o Consistent to the policy in force, the national strategy to secure cyberspace shall have the

following objectives:
- Prevent cyber-attacks against critical infrastructures.
- Reduce national vulnerabilities to cyber-attack and,
- Minimize the damage and recovery time from cyber-attacks that do occur.
IT security standards or cyber security standards
 Are techniques generally outlined in published materials that attempt to protect the cyber
environment of a user or organization.
 This environment includes users themselves, networks, devices, all software, processes,
information in storage or transit, applications, services, and systems that can be
connected directly or indirectly to networks.
The principal objective is to reduce the risks, including preventing or mitigating cyber-attacks.
The Cyber security provisions in this European standard are:
1. No universal default passwords 8. Ensure that personal data is secure
2. Implement a means to manage 9. Make systems resilient to outages
reports of vulnerabilities 10. Examine system telemetry data
3. Keep software updated 11. Make it easy for users to delete user
4. Securely store sensitive security data
parameters 12. Make installation and maintenance
5. Communicate securely of devices easy
6. Minimize exposed attack surfaces 13. Validate input data
7. Ensure software integrity

What are cybersecurity standards?

Cybersecurity standards are collections of best practices created by experts to protect
organizations from cyber threats and help improve their cybersecurity posture.
Cybersecurity frameworks are generally applicable to all organizations, regardless of their size,
industry, or sector

1.3 Standards and Guidelines

Standards can be contrasted with another category of documents, generally referred to as
guidelines. Both standards and guidelines provide guidance aimed at enhancing cyber security,
but guidelines usually lack the level of consensus and formality associated with standards.
What is cybersecurity strategy?
A cybersecurity strategy is comprised of high-level plans for how an organization will go about
securing its assets and minimizing cyber risk. Much like a cybersecurity policy, the cybersecurity
strategy should be a living, breathing document adaptable to the current threat landscape and
ever-evolving business climate. Typically, cybersecurity strategies are developed with a three-to-
five-year vision but should be updated and revisited as frequently as possible.
While cybersecurity policies are more detailed and specific, cybersecurity strategies are more of
a blueprint for your organization to guide the key stakeholders as the company and business
environment evolve.
Goals for your cyber strategy
One of the most critical goals for any cybersecurity strategy is achieving cyber resiliency.
Benefits of proactive cybersecurity
When it comes to managing risk, a proactive approach is always superior to a reactive one. But
being proactive, especially when new threats are discovered and detected at such an alarming
rate, is easier said than done.

A proactive cybersecurity approach not only puts you ahead of attackers but can help you
maintain and even exceed regulatory requirements. Proactive strategies offer the structure and
guidance that help you stay prepared and avoid confusion that may arise. With uncertainty and
confusion minimized, measures for incident prevention, detection and response are dramatically
improved.
When you embrace proactive security, your organization will be positioned to:
 Ensure that cybersecurity aligns with your business vision
 Foster a security-conscious culture
 Understand your high-risk areas
 Implement an assessment program to identify risks, threats, and vulnerabilities
 Approach security beyond compliance
 Invest equally in prevention, detection, and response
How to develop a cybersecurity strategy: Step-by-step guide
A cybersecurity strategy isn't meant to be perfect, but it must be proactive, effective,
actively supported and evolving. Here are the four steps required to get there.
A cybersecurity strategy is a high-level plan for how your organization will secure its assets
during the next three to five years.
How do you build a cybersecurity strategy for your business?
Building a cybersecurity strategy for your business takes effort, but it could mean the difference
between surpassing your competitors and going out of business in the coming years. Here's the
basic steps you can follow to develop your strategy.
Step 1. Understand your cyber threat landscape
Before you can understand your cyber threat landscape, you need to examine the types of cyber
attacks that your organization faces today. Which types currently affect your organization the
most often and most severely: malware, phishing, insider threats or something else? Have your
competitors had major incidents recently, and if so, what types of threats caused them?
Step 2. Assess your cybersecurity maturity
Once you know what you're up against, you need to do an honest assessment of your
organization's cybersecurity maturity. Select a cybersecurity framework, like the NIST
Cybersecurity Framework. Use it first to assess how mature your organization is in dozens of
different categories and subcategories, from policies and governance to security technologies and
incident recovery capabilities. This assessment should include all of your technologies, from
traditional IT to operational technology, IoT and cyber-physical systems.
Step 3. Determine how to improve your cybersecurity program
Now that you know where you are and where you want to be, you need to figure out the
cybersecurity tools and best practices that will help you reach your destination. In this step, you
determine how to improve your cybersecurity program so that you achieve the strategic
objectives you've defined.
Step 4. Document your cybersecurity strategy
Once you have management approval, you need to ensure your cybersecurity strategy is
documented thoroughly. This includes writing or updating risk assessments, cybersecurity plans,
policies, guidelines, procedures and anything else you need to define what is required or
recommended in order to achieve the strategic objectives. Making it clear what each person's
responsibilities are is key.
What is Cyber Security Culture?
The concept of cyber security culture refers to the attitudes, knowledge, assumptions, norms
and values of the workforce of an organisation with respect to cyber security. These are shaped
by the goals, structure, policies, processes, and leadership of the organisation.
A good cyber security culture is one in which both the organisational determinants of culture
(policy, process, leadership, social norms etc.) and the individual determinants of culture
(attitudes, knowledge, assumptions etc.) align with the organisation’s approach to cyber security,
manifesting in cyber security conscious behaviours.
Why is it important to invest in a good cyber security culture?
A cyber-savvy mindset and cyber secure culture help deliver growth through digital trust,
improve an organisation’s reputation with customers and build employee pride. They create an
environment where good cyber hygiene becomes standard practice so the whole organisation can
operate more securely with less effort, freeing up time and energy for the core business.
How to develop a good cyber security culture
It’s useful to look at what we can learn from organisations with dangerous work environments,
such as power-stations, oil platforms and railways. They tried training their staff and found the
behaviour improvement didn’t last long.
Cyber security culture needs to reflect organisational and leadership goals

Cyber security culture goals must be strategic, organisationally aligned and risk aligned. You
need to understand what the current cyber security culture within your organisation looks like.
You need to explore your lived culture, purpose and values, and the way that they impact
people’s engagement with cyber risk. It's important to know the reality of where you’re starting
from by understanding mindsets and behaviour, this helps you determine where the significant
gaps are and develop a roadmap for change.
What Are the Top Five Cybercrimes?
#1 Phishing
Phishing refers to emailing or contacting someone by pretending to belong to a well-known and
famous organization. Cybercriminals use phishing to lure people into providing sensitive
information like credit card details and addresses. Some other forms of phishing include
smishing (SMS phishing) and vishing (video phishing). 
#2 Cyber Extortion
Cyber extortion is a crime where someone holds your data hostage till your company pays the
ransom. Cybercriminals gain access to your computers and steal confidential data. They often
gain this access by sending suspicious emails containing malware—malicious software—that
hijacks your computer. They can resort to blackmail, denial of service, locking you out of your
system, and more.
To keep your company safe from cyber extortion, you can opt for cyber liability insurance,
install anti-virus software, maintain numerous data backups, and educate your employees.
#3 Data breach
Data breaches can happen by accident or intentionally. Poor technological firewalls and
reckless employee behavior can result in a data breach. Often, hackers use phishing emails and
malware to steal sensitive and confidential information, resulting in a data breach.
#4 Identity theft
Identity theft happens when a person pretends to be someone else to commit fraud.
Cybercriminals steal your personal information, like identity cards, credit cards and the like, to
make transactions. The most common type of identity theft is financial identity theft. There are
also other types, like medical identity theft, child identity theft and more. 
Often, criminals find your paper receipts containing bank details and use them to commit identity
theft. To avoid that, shift to using digital financial statements across your company. For the
things that have to be in paper form, use a quality shredder to ensure that you dispose of them
safely. Additionally, have strong passwords and ensure that only a select few have access to all
company files. You don’t need to share every single piece of information with each employee. 
#5 Harassment
Harassment takes on many forms for small businesses. For instance, in April 2021, singer Demi
Lovato came under fire for harassing a local frozen yogurt shop on Instagram. She accused them
of triggering her “eating disorder” by placing the sugary yogurt options before the vegan ones.
There was also another instance of a woman bullying a Houston cafe online for speaking up
against the Texas abortion law. Harassment hurts the business’ reputation and often leaves a
mental scar on the person being harassed.To protect your team from harassment, you must have
a stringent anti-harassment policy in place. 

Vulnerability and Risk

What is Vulnerability
What does Vulnerability mean?
Vulnerability is the inability to resist a hazard or to respond when a disaster has occurred. For
instance, people who live on plains are more vulnerable to floods than people who live higher up.
In actual fact, vulnerability depends on several factors, such as people's age and state of health,
local environmental and sanitary conditions, as well as on the quality and state of local buildings
and their location with respect to any hazards.

Vulnerability describes the characteristics and circumstances of a community, system or asset

that make it susceptible to the damaging effects of a hazard. There are many aspects of
vulnerability, arising from various physical, social, economic, and environmental factors.
Examples may include:
 poor design and construction of buildings, 
 inadequate protection of assets,
 lack of public information and awareness,
 limited official recognition of risks and preparedness measures, and
 disregard for wise environmental management. 

Vulnerability varies significantly within a community and over time. This definition identifies
vulnerability as a characteristic of the element of interest (community, system or asset) which is
independent of its exposure. However, in common use the word is often used more broadly to
include the element’s exposure.
There are four (4) main types of vulnerability:
1. Physical Vulnerability may be determined by aspects such as population density levels,
remoteness of a settlement, the site, design and materials used for critical infrastructure and
for housing (UNISDR).
Example: Wooden homes are less likely to collapse in an earthquake, but are more vulnerable to
fire.
2. Social Vulnerability refers to the inability of people, organizations and societies to with stand
adverse impacts to hazards due to characteristics inherent in social interactions, institutions and
systems of cultural values. It is linked to the level of well being of individuals, communities and
society. It includes aspects related to levels of literacy and education, the existence of peace and
security, access to basic human rights, systems of good governance, social equity, positive
traditional values, customs and ideological beliefs and overall collective organizational systems
(UNISDR).
Example: When flooding occurs some citizens, such as children, elderly and differently-able,
may be unable to protect themselves or evacuate if necessary.
3. Economic Vulnerability. The level of vulnerability is highly dependent upon the economic
status of individuals, communities and nations The poor are usually more vulnerable to disasters
because they lack the resources to build sturdy structures and put other engineering measures in
place to protect themselves from being negatively impacted by disasters. 
Example: Poorer families may live in squatter settlements because they cannot afford to live in
safer (more expensive) areas.
4. Environmental Vulnerability. Natural resource depletion and resource degradation are key
aspects of environmental vulnerability.
Example: Wetlands, such as the Caroni Swamp, are sensitive to increasing salinity from sea
water, and pollution from stormwater runoff containing agricultural chemicals, eroded soils, etc.
What is Risk
Risk (or more specifically, disaster risk) is the potential disaster losses (in terms of lives, health
status, livelihoods, assets and services) which could occur to a particular community or a society
over some specified future time period.
It considers the probability of harmful consequences, or expected losses (deaths, injuries,
property, livelihoods, economic activity disrupted or environmentally damaged) resulting from
interactions between natural or human induced hazards and vulnerable conditions. 
Risk can be calculated using the following equation: Risk = Probability of Hazard x Degree of
Vulnerability.
There are different ways of dealing with risk, such as:
Risk Acceptance: an informed decision to accept the possible consequences and likelihood of a
particular risk.
Risk Avoidance: an informed decision to avoid involvement in activities leading to risk
realization.
Risk Reduction refers to the application of appropriate techniques to reduce the likelihood of
risk occurrence and its consequences.
Risk Transfer involves shifting of the burden of risk to another party. One of the most common
forms of risk transfer is Insurance.
What is computer security?
Computer security basically is the protection of computer systems and information from harm,
theft, and unauthorized use. It is the process of preventing and detecting unauthorized use of
your computer system.
There are various types of computer security which is widely used to protect the valuable
information of an organization.
What is Computer Security and its types?
One way to ascertain the similarities and differences among Computer Security is by asking what
is being secured. For example,
 Information security is securing information from unauthorized access, modification &
deletion
 Application Security is securing an application by building security features to prevent
from Cyber Threats such as SQL injection, DoS attacks, data breaches and etc.
 Computer Security means securing a standalone machine by keeping it updated and
patched
 Network Security is by securing both the software and hardware technologies
 Cybersecurity is defined as protecting computer systems, which communicate over the
computer networks
So, Computer security can be defined as controls that are put in place to provide
confidentiality, integrity, and availability for all components of computer systems. Let’s
elaborate the definition.
Components of computer system
The components of a computer system that needs to be protected are:
 Hardware, the physical part of the computer, like the system memory and disk drive
 Firmware, permanent software that is etched into a hardware device’s nonvolatile
memory and is mostly invisible to the user
 Software, the programming that offers services, like operating system, word processor,
internet browser to the user 
The CIA Triad
Computer security is mainly concerned with three main areas:

 Confidentiality is ensuring that information is available only to the intended audience

 Integrity is protecting information from being modified by unauthorized parties
 Availability is protecting information from being modified by unauthorized parties
Computer security threats
Computer security threats are possible dangers that can possibly hamper the normal functioning
of your computer. In the present age, cyber threats are constantly increasing as the world is going
digital. The most harmful types of computer security are:
Why is Computer Security Important?
Protecting the computers and the data in them is an increasingly important consideration.
Hackers are prying over the business network to conduct fraudulent activities, gain access and
steal sensitive information associated with businesses. With the cybersecurity threat landscape
elevating to the next level, individuals and organizations can protect their computers from
staying away from such attacks with efficient computer security systems. Practicing good
computer ethics is a prime key to keeping your laptop safe and having a good user experience.
Computer Security Definition
Computer security involves protecting software, data, hardware, and other components
associated with the computer from cybersecurity threats or damage. Methods, software, and
techniques are applied to enable system security, safeguard computing resources, allow data to
integrity, restrict access to authorized users, and retain data confidentiality. Antivirus, Firewall,
and Internet security software are some of the efficient security systems available to entitle users
with computer security.
3 Best Computer Security Practices
From passwords to file encryption, computer security plays a vital role.
1. Set Strong Passwords
Users are to be wary of cybersecurity threats and should start implementing strong passwords as
weak passwords would allow hackers to guess them easily and gain access to private user
credentials and use them to get monetary benefits. Here is how cybersecurity knowledge plays
the leading role in protecting passwords.
 Never document passwords in text files or spreadsheets
 Avoid saving passwords in the browser
 Avoid using personal information like spouse name, date of birth, child’s name
 Use of complex passwords with a combination of letters (lower-case and upper-case)
 Use unique passwords and do not use the same password for different accounts
 Deploy two-factor authentication
2. Backing up data
The second most important key to cyber-security is backing up data. This is done by saving a
copy of your existing data on an external hard disk so that if your device is stolen or
compromised, your backup data would be a savior.
3. Protecting Wireless Network
All the wireless networks associated with businesses and individuals should be protected with a
strong password. This prevents hackers from accessing or hijacking the wireless business
network. Make sure that the wireless network is encrypted.

What do Computer Security Specialists do?

Computer security managers are accountable for securing the computing resources and data of
the company consistently. A security analyst should restrict access to specific users to gain
confidential information.
Planning Security
Security experts analyze and plan the computer protection measures to protect the vital
components of the IT infrastructure from countering the possible vulnerabilities and threats.
Securing the Infrastructure
The critical role of any computer security specialist is to secure the infrastructure of the
corporate network. Even the most sought-after software can have the possibility of retaining
overlooked vulnerabilities that are detected only when there is an audit.
The security specialist is responsible for installing a free firewall to filter out the possible threats
and an antivirus to scan, detect and remove any malware infection from the system.
Monitoring the Infrastructure
The prime role of any computer security specialist is to monitor the corporate IT infrastructure.
They are accountable for checking what goes in and comes out of the network. They deploy
automated security systems to monitor the system’s activities connected to the network.
A key component of infrastructure security is monitoring infrastructure. Security analysts place
to network and computer monitors on the web and critical servers at strategic points. These
monitors typically communicate with a central server, reporting all activity for later analysis.
Security analysts use automated tools to scan the logs produced by the monitors and look for
aberrations in the activity.
Facts about Computer Security
Companies are not aware of the modes of attacks.
With technology, attackers have evolved over the years to deploy sophisticated methods and
impose attacks on their target networks. Companies are confident about their IT security
progress; however, in reality, they are not aware of how they are being attacked.
Every company is hacked.
When we hear about a company’s breach, our instant reflux will make us think that the company
does not practice proper computer security systems. However, every company is at high risk and
is likely to be attacked anytime.
Penetration testers experience ethical hacking to be very simple, and they easily outplay the
existing security system of a computer network. Hence it is a verdict that all the computers are
not secured.
Why Do Users Get Attacked?
Before getting into how to secure data from breaches, we must try to understand the motives
behind these attacks. By knowing the motives behind the attacks, it’s easy for cybersecurity
professionals to secure the systems. The main motives for attacking an organization’s or
individual’s computer are: 
1. Disrupting a business’ continuity: If a business is disrupted, it causes great harm to the
organization in the form of lost profits, fraud, and damage to its reputation.
2. Information theft and manipulating data: Hackers take confidential information that
they steal from organizations and sell it to individuals or groups on the black market.
3. Creating chaos and fear by disrupting critical infrastructure: Cyber terrorists attack a
company or a government body to disrupt their services, doing damage that can
potentially affect an entire nation.
4. Financial loss to the target: Hackers attack an organization or business and disrupt their
services in such a way that the target has to allocate substantial funds to repair the
damage.
5. Achieving a state’s military objectives: Rival nations continuously keep an eye on each
other and sometimes employ cybercriminal tactics to steal military secrets. 
6. Demanding ransom: The hackers employ ransomware to block a website or servers,
releasing control only after a ransom is paid.
7. Damaging the reputation of target: The hacker may have personal reasons to attack an
organization or individual so that their reputation suffers.
8. Propagating religious or political beliefs: Hackers may infiltrate websites to promote
religious dogma or a certain political agenda, usually to sway voters to vote a certain
way.
Types of Attacks
There are many kinds of attacks available to the dedicated hacker. These are among the most
famous and frequent types of attacks.
1. Denial of service (DDoS):
This is an attack used to restrict the user’s access to the system resources by flooding the server
with useless traffic. The botmaster commands all the bots to access a resource at the same time
so that the resource gets hopelessly jammed up. Then, if a legitimate user wants to access that
same resource, they will not be able to do so.
2. Malware attack:
This is a malicious program that disrupts or damages the computer. There are four main types of
malware:
 Keylogger: Keylogger records all the hits on the targeted keyboard. Most hackers use it
to get passwords and account details.
 Virus: A computer virus is a malicious code that replicates by copying itself to another
program or document and changes how a computer works. The virus, such as the Melissa
virus, requires someone to knowingly or unknowingly spread the infection without the
knowledge or permission of a user or system administrator. 
 Worms: This is a standalone program that runs independently and infects the system.
One of the more popular examples is W32.Alcra.F. The worm propagates itself through
network share devices.
 Trojan horse: This is a malicious code that takes over your computer. This code can
damage or steal information from your computer.
3. Man in the middle:
Say, for example, you want to do an online transaction. You connect to your bank and conduct
the payment. Simple, right?
4. Phishing:The attacker sends bait, often in the form of an email. It encourages people to share
their details. For example, you get an email like this:
5. Eavesdropping:
Attacker observes traffic on your system and the work you are doing. The attacker can monitor
you in three ways: 
 Email monitoring
 Which websites you visit
 What items you download
6. SQL injection:
As the name suggests, an SQL injection vulnerability allows an attacker to inject malicious input
into a SQL statement. This type of attack happens only on websites. The best example would be
www.facebook.com. There is a database stored on the Facebook website. The hackers get into
that database and sign in using someone else's username and password.
7. Password attack:
To crack a password or find a password, hackers employ the following techniques:
 Dictionary attack: In this method, they handle every password that is possible through
the dictionary
 Brute force: It is a trial and error method used to decode the password or data. This
attack takes the most amount of time.
 Keylogger: As the name suggests, keylogger records all the hits on the keyboard. Most
people use it to get passwords and account details
 Shoulder surfing: The attackers observe the user’s keyboard by looking over the user’s
shoulder.
  Rainbow table: There are rainbow tables that contain precomputed hash values.
Attackers use this table to find the user’s password.
8. Social engineering:
Attackers create social situations that encourage you to share your password. For example, let’s
say that you are out of your office, and you get a call. The person says that he is from the IT
department and they have found out that your system has been compromised. He asks you to
share your password. You might believe him and share your password. However, the caller was,
in fact, a hacker, and how he has your password. Now that he has access, he can compromise
your organization's data. The best way to avoid the effects of social engineering is to learn your
organization’s protocol regarding password sharing.
What to Secure?
The security of any organization starts with three principles: confidentiality, integrity, and
availability. This is called CIA (no relation to the American spy organization!). CIA has served
as the industry standard for computer security since the advent of the first mainframes.  
 Confidentiality: The principles of confidentiality assert that information and functions
can be accessed only by authorized parties. Example: military secrets.
 Integrity: The principles of integrity assert that information and functions can be added,
altered, or removed only by authorized people and means. Example: incorrect data
entered by a user in the database.
 Availability: The principles of availability assert that systems, functions, and data must
be available on-demand according to agreed-upon parameters based on levels of service.
How Do You Secure Your Computer?
1. Two-way authentication
Two-factor authentication adds a layer of security to the authentication process by making it
harder for attackers to gain access to a person's devices or online accounts. For example, when
you make online payments, you first have to confirm your card’s cvv number, then you undergo
a second confirmation by providing your mobile number.
2. Secure passwords
Create strong passwords so that no one will be able to hack or guess your password. The best
passwords include:
 At least 15 characters.
 Capital letters.
 Special characters. Example: @#$%.
 Numbers.
3. Regular updates
Always keep your system and all its software updated. Many updates contain additional defenses
against cyber attacks.
4. Antivirus
Antivirus is a computer program used to prevent, detect, and remove malware. Examples of
antivirus include Norton, Quickheal, and McAfee.
5. Firewalls
Firewalls prevent unauthorized Internet users from accessing private networks connected to the
Internet, especially intranets.
6. Anti-Phishing Tactics
When you get an email that looks suspicious or has no relation to you, then do the following:
 Do not click on the link in the email.
  Do not provide any personal details if asked.
 Do not open the attached files.
7. Encryption
This is the process of converting ordinary plain text into unintelligible text and vice-versa.
Encryption is used in many applications like: 
 Banking transactions.
 Computer passwords.
 E-commerce transactions.
Computer security involves controls to protect computer systems, networks, and data from
breach, damage, or theft. Learn about the definition and basics of computer security, and explore
components of computer systems and computer security controls. Updated: 12/27/2021
Defining Computer Security
If you want a computer to be perfectly secure, you could fill it with concrete and dump it in the
ocean. This would protect any information on the computer from inappropriate use.
Unfortunately, the computer would be completely unusable, so you probably don't want to do
that! Since you want to both use your computer and keep it safe, you should practice good
computer security. Computer security allows you to use the computer while keeping it safe from
threats.
Computer security can be defined as controls that are put in place to provide confidentiality,
integrity, and availability for all components of computer systems. These components include
data, software, hardware, and firmware. This is a complex definition. Let's illustrate the
definition by showing you a day in the life of Samantha, a security manager just hired for a small
company. The company doesn't have any computer security yet, so she knows to start with the
very basics.
A computer worm is a type of malware that spreads copies of itself from computer to computer.
A worm can replicate itself without any human interaction, and it does not need to attach itself to
a software program in order to cause damage.
How do computer worms work? 
Worms can be transmitted via software vulnerabilities. Or computer worms could arrive as
attachments in spam emails or instant messages (IMs). Once opened, these files could provide a
link to a malicious website or automatically download the computer worm. Once it’s installed,
the worm silently goes to work and infects the machine without the user’s knowledge.

Worms can modify and delete files, and they can even inject additional malicious software onto a
computer. Sometimes a computer worm’s purpose is only to make copies of itself over and over
— depleting system resources, such as hard drive space or bandwidth, by overloading a shared
network. In addition to wreaking havoc on a computer’s resources, worms can also steal data,
install a backdoor, and allow a hacker to gain control over a computer and its system settings.
How to tell if your computer has a worm
If you suspect your devices are infected with a computer worm, run a virus scan immediately.
Even if the scan comes up negative, continue to be proactive by following these steps.
1. Keep an eye on your hard drive space. When worms repeatedly replicate themselves,
they start to use up the free space on your computer.
2. Monitor speed and performance. Has your computer seemed a little sluggish lately?
Are some of your programs crashing or not running properly? That could be a red flag
that a worm is eating up your processing power.
 3. Be on the lookout for missing or new files. One function of a computer worm is to
delete and replace files on a computer.
How to help protect against computer worms 
Computer worms are just one example of malicious software. To help protect your computer
from worms and other online threats, take these steps.
1. Since software vulnerabilities are major infection vectors for computer worms, be sure
your computer’s operating system and applications are up to date with the latest versions.
Install these updates as soon as they’re available because updates often include patches
for security flaws.
2. Phishing is another popular way for hackers to spread worms (and other types of
malware). Always be extra cautious when opening unsolicited emails, especially those
from unknown senders that contain attachments or dubious links. 
3. Be sure to invest in a strong internet security software solution that can help block these
threats. A good product should have anti-phishing technology as well as defenses against
viruses, spyware, ransomware, and other online threats.
What is a computer worm? 
A computer worm is a subset of the Trojan horse malware that can propagate or self-replicate
from one computer to another without human activation after breaching a system. Typically, a
worm spreads across a network through your Internet or LAN (Local Area Network) connection.
Naturally, you must be wondering what is a Trojan and how does it relate to computer worms?   

To keep it brief, a Trojan uses trickery and social engineering to deceive people into running it.
For example, a Trojan may pretend to be legitimate software. A worm is a type of Trojan
because it normally relies on social engineering to attack systems.  
How does a computer worm spread?
 Phishing: Fraudulent emails that look authentic can carry worms in corrupt attachments.
Such emails may also invite users to click malicious links or visit websites designed to
infect users with worms.
 Spear-Phishing: Targeted phishing attempts can carry dangerous malware like
ransomware cryptoworms.  
 Networks: Worms can self-replicate across networks via shared access.
 Security holes: Some worm variants can infiltrate a system by exploiting software
vulnerabilities.
 File sharing: P2P file networks can carry malware like worms.
 Social networks: Social platforms like MySpace have been affected by certain types of
worms.
 Instant messengers (IMs): All types of malware, including worms, can spread through
text messages and IM platforms such as Internet Relay Chat (IRC).  
 External devices: Worms can infect USB sticks and external hard drives.
What does a computer worm do?
Once a computer worm has breached your computer’s defenses it can perform several malicious
actions:
 Drop other malware like spyware or  Overload networks
ransomware  Steal data
 Consume bandwidth  Open a backdoor
 Delete files  Deplete hard drive space
Computer worm vs. virus
Some people think that a computer worm and computer virus are the same things because the
two behave similarly. They may even use the terms like "worm computer virus" or "worm virus
malware." The truth is that the two are comparable but different threats.
The defining difference between a virus and a worm is that viruses rely on human action for
activation and need a host system to replicate. In other words, a virus won’t harm your system
unless you run it. For example, a virus on a flash drive connected to your computer won’t
damage your system unless you activate it. And as mentioned above, a worm doesn’t need a host
system or user action to spread.
Computer worm examples
Over the years, there have been some particularly devastating worms. Some worms have caused
billions in damage. Here is a brief list of some infamous ones:
 Morris Worm: Also known as the Internet worm, this was one of the first computer
worms to spread via the Internet and earn notoriety in the media.
 Bagle: Also known as Beagle, Mitglieder, and Lodeight, this mass-mailing worm had
many variants.
 Blaster: Also known as MSBlast, Lovesan, and Lovsan, this worm attacked computers
running Windows XP and Windows 2000.
 Conficker: Also known as Downup, Downadup, and Kido, this worm exploited flaws in
Windows to infect millions of computers in over a hundred countries.
 ILOVEYOU: The ILOVEYOU worm infected tens of millions of computers globally,
resulting in billions of dollars in damage.
 Mydoom: This became the fastest-spreading email worm in 2004, sending junk email
across computers.
 Ryuk: Although Ryuk wasn't always a worm, it's now worm-like ransomware.
 SQL Slammer: The SQL Slammer worm gained infamy for slowing down Internet
traffic with denial-of-service attacks on some Internet hosts.
 Storm Worm: This worm utilized social engineering with fake news of a disastrous
storm to drop botnets on compromised machines.
 Stuxnet: Some experts believe this sophisticated worm was developed for years to
launch a cyberattack.
Symptoms of a computer worm 
Many of the symptoms of a computer worm are like that of a computer virus. For example, you
may have a computer worm if your computer slows down, freezes, crashes or throws up error
messages. You may also notice that files are missing or corrupted or that your hard drive's space
is rapidly depleting inexplicably. Additionally, you may see alerts from your firewall about a
breach. 
How to stop computer worms
Like other forms of malware — computer worms can be stopped with the right antivirus
and anti-malware software and safe computing practices. Please don’t entertain suspicious links,
emails, texts, messages, websites, P2P file networks, and drives. Also, update your essential
software regularly to shield your computer from vulnerabilities like the wormable Windows flaw
and the like.
Computer Worm
What are Computer Worms?
how Computer Worms work.
A computer worm is a malicious program that reproduces itself as it spreads to as many
computers as possible over networks. This makes the computer worm particularly dangerous for
companies. But what exactly does a computer worm do, how is it recognized and how can the
problem be resolved?
What is a Computer Worm?
The term “computer worm” was first used in 1975 in the novel “The Shockwave Rider” by John
Brunner. In this novel, the protagonist of the story creates a worm that collects data. In the early
days of computer science, worms were designed to exploit a system’s vulnerabilities. Instead of
seriously damaging the infected computers, they just kept multiplying in the background. Today,
however, the purpose of computer worms has changed. Today, attackers often use them to gain
full access to their victims’ computers.
Computers connected to a network are susceptible to various forms of malware, including
computer worms. A computer worm is malware that reproduces itself and spreads over network
connections. The computer worm does not usually infect computer files, but rather infects
another computer on the network. This is done by the worm replicating itself. The worm passes
this ability on to its replica, which allows it to infect other systems in the same way. The
difference between computer worms and viruses can also be found here. Computer worms are
stand-alone programs that replicate themselves and run in the background, while viruses require
a host file to infect.
How does a Computer Worm work?
In order to spread, computer worms use vulnerabilities in networks. The worm is looking for a
back door to penetrate the network unnoticed. To get computer worms into circulation for the
first time, hackers often send phishing e-mailsor instant messages with malicious
attachments. Cyber criminals try to camouflage the worm so that the recipient is willing to run
the program. For this purpose, for example, double file extensions are used and / or a data name
that looks harmless or urgent, such as “invoice”. When the user opens the attachment or link,
they will immediately download the malware (computer worm) into the system or be directed to
a dangerous website. In this way, the worm finds its way into the user’s system without them
noticing. Once executed, the worm seeks a way to replicate and penetrate other systems. One
way of doing this, for example, is for the worm to send an email to all contacts on the infected
computer, which contains replicas of the worm. 
What types of Computer Worms are there?
Computer worms can be divided mainly according to the type of spread:
Internet Worms
These are completely independent programs. You use an infected machine to search the internet
for other vulnerable machines. If a vulnerable computer is found, the worm infects it.
Email Worms
This computer worm is most commonly spread via email attachments. It usually has double file
extensions (e.g. .mp4.exe or .avi.exe) so that the recipient could think that they are media files
and not malicious computer programs.
File Sharing Worms
Despite the illegality, file sharing and peer-to-peer file transfers are still used by millions of
people worldwide. In doing so, they unknowingly expose their computers to the threat of file-
sharing worms. Like email and instant messaging worms, these programs are often disguised as
double-ended media files.
Instant Messaging Worms
They are similar to email worms, the only difference being in the way they spread. They are
disguised as attachments or clickable links to websites. Often times, short messages like “LOL”
or “This is your must-see!” accompanied to trick the victim into thinking that a friend sent a
funny video to watch.
Known Computer Worms
Morris Worm
This computer worm was launched in 1988 by Robert Morris. He released some code without
knowing that it was riddled with bugs that would cause a variety of problems for the affected
hosts. The Morris worm resulted in thousands of overloaded computers running on UNIX,
costing between $ 10 million and $ 100 million in financial damage.
Storm Worm
The Storm Worm is an email worm from 2007. The victims received emails with a false news
story. This reported an unprecedented storm wave that should have killed hundreds of people
across Europe. More than 1.2 billion emails infected with the Storm worm have been sent over
the course of 10 years. Experts believe that there are still at least one million infected computers
whose owners do not know they are infected.
SQL Worm
This computer worm was unique in its method of spreading. It generated a series of random IP
addresses and mailed itself to them in the hope that they weren’t protected by antivirus
software. Shortly after the SQL worm spread in 2003, more than 75,000 infected computers were
unwittingly involved in DDoS attacks on several large websites.
What is the difference between a Computer Worm and a Virus?
A computer worm fits the description of a computer virus in many ways. Like a normal virus, a
computer worm can replicate itself and spread over networks. For this reason, worms are often
referred to as viruses, but they differ from one another in some ways.
Unlike viruses, which require host files before they can infect the computer, worms exist as
separate entities or standalone software. They can replicate and spread on their own once they
break the system. You don’t need activation or human intervention to run and distribute your
code. In comparison, viruses often hide in shared or downloaded files. When the host file is
downloaded from a computer, the virus remains inactive until the infected file is activated. Only
then can the virus execute malicious code and replicate itself to infect other files on the
computer.
A computer worm, on the other hand, does not require activation of the host file. As soon as a
computer worm enters the system, it makes multiple copies of itself, which then spread over the
network or over an Internet connection. These copies infect all inadequately protected computers
and servers that connect to the originally infected device over the network. Because each
subsequent copy of a worm repeats this process of self-replication, execution and spreading,
computer worms can spread over networks very easily and quickly.
How do you recognize a Computer Worm?
Users should be familiar with the signs of a computer worm so that they can quickly identify an
infestation and remove the computer worm. Here are the most typical symptoms of a computer
worm:
 =Unusual computer behavior  =Emails sent to contacts without the
(messages, sounds, pictures) user's knowledge
 =Programs that open and run  =Missing or changed files
automatically  =Firewall warnings
 =Slow computing performance  =Unusual behavior of the web
 =System freezes and crashes browser
 =Operating system errors and system  =Strange and unintended desktop
error messages files and icons appear
How can I remove a Computer Worm?
The following steps should be used to completely remove a computer worm:
1.  First of all, high-quality anti-virus software should be installed. When choosing
software, reputable manufacturers should be used, as malware often comes with fake
antivirus programs.
2. Disable System Restore to prevent Windows from creating backups that are infected with
the computer worm.
3. Carry out a full scan of the system with the antivirus program.
4. If computer worms are found, the software usually offers to remove them.
5. If the anti-virus program does not automatically remove the worm, it is important to note
the name of the worm.
6. If this is the case, a suitable tool for removing the worm in question should be
downloaded and executed using a search engine. The antivirus software should also be
deactivated. If it is run while the worm is being removed, it could conflict with the
removal methods and cause a system failure.
7. After the worm has been removed, the anti-virus program should be switched on
again. The same goes for system recovery.
How can you protect yourself from a Computer Worm?
There are several best practices that individuals as well as businesses can follow to protect their
computers from a computer worm. The following steps reduce the risk of infection and make it
easier to identify and eliminate computer worms:
Safe Behavior
Attachments and links should only be opened if they come from a trustworthy source known to
the user. E-mails from unknown senders should not be opened, as many computer worms spread
via e-mail. Companies should conduct awareness training courses with their employees so that
they are made aware of the dangers and risks on the Internet.
Regular Updates
Operating systems and software should be kept up to date with regular updates. The
manufacturer’s updates often contain security patches that protect computers from new worms
and fix errors. This is important because a computer worm will benefit from the vulnerabilities.
Antivirus Software
Antivirus software is the first preventive measure to avoid computer worms. It is a program that
protects the computer from viruses, worms, Trojans and malware of all kinds. It scans every file
on the computer and helps prevent damage. Antivirus programs that are able to scan downloads
and already contain tools to remove worms are particularly effective.
Firewall
A firewall is a security tool that is used to monitor incoming and outgoing network traffic based
on security rules. The main purpose is to create a barrier between internal and external network
in order to protect against cyber attacks.
Protect your email inbox
Computer worms often attack computers via email. For example, they can get onto the computer
via a phishing email. Heretofore you can already protect before the malware au f the
computer. This works for companies, for example, with Spam and Malware
Protection or Advanced Threat Protection from Hornetsecurity.

Overview of Computer Worms

computer worms can be organized into types based on how they are distributed between
computers. Types of worms are as follows:

 Email Worms: Email Worms spread through malicious email as an attachment or a link

of a malicious website.
 Instant Messaging Worms: Instant Messaging Worms spread by sending links to the
contact list of instant messaging applications such as Messenger, WhatsApp, Skype, etc.
 Internet Worms: Internet worm searches all available network resources using local
operating system services and/or scans compromised computers over the Internet.
 IRC Worms: IRC Worms spread through Internet Relay Chat (IRC) chat channels,
sending infected files or links to infected websites.
 File sharing Worms: File sharing Worms place a copy of them in a shared folder and
distribute them via Peer To Peer network.
What is a Computer Worm?
 Bandwidth is consumed and servers are overloaded that causes harm to the network.
 Also rather than spreading and destroying the network, codes are written inside the worm
so that the systems are destroyed with these codes. These codes steal data or create
backdoors so that other systems can control the system.
 The codes also called payloads to destroy the system in a way that the infected systems
are used to spread spams and destroy the entire network.
 Computer worms need no assistance and also they replicate by themselves.
 The worms use the contacts of the infected system to send mails through which other
systems are infected by opening those emails.
 Once the mail is opened, the worm is downloaded and it does its work for some time
without any further actions.
 Only after the system is infected, the user will know about the worm.
 Computer worms need not be attached to any software. They spread to other systems by
all means.
  Worms either modify or delete the files of the system thereby overloading the system and
hence the network.
 The worm creates space for a hacker to enter the system and destroy the entire network.
 Computer worms destroy the data worth years and are very malicious. Protecting our data
from worms is very important.
 Security features are mostly exploited by the worms.
 Some worms also try to change the system settings.
 Examples of worms include Morris Worm, Storm Worm, SQL Slammer and so on.
 Morris developed a few lines of code to know how vast the internet is but the codes had
bugs that destroyed the host systems and caused damage worth millions.
 Storm worm, as the name suggests sends mails of a news report regarding the storm.
Once opened the system is affected and other contacts are also sent emails. This worm
was created in 2007. Many believe that the systems are still affected by this worm which
the user does not know.
 SQL Slammer created many IP addresses that were not protected with any security. This
worm affected many major websites and hence the vulnerabilities of the system were
exposed.
 Automatic updates should be done for all the applications to avoid potential attacks from
worms.
 Most worms are identified with the help of antiviruses but since many worms are created
on a daily basis, some are not detected.
 Stuxnet is a famous computer worm that was intended to destroy Iran’s nuclear plans.
Top 5 Types of Computer Worms
Computer worms are classified based on the way they are distributed in the systems. Some are
explained below.
1. Email Worms
The email box is used as a client by the worm. The mail has infected link or attachment which
once opened downloads the worm. This worm searches the email contacts of the infected system
and sends links so that those systems are also destroyed. These worms have double extensions
like mp4 or video extensions so that the user believes it to be media extensions. These worms do
not have a downloadable link but a short link to open the same. The link is clicked and the worm
is downloaded, it either deletes the data or modifies the same and the network is destroyed. An
example of an email worm is ILOVEYOU worm which infected computers in 2000.
2. Internet Worms
Internet is used as a medium to search other machines vulnerable and affect them. Those systems
where the antiviruses are not installed are affected easily with these worms. Once the machines
are located they are infected and the same process is started all over again in those systems. This
is used to check the recent updates and security measures if the system hasn’t installed any. The
worm spreads through the internet or local area network connections.
3. File-Sharing Network Worms
When a file from an unknown source is downloaded, the file may have worm which locates a
shared folder and destroys other files. When another system downloads file from the same
network, the worm locates that system as well and is replicated. And the process is repeated for
all the systems in the network. These worms are media or other extensions and hence users can
easily download the same thinking that they are an extension of the files. A worm ‘Phatbot’
infected computers in 2004 through sharing files. This worm has stolen personal information
such as credit card details and destroyed many systems on an unprecedented scale.
4. Instant Message and Chat Room Worms
These worms work as email worms as the contacts from chat rooms are taken and messages are
sent to those contacts. Once the contact accepts the invitation and opens the message or link, the
system is infected. The worms have either links to open websites or attachments to download.
These worms are not as effective as other worms. Users can destroy these worms by changing
the password and deleting the messages.
Computer Worms
A computer worm is a self-replicating computer program. It uses a network to send copies of
itself to other nodes on the network. It may do this without any user intervention. Unlike a
computer virus, a computer worm does not need to attach itself to an existing program. Worms
tend to harm the network by consuming network bandwidth where viruses infect or corrupt files
on the targeted computer.
Def: A computer worm is a program that copies itself from one computer to another computer.
e.g.The Morris worm was one of the first computer worms distributed via the Internet. It is
considered the first worm and was certainly the first to gain significant mainstream media
attention. It was written by a graduate student at Cornell University, Robert Morris Jr, and
launched on November 2, 1988 from MIT.
The worm was released from MIT to disguise the fact that the worm originally came from
Cornell.
Morris ended up with a $10,050 fine, 3 yrs suspended jail sentence, and 400 hours of community
service.
What the worm did:
1. determines where it could spread
2. spreads its infection
3. remains undiscovered & undiscoverable
What its effect was:
1. resource exhaustion – due to program flaw
2. 2nd order effect: disconnection of many systems from the network
3. 3rd order effect: isolation and inability to perform necessary work
6,000 major UNIX (SUN and Berkeley) installations down
estimated damage $100,000 - $97,000,000
How it worked:
1. password guessing via rexec/rsh
system error - /etc/passwd
user error – common passwords
2. fingerd buffer overflow
3. sendmail trap door
How it spread:
1. target machine, loader, get rest of worm
one time password
2. undiscovered & undiscoverable
encrypt, delete from disk, change name
3. CERT – Computer Emergency Response Team
What is the main difference between a worm and a virus?
The main difference between a computer worm and a computer virus is that worms can spread
independently, without being attached to a host file or program. Some people describe computer
worms as a subset of computer viruses, but it’s more common to consider worms and viruses as
two subcategories of malicious software (malware).
How a computer virus spreads
A virus infects your device by inserting its code (or payload) into a program or file and
borrowing your system’s resources to copy itself and spread. That’s why viruses are sometimes
referred to as “file infectors.”
A computer virus lives within a host, such as a document or executable file, and requires
human interaction to spread. That means a virus lies dormant until you inadvertently trigger it
by executing the file.
Once active, a self-replicating virus starts to copy itself and spread. Viruses can cause many
forms of damage, such as corrupting files or apps, harming your computer performance, and
infecting more and more devices (and people). 
An example of a virus infection
Here’s a typical example of how you can get infected by a computer virus: You receive an email
(that you’re not expecting) with an intriguing (clickbait) title like “Made some changes — please
check.” Attached to the email is a file with a name like “Updates” — it may be a DOC or EXE
file.
A computer virus lives within a host, such as a document or executable file, and requires human
interaction to spread.
If it’s a DOC file, once you download it, you’ll be prompted to enable macros (programmed
rules that help simplify repetitive tasks). This action triggers the virus. 
If the file is an EXE, downloading it and running it triggers the virus. The virus will then
commandeer your computer’s resources to copy itself and spread, damaging your devices and
files or stealing your personal data.
How a computer worm spreads
A worm is different from a virus, because it doesn’t require a host or human interaction to spread
and wreak havoc. It’s also self-replicating malware, but it’s the stand-alone variety. Worms often
spread through a software vulnerability.
A security flaw, or vulnerability, is created accidentally by developers while they’re writing a
program or developing an operating system. Hackers later discover the vulnerability, and write
code to exploit it. They use the exploit to push malware in through the uncovered “hole” and into
your system. The scary part is that you may have no idea you’ve been infected. 
A worm is different from a virus, because it doesn’t require a host or human interaction to spread
and wreak havoc.
Some security flaws are so dangerous that they become notorious — like EternalBlue, which
caused the colossal WannaCry attack, or BlueKeep, which may still affect one million Windows
PCs.
Once a worm is in your system, it can scan the network to detect any other devices that contain
the same vulnerability. The worm then jumps to all of those devices, infecting them and
repeating the process all over again. A worm can also spread through an infected file or program.
An example of a worm infection
Here’s a typical example of getting a worm infection: You get a notification that Windows has a
critical security update. But you’re busy doing something else, so you ignore it, and then forget
to install it later. That update was intended to fix a security vulnerability, but since you didn’t
apply the update, the hole (vulnerability) remains in your system. 
Sooner or later, an enterprising hacker finds this hole and exploits it. Then, while you’re busy
working or gaming, a worm burrows into your computer and begins replicating itself,
compromising your data and causing all kinds of other damage. 
Before you have a chance to realize what’s happening, the worm scans your network. It finds
that you haven’t applied the update on your other computer either, and neither has your spouse.
The worm quickly spreads to all those devices, too. 
Still unaware of any problem, you decide to head out for a cup of coffee. You sit down with your
laptop at your local café and connect to their Wi-Fi. The worm scans the coffee shop’s network,
finding and infecting a dozen more devices (and people) that have the same vulnerability. Those
people eventually go home, and their devices then infect their family members’ devices too, and
so on.
Summarizing the differences between viruses and worms
Virus Worm

 Requires a host  Spreads independently

 Triggered by human interaction  Doesn’t require human interaction
 Often arrives through an infected file or  Often arrives through a software
program (file-infector) vulnerability

There are similarities, too

Despite the distinctions outlined above, worms and viruses do behave similarly in other respects.
The main similarity is that both viruses and worms self-replicate and spread rapidly. In fact,
both can spread exponentially, giving them extreme potential for damage. When it comes to
viruses vs. worms, it’s safe to say you want to stay far away from both.
Both viruses and worms can spread exponentially.

Which is more dangerous, a computer virus or worm?

Though there can be a scale of danger among viruses and worms, worms are generally
considered more dangerous. Worms are sneakier, because they can infect you without you even
realizing it. And new strains of viruses (or file-infectors) are hard to find these days, while
worms are much more common.
Both worms and viruses have huge potential to cause security and privacy problems. A minor
malware infection can damage files, programs, or devices. But more damaging infections can
steal your sensitive personal data, which could lead to identity fraud and monetary theft. 

Small companies, large corporations, health care systems, and even countries can be hit hard by
malware. Viruses and worms can cause large scale data leaks, data loss or theft, expensive repair
costs, reputational damage, and even cyberwarfare.
Virus vs. worm: which one do I have?
All types of malware have some similar traits and characteristics. That can make it extremely
difficult to determine which form of malicious software you have, because they can cause very
similar symptoms. In general, look out for these tell-tale signs of a malware infection:
 Unexplained slow performance  Missing or corrupted files
 Changed settings or new apps that  A hyperactive processor
you didn’t configure yourself  Sudden loss of storage space
 Lots of crashes or freezes  Tons of pop-ups
If you notice any of these symptoms, it’s time to find out what’s plaguing your machine.
What to do if you have a virus or worm?
If your device is suffering from any of the malware symptoms above, you should immediately
perform a malware scan. Unless you’re a malware expert, it can be extremely difficult to find
and diagnose the infection yourself.
An ounce of prevention is worth a pound of cure, as the old adage goes, and that applies tenfold
when it comes to viruses and worms. Learn how to protect yourself now and you’ll never have to
worry about damaged files, stolen personal data, or spreading the infection to your friends and
family in the future.
Avoid opening suspicious emails and links
When it comes to the internet, a healthy dose of skepticism is often warranted. Don’t open
emails from unknown sources. Even if it’s from a trusted contact, but it doesn’t sound like
them, proceed cautiously. Their device may be infected with malware that’s now spamming their
contacts. Be especially careful with links and attachments. That includes links you receive on
messaging apps and social media. 
Download apps and media only from trusted sources
Apple’s App Store and the Google Play store vet developers and their apps and test them for
security. While it’s not 100% foolproof, it’s much safer than downloading programs on a third-
party website. 
Use an ad blocker
Malvertising refers to infected ads that can spread malware on your device if you click on them.
Malvertising can also insert malware into ad networks that distribute ads across the internet. That
means malicious ads can show up even on legitimate, trustworthy sites. An ad blocker will
prevent ads from loading, so you never even see them. And an ad blocker will also help prevent
drive-by downloads, whereby infected ads get into your system without even being clicked on.
Use a trusted antivirus
Viruses, worms, Trojans, ransomware — you can prevent them all with a robust cybersecurity
tool like AVG AntiVirus FREE. AVG provides 24/7 protection to detect and block all types of
malware before it can get anywhere near your system. And extra, built-in defenses against
infected email attachments, malicious downloads, and unsafe links means you always stay safe
against the most common virus and worm vectors.

The Difference between a Computer Virus and Computer Worm

What is a Computer Virus?
Computer viruses are named after human viruses that spread from person to person. A
computer virus is a program made of malicious code that can propagate itself from device to
device. Like a cold that alters your well-being, when your computer is infected, it alters the way
your computer operates, can destroy your files, or prevent it from working altogether.
A virus typically attaches itself to a program, file, or the boot sector of the hard drive. Once the
virus attaches itself to that file or program (aka, the host), they’re infected.
When the infected application or file runs in the computer, the virus activates and executes in the
system. It continues to replicate and spread by attaching replicas of itself to other files and
applications in the system.
How Does a Computer Virus Spread?
A virus spreads when the infected file or program migrates through networks, file collaboration
apps, email attachments, and USB drives. Once a user opens the infected file or program, the
vicious cycle repeats itself all over again.
Typically, the host program continues to function after the viral infection, but some viruses
overwrite entire programs with copies of themselves, which corrupts and destroys the host
program altogether. Viruses can also attack data: they can disrupt access, corrupt, and/or destroy
your data.
What’s a Computer Worm?
Worms are a self-replicating type of malware (and a type of virus) that enter networks by
exploiting vulnerabilities, moving quickly from one computer to another. Because of this, worms
can propagate themselves and spread very quickly – not only locally, but have the potential to
disrupt systems worldwide.
Unlike a typical virus, worms don’t attach to a file or program. Instead, they slither and enter
computers through a vulnerability in the network, self-replicating and spreading before you’re
able to remove the worm. But by then, they’ll already have consumed all the bandwidth of the
network, interrupting and arresting large network and web servers.
A Modern Computer Worm Story
In 2017, the WannaCry worm attack caused damage worth hundreds of millions to billions of
dollars. Also known as WannaCry ransomware, this attack is a hybrid of ransomware and a
worm – specifically cryptoworm.
Ransomware is a type of malware that holds a user’s data hostage: it encrypts data and asks the
victim to pay a ransom, betting on the user’s willingness to pay to restore the user’s data.
Ransomware infections often occur through phishing campaigns.
Instead, WannaCry took advantage of a vulnerability in Microsoft’s SMB Version 1 file sharing
protocol, typically used by Windows machines to communicate with file systems over a network.
Those who didn’t patch SMB Version 1 learned the hard way about the perils of forgetting to
patch their systems.
WannaCry leveraged EternalBlue, a Windows SMB protocol exploit, to gain access, install a
backdoor, and download software –  infecting the systems.
In short, WannaCry self-propagated, self-replicated, and quickly traversed entire networks,
causing worldwide damage.
How to Protect Yourself from Computer Viruses and Computer Worms
Here are some simple ways to protect yourself:
 Install anti-virus software and firewall
 Track potential data exfiltration at the edge and attacks at the point of entry
 Remember to regularly install security patches
 Monitor and analyze file and user behavior
 Leverage security analytics to spot suspicious behavior
  Set up alerts to notify you automatically and immediately when an anomaly occurs
Difference between Worms and Virus
1. Worms : 
Worms are similar to a virus but it does not modify the program. It replicates itself more and
more to cause slow down the computer system. Worms can be controlled by remote. The main
objective of worms is to eat the system resources. 
2. Virus : 
A virus is a malicious executable code attached to another executable file that can be harmless or
can modify or delete data. When the computer program runs attached with a virus it performs
some action such as deleting a file from the computer system. Viruses can’t be controlled by
remote. 

Difference between Worms and Virus : 

 
S.No. WORMS VIRUS
A Virus is a malicious executable code
A Worm is a form of malware that attached to another executable file which
1. replicates itself and can spread to can be harmless or can modify or delete
different computers via Network. data. 

The main objective of worms is to eat the The main objective of viruses is to modify
2.
system resources. the information.
It doesn’t need a host to replicate from
3. It requires a host is needed for spreading.
one computer to another.
4. It is less harmful as compared. It is more harmful.
Worms can be detected and removed by Antivirus software is used for protection
5.
the Antivirus and firewall. against viruses.
6. Worms can be controlled by remote. Viruses can’t be controlled by remote.
Worms are executed via weaknesses in the
7. Viruses are executed via executable files.
system.
Internet worms, Instant messaging Boot sector virus, Direct Action virus,
worms, Email worms, File sharing worms, Polymorphic virus, Macro virus,
8.
Internet relay chat (IRC) worms are Overwrite virus, File Infector virus are
different types of worms. different types of viruses
Examples of worms include Morris worm, Examples of viruses include Creeper,
9.
storm worm, etc. Blaster, Slammer, etc.
It does not need human action to
10. It needs human action to replicate.
replicate.a that
11. Its spreading speed is faster. Its spreading speed is slower as compared.

Virus versus Worm: The Basics

First thing’s first. What’s the difference between a computer worm and a virus?
Let’s look at some definitions.
Computer Virus
A computer virus is a malicious piece of code that is designed to spread from device to device by
self-replicating. It’s written by cybercriminals to attach, overwrite, or otherwise replace another
program on your computer in order to reproduce itself without your knowledge.
A virus can cause a number of problems on an infected device. It can damage data, destroy files,
siphon your private information, format hard drives, or make disks unreadable. A virus can enter
your computer as an email attachment, in a downloaded file, or hidden on a zip drive or CD. It’s
usually not obvious that a virus is present on a website, in an email or elsewhere.
Computer Worm
A computer worm is a type of malware that reproduces itself and spreads over network
connections. It doesn’t usually infect computer files but instead infects another computer on the
network.
They’re a form of malware which runs invisibly in the background and overtakes parts of an
operating system. It’s pretty hard to tell you’re dealing with a worm until your systems are
slowed down and your device’s resources are consumed.
Worm infections are especially egregious, as they can spread without user interaction. Once a
computer worm is active on an infected system, it’s able to spread throughout a network. In the
past, computer worms used to attack through infected storage media, like CDs and later USB
drives.
Now, emails are a common gateway for these worms to spread, as they can create and send
outbound messages to all addresses in a user’s contact list.

While they might seem similar by the definitions alone, viruses and worms have different end
goals.
The main difference between computer worms and viruses is that a worm is a self-replicating
program that spreads without user interaction. Viruses, on the other hand, generally require some
action on the part of a user to spread, despite the fact that they are also self-replicating.
How do Computer Viruses and Worms spread?
Cybercriminals have gotten way more creative in the past few years. Gone are the days of
relying on malicious floppy disks to deliver a virus.
Nowadays, with the prevalence of Wi-Fi connections and increasingly more gadgets connected
to the internet, cybercriminals developed a wider variety of ways to infect someone’s device.
They rely on a combination of social engineering and system vulnerabilities to deliver
malicious code.
Email
Emails are a popular way to spread different types of malware, like trojans or
ransomware. Email attachments can carry some pretty shady code, which is why most email
providers offer an attachment scanner service. However, this isn’t 100% fool-proof, so keep in
mind to be mindful of attachments, especially from senders you don’t know.
Which is More Dangerous: a Computer Virus or Worm
Both computer viruses and worms are dangerous. But the damage they can do depends on what
they were programmed to do. Some variants are coded to be mainly nuisances and just plaster
you with pop-ups.
Others are designed to steal your private and financial information. This spells disaster for
your privacy.
In general, the damage caused by a virus or a worm are similar and depends on the malicious
code it is hiding. Some are meant to be nothing more than minor nuisances and just pester you
with annoying, vulgar popups. However, others are designed to steal private information,
including financial details.
But, the general consensus amongst experts is that a worm is more dangerous than a virus
because it can spread much quicker. For example, a worm can be created to infect all your email
contacts. It will infect your contacts and infect their contacts and so on. Viruses, on the other
hand, require you to do something for it to infect your computer.
How to Detect a Virus or a Worm
It might not always be easy to know when you are dealing with a computer worm or a virus.
They’re not like ransomware, where you get a in-your-face notification.
With worms and viruses, it’s harder to tell that malware is actively poking around your system.
So it’s important to exercise caution and be mindful of any recent changes.
But if you have reason to suspect you’re dealing with a virus or a worm infection, here’s what
you need to look out for.

What to Do if You Have a Virus or Worm

Whether you’re noticing your device is acting strangely or your security software notified you
about the threat of a virus or a worm, you might find yourself wondering about the best course of
action.
If you find that your device is infected with a worm or virus, the steps for minimizing damage
and removal are quite simple.
First, you need to minimize the damage. While it might seem easier said than done, it is really
quite simple. The easiest way to do this is to shut off your internet and cut all internet access to
your devices. It will prevent the worm or virus from transmitting your data and “blind” the
cybercriminal.
Next, you need to run a virus scan and delete any suspicious files. We recommend saving all
important documents to an external hard drive, USB stick, or secured cloud.
Lastly, you need to remove the malicious code. Run your antivirus program (and make sure it
is updated). Most times, the antivirus program will be able to locate and isolate the threat. If for,
whatever reason, the worm or virus will not leave quietly, you can restore your computer to its
factory settings. But remember, this will cause you to lose all your data.
How to Protect Yourself from Computer Viruses and Computer Worms
A good defense is the best offense.
Here are 8 things you can do to protect your devices from viruses and worms.
1. Use a good antivirus. It will help recognize and protect your devices against most
known viruses. However, as attackers are continually writing new viruses, it is important
to always update your antivirus.
2. Use strong and unique passwords. Use a password manager to help you manage them.
Do not use the same password for every website.
3. Enable two-factor authentication (2FA) to prevent unauthorized access to your
accounts.
4. Use a VPN. This will add another layer of encryption to protect your connections.
 5. Don’t ignore device updates. Whether they’re for your operating system or an app, they
can provide essential security patches.
6. Enable your firewall. Firewalls prevent certain types of infection by blocking malicious
traffic before it can enter your computer.
7. Avoid clicking on suspicious links or attachments. Even if you know the sender, it’s
always a good idea to run a scan and check all shortened links.
8. Use only HTTPS web connections to enter your personal details.
Overview
Malware, viruses, and worms are all cyber security threats. While they are each
different things, the threats they pose intersect in important ways.
Malware
Malware is a general term that encompasses all software designed to do harm. You can compare
the term “malware” to the term “vehicle.” All software-based threats are malware, just like all
cars and trucks are vehicles. 
However, similar to vehicles, there are many different kinds of malware. In other words, you can
have a car, an SUV, and a truck, and you would have three vehicles. But not every vehicle is a
car, a truck, or an SUV. Similarly, viruses and worms are both malware, but not all malware is a
virus or a worm.
Virus
Viruses can be spread from one computer to another inside files. For the virus to be activated,
someone has to trigger it with an external action. For example, a virus can be embedded inside a
spreadsheet. If you download the spreadsheet, your computer will not necessarily be infected.
The virus gets activated once you open the spreadsheet.
Worm
With a worm, there is no need for the victim to open up any files or even click on anything. The
worm can both run and spread itself to other computers. Because a worm has the ability to
automatically propagate itself, you can get a worm in your computer just because it is on the
same network as another infected device.
Comparative Analysis of Malware, Virus, and Worm
All worms and viruses or malware, but there are significant differences between worms and
viruses. Malware, being a general term, can also include many other threats. However, a worm
behaves in a very specific way, making it significantly different than a virus.
 A worm can replicate and spread itself from one computer to another. On the other hand, a virus
cannot self-replicate, and it needs to be sent by a user or software to travel between two different
computers.
Malware, Virus or Worm: What Is More Dangerous?
While it is difficult to say which is the most dangerous, the following is generally true.
Malware vs. Worm vs. Virus
In a comparison of malware vs. worm, malware is more dangerous because it encompasses both
worms and all other software-based threats, such as spyware, ransomware, and Trojans. The
same can be said of the malware vs. virus conversation. Trying to ascertain which is more
dangerous—malware, viruses, or worms—is like trying to figure out which is better at
transporting people: vehicles, cars, or trucks.
Virus vs. Worm
On the other hand, the "virus vs. worm" discussion is a little more nuanced. Both viruses and
worms can do significant damage to your computer, but the ways in which they spread and are
activated can make one a more significant danger than the other. In many cases, it depends on
how your network is structured.
Why a Worm is Dangerous

If your network consists of many computers connected to each other in a ring formation, then a
worm may be a bigger threat than a virus. The same could be said of a network set up in a hub
formation with a server in the middle that serves all the computers in the network, particularly if
the server does not have adequate antimalware defenses.
In these kinds of architectures, a worm, once introduced to one computer, can replicate itself and
spread to the other computers in the network. This can give one worm the power to infect the
entire network. If a virus is introduced to an unprotected hub-and-spoke network or a ring
network, users will still have to send the virus to each other and then open the file for each
computer in the network to get infected.
Why a Virus is Just as Dangerous
On the surface, a worm, which is also referred to as a worm virus, will appear more dangerous
than a virus, but because computers within an organization's network interact with the internet
often more than they do with each other, viruses can be just as dangerous. For example, a single
website that several users visit can download a virus to their computers, and when they open the
file containing the virus, all of them can get infected.  
In many situations, a worm's functionality can also work against itself. Because the worm is
designed to spread from one computer to another, it risks the chance of exposing itself with each
lateral move. If, for example, a worm has to go through a firewall as it tries to go from one
computer to the next, the firewall may detect it. At that point, system administrators can use
relatively basic forensic analysis to figure out where the worm came from.
This is not the case with viruses. Several users can download the same or different viruses, and
figuring out where they came from, especially if they did not come from the same emails or
websites, can present a significant challenge.
Therefore, the difference between malware and a virus is not as much of a factor as is the
difference between a virus and a worm. The same can be said of the difference between malware
and worm because malware encompasses worms.  
How To Protect Devices from Malware, Viruses, and Worms
There are several ways to protect your computer from threats like viruses, worms, and other
malware:
1. Use an effective antimalware program.
2. Learn how to recognize malicious programs. Keep an eye out for applications that look or
behave suspiciously, as well as your computer running slowly or overheating.
3. Avoid downloads from suspicious websites.
4. Use a firewall.

Introduction
Viruses, worms, Trojans, and bots are all part of a class of software called "malware." Malware
is short for "malicious software," also known as malicious code or "malcode." It is code or
software that is specifically designed to damage, disrupt, steal, or in general inflict some other
"bad" or illegitimate action on data, hosts, or networks.
There are many different classes of malware that have varying ways of infecting systems and
propagating themselves. Malware can infect systems by being bundled with other programs or
attached as macros to files. Others are installed by exploiting a known vulnerability in an
operating system (OS), network device, or other software, such as a hole in a browser that only
requires users to visit a website to infect their computers. The vast majority, however, are
installed by some action from a user, such as clicking an email attachment or downloading a file
from the Internet.
Some of the more commonly known types of malware are viruses, worms, Trojans, bots,
ransomware, backdoors, spyware, and adware. Damage from malware varies from causing minor
irritation (such as browser popup ads), to stealing confidential information or money, destroying
data, and compromising and/or entirely disabling systems and networks.
In addition to damaging data and software residing on equipment, malware has evolved to target
the physical hardware of those systems. Malware should also not be confused with defective
software, which is intended for legitimate purposes but contains errors or "bugs."
Classes of Malicious Software
Two of the most common types of malware are viruses and worms. These types of programs are
able to self-replicate and can spread copies of themselves, which might even be modified copies.
To be classified as a virus or worm, malware must have the ability to propagate. The difference
is that a worm operates more or less independently of other files, whereas a virus depends on a
host program to spread itself. These and other classes of malicious software are described below.
Ransomware
Ransomware is a type of malicious software that threatens to publish the victim's data or
perpetually block access to it unless a ransom is paid. While some simple ransomware may lock
the system in a way that is not difficult for a knowledgeable person to reverse, more advanced
malware uses a technique called cryptoviral extortion, which encrypts the victim's files, making
them inaccessible, and demands a ransom payment to decrypt them.
Viruses
A computer virus is a type of malware that propagates by inserting a copy of itself into and
becoming part of another program. It spreads from one computer to another, leaving infections as
it travels. Viruses can range in severity from causing mildly annoying effects to damaging data
or software and causing denial-of-service (DoS) conditions. Almost all viruses are attached to
an executable file, which means the virus may exist on a system but will not be active or able to
spread until a user runs or opens the malicious host file or program. When the host code is
executed, the viral code is executed as well. Normally, the host program keeps functioning after
it is infected by the virus. However, some viruses overwrite other programs with copies of
themselves, which destroys the host program altogether. Viruses spread when the software or
document they are attached to is transferred from one computer to another using the network, a
disk, file sharing, or infected email attachments.
Worms
Computer worms are similar to viruses in that they replicate functional copies of themselves and
can cause the same type of damage. In contrast to viruses, which require the spreading of an
infected host file, worms are standalone software and do not require a host program or human
help to propagate. To spread, worms either exploit a vulnerability on the target system or use
some kind of social engineering to trick users into executing them. A worm enters a computer
through a vulnerability in the system and takes advantage of file-transport or information-
transport features on the system, allowing it to travel unaided. More advanced worms leverage
encryption, wipers, and ransomware technologies to harm their targets.
Trojans
A Trojan is another type of malware named after the wooden horse that the Greeks used to
infiltrate Troy. It is a harmful piece of software that looks legitimate. Users are typically tricked
into loading and executing it on their systems. After it is activated, it can achieve any number of
attacks on the host, from irritating the user (popping up windows or changing desktops) to
damaging the host (deleting files, stealing data, or activating and spreading other malware, such
as viruses). Trojans are also known to create backdoors to give malicious users access to the
system. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they
self-replicate. Trojans must spread through user interaction such as opening an email attachment
or downloading and running a file from the Internet.
Bots
"Bot" is derived from the word "robot" and is an automated process that interacts with other
network services. Bots often automate tasks and provide information or services that would
otherwise be conducted by a human being. A typical use of bots is to gather information, such
as web crawlers, or interact automatically with Instant Messaging (IM), Internet Relay Chat
(IRC), or other web interfaces. They may also be used to interact dynamically with websites.
Bots can be used for either good or malicious intent. A malicious bot is self-propagating malware
designed to infect a host and connect back to a central server or servers that act as a command
and control (C&C) center for an entire network of compromised devices, or "botnet." With a
botnet, attackers can launch broad-based, "remote-control," flood-type attacks against their
target(s).
In addition to the worm-like ability to self-propagate, bots can include the ability to log
keystrokes, gather passwords, capture and analyze packets, gather financial information, launch
Denial of Service (DOS) Attacks, relay spam, and open backdoors on the infected host. Bots
have all the advantages of worms, but are generally much more versatile in their infection vector
and are often modified within hours of publication of a new exploit. They have been known to
exploit backdoors opened by worms and viruses, which allows them to access networks that have
good perimeter control. Bots rarely announce their presence with high scan rates that damage
network infrastructure; instead, they infect networks in a way that escapes immediate notice.
Advanced botnets may take advantage of common internet of things (IOT) devices such as home
electronics or appliances to increase automated attacks. Crypto mining is a common use of these
bots for nefarious purposes.

Distribution Channels for Malware

Advanced malware typically comes via the following distribution channels to a computer or
network:

 Drive-by download—Unintended download of computer software from the Internet

 Unsolicited email —Unwanted attachments or embedded links in electronic mail
 Physical media—Integrated or removable media such as USB drives
 Self propagation—Ability of malware to move itself from computer to computer or
network to network, thus spreading on its own
What is a computer virus?

A computer virus is a malicious piece of computer code designed to spread from device to
device. A subset of malware, these self-copying threats are usually designed to damage a device
or steal data.

Think of a biological virus – the kind that makes you sick. It’s persistently nasty, keeps you from
functioning normally, and often requires something powerful to get rid of it. A computer virus is
very similar. Designed to replicate relentlessly, computer viruses infect your programs and files,
alter the way your computer operates or stop it from working altogether.
What does a computer virus do?
Some computer viruses are programmed to harm your computer by damaging programs, deleting
files, or reformatting the hard drive. Others simply replicate themselves or flood a network with
traffic, making it impossible to perform any internet activity. Even less harmful computer viruses
can significantly disrupt your system’s performance, sapping computer memory and causing
frequent computer crashes.
How does a computer get a virus?
Even if you’re careful, you can pick up computer viruses through normal Web activities like:  
 Sharing music, files, or photos with other users
 Visiting an infected website
 Opening spam email or an email attachment
 Downloading free games, toolbars, media players and other system utilities
 Installing mainstream software applications without thoroughly reading license
agreements
How do computer viruses spread?
Viruses can be spread several ways, including via networks, discs, email attachments or external
storage devices like USB sticks. Since connections between devices were once far more limited
than today, early computer viruses were commonly spread through infected floppy disks.
What are the symptoms of a computer virus?
Your computer may be infected if you recognize any of these malware symptoms:  
 Slow computer performance
 Erratic computer behavior
 Unexplained data loss
 Frequent computer crashes
How are computer viruses removed?
Antiviruses have made great progress in being able to identify and prevent the spread of
computer viruses. When a device does become infected, though, installing an antivirus solution
is still your best bet for removing it. Once installed, most software will conduct a “scan” for the
malicious program. Once located, the antivirus will present options for its removal. If this is not
something that can be done automatically, some security vendors offer a technician’s assistance
in removing the virus free of charge.
Examples of computer viruses
In 2013, the botnet virus Gameover ZueS was discovered to use peer-to-peer downloading sites
to distribute ransomware and commit banking fraud. While tens of thousands of computer
viruses still roam the internet, they have diversified their methods and are now joined by several
malware variants like:
 Worms - A worm is a type of virus that, unlike traditional viruses, usually does not
require the action of a user to spread from device to device.
 Trojans - As in the myth, a Trojan is a virus that hides within a legitimate-seeming
program to spread itself across networks or devices.
 Ransomware - Ransomware is a type of malware that encrypts a user’s files and demands
a ransom for its return. Ransomware can be, but isn’t necessarily, spread through
computer viruses.
Computer virus protection
When you arm yourself with information and resources, you’re wiser about computer security
threats and less vulnerable to threat tactics. Take these steps to safeguard your PC with the best
computer virus protection:  
 Use antivirus protection and a firewall
 Get antispyware software
 Always keep your antivirus protection and antispyware software up-to-date
 Update your operating system regularly
 Increase your browser security settings
 Avoid questionable Websites
 Only download software from sites you trust.
 Carefully evaluate free software and file-sharing applications before downloading them.  
 Don't open messages from unknown senders
 Immediately delete messages you suspect to be spam
A computer virus, much like a flu virus, is designed to spread from host to host and has the
ability to replicate itself. Similarly, in the same way that flu viruses cannot reproduce without a
host cell, computer viruses cannot reproduce and spread without programming such as a file or
document.
How does a computer virus attack?
Once a virus has successfully attached to a program, file, or document, the virus will lie dormant
until circumstances cause the computer or device to execute its code. In order for a virus to infect
your computer, you have to run the infected program, which in turn causes the virus code to be
executed.
This means that a virus can remain dormant on your computer, without showing major signs or
symptoms. However, once the virus infects your computer, the virus can infect other computers
on the same network. Stealing passwords or data, logging keystrokes, corrupting files, spamming
your email contacts, and even taking over your machine are just some of the devastating and
irritating things a virus can do.
While some viruses can be playful in intent and effect, others can have profound and damaging
effects. This includes erasing data or causing permanent damage to your hard disk. Worse yet,
some viruses are designed with financial gains in mind.
How do computer viruses spread?
In a constantly connected world, you can contract a computer virus in many ways, some more
obvious than others. Viruses can be spread through email and text message attachments, Internet
file downloads, and social media scam links. Your mobile devices and smartphones can become
infected with mobile viruses through shady app downloads. Viruses can hide disguised as
attachments of socially shareable content such as funny images, greeting cards, or audio and
video files.
To avoid contact with a virus, it’s important to exercise caution when surfing the web,
downloading files, and opening links or attachments. To help stay safe, never download text or
email attachments that you’re not expecting, or files from websites you don’t trust.
What are the signs of a computer virus?
A computer virus attack can produce a variety of symptoms. Here are some of them:
 Frequent pop-up windows. Pop-ups might encourage you to visit unusual sites. Or they
might prod you to download antivirus or other software programs.
 Changes to your homepage. Your usual homepage may change to another website, for
instance. Plus, you may be unable to reset it.
 Mass emails being sent from your email account. A criminal may take control of your
account or send emails in your name from another infected computer.
 Frequent crashes. A virus can inflict major damage on your hard drive. This may cause
your device to freeze or crash. It may also prevent your device from coming back on.
 Unusually slow computer performance. A sudden change of processing speed could
signal that your computer has a virus.
 Unknown programs that start up when you turn on your computer. You may
become aware of the unfamiliar program when you start your computer. Or you might
notice it by checking your computer’s list of active applications.
 Unusual activities like password changes. This could prevent you from logging into
your computer.
How to help protect against computer viruses?
How can you help protect your devices against computer viruses? Here are some of the things
you can do to help keep your computer safe.
 Use a trusted antivirus product, such as Norton AntiVirus Basic, and keep it updated with
the latest virus definitions. Norton Security Premium offers additional protection for even
more devices, plus backup.
 Avoid clicking on any pop-up advertisements.
 Always scan your email attachments before opening them.
 Always scan the files that you download using file sharing programs.
What are the different types of computer viruses?
1. Boot sector virus
This type of virus can take control when you start — or boot — your computer. One way
it can spread is by plugging an infected USB drive into your computer.
2. Web scripting virus
This type of virus exploits the code of web browsers and web pages. If you access such a
web page, the virus can infect your computer.
3. Browser hijacker
This type of virus “hijacks” certain web browser functions, and you may be automatically
directed to an unintended website.
4. Resident virus
This is a general term for any virus that inserts itself in a computer system’s memory. A
resident virus can execute anytime when an operating system loads.
 5. Direct action virus
This type of virus comes into action when you execute a file containing a virus.
Otherwise, it remains dormant.
6. Polymorphic virus
A polymorphic virus changes its code each time an infected file is executed. It does this
to evade antivirus programs.
7. File infector virus
This common virus inserts malicious code into executable files — files used to perform
certain functions or operations on a system.
8. Multipartite virus
This kind of virus infects and spreads in multiple ways. It can infect both program files
and system sectors.
9. Macro virus
Macro viruses are written in the same macro language used for software applications.
Such viruses spread when you open an infected document, often through email
attachments.
How to remove computer viruses
You can take two approaches to removing a computer virus. One is the manual do-it-yourself
approach. The other is by enlisting the help of a reputable antivirus program.
Want to do it yourself? There can be a lot of variables when it comes to removing a computer
virus. This process usually begins by doing a web search. You may be asked to perform a long
list of steps. You’ll need time and probably some expertise to complete the process.
If you prefer a simpler approach, you can usually remove a computer virus by using an antivirus
software program. For instance, Norton AntiVirus Basic can remove many infections that are on
your computer. The product can also help protect you from future threats.
Separately, Norton also offers a free, three-step virus clean-up plan. Here’s how it works.
1. Run a free Norton Security Scan to check for viruses and malware on your devices. Note:
It does not run on Mac OS.
2. Use Norton Power Eraser’s free virus and malware removal tool to destroy existing
viruses. Need help? A Norton tech can assist by remotely accessing your computer to
track down and eliminate most viruses.
3. Install up-to-date security software to help prevent future malware and virus threats.
What Is a Computer Virus?
Definition
A computer virus is a malicious application or authored code used to perform destructive activity
on a device or local network. The code’s malicious activity could damage the local file system,
steal data, interrupt services, download additional malware, or any other actions coded into the
program by the malware author. Many viruses pretend to be legitimate programs to trick users
into executing them on their device, delivering the computer virus payload.
Types of Computer Viruses
Every virus has a payload that performs an action. The threat actor can code any malicious
activity into the virus payload, including simple, innocuous pranks that don’t do any harm. While
a few viruses have harmless payloads, most of them cause damage to the system and its data.
There are nine main virus types, some of which could be packaged with other malware to
increase the chance of infection and damage. The nine major categories for viruses are:
Boot Sector Virus
Your computer drive has a sector solely responsible for pointing to the operating system so that it
can boot into the interface. A boot sector virus damages or controls the boot sector on the drive,
rendering the machine unusable. Attackers will usually spread this virus type using a malicious
USB device. The virus is activated when users plug in the USB device and boot their machine.
Web Scripting Virus
Most browsers have defenses against malicious web scripts, but older, unsupported browsers
have vulnerabilities that allow an attacker to run code on the local device.
Browser Hijacker
A virus that can change the settings on your browser will hijack browser favorites, the home
page URL, your search preferences and redirect you to a malicious site. The site could be a
phishing site or an adware page used to steal data or make money for the attacker.
Resident Virus
A virus that can access computer memory and sit dormant until a payload is delivered is
considered a resident virus. This malware may stay dormant until a specific date, time, or a user
performs an action.
Direct Action Virus
When a user executes a seemingly harmless file attached with malicious code, direct action
viruses deliver a payload immediately. These viruses can also remain dormant until a specific
action is taken or a timeframe passes.
Polymorphic Virus
Malware authors can use polymorphic code to change the program’s footprint to avoid detection.
Polymorphic viruses make it more difficult for an antivirus to detect and remove them.
File Infector Virus
To persist on a system, a threat actor uses file infector viruses to inject malicious code into
critical files that run the operating system or important programs. When the system boots or the
program runs, the virus is activated.
Multipartite Virus
These malicious programs spread across a network or other systems by copying themselves or
injecting code into critical computer resources.
Macro Virus
Microsoft Office files can run macros, and these macros can be used to download additional
malware or run malicious code. Macro viruses deliver a payload when the file is opened, and the
macro runs.
What Causes Computer Viruses?
Computer viruses are standard programs; only instead of offering useful resources, these
programs can damage your device. For a threat actor to execute a virus on your machine, you
must initiate execution. In some cases, an attacker can execute malicious code through your
browser or remotely from another network computer. Modern browsers have defenses against
local machine code execution, but third-party software installed on the browser could have
vulnerabilities that allow viruses to run locally.
The delivery of a computer virus can happen in several ways. One common method is via a
phishing email. Another technique is hosting malware on a server that promises to provide a
legitimate program. It can be delivered using macros or by injecting malicious code into
legitimate software files.
What Is a Computer Worm?
A computer worm is malware, just like a virus, but a worm takes a copy of itself and propagates
it to other users. Worms can also deliver a payload and exhaust resources. For example, an email
worm sends a copy of itself to everyone on an infected user’s email contact list. When it reaches
recipient inboxes, anyone who runs the worm sends it to their contact list. Email worms exhaust
storage space and spread very quickly across the internet, so they create issues differently than a
virus.
What Does a Computer Virus Do?
The way a computer virus acts depends on how it’s coded. It could be something as simple as a
prank that doesn’t cause any damage, or it could be sophisticated, leading to criminal activity
and fraud. Many viruses only affect a local device, but others spread across a network
environment to find other vulnerable hosts.
A virus that infects a host device will continue delivering a payload until it’s removed. Most
antivirus vendors have small removal programs that eliminate the virus. Polymorphic viruses
make it difficult for removal because they change their footprint consistently. The payload could
be stealing data, destroying data, or interrupting services on the network or the local device.
Symptoms of Computer Virus
Malware authors write code that is undetectable until the payload is delivered. However, like any
software program, bugs could present issues while the virus runs. Signs that you have a computer
virus include:
 Popup windows, including ads (adware) or links to malicious websites.
 Your web browser home page changes, and you did not change it.
 Outbound emails to your contact list or people on your contact list alert you to strange
messages sent by your account.
 The computer crashes often, runs out of memory with few active programs, or a blue
screen of death in Windows.
 Slow computer performance even when running few programs or the computer was
recently booted.
 Unknown programs start when the computer boots or when you open specific programs.
 Passwords change without your knowledge or your interaction on the account.

Examples of Computer Virus

The web contains millions of computer viruses, but only a few have gained popularity and infect
record numbers of machines. Some examples of widespread computer viruses include:
 Morris Worm  CryptoLocker
 Nimda  Conficker
 ILOVEYOU  Tinba
 SQL Slammer  Welchia
 Stuxnet  Shlayer
How to Prevent Computer Viruses
Computer viruses can damage your PC, send sensitive data to attackers, and cause downtime
until the system is repaired. You can avoid becoming the next computer virus victim by
following a few best practices:
 Install antivirus software: Antivirus should run on any device connected to the network.
It’s your first defense against viruses. Antivirus software stops malware executables from
running on your local device.
  Don’t open executable email attachments: Many malware attacks including ransomware
start with a malicious email attachment. Executable attachments should never be opened,
and users should avoid running macros programmed into files such as Microsoft Word or
Excel.
 Keep your operating system updated: Developers for all major operating systems release
patches to remediate common bugs and security vulnerabilities. Always keep your
operating system updated and stop using end-of-life versions (e.g., Windows 7 or
Windows XP).
 Avoid questionable websites: Older browsers are vulnerable to exploits used when just
browsing a website. You should always keep your browser updated with the latest
patches, but avoiding these sites will stop drive-by downloads or redirecting you to sites
that host malware.
 Don’t use pirated software: Free pirated software might be tempting, but it’s often
packaged with malware. Download vendor software only from the official source and
avoid using software that’s pirated and shared.

Definition
single sign-on (SSO)
 Single sign-on (SSO) is a session and user authentication service that permits a user to
use one set of login credentials...
 Single Sign-on (SSO) occurs when a user logs in to one application and is then signed in to other
applications automatically, regardless of the platform, technology, or domain the user is using.
The user signs in only one time, hence the name of the feature (Single Sign-on).
For example, if you log in to a Google service such as Gmail, you are automatically
authenticated to YouTube, AdSense, Google Analytics, and other Google apps. Likewise, if you
log out of your Gmail or other Google apps, you are automatically logged out of all the apps; this
is known as Single Logout.
SSO provides a seamless experience for users when using your applications and services. Instead
of having to remember separate sets of credentials for each application or service, users can
simply log in once and access your full suite of applications.

Whenever users go to a domain that requires authentication, they are redirected to the
authentication domain where they may be asked to log in. If the user is already logged in at the
authentication domain, they can be immediately redirected to the original domain without
signing in again.
How it works
Single Sign-on and Single Logout are possible through the use of sessions. There may be up to
three different sessions for a user with SSO:
 Local session maintained by the application
 Authorization Server session, if SSO is enabled

 Identity Provider session, if the user chose to log in through an Identity Provider (such as
Google, Facebook, or an enterprise SAML Identity Provider)
With SSO, a central domain performs authentication and then shares the session with other
domains. The way a session is shared may differ between SSO protocols, but the general concept
is the same.
For example, the authentication domain may generate a signed JSON Web Token (JWT)
(encrypted using JSON Web Encryption (JWE)), which contains all the information needed to
identify the user for any other domain requiring authentication. This token is passed to the client,
but because it is signed, it cannot be modified in any way by the client. The token can be passed
to the original domain by a redirect and used by the authentication domain and any other
domains to identify the user.
SSO with Universal Login
The easiest and most secure way to implement Single Sign-on (SSO) with Auth0 is by using
Universal Login for authentication. In fact, currently SSO is only possible with native platforms
(like iOS or Android) if the application uses Universal Login. The Swift and Android quick starts
provide some examples of using Universal Login.
If you cannot use Universal Login with your application, review the following for additional info
on embedded authentication:
 Lock
 Auth0.js
SSO on first login
For SSO with Auth0, the Central Service is the Auth0 Authorization Server.
Let's look at an example of the SSO flow when a user logs in for the first time:
1. Your application redirects the user to the login page.
2. Auth0 checks to see whether there is an existing SSO cookie.
3. Because this is the first time the user is visiting the login page and no SSO cookie is
present, the user will be asked to log in using one of the connections you have
configured.
4. Once the user has logged in, Auth0 will set an SSO cookie and redirect the user to your
application, returning an ID Token that contains identity information for the user.
SSO on subsequent logins
Let's look at an example of the SSO flow when a user returns to your website for a subsequent
visit:
1. Your application redirects the user to the login page.
2. Auth0 checks to see whether there is an existing SSO cookie.
3. Auth0 finds the SSO cookie, and if necessary, updates it. No login screen is shown.
4. Auth0 redirects the user to your application, returning an ID Token that contains identity
information for the user.
Check user's SSO status
You can check a user's SSO status from an application by calling the checkSession method of the
auth0.js SDK, which will attempt to silently authenticate the user within an iframe. Whether the
authentication is successful or not indicates whether the user has an active SSO cookie.
Protocols
SAML and WS-Federation
Security Assertion Markup Language (SAML) and Web Services Federation (WS-Fed) are both
protocols that are widely used in SSO implementations. Both SAML and WS-Fed exchange
authorization and authentication data in XML format; the main parts of this exchange are the
user, the identity provider, and the service provider.
With SAML or WS-Fed:
1. A user requests a resource from the service provider.
 2. The service provider checks with the identity provider to see if the user should have
access to the resource.
3. The identity provider verifies the user's identity, and if valid, asserts back to the service
provider that the user should have access.
OpenID Connect
OpenID Connect (OIDC) is an authentication protocol commonly used in consumer-facing SSO
implementations. The OIDC protocol handles authentication through JSON Web Tokens and a
central identity provider.
With OIDC:
1. A user requests access to an application.
2. The application redirects the user to the identity provider for authentication.
3. The identity provider verifies the user, and if successful, prompts the user to grant data
access to the application.
4. If access is granted, the identity provider generates an ID Token, which contains user
identity information that the application can consume.
5. The identity provider returns the user to the application.
AD/LDAP
Lightweight Directory Access Protocol (LDAP) is an application protocol used to access a
directory of credentials that can be shared by multiple applications; it is commonly used by
intranets. When paired with Active Directory (AD), LDAP provides a centralized location for
user identity, so the application makes an authentication request to the LDAP/AD server. The
LDAP protocol exchanges information in LDAP Data Interchange Format (LDIF).
Service-provider-initiated SSO
For Service-Provider-initiated SSO, Auth0 is the SSO Service Provider (SP).
When a user logs in to an application:
1. The application presents the user with one or more external identity providers.
2. The user selects an identity provider to authenticate with and logs in.
3. Upon successful authentication, the user is returned to the application.
SP-initiated SSO in Auth0 is handled by connections.
Identity-provider-initiated SSO
For Identity-Provider-initiated SSO, a third-party Identity Provider (IdP) is the SSO provider.
When a user logs in to an application:
1. The application redirects the user to an identity provider.
2. The third-party identity provider performs authentication and authorization.
3. Upon successful authentication, the user is returned to the application.

When planning an IdP-initiated SSO implementation, you may choose to use Auth0's SSO
Dashboard Extension, which allows you to create a dashboard that lists multiple enterprise
applications that can be enabled for SSO. This dashboard is then presented to your users to log
in.
Use cases
Business to Business

For Business to Business (B2B) scenarios, SSO can simplify packaging your application for
enterprise consumption. With Auth0, your applications can support common enterprise
federation scenarios, such as Active Directory (AD), Lightweight Directory Access Protocol
(LDAP), Ping, or Security Assertion Markup Language (SAML). This allows your partners and
enterprise customers to log in with their preferred enterprise identity technologies.

 Case Study: Safari

Business to Consumer CIAM

For Business to Consumer (B2C) or Customer Identity Access Management (CIAM) scenarios,
SSO can provide frictionless access to your applications or services. You can let customers
authenticate through popular social identity providers, such as Google, Facebook, LinkedIn,
Twitter, and Microsoft, instead of requiring them to make another account.

 Case Study: Giving Compass

Business to Employees

For Business to Employees (B2E) scenarios, SSO can simplify the provisioning and management
of employee credentials. Instead of keeping track of credentials for every service, employees can
log in once and gain access to everything they need. And if an employee leaves, deprovisioning a
single account is much easier.

What is single sign-on in Azure Active Directory?

This article provides you with information about the single sign-on (SSO) options that are
available to you, and an introduction to planning a single sign-on deployment when using Azure
Active Directory (Azure AD). Single sign-on is an authentication method that allows users to
sign in using one set of credentials to multiple independent software systems. Using SSO means
a user doesn't have to sign in to every application they use. With SSO, users can access all
needed applications without being required to authenticate using different credentials. For a brief
introduction, see Azure Active Directory single sign-on.
Many applications already exist in Azure AD that you can use with SSO. You have several
options for SSO depending on the needs of the application and how it is implemented. Take time
to plan your SSO deployment before you create applications in Azure AD. The management of
applications can be made easier by using the My Apps portal.
Single sign-on options
Choosing an SSO method depends on how the application is configured for authentication.
Cloud applications can use federation-based options, such as OpenID Connect, OAuth, and
SAML. The application can also use password-based SSO, linked-based SSO, or SSO can be
disabled.
 Federation - When you set up SSO to work between multiple identity providers, it's
called federation. An SSO implementation based on federation protocols improves
security, reliability, end-user experiences, and implementation.
With federated single sign-on, Azure AD authenticates the user to the application by
using their Azure AD account. This method is supported for SAML 2.0, WS-Federation,
or OpenID Connect applications. Federated SSO is the richest mode of SSO. Use
 federated SSO with Azure AD when an application supports it, instead of password-
based SSO and Active Directory Federation Services (AD FS).
There are some scenarios where the SSO option is not present for an enterprise
application. If the application was registered using App registrations in the portal, then
the single sign-on capability is configured to use OpenID Connect and OAuth by default.
In this case, the single sign-on option won't appear in the navigation under enterprise
applications.
Single sign-on is not available when an application is hosted in another tenant. Single
sign-on is also not available if your account doesn't have the required permissions
(Global Administrator, Cloud Application Administrator, Application Administrator, or
owner of the service principal). Permissions can also cause a scenario where you can
open single sign-on but won't be able to save.
 Password - On-premises applications can use a password-based method for SSO. This
choice works when applications are configured for Application Proxy.
With password-based SSO, users sign in to the application with a username and password
the first time they access it. After the first sign-on, Azure AD provides the username and
password to the application. Password-based SSO enables secure application password
storage and replay using a web browser extension or mobile app. This option uses the
existing sign-in process provided by the application, enables an administrator to manage
the passwords, and doesn't require the user to know the password. For more information,
see Add password-based single sign-on to an application.
 Linked - Linked sign-on can provide a consistent user experience while you migrate
applications over a period of time. If you're migrating applications to Azure AD, you can
use linked-based SSO to quickly publish links to all the applications you intend to
migrate. Users can find all the links in the My Apps or Microsoft 365 portals.
After a user has authenticated with a linked application, an account needs to be created
before the user is provided single sign-on access. Provisioning this account can either
occur automatically, or it can occur manually by an administrator. You cannot apply
conditional access policies or multifactor authentication to a linked application because a
linked application does not provide single sign-on capabilities through Azure AD. When
you configure a linked application, you are simply adding a link that appears for
launching the application. For more information, see Add linked single sign-on to an
application.
 Disabled - When SSO is disabled, it isn't available for the application. When single sign-
on is disabled, users might need to authenticate twice. First, users authenticate to Azure
AD, and then they sign in to the application.
Disable SSO when:
o You're not ready to integrate this application with Azure AD single sign-on
o You're testing other aspects of the application
o An on-premises application doesn't require users to authenticate, but you want
them to. With SSO disabled, the user needs to authenticate.
If you configured the application for SP-initiated SAML-based SSO and you change the
SSO mode to disabled, it won't stop users from signing in to the application outside the
MyApps portal. To achieve this, you need to disable the ability for users to sign in.
Plan SSO deployment
Web applications are hosted by various companies and made available as a service. Some
popular examples of web applications include Microsoft 365, GitHub, and Salesforce. There are
thousands of others. People access web applications using a web browser on their computer.
Single sign-on makes it possible for people to navigate between the various web applications
without having to sign in multiple times. For more information, see Plan a single sign-on
deployment.
How you implement SSO depends on where the application is hosted. Hosting matters because
of the way network traffic is routed to access the application. Users don't need to use the Internet
to access on-premises applications (hosted on a local network). If the application is hosted in the
cloud, users need the Internet to use it. Cloud hosted applications are also called Software as a
Service (SaaS) applications.
For cloud applications, federation protocols are used. You can also use single sign-on for on-
premises applications. You can use Application Proxy to configure access for your on-premises
application. For more information, see Remote access to on-premises applications through Azure
AD Application Proxy.

How does single sign-on work?

What is single sign-on?
Single sign-on (SSO) is an authentication method that enables users to securely authenticate with
multiple applications and websites by using just one set of credentials.
How does SSO work?
SSO works based upon a trust relationship set up between an application, known as the service
provider, and an identity provider, like OneLogin. This trust relationship is often based upon a
certificate that is exchanged between the identity provider and the service provider. This
certificate can be used to sign identity information that is being sent from the identity provider to
the service provider so that the service provider knows it is coming from a trusted source. In
SSO, this identity data takes the form of tokens which contain identifying bits of information
about the user like a user’s email address or a username.
The login flow usually looks like this:
1. A user browses to the application or website they want access to, aka, the Service
Provider.
2. The Service Provider sends a token that contains some information about the user, like
their email address, to the SSO system, aka, the Identity Provider, as part of a request to
authenticate the user.
3. The Identity Provider first checks to see whether the user has already been authenticated,
in which case it will grant the user access to the Service Provider application and skip to
step 5.
4. If the user hasn’t logged in, they will be prompted to do so by providing the credentials
required by the Identity Provider. This could simply be a username and password or it
might include some other form of authentication like a One-Time Password (OTP).
5. Once the Identity Provider validates the credentials provided, it will send a token back to
the Service Provider confirming a successful authentication.
6. This token is passed through the user’s browser to the Service Provider.
 7. The token that is received by the Service Provider is validated according to the trust
relationship that was set up between the Service Provider and the Identity Provider during
the initial configuration.
8. The user is granted access to the Service Provider.

What is an SSO token?

An SSO token is a collection of data or information that is passed from one system to another
during the SSO process. The data can simply be a user’s email address and information about
which system is sending the token. Tokens must be digitally signed for the token receiver to
verify that the token is coming from a trusted source. The certificate that is used for this digital
signature is exchanged during the initial configuration process.
Is SSO secure?
The answer to this question is “It depends.”
There are many reasons why SSO can improve security. A single sign-on solution can simplify
username and password management for both users and administrators. Users no longer have to
keep track of different sets of credentials and can simply remember a single more complex
password. SSO often enables users to just get access to their applications much faster.
SSO can also cut down on the amount of time the help desk has to spend on assisting users with
lost passwords. Administrators can centrally control requirements like password complexity and
multi-factor authentication (MFA). Administrators can also more quickly relinquish login
privileges across the board when a user leaves the organization.
Single Sign-On does have some drawbacks. For example, you might have applications that you
want to have locked down a bit more. For this reason, it would be important to choose an SSO
solution that gives you the ability to, say, require an additional authentication factor before a user
logs into a particular application or that prevents users from accessing certain applications unless
they are connected to a secure network.

How is SSO implemented?

The specifics on how an SSO solution is implemented will differ depending on what exact SSO
solution you are working with. But no matter what the specific steps are, you need to make sure
you have set clear objectives and goals for your implementation. Make sure you answer the
following questions:

 What different types of users are you serving and what are their different requirements?
 Are you looking for an On Prem solution or a Cloud Based solution?
 Will this solution be able to grow with your company and your needs?
 What features are you looking for to ensure only trusted users are logging in? MFA,
Adaptive Authentication, Device Trust, IP Address Whitelisting, etc.?
 What systems do you need to integrate with?
 Do you need API access?
What makes a true SSO system?

It’s important to understand the difference between single sign-on and password vaulting or
password managers, which are sometimes referred to as SSO which can mean Same Sign-on not
Single Sign-on. With password vaulting, you may have the same username and password, but
they need to be entered each time you move to a different application or website. The password
vaulting system is simply storing your credentials for all the different applications and inserting
them when necessary. There is no trust relationship set up between the applications and the
password vaulting system.
With SSO, meaning Single Sign-On, after you’re logged in via the SSO solution, you can access
all company-approved applications and websites without having to log in again. That includes
cloud applications as well as on-prem applications, often available through an SSO portal (also
called a login portal).
What is an SSO software vs an SSO solution
When researching SSO options that are available, you might see them sometimes referred to as
SSO software vs an SSO solution vs an SSO provider. In many cases, the difference might
simply be in the way the companies have categorized themselves. A piece of software suggests
something that is installed on-premise. It is usually designed to do a specific set of tasks and
nothing else. A solution suggests that there is the ability to expand or customize the capabilities
of the core product. A provider would be a way to refer to the company that is producing or
hosting the solution. For example, OneLogin is known as an SSO solution provider.
Are there different types of SSO?
There are a lot of terms that are used when we talk about Single Sign-On (SSO).
 Federated Identity Management (FIM)
 OAuth (specifically OAuth 2.0 nowadays)
 OpenID Connect (OIDC)
 Security Access Markup Language (SAML)
 Same Sign On (SSO)
SSO is actually a part of a larger concept called Federated Identity Management, thus sometimes
SSO is referred to as federated SSO. FIM just refers to a trust relationship that is created between
two or more domains or identity management systems. Single Sign-on is often a feature that is
available within a FIM architecture.
OAuth 2.0 is a specific framework that could also be considered part of a FIM architecture.
OAuth focuses on that trusted relationship allowing user identity information to be shared across
the domains.
OpenID Connect (OIDC) is an authentication layer that was built on top of OAuth 2.0 to provide
Single Sign-on functionality.
Security Access Markup Language (SAML) is an open standard that is also designed to provide
Single Sign-on functionality.

Same Sign On which is also often referred to as SSO is actually not the same as Single Sign-on
because it doesn’t involve any trust relationship between the entities that are doing the
authentication. It is more dependent on credentials being duplicated between systems and simply
passing in those credentials when necessary. It is not as secure as any of the Single Sign-on
solutions.
There are also some specific systems that commonly come up when we are discussing Single
Sign-on: Active Directory, Active Directory Federation Services (ADFS) and Lightweight
Directory Access Protocol (LDAP).
Active Directory, which nowadays is specifically referred to as Active Directory Directory
Services (ADDS), is Microsoft’s centralized directory service. Users and resources are added to
the directory service for central management and ADDS works with authentication protocols like
NTLM and Kerberos. Thus, users that belong to ADDS can authenticate from their machines and
get access to others systems that integrate with ADDS. This is a form of Single Sign-on.
Active Directory Federation Services (ADFS) is a type of Federated Identity Management
system that also provides Single Sign-on capabilities. It supports both SAML and OIDC. ADFS
is primarily used to set up trust between ADDS and other systems such as Azure AD or other
ADDS forests.
Lightweight Directory Access Protocol (LDAP) is simply an industry standard that defines a way
to organize and query directory information. LDAP allows you to centrally manage resources
like users and systems. LDAP, however, does not define how you log into those systems,
meaning it does not define the actual protocols that are used in authentication. It is, however,
often used as part of the authentication process and access control processes. For example, before
a user can access a particular resource, LDAP might be used to query for that user and any
groups that they belong to in order to see if the user has access to that resource. LDAP solutions
like OpenLDAP do provide authentication through their support of authentication protocols like
Simple Authentication and Security Layer (SASL)
What is SSO software as a service?
Just as many other applications have moved to run within the Internet, so has SSO functionality.
Platforms like OneLogin that run in the cloud can then be categorized as a Software as a Service
(SaaS) SSO solution.
What is App-to-App SSO?
Lastly, you might have heard of App-to-App or Application-to-Application SSO. This is not
quite an industry standard yet. It is more of a term that has been used by SAPCloud to describe
the process of passing a user identity from one application to another within their ecosystem. It is
somewhat similar to OAuth 2.0 but again it is not a standard protocol or method and is currently
specific to SAPCloud.

Single Sign-On (SSO)

Single Sign-On (SSO) is an authentication method that lets users access multiple applications
and services using a single set of login credentials. SSO can help businesses improve user
satisfaction and productivity, strengthen access security, and reduce IT operations expense and
complexity.
Why Single Sign-On
Today’s digital workers rely on a wide variety of applications to perform their jobs, including
traditional enterprise applications hosted in corporate data centers, SaaS solutions running in the
cloud, and mobile apps for smartphones and tablets. Each application relies on distinct identity
management and access control mechanisms, which creates challenges for users, IT operations
teams, and information security and compliance organizations.
SSO Features, Functions, and Benefits
Single Sign-On solutions help businesses simplify user access, improve security, and streamline
IT operations by centralizing, automating, and unifying identity management and access control
functions for all applications and services. Modern SSO solutions support traditional applications
hosted in enterprise data centers, applications running in private or public clouds, and third-party
SaaS solutions like Salesforce and Box.
Modern SSO platforms also support various on-premises and cloud-based credential stores and
directory services platforms like Active Directory, LDAP, and Google Directory to centralize
and unify operations. They support federated identity management using standards-based
protocols like SAML, Oauth, and OpenID Connect to enable peering and inter-enterprise
collaboration. And they provide self-serve portals that let users reset passwords, request
permissions, and make other changes without helpdesk intervention.
Single Sign-On solution benefits and advantages include:
 Superior user experiences – SSO improves user satisfaction by eliminating password
fatigue and frustration. With SSO, users seamlessly access all their applications and
services, using a single set of logon credentials from any location or device. In addition,
users can quickly change passwords and other account settings without opening a ticket
or engaging the help desk.
 Simplified operations – Single Sign-On solutions streamline IT operations by
eliminating manually intensive, time-consuming, error-prone administrative processes.
They can help companies accelerate user onboarding, reduce ongoing operations
expenses, and free up valuable IT staff to focus on core business tasks.
 Increased productivity and collaboration – SSO solutions improve employee
productivity by giving users fast, simple, and convenient access to all the online
resources they need to do their jobs. Businesses can also use Single Sign-On solutions to
improve collaboration with partners—granting external users select access to specific
enterprise applications and services.
 Risk reduction – SSO strengthens security by eliminating risky password management
practices; users are less likely to write down passwords or use weak, universal, or repeat
passwords. In addition, Single Sign-On solutions reduce administrative gaps and security
vulnerabilities by eliminating identity management silos, and reduce attack surfaces by
reducing the number of passwords used in the enterprise.

What is Single Sign On (SSO), and what does it do?

Single Sign On, also known as SSO, allows users to have access to multiple applications by
signing in using only one existing account. SSO is most useful when there are multiple systems
that can be accessed using a password, and we want to prevent repeated authentication to them
each time the user is disconnected from a given service. This is highly convenient for users,
since, by identifying themselves just once, it is possible to maintain a valid session for the rest of
the applications which use SSO.
SSO aims to simplify the user experience on the Internet by completely facilitating session sign-
in tasks.
Using the Single Sign On identification system, it is possible to have multiple accesses with a
single account; for example, by signing in to Gmail we will have account level access to its
various web applications, such as Google Docs, Google Maps, Google Books, etc.
Single Sign On (SSO) Features

This authentication procedure facilitates access to different platforms. It also has other important
features in regards to simple management, security, ease of use and seamlessness.
Easy management

Using SSO synchronises passwords and user information, which makes access to different
platforms and resources easier.
Security
This authentication system improves network and application security. Single Sign On can
uniquely identify a user, and ensure compliance with the most demanding security standards.
Information provided by SSO is encrypted and transmitted across the network.
Ease of use
SSO solutions improve the user experience by avoiding the interruptions caused by password
requests to access their essential IT tools.
The user is authenticated once and the system allows them to access the resources for which they
are authorised.
Seamlessness
Access to all applications takes place seamlessly due to sign-in automation.
Types of Single Sign On (SSO) Authentication
Enterprise Single Sign On (E-SSO)
This type of system works as a primary authentication, intercepting login requests when required
by secondary applications in order to fill out the user and password fields. The E-SSO system
allows for interaction with other systems that may disable the login screen.
Web single sign-on (Web-SSO)
This type of solution only works with applications which can be accessed through the web, and
its goal is the authentication of a user on several applications without the need to get identified
again.
Access data is intercepted by a proxy server that performs the communication and then transfers
the result to the computer that requested it. Unidentified users are redirected to an authentication
service, returning a successful login.
Federated identity
This type of Single Sign On involves an identity management solution that uses established
standards to enable applications to identify clients without the need for redundant authentication.
Open ID
Open ID is a decentralised SSO process in which the user identity is stored at a URL that any
server can verify.

Single Sign On (SSO) Advantages and Disadvantages 

Advantages Disadvantages
Streamlines user access to their Using a single password increases the chances of
applications password vulnerability
Reduces the load of memorising several When SSO fails, access to all related systems is lost
 passwords
Easy to implement and connect to new
Identity spoofing in user external accesses
data sources

The Pros and Cons to Single Sign-On (SSO)

Single sign-on (SSO) is an important element in the complex structure of an effective security
program. It is a service that gives a user access to multiple network destinations by entering only
one login, one username, and one password. Simplifying the login process streamlines workflow
and adds a layer of safety by reducing the likelihood of error. If, for example, a user typically
accesses four applications during a work session, going through four login routines multiplies the
possibility of mistakes and consumes time. However, while SSO enhances ease of access, it also
presents some risk.
How SSO works
The service authenticates the access privileges for all the applications a user has rights to and
requires no additional actions when switching between them. The application server gathers the
user’s credentials from a dedicated SSO policy server and checks the person against a user
directory.A number of login processes, access methods, and system configurations are available,
allowing companies to choose an SSO system that best suits their needs and allows for suitable
modifications. Moreover, as digital transformation advances, these options will become
increasingly complex.
Not only does SSO eliminate tasks, but it also helps with such functions as user-activity
management and user-account oversight. However, it also carries a major security risk. A hacker
who is able to gain control of a user’s credentials may be able to penetrate every application to
which the user has access. This calls for constant attention to password security and diligent
protection of usernames, as well as careful online browsing restrictions and stringent protection
of email.
SSO capabilities are supplied by identity providers. These entities and their offerings are not
alike and choosing the right ones are important decisions that should not be made without expert
counsel. A key objective in making a selection is the ability to serve a broad range of users, but it
may be necessary to add another authentication system to cover everyone in the organization.
Advantages of SSO
 Reduces password fatigue. Remembering one password instead of many makes users’
lives easier. As a tangential benefit, it gives users greater incentive to come up with
strong passwords.
 Simplifies username and password management. When changes of personnel take
place, SSO reduces both IT effort and opportunities for mistakes. Employees leaving the
organization relinquish their login privileges.
 Improves identity protection. With SSO, companies can strengthen identity security
with techniques such as two-factor authentication (2FA) and multifactor authentication
(MFA).
  Increases speed where it is most needed. In settings such as hospitals, defense
industries, and emergency services, where large numbers of people and departments
demand rapid and unfettered access to the same applications, SSO is especially helpful.
In such cases, preventing errors and malware intrusion can be the difference between life
and death. 
 Relieves help desk workloads. Fewer users calling for help with lost passwords saves
money and improves security. 
 Reduces security risks for your customers, vendors, and partner entities.
Connections between allied companies always present vulnerabilities, which SSO can
reduce.
 Effective SSO solutions are available. There is no reason for any organization to create
its own system or to develop deep SSO expertise. RenovoData’s consultants understand
available offerings and can help identify the best choices for your company.
SSO’s challenges
 Extra-strong passwords must be enforced. If an SSO account is cracked, others under
the same authentication can also be endangered.
 When SSO is down, access to all connected sites is stopped. This is a big reason to
exercise great care in choosing an SSO system. It must be exceptionally reliable and
plans should be in place for dealing with breakdowns.
 What’s more, when your identity provider goes down, your SSO does too. The
provider’s vulnerability to any kind of interruption becomes your vulnerability as well,
and it is probably beyond your control. Once again, the choice of vendors is critical.
 If a hacker breaches your identity provider user account, all your linked systems
could be open to attack. This can be a classic single point of failure and should be
headed off in the planning process. On the plus side, high-quality identity providers have
top-notch security.
 SSO can take longer than expected to set up. Each environment is different, so added
steps in implementation can crop up. One example is the task linking the identity
provider to the service provider.
 SSO is risky for multi-user computers. What happens when one user is logged in and
another needs to use the machine?
 Reduced sign-on (RSO) may be needed to accommodate different levels of access.
With RSO, additional authentication servers may be required. 
 SSO using social networking services can create conflict. This can be the case with
workplaces that block social media sites and government connections where censorship is
involved. 
 Some SSO-linked sites may give their user data to third-party entities. This is an area
requiring careful attention.
What is SSO, and How Does It Work?
The idea behind single sign-on is that users log in once, and they can access all of their IT
resources, rather than having to type in different usernames and passwords continuously. 
SSO works through a trust relationship that is created between an application and an identity
provider. The application is also called the service provider. The trust relationship is usually
based on a certificate exchange, which can be used to ensure the service provider knows the
identity information is coming from a trusted source. 
Identity data in SSO comes as tokens. These tokens will contain user information, such as a
username or email address. 
An SSO token is digitally signed for the receiver to verify it’s coming from a trusted source. 
From the employer’s perspective, SSO can significantly reduce the frustration that comes with
not only entering multiple passwords but having to remember them and reset them when they’re
forgotten. Your employees can focus on productivity and the work at hand rather than logging
into every app or platform they use. 
Federated identity is a term to be aware of with SSO since it’s the concept it’s built on. Federated
identity refers to sharing of identity attributes across trusted but independent systems. If a user is
trusted by one system, then they’re automatically given access to all the systems with a trusted
relationship. 
The steps of SSO include:
 First, a user goes to the website or application they want to access, which is the
service provider. 
 During the next step, the service provider sends a request and redirects users to the
SSO system. 
 The third step involves a user being prompted to provide credentials. 
 The credentials are validated, then sent back to the service provider to confirm the
authentication. The user then gets access to the application. 
Security risks and SSO
Although single sign-on is a convenience to users, it presents risks to enterprise security. An
attacker who gains control over a user's SSO credentials will be granted access to every
application the user has rights to, increasing the amount of potential damage. In order to avoid
malicious access, it's essential that every aspect of SSO implementation be coupled with identity
governance. Organizations can also use two-factor authentication (2FA) or multifactor
authentication (MFA) with SSO to improve security.
Social SSO
Google, LinkedIn, Twitter and Facebook offer popular SSO services that enable an end user to
log in to a third-party application with their social media authentication credentials. Although
social single sign-on is a convenience to users, it can present security risks because it creates a
single point of failure that can be exploited by attackers.
Many security professionals recommend that end users refrain from using social SSO
services altogether because, once an attacker gains control over a user's SSO credentials, they
will be able to access all other applications that use the same credentials.
Apple recently unveiled its own single sign-on service and is positioning it as a more private
alternative to the SSO options provided by Google, Facebook, LinkedIn and Twitter. The new
offering, which will be called Sign in with Apple, is expected to limit what data third-party
services can access. Apple's SSO will also enhance security by requiring users to use 2FA on all
Apple ID accounts to support integration with Face ID and Touch ID on iOS devices.
Enterprise SSO
Enterprise single sign-on (eSSO) software products and services are password managers with
client and server components that log the user on to target applications by replaying user
credentials. These credentials are almost always a username and password; target applications do
not need to be modified to work with the eSSO system.
Advantages and disadvantages of SSO
Advantages of SSO include the following:
  It enables users to remember and manage fewer passwords and usernames for each
application.
 It streamlines the process of signing on and using applications -- no need to reenter
passwords.
 It lessens the chance of phishing.
 It leads to fewer complaints or trouble about passwords for IT help desks.

Disadvantages of SSO include the following:

 It does not address certain levels of security each application sign-on may need.
 If availability is lost, then users are locked out of the multiple systems connected to the
SSO.
 If unauthorized users gain access, then they could gain access to more than one
application.
SSO vendors
There are multiple SSO vendors that are well known. Some provide other services, and SSO is
an additional feature. SSO vendors include the following:
 Rippling enables users to sign in to cloud applications from multiple devices.
 Avatier Identity Anywhere is an SSO for Docker container-based platforms.
 OneLogin is a cloud-based identity and access management (IAM) platform that
supports SSO.
 Okta is a tool with an SSO functionality. Okta also supports 2FA and is primarily
utilized by enterprise users.
What is Multi-Factor Authentication (MFA)?
Multi-factor Authentication (MFA) is an authentication method that requires the user to
provide two or more verification factors to gain access to a resource such as an application,
online account, or a VPN. MFA is a core component of a strong identity and access management
(IAM) policy. Rather than just asking for a username and password, MFA requires one or more
additional verification factors, which decreases the likelihood of a successful cyber attack.
Why is MFA Important?
The main benefit of MFA is it will enhance your organization's security by requiring your users
to identify themselves by more than a username and password. While important, usernames and
passwords are vulnerable to brute force attacks and can be stolen by third parties. Enforcing the
use of an MFA factor like a thumbprint or physical hardware key means increased confidence
that your organization will stay safe from cyber criminals.
How Does MFA work?
MFA works by requiring additional verification information (factors). One of the most common
MFA factors that users encounter are one-time passwords (OTP). OTPs are those 4-8 digit codes
that you often receive via email, SMS or some sort of mobile app. With OTPs a new code is
generated periodically or each time an authentication request is submitted. The code is generated
based upon a seed value that is assigned to the user when they first register and some other factor
which could simply be a counter that is incremented or a time value.
Three Main Types of MFA Authentication Methods
Most MFA authentication methodology is based on one of three types of additional information:
 Things you know (knowledge), such as a password or PIN
 Things you have (possession), such as a badge or smartphone
 Things you are (inherence), such as a biometric like fingerprints or voice recognition
MFA Examples
Examples of Multi-Factor Authentication include using a combination of these elements to
authenticate:
Knowledge
 Answers to personal security questions
 Password
 OTPs (Can be both Knowledge and Possession - You know the OTP and you have to
have something in your Possession to get it like your phone)
Possession
 OTPs generated by smartphone apps
 OTPs sent via text or email
 Access badges, USB devices, Smart Cards or fobs or security keys
 Software tokens and certificates
Inherence
 Fingerprints, facial recognition, voice, retina or iris scanning or other Biometrics
 Behavioral analysis
Other Types of Multi-Factor Authentication
As MFA integrates machine learning and artificial intelligence (AI), authentication methods
become more sophisticated, including:
Location-based
Location-based MFA usually looks at a user’s IP address and, if possible, their geo location. This
information can be used to simply block a user’s access if their location information does not
match what is specified on a whitelist or it might be used as an additional form of authentication
in addition to other factors such as a password or OTP to confirm that user’s identity.
Adaptive Authentication or Risk-based Authentication
Another subset of MFA is Adaptive Authentication also referred to as Risk-based
Authentication. Adaptive Authentication analyzes additional factors by considering context and
behavior when authenticating and often uses these values to assign a level of risk associated with
the login attempt. For example:
 From where is the user when trying to access information?
 When you are trying to access company information? During your normal hours or
during "off hours"?
 What kind of device is used? Is it the same one used yesterday?
 Is the connection via private network or a public network?
The risk level is calculated based upon how these questions are answered and can be used to
determine whether or not a user will be prompted for an additional authentication factor or
whether or not they will even be allowed to log in. Thus another term used to describe this type
of authentication is risk-based authentication.
With Adaptive Authentication in place, a user logging in from a cafe late at night, an activity
they do not normally do, might be required to enter a code texted to the user’s phone in addition
to providing their username and password. Whereas, when they log in from the office every day
at 9 am they are simply prompted to provide their username and password.
Cyber criminals spend their lives trying to steal your information and an effective and enforced
MFA strategy is your first line of defense against them. An effective data security plan will save
your organization time and money in the future.
What's the Difference between MFA and Two-Factor Authentication (2FA)?
MFA is often used interchangeably with two-factor authentication (2FA). 2FA is basically a
subset of MFA since 2FA restricts the number of factors that are required to only two factors,
while MFA can be two or more.
What is MFA in Cloud Computing
With the advent of Cloud Computing, MFA has become even more necessary. As companies
move their systems to the cloud they can no longer rely upon a user being physically on the same
network as a system as a security factor. Additional security needs to be put into place to ensure
that those accessing the systems are not bad actors. As users are accessing these systems anytime
and from anyplace MFA can help ensure that they are who they say they are by prompting for
additional authentication factors that are more difficult for hackers to imitate or use brute force
methods to crack.
MFA for Office 365
Many cloud based systems provide their own MFA offerings like AWS or Microsoft’s Office
365 product. Office 365 by default uses Azure Active Directory (AD) as its authentication
system. And there are a few limitations. For example, you only have four basic options when it
comes to what type of additional authentication factor they can use: Microsoft Authenticator,
SMS, Voice and Oauth Token. You also might have to spend more on licensing depending on
the types of options you want available and whether or not you want to control exactly which
users will need to use MFA.
Identity as a Service (IDaaS) solutions like OneLogin offer many more MFA authentication
methods when it comes to authentication factors and they integrate more easily with applications
outside of the Microsoft ecosystem.
How MFA helps prevent common cyberattacks
In 2020, cybercrime cost the world over $1 trillion, 37% of organizations were affected by
ransomware attacks, and 61% were affected by malware attacks. These facts show that
organizations have to deal with many serious cybercrimes. To protect their networks, systems
and data, they need robust cybersecurity controls and methods like Multi-Factor Authentication
(MFA).
But what types of cyberattacks does MFA protect against?

 Phishing  Brute force and reverse brute force

 Spear phishing attacks
 Keyloggers  Man-in-the-middle (MITM) attacks
 Credential stuffing
MFA for Stronger Cybersecurity
Traditional single-factor authentication systems require users to provide only one verification
factor, i.e. the password, to access a system or application. Hackers can easily steal these
passwords, and hack into an enterprise system.
MFA systems require two or more factors to verify a user’s identity and grant them access to an
account. MFA provides reliable assurance that an authorized user is who they say they are, thus
minimizing the possibility of unauthorized access. For these reasons, MFA is much more
effective at protecting systems compared to passwords.
How Do Different Kinds of Cyberattacks Work?
To understand how MFA protects against cyberattacks, let’s first review how these cyberattacks
work:
Phishing
In 2020, 75% of organizations worldwide experienced a phishing attack. Phishing was also the
most common attack seen in data breaches.
In a phishing attack, email is used as a weapon. The cybercriminal pretends to be someone the
intended victim would normally trust such as a government organization or bank. The attacker
then creates a fake email with a malicious attachment or link that looks like it came from the
trusted organization.
The purpose is to fool the victim into taking some action that benefits the attacker. For example,
they may be told to log in with their credentials and make some transactions on the provided
(fake) link. The attacker steals the user’s credentials, logs into the real website while pretending
to be the user, and steals the user’s money.
In Spear Phishing, the attacker targets specific individuals or organizations with well-crafted,
believable and relevant messages. They often use personalized content, such as the user’s name,
or refer to a recent user action (e.g. online purchase) or event (e.g. wedding) to make the
message more believable.
Like phishing, spear phishing emails also include a compelling call to action, usually to trick
users into providing sensitive data, e.g. their account credentials or financial information.
Whaling is a type of focused spear phishing that targets a senior or high-profile victim, such as a
C-suite leader. Such individuals tend to be more cyber-aware, so “normal” phishing tactics
usually don’t work on them. As a result, adversaries use more sophisticated methods and tailored
fraudulent messages that are personally addressed to the victim. The attackers use urgency to
compel the victim to take some action, such as open an attachment that installs malware, or
trigger a wire transfer.
Keyloggers
A keylogger is a type of monitoring program or spyware. Cybercriminals install keyloggers on a
victim’s device, often via a virus. The program captures every keystroke the victim makes and
records their usernames, passwords, answers to security questions, banking and credit card
details, sites visited, and more. Cybercriminals then use this sensitive information for malicious
purposes.
Brute Force, Dictionary and Credential Stuffing Attacks
In a Brute Force attack, the cybercriminal uses a program to generate and use many possible
username/password combinations, hoping that at least one will help them gain access to an
enterprise system. Brute force attacks are very common and provide many benefits to
cybercriminals:
 Place spam ads on websites to make money when the ad is clicked or viewed
 Infect a site’s visitors with activity-tracking spyware, steal their data, and sell it to
marketers (or on the dark web)
 Hack into user accounts to steal personal data, financial data, or money
 Spread malware or hijack enterprise systems to disrupt operations
In a reverse brute-force attack, the attacker tries common passwords, e.g. “password” or
“123456” to try to brute-force a username and gain access to many accounts.
Dictionary attacks are a common type of brute force attack, where the attacker works through a
dictionary of possible passwords and tries them all to gain access.
A credential stuffing attack is a type of brute force attack that also takes advantage of passwords.
Many people often use the same username and/or password on multiple accounts. Attackers take
advantage of this fact to perpetrate credential stuffing attacks where they steal credentials, and
try to use them to access many accounts. Sometimes they may obtain credentials from one
organization, either through a data breach or from the dark web, and use them to access user
accounts at another organization.They hope that at least some of the same credentials will enable
them to:
 Sell access to compromised accounts
 Steal identities
 Perpetrate fraud
 Steal sensitive enterprise information, e.g. business secrets, Personally Identifiable
Information (PII), financial information, intellectual property, etc.
 Spy on the enterprise (corporate espionage)

Man-in-the-Middle Attacks
In an MITM attack, the attacker eavesdrops on a user’s connection with another party. They
observe or intercept communications between these parties to steal the user’s credentials or
personal information, corrupt data, or hijack the session to sabotage communications.
How MFA Combats Common Cyberattacks
All these cyberattacks involve obtaining account credentials. MFA requires users to provide
additional information or credentials to gain access to an account. So, even if an attacker does
manage to steal passwords, it’s unlikely that they will also be able to steal or compromise the
additional authentication factors required in MFA. That’s why MFA can thwart cybercriminals
and successfully combat many types of cyberattacks, including:
Phishing, Spear Phishing and Whaling
An attacker may launch a phishing attack to steal a user’s credentials. But, if the user’s account
is protected by MFA, the attacker won’t be able to access it. This is because a phishing email
won’t provide the other authentication factors, such as one-time passwords (OTPs) sent to a
different device (e.g. a mobile phone), fingerprints, or other biometric factors required to gain
access to the system.
In attacks where the attacker tries to trick a user into entering their credentials, certain types of
MFA such as WebAuthn require the user to enter a yubikey or fingerprint from the system
they’re logging in from. These details cannot be captured by the attacker, thus protecting the
system and user.
Keyloggers
Keyloggers can capture any passwords entered into a system. But if MFA is enabled, it’s not
enough for the hacker to simply get access to the password. In order to log in, they also need
access to the other authentication factors. For instance, if MFA is set up with a mobile
authenticator app, the authorized user simply needs to sign in with the mobile device and accept
the auth request. Without access to this secondary device, cybercriminals cannot hack in, even
with a keylogger installed on the user’s system.

Credential Stuffing
MFA is a very effective approach to neutralize credential stuffing attacks, in which
cybercriminals automatically and simultaneously try a list of stolen usernames and passwords on
multiple sites. But with MFA, the cybercriminal would need additional pieces of information for
authentication and login. Since they won’t have access to this information, they cannot gain
unauthorized access to the organization’s systems.
Brute Force Attacks
An attacker may manage to find a working username and password with a brute force, reverse
brute force attack, or dictionary attack. However, they don’t know or have the other
authentication factors required by the MFA system, so they cannot access the system.
MITM Attacks
MFA can also combat more sophisticated attacks, such as MITM. Even if a hacker or malicious
program inserts itself into the interaction between users and applications and captures the
information users enter, MFA would require users to supply credentials from a different device.
This can prevent eavesdroppers from intercepting or manipulating communications between the
user and application. Push-based authenticators such as mobile phone authenticators are well-
suited to provide a secure MFA mechanism without inconveniencing users.
For example, suppose a user has logged into an account from her laptop, which has been
compromised by a MITM program. But since the business has set up MFA, the user must use a
phone app, such as OneLogin Protect to complete her login. The native mobile authenticator app
sends a code from the phone to the authentication system to securely complete the login. Since
the hacker doesn’t have access to the user’s phone or the one-time code generated by the app, the
breach is prevented.
The Web Authentication API (also known as WebAuthn) provides an extra layer of security
when users try to access web applications. Authentication is backed by a Hardware Security
Module, which can safely store the private key that only the authorized user has access to.
WebAuthnN relies on strong public-key cryptography instead of weak passwords to authenticate
authorized users, and mitigate the threat of MITM attacks.
How Does MFA Prevent Ransomware/Extortionware
Ransomware (extortionware) is another growing cybersecurity problem for organizations. For
example, in the US, cybersecurity attacks increased by 139% between 2019 and 2020. In fact,
there were a staggering 145.2 million cases in Q3 2020 alone. Ransom payouts also increased by
311% to touch nearly $350 million in cryptocurrencies.
Ransomware is a type of malware, which an attacker stealthily installs on a user’s system. The
program encrypts the user’s files or data. To decrypt these locked files and restore the user’s
access, the attacker demands a ransom from the victim.