The document details six dangerous types of cyberattacks: Cryptolocker, Spear Phishing, Timthumb Attacks, Manipulating Beef Toolkit, SEO Poisoning, and Phishing plus Social Attacks. Each attack employs different strategies to compromise systems and steal or manipulate information, often targeting small businesses due to inadequate security measures. The increasing sophistication of these cyberattacks poses significant threats to individuals and organizations by exploiting vulnerabilities and manipulating online behavior.

1. 6 most dangerous cyberattacks
TARWALA INSIYA Z.
T.Y.-C.E-1
110410107028

2. INDEX
1) INTRODUCTION
2) CRYPTOLOCKER
3) SPEAR PHISHING
4) TIMTHUMB ATTACK
5) MANIPULATING BEEF TOOLKIT
6) SEO POISONING
7) PHISHING + SOCIAL ATTACK

3.  Cyber-attack is any type of offensive maneuver employed by
individuals or whole organizations that targets computer
information systems, infrastructures, computer networks, and
personal computer devices by various means of malicious acts
usually originating from an anonymous source that either steals,
alters, or destroys a specified target by hacking into a susceptible
system.
 These can be labelled as either cyberwarfare or cyberterrorism in
different context. Cyber-attacks can range from
installing spyware on a PC to attempts to destroy the infrastructure
of entire nations.
 Cyber-attacks have become increasingly sophisticated and
dangerous and a preferred method of attacks against large groups
by attackers.
INTRODUCTION

4. CryptoLocker

5.  The CryptoLocker virus can be a lethal one-two punch: It seizes control of
your computer files and threatens to erase them unless you pay a ransom.
 Cybercriminals email you a PDF attachment. If you open the attachment, it
installs malware on your hard drive that lets hackers access your
computer files. The files are then encrypted and you're unable to access
them.
 Within two days, the hackers will email saying if you don't pay up, your
documents will be deleted.
 Attackers typically demand payment via hard-to-trace Bitcoin -- a virtual
currency -- and not in cash or credit card.
 Small businesses are particularly vulnerable to this attack because many
haven't adequately protected file-sharing between employees.So if one
employee's computer is compromised, then every document that the
company owns can be locked.

6. Spear Phishing

7.  Spear Phishing is a targeted attack using emails that look like
they're from someone in your company or a commonly used
business.
 So instead of an email from a random bank about your non-
existent account, hackers send an email that looks like it's from
the HR office in your firm or a service like Groupon or
Travelocity.
 If you click the link in the email, it takes you to a fake page, and
hackers are able to attach malware to your browser.They'll
verify your email address and check your browser history.

8.  If you logged into your online bank account just prior to the
attack, for example, cybercriminals might send a fraudulent
email saying you need to change your password for security
reasons. Now they've just captured your banking information.
 Additionally, hackers can use your online activity to determine
which social networks you use and where you shop most
frequently, and then send more phishing emails that look like
they've originated from those sites.

9. Timthumb attack

10.  In this attack, hackers exploit a security flaw in a popular file used by
Wordpress and other website-building platforms to crop and resize images
("Timthumb.php," thus the name).
 Hackers use the security hole to install malicious code or files into a
website or server. From there, they can launch spear phishing campaigns
and denial-of-service attacks -- where hackers overwhelm a website's
server by flooding it with requests, making the site unresponsive.
 Timthumb attacks have hit millions of websites over the last two years,
most of which have been small businesses.
 Business owners often don't even know that their sites have been infected
because it works silently, adding that the security flaw can be fixed with a
patch.
 By then, the damage has been done. Moreover, an infected website that's
launching DoS attacks also runs the risk of being blacklisted by Google.

11. Manipulating BeEf Toolkit

12.  BeEF Toolkit, short for Browser Exploitation Framework, is
software that experts use to test the security of a firm's
network. But cybercriminals can also use it to steal trade
secrets or financial information from unsuspecting businesses.
 Hackers will send a carefully crafted phishing email with a
malicious link. When the link is clicked on, it activates the BeEF
Toolkit software, which hooks on to your browser and allows
hackers to shadow your activity.
 Hackers are then able to see your most-visited websites, your
searches and your other online activity without you knowing it.
In some cases, cybercriminals can also inject malware that
sniffs for passwords on the computer.
 Most small businesses aren't aware that patches exist to fix
these loopholes. So Businesses need to become more aggressive
about securing their browsers.

13. SEO poisoning

14.  SEO begins with hackers isolating keywords that are generating buzz
on Google and other search engines. They then create malicious URLs
about this topic so that search engines will index it alongside other
results.
 Suppose thousands of people are Googling "Miley Cyrus." In this attack,
cybercriminals would create dummy websites about her that are loaded
with malware.
 If you're searching for Miley and unwittingly click on one of these links,
the malware could be used to hack into your computer or install
spyware.
 There's another risk to small businesses. Because SEO poisoning floods
search results with bad links, it could push legitimate results down.
 Suppose you sell Miley Cyrus T-shirts online and you're expecting an
uptick in business when "Miley Cyrus" is a hot search trend, But with so
many bad results that come up, people might not even get to [your] link.

15. Phishing + social attack

16.  Hackers have upped the ante with this targeted attack, using
personal phone calls in addition to traditional emails.
 It begins as a regular phishing email to people with financial
roles, such as an accountant or a CFO.
 The scary part is that even if you think the email is suspicious
and don't click on it, you haven't escaped the attack.
 The criminals pretend to be a vendor of the [targeted] company
and will convince you that you have a payment due on an old
invoice. The victim gets a follow-up email with an attachment
disguised as the invoice.
 If you click on the attachment, it will install malware on your
computer. Then the hackers can get information such like the
login and password for bank accounts and steal funds.