Navigating the Cyber Threat Landscape: A Comprehensive Analysis of Attacks and Security in the Digital Age

  • Akinul Islam Jony American International University-Bangladesh https://orcid.org/0000-0002-2942-6780
  • Sultanul Arifeen Hamim American International University-Bangladesh
DOI: https://doi.org/10.30996/jitcs.9715
Keywords: Attacks, cybersecurity, information security, systematic review, threats

Abstract

In this contemporary digital age, cybersecurity stands as a crucial linchpin amid the expanding role of technology in our lives, encountering numerous challenges. This review addresses the imperative need for robust cybersecurity measures as malicious actors continually innovate methods to exploit vulnerabilities in computer systems, networks, and data. The exploration delves into the multifaceted realm of cybersecurity attacks, unveiling the evolving threat landscape and their profound implications. From cybercriminals utilizing phishing attacks to the covert tactics of malware and the disruptive potential of Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks, including Phishing, Zero-Day Exploits, Man-in-the-Middle, and SQL Injection Attacks, the cybersecurity battleground is ever-expanding. The study systematically categorizes cyber threats, scrutinizes their distinctive characteristics, and elucidates the modus operandi of each attack type. Through a meticulous dissection of cybercriminal methods and motivations and a comprehensive evaluation of countermeasure efficacy, this review offers indispensable insights for securing our digital future in an era marked by escalating interconnectivity and technological dependence.

Downloads

Download data is not yet available.

Author Biographies

Akinul Islam Jony, American International University-Bangladesh

Department of Computer Science

Sultanul Arifeen Hamim, American International University-Bangladesh

Department of Computer Science

References

Abdullayev, V., & Chauhan, A. S. (2023). SQL Injection Attack: Quick View. Mesopotamian Journal of Cyber Security., 2023, 30–34.

Abu, M. S., Selamat, S. R., Ariffin, A., & Yusof, R. (2018). Cyber Threat Intelligence – Issue and Challenges. Indonesian Journal of Electrical Engineering and Computer Science, 10(1), 371–379. https://doi.org/10.11591/ijeecs.v10.i1.pp371-379

Aleroud, A., & Zhou, L. (2017). Phishing environments, techniques, and countermeasures: A survey. Computers & Security, 68, 160–196. https://doi.org/10.1016/j.cose.2017.04.006

Alghamdi, M. I. (2021). WITHDRAWN: Determining the impact of cyber security awareness on employee behaviour: A case of Saudi Arabia. Materials Today: Proceedings. https://doi.org/10.1016/j.matpr.2021.04.093

Alkhalil, Z., Hewage, C., Nawaf, L., & Khan, I. (2021). Phishing Attacks: A Recent Comprehensive Study and a New Anatomy. Frontiers in Computer Science, 3. https://doi.org/10.3389/fcomp.2021.563060

Altulaihan, E., Almaiah, M. A., & Aljughaiman, A. (2022). Cybersecurity Threats, Countermeasures and Mitigation Techniques on the IoT: Future Research Directions. Electronics, 11, 3330.

Ashraf, I., Park, Y., Hur, S., Kim, S. W., Alroobaea, R., Zikria, Y. Bin, & Nosheen, S. (2023). A Survey on Cyber Security Threats in IoT-Enabled Maritime Industry. IEEE Transactions on Intelligent Transportation Systems, 24(2), 2677–2690.

Aslan, Ö., & Samet, R. (2020). A Comprehensive Review on Malware Detection Approaches. IEEE Access, 8, 6249–6271. https://doi.org/10.1109/ACCESS.2019.2963724

Bilge, L., & Dumitras, T. (2012). Before We Knew It: An Empirical Study of Zero-Day Attacks In The Real World. CCS ’12: Proceedings of the 2012 ACM Conference on Computer and Communications Security, 833–844.

Blaise, A., Bouet, M., Conan, V., & Secci, S. (2020). Detection of zero-day attacks: An unsupervised port-based approach. Computer Networks, 180, 107391. https://doi.org/10.1016/j.comnet.2020.107391

Bridges, L. (2008). The changing face of malware. Network Security, 2008(1), 17–20.

Brown, S., Gommers, J., & Serrano, O. (2015). From Cyber Security Information Sharing to Threat Management. WISCS ’15: Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security, 43–49.

Cavelty, M. D. (2010). Cyberwar: Concept, Status Quo, and Limitations. CSS Analyses in Security Policy, 71. https://doi.org/https://doi.org/10.3929/ethz-a-006122108

Chiew, K. L., Yong, K. S. C., & Tan, C. L. (2018). A survey of phishing attacks: Their types, vectors and technical approaches. Expert Systems with Applications, 106, 1–20. https://doi.org/10.1016/j.eswa.2018.03.050

Clarke, J. (2009). SQL Injection Attacks and Defense. Elsevier. https://doi.org/10.1016/B978-1-59-749963-7.00001-3

Conti, M., Dragoni, N., & Lesyk, V. (2016). A Survey of Man In The Middle Attacks. IEEE Communications Surveys & Tutorials, 18(3), 2027–2051.

Djenna, A., Harous, S., & Saidouni, D. E. (2021). Internet of Things Meet Internet of Threats: New Concern Cyber Security Issues of Critical Cyber Infrastructure. Applied Sciences, 11(10), 4580.

Fredj, O. Ben, Cheikhrouhou, O., Krichen, M., Hamam, H., & Derhab, A. (2021). An OWASP Top Ten Driven Survey on Web Application Protection Methods. International Conference on Risks and Security of Internet and Systems, 235–252. https://doi.org/10.1007/978-3-030-68887-5

Furnell, S., & Shah, J. N. (2020). Home working and cyber security – an outbreak of unpreparedness? Computer Fraud & Security, 2020(8), 6–12. https://doi.org/10.1016/S1361-3723(20)30084-1

Ghelani, D. (2022). Cyber Security, Cyber Threats, Implications and Future Perspectives: A Review. American Journal of Science, Engineering and Technology, 3(6), 12–19. https://doi.org/10.11648/j.XXXX.2022XXXX.XX

Ghimire, B., & Rawat, D. B. (2022). Recent Advances on Federated Learning for Cybersecurity and Cybersecurity for Federated Learning for Internet of Things. IEEE Internet of Things Journal, 9(11), 8229–8249. https://doi.org/10.1109/JIOT.2022.3150363

Gniewkowski, M. (2020). An Overview of DoS and DDoS Attack Detection Techniques. International Conference on Dependability and Complex Systems.

Haataja, K. M. J., & Hypponen, K. (2008). Man-In-The-Middle attacks on bluetooth: a comparative analysis, a novel attack, and countermeasures. 2008 3rd International Symposium on Communications, Control and Signal Processing, 1096–1102.

Halfond, W. G. J., Viegas, J., & Orso, A. (2006). A Classification of SQL Injection Attacks and Countermeasures.

Hart, S., Margheri, A., Paci, F., & Sassone, V. (2020). Riskio: A Serious Game for Cyber Security Awareness and Education. Computers & Security, 95, 101827. https://doi.org/10.1016/j.cose.2020.101827

Hawamleh, A. M. AL, Alorfi, A. S., Al-Gasawneh, J. A., & Al-Rawashdeh, G. (2020). Cyber Security and Ethical Hacking: The Importance of Protecting User Data. Solid State Technology, 63(5).

Hayzelden, A. L. G., Bigham, J., Wooldridge, M., & Cuthbert, L. G. (1999). Future Communication Networks using Software Agents. In Software Agents for Future Communication Systems (p. 1999).

Jain, A. K., & Gupta, B. B. (2022). A survey of phishing attack techniques, defence mechanisms and open research challenges. Enterprise Information Systems, 16(400), 527–565. https://doi.org/10.1080/17517575.2021.1896786

Jony, A. I., & Arnob, A. K. B. (2024). A long short-term memory based approach fordetecting cyber attacks in IoT using CIC-IoT2023dataset. Journal of Edge Computing.

Kalaharsha, P., & Mehtre, B. M. (2021). Detecting Phishing Sites - An Overview.

Karbasi, A., & Farhadi, A. (2021). A cyber-physical system for building automation and control based on a distributed MPC with an efficient method for communication. European Journal of Control, 61, 151–170. https://doi.org/10.1016/j.ejcon.2021.04.008

Kaur, J., & Ramkumar, K. . R. (2022). The recent trends in cyber security: A review. Journal of King Saud University - Computer and Information Sciences, 34(8), 5766–5781. https://doi.org/10.1016/j.jksuci.2021.01.018

Khan, S. K., Shiwakoti, N., Stasinopoulos, P., & Chen, Y. (2020). Cyber-attacks in the next-generation cars, mitigation techniques, anticipated readiness and future directions. Accident Analysis and Prevention, 148, 105837. https://doi.org/10.1016/j.aap.2020.105837

Korom, P. (2019). A bibliometric visualization of the economics and sociology of wealth inequality: a world apart? Scientometrics, 118, 849–868. https://doi.org/10.1007/s11192-018-03000-z

Kotenko, I., Izrailov, K., & Buinevich, M. (2022). Static Analysis of Information Systems for IoT Cyber Security: A Survey of Machine Learning Approaches. Sensors, 22(4), 1335.

Kraus, S., Breier, M., & Dasí-Rodríguez, S. (2020). The art of crafting a systematic literature review in entrepreneurship research. International Entrepreneurship and Management Journal, 16, 1023–1042.

Kraus, S., Breier, M., Lim, W. M., Dabić, M., Kumar, S., Kanbach, D., Mukherjee, D., Corvello, V., Piñeiro-Chousa, J., Liguori, E., Palacios-Marqués, D., Schiavone, F., Ferraris, A., Fernandes, C., & Ferreira, J. J. (2022). Literature reviews as independent studies: guidelines for academic practice. Review of Managerial Science, 16, 2577–2595.

Kraus, S., Durst, S., Ferreira, J. J., Veiga, P., Kailer, N., & Weinmann, A. (2022). Digital transformation in business and management research: An overview of the current status quo. International Journal of Information Management Volume, 63, 102466. https://doi.org/10.1016/j.ijinfomgt.2021.102466

Kumar, S., Kar, A. K., & Ilavarasan, P. V. (2021). Applications of text mining in services management: A systematic literature review. International Journal of Information Management Data Insights, 1(1), 100008. https://doi.org/10.1016/j.jjimei.2021.100008

Kuzlu, M., Fair, C., & Guler, O. (2021). Role of Artificial Intelligence in the Internet of Things (IoT) cybersecurity. Discover Internet of Things, 1(7). https://doi.org/10.1007/s43926-020-00001-4

Lee, I. (2020). Internet of Things (IoT) Cybersecurity: Literature Review and IoT Cyber Risk Management. Future Internet, 12(9), 157.

Liu, X., Zhang, J., Zhu, P., Tan, Q., & Yin, W. (2021). Quantitative cyber-physical security analysis methodology for industrial control systems based on incomplete information Bayesian game. Computers & Security, 102, 102138. https://doi.org/10.1016/j.cose.2020.102138

Ma, L., Zhang, Y., Yang, C., & Zhou, L. (2021). Security control for two-time-scale cyber physical systems with multiple transmission channels under DoS attacks: The input-to-state stability. Journal of the Franklin Institute, 358(12), 6309–6325. https://doi.org/10.1016/j.jfranklin.2021.05.017

McCarthy, A., Ghadafi, E., Andriotis, P., & Legg, P. (2022). Functionality-Preserving Adversarial Machine Learning for Robust Classification in Cybersecurity and Intrusion Detection Domains: A Survey. Journal of Cybersecurity and Privacy, 2(1), 154–190.

McGuire, M., & Dowling, S. (2013). Cyber crime: A review of the evidence.

Mehrpooya, M., Ghadimi, N., Marefati, M., & Ghorbanian, S. A. (2021). Numerical investigation of a new combined energy system includes parabolic dish solar collector, Stirling engine and thermoelectric device. International Journal of Energy Research, 1–20. https://doi.org/10.1002/er.6891

Mengidis, N., Tsikrika, T., Vrochidis, S., & Kompatsiaris, I. (2019). Blockchain and AI for the Next Generation Energy Grids: Cybersecurity Challenges and Opportunities. 43(1), 21–33.

, M. M., Unogwu, O. J., Filali, Y., Bala, I., & Al-Shahwani, H. (2023). Exploring the Top Five Evolving Threats in Cybersecurity: An In-Depth Overview. Mesopotamian Journal of Cyber Security, 57–63.

Miller, C. (2007). The Legitimate Vulnerability Market: The Secretive World of 0-Day Exploit Sales. Independent Security Evaluators. https://www.ise.io/wp-content/uploads/2019/11/cmiller_weis2007.pdf

Muckin, M., Fitch, S. C., & Lockheed Martin Corporation. (2019). A Threat-Driven Approach to Cyber Security: Methodologies, Practices and Tools to Enable a Functionally Integrated Cyber Security Organization.

Mulrow, C. D. (1994). Rationale for systematic reviews. BMJ, 309, 597–599.

Nasereddin, M., Khamaiseh, A. Al, Qasaimeh, M., & Qassas, R. Al. (2021). A systematic review of detection and prevention techniques of SQL injection attacks. Information Security Journal: A Global Perspective, 32(4), 252–265. https://doi.org/10.1080/19393555.2021.1995537

Nayak, G. N., & Samaddar, S. G. (2010). Different flavours of Man-In-The-Middle attack, consequences and feasible solutions. : : 2010 3rd International Conference on Computer Science and Information Technology, 491–495.

Oakley, A. (2002). Social Science and Evidence-based Everything: the case of education. Educational Review, 54(3). https://doi.org/10.1080/0013191022000016329

Ollmann, G. (2007). The Phishing Guide: Understanding & Preventing Phishing Attacks.

Or-Meir, O., Nissim, N., Elovici, Y., & Rokach, L. (2019). Dynamic Malware Analysis in the Modern Era—A State of the Art Survey. ACM Computing Surveys, 52(5). https://doi.org/10.1145/3329786

Ornaghi, A., & Valleri, M. (2003). Man in the middle Man in the middle attacks. Blackhat Conference.

Peng, T., Leckie, C., & Ramamohanarao, K. (2007). Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Computing Surveys, 39(1), 3–es. https://doi.org/10.1145/1216370.1216373

Prasad, K. M., Reddy, A. R. M., & Rao, K. V. (2014). DoS and DDoS Attacks: Defense, Detection and Traceback Mechanisms - A Survey. Global Journal of Computer Science and Technology, 14(7), 15–32.

Qabalin, M. K., Naser, M., & Alkasassbeh, M. (2022). Android Spyware Detection Using Machine Learning: A Novel Dataset. Sensors, 22(15), 5765.

Rahman, N. A. A., Sairi, I. H., Zizi, N. A. M., & Khalid, F. (2020). The Importance of Cybersecurity Education in School. International Journal of Information and Education Technology, 10(5), 378–382. https://doi.org/10.18178/ijiet.2020.10.5.1393

Razaulla, S., Fachkha, C., Markarian, C., Gawanmeh, A., Mansoor, W., Fung, B. C. M., & Assi, C. (2023). The Age of Ransomware: A Survey on the Evolution, Taxonomy, and Research Directions. IEEE Access, 11, 40698–40723. https://doi.org/10.1109/ACCESS.2023.3268535

Rzepka, C., & Berger, B. (2018). User Interaction with AI-enabled Systems: A Systematic Review of IS Research. Thirty Ninth International Conference on Information Systems.

Sadeghian, A., Zamani, M., & Abdullah, S. M. (2013). A Taxonomy of SQL Injection Attacks. 2013 International Conference on Informatics and Creative Multimedia, 269–273. https://doi.org/10.1109/ICICM.2013.53

Schlette, D., Böhm, F., Caselli, M., & Pernul, G. (2021). Measuring and visualizing cyber threat intelligence quality. International Journal of Information Security, 20, 21–38. https://doi.org/10.1007/s10207-020-00490-y

Schneier, B. (2000). Crypto-Gram. https://www.schneier.com/crypto-gram/archives/2000/0915.html

Singh, N., Dayal, M., Raw, R. S., & Kumar, S. (2016). SQL injection: Types, methodology, attack queries and prevention. 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom).

Symantec. (2014). Internet Security Threat Report 2014 (Vol. 19, Issue April).

Tandale, K. D., & Pawar, S. N. (2021). Different Types of Phishing Attacks and Detection Techniques: A Review. 2020 International Conference on Smart Innovations in Design, Environment, Management, Planning and Computing (ICSIDEMPC).

Thomson, J. R. (2015). High integrity systems and safety management in hazardous industries.

Tranfield, D., Denyer, D., & Palminder Smart. (2003). Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. British Journal of Management, 14, 207–222.

Ulven, J. B., & Wangen, G. (2021). A Systematic Review of Cybersecurity Risks in Higher Education. Future Internet, 13(2), 39.

Zieni, R., Massari, L., & Calzarossa, M. C. (2023). Phishing or Not Phishing? A Survey on the Detection of Phishing Websites. IEEE Access, 11, 18499–18519. https://doi.org/10.1109/ACCESS.2023.3247135

Published
2023-12-31
How to Cite
Jony, A. I., & Hamim, S. A. (2023). Navigating the Cyber Threat Landscape: A Comprehensive Analysis of Attacks and Security in the Digital Age. Journal of Information Technology and Cyber Security, 1(2), 53-67. https://doi.org/10.30996/jitcs.9715
Issue
Vol 1 No 2 (2023): July
Section
Review Article

Copyright (c) 2023 The Author(s)

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

 

Copyright Notice based on COPE (Committee on Publication Ethics) for JITCS: Journal of Information Technology and Cyber Security

  1. Ownership and Copyright:

    1. JITCS: Journal of Information Technology and Cyber Security respects the intellectual property rights of authors. The copyright for individual articles published in JITCS is retained by the respective authors, unless otherwise specified.
    2. The articles published in JITCS are licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License (CC BY-NC-ND 4.0), which permits use and distribution in any medium, provided the original work is properly cited, the use is non-commercial, and no modifications or adaptations are made.
    3. JITCS serves as the initial publisher of the articles, providing them with the first publication platform.

  2. Permissions and Usage:

    1. Distribution for Non-Commercial Purposes: Permitted: Users are allowed to distribute the article for non-commercial purposes, provided the original work is properly cited and no modifications or adaptations are made.
    2. Distribution for Commercial Purposes: Not Permitted: The article may not be distributed for any commercial purposes without obtaining prior written permission from the author(s).
    3. Inclusion in a Collective Work (e.g., Anthology) for Non-Commercial Purposes: Permitted: Users are allowed to include the article in a collective work, such as an anthology, as long as the use is non-commercial and the work remains unchanged.
    4. Inclusion in a Collective Work for Commercial Purposes: Not Permitted: The article may not be included in any collective work or anthology intended for commercial purposes without prior permission from the author(s).
    5. Creation and Distribution of Revised Versions, Adaptations, or Derivative Works (e.g., Translation) for Non-Commercial Purposes: Not Permitted: Users may not create or distribute revised versions, adaptations, or derivative works, including translations, for non-commercial purposes.
    6. Creation and Distribution of Revised Versions, Adaptations, or Derivative Works for Commercial Purposes: Not Permitted: Users may not create or distribute revised versions, adaptations, or derivative works, including translations, for commercial purposes.
    7. Text or Data Mining for Non-Commercial Purposes: Permitted: Users are permitted to engage in text or data mining of the article for non-commercial research purposes, provided the original work is properly attributed.
    8. Text or Data Mining for Commercial Purposes: Not Permitted: Users may not engage in text or data mining of the article for commercial purposes without obtaining explicit permission from the author(s).

  3. Attribution and Citation:

    1. Proper attribution and citation of the published work should be provided when using or referring to content from JITCS. This includes clearly indicating the authors, the title of the article, the journal name (JITCS), the volume/issue number, the publication year, and the article's DOI (Digital Object Identifier) when available.
    2. When adapting or modifying the published content, proper attribution to the original source should be given, and the adapted or modified content should be shared under the same CC BY-NC-ND 4.0 license.

  4. Plagiarism and Copyright Infringement:

    1. JITCS considers plagiarism and copyright infringement as serious ethical violations. Authors are responsible for ensuring that their submitted work is original and does not infringe upon the copyright or intellectual property rights of others.
    2. Any allegations of plagiarism or copyright infringement will be investigated promptly and thoroughly. If proven, appropriate actions, including rejection of the manuscript, retraction of the published article, or other corrective measures, will be taken.

  5. Open Access Licensing:

    1. JITCS supports open access publishing and encourages authors to consider publishing their work under the CC BY-NC-ND 4.0 license to promote the dissemination and use of knowledge in the field of information technology and cyber security.
    2. The specific terms and conditions of the CC BY-NC-ND 4.0 license will be clearly indicated on the published articles.

  6. Policy Review: This Copyright Notice will be periodically reviewed and updated to ensure its continued relevance and compliance with copyright laws, ethical standards, and open access principles in scholarly publishing. Any updates or revisions to the notice will be communicated to the relevant stakeholders.

By adhering to this Copyright Notice, JITCS aims to protect the rights of authors, promote proper attribution and citation practices, and facilitate the responsible and legal use of the published content in accordance with the CC BY-NC-ND 4.0 license.