Week 9 - Security Threats PDF
Document Details
Uploaded by EruditeJasper1310
Tags
Summary
This presentation discusses various security threats, including malware, viruses, worms, and trojans. It gives characteristics, types and examples. It also covers how to prevent these types of threats.
Full Transcript
NETWORK SECURITY THREATS Network security threats encompass a wide range of attacks that can compromise the confidentiality, integrity, and availability of information and systems. Common types of network security threats: Malware Malware refers to malicious software designed to harm or ex...
NETWORK SECURITY THREATS Network security threats encompass a wide range of attacks that can compromise the confidentiality, integrity, and availability of information and systems. Common types of network security threats: Malware Malware refers to malicious software designed to harm or exploit systems Different types of Malware 1 Viruses This are programs designed to replicate themselves and spread from one computer to another. They can infect software applications, operating systems, and files, often without the knowledge of the user. Characteristics of Computer Viruses Replication: A virus can make copies of itself and spread to other files or systems. Activation: Viruses may remain dormant until a specific condition is met (like a particular date), after which they activate and carry out their harmful functions. Payload: This is the action that the virus performs when activated, which can range from displaying messages to damaging or deleting data. Types of Computer Viruses File Infector Virus: Attaches itself to executable files and activates when the files are launched. Macro Virus: Programs that are embedded in documents (like Word or Excel files) using macro language. They spread when the document is opened. Boot Sector Virus: Infects the boot sector of storage devices and executes each time the computer starts. Polymorphic Virus: Changes its code slightly each time it infects a new host, making it difficult to detect by antivirus software. Multipartite Virus: Can spread in multiple ways, such as through files and boot sectors simultaneously. Effects of Computer Viruses Data Loss: Viruses can corrupt or delete files, leading to loss of important data. Performance Issues: Increased CPU usage or slow system performance may occur due to the virus operating in the background. Unauthorized Access: Some viruses open backdoors for cybercriminals, risking personal and sensitive data. Network Spread: Viruses can propagate through networks, affecting multiple systems connected to the same network. 2 Worms Worms are a type of malicious software (malware) that self-replicate and spread to other computers without the need for user intervention. Unlike viruses, which require a host file to spread, worms exploit vulnerabilities in operating systems or applications to propagate across networks. Key Characteristics of Computer Worms: Self-Replication: Worms can create copies of themselves and spread to other devices, often over networks, such as the Internet or local networks. Exploitation of Vulnerabilities: Worms typically take advantage of software or operating system vulnerabilities. They may exploit open ports, unsecured network shares, or other weaknesses to gain access to new systems. Payloads: Some worms can carry payloads that perform malicious actions, such as installing backdoors, stealing data, or encrypting files for ransom. Key Characteristics of Computer Worms: Network Propagation: Worms often spread quickly across networks by scanning for vulnerable devices and then exploiting them, which can lead to rapid infection rates. No User Interaction Required: Unlike many types of malware that require users to open a file or click a link, worms can spread autonomously, making them particularly dangerous. Examples of Notable Computer Worms: Morris Worm (1988): One of the first worms distributed via the Internet, it caused significant slowdowns and disruptions due to its rapid replication. ILOVEYOU Worm (2000): This worm spread via email with a deceptive subject line and an attachment, causing widespread damage by overwriting files and stealing passwords. Conficker (2008): A highly prolific worm that exploited vulnerabilities in Windows systems, Conficker created a large botnet and was difficult to eradicate. WannaCry (2017): A ransomware worm that exploited a vulnerability in Windows, it encrypted users' files and demanded ransom payments in Bitcoin. It affected numerous organizations worldwide. 3 Trojan A computer Trojan, commonly known as a Trojan horse, is a type of malicious software (malware) that disguises itself as a legitimate application or file to trick users into downloading or executing it. Unlike viruses or worms, Trojans do not self-replicate but rely on the user to unleash their payload. Key Characteristics of Trojans: Deceptive Appearance: Trojans often masquerade as harmless software, such as games, utilities, or updates, to lure victims into downloading them. Payload Delivery: Once executed, a Trojan can carry out a variety of malicious activities, including stealing sensitive information (like passwords and credit card details), facilitating remote access to the infected system, or downloading additional malware. Types of Trojans Backdoor Trojans: Allow remote access to a system, enabling the attacker to control the system. Banking Trojans: Target financial institutions and can compromise online banking credentials. Ransomware: Encrypts files on a victim's system and demands a ransom for their release (though ransomware is often classified separately, it typically enters systems as a Trojan). Trojans that Download Other Malware: These are designed specifically to install additional malicious software on the system. 4 Ransomware Ransomware is a type of malicious software (malware) designed to deny access to a computer system or data until a ransom is paid to the attacker. How Ransomware Works Infection Vectors: Ransomware typically spreads through phishing emails, malicious downloads, or vulnerabilities in software. Once executed, it can encrypt files on the infected system. Encryption: The malware encrypts files on the victim's device or network, rendering them inaccessible. The attacker then demands payment, usually in cryptocurrency, in exchange for a decryption key. Payment and Decryption: After paying the ransom, there’s no guarantee that the decryption key will be provided, or that it will work. In many cases, victims who pay do not recover their files. Types of Ransomware Crypto Ransomware: Encrypts files and demands a ransom for the decryption key. Locker Ransomware: Locks the user out of the device or operating system but does not encrypt files, demanding a ransom for access restoration. Scareware: Pretends to be legitimate software (often antivirus) that claims the user’s computer is infected, demanding payment to remove the non-existent threat. 5 Botnet A botnet is a network of compromised computers or devices that are controlled by a single entity, often referred to as a "botmaster." The term "bot" is short for "robot," and it refers to the software that allows the malicious actor to control the infected devices, which can be computers, smartphones, IoT devices, and other networked hardware. Key Characteristics of Botnets: Infection: Devices become part of a botnet typically through malware. Users may unknowingly download this malware through malicious downloads, phishing attacks, or exploit kits. Control: Once a device is infected, it can be remotely controlled by the botmaster using command-and-control (C&C) servers. The botnet software often includes features that allow it to receive commands, update itself, or spread to other devices. Types of Botnets DDoS (Distributed Denial of Service) Attacks: Overwhelming a target server or network with traffic to disrupt service. Spam Distribution: Sending out massive amounts of spam emails. Data Theft: Harvesting sensitive information, such as login credentials or financial data. Cryptojacking: Using the processing power of infected devices to mine cryptocurrencies without the user's consent. Notable Botnets: Mirai: A well-known IoT botnet that exploited insecure devices (like cameras and routers) to launch massive DDoS attacks. Conficker: This botnet exploited vulnerabilities in Windows operating systems to create one of the largest botnets ever, spreading through removable media and network shares. Zeus: Primarily focused on stealing banking credentials, Zeus was used in a range of cybercriminal activities. 6 Adware Adware, short for "advertising-supported software," is a type of software that automatically delivers advertisements. Adware is often bundled with free software and can display unwanted ads, pop-ups, and can redirect web traffic to advertising websites. While not always malicious, adware can be intrusive and may track user behavior for targeted advertising purposes. Some key points about adware include: 1. Functionality: Adware can serve various purposes, including generating revenue for the software developer by displaying ads or tracking user behavior for analytics and targeted marketing. 2. Installation: Adware often installs alongside other software without the user's explicit consent, typically through "bundled" installations. Users might unknowingly agree to install adware by clicking through installation prompts. 3. Impact on Performance: While adware itself may not be harmful, it can slow down your device, consume system resources, and lead to an annoying user experience due to constant pop-ups and intrusive ads. Some key points about adware include: 4. Removal: Many antivirus and anti-malware programs can detect and remove adware. Additionally, users can often uninstall adware through their device's application management tools. 5. Legitimacy: Not all adware is harmful; some ad-supported software operates within legal boundaries. However, malicious variants can compromise user privacy and security. 6. Preventive Measures: To avoid adware, users should be cautious when downloading free software, read installation prompts carefully, and consider using ad blockers or reputable security software. 7 Spyware Spyware is a type of malicious software designed to gather information about an individual or organization without their knowledge or consent. It can monitor user activity, collect sensitive data, and potentially compromise privacy and security. Spyware can be used for various purposes, including: 1. Data Theft: It can capture personal information such as passwords, credit card numbers, and social security numbers. 2. Surveillance: Spyware can monitor user behavior, including browsing habits, keystrokes (keyloggers), and even take control of webcams or microphones to capture audio and video. 3. Targeted Advertising: Some spyware tracks user behavior to serve targeted ads, although this is often bundled with consent issues and privacy violations. 4. Network Exploitation: Spyware can take advantage of vulnerabilities in a network or device to spread further or gain unauthorized access to additional systems. 8 Rootkits Rootkits are a collection of malicious software tools that allow an unauthorized user to gain control over a computer system without being detected. They are designed to hide their presence and the presence of other malicious software, making them particularly dangerous. Types of Rootkits: 1. User-mode Rootkits: These operate at the user level and modify standard executables, system libraries, or user applications to gain access and control. 2. Kernel-mode Rootkits: These operate at the kernel level of the operating system, offering more extensive control over the system. They can modify the operating system's core functions, making them harder to detect and remove. 3. Bootkits: A subtype of kernel-mode rootkits, bootkits embed themselves in the system's boot process, allowing them to launch before the operating system even starts. This makes them particularly difficult to detect and remove. 4. Firmware Rootkits: These target the firmware of hardware components, such as the BIOS or UEFI, allowing attackers to remain persistent even after the operating system is reinstalled. 9 Fileless Fileless malware is a type of malicious software that operates without the need for traditional files to be written to disk. Instead, it executes directly in memory and often exploits legitimate system tools and processes, making it harder to detect and analyze. Characteristics: 1. Memory-based Execution: Fileless malware is designed to run directly from memory, which means it does not leave behind traditional files that can be easily identified and removed by antivirus tools. 2. Use of Legitimate Tools: It often leverages built-in system tools (such as PowerShell, WMI, or scripts) to carry out its operations. This enables attackers to blend in with normal processes. 3. Stealthy Operations: Because it does not write files to the disk, fileless malware can evade many traditional detection methods that rely on file scanning. 4. Persistence: Some forms have mechanisms to maintain persistence (i.e., re-establish themselves after a reboot), often by exploiting legitimate services or processes. 5. Targeting Specific Platforms: While many fileless malware attacks target Windows systems, some forms exist for other operating systems, exploiting similar features. 10 Malvertising Malvertising refers to the practice of delivering malicious software through online advertising. It can occur when legitimate ad networks inadvertently serve ads that contain malware or when malicious actors intentionally create and distribute harmful advertisements. Here are some key points about malvertising: Mechanism: Malvertising typically exploits weaknesses in web browsers or user systems. It can lead to the automatic download of malware without user interaction (known as drive-by downloads) or redirect users to malicious websites. Types of Malware: The malware delivered through malvertising can vary, including ransomware, spyware, adware, and trojans. The intent behind the malvertising often focuses on stealing personal information, compromising systems, or generating revenue through illicit means. Impact: Malvertising can have significant negative consequences for users, businesses, and advertisers. Users may lose sensitive information or face financial theft, while businesses can suffer damage to their reputation and financial losses. How to prevent Malwares? 1. Use Antivirus Software 2. Keep Software Up to Date 3. Be Cautious with Email Attachments and Links 4. Download from Trusted Sources 5. Use a Firewall 6. Practice Safe Browsing 7. Be Wary of Public Wi-Fi 8. Regular Backups 9. Enable Pop-up Blockers 10. Educate Yourself and Others 11. Limit User Privileges 12. Check Permissions for Installed Apps