CYBER

01/ 30

THREATS
PRESENTED BY
ALIZA VAHIDY 24L-3033
FATIMA ASIF 24L-3075
SYED SAAD ALI 24L-2549
ABDULLAH RASHEED 24L-3002
MUHAMMAD HUZAIFA 24L-3019
 WHAT ARE 02/ 30

CYBER THREATS
Cyberthreats are dangers or
harmful activities that happen
online using computers, the
internet, or other digital devices.
These threats aim to steal
information, damage systems,
or disrupt normal operations.
03/ 30
 09/ 15

❑ Phishing Emails:
Fake emails pretending to be from
your bank or a friend, asking you to

EXAMPLES OF
click a link or share personal details.
❑ Viruses and Malware:
Harmful programs that can slow

CYBERTHREATS
down your computer, delete files, or
spy on your activities.
❑ Hacking:
When someone breaks into your

IN DAILY LIFE
social media, email, or online accounts
without your permission.
❑ Scams:
Fake messages about winning prizes
or free offers that trick people into
giving money or personal information.
 WHY IT MATTERS
04/ 15

Cyber threats can impact your personal life, education, or work.

For example,
❑ losing your social media account can
feel frustrating,
❑ but losing important data or money can
be even worse.
❑ That's why it's important to use strong
passwords, avoid clicking on
suspicious links, and install antivirus
software.
 FUNFACTS 06/ 15

Every second, there’s a

cyberattack happening
somewhere in the world!*

A simple password like "12345" or

"password" is one of the easiest
ways for hackers to break into
accounts.

Some cybercriminals even compete

in underground "hacker contests" to
show off their skills.
 02/ 15

TYPES OF
CYBERTHREATS
MALWARE

PHISHING

RANSOMWARE

DDOS ATTACK
MALWARE
04/ 15

What is Malware?
Definition of Malware:
Malware (short for "malicious
software") refers to any program or file
created to harm, exploit, or compromise
a computer system or network, often
designed to steal data or cause damage.
Common Types of
MALWARE
Viruses:
Self-replicating programs that
attach themselves to files and
spread to other systems or
files when executed.
Worms:
Standalone programs that
spread across networks without
needing a host file, often
exploiting system
vulnerabilities.
05/ 15
Adware:
Software that automatically
displays or downloads unwanted
advertisements, often leading to a
slower system and potential
exposure to further threats.
Spyware:
Programs that secretly monitor
and collect personal data, such as
browsing history or login
credentials, without the user's
consent.
 Spyware Attack on Government 04/ 15

Officials in Pakistan (2020)

❑ Attack Overview:
In 2020, a spyware attack targeted multiple high-ranking government officials in
Pakistan.
❑ Attack Method:
The attackers used spear-phishing emails that contained malicious attachments or links.
Once opened, the spyware was installed on the devices, giving attackers access to
sensitive information and communications.
❑ Impact:
The spyware allowed attackers to monitor private communications, track activities, and
exhilarate data.
❑ Targeted Individuals:
The attack specifically targeted officials involved in national security and foreign
relations, increasing the severity of the breach.
 Protection AGAINST MALWARE 06/ 15

❑ Antivirus and Anti-Malware Software:

❑ Avast Free Antivirus
❑ AVG AntiVirus Free

❑ VPNs for Added Security

❑ ExpressVPN

❑ Regular Software Updates:

❑ Strong Passwords:.
❑ Backup Data Regularly
PHISHING
04/ 15

What is Phishing?

● Definition:
○ A cyberattack where malicious actors
deceive individuals into sharing sensitive
data.
○ Methods include emails, text messages,
websites, or phone calls impersonating
legitimate organizations.
 EXAMPLES OF PHISHING 05/ 15

Fake Account Suspension Emails:

○ Claim: Account suspended; includes a link to verify.
○ Spot it: Generic greetings, misspellings, suspicious URLs.

Fake Payment Request Emails:

○ Claim: Overdue payment with altered bank details.
○ Spot it: Verify directly with sender.

Vishing (via Phone):

○ Claim: Calls requesting PINs or OTPs.
○ Spot it: Legitimate organizations never ask for this information.

"You’ve Won a Prize" Scams:

○ Claim: Prize winnings require a fee or personal details.
○ Spot it: Legitimate prizes don’t ask for payments.
 07/ 15

A
VERY
FAMILIAR
EXAMPLE
 08/ 15

ANOTHER
ONE
08/ 15
 CASESTUDIES 10/ 15

01 03
02
Target Data Breach (2013): Crelan Bank CEO
○ Attack via third-party vendor; Google and Facebook Fraud (2016):
40M card details stolen. Scam (2013–2015): ○ €70M lost due to fake
○ Lesson: Secure third-party ○ $121M lost via fake CEO emails.
network access. invoices. ○ Lesson: Verify large
○ Lesson: Verify payment transactions
requests strictly.
 PHISHING PREVENTION TOOLS 12/ 15

❑ Norton 360:
❑ Avast Secure Browser:
❑ Google Safe Browsing:
❑ McAfee Mobile Security:
❑ Kaspersky Internet Security:
❑ Bitdefender Mobile Security:
❑ Email Security Tools for Businesses:
❑ Microsoft Defender:
❑ LastPass/Dashlane:
❑ Truecaller:
❑ PakCERT Tools
 10/ 15

Definition:
RANSOMWARE
Ransomware is a type of malicious software designed to encrypt
files on a victim's device, rendering them inaccessible until a
ransom is paid to the attacker. Attackers often threaten to leak or
permanently delete the data if the ransom is not paid.

Examples:
❑ WannaCry (2017): Exploited a vulnerability in
Windows OS, affecting over 200,000 computers across
150 countries.
❑ DarkSide (2021): Targeted Colonial Pipeline, leading
to fuel supply disruptions in the U.S.
 09/ 15

Crypto Ransomware:
Encrypts valuable files, making them
inaccessible without a decryption key.

TYPES OF Locker Ransomware:

RANSOMWARE
Locks the user out of the operating system,
preventing access to the entire system.

Double Extortion Ransomware:

Encrypts data and exhilarates it, threatening
to publish the stolen data if the ransom is not
paid.
 BANKING FRAUDS 12/ 15

Definition:
Banking frauds involve illegal activities aimed at unlawfully obtaining
money, assets, or other property owned or held by a financial institution.

Types of Banking Frauds:

Account Takeover: Unauthorized access to a victim's bank

account to conduct fraudulent transactions.

Card Skimming: Illegally copying data from the magnetic

strip of a credit or debit card.

Application Fraud: Using stolen or fake documents to open an

account in another person's name.
 EXAMPLES 12/ 15

Nirav Modi Scam (2018):

A fraudulent issuance of Letters of Undertaking led to a
loss of approximately $1.8 billion for Punjab National
Bank.

Unauthorized Push Payment (APP) Frauds:

Scammers trick individuals into authorizing payments to
accounts under their control.

Recent Research:
A 2022 scoping review emphasizes the importance of
robust fraud detection and prevention frameworks in
financial institutions
 08/ 15

PREVENTION
STRATEGIES
❑Regular Backups
❑Security Software
❑Employee Training
❑Patch Management
❑ Multi-Factor Authentication
(MFA)
❑ Fraud Detection Systems
❑ Customer Education
❑ Regulatory Compliance
 DDOS ATTACKS
11/ 15

DEFINITION
A Distributed Denial of
Service (DDoS) attack
overwhelms a server or
website with excessive IMPACT
requests, causing it to
malfunction or go offline,
Even if the website doesn’t go
impacting its ability to serve
completely offline,
legitimate users.
performance can drastically
degrade, causing slow
loading times and disrupted
service for legitimate users.

Mechanism of DDoS Attacks
Requirements:
DDoS attacks require a large number
of internet-connected devices,
particularly unsecure Internet of
Things (IoT) devices. Many IoT devices
are vulnerable due to weak or default
passwords, making them easy targets
for attackers.
Execution:
Attackers remotely control these
vulnerable devices, forming a botnet,
which they then use to flood the target
server with an overwhelming amount
of traffic.
10/ 15
Costs of DDoS Attacks
For Organizations:
The average cost of a DDoS attack to
an organization is approximately
$106,000, factoring in the expenses for
detection, mitigation, and customer
churn.
For Attackers:
DDoS-for-hire services are often
inexpensive. The cost can range from
$5 for a few minutes to $500 for a full
day of service.
 CASESTUDY 10/ 15

Cloudflare DDoS Attack (2022):

Cloudflare reported one of the largest-ever DDoS attacks,
peaking at 26 million requests per second. Despite the scale of
the attack, Cloudflare’s mitigation systems prevented any
downtime for the targeted customer by filtering malicious traffic
and allowing legitimate traffic to pass through seamlessly.

AWS DDoS Attack (2020):

Amazon Web Services (AWS) faced a DDoS attack that
peaked at 2.3 terabits per second. AWS used its own
security tools, including AWS Shield and WAF (Web
Application Firewall), to mitigate the attack, protecting
its customers from significant downtime.
 PRECAUTIONS 04/ 15

❑ Traffic Analysis Tools:

Monitor traffic to detect unusual patterns or spikes, which could
indicate an ongoing attack.
❑ Tools: SolarWinds NetFlow Traffic Analyzer, Nagios, and Splunk are
common traffic analysis tools.

❑ Web Application Firewalls (WAFs):

WAFs filter and block malicious traffic before it reaches your server,
providing an extra layer of protection.
❑ Tools: Cloudflare WAF, Imperva WAF, and AWS WAF.

❑ DDoS Mitigation Services:

Use cloud-based DDoS protection services, such as Cloudflare, Akamai,
and AWS Shield, to absorb and mitigate attack traffic before it reaches
the target servers.
 AWARENESS 04/ 15

Highlight Real-World Case Studies:

Share examples like the Cloudflare and AWS DDoS attacks to
show the scale and impact of such threats.

Promote Basic Security Practices:

Encourage practices such as strong passwords, regular software
updates, and implementing DDoS protection tools (e.g., WAFs).

Collaborate for Wider Outreach:

Partner with cybersecurity firms and government agencies to offer
free resources, run webinars, and organize workshops to increase
awareness and knowledge about DDoS attacks and prevention
 CONCLUSION
08/ 15

Cyber threats like malware, phishing,

ransomware, and DDoS attacks are
growing in both complexity and
frequency, causing serious harm to
individuals and organizations. These
attacks exploit weak security
measures, human errors, and
vulnerable systems. However, through
regular updates, training, multi-factor
authentication, and advanced tools like
firewalls and cloud-based DDoS
protection, we can minimize these
risks. Staying proactive and informed
is crucial to defending against these
evolving threats and ensuring the
safety of our data and systems.
 15/ 15

THANK
YOU!