Types of Attacks and Malicious Software Introduction to

Types of Attacks and Malicious Software Introduction to Cyber Security

Malicious Code Viruses Boot sector virus-use of a startup disk to “boot up” the system that contained harmful code Program virus-attaches itself to executable files (. exe or. com on Windows-based systems) Macro virus-use of powerful macro language created in code written in Visual Basic Macro Example Worms

Malicious Code Trojan Horses-a piece of software that appears to do one thing but hides some other functionality Rootkit-malware designed to modify the operation of the operating system (OS) in some fashion to facilitate nonstandard functionality Logic Bombs-deliberately installed by authorized user, piece of code that sits dormant for a period of time until some event invokes its malicious payload

Malicious Code Spyware-software that “spies” on users, recording and reporting on their activities, designed to steal information Botnets-collection of zombie machines used to conduct other attacks and to spread spam and other malware Backdoors (trapdoors)-methods used by software developers to ensure that they can gain access to an application even if something were to happen in the future to prevent normal access methods

Today’s Activity: Is Google Chrome Using Spyware To Obtain Data About Its Users? Based on the topic above, research the topic and find one “convincing” item of information to would go to prove the argument that Google is using Chrome to obtain data from its users that you can share with the class. The goal is not to say the Google should never be used or trusted, but to discuss how companies like Google use the information that we search for on a daily basis.

Today’s Topics Crypto-Malware Ransomware

Attacking computer systems and networks Denial of Service (Do. S) Attacks Designed to prevent a system or service from functioning normally Exploits vulnerabilities in specific applications or operating systems Can attack specific features (or weaknesses) in specific protocols or services

Attacking computer systems and networks Denial of Service (Do. S) Attacks Attacker attempts to deny authorized users access to specific information or the computer system or network itself Crashing the system Taking it offline Sending so many requests that the machine is overwhelmed

Attacking computer systems and networks Distributed Denial of Service (DDo. S) Attacks Goal is also to deny the use of or access to a specific service or system Made famous in 2000 by attacks on e. Bay, CNN, Amazon, and Yahoo! Overwhelming the target with traffic from many different systems If the attack network is large enough, ordinary web traffic can quickly overwhelm the largest of sites

Classic Movie Clips (the Infancy of Hacking) War Games: Hacking the School Courtesy of Movie. Clips Youtube Channel Ferris Bueller's Day Off: Attendance Hack Courtesy of Fam. Squad Youtube Channel

War-Dialing and War-Driving War-Dialing: Computer modem systematically dials a sequence of phone numbers in an attempt to find a computer connected to a modem War-Driving: Unauthorized scanning for and connecting to wireless access points, frequently done while driving near a facility

Sniffing and Spoofing Sniffing: when you examine all of the network traffic that passes their network connected computer, whether it is addressed to them or not, a software or hardware device is used to pick up this information Spoofing: Making data look like it is has come from a different source (example: changing the IP address)

TCP/IP Hijacking Process of taking control of an already existing session between a client and a server, makes the process easier for the attacker as the user has already authenticated and established a session Hijacker can perform a Do. S attack, since the authenticated user won’t know that the extra traffic is taking place behind the scenes

Man-in-the-Middle (Mit. M) Attacks Occurs when attackers are able to place themselves in the middle of two other hosts that are communicating Done by ensuring that all communication going to or from the target host is routed through the attacker’s host (by compromising the router) Following events can occur in this attack: Observe the traffic Modify the traffic Block the traffic

Man-in-the-Middle (Mit. M) Attacks To the target host, it appears that communication is occurring normally, since all expected replies are received Methods of performing a Mit. M attack Session hijacking (ex. Cookie stealing, allowing the attacker to impersonate the legitimate session, tricking the user into executing code resulting in cookie theft)

Replay Attacks Attacker captures a portion of a communication between two parties and retransmits it at a later time Might replay a series of commands or codes used in a financial transaction to cause the transaction to be conducted multiple times Usually associated with attempts to circumvent authentication mechanisms

Password Guessing Passwords can be discovered in the following ways: Poor password choice by the authorized user Dictionary attack Brute-force attack Hybrid attack Birthday attack

Poor Password Choices Birthday Mother’s maiden name (used to validate many financial tools) Name of spouse or child Repeat of the user ID

Dictionary attack Commercial and public-domain password cracking programs exist with dictionaries as their cracking device Use dictionary words by themselves, or two or more smaller words combined to form a single possible password Special characters can be substituted for other characters or combine words

Dictionary Attack: Common Character Substitution S/s: $ or 5 1 or L/l: ! H/h: # O/o: 0 A/a: @ or ^ G/g: & I/i: 1 or ! E/e: 3

Brute-Force Attacks Password-cracking program attempts all possible character combinations Two levels Attempt to guess password at login prompt (difficult if exceeds limit of failed attempts) First steal a password file, use a password-cracking program to compile a list of possible passwords based on the list of password hashes contained in the password file, then use that narrower list to attempt to guess the password at the login prompt (difficult if password file is securely maintained)

Hybrid Attacks Combines the dictionary and brute-force attack methods Most cracking tools will do dictionary attack first, then brute-force Attackers can create rules that allow for a greater variety of password combinations

Birthday Attacks Special type of brute-force attack based on the birthday paradox (also based on the poor password choice of using your birthday as discussed before) A group of at least 23 people, the chance that two people within that group have the same birthday is greater than 50 percent Mr. Bronson’s extended family of approximately 80 people has three calendar days (February 3, September 24, and December 20) where 3 people have the same birthday

What is a “hash” in security terms? Form of encryption that creates a digest (ex. password) of the data put into the algorithm (“formula” for protecting the information) The algorithm is a one-way algorithm because there is no feasible way to decrypt what has been encrypted

Pass the Hash Attacker captures the hash used to authenticate a process Uses the hash by injecting it into a process in place of a password More highly technical attack

Zero-day attack Attacker uses a vulnerability for which there is no previous knowledge outside of the attacker, or at least not by the software vendor Zero-day vulnerabilities are highly valued by attackers because they are almost sure bets when attacking a system There is a market in which hackers trade their zero-day vulnerabilities

Buffer Overflow Attack When a program is provided more data for input that it was designed to handle Example: program asks for 7 - or 10 character phone number and receives a string of 150 characters Root-level attacks are most dangerous

Integer Overflow Programming error condition that occurs when a program attempts to store a numeric value, an integer, in a variable that is too small to hold it Creates significant logic errors in a program

Clickjacking Malicious code can be overlays, and other means, but the net result is the user thinks they clicked “No” for example, but in reality they clicked “Yes” and the browser executes the corresponding code