M04 - Part 2 Case Project - Lake Point Security Consulting-Shaker Mohammadtom
M04 - Part 2 Case Project - Lake Point Security Consulting-Shaker Mohammadtom
M04 - Part 2 Case Project - Lake Point Security Consulting-Shaker Mohammadtom
Adware
Adware is a type of malware that downloads or displays advertisements to the device user.
Usually, it doesn't steal any data from the system; it is more of an irritant in that it forces users
to see ads that they would rather not have on their system. Some particularly irritating forms of
adware generate browser pop-ups that cannot be closed. Users sometimes unknowingly infect
themselves with adware that is installed by default when they download and install other
applications.
Install an anti-malware solution that includes anti-adware capabilities. Disable pop-ups on your
browsers and pay attention to the installation process when installing new software, making
sure to un-select any boxes that will install additional software by default.
Backdoor
A backdoor is a secret way to get into your device or network. Often, device or software
manufacturers create backdoors into their products either intentionally so that company
personnel or law enforcement will have a way to break into the system or unintentionally
through sloppy coding practices. Backdoors can also be installed by other types of malware,
such as viruses or rootkits.
Organizations can help prevent their computers from becoming part of a botnet by installing
anti-malware software, using firewalls, keeping software up-to-date and forcing users to use
strong passwords. In addition, network monitoring software can be helpful in determining
when a system has become part of a botnet. Also, you should always change the default
passwords for any IoT devices you install.
Browser hijacker
A browser hijacker, also sometimes called "hijackware," changes the behavior of your Web
browser, for example, by sending you to a new search page, changing your home page,
installing unwanted toolbars, directing you to sites you did not intend to visit and displaying
unwanted ads. Attackers often make money from this type of malware through advertising
fees. They may also use the hijacked browser to direct you to websites that download more
malware onto your system.
Bug
Bug is a very generic term for a flaw in a piece of code. All software has bugs, and most are
unnoticed or are only mildly irritating. Sometimes, however, a bug represents a serious security
vulnerability, and using software with this type of bug can open your system up to attacks.
The best way to prevent an attack that exploits a security vulnerability in your software is to
keep all your software up to date. When they know about a vulnerability, software vendors
usually release a patch very quickly to prevent damage to customers' systems. Organizations
that want to prevent security bugs in the software that they are writing should follow secure
coding practices and patch any bugs as soon as possible. They may also want to offer bounties
to researchers who find security flaws in their products.
Crimeware
Some vendors use the term "crimeware" to refer to malware that is used to commit a crime,
usually a crime that results in financial gain for the attacker. Much like malware, it is a very
broad category that encompasses a wide variety of malicious software.
To protect your systems from crimeware, you should follow security best practices, including
using anti-malware, firewalls, intrusion prevention and detection, network and log monitoring,
data protection and possibly security information and event management (SIEM) and security
intelligence tools. You should also use strong passwords, never reuse passwords, and update
your passwords regularly.
Keylogger
A keylogger records all the keys that a user touches, including emails and documents typed and
passwords entered for authentication purposes. Usually, attackers use this type of malware to
obtain passwords so that they can break into networks or user accounts. However, employers
also sometimes use keyloggers to determine if their employees are engaged in any criminal or
unethical behavior on company systems.
Good password hygiene is one of the best ways to prevent or mitigate the damage caused by a
keylogger. Using strong passwords that you update regularly can go a long way towards keeping
you safe. In addition, you should also use a network firewall and an anti-malware solution.
User education is one of the most powerful tools for preventing malicious mobile apps because
users can avoid much of this malware simply by avoiding third-party app stores and being
careful when downloading new apps onto their mobile devices. Mobile anti-malware can also
help prevent the problem. Organizations can prevent malicious apps from threatening their
networks by creating strong mobile security policies and by deploying a mobile security solution
that can enforce those policies.
Phishing
Phishing is a type of email attack that attempts to trick users into divulging passwords,
downloading an attachment, or visiting a website that installs malware on their systems. Spear
phishing is a phishing campaign targeted at a very specific user or organization.
How to defend against phishing
Because phishing relies on social engineering (the security term for tricking someone into doing
something), user education is one of the best defenses against these attacks. Users should
deploy anti-spam and anti-malware solutions, and they should be warned not to divulge
personal information or passwords in email messages. In addition, they should be cautioned
about downloading attachments or clicking website links in messages, even if they appear to
come from a known source, because phishing attackers often pretend to be a company or
person known to the victim. Email is also usually how ransomware works.
RAM scraper
RAM scraper malware harvests data that is being temporarily stored in a system's memory, or
RAM. This type of malware often targets point-of-sale (POS) systems like cash registers because
they store unencrypted credit card numbers for a very brief (often only milliseconds) period
before passing the encrypted numbers to back-end systems. RAM scrapers have been around a
long time, but they have been getting more attention since the Target attack that compromised
the data of 40 million customers.
Organizations can help prevent RAM scraper attacks by using hardened POS systems that are
difficult to attack. They should also keep their payment-related systems separate from non-
payment systems. And of course, they should also take the usual security precautions, such as
anti-malware software, firewalls, data encryption, etc., and comply with any relevant standards
or regulations for protecting customer data.
Ransomware
In recent years, ransomware has quickly become one of the most prevalent types of malware.
In fact, Malwarebytes reports that incidents of ransomware increased 267 percent between
January 2016 and November 2016. The most common malware variants lock up a system,
preventing any work from being done until the victim pays a ransom to the attacker. Other
forms of ransomware threaten to publicize embarrassing information, such as a user's activity
on adult websites, unless he or she pays a ransom.
How to defend against ransomware
Often organizations can mitigate ransomware attacks by having up-to-date backups. If their files
become locked, they can simply wipe the system and reboot from the backup. In addition,
organizations should train users about the threat, patch their software as necessary and install
all the usual security solutions. However, some types of ransomware have proven so difficult to
remove that many organizations and individuals have resorted to paying the ransom.
As with most other forms of malware, you can prevent most rogue security software from being
installed on your system by using a firewall and anti-malware solution and by being careful
when clicking on links or attachments in email messages. Also, organizations should educate
users about the threat as rogue security software attackers have become particularly good at
social engineering.
Rootkit
Rootkits are one of the most insidious kinds of malware because they allow attackers to have
administrator-level access to systems without the users' knowledge. Once an attacker has root
access to a system, he or she can do almost anything they want with the system, including
recording activity, changing system settings, accessing data, and mounting attacks on other
systems. The well-known Stuxnet and Flame attacks were both examples of rootkits.
Spam
In IT security, spam is unwanted email. Usually, it includes unsolicited advertisements, but it
can also include attempts at fraud or links or attachments that would install malware on your
system.
Most email solutions or services include anti-spam features. Using these capabilities is the best
way to prevent spam from showing up on your systems.
Spyware
Spyware is any type of software that gathers information about someone without their
knowledge or consent. For example, website tracking cookies that monitor a user's Web
browsing can be considered a form of spyware. Other types of spyware might attempt to steal
personal or corporate information. Sometimes government agencies and police forces use
spyware to investigate suspects or foreign governments.
You can install anti-spyware software on your computer, and anti-spyware capabilities are
included in many anti-virus or anti-malware packages. You should also use a firewall and take
care when installing software on your system.
Trojans
In ancient Greek mythology, Greek troops hid themselves inside a wooden horse outside the
city of Troy. When the Trojans brought the horse inside their walls, the Greeks attacked and
defeated them. In computer security, a Trojan horse, sometimes called a Trojan, is any malware
that pretends to be something else but really serves a malicious purpose. For example, a Trojan
might appear to be a free game, but once it is installed it might destroy your hard drive, steal
data, install a backdoor or take other harmful actions.
Because Trojans incorporate social engineering, it is imperative to educate users about the
threat. Users should also be careful when installing new software on their systems or when
clicking email links and attachments. In addition, organizations can prevent many Trojans with
security software, such as anti-malware software and firewalls.
Virus
Sometimes people use the words "virus" and "malware" interchangeably, but a virus is actually
a very specific kind of malware. To be considered a virus, the malware must infect another
program and attempt to spread itself to other systems. The virus also usually (but not always)
performs some sort of undesirable activity on the systems it infects, such as incorporating
systems into a botnet, sending spam, stealing credit card information or passwords, or locking
the system.
Every Internet-connected system should have anti-virus software installed, and users should
keep the anti-virus protection up to date. You should also deploy a firewall and use care when
clicking on email attachments or Web links.
Worm
A worm is very similar to a virus because it spreads itself, but unlike a virus, it doesn't infect
other programs. Instead, it is a standalone piece of malware that spreads from one system to
another or from one network to another. It can cause similar types of damage to the infected
system as viruses do.
How to defend against a worm
As with viruses, the best way to prevent worm infections is with the use of anti-virus or anti-
malware software. And as always, users should only click on email links or attachments when
they are certain of the contents.
Social engineering attacks come in many different forms and can be performed anywhere
where human interaction is involved. The following are the five most common forms of digital
social engineering assaults.
Baiting
As its name implies, baiting attacks use a false promise to pique a victim’s greed or curiosity.
They lure users into a trap that steals their personal information or inflicts their systems with
malware.
The most reviled form of baiting uses physical media to disperse malware. For example,
attackers leave the bait—typically malware-infected flash drives—in conspicuous areas where
potential victims are certain to see them (e.g., bathrooms, elevators, the parking lot of a
targeted company). The bait has an authentic look to it, such as a label presenting it as the
company’s payroll list.
Victims pick up the bait out of curiosity and insert it into a work or home computer, resulting in
automatic malware installation on the system.
Baiting scams don’t necessarily have to be carried out in the physical world. Online forms of
baiting consist of enticing ads that lead to malicious sites or that encourage users to download
a malware-infected application.
Scareware
Scareware involves victims being bombarded with false alarms and fictitious threats. Users are
deceived to think their system is infected with malware, prompting them to install software
that has no real benefit (other than for the perpetrator) or is malware itself. Scareware is also
referred to as deception software, rogue scanner software and fraud ware.
Scareware is also distributed via spam email that doles out bogus warnings or makes offers for
users to buy worthless/harmful services.
Pretexting
Here an attacker obtains information through a series of cleverly crafted lies. The scam is often
initiated by a perpetrator pretending to need sensitive information from a victim to perform a
critical task.
The attacker usually starts by establishing trust with their victim by impersonating co-workers,
police, bank and tax officials, or other persons who have right-to-know authority. The pretexted
asks questions that are ostensibly required to confirm the victim’s identity, through which they
gather important personal data.
All sorts of pertinent information and records is gathered using this scam, such as social security
numbers, personal addresses and phone numbers, phone records, staff vacation dates, bank
records and even security information related to a physical plant.
Phishing
As one of the most popular social engineering attack types, phishing scams are email and text
message campaigns aimed at creating a sense of urgency, curiosity, or fear in victims. It then
prods them into revealing sensitive information, clicking on links to malicious websites, or
opening attachments that contain malware.
An example is an email sent to users of an online service that alerts them of a policy violation
requiring immediate action on their part, such as a required password change. It includes a link
to an illegitimate website—nearly identical in appearance to its legitimate version—prompting
the unsuspecting user to enter their current credentials and new password. Upon form
submittal the information is sent to the attacker.
Given that identical, or near-identical, messages are sent to all users in phishing campaigns,
detecting, and blocking them are much easier for mail servers having access to threat sharing
platforms.
Spear phishing
This is a more targeted version of the phishing scam whereby an attacker chooses specific
individuals or enterprises. They then tailor their messages based on characteristics, job
positions, and contacts belonging to their victims to make their attack less conspicuous. Spear
phishing requires much more effort on behalf of the perpetrator and may take weeks and
months to pull off. They’re much harder to detect and have better success rates if done
skillfully.
Moreover, the following tips can help improve your vigilance in relation to social engineering
hacks.
Don’t open emails and attachments from suspicious sources – If you don’t know the sender in
question, you don’t need to answer an email. Even if you do know them and are suspicious
about their message, cross-check and confirm the news from other sources, such as via
telephone or directly from a service provider’s site. Remember that email addresses are
spoofed all the time; even an email purportedly coming from a trusted source may have been
initiated by an attacker.
Use multifactor authentication – One of the most valuable pieces of information attackers seek
are user credentials. Using multifactor authentication helps ensure your account’s protection in
the event of system compromise. Imperva Incapsula Login Protect is an easy-to-deploy 2FA
solution that can increase account security for your applications.
Be wary of tempting offers – If an offer sounds too enticing, think twice before accepting it as
fact. Googling the topic can help you quickly determine whether you’re dealing with a
legitimate offer or a trap.
Keep your antivirus/antimalware software updated – Make sure automatic updates are
engaged or make it a habit to download the latest signatures first thing each day. Periodically
check to make sure that the updates have been applied and scan your system for possible
infections.