DOCSLIB.ORG

Malware Xiaowei Yang Previous Lecture

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Malware Xiaowei Yang Previous Lecture 590.05 Lecture 5: Malware Xiaowei Yang Previous lecture • Accountability • OS security Today • Malware Malware: Malicious Software 10/21/13 Malware 4 Viruses, Worms, Trojans, Rootkits • Malware can be classified into several categories, depending on propagaon and concealment • Propagaon 10/21/13 • Virus: human-assisted propagaon (e.g., open email aachment) • Worm: automac propagaon without human assistance Malware • Concealment • Rootkit: modifies operang system to hide its existence • Trojan: provides desirable funcBonality but hides malicious operaon • Various types of payloads, ranging from annoyance to crime 5 Insider Attacks • An insider a)ack is a security breach that is caused or facilitated by someone who is a part of the very organizaon that controls or builds the asset that should be protected. • In the case of malware, an insider aack refers to a security 10/21/13 hole that is created in a soXware system by one of its programmers. Malware 6 Backdoors • A backdoor, which is also someBmes called a trapdoor, is a hidden feature or command in a program that allows a user to perform acBons he or she would not normally be allowed to do. • When used in a normal way, this program performs completely as 10/21/13 expected and adverBsed. • But if the hidden feature is acBvated, the program does something Malware unexpected, oXen in violaon of security policies, such as performing a privilege escalaon. • Benign example: Easter Eggs in DVDs and soXware An Easter egg is an intenBonal inside joke, hidden message, or feature in a work such as a computer program, movie, book, or 7 crossword. Logic Bombs • A logic bomb is a program that performs a malicious acBon as a result of a certain logic condiBon. • The classic example of a logic bomb is a programmer coding up the soXware for the payroll system who puts in code that makes the program crash should it ever process two consecuBve payrolls without 10/21/13 paying him. • Another classic example combines a logic bomb with a backdoor, where a programmer puts in a logic bomb that will crash the program Malware on a certain date. 8 The Omega Engineering Logic Bomb • An example of a logic bomb that was actually triggered and caused damage is one that programmer Tim Lloyd was convicted of using on his former employer, Omega Engineering Corporaon. On July 31, 1996, a logic bomb was 10/21/13 triggered on the server for Omega Engineering’s manufacturing operaons, which ulBmately cost the company Malware millions of dollars in damages and led to it laying off many of its employees. 9 The Omega Bomb Code • The Logic Behind the Omega Engineering Time Bomb included the following strings: • 7/30/96 • Event that triggered the bomb • F: 10/21/13 • Focused aenBon to volume F, which had criBcal files • F:\LOGIN\LOGIN 12345 Malware • Login a ficBBous user, 12345 (the back door) • CD \PUBLIC • Moves to the public folder of programs • FIX.EXE /Y F:\*.* • Run a program, called FIX, which actually deletes everything • PURGE F:\/ALL 10 • Prevent recovery of the deleted files Defenses against Insider Attacks • Avoid single points of failure. • Use code walk-throughs. • Use archiving and reporBng tools. • Limit authority and permissions. 10/21/13 • Physically secure criBcal systems. Malware • Monitor employee behavior. • Control soXware installaons. 11 Computer Viruses • A computer virus is computer code that can replicate itself by modifying other files or programs to insert code that is capable of further replicaon. • This self-replicaon property is what disBnguishes computer 10/21/13 viruses from other kinds of malware, such as logic bombs. • Another disBnguishing property of a virus is that replicaon Malware requires some type of user assistance, such as clicking on an email aachment or sharing a USB drive. 12 Biological Analogy • Computer viruses share some properBes with Biological viruses 10/21/13 Malware AKack Penetraon 13 Replicaon and assembly Release Early History l1972 sci-fi novel “When HARLIE Was One” features a program called VIRUS that reproduces itself lFirst academic use of term virus by PhD student Fred Cohen in 1984, who credits advisor Len Adleman with 10/21/13 coining it Malware lIn 1982, high-school student Rich Skrenta wrote first virus released in the wild: Elk Cloner, a boot sector virus l(c)Brain, by Basit and Amjood Farooq Alvi in 1986, credited with being the first virus to infect PCs 14 Virus Phases • Dormant phase. During this phase, the virus just exists—the virus is laying low and avoiding detecBon. • Propagaon phase. During this phase, the virus is replicang itself, infecBng new files on new systems. 10/21/13 • Triggering phase. In this phase, some logical condiBon causes the virus to move from a dormant or propagaon phase to Malware perform its intended acBon. • Ac;on phase. In this phase, the virus performs the malicious acBon that it was designed to perform, called payload. • This acBon could include something seemingly innocent, like displaying a silly picture on a computer’s screen, or something quite malicious, such as deleBng all essenBal files on the hard 15 drive. Infection Types • Overwring original code • Destroys original code • Pre-pending virus • Keeps original code, possibly 10/21/13 compressed • InfecBon of libraries Malware • Allows virus to be memory compressed resident • E.g., kernel32.dll • Macro viruses • Infects MS Office documents • OXen installs in main document template 16 Degrees of Complication • Viruses have various degrees of complicaon in how they can insert themselves in computer code. 10/21/13 Malware 17 Concealment • Encrypted virus • DecrypBon engine + encrypted body • Randomly generate encrypBon key • DetecBon looks for decrypBon engine 10/21/13 • Polymorphic virus • Encrypted virus with random variaons of the decrypBon engine (e.g., Malware padding code) • DetecBon using CPU emulator • Metamorphic virus • Different virus bodies • Approaches include code permutaon and instrucBon replacement • Challenging to detect 18 Encrypted Viruses Computer Worms • A computer worm is a malware program that spreads copies of itself without the need to inject itself in other programs, and usually without human interacBon. • Thus, computer worms are technically not computer viruses 10/21/13 (since they don’t infect other programs), but some people nevertheless confuse the terms, since both spread by self- Malware replicaon. • In most cases, a computer worm will carry a malicious payload, such as deleBng files or installing a backdoor. 20 Early History lFirst worms built in the labs of John Shock and Jon Hepps at Xerox PARC in the early 80s lCHRISTMA EXEC wriKen in REXX, released in 10/21/13 December 1987, and targeBng IBM VM/CMS systems was the first worm to use e-mail service Malware lThe first internet worm was the Morris Worm, wriKen by Cornell student Robert Tappan Morris and released on November 2, 1988 21 Worm Development • IdenBfy vulnerability sBll • Worm template unpatched – Generate target list • Write code for – For each host on target list – Exploit of vulnerability • Check if infected 10/21/13 • Check if vulnerable – Generaon of target list • Infect • Random hosts on the internet Malware • Recur • Hosts on LAN • Divide-and-conquer • Distributed graph search – Installaon and execuBon of algorithm payload – Forward edges: infecBon – Querying/reporBng if a host is – Back edges: already infected or infected not vulnerable • IniBal deployment on botnet 22 Worm Propagation • Worms propagate by finding and infecBng vulnerable hosts. • They need a way to tell if a host is vulnerable • They need a way to tell if a host is already infected. 10/21/13 Malware iniBal infecBon 23 Propagation: Theory l Classic epidemic model Source: Cliff C. Zou, Weibo Gong, Don Towsley, and • N: total number of vulnerable Lixin Gao. hosts The Monitoring and Early DetecBon of Internet Worms, IEEE/ACM TransacBons on • I(t): number of infected hosts at Networking, 2005. me t 10/21/13 • S(t): number of suscepBble hosts at Bme t Malware • I(t) + S(t) = N • β: infecBon rate l DifferenBal equaon for I(t): dI/dt = βI(t) S(t) l More accurate models adjust propagaon rate over Bme 24 Propagation: Practice • Cumulave total of unique IP addresses infected by the first outbreak of Code-RedI v2 on July 19-20, 2001 Source: 10/21/13 David Moore, Colleen Shannon, and Jeffery Brown. Malware Code-Red: a case study on the spread and vicBms of an Internet worm, CAIDA, 2002 25 Trojan Horses • A Trojan horse (or Trojan) is a malware program that appears to perform some useful task, but which also does something with negave consequences (e.g., launches a keylogger). • Trojan horses can be installed as part of the payload of other malware but are oXen installed by a user or administrator, either deliberately or accidentally. 10/21/13 Malware 26 Current Trends • Trojans currently have largest infecBon potenBal • OXen exploit browser vulnerabiliBes • Typically used to download other malware in mulB-stage aacks Source: 10/21/13 Symantec Internet Security Threat Malware Report, April 2009 27 Rootkits • A rootkit modifies the operang system to hide its existence – E.g., modifies file system exploraon uBliBes – Hard to detect using soXware that relies on the OS itself • Rootkit Revealer 10/21/13 – By Bryce Cogswell and Mark Russinovich (Sysinternals) Malware – Two scans of file system – High-level scan using the Windows API – Raw scan using disk access methods – Discrepancy reveals presence of rootkit – Could be defeated by rootkit that intercepts and modifies results of raw scan operaons 28 Malware Zombies • Malware can turn a computer in to a zombie, which is a machine that is controlled externally to perform malicious aacks, usually as a part of a botnet. Botnet Controller (AKacker) 10/21/13 AKack Commands Botnet: AKack AcBons 29 Vicm Financial Impact l Malware oXen affects a large user populaon Source:(Computer( Economics( l Significant financial impact, though esBmates vary widely, up to $100B per year (mi2g) !$15B! 10/21/13 l Examples Malware ¡ LoveBug (2000) caused $8.75B in !$10B! damages and shut down the BriBsh parliament !$5B! ¡ In 2004, 8% of emails infected by W32/MyDoom.A at its peak !$! ¡ In February 2006, the Russian 1997! 1999! 2001! 2003! 2005! Stock Exchange was taken down 30 by a virus.
Load more

Recommended publications
  • Security , Hacking, Threats & Tools for Security
    SECURITY , HACKING, THREATS & TOOLS FOR SECURITY N.Anupama Asst Professor ANUCET ANU CONTENT Introduction to security Features of security Hacking Security threats Tools to provide security Conclusion SECURITY Security is the protection of assets. The three main aspects are: Prevention Detection re-action Information can be stolen – how to prevent it. Confidential information may be copied and sold - but the theft might not be detected The criminals try to attack and the system should react to stop it. TYPES OF SECURITY Computer Security deals with the prevention and detection of unauthorised actions by users of a computer system. Network security prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network- accessible resources. Web security deals specifically with security of websites, web applications and web service. Features of security Confidentiality Integrity Availability Non-repudiation Authentication Access Controls Accountability FEATURES OF SECURITY Confidentiality Confidentiality is keeping information secret or private. The prevention of unauthorized disclosure of information. Confidentiality might be important for military, business or personal reasons. Integrity Integrity means that there is consistency in the system - everything is as it is expected to be. Integrity is the authorised writing or modification of information. Data integrity means that the data stored on a computer is the same as the source documents. FEATURES OF SECURITY Availability Information should be accessible and useable upon appropriate demand by an authorized user. Availability is the prevention of unauthorized withholding of information. Non-repudiation Non repudiation is a method of guaranteeing message transmission between parties via digital signature and/or encryption. Non repudiation is often used for digital contracts, signatures and email messages.
    [Show full text]
  • Cyber Warfare a “Nuclear Option”?
    CYBER WARFARE A “NUCLEAR OPTION”? ANDREW F. KREPINEVICH CYBER WARFARE: A “NUCLEAR OPTION”? BY ANDREW KREPINEVICH 2012 © 2012 Center for Strategic and Budgetary Assessments. All rights reserved. About the Center for Strategic and Budgetary Assessments The Center for Strategic and Budgetary Assessments (CSBA) is an independent, nonpartisan policy research institute established to promote innovative thinking and debate about national security strategy and investment options. CSBA’s goal is to enable policymakers to make informed decisions on matters of strategy, secu- rity policy and resource allocation. CSBA provides timely, impartial, and insight- ful analyses to senior decision makers in the executive and legislative branches, as well as to the media and the broader national security community. CSBA encour- ages thoughtful participation in the development of national security strategy and policy, and in the allocation of scarce human and capital resources. CSBA’s analysis and outreach focus on key questions related to existing and emerging threats to US national security. Meeting these challenges will require transforming the national security establishment, and we are devoted to helping achieve this end. About the Author Dr. Andrew F. Krepinevich, Jr. is the President of the Center for Strategic and Budgetary Assessments, which he joined following a 21-year career in the U.S. Army. He has served in the Department of Defense’s Office of Net Assessment, on the personal staff of three secretaries of defense, the National Defense Panel, the Defense Science Board Task Force on Joint Experimentation, and the Defense Policy Board. He is the author of 7 Deadly Scenarios: A Military Futurist Explores War in the 21st Century and The Army and Vietnam.
    [Show full text]
  • Address Munging: the Practice of Disguising, Or Munging, an E-Mail Address to Prevent It Being Automatically Collected and Used
    Address Munging: the practice of disguising, or munging, an e-mail address to prevent it being automatically collected and used as a target for people and organizations that send unsolicited bulk e-mail address. Adware: or advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. Some types of adware are also spyware and can be classified as privacy-invasive software. Adware is software designed to force pre-chosen ads to display on your system. Some adware is designed to be malicious and will pop up ads with such speed and frequency that they seem to be taking over everything, slowing down your system and tying up all of your system resources. When adware is coupled with spyware, it can be a frustrating ride, to say the least. Backdoor: in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device. A back door is a point of entry that circumvents normal security and can be used by a cracker to access a network or computer system. Usually back doors are created by system developers as shortcuts to speed access through security during the development stage and then are overlooked and never properly removed during final implementation.
    [Show full text]
  • Information Security Software Flaws
    CS 166: Information Security Software Flaws Prof. Tom Austin San José State University If automobiles had followed the same development cycle as the computer, a Rolls- Royce would today cost $100, get a million miles per gallon, and explode once a year, killing everyone inside. ¾ Robert X. Cringely My software never has bugs. It just develops random features. ¾ Anonymous Why Software? • Why is software as important to security as crypto, access control, protocols? • Virtually all of information security is implemented in software • If your software is subject to attack, your security can be broken – Regardless of strength of crypto, access control or protocols • Software is a poor foundation for security Bad Software is Ubiquitous • NASA Mars Lander (cost $165 million) – Crashed into Mars due to… – …error in converting English and metric units • Denver airport – Baggage handling system --- very buggy software – Delayed airport opening by 11 months – Cost of delay exceeded $1 million/day • MV-22 Osprey – Advanced military aircraft – Faulty software can be fatal Software Issues Alice and Bob Trudy • Find bugs and flaws by • Actively looks for bugs accident and flaws • Hate bad software… • Likes bad software… • …but must learn to live • …and tries to make it with it misbehave • Must make bad • Attacks systems via bad software work software Complexity “Complexity is the enemy of security”, Paul Kocher, Cryptography Research, Inc. System Lines of Code (LOC) Netscape 17 million Space Shuttle 10 million Linux kernel 2.6.0 5 million Windows XP
    [Show full text]
  • On the (In)Effectiveness of Static Logic Bomb Detector for Android
    1 On The (In)Effectiveness of Static Logic Bomb Detection for Android Apps Jordan Samhi1 Alexandre Bartel1;2;3;∗ 1 University of Luxembourg 2 University of Copenhagen 3 Umeå University Abstract—Android is present in more than 85% of mobile or after a hard-coded date, making it invisible for dynamic devices, making it a prime target for malware. Malicious code is analyses. This behavior shows how simple code logic can becoming increasingly sophisticated and relies on logic bombs to defeat most dynamic analyses leading to undetected malicious hide itself from dynamic analysis. In this paper, we perform a large scale study of TSOPEN, our open-source implementation of applications. the state-of-the-art static logic bomb scanner TRIGGERSCOPE, In the last decade, researchers have developed multiple tools on more than 500k Android applications. Results indicate that to help detecting logic bombs [7] [8] [9]. Most of them are the approach scales. Moreover, we investigate the discrepancies either not fully automated, not generic or have a low recall. and show that the approach can reach a very low false-positive However, one approach, TRIGGERSCOPE [10] stands out rate, 0.3%, but at a particular cost, e.g., removing 90% of sensitive methods. Therefore, it might not be realistic to rely because it is fully automated and has a false positive rate close on such an approach to automatically detect all logic bombs to 0.3%. In this paper, we try to replicate TRIGGERSCOPE and in large datasets. However, it could be used to speed up the perform a large-scale study to show that the approach scales.
    [Show full text]
  • Towards Semi-Automated Detection of Trigger-Based Behavior for Software Security Assurance
    Towards Semi-automated Detection of Trigger-based Behavior for Software Security Assurance Dorottya Papp Levente Buttyán Zhendong Ma CrySyS Lab, Dept. of Networked CrySyS Lab, Dept. of Networked Center of Digital Safety and Security, Systems and Services, BME Systems and Services, BME Austrian Institute of Technology Magyar tudósok krt 2. Magyar tudósok krt 2. Donau-City-Straβe 1. Budapest 1117, Hungary Budapest 1117, Hungary Vienna, Austria Center of Digital Safety and Security, [email protected] [email protected] Austrian Institute of Technology Donau-City-Straβe 1. Vienna, Austria [email protected] ABSTRACT 1 INTRODUCTION A program exhibits trigger-based behavior if it performs undocu- Trigger-based behavior in software refers to execution of code that mented, often malicious, functions when the environmental condi- is activated on specific input values (the so called trigger inputs) tions and/or specific input values match some pre-specified criteria. and that performs some undocumented functions. Often, the users Checking whether such hidden functions exist in the program is are not aware of the existence of those undocumented functions important for increasing trustworthiness of software. In this paper, in the software. It is clear that using an application that has such we propose a framework to effectively detect trigger-based behav- hidden functions, which can be triggered by non-legitimate par- ior at the source code level. Our approach is semi-automated: We ties, is dangerous, as those functions can potentially implement use automated source code instrumentation and mixed concrete malicious actions. Indeed, the best examples for trigger-based be- and symbolic execution to generate potentially suspicious test cases havior include backdoors and logic bombs hidden in applications that may trigger hidden, potentially malicious functions.
    [Show full text]
  • Cybersecurity – Know the Threats & How to Mitigate Them
    Cybersecurity – Know The Threats & How To Mitigate Them Sam Chawkat COO Dynamic Network Solutions Background u Providing IT consulting to organizations of various sizes across several states and regions since 1996 u Our focus is in our slogan, We Take I.T. Personally u We don’t focus on just the tech, we focus on the customer experience and customer satisfaction u Dynamic Network Solutions is your “one stop shop” helping organizations with IT, cabling, AV, security, cameras, and phone systems. If it plugs in or turns on we can take care of it Cybersecurity is Safety Security: We must protect our computers and data in the same way that we secure the doors to our homes. Safety: We must behave in ways that protect us against risks and threats that come with technology. Lets Discuss The Type Of Threats That Exist Importance of Cybersecurity The internet allows an attacker to work from anywhere on the planet. Risks caused by poor security knowledge and practice: Identity Theft Monetary Theft Legal Ramifications (for yourself and your organization) Sanctions or termination if policies are not followed According to the SANS Institute, the top vectors for vulnerabilities available to a cyber criminal are: Web Browser IM Clients Web Applications Excessive User Rights User Awareness System Administrators Some scripts appear useful to manage networks… Cracker: Computer-savvy Posts to programmer creates Hacker Bulletin Board attack softwar e SQL Injection Buffer overflow Password Crackers Script Kiddies : Unsophisticated Password Dictionaries computer users who know how to execute programs Successful attacks! Crazyman broke into … CoolCat penetrated… Criminals: Create & sell bots -> generate spam Malware package earns $1K-2K Sell credit card numbers, 1 M Email addresses earn $8 etc… 10,000 PCs earn6 $1000 Leading Threats u Viruses u Worms u Trojan Horses / Logic Bombs u Social Engineering u Rootkits u Botnets / Zombies u Randsomware Viruses A virus attaches itself to a program, file, or disk.
    [Show full text]
  • “Cybersecurity in the Workplace”
    “Cybersecurity in the Workplace” How to Strengthen and Protect Your Business in an Era of Easy Computer System Access © 2018 Hinshaw & Culbertson LLP, an Illinois Limited Liability Partnership. All rights reserved. Meet Today’s Presenters Ambrose McCall advises businesses on a range of Ken Yeadon uses his experience as a former Assistant U.S. employment issues, including regulatory, compliance and Attorney and SEC Enforcement Attorney to provide defense, employee program matters; he also counsels employers on representation, and advice to individuals and corporations on employee social media and digital workplace policies. criminal, securities, health care, and civil regulatory matters. Cybersecurity in the Workplace: Learning Objectives 1 2 Review relevant law that Demonstrate cybercrime promotes cybersecurity and potential recourses and protects businesses through case studies 3 Best practices that promote cybersecurity and protect your business Insert Copy Recent Examples Andrew Auernheimer – exploited vulnerability in AT&T website to obtain email addresses of AT&T iPad users Matthew Keys – disgruntled employee gave log-on info to hacker, who used info to alter an LA Times news story David Nosal – talked former colleagues into accessing their company's database to give him trade secrets to launch a competing company Cybersecurity Overview • Computer Fraud and Abuse Act (1984) Federal • Electronic Communications Privacy Act (1986) vs. State • State Laws • Civil Remedies for Employers • Criminal Penalties for Civil vs. Employees Criminal
    [Show full text]
  • Start of Lecture: March 31, 2014
    Start of Lecture: March 31, 2014 Title text: We actually stand around the antivirus displays with the Mac users just waiting for someone to ask. Chapter 15: Security !1 Reminders • Hope you had fun with Bob and Jeeva! • Exercise 5 is due this Wednesday • Assignment 3 is due next Wednesday • I will release a practice final soon • Please check your marks on docsdb for any errors Chapter 15: Security !2 Thought Questions • What is the probability of deadlock? Does that increase or decrease with more cores? • Some results that suggest that deadlock decreases if number resources increases, increases as number of processes increases and (un- intuitively) increases if both resources and processes increase together: • http://dl.acm.org/citation.cfm?id=808054 • http://citeseerx.ist.psu.edu/viewdoc/download? doi=10.1.1.72.4304&rep=rep1&type=pdf • Not a well understood problem that needs much more research Chapter 15: Security !3 Thought Questions • Is there a technique that tackles both external and internal fragmentation? Which would you consider more detrimental to have happen? • Both are detrimental, though arguably external segmentation builds up over time as processes terminate, whereas internal fragmentation is local to a process and gone when it terminates • Multiple page sizes get some of the best of both worlds, since there can be larger chunks (reducing the number of pages) and then smaller, finer grained pages (reducing internal fragmentation) Chapter 15: Security !4 Chapter 15: Security CMPUT 379, Section B1, Winter 2014 March 31, April 2, April 4 Objectives • Discuss goals of protection in modern systems • Discuss security threats and attacks • Explain fundamentals of encryption, authentication, hashing • Examine the uses of cryptography in computing • Describe various countermeasures to security attacks Chapter 15: Security !6 Protection versus Security • Errors in operation can be accidental or malicious • The role of protection is to provide a mechanism to enforce policies on resource use (an internal problem) • e.g.
    [Show full text]
  • Cybercrime: an Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws
    Cybercrime: An Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws Charles Doyle Senior Specialist in American Public Law October 15, 2014 Congressional Research Service 7-5700 www.crs.gov 97-1025 Cybercrime: An Overview of 18 U.S.C. 1030 and Related Federal Criminal Laws Summary The Computer Fraud and Abuse Act (CFAA), 18 U.S.C. 1030, outlaws conduct that victimizes computer systems. It is a cyber security law. It protects federal computers, bank computers, and computers connected to the Internet. It shields them from trespassing, threats, damage, espionage, and from being corruptly used as instruments of fraud. It is not a comprehensive provision, but instead it fills cracks and gaps in the protection afforded by other federal criminal laws. This is a brief sketch of CFAA and some of its federal statutory companions, including the amendments found in the Identity Theft Enforcement and Restitution Act, P.L. 110-326, 122 Stat. 3560 (2008). In their present form, the seven paragraphs of subsection 1030(a) outlaw • computer trespassing (e.g., hacking) in a government computer, 18 U.S.C. 1030(a)(3); • computer trespassing (e.g., hacking) resulting in exposure to certain governmental, credit, financial, or computer-housed information, 18 U.S.C. 1030(a)(2); • damaging a government computer, a bank computer, or a computer used in, or affecting, interstate or foreign commerce (e.g., a worm, computer virus, Trojan horse, time bomb, a denial of service attack, and other forms of cyber attack, cyber crime, or cyber terrorism), 18 U.S.C.
    [Show full text]
  • Software Assurance for Executives Definitions
    Definitions Term Definition acquisition Process of obtaining a system, software product, or software service. Software products may include commercial, off-the- shelf (COTS) products; modified, off-the-shelf (MOTS) products; open source products; or fully developed products. The above definition was derived from these references: [IEEE-CS 2008, IEEE-CS 1998] active attack An attack that alters a system or data. [CNSS 2010] Agile An iterative and incremental (evolutionary) approach to software development which is performed in a highly collaborative manner by self-organizing teams within an effective governance framework with “just enough” ceremony that produces high quality software in a cost effective and timely manner which meets the changing needs of its stakeholders. [Ambler 2013] antivirus software Wikipedia: Software used to prevent, detect and remove malware. http://en.wikipedia.org/wiki/Anti-virus attack Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself. [CNSS 2010] authentication 1. Authentication is the process of determining whether someone or something is who or what it declares itself to be. Passwords, security cards, and biometric solutions are often employed as methods to provide user authentication. With respect to computer systems, the use of digital certificates, which include a digital signature and are issued and verified by a certificate authority (CA) as part of a public key infrastructure, are a way to perform authentication on the Internet. There are three classic ways to authenticate: something you know, something you have, something you are. 2. The process of verifying the identity or other attributes claimed by or assumed of an entity (user, process, or device), or to verify the source and integrity of data.
    [Show full text]
  • Types of Attacks and Malicious Software
    L15 - Attacks 4/18/2019 TYPES OF ATTACKS AND MALICIOUS SOFTWARE © Robert F. Kelly, 2012-2019 ISE331 – Fundamentals of Computer Security 2 Reading Some topics in the book chapter have • Chapter 15 been covered in previous lectures • Ping of Death • https://en.wikipedia.org/wiki/Ping_(networking_utility) • https://en.wikipedia.org/wiki/Ping_of_death • https://en.wikipedia.org/wiki/Ping_flood • Advanced Persistent Threat • https://en.wikipedia.org/wiki/Advanced_persistent_threat 1 L15 - Attacks 4/18/2019 © Robert F. Kelly, 2012-2019 ISE331 – Fundamentals of Computer Security 3 Objectives • Become familiar with various types of attacks • Be able to identify different types of malicious software • Understand defenses against categories of attacks © Robert F. Kelly, 2012-2019 ISE331 – Fundamentals of Computer Security 4 Reasons for an Attack • Random • Look for vulnerabilities, such as • Lacking current security patches • New attack approaches • Undefended networks • Targeted • Political – Snowden • Military – Iran, Russia, • Financial – e.g., stealing credit card info • Hacktivist – e.g., fur coats 2 L15 - Attacks 4/18/2019 © Robert F. Kelly, 2012-2019 ISE331 – Fundamentals of Computer Security 5 Direct vs. Indirect Attack • Attacker might choose to attack directly • Detection probability is low • Value of attack point is limited • Indirect • Attacker uses a series of intermediate hosts between launch point and target • More difficult to block • Massed • Compromise third-party hosts and use them all • Botnets • Examples: DDoS, distributed capture of target’s network traffic © Robert F. Kelly, 2012-2019 ISE331 – Fundamentals of Computer Security 6 Types of Attacks • Denial-of-service • Phishing/pharming • Backdoors/Trapdoors • Attacks on encryption • Sniffing • Address system attacks • Spoofing • Password guessing • Man-in-the-middle • Hybrid attack • TCP/IP hijacking • Birthday attack • Injection attack 3 L15 - Attacks 4/18/2019 © Robert F.
    [Show full text]