The question really is. How safe are you?
Well, contrary to popular belief, you are not safe with just antivirus software. Cyber-criminals, hackers, and unscrupulous businesses are constantly devising new ways to hijack your computer, capture your personal information or steal your money. At home or at work you are just as vulnerable. There is not any one protective measure you can employ, but there are ways to mitigate exposure and protect yourself and your business. You must secure yourself against the 20 Critical Security Controls by implementing those security measures.
Following are twelve of the most common security threats, classified by prevalence in descending order, and what you can do to protect yourself from them.
THREAT #1: VIRUS
Description: A virus is a piece of software that can replicate itself and infect a computer without the permission or knowledge of the user. A virus can only spread when it is transmitted by a user over a network or the Internet, or through removable media such as CDs or memory sticks. Viruses are sometimes confused with worms and Trojan horses, or used incorrectly to refer to malware.
Danger level: High
Prevalence: Extremely High
Worst case damage: Some viruses delete files, reformat the hard disk or cause other damage. Others only replicate themselves and may present text, video, or audio messages. While they are not designed to do damage, even these viruses take up memory and may cause erratic behavior, system crashes and loss of data.
Prevention, detection and removal: Antivirus software detects and eliminates known viruses. The two most common methods used to detect viruses are:
Using a list of virus signature definitions: the antivirus software examines files stored in memory or on fixed or removable drives and compares those against a database of known virus “signatures” e.g. source code patterns. This protection is only effective against known viruses and users must keep their signature files up-to-date in order to be protected.
Using a heuristic algorithm to detect viruses based on behavioral patterns: the advantage of this method is that it can detect viruses that were not previously known or for which a signature does not yet exist.
Apart from directly detecting and removing viruses, users can minimize damage by making regular backups of data and the operating system on different media. These backups should be kept disconnected from the system (most of the time), be read-only or not be accessible for other reasons (for instance because they use different file systems).
THREAT #2: SPAM / SPIM / SPIT
Description: SPAM is electronic junk email. The amount of spam has now reached 90 billion messages a day. Email addresses are collected from chat rooms, websites, and newsgroups and by Trojans which harvest users’ address books.
SPIM is spam sent via instant messaging systems such as Yahoo! Messenger, MSN Messenger and ICQ.
SPIT is Spam over Internet Telephony. These are unwanted, automatically-dialed, pre-recorded phone calls using Voice over Internet Protocol (VoIP).
Danger level: Low
Prevalence: Extremely High
Worst case damage: Spam can clog a personal mailbox, overload mail servers and impact network performance. On the other hand, efforts to control spam such as by using spam filters run the risk of filtering out legitimate email messages. Perhaps the real danger of spam is not so much in being a recipient of it as inadvertently becoming a transmitter of it. Spammers frequently take control of computers and use them to distribute spam, perhaps the use of a botnet. Once a user’s computer is compromised, their personal information may also be illegally acquired.
Prevention, detection and removal: ISPs attempt to choke the flood of spam by examining the information being sent and traffic patterns. User systems may use spam filters to screen out email messages with suspect titles or from suspect persons, as well email messages from blocked senders.
THREAT #3: SPOOFING, PHISHING AND PHARMING
Description: Spoofing is an attack in which a person or program masquerades as another. A common tactic is to spoof a URL or website (see phishing).
Phishing (pronounced “fishing”) is a common form of spoofing in which a phony web page is produced that looks just like a legitimate web page. The phony page is on a server under the control of the attacker. Criminals try to trick users into thinking that they are connected to a trusted site, and then harvest user names, passwords, credit card details and other sensitive information. eBay, PayPal and online banks are common targets. Phishing is typically carried out by email or instant messaging. The email message claims to be from a legitimate source but when the user clicks on the link provided, he or she lands on the fake web page.
Pharming (pronounced “farming”) is an attack in which a hacker attempts to redirect a website's traffic to another, bogus website. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real IP addresses — the servers are the “signposts” of the Internet.
Danger level: High
Prevalence: Extremely High
Worst case damage: Once personal information is acquired, spoofers, phishers or pharmers may use a person’s details to make transactions or create fake accounts in a victim’s name. They can ruin the victims’ credit rating or even deny the victims access to their own accounts.
Prevention, detection and removal: As spoofing, phishing, and to a lesser extent, pharming, rely on tricking users rather than advanced technology, the best way to handle these threats is through vigilance. Don’t open emails from unknown sources or click on links embedded in suspect messages. Check the security guidelines of websites such as PayPal so that you can distinguish between legitimate and bogus emails. Also, rather than clicking on the link embedded in an email, you can type the general link in your web browser (e.g. http://www.paypal.com).
THREAT #4: SPYWARE
Description: Spyware is software that is secretly installed on a computer without the user’s consent. It monitors user activity or interferes with user control over a personal computer.
Danger level: High
Worst case damage: Spyware programs can collect various types of personal information, such as websites visited, credit card details, usernames or passwords, as well as install other malware, redirect web browsers to malicious websites, divert advertising revenue to a third party or change computer settings (often leading to degraded or unstable system performance, slow connection speeds or different home pages).
Prevention, detection and removal: Anti-spyware programs can combat spyware in two ways:
1. Real-time protection: these programs work just like anti-virus software. They scan all incoming network traffic for spyware software and block any threats that are detected.
2. Detection and removal: users schedule daily, weekly, or monthly scans of their computer to detect and remove any spyware software that has been installed. These antispyware programs scan the contents of the Windows registry, operating system files, and programs installed on your computer. They then provide a list of threats found, allowing the user to choose what to delete and what to keep.
Some popular antispyware programs are Spybot - Search & Destroy, PC Tools’ Spyware Doctor, as well as commercial offerings from Symantec, McAfee, and Zone Alarm
THREAT #5: KEYSTROKE LOGGING (KEYLOGGING)
Description: A keylogger is a software program that is installed on a computer, often by a Trojan horse or virus. Keyloggers capture and record user keystrokes. The data captured is then transmitted to a remote computer.
Danger level: High
Worst case damage: While keyloggers will not damage your computer system per se, because they can capture passwords, credit card numbers and other sensitive data, they should be regarded as a serious threat.
Prevention, detection and removal: Currently there is no easy way to prevent keylogging. For the time being, therefore, the best strategy is to use common sense and a combination of several methods:
Monitoring which programs are running: a user should constantly be aware of which programs are installed on his or her machine.
Antispyware: antispyware applications are able to detect many keyloggers and remove them.
Firewall: enabling a firewall does not stop keyloggers per se, but it may prevent transmission of the logged material, if properly configured.
Network monitors: also known as reverse-firewalls, network monitors can be used to alert the user whenever an application attempts to make a network connection. The user may then be able to prevent the keylogger from transmitting the logged data.
Anti-keylogging software: keylogger detection software packages use “signatures” from a list of all known keyloggers to identify and remove them. Other detection software does not use a signature list, but instead analyzes the working methods of modules in the PC, and blocks suspected keylogging software. A drawback of the latter approach is that legitimate, non-keylogging software may also be blocked.
THREAT #6: ADWARE
Description: Adware is software which automatically plays, displays, or downloads advertisements to a computer. The adware runs either after a software program has been installed on a computer or while the application is being used. In some cases, adware is accepted by users in exchange for using software free-of-charge. Not all adware is innocuous, however. Some types of adware are also spyware and therefore a threat to privacy.
Danger level: Low
Worst case damage: Adware is relatively harmless unless it is spyware (see spyware). It can, however, cause degradation in system performance.
Prevention, detection and removal: As adware is also often spyware or malware, programs have been developed to detect, quarantine, and remove both spyware and adware. Ad-Aware and Spybot - Search & Destroy are two commonly used programs. These programs are specifically designed for spyware detection and therefore do not detect viruses, although some commercial antivirus software packages can also detect adware and spyware, or offer a separate spyware detection module.
THREAT #7: BOTNET
Description: A Botnet (also called a “zombie army”) is a collection of software robots, or bots, that run automated tasks over the Internet. The term “botnet” is generally used to refer to a distributed network of compromised computers (called “zombie computers”). These “zombies” typically run programs such as worms, Trojan horses, or backdoors. Botnets are frequently used to launch Distributed Denial-of-Service (DDoS) attacks against websites. Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords.
Expert’s estimate that as many as one in four personal computers connected to the Internet has become part of a botnet. Several botnets have been found and removed from the Internet such as a 1.5-million node botnet recently discovered by the Dutch police.
Danger level: High
Worst case damage: In the first place, botnets steal computing resources and the individual user’s system performance may degrade as a result. More serious consequences may be caused, however, by the programs that run on botnets (see respective entries for worm and Trojan horse).
Prevention, detection and removal: Detection focuses on either the computer itself or the network. Both approaches use trial and error to try to identify bot behavior patterns. Network-based approaches then shutdown servers or re-direct DNS entries. Security companies such as Symantec, Trend Micro, FireEye, Simplicita and Damballa offer products to stop botnets. With the exception of Norton Antibot (formerly Sana Security), most focus on protecting enterprises and/or ISPs rather than the systems of individual users.
THREAT #8: WORM
Description: A computer worm is a self-replicating, malicious software program. Unlike a virus, it does not need to attach itself to an existing program or require user intervention to spread. It uses a network to send copies of itself to other computers on the network.
Danger level: Very High
Worst case damage: Worms can cause two types of damage: Damage to the network: by their replicating behavior, worms consume bandwidth and can cause degraded network performance.
Payload: worms also deliver payloads such as backdoors that allow hackers to gain control of the infected computer and turn it into a “zombie”. That computer may then become part of a botnet used to send spam or launch Distributed Denial-of-Service (DDoS) attacks (often coupled with blackmail attempts).
Prevention, detection and removal: Since worms spread by exploiting vulnerabilities in operating systems, computers should be kept current with the latest security updates or “patches” from operating system vendors.
To prevent infection, users need to be wary of opening unexpected emails and should not run attached files or programs, or visit websites that are linked to such emails. Users should be constantly on guard against phishing.
Antivirus and antispyware software, if kept up-to-date, are also helpful, as is the use of a firewall.
THREAT #9: TROJAN HORSE
Description: A Trojan horse or Trojan is a piece of software which – like the Trojan Horse of Greek mythology – conceals a payload (often malicious) while appearing to perform a legitimate action. Trojan horses often install “backdoor programs” which allow hackers a secret way into a computer system.
Danger level: Very High
Worst case damage: Trojans horses can deliver a variety of payloads and therefore have the potential to cause significant damage. Example payloads include:
Erasing or overwriting data on a computer
Allowing remote access to the victim's computer
Installing other malicious programs such as viruses
Adding the victim’s computer to a network of zombie computers in order to launch Distributed Denial-of-Service (DDoS) attacks or send spam.
Logging keystrokes to steal information such as passwords and credit card numbers
Harvesting email addresses and using them for spam
Deactivating or interfering with antivirus and firewallprograms
Prevention, detection and removal: Normally, antivirus software is able to detect and remove Trojan horses automatically. They may also be deleted by clearing the temporary Internet files on a computer, or by finding the offending file and deleting it manually (in safe mode).
THREAT #10: BLENDED THREAT
Description: A blended threat is a threat that combines different malicious components, such as a worm, a Trojan horse and a virus. In this way, a blended threat uses multiple techniques to attack and propagate itself.
Danger level: Extremely high
Worst case damage: See respective entries for worm, Trojan horse and virus.
Prevention, detection and removal: See respective entries for worm, Trojan horse and virus.
THREAT #11: DENIAL-OF-SERVICE ATTACK (DOS ATTACK)
Description: As its name implies, a Denial-of-Service or DoS attack is an attempt to make a computer resource such as a website or web service unavailable to users. One of the most common methods of attack involves saturating the target (victim) machine with external communications requests. The machine then cannot respond to legitimate traffic or responds so slowly as to be rendered effectively unavailable. Attacks are often launched by networks of zombie computers or botnets. These are known as Distributed Denial-of-Service or DDoS attacks.
Although simple, DoS attacks can be highly effective. DoS attacks (reputedly by Russian hackers) against websites of government ministries, the press and banks disrupted Internet communications for several days in 2007 throughout the Baltic nation of Estonia.
Danger level: High
Worst case damage: DoS attacks typically target large businesses or government institutions rather than individuals or small businesses. Nonetheless, they can make a website or web service temporarily unavailable (for minutes, hours or days), with ramifications for sales or customer service. Moreover, DoS attacks on private companies are sometimes coupled with blackmail attempts.
Prevention, detection and removal: Surviving an attack: The easiest way to survive an attack is to plan ahead. Set aside a separate emergency block of IP addresses for critical servers with a separate route. The separate route can be used for load balancing or sharing under normal circumstances and switched to emergency mode in the event of an attack.
Firewalls: Firewalls follow simple rules to allow or deny protocols, ports or IP addresses. Some firewalls offer a built-in emergency mode. If the number of incoming packets per second exceeds a set value for more than the specified time, the firewall classifies it as a DoS attack and switches to emergency mode. In this mode, all inbound traffic is blocked except previously established and active connections, but outbound traffic is allowed.
Some DoS attacks are too advanced for today's firewalls. If there is an attack on port 80 (web service), for example, firewalls cannot prevent the attack because they cannot distinguish between good traffic and DoS traffic. Another problem is that firewalls are too deep in the network hierarchy. Your router may be overwhelmed before the traffic even gets to your firewall.
Routers and Switches: These can be configured to cut off traffic and prevent the DoS attack from flooding the network.
Application front-end hardware: Intelligent hardware can be placed on the network perimeter to analyze traffic before it reaches the servers. Data packets are analyzed as they enter the system and classified as priority, regular or dangerous.
IPS-based prevention: Intrusion-prevention systems (IPS) are effective if the attacks have signatures associated with them. (Symantec, n.d.)
THREAT #12: Social Engineering
Description: Social engineering is a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. It is one of the greatest threats that organizations encounter today. Let me say that again. It is one of the greatest threats that organizations encounter today.
Social engineering is a component of many -- if not most -- types of exploits. Virus writers use social engineering tactics to persuade people to run malware-laden email attachments, phishers use social engineering to convince people to divulge sensitive information, and scareware vendors use social engineering to frighten people into running software that is useless at best and dangerous at worst. How social engineering is performed
A social engineer runs what used to be called a "con game." For example, a person using social engineering to break into a computer network might try to gain the confidence of an authorized user and get them to reveal information that compromises the network's security. Social engineers often rely on the natural helpfulness of people as well as on their weaknesses. They might, for example, call the authorized employee with some kind of urgent problem that requires immediate network access. Appealing to vanity, appealing to authority, appealing to greed, and old-fashioned eavesdropping are other typical social engineering techniques.
Types of social engineering attacks
Baiting. Baiting is when an attacker leaves a malware-infected physical device, such as a USB flash drive or CD-ROM, in a place it is sure to be found. The finder then picks up the device and loads it onto his or her computer, unintentionally installing the malware.
Phishing. Phishing is when a malicious party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into installing malware on his or her computer or device, or sharing personal or financial information.
Pretexting. Pretexting is when one party lies to another to gain access to privileged data. For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.
Quid pro quo. A quid pro quo is when an attacker requests personal information from a party in exchange for something desirable. For example, an attacker could request login credentials in exchange for a free gift.
Spam. Spam is unsolicited junk email.
Spear phishing. Spear phishing is like phishing, but tailored for a specific individual or organization. In these cases, the attacker is likely trying to uncover confidential information specific to the receiving organization in order to obtain financial data or trade secrets.
Tailgating. Tailgating is when an unauthorized party follows an authorized party into an otherwise secure location, usually to steal valuable property or confidential information. This often involves subverting keycard access to a secure building or area by quickly following behind an authorized user and catching the door or other access mechanism before it closes.
How to counter social engineering.
Security awareness training can go a long way in preventing social engineering attacks. If people know what form a social engineering attack is likely to take, they will be less likely to fall victim to one. Organizations also perform penetration testing using social engineering techniques. This allows security teams to know which users pose a risk and thus can take steps to remediate that risk. The Social Engineering Toolkit (SET) is a useful tool to create social engineering attacks.
Another aspect of social engineering relies on people's inability to keep up with a culture that relies heavily on information technology. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. Frequently, social engineers will search dumpsters for valuable information, memorize access codes by looking over someone's shoulder (shoulder surfing), or take advantage of people's natural inclination to choose passwords that are meaningful to them but can be easily guessed.
Prevention includes educating people about the value of information, training them to protect it and increasing people's awareness of how social engineers operate. (Beacon, November 2014)
P3 TekSolutions Conclusion: These threats are real and you are susceptible to each and every one of them. You must remain vigilant and be aware when you are connected to the internet, period. Never click on a link you are not 100% sure of. User education is actually the number one method of preventing malware! Access only sites believed to be safe, and download only programs from reputable websites. Don’t click OK or Agree to close a window; instead press Alt+F4 on the keyboard to close that window. Be wary of file-sharing websites and the content stored on those sites. Be careful of e-mails with links to downloadable software that could be malicious. New exploits are being developed almost daily and you need to keep abreast to counter them.
Only through constant monitoring (see P3MM) and by applying the measures of the 20 Critical Security Controls, can you then begin to counter threats. We help in all aspects of securing your network and systems, P3 TekSolutions can monitor your systems with our P3MM agent and devise an action plan to implement the 20 Critical Security Controls. But it is not a one-size-fits-all solution, in either content or priority. CALL TODAY for a no obligation consolation.
Beacon, R. November 2014. Social engineering. Symantic. n.d. The 11 most common computer security threats.