L4 Security and Protection Threats and Attacks
L4 Security and Protection Threats and Attacks
Matias
Computer Engineering Department
College of Engineering
• Differentiate between computer security and
protection
• Explain the security requirements triad
• Identify and classify computer security threats and
attacks
• Identify the types of computer malwares
• Name the worst computer malwares in history
Security Protection
Deals with external threats. Deals with internal threats.
Involves mechanisms such as Involves mechanisms such as
setting or changing protection adding, deleting users, verifying
information of a resource and whether a specific user is
checking whether that resource is authorized, using anti-malware
accessible by a user. software, etc.
Protection and security requires
that computer resources such as
CPU, software, and memory are
protected against unauthorized
access, viruses, worms etc.
This can be done by ensuring
integrity, confidentiality and
availability in the operating
system.
• Integrity
• Confidentiality
Ensuring timely and reliable access to and use of information. When access
to or use of information is disrupted, availability is lost.
• Passive attacks attempt to learn or make use of the information from
the system but does not affect system resources. They are very difficult
to detect because they don’t involve alteration of data.
SQL Zero-day
DoS Attack
Injection Exploit
Advanced
Persistent Ransomware DNS Attack
Threats
Malware Phishing MitM Attack
SQL Zero-day
DoS Attack
Injection Exploit
Advanced
Persistent Ransomware DNS Attack
Threats
• combination of 2 terms- Malicious and Software
• defined as malicious software which gets installed into the system
when the user clicks a dangerous link or email.
• malware can block access to critical components of the network,
damage the system, and gather confidential information, among
others.
• Malware that tries to replicate itself into other executable code. When
the infected code is executed, the virus also executes.
Type Description
Boot Sector Virus Damages or controls the boot sector on the drive,
rendering the machine unusable.
Attackers usually spread this virus type using a
malicious USB device.
Web Scripting Virus Most browsers have defenses against malicious
web scripts, but older, unsupported browsers have
vulnerabilities that allow an attacker to run code on
the local device.
Type Description
Browser Hijacker A virus that can change the settings on your browser
will hijack browser favorites, the home page URL,
your search preferences and redirect you to a
malicious site.
Resident Virus A virus that can access computer memory and sit
dormant until a payload is delivered is considered a
resident virus.
• Software application that performs automated tasks on command. Bad bots perform
malicious tasks that allow an attacker to remotely take control over an affected
computer. Infected machines are referred to as zombies.
2. Sobig
• Cybercriminal program masqueraded as legitimate computer software
attached to emails.
• It disrupted ticketing at Air Canada and interfered with countless other
businesses.
3. Klez
• The Klez worm sent fake emails, spoofed recognized senders and, among other
things, attempted to deactivate other viruses.
• released in several variants. It infected files, copied itself, and spread throughout
each victim’s network. It hung around for years, with each version more
destructive than the last.
4. ILOVEYOU
• A bogus “love letter” that looked like a harmless text file.
• Sent copies of itself to every email address in the infected machine’s outlook
contact list.
5. WannaCry
• Ransomware
• Caused massive productivity losses as businesses, hospitals, and government
organizations that didn’t pay were forced to rebuild systems from scratch.
• Computers with out-of-date operating systems were hit especially hard.
6. Zeus
• an online theft tool that hit the web in 2007 used to transfer money to secret
bank accounts.
• The Zeus botnet was a group of programs that worked together to take over
machines for a remote “bot master.”
7. Code Red
• Attacked websites of infected computers and delivered a distributed denial
of service (DDoS) attack on the U.S. White House’s website.
• It displayed the words “Hacked by Chinese!” across infected web pages, and
it ran entirely in each machine’s memory.
8. SQL Slammer
• Generated a number of random IP addresses and sent itself out to them in
hopes that they weren’t protected by antivirus software.
• Used these victim machines to launch a DDoS attack on several internet
hosts, significantly slowing internet traffic.
9. CryptoLocker
• displayed a red ransom note informing users that “your important files
encryption produced on this computer.” A payment window accompanied
the note.
• The virus’ creators used a worm called the Gameover Zeus botnet to make
and send copies of the CryptoLocker virus.
10. Sasser
• attacked Windows 2000, Windows Server 2003 and Windows XP, and caused
computers to slow down, crash and reboot frequently
• Popup windows, including ads (adware) or links to malicious websites.
• Your web browser home page changes, and you did not change it.
• Outbound emails to your contact list or people on your contact list alert you to
strange messages sent by your account.
• The computer crashes often, runs out of memory with few active programs, or a
blue screen of death in Windows.
• Slow computer performance even when running few programs or the computer
was recently booted.
• Unknown programs start when the computer boots or when you open specific
programs.
• Passwords change without your knowledge or your interaction on the account.
Malware Phishing MitM Attack
SQL Zero-day
DoS Attack
Injection Exploit
Advanced
Persistent Ransomware DNS Attack
Threats
Cybercriminals send malicious message that seem to come from legitimate resources.
The user is tricked into clicking the malicious link in the message, leading to malware
installation or disclosure of sensitive information like credit card details and login
credentials.
Malware Phishing MitM Attack
SQL Zero-day
DoS Attack
Injection Exploit
Advanced
Persistent Ransomware DNS Attack
Threats
Occurs when cyber criminals place themselves between a two-party communication.
Once the attacker interprets the communication, they may filter and steal sensitive
data and return different responses to the user.
Malware Phishing MitM Attack
SQL Zero-day
DoS Attack
Injection Exploit
Advanced
Persistent Ransomware DNS Attack
Threats
• A DoS attack aims to shut down a machine or network, making it
inaccessible to its intended users. DoS attacks accomplish this by flooding
the target with traffic, or sending it information that triggers a crash.
• A DDoS attack is a DoS attack that uses multiple computers or machines to
flood a targeted resource.
Malware Phishing MitM Attack
SQL Zero-day
DoS Attack
Injection Exploit
Advanced
Persistent Ransomware DNS Attack
Threats
A Structured Query Language (SQL) injection attack occurs when cybercriminals
attempt to access the database by uploading malicious SQL scripts.
Once successful, the malicious actor can view, change, or delete data stored in the
SQL database.
Malware Phishing MitM Attack
SQL Zero-day
DoS Attack
Injection Exploit
Advanced
Persistent Ransomware DNS Attack
Threats
A zero-day attack takes place when hackers exploit the flaw before developers have a
chance to address it. Zero-day exploit is the method used to perform this attack.
Malware Phishing MitM Attack
SQL Zero-day
DoS Attack
Injection Exploit
Advanced
Persistent Ransomware DNS Attack
Threats
An advanced persistent threat occurs when a malicious actor gains unauthorized
access to a system or network and remains undetected for an extended time in order
to mine sensitive data.
Malware Phishing MitM Attack
SQL Zero-day
DoS Attack
Injection Exploit
Advanced
Persistent Ransomware DNS Attack
Threats
Ransomware is a type of malware attack in which the attacker locks or encrypts the
victim’s data and threatens to publish or blocks access to data unless a ransom is
paid.
Malware Phishing MitM Attack
SQL Zero-day
DoS Attack
Injection Exploit
Advanced
Persistent Ransomware DNS Attack
Threats
A DNS attack is a cyberattack in which cybercriminals exploit vulnerabilities in the
Domain Name System (DNS). The attackers leverage the DNS vulnerabilities to
divert site visitors to malicious pages (DNS Hijacking) and exfiltrate data from
compromised systems (DNS Tunneling).