Common cyber attacks
Introduction
Every 39 seconds oru cyber attack nadakkudhu worldwide! 😱 2025 la India la mattum 15 lakh+ cyber crime cases report aachi.
Hackers epdhi attack pannuranga, enna type of attacks use pannuranga — idhellam therinjha dhaan namma defend panna mudiyum.
Indha article la common cyber attacks, real-world examples, and prevention techniques — ellam detailed ah paapom! 🛡️
Phishing Attacks 🎣
Phishing = Fake messages/emails anuppi sensitive info steal pannuradhu.
Types of Phishing:
| Type | Description | Example |
|---|---|---|
| **Email Phishing** | Mass fake emails | "Your SBI account suspended, click here" |
| **Spear Phishing** | Targeted attack on specific person | CEO ku fake vendor invoice |
| **Smishing** | SMS phishing | "KYC update pannunga" SMS with link |
| **Vishing** | Voice call phishing | Fake bank call asking OTP |
| **Whaling** | Targeting top executives | CFO ku urgent wire transfer request |
How to identify:
- Urgency create pannum — "Act NOW or account blocked!"
- Spelling mistakes, weird email addresses
- Suspicious links (hover panni paanga before clicking)
- Asking for passwords, OTP, personal info
Malware — The Digital Virus 🦠
Malware = Malicious Software. Different types irukku:
🦠 Virus — Attaches to files, spreads when file opened
🐛 Worm — Self-replicating, spreads through network automatically
🐴 Trojan — Looks legitimate but has hidden malicious code
🔒 Ransomware — Encrypts files, demands ransom payment
👁️ Spyware — Secretly monitors your activity
⌨️ Keylogger — Records every keystroke (passwords capture)
🤖 Botnet — Infected computers controlled remotely
Real Example: WannaCry Ransomware (2017)
- 2,30,000+ computers in 150 countries affected
- NHS hospitals in UK shut down
- Demanded $300 Bitcoin ransom
- Damage: $4 billion+ worldwide! 💸
Real Scenario: AIIMS Ransomware Attack
🏥 November 2022 — AIIMS Delhi Ransomware Attack
India's premier hospital AIIMS Delhi got hit by ransomware:
- 40 million+ patient records compromised
- Hospital systems down for 2 weeks
- Doctors went back to pen and paper
- Hackers demanded ₹200 crore in crypto
- OPD, emergency, lab services — all affected
Impact: Patient care delayed, surgeries rescheduled, data at risk.
Lesson: Even critical infrastructure is vulnerable. Backups, segmentation, and security training — essential! 🛡️
DDoS Attacks 🌊
DDoS = Distributed Denial of Service
Imagine oru small chai shop ku suddenly 10,000 people varudhu. Shop handle panna mudiyaadhu, genuine customers ku service kedaikkaadhu. Same concept online la! ☕
How DDoS works:
- Hacker controls thousands of compromised computers (botnet)
- All computers simultaneously send requests to target server
- Server overwhelmed → crashes → legitimate users can't access
| DDoS Type | Layer | Method |
|---|---|---|
| Volume-based | Network | UDP flood, ICMP flood |
| Protocol | Transport | SYN flood, Ping of Death |
| Application | Application | HTTP flood, Slowloris |
Real Example: GitHub (2018) — 1.35 Tbps DDoS attack, largest ever at that time. Mitigated within 10 minutes using Akamai! 🏆
SQL Injection 💉
SQL Injection = Website database la unauthorized commands execute pannuradhu.
Oru login form la username field la instead of normal input:
Idhu database ku solludhu — "always true" → login without password! 😱
Prevention:
- Input validation — user input sanitize pannunga
- Parameterized queries use pannunga
- ORM (Object Relational Mapping) use pannunga
- Least privilege — database user ku minimum permissions
Impact: Yahoo (2013) — 3 billion accounts breached, partly through SQL injection! Largest data breach in history. 📊
Man-in-the-Middle Attack 🕵️
MITM = Hacker un communication middle la eavesdrop pannuradhu.
Nee ──▶ [HACKER] ──▶ Bank Website
Nee bank website ku data anuppuva. Hacker middle la intercept panni:
- Un login credentials paappaan
- Data modify pannuvaan
- Fake responses anuppuvaan
Common scenarios:
- Public WiFi (coffee shop, airport) — most vulnerable!
- Fake WiFi hotspot — "Free_Airport_WiFi"
- HTTP websites (no HTTPS)
- Compromised routers
Prevention:
- HTTPS websites mattum use pannunga 🔒
- Public WiFi la VPN use pannunga
- Free WiFi ah trust pannaadheenga
- Certificate warnings ignore pannaadheenga
Attack Kill Chain
┌─────────────────────────────────────────────────┐ │ CYBER ATTACK KILL CHAIN │ ├─────────────────────────────────────────────────┤ │ │ │ 1. RECONNAISSANCE ──▶ Target info gathering │ │ │ (social media, DNS) │ │ ▼ │ │ 2. WEAPONIZATION ──▶ Create attack payload │ │ │ (malware, exploit) │ │ ▼ │ │ 3. DELIVERY ────────▶ Send to target │ │ │ (email, USB, web) │ │ ▼ │ │ 4. EXPLOITATION ────▶ Trigger vulnerability │ │ │ (code execution) │ │ ▼ │ │ 5. INSTALLATION ────▶ Install backdoor │ │ │ (persistent access) │ │ ▼ │ │ 6. COMMAND & CTRL ──▶ Remote control │ │ │ (C2 server) │ │ ▼ │ │ 7. ACTIONS ─────────▶ Achieve objective │ │ (data theft, damage) │ │ │ │ 🛡️ DEFEND at EVERY stage to break the chain! │ │ │ └─────────────────────────────────────────────────┘
Zero-Day & Advanced Attacks
Advanced attacks romba dangerous:
🆘 Zero-Day Attack
- Software la unknown vulnerability exploit
- Patch available aagura munnadhi attack
- "Zero days" to fix — adhaan name
- Very expensive in black market ($100K - $2.5M)
🔗 Supply Chain Attack
- Software vendor ah compromise panni, updates through malware spread
- SolarWinds (2020) — 18,000 organizations affected including US government!
🎯 APT (Advanced Persistent Threat)
- Nation-state level hackers
- Months/years target system la hidden ah iruppanga
- Goal: Espionage, data theft, sabotage
💰 Cryptojacking
- Un computer secretly use panni cryptocurrency mine pannuradhu
- Computer slow aagum, electricity bill increase aagum
- Website visit panna kuda nadakkum (browser mining)
Prevention Best Practices
Ivanga follow pannunga — most attacks prevent pannalam:
🔐 Authentication: Strong passwords + 2FA everywhere
📧 Email Safety: Unknown links click pannaadheenga, attachments open pannaadheenga
🔄 Updates: OS, software, apps — immediately update pannunga
💾 Backups: 3-2-1 rule — 3 copies, 2 different media, 1 offsite
🌐 Network: VPN use pannunga, public WiFi avoid pannunga
📚 Awareness: Latest threats pathi read pannunga
🔍 Verify: Unknown calls/emails la always verify the source
🛡️ Antivirus: Reputed antivirus install and update pannunga
Attack Comparison Table
All attacks oru comparison la:
| Attack | Difficulty | Impact | Prevention |
|---|---|---|---|
| Phishing | Easy | High | Awareness, 2FA |
| Malware | Medium | High | Antivirus, Updates |
| DDoS | Medium | Medium | CDN, Rate limiting |
| SQL Injection | Medium | Critical | Input validation |
| Social Engineering | Easy | High | Training |
| MITM | Medium | High | HTTPS, VPN |
| Zero-Day | Hard | Critical | Patch management |
| Ransomware | Medium | Critical | Backups, Segmentation |
Key insight: Most successful attacks exploit human weakness, not technical weakness! 80% of breaches involve human element. 🧠
✅ Summary & Key Takeaways
What we learned:
✅ Phishing = Fake messages to steal credentials (most common!)
✅ Malware = Virus, ransomware, trojan, spyware
✅ DDoS = Overwhelming servers with fake traffic
✅ SQL Injection = Attacking databases through web inputs
✅ Social Engineering = Manipulating humans, not machines
✅ MITM = Intercepting communications
✅ Kill Chain = 7-step attack lifecycle
Key takeaway: 80% of attacks exploit human errors. Awareness is your strongest defense! 🧠
Next article: "IAM Basics" — Identity and Access Management, controlling who can access what! 🔑
🏁 Mini Challenge
Challenge: Phishing Email Analysis Lab
Oru week time la phishing detection skills improve pannunga:
- Identify Phishing Emails — Namma spam folder la 10 emails paapom. Each email analyze pannunga: sender address check, suspicious links verify, grammar errors identify, urgency language detect.
- Wireshark MITM Demo — Kali Linux la Wireshark install pannunga. ARP spoofing lab follow pannunga (TryHackMe MITM room). Nee epdhi man-in-the-middle attack work panunga visualize pannunga.
- SQL Injection Practice — DVWA (Damn Vulnerable Web App) setup pannunga. SQL injection vulnerable login form la try pannunga (
admin' OR '1'='1). Prevention techniques understand pannunga.
- Social Engineering Audit — Un organization la 5 people call pannunga (permission take panni). Pretexting scenario use pannunga. "I'm from IT, your password reset pannanum, current password sollanunga?" — how many fall for this? Results document pannunga.
- Malware Analysis Sandbox — Any malware sample (safe, isolated lab la) Wireshark + Process Monitor use panni analyze pannunga. Network traffic paappom, registry changes paappom, file system modifications paappom.
Indha challenge complete pannidha, nee attack patterns recognize panna master! 🎯
Interview Questions
Q1: What is the most common attack? How to prevent?
A: Phishing — 90% of breaches phishing through start aagudhu. Prevention: user awareness training, email filtering, 2FA, link verification.
Q2: Explain ransomware attack and recovery strategy.
A: Attacker data encrypt panni ransom demand pannum. Recovery: regular backups (3-2-1 rule), offline backups, segmentation, incident response plan. Ransom pay pannaadheenga — guarantee illa.
Q3: DDoS attack epdhi work panunga?
A: Thousands of compromised computers (botnet) server attack panni overwhelm pannunga. Server crash aagum, legitimate users access mudiyaadhu. Mitigation: rate limiting, CDN, DDoS protection service, traffic filtering.
Q4: SQL Injection vulnerability epdhi prevent pannuradhu?
A: Input validation (user input sanitize), parameterized queries, ORM usage, principle of least privilege (database user permissions limit), WAF (Web Application Firewall).
Q5: Social Engineering attack la company defend panna strategy?
A: Regular security awareness training, clear authentication procedures (verify requests), physical security controls, incident reporting culture (people comfortable reporting suspicious activity), executive-level security buy-in.
Frequently Asked Questions
WannaCry attack is an example of what type of malware?
Social Engineering 🎭
Social Engineering = Technology attack illa — people ah manipulate pannuradhu.
Human psychology exploit pannuranga:
🎭 Pretexting — Fake identity create panni trust gain pannuradhu
"I'm from IT department, your password expired, tell me your current password"
🍬 Baiting — Tempting offer through trap pannuradhu
Parking lot la "Salary Details" labeled USB drive pottu vaikka — curiosity la plug panniduvanga
🔄 Quid Pro Quo — Something for something
"Free antivirus install pannren, just give me remote access"
🚪 Tailgating — Physically following authorized person into restricted area
Kevin Mitnick — world's most famous social engineer. FBI's most wanted hacker. His weapon? Not code — conversation! 🗣️