Saturday, July 27, 2019

Week 8: Computer Worm

We are going to discuss Computer Worms and some different computer worms types and steps to prevent our systems from those worms.

Computer worms
Computer worms are malicious code that self replicates itself in the system or network and spreads across different computer systems. Computer worms are often invisible to the user and identified only when there is computer slowdowns or blocks opening up of the other tasks. It usually gets through the security vulnerabilities of the OS or the software.

Different Computer worms
Email Worms: Email worms are the most worms where it spreads through a link or attachments, and when it clicked or downloaded, it will infect the systems. After installing the worm, it will pick up the host email address from system user without the user's knowledge and sends email to the other host.

Internet worms: Internet worms use the internet of the infected system to scan any open vulnerabilities available on the connected local machines. It usually happens when there are security vulnerabilities exists in the OS and device using the OS needs patch or upgrades.

Instant message worms: These worms are more similar to the email worms. The infected worms will use the user's instant messaging contacts or chat room contacts and sends the malicious link to all the contacts without the user's knowledge.

Steps for preventing those worms:
1. Avoid clicking on the malicious email link or attachments. Verify the sender and scan the email attachments with antivirus.
2. Always update the system or OC with latest versions and keep patches updates to-date, as vulnerabilities are the most route for worms to spread.
3. Monitor the system performance and memory space, and run the system scanning for virus scanning periodically as the worms slowdowns the system.

References:
Kirk Reem(n.d). Different Types of Computer Worms. Retrieved from https://www.techwalla.com/articles/how-to-remove-a-script-virus

 What is a computer worm, and how does it work?. Retrieved from https://us.norton.com/internetsecurity-malware-what-is-a-computer-worm.html

Sunday, July 21, 2019

Week 7: Spyware

This week we are going to discuss the Spyware and conventional spyware methods and how to prevent our systems from those attacks.

Spyware:
Spyware is a malicious code or software that gets installed in the system without user's knowledge and transfers the sensitive information of the user to the attackers or sometimes used to track our internet usage and personal details without our knowledge and sells that info to the advertisers. Its a most common threat where most of the internet users get affected unknowingly.

Let's see some common types of spyware

Adware:  Adware is most common among the spyware which comes in the sidebar when you visit any websites. It displays the advertisement related to the search you recently used but figuring out which is the trusted one or malicious is not that easy for the internet users.

Trojans: Trojan is the malicious software where it acts as legitimate software and makes a user to download it in their system. Later on, slowly it harvests the sensitive information of the user such as banking passwords or social security number without user knowledge.

Keyloggers: Keyloggers are the system monitors where it captures all the information the user performs in the system such as search history, website visited, chat room discussion, and emails. They sometimes even capture the printed documents and transfers those details to the attackers.

Tracking Cookies: Using browser cookies, attackers will able to gain access to the user's browser usage's and sensitive information and histories of the page visited.

Techniques to prevent spyware:
1. Install an antivirus and have updated patches and schedule auto-scanning at least once in a week.
2. Add ad-blockers in the browser to avoid unwanted ads from getting displayed in the page visited.
3. Don't download any freeware from untrusted parties on the internet.
4. Don't click or download attachments from the suspected email links.

References:
What is spyware? And how to remove it. Retrieved from https://us.norton.com/internetsecurity-how-to-catch-spyware-before-it-snags-you.html

Spyware. Retrieved from https://www.malwarebytes.com/spyware/

Sunday, July 14, 2019

Week 6: Distributed Denial of Service

We are going to discuss Distributed Denial of Service(DDOS) this week and some frequent DDOS attacks performed by the hackers and techniques on how to tackle them.

Distributed denial of service
Distributed denial of service(DDOS) is a method to disturb and block the traffic of the site or network by over flooding with unwanted traffic signal from the multiple compromised systems. It makes it worse by bringing down the entire server. In recent days, due to the security vulnerability of the IoT devices where its comes with default password are very to prone to use as the comprosied device for the DDOS attack. DDOS attacked are performed for financial gain by competitors, or to reduce the reputation of the company.

Common types of DDOS attack

UDP Flood: User data protocol flood is an attack that immerses the targeted server with multiple UDP packets. The targeted server thinks that they are a legitimate request, so it checks and responds to the UDP packets, and by the time it blocks the service of the real user.

Ping (ICMP) flood: Ping flood is similar to UDP flood wherein Ping (ICMP) flood the attacker uses the Internet Control Message Protocol(ICMP) packages for the targeted server. In this type of the attack, the server responding have a bandwidth of both incoming and outgoing request, and Ping(ICMP) flood won't give time for the server to respond for both requests and making it unavailable for the actual users.

HTTP flood: HTTP flood is the typical technique used by hackers as most of the internet sites are operated on mainly on the HTTP get or HTTP post. Also, it's more complex to mitigate as compare to the other attacks as its very difficult to identify which one is a legitimate request

Methods to mitigate the DDOS attacks:
Eliminating the DDOS attack is not entirely possible, but reducing the DDOS attack and running back the server to normal mode is possible.

1) Have an updated antivirus software on the computer- Because it will prevent the individual system from becoming bot for the attacker.

2) Have a captcha technique for login or account creation services, as it reduces the attack of network traffic from infected IOT devices.

3) Change the default passwords of the IoT devices installed in your organizations.

References:
What is a DDoS Attack?.  Retrieved from https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/.

DDoS Attacks. Retrieved from https://www.imperva.com/learn/application-security/ddos-attacks/







Thursday, July 4, 2019

Week 5: Social Engineering

This week we are going to discuss the social engineering attack and some standard methods and techniques used and how to safeguards ourselves from those attacks.

Social Engineering: Social engineering is a technique to trick someone emotionally to gain access to the confidentiality of the information or gaining access to the office building. A most common example would be calling the customer care by posing as the spouse of the account holder and gets confidential information by tricking care agents that they got into some kind of emergencies and need the password to unlock the account immediately. It's the most legacy technique that exists for a very long time and still used to be a successful trick for many attackers without much investment.

Let's see some common social engineering technique.

1. Vishing: Voice over phishing is called vishing. Its most frequently used social engineering method where the attackers call like trusted companies and attempts to gain confidential information or intention to earn some money from the customer.  For example, I used to get call often that my car warranty is about to expire and would I like to extend it or not although I brought a new car and its just two months old. I rejected several times and asked to remove my name from caller list but still, I'm getting calls at least four times in a week.

2. Social Networking sites: After the boom of social networking sites like facebook, linked-in, twitter, anyone can get personal and professional information about the persons and trick them in gaining confidential by knowing their likes or emotional weakness.

3. Email Hacking: Getting an email from hacked friend's email account with downloadable attachments that is malicious to our computer systems.

How do we prevent those attacks?

Self-awareness- Before opening up an email or responding to any calls, and providing confidential information, analyze the source and trust of it.

Limit uploading all the information to the social networking sites and have them protected instead of making it as public and available for everyone.

Have updated and latest antivirus installed in your system. It helps in identifying malicious attachment and downloads on the internet.

References:
George V. Hulme and Joan Goodchild ( 2017, August 17).What is social engineering? How criminals exploit human behavior. Retrieved from https://www.csoonline.com/article/2124681/what-is-social-engineering.html