Malware: Impact and Evolution
Virus - Non-autonomous program that replicates and spreads itself by infecting systems, programs or files Worm - Code that is able to replicate and spread autonomously through systems and networks Trojan Horse - A program containing unexpected hidden functionality, potentially operating alongside expected behaviour Spyware - Parasitic software that invades users privacy by gathering information
Cyber Essentials
Technical Controls
- Firewall
- Secure Configuration
- Security update management
- User access control
- Malware protection
Wider Cybercrime content
- Attacks against systems, devices and/or data come in many guises:
- e.g. DoS. hacking, identity theft, malware, phishing, ransomware, spyware, Trojans, viruses
- Fundamentally, for it to count as a cybercrime, it needs to be breaking a law - otherwise its abuse, misuse
Computer-focused crimes - Cases in which the category of crime has emerged as a result of computing technology and there is now direct parallel in other sectors. Computer-assisted crimes - Cases in which the computer is used in a supporting capacity, but the underlying crime of offence either predates the emergence of computers or could be committed without them. Cyber-dependent crimes - DDoS, malware Cyber-enabled crimes - Fraud, phishing, scams
Fundamentals and their evolution
Infection - Reflects how and where users are likely to come into contact with malware. Payload - Determines what the malware will actually do and represents the most variable (least predictable) aspect of behaviour. Defence - The ability of the malware to ability to safeguard itself against detection and removal.
Infection
- Email attachments
- P2P file sharing
- Social Media
Payload
SCA Virus
- Swiss cracking association
- Boot sector virus
- Displayed a message after every 15th reset Byte Bandit
- Boot sector
- Activates after at least 2 resets and 6 infections of other disks
- 7-min countdown to locking the computer WannaCry
- Example of crypto ransomware
- Infection of 200,000 computers across 150 countries
- Notable victim was the NHS
Defence
Brain Virus
- Intercepted any attempts to read the infected boot sector
- If anyone tried to inspect the disk, they would be presented with a copy of the original, uninfected boot sector Gaobot Worm
- Blocked access to 35 security-related sites and had a list of over 420 processes that it tried to terminate Shifu Trojan
- Banking Trojan which affected Japanese banks and financial instructions
- Based upon techniques reused from a variety of previously detected malware
- Included its own anti-malware module to ward off other banking Trojans and ensure that it retains control of the compromised systems.