Nidhi's blog
Module 2: Types of Malware & Cyber Landspace

Photo by FlyD on Unsplash

Module 2: Types of Malware & Cyber Landspace

Polkam Srinidhi's photo
Polkam Srinidhi
·

6 min read

Table of contents

  1. Spyware

    Designed to track and spy on you, spyware monitors your online activity and can log every key you press on your keyboard, as well as capture almost any of your data, including sensitive personal information such as your online banking details. Spyware does this by modifying the security settings on your devices.

    It often bundles itself with legitimate software or Trojan horses.

  2. Adware

    Adware is often installed with some versions of software and is designed to automatically deliver advertisements to a user, most often on a web browser. You know it when you see it! It’s hard to ignore when you’re faced with constant pop-up ads on your screen.

    It is common for adware to come with spyware.

  3. Backdoor

    This type of malware is used to gain unauthorized access by bypassing the normal authentication procedures to access a system. As a result, hackers can gain remote access to resources within an application and issue remote system commands.

    A backdoor works in the background and is difficult to detect.

  4. Scareware

    This is a type of malware that uses 'scare’ tactics to trick you into taking a specific action. Scareware mainly consists of operating system style windows that pop up to warn you that your system is at risk and needs to run a specific program for it to return to normal operation.

    If you agree to execute the specific program, your system will become infected with malware.

  5. Rootkit

    This malware is designed to modify the operating system to create a backdoor, which attackers can then use to access your computer remotely. Most rootkits take advantage of software vulnerabilities to gain access to resources that normally shouldn’t be accessible (privilege escalation) and modify system files.

    Rootkits can also modify system forensics and monitoring tools, making them very hard to detect. In most cases, a computer infected by a rootkit has to be wiped and any required software reinstalled.

  6. Virus

    A virus is a type of computer program that, when executed, replicates and attaches itself to other executable files, such as a document, by inserting its own code. Most viruses require end-user interaction to initiate activation and can be written to act on a specific date or time.

    Viruses can be relatively harmless, such as those that display a funny image. Or they can be destructive, such as those that modify or delete data.

    Viruses can also be programmed to mutate in order to avoid detection. Most viruses are spread by USB drives, optical disks, network shares or email.

  7. Trojan horses

    This malware carries out malicious operations by masking its true intent. It might appear legitimate but is, in fact, very dangerous. Trojans exploit your user privileges and are most often found in image files, audio files or games.

    Unlike viruses, Trojans do not self-replicate but act as a decoy to sneak malicious software past unsuspecting users.

  8. Worms

    This is a type of malware that replicates itself in order to spread from one computer to another. Unlike a virus, which requires a host program to run, worms can run by themselves. Other than the initial infection of the host, they do not require user participation and can spread very quickly over the network.

    Worms share similar patterns: They exploit system vulnerabilities, they have a way to propagate themselves, and they all contain malicious code (payload) to cause damage to computer systems or networks.

    Worms are responsible for some of the most devastating attacks on the Internet. In 2001, the Code Red worm had infected over 300,000 servers in just 19 hours.

  9. Ransomware

    This malware is designed to hold a computer system or the data it contains captive until a payment is made. Ransomware usually works by encrypting your data so that you can’t access it.

    Some versions of ransomware can take advantage of specific system vulnerabilities to lock it down. Ransomware is often spread through phishing emails that encourage you to download a malicious attachment or through a software vulnerability.

Denial-of-Service (DoS) attacks are a type of network attack that is relatively simple to carry out, even by an unskilled attacker. A DoS attack results in some sort of interruption of network service to users, devices or applications.

A Distributed DoS (DDoS) attack is similar to a DoS attack but originates from multiple, coordinated sources.

A botnet is a group of bots, connected through the Internet, that can be controlled by a malicious individual or group. The bots that are typically controlled through a command and control server.

On-path attackers intercept or modify communications between two devices, such as a web browser and a web server, either to collect information from or to impersonate one of the devices. This type of attack is also referred to as a man-in-the-middle or man-in-the-mobile attack.

Attackers also achieve infiltration through advanced persistent threats (APTs) — a multi-phase, long term, stealthy and advanced operation against a specific target.

miner: A person that solves complex mathematical puzzles to verify a transaction

-> Security vulnerabilities are any kind of software or hardware defect. A program written to take advantage of a known vulnerability is referred to as an exploit.

  1. Hardware vulnerabilities are most often the result of hardware design flaws.

    Meltdown and Spectre, two hardware vulnerabilities that affect almost all central processing units (CPUs)

  2. Software vulnerabilities are usually introduced by errors in the operating system or application code.

    SYNful Knock vulnerability discovered in Cisco Internetwork Operating System (IOS) in 2015.

    Types of Software Vulnerabilities:

    • Buffers are memory areas allocated to an application. A vulnerability occurs when data is written beyond the limits of a buffer.

    • Non-Validated input: Programs often require data input, but this incoming data could have malicious content, designed to force the program to behave in an unintended way.

    • Race Conditions: This vulnerability describes a situation where the output of an event depends on ordered or timed outputs.

    • weakness in security practices, Systems and sensitive data can be protected through techniques such as authentication, authorization and encryption.

    • Access control is the process of controlling who does what and ranges from managing physical access to equipment to dictating who has access to a resource, such as a file, and what they can do with it, such as read or change the file.

The goal of software updates is to stay current and avoid exploitation of vulnerabilities. Microsoft, Apple and other operating system producers release patches and updates almost every day and applications such as web browsers, mobile apps and web servers are often updated by the companies or organizations responsible for them.

Cybersecurity Landscape

  1. Cryptocurrency

    Cryptocurrency is digital money that can be used to buy goods and services, using strong encryption techniques to secure these online transactions.

    Process:

    Cryptocurrency owners keep their money in encrypted, virtual ‘wallets.’ When a transaction takes place between the owners of two digital wallets, the details are recorded in a decentralized, electronic ledger or blockchain system. This means it is carried out with a degree of anonymity and is self-managed, with no interference from third parties such as central banks or government entities.

  2. Cryptojacking

    Cryptojacking is an emerging threat that hides on a user’s computer, mobile phone, tablet, laptop or server, using that machine’s resources to 'mine’ cryptocurrencies without the user's consent or knowledge.

Malware#cybersecurityCyberSec