Cybersecurity Threats and Malware

Questions and Answers

What is the primary function of a Crypter in malware?

To protect malware from reverse engineering (correct)

To exploit software vulnerabilities

To merge files into a single executable

To download other malware from the internet

Which malware type is known for creating a hidden communication channel to transfer sensitive data?

Trojan (correct)

Ransomware

Virus

Spyware

What does the role of a Dropper primarily involve?

To hide malicious code

To inject code into running processes

To download other malware

To install other malware on the system (correct)

Which of the following describes an Injector's primary function?

To inject code into vulnerable running processes

What type of code does an Obfuscator use to conceal its purpose?

Malicious code

What defines a threat in the context of cybersecurity?

The potential occurrence of an undesirable event that could cause damage.

What is a common reason for the existence of vulnerabilities in assets?

Insecure or poor network or application design

Which of the following is considered an intentional threat source?

Disgruntled employee.

Which type of malware is known for disabling computer systems and allowing control to an attacker?

Malware.

Which of the following is classified as a configuration vulnerability?

Weak passwords for user accounts

What is one common method attackers use to distribute malware to unsuspecting users?

Exploiting browser software flaws.

What is the primary purpose of vulnerability research?

To identify and design vulnerabilities

Which of these is not a type of unintentional threat source?

Fired employees.

What type of impact can unauthorized access have on an organization?

Identity theft

What type of an attack uses malicious ads embedded in ad networks?

Malvertising.

Which classification of vulnerability is characterized by poor installation practices?

Default Installations

Which of the following methods can malware use to enter a system?

Installation through other malware.

What is an example of an impact associated with vulnerabilities?

Financial loss

What is black hat SEO commonly used for by attackers?

Ranking malware pages highly in search results.

In terms of security policy vulnerabilities, which of the following issues can arise from unwritten policies?

Difficulty in implementing policies

Which of the following best describes buffer overflows?

A type of design flaw

Which of the following are indications of a Trojan attack?

OS color settings change automatically

What is a common use of Trojans by hackers?

Delete or replace OS files

Which type of Trojan is specifically designed for accessing banking data?

E-Banking Trojans

What does the presence of suspicious activity on the hard drive indicate?

Possible virus attack

What is a characteristic feature of a virus?

Self-replicate

What is NOT a purpose for creating viruses?

Increase network security

Which of the following is NOT a step in the virus lifecycle?

Encryption of data

Which construction kit is specifically mentioned for creating Trojans?

Senna Spy Trojan Generator

What is the primary purpose of vulnerability scanning?

To identify weaknesses in a system

Which of the following is NOT an approach to vulnerability scanning?

Static scanning

What does the Common Vulnerability Scoring System (CVSS) provide?

A framework for communicating vulnerability characteristics

What type of vulnerability assessment specifically checks system configurations for potential compromises?

Host-based assessment

Which database is a U.S. government repository for vulnerability management data?

National Vulnerability Database (NVD)

What can active scanning do that passive scanning cannot?

Interact directly with the system

What common vulnerability database categorizes software vulnerabilities into over 600 weakness categories?

Common Weakness Enumeration (CWE)

What type of assessment is used to check for data exposure in databases?

Database assessment

Study Notes

Threats and Threat Sources

• A threat is the potential occurrence of an undesirable event causing damage.
• Attackers use cyber threats to infiltrate and steal information.
• Natural threat sources include: fires, floods, and power failures.
• Unintentional threats stem from unskilled administrators, accidents, and untrained employees.
• Intentional internal threats are posed by fired or disgruntled employees, service providers, and contractors.
• Intentional external threats are posed by hackers, criminals, terrorists, foreign intelligence agents, and corporate raiders.

Malware

• Malware is malicious software that disables computer systems and gives control to attackers for theft or fraud.
• Malware can be used for browser attacks, system slowdown, hardware failure, and personal information theft.
• Malware can enter a system through:
  • Messengers
  • Portable devices
  • Browser and email software bugs
  • Untrusted sites and freeware apps
  • Downloading files from the internet
  • Email attachments
  • Installation by other malware
  • Bluetooth and wireless networks

Malware Distribution Techniques

• Black hat SEO: Ranking malware pages highly in search results
• Social engineered click-jacking: Tricking users into clicking on innocent-looking webpages
• Spear-phishing Sites: Mimicking legitimate institutions to steal login credentials
• Malvertising: Embedding malware in ad-networks
• Compromised Legitimate Websites: Hosting malware that spreads to unsuspecting visitors
• Drive-by Downloads: Exploiting browser flaws to install malware by visiting a web page
• Spam Emails: Attaching malware to emails and tricking victims into clicking attachments

Malware Components

• Crypter: Protects malware from reverse engineering or analysis.
• Downloader: Downloads other malware from the internet to the user's PC.
• Dropper: Installs other malware on the system.
• Exploit: Malicious code that breaks system security by exploiting software vulnerabilities.
• Injector: Injects code into vulnerable running processes to hide or prevent removal.
• Obfuscator: Hides its code and its intended purpose.
• Packer: Allows all files to be merged into one executable file for compression.
• Payload: Manages the computer system after it has been exploited.
• Malicious code: Defines the basic functionalities of malware.

Malware Types

• Trojans: Contain malicious code inside apparently harmless programs.
• Viruses: Self-replicating programs that attach to other programs, computer boot sectors, or documents.
• Ransomware: Encrypts data and blocks access to machines until a ransom is paid.
• Computer Worms: Self-replicating programs that spread across networks.
• Rootkits: Hide malware from detection and can be used to gain administrator privileges.
• PUAs or Grayware: Software that can be harmful but may not be considered malware (e.g., adware).
• Spyware: Monitors user activity and transmits data to attackers.
• Keylogger: Records keyboard strokes and captures sensitive information.
• Botnets: Networks of infected computers controlled by attackers.
• Fileless Malware: Runs entirely in memory and does not create files on the system.

Trojans

• Trojans are activated when a user performs certain actions.
• They create a hidden communication channel between the victim's computer and the attacker to transfer sensitive data.
• Signs of a Trojan attack:
  • Screen flashes, flips, or inverts.
  • Background or wallpaper settings change automatically.
  • Web pages open suddenly.
  • OS color settings change automatically.
  • Antivirus is disabled.
  • Strange messages pop up.

Trojan Uses

• Delete or replace OS files.
• Record screenshots, audio, or video from the victim's PC.
• Spam and blast email messages.
• Download spyware, adware, and malware files.
• Disable firewalls and antivirus.
• Create backdoors.
• Steal personal information.
• Encrypt data and block access to the machine.

Trojan Types

• Remote Access Trojans (RATs): Allow attackers to remotely control infected computers.
• Backdoor Trojans: Allow attackers to access compromised systems without authorization.
• Botnet Trojans: Turn infected devices into bots that can be controlled by attackers.
• Rootkit Trojans: Hide themselves from detection by modifying the operating system.
• E-Banking Trojans: Steal financial information from online banking accounts.
• Point-of-Sale Trojans: Steal credit card information from point-of-sale terminals.
• Defacement Trojans: Modify the appearance of websites.
• Service Protocol Trojans: Exploit network services.
• Mobile Trojans: Infect mobile devices.
• IoT Trojans: Infect Internet of Things devices.
• Security Software Disabler Trojans: Disable antivirus and other security software.
• Destructive Trojans: Cause damage to systems.
• DDoS Attack Trojans: Used to launch denial-of-service attacks.
• Command Shell Trojans: Provide attackers with command-line access to infected systems.

Creating Trojans

• Trojan Horse construction kits allow attackers to construct Trojans of their choice.
• Examples:
  • DarkHorse Trojan Virus Maker
  • Trojan Horse Construction Kit
  • Senna Spy Trojan Generator
  • Batch Trojan Generator
  • Umbra Loader – Botnet Trojan Maker.
• Theef RAT Trojan is a Remote Access Trojan written in Delphi.

Viruses

• Viruses are self-replicating programs that produce copies by attaching to other programs, computer boot sectors, or documents.
• Characteristics:
  • Infect other programs
  • Transform themselves
  • Encrypt themselves
  • Alter data
  • Corrupt files and programs
  • Self-replicate

Virus Purposes

• Damage to competitors.
• Financial benefits.
• Vandalize intellectual property.
• Prank/research.
• Cyberterrorism.
• Spread political messages.
• Damage networks and computers.
• Remote access.

Signs of a Virus Attack

• Processes require more resources and time.
• Computer beeps with no display.
• OS does not load.
• Constant antivirus alerts.
• Computer freezes frequently, BSOD error.
• Files and folders missing.
• Suspicious activity on the hard drive.
• Browser window freezes.

Virus Lifecycle Stages

• Design: Develops the virus.
• Replication: Replicates on the target system and spreads itself.

Vulnerabilities

• A vulnerability is a weakness in an asset that can be exploited by threat agents.
• Common causes of vulnerability:
  • Hardware or software misconfiguration
  • Insecure or poor network or application design
  • Technology weaknesses
  • Careless approach of end users

Vulnerability Classification

• Misconfiguration: Incorrect configuration of systems or applications.
• Default Installations: Systems with default configurations that are not changed.
• Buffer Overflows: Attacks that exploit memory management issues.
• Unpatched Servers: Servers running outdated software without security updates.
• Design Flaws: Weaknesses in system or application design.
• Operating System Flaws: Vulnerabilities present in the operating system.
• Application Flaws: Vulnerabilities in software applications.
• Open Services: Services that are not required but are running.
• Default Passwords: Using default passwords.
• Zero-day/Legacy Platform Vulnerabilities: Vulnerabilities discovered recently that do not have patches yet.

Impact Of Vulnerabilities

• Information disclosure
• Unauthorized access
• Identity theft
• Financial loss
• Legal consequences
• Reputational damage
• Data modification

Technological Vulnerabilities

• TCP/IP Protocol: HTTP, FTP, ICMP, SNMP, SMTP are insecure.
• Operating System: Vulnerable due to inherent insecurity or missing updates.
• Network Devices: Routers, firewalls, switches can be vulnerable due to outdated firmware, weak passwords, and poor configuration.

Configuration Vulnerabilities

• User account vulnerabilities: Insecure transfer of user account data.
• System account vulnerabilities: Weak passwords for administrative accounts.
• Internet service misconfiguration: Incorrect configuration of web servers.
• Default password and settings: Using the default passwords and settings for devices.
• Network device misconfiguration: Incorrect configuration of network devices.

Security Policy Vulnerabilities

• Unwritten Policy: Difficult to implement security measures because of a lack of clear policy.
• Lack of Continuity: Inconsistent implementation of security policies.
• Politics: Challenges for implementing a consistent security policy.
• Lack of awareness: Insufficient education and training about security best practices.

Vulnerability Research

• The process of analyzing protocols, services, and configurations to identify vulnerabilities and design flaws.
• Vulnerabilities are classified depending on the severity level (low, medium, high) and the exploit range (local, remote).

Benefits of Vulnerability Research

• Gather information about security trends, threats, and attack surfaces.
• Discover weaknesses in the OS and applications.
• Gain insights to prevent security issues.
• Learn how to recover from an attack.

Vulnerability Assessment

• Examination of the ability of a system or application to withstand exploitation.
• Recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channels.

Uses of Vulnerability Assessment

• Identify weaknesses
• Predict the effectiveness of additional security measures.

Vulnerability Scanning

• Aims to identify vulnerabilities and security issues in a system or network.
• Obtained Information:
  • OS version.
  • Open ports.
  • Apps and services vulnerabilities.
  • Apps and services configuration errors.
  • Accounts with weak passwords.
  • Missing patches and hotfixes.

Scanning Approaches

• Active Scanning* -- Interacts directly with the system or network under review.
• Passive Scanning* -- Doesn't directly interact with the system or network.

Vulnerability Scoring Systems and Databases

• Common Vulnerability Scoring System (CVSS): An open framework for communicating the characteristics and impacts of vulnerabilities.
• Common Vulnerabilities and Exposures (CVE): A list or dictionary of standardized identifiers of common vulnerabilities.
• National Vulnerability Database (NVD): A U.S. government repository for vulnerability management data using Security Content Automation Protocol (SCAP).
• Common Weakness Enumeration (CWE): A system for categorizing software vulnerabilities and weaknesses.

Types of Vulnerability Assessment

• Active: Scans networks for hosts, services, and vulnerabilities.
• Host-based: Checks system configurations for potential compromises.
• External: Identifies vulnerabilities accessible from outside the network.
• Application: Tests web infrastructure for misconfigurations and vulnerabilities.
• Passive: Used to sniff the network traffic.
• Internal: Scans the internal infrastructure.
• Network-based: Determines possible network security attacks.
• Database: Testing databases for the presence of data exposure or injection.
• Wireless Network: Checks for security vulnerabilities in wireless networks.

Description

Explore the different types of threats and their sources, including natural, unintentional, intentional internal, and external threats. This quiz will also cover the basics of malware, its impact on systems, and how it spreads. Test your knowledge and enhance your understanding of cybersecurity.