Course Title: Computer

Security
(Course Code: Cosc4035 )
Chapter 2

Computer Security Threats and

Attacks
 Outline
Outline

Computer
Computer Threat
Threat
Class
Class of
of Attacks
Attacks
Program
Program flaws
flaws
Program
Program Security
Security Defenses
Defenses
Database
Database management
management
systems security
 Computer Security Threats

 A
A computer
computer security
security threat
threat isis aa
potential
potential or
or aa possible/likelihood
possible/likelihood
violation
violation ofof security;
security; it it is
is any
any
person,
person, act,
act, or
or object
object that
that poses
poses aa
danger
danger to
to computer
computer security
security
 A
A computer
computer system
system threat
threat in in
general
general cancan include
include anything
anything
deliberate,
deliberate, unintended,
unintended, or or caused
caused
by
by natural
natural calamity
calamity that
that effects
effects in
in
data
data loss/manipulation
loss/manipulation or
or
3
physical
physical destruction
destruction of of hardware.
hardware. 12/23/24
 Computer Security Threats

 An
An entity
entity oror agent
agent that
that carrying
carrying
out
out the
the threat
threat or
or that
that attacks
attacks aa
computer
computer system
system is
is referred
referred to
to as
as
threat
threat agent
agent (Adversary)
(Adversary) or or
Attacker.
Attacker.
E.g.
E.g. all
all hackers
hackers in
in the
the world
world
 Threat
Threat agent:
agent: A
system
A
system
entity
entity that
that performs
performs aa
threat
threat action,
action, or
or an
an event
event
4 that
that results in a
results in a threat
threat 12/23/24
 Computer Security Threat Action
 Threat
Threat action
action is
is realization
realization of
of aa threat,
threat,
i.e.,
i.e., an
an occurrence
occurrence in
in which
which system
system security
security
is
is assaulted
assaulted asas the
the result
result of
of either
either an
an
accidental
accidental event
event oror an
an intentional
intentional act.
act.
Threat
Threat action
action =>
=> Attack
 Threat
Threat action
action or
Attack
or Attack
Attack is is an
an assault
assault
on
on system
system security.
security.
 Computer
Computer world
world is
is full
full of
of threats!
threats!
viruses,
viruses, worms,
worms, crackers,
crackers, etc.
etc.
…
… refer
refer to
to the
the assignment
assignment …end
…end of
of this
this slide
slide
And
And so
so is
is the
the real
real world!
world!

 Thieves,
Thieves, pick-pockets,
pick-pockets, burglars,
burglars,
murderers,
murderers, drunk
drunk drivers,
drivers, …
…
5 12/23/24
 Threat Consequences
Threat
Threat consequence
consequence is is aa security
security violation
violation
that
that results
results from
from aa threat
threat action.
action.
According
According to to RFC
RFC 4949,
4949, four
four different
different type
type
of
of threats
threats consequences.
consequences.
Unauthorized
Unauthorized disclosure
disclosure
Deception
Deception
Disruption
Disruption
Usurpation
Usurpation

 R.
R. Shirey,
Shirey, Internet
Internet Security
Security Glossary
Glossary in
in RFC
RFC
4949,
4949, Internet
Internet Engineering
Engineering Task
Task Force
Force
https://datatracker.ietf.org/doc/html/rfc4949
https://datatracker.ietf.org/doc/html/rfc4949

6 12/23/24
 Threat Consequences
 Unauthorized
Unauthorized disclosure
disclosure
 AA circumstance
 circumstance or or condition
condition whereby
whereby an an
entity/intruders
entity/intruders gains
gains access
access to
to data
data for
for which
which they
they
are
are not
not authorized.
authorized.

⇒⇒ Confidentiality
Confidentiality threats.
threats.
 Attacks (Threat action)
Attacks (Threat action)

 The
The following
following four
four major
major threat
threat actions
actions can
can cause
cause
aa threat
threat consequence
consequence ofof unauthorized
unauthorized disclosure
disclosure
 Exposure:
Exposure: AA threat
threat action
action whereby
whereby sensitive
sensitive data
data is
is
directly
directly released
released toto an
an unauthorized
unauthorized entity.
entity.
 Interception:
Interception: AA threat
threat action
action whereby
whereby an
an
unauthorized
unauthorized entity
entity directly
directly accesses
accesses sensitive
sensitive data
data
travelling
travelling between
between authorized
authorized sources
sources and
and
destinations.
destinations. Interception
Interception also
also called
called Snooping
Snooping
 Inference:
Inference: AA threat
threat action
action whereby
whereby an an unauthorized
unauthorized
entity
entity indirectly
indirectly accesses
accesses sensitive
sensitive data
data by
by reasoning
reasoning
from
from characteristics
characteristics or
or byproducts
byproducts of
of
communications.
communications.
7  Intrusion:
Intrusion: AA threat
threat action
action whereby
whereby an an unauthorized
unauthorized12/23/24
 Threat Consequences
 Deception
Deception
 A
 A circumstance
circumstance or or event
event that
that may
may result
result in
in an
an
authorized
authorized entity entity receiving
receiving false
false data
data andand
believing
believing it it to
to be
be true.
true.

⇒⇒ Integrity
Integrity threats.
threats.
 Attacks
Attacks (Threat
(Threat action)
action)

 The
The following
following three
three major
major threat
threat actions
actions can
can
result
result in
in aa Deception
Deception threat
threat consequence
consequence
 Masquerade:
Masquerade: A A threat
threat action
action whereby
whereby an an
unauthorized
unauthorized entity
entity gains
gains access
access toto aa system
system oror
performs
performs aa malicious
malicious act act byby posing
posing as as anan
authorized
authorized entity.
entity.
 Falsification:
Falsification: A
A threat
threat action
action whereby
whereby false
false data
data
deceives
deceives an
an authorized
authorized entity.
entity. This
This refers
refers to
to the
the
altering/modifying
altering/modifying oror replacing
replacing ofof valid
valid data
data with
with
false
false data.
data.
8
 Repudiation:
Repudiation: A A threat
threat action
action whereby
whereby an an entity
entity
12/23/24
 Threat Consequences
 Disruption
Disruption
 A
 A circumstance
circumstance or or event
event that
that interrupts
interrupts or
or
prevents
prevents the the correct
correct operation
operation of of system
system
services
services and
and functions.
functions.

⇒⇒ Availability
Availability oror Integrity
Integrity threats.
threats.
 Attacks
Attacks (Threat
(Threat action)
action)

 The
The following
following three
three major
major threat
threat actions
actions can
can
result
result in
in aa Disruption
Disruption threat
threat consequence
consequence
 Incapacitation:
Incapacitation: AA threat
threat action
action that
that prevents
prevents or
or
interrupts
interrupts system
system operation
operation by by disabling
disabling aa
system
system component.
component.
 Corruption:
Corruption: A A threat
threat action
action that
that undesirably
undesirably
alters
alters system
system operation
operation byby adversely
adversely modifying
modifying
system
system functions
functions or
or data.
data.
 Obstruction:
Obstruction: A A threat
threat action
action that
that interrupts
interrupts
delivery
delivery of
of system
system services
services by
by hindering
hindering system
system
9 operations.
operations. 12/23/24
 Threat Consequences
 Usurpation
Usurpation

A circumstance
A circumstance or or event
event that
that results
results in
in the
the
control
control ofof system
system services
services or
or functions
functions byby an
an
unauthorized
unauthorized entity.
entity.

⇒⇒ Integrity
Integrity threats.
threats.
 Attacks
Attacks (Threat
(Threat action)
action)

 The
The following
following two
two major
major threat
threat actions
actions can
can
cause
cause aa Usurpation
Usurpation threat
threat consequence
consequence
 Misappropriation:
Misappropriation: A A threat
threat action
action whereby
whereby anan
entity
entity assumes
assumes unauthorized
unauthorized logical
logical or
or physical
physical
control
control of
of aa system
system resource.
resource.
 "Theft
 "Theft ofof service"
service" ⇒
⇒ Unauthorized
Unauthorized use
use of
of service
service by
by
an
an entity.
entity.

 "Theft
"Theft ofof functionality"
functionality" ⇒
⇒ Unauthorized
Unauthorized acquisition
acquisition
of
of actual
actual hardware,
hardware, software,
software, or
or firmware
firmware of of aa
system
system component.
component.

 "Theft
"Theft ofof data"
data" ⇒
⇒ Unauthorized
Unauthorized acquisition
acquisition and
and use
use
10 of
of data.
data.
12/23/24
 Summary of Threat Consequences
Threat Consequence Threat Action (attack)
Unauthorized Disclosure Exposure: Sensitive data are directly released to an unauthorized
A circumstance or entity.
event whereby an entity Interception: An unauthorized entity directly accesses sensitive
gains access to data for data traveling between authorized sources and destinations.
which the entity is not Inference: A threat action whereby an unauthorized entity
authorized. indirectly accesses sensitive data (but not necessarily the data
contained in the communication) by reasoning from
characteristics or byproducts of communications.
Intrusion: An unauthorized entity gains access to sensitive data by
circumventing a system's security protections.

11 12/23/24
 Summary of Threat Consequences

12 12/23/24
 Threats Types
Based
Based onon the
the intent
intent of
of the
the threat,
threat,
there
there are
are three
three major
major types
types of
of threats.
threats.
 Natural
Natural threats:
threats: These
These threats
threats
arise/originated/result
arise/originated/result from
from natural
natural
occurrences
occurrences and and phenomena,
phenomena, such such asas
earthquakes,
earthquakes, floods,
floods, hurricanes,
hurricanes,
wildfires,
wildfires, or
or diseases.
diseases.
 Intentional
Intentional threats:
threats: These
These threats
threats are
are
deliberate
deliberate and
and caused
caused
by/arise/originated/result
by/arise/originated/result from from human
human
intent,
intent, such
such as as acts
acts of of terrorism,
terrorism,
sabotage,
sabotage, oror cyber
cyber attacks.
attacks.
13
 Unintentional
Unintentional threats:
threats: These
These threats
threats are
are
12/23/24
 Threats Types

Generally
Generally,, the
the three
three major
major types
types of
of
threats
threats are
are
 Natural
Natural threats
threats ⇒
⇒ acts
acts of
of nature
nature
that
that can
can bebe unpredictable
unpredictable in in
terms
terms ofof onset,
onset, duration
duration and
and
impact.
impact.
 Intentional
Intentional ⇒ ⇒ deliberately
deliberately toto
Compromise
Compromise the
the entire
entire
computing
computing system.
system.
 Unintentional
Unintentional ⇒ ⇒ Accidental
Accidental or
or
14 Unintended,
Unintended, oftentimes
oftentimes be
be12/23/24
 Threats Types

Based
Based on
on the
the source
source ofof the
the threat,
threat,
there
there are
are two
two types
types of
of threats
threats

 Internal
Internal threats
threats ⇒⇒ are
are those
those that
that
originate
originate from
from within
within an
an organization.
organization.
 Can
 Can be be caused
caused by by employees,
employees,
contractors,
contractors, or
or other
other individuals
individuals who
who
have
have authorized
authorized access
access to to an
an
organization's
organization's systems.
systems.

 Can
Can include
include malicious
malicious acts,
acts, such
such as
as
sabotage
sabotage or or theft,
theft, asas well
well asas
accidental
accidental acts,
acts, such
such asas data
data entry
entry
15
errors.
errors. 12/23/24
 Threats Types

Based
Based on
on the
the source
source ofof the
the threat,
threat,
there
there are
are two
two types
types of
of threats
threats

 External
External threats
threats ⇒
⇒ are
are those
those that
that
originate
originate from
from outside
outside of
of an
an
organization.
organization.
 can
 can bebe caused
caused by by individuals
individuals oror
organizations
organizations that
that dodo not
not have
have
authorized
authorized access
access to
to an
an
organization's
organization's systems.
systems.

 can
can include
include malicious
malicious acts,
acts, such
such as
as
hacking
hacking or or phishing,
phishing, asas well
well as
as
116 denial-of-service
denial-of-service attacks
attacks 12/23/24
 Threats Types

Based
Based on
on the
the nature
nature of
of the
the threat
threat and
and
the
the potential
potential type
type of
of damage
damage they
they can
can
cause,
cause, also
also two
two threat
threat types
types

 Physical
Physical threats
threats ⇒
⇒ threats
threats that
that cause
cause
impairment
impairment to to hardware
hardware or or theft
theft toto
system
system or
or hard
hard disk
disk that
that holds
holds critical
critical
data.
data.
 Nonphysical
Nonphysical threats
threats ⇒⇒ target
target the
the data
data
and
and the
the software
software onon thethe computer
computer
systems
systems by
by corrupting
corrupting thethe data
data or
or by
by
exploiting
exploiting the
the errors
errors in
in the
the software.
software.
17 12/23/24
 Threats Types

Example
Example
 Physical
Physical threats
threats
Hardware
Hardware failure:
failure: This
This can
can be
be caused
caused by
by aa
number
number of of factors,
factors, such
such as
as power
power surges,
surges,
overheating,
overheating, or or physical
physical damage.
damage.
Theft:
Theft: Computers
Computers can can be be stolen
stolen from
from
homes,
homes, offices,
offices, or
or other
other locations.
locations.
Vandalism:
Vandalism: Computers
Computers can can be
be damaged
damaged byby
vandals
vandals whowho break
break into
into buildings
buildings or
or homes.
homes.
Natural
Natural disasters:
disasters: Computers
Computers can can bebe
damaged
damaged by by natural
natural disasters
disasters such
such asas
floods,
floods, fires,
fires, or
or earthquakes.
earthquakes.
18 12/23/24
 Threats Types
Example
Example
 Nonphysical
Nonphysical threats
threats
 Malware:
Malware: Software-based
Software-based threats
threats like
like viruses,
viruses,
worms,
worms, Trojans,
Trojans, ransomware,
ransomware, or or spyware
spyware thatthat
manipulate
manipulate or or exploit
exploit vulnerabilities
vulnerabilities in in computer
computer
systems
systems oror networks.
networks.
 Data
Data Breaches:
Breaches: Unauthorized
Unauthorized access,
access, theft,
theft, or
or
exposure
exposure of of sensitive
sensitive or
or private
private data,
data, including
including
personal
personal information,
information, financial
financial records,
records, or or
intellectual
intellectual property.
property.
 Phishing
Phishing andand Social
Social Engineering:
Engineering: Techniques
Techniques thatthat
manipulate
manipulate individuals
individuals into
into revealing
revealing confidential
confidential
information,
information, usually
usually byby impersonating
impersonating trusted
trusted
entities
entities or
or by
by exploiting
exploiting human
human psychology.
psychology.
 Denial
Denial ofof Service
Service (DoS)
(DoS) Attacks:
Attacks: Overwhelming
Overwhelming
computer
computer systems
systems oror networks
networks with
with excessive
excessive traffic
traffic
19 or
or requests
requests toto make
make them
them unavailable
unavailable toto legitimate
legitimate
12/23/24
 Threats Types
Nonphysical
Nonphysical threats/Software
threats/Software threats
threats

 Malware
Malware

 Malicious
Malicious code
code also
also called
called Malware
Malware
is
is harmful
harmful computer
computer programming
programming
scripts
scripts designed
designed to to create
create or
or exploit
exploit
system
system vulnerabilities
vulnerabilities

 This
This code
code isis designed
designed by by aa threat
threat
actor
actor to to cause
cause unwanted
unwanted changes,
changes,
damage,
damage, or or ongoing
ongoing access
access to to
computer
computer systems
systems

 oror it
it is
is created
created byby writing
writing changes
changes
20 or
or add-ons
add-ons to
to the
the existing
existing
12/23/24
 Malware Types
Malware
Malware
 Malware:
Malware: aa group
group of
of destructive
destructive
programs
programs

 Malicious
Malicious code
code may
may result
result in
in

back
back doors,
doors, security
security breaches,
breaches,
information
information and
and data
data theft,
theft, and
and

other
other potential
potential damages
damages to
to files
files and
and
computing
computing systems.
systems.

Many
Many malicious
malicious code
code types
types can
can
harm
harm your
your computer
computer byby finding
finding entry
entry
21
points
points that
that lead
lead to
to your
your precious
precious
12/23/24
 Malware Types
Malware
Malware
 Among
Among the
the ever-growing
ever-growing list,
list, here
here are
are
some
some common
common malwares/culprits.
malwares/culprits.

Viruses
Viruses  Ransomware

Worms
Worms  Cryptominers

Trojan
Trojan horses
horses  Mobile Malware

Spywares  Banking Trojans
Spywares

Adwares  Identity theft ,
Adwares

Scam
Logicbombs
Logicbombs
 Rootkit, Spam

 Anon-virus
22 Anon-virus Virus
Virus or
or Hoax

Hoax 12/23/24
Phishing
 Malware Types
Virus
Virus
 Viruses
Viruses

 “A
“A small
small program
program that
that replicates
replicates and
and
hides
hides itself
itself inside
inside other
other programs
programs
usually
usually without
without your
your knowledge.”
knowledge.”

Similar
Similar to
to biological
biological virus:
virus: Replicates
Replicates
and
and Spreads
Spreads byby some
some actions
actions
 Viruses
Viruses

AA piece
piece of
of code,
code, any
any action
action (i.e.
(i.e. from
from
displaying
displaying aa messages
messages to
to erasing
erasing
data)
data)
23 12/23/24

 Malware Types
Virus
Virus

 Two
Two major
major categories
categories of
of viruses:
viruses:
 Boot
Boot sector
sector virus
virus ::

infect
infect boot
boot sector
sector of
of systems.
systems.

activate
activate while
while booting
booting machine
machine
 File
File virus
virus ::

infects
infects program
program files.
files.

activates
activates when
when program
program is
is run
run

 Note:
Note: the
the classification
classification of
of aa malware
malware as
as
aa virus
virus or
or aa worm
worm is
is not
not universally
universally
24 agreed
agreed upon
upon 12/23/24
 Malware Types
Worms
Worms
 Worms
Worms
 are are also
also self-replicating
self-replicating and and self-
self-
spreading
spreading code code like
like viruses
viruses but but dodo not
not
require any further action to do so.
 Worms
require
Worms
any further action to do so.
 An
An independent
independent program
program that that reproduces
reproduces
by
by copying
copying itself
itself from
from oneone computer
computer to to
another
another (via(via networks)
networks)
 It
It can
can do
do as
as much
much harm
harm as as aa virus
virus
 It often creates denial of service
 OnceIt often creates denial
Once a computer worm has arrived
a computer worm of
has service
arrived onon your
your
device,
device, itit can
can execute
execute entirely
entirely on on their
their own
own
without
without any any assistance
assistance fromfrom aa user-run
user-run
25
program. 12/23/24
 Malware Types
Trojan
Trojan horses
horses
 Trojan
Trojan horses
horses

 AA Trojan
Trojan horse,horse, appearing
appearing to to bebe
nonthreatening
nonthreatening software,software, butbut Secretly
Secretly
downloading
downloading aa virus virus or
or some
some other
other type
type of
of
mal-ware
mal-ware on on toto your
your computers.
computers.

The
The program
program does does what
what the
the user
user expects
expects
but
but it
it does
does more,
more, unnoticed
unnoticed by
by the
the user
user
 Trojan
Trojan horse
horse

 Trojan
Trojan horses
horses are are decoy
decoy files
files that
that carry
carry
malicious
malicious codecode payloads,
payloads, requiring
requiring aa user
user
to
to use
use the
the file
file or
or program
program to
to execute.
execute.

 Doesn’t
Doesn’t replicate
replicate -- pretend
pretend to
to be
be aa useful
useful utility
utility
26 12/23/24
for installation
 Malware Types
Spy-wares
Spy-wares

 Spy-wares
Spy-wares

 “A
“A software
software that
that literally
literally spies
spies on
on what
what you
you
do
do on
on your
your computer”
computer”

 Gathers
Gathers user
user infoinfo and
and send
send it
it to
to aa central
central
site.
site.

 Spyware
Spyware is is aa type
type ofof malicious
malicious software
software or or
malware
malware that
that is is installed
installed on
on aa computing
computing
device
device without
without the the end
end user's
user's knowledge.
knowledge.

 It It invades
invades the the device,
device, steals
steals sensitive
sensitive
information
information and and internet
internet usage
usage data,
data, and
and
relays
relays itit to
to advertisers,
advertisers, data
data firmsfirms oror
27
external
external users.
users. 12/23/24
 Malware Types
Spy-wares
Spy-wares
 Spy-wares
Spy-wares

 Any
Any software
software can
can be
be classified
classified as
as spyware
spyware if
if
it
it is
is downloaded
downloaded without without thethe user's
user's
authorization.
authorization.

 Spyware
Spyware is is controversial
controversial because,
because, even
even
when
when it
it is
is installed
installed for
for relatively
relatively innocuous
innocuous
reasons,
reasons, itit can
can violate
violate the
the end
end user's
user's privacy
privacy
and
and has
has the
the potential
potential to
to be
be abused.
abused.

Example
Example

 Simple
Simple Cookies:
Cookies: any
any data
data that
that the
the cookie
cookie saves
saves
can
can be
be retrieved
retrieved by
by any
any website,
website, so so your
your entire
entire
Internet
Internet browsing
browsing history
history can
can be
be tracked
tracked

 Key
Key Loggers:
Loggers: record
record all
all of
of your
your keystrokes;
keystrokes; the
the
29 most
most common
common use use of
of aa key
key logger
logger isis to
to capture
12/23/24
capture
 Malware Types
Spy-wares
Spy-wares
 Legal
Legal Uses
Uses of
of Spyware
Spyware

 Employers
Employers may
may use
use spyware
spyware as
as aa means
means of
of
monitoring
monitoring employee
employee use use of of company
company
technology
technology ..

 Parents
Parents may
may useuse this
this type
type of
of software
software on on
their
their home
home computer
computer to to monitor
monitor thethe
activities
activities of
of their
their children
children onon the
the internet
internet to
to
protect
Adwares
protect their
their children
children from
from online
online predators
predators
Adwares
Adware:
Adware:

aa piece
piece of
of spyware
spyware that
that downloads
downloads to
to your
your PC
PC
when
when you
you visit
visit certain
certain websites.
websites.
29 12/23/24
 Malware Types
Adwares
Adwares
 Adware
Adware

 It
It is
is benign
benign in
in that
that it
it causes
causes no
no direct
direct harm
harm
to
to aa system
system or or files,
files, nor
nor does
does it
it gather
gather
sensitive
sensitive information
information fromfrom aa PC.
PC.

 However,
However, it it is
is incredibly
incredibly annoying
annoying as as it
it
saturates
saturates aa machine
machine with with unwanted
unwanted adsads
Logic
Logic bomb
bomb
 Logic
Logic bomb
bomb

Software
Software that
that lays
lays dormant
dormant until
until some
some specific
specific
condition
condition isis met;
met; that
that condition
condition isis usually
usually aa
date
date and
and time;
time; when
when the
the condition
condition isis met,
met, the
the
software
software does
does some
some malicious
malicious act
act such
such asas
30
deleting
deleting files,
files, altering
altering system
system configuration,
configuration,12/23/24
 Malware Types
A
A Nonvirus
Nonvirus Virus
Virus or
or aa Hoax
Hoax

 Another
Another new
new type
type of
of virus
virus that
that doesn’t
doesn’t contain
contain
any
any code
code instead
instead relying
relying on on the
the gullibility
gullibility of
of
the
the users
users toto spread
spread –– it
it often
often uses
uses emotional
emotional
subjects.
subjects.

 Rather
Rather than than actually
actually writing
writing aa virus,
virus, aa
perpetrator
perpetrator sendssends an
an e-
e- mail
mail toto every
every address
address
he
he has.
has.

 The
The e-mail
e-mail claims
claims to
to be
be from
from some
some well-known
well-known
antivirus
antivirus center
center and
and warns
warns of of aa new
new virus
virus that
that
is
is circulating.
circulating.

 The
The e-mail
e-mail instructs
instructs people
people to to delete
delete some
some file
file
from
from their
their computer
computer toto get
get rid
rid of
of the
the virus.
virus.

 The
31 The file,
file, however,
however, isis not
not really
really aa virus
virus but
but part
part
12/23/24
 Malware Types
Ransomware
Ransomware
 isis malware
malware designed
designed to
to use
use encryption
encryption to
to force
force
the
the target
target of
of the
the attack
attack to to pay
pay aa ransom
ransom
demand,
demand, How
How ??
 Encrypts
Encrypts the
the User’s
User’s files
files and
and demands
demands
payment
payment in
in exchange
exchange for
for the
the decryption
decryption key
key
Cryptominers
Cryptominers
 Malware
Malware that
that uses
uses the
the victim’s
victim’s machine
machine to to
mine
mine cryptocurrency
cryptocurrency and
and make
make aa profit
profit for
for the
the
attacker
attacker
Mobile
Mobile Malware
Malware
 Malware
Malware targeting
targeting mobile
mobile devices,
devices, including
including
malicious
malicious applications
applications and
and attacks
attacks exploiting
exploiting
32
SMS
SMS and
and social
social media
media apps
apps
12/23/24
 Malware Types
Infostealers
Infostealers
 Malware
Malware that
that collects
collects sensitive
sensitive information
information
from
from an
an infected
infected computer
computer and
and sends
sends it
it to
to the
the
malware
malware operator.
operator.
Banking
Banking Trojans
Trojans
 Malware
Malware that
that specifically
specifically targets
targets financial
financial
information
information
Phishing
Phishing
 ”Trick
”Trick aa user
user into
into clicking
clicking on
on aa malicious
malicious link”
link”
⇓
⇓
”Opening
”Opening an
an attachment”
attachment”
 To
To locate
locate and
and successfully
successfully exploit
exploit aa
33 vulnerability
vulnerability 12/23/24
 More detail about Viruses
Most
Most software
software based
based Threats/attacks
Threats/attacks areare
commonly
commonly called
called Viruses:
Viruses: HowHow do do
viruses work?
 Infection
viruses work?
Infection mechanisms
mechanisms

 First,
First, the
the virus
virus should
should search
search for
for
and
and detect
detect objects
objects to
to infect
infect

 Installation
Installation into
into thethe infectable
infectable
object
object

 Writing
Writing on
on the
the boot
boot sector
sector

 Add
Add some
some code
code to
to executable
executable programs
programs

 Add
Add some
some code
code to
to initialization/auto-
initialization/auto-
executable
executable programs
programs

 Write
Write aa macro
macro in
in aa word
word file
file
34 
 Read your email address book etc. …
12/23/24
 How do viruses work?
How
How do
do viruses
viruses work?
work? …
…
 Trigger
Trigger mechanism
mechanism

 Date
Date

 Number
Number of
of infections
infections

 First
First use
use
 Effects:
Effects: It
It can
can be
be anything
anything

 Displaying
Displaying aa message
message

 Deleting
Deleting files
files

 Formatting
Formatting disk
disk

 Overloading
Overloading processor/memory
processor/memory

 Changing
Changing system
system settings
settings

 Etc.
35 Etc. 12/23/24
 Viruses Phases?
Phases
Phases of
of Viruses
Viruses

 Most
Most Malware
Malware have have thethe following
following
phases
phases while
while affecting
affecting your
your computer
computer
system:
system:
 Dormant
Dormant phase:
phase:
It
It does
does nothing
nothing at at this
this phase.
phase.
This
This is
is intended
intended to to create
create aa sense
sense
of
of trust
trust in
in the
the user.
user.
The
The virus
virus isis idle
idle
 Will
Will eventually
eventually be be activated
activated by
by
some
some event
event
 Not
36 Not all
all viruses
viruses hashas this
this stage
stage 12/23/24
 Viruses Phases?
Phases
Phases of
of Viruses
Viruses
 Propagation
Propagation phase:
phase:

 At
At this
this stage
stage most
most malwares
malwares duplicates
duplicates
itself
itself without
without making
making damage
damage

 The
The virus
virus places
places anan identical
identical copy
copy ofof
itself
itself into
into other
other programs
programs or or into
into aa
certain
certain system
system areas
areas onon the
the disk.
disk.
 Triggering
Triggering phase:
phase:

The
The virus
virus is is triggered
triggered by by some
some
occurrence
occurrence suchsuch as
as date
date oror aa particular
particular
number
number of of replications,
replications, or or aa certain
certain
sequence
sequence of of keystroke.
keystroke.

The
The virus
virus isis activated
activated to to perform
perform thethe
function
function for
for which
which itit was
was intended
intended
37 12/23/24

 Viruses Phases?
Phases
Phases of
of Viruses
Viruses
 Damaging
Damaging or or Execution
Execution phase:
phase:
 At
 At this
this stage,
stage, the
the virus
virus does
does whatever
whatever the the
author
author impended
impended it it to
to do
do (the
(the function
function is is
performed)
performed) such
such as as

 Formatting
Formatting the the hard
hard disk disk thereby
thereby
destroying
destroying all
all the
the data
data inin it,
it,

 Reserving
Reserving space
space on on disk
disk so so that
that files
files
cannot
cannot bebe stored
stored on on it,
it,

 Transposing
Transposing characters
characters in in aa data
data file,
file,

 Displaying
Displaying aa greeting
greeting message
message on on the
the
screen
screen etc.
etc. ..

 There
There are
are also
also some
some of of them,
them, which
which
38 play
play music.
music. OrOr 12/23/24
 How Virus Designed ?
Method:
Method: design
design of
of aa virus
virus
 Detection
Detection module:
module: detects
detects programs
programs
that
that are
are already
already infected
infected
 Infection
Infection module:
module: copies
copies the
the virus
virus
code
code into
into non-infected
non-infected programs
programs
 Damage
Damage module:
module: contains
contains the
the malware
malware
proper
proper
 Conditions
Conditions module:
module: makes
makes the
the actions
actions
mentioned
mentioned dependent
dependent on on certain
certain
condition
condition
 Camouflage
Camouflage module:
module: tries
tries to
to avoid
avoid
39
detection
detection by
by antivirus
antivirus software
software 12/23/24
 Who Writes or creates Virus
Who
Who Writes
Writes Virus
Virus
 It
It is
is believed
believed that
that most
most virus
virus authors
authors are
are
young
young men men in
in their
their teens
teens or
or early
early twenties
twenties
who
who have have aa great
great deal
deal ofof technical
technical
knowledge
knowledge and and
 have
have decided
decided for
for various
various reasons
reasons toto use
use it
it
for
for destructive
destructive purposes
 Adolescents
Adolescents
purposes

 Ethically
Ethically normal
normal and
and of
of average/above
average/above
average
average intelligence.
intelligence.

 Tended
Tended to to understand
understand the the difference
difference
between
between what
what is
is right
right and
and wrong
wrong

 Typically
Typically do
do not
not accept
accept any
any responsibility
responsibility
40 for
for problems
problems caused
caused 12/23/24
 Who Writes or creates Virus
Who
Who Writes
Writes Virus
Virus
 The
The College
College Student
Student

 Ethically
Ethically normal
normal

 Despite
Despite expressing
expressing that
that what
what isis illegal
illegal is
is
“wrong”
“wrong”

 Are
Are not
not typically
typically concerned
concerned about
about the the
results
results of
of their
their actions
actions related
related to to their
their
 The
The Adult
virus
virus (smallest
(smallest category)
writing
Adult
writing category)

 Ethically
Ethically abnormal
abnormal

 System
System tester
tester

 They
They are
are delighted
delighted inin finding
finding aa way
way to to
insert
insert their
their code
code into
into places
places where
where others
others
41 12/23/24
might not find it
 Who Writes or creates Virus
Who
Who Writes
Writes Virus
Virus
 Punisher
Punisher

 To To “punish”
“punish” users
users for
for some
some perceived
perceived
violation;
violation;

For
For example,
example, toto punish
punish users
users of of illegal
illegal
copies
copies ofof software
software (software
(software pirates)
pirates)
 Troublemakers
Troublemakers

maybe
maybe just
just troubled
troubled individuals
individuals -- who
who want
want
to
to create
create damage
damage
 Revengers
Revengers

 Sometimes
Sometimes viruses,
viruses, Trojan
Trojan horses
horses or
or logic
logic
bombs
bombs are
are written
written by
by disgruntled
disgruntled
42
employees
employees or
or others
others who
who want
want to
to get
get back
back
12/23/24
 Who Writes or creates Virus
Who
Who Writes
Writes Virus
Virus
 Self
Self Challengers:
Challengers:

 Some
Some virus
virus writers
writers dodo it
it just
just to
to see
see if
if they
they
can
can go
go away
away with
with it;
it;

asas virus
virus detection
detection software
software gets
gets smarter,
smarter,
virus
virus writers
writers have
have toto employ
employ new new tricks
tricks to to
have
have their
their "products"
"products"

avoid
avoid notice
notice software
software (software
(software pirates)
pirates)
 Self
Self Teachers/Educators
Teachers/Educators

Writing
Writing viruses,
viruses, especially
especially ones ones smart
smart
enough
enough to to avoid
avoid detection,
detection, requires
requires aa great
great
deal
deal of
of technical
technical know-how;
know-how;

some
some people
people take
take up
up virus
virus writing
writing toto teach
teach
43 themselves
themselves how how to
to program
program at at aa low-level
12/23/24
low-level
 Antivirus
Anti-Virus
Anti-Virus
 There
There are
are

 Generic
Generic solutions
solutions
Ex.
Ex. Integrity
Integrity checking
checking

 Virus
Virus specific
specific solution
solution
Ex.
Ex. Looking
Looking for
for known
known viruses
viruses
 Three
Three categories
categories

 Scanners:
Scanners: to
to look
look for
for aa signature
signature (or
(or
pattern)
pattern) that
that matches
matches aa known
known virus
virus

 Activity
Activity monitors:
monitors: If
If the
the program
program behaves
behaves
in
in aa way
way consistent
consistent with
with virus
virus activity
activity

 Change
Change detection
detection software
software
44 12/23/24
 Antivirus
Anti-Virus
Anti-Virus

 Functions
Functions of
of anti-viruses
anti-viruses

 Identification
Identification of
of known
known viruses
viruses

 Detection
Detection of
of suspected
suspected viruses
viruses

 Blocking
Blocking of
of possible
possible viruses
viruses

 Disinfection
Disinfection of
of infected
infected objects
objects

 Deletion
Deletion and
and overwriting
overwriting of
of infected
infected
45 objects
objects 12/23/24
 Tips for Avoiding Viruses and
Spyware
Here
Here areare some
some tips
tips to
to avoid
avoid viruses
viruses
and spyware
Installspyware
and
 Install antivirus software: use reputable
antivirus software: use reputable
antivirus
antivirus and
and anti-spyware
anti-spyware software
software to
to scan
scan for
for
and
and remove
remove viruses
viruses and
and other
other malware.
malware. such
such as
as
McAfee,
McAfee, Norton,
Norton, Kaspersky,
Kaspersky, AVG,
AVG, etc.
etc.
 Update
Update software
software regularly:
regularly: keep
keep your
your antivirus
antivirus
and
and anti-spyware
anti-spyware software
software up
up to
to date,
date, as
as well
well
as
as your
your operating
operating system
system and and other
other
applications
applications
 Use
Use strong
strong passwords:
passwords: create
create complex
complex
passwords
passwords that
that are
are at
at least
least eight
eight characters
characters
long
long and
and useuse aa combination
combination of of letters,
letters,
numbers,
numbers, and
and special
special characters
characters
46
 Be
Be careful
careful with
with email:
email: don't
don't open,
open, view, or
view, 12/23/24
or
 Tips for Avoiding Viruses and
Spyware
Here
Here are
are some
some tips
tips to
to avoid
avoid viruses
viruses
and
and spyware
spyware
 Back up your data: regularly back up your data
Back up your data: regularly back up your data
to
to aa cloud
cloud storage
storage service
service oror external
external drive.
drive.
 Use
Use secure
secure Wi-Fi:
Wi-Fi: avoid
avoid using
using public
public Wi-Fi
Wi-Fi for
for
sensitive
sensitive transactions
transactions
 Be
Be wary
wary of of scams:
scams: learn
learn to to recognize
recognize phishing
phishing
emails
emails andand websites,
websites, andand let
let calls
calls from
from unknown
unknown
numbers
numbers go go to
to voicemail
voicemail
 Use
Use aa firewall:
firewall: use
use the
the built-in
built-in firewall
firewall onon your
your
operating
operating system
system oror aa hardware-based
hardware-based firewall.
firewall.
 Scan
Scan USB USB drives:
drives: before
before accessing
accessing or or saving
saving
data
data toto aa USB
USB drive,
drive, scan
scan itit to
to ensure
ensure it's
it's free
free of
of
malware
malware and and viruses.
viruses.
 Be
Be aware
aware alerts:
alerts: do
do not
not believe
believe “security
“security alerts”
alerts”
47 12/23/24
that are sent to you. For instance, Microsoft does
 Tips for Avoiding Viruses and
Spyware
Here
Here are
are some
some tips
tips to
to avoid
avoid viruses
viruses
and
and spyware
spyware
 Check
Check antivirus
antivirus websites
websites regularly;
regularly; You
You
can
can read
read more
more about
about any
any virus,
virus, past
past or
or
current,
current, at
at the
the following
following websites:
websites:
 www.f-secure.com/virus-info/virus-news/
www.f-secure.com/virus-info/virus-news/
 www.cert.org/nav/index_red.html
www.cert.org/nav/index_red.html
 http://securityresponse.symantec.com/
http://securityresponse.symantec.com/
 http://vil.nai.com/vil/
http://vil.nai.com/vil/
48 12/23/24
 Computer Security Attacks
What
What is
is ⇒ Next
Next Lesson
Lesson
Attack?
Attack? …
…
Note:
Note:
Most
Most of
of the
the time
time the
the terms
terms threat
threat and
and attack
attack
are
are commonly
commonly used used to
to mean
mean more
more or
or less
less the
the
same
same thing
thing
Threats
Threats and
and attacks
attacks are
are distinct
distinct but
but related
related
concepts.
concepts.
Attack
Attack
 isis
aa threat
threat that
that is
is being
being carried
carried out
out ⇒
⇒
Threat
Threat action
action

49 12/23/24
 Computer Security/Threats

Assignment
Assignment1:
1: Spoofing
SpoofingAttack
Attack
Brut
BrutForce
ForceAttack
Attack
•• From Malware
MalwareAttack
From the
the list
list select
select the
the Attack
one
one which
which starts
starts with
with your
your Virus/Worm
Virus/Worm Attack
Attack
name’s
name’s first
first letter
letter or
or SMURF
SMURFAttack
Attack
nearest.
nearest. SYN
SYNAttack
Attack
Trojan
TrojanHorse
Horse
•• Read
Read about
about these
these security
security Logic
LogicBomb
Bomb
attack
attack related
related keywords
keywords and and Ping
Pingof
ofDeath
Death
write a one page (maximum)
write a one page (maximum) Packet
PacketSniffing
Sniffing
summary
summary of of your
your findings
findings oror Eavesdropping
Eavesdropping
readings
readings including
including any any Cracking
Cracking
recorded
recorded history
history of
of Session
SessionHijacking
Hijacking
significant
significant damages
damages created
created War
by WarDialing
Dialing
bythese
theseattacks.
attacks. DoS/DDoS
DoS/DDoS
•• Send
Sendyour
yourreport
reportby
byemail in pdf
emailin pdf Blackout/
Blackout/Brownout
Brownout
format
format one
one day
day before
before the
the Serge/Spike
Serge/Spike
next Traffic
TrafficAnalysis
next class
class (Use
(Use your
your names
names Analysis
Submission
Submission
as Date: 15/11/2024
Date:name,
15/11/2024 Wire
WireTapping
50
as the
the file
file name, copied
copied Tapping
12/23/24
reports will not be marked ).
 Computer Security/Threats

1.
1.Define
Definetypes
typesofofthreats
Assignment
Assignment 2:
2: 2.
threats
2. How
How cancan we
we protect
protect ourour system
system
against
againstphishing
phishingattacks?
attacks?
•• Read
Read more
more and
and select
select 3.
3. To
To control
control access
access to to systems
systems
your
your best
best 55 question
question and data, what authentication
and data, what authentication
from
from thethe given
given 12 12 mechanisms
mechanismsare areused?
used?
questions
questions 4.
4. List
List the
the causes
causes of ofnon-physical
non-physical
threads.
threads.
5.
5. Compare
Compare and and contrast
contrast worms
worms
and
andviruses.
viruses.
•• NB:
NB: You
You can
can read
read as
as
6.
6. How
How to
secure?
to make
make youryour system
system
secure?
reference
reference any
any type
type of
of 7.
7. What
What areare the
the solutions
solutions toto the
the
material
material for
for Computer
Computer computer security threats?
computer security threats?
Security
Security course
course 8.
8. How
How many
many types
types of of computer
computer
security
securityattacks
attacksarearethere?
there?
9.
9. What
What are are the
the principles
principles of of
security?
security?
Submission
SubmissionDate:
Date: 15/11/2024
15/11/2024 10.
10. What
What are
are the
the primary
primary methods
methods
of security providing
of security providing computer computer
51 12/23/24
system protection?