Assignment Posts

Roll. no.1: AbdulBasith Mulla

#1

"MyDoom" is the most expensive computer virus in the world and in the history of cyber security, which has caused financial damage of about $38 billion.

It is a very effective worm made to create zombies out of hundreds of thousands of computers. Hackers could then use each hijacked terminal to wage a denial of service (DoS) attack toward a company they identified. In 2004, no one knew who developed the code.

Similar to this another virus name "ILOVEU" is also very famous for fast spreading.

#2

*Some Facts About Infamous Malware Pegasus*

Pegasus is spyware developed by the Israeli cyber-arms company NSO Group. It came out first in 2011.

Pegasus 1 is considered the most powerful malware ever developed. It can steal text messages, photos, emails, videos, and contact lists — and can record phone calls. It can also secretly turn on a phone's microphone and cameras to create new recordings

---------

It is estimated that roughly 50 thousand devices have been infected with Pegasus since 2021. Unfortunately, traditional antivirus software cannot detect Pegasus

-------_

The first cell phone hack download was detected by researchers in 2016.

The malware can hack a phone without any interaction from the owner.

Once you unknowingly download the software through apps such as WhatsApp, it can secretly record video and audio, copy messages, and gain access to photos.

The software is capable of pinpointing your exact location, places you have been, and people you have come in contact with.

---

It was designed to hack cell phones using either Android or iOS operating systems. The spyware uses a cell phone hack method called spear phishing. This type of hack tricks people into clicking on a malicious link in an email or text to download the software. This type of infiltration is popular on third-party messaging apps such as WhatsApp.

It is continually becoming more advanced and takes advantage of an operating system‘s “zero-day” vulnerabilities. These flaws in the software are unknown to the developer so they are unable to fix them before they have been exploited.

_______

When attempts such as zero clicks or spear-phishing fail, Pegasus 1 can also be installed by a wireless transceiver placed near you. The cell phone hack malware can also be manually installed on your phone if an individual is able to steal it.

The price of installing this software is 500k dollars and another 17% annual maintenance fee.

There is really no way to detect Pegasus malware because it is so advanced that it can self-destruct upon detection and shows no signs of being on your device

******

#3

On November 23, 

the All India Institute Of Medical Sciences (AIIMS) was hacked by Chinese ransomware which encrypted all the files and data and demanded an estimated Rs 200 crore in cryptocurrency from AIIMS.

__

The data of around 3-4 crore patients were said to have been compromised due to a cyber attack.

Patient care services in the emergency and laboratory wings were manually managed as the servers remained down.

---------

The officials claimed that out of 100 servers (40 physical and 60 virtual), five physical servers were successfully infiltrated by the hackers. The damage could have been far worse, but it was saved with timely intervention.

----------

The experts said that the first layer of the server attack has been cracked and the two locations narrowed in by the investigating teams are China's Zhenan and Hong Kong.

The hackers were using VPNs to mask their IP addresses.

Roll No 2: Abhilash Jambagi

Cyber Security Issue: Ransomware

Ransomware attacks are believed to cost victims billions of dollars every year, as hackers deploy technologies that enable them to literally kidnap an individual or organization’s databases and hold all of the information for ransom

Uttar Haryana Bijli Vitran Nigam was hit by a ransomware attack. The attackers demanded Rs.1 crore or $10 million in return for giving back the data. 

Roll No 3: Abhishek basutkar

Cyber Security Issue: How do Hackers Hack Phones and How can I Prevent it?

TYPES OF HACKING in phone:

1) Keylogging: In the hands of a hacker, keylogging works like a stalker by snooping information as you type, tap, and even talk on your phone. 

2) Trojans: Trojans are types of malware that can be disguised in your phone to extract important data, such as credit card account details or personal information.

3) Phishing attacks: These are a classic form of attack. In fact, hackers have leveled them at our computers for years now too. Phishing is where hackers impersonate a company or trusted individual to get access to your accounts or personal info or both. And these attacks take many forms, like emails, texts, instant messages, and so forth, some of which can look really legitimate. Common to them are links to bogus sites that attempt to trick you into handing over that info or that install malware to wreak havoc on your device or likewise steal information. 

4) Bluetooth hacking: Professional hackers can use dedicated technologies that search for vulnerable mobile devices with an open Bluetooth connection. Hackers can pull off these attacks when they are within range of your phone, up to 30 feet away, usually in a populated area. When hackers make a Bluetooth connection to your phone, they can possibly access your data and info, yet that data and info must be downloaded while the phone is within range. As you probably gathered, this is a more sophisticated attack given the effort and technology involved. 

5) SIM card swapping: In August of 2019, the CEO of Twitter had his SIM card hacked by a SIM card swapping scam. SIM card swapping occurs when a hacker contacts your phone provider, pretends to be you and then asks for a replacement SIM card. Once the provider sends the new SIM to the hacker, the old SIM card will be deactivated, and your phone number will be effectively stolen. This means the hacker has taken control of your phone calls, messages, and so forth. This method of hacking requires the seemingly not-so-easy task of impersonating someone else, yet clearly, it happened to the CEO of a major tech company. Protecting your personal info and identity online can help prevent hackers from impersonating you to pull off this and other crimes.  

How to prevent hacking on phones:

1) Update your phone and its apps- Aside from installing security software, keeping current with updates is a primary way to keep you and your phone safe. Updates can fix vulnerabilities that cybercriminals rely on to pull off their malware-based attacks. Additionally, those updates can help keep your phone and apps running smoothly while also introducing new, helpful features.

2) Encrypt your phone- Encrypting your cell phone can save you from being hacked and can protect your calls, messages, and critical information. To check if your iPhone is encrypted can go into Touch ID & Passcode, scroll to the bottom, and see if data protection is enabled (typically this is automatic if you have a passcode enabled). Android users have automatic encryption depending on the type of phone.

3) Lock your SIM card- Just as you can lock your phone, you can also lock the SIM card that is used to identify you, the owner, and to connect you to your cellular network. Locking it, keeps your phone from being used on any other network than yours.

4) Steer clear of third-party app stores-Google Play and Apple’s App Store have measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites may not have that process in place. In fact, some third-party sites may intentionally host malicious apps as part of a broader scam. Granted, cybercriminals have found ways to work around Google and Apple’s review process, yet the chances of downloading a safe app from them are far greater than anywhere else. Furthermore, both Google and Apple are quick to remove malicious apps once discovered, making their stores that much safer.

5) Stay safer on the go with a VPN. One way that crooks can hack their way into your phone is via public Wi-Fi, such as at airports, hotels, and even libraries. These networks are public, meaning that your activities are exposed to others on the network—your banking, your password usage, all of it. One way to make a public network private is with a VPN, which can keep you and all you do protect from others on that Wi-Fi hotspot.

Roll No 4: Abhishek. K. Shebannavar

1) Yahoo Com Cyber-attack – September 2016:

Yahoo announced the first details about the Yahoo cyber attack in September 2016. Hackers stole 500 million users’ data back in late 2014. Eight million of these accounts were UK accounts. Yahoo was aware of the intrusion but had not realized the extent of the breach. In July 2016; whilst investigating a separate data breach, Yahoo found information about 200 million customers’ accounts appearing for sale on a darknet market site. The seller, with the nickname ‘Peace’, is believed to be a broker of information. They are also believed to be connected to data stolen previously from MySpace and LinkedIn. 

2) Yahoo finance Cyber-attack – December 2016

Yahoo learned about its second breach in November 2016. Law enforcement agents began sharing stolen data with the company. A hacker gave these details to law enforcement agents. Hackers had allegedly seen small samples but had never seen the complete set of data. Yahoo did publicize this second Yahoo cyber attack; although later than the other one. Hackers attacked in August and took information from one billion users.

Roll No 5: Abhishek kalligudd

Judge, the doctor hit by cyber fraud in Delhi

NEW DELHI: A judge and a city doctor have become the latest victims of cybercrime in the capital. In one case, cybercrooks demanded money from the contacts of a judge after hacking into his Facebook ID. In the other incident, the criminals duped a doctor using a malicious online wallet voucher.

  

      In the first incident, crooks hacked into the Facebook ID of additional district and sessions judges stole information, made a new ID, and added his contacts to the same. Thereafter, they demanded money from them on different pretexts.

Roll No 6: Abhishek Todurkar

The social media problem that I have found is related to one of the most used apps Instagram, The problem is nowadays anyone can create an account on Instagram, it doesn't have any pros but it has some serious cons, that is, Instagram doesn't verify someone's account before creating one, the account can be created using emails or phone numbers, the main problem is, A person can create an account by keeping the username of some other random or known person, using it he can defame the other person by sending abusive texts or snaps and also sometimes they might ask money by pretending to be their friend/family. The other problem is people of underage can also create Instagram accounts without the consent of their elder ones and might get in some trouble sometimes.

Solution:- We can deal with this problem in a very simplified solution that is before creating an account, Instagram has to make it compulsory to provide some legal identity card to verify the account that is being created. This one simple step can resolve a lot of cybercrimes. :)

Roll No 7: Aishwarya Sheksindi

TOP 5 cyber attacks of 2022

1. Red Cross

Type of attack: Malware

Weakness: Late patching

Individuals affected: 515,000

The year 2022 started with big news about a data breach that affected Red Cross data on highly vulnerable people’s profiles. Lifting data of 60+ global Red Cross and Red Crescent Movement societies from the servers, threat actors gained access to the sensitive data of 515,000 individuals.

How to mitigate the risk?

Robust security is mandatory in dealing with persistent malicious actors. The Red Cross case shows that one slip can result in a data breach even though security practices were in place. Thus, once selecting a vendor, ensure the cloud service provider is aligned with compliance and data security requirements.

2. Credit Suisse 

Type of attack: Data leak

Weakness: Unrestricted access

Users affected: 18,000+

Credit Suisse is a multinational investment bank and financial services provider based in Switzerland, with 48,000+ employees. The data leak caught media attention in February after leaking information about 30,000 client accounts.

How to mitigate the risk?

Insider threat is one of the organizations’ most complicated security aspects, making it almost impossible to protect completely. Security managers must treat hardly unpredictable factors such as conscious intent or accidental breaches with the highest alert and preparedness.

3. OpenSea

Type of attack: Phishing

Weakness: Third-party vulnerability

Users affected: 32

The cyber attack on one of the biggest NFT marketplaces, OpenSea, went public in June this year. The email phishing attack targeted the platform’s users interacting with them under the name of the OpenSea company.

How to mitigate the risk?

Phishing attacks are among the most popular ways to scam users and employees. Therefore, organizations must practice content filtering to streamline incoming emails and limit exposure to malicious links and websites that might threaten network security.

4. Uber 

Type of cyber attack: Social engineering

Weakness: Unsecured admin credentials

Users affected: N/A

In September, Uber announced a security incident in their computer systems. According to the company, Uber’s contractor was exposed to malware on their device, revealing the password.

How to mitigate the risk?

Control of people-related threats is challenging on organizational levels. Education and cybersecurity training help minimize the risks. However, Uber’s situation shows that the company must carefully protect sensitive and confidential data. Data encryption, access restrictions, and managing the attack surface becomes vital in case of a breach.

5. Optus 

Type of attack: Human error

Weakness: No authentication controls

Users affected: 9.8 million

Since September 22, 2022, the top story spot of news channels was held by the data breach of Optus, the second largest Australian telco arm of Singaporian Singtel telecommunications company. The data breach affected nearly 10 million Optus legacy and present customers, exposing 2,8 million sensitive client records.

How to mitigate the risk?

Layered security gaps demonstrate knowledge or competence lacking in the organization. If it’s frustrating to evaluate where to start implementing security measures, it’s beneficial to run a cybersecurity risk assessment to begin building a strategy. One of the first steps to better network security with remote workers is to apply Multi-Factor Authentication (MFA) methods for employee identity verification.

Roll No 8: Akhil A Inamdar

Zero-Day Exploit: A Zero-Day Exploit happens after the announcement of a network vulnerability; there is no solution for the vulnerability in most cases. Hence the vendor notifies the vulnerability so that the users are aware; however, this news also reaches the attackers. Depending on the vulnerability, the vendor or the developer could take any amount of time to fix the issue. Meanwhile, the attackers target the disclosed vulnerability. They make sure to exploit the vulnerability even before a patch or solution is implemented for it. 

Zero-day exploits can be prevented by: Organizations should have well-communicated patch management processes. Use management solutions to automate the procedures. Thus it avoids delays in deployment. Have an incident response plan to help you deal with a cyber-attack. Keep a strategy focusing on zero-day attacks. By doing so, the damage can be reduced or completely avoided.

Roll No 9: Akshay kabburamath

The 2011 PlayStation Network outage (sometimes referred to as the PSN Hack) was the result of an "external intrusion" on Sony's PlayStation Network and Qriocity services, in which personal details from approximately 77 million accounts were compromised and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service. The attack occurred between April 17 and April 19, 2011, forcing Sony to turn off the PlayStation Network on April 20. 

On May 4, Sony confirmed that personally identifiable information from each of the 77 million accounts had been exposed. The outage lasted 23 days. The database contained 12,700 credit card numbers, particularly those of non-U.S. residents, and had not been in use since 2007 as much of the data applied to expired cards and deleted accounts. The final loose ends from the massive hack of Sony's PlayStation Network that first came to light in April 2011 are being tied up, with Sony agreeing to a settlement that could hold it liable for up to $15 million in damages, plus nearly $2.75 million in attorney fees.

Roll No 10: ANANTNAG KUMBAR 

Aadhaar [tie with Alibaba] 

Date: January 2018

Impact: 1.1 billion Indian citizens’ identity/biometric information exposed 

In early 2018, news broke that malicious actors has infiltrated the world’s largest ID database, Aadhaar, exposing information on more than 1.1 billion Indian citizens including names, addresses, photos, phone numbers, and emails, as well as biometric data like fingerprints and iris scans. What’s more, since the database – established by the Unique Identification Authority of India (UIDAI) in 2009 – also held information about bank accounts connected with unique 12-digit numbers, it became a credit breach too. This was despite the UIDAI initially denying that the database held such data, The actors infiltrated the Aadhaar database through the website of Indane, a state-owned utility company connected to the government database through an application programming interface that allowed applications to retrieve data stored by other applications or software. Unfortunately, Indane’s API had no access controls, thus rendering its data vulnerable. Hackers sold access to the data for as little as $7 via a WhatsApp group. Despite warnings from security researchers and tech groups, it took Indian authorities until March 23, 2018, to take the vulnerable access point offline.

Roll No 11: Ananya Dayanand Prabhu

 Buffer overflow vulnerability in WhatsApp 

In November 2019, The new vulnerability or bug comes days after WhatsApp reported a spyware attack that led to snooping on 1,400 individuals around the world. Facebook’s WhatsApp mobile app had a rough time lately with regard to software vulnerabilities or bugs. The social media company quietly issued a security patch for a buffer overflow vulnerability contained in their messaging application. This major WhatsApp vulnerability disclosed and patched in 2019 demonstrate the potential impact of a buffer overflow vulnerability in a critical application. 

Buffer overflow vulnerability in WhatsApp VOIP (Voice Over Internet Protocol) stack allows remote code execution via a specially-crafted series of SRTP (Secure Real-Time Transport Protocol) packets sent to a target phone number.

A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS [Denial of Service] or RCE [Remote Code Execution].

Solution:-

Zimperium zIPS, powered by Zimperium’s machine learning-based engine, z9, helps protect customers by identifying at-risk devices and active threats trying to leverage the vulnerability.

Roll No 12: Ananya Umesh Gaonkar

Microsoft Data Breaches: Full Timeline Through 2022

  The most recent Microsoft breach occurred on March 20, 2022, when the hacker group Lapsus$ announced on Telegram that they had breached the company. Several Microsoft projects, including Bing and Cortana, were compromised in the incident. As far as we can tell, however, no customer data appears to have been exposed.

Below, you’ll find a full timeline of Microsoft data breaches and security incidents, starting with the most recent.

October 2022: 548,000+ Users Exposed in BlueBleed Data Leak

On October 19th, security firm SOCRadar identified over 2.4 terabytes of exposed data on a misconfigured Microsoft endpoint. By SOCRadar’s account, this data pertained to over 65,000 companies and 548,000 users, and included customer emails, project information, and signed documents.

Microsoft acknowledged the data leak in a blog post. They also said they had secured the endpoint and notified the accounts that had been compromised, and elaborated that they found no evidence customer accounts had actually been compromised — only exposed. Microsoft also disputed some key details of SOCRadar’s findings:

March 2022: Lapsus$ Group Breaches Microsoft

On March 20, 2022, the hacker group Lapsus$ posted a screenshot to their Telegram channel indicating that they had breached Microsoft. The screenshot was taken within Azure DevOps, a collaboration software created by Microsoft, and indicated that Bing, Cortana, and other projects had been compromised in the breach.

On March 22, Microsoft issued a statement confirming that the attacks had occurred. In it, they asserted that no customer data had been compromised; per Microsoft’s description, only a single account was hijacked, and the company’s security team was able to stop the attack before Lapsus$ could infiltrate any deeper into their organization.

In a lengthy blog post, Microsoft’s security team described Lapsus$ as “a large-scale social engineering and extortion campaign against multiple organizations with some seeing evidence of destructive elements.” They go on to describe the group’s tactics in great detail, indicating that Microsoft had been studying Lapsus$ carefully before the incident occurred.

For their part, Lapsus$ has repeatedly stated that their motivations are purely financial: “Remember: The only goal is money, our reasons are not political.” They appear to exploit insider threats, and recently posted a notice asking tech workers to compromise their employers

Roll No 13: Ankith Naik 

Cyber-crime will cost 7 trillion dollars in 2022. Its bigger than an illegal drugs. As cyber-crime is measured as an economy, it will be third largest, behind us and China. But do we threat cyber-crime with the same seriousness as the other disaster, illegal drugs and pandemic? It's as service as that but we are not serious enough...

Roll No 14: Anusha Anand Bennal

Identity Theft: identity theft is when cyber criminals illegally access personal and critical information about an individual and compromise the same with ulterior motives, which include siphoning off money from bank accounts or creating fake social media profiles and taking control of accounts for personal vengeance.

Banglore is the identity theft capital of India!.

Banglore tops the cities where criminals succeed in gaining access to smartphones, email accounts, and financial instruments of unsuspecting victims. According to National Crime Records Bureau's Crime in India 2021 report, Banglore accounted for 72% of the total identity theft cases registered across 19 metropolitan cities in India.

The first step to take if someone has stolen your identity is to report it to the Federal Trade Commission [FTC] at identitytheft.gov or you can also call 1877-438-4338. From there you can freeze your credit reports, file a police report and change all your login and password information. It would be wise to close your current credit and debit cards and receive new ones.

Roll No 15:ANUSHA UMAMAHESHWAR HEGDE

Iranian hackers targeted Albanian computer systems, forcing Albanian officials to temporarily shut down the Total Information Management System, a service used to track individuals entering and exiting Albania. This attack closely followed Albania’s decision to sever diplomatic ties with Iran as well as the American sanctions and NATO’s condemnation of an Iranian cyberattack against Albania in July. In the July attack, Iranian actors deployed ransomware on Albanian Government networks that destroyed data and disrupted government services.

Roll No 16: Archit Shetty

Crime as-a-service

The cost of global cybercrime has been estimated by market and consumer data company Statista to reach $10.5tr by 2025. With blockchain analysis firm Chainalysis reporting that cybercriminals have stolen more than $3bn in crypto-based cyber attacks between January and October of 2022 alone, cybercrime is becoming an incredibly lucrative business for hackers. As cybercrime becomes more established as a revenue source for malicious actors, some are pivoting to offer their services to a wider community for a fee. 

Crime-as-a-service allows bad actors to offer their hacking services to others for a fee. An example of this was seen in 2022 when a Meta employee was fired for allegedly using their employee privileges to hijack and allow unauthorized access to Facebook profiles, charging her ‘customers’ thousands of dollars in Bitcoin to do so. 

Adam Levin, a cyber security expert, believes that platforms that allow hackers to offer their services will be the number-one security threat in 2023. Levin explains that this is because criminals are using “increasingly sophisticated software created by threat actors” and selling this software on a subscription-based model for use to scam both consumers and businesses. According to Levin, the most common as-a-service crimeware products are phishing and ransomware. As-a-service software is so dangerous, he explains, as it “allows anyone, regardless how tech savvy, to conduct phishing, ransomware, distributed denial of service and other cyber attacks”. 

He further predicts that in 2023, “criminal software enterprises will continue to threaten enterprises of any size”, as seen in 2022 with the attacks leveled against Microsoft, Dropbox, Medibank, Uber, and Rockstar Games to name a few.

Roll No 17:ARIEN IJARI

MALWARE:

If you’ve ever seen an antivirus alert pop up on your screen, or if you’ve Mistakenly clicked a malicious email attachment, then you’ve had a close call with malware. Attackers love to malware to gain a foothold in users’ Computers ---and because it can be so effective.

“Malware” refers to various forms of harmful software such as viruses and ransomware once the malware is in your computer it takes control of your Machine and monitors your actions and silently sends your confidential Data to the hacker's home base.

BOTS:

The bot is an automated process that interacts with other network services some Bots programs run automatically, while others execute commands when they receive specific input. few examples are malicious bots and crawlers.

BACKDOORS:

It is a process that bypasses normal authentication processes. A developer may Create a normal backdoor so that an application or operating system can be accessed for troubleshooting or other purposes.

ZERO DAY EXPLOITS:

It is a targeted attack against a system, network, or software this attack takes Advantage of an overlooked security problem looking to cause unusual behavior and damaged data. 

CRYPTOJACKING:

Cryptojacking is an attempt to install malware that forces the infected system To perform “crypto mining” it is deployed because the act of crypto mining is hardware intensive.

PREVENTIONS:

*Having the latest anti-malware programs installed for starters 

*avoid compromised websites(such as those not using HTML5) is an Excellent proactive defense

*use a character recognition filter to filter malicious URL’S 

*before clicking on an email, hover the cursor on the link where it leads to

*keep updating the antivirus of the machine

Roll No 18:AYEESHA BEPARI 

March 2022: Pakistani government-linked hackers targeted Indian government employees in an espionage operation. The group also created fake government and military websites to deliver malware to their targets.  

March 2022: An attack on a satellite broadband service run by the American company Viasat disrupted internet services across Europe, including Ukrainian military communications at the start of the Russian invasion. The attackers hacked satellite modems belonging to thousands of Europeans to disrupt the company’s service."

April 2022: Ladakh Power Grid

As per a report prepared by US-based cybersecurity company Recorded Future, Chinese hackers targeted seven Indian centers in Ladakh responsible for carrying out electrical dispatch and grid control near a border area disputed by the two nuclear neighbors in the month of April this year.

The Chinese hackers primarily used the trojan ShadowPad, which is believed to have been developed by contractors for China's Ministry of State Security, leading to the conclusion that this was a state-sponsored hacking effort, according to the report. 

November 2022: Hackers damaged Danish State Railways’ network after targeting an IT subcontractor's software testing environment. The attack shut down train operations for several hours.  

November 2022: An Indian-based hacking group targeted Pakistani politicians, generals and diplomats, deploying malware that enables the attacker access to computer cameras and microphones.

Roll No 19:B.ABHIJITH

The Indian government has taken a major step regarding cyber security.

It is also doing a survey regarding cyber-crime-related issues by using text messages.

Roll No 20: Bhavana Hottigoudar

SOME PROMINENT CYBER ATTACKS  IN THE WORLD :

1. RockYou2021: The biggest password leak yet – 2021

         In 2021, experts began investigating what appears to be the biggest password leak of all time. A forum user on the web posted a huge text file containing 8.4 billion entries of passwords, combined from previous leaks and data breaches. The compilation was dubbed “RockYou2021” in reference to the previous RockYou data breach which took place in 2009.The breach led to the development of various new tools on the web designed to help users determine if their passwords had been made vulnerable. According to researchers, the password likely contains the passwords of multiple users on various different accounts, due to its size. 

2. The NASA Cyber Attack

         This is a major cyber security event to take place in 1999, the NASA cyber attack involved the breach and subsequent shutdown of NASA’s crucial computers for around 21 days. Around 1.7 million pieces of software were also downloaded during the attack, which cost the space company to spend around $41,000 on repairs. What made this attack so famous wasn’t the expense associated with the crime, but the criminal responsible for the action.Soon after the attack took place, a fifteen-year-old computer hacker pleaded guilty to the issue, and was sentenced to six months in jail. As part of his sentence, the boy was required to write letters of apology to both the NASA administrators and the secretary of defense.

3. The Melissa Virus

          One of the earliest cyber attacks to highlight the importance of digital security in the tech-driven world was caused by the Melissa Virus. In 1999, a programmer called David Lee Smith hacked an AOL account and used it to publish a file on the internet. The posting promised access to dozens of free passwords to fee-based adult websites. When users downloaded the document, it set a virus free on their computers. 

The virus resulted in significant damage to a huge range of users and companies, including Microsoft. While cyber security managed to contain the spread of the virus within a relatively short space of time, it took a while to remove the infections entirely. The collective damage of the attack was estimated to equal around $80 million.

ACTIONS TAKEN AGAINST CYBER CRIMES IN OUR COUNTRY:

 In India, Cyber-crimes are covered by the Indian Penal Code, of 1860 and the Information Technology Act of 2000.

      Bengaluru, called the IT hub of India, is living up to it's name by getting lost money back to cyber crime victims after police introduces new system called Computer-Aided Dispatch (CAD). Bengaluru seems to be the first city to reportedly use the method in the country and has been able to get a refund of Rs. 2.8 crore back to its owners who were cheated online.

The Computer-Aided Dispatch (CAD) system is used primarily to register crime wherein more focus is given to recording initial details quickly. Victims can call the number 112 to start the process of information recording. An operator from the police control room will swiftly take down details of the case and register a ‘cybercrime incident report’, called the CIR. The benefit in registering CIRs instead of FIRs is that the process is a lot shorter and less tedious.

Roll No 21: BHUVENDRA BHAGWAT

Roll No 22: CHAHIT BERHYA

Roll No 23: DARSHAN GOPAL CHAVAN

Roll No 24: DEEPAK KUMAR P S

Roll No 25: ESHWARI NAGESH PUNAGE

The term cybersquatting is a cyber attack which refers to the unauthorized registration and use of to Internet domain names that are identical or similar to trademarks, service marks, company names, or personal names. Cybersquatting registrants obtain and use the domain name with the bad faith intent to profit from the goodwill of the actual trademark owner.

So here is one of the example :

As we all know Amul is India’s one of the biggest dairy companies with a sales turnover of over 38,550 crores for the year 2019-2020. The company became the victim of cybersquatting when someone bought the following domains : • Amuldistributor.com • Amulboard.com • Amufran.org.in • Amuldistributorindia.com As part from all these domains they, •Made fake bank accounts using Amul’s name. •Started Sending fake forms via emails. •Asked for payment to become an Amul distributor and franchise store. •Ran recruitment scams on the websites, asking candidates to pay a fee to submit job applications. 

The scam ran from 2018 to 2020. Finally, Amul issued a public notice to warn people about the scams and took legal steps to deal with the issue.

Roll No 26: