L12: Cyber Security Threats | Viruses,Worms,Trojan Horse,Bombs,Trapdoors,Spoofs,E-mail Viruses

Security threat

Whenever an individual or an organization creates a web site or has a web presence, they are vulnerable to security attacks. Security attacks are mainly aimed at stealing, altering or destroying personal and confidential information, stealing the hard drive space, illegally accessing passwords to get to the private account information from the online banking services.

In network security, the three common terms used are as follows:

 ■ Vulnerability—A weakness that is inherent in every network and device. This includes routers, switches, desktops, servers, and even security devices themselves.

Threats—The people eager, willing, and qualified to take advantage of each security weakness, and they continually search for new exploits and weaknesses.

Attacks—The threats use a variety of tools, scripts, and programs to launch attacks against networks and network devices. Typically, the network devices under attack are the endpoints, such as servers and desktops.

1.1 Vulnerabilities

 Vulnerabilities in network security can be summed up as the “soft spots” that are present in every network. The vulnerabilities are present in the network and individual devices that make up the network. Networks are typically plagued by one or all of three primary vulnerabilities or weaknesses:

 ■ Technology weaknesses

■ Configuration weaknesses

Security policy weaknesses (in unit 1notes)

 

1.2 Threats (cover from active attacks in unit1)

 

1.3Attacks Four primary classes of attacks exist:

■ Reconnaissance

■ Access

■ Denial of service

■ Worms, viruses, and Trojan horses

 

Reconnaissance:

 Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities (see Figure 1-13). It is also known as information gathering and, in most cases, it precedes an actual access or denial-of-service (DoS) attack. Reconnaissance is somewhat analogous to a thief casing a neighborhood for vulnerable homes to break into, such as an unoccupied residence, easy-to-open doors, or open windows.

 

Access System:

Access is the ability for an unauthorized intruder to gain access to a device for which the intruder does not have an account or a password. Entering or accessing systems to which one does not have authority to access usually involves running a hack, script, or tool that exploits a known vulnerability of the system or application being attacked.

 

Denial of Service (DoS) :

Denial of service implies that an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. DoS attacks involve either crashing the system or slowing it down to the point that it is unusable. But DoS can also be as simple as deleting or corrupting information. In most cases, performing the attack simply involves running a hack or script. The attacker does not need prior access to the target because a way to access it is all that is usually required. For these reasons, DoS attacks are the most feared.                                                                                                   

 

Virues:

A computer virus is a malicious program that self-replicates by copying itself to another program. In other words, the computer virus spreads by itself into other executable code or documents. The purpose of creating a computer virus is to infect vulnerable systems, gain admin control and steal user sensitive data. Hackers design computer viruses with malicious intent and prey on online users by tricking them.

A virus can be spread by opening an email attachment, clicking on an executable file, visiting an infected website or viewing an infected website advertisement. It can also be spread through infected removable storage devices, such USB drives. Once a virus has infected the host, it can infect other system software or resources modify or disable core functions or applications, as well as copy, delete or encrypt data. Some viruses begin replicating as soon as they infect the host, while other viruses will lie dormant until a specific trigger causes malicious code to be executed by the device or system.

 

Types of Computer Viruses:

computer virus is one type of malware that inserts its virus code to multiply itself by altering the programs and applications. The computer gets infected through the replication of malicious code.

Computer viruses come in different forms to infect the system in different ways. Some of the most common viruses are:

Boot Sector Virus – This type of virus infects the master boot record and it is challenging and a complex task to remove this virus and often requires the system to be formatted. Mostly it spreads through removable media.

Direct Action Virus – This is also called non-resident virus, it gets installed or stays hidden in the computer memory. It stays attached to the specific type of files that it infect. It does not affect the user experience and system’s performance.

Resident Virus – Unlike direct action viruses, resident viruses get installed on the computer. It is difficult to identify the virus and it is even difficult to remove a resident virus.

Multipartite Virus – This type of virus spreads through multiple ways. It infects both the boot sector and executable files at the same time.

Polymorphic Virus – These type of viruses are difficult to identify with a traditional anti-virus program. This is because the polymorphic viruses alters its signature pattern whenever it replicates.

Overwrite Virus – This type of virus deletes all the files that it infects. The only possible mechanism to remove is to delete the infected files and the end-user has to lose all the contents in it. Identifying the overwrite virus is difficult as it spreads through emails.

Spacefiller Virus – This is also called “Cavity Viruses”. This is called so as they fill up the empty spaces between the code and hence does not cause any damage to the file.

 

Worms:

An Internet worm is type of malicious software (malware) that self-replicates and distributes copies of itself to its network. These independent virtual viruses spread through the Internet, break into computers, and replicate without intervention from and unbeknownst to computer users.

A computer worm is a type of malware that spreads copies of itself from computer to computer. A worm can replicate itself without any human interaction, and it does not need to attach itself to a software program in order to cause damage.

To spread, worms either exploit vulnerability on the target system or use some kind of social engineering to trick users into executing them. A worm enters a computer through a vulnerability in the system and takes advantage of file-transport or information-transport features on the system, allowing it to travel unaided. More advanced worms leverage encryption, wipers, and ransom ware technologies to harm their targets.

 

Trojan horse:

A Trojan is also known as Trojan horse. It is a type of malicious software developed by hackers to gain access to target users' systems. Users are typically tricked by some attractive social media adds who then directed to malicious website thereby loading and executing Trojans on their systems. Cyber-criminals use Trojans to spy on the victim user, gain illegal access to the system to extract sensitive data.

These actions can include:

  • Deletes Data
  • Copies data
  • Modifies Data
  • Blocks Data

Trojan horse is not able to replicate itself, nor can it propagate without an end user's assistance. This is why attackers must use social engineering tactics to trick the end user into executing the Trojan. Typically, the malware programming is hidden in an innocent-looking email attachment or free download. When the user clicks on the email attachment or downloads the free program, the malware that is hidden inside is transferred to the user's computing device. Once inside, the malicious code can execute whatever task the attacker designed it to carry out.

 

Characteristics of a Trojan horse          

 

When a Trojan horse becomes active, it puts sensitive user data at risk and can negatively impact performance. Once a Trojan has been transferred, it can:

  • Give the attacker backdoor control over the computing device.
  • Record keyboard strokes to steal the user's account data and browsing history.
  • Download and install a virus or worm to exploit vulnerability in another program.
  • Install ransomwareto encrypt the user's data and extort money for the decryption key.
  • Activate the computing device's camera and recording capabilities.

 

Bombs:

A logic bomb is a piece of code inserted into an operating system or software application that implements a malicious function after a certain amount of time, or specific conditions are met. Logicbombs are often used with viruses, worms, and trojan horses to time them to do maximum damage before being noticed.

Some logic bombs can be detected and eliminated before they execute through a periodic scan of all computer files, including compressed files, with an up-to-date anti-virus program.

 

Trapdoors:

A computer trapdoor, also known as a back door, provides a secret -- or at least undocumented -- method of gaining access to an application, operating system or online service. Programmers write trapdoors into programs for a variety of reasons. Left in place, trapdoors can facilitate a range of activities from benign troubleshooting to illegal access.

TrapDoor does not spread automatically using its own means. It needs the attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

Spoofing mean?

Spoofing, in general, is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Spoofing is most prevalent in communication mechanisms that lack a high level of security.

Email spoofing is one of the best known spoofs. Since core SMTP fails to offer authentication, it is simple to forge and impersonate emails. Spoofed emails may request personal information and may appear to be from a known sender. Such emails request the recipient to reply with an account number for verification. The email spoofer then uses this account number for identity theft purposes, such as accessing the victim's bank account, details changing contact etc.

The attacker (or spoofer) knows that if the recipient receives a spoofed email that appears to be from a known source, it is likely to be opened and acted upon. So a spoofed email may also contain additional threats like Trojans or other viruses. These programs can cause significant computer damage by triggering unexpected activities, remote access, deletion of files and more.

 

Email virus:

An email virus is a virus that is sent with or attached to email communications. While many different types of email viruses work in different ways, there also are a variety of methods used to counteract such challenging cyber attacks.

Email viruses are often connected with phishing attacks in which hackers send out malicious email messages that look as if they are originated from legitimate sources, including the victim's bank, social media, internet search sites or even friends and co-workers. The attacker's goal, in these cases, is to trick users into revealing personal information, such as the victim's usernames, full names and addresses, passwords, Social Security numbers or payment card numbers.

 

Macro Virus:

A macro virus is a computer virus that replaces a macro, which is what enables a program to work and instigates a designated group of actions and commands. When these actions and commands are replaced by a virus, this can cause significant harm to a computer. 

Malicious Software (Malware):

Malicious software, commonly known as malware, is any software that brings harm to a computer system. Malware can be in the form of worms, viruses, Trojans, spyware, adware and rootkits, etc., which steal protected data, delete documents or add software not approved by a user.

Malicious software (malware) is any software that gives partial to full control of your computer to do whatever the malware creator wants. Malware can be a virus, worm, trojan, adware, spyware, root kit, etc. The damage done can vary from something slight as changing the author's name on a document to full control of your machine without your ability to easily find out. Most malware requires the user to initiate it's operation. Some vectors of attack include attachments in e-mails, browsing a malicious website that installs software after the user clicks ok on a pop-up, and from vulnerabilities in the operating system or programs. Malware is not limited to one operating system.

 

Spam

Spam is electronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited email. However, if a long-lost brother finds your email address and sends you a message, this could hardly be called spam, even though it is unsolicited. Real spam is generally email advertising for some product sent to a mailing list or newsgroup.

Spam refers to the use of electronic messaging systems to send out unrequested or unwanted messages in bulk.

In addition to wasting people's time with unwanted email, spam also eats up a lot of network bandwidth. Consequently, there are many organizations, as well as individuals, who have taken it upon themselves to fight spam with a variety of techniques. But because the Internet is public, there is really little that can be done to prevent spam, just as it is impossible to prevent junk mail. However, some online services have instituted policies to prevent spammers from spamming their subscribers.

 

Denial-of-Service Attack (DoS)

A denial-of-service attack is a security event that occurs when an attacker takes action that prevents legitimate users from accessing targeted computer systems, devices or other network resources.

In a DoS attack, the attacker usually sends excessive messages asking the network or server to authenticate requests that have invalid return addresses. The network or server will not be able to find the return address of the attacker when sending the authentication approval, causing the server to wait before closing the connection. When the server closes the connection, the attacker sends more authentication messages with invalid return addresses. Hence, the process of authentication and server wait will begin again, keeping the network or server busy.

A DoS attack can be done in a several ways. The basic types of DoS attack include:

  1. Flooding the network to prevent legitimate network traffic
  2. Disrupting the connections between two machines, thus preventing access to a service
  3. Preventing a particular individual from accessing a service.
  4. Disrupting a service to a specific system or individual
  5. Disrupting the state of information, such resetting of TCP sessions

Difference between Hackers & attackers:               

A computer hacker is any skilled computer expert that uses their technical knowledge to overcome a problem. While "hacker" can refer to any skilled computer programmer, the term has become associated in popular culture with a "security hacker", someone who, with their technical knowledge, uses bugs or exploits to break into computer systems.

An attacker is any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset. Thus an attacker is the individual or organization performing these malicious activities.

 

 

E-Commerce Threats:

The exchange or buying and selling of commodities on a large scale involving transportation from place to place is known as commerce. E-Commerce is the application of technology toward the automation of business transaction and workflows, delivery of information, products or services, buying and selling of products over internet.

E-commerce is taking advantage of distance selling the great advantages offered by new information technologies, such as the extension of the offer , the interactivity and immediacy of purchase, with the difference that you can buy and sell to whom you want , and where and when they want. There are increased opportunities to enhancing the business efficiency and reducing the incurred costs by the computer applications of e-commerce as it enables a tighter integration with the several linkages.

The medium of electronic that is referred as the internet has the power and tendency for reducing actual time of transactions and the overall processing time radically. One of the critical issues in e-commerce success is security. Security is directly related to the issue of trust and confidence between buyer and seller and extremely sensitive personal information.

Security is the component that affects e-commerce which includes Computer Security, Data Security and other areas. Security is one of the concern which is affecting customer and organizations trade. Web application which is offering online payment system (net banking, credit card, debit card, PayPal or other token) are at more risk from being targeted and there is big loss if data is being hacked. The e-commerce website those offering online payment are giving guidelines for securing systems and networks available for the ecommerce system

 

There are various types of e-commerce threats. Some are accidental, some are purposeful, and some of them are due to human error. The most common security threats are phishing attacks, money thefts, data misuse, hacking, credit card frauds and unprotected services.

Malicious code threats-These code threats typically involve viruses, worms, Trojan horses.

Inaccurate management-One of the main reason to e-commerce threats is poor management. When security is not up to the mark it poses a very dangerous threat to the networks and systems. Also security threats occur when there are no proper budgets are allocated for purchase of anti-virus software licenses.

Price Manipulation-Modern e-commerce systems often face price manipulation problems. These systems are fully automated; right from the first visit to the final payment getaway. Stealing is the most common intention of price manipulation. It allows an intruder to slide or install a lower price into the URL and get away with all the data.

Wi-Fi Eavesdropping-It is also one of the easiest ways in e-commerce to steal personal data. It is like a “virtual listening” of information which is shared over a Wi-Fi network which is not encrypted. It can happen on public as well as on personal computers.

 

Ways to prevent e-commerce threats

Encryption-It is the process of converting a normal text into an encoded text which cannot be read by anyone except by the one who sends or receives the message.

Having digital certificates

It is a digital certificate which is issued by a reliable third party company. A digital certificate contains the following things the name of the company, the most important digital certificate serial number, expiry date and date of issue.

Perform a security audit-a routine examination of the security procedures of the firm.