1. Malware
End devices such as computers, phones, tablets, and printers are particularly vulnerable to malware attacks. Therefore, this topic focuses on threats to end devices.
Malware is short for malicious software or malicious code. It is code or software designed to damage, disrupt, steal, or inflict other “bad” or illegitimate actions on data, hosts, or networks.
It is essential to know about malware because threat actors and online criminals frequently try to trick users into installing malware to help exploit security gaps.
In addition, malware changes so rapidly that malware-related security incidents are widespread because antimalware software cannot be updated quickly enough to stop the new threats.
Attackers constantly modify malware code to alter its spreading and computer infection methods. Most display similar symptoms that can be identified through network and device log monitoring.
Computers infected with malware often show signs of the following symptoms:
The appearance of strange files, programs, or desktop icons
Antivirus and firewall programs are turning off or reconfiguring settings
The computer screen is freezing, or the system is crashing
Emails are spontaneously being sent without your knowledge
Files have been modified or deleted
Increased CPU and/or memory usage
Problems connecting to networks
Slow computer or web browser speeds
Malware serves as a delivery vehicle for a payload. Once delivered and installed, the payload can initiate network attacks from within, while threat actors launch attacks from outside.
It is helpful to categorize attacks to mitigate them. By categorizing network attacks, it is possible to address types of attacks rather than individual ones.
2. Viruses
A virus is a malware that spreads by inserting a copy of itself into another program. After the program is run, viruses spread from one computer to another, infecting the computers. Most viruses require human help to spread.
When you connect an infected USB drive to your PC, the virus will enter the PC. The virus may infect a new USB drive and spread to new PCs. Viruses can lay dormant for an extended period and then activate at a specific time and date.
A simple virus may install itself at the first line of code in an executable file. When activated, the virus might check the disk for other executables to infect all the files it has not yet infected.
Viruses can be harmless, such as those that display a picture on the screen, or destructive, such as those that modify or delete files on the hard drive.
Viruses can also be programmed to mutate to avoid detection.
Most viruses now spread through USB memory drives, network shares, and email. Email viruses are a common type of virus.
Email viruses are a common type of virus.
Keynote: don’t open email attachments or click on hyperlinks from unknown senders. Use your spam filtering tools to block unsolicited emails or pop-ups.
3. Worms
Computer worms are similar to viruses because they replicate and can cause the same damage. Worms replicate themselves by independently exploiting network vulnerabilities, slowing down networks as they spread from system to system. They all contain a payload.
Whereas a virus requires a host program, worms can run by themselves. Other than the initial infection, they no longer require user participation. After a host is infected, the worm can spread quickly over the network.
Worms are responsible for some of the most devastating Internet attacks, such as WannaCry and Code Red.
Code Red was a worm that targeted Windows-based systems with Microsoft IIS (Internet Information Services for Windows Server) installed. On July 13, 2001, the Code Red worm infected 658 servers. Within 19 hours, it had infected over 300,000 servers.
3.1 Worm Components
Despite the emergence of various mitigation techniques over the years, worms have continued to evolve and pose a persistent threat. They have become more sophisticated over time but still rely on exploiting vulnerabilities in software applications.
3.2 Common Worm Pattern:
- >Propagation mechanism: when infiltrated into a device, the worm replicates itself and will locate new targets.
- >Payload: any malicious code that results in some action. It is often used to create a backdoor that allows the attacker to access the infected host or launch a DoS attack.
- >Enabling vulnerability: A worm installs itself on a vulnerable system using an exploit mechanism, such as an email attachment or an executable file.
Worms never really stop spreading on the Internet. To prevent this, all possible sources of infection must be patched.
The keynote here is to patch your systems and keep them updated.
4. Trojan Horses
The term Trojan horse originated from Greek mythology.
Greek warriors offered the people of Troy (the Trojans) a giant hollow horse as a gift. The Trojans brought the big horse into their walled city, unaware it contained many Greek warriors. After most Trojans were asleep at night, the warriors burst out of the horse, opened the city gates, and allowed a sizeable force to enter and take over the city.
Trojan horse malware appears to be legitimate software, but it contains malicious code that exploits the user’s privileges.
4.1 Trojan Horse Classification
Trojan horses are usually classified according to the damage they cause or how they breach a system.
Type of Trojan Horse
Proxy: uses the victim’s computer as the source device to launch attacks and perform other illegal activities.
Data-sending: provides the attacker with sensitive data, such as passwords.
Remote access: enables authorized remote access.
Destructive: as the name says, it will corrupt or delete your files.
FTP: enables unauthorized file transfer services on end devices.
Denial of Service (DoS): slows or halts network activity.
Keylogger: attempts to steal confidential information, such as credit card information, by recording keystrokes while you type them.
Trojans are often found attached to online games. Users are commonly tricked into loading and executing the Trojan horse on their systems while playing the game. While playing the game, the user will not notice a problem, but the Trojan horse has been installed on the user’s system in the background. The malicious code from the Trojan horse continues operating even after the game has been closed.
A remote-access trojan horse can perform actions as instructed remotely, such as “send me the password file once per week.” Malware’s tendency to send data back to the cybercriminal highlights the need to monitor outbound traffic for attack indicators.
A keynote is that custom-written trojan horses, such as those with a specific target, are challenging to detect.
Thank you for visiting my blog.