Cyber security: Current threats,

challenges, and prevention

methods
Mohit Jain1, Aryan Sinha2, Aman Agrawal3, Nimesh Yadav4
Student at Department of Computer Engineering
Mukesh Patel School of Technology Management and Engineering,NMIMS University
Mumbai,India
[email protected], [email protected], [email protected], [email protected]

Abstract— Objective of this study is to perceive the attacks, computerized markets. Customer trust is frequently lost
threats, and weaknesses of digital framework, which because of compromised information, which might prompt
incorporate equipment and programming frameworks, administrative punishments and even legal action. The
organizations, and also intranets. Cybercrime may happen defence mechanism essentially concerns the comprehension
from any spot whatsoever time and the outcomes could be of one's own organization, nature of the assaulter, motivation
unending, it isn't restricted to a particular region. Cyber of the assaulter, strategy for assault, shortcoming of the
Security is a blend of innovative headways, process cycles and organization to moderate future assaulter [1].
practices. The goal of cyber security is to ensure protection of
applications, networks, PCs, and critical information from Thus, through this review we have attempted to
attack. In a computing context, security incorporates both characterize the various elements of dangers and their
network safety and actual security. The hacker harms or takes detection/prevention. Section 2 presents the types of cyber
programming or data just as a result of disturbance or security. In Section 3 we discuss the types of threats and
confusion of the administrations they mislead. As of now, weak parts of the internet world and some ways to prevent
digital protection is viewed as one of the basic boundaries for them. In Section 4 we talk about the possible future threats to
the acknowledgment of any systems administration innovation. cyber security. Section 5 gives the conclusion.
Any hub enduring an onslaught in an organization presents a
peculiar conduct called malevolent conduct. In the present
situation, the whole activity of an organization becomes unsafe II. DOMAINS OF CYBERSECURITY
and to forestall such vindictive practices, a few security goals
have been found.

This paper reviews research work done in cybersecurity

including the types of cybersecurity. The paper also discusses
threats and prevention methods and an overview of future
threats in cybersecurity.

Keywords— Cyber Security, Threats, Vulnerability,

Detection, Countermeasures, Malware

I. INTRODUCTION
A. APPLICATION SECURITY
In present day culture, digital assaults are extending
emphatically. It is convenient, cheap, and less perilous than Any application may contain openings or shortcomings,
physical attacks. Quick improvements in innovation give a which crooks, for example, programmers can use to
late extent of effectiveness to associations or nations to infiltrate the customer's application.
utilize it as an intermediary apparatus. Cyber security is the The use of programming, equipment, and procedural
blend of approaches and practices to forestall and screen approaches to defend applications from outside assaults is
PCs, organizations, projects and information from known as application security. Objective of application
unapproved access or assaults that are focused on double- security is the steps done throughout the development
dealing. Cyber safety will be exceptionally urgent as the lifecycle to protect applications against threats introduced
quantity of gadgets associated with the web will expand, by flaws in the application's design, development,
which will be at a quick speed. Cybersecurity measures are distribution, update, or maintenance. Unapproved code will
supposed to handle inside as well outside threats. not be able to control apps to will, take, edit, or destroy
In the year of 2020, expenses due to information leak was delicate data if safety efforts are not unified within
3.86 million dollars globally and 8.64 million for US. These applications and a robust application security practice is not
expenses incorporate the expenses of recognizing and followed.
reacting to the break, just as the expenses of personal time Application security might involve equipment,
and lost pay, just as the long-haul reputational damage to an programming, and procedures for distinguishing and
organization's image. Customers' personally identifiable alleviating security imperfections. A router with hardware
information (PII) - names, addresses, national identity application security keeps anybody from getting to a PC's IP
numbers, and credit card information - is focused on by address by means of the Internet. Application-level security
cybercriminals, who therefore sell the data on underground controls, for example, an application firewall that stringently
limits what activities are allowed and disallowed, are • Community inspection to distinguish and destroy
regularly executed into programming. weaknesses in source, binary, or byte code.
b) Dynamic Application Security Testing (DAST)
1) Application security types: DAST reproduces controlled attacks on a live internet-based
a) Authentication application or administration to discover exploitable
Authentication alludes to the systems that product designers blemishes.
use in a program to guarantee that only approved clients Advantages of Dynamic Application Security Testing for
access it. This may be done by requesting the client to engineers:
provide a username and password when signing into the • It very well may be joined into improvement,
program. A combination of elements, such as something you quality affirmation, and creation to give a
know (a secret text or information), something you have (a consistent, comprehensive viewpoint.
mobile phone), and something you are, are used in • Dynamic investigation takes into account a more
multifaceted confirmation (biometric). far-reaching way to deal with overseeing portfolio
b) Authorization hazards (a huge number of applications) and can
A client may be given permission to access and use the even output heritage applications as a component
application after being validated. By contrasting the client's of risk management.
identification with a rundown of approved clients, the • Useful application testing, in contrast to SAST,
framework might confirm that the client has authorization to isn't language headed, taking into account the
get to the program. Authentication should happen preceding detection of runtime and environment related
authorization for the application to coordinate with just errors.
approved client credentials to the approved client list. 3) Implementation of application security
c) Encryption a) E-Commerce application security
Other security measures may protect sensitive information [13] Giving security to web-based business is one of the
from being observed or used by a cybercriminal after a major undertakings of application security, and for that
client's confirmed that it had used the software. In cloud- numerous approaches have been embraced. One of these
based applications, sensitive data may be protected by approaches deals with providing the data only to approved
encrypting the traffic that travels between the end client and clients or users. This can be perceived as the capacity or
the cloud information. approval level of the client to play out an assignment on a
d) Logging given item.
In web-based business, application security is joined on
In cloud-based applications, sensitive data may be protected
each progression directly from the purchaser interfacing a
by encrypting the traffic that travels between the end client
secured connection, recovering the data of purchaser,
and the cloud. Application log documents monitor what
checking the item on a fraud free store, buying things by the
portions of the application have been gotten to and by
purchaser utilizing on the web installment passages and
whom.
finishing the exchange.
2) Application security testing and its types b) OS security
Application security testing is conducted as a component of Operating System security gives a safer and secure
the product advancement cycle to ensure that a new or environment at the endeavor level when contrasted with
overhauled adaptation of a product application doesn't have security given by its devices. Operating system security
any security defects. A security review can guarantee that validates and allows various applications and projects
the application meets a specific arrangement of safety empowering them to run different assignments and forestall
prerequisites. Engineers should ensure that only approved unapproved unsettling influences simultaneously.
clients approach the program after it passes the review. B. WIRELESS SECURITY
Between infiltration testing, a designer expects the job of a
cybercriminal and looks for ways of gaining admittance to Basically, wireless security is the protection of unapproved
an application. Social design or misleading clients into clients from getting to a wireless network. Moreover,
giving undesirable access are instances of penetration wireless security, frequently known as Wi-Fi security, tries
testing. Unauthenticated security checks and authenticated to ensure that individuals you support approach your
security checks (as signed in clients) are regularly utilized information.
by analyzers to recognize security weaknesses. In the present enterprise world, remote systems
administration is essentially significant for keeping
a) Static Application Security Testing (SAST)
individuals associated with the web. Nonetheless, Wi-Fi is
SAST examines the application source documents, profoundly powerless against hacking. This is the place
unequivocally distinguishes the root cause, and aids the where the requirement for guaranteeing solid remote
remediation of the fundamental security issues. security with the assistance of wireless security conventions
Advantages of Static Application Security Testing for comes in.
Developers: 1) Working of Wireless Security
• Audit static examination checks discoveries WEP and WPA which serve a similar capacity yet are
continuously with admittance to ideas, and a line- distinctive simultaneously, are the validation security
of-code route to uncover weaknesses quicker. conventions made by the Wireless Alliance used to
guarantee remote security [11].
To be certain your organization is secure, you should c) Password Recovery Mechanism
initially recognize which network you fall under. In the event that the recovery password method isn't done
accurately, it may either permit unapproved clients to reset
2) Types Of Wireless Security passwords or block approved clients from doing so. In this
As recently referenced, there are four primary kinds of segment, we perform analysis of the security and
remote security conventions. Each of these differs in utility convenience of email specialist co-op's recovery password
and strength. components.
a) WIRED EQUIVALENT PRIVACY (WEP) • Clients can recover passwords through email or
It utilizes a 24-bit initialization vector (IV) strategy. The telephone with a few email specialist co-ops. A
principal adaptations of the WEP calculation were not connection for restoring the password is shipped
transcendentally sufficient, in any event, when it was off the recuperation account when the password is
delivered. WEP was created by an IEEE volunteer recuperated through email. A token is given to the
gathering. The point of the WEP calculation is to give a safe telephone while using the telephone to recuperate
correspondence between two end clients of a WLAN. the password.
b) WI-FI PROTECTED ACCESS (WPA) • Password recuperation through internet-based
allure: Each email framework has its own strategy
WPA was introduced in 2003, one year before WEP
for recuperating passwords by means of a web-
discontinued. WPA incorporated the Temporal Key
based allure. In specific email frameworks, a client
Integrity Protocol (TKIP), a strong 128-digit key that was
can recuperate their password by finishing a
more diligently to break than WEP's static, unchangeable
progression of inquiries on the web, while in
key. WPA utilizes 256-bit encryption.
others, a client should contact the company to get
c) WI-FI PROTECTED ACCESS 2 (WPA2) their password.
After WPA was discontinued after 2006, WPA2 became
official replacement. WPA2 dislodged TKIP with the d) Password Reset Mechanism
CCMP, which is an unmatched encryption gadget that
A client can modify his/her secret password if his/her secret
utilizes the AES assessments. Since its creation, WPA2 has
key is hacked or utilized for quite a while. Each email
been the business standard.
framework has various ways of resetting the passwords. In
d) WI-FI PROTECTED ACCESS 3 (WPA3) some email frameworks, a client needs to enter both her
It utilizes 384-bit Hashed Message Authentication Mode, current and new secret key/passwords to create a new secret
256-bit Galois/Counter Mode Protocol (GCMP-256), and password. In the wake of resetting the secret key, an email
256-bit Broadcast/Multicast Integrity Protocol for individual telling the difference in secret key will be shipped off the
and endeavor security. WPA3 additionally upholds the client's recuperation email account, if such a record is given
forward mystery technique impeccably. In 14 years, WP3 is or in some email frameworks when a client resets the
bringing the first large changes to remote security. Some password, a 6-digit or 4-digit code is shipped off the client's
prominent augmentations for the security convention are: telephone or elective email account. By and large, the code
• More prominent protection. lapses in under 30 minutes and can't be reused.
• encryption for individual.
• Robust security for big business organization. 2) ANALYSIS OF MULTIPLE SIGN-IN MECHANISM
Various email accounts are extremely predominant among
clients. For instance, a client might have three email
C. EMAIL SECURITY
accounts: one for business/work, one for individual use, and
1) PASSWORD MANAGEMENT one for buying things from business sites. A client may wish
As a result, password management is important to email to sign into every last bit of her accounts simultaneously to
system security [4]. get to every last bit of her messages rapidly.
In this part, we look at the security of the five-email While various sign-in further develops email framework
system's password management policies. convenience, it likewise muddles email framework design
a) Password Composition Policy and presents new security concerns. The accompanying
Any account can be hacked if weak and easy to crack security needs ought to be met by different sign-in:
passwords exist. To keep clients from submitting feeble • Documents shipped off one email record ought not
passwords, email frameworks ought to in a perfect world be put away in another email record.
authorize a solid secret phrase structure strategy. The • Numerous sign-ins ought not to think twice about
accompanying passwords are usually viewed as shaky: ease of use of email frameworks. For instance,
passwords that contain all adjoining keys; and passwords numerous sign-in ought not keep clients from
that involve word reference terms are generally instances of utilizing administrations obtained without various
short passwords. sign-in.
b) Secure Password Transmission D. MOBILE DEVICE SECURITY
The login type of email frameworks ought to be shielded
The objective of cell phone security is to keep unapproved
utilizing HTTPS to keep assailants from catching clients'
clients from getting to the organization's network. It's only
passwords. On the off chance that the login page utilizes
one piece of a bigger security technique.
HTTP, a hacker can catch the user password and use it to
sign into email frameworks by tuning in on the organization.
[3] Mobile phones and apps are increasingly being targeted Making a strong secret password is basic strategies to
by cyber attackers. Majority of IT businesses may support prevent unauthorized access. It is important that workers
corporate applications on personal mobile devices during make solid, one-of-a-kind passwords (of no less than eight
the next three years. Users must, of course, have control characters) and make various passwords for various records.
over which devices have access to their network. To keep c) Leverage biometrics
network traffic secret, the user must additionally set up their Rather than relying upon customary techniques for versatile
connections. With the greater part of corporate PCs access security, similar to passwords, Biometrics is being
currently being portable, network security is tested to considered by a few organizations as a more secure option.
represent the areas in general and utilization that those The moment at which a computer uses quantifiable
representatives expect of the organization. Malicious biological traits is known as biometric validation., like face,
applications, phishing scams, data leaks, malware, and unique finger impression, voice, or iris acknowledgment for
unprotected Wi-Fi networks are for the most part possible recognizable proof and access. Biometric check processes
dangers to cell phones. What's more, companies need to take are now accessible on mobile phones and are simple to set
the risk of losing a mobile phone or the device being taken. up and use for workers.
To keep away from a security breach, organizations should
d) Avoid public Wi-Fi
clarify, safeguard steps to lessen the danger.
The security of a cell phone is just pretty much as protected
1) DIFFERENT TYPES OF MOBILE DEVICE as the organization's network it uses to send information.
SECURITY Workers should be instructed about the risks of utilizing
public free Wi-Fi networks.
a) Enterprise Mobile Management platform
e) Beware of apps
As well as building up inner device limitations to prevent
unapproved access, an Enterprise Mobile Management Pernicious applications are one of the most quickly creating
(EMM) stage that permits IT to get continuous experiences cell phone hazards. At the point when a client downloads
to recognize potential dangers is critical. one accidentally, regardless of whether, for expert or
individual purposes, unapproved admittance to the
b) Email security
organization and information is conceded. Organizations
Programmers(hackers) most normally use email to spread have two choices to handle this developing danger: Clients
viruses and malwares. To safeguard against such attacks, should be warned about the dangers of installing
organizations should have current email security that can unauthorized apps, and reps should be barred from
recognize, block, and react to dangers quicker, just as keep downloading particular apps from their network entirely..
away from information misfortune and secure sensitive data
f) Mobile device encryption
on the way with end-to-end encryption.
To encode their gadget, clients should find this choice on
c) Endpoint protection their gadget and input a secret word. Information is
This methodology secures enterprise networks. Endpoint transformed into a code that's only seen by approved clients
security provide security by ensuring devices follow utilizing this methodology. This is important in the event of
guidelines. Endpoint security likewise permits IT managers theft, as it prohibits illegal entry.
to monitors activity logs and data backup systems. 3) BENEFITS OF MOBILE DEVICE SECURITY
d) VPN Mobile Security helps us by providing the following
A virtual private network, also known as VPN. Distant users benefits:
and workplaces can securely access network and assets on • Adherence to regulations.
account of VPN encryption techniques. • Enforcement of security policies.
• Encouragement to "bring your own device" (BYOD).
2) Working of Mobile Device Security • Device upgrades may be controlled remotely.
Mobile gadget security requires a complex methodology just • Application management.
as an interest in business arrangements. While there are a • Device registration that is automated.
few significant parts to cell phone security, each • Data protection.
organization should figure out what turns out best for their Most importantly, cell phone security shields an association
network. from malicious hackers having the option to get to delicate
Highlighting some of the best mobile security practices: association information.
a) Maintain clear policies
Cell phone policies are just pretty much as effective as an III. THREATS AND PREVENTIONS
association's capacity to appropriately convey those
strategies to workers. Rules to be considered:
• Type of devices allowed.
• Operating system restrictions.
• Ability to erase device through remote location.
• Whether IT can erase a device remotely.
• Password policies.
b) Password protection
Fig. 1 Diagram of Enabling Technologies
 increase in incoming traffic is detected, we can transfer the
This section discusses different and harmful threats in selected software to a different virtual machine to prevent a
the cyber or digital world and ignites the prevention possible DDoS attack.
methods that can be used to protect our systems from the
following threats. A cybersecurity threat is a vindictive and B. BRUTE FORCE ATTACKS
purposeful assault by an individual or association to acquire A brute force attack is a cryptographic assault that works by
unapproved access to harm [3]. speculating all conceivable secret key blends until the right
one is found. It's a game of trial and error to figure out the
system's password. A brute-force assault accounts for one
Name of Attack Percentage of Attacks out of every four network attacks. Countless secret phrase
mixes are speculated involving robotized programming in
DOS 37% this attack.
Brute Force 25% A brute force attack can be tedious, hard to execute if
information confusion is utilized, and essentially
Browser attacks 9% incomprehensible now and again. If the password is weak,
however, it may just take a few seconds and little work to
Shellshock attacks 7% crack. For hackers, weak passwords resemble throwing
basketballs on the net, which is the reason each association
SSL attacks 6% ought to have a solid secret word strategy that applies to all
clients and frameworks.
Backdoor attacks 2% Types of Brute Force Attacks:

● Simple brute force

● Hybrid brute force
● Dictionary
● Rainbow table
● Reverse brute force
● Credential stuffing

1) Protection from Brute Force

Brute force attacks are ordinarily completed utilizing
feeble passwords and messy organization. Luckily, every
one of these spaces might be promptly addressed to stay
away from weaknesses that may put your organization or
site to a stop. Authorize the utilization of solid passwords,
and never use data that might be found online as a secret
A. DENIAL OF SERVICE ATTACKS (DDOS)
word.
How it works is that using bots or other services we put A portion of the strategies you can carry out to protect
too many illegitimate requests to the server, which results users:
in the server either crashing or slowing [10].
● Lockout method—After multiple failed attempts to
DDOS attack is a kind of refusal of service assault in open the account lock the account.
which the attacker uses many organizations’ network
sources to make the casualty lose administrative service. It
● Captcha— To sign into a framework, strategies like
reCAPTCHA need clients to get done with
may be launched by taking advantage of flaws in web
straightforward jobs. These tasks are effectively
servers, databases, and applications, causing resource
finished by clients, yet not by brute force tools.
unavailability.
● Solid and strong passwords—you can cause clients
1) Protection from Denial of Service to make long and complex passwords by
It is critical to accommodate all of the basic security needs compelling them to do as such. Occasionally secret
of cloud networks in order to avoid DOS assaults. After word changes ought to be commanded.
they've been designed, applications should be tested to make
sure they don't have any security flaws that the attackers can ● Two-factor authentication— To verify your
exploit. identity and allow access to the account, a variety
of methods can be utilized.
The DDOS attacks can be avoided by utilizing extra
bandwidth and using id verification or things like captcha to
verify if the one accessing the service is indeed a human and
maintaining a backup of IP pools for urgent cases [2].
Another technique for securing clouds from DDOS involves
using intrusion detection systems, so when an abnormal
C. MALWARE D. BROWSER ATTACKS
They are continually connected to the outside world,
interacting with websites and applications that have been
infected with malware by cybercriminals. Browsers are
data-rich, powerful tools that, if hacked, can supply an
attacker with a wealth of information about a victim.
We utilize our browsers to browse and send email, visit sites
to find out with regards to news in our fields, and work in
electronic functional frameworks consistently, and we
utilize those equivalent programs outside of the workplace
to check our financial balance adjusts, purchase labor and
products on the web, and surprisingly meet new
companions.
Once inside the framework, malware can hinder admittance
to basic parts of the organization, harm the framework, and 1) Possible attacks and prevention
assemble classified data, among others [5]. a) Cross-Site Scripting
This includes infusing vindictive code into a genuine site or
The reason for Malware is to cause harm or enter clients' application. The victim's program is coordinated to a weak
computers to hack individual information for criminal site (generally one they as of now entrust) with specific data
behavior like monetary violations. Numerous DoS encoded in the URL, making the victim's program download
infections are intended to annihilate records on a hard plate, malignant malware. This pernicious code is then a sudden
or to ruin the document framework by composing void spike in demand for the casualty's framework by means of
information to them. Benefit class of malware foster the program, sending delicate information from the
spyware that are programs intended to screen show casualty's program to the assailant's server for logging and
spontaneous commercials, clients' web perusing, or divert resulting use.
associate promoting incomes to the spyware makers.
b) Cross-Site Request Forgery
Types of Malwares: The vindictive entertainer makes the casualty's program
execute activities or make site demands without the
● Virus casualty's information or assent in this kind of assault. At
● Worms the point when a client is signed into their record on a site
● Trojan Horse that offers account-explicit usefulness, this kind of assault is
● Keylogger generally normal. The assailant can adequately go about as
● Rootkits the signed-in client utilizing cross-site request forgery on the
● Adware off chance that they can convince the casualty to click
uncommonly created connections to complete unlawful
● Ransomware
activities utilizing the casualty's record. Since they were
infiltrated by an attacker utilizing an endeavor in a site that
1) Protection from Malware the casualty trusts, the casualty is regularly unaware that the
Malware identification needs to be performed with the connections they are clicking are doing destructive
speedy location and approval of any example of malware to activities. This kind of assault can be awkward (for instance,
forestall further harm to the framework. if the aggressor changes the casualty's site settings),
a) Signature-based malware detection: however it can likewise be incredibly harmful in case a
bank's site is invaded, since the assailant might have the
Business antivirus scanners search marks which are option to bring in cash moves from the casualty's record into
consistently a course of action of bytes inside the malware their own (this bank model truly occurred in ING Direct
code to articulate assuming the code checked is dangerous. internet banking framework).
b) Specification-based malware detection:
Specification-based malware discovery is a useful method
2) Protection from Browser Attacks
where a distinguishing proof calculation facilitates the
insufficiency of example coordinating. Determination based ● Continuously ensure that you have the proper
acknowledgment comes from inconsistency or oddity-based antivirus and anti-malware introduced, installed,
ID. and running on your PC.
● Never click joins in messages from individuals you
c) Heuristic-based detection: don't have any idea. Messages are perhaps the
Heuristic-based identification can be utilized to distinguish greatest danger of assaults.
obscure viruses. It utilizes 'progressed' and 'passive' ● Twofold check the URL of destinations before you
heuristics for identifying the virus. Passive heuristics depend login. In case you're on a site that appears as
absolutely on checking a record. Progressed or 'active' though Facebook, guarantee that in your program's
heuristics include a controlled execution of the danger while area bar that the URL is https://facebook.com and
checking it for compromising conduct. not something different.
 ● Working frameworks disconnection should IV. FUTURE THREATS TO CYBER SECURITY
likewise be possible. In addition to the fact that it With the fast extension of Internet access and the
safeguards delicate corporate data from web improvement of Internet-empowered devices, an expanding
assaults, not at all like program and application number of individuals are utilizing the Internet in numerous
segregation arrangements, OS confinement ensures aspects of their life, regularly uncovering incredibly
against all assault vectors. Furthermore, likewise sensitive individual data without perceiving the risk of data
not at all like program and application seclusion, misuse. We accept that the difficulties encompassing end-
OS separation guarantees elite and dependability.
client privacy will keep on continuing in the future as the
measure of individual data shared through the Internet
E. MAN IN THE MIDDLE ATTACK grows [6].
The perpetrator of a man in the middle attack places himself The number and assortment of digital dangers will continue
in the middle of a dialogue between a user and an to increment year-on-year. These are some cyber threats that
application, making it look as though a normal and safe flow we would like to think that are significant from a future
of information is taking place. MitM assaults may be point of view: -
utilized to take login certifications or individual data, spy on A. Blockchain hacking and crypto jacking
the objective, harm correspondences, or degenerate
information, in addition to other things. Attacks on the blockchain framework are expanding, thus it
turns into a headache for cyber security. Lawbreakers are
Usually MitM is difficult to detect, despite the fact that it hacking the whole blockchain framework, and that is the
can be defended against by encryption. Once traffic has way by which they are gaining access to each, and every
been captured, successful attackers will either divert it to snippet of data included in the network. They get individual
phishing sites that appear authentic or just pass it on to its data and friends’ information too. Subsequently, satirization
intended destination. or identity theft is expanding on a bigger scale. They are
MITM attacks you will undoubtedly experience: likewise digging digital currencies for their wallets through
crypto jacking [8].
● Email Hijacking There are authentic sites where hoodlums can dig
● Wireless network Eavesdropping cryptocurrencies for the criminal wallet. The lawbreakers
● Session Hijacking cause them to do such mining. It's going to be one of the top
● DNS Spoofing ranked cyber threats very soon.
● IP Spoofing
B. Organized gangs
People working from their beds are as of now not
considered digital lawbreakers. Cybercrime has advanced
into an efficient multi-billion-dollar endeavor that shares
information and data across global boundaries. The pattern
has seen associations unite as one to make and convey a
huge scope of composed ransomware attacks, actually like
the WannaCry attack that saw over a fourth of 1,000,000
gadgets influenced across 150 nations. In the fate of network
protection, this sort of attack will turn out to be more
pervasive.
C. Untrusted internet
Individuals imagine that the Internet network can be trusted.
The web consists of a huge number of computer assets
spread all through the globe, which are all kept up with by a
huge number of people and associations. A portion of these
are legal entities and consequently they need to conform to
their public laws and guidelines. The quantity of suppliers
Fig. 2 MITM attack
will keep on expanding internationally, with some of them
working in countries with a terrible administrative
a) Prevention Of MITM Attack foundation.
Thwarting MITM attacks requires a couple of valuable steps D. State sponsered attacks
regarding clients, similarly as a mix of encryption and A portion of the digital assaults appeared to have started
affirmation procedures for applications. from inside unfamiliar legislatures. The biggest advantage
● Avoid open Wi-Fi connections. of cyber-attacks is even if a country knows of a state-
● Keep credentials secure. sponsored attack that has happened to it they cannot do
● Quantum cryptography can provide strong anything to prove it on the global stage so that any action
protection against MitM attacks. It is considered as can be taken. Nowadays more and more nations are taking
impossible to hack into quantum communication as advantage of these factors to steal classified information
it causes a change in the state of the qubits and thus
a breach can be easily detected.
from others. A cyber-attack on power generation can create ACKNOWLEDGMENT
issues at country level. We might want to recognize every one of those without
E. Ongoing disinformation campaign whom this venture could never have been effective. We,
The broad utilization of person-to-person communication right off the bat, might want to thank our teacher Prof.
destinations like Instagram, Facebook has furnished buyers Abhishek Vichare who directed us all through the venture
and gave gigantic help. He caused us to comprehend how to
with speedier admittance to news and a bigger scope of
effectively finish this paper and without him, this paper
material, and the chance to connect with individuals from
could never have been finished.
better places, yet they've likewise made it simpler for
noxious entertainers to take advantage of this requirement
This paper has been a root to understand and convey our
for data. These assailants control content, pictures, and
theoretical information to the real world. Thus, we would
recordings to accomplish their goals. Profound Fakes, bots
truly recognize his assistance and direction for this
via web-based media, and different strategies are often used
undertaking.
to spread bogus data or in any case impact assessment.
Many allegations have surfaced that large-scale event like
We would also like to thank ourselves as every member of
elections are now being influenced by these campaigns.
the team has given his 100% and has always been there
People are using advanced algorithms and systems to
whenever needed.
influence people's opinions.
F. Phishing attacks
REFERENCES
Nearly 1.4 million websites are created every month by
[1] Kazim, Muhammad & Zhu, Shao Ying , “A survey on top security
scammers to avoid the detection of cyber-attacks. But threats in cloud computing”, International Journal of Advanced
unfortunately, there are very few people who have Computer Science and Applications. 6.
undergone security training. This will boost the resources 10.14569/IJACSA.2015.060316.,2015.
available to these criminal groups to conduct even more [2] Pal, Parashu & Jain, Jitendra., “A Recent Study execution over Cyber
attacks and create more complex assaults and support other Security and its Elements”, Journal of Advanced Research in Law and
Economics, 2017.
illegal operations [9].
[3] T. Li, A. Mehta and P. Yang, "Security Analysis of Email Systems,"
G. Automobiles 2017 IEEE 4th International Conference on Cyber Security and Cloud
Computing (CSCloud), 2017, pp. 91-96, doi:
Automobiles are constantly becoming an appealing goal 10.1109/CSCloud.2017.20.
target for cyber thieves. Cyber thieves might undermine the [4] Midhunchakkaravarthy, Divya & Ganapathi, Padmavathi. (2013). A
controls and safety systems of contemporary cars and home Survey on Various Security Threats and Classification of Malware
Attacks, Vulnerabilities and Detection Techniques.International
gadgets, posing a serious threat. Journal of Computer Science and Applications. 3. 66-72.
For example, Tesla, a pioneer in the self-driving space, has [5] Julian Jang-Jaccard, Surya Nepal, A survey of emerging threats in
been recently receiving a lot of flak over its autopilot cybersecurity, Journal of Computer and System Sciences, Volume 80,
systems. Many recent studies claim that Tesla owners could Issue 5,2014.
be at the highest risk of cyber-attacks as all tesla cars are [6] S. R. Kumar, S. A. Yadav, S. Sharma, and A. Singh,
connected to the main server 24/7 and in case tesla was "Recommendations for effective cyber security " 2016 International
Conference on Innovation and Challenges in Cyber Security
hacked, it could prove to be dangerous. (ICICCS-INBUSH), 2016, pp. 342-346, doi:
10.1109/ICICCS.2016.7542327.
V. CONCLUSION [7] Tushar P. Parikh et al. “International Journal of Research in Modern
In this survey, we have analyzed the numerous categories of Engineering and Emerging Technology” Vol. 5, Issue: 6, June: 2017,
Cyber security aspects such as Application Security, (IJRMEET) ISSN: 2320-6586
Wireless Security, Email Security, and Mobile Devices [8] S. Z. Sajal, I. Jahan and K. E. Nygard, "A Survey on Cyber
Security Threats and Challenges in Modern Society," 2019 IEEE
Security and the threats to the cyber world in general. We International Conference on Electro Information Technology (EIT),
have also talked about the emerging threats in this domain 2019, pp. 525-528,
that will become of importance in the future. [9] Vishal Kumkar, Akhil Tiwari and Pawan Tiwari, “Vulnerabilities of
Wireless Security protocols (WEP and WPA2)” International
Earlier cybercrimes were existent on small levels, mostly Journal of Advanced Research in Computer Engineering &
done by individuals just for fun purposes. But, in the present Technology, ISSN: 2278 – 1323, April 2012
scenario and in the near future, the threats of cybercrimes [10] Merritt Maxim and David Pollino, “Wireless Security” Jalaluddin
continue to evolve and have become more sophisticated. Khan, Haider Abbas, Jalal Al-Muhtadi, Survey on Mobile User's Data
Different types of cyberattacks like ransomware, phishing Privacy Threats and Defense Mechanisms, Procedia Computer
have made it very easy for these criminal groups to infiltrate Science, Volume 56, 2015 E. FitzGerald, R. Ferguson, A. Adams, M.
Gaved,
big corporations’ databases and systems and extract huge
[11] D. Yadav, D. Gupta, D. Singh, D. Kumar, and U.Sharma,
ransoms to release the data [7]. "Vulnerabilities and Security of Web Applications," 2018 4th
Also, these criminal groups are coming into competition International Conference on Computing Communication and
Automation (ICCCA), 2018, pp. 1-5, doi:
with each other which is increasing the quantity and quality 10.1109/CCAA.2018.8777558.
of these cyber threats. Thus, it is important for us to analyze [12] T. M. Mbelli and B. Dwolatzky, "Cyber Security, a Threat to Cyber
and also simultaneously work on evolving our cyber Banking in South Africa: An Approach to Network and Application
security tactics. Make people aware of cyber threats and Security," 2016 IEEE 3rd International Conference on Cyber Security
make them aware of precautions that can help them and Cloud Computing (CSCloud), 2016, pp. 1-6, doi:
safeguard their data and their privacy.
[13] Rossouw von Solms, Johan van Niekerk, From information security [35] Tweneboah-Koduah, S., Skouby, K. E., & Tadayoni, R. (2017, May
to cyber security, Computers & Security, Volume 38, 2013, Pages 97- 26). Cyber Security Threats to IoT Applications and Service Domains
102, ISSN 0167-4048, https://doi.org/10.1016/j.cose.2013.04.004. - Wireless Personal Communications. SpringerLink;
[14] R. A. Popa, J. R. Lorch, D. Molnar, H. J. Wang, and L. Zhuang, link.springer.com.
“Enabling security in cloud storage slas with cloudproof.” in USENIX [36] National Cyber Security Strategies: Global Trends in Cyberspace -
Annual Technical Conference, vol. 242, 2011. ProQuest. (n.d.). National Cyber Security Strategies: Global Trends
[15] Rowe, Dale C., Barry M. Lunt, and Joseph J. Ekstrom. "The role of in Cyberspace - ProQuest; www.proquest.com. Retrieved May 20,
cyber-security in information technology education." Proceedings of 2022, from
the 2011 conference on Information technology education.ACM, [37] Journal of Medical Internet Research - Cybersecurity Risks in a
2011. Pandemic. (2020, September 17). Journal of Medical Internet
[16] Detection and Prevention of Passive Attacks in Network Security” Research; www.jmir.org.
ISSN: 2319-5967 ISO 9001:2008 Certified International Journal of [38] Cyber Security Attacks on Smart Cities and Associated Mobile
Engineering Science and Innovative Technology (IJESIT) Volume 2, Technologies - ScienceDirect. (2017, June 12). Cyber Security
Issue 6, November 2013 Attacks on Smart Cities and Associated Mobile Technologies -
[17] “Quick Reference: Cyber Attacks Awareness and Prevention Method ScienceDirect;
for Home Users” International Journal of Computer, Electrical,
Automation, Control and Information Engineering Vol:9, No:3, 2015
[18] Abomhara, Mohamed, and G. M. Kien. "Cyber security and the
internet of things: vulnerabilities, threats, intruders and attacks."
Journal of Cyber Security 4 (2015): 65-88.
[19] “Cyber security: risks, vulnerabilities and countermeasures to prevent
social Engineering attacks” International Journal of Advanced
Computer Research, Vol 6(23) ISSN (Print): 2249-7277 ISSN
(Online): 2277-7970
[20] Min-kyu Choi, Rosslin John Robles, Chang-hwa Hong, Tai-hoon
Kim, “Wireless Network Security: Vulnerabilities, Threats and
Countermeasures,” International Journal of Multimedia and
Ubiquitous Engineering, Vol. 3, No. 3, July 2008, pp.77-86, ISSN:
1975-0080.
[21] I. Foster, J. Larson, M. Masich, A. C. Snoeren, S. Savage, and K.
Levchenko. Security by any other name: On the effectiveness of
provider based email security. In CCS ’15, 2015.
[22] B. Thuraisingham, C. Clifton, A. Gupta,“Directions for Web and E-
Commerce Applications Security”, Massachusetts, October 2002.
[23] Katkar Anjali S., Kulkarni Raj B. “Web Security.” International
Journal Of Innovative Research & Developement, 2012.
[24] Shkoukani, H. Abusaimeh, “Survey of Web Application and Internet
Security Threats”, IJCSNS International Journal of Computer Science
and Network Security, 2012.Techopedia Inc. “Operating System
Security(OS Security).” techopedia.com. 2019.
https://www.techopedia.com/definition/24774/oper ating-
system security-os-security.
[25] Stone, D. (2015). Detecting Cyber Attacks. Retrieved from
Everyday Life - Global Post:
[26] Andress J. The basics of information security: understanding the
fundamentals of InfoSec in theory and practice. Elsevier; 2011.
[27] Luo X, Brody R, Seazzu A, Burd S. Social engineering: the neglected
human factor for information security management. Information
Resources Management Journal. 2011; 24(3):1-8.
[28] Arnaja Sen, Lipika Mahajan, Priyanka Kuwor and Asha Khatri, P.
2016. “Wireless security systems”, International Journal of Current
Research, 8, (05), 30389-30392
[29] Arash habibi lashkari, Mir Mohammad Seyed Danesh, Behrang
Samadi, 2009. “A Survey on Wireless Security protocols (WEP,
WPA and WPA2/802.11i)”, International Conference on Computer
Science and Information Technology.
[30] Bhagyavati, Wayne C. Summers, Anthony DeJoie;”Wireless Security
Techniques: An Overview”; InfoSec Conference, September 2004
[31] Dunn Cavelty, M. Breaking the Cyber-Security Dilemma: Aligning
Security Needs and Removing Vulnerabilities. Sci Eng
Ethics 20, 701–715 (2014).
[32] Almaiah, M. A., Al-Zahrani, A., Almomani, O., & Alhwaitat, A. K.
(2021, May 1). Classification of Cyber Security Threats on Mobile
Devices and Applications | SpringerLink. Classification of Cyber
Security Threats on Mobile Devices and Applications | SpringerLink;
link.springer.com.
[33] Humayun, M., Niazi, M., Jhanjhi, N., Alshayeb, M., & Mahmood, S.
(2020, January 6). Cyber Security Threats and Vulnerabilities: A
Systematic Mapping Study - Arabian Journal for Science and
Engineering. SpringerLink; link.springer.com.
[34] Application of deep learning to cybersecurity: A survey -
ScienceDirect. (2019, March 6). Application of Deep Learning to
Cybersecurity: A Survey - ScienceDirect; www.sciencedirect.com.