Presentation is loading. Please wait.

Presentation is loading. Please wait.

Continued… The Threat Environment: Attackers and Their Attacks

Published byClaud McCarthy Modified over 4 years ago

Similar presentations

Presentation on theme: "Continued… The Threat Environment: Attackers and Their Attacks"— Presentation transcript:

1 Continued… The Threat Environment: Attackers and Their Attacks
Reference: Corporate & Network Security, Chapter 1 Raymond R. Panko :

2 Agenda The threat environment—attackers and their attacks
Basic security terminology Employee and ex-employee threats Traditional external attackers The criminal era and competitor threats Cyberwar and cyberterror Copyright Pearson Prentice-Hall 2010

3 2.3 Traditional External Attackers
Traditional external attackers use the Internet to send malware into corporations, hack into corporate computer and do other damage Copyright Pearson Prentice-Hall 2010

4 2.3.1 Classic Malware: Viruses and Worms
A generic name for any “evil software” The most widely known type of malware is the virus, but there are many other types including worms, trojan horses, RATs, spam, and others The first external malware attackers were malware writers Copyright Pearson Prentice-Hall 2010

5 Classic Malware: Viruses and Worms
Malware is a very serious threat. In June 2006 Microsoft reported results from a survey of users who allowed their computers to be scanned for malware. The survey found 16 million pieces of malware on the 5.7 million machines examined. Copyright Pearson Prentice-Hall 2010

6 Classic Malware: Viruses and Worms
Programs that attach themselves to legitimate programs on the victim’s machine Later when infected programs are transferred to other computers and run, the virus attaches itself to other programs on those machines Copyright Pearson Prentice-Hall 2010

7 Classic Malware: Viruses and Worms
Spread today primarily by with infected attachments Also by instant messaging, file transfers, file sharing programs, downloads from malicious websites, etc Through networked applications, viruses can spread very rapidly today Copyright Pearson Prentice-Hall 2010

8 Classic Malware: Viruses and Worms
Example When Macintosh users searched BitTorrent sites in early 2009, they found that they were able to download the newly released CS4. They would also download a program on the downloaders computer to crack the software. The copy of CS4 was clean, however, when the downloader ran the cracking program, he or she got a dialog box saying “Adobe CS4 Crack [intel] requires that you type your password.” -”Mac Trojan Horse Found In Pirated Adobe CS4 ( Copyright Pearson Prentice-Hall 2010

9 Classic Malware: Viruses and Worms
Full programs that do not attach themselves to other programs Like viruses, can spread by , instant messaging, and file transfers In general worms act much like viruses and can spread via and in other ways that viruses spread Copyright Pearson Prentice-Hall 2010

10 Classic Malware: Viruses and Worms
Direct-propagation Worms In addition, direct-propagation worms can jump from one computer to another without human intervention on the receiving computer Computer must have a vulnerability for direct propagation to work Direct-propagation worms can spread extremely rapidly because they do not have to wait for users to act Copyright Pearson Prentice-Hall 2010

11 Classic Malware: Viruses and Worms
Direct-propagation Worms Direct-propagation worms jump directly to computers that have vulnerabilities; they then use these computers to jump to other computers (all without any action on the user’s part) Researchers at UC Berkeley: a worst case direct-propagation worm could do USD 50 billion damage to the US alone ( Copyright Pearson Prentice-Hall 2010

12 Classic Malware: Viruses and Worms
Slammer Worm On January 25, 2003, the Slammer worm exploded across the Internet. In ten minutes, before a handful of people knew it existed, Slammer had infected 90% of all vulnerable computers on the entire Internet. Although Slammer did not erase hard-disks or do other damage, it caused massive damage by spreading so quickly it choked parts of the Internet. Around the world, ATMs became unusable, police departments lost their ability to communicate and most users in Korea lost their service. -Raymond R. Panko, 2003 Copyright Pearson Prentice-Hall 2010

13 Classic Malware: Viruses and Worms
Blended Threats Malware propagates in several ways—like worms, viruses, compromised webpages containing mobile code, etc. By propagating in multiple ways, blended threats increase their likelihood of success. MessageLabs reported in August 2006 that 1% of all contains viruses, worms, or blended threats. During major outbreaks, one in ten messages may contain viruses, worms, or blended threats. ( Copyright Pearson Prentice-Hall 2010

14 Classic Malware: Viruses and Worms
Payloads Pieces of code that do damage Implemented by viruses and worms after propagation Malicious payloads are designed to do heavy damage Benign payloads merely pop up a message on the user’s screen or do some other annoying but nonlethal damage Copyright Pearson Prentice-Hall 2010

15 Classic Malware: Viruses and Worms
Payloads Malicious payloads can do extreme damage, for example, by randomly deleting files from the victim’s hard disk drive or by installing some other types of malware Virus and worm payloads also frequently soften up the computer by disabling its antivirus software and by taking other actions that leave it highly vulnerable to subsequent virus and worm attacks Copyright Pearson Prentice-Hall 2010

16 Classic Malware: Viruses and Worms
In 2004, the Aberdeen group surveyed 162 companies. They found that each firm lost an average of USD 2 million per virus or worm incident and spent an additional USD 100,000 to clean up computers after an attack. Both numbers increased with company size. Most companies reported enduring on average one incident per year, although many firms reported multiple incidents. ( Copyright Pearson Prentice-Hall 2010

17 Classic Malware: Viruses and Worms
Another security firm Mi2g estimated that damage from malware in 2004 alone averaged USD 290 per PC in the firms it studied. ( Copyright Pearson Prentice-Hall 2010

18 2.3.2 Trojan Horses and Rootkits
Nonmobile Malware Must be placed on the user’s computer through one of a growing number of attack techniques Placed on computer by hackers Placed on computer by virus or worm as part of its payload The victim can be enticed to download the program from a website or FTP site Mobile code executed on a webpage can download the nonmobile malware Copyright Pearson Prentice-Hall 2010

19 Trojan Horses and Rootkits
A program that replaces an existing system file, taking its name Most nonmobile malware programs are trojan horses Early trojan horses were programs that pretended to be one thing, such as a game or a pirated version of a commercial program, but really were malware. Many of these classic trojan horses still exist. Copyright Pearson Prentice-Hall 2010

20 Trojan Horses and Rootkits
Today, however, when we talk about a trojan horse, we mean a program that hides itself by deleting a system file and taking on the system file’s name. Trojan horses are difficult to detect because they look like legitimate system files Copyright Pearson Prentice-Hall 2010

21 Trojan Horses and Rootkits
Remote Access Trojans (RATs) Remotely control the victim’s PC The attacker can remotely do pranks such as opening and closing your CD drive, or by typing text on your screen There are many legitimate remote access programs that allow a remote user to work on a machine or do diagnostics. However, RATs are typically stealthy in order to avoid detection by the owner of the machine Copyright Pearson Prentice-Hall 2010

22 Trojan Horses and Rootkits
Downloaders Small Trojan horses that download larger Trojan horses after the downloader is installed Downloaders are usually fairly small programs which makes detection difficult. However the larger trojan horse is capable of doing much more damage Copyright Pearson Prentice-Hall 2010

23 Trojan Horses and Rootkits
Spyware Programs that gather information about you and make it available to the adversary Although the biggest problem with spyware is the theft of information, spyware also tends to make computers run sluggishly One new form of spyware is camera spyware which spies on the victim visually by turning on its camera and perhaps also its microphone Copyright Pearson Prentice-Hall 2010

24 Trojan Horses and Rootkits
Spyware Cookies that store too much sensitive personal information Websites are allowed to store small text strings called cookies on your PC. The next time you go to the website the website can retrieve the cookie. Cookies have many benefits like remembering your password each time you visit. Cookies can also remember what happened last in a series of screens leading to purchases. However, when cookies record too much sensitive information about you, they become spyware. Copyright Pearson Prentice-Hall 2010

25 Trojan Horses and Rootkits
Spyware Keystroke loggers Keystroke loggers capture all of your keystrokes. They then look through the collected keystrokes for usernames, passwords, credit card numbers, and other sensitive information. They send this information to the adversary. Copyright Pearson Prentice-Hall 2010

26 Trojan Horses and Rootkits
Spyware Password-stealing spyware Tells you that you have been logged out of the server you are visiting and asks you to retype your username and password. If you do the spyware sends the username and password to the attacker. Copyright Pearson Prentice-Hall 2010

27 Trojan Horses and Rootkits
Spyware Data mining spyware Searches through your disk drives for the same types of information sought by keystroke loggers. It also sends this information to the adversary. Copyright Pearson Prentice-Hall 2010

Download ppt "Continued… The Threat Environment: Attackers and Their Attacks"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Threats To A Computer Network

Threats To A Computer Network
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.

Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.
Internet Safety CSA 105 1.0 September 21, 2010. Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Data Security.

Data Security.
Protecting Your Computer & Your Information

Protecting Your Computer & Your Information
Viruses.

Viruses.
Unit 2 - Hardware Computer Security.

Unit 2 - Hardware Computer Security.
Malware  Viruses  E-mail Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Staying Safe Online Keep your Information Secure.

Staying Safe Online Keep your Information Secure.
I.T Security Advice for Dummies By Kirsty Pollard Kirsty Pollard Campsmount Academy.

I.T Security Advice for Dummies By Kirsty Pollard Kirsty Pollard Campsmount Academy.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.

CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.

Similar presentations

Ads by Google