In this lecture we will cover common security threats.
Privilege escalation
Privilege escalation is increase in permissions byond allowed permissions by security policy.
- Windows User to Administrator to System Account,
- Linux user account to root
- router user prompt to config prompt.
Types of Threats
- Intentional vs Unintentional
- insider vs outsider/internal vs external
Virus
Virus is self replicating program which reproduce itself on infected system. For spreading on other systems, virus depend human activity.
Types of Viruses
There are several types of viruses based on:
- Medium used to infect
- Technology used for virus developement
- Target infected
- Post exploitation activities
- Special characteristics to evade antivirus
Polymorphic
Virus mutate itself upon each replication to evade anitivrus signatures.
Stealth
Virus that remain hidden from antivirus and system administrator.
Retrovirus
Retrovirus target antivirus to evade AV detection. Retrovirus infect antivirus signature database.
Multipartite
Multipartite virus infect multiple places of Operating System. Idea is, during AV scanning and system clean, if there is any infected place left without cleaning, after OS restart infection process starts over again.
Armord
These are viruses equiped with special shields of protection from malware analyst, reverse engineers to make malware analsys harder.
Companion
It attaches itself with other legitimate programs.
phage virus
phage virus is destructive virus, which overwrites system program. After injection, orignal program is not able to start normally.
Macro Virus
Macro Virus is written in VBScript, and execute with Microsoft Office documents, like excel, powerpoint, word.
Worms
Worms spread over network by themselves by scaning and exploiting network vulnerabilities.
Spam
Spam or Junk emails, are unwanted emails that utilize system resource, or target user for credentials using phishing sites.
Botnets
Collection of infected systems connect back to Command and Control Server for upload harvested data and fetching new commands.
Logic Bomb
These are viruses, which execute with certain condition met.
Spyware
Spyware is type of software that control, monitor user activities on an infected system.
Adware
Adware is software displaying ads on infected system affiliated with ad networks.
Malware threats Countermeasure
- Keep system and antivirus upto date
- harden system
Network Service Provider Incident Response
- Prepare
- Identify
- Classify
- Traceback
- React
- Document