1

PM SHRI KENDRIYA VIDYALAYA IIT POWAI

SESSION: 2024-25

ALS PROJECT
ENGLISH CORE (301)

(TITLE OF THE PROJECT)

Submitted By

Hamdan Ateeque A Malani

Roll no:15610353
Class 12th B
 2

CERTIFICATE

This is to certify that Master Hamdan Ateeque A Malani of PM

SHRI Kendriya Vidyalaya IIT Powai Mumbai, Class 12th B Roll.No:
15610353 has successfully completed the ALS Project in English
Core (301) on the topic ………………………………for the
Academic Session 2024-25.

Dr. Anusree R. Nair PRINCIPAL

PGT English
 3

ACKNOWLEDGEMENT

I wish to express my sincere gratitude to everyone who has helped me in the

successful completion of this project. I thank Mr. Vinod S. Wankhade, Principal,
PM Shri Kendriya Vidyalaya IIT Powai for being a source of inspiration and
facilitating a conducive environment in the Vidyalaya for carrying out this
work. I am grateful to my subject teacher Dr. Anusree R. Nair for her guidance,
support and encouragement that helped in shaping the project, correcting my
mistakes and giving valuable key insights that would help giving shape to this
project. I acknowledge with a deep sense of reverence, my gratitude towards my
parents, teachers, friends, and other staff of the Vidyalaya for their valuable
suggestions, feedback, timely interventions, and support.
 4

INDEX

1. CYBERSECURITY IMPORTANCE

2. MAJOR CYBERSECURITY THREATS

3. MAJOR CYBERCRIME INCIDENTS

4. CYBERCRIME: CASE STUDY

5. CYBERAWARENESS

6. CONCLUSION

7. BIBLIOGRAPHY
 5

STATEMENT OF PURPOSE

The project aims to

• 🔹 Explain different types of cyber threats, including phishing,

ransomware, DDoS attacks, and data breaches, in a simple and
engaging way.
• 🔹 Analyse real-world cyberattacks to showcase their consequences
and lessons learned.
• 🔹Present survey data to understand public awareness levels,
cybersecurity habits, and vulnerabilities.
• 🔹 Use graphs and charts to visualize trends in cyber threats and
security awareness.
• 🔹 Highlight major cybersecurity incidents, such as the WannaCry
ransomware attack, the Facebook data breach, and the Colonial
Pipeline hack.
• 🔹 Provide practical cybersecurity tips for individuals and businesses
to prevent cyber threats.
• 🔹 Encourage better online security practices, such as using strong
passwords, enabling two-factor authentication, and recognizing
phishing attempts.
• 🔹 Emphasize the importance of digital responsibility, ensuring that
people take cybersecurity seriously in their daily online activities.
• 🔹 Contribute to building a cyber-aware society, where individuals
are more informed, cautious, and proactive in protecting their data and
privacy.
 6

ACTION PLAN

TIMELINE ACTIVITY STATUS REMARKS

01 Dec 2024 Analyzing the topic

to Completed
15 Dec 2025 Collection of required
resources

Collection of data from the Completed

16 Dec 2024 resources
to
31 Dec 2025 Preparation of Draft

01 Jan 2024 Modification of draft as per

to suggestions Completed
20 Jan 2025
Finalization of Draft

20 Jan 2024 Preparation of Final Draft

To Completed
05 Feb 2025 Project Submission
 7

CYBERSECURITY: IMPORTANCE

• In today’s rapidly evolving digital landscape, cybersecurity has become a critical aspect of
modern life. As we integrate technology into every aspect of our daily activities—whether in
business, education, healthcare, or government—the need for strong cybersecurity measures
is more significant than ever. With an increasing number of cyber threats emerging each year,
individuals and organizations must stay vigilant to protect their sensitive data from hackers,
cybercriminals, and malicious software.
•
• Importance of Cybersecurity
•
• Cybersecurity refers to the practice of protecting networks, devices, programs, and data from
cyberattacks or unauthorized access. As the world becomes more interconnected, the risk of
cyber threats increases. Protecting digital infrastructure is vital for multiple reasons:
•
• 1.Protection of Personal Data
•
• Personal data, such as financial information, social security numbers, medical records, and
passwords, can be exploited if it falls into the wrong hands. Cybercriminals often use phishing
attacks, identity theft, and social engineering to steal sensitive information, which can result
in significant financial and emotional distress for victims.
•
• 2.Safeguarding Businesses and Organizations
•
• Companies rely on digital systems for day-to-day operations, making them prime targets for
cyberattacks. A security breach can lead to financial losses, reputational damage, and legal
consequences. Cybersecurity ensures that confidential business information, such as trade
secrets, customer records, and financial data, remains protected.
•
•
•
•
•
•
•
•
•
 8

• 3.Preventing National Security Threats

•
• Governments store and manage vast amounts of classified and sensitive data, including
defence strategies, intelligence reports, and diplomatic communications. Cyberattacks on
government institutions can compromise national security, disrupt essential services, and even
threaten the economy. State-sponsored cyber warfare is a growing concern, as some countries
use hacking as a tool for espionage, surveillance, or even economic sabotage.
•
•
• 4.Maintaining Trust in Digital Transactions
•
• Online banking, e-commerce, and digital payment systems have become integral to the global
economy. Without cybersecurity, consumers would hesitate to make online transactions due to
the risk of fraud, hacking, and financial theft. Secure encryption, firewalls, and
authentication methods help build trust in the digital economy, ensuring that users can safely
conduct business online.
•
•
• 5.Protecting Critical Infrastructure
•
• Industries such as energy, healthcare, transportation, and finance depend on digital systems
for their operations. Cyberattacks on power grids, hospitals, water treatment plants, and
financial institutions can lead to catastrophic consequences.
• For instance, a cyberattack on a hospital’s network could shut down life-saving medical
equipment, putting patients' lives at risk.
•

•
 9

MAJOR CYBERSECURITY THREATS

•
• Cyber threats come in various forms, ranging from simple phishing scams to highly
sophisticated ransomware attacks. Below are some of the most prevalent cyber threats in
today's digital world:
•
• 1.Phishing Attacks
• Phishing is a social engineering attack where hackers impersonate legitimate sources (such as
banks, government agencies, or companies) to trick individuals into revealing sensitive
information. These attacks often occur through emails, fake websites, or text messages and
can lead to identity theft, financial fraud, and unauthorized access to accounts.

Example:
In 2021, Google reported that phishing attacks increased by 150% due to the rise of
remote work and online transactions. Many people received emails pretending to be
from COVID-19 relief programs, leading them to click on malicious links that stole their
personal data.

•
• 2.Ransomware Attacks
• Ransomware is a type of malware that encrypts a victim’s files, rendering them inaccessible
until a ransom is paid. Cybercriminals often demand payments in cryptocurrency, making it
difficult to trace them.

Example:
In 2017, the WannaCry ransomware attack affected over 200,000 computers in 150
countries, shutting down hospitals, businesses, and government agencies. The attack
exploited a vulnerability in Microsoft Windows, spreading rapidly across networks.
•
•
• 3.Data Breaches
• A data breach occurs when hackers gain unauthorized access to confidential data stored by
companies, governments, or individuals. These breaches often expose millions of users’
personal details, including names, passwords, credit card information, and social security
numbers.
 10

Example:
In 2019, Facebook suffered a massive data breach in which 540 million records were
exposed due to insecure cloud storage. The breach raised concerns about privacy and
data protection, emphasizing the need for stronger cybersecurity policies.
•
•
•
• 4.Distributed Denial-of-Service (DDoS) Attacks
• DDoS attacks overwhelm a website or online service with massive amounts of traffic, causing
it to crash or become unavailable to legitimate users. These attacks are often carried out using
botnets—large networks of compromised devices controlled by hackers.

Example:
In 2020, Amazon Web Services (AWS) experienced one of the largest DDoS attacks
in history, with a peak traffic volume of 2.3 terabits per second (Tbps). The attack
disrupted multiple online services and highlighted the growing scale of cyber threats.
•
•
•
• 5.Social Engineering Attacks
• Social engineering is a technique where hackers manipulate individuals into divulging
confidential information or granting unauthorized access to systems. This can be done through
impersonation, psychological manipulation, or exploiting human trust.

Example:

• In 2020, Twitter was hit by a social engineering attack in which hackers tricked employees
into revealing internal system access. High-profile accounts, including those of Elon Musk,
Barack Obama, and Bill Gates, were hijacked to promote a cryptocurrency scam.
 11

MAJOR CYBERCRIME INCIDENTS

•
• 1.The WannaCry Ransomware Attack (2017)
•
• What Happened?
• On May 12, 2017, a ransomware named WannaCry spread rapidly across 150 countries,
affecting over 200,000 computers.
• It exploited a vulnerability in Microsoft Windows using an exploit called Eternal Blue, which
was originally developed by the U.S. National Security Agency (NSA) and leaked by the
hacking group Shadow Brokers.
• WannaCry encrypted users' files and demanded a Bitcoin ransom to restore access.
•
• Impact:
• UK's National Health Service (NHS) suffered major disruptions, with 70,000 devices,
including MRI scanners and hospital computers, affected.
• Renault, FedEx, Telefonica, and other major corporations had to shut down operations.
• The estimated damage ranged between $4 billion and $8 billion globally.
•
• Lessons Learned:
• Governments need to patch security vulnerabilities before they are exploited.
• Companies should update their systems regularly and implement strong cybersecurity
measures like backups and multi-factor authentication.
• The reliance on outdated software (many affected systems were still running Windows XP)
made the attack worse.

•
 12

•
• 2.The Equifax Data Breach (2017)
•
• What Happened?
• In 2017, one of the largest credit reporting agencies, Equifax, suffered a data breach due to
• an unpatched security flaw in Apache Struts, a web application framework.
• Hackers stole the personal and financial data of 147 million people, including social
• security numbers, birth dates, addresses, and driver’s license numbers.
•
• Impact:
• Millions of people faced risks of identity theft.
• Equifax had to pay $700 million in settlements and fines.
• The breach damaged public trust in data security.
•
• Lessons Learned:
• Companies should act fast when vulnerabilities are discovered and patch them
• immediately.
• Better encryption and multi-factor authentication could have prevented unauthorized
• access.
• Strict regulations and fines ensure companies take cybersecurity more seriously.
•

•
•
•
•
•
 13

• 3.The Twitter Bitcoin Scam (2020)

•
• What Happened?
• On July 15, 2020, hackers took control of high-profile Twitter accounts, including those of
Elon Musk, Jeff Bezos, Barack Obama, and Apple.
• They posted fake tweets promoting a Bitcoin scam, asking followers to send money to a
• BTC address with the promise of doubling their returns.
• The attack was carried out by a teen hacker (Graham Ivan Clark) who tricked Twitter
employees into giving him access via social engineering.
•
• Impact:
• The scammers received over $100,000 worth of Bitcoin in a few hours.
• Twitter faced global criticism for its weak internal security.
• The breach exposed vulnerabilities in social media security, raising concerns about election
interference and misinformation.
•
• Lessons Learned:
• Social media companies need better security for employee access to critical accounts.
• Multi-factor authentication (MFA) should be mandatory for all high-profile accounts.
• Social engineering remains a major weakness in cybersecurity.
•

•
•
 14

• 4.The Yahoo Data Breaches (2013-2014)

•
• What Happened?
• In 2013, Yahoo suffered a massive data breach affecting 3 billion accounts.
• A second attack in 2014 affected 500 million accounts.
• Hackers stole names, email addresses, phone numbers, passwords, and security questions.
•
• Impact:
• Yahoo lost $350 million in its acquisition deal with Verizon.
• Millions of users were exposed to identity theft and phishing attacks.
• The breach remains one of the largest cybersecurity failures in history.
•
• Lessons Learned:
• Strong encryption of stored passwords and personal data is crucial.
• Companies need to detect and respond to breaches quickly.
• Regulatory bodies should enforce stricter penalties for poor data protection.
•

•
•
• 5.The SolarWinds Supply Chain Attack (2020-2021)
•
• What Happened?
• A Russian state-backed hacker group (Cozy Bear/APT29) breached SolarWinds, an IT
management company.
• Hackers injected malware (Sunburst) into a SolarWinds software update, which was then
downloaded by 18,000 organizations.
• The attack compromised U.S. government agencies, including the Pentagon,
• Department of Homeland Security, and Treasury Department.
•
• Impact:
• One of the most sophisticated cyber-espionage campaigns in history.
• Sensitive U.S. government data was potentially exposed to foreign adversaries.
• Businesses and institutions had to spend billions to mitigate the damage.
•
•
 15

• Lessons Learned:
• Supply chain security is critical—companies must vet third-party software.
• Zero-trust security models should be implemented to detect suspicious activity.
• Governments need stronger cybersecurity defenses against nation-state hackers.
 16

CYBERCRIME: CASE STUDY

• The graph shown above by Indian military review shows a clear increase in cases of
cybercrime in India, nearly 20 times more in 5 years. The same graph is
• prevalent across the world showing a steady increase in number of
• cybercrimes occurring across the world, with such massive number of attacks,
• it is obvious that we see some data survey of how much people are prepared
• against these attacks. Lets look at major survey studies done in the recent years
to check the populations awareness against cybersecurity.

This case study was done and submitted in this paper “Digital Security — A Question
of Perspective. A Large-Scale Telephone Survey with Four At-Risk User Groups,”

written by Franziska Herbert, Steffen Becker, Annalina Buckmann, Marvin Kowalewski, Jonas
 17

Hielscher, Yasemin Acar, Markus Dürmuth, Yixin Zou, M. Angela Sasse, and published in
December
2022.

This study conducted a large-scale telephone survey across multiple at-risk user groups to
understand how different populations perceive and respond to digital security threats. The study
aimed to examine how users across different demographics, including age, interact with security
measures, their awareness of risks, and the effectiveness of interventions targeted at improving
cybersecurity behaviors.

•
• Key findings for different age groups:
•
• Younger Adults (18-34 years):
•
• Perception of Security: Younger individuals were generally confident about their digital
security, possibly due to growing up in a technology-driven environment. However, their
awareness of the actual risks was often superficial, and they demonstrated less engagement in
proactive cybersecurity measures.
• Behavior: Despite high exposure to digital platforms, they often displayed risky behaviors, like
weak password usage or not updating software regularly. There was a tendency to
underestimate the dangers of phishing or malware, showing a disconnect between perceived
and actual cybersecurity knowledge.
• Intervention Needs: Education for this group needs to shift focus toward real-world
consequences of poor cybersecurity habits, such as the long-term impact of compromised
personal data or identity theft.
•
• Middle-Aged Adults (35-54 years):
•
• Perception of Security: This group showed a more cautious approach toward digital security
compared to younger adults. They understood the risks better and tended to implement some
cybersecurity best practices, such as using strong passwords or enabling two-factor
authentication.
• Behavior: While they were more likely to engage in protective behaviors like device
encryption and checking URLs before clicking on links, they still had gaps in their knowledge,
especially concerning advanced threats like ransomware or phishing.
• Intervention Needs: Middle-aged users would benefit from targeted cybersecurity education
that focuses on reinforcing the adoption of advanced security measures, like regular software
updates and deeper understanding of threat types.
•
•
• Older Adults (55+ years):
 18

•
• Perception of Security: Older individuals exhibited the lowest level of cybersecurity
awareness. They were less confident about their ability to manage digital security and were
often unaware of risks, such as phishing attacks or social engineering.
• Behavior: Many older adults did not adopt basic security measures like setting up device
passwords, using two-factor authentication, or regularly updating software. Their lack of
technical skills and lower self-efficacy contributed to their vulnerability.
• Intervention Needs: This group requires basic, foundational cybersecurity education, with a
focus on building awareness of common threats, explaining how to implement protective
measures, and offering simplified, user-friendly tools to increase engagement.
•
• Older Seniors (65+ years):
•
• Perception of Security: Seniors in this group were extremely cautious and tended to avoid
engaging with digital technology altogether due to concerns over security risks.
• Behavior: They often had minimal interaction with devices and online platforms, which left
them less exposed to digital risks but also less likely to practice good cybersecurity behaviors.
Their online activity was limited to basic browsing or communication tools.
• Intervention Needs: This age group could benefit from cybersecurity training tailored to
reduce fears and increase comfort with basic online activities, all while emphasizing secure
practices, such as setting up strong passwords and avoiding suspicious links.
•
• Conclusion and Insights:
• The paper concludes that digital security awareness and practices vary widely across age
groups, with younger users exhibiting more confidence but less security knowledge, and older
groups showing lower confidence and engagement with cybersecurity measures. It emphasizes
the need for tailored interventions that address the unique challenges and misconceptions of
each age group. Specifically:
• Younger adults need interventions focused on developing responsible digital habits.
• Middle-aged adults could benefit from deeper engagement with technical security measures.
• Older adults and seniors require simplified, foundational education to build confidence and protect against
common threats.
• The study also highlights the importance of gender differences and psychological resilience,
which influence how individuals from various age groups perceive and react to digital threats.
 19

CYBERAWARENESS

• Cybersecurity awareness is simply being aware of the risks and taking steps to protect yourself
and your information online. It's about understanding that the internet, while offering incredible
opportunities, also presents dangers. It's not just technical; it's a mindset of caution and
informed decision-making in our digital lives.
•
The Importance of Cybersecurity Awareness:
•
• Protects Personal Information:
• Cybersecurity awareness helps you safeguard your personal data, such as passwords, social
security numbers, bank account details, and medical records, from falling into the wrong hands.
•
• Prevents Financial Loss:
• Phishing scams, identity theft, and ransomware attacks can lead to significant financial losses.
Being aware of these threats can help you avoid them.
•
•
•
•
 20

• Safeguards Devices:
• Cybersecurity awareness promotes safe computing practices, reducing the risk of malware
infections, data breaches, and device compromise.
•
• Protects Organizations:
• In workplaces, cybersecurity awareness is crucial for protecting sensitive business data,
preventing cyberattacks, and maintaining business continuity. Employees who are aware of
security best practices act as the first line of defense for their organization.
•
• Builds a Safer Digital World:
• By practicing good cyber hygiene, we contribute to a safer online environment for everyone.
•
• Essential Cybersecurity Tips:
•
• Strong Passwords:
• Use strong, unique passwords for each of your online accounts. A strong password should be
long (at least 12 characters), complex (a mix of uppercase and lowercase letters, numbers, and
symbols), and not easily guessable. Consider a password manager to help you generate and
store passwords securely.
•
• Multi-Factor Authentication (MFA):
• Enable MFA whenever possible. MFA adds an extra layer of security by requiring a second
form of verification, such as a code from your phone or a fingerprint scan, in addition to your
password. This makes it much harder for attackers to access your accounts, even if they have
your password.
•
• Beware of Phishing:
• Be cautious of suspicious emails, messages, or phone calls asking for personal information.
Phishing attacks often mimic legitimate organizations to trick you into revealing sensitive data.
Never click on links or open attachments from unknown senders. Verify the sender's identity
before taking any action.
•
• Software Updates:
• Keep your software (operating systems, applications, browsers) up to date. Software updates
often include security patches that fix vulnerabilities that cybercriminals could exploit.
•
• Antivirus Software:
• Install and maintain reputable antivirus software on all your devices. Antivirus software can
detect and remove malware, helping to protect your system from infections.
•
• Secure Wi-Fi:
 21

• Avoid using public Wi-Fi for sensitive activities like online banking or shopping. Public Wi-Fi
networks are often unsecured, making it easier for attackers to intercept your data. If you must
use public Wi-Fi, consider using a Virtual Private Network (VPN) for added security.
•
• Social Media Safety:
• Be mindful of what you share on social media. Avoid posting personal information that could
be used by cybercriminals, such as your address, phone number, or vacation plans. Review your
privacy settings and limit the information you share with the public.
•
• Regular Backups:
• Back up your important data regularly. In the event of a ransomware attack or data loss, having
backups will allow you to restore your files without losing critical information.
•
• Think Before You Click:
• The most important tip is to be vigilant and think before you click on any links, open
attachments, or share personal information online. If something seems suspicious, trust your
instincts and err on the side of caution.
 22

CONCLUSION

In conclusion, building a cyber-aware society is not just a technical challenge, but a societal one. As
we've explored, cyber threats are diverse and constantly evolving, from the deceptive lure of
phishing emails to the crippling impact of ransomware and DDoS attacks. Real-world examples, like
1

WannaCry, Facebook's data breach, and the Colonial Pipeline hack, serve as stark reminders of the
real-world consequences of cyber vulnerabilities. While technology plays a crucial role in our
2

defense, it's clear that human behavior is often the weakest link. Survey data confirms that while
awareness may be growing, good cybersecurity habits are not yet universally adopted.

• Therefore, our collective focus must shift towards fostering a culture of digital responsibility. This
means empowering individuals with practical tips – like strong passwords, MFA, and phishing
recognition – and encouraging their consistent application. Visualizing cyber threat trends through
graphs and charts can help illustrate the scope and urgency of the problem. But beyond individual
actions, businesses and organizations must prioritize cybersecurity training and implement robust
security measures. Ultimately, creating a truly cyber-aware society requires a multi-faceted
approach: education, awareness campaigns, technological advancements, and a shared
commitment to protecting our digital world. By working together, we can create a safer and more
secure online experience for everyone.
 23

BIBLIOGRAPHY

https://onlinelibrary.wiley.com/doi/epdf/10.1155/2022/2693080

https://chat.deepseek.com/a/chat/s/c55ff327-e42e-4bb1-944e-
96e4e14b1e01

https://gemini.google.com/app/4b90c3e0da5111b6

https://chatgpt.com/c/67a4ec21-caa8-8007-b34a-801fd937c48f

https://pmc.ncbi.nlm.nih.gov/articles/PMC8591595/pdf/10639_2021_Arti
cle_10806.pdf

https://arxiv.org/pdf/2212.12964