REVIEWER-IAS1.pdf

Full Transcript

INTORDUCTION TO IAS A Different View of IA

According to Debra Herrmann (Complete Guide to
System Quality Security and Privacy Metrics), IA should be viewed as
spanning four security engineering domains:
Aspects of system quality:

functionality Physical security
⚬ adequacy Refers to the protection of hardware, software,
and data against physical threats to reduce or prevent
⚬ interoperability
disruptions to operations and services and loss of
⚬ correctness
assets.
⚬ security
reliability
Personnel security
usability
is a variety of ongoing measures taken to reduce
efficiency
the likelihood and severity of accidental and intentional
maintainability
alteration, destruction, misappropriation, misuse,
misconfiguration, unauthorized distribution, and
unavailability of an organization’s logical and physical
What is Information? assets, as the result of action or inaction by insiders and
It is a processed data known outsiders, such as business partners

According to Raggad (pp. 14ff), the following are all IT security
distinct conceptual resources: is the inherent technical features and functions
Noise: raw facts with an unknown coding system that collectively contribute to an IT infrastructure
Data: raw facts with a known coding system achieving and sustaining confidentiality, integrity,
Information: processed data availability, accountability, authenticity, and reliability
Knowledge: accepted facts, principles, or rules of thumb
that are useful for specific domains. Knowledge can be Operational security
the result of inferences and implications produced from Involves the implementation of standard
simple information fact. operational security procedures that define the nature
and frequency of the interaction between users,
systems, and system resources, the purpose of which is
What is Information Assurance? to
Information Assurance is such a broad field that there is
no universally accepted definition. Researchers often achieve and sustain a known secure system state at all
give their own spin to IA, usually reflecting their own times, and
concerns. prevent accidental or intentional theft, release,
destruction, alteration, misuse, or sabotage of system
resources

Aspects of information needing protection: According to Raggad’s taxonomy of information
 Availability security, a computing environment is made up of five
 Integrity continuously interacting components:
 Confidentiality  Activities
 Authentication  People
 Non-repudiation  Data
 Technology
 Networks
IA includes computer and information security, but Governments and agencies: seek the military,
more besides. According to Blyth and Kovacich, IA can diplomatic, and economic secrets of foreign
be thought of as protecting information at three governments, foreign corporations, and adversaries.
distinct levels: May also target domestic adversaries.
Terrorists: usually politically motivated and may seek
physical: data and data processing activities in physical to cause maximal damage to information infrastructure
space; as well as endanger lives and property.
information infrastructure: information and data
manipulation abilities in cyberspace; THREAT AND ATTACKS
perceptual: knowledge and understanding in human
decision space  Computer Virus
 Computer Worms
The lowest level focus of IA is the physical level:  Trojan
computers, physical networks, telecommunications and  DOS & DDOS
supporting systems such as power, facilities and  Phishing
environmental controls. Also at this level are the people  Spyware
who manage the systems.  Hacker
 Ransomware
Desired Effects: to affect the technical performance
 Adware
and the capability of physical systems, to disrupt the
 Logic Bomb
capabilities of the defender.
 Password Attacks
Attacker’s Operations: physical attack and destruction,
including: electromagnetic attack, visual spying,
intrusion, scavenging and removal, wiretapping,
COMPUTER VIRUS
interference, and eavesdropping.
Defender’s Operations: physical security, OPSEC,
TEMPEST a type of malicious software program (or
malware)
“The Biggest Threat to Computer Security? when executed, replicates itself by modifying
Carelessness” other computer programs and inserting its code
When this replication succeeds, the affected
Nature of the Threat areas are then said to be “infected “
Simply put, a computer virus changes how your
Necessary for IW, as for any related activity, are motive, computer works and aims to spread to other
means, and opportunity.
computers.
In general, the offensive players in the world of IW come
in six types:
What does a computer virus do?
Insiders: consists of employees, former employees
and contractors. harm or destroy data, slow down system
Hackers: one who gains unauthorized access to or resources, and log keystrokes, among other things
breaks into information systems for thrills, challenge, unexpected or harmful outcomes during this
power, or profit. procedure, such as destroying system software by
Criminals: target information that may be of value to corrupting data
them: bank accounts, credit card information, made to mess things up by deleting files, messing
intellectual property, etc. up programs, or even wiping out your hard drive
Corporations: actively seek intelligence about
completely
competitors or steal trade secrets.
can slow down your computer a lot, using up
memory and making it crash often.
 4. Visiting a malicious website. 5. Installing pirated
software(s) etc.

Prevention

Install Antivirus Software: Think of antivirus software as
your computer’s doctor. It works around the clock to
detect and block viruses before they can infect your
system. Make sure to keep it updated!

Update Regularly: Keep your operating system,
software, and apps up to date. Updates often include
fixes for security vulnerabilities that viruses could
exploit.

Be Cautious with Emails and Downloads: Don’t open
emails or download attachments from unknown
sources. If an email looks suspicious, even if you know
History the sender, it’s best to delete it. Think before you click.

first computer virus, called the “Creeper system,” Use Strong Passwords: Protect your accounts with
appeared in 1971 as an experimental virus that could strong, unique passwords. Consider using a password
copy itself manager to keep track of them all.
mid-1970s, the “Rabbit” virus emerged, which
replicated very quickly and caused significant damage at Backup Your Data: Regularly back up your data to an
the same pace external drive or cloud storage. If a virus does slip
“Elk Cloner” was created in 1982 by Rich Skrenta. It through, you won’t lose everything.
spread through a floppy disk containing a game and
attached itself to the Apple II operating system. Solution
The first virus for MS-DOS, called “Brain,” appeared in
1986. It was designed by two Pakistani brothers and Do-it-yourself manual approach: This means you try
overwrote the boot sector of floppy disks, making it to fix the problem on your own. Usually, you start by
impossible for the computer to start. It was originally searching online for solutions. Then, you might have to
meant to be a copy protection system. do a lot of tasks to clean up your computer. It can take
In 1988, more destructive viruses began to surface. time and might need some experience to finish
Until then, most viruses were Home with solid fill everything.
considered pranks with funny names and messages.
However, in 1988, “The Morris” became the first widely Get help from a reliable antivirus product: Another
spreading virus. option is to use antivirus software. This software is
designed to find and remove viruses from your
How do computer viruses spread? computer. You just need to install it and let it do its job.
Malwarebytes is one of, if not, the best software out
1. Sharing the data like music, files, and images with there.
each other.
2. If you open a spam email or an attachment in an
email that is sent by an unknown person.
3. Downloading the free games, toolbars, media players,
etc.
COMPUTER WORM contacts. It caused an estimated $10 billion in damage
and affected millions of computers worldwide.
A computer worm is a type of malicious software
that replicates itself in order to spread to other 2008
computers.
Conficker Worm
1971
Creator: The creator of Conficker remains unknown.
The First Worm: The Creeper Creator:
Conficker is one of the most widespread worms in
history, infecting millions of computers globally. It
Bob Thomas, a researcher at BBN Technologies.
exploited a vulnerability in Microsoft Windows and
created a botnet, a network of infected computers
The Creeper was the first known computer worm. It was
controlled by the worm's creators. Despite extensive
created as an experimental program to demonstrate
investigations, the identity of the person or group
mobile applications and how they could move across
behind Conficker has never been uncovered.
ARPANET, the precursor to the internet. The Creeper
displayed the message "I'M THE CREEPER: CATCH ME IF
2017
YOU CAN" on infected machines. It wasn’t malicious and
didn’t cause harm, but it laid the groundwork for future
WannaCry Ransomware Worm
worms.

Creators: The WannaCry worm was attributed to the
1988
North Korean Lazarus Group, according to multiple
sources, including the U.S. government.
The Morris Worm

WannaCry was a ransomware worm that spread
Creator: Robert Tappan Morris, a graduate student at
through a vulnerability in Microsoft Windows. It
Cornell University.
encrypted files on infected systems and demanded
ransom payments in Bitcoin. The worm affected over
The Morris Worm is often considered the first significant
200,000 computers in 150 countries, including critical
worm to spread on the internet. It exploited
infrastructure like hospitals and businesses, causing
vulnerabilities in UNIX systems and spread rapidly,
billions of dollars in damage.
causing widespread disruption. Morris claimed it was
not intended to cause harm but rather to measure the
size of the internet. However, a programming error
caused it to replicate excessively, slowing down systems
and leading to significant damage.

2000

ILOVEYOU Worm

Creators: Onel de Guzman and Reonel Ramones, Filipino
programmers.

The ILOVEYOU worm spread through email with the
subject "ILOVEYOU" and an attachment named "LOVE-
LETTER-FOR-YOU.txt.vbs". When opened, it overwrote
files and spread to everyone in the recipient's email
 Be Cautious with Email: Avoid opening email
attachments from unknown senders.
Use Firewalls: Implement firewalls to block
unauthorized access to your network."

TROJAN

HISTORY

One of the most well-known battle tactics is the Trojan
Horse. The Trojan Horse is named after the famous tale
of the Trojan War. According to Greek mythology, the
Greeks presented the Trojans with a big wooden horse
as a farewell gift. The Trojans brought the horse inside
the city walls. The Greek troops hidden in the horse
climbed out and opened the city gates, allowing the
Greek army to conquer the city. The Trojan Horse’s
meaning is the same as in the tale.
HOW DO COMPUTER WORMS SPREAD?
WHAT IS A TROJAN HORSE?
Network Vulnerabilities: They exploit security
weaknesses in network protocols or operating systems. A "Trojan" (short for "Trojan horse") is a type of
Email Attachments: Worms can be spread via malicious software that disguises itself as a legitimate
malicious email attachments. program or file to gain unauthorized access to a user's
Social Engineering: They can trick users into executing system. Unlike viruses or worms, Trojans do not
them by masquerading as legitimate files. replicate themselves but rely on tricking users into
P2P Networks: Worms can spread through file-sharing installing them. Once inside a system, they can perform
networks by disguising themselves as popular various harmful activities, such as stealing data, creating
downloads." backdoors for other malware, or giving unauthorized
access to attackers.
EFFECTS OF COMPUTER WORMS
TYPES OF TROJAN
System Slowdown: Worms consume system resources,
causing computers and networks to slow down.
Data Corruption: They can corrupt or delete files, Backdoor Trojan- A backdoor Trojan enables an attacker
leading to data loss. to gain remote access to a computer and take control of
Unauthorized Access: Worms can open backdoors for it using a backdoor. This enables the malicious actor to
hackers to gain unauthorized access to systems. do whatever they want on the device, such as deleting
Network Congestion: As worms replicate and spread, files, rebooting the computer, stealing data, or
they generate excessive traffic, leading to network uploading malware.
congestion."

PREVENTION AND PROTECTION Downloader Trojan - A downloader Trojan targets a
computer that has already been infected by malware,
Keep Software Updated: Regularly update operating then downloads and installs more malicious programs
systems and applications to patch vulnerabilities. to it. This could be additional Trojans or other types of
Use Antivirus Software: Ensure you have reliable malware like adware
antivirus software that can detect and remove worms.
Fake antivirus Trojan - A fake antivirus Trojan simulates Deactivated virus protection and firewall -If the firewall
the actions of legitimate antivirus software. The Trojan and the antivirus software are deactivated by a Trojan,
is designed to detect and remove threats like a regular the computer becomes more susceptible to cyber-
antivirus program, then extort money from users for attacks.
removing threats that may be nonexistent.
HOW TO PREVENT TROJAN HORSE ATTACKS?
Ransom Trojan- Ransom Trojans seek to impair a
computer’s performance or block data on the device so For everyday users, the best way to protect against
that the user can no longer access or use it. The attacker Trojan attacks is by practicing responsible online
will then hold the user or organization ransom until they behavior, as well as implementing some basic
pay a ransom fee to undo the device damage or unlock preventive measures.
the affected data.
Best practices for responsible online behavior include:
Banker Trojan - A banker Trojan is designed to target
users’ banking accounts and financial information. It  Never click unsolicited links or download
attempts to steal account data for credit and debit unexpected attachments.
cards, e-payment systems, and online banking systems.  Use strong, unique passwords for all online
accounts, as well as devices.
HOW TO RECOGNIZE A TROJAN?  Only access URLs that begin with HTTPS.
 Log into your account through a new browser
Since Trojans often imitate legitimate system files, they tab or official app — not a link from an email or
are very difficult to find and eliminate using text.
conventional virus scanners. But if a Trojan is not found,
it can cause considerable damage to the operating HOW TO PREVENT TROJAN HORSE ATTACKS?
system and the people and companies behind it. The
most common symptoms of Trojans are:  Use a password manager, which will
automatically enter a saved password into a
Strange Messages and Pop-Ups recognized site (but not a spoofed site).
 Use a spam filter to prevent a majority of
Very slow computer - A Trojan horse or any program spoofed emails from reaching your inbox.
installed by a Trojan uses the computer's resources,  Enable two-way authentication whenever
which slows down the processor. possible, which makes it far more difficult for
attackers to exploit.
Interrupted Internet connection - If a PC is infected, the  Ensure updates for software programs and the
Trojan can connect to a URL or open a separate OS are completed immediately.
connection session. This reduces the available  Back up files regularly to help restore the
bandwidth, which has a negative effect on the internet
computer in the event of an attack.
usage.
DOS AND DDOS
HOW TO RECOGNIZE A TROJAN?

Malicious Windows - A trojan can trick users into
BACKGROUND
visiting a fake or faudulent website. If unwanted
windows or browsers on these pages open, this is a The first recorded instance of a Denial of Service
strong indication of a Trojan horse infection. (DoS) attack dates back to 1974. In this case, a 13-
year-old student created and executed a program
Missing Files - Programs installed by Trojans can also that accessed all terminals of a shared learning
delete, encrypt, or move computer files to another platform simultaneously, located in a nearby
location. computer lab. This action caused all connected
machines to crash, necessitating manual restarts HOW CAN YOU GET DOS OR DDOS?
before any user could access the platform again.

It wasn't until over two decades later that this
concept evolved into a large-scale intentional
attack. The first documented large-scale DoS attack
occurred in 1996 when the Internet Service
Provider (ISP) Panix was inundated with a flood of
malicious traffic. The attack rendered Panix's
services inaccessible for an entire week.

DOS (DENIAL OF SERVICE)

Definition: A DOS attack is a cyberattack in which
the attacker tries to make a service unavailable to
its intended users by overwhelming the target
system with a flood of requests, causing it to slow
down or crash.

Method: Typically, this involves a single machine or
a small number of sources that send a massive
amount of traffic or data to the target, exploiting
vulnerabilities in the system to overload it.

Example: A simple DOS attack could involve
sending a large number of ICMP (ping) requests to HOW TO IDENTFY DOS AND DDOS ATTACKS
a server, overwhelming its ability to respond and
thereby denying service to legitimate users. Unusual Traffic Patterns
 Sudden spikes in traffic, especially if the volume
DDOS (DISTRIBUTED DENIAL OF SERVICE) is much higher than usual, or if traffic is coming
from a large number of IP addresses. This can
Definition: A DDOS attack is a more powerful version of overwhelm your network or server, leading to
a DOS attack. It involves multiple compromised systems slowdowns or outages.
(often part of a botnet) working together to launch a
coordinated attack on a single target. Slow Performance
 Websites or services become unusually slow or
Method: In a DDOS attack, the attacker uses a large unresponsive. Performance issues may indicate
number of machines, which may be scattered across the that your server is struggling to handle
globe, to send an overwhelming amount of traffic to the excessive requests.
target system, making it much harder to mitigate the
attack. Error Messages
 Increased frequency of error messages such as
Example: A DDOS attack might involve thousands of "503 Service Unavailable" or "Server Too
compromised computers (botnet) sending traffic to a Busy."These errors suggest that your server or
website, causing the site to become inaccessible to service is under stress or unable to process
legitimate users due to the sheer volume of requests. requests.
HOW TO IDENTFY DOS AND DDOS ATTACKS

Network Monitoring Tools
 Tools that track network traffic, such as
intrusion detection systems (IDS) or network
monitoring software. These tools can help
detect abnormal traffic patterns and alert you to
potential attacks.
Log Analysis
 Examine server and network logs for patterns
that indicate abnormal traffic or repeated PHISHING
requests from specific IP addresses. Log analysis
can reveal signs of an attack and help you HISTORY
understand its scope. Phishing began in the mid-1990s with attacks on
America Online (AOL) users, where hackers tricked
PREVENTING DOS AND DDOS ATTACKS victims into revealing their credentials through fake
messages. As the internet grew, phishing evolved into
more sophisticated email scams targeting financial
institutions and introducing malware to steal sensitive
information. By the 2010s, phishing\had become more
targeted with techniques like spear phishing and
Business Email Compromise (BEC), while also expanding
to mobile devices through smishing and vishing. Despite
advancements in cybersecurity, phishing remains a
persistent threat, continually adapting to new
technologies and requiring ongoing vigilance.

WHAT IS PHISHING?

Phishing is an online scam where criminals send fake
emails or create websites that mimic well-known brands
to obtain confidential information such as passwords
and credit card numbers. This method is a standard
attack used today. It often relies on Social Engineering,
which is a technique that manipulates individuals into
divulging sensitive information by exploiting
PREVENTING DOS AND DDOS ATTACKS psychological triggers.

Social engineering strategies may involve creating a
sense of urgency, posing as a trusted authority, or using
deceptive tactics to gain the victim's trust and
encourage them to take actions that compromise their
security.
TYPES OF PHISHING Tracking Cookies - These small files are placed on your
computer by websites, and they track your browsing
 Spear Phishing history and other online activity.
 Whaling
 SMS Phishing Adware - These programs display unwanted
 Email Phishing advertisements on your computer, and they can also
track your browsing habits and sell your information to
HOW TO PREVENT PHISHING ATTACK advertisers.

Characteristics of Spyware

1 Steals Sensitive Information Spyware monitors
internet activity, tracks login credentials, and spies on
sensitive information. The primary goal of spyware is
usually to obtain credit card numbers, banking
information, and passwords.

2 Difficult to Detect Spyware can be difficult to detect,
as its presence is often hidden from the user. It can exit
as an application that runs as soon as the device starts
up and continues to run in the background.

3 Slows Down Devices Spyware can slow down devices
by stealing random access memory and processor
power and generating infinite popup ads. This slows
THINK CRITICALLY down the web browser and affects device performance.

4 Intentional Spyware Installation Some spyware, such
as keyloggers, may be installed by the owner of a
shared, corporate, or public computer intentionally to
monitor users.

How Spyware Works: Infiltration

1 Bundled Software Spyware can be bundled with free
SPYWARE software where user thinks they're only downloading a
Secretly steals information without permission and harmless application.
the user’s knowledge
2 Malicious Links It can be hidden within malicious links
Types of Spyware or advertisements that, when clicked, initiate an
automatic download.
Keyloggers - These programs record every keystroke you
make, allowing hackers to steal your passwords and 3 Disguised Updates It can be disguised as a legitimate
other sensitive information. update or software installation package.

Screen Capture Software - These programs take
screenshots of your computer screen, allowing hackers
to see everything you are doing.
4 Exploit Kits It can be delivered through exploit kits, How Spyware Works: Data Transmission
which identify vulnerabilities in a system's software and
use them as entry points. Periodic Transmission
The spyware may package and send the collected data
How Spyware Works: Stealth Mode at regular intervals.

Silent Operation Encrypted Data
Once inside a system, most spyware operates silently. Data transfer is usually encrypted and transmitted in
It's designed to avoid detection by disguising itself with small packets to avoid detection.
non-threatening file names or mimicking legitimate
processes. Remote Server
Collected data is sent to a remote server controlled by
Security Deactivation the spyware's author or operator.
It may deactivate firewalls, antivirus software, or other
security features to ensure its uninterrupted operation. HACKERS
Hacking is the act of identifying and then exploiting
Startup Processes weaknesses in a computer system or network, usually
Many spyware programs embed themselves within the to gain unauthorized access to personal or
system's startup processes, ensuring they activate every
organizational data.
time the device is powered on.

TYPES OF HACKERS TYPES OF HACKERS TYPES OF
How Spyware Works: Data Collection HACKERS

Black hat hackers are cybercriminals who gain
Tracking Cookies unauthorized access to systems with malicious intent.
It employs various techniques such as tracking cookies, They exploit vulnerabilities to implant malware or
which monitor and record web browsing activities, execute ransomware attacks for financial gain or data
including sites visited, search queries, and clicked breaches. They are also known as malicious hackers,
advertisements. unethical hackers, or crackers.

White hat hackers (or ethical hackers) work with
Keyloggers permission to identify and fix security vulnerabilities,
Keyloggers record keystrokes, capturing passwords, helping to strengthen cybersecurity. Their work is crucial
credit card details, and other sensitive input. for improving internet security, though it is sometimes
misunderstood. White hat hackers can also be part of
teams known as
System Scanners sneakers, hacker clubs, red teams, or tiger teams.
System scanners scan system files, directories, and
documents for specific information.
Gray hat hackers do not have malicious intent like
black hats, but they hack into systems without prior
consent. They typically report discovered vulnerabilities
Screenshots
rather than fully exploiting them but may request
Advanced spyware may periodically take screenshots,
payment for detailed information.
capturing real-time user activity.
Hacktivists: Hacktivists use hacking as a form of protest
or to promote political agendas. Their activities are
often aimed at raising awareness about social or
political issues. Examples include the actions of the
group Anonymous.
Script Kiddies: These are inexperienced individuals who Organization AIDS conference. The disk contained a
use pre-written tools and scripts to carry out attacks. Trojan Horse that after several boots, would encrypt the
They lack the deep understanding of hacking techniques name of the files on the C: drive display a ransom note
but can still cause significant damage. demanding $189 to be sent to a P.O. box in Panama to
restore access to the files.
State-Sponsored Hackers: Operatives employed or
funded by governments to conduct cyber-espionage,
sabotage, or warfare. These hackers target other
governments, corporations, and individuals to advance
national interests.

SOLUTIONS:

 Reset all your passwords
 Freeze Your Credit and Block Compromised
Accounts: Scan your computer system and
remove any devious programs
 Recover Access to Your Hacked Accounts
 Let friends and family know
 Secure Your Wi-Fi Network: Change your Wi-Fi
password and ensure your network is secure.
 Update Your Operating System and Software:
Ensure all software is up to date to fix
vulnerabilities and enhance security.

RANSOMWARE

What is Ransomware?

Ransomware is a type of malware that locks up
your important files or steals valuable information,
then demands you to pay them money or other
forms of compensation to get them back.

This type of malware can spread through emails,
websites, or even software you download, and the
attacker can lock your computer screen or make
your file unusable until you pay the ransom.

BRIEF HISTORY

The first documented ransomware attack was the AIDS
Trojan also known as the PC Cyborg virus, released in
1989 by Joseph Popp.

Popp distributed floppy disks label as “AIDS information
introductory diskette” to the attendees of World Health
ADWARE

WHAT IS ADWARE?

Adware, often called "advertising-supported software",
is software that generates revenue for its developer by
automatically generating online advertisements in the
user interface of the software or on a screen presented
to the user during the installation process.

The software may generate two types of revenue: one is
for the display of the advertisement and another on a
"pay-per-click" basis, if the user clicks on the
advertisement. Some advertisements also act as
spyware, collecting and reporting data about the user,
to be sold or used for targeted advertising or user
profiling.

The software may implement advertisements in a
variety of ways, including a static box display, a banner
display, a full screen, a video, a pop-up ad or in some
other form.

HOW ADWARE WORKS?
HISTORY OF ADWARE

Back in 1995, the first software that showed ads was
called "adware." At first, experts thought adware was a
type of "spyware" or a software that collects private
information without permission. But soon, security
experts realized adware was a bit different. It was made
by real companies that were trying to make money
through ads. So they saw adware as less harmful than
spyware.

However, the companies that were hired to spread the
adware often did sketchy things. They put the adware
on file-sharing sites, infected chat programs, and even
hijacked web browsers without permission. This caused
adware to spread like crazy, especially from 2005 to
2008. Eventually, governments started fining the big
adware companies, which made them stop. Web
browsers also started including ad-blocking features to
protect users.

Today, adware is still around, but it's seen as less
dangerous than other bad software like "malware." But
adware makers have gotten sneakier they hide inside
other programs or make it hard to remove. And with
more people using smartphones, adware is finding its
way into mobile apps too.
 Conditional logic bombs: detonating only when a highly
specific set of conditions are met, such as combination
of time, events, and user activities. Allow attackers to
conduct their malicious activities with a precision.

Time-based bombs: deliver their payload at a specific
date and time. Cybercriminals may use them to
coordinate complex large-scale attacks.

Password Attacks

Password attacks are a serious threat to individuals and
organizations alike, leading to data breaches, identity
LOGIC BOMB
theft, and financial losses. This presentation will delve
into the world of password attacks, exploring their
What is Logic Bomb? history, types, impacts, and preventative measures. A
password attack is an attempt to gain unauthorized
 set of instructions secretly inserted into a access to a computer system or account by discovering
computer system or application to cause or guessing the password.
damage.
 referred to as “slag code”
 the term comes from the fact that logic bombs
only detonate once certain conditions are met.
 once activated, logic bomb executes its
malicious code (payload) which can lead to a
range of harmful outcomes.

TYPES OF LOGIC BOMB

Event-triggered bombs: activate when specific events
occur within the system, such as reaching a certain
network traffic threshold or a system configuration
change.

User-activated bombs: hinge on specific user actions
like logging in or launching a certain application, or they
can be set to go off through a negative trigger, such as
when a particular action isn’t carried out.
 Long-TermSolutions to Prevent
Future Attacks
Preventing: futun. p;_lSS\vord attacks requires a proactive approach and
robust security practices.

Strong 2 Password
fliS I!'{- passwords !li}ggt anage passwords
that combine uppcrcasl\ securely, L liminating the
anJ h.m,crcast. letter , need to n.:1nember rnultiµlc
rnnnlwrs, ;md symbols passwords

3 Two-Factor Security Awareness
4
Authentication Training
Use an extra layer of Educate users about
security, requiring a code password security, phishing
frmn your phone or cmc1il scuns, and other coimnon
in addition ID your threats.

Detection of Password
effS-s crucial for mitigating the impact of password
attacks. This requires vigilance and p-roactive measures.

Log Analysis Examining system logs for

suspicious activity, sucl1 as

multiple failed login attempts.

Security Monitoring Using security software atld

tools to detect malicious activity

and unusual patterns.

User Reporting Encouraging users to report any

suspicious activity or phishitlg

attempts.