormally
• You receive a ransom
notification from Malware,
otherwise your data will be
deleted
 How to prevent malware

• Install anti-virus software

• Keep your software up to date
• Download only reliable software
• Do not click on strange links
 Phishing attack
• Phishing is a social engineering security attack that
attempts to trick targets into divulging sensitive
valuable information
• Common types of phishing attacks :
Email phishing
Spear phishing
Whaling
Smishing and vishing
Angler phishing
 Phishing techniques
• The attackers use a number of ways to defraud targets including email,
social media, instant messaging, texting, and infected websites. Sometimes
every possible way
• Some fake techniques :Website Spoofing, Link Spoofing, Malicious and
Covert Redirects…

How to Prevent Phishing Attacks

• Filter on Malicious URLs
• Filter Suspicious Attachments
• Install firewalls
• change your password regularly
• Don’t give your information to an unsecured site
Man-in-the-Middle attack
 Man-in-the-middle (MitM) attacks, also known
as eavesdropping attacks, occur when attackers
insert themselves into a two-party transaction.
Once the attackers interrupt the traffic, they can
filter and steal data.

 Two common points of entry for MitM attacks:

•1. On unsecure public Wi-Fi, attackers can insert
themselves between a visitor’s device and the
network. Without knowing, the visitor passes all
information through the attacker.
•2. Once malware has breached a device, an
attacker can install software to process all of the
victim’s information.
Suppose that Alice wants to contact Bob. Meanwhile, Mallory wants to
intercept the conversation so that he can eavesdrop and possibly send false
messages to Bob.
First, Alice asks Bob about her public key. If Bob sends his public key to Alice,
but Mallory can intercept it, an attack in between can begin. Mallory sends a
fake message to Alice impersonating that it came from Bob, but it is actually
Mallory's public key.
Alice, believing this public key belongs to Bob, encrypts her message with
Mallory's key and sends the encrypted message back to Bob. Mallory once
again intercepts, decrypts the message using her private key, can change it if
she wants, and re-encrypts it with the public key Bob sent Alice. When Bob
receives the newly encrypted information, he believes it came from Alice.
How does Man in the middle work?
There are 4 methods : • Sniffing
• Packet Injection
• Troubleshoting session
• Remove SSL
How do you prevent man-in-the-
middle attacks?
 Don't click malicious links or emails
 Don't download pirated content
 Secure your home / work network
 Have appropriate security tools installed on
your system
 DO NOT purchase or send sensitive data on
public Wi-Fi networks.
 SQL injection

- A Structured Query Language (SQL) injection occurs when an attacker

inserts malicious code into a server that uses SQL and forces the server
to reveal information it normally would not. An attacker could carry out
a SQL injection simply by submitting malicious code into a vulnerable
website search box.

- Consequently, it is possible to exploit data from the database,

destroy the database, or cause security holes: you can login without a
username and password, remote execution ... The tool used to attack
is a program. browse any web.
Ways of attack ?

There are 3 most common types of attacks

 SQL Injection Based on 1=1 is Always True
 SQL Injection Based on ""="" is Always True
 SQL Injection Based on Batched SQL Statements

How do you prevent sql injection attacks?

To protect a site from SQL Injection attacks, SQL Parameters can be used. SQL
Parameters are values added to the SQL query at execution time, in a controlled
manner. These parameters are represented as @ 0, @ 1, @ 2, ... as a pre-supported
library.
 What is zero-day?
• Zero-day vulnerability is an undetected software or hardware vulnerability.
They exist in many environments such as websites, mobile applications,
corporate network systems, software - computer hardware, IoT devices,
cloud, etc.
• The difference between a conventional security vulnerability and a zero-
day vulnerability is that: Zero-day vulnerabilities are unknown by the object
that owns or supplies the product that contains the vulnerability.
• In computer security terminology, the date when the vendor of the
product that contains the vulnerability knows of the vulnerability's
existence is called "day 0". That is why the term Zero-day (0-day)
vulnerability came into being.
• Normally, immediately after discovering the 0-day vulnerability, the
product supplier will release a security patch for this vulnerability for better
security of users. In reality, however, users seldom update a new version of
the software immediately. That makes Zero-day known as very dangerous
vulnerabilities, which can cause serious harm to businesses and users.Once
publicly available, the 0-day vulnerability becomes a n-day vulnerability.
• An attack that exploits a zero-day exploit is called a zero-day exploit or a
zero-day attack.
How does the zero-day market work?
There are three main segments in the
Zero-day detection and supply market.

 Black market: where black hat hackers buy,

sell or exchange information about
vulnerabilities and Zero-day exploit codes
 White market: includes bug bounty programsDangerous so, Zero-day is not a
major concern to the majority of users, it is a threat to the software / service
provider.
 Gray market: where security researchers sell Zero-day exploit code to the
military or intelligence agencies for national security operations, or spy
programs.
 Monitor your code data

Enforce a least-privilege model

HOW TO DEFEND AGAINST

Update software and security
ZERO-DAY ATTACKS
Back up critical systems and establish
recovery and incident response plans

Enforce software/internet use policies

and train users to identify security risks
1. Buffer overflow
• A buffer attack occurs when hackers send more data to an application than expected.
The result of a buffer attack is that hackers attack the system administrator on
Command Prompt or Shell.

2. Password attack
For password attacks, the hacker will try to "crack" passwords stored on the network
system account database or password protected files.
• Password attacks are of three main categories: dictionary attacks, brute-force attacks,
and hybrid attacks.
3. Hijack attack
• In hacker attacks, hackers gain control and disconnect a conversation between you
and another person.
 In addition, there are many other types
of cyber attacks such as: Supply chain
attack, Email attack, Human attack,
Intra-organization attack, etc.

 Each form of attack has its own

characteristics, and they evolve
to be more complex and
sophisticated, requiring
individuals and organizations to
constantly be alert and updated
with new defense technologies.
SOME QUESTIONS ABOUT
CYBER ATTACKS
 In the answers below, where is not the
method to prevent SQL injection attack ?

A Restricts the user's access to the database

Report all errors to the user B

C Do not use strings addition to create databases

Regular database improvement D

How many major segments are there in the zero-day
discovery and supply market?

A. 1 B. 2 C. 3