Security+

Lec 02- Evaluating Common Security Threats

zsahiLeave a comment

In this lecture we will cover common security threats.

Privilege escalation

Privilege escalation is increase in permissions byond allowed permissions by security policy.

  1. Windows User to Administrator to System Account,
  2. Linux user account to root
  3. router user prompt to config prompt.

Types of Threats

  • Intentional vs Unintentional
  • insider vs outsider/internal vs external

Virus

Virus is self replicating program which reproduce itself on infected system. For spreading on other systems, virus depend human activity.

Types of Viruses

There are several types of viruses based on:

  1. Medium used to infect
  2. Technology used for virus developement
  3. Target infected
  4. Post exploitation activities
  5. Special characteristics to evade antivirus

Polymorphic

Virus mutate itself upon each replication to evade anitivrus signatures.

Stealth

Virus that remain hidden from antivirus and system administrator.

Retrovirus

Retrovirus target antivirus to evade AV detection. Retrovirus infect antivirus signature database.

Multipartite

Multipartite virus infect multiple places of Operating System. Idea is, during AV scanning and system clean, if there is any infected place left without cleaning, after OS restart infection process starts over again.

Armord

These are viruses equiped with special shields of protection from malware analyst, reverse engineers to make malware analsys harder.

Companion

It attaches itself with other legitimate programs.

phage virus

phage virus is destructive virus, which overwrites system program. After injection, orignal program is not able to start normally.

Macro Virus

Macro Virus is written in VBScript, and execute with Microsoft Office documents, like excel, powerpoint, word.

Worms

Worms spread over network by themselves by scaning and exploiting network vulnerabilities.

Spam

Spam or Junk emails, are unwanted emails that utilize system resource, or target user for credentials using phishing sites.

Botnets

Collection of infected systems connect back to Command and Control Server for upload harvested data and fetching new commands.

Logic Bomb

These are viruses, which execute with certain condition met.

Spyware

Spyware is type of software that control, monitor user activities on an infected system.

Adware

Adware is software displaying ads on infected system affiliated with ad networks.

Malware threats Countermeasure

  • Keep system and antivirus upto date
  • harden system

Network Service Provider Incident Response

  1. Prepare
  2. Identify
  3. Classify
  4. Traceback
  5. React
  6. Document

Leave a comment