In Information security threats can in many forms: software attacks, theft of intellectual property, identity theft, theft of equipment or information, sabotage, and information extortion. This page contains a great deal of important information. There is a similar article by Cisco that covers these same topics, it may be a bit more up to date. Find it at: "What Is the Difference: Viruses, Worms, Trojans, and Bots?"
A threat can be anything that can take advantage of a vulnerability to breach security and negatively alter, erase, harm object or objects of interest.
Software attacks means attack by Viruses, Worms, Trojan Horses etc. Many users believe that malware, virus, worms, bots are all same things. But they are not the same, the only similarity is that they are all malicious software.
Malware is a combination of 2 terms, Malicious and Software. So Malware basically means malicious software that can be an intrusive program code or a anything that is designed to perform malicious operations on system.
The best-known types of malware, viruses and worms, are known for the manner in which they spread, rather than any specific types of behavior.
- Virus – A computer virus is software usually hidden within another seemingly innocuous program that can produce copies of itself and insert them into other programs or files, and that usually performs a harmful action (such as destroying data). An example of this is a PE infection, a technique, usually used to spread malware, that inserts extra data or executable code into PE files.
- Worm - a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will use this machine as a host to scan and infect other computers. When these new worm-invaded computers are controlled, the worm will continue to scan and infect other computers using these computers as hosts, and this behavior will continue. Computer worms use recursive methods to copy themselves without host programs and distribute themselves based on the law of exponential growth, thus controlling and infecting more and more computers in a short time. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
- Trojan horse - is a harmful program that misrepresents itself to masquerade as a regular, benign program or utility in order to persuade a victim to install it. A Trojan horse usually carries a hidden destructive function that is activated when the application is started. The term is derived from the Ancient Greek story of the Trojan horse used to invade the city of Troy by stealth.
Trojan horses are generally spread by some form of social engineering, for example, where a user is duped into executing an e-mail attachment disguised to be unsuspicious, (e.g., a routine form to be filled in), or by drive-by download. Although their payload can be anything, many modern forms act as a backdoor, contacting a controller (phoning home) which can then have unauthorized access to the affected computer, potentially installing additional software such as a keylogger to steal confidential information, cryptomining software or adware to generate revenue to the operator of the trojan. While Trojan horses and backdoors are not easily detectable by themselves, computers may appear to run slower, emit more heat or fan noise due to heavy processor or network usage, as may occur when cryptomining software is installed. Cryptominers may limit resource usage and/or only run during idle times in an attempt to evade detection.
Unlike computer viruses and worms, Trojan horses generally do not attempt to inject themselves into other files or otherwise propagate themselves.
In spring 2017 Mac users were hit by the new version of Proton Remote Access Trojan (RAT) trained to extract password data from various sources, such as browser auto-fill data, the Mac-OS keychain, and password vaults.
- Bots – can be seen as advanced form of worms. They are automated processes that are designed to interact over the internet without the need of human interaction. They can be good or bad. Malicious bot can infect one host and after infecting will create connection to the central server which will provide commands to all infected hosts attached to that network called Botnet.
Malware is referenced by several terms, depending on how it operates within the larger categories specified above. Below is a short description of many of the most well known types of malware.
- Adware – is not exactly malicious but it can breach the privacy of a user. Adware displays ads on computer’s desktop or inside individual programs. They often come attached with free software downloaded from a variety os web sites. They monitor the sites the user visits, determines those topics of interest to the user, and then display relevant ads. An attacker can embed malicious code inside the software and adware can monitor your system activities and can even compromise your machine.
- Spyware – is software that monitors the users activity on computer and provides the collected information to a pre-determined adversary. Spyware are generally dropped by Trojans, viruses or worms. Once dropped they installs themselves and sits silently to avoid detection.
One of the most common example of spyware is KEYLOGGER. The basic job of keylogger is to record user keystrokes with timestamp. Thus capturing interesting information like username, passwords, credit card details etc.
- Ransomware – is a type of malware that will either encrypt your files or will lock your computer making it inaccessible either partially or wholly. A message will be displayed asking for money as ransom in exchange for the key to enable the user to unlock the computer.
- Scareware – masquerades as a tool to help fix your system but when the software is executed it will infect your system or completely destroy it. The software will display a message to frighten you and force to take some action like pay them to fix your system.
- Rootkits – are designed to gain administrative privileges in the user's system. Once administrative access is gained, the adversary access to all data and files, allowing them to veiw, download or destroy whatever the adversary wants.
- Zombies – work similar to Spyware. The infection mechanism is the same but zombies can sit dormant waiting for the adversary to issue commands or perhaps waiting for a specific task to be completed by the user themselves.
No matter what they look like, or how they accomplish their work, malware is intent on disrupting or destroying data. The adversary is interested in one or more of the following:
- Theft of intellectual property means violation of intellectual property rights like copyrights, patents etc.
- Identity theft means to act someone else to obtain person’s personal information or to access vital information they have like accessing the computer or social media account of a person by login into the account by using their login credentials.
- Theft of equipment and information is increasing these days due to the mobile nature of devices and increasing information capacity.
- Sabotage means destroying company’s website to cause loss of confidence on part of its customer.
- Information extortion means theft of company’s property or information to receive payment in exchange. For example ransomware may lock victims file making them inaccessible thus forcing victim to make payment in exchange. Only after payment victim’s files will be unlocked.
With each day that passes there are new and more malicious threats. Below is the brief description of these new generation threats.
- Technology with weak security – With the advancement in technology, new technology gadgets are being released in the market, and most of them provide some sort of networking or remote access capabilities. Very few have any secure built in or have any thought about following information security principles.
- Social media attacks – the adversary identifies and infects a cluster of websites that persons of a particular organization visit, allowing the adversary to steal information.
- Mobile Malware – the reality is that malware is not limited to desktop/laptop systems. With the plethora of apps that are available from the mobile device app stores, there is a huge opportunity for user's to inadvertently download malware onto their mobile devices..
- Outdated Security Software – with new threats emerging everyday, updating a system with the latest patches, especially security patches should be a high priority in order to maintain a fully secured environment.
- Corporate data on personal devices – many organizations allow employees to "bring your own device" (BYOD). Devices like laptops, tablets, even the use of USB drives, and cloud storage in the workplace can create serious security breaches.
- Social Engineering – is the art of manipulating people so that they give up their confidential information like bank account details, password etc. These criminals can trick you into giving your private and confidential information or they will gain your trust to get access to your computer to install a malicious software- that will give them control of your computer. For example email or message from your friend, that was probably not sent by your friend. Criminal can access your friends device and then by accessing the contact list he can send infected email and message to all contacts. Since the message/ email is from a known person recipient will definitely check the link or attachment in the message, thus unintentionally infecting the computer. There is an AWESOME video example of social engineering - it is only about 3:00 minutes long. ( I apologize for the single curse word that is used right at the end of the video)