Chapter 6:
Cyber-attacks and Malware
A cyberattack is a concerted effort by an individual or a group of people to
breach the information system belonging to another person/people. The
attacker is usually after some benefits from infiltrating the victim’s network.
The rate of cyberattacks has skyrocketed over the years, and officials are
worried. Despite measures being implemented to thwart similar attacks, this
has not prevented new attackers from joining the dark web. Businesses are
affected by cyberattacks every day, and there is no guarantee that they can
stop for good. Cybercrime is on the rise because people want to take
advantage of vulnerable business systems.
Most of the time, attackers are after ransom money and other times they do
it for fun. Others attack systems to retaliate against past treatment.
Cyberthreats are also being launched with wrong motives as some attackers
want to render systems useless to show that they are hacktivists. A network
that is infected by malicious software is known as a botnet. Attackers have
the ability to control botnet without its owner knowing what is happening.
They do this to increase the severity of their attacks. Most of the time, a
botnet is used to overwhelm systems by launching distributed denial of
services (DDoS).
There are different types of cyberattacks, and one of them is malware.
Malware is used to describe malicious software such as ransomware,
spyware, worms, and viruses. Malware takes advantage of a vulnerability to
launch an attack. It does this by sending malicious sites to victim’s pages,
and when they click, they are exposed to attacks. Users can also click on
dangerous email attachments which they proceed to install into their
systems. Once dangerous software is installed in a system, the attacker gets
an opportunity to launch attacks. Malware can do several things once it is
inside the computer system. It can block access to crucial components of
the network, get information by transferring data from the hard drive. It can
also install more deadly software to harm the system further. Malware can
interfere with some components and make the system useless. Once the
attacker has infiltrated the system, he can do virtually anything he wants.
There are different types of malware, but the most destructive and common
one is ransomware. It is meant to freeze files and demand ransom. The
number of cyber-attackers has increased with more opting to engage in
ransomware because of what they stand to gain. The thing that attackers do
is steal sensitive information and place huge ransom for it. In turn,
organizations pay heavily in exchange for the data. Attackers figured that
they could make more from stealing information and demanding a ransom.
Today, even after organizations pay huge sums of money to recover data,
they are not let off the hook. Attackers continue demanding more money,
while others do not return data after receiving payment. It becomes a cycle
of making a payment without getting the information. Moreover, some
attackers copy data in another folder and lie to victims that they have not
kept or shared the data with anyone else. They use the information as
leverage to demand more payment.
Another type of cyberattack is phishing. Phishing is the act of sending
dubious communication that seems to have come from a reputable source.
They are usually sent to email to convince the victim that they are valid.
Attackers use phishing techniques to steal sensitive information from
victims, such as credit card information. They can also do this to install
malware on the victim’s system. Few people can know when a phishing
technique is being used, and the majority fall for the trap. Another common
strategy attacker uses to obtain is information is Man in the Middle (MiM)
where they position themselves in the middle of a two-party transaction.
The attacker waits until he interrupts the traffic to filter and steal sensitive
information. There are two entry points for MiM attacks. When malware
has breached a system, the attacker can install the software to obtain access
to the victim’s information. Another way is to use unsecure points in a
system.
Another type of cyberattack is injection attacks, where data is injected into
a web application cheat the application and steal the right information. For
example, attackers can use log injection, SQL Injection, or code injection to
manipulate applications. DNS Spoofing is becoming a common method of a
cyberattack. It is a kind of computer security hacking where data is put in a
DNS revolver’s cache, making the name server to return the invalid IP
address.
Some attackers use brute force to steal information from clients. This is a
trial and error strategy where the attacker is not completely sure of what he
is doing but does it anyway. This kind of attack results in a lot of guesses
which attackers use to get data such as user password and bank details.
Criminals are the ones who use this method to crack encrypted data.
Alternatively, attackers can use session hijacking to steal information. It is
an attack on user protected sessions. Attackers steal cookies that store user
sessions to acquire data. Some users disable cookies, but the majority do
not know its significance. A denial of service attack is where services are
made unavailable to users. This is done by causing traffic to the target or
triggering a crash. The single system is used to cause a denial of service.
Another type of cyberattack is a dictionary attack, where a list of commonly
used passwords is checked to get the original password.
There are system-based attacks that expose users to risks. The first one is a
virus, a malicious software program sent to computer files without the
user’s knowledge. It multiplies by inserting its copies in other systems when
executed. Worms can also be used to carry out attacks. A worm is a type of
malware which replicates itself so that it can spread to other systems. It
works in a similar way like a virus and comes from email attachments that
fool victims into thinking that they come from trusted sources. Backdoor is
a method that uses scrupulous tactics to bypass the verification process. A
backdoor can be created to enable access to an application. Attackers also
use the Trojan horse tactic to access systems. This is a malicious program
that causes unexpected changes to computer settings. It cheats users of its
true intention and looks like a normal application, but when it is opened,
malicious codes run in the system. Some attackers prefer to use Bots to
infiltrate into systems. This is an automated process that interacts with other
services, and examples include malicious bots, chatroom bots, and crawlers.
Companies have realized that paying attackers will not make the problem
go away. If anything, it makes things worse. Other types of malware
include Adware, Rootkits, Bots, Spyware, Viruses, and Remote Access
Tool. Adware is a software that not only downloads but also displays
unwanted ads that enable attackers to collect data without users’
knowledge. Many attackers are using Adware because it allows them to
carry out attacks without being detected. It is also used to redirect searches
to specific web pages. Organizations that are having low traffic on their
pages can hire attackers to redirect users to their websites. This is a popular
strategy used to cheat users into visiting unwanted web pages. Some use it
to draw customers from visiting rival’s websites. Bots is an automated
script that takes control of a computer. It enables attackers to launch attacks
on the Internet. Spyware is a software used by attackers to steal
information. It works by sending data from the hard drive without the user’s
knowledge. The number of people who use spyware has increased over
time because of its accessibility and ease of use.
Rootkits are software meant to conceal the fact that a system is infiltrated
by changing vital executables. They allow malware to stay in the open by
copying normal files. It is crucial to understand how malware gets into the
system. Cyber-attackers have found clever ways to maneuver security
solutions and such as firewalls and antivirus. They know that humans are
unpredictable and use weak links against them. One such way malware gets
into systems is through phishing, where corrupted links are sent to users.
Because users have been warned against clicking suspicious links, attackers
have adopted clever ways tactics of getting into systems. They use
malicious ads to get victims. Nowadays, attackers buy ads from the Internet
and inject malicious codes into them. What makes these ads dangerous is
the fact that it is not a must for the victim to click them for the system to be
infected with malware. However, this method requires skills, and most
attackers lack the patience and willpower to learn. However, some attackers
are learning this new technique of infecting systems with malware, and it is
proving deadly.
Once malware is in a system, its goal is to communicate to the attacker who
sent it. It does not work alone but receives orders from command and
control servers. These servers are hidden on the Internet, and users have no
way of spotting them. Many attackers use DNS to get their malware map a
domain to an IP location which helps to manage victims. It also allows easy
access even when the user adds or removes features. The servers are the
ones that command malware to steal information, spread risk to other
computers, capture keystrokes, and enable the camera. It also gives the
command to erase avoid detection. Attackers have mastered the skills, and
it has become hectic, if not impossible, to catch them. When an attacker
erases the server after attacking a system, it is difficult to know an attack
happened.
Cybersecurity refers to the process of protecting networks, programs, and
devices from attacks. Cyberattacks are on the rise, and organizations are
taking steps to protect themselves. The best defense against cyberattacks is
to have strong cybersecurity and layer protections across systems. For a
cybersecurity program to work, it needs strong cyber defense decisions and
technology. The good news that you do not need to be a security specialist
to protect yourself from attacks. There are various types of cyberthreats
that threaten devices each day, and they fall into three groups, integrity,
confidentiality, and availability. Attacks on confidentiality include things
like stealing identity information and bank details. Attackers usually steal
confidential information and sell them on the dark web.
They are then used by people who are far away. Attacks on availability
occur when attackers block users from accessing their information until
they pay a ransom. Attackers infiltrate the victim’s network and block him
from accessing the site. Organizations sometimes pay the ransom and
address the security issue afterward to avoid vulnerability. Attacks on
integrity occur when personal information is leaked and influence people to
lose trust in you. Cybersecurity has evolved over the years to include
sophisticated strategies for ensuring safety. Businesses protect themselves
on the Internet by staying informed and be careful about what they share
online. There is a reason why they say the Internet is forever. Companies
that did not see the need for cybersecurity are now employing security
specialists to address their areas of concern and ensure safety. There is no
strategy guarantees safety on the Internet, but implementing security
measures such as using antivirus and firewall goes a long way in curbing
attacks. More and more people are implementing security measures.
VPN stands for Virtual Private Network and is a type of service that
protects user privacy while on the Internet. It does this by encrypting
online traffic to safeguard sensitive information from attackers when you
are on the Internet. Organizations can use VPNs to protect themselves from
hackers. It also hides the IP address and protects your identity online. The
Internet is a dangerous space, and you must take measures into your own
hands to protect yourself. People or companies that use VPN enjoy online
anonymity and helps them to bypass limitations set to prevent people from
accessing certain web pages. On the other hand, a firewall is a hardware or
software that monitors incoming and outgoing network traffic.
It can be employed to safeguard computers by blocking access to unsafe
websites. It also works by denying some programs connected to a web
page. The role of a firewall is to ascertain that malicious files and
unauthorized users have no access to systems connected to the web.
Companies that this step to protect themselves from outside intrusion.
Firewalls can also be used to block many websites and online services.
Whether a firm chooses to employ a VPN or a virus is entirely up to them.
The most important thing is that they are safe from attacks.
Malware icon
No malware icon
Laptops infected with malware
Malware explained
Malware icon
|
