Module-2 Cyber Attack

A hacker is always looking for the easiest way in. They check systems for weak spots like unpatched apps, misconfigured websites, or outdated software while also paying attention to how people act online. They notice patterns, like someone rushing to open a "bank alert" email or clicking on a free but suspicious app, and use these natural reactions to get in. Every move is about taking advantage of trust, curiosity, or fear without being noticed.

Hackers think ahead. They watch for mistakes, figure out how people will react, and pick the simplest way to reach their goal. Understanding this helps cybersecurity teams patch holes and teach people how to spot phishing attempts, unsafe links, and risky apps before hackers can take advantage.

Hackers don't guess passwords by hand. They use programs that can try billions of combinations in seconds, testing patterns people often use, like "123456," "summer2025," or "qwerty." Simple sequences like these can be cracked in minutes, while a password like "G7r!9pLz2Q" that mixes letters, numbers, and symbols could take centuries to break. Hackers also rely on leaked password databases, trying combinations people commonly reuse across Gmail, Facebook, and online banking accounts to gain access quickly.

Malware disguised as an app looks like a normal, useful, or fun application but secretly contains harmful code. A flashlight app that asks for access to your contacts and microphone, or a free photo editor that quietly collects your location, can steal personal information, track your activity, or even let hackers control your device. Even if the app seems to work normally, it can run in the background, collecting sensitive data without the user noticing.

Hackers use Social Media Recon to piece together information from what people post online. A photo at a new café can show where someone hangs out, while a post about an upcoming trip reveals when they'll be away. Even small things like your pet's name, favorite sports team, or the school you attend can help them guess passwords or security questions. Comments, likes, and check-ins show patterns in your daily life, and by looking at friends or coworkers, hackers can find more ways to target you. Even sharing hobbies, events, or photos of your home can give away clues about routines or personal habits. That's why being careful about what you post and adjusting privacy settings is so important, because your online footprint can tell a story without you realizing it.

The Trojan Horse Trick hides harmful software inside something that looks harmless. You might download a free game, utility, or file that promises extra features, thinking it's safe. Once opened, it can install malware in the background and give hackers access to your device.

Some Trojans can steal passwords, take screenshots, or spy through your webcam. Others add your device to a network of infected computers called a botnet. The program looks legitimate, so people trust it and run it willingly.

You download a free game or open a fake invoice, and suddenly your files start locking themselves. Pictures, documents, and videos vanish from view while a scary message appears demanding money.

• The ransomware scans your computer for important files like photos, documents, and videos.
• It encrypts these files, changing their names and extensions so they cannot be opened.
• Security programs and notifications get disabled to prevent interruption.
• A message pops up demanding payment, often with a countdown timer.
• The malware contacts its creator, sending system info and confirming which files are encrypted.
• It spreads to connected drives, network folders, or USB devices, locking more files.
• Your computer becomes unusable except for the ransom message, forcing you to restore from backup or risk losing access.

A DDoS Storm happens when a website or online service gets slammed with traffic from hundreds or thousands of computers at the same time. Picture a popular online store during a big sale, but instead of real shoppers, a flood of fake visitors clogs the site so no one can get in. The website slows down or crashes completely, making it unusable.

Hackers often use this to distract IT teams while they try other attacks, like stealing data or planting malware. Sometimes it's done to damage a competitor or make a statement. Even major services like banks, streaming platforms, or government sites can go offline for hours because their servers cannot handle the massive rush. The scary part is that the attack can come from devices all over the world, making it hard to stop.

X person receives a message from someone claiming to be a tech support agent for a popular software. The hacker says there's a serious issue with their computer and that they need to download a tool to fix it. Trusting the message, X person clicks the link and starts the download.

The file looks harmless, maybe a PDF or a small utility, but once opened, malware quietly installs on X person's computer. The hacker then gains access to files, keystrokes, and sensitive information.

Throughout the conversation, the hacker used urgency, authority, and helpfulness to manipulate X person. Social engineering relies on psychology rather than technical exploits, tricking someone into doing the work for the attacker.

An employee at a company has access to sensitive files and systems. At first, everything seems normal, but over time, they start secretly copying confidential documents and sending them to competitors or storing them on personal drives.

Their actions go unnoticed because they have legitimate access. Security systems don't raise alarms since the employee looks like they're doing regular work. Gradually, critical company information leaks, causing financial loss and damaging trust with clients.

Insider threats aren't always malicious at first—sometimes mistakes, curiosity, or small shortcuts lead to massive breaches. This shows that even trusted individuals inside an organization can pose serious risks.

Devices are far more vulnerable than most people realize. A smartphone, tablet, or laptop might seem secure, but even basic apps or downloads can open doors for hackers. Connecting to an unprotected public WiFi can let attackers intercept messages, passwords, or emails without you noticing. Even home devices like smart TVs, security cameras, or WiFi routers can be hacked if default passwords aren't changed or updates are ignored. A single unpatched vulnerability can give someone full control over a device, allowing them to spy, steal information, or use it to attack other systems. Every device connected to the internet is a potential target, and most people underestimate how easy it is for attackers to exploit them.