A Systematic Literature Review on the Cyber Security

In recent years, the Internet has become an integral element of people's everyday lifestyles all across the world. Online criminality, on the other hand, has risen in tandem with the growth of Internet activity. Cyber security has advanced greatly in recent years in order to keep up with the rapid changes that occur in cyberspace. Cyber security refers to the methods that a country or organization can use to safeguard its products and information in cyberspace. The primary goal of this article is to conduct a thorough examination of cyber security kinds, why cyber security is important, cyber security framework, cyber security tools, and cyber security difficulties. Cyber security safeguards the data and integrity of computing assets that are part of or connected to an organization's network, with the goal of defending such assets from all threat actors throughout the life cycle of a cyber-attack.

The author of this [30] utilized machine learning and sentiment analysis to cyber security in order to establish a way for detecting cyber risks that were previously undetectable by traditional technologies. Greenfield et al. [31] provide a methodology for experimentally assessing harm that includes a number of processes. Functional integrity, material support and amenity, freedom from humiliation, privacy or autonomy, and reputation are the five fundamental dimensions where injury might appear. They also establish five levels of scale for various sorts of harm and investigate the cascading nature of harm by looking at real-world crimes that have generated significant societal impact. Grant et al. coined the term "cyberspace cartography" and applied the concept of "cyber-geography" to military operations. They also suggest that their ontology might be used in research to help solve the attribution problem of being unable to quickly identify hostile actors in cyberspace [32]. Chertoff et al. [33] describe the state of Internet jurisdiction law and the problem of assigning legal authority to a particular forum when a suit traverses multiple states. They present four possible formulations for defining the controlling jurisdiction in situations in a clear and equitable manner. These regulations are based on either the citizenship of the offending information, data, or system's subject, the location where the harm occurred, the citizenship of the data creator, or the citizenship of the data holder or custodian. A high-quality standalone literature review, according to Mathieu and Guy [34], provides reliable information and insights into previous research, allowing other researchers to seek new directions on similar issues of interest. Furthermore, the findings of this study can be utilized as references in related fields or as a basis for future research. Lin [35] compares nuclear and cyber technology and regulation, outlining a slew of contrasts, as well as a few parallels, between the potential difficulties that these two technologies bring, which he categorizes as strategy, operations, acquisition, and arms control. The author of paper [36] claimed that online security attacks have been carried out by hacker-activist organizations with the goal of causing harm to web services in a specific context. On Twitter content, the author demonstrated a sentiment analysis method. The author's strategy was based on a daily collection of tweets from users who utilize the platform to share their opinions on pertinent subjects and to deliver content connected to web security assaults. The information was transformed into data that could be statistically examined to determine whether an attack was likely or not. The latter was accomplished by examining the aggregate sentiment of users and hacktivist groups in response to a worldwide incident. Edwards et al. [37] use a publicly available dataset of data breaches to uncover trends in data breaches using a Bayesian Generalized Linear Model. They conclude that while the amount and frequency of data breaches have remained consistent in recent years, their impact is increasing as threat actors improve their ability to monetize personal information and the quantity of electronic financial transactions grows. A concentrated literature analysis of machine learning and data mining methods for cyber analytics in support of intrusion detection was reported in a survey study [38]. Van Slyke et al. [39] create taxonomy of harms for white-collar crimes by focusing on the victimization aspect of these crimes. They look at a number of white-collar offences and the costs associated with them. They combine desktop research with victim surveys, focusing on the long-term consequences of damages in specific persons.
The author of paper [40] recommended that timely intelligence on cyber security risks and vulnerabilities is necessary to secure key personal and organizational systems. Overt and covert sources of information regarding these dangers include the National Vulnerability Database, CERT warnings, blog posts, social media, and dark web services. Other initiatives are centered on the evolution of risk frameworks and the modeling of business system resilience [41]. Researchers use these models to try to figure out how disasters can impair global essential services by looking at the interconnection of assets. A threat-based model is developed, with each threat being associated with various processes of destruction, specific vulnerabilities, and different obstacles for system resilience. In order to handle a massive problem like this, some solutions need to be figured out. Even though not everyone is willing to come up with solutions, a few people have stepped in to contribute a possible answer. Kennedy, proposes continuous and timely updates of security [42] software, as well as network and application software for both business and personal devices. The author offers a simulation-based training scenario in which student trainees experience the symptoms and effects of a DDos assault, [43] practice their response in a virtual environment with the purpose of preparing them for real attacks, utilizing a simulator and hacking tools. In paper [44], the author used a semi supervised method to classify cyber security logs into three categories: attack, unsure, and no attack, by first breaking the data into three clusters using Fuzzy K Mean (FKM), then manually labeling a small sample, and finally training the neural network classifier Multi-Layer Perception (MLP) on the manually labeled data. An interesting approach, based on the "top-down" methodology described in the criminology field, is presented by Nguyen et al. [45]. The authors attempted to elicit "premiums" that some users would be willing to pay to protect their assets from cyber-incidents. Our current knowledge about cyber security relies heavily on data from commercial threat reporting and news reports. Yet this data provides a partial and biased view of cyber threat activity, because it is often politicized and influenced by the demands of powerful buyers and the interests of capable providers [46].
Cyber-attacks can endanger patient safety by compromising data integrity or affecting medical device operation, for example. Recent examples include the WannaCry and NotPetya ransomware attacks, as well as flaws in [47] Medtronic implantable cardiac device programmers, which have harmed health-care delivery capabilities. It is apparent that cybercrime is here to stay due to its profitable nature [48] and low risk level (since cyber thieves can launch assaults from anywhere on the planet). The author of paper [49] feels that social media is now an important component of people's everyday lives and the livelihood of some. He describes a method for calculating consumer loyalty based on Twitter data. When fighting cybercrime, it's critical to understand who might be the target of a cyber-attack and why tracking down their perpetrators might be tough. While everyone can theoretically become a victim of a cyber-attack, certain people are far more vulnerable than others. For example, in the past, an elderly person's personal information was particularly vulnerable to being taken by someone looking to make a lot of money. While this circumstance does not necessarily involve hacking, an elderly person can become a victim in other ways. Teenagers and the elderly are seen to be the most vulnerable victims, as they are the ones who are least aware that these attackers exist [50]. Traditional solutions, as well as the use of analytic models, machine learning, [51] and big data, might be improved by giving relevant knowledge to control or restrict the repercussions of threats, according to the author of article.
Cybercrime can manifest itself in the form of cyber bullying and online harassment, which are referred to as cyber enabled crimes, or through security risks that affect the computer itself, such as malware infections, ransomware infections, and theft and misuse of personal data, which are referred to as cyber dependent crimes [52]. An approach for tracking social data that can be used to launch cyber-attacks is presented in paper [53]. The monthly prediction of tweets with content linked to security attacks and the incidents discovered using l1 regularization is their key contribution. Cyber-threats are extremely dangerous for health-care institutions. According to Verizon's 2018 Data Breach Investigation Report, data breaches impacted the health care industry the most, accounting for 24 percent of all investigated breaches across all industries [54]. The investigation in paper [55] was directed at security experts who use machine learning approaches to detect intrusion, malware, and spam. The purpose was twofold: to analyze the current maturity of these systems and to identify the major obstacles that hinder machine learning cyber detection schemes from being adopted immediately. The conclusion was reached after a thorough analysis of the literature and tests on real-world enterprise systems and network traffic. According to a survey of health-care information security professionals, more than 75% of health-care businesses have recently encountered a security issue [56]. A novel approach for sentiment analysis was developed in paper [57] for obtaining opinions from a given data source. The proposed method was tested on one of the world's most important service industries travel. With the application of this approach, an analysis of opinions and sentiments expressed on Twitter about TripAdvisor was done. Cyber-attacks are also present in the world of cryptocurrency. Most cryptocurrency exchanges are done on a Blockchain, where transactions can be conducted in concise manners quickly. 51% of attacks occur when over half of the network of a company is taken over by hackers. The 51 percent assaults work a little differently in the realm of crypto currencies. There, 51% of attacks are carried out in order to obtain control of more than half of a Blockchain, allowing hackers to seize control of it [58]. Cybercrime is defined as the destruction, theft, or unauthorized or illegal use, modification, or copy of information, programmes, services, equipment, or [59] communication network, as well as the destruction, theft, or unauthorized or illegal use, modification, or copy of information, programmes, services, equipment, or [59] communication network.
Cybercrime is defined as the commission of a crime using technology, such as computers, smartphones, or tablets. As a result, this type of criminality has been tremendously costly to the economy, with estimations of $575 billion lost annually worldwide, according to the report. When the Internet first became widely available around the world, China saw it differently than other countries. Because radio and television shows were uploading their recordings to the Internet for anyone to view whenever they wished, China appeared to treat the Internet as a new [60] type of media. Cybercrime, on the other hand, occurs in a different setting than traditional crimes, which may result in different risk factors for both offending and victimization [61]. Traditional offending and victimizations necessitate physical interaction between victims and offenders; however, there is no physical convergence in space or time between offenders and victims in cybercrime. The author of this research offered a framework to help us fight cybercrime no matter where we are by monitoring the actions we undertake on our electronic devices [62]. Scammers take advantage of the fact that cyber criminals are difficult to track down. An in-depth examination of cyber-crime in India has been conducted in this article. According to the author, fraud cases are on the rise, and the majority of victims are between the ages of 20 and 29. Children and women are disproportionately affected. As a result, awareness campaigns are essential in India to prevent or minimize cybercrime [63].

III. About Cyber Security
The growing requirement for computer security, as well as the tendency of cyberization (the sustained use of the Internet or cyberspace by terrorist groups, militias, or other similar groups engaged in conflicts to promote and disseminate their causes), are trademarks of the twenty-first century. The rise in cybercrime, digital currency, and e-governance has been matched by a recent surge in investment in new technology for computer security around the world. The term "cyber security" refers to approaches and procedures for safeguarding digital information. An information system stores, transmits, or uses the data. After all, data is what a criminal seeks. The network, servers, and computers are merely conduits for data. Cyber security that is effective lowers the danger of cyber-attacks and protects companies and individuals against illegal use of systems, networks, and technology.
Cyber security is a set of strategies and processes for defending computers, networks, databases, and applications against assaults, illegal access, modification, or destruction. It can also play a vital role in the development of information technology and Internet services. There are various trends in cyber security, the most prominent of which is Web application. Web applications are now one of the most widely used platforms for delivering information and services via the Internet. Cyber security refers to the technologies, techniques, and procedures that are used to prevent computers, programmes, networks, and data from being hacked, damaged, or accessed without authorization [65]. Specialists in cyber security and forensics are increasingly dealing with a wide range of cyber threats in near-real-time. The capability to detect, analyze, The Melissa virus was released in late 1999. This was a macro-virus that was specifically designed to infect email accounts. The virus would get access to these emails with the goal of sending out mass emails. The author was one of the first to be found guilty of creating malware. He was given a five-year term after being accused of causing $80 million in damages. In 2013 and 2014, Yahoo was the target of one of the most serious cyber-attacks [69]. Yahoo accounts belonging to nearly 3 billion people were compromised as a result of the assaults. The attacks took advantage of vulnerabilities that had not yet been addressed. The hackers installed malware on Yahoo's systems using spear phishing techniques, giving them unrestricted backdoor access. They gained access to Yahoo's backup databases and stole sensitive data such as names, emails, passwords, and password recovery questions and answers.
Viruses were becoming more lethal, invasive, and difficult to regulate. We've already seen big cyber-attacks, and the year isn't even halfway through yet. These are only a few examples, but they demonstrate that cyber security is a must-have for both enterprises and small businesses. As shown in the timeline above, cyber security is a never-ending cat and mouse game. Attackers are gaining new talents and employing new methods and techniques as the internet evolves. Defenders, on the other hand, react by playing catch-up. According to Gartner Inc.'s projection [70], global cyber security spending would reach $133.7 billion by 2022. Cyber-attacks are becoming more sophisticated, prompting businesses to invest more in establishing data breach prevention solutions.

V. Why Cyber Security Is Essential
We live in a digital age, which recognizes that our personal data is more susceptible than ever. From internet banking to government infrastructure, we all live in a connected world where data is stored on computers and other devices. A component of that data [71]  property, financial data, personal information, or other sorts of data [72], to which unlawful access or exposure could result in negative effects. One of the most significant difficulties humanity will confront in the next two decades is cyber-criminal activities. Cyber-attacks are the world's fastest-growing crime, and they're getting bigger, more sophisticated, and more expensive. According to Cyber Security Ventures, cybercrime losses will cost the globe $6 trillion per year by 2021, far more than the damage caused by natural catastrophes in a year and far more profitable than the global trade in all major illegal narcotics combined. According to Cisco, Asia-Pacific businesses face six cyber-attacks per minute. Not only are governments and corporations at risk from hackers' acts and intents, but individuals are also at risk. Hackers steal an individual's personal information and sell it for profit, which is known as identity theft [73]. Recognizing that no one is immune to the threat posed by cybercrime, from individuals to major multinational corporations, is a critical step in winning the fight against cybercrime. It will never happen to me,' is one of the worst things you can believe.
Education is a critical component of any cyber-crime plan, and it is critical that everyone in your organisation, from the CEO to the clerical staff, is aware of the hazards associated with using your network and apps [74]. Our youth are one of the most crucial populations to educate about cyber security. While kids may not be banking or shopping online with credit cards, they can make it very easy for cyber criminals to gain access to data by opening insecure personal accounts. Weak passwords and improper email or social media practises make it much easier for others to get into your account and access the information of your friends and family. No one wants to be accountable for cybercrime on their loved ones, whether it's a bank account number [75], and a photo that should be kept secret or complete identity theft. Because of the above reasons, cyber security has become an important part of the business and the focus now is on developing appropriate response plans that minimize the damage in the event of a cyber-attack and it is critically important because it helps to preserve the lifestyles we have come to know and enjoy.

VI. Cyber Security Types
It's critical to understand the many types of cyber security in order to be better protected. The procedures used to protect data from being stolen or assaulted are known as cyber security types. Computers, mobile devices [76], networks, servers, and data are all protected from external threats by cyber security, often known as electronic information security. It acts as a security barrier, ensuring that your data and what you save on your devices are not vulnerable to outside attacks [77]. Critical infrastructure security, network security, application security, information security, cloud security, data loss prevention, and end-user education are some of the topics covered. Cyber-attacks are expected to cost the global economy US$6 trillion by 2021, according to estimates.

Cloud Security
Due to its increased anonymity, cloud-based data storage has become a popular alternative during the previous decade. Even though cloud storage is more secure, you should still protect it with software that monitors activity and can notify you if anything unusual occurs with your cloud accounts. To assist reduce the dangers associated with on-premises attacks, a software-based technology that safeguards and monitors your data in the cloud [78].Hence, Amazon Web Services, Microsoft Azure, and Google Cloud present their customers with a cloud computing platform, where the users can store, and monitor data, by implementing a security tool. Cloud computing security is similar to traditional on-premise data centres, only without the time and costs of maintaining huge data facilities, and the risk of security breaches is minimal.

Critical Infrastructure Security
Infrastructure is vital. To secure systems with vital infrastructure, cyber security techniques are used. They are systems that societies rely greatly on. Electricity grids, water purification, traffic lights, shopping malls, and hospitals are among them. They are not directly tied to a potential cyber breach, but they can serve as a platform for cyber malware to infect the endpoints to which these systems are connected. Organizations that utilize the critical infrastructure must also evaluate the amount of damage caused due to cyber-attacks. These organizations must have a contingency plan that would help their businesses to bear no brunt of the cyberattacks. The security and resilience of this critical infrastructure is vital to our society"s safety and wellbeing.

Data Loss Prevention (DLP)
Data loss prevention (DLP) ensures that sensitive or vital data is not sent beyond the business network. The word refers to software that allows a network administrator to manage the data that users can send and receive. Develops policies and practises for dealing with and preventing data loss, as well as recovery plans in the case of a cyber-security breach. Setting network permissions and policies [79] for data storage is part of this. Data loss prevention solves three main objectives that are common pain points for many organizations: personal information protection / compliance, intellectual property (IP) protection, and data visibility.

Application Security
Uses software and hardware to protect against external dangers that may arise during the development of an application. Because apps are increasingly accessible across multiple networks, they are more vulnerable to cyber-attacks. Applications can be protected with cyber-sec antivirus software, firewalls, and encryption services. Companies and organisations can discover sensitive data sets and secure them with specialised applications regarding the datasets using an application security network. Application security may include hardware, software, and procedures that identify or minimize security vulnerabilities. A router that prevents anyone from viewing a computer"s IP address from the Internet is a form of hardware application security.

Information Security
Data encryption, often known as data security, protects data from unwanted access or alteration while it is being stored or sent from one machine to another. Data in whatever form is protected from unauthorised use, disclosure, deletion, or other types of malintent by information security, also known as InfoSec. Mantaps, encryption key management, network intrusion detection systems, password rules, and regulatory compliance are examples of these procedures. Information can be anything from your personal information to your social media profile, cell phone data, biometrics, and so on. Thus Information Security spans so many research areas like Cryptography, Mobile Computing, Cyber Forensics, Online Social Media etc. During WWI, the Multi-tier Classification System was created with the sensitivity of information in mind. With the outbreak of the Second World War, the classification system was formally aligned. Alan Turing was the one who successfully decrypted Enigma Machine which was used by Germans to encrypt warfare data. Information Security programs are builds around three objectives, commonly known as CIA Confidentiality, Integrity, and Availability.

Network Security
While cyber security is concerned with dangers from the outside, network security protects your internal networks from hostile intrusion. Internal network security maintains the safety of internal networks by safeguarding infrastructure and restricting access to it [80]. Users' activities are also recorded because many websites utilise third-party cookies. This can be beneficial to businesses in terms of expanding their operations, but it also exposes clients to fraud and sexual exploitation. As a result, enterprises must implement a security programme to monitor the internal network and infrastructure in order to combat cyber-attacks and viruses linked with the network. Machine learning technology, according to experts, might be used to inform authorities in the event of unusual traffic. Organizations must continue to improve their network security by enacting policies that can protect them from cyber-attacks. Security teams are now employing machine learning to highlight aberrant traffic and alert to dangers in real time, which helps them better manage network security monitoring. Network administrators are continuing to implement policies and procedures to protect the network from unwanted access, modification, and exploitation. Implementing two-factor authentication (2FA) and creating fresh, strong passwords are two examples of network security.

End User Education
Recognizes that cyber security solutions are only as strong as their weakest connections, which are the people who use them. End user education include instructing users on best practises such as not clicking on unexpected links or opening strange attachments in emails, both of which can lead to the spread of malware and other dangerous software. Teaching users to not plug in unidentified USB drives, and various other important lessons is vital for the security of any organization. EC-2021-677

Internet of Things (IoT) Security
The Internet of Things is thought to be the next technology revolution's tool. According to a forecast by Bain and Company, the IoT market will grow by 520 billion dollars by 2021. IoT provides the user with a variety of important and non-critical appliances, such as appliances, sensors, printers, and Wi-Fi routers, among other routers, through its secure network [81]. According to Cytelligence, hackers attacked smart home and internet of things (IoT) devices such as smart TVs, voice assistants, [82] connected baby monitors, and cell phones more frequently in 2019. Hackers who obtain access to a connected home's Wi-Fi credentials may also gain access to the users' personal information, such as medical records [83], bank statements, and website login information. According to the survey, one of the most significant barriers to deploying IoT in any firm is the security risk. Organizations get insightful analytics, legacy embedded systems, and a secure network by integrating the system with IoT [84] security.

Operational Security
During the Vietnam War, the United States military invented the term "actions security" as a result of military operations headed by the Purple Dragon team. Despite North Vietnam's and the Viet Cong's failure to decrypt U.S. communications and the lack of true intelligence collecting assets on the inside, Purple Dragon discovered that America's foes were able to predict their strategy and tactics. Operational security (OPSEC) is a process by which businesses examine and secure public data about themselves that, if properly studied and coupled with other data by a competent adversary, could disclose a larger picture that should remain concealed. Identification of important information, threat analysis, vulnerability analysis, risk assessment, and deployment of effective countermeasures are the five steps in the process.

Endpoint Security
The majority of security breaches in the past occurred through the network. Today's dangers, on the other hand, are increasingly pouring in through endpoints, implying that centralised network defence is insufficient. Shifting security perimeters that aren't clearly defined necessitate the addition of new levels of security via endpoint protection. To avoid the risks that can come from the use of remote devices, security must maintain better control over access points [86]. This enables businesses to defend their servers, workstations, and mobile devices from cyber-attacks both locally and remotely. The interconnection of devices on a network creates access points for threats and vulnerabilities. By prohibiting efforts to access these entry points, endpoint security effectively safeguards the network. File integrity monitoring, antivirus and anti-malware software, etc. are major techniques used.

Website Security
This is used to prevent and protect websites from internet cyber security threats. Website security programmes will cover the database, apps, source codes, and files of the website. In recent years, the incidence of data breaches on websites has steadily increased, resulting in identity theft, downtime, financial losses, reputation and brand image damage, and so on. The main reason for this is that many website owners believe their site is safeguarded by their web hosting provider. Thus, leaving them vulnerable to cyberattacks. Some of the important techniques and tools used for website security are website scanning and malware removal, website application firewall, application security testing, etc.

Big Data Security
Malware & ransomware attacks, corrupted and vulnerable equipment, and dangerous insider programmes are all examples of cyber security dangers that can be detected using big data analytics technologies [87].
Big data analytics appears to hold the most promise in terms of increasing cyber security in this area. Big data analytics software can assist you in predicting the type and severity of cyber security risks. By accessing data sources and trends, we can assess the complexity of a potential assault [88]. These tools also enable you to analyse current and historical data to determine which trends are acceptable and which are not. Experts can use intelligent Big data analytics [89] to create a predictive model that can send out an alarm as soon as it detects a cyber-security attack entry point. Blockchain presents itself as a distributed ledger, referring to the way a database is shared among numerous participants on a peer-to-peer network without the involvement of a central authority [90]. The use of Blockchain techniques in content distribution networks. We believe that these networks are a fantastic illustration of how we can utilise Blockchain to add value to existing processes or technology because they are frequently used presently. A Content Delivery Network (CDN) is a network of computers that are connected and contain different versions of the same piece of material. The goal of its design is to optimise the bandwidth available in a service in order to increase the availability [91] and access to data as much as possible. Several assaults have recently been carried out against social media platforms such as Twitter and Facebook. Millions of accounts were breached as a result of these assaults, with user information falling into the wrong hands. If Blockchain technologies are properly deployed in these messaging systems, further cyber-attacks may be avoided. Sensitive data can be protected utilising Blockchain by ensuring a decentralised type of data storage [92]. Hackers would find it more difficult, if not impossible, to breach data storage systems using this mitigating strategy. Many storage service companies are assessing ways Blockchain can protect data from hackers.

VII. Varieties of Cyber Threats
A cyber-attack is any type of hostile activity that uses numerous means to steal, manipulate, or destroy data or information systems and targets computer information systems, infrastructures, computer networks, or personal computer devices. Organizations require cyber security experts and specialists to deal with the numerous types [93] of cyber security attacks that come with varying technicalities. Over the past 12 months, the typical cost to businesses of cyber events and breaches increased to $57,000 [94]. This is nearly a six-fold increase over the $10,000 raised the previous year. Hackers are increasingly employing phishing, malware infestations, and DDoS operations. The larger organisations, on average, are the ones who have paid the most for an internet presence. This is unsurprising given that they were also the most extensively targeted. More than half of all businesses with 1,000 or more employees (51%) reported they have had at least one cyber incident. Cybercrime has a significantly higher cost and intensity. Figures 1 and 2 show that cyber thieves are increasingly targeting energy and manufacturing companies, on top of a sector that has been a target for years. Individuals all over the world are affected by numerous forms of cyber security assaults. The most prevalent types of cyber-attacks are discussed in the section below.

Phishing Attack
One of the most popular sorts of cyber-attacks is phishing. Cyber attackers try to gain personal information or data, such as usernames, passwords, and credit card numbers, by impersonating a trustworthy entity in these circumstances. Phishing is mostly carried out through technological means, such as emails and phone calls. Phishing attacks frequently take the shape of an email purporting to be from a reputable organisation, such as your bank, [95] the tax department, or another trustworthy entity, as seen in figure 3. Now we'll go over the most frequent sorts of phishing assaults in this part.

Spear
Spear phishing is the most popular type of cyber-attack, owing to its ease of execution and startling effectiveness. Spear phishing is a sort of phishing attack that targets a specific group or type of person, such as a company's system administrators. If you go fishing, you might catch an old boot, a tuna, or a flounder, or any other type of fish. When spearfishing, you select a certain fish to pursue, hence the name. The goals are just those goals.

Whaling
Whaling is a sort of phishing that is even more targeted than spear phishing because it targets whales, the big fish. The CEO, CFO, or any Cxx within an industry or even a specific corporation is the target of these attacks. A whaling email can inform them that their company is being sued and that they should click on the link for more information. The link then directs them to a page where they can enter all of their company's important information, such as their Tax ID number and bank account numbers. It's an unfortunate mix-up of nomenclature, because whales aren't fish.

Smishing
Smishing is a type of assault that targets us via text message or SMS. A smishing attack occurs when you receive an SMS message that contains a link to click or a phone number to call. An SMS that appears to be [96] from your bank and informs you that your account has been compromised and that you must contact your bank immediately is a common occurrence. The attacker will next ask you to verify your bank account number, SSN, and other personal information. The attacker now has complete access of your bank account.

Email Phishing
Since the 1990s, email phishing has arguably been the most popular sort of phishing. These are the emails that a hacker sends to any and all email addresses he or she can get their hands on. The email usually informs the recipient that their account has been hacked and that they must respond promptly by clicking on the 'this' link. Because the English is not always clear, these attacks are frequently easy to notice.

Search Engine Phishing
Hackers use search engine phishing, also known as SEO poisoning or SEO Trojans, to get the top result on Google or other search engines. If they succeed in convincing someone to click on their link, they will be directed to their (hacker) website. They got you when you interacted with it and entered sensitive info. This might be any form of website; excellent choices include banks, PayPal, social networking, and shopping, to mention a few.

Vishing
Vishing is a type of cybercrime that employs the use of a phone to collect personal information from victims. Cyber criminals utilize smart social engineering strategies to persuade victims to act, giving them sensitive information and access to bank accounts. This is known as voice phishing. To deceive consumers into giving critical information, vishings use phoney phone numbers, voice-altering software, SMS messaging, and social engineering. Voice is commonly used by vishing to deceive users.

Malware
Malware is software that is designed to disrupt the normal operation of any device, including mobile phones, desktop computers, and servers. The user clicks on the malware source, which is usually provided as a script or executable code, and accidentally installs the malware. Some malware strains are aimed to gain persistent network access, while others are designed to spy on the user in order to obtain credentials or other useful information, and still others are just designed to cause disruption. [97] Some malware is designed to extract money from the victim in some way. The most well-known type of malware is ransomware, a programme that encrypts the victim's files and then demands a payment in exchange for the decryption key. The most frequent types of Malware assaults are discussed in this section.

Ransomware
It is a specialized malware distributed to extort money from targets and is one of the most prevalent and known cases of cyber-attacks.

Figure 4: Ransomware
To gain access to the target computer's hard disc, the attacker distributes the malware as a virus. It then encrypts the data and renders the computer and its contents inaccessible until the user pays the ransom demanded by the attacker. It is frequently impossible to decrypt the contents of a file [98] on one's own. WannaCry and Maze ransomware are two recent examples of how malware can cause havoc, compelling many businesses to pay Bitcoins or money to recover their infected equipment and data.

EC-2021-681
A virus is a type of self-replicating malware that spreads quickly over the hard disc, including crucial operating system (OS) files, in order to cause maximum harm. It injects itself into existing software/data and spreads with the goal of infecting files. This differs from a Trojan horse, which is designed expressly for a certain application and does not spread itself.

Macro Viruses
These viruses affect Microsoft Word and Excel, among other programmes. Macro viruses attach themselves to the initialization sequence of an application. The virus executes instructions before handing control to the programme when it is opened. The virus replicates and attaches itself to other programmes on the computer system.

Stealth Viruses
To remain undetected, stealth viruses take over system functions. They take over OS files and system processes to avoid being detected by anti-virus software. They hide in boot sectors and partitions and are skilled at evading detection. This means that the infected files/hard disk sectors go undetected. These viruses conceal any increase in the size of an infected file or changes to the file"s date and time of last modification.

Boot Record Virus
They infect the boot loader and attach themselves to the hard drive's master boot record. When the computer starts up, the infector looks for the boot sector, loads into memory, and spreads to other parts of the hard drive. During the days of 3.5-inch floppy discs and MS-DOS, these were fairly ubiquitous. Most viruses have a Terminal Stay Resident component that detects when a disc is inserted and writes to it so that the Master Boot Record is overwritten when the disc is inserted into a new computer.

Trojans
A Trojan, often known as a Trojan horse, is a malicious programme that hides in a useful application. The trojan is a virus delivery technique that cleverly disguises its purpose, hence the term, which is drawn from Greek mythology. It usually [99] lurks in a legitimate programme (such as games, software, or other such items) and creates a back door for attackers to exploit and cause significant damage. As a result, a Trojan horse is a way for attackers to obtain access to a user's device and abuse it further. They do not self-replicate in the same way as viruses do. A Trojan, for example, can be configured to open a high-numbered port so that a hacker can listen and then launch an assault.

Worm
Unlike viruses and Trojans, which are designed for specialised localised attacks, the worm is a special malware designed to propagate from targeted devices to other nodes in the network. These self-contained programmes are frequently distributed as email attachments and are triggered when the user opens them. It is capable of swiftly disseminating itself (by sending emails to contacts and attaching itself as and attachment) and spreading to other systems. Its potential to cause damage is amplified by its complete lack of identification and ability to self-propagate without the attacker's active participation. A worm spreading throughout the internet and overloading email servers can cause denial-of-service attacks against network nodes in addition to undertaking malicious activities.

File Infectors
Viruses that infect executable code, such as.exe files, are known as file infectors. When the code is loaded, the virus is installed. Another variant of a file infector links to a file by producing a virus file with the same name but a.exe extension. As a result, the viral code will run when the file is opened. corresponding to the new decryption procedure, and the mutation engine produces a new decryption routine. The mutation engine and virus's encrypted package is attached to new code, and the process is repeated. Because of the numerous modifications to their source code, such viruses are difficult to detect but have a high amount of entropy. This characteristic can be used to detect them by anti-virus software or free programmes like Process Hacker.

Logic Bombs
A logic bomb is malicious software that is added to a programme and is activated when a specified event occurs, such as a logical condition or a specific date and time.

Droppers
A dropper is an application that is used to infect computers with viruses. Virus-scanning software may not detect the dropper in many cases since it is not infected with dangerous code. A dropper can also connect to the internet and download updates to virus software that is resident on a compromised system.

Adware
Advertising banners are displayed while any programme is running, and adware is a software application utilized by businesses for marketing goals. Adware can be downloaded to your system automatically while surfing any website and viewed through pop-up windows or a bar that displays on your computer screen.

Spyware
Spyware is a type of programme that is installed on a user's computer or browser to collect information about them. It secretly records everything you do and delivers the information to a remote user. It can also use the internet to obtain and install additional malicious apps. Spyware is similar to adware in that it is a separate programme that is installed unintentionally when you install another freeware programme.

3 SQL Injection (SQLi)
SQL injection is a sort of attack that targets SQL databases only. SQL statements are used to query data in SQL databases, and these statements are commonly executed through an HTML form on a webpage. If the database permissions are incorrectly specified, the attacker may be able to use the HTML form to run queries that create, read, change, or delete data from the database. The Structured Query Language (SQL) is a database-communications programming language [100]. SQL is frequently used by servers to access and change data between clients and databases. Malicious SQL statements are frequently used by attackers to manipulate computers into executing unwanted and unexpected activities. The attacker can directly access and update the customer's PII from and to databases using the SQL injection (SQLi) approach. SQLi makes the server run malicious code by exploiting known SQL vulnerabilities. By exploiting user interface components such as the search box to dump vital personal information such as login and password directly from the database, attackers are able to bypass all security measures in an application. SQL injection attacks come in a variety of forms. It's a form of attack in which the attacker enters user input that hasn't been properly sanitised for characters or validated for expected text. In this situation, the attacker may exploit the flaw by entering character combinations that would cause the database to fetch the entire list of all customer data, which isn't usual database behaviour. This data bounty could then be sold by the attacker on the dark web.

Blind SQL Injection
It does not directly retrieve information from the database, instead relying on a number of parameters that the attacker notices in order to carry out the assault. The attacker can figure out the database setup by looking at the GET String query in HTTP answers, the turnaround time of retrieving information based on a search query, and asking the database a series of true/false questions, among other things [101]. When the web page does not immediately display user data, this is an advanced SQLi attack tactic. The attacker uses Blind SQLi to undertake reconnaissance, collect sensitive information, and change database contents. They are normally carried out by commanding the database to sleep for a certain amount of time and delaying answers during that time period using the SQL sleep() function.

Second Order SQL Injection
These attacks rely on data submitted by users being stored in the database, which the attacker then retrieves and uses in a malicious SQL statement. They use secondary system behaviour to trigger and allow the attacker to control the database.

4 Denial of Service or Distributed Denial of Service Attacks
The perpetrator of a denial-of-service (DoS) attack attempts to prevent intended users from accessing digital assets by disrupting the services of a host connected to the internet. The attack includes inundating the host server with many more requests than it can manage, causing the server to fail. This renders valid user requests unserviceable, depleting resources and bandwidth. When numerous compromised computers (botnets) send requests at the same time, it's called a distributed-denial-of-service (DDoS) assault. Although DoS/DDoS assaults do not directly benefit the attacker in terms of ransom or phishing attempts, the satisfaction of blocking valid requests is enough for some attackers [102]. Attacking a corporate resource with a DoS attack is far more beneficial, as it has a direct influence on customer loyalty and brand trust. In certain circumstances, attackers combine DDoS with other techniques to launch a larger attack, with DDoS serving as a prelude to disconnecting the system from the network. A DDoS assault occurs when an attacker floods a target server with traffic in the hopes of disrupting, if not completely shutting it down. Unlike classic denial-of-service assaults, which are detectable and respondable by most modern firewalls, a DDoS attack can use numerous compromised devices to flood the target with traffic. In this part, we'll go through the various types of DoS and DDoS attacks.

TCP SYN Flood Attack
This involves flooding the system with multiple connection requests and exploits the buffer space during a transmission control protocol (TCP) session initialization handshake.

Figure 6: TCP SYN Flood Attack
An attacker uses the buffer space during a Transmission Control Protocol (TCP) session initialization handshake in this attack, as seen in figure 6. The attacker's device sends a torrent of connection requests to the target system's small in-process queue [103], but it does not respond when the target system responds to EC-2021-684 those requests. When the connection queue fills up, the target system times out while waiting for a response from the attacker's device, causing the system to crash or become inoperable.

Teardrop Attack
This entails transmitting fragmented data packets to a destination system. TCP/IP fragmentation reassembly flaws (seen in older OS versions) are targeted in this attack, which causes fragmented packets to overlap in the target system depicted in figure 7. Despite the system's best efforts, it fails to rebuild the fragmented packets and crashes. Teardrop assaults are known for their massive payloads. Disable SMBv2 and block ports 139 and 445 if users do not have fixes to protect against this DoS attack.

User Datagram Protocol (UDP) Flood
A network flood, known as a UDP flood, is still one of the most common floods today. The attacker sends UDP packets to a specific target or to random ports, which are usually huge. The attackers usually spoof the SRC IP, which is simple to perform because the UDP protocol is "connectionless" and lacks any kind of handshake process or session. A UDP flood's main goal is to saturate the Internet pipe [104].

Figure 8: User Datagram Protocol (UDP) Flood
Another effect of this attack is on network and security elements along the path to the target server, particularly firewalls. As a result of UDP flooding, the firewall attached to the server can get overwhelmed, causing the system to shut down, as seen in Figure 8. Firewalls create a state for each UDP packet and are quickly overwhelmed by the influx of connections.

Smurf Attack
To overwhelm a target network with traffic, this attack employs IP spoofing and the ICMP protocol. ICMP echo requests targeted at broadcast IP addresses are used in this attack tactic. These ICMP requests come from a fictitious "victim" address. network. This process is repeatable, and can be automated to generate huge amounts of network congestion shown in figure 9.

Botnets
Botnets are the millions of systems infected with malware under hacker control in order to carry out DDoS attacks shown in figure 11.

Figure 11: Botnets Attack
These bots or zombie systems are used to carry out attacks against the target systems, often overwhelming the target system"s bandwidth and processing capabilities. These DDoS attacks are difficult to trace because botnets are located in differing geographic locations.

Cross Site Scripting (XSS)
Third-party web resources are used in XSS attacks to run scripts in the victim's web browser or scriptable application. The attacker injects a payload containing malicious JavaScript into the database of a website. When the victim requests a page from the website, the website sends the page to the victim's browser, which executes the malicious script depicted in figure 12, which includes the attacker's payload as part of the HTML body. It might, for example, transfer the victim's cookie to the attacker's server, where the attacker can extract it and use it to hijack the victim's session. When XSS is utilized to exploit further vulnerabilities, the most serious effects arise [105]. An attacker can use these flaws to steal cookies as well as track keystrokes, take screenshots, locate and collect network information, and remotely access and manage the victim's machine. While XSS may be used in VBScript, ActiveX, and Flash, JavaScript is the most commonly exploited, owing to its widespread use on the Internet. What is worse is that neither the website administrator nor the user has any clue about the malicious code put in place, and may result in huge damages if not handled immediately.

Reflected XSS or Non-Persistent XSS Attacks
When an application gets data in an HTTP request but includes the response in an unsafe manner, this sort of attack occurs. The attacker inserts the malicious script into the URL as a query and then publishes it as a link or sends it to the recipient via email (phishing). The script runs when the user clicks on the link. The malicious script injects into the web page that the target system's browser is loading and is executed by the browser displayed in figure 13 since the query has un-sanitized input values. Private information is given to the attacker. In more complex assaults, the attacker can impersonate a user and do any action within the application, including initiating interactions with other users. Others would notice the request originating from the compromised user and become infected as a result.

Persistent XSS Attacks (also known as Type 2 XSS)
When an attacker keeps user input in the susceptible server without doing adequate validation, this is what happens. In contrast to reflected XSS attacks, the user is compromised simply by browsing the vulnerable web application depicted in figure 14. Other users who visit the hacked [106] website receive the stored inputs and the malicious script is executed in their local browser without having to do anything. They are less common, but they are far more dangerous than their non-persistent equivalent.

DOM Based XSS Attack
When a web application publishes data to the Document Object Model without properly sanitizing it, this happens.

Figure 15: DOM Based XSS Attack
It happens because of flaws in the application's own client-side scripts, not because of any payload provided by the attacker. Figure 15 shows how an attacker can exploit the DOM's various objects to develop XSS attacks. The attacker injects malicious script into the target browser using the vulnerable client-side script.

Man-in-the-Middle (MiTM) Attack
A man-in-the-middle (MITM) attack occurs when an attacker intercepts communication between two parties with the intent of spying on the victims, stealing personal information or credentials, or altering the dialogue in some way. Most email and chat systems now utilise end-to-end encryption [107], which prohibits third parties from tampering with data transferred across the network, regardless of whether the network is secure or not, as shown in figure 16. IP and DNS spoofing, replay attacks, and session hijacking are all examples of this type of assault. When a hacker gets in between a client and a server's communications, it's called a MitM attack. We'll go over some of the most frequent sorts of man-in-the-middle attacks here.

Rogue Access Point
The rogue access point is one of the most common wireless security risks, and it's been utilized in a variety of attacks, including DoS and data theft. The rogue access point is an unlawful network node that is nonetheless operational. Assailants may try to get access to adjacent devices using such open wireless access points, as seen in figure 17. They frequently come with no encryption or authentication, in order to connect as many devices as possible. The attacker, thus, compromises the network data.

Address Resolution Protocol (ARP)
ARP resolves system IP addresses to physical media access protocol (MAC) addresses in LAN. Two hosts talk to each other by resolving IP addresses to the MAC address by referencing ARP.

Figure 18: Address Resolution Protocol (ARP)
The attacker transmits false/spoofed ARP messages using ARP spoofing, as demonstrated in Figure 18. As a result, their MAC address corresponds to that of a genuine computer on the network. As a result, the attacker obtains data meant for the original system, intercepting and altering it while in route.

Multicast DNS (mDNS) Attack
MiTM assaults are carried out by the attacker utilising a variety of methods. A DNS query is delivered to all devices in the same broadcast domain on the network. The snooper uses mDNS spoofing on the LAN, similar to ARP spoofing, so that users don't have to remember the addresses to which they connect. The attacker makes a request with bogus data using this protocol's simplification exercise and connects to the system as a trusted network. The attacker's device will appear as a trusted network on the victim's system, allowing the attacker to control the device.

Session Hijacking
The hijacking of a user's session is a common MiTM attack vector. SSL stripping is the process of removing the security layer from HTTPS in order to allow ARP or DNS spoofing.  Intercepting packets allows attackers to convert secure HTTP requests to non-secure HTTP requests, which convey sensitive data as unencrypted plain [108] text data. An attacker hijacks a session between a trusted client and a network server in this form of MitM attack, as depicted in figure 19. While the server continues the session, believing it is conversing with the trusted client, the attacking machine replaces its IP address for the trusted client.

IP Spoofing
An attacker uses IP spoofing to persuade a system that it is interacting with a known, trusted entity, allowing the attacker to gain access to the system. Instead of sending a packet to a target host with its own IP source address, the attacker sends a packet with the IP source address of a known, trustworthy host. The target host might accept the packet and act upon it.

Replay Attack
A replay attack on data delivered over a network is a sort of security attack. In this assault, a hacker or someone with unauthorised access intercepts traffic and transmits it to its intended destination, impersonating the original sender. The receiver thinks it's an authorised communication, but it's actually the attacker's message. The Replay Attack is distinguished by the fact that the client receives the message twice, hence the name. Figure 20 shows Alice (the unsuspecting end user) obtaining tickets to authenticate to her mail server. Bob, the malicious hacker, is secretly monitoring all network activity between Alice, the mail server, and the Kerberos Key Distribution Centre (KDC). Because the TGT must be decrypted with Alice's password, which Bob does not know, Bob is unable to utilise it immediately in the first stage. However, when Alice sends her encrypted ticket and authenticator, Bob can intercept that message and replay it to impersonate Alice to the mail server.

Zero Day Attack
A flaw in your programme, hosted application, or even hardware could be the source of the vulnerability. It's usually a bug that escaped the testing team's notice, and as a result, the development team is unaware of it. When a known flaw is discovered, the development team does not have a patch ready to address it before releasing it to the production environment. This exposes weaknesses that can be exploited by an attacker. It

Dr.Yusuf Perwej, IJSRM Volume 09 Issue 12 December 2021 [www.ijsrm.in]
EC-2021-690 gets its name from the fact that there is a zero-day window between when vulnerability is discovered and when an attack is launched.

Advanced Persistent Threats (APT)
When an individual or group acquires unauthorised access to a network and goes unnoticed for a long time, attackers may exfiltrate important data [109], obviating the need for the organization's security staff to investigate. APTs are often launched against nation states, huge corporations, or other extremely valuable targets since they require sophisticated attackers and a great amount of work.

Insider Threats
Every day, a large number of cyber-attacks occur, and the most alarming aspect is that most of the time, an insider is involved in the process to assist the Cybercriminals in obtaining information about their firm. Insiders of target businesses are often the ones that carry out these cyber-attacks on a daily basis. They assist external attackers by supplying all essential information, resulting in further consequences. This type of cyber-attack could happen in a business setting. It is also one of the common types of cyber-attacks on banks and types of cyber-attacks on financial institutions.

AI Powered Attacks
Machine learning focuses on teaching a machine to execute several tasks on its own rather than relying on people to do so. Artificial intelligence being used to launch sophisticated cyber-attacks is a frightening idea because we don't yet know what such attacks will be capable of. Artificial Intelligence [110] is sometimes used to hack into digital systems in order to obtain illicit data. It can also be used to steal confidential financial data. It affects national security and even goes to the extent of harming individuals emotionally.

Birthday Attacks
Birthday attacks are brute force operations that try to stifle contact between customers and various members of a firm, starting with the CEO and ending with the employees. Birthday attacks target hash algorithms, which are used to check the integrity of messages, software, and digital signatures. A message digest (MD) of constant length is produced by a hash function, regardless of the length of the input message; this MD uniquely describes the message. When a hash function is used to process two random messages, the birthday attack refers to the likelihood of discovering two random messages that generate the same MD. If an attacker calculates the same MD for his message as the user, he can securely replace the user's message with his, and even if the receiver compares MDs, he will not be able to detect the replacement.

Business Email Compromise (BEC) Attack
In a BEC attack, the attacker targets specific persons, usually employees with the authority to make financial transactions, in order to dupe them into transferring funds to an account controlled by the attacker. In order to be successful, BEC assaults normally necessitate extensive planning and study. Any information about the target organization's executives, workers, customers, business partners, and potential business partners, for example, will aid the attacker in persuading the employee to hand over the funds depicted in figure 21. BEC assaults are one of the most expensive types of cyber-attacks.

Cryptojacking
Cryptojacking is when hackers get access to a user's computer or device and use it to mine cryptocurrency like Bitcoin. Although crypto jacking is less well-known than other attack vectors, it should not be overlooked, as demonstrated in figure 22. When it comes to this form of assault, organisations don't have a lot of visibility, which means a hacker may be mining crypto currencies using valuable network resources without the organization's knowledge. The draining resources from a company"s network are significantly less troublesome than stealing sensitive information.

Drive-by Attack
A 'drive-by-download' assault occurs when an unwitting victim accesses a website that then infects their computer with malware. The website in question could be one that the attacker controls directly or one that has been hacked. Malware is sometimes embedded in content such as banners and adverts. These days exploit kits are available which allow novice hackers to easily setup malicious websites or distribute malicious content through other means.

Password Attack
As you may have guessed, a password attack is a form of cyber-attack in which an attacker attempts to guess, or "crack," a user's password. Although a description of these numerous ways is beyond the scope of this article, there are many distinct techniques for cracking a user's password. The Brute-Force assault, Dictionary attack, Rainbow Table attack, Credential Stuffing, Password Spraying, and Key logger attack are only a few examples. Of course, attackers will attempt to get a user's password via Phishing tactics.

Eavesdropping Attack
An eavesdropping attack, sometimes known as "snooping" or "sniffing", occurs when an attacker searches for unsecured network connections to intercept and access data being transferred across the network [111]. Employees are required to use a VPN when accessing the company network from an insecure public Wi-Fi hotspot for this reason. Interception of network communication is used in eavesdropping attacks. Passwords, credit card numbers, and other personal information that a user may be sending over the network can be obtained by eavesdropping. Eavesdropping can be done in two ways: passively or actively. The hacker identifies the information by listening to the network message transmission in passive eavesdropping. In active eavesdropping, a hacker disguises himself as a friendly unit and sends inquiries to transmitters to obtain information. Probing, scanning, or meddling is all terms for the same thing.

IoT Based Attacks
As things stand, IoT devices are less secure than most modern operating systems, and hackers are eager to take advantage of these flaws. The internet of things, like AI, is still a relatively new idea, thus we have yet to see what tactics cybercriminals will employ to attack IoT devices [112], and for what purposes. Hackers might go after medical equipment, security systems, and smart thermometers, or they could try to exploit IoT devices to conduct large-scale DDoS attacks.

Whaling Attack
A whaling attack is a strategy used by cybercriminals to impersonate a key player in a company and directly target senior or other important employees with the goal of stealing money or sensitive information, or gaining access to their computer systems for illicit purposes. Also known as CEO fraud, whaling is similar to phishing in that it uses methods such as email and website spoofing to trick a target into performing specific actions, such as revealing sensitive data or transferring money.

VIII. Classification of Cyber Attackers
We now live in the digital age. The majority of individuals nowadays utilise computers and the internet. Because of our reliance on digital devices, unlawful computer activity is on the rise and changing much like any other sort of crime. Despite the fact that the goal of a cyber-attack is always malevolent, the hacker may utilise a variety of tools and strategies to carry it out [113]. An exploitation of computer systems and networks is referred to as a cyber-attack. It employs harmful code to change computer code, logic, or data, resulting in criminality such as data and identity theft. The following are the different types of cyberattacks.

Cyber Criminals
This is the most well-known and active type of assailant. They are individuals or groups of individuals who seek to monetize company information, customer data, or other sensitive data on the dark web [114]. They use sophisticated tools and procedures, as well as computer/mobile devices, to carry out intelligent, difficultto-detect harmful cyber-attacks.

Hacktivists
They want to spread a non-financial message. They may carry out an attack in order to strengthen their belief system, which could be a political agenda, social ideology, religious ideology, or a cause that they want to be known for through their online misbehaviour. Hacktivism is a form of digital disobedience, according to Dan Lohrmann, chief security officer for Security Mentor, a national security training firm that works with states. It's hacking for a cause. Hacktivists are not like cybercriminals who hack computer networks to steal data for the cash. Depending on the political beliefs they hold, they can be described as progressive, ethical, or plain disruptions among other categories.

State Sponsored Attackers
They use the assistance of their home country to launch cyber assaults against a specific country in order to undermine its social, economic, or military government. The attackers in this category are not in a rush. The government [115] employs highly competent hackers who specialise in finding and exploiting flaws before they are patched. Due to the immense resources at their disposal, defeating these attackers is extremely difficult. They could even carry out lone wolf attacks to demonstrate their support to a specific state.

Insider Threats
The insider threat is a threat to a company's security or data that originates from within the company. They are difficult to identify and avoid because of the trust aspect involved. They come from workers, contractors, and third-party affiliates of a business. These attacks could be malevolent, unintentional, or the result of carelessness. Insider threats are classified as follows.

Malicious
Insider threats are attempts by an insider to gain access to an organization's data, systems, or IT infrastructure with the intent of causing harm. Insider threats are frequently attributed to disgruntled employees or ex-employees who believe the organisation has wronged them in some way and believe they are justified in seeking retaliation. When malevolent outsiders use financial incentives or extortion to masquerade insiders, they can pose a threat.

Accidental
Insider threats are threats that are made by mistake by insider employees. In this type of hazard, an employee may accidently delete critical files or share confidential information with a business partner in violation of corporate policy or legal requirements. These are dangers in which employees attempt to circumvent the policies set in place by a company to protect endpoints and valuable data. Employees may try to share work on public cloud services so that they can work from home if their employers have tight regulations for external file sharing. Although there is nothing wrong with these actions, they can expose you to serious hazards. Furthermore, based on the attack's end-point, cyber-attacks are divided into two categories.

Web Based Attacks
These are the types of assaults that take place on a website or a web application. To harvest credentials, skim visitor payment details, or infect computers with malware or ransomware, web-based attacks use browsers and their extensions, websites, content management systems, and IT components of web services [116] and applications. Malicious JavaScript code was injected into both British Airways and Ticketmaster's websites, resulting in recent data breaches.

System Based Attacks
If the goal of the assault is to compromise node(s) & system(s) in a network, it is a system-based cyberattack.

IX. Cyber Security Framework
Because data is the most valuable asset, data security has become a worldwide priority. Data breaches and security flaws might jeopardise the global economy. The development of a cyber-security framework to help mitigate cyber hazards is required for national and economic security [117]. Security of vital systems and data is currently an issue for businesses of all sizes, industries, and business contexts. An organisation needs a strategic, well-thought-out cyber security plan to protect its critical infrastructure and information systems in order to address these problems. As a result, businesses should seek help from cyber security frameworks. When used correctly, a cyber-security framework allows IT security directors to more effectively manage their companies' cyber threats. A company might use an existing cyber security framework or create one from scratch to match its specific demands. Various cyber security groups (including some government bodies) produce these frameworks to serve as guidance for organisations looking to improve their cyber security. A cyber security framework is a set of documents that define an organization's best practises for managing cyber security risk. Such frameworks lower a company's vulnerability exposure. Any cyber security framework will outline how to implement a five-step cyber security approach in detail. The Cyber Security Framework (CSF) is a set of rules that private sector firms can use to detect, identify, and respond to cyber threats. Cyber security frameworks have the potential to become instruments for enforcing government security legislation [118]. The framework also contains guidance to assist businesses in preventing and recovering from cyber-attacks. Even those designed by governments, most cyber security regimes are not mandated. NIST's cyber security Framework, version 1.1 of which was issued in April of 2018, is one of the most popular of these. This paradigm has been mandated for use within US federal agencies and is gaining traction worldwide, including voluntary adoption [119] by banks, energy businesses, defence contractors, and communications firms. Now we'll go through the five primary roles of the cyber security framework, which are depicted in figure 23. EC-2021-694  Identify: To manage cyber security risk to systems, assets, data, and capabilities, companies must first understand their environments.
 Detect: Organizations must put in place the necessary procedures to detect cyber security incidents as quickly as feasible.
 Protect: Organizations must create and put in place suitable controls to limit or contain the consequences of potential cyber security incidents.
 Respond: Businesses must be able to build reaction plans to mitigate the effects of cyber-attacks.
 Recover: Businesses must devise and implement effective strategies for restoring capabilities or services that have been harmed as a result of cyber security incidents.
The cyber security Framework is intended for businesses of all sizes, divisions, and stages of development.
The framework was created with flexibility in mind. The framework can be customised to be utilised by any organisation thanks to the built-in customisation option.

Components of Cyber Security Framework
The cyber security Framework consists of three main components shown in figure 24.

Framework Core
It provides a list of needed cyber security exercises as well as their outcomes in plain English. The Core helps organisations manage and reduce their cyber security risks in a way that complements their existing cyber security and risk management processes. The core is a collection of desirable cyber security activities and outputs that have been categorised into categories and linked to informative references [120]. The framework core is intended to be intuitive and to serve as a translation layer, allowing multidisciplinary teams to communicate using simple, non-technical language. Functions, Categories, and Subcategories are the three sections of the core.

Implementation Tiers
It assists organisations by defining how they approach cyber security risk management. The tiers assist organisations in determining the appropriate amount of detail for their cyber security programme and are frequently used as a specialised tool to discuss risk appetite, mission necessity, and budget. Tiers show how well an organization's cyber security risk management processes adhere to the Framework's criteria. Tiers vary from Partial (Tier 1) to Adaptive (Tier 4) and define an increasing level of rigour, as well as how well cyber security risk judgments [121] are integrated into broader risk decisions and the extent to which the company provides and receives cyber security information from third parties. Tiers do not always correspond to maturity levels. Organizations should define the intended Tier, ensuring that it satisfies business goals, minimises cyber security risk to acceptable levels, and is fiscally and logistically practical to implement.

Profiles
Profiles are an organization's unique arrangement of organisational requirements, goals, and assets in relation to the Framework Core's desired outcomes. Profiles are primarily used to identify and categorise open doors for improving an organization's cyber security. Profiles are the unique alignment of an organization's organisational goals and objectives, risk appetite, and resources with the Framework Core's desired outcomes. By comparing a "Current" Profile to a "Target" Profile, a "Current" Profile can be utilised to discover possibilities for strengthening cyber security posture. The goal of profiles is to improve the cyber security framework so that it can best serve the enterprise.

X. Cyber Security Tools
Protecting hardware, software, and data from hackers is referred to as cyber security. It guards against cyber-attacks such as gaining access to, altering, or destroying sensitive data. Cyber-attacks have the capacity to bring an entire country to its knees. As a result, protecting these networks is not an option, but a requirement [122]. It is critical that every firm be informed of the potentially dangerous security attacks and that they be kept secure. Many various components of cyber protection may need to be taken into account. Many cyber security technologies exist that can do a privacy audit on all software, as well as discover and remove the most recent risks [123]. These cyber security solutions assist you in controlling file access and performing forensic investigation. Here are six critical technologies and services that every company should consider to provide the best possible cyber protection.

Firewalls
The firewall, as we all know, is at the heart of security technologies, and it has evolved into one of the most critical security tools. Its job is to keep unauthorised users from accessing or leaving a private network. It can take the form of hardware, software, or a hybrid of the two. Unauthorized internet users are prevented from accessing private networks connected to the Internet via firewalls [124]. The firewall filters all messages entering and leaving the intranet. Each message is examined by the firewall, and those that do not fit the set security standards are blocked.

Antivirus Software
Antivirus software is a programme that prevents, detects, and removes viruses and other malware from personal computers, networks, and IT systems. Trojan horses, worms, keyloggers, browser hijackers, rootkits, spyware, botnets, adware, and ransomware are among the threats and viruses that it protects our machines and networks from. Most antivirus software includes an auto-update capability that allows the system to scan for new viruses and threats on a regular basis. It also offers other services like email scanning to ensure that emails are free of harmful attachments and web links.

PKI Services
Public Key Infrastructure (PKI) is an acronym for Public Key Infrastructure. This programme allows you to distribute and identify public encryption keys. It allows individuals and computers to securely communicate data over the internet while also verifying the other party's identity. We can also exchange sensitive information without PKI, but in that case, there would be no assurance of the authentication of the other party. The people associate [125] PKI with SSL or TLS. It is the technology which encrypts the server communication and is responsible for HTTPS and padlock that we can see in our browser address bar. PKI solve many numbers of cyber security problems and deserves a place in the organization security suite.

Cyber Security Software Tool
Without a solid cyber security staff, no firm can avoid cyber dangers and security challenges nowadays.
Hackers are constantly on the lookout for security flaws in order to exploit them and put companies in jeopardy. India is ranked third among the top ten countries most frequently attacked by cyber criminals.
When it comes to the safeguarding of sensitive and private data held by enterprises and individuals, cyber security software plays a critical role. Table 1 summarises the main types of cyber security software tools discussed in this section. EC-2021-697 safety and security. There are also network security utility tools used in penetration testing, such as network mappers, packet analyser"s, and port scanners, which allow system administrators and security professionals to identify the vulnerabilities threat actors can use to exploit your network with DDoS attacks and more.

Managed Detection and Response Service (MDR)
To break an organization's security, today's cybercriminals and hackers employ more modern techniques and tools. As a result, it is necessary for all firms to employ more powerful cyber security defences. Threat hunting, threat intelligence, security monitoring, incident analysis, and incident response are all part of MDR's advanced security solution. It's a service that was created to help organisations (with limited resources) become more aware of hazards and increase their ability to recognise and respond to threats. MDR also employs AI and machine learning to research, auto-detect dangers, and orchestrate responses in order to achieve faster results.

Penetration Testing
Penetration testing, often known as pen-testing, is a method of evaluating a company's security systems and the security of its IT infrastructure by safely exploiting weaknesses. These flaws can be found in operating systems, services, and applications, as well as in incorrect setups and unsafe end-user behaviour. Cyber security pros will conduct penetration testing using the same tools and processes used by criminal hackers to look for potential dangers and flaws [126]. A pen test simulates the kind of attacks that criminal hackers might launch against a company, such as password cracking, code injection, and phishing. A simulated realworld attack on a network or application is involved. This test can examine servers, online applications, network devices, endpoints, wireless networks, mobile devices, and other potential points of vulnerability using manual or automated technologies. Once the pen test has been completed successfully, the testers will present us with their results and may be able to assist us by recommending system adjustments.

Web Vulnerability Scanning Tools
Vulnerability on the Internet Scanning tools are automated programmes that analyse your organization's web applications for security flaws including SQL injection, command injection, path traversal, cross-site scripting, and unsecured server setup. Your Web Vulnerability Scanning tools should provide you with a detailed report after the scan which includes a list of vulnerabilities, detailed explanations of risks and vulnerabilities, and recommendations for remediation.

Staff Training
Staff training is not a "cyber security instrument," but it is one of the most effective kinds of defence against cyber-attacks to have knowledgeable personnel who understand cyber security. There are numerous training options available now that may teach employees about the finest cyber security procedures. Every company can use these training tools to teach its employees about cyber security and their role in it. We all know that cyber thieves are constantly improving their methods and level of expertise in order to break into firms' security. It has become critical for businesses to invest in training tools and services. If they fail to do so, they risk putting the company in a situation where hackers can simply target their security system. As a result, the cost of investing in these training tools may provide a long-term payback for the corporate organisation in terms of security and safety.

XI. Cyber Security Challenges
Cyber security is becoming a critical part of the country's overall national and economic security plans. The key to overcoming cyber security difficulties is to remain ahead of the game by adopting proactive measures before adversaries [126] exploit the system. It serves a crucial role in protecting our privacy in this day of digitization, when hackers are becoming increasingly sophisticated. We hear about threats like ransomware, phishing, vulnerability exploitation, IoT-based attacks, and so on every day. Cloud infrastructure is going online with the help of the internet, making it vulnerable to a variety of attacks and data breaches. Easy Jet is the most prominent case, with hackers gaining access to the travel records of 9 million customers. Client phone numbers email addresses, personal correspondence, contracts, and non-disclosure agreements with advertising and modelling firms are all said to have been obtained by the hackers. EC-2021-698 the fines. As a result, security analysts face numerous issues linked to cyber security, such as securing government classified data, securing private company servers, and so on. Ransomware, phishing assaults, malware attacks, and other cyber security concerns [128] arise in a variety of forms. India is ranked 11th in the world in terms of local cyber-attacks, with 2,299,682 instances reported in the first quarter of 2020. The most recent significant cyber security challenges are discussed in the section below.

IoT Threats
The Internet of Things (IoT) is a term that refers to a network of connected devices. It is a network of interconnected physical devices that may be accessed over the internet. The connected physical devices are given a unique identification (UID) and can communicate data over a network without the need for humanto-human or human-to-computer contact. Consumers and organisations are especially vulnerable to cyberattacks due to the firmware and software that runs on IoT devices. By 2021, IoT [129] Analytics predicts that there will be 11.6 billion IoT devices on the market. IoT devices are computational, digital, and mechanical devices that can send data over the internet on their own. Desktops, laptops, mobile phones, smart security devices, and other IoT devices are examples. As the popularity of IoT devices grows at an unprecedented rate, so are the cyber security challenges. When IoT devices are built, they are not designed with cyber security and commercial reasons in mind. To assist manage the risk, every firm should collaborate with cyber security experts [130] to ensure the security of their password rules, session handling, user verification, multifactor authentication, and security procedures. The compromise of sensitive user data can occur when IoT devices are attacked. Safeguarding IoT devices is one of the biggest challenges in Cyber Security, as gaining access to these devices can open the doors for other malicious attacks.

Ransomware Evolution
Ransomware is a sort of software that encrypts data on a victim's computer and demands payment before the data may be freed. The victim's access rights were restored after a successful payment. Cyber security, data experts, IT, and executives all fear ransomware [131]. Ransomware attacks have grown in popularity in recent years, and in 2020, they will be one of India's most significant Cyber Security threats. Ransomware attacks are dangerous for individual users, but they're much more dangerous for organisations that can't access the data they need to conduct their day-to-day operations. In most ransomware assaults, however, the attackers refuse to release the data even after payment is received, instead attempting to extort more money.
With DRaaS solutions, we can back up our files automatically, simply identify which backup is clean, and initiate a fail-over with a single button press when malicious attacks harm our data.

Blockchain and Cryptocurrency Attacks
The most important invention in the computing era is Blockchain technology. We now have a truly native digital medium for peer-to-peer value exchange for the first time in human history. The Blockchain is a technology that allows for the creation of cryptocurrency such as Bitcoin.

Server less Apps Vulnerability
Server less architecture and apps are applications that rely on third-party cloud infrastructure or a back-end service like Google Cloud Functions, Amazon Web Services Lambda, and other similar services. Because users access the application locally or off-server on their device, server less apps encourage cyber criminals to quickly distribute threats on their system. As a result, while utilising a server less application, it is the user's obligation to take security precautions. The servers less apps do nothing to deter attackers from accessing our information. If an attacker acquires access to our data through vulnerability such as leaked credentials, a compromised insider, or any other means other than server less, the server less application will not help. We can use software in conjunction with an application to give us the best chance of defeating cybercriminals. The size of server less apps is often tiny. It enables developers to quickly and simply start their applications. They don't need to worry about the underlying infrastructure. The web-services and data processing tools are examples of the most common server less apps.

Artificial Intelligence & Machine Learning Expansion
Machine Learning and Artificial Intelligence technologies have shown to be extremely advantageous for significant progress in a variety of fields [133], but they also have flaws. It is a branch of computer science concerned with the building of intelligent machines that function and react in the same way as humans do. Speech recognition, learning, planning, problem-solving, and other artificial intelligence operations are only a few examples. The ability to protect and defend an environment when a malicious attack begins, thus mitigating the impact, is one of the key benefits of incorporating artificial intelligence into our cyber security strategy. Unlawful individuals can use these technologies to carry out cyber-attacks and represent a threat to enterprises. These algorithms can be used to find high-value targets in a vast dataset. Attacks on machine learning and artificial intelligence are also a major worry in India. Due to our country's lack of Cyber Security knowledge, a sophisticated attack may prove too difficult to handle. Artificial intelligence responds quickly to hostile attacks when they threaten a company's operations. After a lot of research and modelling, artificial intelligence may identify anomalies in behaviour patterns that can be used as a defensive tool, but regrettably, hackers, phishers, and thieves can use the same techniques to carry out a cyber-attack.

BYOD Policies
For its employees, most companies offer a Bring-Your-Own-Device policy. Having such systems creates a slew of problems in terms of cyber security. To begin with, if the gadget is running an out-of-date or pirated version of the software, it is already a prime target for hackers. Hackers can readily obtain confidential corporate data because the method is utilized for both personal and professional purposes. Second, if their security is hacked, these devices make it easier to gain access to your private network. Thus, organizations should let go of BYOD policies and provide secure devices to the employees, as such systems possess enormous challenges of Computer Security and network compromise.

Cloud Risks
Cloud services are used by the majority of people nowadays for both personal and professional purposes. Due to the flexibility and costs associated with older data centers, businesses are migrating their critical data [64] to the cloud. Moving data to the cloud necessitates adequate configuration and security procedures, or else you risk slipping into a trap. Cloud service providers only secure their platform; protecting a company's infrastructure against theft and destruction in the cloud is the responsibility of the firm. Firewalls, multi-factor authentication, Virtual Private Networks (VPNs), and other cloud security solutions are available. In summary, the organization must implement procedures and technology to protect itself from both external and internal dangers.

Technical Skills Gap
When thieves can simply clone identities for any fraud and hackers may exploit any weakness in 2020, the problem will only get worse unless there are an equal amount of resources with the proper capabilities to deal with it. Companies must invest in existing staff training and acquire new resources to assess network dangers in order to avert cyber-attacks. Companies will lose millions of dollars if this does not happen. For navigating threats, education and experience are essential. The IT manager's job is to provide instructional training to enable employees comprehend the security posture of the firm. Describe your company's strengths and weaknesses, as well as how you're actively addressing security flaws. This training should emphasis the roles of your employees in your company's security policy. Companies are investing extensively in making the system more secure, but deploying these new advanced technologies need access to highly qualified technical resources with hands-on experience.

Out-Dated Hardware
Not all cyber security threats take the form of software attacks. As software developers become more aware of the dangers of software vulnerabilities, they provide regular updates. However, these new updates might not be compatible with the hardware of the device. This is what leads to outdated hardware, wherein the hardware isn"t advanced enough to run the latest software versions. This leaves such devices on an older version of the software, making them highly susceptible to cyberattacks.

Biometric Authentication
Biometric authentication is becoming increasingly used as a cutting-edge cyber security solution. While some see biometrics as a novel and effective tool to improve company security, others see it as a potential threat. Biometric identification can take numerous forms, from simple fingertip scanning to more advanced voice, iris, or facial recognition [134]. Many people feel that biometric systems are nearly impossible to hack because the data is impossible to guess and is unique to each user. As a result, it appears to be a better single-factor authentication solution and a fantastic addition to a multi-factor authentication system. Biometric systems, on the other hand, have disadvantages. Biometric information, like a user's login and password, can still be stolen or duplicated, which is a serious issue. In contrast to a password, the user cannot modify their iris scans or obtain a new face. This creates new challenges for cyber security professionals in the future.

5G Technology
The benefits of 5G technology will be enormous, including improved performance and speed, decreased latency, and increased efficiency. One of the most likely and well-known benefits of 5G technology is that it will enable even more IoT devices to connect to the internet and support more connections between them [135]. This would allow consumers to connect to or monitor their IoT devices remotely over the internet, implying that cyber-attacks are possible. As a result, IoT devices and sensors will require increasingly complex authentication in order to prevent unwanted access. It will, however, come with hazards. To avoid widespread service disruptions, malicious exploitation of IoT devices, and millions, if not billions, of dollars in losses, it is now unavoidable to address the 5G security issue. The 5G standard will result in greater 5G security risks and a wider, diverse attack surface due to the massive number of devices and the impending use of virtualization and the cloud. To comprehend a healthy and strong communications future, the industry needs to preserve a laser focus on 5G security.

Mobile App Risks
Mobile app development has become a critical component of any company's success. As mobile apps have become more popular among consumers, it's become even more vital for developers to make app security as important as the app's functions. Security is critical in mobile apps, as the data included within the app may be jeopardised if suitable security precautions are not implemented throughout app development. Furthermore, the rising use of mobile applications has resulted in increased susceptibility. Hackers nowadays are interested in obtaining personal information from consumers for their own gain. As a result, when developing apps for the Android and iOS platforms, developers must exercise greater caution. There are various app development platforms available, but none of them can guarantee complete virus security for your app. More Android apps have been discovered to be infested with malware or having flawed code that thieves might exploit. App developers have been known to skip or undertake minimal testing on their apps. A lack of testing, on the other hand, can lead to a data breach. The source code of a mobile app may incorporate code from third-party libraries. Use any library only after thoroughly testing it, as some libraries may be dangerous. Without decryption, we can change the transmitted data into a form that no one else can read. Hackers frequently infect a mobile app through vulnerable source code. Hence, it is important to implement mobile app security best practices when writing code.

Bluetooth Evolution
People have been using Bluetooth technology to connect their devices and transfer data in a simple manner. Bluetooth has a number of advantages and benefits, but they do not come without risk. Authorization, authentication, and optional encryption are all part of Bluetooth security. The act of verifying the identity of one Bluetooth-enabled device to another is known as authentication. The giving or refusing of Bluetooth connection access to resources or services from the requesting device is known as authorization. Encryption is the process of converting data into a secret code that cannot be read by eavesdroppers. Bluetooth [136] connections, like any other internet connections, have significant flaws. This is especially true these days, when data hackers are lurking around every corner, waiting to prey on unwary Smartphone users. Blue bugging is a technique in which a hacker gains access to your Bluetooth-enabled phone and uses it to make unwanted calls and send text messages without your awareness. In Blue jacking hackers using your phone to create a malicious phonebook contact and then using that contact to send harmful text messages to your phone. And because the contact is already trusted by your phone, the messages will be opened up automatically, stealing your data in the process. Currently viruses and worms is very common these days for Smartphone users to unknowingly download apps that contain malware and other damaging files. Sometimes you will simply mistype a URL and you end up in a phishing site or download an app and it brings along a harmful malware. These viruses can open up your Bluetooth and attack your shared files. In Bluesnarfing hacker gains access to your Smartphone by connecting to your network, then proceed to copy personal data from your phone applications.

Recommendation Systems Evolution
Users are increasingly using recommendation systems to expose themselves to the entire digital world via the lens of their experiences, behaviours, preferences, and interests [137]. A recommendation engine is a system that, based on data analysis, proposes products, services, and information to users. The recommendation might be based on a number of criteria, including the user's history and the behaviour of similar users. To arrive at a [138] recommendation, collaborative filtering leverages data from the client and other users who share similar characteristics. Filtering based on the content or attributes of the products you prefer is known as content-based filtering. The goal behind content-based filtering is to classify products with specific keywords, learn what the customer likes, look up those terms in the database, and then recommend similar things. When service providers collect more and more personal information, the public's privacy is jeopardised [139]. Malicious users who seek to skew the suggestions could target the service providers. Commercial recommender systems are frequently required to process large amounts of data in real time nowadays. Using cryptographic techniques to ensure privacy will be a huge issue. [140] has taken things a step further by relying heavily on a user's friends to generate recommendations. However, this will necessitate the service provider creating/maintaining a social network for all of its customers, which may not be a simple task [141]. The other issue is the flawed security models that are typically based on semi-honest attackers. For example, [142] demonstrated that [143] offline recommendation mechanism is subject to key recovery attacks. To acquire these functionalities in reality, service providers must track user behaviour. The bulk of existing solutions are only concerned with protecting the [144] rating vectors for users. Existing privacy-protection technologies, such as anti-tracking techniques, may be integrated to give consumers with more privacy protection. Regrettably, it may not be so simple.
Finally, we may take basic steps to protect our devices and data against cyber threats [145] by using the most up-to-date hardware and software for our digital needs. We'll also need to take more advanced precautions, such as setting up a firewall to add an extra layer of security.

XII. Conclusion
With the rapid advancement of technology, our lives are becoming increasingly digitalized. People now live in a cyber-world where all data and information is stored digitally and online. Whether it's for business, education, shopping, or banking, practically everything is now done online. The focus on cyber security is frequently on attempting to characterize the problem and determine the genuine threat level. All individuals, professionals, legislators, and, more broadly, all decision makers are concerned about cyber security. Cyber security is critical to the advancement of both information technology and Internet services. Cyber-attacks will be on the rise in 2021-22, and not just from the solitary hackers we've come to associate with them, but also from nation-state actors looking to steal data from governments and organizations. Because cyberspace has no borders, a nation's cyberspace is a component of the global cyberspace and cannot be isolated to define its bounds. It has never been easy to maintain cyber security. And, because assaults are becoming more innovative every day, it's vital to define cyber security and determine what constitutes excellent cyber security. Cyber security is a technology that was designed to protect data and information systems kept on computers. This paper comprehensive review covers cyber security, its history, and many types of cyber