Malware (OBJ 2.4)

Malware

• Malicious software designed to infiltrate computer systems and potentially damage them without user consent
• Broad category of software code that includes a lot of code that harms computers
• Malware needs to create a threat vector and an attack vector

Categories

• Viruses
• Worms
• Trojans
• Ransomware
• Spyware
• Rootkits
• Spam

Threat Vector vs. Attack Vector

• Threat Vector

  • Method used to infiltrate a victim's machine
    • "Breaks into the system"
  • Examples
    • Unpatched software
    • USB drive installation
    • Phishing campaigns
    • Other vulnerabilities and exploits

• Attack Vector

  • Means by which the attacker gains access and infects the system with malware
    • "Breaks into and infects the system"
  • Combines both infiltration method and infection process

• Example:

  • I want to put a cupcake from my house over to your house
  • Threat vector: Drive right up to your house because it is not inside of a gated community, this makes it easy for my to infiltrate and get into your house. In this scenario, that unguarded neighbor is considered a threat vector
  • Attack vector: Walk up to your front door, pick your lock and enter your house to place the cupcake, that entire sequence of actions would be considered my attack vector.

• Example:

  • Having a computer missing critical security patches because of not updating software regularly - WannaCry ransomware!

Types of Malware Attacks

• Viruses
  • Malicious software that attaches to clean files, spread into a computer system, and corrupt host files
• Worms
  • Standalone malware programs replicating and spreading to other computers by exploiting software vulnerabilities
  • Propagates itself across a network
• Trojans
  • Disguise as legitimate software, but when executed they grant unauthorized access to the victim's system
  • An attack can be remotely controlled with a computer by using a Remote Access Trojan (RAT)
• Ransomware
  • Encrypts user data, demands ransom for decryption
• Zombies and Botnets
  • Zombies are compromised computers remotely controlled in a network for malicious purposes
  • Botnets are a network of zombies and are often used for DDoS attacks, spam distribution, or cryptocurrency mining
• Rootkits
  • Hide presence and activities on a computer, operate at the OS level to allow for ongoing privileged access
• Backdoors and Logic Bombs
  • Backdoors allow unauthorized access, logic bombs execute malicious actions
  • Backdoors are malicious means of bypassing normal authentication processes to gain unauthorized access to a system which are often going to be implanted by malware.
  • Logic Bombs are pieces of embedded code placed in legitimate programs that executes a malicious action when a specific condition or trigger occurs
• Keyloggers
  • Record keystrokes, capture passwords or sensitive information
• Spyware and Bloatware
  • Spyware monitors and gathers user/system information, bloatware consumes resources without value
  • Spyware secretly monitors and gathers user information or activities and send data to third parties
  • Bloatware is unnecessary or pre-installed software that consumes system resources and space without offering any value to the user

Malware Techniques and Infection Vectors

• Malware Exploitation techniques
  • Involve methods by which malware infiltrates and infects targeted systems
• Evolving from file-based tactics to modern fileless techniques
• Multi-stage deployment, leveraging system tools, and obfuscation techniques

Indications of Malware Attack

• Recognizing signs like the following
  • Account lockouts
  • Concurrent session utilization
  • Blocked content
  • Impossible travel
  • Resource consumption
  • Inaccessibility
  • Out-of-cycle logging
  • Missing logs
  • Documented attacks