Security Threats

Download as pdf or txt
Download as pdf or txt
You are on page 1of 10

Unit-2

Security Threats
Worms:
A computer worm is a subset of the Trojan horse malware that can propagate or
self-replicate from one computer to another without human activation after breaching a
system. To keep it brief, a Trojan uses trickery and social engineering to deceive people
into running it. For example, a Trojan may pretend to be legitimate software. A worm is
a type of Trojan because it usually relies on social engineering to attack systems.

Spreading of worms?
● Phishing: Fraudulent emails that look authentic can carry worms in corrupt
attachments. Such emails may also invite users to click malicious links or visit
websites designed to infect users with worms.
● Spear-Phishing: Targeted phishing attempts can carry dangerous malware like
ransomware crypto worms.
● Networks: Worms can self-replicate across networks via shared access.
● Security holes: Some worm variants can infiltrate a system by exploiting
software vulnerabilities.
● File sharing: P2P file networks can carry malware like worms.
● Social networks: Social platforms like MySpace have been affected by certain
types of worms.
● Instant messengers (IMs): All types of malware, including worms, can spread
through text messages and IM platforms such as Internet Relay Chat (IRC).
● External devices: Worms can infect USB sticks and external hard drives.

Once a computer worm has breached your computer’s defenses it can perform several
malicious actions:

● Drop other malware like spyware or ransomware


● Consume bandwidth
● Delete files
● Overload networks
● Steal data
● Open a backdoor
● Deplete hard drive space
Viruses:
A computer virus is a type of malware that attaches to another program (like a
document), which can replicate and spread after a person first runs it on their system.
For instance, you could receive an email with a malicious attachment, open the file
unknowingly, and then the computer virus runs on your computer. Viruses are harmful
and can destroy data, slow down system resources, and log keystrokes.

Cybercriminals aren’t creating new viruses all the time, instead they focus their efforts
on more sophisticated and lucrative threats. When people talk about “getting a virus” on
their computer, they usually mean some form of malware—it could be a virus, computer
worm, Trojan, ransomware or some other harmful thing. Viruses and malware continue
to evolve, and often cybercriminals use the type that gives them the best return at that
particular time.
Windows, Mac, Android, and iOS
Many computer viruses target systems running Microsoft Windows. Macs, on the other
hand, have enjoyed a reputation as virus-proof super machines, but in Apple's own
admission, Macs do get malware. There are more Windows users in the world than Mac
users and cyber criminals simply choose to write viruses for the operating system (OS)
with the largest amount of potential victims.

Today, the "computer" in our pockets may be the one we use most often: our
smartphones. Android and iOS are susceptible to various forms of malware, too.
Fortunately, most cybersecurity companies like Malwarebytes offer protection for
Windows, Mac, Android, and iOS today.

Trojan Horse
Trojan horse attacks (or simply “Trojans”) in computing are defined as a type of malware
that use deception and social engineering to trick unsuspecting users into running
seemingly benign computer programs that hide malicious ulterior motives. While
technically they are not computer viruses but rather a separate form of malware, "Trojan
horse virus" has become a common way to refer to them

Trojans are versatile and very popular, so it’s difficult to characterize every kind. That
said, most Trojans are designed to take control of a user’s computer, steal data, spy on
users, or insert more malware onto a victim’s computer. Here are some common threats
that come from Trojan attacks:

● Backdoors, which create remote access to your system. This kind of malware
changes your security to allow the hacker to control the device, steal your data,
and even download more malware.
● Spyware, which watches as you access online accounts or enter your credit card
details. They then transmit your passwords and other identifying data back to the
hacker.
● Zombifying Trojans, which take control of your computer to make it a slave in a
network under the hacker’s control. This is the first step in creating a botnet
(robot + network), which is often used to perform a distributed denial-of-service
(DDoS) attack designed to take down a network by flooding it with traffic.
● Downloader Trojans, Emotet being a good example, download and deploy other
malicious modules, such as ransomware or keyloggers.
● Dialer Trojans, which might seem anachronistic since we don’t use dial-up
modems any longer. But more on this in the next section.
Malware
Malware, or “malicious software,” is an umbrella term that describes any malicious
program or code that is harmful to systems.

Hostile, intrusive, and intentionally nasty, malware seeks to invade, damage, or disable
computers, computer systems, networks, tablets, and mobile devices, often by taking
partial control over a device’s operations. Like the human flu, it interferes with normal
functioning.

The motives behind malware vary. Malware can be about making money off you,
sabotaging your ability to get work done, making a political statement, or just bragging
rights. Although malware cannot damage the physical hardware of systems or network
equipment (with one known exception—see the Google Android section below), it can
steal, encrypt, or delete your data, alter or hijack core computer functions, and spy on
your computer activity without your knowledge or permission.

Finding a malware infection


Malware can reveal itself with many different aberrant behaviors. Here are a few telltale
signs that you have malware on your system:

● Your computer slows down. One of the malware’s side effects is to reduce the
speed of your operating system (OS), whether you’re navigating the Internet or
just using your local applications, usage of your system’s resources appears
abnormally high. You might even notice your computer’s fan whirring away at full
speed—a good indicator that something is taking up system resources in the
background. This tends to happen when your computer has been roped into a
botnet; i.e. a network of enslaved computers used to perform DDoS attacks, blast
out spam, or mine cryptocurrency.
● Your screen is inundated with annoying ads. Unexpected pop-up ads are a
typical sign of a malware infection. They’re especially associated with a form of
malware known as adware. What’s more, pop-ups usually come packaged with
other hidden malware threats. So if you see something akin to
“CONGRATULATIONS, YOU’VE WON A FREE PSYCHIC READING!” in a
pop-up, don’t click on it. Whatever free prize the ad promises, it will cost you
plenty.
● Your system crashes. This can come as a freeze or a BSOD (Blue Screen of
Death), the latter occurs on Windows systems after encountering a fatal error.
● You notice a mysterious loss of disk space. This could be due to a bloated
malware squatter, hiding in your hard drive aka bundleware.
● There’s a weird increase in your system’s Internet activity. Take Trojans for
example. Once a Trojan lands on a target computer, the next thing it does is
reach out to the attacker’s command and control server (C&C) to download a
secondary infection, often ransomware. This could explain the spike in Internet
activity. The same goes for botnets, spyware, and any other threat that requires
back and forth communication with the C&C servers.
● Your browser settings change. If you notice your homepage changed or you have
new toolbars, extensions, or plugins installed, then you might have some sort of
malware infection. Causes vary, but this usually means you clicked on that
“congratulations” pop-up, which downloaded some unwanted software.
● Your antivirus product stops working and you cannot turn it back on, leaving you
unprotected against the sneaky malware that disabled it.
● You lose access to your files or your entire computer. This is symptomatic of a
ransomware infection. The hackers announce themselves by leaving a ransom
note on your desktop or changing your desktop wallpaper itself in to a ransom
note (see GandCrab). In the note, the perpetrators typically inform you that your
data has been encrypted and demand a ransom payment in exchange for
decrypting your files.

Even if everything seems to be working just fine on your system, don’t get complacent,
because no news isn’t necessarily good news. Powerful malware can hide deep in your
computer, evading detection, and going about its dirty business without raising any red
flags. While we’ve provided a quick malware spotter’s guide, it really takes the
unfaltering eye of a good cybersecurity program to detect malware on your system
(more on that later).

Adware
Adware is unwanted software designed to throw advertisements up on your screen,
most often within a web browser. Some security professionals view it as the forerunner
of the modern-day PUP (potentially unwanted program). Typically, it uses an
underhanded method to either disguise itself as legitimate, or piggyback on another
program to trick you into installing it on your PC, tablet, or mobile device.

Adware generates revenue for its developer by automatically displaying online


advertisements in the user interface of the software or on a screen that pops up in the
user’s face during the installation process. And that’s when you start seeing dubious
miracle weight loss programs, offers for get-rich-quick secrets, and bogus virus
warnings that invite your click. Also, you might experience new tabs opening, a change
in your home page, findings from a search engine you never heard of, or even a redirect
to a NSFW website.

Mind you, it does happen that legitimate software applications do use online advertising,
with ads that are typically bundled within the program and that display in ways the
program developer specified. Adware is an altogether different kettle of rotten fish. You
might download it without understanding its intent. Or it might land on your PC by
means of legitimate software within which it’s secretly buried. Whatever the path, it all
boils down to some program on your computer showing you advertisements that do not
come from the websites you are visiting.

Once adware hijacks your device, it might carry out all sorts of unwanted tasks. The
software's functions may be designed to analyze the location and which Internet sites
you visit, and then present advertising pertinent to the types of goods or services
featured there. While adware is more of a pesky nuisance than a harmful malware
threat to your cybersecurity, if the adware authors sell your browsing behavior and
information to third parties, they can even use it to target you with more advertisements
customized to your viewing habits. And it doesn’t matter whether you are using Chrome,
Firefox, or other browsers: It affects all of them.

Here are a few typical telltale signs that you have adware on your system:

● Advertisements appear in places they shouldn’t be.


● Your web browser’s homepage has mysteriously changed without your
permission.
● Web pages that you typically visit are not displaying properly.
● Website links redirect to sites different from what you expected.
● Your web browser slows to a crawl.
● New toolbars, extensions, or plugins suddenly populate your browser.
● Your Mac starts automatically installing unwanted software applications.
● Your browser crashes.

Botnet
The word botnet is a blend of the words "robot" and "network." Here’s a brief botnet
definition: a botnet is a network of computers running bots under the control of a bot
herder. Bots are software applications that run automated scripts over a network, while
a bot herder is a person controlling and maintaining the botnet.

Mass email spam campaigns


Spam botnets can send over a hundred billion spam messages per day. Some spam
generated by botnets is merely a nuisance. However, more dangerous spam botnets
can carry out phishing campaigns, distribute malware, spread more bots, and steal
sensitive information. You can read about the Emotet botnet to learn more about spam
campaigns.

DDoS attacks
Botnet DDoS attacks can utilize your computer’s resources to launch distributed
denial-of-service (DDoS) attacks. This type of attack involves sending excessive traffic
to a website or service to overwhelm it. Depending on the nature and scale of an
organization, a DDoS attack can be a minor annoyance to permanently damaging.

Fake Internet traffic generation


Ad fraud botnets can use your web browser to send traffic to online advertisements
without your consent. The process defrauds marketers by generating fake traffic and
earning revenue. Such botnets are hard to notice because they use very few resources.

Remote Desktop Protocol (RDP) attacks


An RDP attack allows hackers to exploit network security flaws and drop malware like
ransomware. Cybercriminals can use Botnets like GoldBrute to hack RDP servers. RDP
attacks are so serious that even the FBI has issued a warning.

Internet of Things (IoT) Attacks


The Internet of Things (IoT) is the system of billions of Internet-connected devices that
collect and share data without human intervention for user benefit. For example, a
driverless truck that collects and transmits data through sensors is an IoT device.
Botnets like the Mirai botnet scan the Internet for Internet of Things devices and infect
them.

Additionally, a cybercriminal can use a bot to breach your security and privacy in several
ways:

● Monitor your keystrokes


● Steal your login credentials
● Steal your intellectual property
● Steal financial data
● Take advantage of backdoors
Buffer Overflow
A buffer overflow is a type of software vulnerability that exists when an area of memory
within a software application reaches its address boundary and writes into an adjacent
memory region. In software exploit code, two common areas that are targeted for
overflows are the stack and the heap.

Buffer overflows date back to the 1970s. However, it wasn't until the late 1980s that the
first documented case of exploiting a buffer overflow had occurred, where the UNIX
"finger" service was exploited with a stack overflow to further spread the Morris worm.

Today, buffer overflows still occur in software applications, and their exploitability can
depend on several different factors, including compilers and/or compiler options used,
along with the security features of the operating system.

In the simplest scenario using the stack, an overflow overwrites data on the stack to
include the return pointer, having it point to an address where an attacker's code will be
executed.

Overflows are seen in exploits targeting web applications and are delivered on the web
mostly through exploit kits.

However, overflow exploits can also be delivered in other ways that do not require any
user interaction, including sending malformed data to the listening port on an enterprise
server application.

Common types of overflows are:

● Stack overflow
● Heap overflow
● Integer overflow

RootKits
The term rootkit is a combination of the word "root" and "kit." "Root," "admin,"
"superuser," or “system admin” are all interchangeable terms for a user account with the
admin status of an operating system. Meanwhile, "kit" means a package of software
tools. So, a rootkit is a set of tools that gives someone the highest privileges in a
system.

Rootkits are particularly dangerous because they are designed to hide their presence
on your device. A threat actor who has gotten a rootkit onto your machine (often via
phishing email) can remotely access and control it. Because they enable root-level
access, rootkits can be used to do things like deactivate your antivirus software, spy on
your activity, steal sensitive data, or execute other malware on the device.

Why are rootkits so dangerous?


● They’re sneaky: Rootkit infections can spread through deceptive threat vectors
like corrupt downloads, spam emails, and exploit kits. Some rootkits even rely on
Trojans like Perkiler malware to breach a system’s security.
● They’re stealthy: Unlike other types of malware, a deeply concealed rootkit will
not display many symptoms. It may even bypass your security software, making
it challenging to remediate. Some rootkits can only be removed by formatting
your storage drive and reinstalling your operating system.
● They’re capable: A few experts call rootkits the Swiss Army Knives of malware
because they have multiple capabilities. Some rootkit tools can steal login
credentials and financial data, disable security protocols, log keystrokes, and
more. Other rootkits can allow a hacker to gain backdoor access to a system and
drop more malware. With the right rootkit, a hacker can turn a system into a bot
to form a botnet in order to start DDoS (Distributed-Denial-of-Service) attacks
against websites.

Types of rootkits
Bootloader rootkit
As soon as you turn on a computer, its bootloader loads the operating system. A
bootloader rootkit infiltrates this mechanism, infecting your computer with the malware
before the operating system is ready to use. Bootloader rootkits are less of a menace
nowadays thanks to security features like Secure boot.

Firmware rootkit
Firmware is a type of software the provides rudimentary control over the piece of
hardware it's written for. All types of devices, from mobile phones to washing machines,
can have firmware. A firmware rootkit is challenging to find because it hides in firmware,
where cybersecurity tools usually don’t look for malware.

Kernel Rootkits
Your operating system's kernel is a bit like its nervous system. It's a critical layer that
assists with essential functions. A kernel rootkit can be catastrophic because it attacks a
core component of your computer and gives a threat actor significant control over a
system.

Memory rootkit
Memory rootkits reside on your computer's RAM and can slow down your machine while
performing malicious tasks. You can usually clear a memory rootkit by restarting your
computer, as a simple restart clears your machine’s memory of all processes.

Application rootkit
An application rootkit may modify your regular files with rootkit code, giving the rootkit’s
author access to your machine every time you run the infected files. However, this type
of malware is easier to spot because files carrying such rootkits can behave atypically.
In addition, your security tools have a better chance of identifying them.

You might also like