Content uploaded by Ashfaq Ahmad Najar
Author content
All content in this area was uploaded by Ashfaq Ahmad Najar on May 17, 2022
Content may be subject to copyright.
Data Mining & Predictive Analytics (2021): 69-84
Editors: V.Kumar, R Rajesh, T.M Thasleema & S. Manohar Naik
Today & Tomorrow’s Printers and Publishers, New Delhi – 110002
ISBN 10:81-7019-700-6 ISBN 13: 9878170197993
Cyber Security:
Vulnerabilities and Attacks
Ashfaq Ahmad Najar and Dr. Manohar Naik S
Department of Computer Science,
Central University of Kerala
Abstract— Due to the abrupt growth of adversarial
techniques, current threats have become more advanced and
complicated. As more companies become reliant upon online
services, Cyber Attacks have become a more attractive strategy
for hackers looking to create chaos and disruption. As a
consequence, Cyber security has become a high priority issue
to protect Cyberspace. Even most common and simple attacks
like (Denial of Service, Phishing, etc.) exploit an enormous
threat to the internet community. According to a CNN Business
report, financial services company capital one suffered a cyber
breach that happened on March 22 and 23, 2019, revealing
data from about 100 million people in the U.S. and about 6
million people in Canada. Also, it has been reported, that due
to this Cyber-attack, Capital One Financial Corporation is
expected to suffer from $100 million to $150 million costs in
2019. In this paper, we provide a systematic review of the need
for Cyber security including Vulnerabilities and recent Threats
in Cyber security. We will also look for the Detection and
Protection Mechanism.
Keywords—CyberSecurity,Threats,Attacks,Detection,Pro-
tectionMechanism.
I. INTRODUCTION
According to the data announced by Indian Computer
Emergency Response Team (CERT-In), 49,455 Cyber
security incidents were recorded in 2015.Similarly,
50,362 in 2016, 53,117 in 2017, 2,08,456 in 2018 and
3,13,649 in 2019 till October) respectively [1]. As per the
Data Security Council of India (DSCI) report, between
2016 and 2018, India was the second most affected
country by cyber-attacks [2]. These types of significant
reports of Cyberattacks have proven an immense threat to
the internet community and have taken the attention of
today’s Cyberworld. This report has opened up an
essential discussion about Cyber security and its
unpredictability. As per Kaspersky Lab, There were 758
million malicious assaults (an assault propelled at regular
intervals) in 2016, and there is no uncertainty that the
record will be broken in 2019 [3], [4]. One of the most
common threats in Cyber security is Ransomware and it
has also been reported that Ransomware attacks
worldwide rose 350% in 2018 and are estimated to cost
$6 trillion annually by 2021 [6]. Moreover, As per Juniper
Research estimates, 2019 Cybercrimes costs will surpass
$2 trillion, a four-fold increase from only four years
earlier (The Future of Cybercrime and Security: Financial
and Corporate Threats Mitigation, Juniper Research
Report). In 2020, cumulative financial costs are predicted
to double to $5 trillion (Cyber Defense Magazine) [7].
Developing at this pace, Cybercrime threatens to become
even more devastating for businesses in years to follow.
For companies across the globe, this strengthens the
imperative to implement advanced data security
strategies. To do so efficiently, they need to understand
what are the most significant threats to the data.
Therefore, there is a strong need to develop a security
mechanism against these attacks to protect the end-users
and data/information from malicious behavior and to
provide a safer service. Therefore, “Cyber security is a
range of resources, regulations, security principles,
security protocols, rules, risk management strategies,
activities, training, best practices, protection and
technology that can be used to secure the cyber
environment and the entity and properties of the user”.[9],
[10] [11].
The paper seeks to improve the perception of risks and
their qualities (motivation and capacity) from different
external sources, such as organizations and intelligence.
The rest of the paper is ordered as follows: Section II
introduces the significance of Cyber security. Section III
“Recent Vulnerabilities and Attacks” presents various
recent Vulnerabilities and attacks in Cyber security.
Section IV “Detection and Protection Mechanism” covers
various detection and protection mechanisms in Cyber
security. Section V “Conclusion”. We will conclude in the
section V.
II. SIGNIFICANCE OF CYBERSECURITY
Cyber security is one of the key challenges in the
Cyberworld. Cyber-attacks focus mainly on government
websites, financial systems, news and media websites,
military network, as well as public infrastructure systems
[13]. It is difficult to gauge the value of these targets, and
estimates often vary between an assailant and a protector.
Motifs for attacks include identity theft, intellectual property
theft and financial fraud, and critical attacks on
infrastructure. It is very hard to list what spurs programmers
to assault frameworks [13]. For example, the theft of credit
card information is now a hacker activity, and cyber-terrorist
organizations target government networks for political and
religious purposes. [13]. The main motivation behind the
importance of Cyber security is that it encompasses each
and everything that is related to protecting or defending our
dominant data and information such as personally
identifiable information ( bank account numbers, credit card
numbers, Social Security numbers ), Protected health
information (PHI) such as conversations between doctors
and nurses about treatment, billing information and any
health insurance company’s computer, government and
business information systems from stealing and
vandalization attempted by hackers and adversaries [7].
The total malware infections growth rate (in millions) over
past 10 years are presented in Figure 1 and it shows a
tremendous growth in 2018 [5].
Fig. 1: Total malware infections growth rate(in millions) past 10
years [5], [12].
Fundamentally, In the Digital world, everything is related to
technologies and our culture has become ever more
technologica lly reliant and there’s no sign that this current
phenomenon will slow. The traditional approach was to
focus resources on critical components of the network to
defend against the major security threats, leaving
components defenseless and not protecting systems against
less dangerous risks. [9]. Advisory organizations promote a
more constructive and pragmatic approach to the current
environment. [9]. Therefore, large and small companies,
workers, and individuals could and should adopt best
practices in cyber security. [14]. Researchers also found a
huge cache of Facebook user account information on
Amazon cloud servers revealed in April 2019. This incident
exposed approximately 146 GB of data containing more
than 540 million documenting messages, likes, responses,
user names, Facebook IDs and other sensitive information.
[15]. Furthermore, According to Canva, an Australian web
design tool, found out in May 2019 that hackers had
infiltrated their network systems and collected data from up
to 140 million users. The organization claimed that the
incident was triggered by usernames and email addresses of
customers. [16]. According to check point security Table1
shows the major attacks incidents from January to December
2019.
Table1: The major attacks incidents from January to December
2019. [17].
S.No
Month and Year
Cyber Attack
1
January 2019
$534 Million is stolen from
Japan’s largest digital currency
exchange.
2
February 2019
Adult Swine, a mobile malware
infecting children's game Apps
with adware, is downloaded by
up to 7 million users.
3
March 2019
The city of Atlanta suffers an
attack that locks down city-
systems for over a week.
4
April 2019
Saks 5th Avenue and Lord and
Taylor have 5 million customers’
credit card details
stolen.
5
May 2019
Users of Copenha gen’s city
bikes are denied access due to
the system being hacked.
6
June 2019
340million records of Americans
and business are leaked from the
Florida based
marketing firm.
7
July 2019
Singapore suffers its biggest
Cyberattack with the theft of 1.5
million patient records, including
the Prim e minister’s.
8
August 2019
Hackers attack British Airway’s
mobile app and steal credit card
details of almost 400,000
customers
9
September 2019
30 million Facebook users’
phone numbers and personal
details are exposed in a major
breach of privacy.
10
October 2019
On slow water and Sewer
Authority suffers a ransomware
attack impeding efforts to
provide services.
11
November 2019
Hackers steal the personal details
of 500 million Marriot owned
Starwood Hotel Customers
12
December 2019
Ransomware causes printing and
delivery disruptions to the LA
Times, WSJ and NYT
newspaper.
Therefore, seeing these incidents growing day by day you,
need a defense mechanism to protect your organization from
these attacks. That is why, Government is also putting full
efforts on Cybercrimes (General Data Protection Regulation
(GDPR is great example) and in this way, Cyber security
plays an important role to protect or data/information from
these malicious attacks. In Nutshell, we can say that in
today’s digital world without Cyber Security/defense
mechanism is like a ship without a Rudder.
III. RECENT VULNERABILITIES AND ATTACKS
In computer security, threat refers to an action or
anything that takes the advantage of computer vulnerability
in a system to cause serious damage to a computer system.
Threat and attack are two different terms, threat can lead to
attack on a computer system. Threat can might use any type
of attack to gain sensitive information about a network and
crash or damage that network. E.g.; Hacker may use the TCP
Syn attack to exploits the Three-way handshaking
mechanism. While as, Attacks are the measures designed to
damage a system by exploiting vulnerabilities using various
methods and tools to disrupt normal operations. Attackers
dispatch assaults to accomplish objectives either for
individual fulfillment or reward. [13]. Measuring an
attacker’s effort expressed in terms of their abilities, assets
and motivation is referred to as the cost of the attack [13]. In
Cyber security, computer vulnerability is actually a defect in
a system that can lead system open to attack or it is fragility
in a system that allows a vulnerable person/intruder to
execute commands, access the confidential data and/or run
Denial-of-Service (DOS) and Distributed Denial-of-Service
(DDoS) attacks. Some common vulnerability present in
computers such as: SQL Injection, Buffer Overflow, OS
command Injection, Missing authentication, Path Traversal
etc. That is why, network personal and users must aware and
should also stay informed about these current vulnerabilities
in the software they use and find the ways to protect against
them. As per the Sky box research report, 2018 has exceeded
the previous year’s vulnerability influx, tacking on a 12–
percent rise over 2017’s total of number of vulnerabilities
published. As seen in the Figure2 below, 16,412 new
Common Vulnerabilities and Exposures (CVEs) published in
2018 and 14,595 in 2017. It seems 2017 has become the
initial raising of the bar and and we expect it to have the
identical amount in the coming years [18]. Moreover,
Fig. 2: New Common Vulnerabilities and Exposures CVEs [18]
When analyzing the distribution of vulnerabilities by the
type of systems on which they exist, a similar trend can be
seen in 2018 when compared with 2017: business
applications and internet and mobile vulnerabilities account
for the majority. As presented in the Figure 3 and Figure 4
below, these categories each account for more than 20
percent of vulnerabilities published in 2017 and in 2018 [18].
The most vulnerable product in 2018 was Google Android,
and the most vulnerable business application was Oracle
MySQL [19].
Fig.3: Vulnerabilitiesby Category2017[18]
Fig.4:VulnerabilitiesbyCategory2018[18]
Now in this section, we will see the recent significant Cyber
attacks. Cyber attacks are offensive actions of any kind
directed against the use of different methods for stealing,
changing or harming data or information systems, such as
computers, infrastructures, computer networks or personal
computer devices. [22]. For instance;
A) Distributed denial-of-service (DDoS) attacks:
A distributed denial-of-service (DDoS) attack aims to
hindering the access of legitimate users to a target system or
services by overwhelming the resources. For instance, the
networks or processing capabilities of victims are
overwhelmed by a huge stream of packets by exploiting
Internet applications or network layer services and protocols
from attackers [23]. As a result, the networks or processing
capabilities of the victims could not serve normally and
denied the victims services [23]. In addition, if a diligent
mitigation approach is not implemented, a DDoS victim can
experience a total or partial loss of its services and data [23].
So far, this attack’s main threat is due to its distributed
nature [23]. On Wednesday, 28 February 2018, the GitHub
application hosting site experienced the largest Distributed
denial of service (DDoS) attack, which exceeded
unprecedented 1.35 Tbps across 126.9 million packets. [24].
Interestingly, attackers did not use any botnet network,
Instead weaponized misconfigured Memcached servers to
amplify the DDoS attack. In March 2018 Arbor Networks
recorded a 1.7Tbps amplification attack against one of its
unapproved United States customer websites with its global
ATLAS and Distributed denial of service threat data system.
This was the world’s la rgest Distributed denial of service
attack recorded and broke after five days [25]. There are
various types of DoS and DDoS attacks; TCP SYN flood
attack, TCP PUSH+ACK attack, HTTP flood attack, etc. are
the most common.
B) Ransomware:
Ransomware is a type of malicious software which usually
blocks access to the computer system or to data by
encrypting it, until the victim pays a fee to the attacker. If
the victim doesn’t pay in time, the data will always go away.
Ransomware attacks are all too popular these days [26]. In
the statistics released by the website Statista, In 2018, the
average cost of Ransomware-induced cyber insurance
claims was US$ 229,000.The main causes of Ransomware
infections were spam and phishing/ spear phishing emails
and fake websites and web ads. Iran, the United Arab
Emirates and the Thailand were the countries with the
highest rates of Ransomware infections in 2018 [27].
According to Managed Service Provider (MSP) providers
claim Crypto Locker, followed by WannaCry and
CryptoWall, were the most commonly encountered sources
of Ransomware by the Ransomware attack victims. [28].
C) SQL injection attack:
For database based websites, SQL injection has become a
common issue. It happens when a male component uses
input data from client to server to perform a SQL query to
the database. In order to execute predefined SQL
commands, SQL commands are inserted into the data-plane
input. An efficient SQL injection attack is capable of
reading sensitive data from the database, altering or
modifying or delete database, managing operations (for
example, shutdown), file contents retrieval, and in some
cases, issue operating system commands [29]. It is based on
the fact that SQL does not really distinct control planes from
data planes that is vulnerable to this form of cyber security
attack [29]. SQL injections therefore operate mostly when a
website uses dynamic SQL. According to research
conducted by United States-based cloud service provider
Akamai, has shown that more than 85% of attacks are
triggered by SQL injection and Local Filer Inclusion. [30].
D) Cross-site scripting (XSS) attack:
Cross-site Scripting (XSS) is an intrusion attack on the
client side of the file. The attacker attempts to execute
malicious scripts in a victim’s web browser by integrating
malicious code into a legitimate web page or web
application [29], [31]. If the user sends a request from the
website, the website sends the page to a client of the victim
that runs the wrong script, with a n intruder’s code, as pa rt of
the HTML document, For instance it could send a victim’s
cookie to the assaila nt’s server and could be retrieved and
used to hijack the session by the offender. The XSS
vulnerability (cross-site scripting), which makes up 18
percent of the bugs found, has been the most popular bug on
websites around the world for the past nine years [32].
According to the CISCO Annual Cyber Security Report,
53 percent of cyber attacks in 2018 caused organizations
more than $500 billion in financial loss. [19].
Figure 5 shows the total number of vulnerabilities identified
annually between 2015 and October 2019 [21].
According to a study from the Zero Day Initiative (ZDI),
the vulnerability of SCADA (Surveillance and Data
Acquisition) systems was, and will continue to be, affected
for some time. The most known vulnerabilities occurred in
2018 over the past five years, with 2019 being second [20].
Figure 5 shows the total number of vulnerabilities identified
annually between 2015 and October 2019 [21].
According to CSIS report, the various Significant Cyber
attacks in 2019 are presented in table below [33]:
S.No
Year and
Month
Cyber Attack
1.
2019
November
Iranian hackers targeted the accounts
of employees at major manufacturers
and operators of industrial control
systems [33].
2.
2019
November
An alleged non-state actor targeted the
UK Labour party with a major DDoS
attack that temporarily took the party’s
computer systems offline [33].
3.
2019
October
An Israeli cyber security firm was
found to have sold spyware used to
target senior government and military
officials in at least 20 countries by
exploiting a vulnerability in WhatsApp
[33]
4.
2019
October
A state-sponsored hacking campaign
knocked offline more than2,000
websites across Georgia, including
government and court websites
containing case materials and personal
data [33]
5.
2019
October
India announced that North Korean
malware designed for data extraction
had been identified in the networks of
a nuclear power plant [33]
6.
2019
September
Hackers with ties to the Russian
government conducted a phishing
campaign against the embassies and
foreign affairs ministries of countries
across Eastern Europe and Central
Asia [33].
7.
2019
September
North Korean hackers were revealed to
have conducted a phishing campaign
over the summer of 2019 that targeted
U.S. entities re-searching the North
Korean nuclear program and economic
sanctions against North Korea [33].
8.
2019
August
In order to distribute malware to the
Uyghur community, China used
hacked websites with previously
undisclosed Apple, Google, and
Windows phones [33].
9.
2019
August
Chinese government-sponsored
hackers have targeted several United
States cancer institutes to obtain
information on cutting-edge cancer
research. [33].
10.
2019
August
North Korean hackers carried out a
phishing campaign in at least3
countries against foreign
policymakers, focusing on those who
study North Korean energy and related
international sanctions [33]
11.
2019
August
Networks of various government
agencies in Bahrain and critical
infrastructure suppliers have been
traded in Iran-linked hackers. [33]
12.
2019 July
Chinese government-sponsored
hackers conducted a spear-phishing
campaign against employees of 3
major United States utilities. [33].
13.
2019 July
In Capital One, the hacker has
obtained details on 100 million credit
card applications, including Social
Security and bank number. [33]
14.
2019 July
An Iranian hacking group targeted
LinkedIn users associated with
financial, energy, and government
entities operating in the Middle East
[33]
15.
2019 July
A number of major German industry
firms, including Baden Aniline and
Soda Factory, Siemens, and Henkel,
reported being the target of the
Chinese government-sponsored
hacking campaign [33].
16.
2019 July
A Chinese hacking group has been
found to involve government agencies
in information technology, foreign
affairs, and economic development
throughout East Asia [33]
17.
2019 July
Microsoft revealed that it had detected
almost 800 cyber-attacks over the past
year targeting think tanks, non-
governmental organization (NGO) ,
and other political organizations
around the world, with the majority of
attacks originating in Iran, North
Korean, and Russia.
18.
2019 June
Western services have allegedly
hacked Yandex to the Russian web
search company to spy on user
accounts at the end of 2018
19.
2019 June
In the course of seven (7) years, a
Chinese intelligence organization has
been monitoring activists, politicians,
and alleged spies through ten (10)
foreign Telephone/mobile phone
providers in thirty (30) nations [33].
20.
2019 June
The United States has announced that
it has started offensive cyber
operations against Iranian computer
systems that manage rocket and
missile launches [33]
21.
May 2019
Chinese state-sponsored hackers
attacked government organizations in
2 separate Middle East countries [33].
22.
May 2019
Unidentified entities across the
Philippines have been reportedly
targeted by a Chinese government-
sponsored hacking group
23.
May 2019
Iran has developed a network of
websites and accounts used to
disseminate false information on the
United States, Israel, and Saudi Arabia
[33]
24.
2019
April
To distribute rumors of corruption in
Lithuania, Hackers used spoofed email
addresses to discredit the Minister of
Defense[33]
25.
2019
April
Pharmaceutical company Bayer
announced it had prevented an attack
by Chinese hackers targeting sensitive
intellectual property [33]
26.
2019
March
An Iranian cyber hacking network in
Saudi Arabia and the United States
targeted government and industry
digital infrastructure [33]
27.
2019
March
In the run-up to EU elections in May,
Russian hackers attacked a number of
European government agencies [33]
28.
2019
February
A hacking campaign targeted Russian
companies linked to state-sponsored
North Korean hackers [33
29.
2019
February
In the early stages of breaching
computing systems from multiple
political parties and the Australian
Federal Parliament, state-sponsored
hackers were caught up [33]
30.
2019
January
The Center for Strategic and
International Studies was at-tacked by
hackers affiliated with the Russian
intelligence services [33]
31.
2019
January
The United States Justice Department
announced a disruption of a North
Korean botnet used to target media,
aerospace and financial and critical
infrastructure companies [33]
32.
2019
January
Former United States intelligence
workers were found to work for the
United Arab Emirates to help activists,
diplomats, and foreign government
officers in hacking their telephones in
the country [33].
IV. DETECTION AND PROTECTION
MECHANISM:
Regardless of the mechanisms of protection and
prevention in place, security attacks can succeed and
continue within the network of an organization. Detecting
these attacks at the earliest onslaught is extremely
important in order to take action to stop further damage
[34]. The broad term Intrusion Detection is used to
describe mechanisms for detecting a security attack (or
occurrence) [35]. There is no standard approach to
detecting attacks. Common three approaches are used to
monitor Audit trails, reports, malicious code deployment,
logins, etc. to detect the existence of a host-based attack.
[34]. The network entry packets are checked to determine
whether they fit the signatures of known security threats
by the network-based intrusion detection [35]. Anomaly-
based intrusion detection is designed to find inadequate
use of network or device resources and possible flag
problems [35]. There are several types of intrusion
detection systems available today, including vendor-
specific devices [34]. SNORT is a free open-source
intrusion detection program. In evaluating an IDS, the
types of attacks an IDS can detect, the operating systems
that it supports, whether this can account for massive
quantities of traffic, if large quantities of data, the
management structure and complexity are easily
understood [34]. Intrusion Detection Systems and
Firewall combinations, known as Intrusion Prevention
systems, are available today as well. Rate-based IPSs
block the flow of traffic if it is seen to surpass normal
rates [34]. If signatures of known security threats are
detected, signature-based IPSs block traffic. Safety
processes are the elements that have direct contact with
content Threats. While the overall process requires many
other elements of safety, these mechanisms are at the end
of the business of technological security [34]. As
mentioned above, Distributed Denial of Service (DDOS)
attacks put an immense threat to the resources of the
victim (CPU, memory) as well as to the network
bandwidth and infrastructure [23]. Protection against
DDoS attacks is therefore more efficient against DDoS
attacks as it guarantees avoidance of DDoS attack traffic
and handles massive attack loads before the attack can be
successful. According to Oleg Kupreev, Ekaterina
Badovskaya, Alexander Gutnikov, several DDoS attacks
against Ecuador have occurred in the second half of April
2019 [36]. We will outline all major techniques of
protection/prevention against DDoS attacks in this
section.
A. Prevention using filters:
Filtering techniques mainly prevent a target from being
attacked as well as being an unintended intruder. In general,
all filtering strategies are applied to routers to ensure that
only legitimate traffic can enter a network [23]. There are
different filtering techniques such as ingress/egress filtering,
Router-based Filtering, Martian address filtering, and source
address validation, Hop-count filtering, etc.
B. Secure overlay:
This is another DDoS prevention mechanism that covers a
network subset. The idea behind this method is to build up
an overlay network on top of the IP network. This overlay
network is the entry point for the outside network to
establish communication to the protected network [23].
C. Honeypots:
A honeypot/honeynet is an important DDoS prevention
mechanism. Here, honeypots/honeynets are some less stable
networks that draw assailants to attack. A honeynet imitates
a legitimate network in order to deceive an attacker so that
the intruder feels he has targeted the machine itself.
Therefore, the actual system remains secure [23].
D. Load balancing:
It is an approach that tries to balance loads of different
systems so that no one system gets overloaded. The result of
the load balancing helps to gain the optimal productivity as
well as the maximum uptime. In situations where a server is
faced with a DDoS attack, a load balancer guarantees
stability as it redirects traffic to other active and unattached
servers. A bandwidth increase is necessary on all critical
connections to ensure maximum load balancing [23].
E. Prevention based on awareness:
If the general user takes preventive measures in their own
system, certain DDoS attacks can be avoided [23].
F. Changing IP addresses:
In this technique, the computer system changes its IP
address to invalidate an old address that may be the potential
target of DDoS attacks. If the attack is based on IP address,
this process will be successful.
G. Disabling unusual services:
Some services like UDP echo, character generator services
can cause DDoS attack threats. Disabling these services can
therefore defend a network against some kind of DDoS
attacks [23].
H. Applying security patches:
It is also important to regularly update all security patches to
ensure that bugs or worms do not impact the program.
V. CONCLUSION
In this systematic review, we have presented a
comprehensive and systematic review of Cyber security.
We have also seen why Cyber security become a
challenging issue in the digital world and why should we
take Cyber defense seriously. We have also summarized
different types of attacks, Threats Vulnerabilities, attack
detection methods, and Protection mechanisms. We have
identified the key features of the attacks. However, this
review will work as an easy-to-understand foundation of
Cyber security for its systematic explanation and analysis.
VI. REFERENCES
[1] https://economictimes.indiatimes.com/tech/internet/3-
13-lakhcyber-security-incidents-reported-till-october-
this-year/articleshow/ 72489906.cms
[2] https://www.businessinsider.in/india/news/personal-
data-protection-billwill-be-discussed-in-parliament-
here-is-what-cyber-experts-have-
tosay/articleshow/72153785.cms
[3] https://outpost24.com/blog/top-10-of-the-world-biggest-
cyberattacks
[4] https://freemanagementresources.com/marriott-cyber-
attack/
[5] https://www.google.com/search?q=otal+malware+infect
ions+growth+rate(in+millions)+past10+years
[6] https://www.wired.com/story/biggest-cybersecurity-
crises-2019-so-far/
[7] https://www.symantec.com/definitions/why-is-cyber-
security-important
[8] https://purplesec.us/resources/cyber-security-statistics/
[9]
https://searchsecurity.techtarget.com/definition/cybersec
urity
[10] https://www.itu.int/en/ITU-
T/studygroups/com17/Pages/cybersecurity.aspx
[11] https://www.itu.int/en/ITU-
T/studygroups/com17/Pages/cybersecurity.aspx
[12] https://purplesec.us/resources/cyber-security-statistics/
[13] Abomhara, M., Køien, G. M. (2015). Cyber security
and the internet of things: Vulnerabilities, threats,
intruders and attacks. Journal of Cyber Security and
Mobility, 4(1), 65–88.
https://doi.org/10.13052/jcsm2245- 1439.414
[14]
https://searchsecurity.techtarget.com/definition/cybersec
urity
[15] https://www.cisomag.com/rewind-biggest-cyber-
incidents-we-saw-in2019/
[16] http://tlo.org/cyber/rewind-biggest-cyber-incidents-we-
saw-in-2019- ciso-mag/
[17] http://snt.hr/boxcontent/CheckPointSecurityReport2019
vol01.pdf
[18] https://lp.skyboxsecurity.com/rs/440
MPQ510/images/Skybox Report Vulnerability and
Threat Trends 2019.pdf
[19] https://www.kratikal.com/blog/5-biggest-cyber-attacks-
in-india/
[20]
https://www.trendmicro.com/vinfo/zaen/security/news/v
ulnerabilitiesand-exploits/one-
[21]
https://www.trendmicro.com/vinfo/zaen/security/news/v
ulnerabilitiesand-exploits/one-flaw-too-many
vulnerabilities-in-scada-systems
[22] https://blog.netwrix.com/2018/05/15/top-10-most
common-types-ofcyber-attacks/
[23] Mahjabin, T., Xiao, Y., Sun, G., & Jiang, W. (2017). A
survey of distributed denial-of-service attack,
prevention, and mitigation techniques. International
Journal of Distributed Sensor Networks, 13(12).
https://doi.org/10.1177/1550147717741463b
[24]
https://securityaffairs.co/wordpress/69762/hacking/gith
ub-largest-ddosattack.html
[25] https://thehackernews.com/2018/03/ddos-attack-
memcached.html
[26]
https://www.proofpoint.com/us/threatreference/ransom
ware
[27] https://www.statista.com/topics/4136/ransomware/
[28] https://www.statista.com/statistics/700944/global-msp-
clientransomware-attack-by-ransomware-families/
[29] https://blog.netwrix.com/2018/05/15/top-10-most
common-types-ofcyber-attacks/
[30] https://www.cbronline.com/news/sql-injection-attacks
[31]
https://www.pandasecurity.com/mediacenter/security/xs
s-common-webvulnerabilities/
[32]
https://www.pandasecurity.com/mediacenter/security/xs
s-common-web -vulnerabilities
[33] https://www.csis.org/programs/technology-policy-
program/significantcyber-incidents
[34] https://www.sciencedirect.com/topics/computer-
science/protectionmechanism
[35] https://www.sciencedirect.com/topics/computer-
science/protectionmechanism.
[36] https://securelist.com/ddos-report-q2-2019/91934/
