Threats
Threats can be anything that can take advantage of a vulnerability to breach security & negatively alter, erase, harm object, or object of interest. In Information Security, threats can be many like software attacks, theft of intellectual property, identity theft, theft of equipment or information, sabotage, and information extortion.Software attacks are attacks by Viruses, Worms, Trojan Horses, etc
Malware is any malicious software, intentionally designed to cause damage to a computer, server, client, or a network. Malware can be divided into 2 categories,
- Infection Methods
- Malware Actions
# Malware based on Infection Method are the following;
* Virus
- A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its code.
- It cannot run independently.
- It requires a host program to run and to activate it. When this replication succeeds, the affected areas are then said to be "infected" with a computer virus.
- The Creeper virus was first detected on ARPANET.
- Examples include File Virus, Macro Virus, Boot Sector Virus, Stealth Virus, etc.
* Worms
- A computer worm is a standalone malware computer program that replicates itself to spread to other computers but they don’t hook themselves to the program on the host computer.
- The biggest difference between viruses and worms is that worms are network-aware.
- They can easily travel from one computer to another if the network is available and on the target machine they will not do much harm, they will for example consume hard disk space thus slowing down the computer.
* Trojan
- In computing, a Trojan horse, or trojan is any malware that misleads users of its true intent.
- Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves as viruses and worms do.
* Bots
- They are the advanced form of worms.
- They are automated processes that are designed to interact over the internet without the help of human interaction.
- They can be good or bad.
- A malicious bot can infect one host and after infecting, it will create a connection to the central server which will provide commands to all infected hosts attached to that network called Botnet.
# Malware based on Actions Method are the following;
*Adware
- Adware is not exactly malicious but they do breach the privacy of the users.
- They display ads on the computer’s desktop or inside individual programs.
- They come attached with free to use the software, thus the main source of revenue for such developers.
- They monitor your interests and display relevant ads.
- An attacker can embed malicious code inside the software and adware can monitor your system activities and can even compromise your machine.
* Spyware
- It is a software that monitors your activities on the computer and reveals collected information to an interested party.
- Spyware is generally dropped by Trojans, viruses, or worms. Once dropped they install themselves and sits silently to avoid detection.
- One of the most common examples of spyware is keylogger.
- The basic job of keylogger is to record user keystrokes with timestamps. Thus capturing interesting information like username, passwords, credit card details, etc.
* Ransomware
- It is a type of malware that will either encrypt your files or will lock your computer making it inaccessible either partially or wholly.
- Then a screen will be displayed asking for money i.e. ransom in exchange.
* Scareware
- It masquerades as a tool to help fix your system but when the software is executed it will infect your system or completely destroy it.
- The software will display a message to frighten you and force you to take some action like pay them to fix your system.
* Rootkits
- They are designed to gain root access or we can say administrative privileges in the user system.
- Once gained the root access, the exploiter can do anything from stealing private files to private data.
* Zombies
- They work similarly to Spyware.
- Infection mechanism is the same but they don’t spy and steal information rather they wait for the command from hackers.
Logicbombs, Backdoors, Denial of service attacks all come under deliberate software attacks.
Theft of intellectual property means the violation of intellectual property rights like copyrights, patents, etc.
Identity theft means
to act someone else to obtain a person’s personal information or to
access vital information they have like accessing the computer or social
media account of a person by login into the account by using their
login credentials.
Theft of equipment and information is increasing these days due to the mobile nature of devices and increasing information capacity.
Sabotage means destroying the company’s website to cause loss of confidence on part of its customer.
Information extortion
means theft of the company’s property or information to receive payment
in exchange. For example, ransomware may lock victim's files making
them inaccessible thus forcing victims to make payment in exchange. Only
after payment victim’s files will be unlocked.
Apart from these, there are many other threats like,
Technology with weak security
Social media attacks
Mobile Malware
Outdated Security Software
Corporate data on personal devices
Social Engineering
Deviations in quality of service
Forces of nature
Hardware/ software failures
Attacks
An attack
is a deliberate act or action that takes advantage of a vulnerability
to compromise a controlled system. It is accomplished by a threat agent
that damages or steals an organization's information or physical asset.
There are mainly two categories of attack,
Active Attack - attempts to alter system resources or affect their operations.
Passive Attack - attempts to learn or make use of information from the system but does not affect system resources.
Types of active attacks are as following:
Active Attack - attempts to alter system resources or affect their operations.
Passive Attack - attempts to learn or make use of information from the system but does not affect system resources.
Types of active attacks are as following:
- Masquerade- The attack takes place when one entity pretends to be a different entity.
- Modification of messages - It means that some portion of a message is altered or that message is delayed or reordered to produce an unauthorized effect.
- Repudiation - This attack is done by either sender or receiver. The sender or receiver can deny later that he/she has sent or received a message.
- Replay - It involves the passive capture of a message and its subsequent transmission to produce an authorized effect.
- Denial of Service - It prevents the normal use of communication facilities. This attack may have a specific target. Another form of service denial is the disruption of an entire network either by disabling the network or by overloading it by messages to degrade performance.
- Traffic analysis - During a traffic analysis attack, the eavesdropper (a secret listener to private conversations) analyzes the traffic, determines the location, identifies communicating hosts, and observes the frequency and length of exchanged messages. He uses all this information to predict the nature of communication. All incoming and outgoing traffic of the network is analyzed, but not altered.
- Release of message content - For a release of message content, a telephonic conversation, an e-mail message, or a transferred file may contain confidential data. A passive attack monitors the contents of the transmitted data.
Malicious Code
- Any code in any part of a software system or script that is intended to cause undesired effects, security breaches, or damage to a system.
- Malicious code is an application security threat that cannot be efficiently controlled by conventional antivirus software alone.
- It describes a broad category of system security terms that includes attack scripts, viruses, worms, Trojan horses, backdoors, and malicious active content.
- It can either activate itself or be like a virus requiring a user to perform an action, such as clicking on something or opening an email attachment.
- It does not just affect one computer. It can also get into networks and spread. It can also send messages through email and steal information or cause even more damage by deleting files.
- One way to avoid malicious code in your applications is to add static analysis (also called “white-box” testing) to your software development lifecycle to review your code for the presence of malicious code.
Brute Force
- A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN).
- In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data.
- Brute force attacks may be used by criminals to crack encrypted data, or by security, analysts to test an organization's network security.
- An example of a type of brute force attack is known as a dictionary attack, which might try all the words in a dictionary.
- Other forms of brute force attack might try commonly-used passwords or combinations of letters and numbers.
- An attack of this nature can be time- and resource-consuming. Hence the name brute force attack, success is usually based on computing power and the number of combinations tried rather than an ingenious algorithm.
- The following measures can be used to defend against brute force attacks:
# Limiting the number of times a user can unsuccessfully attempt to log in.
# Temporarily locking out users who exceed the specified maximum number of failed login attempts.
Timing Attack
- A timing attack is a security exploit that allows an attacker to discover vulnerabilities in the security of a computer or network system by studying how long it takes the system to respond to different inputs.
- Every logical operation in a computer takes time to execute, and the time can differ based on the input; with precise measurements of the time for each operation, an attacker can work backward to the input.
- Information can leak from a system through measurement of the time it takes to respond to certain queries.
- A timing attack looks at how long it takes a system to do something and uses statistical analysis to find the right decryption key and gain access.
Sniffers
- Sniffing is a process of monitoring and capturing all data packets passing through a given network.
- Sniffers are used by network/system administrator to monitor and troubleshoot network traffic.
- Attackers use sniffers to capture data packets containing sensitive information such as passwords, account information, etc.
- Sniffers can be hardware or software installed in the system.
- By placing a packet sniffer on a network in promiscuous mode, a malicious intruder can capture and analyze all of the network traffic.
- There are two types:
# Active Sniffing
No comments:
Post a Comment