2. Module Overview
In this module we’re going to be discussing:-
• The danger that malware presents
• How to avoid becoming infected with malware
• The different types and varieties of malware
• A case study to explore how malware can affect your business
3. Malware is a term used to classify software that intends to
cause unauthorised harm to a computer or network
Malware includes viruses, worms, Trojan horses,
ransomware and other malicious code
This malware can be used to monitor your activity, record
your keystrokes and even encrypt your files
Malicious Software
4. • The virus has become synonymous with computer infections
• A virus is a piece of code which is capable of copying itself and
typically has a detrimental effect
• These effects include causing system and data corruption.
• These viruses often run silently in the background, so you
would never know they were there
Viruses
5. • A worm is a piece of malicious code that replicates itself
repeatedly to spread and infect other computers
• Unlike a virus, a worm doesn’t need a host computer to
remain active and spread, it can do so autonomously
• Worms rely on exploiting some kind of security
weakness within a target system or its software
Worms
6. • Trojan horses are a particular kind of malware that disguise
themselves as a trusted or legitimate application or file
• Trojans are often distributed via emails, or via torrent files
which are uploaded to file sharing websites
• Many of these Trojans act as a secret back-door, which
means they provide remote system access to attackers
Trojan Horses
7. • Macros are small reusable instructions that automate a
particular task within a software application, such as MS Word
• Virus writers exploited this functionality by creating evil macros,
which perform malicious actions on a target system when run
• Macros are difficult to detect and look like regular Office
documents, which can be easily spread via email
Macro Malware
8. • Keyloggers are a type of malware that exist to monitor and
record your digital activity, particularly your keystrokes
• Keyloggers are usually installed for the purpose of
information gathering, which is usually financially motivated
• Attackers will use the information gathered from keyloggers
for use in blackmail, identify theft and credit card fraud
Keyloggers
9. Infection Methods
Emails
Malware can be sent via email as
attachments. Emails can also contain URLs
to the malicious downloads
Downloads
Your downloads might be infected, this is
especially true if you are downloading
illegally shared content
Web Browsing
Malware can be spread by visiting gaming
and gambling sites or using pirated
software and hacking tools
Security Holes
Holes in your web browser or its plug-ins
allow attackers to install malware onto
your computer silently
10. • AV software is an application that detects and prevents malware
• It does this by downloading a list of software that’s known to be
malicious, then comparing the files on your computer against this list
• It’s important your anti-virus is to date and running regular scans
Anti-virus Software
11. Ways to prevent malware
Install up to date anti-virus software on your computers
Keep your system and its software current and up to date
Be wary of email attachments, suspicious websites and downloads
Report anything suspicious to your appropriate contact
Always think before you click, if in doubt, report it
1
2
3
4
5
12.
13.
14. Case Study - Target
December 13th, 2013
Personal information of 40
Million Target customers
exposed to fraud.
December 14th, 2013
Target hire a 3rd party forensics
team to investigate the hack.
December 15th, 2013
Target confirm malware had
been installed on PoS network,
and was used to steal data.
15. Case Study - Target
December 19th, 2013
Target publicly acknowledges
the breach, saying it’s under
investigation. January 10th, 2014
Target says an additional 70
million customers had personal
information stolen during the
breach.
January 22nd, 2014
Target lays off 475 employees
and halts a further 700
vacancies worldwide.
70M
16. Case Study - Target
• In total 110M customer records were exposed
• It was later discovered the breach was caused by a 3rd party
contractor, who was fooled by a phishing email
• Cases such as this one prove that malware is more than a mere
nuisance, but a genuine threat to every business
17. Recap
We’ve taken a look at the types of malware. We’ve talked about best
practices, and walked through a virtual demonstration & case study.
So remember:-
Keep your system and its software current and up to date
Be wary of email attachments, suspicious websites and downloads
Report anything suspicious to your appropriate internal contact
Always think before you click, if in doubt, report it
Hinweis der Redaktion
Hello and welcome to our module on malware. In this module we’re going to be learning about the dangers posed by malicious code and explore the ways that we can avoid becoming infected. We’ll be taking a look at the different types of malware, discussing their behaviour and finish up with a real life case study to examine the impact that malware can have on your business
So it’s normally best to start with a definition. Malware is actually an umbrella term used to classify software that intends to cause unauthorised harm to a computer or network. This includes viruses, worms, Trojan horses, ransomware and other malicious code. Once you’re infected these software applications can be used to monitor your activity, record your keystrokes and encrypt your files – often silently in the background without you ever even knowing. Let’s take a look at some common examples
So let’s start with an example you’ve all heard of – the computer virus. The virus has become synonymous with computer infections, but it seems not many people understand what it really is. A virus is essentially a piece of software that’s capable of copying itself in order to spread, much like a biological virus, and typically has a detrimental effect on its host. These effects can include causing system corruption or destroying data. Viruses often run silently in the background, so you’d never actually know they were there. They’re much less common these days, and most new malware will fall into one of the following varieties
A worm is a piece of malicious code that replicates itself repeatedly in order to spread and infect other computers. Unlike a virus a worm doesn’t need a host computer to remain active, and is able to spread and replicate autonomously. These worms usually rely on security weaknesses within a target system or its applications. It’s difficult to defend against new worms however keeping systems up to date with the latest software is a great way to mitigate against any risks.
Trojan horses are a particular kind of malware that masquerade as a trusted or legitimate application or file. They may for example be hidden inside an email attachment, or a torrent file that’s uploaded to a file sharing website. Many of these applications act as a secret back door to your system, providing their creators with remote access to your network. The word Trojan is originally derived from the Ancient Greek story of the wooden horse that was used to help the Greek troops invade Troy.
Macros are small reusable instructions that automate a particular task, usually within a software application such as Microsoft Word. The macros are incredibly powerful and very useful, however can also be used maliciously. Virus writers have used this functionality to create evil macros, which perform malicious actions on a target system. These macros are difficult to detect and often look like regular Office documents, which makes them easy to distribute and spread via email.
Keyloggers are a type of malware that monitor and record your digital activity, particularly your keystrokes – though it may also include capturing your screen. They are usually installed for the purpose of information gathering, which is often financially motivated. Attackers might use the information gathered from keyloggers to blackmail you, steal your identity or perform credit card fraud. Keyloggers fall into a category of malware known as spyware, which as the name suggests, are applications that can be used to monitor you.
Malware can be spread through a variety of methods, including emails, downloads and software vulnerabilities. It can be sent as an email attachment, or distributed via websites hosting malicious content. Your downloads may even be infected, particularly from websites that you don’t usually trust. You can also be infected with malware via security holes might exist inside your web browser or its plug-ins. While it’s difficult to prevent malware, there are ways to detect it, and the most common is using a good up to date anti-virus application.
Anti-virus software is an application that detects and prevents all kinds of malware from harming your system. It does this by downloading a list of software that’s known to be malicious and then comparing the files on your computer against this list. If there’s a match, it isolates and removes the threat from your computer. This blacklist is constantly changing – which explains why it’s important that your anti-virus software is always up to date and running regular scans. Like everything else in security – theres no gold bullet solution for preventing malware infections, and anti-virus software only forms one part of a larger defence strategy. It will however block and eliminate the most common attacks and continues to play and important role in keeping your networks and systems secure.
While there’s no fool proof method for protecting yourself against malware there are many things that you can do to reduce your risk of becoming infected. Firstly, make sure that you have up to date anti-virus software running on your computer and that your system has no pending updates. Be wary of email attachments, pirate websites and downloads – and never open something that you don’t completely trust. It’s important that you report anything suspicious or that you’re not sure about to your appropriate contact - and always think before you click. If you’re ever in doubt, report it.
This video shows a demonstration of a real attack using a macro trojan, and highlights the danger of opening files that you don’t trust. In this example you can see the attackers screen on the left and the victims screen on the right. At this stage the attacker has sent an email to the victim with the malicious attachment which has made it through their spam blocking systems. The victim proceeds to open up Microsoft Outlook and sees an email from a potential job applicant for a role which the company are publicly advertising. The recipient, believing this to be a resume, decides to open up the attachment to view its contents. On the left hand side we can see that the attacker is preparing his computer to receive a connection from the victim. Once the document is open the contents are blank and the victim receives two prompts. The first is to enable editing, and the second is to enable macros. Most of us would click through these prompts without a second thought, however in this case enabling the macros allows some code to run which grants the attacker full and exclusive access to the victims computer. We can see that on the left hand side the attacker is able to browse the list of programs running on the computer. Once he’s done he issues the command screenshot – which captures an image of the victims screen. From here the attacker can do anything that somebody sitting at the computer could do, all silently in the background, without them ever even knowing. This may include turning on their microphone or web camera, browsing files, stealing data or causing damage to their network. Now that we’ve seen how attackers can use malware to infiltrate your network, let’s take a look at a real life case study.
On December 13th 2013 it was discovered that personal information, including names, mailing addresses and credit card information, of 40 million Target customers had been exposed to fraud. Shortly after Target hired a third party forensics team to investigate the hack, and on December 15th they confirmed that cyber criminals had infiltrated their systems. It was discovered that malware had been installed on Target’s point-of-sale network, and had been used to steal payment and credit card data. The public were completely unaware of the breach.
On December 19th Target decide to publicly acknowledge the hack, saying it’s under investigation and confirming that the stolen data included payment information. In the hours following this announcement customers jam Target’s website and customer service hotlines. In response to the incident they announce a 10% discount on all in-store sales – but despite this effort their Christmas sales take a huge dive. On January 10th Target announce that an additional 70 million customers have been affected, and that their personal information was stolen during the breach. Following these events the company lower its forecast for the coming quarter, saying that sales were considerably weaker following news of the breach. On January 22nd 2014, Target announce that they’re laying off 475 employees at their headquarters in Minneapolis, and that a further 700 proposed vacancies worldwide will go unfilled.
It’s certainly a frightening story – but it’s one that we can all learn from. In total 110 million customer records were exposed from stores across the United States. It was later discovered that the breach was caused to some extent by a 3rd party contractor who was fooled by a phishing email – a topic which we’ll be covering in later modules. It’s cases such as this that prove malware is more than a mere nuisance, but a genuine threat to every business.
So let’s run through a recap. In this module we’ve taken a look at the various types of malware and the methods used to infect your systems. We’ve talked about some best practices for malware prevention, walked through a virtual demonstration and have finished up with a real life case study. So remember, always keep your system and its software current and up to date. Be wary of email attachments, suspicious websites and downloads. Report anything suspicious to your appropriate internal contact, and always think before you click. If you’re ever in doubt, report it