Malware & Common Attacks: Phishing, Ransomware, and Beyond | البرمجيات الخبيثة والهجمات الشائعة: التصيد والفدية وأكثر

9 - Malware and Common Attacks-arabic.pdf

Lesson Summary

Malware and Common Attacks

Understanding Threat Vectors, Techniques, and Prevention Strategies

  • Cybersecurity protection faces threats from malware and cyberattacks.
  • Understanding threats helps in anticipating and defending against attacks.
  • Knowledge of attacks is vital for various cybersecurity roles such as ethical hacker, security analyst, and system admin.
  • Effective defense depends on understanding attack tactics, which leads to better detection and mitigation of risks.

What is Malware?

  • Malware stands for malicious software designed to cause harm, including damage, unauthorized access, or disrupting operations.
  • Malware exists in many forms with different behaviors and delivery methods targeting systems in unique ways.
  • Malware is responsible for real-world losses and crises, which can lead to data loss, financial harm, and national incidents.

Viruses Explained

  • A virus attaches to legitimate programs and replicates when they run, spreading when infected files or programs are executed by users.
  • Viruses range from harmless to destructive, displaying messages, deleting files, or corrupting systems.

Worms and Their Impact

  • Worms replicate without user interaction, spread automatically across networks by exploiting vulnerabilities.
  • Notable worm outbreaks caused global disruptions like the 2001 Code Red and 2003 Blaster worms.
  • Worms spread rapidly due to their speed, leading to widespread damage before defenses can react.

Trojans Explained

  • Trojans disguise as legitimate programs to trick users, often appearing as free games or utilities to gain trust.
  • Once installed, Trojans provide backdoor access for attackers enabling remote control, data theft, or more malware installation.
  • Trojans are dangerous due to user deception and voluntary installation, where users install them believing they are safe programs.

Ransomware Threats

  • Ransomware encrypts files and demands payment for decryption, with victims often paying ransoms in cryptocurrency.
  • High-profile attacks target various organizations, like WannaCry and REvil affecting hospitals, governments, and businesses.
  • Ransomware spreads through phishing and vulnerable RDP connections, with some versions involving double extortion by stealing data first.

Other Malware Types: Spyware, Adware, Rootkits, Keyloggers

  • Spyware collects user activity and credentials secretly without user knowledge, whereas adware shows unwanted ads and redirects browsers, possibly to malicious websites.
  • Rootkits and keyloggers hide in systems and steal data, with rootkits avoiding detection and keyloggers capturing keystrokes.

Social Engineering and Phishing

  • Social engineering manipulates users into helping attackers by tricking people to bypass security, whereas phishing emails mimic trusted sources to steal information.
  • Attacks work by exploiting trust and creating urgency, making users act based on curiosity or fear without suspicion.

Phishing Variations: Spear Phishing, Whaling, Vishing, Smishing

  • Spear phishing targets specific individuals or roles for higher impact, while whaling targets high-profile figures like CEOs or CFOs with tailored scams.
  • Vishing and smishing use calls or SMS for attacks, creating urgency to prompt immediate action from users.

Brute-Force and Related Attacks

  • Brute-force attacks try all possible password combinations until successful, with advanced forms like dictionary and credential stuffing attacks using known passwords or leaked credentials to access systems.
  • Strong passwords, account lockouts, and policies defend against brute-force attacks, reducing risks of unauthorized access.

Case Studies

  • Small Business Ransom Attack: Email from a fake cloud provider led to a user clicking a malicious link, resulting in a Trojan and ransomware encrypting customer files due to weak security practices.
  • University Worm Outbreak: An unpatched print server vulnerability at a university allowed a worm to infect hundreds of machines overnight, emphasizing the importance of patch management.
  • Corporate Spear Phishing: Attackers used spear phishing to access administrator credentials, moving laterally to steal proprietary data and remaining undetected for months within the network.

Tools Used by Attackers and Defenders

  • Attackers and ethical hackers use

Complete and Continue