Chapter 4: Threats, Attacks, and Attackers

Threats, Attacks, and Attackers. This is where the rubber meets the road. We’ve built the foundations (CIA, models, networking), and now we meet the “bad guys” and their tricks. I’ll explain everything in detail like we’re chatting in a Navi Mumbai café, with real 2025–2026 examples (global + India-specific, since many of you are dealing with UPI scams, hospital hits, etc.), stories, and why these matter right now in January 2026.

We’ll cover the sections step by step.

Types of Threats: Malware, Phishing, Ransomware, DDoS, Supply Chain Attacks

Threats are the broad dangers; attacks are the specific ways they hit you.

• Malware — Malicious software (any program designed to harm or sneak in). Types: Viruses (spread by infecting files), worms (self-spread over networks), trojans (disguised as legit software), spyware (steals data quietly), rootkits (hides presence). Example (2025 India): Infostealer malware (like RedLine or Raccoon) targeted Indian users via fake UPI apps or job portals—stole banking creds, leading to frauds worth crores. In global breaches, malware often starts the chain (e.g., initial access via email attachment).
• Phishing — Tricking people into giving info or clicking bad links (still #1 entry point). 2025 stats: Phishing caused 49%+ of attacks in some reports; AI-made emails surged 17%+. In India: AI-assisted phishing via WhatsApp/SMS (“Your Aadhaar expired—click to update”) led to massive UPI frauds (₹36,450 crore losses by Feb 2025). Example: Fake “bank alert” SMS with QR code → scans to malicious site → credentials stolen.
• Ransomware — Encrypts files/systems, demands payment (often crypto) for key. Evolved to double/triple extortion (encrypt + steal data + threaten leak/DDoS). 2025–2026 reality: Attacks up 47% (7,200+ public victims in 2025); payments down as victims refuse/pay backups improve, but gangs pivot to leakware + DDoS threats. In India: Ransomware peaked Jan 2025 (185 incidents); hospitals (e.g., Sant Parmanand) lost patient data. Healthcare hit hardest—average breach $7–10M. Example: LockBit/Clop-style gang hits Indian manufacturing → encrypts + leaks supplier data → demands ransom or faces public exposure.
• DDoS — Floods site/server with traffic to knock it offline. Often smokescreen for other attacks or extortion. 2025 trend: Botnets hit 5.6 Tbps+; used in triple extortion with ransomware. In India: Common against e-commerce/gov sites during festivals. Example: Attacker rents IoT botnet → floods bank site during Diwali shopping → demands payment to stop.
• Supply Chain Attacks — Hit one vendor → compromise many customers (SolarWinds-style). 2025 explosion: Attacks doubled (13 → 41/month by Oct); 30%+ breaches linked to third-parties. In India: Cloud misconfigs + vendor breaches common. Example: 2025 Jaguar Land Rover hit (UK but global supply) cost £1.9B, halted production—similar risks for Indian auto/fintech chains. Indian hospitals hit via HR software providers.

Advanced Persistent Threats (APTs) and Nation-State Actors

APTs = Long-term, stealthy attacks (months/years) by skilled groups, often for espionage/theft/sabotage. Usually nation-state backed.

• Characteristics: Slow, quiet, custom tools, living-off-the-land (using legit tools).
• Major players (2025–2026):
  • China (e.g., APT27/Linen Typhoon, APT31/Violet Typhoon) — Espionage on defense/tech.
  • Russia (e.g., groups behind ransomware but state-linked).
  • Others: North Korea (crypto theft), Iran.
• 2025 examples: Chinese groups hit US/India networks; India saw defense-targeted phishing (DRDO PDFs with malware). Nation-states use proxies/hacktivists for deniability. India context: Second-most targeted country; espionage on critical infra (power/telecom). CERT-In/NCIIPC track these.

Real impact: Steal IP, disrupt elections, or prep for wartime sabotage.

Social Engineering (Phishing, Pretexting, Baiting, Tailgating)

The human hack—exploits psychology, not code. 60%+ breaches involve human factors.

• Phishing — As above (email/SMS).
• Pretexting — Fake scenario to get info (e.g., “IT support” calls asking for password reset).
• Baiting — Leave infected USB in parking lot (“Payroll Update”)—someone plugs it in.
• Tailgating — Follow authorized person into secure area (e.g., badge swipe door).

2025 surge: AI makes it scarier—voice cloning (1600% up), deepfake calls (“Boss needs urgent transfer”). In India: “Digital arrest” scams (fake cops via video call) + AI voice cloning for family emergencies.

Example: Deepfake CEO video call → finance team wires crores (real cases in 2025).

Emerging 2025–2026 Threats: AI-Generated Attacks, Deepfakes in Phishing, IoT Botnets

These are blowing up right now (Jan 2026).

• AI-Generated Attacks — Attackers use GenAI for personalized phishing (46% click rate vs 18% traditional), malware code, automated chains. 2025 stats: 16% breaches used AI; costs slightly higher ($4.49M). Autonomous agents emerging (self-propagating). Prediction 2026: Agentic AI (autonomous attack agents), prompt injection on enterprise AI tools.
• Deepfakes in Phishing — Fake videos/voices impersonate execs/family. Up 20%+ in social engineering; bypasses MFA (voice biometrics). Example: Deepfake boss on Zoom → “Approve payment now.” Or political deepfakes in elections.
• IoT Botnets — Millions of insecure devices (cameras, routers) hijacked for DDoS. 2026 projection: Botnets hit 20+ Tbps; IoT devices double to 40B+. Vulnerabilities: Weak passwords, no updates. India example: Cheap smart devices in homes/offices → easy botnet recruitment for global attacks.

Overall 2025–2026 vibe: Cybercrime $10.5T/year; India: 2,000+ attacks/week per org (higher than global avg); 265M+ incidents in 2025. Ransomware + phishing + AI = deadly combo.

That’s Chapter 4—scary but empowering once you know the playbook!