In this lecture we will cover common security threats.
Privilege escalation is increase in permissions byond allowed permissions by security policy.
- Windows User to Administrator to System Account,
- Linux user account to root
- router user prompt to config prompt.
Types of Threats
- Intentional vs Unintentional
- insider vs outsider/internal vs external
Virus is self replicating program which reproduce itself on infected system. For spreading on other systems, virus depend human activity.
Types of Viruses
There are several types of viruses based on:
- Medium used to infect
- Technology used for virus developement
- Target infected
- Post exploitation activities
- Special characteristics to evade antivirus
Virus mutate itself upon each replication to evade anitivrus signatures.
Virus that remain hidden from antivirus and system administrator.
Retrovirus target antivirus to evade AV detection. Retrovirus infect antivirus signature database.
Multipartite virus infect multiple places of Operating System. Idea is, during AV scanning and system clean, if there is any infected place left without cleaning, after OS restart infection process starts over again.
These are viruses equiped with special shields of protection from malware analyst, reverse engineers to make malware analsys harder.
It attaches itself with other legitimate programs.
phage virus is destructive virus, which overwrites system program. After injection, orignal program is not able to start normally.
Macro Virus is written in VBScript, and execute with Microsoft Office documents, like excel, powerpoint, word.
Worms spread over network by themselves by scaning and exploiting network vulnerabilities.
Spam or Junk emails, are unwanted emails that utilize system resource, or target user for credentials using phishing sites.
Collection of infected systems connect back to Command and Control Server for upload harvested data and fetching new commands.
These are viruses, which execute with certain condition met.
Spyware is type of software that control, monitor user activities on an infected system.
Adware is software displaying ads on infected system affiliated with ad networks.
Malware threats Countermeasure
- Keep system and antivirus upto date
- harden system
Network Service Provider Incident Response