Project Synopsis

(April 2023)
By
Aniruddh Sharma
Submitted to
INDRA GANDHI NATIONAL OPEN UNIVERSITY
(School of Vocational Education and Training)
NEW DELHI

PROJECT TITLE: CYBER ATTACKS.

1
Serial Number Table of Contents Page Number
1 Cover Page 1
2 Student Details 2
3 Performa 03 to 04
4 Certificate of Originality 5
5 Index 6
6 Title of the Project 7
7 Introduction 8
8 AIMS and Objectives 9
9 Project Category 10
10 Research Methodology 11
11 Problem Definition 12
12 Scope of the Solution 13-14
13 Analysis 15
14 Future Scope and Further Enhancement of Solution 16
15 Bibliography and Literature 17-18
16 Literature Survey 19
17 Limitations of Cyber Security in Preventing Cyber Attacks 20

2
 Name: - Aniruddh Sharma
Enrolment Number: - 2107702623
Regional Centre: - RC Delhi 3 (Code 38)
Study Centre: - IGNOU Regional Centre, Delhi 3 (38039)
Program Code: - Master of Sciences – Information Security (MSCIS)
Course Code: - MSEP-038
e-mail: - [email protected]
Mobile: - +91-8447484480

3
 Course Code: MSEP-038
Enrolment No.: 2107702623
Project Proposal Number : ___________
(For office use only) Study Centre: 38039
Regional Centre:3 RC Code:-39
E-mail: [email protected]
Mobile/Tel No.: +91-8447484480

1. Name and Address of the Student:- ANIRUDDH SHARMA

AA-50, SHALIMAR BAGH
DELHI- 110088

2. Title of the Project:- Cyber Attacks

Signature of the Student

Date: 24-APRIL-2023

4
5
……………………….
Signature of the Student
Date: 24th April 2023
Name and Address of the student:-
ANIRUDDH SHARMA

6
 INDEX

(i) Title of the Project.

(ii) Introduction and Objectives of the Project.
(iii) Project Category
(iv) Research Methodology
(v) Scope of the solution.
(vi) Analysis
(vii) Future scope and further enhancement of the project.
(viii) Bibliography and Literature survey
(IX) Limitations of Cyber Security

7
 TITLE OF THE PROJECT

CYBER ATTACKS

8
 Introduction

Any kind of action that can compromise the integrity of information owned by an organization
is deemed as a security attack.

A cyber attack is carried by a hacker to gain access, steal information, restrict access to a
system, this can be done for personal gains or politically and financially motivated.

Any attack which is used to cause harm by exploiting vulnerability in any electronic system is a
cyber attack.

In this project we will discuss and analyse how these attacks are carried out and what are
their consequences, reasons and outcomes.

Cyber Attacks has been the sole reason from almost more than a decade now that the
organizations have been spending mammoth amount of money on protecting and securing
their infrastructure.

9
 AIM AND OBJECTIVES

AIM :- To understand how a cyber-attack pose a threat, how are they carried out, their consequences,
intention behind carrying them out.

Objectives :- The objective behind understanding cyber attacks or how they are carried out is to
ensure that an organization or system is secure and if a attack is carried out then how we can
mitigate against it.

To understand the threats a system which can make it vulnerable.

Learning cybersecurity will strengthen business security and protect customers' data. A strong
cybersecurity system will promote trust and retain customers.

To ensure that we do not fell prey to cyber attacks in case they happen.

It will ensure that we are able to contain threats.

We will be able to keep ourself updated with the new type of cyber attacks and the pattern they follow.

10
 PROJECT CATEGORY

This project comes under the category of Network and Perimeter Security.

Network security is the backbone of any company using internet, it is basically used to protect and
stop the proliferation into your network.

Network security is a crucial aspect of any individual/ organization that is must implement in order to
protect its interests and operate efficiently.

Network security is a continuous practice designed to protect the usability and integrity of your
network and data.
It includes both hardware and software technologies
It targets a variety of threats
It stops them from entering or spreading on your network
Effective network security manages access to the network

Network security encompasses all the steps taken to protect the integrity of a computer network and
the data within it. Network security is important because it keeps sensitive data safe from cyber
attacks and ensures the network is usable and trustworthy

Perimeter Security:-
Perimeter security is the method or process of setting up applications or techniques at the perimeter
of the network to secure data and resources. It is part of the greater security field and has its own
role in active system protection.

Perimeter security comes from a built-in multipurpose system that detects threats,
performs surveillance, and analyzes attack patterns.

11
 Research Methodology

Research methodology is the specific procedures or techniques used to identify, select, process, and
analyse information about a topic. In a research paper, the methodology section allows the reader to
critically evaluate a study’s overall validity and reliability. The methodology section answers two main
questions: How was the data collected or generated? How was it analysed?
• A research can be carried out by understanding how and where cyber attacks were made,
what was the method used, their signatures and pattern :-
• Cyber attacks are carried out using different methods, doing a proper research can help an
organization figure out vulnerabilities.
• We can identify how the attack was carried out..
• We can document a guidelines of do’s and don’t based on it.
• A proper training program can be devised.
• We can carry out attacks in the lab on single or multiple systems
• We can sandbox the attacks. (a sandbox is an isolated environment on a network that mimics
end-user operating environments. Sandboxes are used to safely execute suspicious code
without risking harm to the host device or network.)
• We can try to create different type of attacks to avoid Zero Day Attacks
• We can determine the time and duration of the attack and what was actually impacted.

12
 PROBLEM DEFINITION
With the technology evolving day and night and more and more organization moving to clouds, it
becomes highly critical to safeguard and protect networks, day in and out, hackers, attackers are
trying to exploit the different platforms using different methods to cause harm to an organization
both reputationally and financially, thus increasing their expenditure on security, a large part of an
organizations budget is spent on securing their employees and network from leaving any loopholes.

Thus, it becomes equally important that a Network Infrastructure is made as much secure as possible
and thus arises the need to prepare guidelines and road map for securing the organizations. A proper
plan of action is required and strategies need to be devised.

A lack of focus on cybersecurity can damage your business in a range of ways including:

Economic Costs
Hackers steal, sensitive and confidential documents for money, their block or encrypt personal data
once access is gained.

Reputational Cost
This is can spoil an organizations image just leading to defamation and other consequences, loss of
business, instability in the region.

Regulatory Costs
There are regulations which have been defined and proper guidelines have been issued by various
organizations like European Union (in the form of Group Data Protection Regulation), ISO (ISO 27001),
IT Act 2000, Federal information Security Management Act (FISMA), even the health case industry and
IT laws which are to be followed by companies supporting them.

Loss of Business :-
Since a cybersecurity attack can stall or halt the functioning of a network or organization, this will
lead to loss of business

13
 SCOPE OF THE SOLUTION :-

a) Securing the Data from Hackers :-

By using techniques like Data Loss Prevention, Deep Packet Inspection, Intrusion Prevention Systems,
it becomes easier to secure data, however, this doesn’t implies that we can lower the guards.

b) Reduces System Crash

By carrying out attacks like DDOS, MITM a hacker can cripple important system resources, thus
causing it to slow down or crash, ultimately leading to

c) Decreased data theft

By adding firewalls and other security hardware / software in the network, and implementing higher
level security protocols, such data thefts can be prevented. Protocols like TLS, VPN can safeguard
data over public network. Data thefts can lead to loss in confidence.

d) System Uptime and improved performance :-

A timely updates and maintained system performs at the best and give the maximum throughput with
optimal utilization, data access by legit sources is done

e) Conserve the reputation

Any sudden data theft/ loss or leakage of information can cause chaos for the organization, the most
important thing is how you secure confidential information. Any bad news will have a sever outcome
cause a prolonged damaged to the moral of the company.

f) Assist remote working

While working from locations others than offices, organization have to install and configure strict
prevention measures as all traffic goes through public internet, safeguarding becomes equally
important in those cases.

g) Saves the downfall

A cyber attack can lead to the downfall of any organization, it can come down to the extent of going to
shut down, no market to cater, proper cyber security measures can stop this.

h) Posture is improved
Its gives ease of operation to employees as they know what to access and what not, flexibility makes
employees perform better.

14
i) Proper data management
Losing data at the last minute due to a data breach may take the company to ground level and start all
the work from scratch. To avoid this situation, the organization must constantly monitor its data and
check whether data security regulations are implemented perfectly in the system. Cyber security
training help in managing data and preventing access loss of money and time in the organization.
Because once organizational data is lost or stolen, it takes excessive time and effort to get back on
track.

j) Improves trust in the business

A well secure and precise network can improve investors and stake holders trust in the organization,
this is highly important for proper functioning.

k) Managing viruses and other harmful programs:-

A well shielded system stops the viruses and harmful programs from breaching or moving around the
system.

l) Stopping Ransomware and Malware Attacks

Cyber security shields system from most common type of attacks like Ransomware and Malwares,
both intended to restrict system access.

m) System recovery
An important measure in safeguarding is creating data backup, this is crucial while recovering the
system.

15
 ANALYSIS

It has been analyzed that hackers are becoming smart enough and changing the type of attacks and
its patters, we need to make sure that systems are updated and no vulnerabilities are left, human
error specially is big reason why attacks happen.

All the cyber security principles are grouped under governing, detecting, protecting, and responding
to activity, and these principles are:
• Securing Configuration
• Securing networks
• Defining the type of privileges
• Proper training and guidelines on do’s and don’t
• Actively Monitoring the system and keeping a close eye
• Installing Anti Virus and keeping it updated
• Following proper ITIL framework for Incident handling
• Remote work support
• Blocking plug and play or USB devices
• Although hard but accept security breaches and find RCA
• Load balancing and recovery
• Complete isolation of important resources

16
 FUTURE SCOPE AND FURTHER ENHANCEMENT OF SOLUTION: -

b. Need to widen access

Broader efforts and wide level research and development is required to develop fail safe solutions.
Hackers are changing every day, getting smart, More scope for research and study is required.

2. More users online

With Artificial Intelligence and Machine learning, although systems are becoming smart, however, they
are becoming more vulnerable, ultimately they are machine running the machines, and human
smartness can attack them anytime.

3. Double Barrel Gun with AI and ML

Advancement into AI and ML both are leading to curious users and people ready to experiment,
however, there is a greater risk involved. Both are in the development phase and can cause critical
damage if in the wrong hands

4. Political Aspect and geological barriers

Ones harm is others gain, with no proper laws and loopholes, data sharing is getting tedious, this is a
downside in geo level exchanges

5. Uncertainty over legislations

Law has always remained weak, with lack of evidence and proper investigators, criminal are far from
being investigated.

17
Bibliography and Literature:-
Abbreviation(s) and Synonym:- https://csrc.nist.gov/glossary?keywords-
lg=Cyber+Attacks&sortBy-lg=relevance&ipp-lg=100
https://www.eac.gov/sites/default/files/document_library/files/Glossary_Cybersecurity_Terms%
28v.2.0%29.pdf

Bibilography:-
Abraham, C. and R. R. Sims. 2021. A comprehensive approach to cyber resilience. MIT Sloan
Management Review (Spring): 1-4.
Al-Moshaigeh, A., D. Dickins and J. L. Higgs. 2019. Cybersecurity risks and controls: Is the AICPA's SOC
for cybersecurity a solution? The CPA Journal (June): 36-41.
Alper, A. 2017. What CPAs need to know about New York's new Cybersecurity requirements. The CPA
Journal (June): 58-59.
Amir, E., S. Levi and T. Livne. 2018. Do firms underreport information on cyber-attacks? Evidence from
capital markets. Review of Accounting Studies 23(3): 1177-1206.
Anders, S. B. 2019. Cybersecurity tools for CPAs. The CPA Journal (June): 72-73.
Anders, S. B. 2019. Cybersecurity tools for CPAs. The CPA Journal (August): 70-71.
Anders, S. B. 2020. Cybersecurity resources for a remote workforce. The CPA Journal (July/August):
72-73.
Anders, S. B. 2022. Cybersecurity resources for accounting practices. The CPA
Journal (November/December): 76-77.
Banham, R. 2017. Cybersecurity: A new engagement opportunity. Journal of Accountancy (October):
28-32.
Banham, R. 2017. Cybersecurity threats proliferating for midsize and smaller businesses. Journal of
Accountancy (July): 75, 77, 79, 81, 83.
Barlas, S. 2018. SEC Cybersecurity disclosure guidance dissatisfies some. Strategic Finance (July): 13.
Barlas, S. 2018. SEC Cybersecurity risk reporting guidance. Strategic Finance (May): 13.
Bradford, M., E. Taylor and M. Seymore. 2021. The critical first step to data security: Management
accountants are equipped to apply business performance measurement skills in identifying KPIs for
data security and classification. Strategic Finance (December): 26-33.
Brands, K. 2019. Technology workbook. Get smart about cybersecurity attacks. Strategic
Finance (December): 60-61.
Brands, K. 2021. Technology workbook: Cybersecurity from within. Strategic Finance (May): 60-61.
Brunsman, J. and D. Hudson. 2018. Cyber-related claims without a breach? They're coming. The CPA
Journal (March): 14-15.
Brunsman, J. and D. Hudson. 2019. Should CPA firms be worried about data breach claims?: Hurdles to
establishing standing and demonstrating economic viability. The CPA Journal (March): 16-18.
Butcher, D. 2021. Protecting against cyberattacks. Strategic Finance (September):15-16.
Bwerinofa-Petrozzello, R. 2021. Helping clients before a cyberattack: CPAs play critical roles in
building defenses against breaches, fraud, and other online threats. Journal of
Accountancy (September): 24-25, 27, 29.

18
Bwerinofa-Petrozzello, R. 2021. Helping clients build a cyberattack recovery plan. Journal of
Accountancy (December): 38-40, 42.
Carlin, A. and D. Manson. 2016. Technology workbook: Polytechnic education for the cybersecurity
workforce. Strategic Finance (July): 62-63.
Castelluccio, M. 2017. Technology workbook: Blockchain: A Deloitte report card. Strategic
Finance (September): 55-56.
Castelluccio, M. 2022. Technology workbook: The bitcoin cloud. Strategic Finance (November): 57-58.
Chandra, A. and M. J. Snowe. 2020. A taxonomy of cybercrime: Theory and design. International
Journal of Accounting Information Systems (38): 100467.
Cheong, A., K. Yoon, S. Cho and W. G. No. 2021. Classifying the contents of cybersecurity risk disclosure
through textual analysis and factor analysis. Journal of Information Systems (Summer): 179-194.
Cherry, M., E. J. Imwinkelried, E. Riley, J. Epstein and J. King. 2021. A new approach to finally stop the
hackers. The CPA Journal (October/November): 16-17.
Drew, J. 2012. Managing cybersecurity risks. Journal of Accountancy (August): 44-48.
Drew, J. 2015. Experts warn of cybersecurity 'storm': A knowledge gap and lax practices put client
data at high risk of hacker attacks (second of two parts). Journal of Accountancy (June): 26-32.
Dzinkowski, R. 2016. What's keeping CFOs awake at night in 2016? Companies will face off against some
old foes again this year: Currency and interest rate fluctuations, cybersecurity, geopolitical
instability, and international growing pains. Strategic Finance (January): 40-45.
Dzinkowski, R. 2018. Cyber CFO = The next top finance job? In this new age of digital disruptions,
constant hacking, and other major corporate risks, the chief financial officer has another new role to
play. Strategic Finance (April): 32-37.
Dzinkowski, R. 2019. Cyber risk: Time to elevate the agenda. Strategic Finance (October): 32-37.
Emery, D. and C. Stark. 2019. Technology touchstones for 2020: Increase security and monitor
activity. The CPA Journal (December): 12-13.
Esteves, J., E. Ramalho and G. De Haro. 2017. To improve cybersecurity, think like a hacker. MIT Sloan
Management Review (Spring): 71-77.
Ference, S. B. 2017. Cybersecurity by the numbers. Journal of Accountancy (July): 20-21.
Frank, M. L., J. H. Grenier and J. S. Pyzoha. 2019. How disclosing a prior cyberattack influences the
efficacy of cybersecurity risk management reporting and independent assurance. Journal of
Information Systems (Fall): 183-200.
Gao, L., T. G. Calderon and F. Tang. 2020. Public companies' cybersecurity risk
disclosures. International Journal of Accounting Information Systems (38): 100468.

19
Literature Survey:-

Cyber Attacks have become a common and global phenomenon, it can be correctly said that at the
edge of it is the human race, the more we are getting dependent on Internet and its dependent
systems, the more we are becoming weak, gone are the days of physical wars, its time for cyber and
biological warfare, these are carried out by state factors or personally influenced people either for
revenge or proving their mettle.

Recently the data of many famous people was leaked on dark web and it was openly accepted by
Twitter, at the end the loopholes were found to be the employees using old passwords, not adhering to
the guidelines and following written procedures caused this.

Human behavior is overcome by emotions and that leads to exploitation in financial and reputational
terms. Many dedicated research projects are being.

At an estimated, revenue loss from cyber security is 10.7 trillion Annually. It has become the nuclear
weapon of Internet.

20
 Limitations of Cyber Security in preventing cyber attacks

The Most Common Cybersecurity Weaknesses

So, what are the most common cybersecurity weaknesses faced by businesses?
Cybersecurity professionals should work with business owners to address the following, at minimum:
Lack of a business strategy. Small and medium business are short on revenue and thus
implementing proper strategies is a challenge for them, external teams supporting them do not
completely adhere to those.
Vulnerable networks. An unsecured network is like a bull running towards a red flag, unless
controlled properly, it’s a threat.
Issue with Communication Channels :- All the data these days is shared over teams and Zoom
which work on UDP, which is program not concerned with packet loss, this makes saving and securing
data a challenging task.
Unknown bugs. Bugs with software builds and OS are easily exploitable, even with preventive
measures, they can create weakness in the system.
Outdated systems. Although most software and hardware vendors have migrated or in process,
however, properly sanitizing old ones is really important as that data can also make the system
vulnerable.
Lack of monitoring. Analyzing the traffic and settings alerts is a very important part, any normal
traffic might have hidden virus or data thus monitoring a system becomes highly important.
Multiple Access :- Due to wifi and access points at multiple locations and employees working from
home, network becomes open to attack unless a watched closely.
Human factor :- Close to 90% attacks are due to employees, their training is crucial and important,
for both on roll, contract and third party, after all they are handling your data, your information is at
stake, your systems are at stake.

21
22