Cyber Security Fundamentals-III
Cyber Security Fundamentals-III
Malware
What is Malware?
• Malware (short for "malicious software") refers to programs designed to harm, exploit,
or gain unauthorised access to computer systems.
• It targets data, privacy, or functionality of devices.
Examples
• Virus-infected USB drives
• Ransomware encrypting user les (WannaCry)
• Spyware that tracks user activity (Keylogger)
fi
Why Should We Study Malware?
Worm
❖ De nition: Self-replicating malware that spreads across networks without user interaction.
Case Study: WannaCry Ransomware Worm (2017)
• How It Worked:
Exploited the EternalBlue vulnerability in Microsoft’s SMB protocol to spread without user intervention. It encrypted les and demanded
Bitcoin as ransom.
• Impact:
◦ Affected over 200,000 systems in 150 countries, including critical services like the UK NHS.
◦ Caused $4 billion in damages globally.
• Lessons:
◦ Patch vulnerabilities promptly.
◦ Segment networks to prevent worm-like propagation.
◦ Maintain up-to-date backups.
fi
fi
Types of Malware
Trojan Horse
❖ De nition: Malware disguised as legitimate software that performs malicious activities once executed.
Case Study: Zeus Trojan (2007)
• How It Worked:
Zeus targeted banking credentials by embedding itself in websites or phishing emails. Once installed, it monitored user
activity and sent sensitive data to attackers.
• Impact:
◦ Stole over $70 million from businesses and individuals globally.
◦ Evolved into a platform for distributing other malware.
• Lessons:
◦ Deploy multi-factor authentication (MFA) for online accounts.
◦ Educate users about phishing attacks and suspicious downloads.
fi
Types of Malware
Ransomware
❖ De nition: Encrypts user data and demands ransom for decryption.
Case Study: Ryuk Ransomware (2018)
• How It Worked:
Delivered via phishing emails or as a second-stage payload from TrickBot. Targeted high-value organizations like hospitals and
newspapers.
• Impact:
◦ One hospital system in the U.S. paid $1 million to recover patient records.
◦ Downtime led to disruptions in emergency services and critical care.
• Lessons:
◦ Implement of ine backups.
◦ Test ransomware recovery processes regularly.
◦ Use endpoint detection and response (EDR) tools to detect threats early.
fi
fl
Types of Malware
Rootkit
❖ De nition: Hides deep within a system, granting attackers administrative access.
Case Study: Stuxnet Rootkit (2010)
• How It Worked:
Stuxnet targeted Iranian nuclear facilities, hiding in programmable logic controllers (PLCs) to sabotage centrifuges.
• Impact:
◦ Delayed Iran's nuclear program signi cantly.
◦ Marked the rst major cyberattack targeting industrial control systems (ICS).
• Lessons:
◦ Secure ICS environments with network isolation.
◦ Conduct regular audits to detect anomalies.
fi
fi
fi
Types of Malware
Botnet
❖ De nition: A network of infected devices controlled by attackers, often used for DDoS attacks.
Case Study: Mirai Botnet (2016)
• How It Worked:
Exploited weak IoT device credentials to form a botnet, launching massive DDoS attacks on websites like Twitter and Net ix.
• Impact:
◦ Disrupted major online services for hours.
◦ Highlighted the vulnerabilities of IoT devices.
• Lessons:
◦ Use strong, unique passwords for IoT devices.
◦ Update IoT rmware regularly.
fi
fi
fl
Types of Malware
Cryptojacking
❖ De nition: Uses a victim’s computer to mine cryptocurrency without consent.
Case Study: Coinhive Cryptojacking (2017)
• How It Worked:
Websites embedded Coinhive scripts to mine cryptocurrency using visitors' CPUs without permission.
• Impact:
◦ Slowed down devices and increased energy costs for users.
◦ Affected thousands of websites, including government domains.
• Lessons Learned:
◦ Use browser extensions to block mining scripts.
◦ Monitor CPU usage for unexplained spikes.
fi
Malware Analysis
Malware Analysis
❖ Detecting new malware in pre-execution with similarity hashing:
❖ Malware detection on computers was based on heuristic features that identi ed particular
malware les by:
❖ code fragments
❖ hashes of code fragments or the whole le
❖ le properties
❖ combinations of these features.
fi
fi
fi
fi
Botnet Detection with Machine Learning
❖ Overview of Botnet
DDoS attacks
❖ DDoS attacks are one of the major botnet threats. A hacker can instruct all controlled bots to
continuously send access requests to a speci c network target at a speci c time.
❖ A large number of bots can launch DDoS attacks simultaneously, making DDoS attacks more
harmful and dif cult to defend against.
Any Questions??