Saturday 7 October 2017

Cyber Attack Types and Malware Types



Cyber Attack Types and Malware



Malware, also called malicious code, is software designed to gain access to targeted computer systems, steal information or disrupt computer operations. There are several types of malware, the most important being computer viruses, network worms and Trojan horses, which are differentiated by the way in which they operate or spread.

A recent example of malwares ability to function as a tool for cyberespionage is Flame, also known as Flamer and Skywiper. Discovered in 2012, it can record keyboard activity and network traffic as well as screenshots, audio and video communications such as Skype. Once collected, the recorded information is sent to various control servers, and a “kill command is launched to wipe all traces of the malware from the computer.

The computer worm known as Stuxnet highlights malwares potential to disrupt supervisory control and data acquisition (SCADA) systems and programmable logic controllers (PLCs), typically used to automate mechanical processes in factory settings or power plants. Discovered in 2010, Stuxnet was used to compromise Iranian nuclear systems and software. It has three components:

1. A worm that carries out routines related to the payload
2. A link file that propagates copies of the worm
3. A rootkit that hides malicious processes to prevent detection

Other common types of malware include:

VirusesA computer virus is a piece of code that can replicate itself and spread from one computer to another. It requires intervention or execution to replicate and/or cause damage.

network wormA variant of the computer virus, which is essentially a piece of self-replicating code designed to spread itself across computer networks. It does not require intervention or execution to replicate.

Trojan horsesA further category of malware is the Trojan horse, which is a piece of malware that gains access to a targeted system by hiding within a genuine application. Trojan horses are often broken down into categories reflecting their purposes.

botnetsA botnet (a term derived from “robot network”) is a large, automated and distributed network of previously compromised computers that can be simultaneously controlled to launch large-scale attacks such as denial-of-service (DoS).

A number of further terms are also used to describe more specific types of malware, characterized by their purposes. They include:

SpywareA class of malware that gathers information about a person or organization without the knowledge of that person or organization.

Adware—Designed to present advertisements (generally unwanted) to users.


RansomwareA class of extortive malware that locks or encrypts data or functions and demands a payment to unlock them.

keyloggerA class of malware that secretly records user keystrokes and, in some cases, screen content.

RootkitA class of malware that hides the existence of other malware by modifying the underlying operating system.

Other Attack Types
In addition to malware, there are many other types of attacks. The MITRE Corporation publishes a catalogue of attack patterns known as Common Attack Pattern Enumeration and Classification (CAPEC) as “an abstraction mechanism for helping describe how an attack against vulnerable systems or networks is executed. Some of the most common attack patterns are listed below.

Advanced persistent threats—Complex and coordinated attacks directed at a specific entity or organization. They require an enormous amount of research and time, often taking months or even years to fully execute.

backdoorA means of regaining access to a compromised system by installing software or configuring existing software to enable remote access under attacker-defined conditions.

brute force attack—An attack made by trying all possible combinations of passwords or encryption keys until the correct one is found.

buffer overflow—Occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information—which has to go somewhere—can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.

Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes type of security attack on data integrity.

Cross-site scripting (XSS)A type of injection in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

Denial-of-service (DoS) attack—An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate.

Man-in-the-middle attack—An attack strategy in which the attacker intercepts the communication stream between two parts of the victim system and then replaces the traffic between the two components with the intruders own, eventually assuming control of the communication.

Social engineering—Any attempt to exploit social vulnerabilities to gain access to information and/or systems. It involves a “con game that tricks others into divulging information or opening malicious software or programs.

phishingA type of electronic mail (email) attack that attempts to convince a user that the originator is genuine, but with the intention of obtaining information for use in social engineering.

Spear phishing—An attack where social engineering techniques are used to masquerade as a trusted party to obtain important information such as passwords from the victim.

SpoofingFaking the sending address of a transmission in order to gain illegal entry into a secure system.

Structure Query language (SQl) injection—According to MITRE, SQL injection results from failure of the application to appropriately validate input. When specially crafted user-controlled input consisting of SQL syntax is used without proper validation as part of SQL queries, it is possible to glean information from the database in ways not envisaged during application design.

Zero-day exploitA vulnerability that is exploited before the software creator/vendor is even aware of its existence.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)