EH3_Contents_ch4.pdf
Document Details
Uploaded by AdoredSanAntonio
2024
Tags
Related
- Unit 2 Footprinting and Reconnaisance part 1.pdf
- CEH v12.312 - 50 - v12 - Dumps.pdf
- Western Governors University_ Certified Ethical Hacker (CEH) Version 12 eBook w_ iLabs (Volumes 1 through 4).pdf
- Secure Thinking Session 3: What is a Hacker PDF
- Ethical Hacking Past Paper PDF Week 1 & 2
- Chapter 1 Ethical Hacking, Ethics, and Legality PDF
Full Transcript
Applied College Shaqra Ethical Hacking (3) SYS 2004 Dr. Majid H. Alsulami [email protected] Dr. Bodor Almubaddel 2024 Copyright 2024 - All Rights Reserved Applied College Shaqra No part of this presentation may be reproduced or transmitted in any form whatsoever, electronic, or mechanical, includi...
Applied College Shaqra Ethical Hacking (3) SYS 2004 Dr. Majid H. Alsulami [email protected] Dr. Bodor Almubaddel 2024 Copyright 2024 - All Rights Reserved Applied College Shaqra No part of this presentation may be reproduced or transmitted in any form whatsoever, electronic, or mechanical, including photocopying, recording, or by any informational storage or retrieval system without express written, dated and signed permission from the creator. Applied College Shaqra Course Main Objective(s): Basics of the ethical hacking Foot printing and scanning Techniques for system hacking Malware and their attacks and detect and prevent them Signature of different attacks and prevent them Detect and prevent the security attacks in different environments Applied College Shaqra Course Content No 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 List of Topics Basics of the ethical hacking Foot printing and scanning Foot printing and scanning Foot printing and scanning Techniques for system hacking Techniques for system hacking Techniques for system hacking Malware and their attacks and detect and prevent them Malware and their attacks and detect and prevent them Signature of different attacks and prevent them Signature of different attacks and prevent them Signature of different attacks and prevent them Detect and prevent the security attacks in different environments Detect and prevent the security attacks in different environments Detect and prevent the security attacks in different environments Review Total Contact Hours 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 64 Applied College Shaqra Students Assessment Activities No 1 2 3 4 5 6 Assessment Activities * Midterm 1 Midterm 1 Quizzes Participation labs Final written Examination Assessment timing Percentage of Total Assessment Score (in week no) 7-8 14-15 4-11 weekly 16 End of semester 15% 15% 10% 10% 10% 40% *Assessment Activities (i.e., Written test, oral test, oral presentation, group project, essay, etc.) Applied College Shaqra References and Learning Resources Essential References 1. Gray Hat Hacking the Ethical Hackers Handbook, 3rd Edition by Shon Harris, Gideon Lenkey, Allen Harper, Jonathan Ness and Chris Eagle (2011, Trade Paperback). 2. The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy by Patrick Engebretson, Syngress; 2 edition. 3..Hands-On Ethical Hacking & Network Defense - By James Corley, Kent Backman, & Michael Simpson. Supportive References Codecademy – Python - https://www.codecademy.com/tracks/python List of Open Source Software/learning website: ∙ https://hackaday.com/ Electronic Materials ∙ https://breakthesecurity.cysecurity.org/ ∙ https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/ ∙ https://www.hackthissite.org Other Learning Materials PowerPoint, Videos Applied College Shaqra Chapter 4 Malware and their attacks and detect and prevent them Applied College Shaqra Many in the general public have heard the term “virus” or perhaps “Trojan” in computing, though they may neither understand what they actually do nor how they operate. What is a Malware? Malware, or malicious software, is any program or file that is intentionally harmful to a computer, network or server. Malware can serve a countless number of different functions, but are generally designed to automate attacks against systems and simplify the process of hacking overall. https://www.youtube.com/watch?v=ynuliH_AwxI Applied College Shaqra What does malware do? Malware can infect networks and devices and is designed to harm those devices, networks and/or their users in some way. Depending on the type of malware and its goal, this harm may present itself differently to the user or endpoint. In some cases, the effect malware has is relatively mild and benign, and in others, it can be disastrous. No matter the method, all types of malware are designed to exploit devices at the expense of the user and to the benefit of the hacker -- the person who has designed and/or deployed the malware. Malicious software programs operate by exploiting vulnerabilities, or flaws, in computer software or hardware. Applied College Shaqra How do malware infections happen? Malware authors use a variety of physical and virtual means to spread malware that infects devices and networks. For example, malicious programs can be delivered to a system with a USB drive, through popular collaboration tools and by drive-by downloads, which automatically download malicious programs to systems without the user's approval or knowledge. Applied College Shaqra Malware is generally used to disrupt email and network operations, access private files, steal sensitive information, delete or corrupt files, or generally damage computer software and hardware. The dissemination of malware across computer networks can be costly for several reasons, including, but not limited to: The loss of data and copyrighted information Identity theft Loss of revenue due to customer apprehension about the safety of a company’s website Time spent removing the programs Losses in personal productivity and system functions Applied College Shaqra Applied College Shaqra Different types of malware have unique traits and characteristics. Types of malware include the following: 1-Virus The most common type of malware that can execute itself and spread by infecting other programs or files. A computer virus is a program that spreads by first infecting files or the system areas of a computer or network router's hard drive and then making copies of itself. Many viruses may access sensitive data, corrupt files, steal space on the hard drive, or generally disrupt system processes. Applied College Shaqra Types of malware 2-Worm A worm is a type of virus that can spread without human interaction. Worms are written as standalone programs in that they do not need to attach to existing system files or modify any code. Worms often spread from computer to computer and take up valuable memory and network bandwidth, which can cause a computer to stop responding. Worm can self-replicate without a host program and typically spreads without any interaction from the malware authors. Worms can also allow attackers to gain access to your computer remotely. Applied College Shaqra Types of malware 3-Trojan Horse A Trojan horse is designed to appear as a legitimate software program to gain access to a system. Once activated following installation, Trojans can execute their malicious functions. This form of malware is similar to viruses in that it cannot replicate on its own, but requires some user interaction in order to execute the code. Trojan horses can be included in software that you download for free or as attachments in email messages. Applied College Shaqra Types of malware 4-Spyware Spyware collects information and data on the device and user, as well as observes the user's activity without their knowledge. Spyware is a malicious software designed to enter your computer device, gather data about you, and forward it to a third-party without your consent. Spyware can also refer to legitimate software that monitors your data for commercial purposes like advertising. However, malicious spyware is explicitly used to profit from stolen data. Applied College Shaqra Types of malware 5-Ransomware Ransomware infects a user's system and encrypts its data. Cybercriminals then demand a ransom payment from the victim in exchange for decrypting the system's data. 6-Rookit A rookit obtains administrator-level access to the victim's system. Once installed, the program gives threat actors root or privileged access to the system. 7-Backdoor A backdoor virus or remote access Trojan secretly creates a backdoor into an infected computer system that enables threat actors to remotely access it without alerting the user or the system's security programs. Applied College Shaqra Types of malware 8-Adware Adware tracks a user's browser and download history with the intent to display pop-up or banner advertisements that lure the user into making a purchase. For example, an advertiser might use cookies to track the webpages a user visits to better target advertising. 9-Keyloggers Keyloggers also called system monitors, track nearly everything a user does on their computer. This includes emails, opened webpages, programs and keystrokes. Applied College Shaqra Malware analysis Malware analysis is the process of studying malware to understand its function and purpose. This information can then be used to develop ways to protect against or remove malware. Applied College Shaqra Types of Malware Analysis 1- Static Analysis Static Analysis examines the files for signs of malicious intent without executing the program. This form can also call for manual review by an IT professional after the initial examination to conduct further analysis as to how the malware interacts with the system. Static document analysis looks for abnormalities in the file itself, not in how it executes. Applied College Shaqra Types of Malware Analysis 2- Dynamic Analysis Dynamic Analysis relies on a closed system (known as a sandbox), to launch the malicious program in a secure environment and simply watch to see what it does. The inspection environment simulates an entire host (including the CPU, system memory, and all devices) to continuously observe all the actions malicious objects can take. This automated system enables professionals to watch the malware in action without letting it infect their system. Dynamic analysis interacts with the malware to elicit every malicious behavior supports automation, fast and accurate findings, and can support identifying and analyzing the obscurities within an organization’s infrastructure Applied College Shaqra How Malware Spreads Malware employs various propagation methods to infiltrate and spread across systems: 1.Email Attachments: 1. Example: A user receives an email purportedly from a trusted source, containing an attachment labeled as an invoice. Upon opening the attachment, the malware executes, infecting the user's system. 2.Infected Websites: 1. Example: A user visits a compromised website that has been injected with malicious code. Without the user's knowledge, the website triggers a driveby download, installing malware onto the user's device. 3.Removable Media: 1. Example: An employee inserts a USB drive they found into their work computer. Unbeknownst to them, the USB drive contains malware that spreads to the computer upon insertion. Applied College Shaqra How Malware Spreads 4.Software Vulnerabilities: Example: A cybercriminal exploits a known vulnerability in outdated software installed on a server. By exploiting the vulnerability, they gain unauthorized access to the server and deploy malware. 5.Social Engineering Tactics: Example: An attacker sends phishing emails impersonating a trusted entity, such as a bank or a colleague. The email contains a link that, when clicked, directs the user to a fake login page where their credentials are stolen. Applied College Shaqra Ethical Hacking Approach Ethical hackers simulate spreading malware to identify vulnerabilities and weaknesses in an organization's security posture without causing actual harm. Here's how they might approach it: 1.Phishing Simulations: Ethical hackers conduct controlled phishing simulations to assess employees' susceptibility to phishing attacks. They craft convincing phishing emails and monitor users' responses to identify potential training needs. 2.Social Engineering Assessments: Ethical hackers use social engineering techniques to manipulate employees into disclosing sensitive information or performing actions that could aid in spreading malware. For example, they might pose as IT personnel requesting login credentials or access to sensitive systems. Applied College Shaqra Ethical Hacking Approach 3. Vulnerability Scanning and Exploitation: Ethical hackers perform vulnerability scanning and penetration testing to identify and exploit vulnerabilities in software, networks, and systems. By exploiting vulnerabilities in a controlled environment, they demonstrate the potential impact of malware attacks and provide recommendations for mitigation. 4.Awareness Training: Ethical hackers collaborate with organizations to develop and deliver cybersecurity awareness training tailored to employees' roles and responsibilities. Through interactive workshops and educational materials, they raise awareness about common malware threats and best practices for prevention. 5.Reporting and Recommendations: Ethical hackers document their findings, including identified vulnerabilities, successful exploitation attempts, and recommendations for remediation. They present their findings to the organization's stakeholders, empowering them to take proactive measures to enhance cybersecurity defenses. Applied College Shaqra By adopting an ethical hacking approach, organizations can proactively identify and address security weaknesses before they can be exploited by malicious actors. Ethical hackers play a vital role in helping organizations strengthen their cybersecurity posture and mitigate the risk of malware attacks. Applied College Shaqra Detecting Malware malware detection comprises mechanisms to identify and protect against harm from viruses, worms, Trojan horses, spyware, and other forms of malicious code. Malware detection and prevention technologies are widely available for servers, gateways, user workstations, and mobile devices, with some tools offering the capability to centrally monitor malware detection software installed on multiple systems or computers. Malware detection tools typically run continuously and provide automated updates of detection signatures or other reference information used to identify malicious code. Applied College Shaqra Tools and approaches of Detecting Malware 1. 2. 3. 4. 5. 6. 7. Antivirus software. Intrusion Detection Systems (IDS). Behavioral Analysis. Regular Security Updates. File Integrity Monitoring (FIM). Threat Intelligence Platforms. Machine Learning and AI-based Solutions. These tools and approaches complement each other, forming layers of defense to detect and mitigate malware threats effectively. Organizations often employ a combination of these solutions to enhance their security posture and protect against a wide range of malware attacks. Applied College Shaqra 1-Antivirus Software: Traditional Antivirus: As mentioned, traditional antivirus software relies on signature-based detection. Some well-known antivirus programs include: Norton Antivirus McAfee Antivirus Avast Antivirus Bitdefender Antivirus Next-Generation Antivirus (NGAV): NGAV solutions use advanced techniques such as machine learning, behavioral analysis, and heuristics to detect and prevent malware. Examples include: CrowdStrike Falcon CylancePROTECT SentinelOne Applied College Shaqra 2-Intrusion Detection Systems (IDS): Network-based IDS (NIDS): These systems monitor network traffic for suspicious patterns or known signatures of malware. Some popular NIDS tools include: 1.Snort 2.Suricata 3.Zeek (formerly Bro) Applied College Shaqra 3-Behavioral Analysis Endpoint Detection and Response (EDR): EDR solutions monitor endpoint devices for suspicious behavior that may indicate malware activity. They often include behavioral analysis capabilities. Examples include: 1.Carbon Black 2.FireEye Endpoint Security 3.Tanium Sandboxing: Sandboxing environments isolate suspicious files or programs and observe their behavior in a controlled environment to identify malicious activity. Sandbox solutions include: 1.Cuckoo Sandbox 2.Joe Sandbox 3.FireEye Sandbox Applied College Shaqra 4-Regular Security Updates Patch Management Tools: These tools automate the process of applying security patches and updates to software and operating systems, reducing the window of vulnerability. Examples include: 1.Microsoft Windows Update 2.WSUS (Windows Server Update Services) 3.Red Hat Satellite (for Linux systems) Applied College Shaqra 5-File Integrity Monitoring (FIM): FIM tools monitor changes to files and file systems, alerting administrators to unauthorized modifications that may indicate a malware infection. Examples include: 1.Tripwire 2.OSSEC 3.AIDE (Advanced Intrusion Detection Environment) Applied College Shaqra 6-Threat Intelligence Platforms: Threat intelligence platforms aggregate and analyze threat data from various sources to identify emerging threats and provide actionable insights for malware detection and prevention. Examples include: 1.ThreatConnect 2.Anomali ThreatStream 3.Recorded Future Building a Cyber Threat Intelligence Platform in 5 steps Applied College Shaqra 7-Machine Learning and AI-based Solutions: Advanced security solutions leverage machine learning and artificial intelligence algorithms to detect and respond to evolving malware threats in real-time. Examples include: 1.Darktrace 2.Symantec Advanced Threat Protection 3.Palo Alto Networks Cortex XDR Applied College Shaqra Preventing Malware Attacks 1.Keep Software Up to Date: Operating Systems: Regularly update operating systems (e.g., Windows, macOS, Linux) to patch known vulnerabilities and strengthen security defenses. Applications: Update all software applications, including web browsers, email clients, office suites, and productivity tools, to minimize the risk of exploitation by malware. Patch Management Tools: Utilize patch management solutions to automate the process of deploying updates across endpoints and ensure timely patching of vulnerabilities. Applied College Shaqra Preventing Malware Attacks 2.Use Strong Passwords and Authentication: Password Policies: Implement strong password policies that require users to create complex passwords containing a mix of alphanumeric characters, symbols, and uppercase/lowercase letters. Multi-Factor Authentication (MFA): Enable MFA wherever possible to add an extra layer of security, requiring users to provide multiple forms of identification (e.g., password, biometric verification, token) to access systems and accounts. Applied College Shaqra Preventing Malware Attacks 3. Exercise Caution with Email and Web Browsing: Email Security: Deploy email security solutions such as spam filters, antivirus scanning, and phishing protection to detect and block malicious emails before they reach users' inboxes. Web Filtering: Implement web filtering solutions to block access to malicious or suspicious websites known to distribute malware, phishing scams, or other harmful content. Applied College Shaqra Preventing Malware Attacks 4.Endpoint Protection: Antivirus and Antimalware Software: Install reputable antivirus and antimalware solutions on all endpoints (e.g., desktops, laptops, servers, mobile devices) to detect and remove malware threats. Host-based Firewalls: Enable host-based firewalls on endpoints to monitor and control incoming and outgoing network traffic, blocking unauthorized communication and reducing the attack surface. Applied College Shaqra Preventing Malware Attacks 5.secure Network Infrastructure: Firewalls and Intrusion Prevention Systems (IPS): Deploy network firewalls and IPS solutions to monitor and filter network traffic, preventing unauthorized access and detecting suspicious activity indicative of malware attacks. Virtual Private Networks (VPNs): Utilize VPNs to encrypt network communications and establish secure connections, especially for remote workers accessing corporate resources from external networks. Applied College Shaqra Preventing Malware Attacks 6.User Awareness and Training: Security Awareness Programs: Conduct regular security awareness training sessions to educate users about common malware threats, phishing scams, social engineering tactics, and best practices for safe computing. Phishing Simulations: Conduct phishing simulation exercises to test users' susceptibility to phishing attacks and reinforce good security habits. 7.Application Whitelisting and Privilege Management: Application Whitelisting: Implement application whitelisting to restrict the execution of only authorized programs and prevent the execution of unauthorized or potentially malicious software. Least Privilege Principle: Follow the principle of least privilege by granting users and applications only the minimum level of access rights and permissions required to perform their tasks, reducing the risk of malware propagation and privilege escalation. Applied College Shaqra Preventing Malware Attacks 8.Data Backup and Recovery: Regular Backups: Implement a comprehensive backup strategy to regularly back up critical data and system configurations to secure and reliable storage locations. Backup Testing: Test backup and recovery processes regularly to ensure data integrity, availability, and the ability to restore systems and data in the event of a malware attack or data breach. Applied College Shaqra Preventing Malware Attacks By implementing these preventive measures and leveraging a combination of security tools, organizations can significantly reduce the risk of malware attacks and strengthen their overall cybersecurity posture. Regular monitoring, evaluation, and adjustment of security controls are essential to adapt to evolving threats and ensure continued protection against malware. Applied College Shaqra Ethical Considerations in Malware Defense Ethical hacking involves utilizing the same techniques and methodologies as malicious hackers to identify and address security vulnerabilities proactively. It is essential to adhere to legal and ethical standards, obtain proper authorization, and respect privacy rights when conducting security assessments or penetration testing activities. Ethical hackers play a crucial role in strengthening cybersecurity defenses, enhancing resilience against cyber threats, and safeguarding digital assets and information. Applied College Shaqra Applied College Shaqra On Line Quiz 2 (5) Marks Applied College Shaqra References: https://shorturl.at/kyAIR https://www.cisa.gov/news-events/news/virus-basics https://me-en.kaspersky.com/resource-center/threats/spyware https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/malware-reverse-engineering/ https://www.vmware.com/mena/topics/glossary/content/malware-analysis.html https://www.europol.europa.eu/operations-services-and-innovation/public-awareness-and-preventionguides/malware-basics https://www.greycampus.com/opencampus/ethical-hacking/how-todetect-malicious-software https://www.thesecuritybuddy.com/data-breaches-prevention/whatis-ids-intrusion-detection-system-howdoes-it-work/ https://sectigostore.com/blog/malware-analysis-what-it-is-how-itworks/