Lake Point Consulting Services (LPCS) provides security consulting and assurance

Question

Lake Point Consulting Services (LPCS) provides security consulting and assurance services to over 500 clients across a wide range of enterprises in more than 20 states. A new initiative at LPCS is for each of its seven regional offices to provide internships to students who are in their final year of the information security degree program at the local college.

Manna is a regional bakery and café. Although Manna has used an outside security consultant to help their small IT team with security they nevertheless have been the victims of several attacks over the last two quarters. Manna decided not to renew the consultant's contract and has now turned to LPCS for assistance. While LPCS is performing an audit and evaluating the enterprise's current security position, LPCS has asked you to conduct a presentation about malware to the staff of three of Manna's retail sites during their annual regional meeting.

1. Create a PowerPoint presentation that lists 15 different types of malware and defines each type in detail regarding what the malware can do, how it spreads, its dangers, etc. Your presentation should contain at least 10 slides.

2. After your presentation, it is apparent that some of the attacks were the result of social engineering. Manna has asked you to create a one-page "cheat sheet" that describes social engineering attacks and how they may be performed, including a list of practical tips to resist these attacks. This sheet paper will be posted in the stores in which employees can make quick reference to when necessary. Create the paper for Manna, using a format that is easy to reference.

Explanation / Answer

Malware, short for "malicious software," is any software that you don't want to have on your computer or mobile device. Malware can be classified several ways in order to distinguish the unique types of malware from each other. Distinguishing and classifying different types of malware from each other is important to better understanding how they can infect computers and devices, the threat level they pose and how to protect against them.

Adware is a type of malware that downloads or displays advertisements to the device user. Usually, it doesn't steal any data from the system; it is more of an irritant in that it forces users to see ads that they would rather not have on their system. Some particularly irritating forms of adware generate browser pop-ups that cannot be closed. Users sometimes unknowingly infect themselves with adware that is installed by default when they download and install other applications.

How to defend against adware

Install an anti-malware solution that includes anti-adware capabilities. Disable pop-ups on your browsers and pay attention to the installation process when installing new software, making sure to un-select any boxes that will install additional software by default.

A backdoor is a secret way to get into your device or network. Often, device or software manufacturers create backdoors into their products either intentionally so that company personnel or law enforcement will have a way to break into the system or unintentionally through sloppy coding practices. Backdoors can also be installed by other types of malware, such as viruses or rootkits.

How to defend against a backdoor

Backdoors are among the hardest types of threats to defend against. Experts say the best defense is a multi-pronged security strategy that includes a firewall, anti-malware software, network monitoring, intrusion prevention and detection, and data protection.

In general terms, a bot is software that performs an automated task, and many bots can be helpful. For example, bots crawl the Internet and index pages for search engines and chatbots sometimes answer customer service questions on corporate websites.However, when discussing IT security, the word bot usually refers to a device that has been infected with malicious software that causes it to do something harmful, usually without the owner's knowledge or permission. A botnet is a large group of these bots all focused on the same task. Attackers often use botnets to send out spam or phishing campaigns or to carry out distributed denial of service (DDoS) attacks against websites. Recently, attackers have begun incorporating Internet of Things (IoT) devices into their botnet attacks.

How to defend against a botnet

Organizations can help prevent their computers from becoming part of a botnet by installing anti-malware software, using firewalls, keeping software up-to-date and forcing users to use strong passwords. In addition, network monitoring software can be helpful in determining when a system has become part of a botnet. Also, you should always change the default passwords for any IoT devices you install.

A browser hijacker, also sometimes called "hijackware," changes the behavior of your Web browser, for example, by sending you to a new search page, changing your home page, installing unwanted toolbars, directing you to sites you did not intend to visit and displaying unwanted ads. Attackers often make money from this type of malware through advertising fees. They may also use the hijacked browser to direct you to websites that download more malware onto your system.

How to defend against a browser hijacker

Be very careful when installing new software on your system, because many browser hijackers piggyback alongside wanted software, much like adware does. Also, install and run anti-malware software on your system, and set your browser's security settings to a high level.

Bug is a very generic term for a flaw in a piece of code. All software has bugs, and most are unnoticed or are only mildly irritating. Sometimes, however, a bug represents a serious security vulnerability, and using software with this type of bug can open your system up to attacks.

How to defend against bugs

The best way to prevent an attack that exploits a security vulnerability in your software is to keep all your software up-to-date. When they know about a vulnerability, software vendors usually release a patch very quickly in order to prevent damage to customers' systems.Organizations that want to prevent security bugs in the software that they are writing should follow secure coding practices and patch any bugs as soon as possible. They may also want to offer bounties to researchers who find security flaws in their products.

Some vendors use the term "crimeware" to refer to malware that is used to commit a crime, usually a crime that results in financial gain for the attacker. Much like malware, it is a very broad category that encompasses a wide variety of malicious software.

How to defend against crimeware

To protect your systems from crimeware, you should follow security best practices, including using anti-malware, firewalls, intrusion prevention and detection, network and log monitoring, data protection and possibly security information and event management (SIEM) and security intelligence tools. You should also use strong passwords, never reuse passwords and update your passwords regularly.

A keylogger records all of the keys that a user touches, including emails and documents typed and passwords entered for authentication purposes. Usually, attackers use this type of malware to obtain passwords so that they can break into networks or user accounts. However, employers also sometimes use keyloggers to determine if their employees are engaged in any criminal or unethical behavior on company systems.

How to defend against a keylogger

Good password hygiene is one of the best ways to prevent or mitigate the damage caused by a keylogger. Using strong passwords that you update regularly can go a long way towards keeping you safe. In addition, you should also use a network firewall and an anti-malware solution.

Not all of the apps available through Apple's App Store and Google Play are desirable, and the problem is even more acute with third-party app stores. While the app store operators try to prevent malicious apps from becoming available, some inevitably slip through. These apps can steal user information, attempt to extort money from users, attempt to gain access to corporate networks accessed with the device, force users to view unwanted ads or engage in other types of unwanted activity.

How to defend against malicious mobile apps

User education is one of the most powerful tools for preventing malicious mobile apps because users can avoid much of this malware simply by avoiding third-party app stores and being careful when downloading new apps onto their mobile devices. Mobile anti-malware can also help prevent the problem.Organizations can prevent malicious apps from threatening their networks by creating strong mobile security policies and by deploying a mobile security solution that can enforce those policies.

Phishing is a type of email attack that attempts to trick users into divulging passwords, downloading an attachment or visiting a website that installs malware on their systems. Spear phishing is a phishing campaign targeted at a very specific user or organization.

How to defend against phishing

Because phishing relies on social engineering (the security term for tricking someone into doing something), user education is one of the best defenses against these attacks. Users should deploy anti-spam and anti-malware solutions, and they should be warned not to divulge personal information or passwords in email messages. In addition, they should be cautioned about downloading attachments or clicking website links in messages, even if they appear to come from a known source, because phishing attackers often pretend to be a company or person known to the victim. Email is also usually how ransomware works.

RAM scraper malware harvests data that is being temporarily stored in a system's memory, or RAM. This type of malware often targets point-of-sale (POS) systems like cash registers because they store unencrypted credit card numbers for a very brief (often only milliseconds) period of time before passing the encrypted numbers to back-end systems. RAM scrapers have been around a long time, but they have been getting more attention since the Target attack that compromised the data of 40 million customers.

How to defend against RAM scrapers

Organizations can help prevent RAM scraper attacks by using hardened POS systems that are difficult to attack. They should also keep their payment-related systems separate from non-payment systems. And of course, they should also take the usual security precautions, such as anti-malware software, firewalls, data encryption, etc., and comply with any relevant standards or regulations for protecting customer data.

In recent years, ransomware has quickly become one of the most prevalent types of malware. In fact, Malwarebytes reports that incidents of ransomware increased 267 percent between January 2016 and November 2016. The most common malware variants lock up a system, preventing any work from being done until the victim pays a ransom to the attacker. Other forms of ransomware threaten to publicize embarrassing information, such as a user's activity on adult websites, unless he or she pays a ransom.

How to defend against ransomware

Often organizations can mitigate ransomware attacks by having up-to-date backups. If their files become locked, they can simply wipe the system and reboot from the backup. In addition, organizations should train users about the threat, patch their software as necessary and install all the usual security solutions. However, some types of ransomware have proven so difficult to remove that many organizations and individuals have resorted to paying the ransom.

Rogue security software is often described as a form of ransomware or scareware. It tricks users into thinking that their system has a security problem and entices them to pay for a fake security tool to remove the problem. In actuality, the fake security software often installs more malware onto their systems.

How to defend against rogue security software

As with most other forms of malware, you can prevent most rogue security software from being installed on your system by using a firewall and anti-malware solution and by being careful when clicking on links or attachments in email messages. Also, organizations should educate users about the threat as rogue security software attackers have become particularly good at social engineering.

Rootkits are one of the most insidious kinds of malware because they allow attackers to have administrator-level access to systems without the users' knowledge. Once an attacker has root access to a system, he or she can do almost anything they want with the system, including recording activity, changing system settings, accessing data and mounting attacks on other systems. The well-known Stuxnet and Flame attacks were both examples of rootkits.

How to defend against a rootkit

You can prevent most rootkit infections by installing appropriate security software (anti-malware, firewall, log monitoring, etc.) and by keeping your operating system and other software up-to-date with patches. In addition, you should be careful when installing any software on your system and when clicking email attachments or links. If a rootkit infects your system, it can be nearly impossible to detect and remove; in many cases you may have to wipe your hard drive and start over from scratch to get rid of it.

In IT security, spam is unwanted email. Usually, it includes unsolicited advertisements, but it can also include attempts at fraud or links or attachments that would install malware on your system.

How to defend against spam

Most email solutions or services include anti-spam features. Using these capabilities is the best way to prevent spam from showing up on your systems.

Spyware is any type of software that gathers information about someone without their knowledge or consent. For example, website tracking cookies that monitor a user's Web browsing can be considered a form of spyware. Other types of spyware might attempt to steal personal or corporate information. Sometimes government agencies and police forces use spyware to investigate suspects or foreign governments.

How to defend against spyware

You can install anti-spyware software on your computer, and anti-spyware capabilities are included in many anti-virus or anti-malware packages. You should also use a firewall and take care when installing software on your system.

In ancient Greek mythology, Greek troops hid themselves inside a wooden horse outside the city of Troy. When the Trojans brought the horse inside their walls, the Greeks attacked and defeated them. In computer security, a Trojan horse, sometimes called a Trojan, is any malware that pretends to be something else but really serves a malicious purpose. For example, a Trojan might appear to be a free game, but once it is installed it might destroy your hard drive, steal data, install a backdoor or take other harmful actions.

How to defend against a Trojan horse

Because Trojans incorporate social engineering, it is imperative to educate users about the threat. Users should also be careful when installing new software on their systems or when clicking email links and attachments. In addition, organizations can prevent many Trojans with security software, such as anti-malware software and firewalls.

Sometimes people use the words "virus" and "malware" interchangeably, but a virus is actually a very specific kind of malware. In order to be considered a virus, the malware must infect another program and attempt to spread itself to other systems. The virus also usually (but not always) performs some sort of undesirable activity on the systems it infects, such as incorporating systems into a botnet, sending spam, stealing credit card information or passwords, or locking the system.

How to defend against a virus

Every Internet-connected system should have anti-virus software installed, and users should keep the anti-virus protection up-to-date. You should also deploy a firewall and use care when clicking on email attachments or Web links.

A worm is very similar to a virus because it spreads itself, but unlike a virus, it doesn't infect other programs. Instead, it is a standalone piece of malware that spreads from one system to another or from one network to another. It can cause similar types of damage to the infected system as viruses do.

How to defend against a worm

As with viruses, the best way to prevent worm infections is with the use of anti-virus or anti-malware software. And as always, users should only click on email links or attachments when they are certain of the contents.

SOCIAL ENGINEERING ATTACK TECHNIQUES

Social engineering attacks come in many different forms and can be performed anywhere where human interaction is involved. The following are the five most common forms of digital social engineering assaults.

Baiting

As its name implies, baiting attacks use a false promise to pique a victim’s greed or curiosity. They lure users into a trap that steals their personal information or inflicts their systems with malware.

The most reviled form of baiting uses physical media to disperse malware. For example, attackers leave the bait—typically malware-infected flash drives—in conspicuous areas where potential victims are certain to see them (e.g., bathrooms, elevators, the parking lot of a targeted company). The bait has an authentic look to it, such as a label presenting it as the company’s payroll list.

Victims pick up the bait out of curiosity and insert it into a work or home computer, resulting in automatic malware installation on the system.

Baiting scams don’t necessarily have to be carried out in the physical world. Online forms of baiting consist of enticing ads that lead to malicious sites or that encourage users to download a malware-infected application.

Scareware

Scareware involves victims being bombarded with false alarms and fictitious threats. Users are deceived to think their system is infected with malware, prompting them to install software that has no real benefit (other than for the perpetrator) or is malware itself. Scareware is also referred to as deception software, rogue scanner software and fraudware.

A common scareware example is the legitimate-looking popup banners appearing in your browser while surfing the web, displaying such text such as, “Your computer may be infected with harmful spyware programs.” It either offers to install the tool (often malware-infected) for you, or will direct you to a malicious site where your computer becomes infected.

Scareware is also distributed via spam email that doles out bogus warnings, or makes offers for users to buy worthless/harmful services.

Pretexting

Here an attacker obtains information through a series of cleverly crafted lies. The scam is often initiated by a perpetrator pretending to need sensitive information from a victim so as to perform a critical task.

The attacker usually starts by establishing trust with their victim by impersonating co-workers, police, bank and tax officials, or other persons who have right-to-know authority. The pretexter asks questions that are ostensibly required to confirm the victim’s identity, through which they gather important personal data.

All sorts of pertinent information and records is gathered using this scam, such as social security numbers, personal addresses and phone numbers, phone records, staff vacation dates, bank records and even security information related to a physical plant.

Phishing

As one of the most popular social engineering attack types, phishing scams are email and text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims. It then prods them into revealing sensitive information, clicking on links to malicious websites, or opening attachments that contain malware.

An example is an email sent to users of an online service that alerts them of a policy violation requiring immediate action on their part, such as a required password change. It includes a link to an illegitimate website—nearly identical in appearance to its legitimate version—prompting the unsuspecting user to enter their current credentials and new password. Upon form submittal the information is sent to the attacker.

Given that identical, or near-identical, messages are sent to all users in phishing campaigns, detecting and blocking them are much easier for mail servers having access to threat sharing platforms.

Spear phishing

This is a more targeted version of the phishing scam whereby an attacker chooses specific individuals or enterprises. They then tailor their messages based on characteristics, job positions, and contacts belonging to their victims to make their attack less conspicuous. Spear phishingrequires much more effort on behalf of the perpetrator and may take weeks and months to pull off. They’re much harder to detect and have better success rates if done skillfully.

A spear phishing scenario might involve an attacker who, in impersonating an organization’s IT consultant, sends an email to one or more employees. It’s worded and signed exactly as the consultant normally does, thereby deceiving recipients into thinking it’s an authentic message. The message prompts recipients to change their password and provides them with a link that redirects them to a malicious page where the attacker now captures their credentials.

SOCIAL ENGINEERING PREVENTION

Social engineers manipulate human feelings, such as curiosity or fear, to carry out schemes and draw victims into their traps. Therefore, be wary whenever you feel alarmed by an email, attracted to an offer displayed on a website, or when you come across stray digital media lying about. Being alert can help you protect yourself against most social engineering attacks taking place in the digital realm.

Moreover, the following tips can help improve your vigilance in relation to social engineering hacks.

Related Questions

Navigate

• Browse (All)
• Browse L
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.