CyVally

Sec+ 002: Types of Attacks|Malware, Password, Physical, AI, Supply-chain, Cloud-based vs. on-premises, Cryptographic Attacks

Ella was a diligent student who devoted most of her time to her studies. One day, she got an email with an appealing subject line: “Exclusive Study Tips!” She clicked on the email without hesitation since she was eager to learn new techniques to thrive academically. Ella had no idea she had stepped into a trap. The seemingly harmless email had concealed virus that quickly penetrated her computer and wreaked havoc on her files. Ella became terrified as she realized the repercussions of her rash click. She learned a vital lesson about risks of malware lurking in unexpected places with a heavy heart. She became a diligent defender of her digital assets from then on, always double-checking before clicking and arming herself with dependable antivirus software.

STAY TUNED!!!

1.1 What is a Malware?

Malware, an abbreviation for “malicious software,” is any software or code designed specifically to disrupt, damage, or gain unauthorized access to computer systems(for example by creating backdoors), networks, or devices.

It can manifest itself in a variety of ways and have implications, such as data theft, financial loss, system breakdowns, and unauthorized control.

It is frequently installed without the knowledge of authorized users.

1.1.1 Types of Malware

Each type of malware has distinct traits and goals, making it a continuing struggle for individuals and businesses to protect their digital environments. The types of Malware includes:

#1: Virus

  • Virus is malware that can replicate itself; it requires a user to run an application.
  • It attaches to legitimate applications or files and spread by infecting other files or systems.

TYPES

  • Macro Virus: Targets applications that use macros, such as Microsoft Office
  • Boot Sector Virus: Infect the boot sector of storage devices(Such as hard drives or floppy disks)
  • Multipartite Virus: Infect both files and the boot sector.
  • Program Virus: Affects executable files or programs; it is a component of the application.
  • Script Virus: Preys on script files created scripting languages. It is browser- and operating system-based.

PROTECTION

  • Use Antivirus Software and Keep Software Updated
  • Regularly Back Up Your Data

#2: Ransomware

  • Ransomware is a type of attack that encrypts files on a system, rendering them inaccessible until a ransom payment is made, either permanently as a denial of service or temporarily, giving rise to its name.
  • It can drastically disrupt business operations and result in financial loss.

PROTECTION

  • Back up your important files on a regular basis to an offline or cloud storage location.
  • Use strong security measures, such as behavior-based detection, to detect and prevent ransomware attacks.
  • Enable security software’s ransomware-specific capabilities, such as ransomware file protection.
  • Keep Everything up-to-date(Operating System, software, antivirus/antimalware signatures)

#3: Trojans

  • Trojans are malware that masquerades as genuine applications or files.
  • This form of malware does not ask for permission to install and is purposefully designed to run without detection but it must be “brought inside” the system by an authorized user.

PROTECTION

  • Be cautious when downloading and installing software and when opening email attachments.
  • Update your system and programs with the most recent security fixes.
  • Use trustworthy antivirus software with Trojan detection and removal capabilities.

#4: Worms

  • Worms are self- replicating programs that spread fast without the user’s authorization or intervention by hiding within the executable code of another process.
  • They are programs designed to infiltrate networks and computer systems, utilize the network as their transmission medium, potentially consuming network bandwidth and causing system slowdowns.

PROTECTION

  • Keep your operating system and software up to date with the most recent security patches.
  • To prevent unwanted access to network devices, use strong and unique passwords.
  • To prevent worms from spreading throughout your network, use network segmentation and firewall setups.
  • Implement Firewalls and IDS/IPS

#5: Potentially unwanted programs (PUPs)

  • PUPs are Software that are not wanted, not chosen or desired by the user and Often installed along with other software
  • They can exhibit undesirable traits such as slowing down your PC, bombarding you with annoying ads, adding toolbars that consume browsing space, and collecting personal information.

PROTECTION

  • Before installing software, be cautious and read the terms and conditions.
  • Review and uninstall unwanted or questionable applications on a regular basis.
  • Utilize anti-virus software with PUP detection and eradication capabilities

#6: Fileless virus

  • Fileless virus is a Stealth virus that employ various techniques to conceal their presence and activities from antivirus software; therefore, it is difficult to identify.
  • it is malware that functions entirely in memory, never touching the filesystem.

PROTECTION

  • Use behavior-based detection algorithms to detect and prevent fileless malware.
  • Keep your operating system and programs up to date to reduce the chances of fileless malware exploiting vulnerabilities.
  • Install security systems capable of detecting and responding to memory-based attacks.

#7: Command and control

  • C&C involves infected systems, known as bots or zombies, connecting with an attacker-controlled central server.
  • The command and control server functions as a command and control center, allowing the attacker to remotely manipulate infected devices, issue commands, receive data, and coordinate harmful activities.

PROTECTION

  • Use network monitoring tools to detect and prevent communication between infected systems and C&C servers.
  • Install intrusion detection and prevention systems to detect and prevent C&C traffic.
  • Use security systems with C&C detection capabilities.

#8: Bots

  • A bot is a piece of software that performs a task while being controlled by another program.
  • A botnet (combining “bot” and “network”) is a group of bots that are controlled across the network.
  • Botnets are networks of infected computers, commonly referred to as bots or zombies, and operate under the command and control (C&C) of a centralized server and are frequently utilized for coordinated attacks like distributed denial-of-service (DDoS) attacks or the dissemination of spam emails.

PROTECTION

  • To remove bots, scan and clean affected systems on a regular basis.
  • Use IDS/IPS to detect and prevent bot-related activity.
  • Keep your antivirus and antimalware software updated, along with regularly applying patches and updates to your operating system and applications.

#9: Cryptomalware

  • Crypto-malware, a class of ransomware, encompasses one type that aims to encrypt data files on fixed, removable, and network drives, while another type hijacks the host’s resources for cryptocurrency mining, known as crypto-mining or cryptojacking.

PROTECTION

  • Back up your crucial files on a regular basis to an offline or cloud storage location.
  • Use powerful anti-malware solutions that include ransomware protection features.
  • When opening email attachments and visiting questionable websites, use caution.

#10: Logic bombs

  • logic bombs are harmful software that is installed on purpose, usually by an authorized user.
  • Logic bombs, which are pieces of code that lie dormant until triggered by an event or specific date to execute their malicious payload, are challenging to detect as they are often installed by authorized users, particularly administrators responsible for security.

PROTECTION

  • To discover and block logic bombs, use renowned security software that includes behavior-based detection.
  • Implement separation of duties
  • Scan systems on a regular basis for malicious programs and irregularities in system behavior.
  • To reduce the risk of unauthorized code execution, implement rigorous access controls and user privilege management.
  • Maintain an active backup program

#11: Spyware

  • Spyware is software that “spies” on users by monitoring, recording, and reporting on their activities.
  • Spyware discreetly collects information on a user’s activity, such as browsing habits, keystrokes and login passwords.

PROTECTION

  • Have and updated anti-virus / anti-malware
  • Have and perform regular backups
  • Perform regular security scan

#12: Adware

  •  Adwares are software that shows excessive and unwanted adverts on a user’s machine.

PROTECTION

  • Use Ad Blockers and Regularly Clear Browser Cache and Cookies
  • When installing new software, read the license agreements
  • To prevent pop-up windows and the acquisition of unneeded personal information, change the privacy settings in your online browsers and programs.

#13: Keyloggers

  • This is a piece of software that records every keystrokes entered by a user.
  • Keyloggers are not always evil; for example, Microsoft Word might be considered a keylogger.
  • Keyloggers are used by hackers to steal passwords and other sensitive information, allowing them to utilize these secrets to behave as the user without the user’s consent.

PROTECTION

  • Consider using a virtual keyboard or keystroke encryption software
  • Install reputable antivirus and antimalware software on your devices and keep them updated. These security tools can detect and block keyloggers from infecting your system.
  • Regularly scan your computer for malware to ensure early detection and removal.

#14: Remote access Trojan (RAT)

  • RAT provides unauthorized remote access and control over a victim’s computer or network
  • It is guided by an operator to cause much more long-term damage.

PROTECTION

  • Keep anti-virus/anti-malware signatures and software updated
  • Always have a backup
  • Employ Network Segmentation to contain the impact of a RAT and prevent it from spreading to other parts of the network.
  • Don’t run unknown software

#15: Rootkit

  • Rootkits are a type of malware that is expressly designed to alter the operation of the operating system in some way to allow for nonstandard functionality.
  • Rootkits are classified into five types: firmware, virtual, kernel, library, and application level.
  • It is named after the “root” account, which has full administrative privileges on Unix-like systems.

PROTECTION

  • Use Rootkit Detection Tools and Perform Full System Scans
  • When a rootkit is discovered, it must be removed and cleaned up or reimage the machine using a previously obtained clean system image rather than attempting to establish the depth and breadth of the damage and attempting to repair individual files.
  • Perform Secure boot with UEFI

#16: Backdoor

  • A backdoor is a concealed entry point placed into a system or software application that provides illegal remote access and control.
  • It allows attackers to bypass standard authentication procedures and gain privileged access to a compromised system.
  • Developers may intentionally incorporate backdoors for legitimate purposes like system management or troubleshooting, making them challenging to detect and remove due to their hidden nature and evasion of security measures.

PROTECTION

  • Perform regular Security Assessments, Auditing and Monitoring
  • Use strong, unique passwords, Implement multi-factor authentication (MFA).
  • Limit User Privilege
  • Train employees about the risks of social engineering and other methods used to introduce backdoors. Encourage them to be vigilant and report any suspicious activity.

1.2 Types of Password Attacks

When a user selects a password, a cryptographic function such as MD5 or SHA is employed to generate a hash of the password. This means that no one (including the system administrator) should be able to decrypt the plaintext of the password from the hash.

#1: Password Spraying

  • Password spraying is a type of attack in which a small number of regularly used passwords are systematically tried over a large number of accounts, taking the opposite approach to brute force.
  • When designated number of passwords are used to target an account, if none of them succeed, the attacker continues on to the next account without triggering account lockouts, alarms, or notifications.

PROTECTION

  • Implement strong password policies, encourage or enforce multi-factor authentication (MFA), set up account lockout policies, educate users about secure password practices, and deploy IDS/IPS.

#2: Dictionary

  • A dictionary attack is a type of password attack in which an attacker attempts a large number of words or phrases from a dictionary as potential passwords in order to gain unauthorized access to a system or account.

PROTECTION

  • To defend against dictionary attacks, strong and unique passwords, along with multi-factor authentication, should be used.

#3: Brute force

  • Bruteforce is a type of password attack that Tries every possible password combination until a hash is matched in order to gain unauthorized access to a single account.
  • it can be online or offline

Online

  • An online password attack involves the threat actor directly interacting(in real time) with the authentication service, such as a web login form or VPN gateway, by submitting passwords either from a database of known passwords or through offline cracking; this type of attack is slow and can be identified in audit logs by patterns of repeated failed logon attempts followed by a successful logon, or successful logons occurring at unusual times or locations.

PROTECTION

  • System response times, bandwidth restrictions, and security measures in place may be able to reduce the effectiveness of such attacks
  • Organizations can establish strong password rules, account lockouts, limiting rate of logons, intrusion detection systems, and encourage user education on password security and multi-factor authentication to guard against online brute force assaults.

Offline

  • An offline attack occurs when an attacker acquires a database of password hashes and uses a password cracker to decrypt them without interacting with the authentication mechanism. The only indication of such an attack, aside from potential account misuse in case of success, is a file system audit log that records the unauthorized account accessing these files.

PROTECTION

  • Organizations should use strong encryption algorithms, salt password hashes, and use key stretching techniques to protect against offline brute force attacks.
  • Users should adhere to established practices for password security, such as creating strong, one-of-a-kind passwords, and setting up multi-factor authentication.

#4: Rainbow table

  • Rainbow tables are hash values or precomputed tables connected with passwords.
  • Hashes are saved and an attacker can search/lookup to find passwords
  • passwords can be found faster

PROTECTION

  • Salted hashes are the best defense against rainbow tables because the inclusion of a salt value raises the difficulty of the problem by making the precomputing process unreplicable across computers.
  • A salt is simply a random collection of characters used to lengthen the item being hashed, effectively making rainbow tables too large to compute.

#5: Plaintext/unencrypted

  • Password storage or a network authentication technique that doesn’t use encryption are both targets of a plaintext/unencrypted attack. PAP, fundamental HTTP/FTP authentication, and Telnet are a few examples.

PROTECTION

  • Use of these unencrypted protocols should be restricted.
  • Never store a password to an unsecured file.

1.3 Types of Physical attacks

Physical attacks are physical attempts to obtain illegal access or compromise systems. These attacks target physical infrastructure or devices rather than software or network weaknesses. The types of physical attacks includes:

#1: Malicious Universal Serial Bus (USB) cable

  • It appears to be a typical USB cable, however, it contains additional electronics. It is recognized as a HID (Human Interface Device) by an operating system.

PROTECTION: Don’t just plug in any USB cable; always use trusted hardware.

#2: Malicious flash drive

  • Malicious flash drives have capabilities that can pose security risks if connected to a computer. They can act as a HID/Keyboard to execute commands, load malware in documents, be configured as boot devices for infecting the computer upon reboot, redirect or modify internet traffic requests, and function as wireless gateways.

PROTECTION: To mitigate these risks, it is crucial to never connect untrusted USB devices to a computer. This precaution helps protect against potential malicious activities associated with flash drive capabilities.

#3: Card cloning

  • This is Physically copying a smart card to duplicate it.
  • Making one or more duplicates of an existing card. A card that has been lost or stolen and has no cryptographic protections can be physically replicated.

PROTECTION: Card loss should be notified as soon as possible so that the card can be canceled and a new one issued.

#4: Skimming

  • Skimming devices are physical devices designed to intercept credit card information. These devices are attached to credit card readers and steal data from the card before sending it on to the legal reader. Skimmers can collect all of the information from the card’s magnetic strip as well as the PIN being entered, allowing a clone to be created.

PROTECTION: Be vigilant with ATMs and payment terminals, Use secure payment methods, Protect your PIN, and Educate yourself and stay informed.

1.4 Adversarial artificial intelligence (AI)

  • Attackers can leverage artificial intelligence (AI) to identify security system vulnerabilities and exploit attack vectors, and they may also utilize AI to evade detection by security mechanisms, enabling the execution of attacks like phishing.

Tainted training data for machine learning (ML): Machine learning (ML) is a method to artificial intelligence (AI) that entails training a detection model using sample data. One of its shortcomings is its dependency on a training data set. The quality of the training data has a significant impact on the ML model’s performance. Attackers can abuse machine learning systems by tainting the training data.

PROTECTION

  • preserve an ML algorithm’s parameters to maintain its effectiveness and security.

1.5 Supply-chain attacks

  • The network of vendors that provides the materials for something to be built is referred to as a supply chain. .
  • Supply-chain attacks compromise systems and obtain unauthorized access by targeting the software or hardware supply chain.
  • Attackers take advantage of flaws in trusted third-party suppliers or components to introduce malicious malware or backdoors into goods. These compromised products are subsequently distributed to targets, allowing the attackers to exploit them unnoticed.
  • Supply-chain attacks are difficult to detect and resist because they prey on faith in reliable providers.

PROTECTION

  • Organizations must establish strong security measures such as supplier verification, safe development procedures, and continuing supply chain monitoring.

1.6 Cloud-based vs. on-premises attacks

Cloud-based attacks

  • Flaws in cloud infrastructure and services are used to target vulnerabilities in cloud computing environments.
  • Data is stored in a secure environment; there is no physical access to the data center; third-party access to the data is possible.
  • Cloud providers handle large-scale security; automated signature and security upgrades
  • There is minimal downtime, extensive fault tolerance, and round-the-clock monitoring
  • There is scalable security choices and security deployments are achieved with a single click

On-premises attacks

  • It occurs within the physical infrastructure of a company and target internal systems and network infrastructure.
  • You can customize your security posture since you have complete control when everything is in-house.
  • Your local team ensures uptime and availability, and system checks can be performed at any time.
  • Security changes can be time-consuming, requiring new equipment, settings, and additional expenditures.

1.7 Types of Cryptographic attacks

Birthday: The purpose of a birthday attack is to take advantage of collisions in hash algorithms. It is an attack that takes use of flaws in the mathematical formulas used to encrypt passwords and the likelihood that different password inputs will result in the same encrypted output.

Collision: A collision attack occurs when two different inputs result in the identical output of the hash function.

Downgrade: the use of a cryptographic attack to force a computer system to switch from using encrypted messages to plaintext messages by taking advantage of the requirement for backward compatibility. By demanding that the server use a lower specification protocol with weaker ciphers and key lengths, a downgrade attack can be used to facilitate a man-in-the-middle attack.

“My message for companies that think they haven’t been attacked is: “You’re not looking hard enough”

James Snook

1.8 Review Questions

1. Which type of malware attack replicates itself and spreads across a network without human intervention?

2. How do attackers typically install skimming devices on ATMs or payment terminals?

3. What type of password attack involves systematically trying all possible combinations of characters on a single account until the correct password is discovered?

Leave a comment