A piece of self-replicating code embedded within another program is called a
|
From a technical point of view, the most alarming aspect of the attackers under discussion in this article is that they are self-replicating. In other words, the piece of software that performs the subversion has the ability of making copies of itself and transmitting those copies to other programs in the computer or to other computers in the network. Obviously, each of these copies can now wreak havoc where it is and replicate itself as well! Thus, it may be sufficient to set one such program loose in one computer in order to affect all computers in a given network. Since more and more computers, including personal computers, are interconnected, the threat of subversion can assume literally global dimensions. Let us look at this in greater detail. First, we define a few important terms. Show
A logical bomb is a piece of code, usually embedded in other software, that is only activated (executed) if a certain condition is met. It does not have the capability of self-replication. Activation of the logical bomb may abort a program run or erase data or program files. If the condition for execution is not satisfied at all times, it may be regarded as a logical time bomb. Logical bombs that are activated in every invocation are usually not as harmful as time bombs since their actions can be observed in every execution of the affected software. A typical time bomb is one where a disgruntled employee inserts into complex software that is frequently used (a compiler or a payroll system, for example) code that will abort the execution of the software, for instance, after a certain date, naturally chosen to fall after the date of the employee's resignation or dismissal. While some programming errors may appear to be time bombs (the infamous Y2k problem certainly being the best known and most costly of these), virtually all intentional logical bombs are malicious. A computer virus is a logical bomb that is able to self-replicate, to subvert a computer system in some way, and to transmit copies of itself to other hardware and software systems. Each of these copies in turn may self-replicate and affect yet other systems. A computer virus usually attaches itself to an existing program and thereby is permanently stored. A worm is very similar to a computer virus in that it is self-replicating and subverts a system; however, it usually is a self-contained program that enters a system via regular communication channels in a network and then generates its own commands. Therefore, it is frequently not permanently stored as a file but rather exists only in the main memory of the computer. Note that a logical bomb resident in a piece of software that is explicitly copied to another system may appear as a virus to the users, even though it is not. Each of the three types of subversion mechanisms, bombs, viruses, and worms, can, but need not, cause damage. Instances are known in which bombs and viruses merely printed out some brief message on the screen and then erased themselves, without destroying data or causing other disruptions. These can be considered as relatively harmless pranks. However, it must be clearly understood that these subversion mechanisms, especially the self-replicating ones, most definitely have enormous potential for damage. This may be due to deliberate and explicit erasure of data and software, or it may be due to far less obvious secondary effects. To give one example, consider a worm that arrives at some system via electronic mail, thereby activating a process that handles the receiving of mail. Typically, this process has a high priority; that is, if there are any other processes executing, they will be suspended until the mail handler is finished. Thus, if the system receives many mail messages, a user may get the impression that the system is greatly slowed down. If these mail messages are all copies of the same worm, it is clear that the system can easily be saturated and thereby damage can be done, even though no data or programs are erased. This is what happened in the historic case study cited above. On November 2, 1988, when a worm invaded over 6000 computers linked together by a major U.S. network that was the precursor to the present-day Internet, including Arpanet, Milnet, and NSFnet. Affected were computers running the operating system Berkeley Unix 4.3. The worm took advantage of two different flaws, namely, a debugging device in the mail handler (that most centers left in place even though it was not required any longer after successful installation of the mail handler) and a similar problem in a communications program. The worm exploited these flaws by causing the mail handler to circumvent the usual access controls in a fairly sophisticated way; it also searched users' files for lists of trusted users (who have higher levels of authority) and used them to infiltrate other programs. The worm's means of transmission between computer was the network. Because infiltrated sites could be reinfiltrated arbitrarily often, systems (especially those that were favorite recipients of mail) became saturated and stopped performing useful work. This was how users discovered the infiltration, and this was also the primary damage that the worm caused. (While it did not erase or modify any data, it certainly was capable of doing this had it been so designed.) The secondary damage was caused by the efforts to remove the worm. Because of the large number of sites affected, this cost was estimated to have amounted to many years of work, even though it was relatively easy to eliminate the worm by rebooting each system because the worm was never permanently stored. One reason this worm made great waves was that it caused the first major infiltration of mainframe computers. Prior to this incident, various computer viruses (causing various degrees of damage) had been reported, but only for personal computers. Personal computers are typically less sophisticated and originally had been designed for personal use only, not for networking; for these reasons they had been considered more susceptible to attacks from viruses. Thus, threats to mainframes from viruses were thought to be far less likely than threats to personal computers. The November 2, 1988, incident destroyed this myth in less than half a day, the time it took to shut down Internet and many computer systems on it. Since then, a wide variety of attackers have appeared on the scene, substantially aided by the explosive growth of the World Wide Web. Not surprisingly, given the dominance that Microsoft's operating systems have in the market, most recent viruses exist within the context of that company's operating systems. Many of these viruses use the increasingly common use of attachments to be transmitted surreptitiously; in this case, opening an attachment may be all that is required to get infected. In fact, users may not even be aware that an attachment was opened, because it occurred automatically (to support more sophisticated mail functions, such as previewing or mail sorting according to some user-specified criterion). Frequently, the resulting subversion of the mail system facilitates further distribution of the virus, using mailing lists maintained by the system. Read moreNavigate DownView chapterPurchase book Read full chapter URL: https://www.sciencedirect.com/science/article/pii/B0122274105008425 Systems SecurityIdo Dubrawsky, in Eleventh Hour Security+, 2010 VIRUSESA computer virus is defined as a self-replicating computer program that interferes with a computer’s hardware, software, or OS. ▪A virus’s primary purpose is to create a copy of itself. ▪Viruses contain enough information to replicate and perform other damage, such as deleting or corrupting important files on your system. ▪A virus must be executed to function (it must be loaded into the computer’s memory) and then the computer must follow the virus’s instructions. ▪The instructions of the virus constitute its payload. The payload may disrupt or change data files, display a message, or cause the OS to malfunction. ▪A virus can replicate by writing itself to removable media, hard drives, legitimate computer programs, across the local network, or even throughout the Internet. View chapterPurchase book Read full chapter URL: https://www.sciencedirect.com/science/article/pii/B9781597494274000010 System maintenanceB.R. Mehta, Y.J. Reddy, in Industrial Process Automation Systems, 2015 18.6.17 VirusesA computer virus is a malicious piece of executable code that is intentionally imported into a computer or a network and usually damages some aspect of the computer’s or the network’s operation. The virus may damage files, directories, other software, system configuration information, any one or all of the above. It may also make unauthorized use of information such as password files or email address books in order to gain access to other computers. In extreme cases, a computer system may need to be shut down and reconfigured from scratch. One of the major tasks of firewalls and other network security measures is to protect against viruses. Fortunately, a virus can usually be recognized by characteristic patterns in its code or its behavior. Commercial software is available that detects and neutralizes incoming viruses and can be regularly updated as new viruses are developed. Virus detection has often depended on the fact that a virus had to be an executable file with an *.exe, *.vbs, *.pif, or *.com extension. More recently, however, macro viruses have taken advantage of the ability of certain programs (mainly Microsoft word and excel) to include small sets of executable instructions (macro viruses) in a document or spread sheet. A virus masked as one of these instructions sets as opposed to a separate file is much more difficult to detect and remove. One of the most effective types of virus protection is user education. In a plant environment, the consequences of a virus infection are not only personal inconvenience and possible data loss, but also potential damage to the computer systems that run an operating plant. View chapterPurchase book Read full chapter URL: https://www.sciencedirect.com/science/article/pii/B9780128009390000188 VacuumTrevor A. Kletz DSc, FEng, FIChemE, FRSC, in Critical Aspects of Safety and Loss Prevention, 1990 VirusesMuch has been written about computer viruses – small pieces of code which have been maliciously inserted into floppy discs or other storage media to corrupt data – but at the time of writing there has been no study of viruses in real-time systems such as plant control programs. ‘However, it seems that asserting the dangers of virus infection in such systems is not an idle concern. Any disruption in the operation of such systems can have consequences more serious than the loss of accounting or technical data1.’ On the other hand, plant control software is harder to infect than other software as plant control computers are not usually connected to networks and, once set up, additional programs are added infrequently. For infection to occur, viruses would have to be present in the original software. Computer viruses are like AIDS. Do not promiscuously share discs and data and you will not be infected2. Some control software contains codes which will prevent it being used after 6 months if the bill has not been paid. View chapterPurchase book Read full chapter URL: https://www.sciencedirect.com/science/article/pii/B9780408044295500263 Systems Software ConsiderationsDavid Kleidermacher, Mike Kleidermacher, in Embedded Systems Security, 2012 2.3.1 Case Study: The Duqu VirusIn November 2011, security researchers discovered a dangerous computer virus, dubbed Duqu. Similar to the Stuxnet attack described in Chapter 1, Duqu is believed to have been written by sophisticated attackers and takes advantage of a zero-day Windows vulnerability to gain access to embedded critical control infrastructure. As described in the Microsoft security advisory: “An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability.”4 The National Vulnerability Database has assigned the vulnerability a severity rating of 9.3 (high),5 primarily due to its remote exploitability and the impact implied by malicious root access. According to online reports, and corroborated by the aforementioned National Vulnerability Database entry overview, common Windows operating systems (XP, Vista, Windows 7, Windows Server) all execute the font-parsing engine in the kernel. In fact, the font parsing occurs in win32k.sys, the massive Windows system device driver module that has been the cause of many “blue screens of death” (BSOD) over the years. Duqu’s authors crafted Word documents that would exploit the font-parsing vulnerability, enabling remote code execution at superuser privilege. As we have learned from many such vulnerabilities (Stuxnet being just one other case in point), once the attacker has an effective malware vehicle like this, it is a simple matter to socially engineer attack targets into opening the file. The attacker needs only one successful endpoint intrusion; the infected PC is then used as a launching point against electronics and computers accessible to the PC locally and across the network. Duqu provides a wonderful example of the deleterious repercussions of monolithic operating system design. In some cases, win32k.sys consists of millions of bytes of device driver code executing in kernel/superuser mode. View chapterPurchase book Read full chapter URL: https://www.sciencedirect.com/science/article/pii/B9780123868862000023 Philosophy of Computing and Information TechnologyPhilip Brey, Johnny Hartz Søraker, in Philosophy of Technology and Engineering Sciences, 2009 Security and crimeSecurity has become a major issue in computer ethics, because of rampant computer crime and fraud, the spread of computer viruses, malware and spam, and national security concerns about the status of computer networks as breeding grounds for terrorist activity and as vulnerable targets for terrorist attacks. Computer security is the protection of computer systems against the unauthorized disclosure, manipulation, or deletion of information and against denial of service attacks. Breaches of computer security may cause harms and rights violations, including economic losses, personal injury and death, which may occur in so-called safety-critical systems, and violations of privacy and intellectual property rights. Much attention goes to the moral and social evaluation of computer crime and other forms of disruptive behavior, including hacking (non-malicious break-ins into systems and networks), cracking (malicious break-ins), cybervandalism (disrupting the operations of computer networks or corrupting data), software piracy (the illegal reproduction or dissemination of proprietary software), and computer fraud (the deception for personal gain in online business transactions by assuming a false online identity or by altering or misrepresenting data). Another recently important security-related issue is how state interests in monitoring and controlling information infrastructures to better protect against terrorist attacks should be balanced against the right to privacy and other civil rights [Nissenbaum, 2005]. View chapterPurchase book Read full chapter URL: https://www.sciencedirect.com/science/article/pii/B9780444516671500513 Challenges of New TechnologyB.A. Fiedler, in Managing Medical Devices Within a Regulatory Framework, 2017 DefinitionsCybersecurity the measures taken to prevent harmful attacks on patient data and health systems. Denial of Servicewhen a worm or other computer virus generates massive communication attempts to reduce/stop normal functions or drain the device’s battery. Malwareharmful software that appears to be part of normal operations; similarity to existing programs often lead users to unintentionally activate an embedded program with varying degree of harm to the system. Software Validationmeasures, documents, and reports outputs throughout the software development lifecycle using a series of verifications derived from standards and technical reports to achieve regulatory adherence and operational capabilities according to the device manufacturer’s stated intended use. View chapterPurchase book Read full chapter URL: https://www.sciencedirect.com/science/article/pii/B9780128041796000186 Information Diffusion and Rumor SpreadingArgyris Kalogeratos, ... Nicolas Vayatis, in Cooperative and Graph Signal Processing, 2018 24.4 Large-Scale Dynamics of Independent CascadesAt the scale of the network, the emergent behavior of information cascades displays several typical characteristics that are common in most diffusion processes, including epidemics and computer viruses. For instance, Fig. 24.1 shows the number of identified cases of Ebola during a recent crisis, the number of queries for “Pokemon go” when the game became viral, and the simulation of an independent cascade (see Model 24.4 in Section 24.3). All these diffusion processes exhibit similar behavior:  Fig. 24.1. Main large-scale characteristics of diffusion processes appearing in real and simulated cascades. (A) Number of Ebola cases in Ginea, Liberia, and Sierra Leone (source: World Health Organization). (B) Number of searches for the query “Pokemon go” on the Google search engine (source: Google Trend). (C) Simulation of a Continuous-Time Independent Cascade (see Model 24.4). The main large-scale characteristics highlighted in our analysis are also summarized: existence of outbreak, time before the explosion, explosive rate, and saturation point. 1.Explosive start: The cascade starts with an exponential increase and quickly reaches a nonnegligible amount. 2.Saturation point: After a sharp increase during the early phase of the diffusion, the process reaches a saturation point and comes to a halt. Note that, for information cascades, a residual activity may produce a linear slope after the end of the diffusion. However, we ignore this aspect in our study. As a consequence, we focus on four main characteristics of interest to describe the large-scale dynamics of information cascades: Existence: Is the cascade powerful enough to enter the explosive phase? 2.Saturation point: What is the final reach of the cascade? 3.Time for action: When is the explosion taking place? 4.Explosive rate: How fast is the initial exponential increase of the cascade? These four characteristics are summarized in a simulated toy example on Fig. 24.1C. In the following sections, we provide estimates of these quantities depending on the diffusive properties of the process as well as the structure of the social network. 24.4.1 Existence of a Supercritical CascadeIntuitively, an information cascade may only sustain itself if, on average, people that receive the message share it to more than one of their neighbors. When the network connectivity is too low, the cascade cannot reach a large audience before dying out. This is highlighted by the following upper bound relating a measure of network connectivity introduced in [12], the Hazard radius, to the long-term influence. Definition 24.3 For a diffusion process CTIC(F), ρH(F)is the largest eigenvalue of the symmetrized and integrated Hazard matrix: (24.10)ρH(F)=ρ∫0+∞F(t)+F(t)T2dt, When all edges of the social network have an identical Hazard function Fij(t), the Hazard radius is proportional to the spectral radius of the adjacency matrix, which has been shown to drive the spread of epidemics [9]. The following proposition extends this result to independent cascades. Proposition 24.3 Let S0⊂Vbe a set of n0 influencer nodes, and ρH(F)the Hazard radius of a CTIC(F). Then, if ρH(F)<1, the influence of S0 in CTIC(F)is upper bounded by: (24.11)σ(S0)≤n0+ρH(F)1−ρH(F)n0(n−n0). Proof This result relies on a nontrivial vector inequality between the activation probabilities Zi at the end of the epidemic, defined as: (24.12)Zi=P(τi<+∞). (24.13)∥Z∥1=∑iE[1{τi<+∞}]=σ(S0), (24.14)1{τi<+∞}=1{minj∈{1,…,n}(τj+Tji)<+∞}=1−∏j1−1{τj<+∞}1{Tji<+∞}. (24.15)∀i∉S0,Zi≤1−exp−∑jHjiZj. Hence, the independent cascade is subcritical when ρH(F)<1, and the number of active users remains negligible compared to the size of the network: σ(S0)=O(n)≪n. Note that we assume that the number of influencer nodes n0 is bounded and does not depend on n. 24.4.2 Long-Term Behavior of Independent CascadesWhen the cascade is efficient enough to propagate to a large proportion of the network, it displays a sharp increase before saturating to a limit value. Although the precise value of this limit influence is hard to evaluate, several upper bounds have been provided and proven in the literature [12, 54]. We now provide such a result relating the long-term influence to the Hazard radius of the cascade. Proposition 24.4 Let S0⊂Vbe a set of n0 influencer nodes, and ρH(F)the Hazard radius of a CTIC(F). Then, if ρH(F)>1, the long-term influence of S0 in CTIC(F)is upper bounded by: (24.16)σ(S0)≤n0+γ(n−n0)+cnn0(n−n0), (24.17)γ=1−exp−ρH(F)γ. Proof This result is also a consequence of Eq. (24.15) relating the expected activations Zi. See [12]. In essence, the proportion of active nodes after the cascade is negligible when ρH(F)<1, and at most γ when ρH(F)>1, where γ is defined by the implicit equation γ=1−exp−ρH(F)γ. Fig. 24.2 shows the proportion γ of Proposition 24.4 with respect to the Hazard radius ρH(F). Fig. 24.2. Upper bound on the saturation point. Function γ defined in Eq. 24.17. When ρH(F)<1, the function is equal to 0, then increases and saturates to γ = 1 as ρH(F)tends to infinity. 24.4.3 Explosive Dynamics in the Supercritical RegimeFinally, the intermediate regime when the cascade grows exponentially can be analyzed using a modified version of the Hazard radius, known as the Laplace Hazard radius. Definition 24.4 Let pij be the edge transmission probabilities defined in Eq. (24.9). For s ≥ 0, let L(s)be the n × n matrix, called Laplace Hazard matrix, whose coefficients are: (24.18)Lij(s)=−p^ij(s)∫0+∞pij(t)dt−1ln1−∫0+∞pij(t)dtif(i,j)∈E,0otherwise, Definition 24.5 For a diffusion process CTIC(F)and s ≥ 0, ρL(s)is the largest eigenvalue of the symmetrized Laplace Hazard matrix: (24.19)ρL(s)=ρL(s)+L(s)T2, This concept is slightly more complicated than the Hazard radius. When s = 0, the Laplace Hazard radius coincides with the Hazard radius: ρL(0)=ρH(F). However, when s is large, the Laplace Hazard radius captures the short-term behavior of the hazard function by reducing the impact of long times through the Laplace transform. Quite surprisingly, the explosive rate of the cascade is upper bounded by the inverse value ρL−1(1). This is discussed by the following proposition. Proposition 24.5 Let t ≥ 0, S0⊂Vbe a set of n0 influencer nodes, and ρLthe Laplace Hazard radius. Then, the short-term influence of S0 in CTIC(F)at time t is upper bounded by: (24.20)σ(S0,t)≤n0+(2n0)1/3(n−n0)2/3expρL−1(1)t. Proof This result relies on a similar equation to Eq. (24.15) describing the dynamics of the cascade instead of its long-term stable regime. More specifically, Proposition 24.2 shows that, for any t ≥ 0, the variables 1{τi (24.21)1{τi (24.22)Zi(t)≤1−exp−∑j(Fji*Zj)(t), This result has two implications (for more precise results see [11]): •First, the influence is at most increasing at an exponential rate of ρL−1(1). •Second, this also provides a characteristic time under which the cascade is still in its early phase. More precisely, before the critical time (24.23)t≤lnn3ρL−1(1), the cascade is subcritical and the influence is negligible: σ(S0,t)=O(n2/3).View chapterPurchase book Read full chapter URL: https://www.sciencedirect.com/science/article/pii/B9780128136775000249 Decoding back to binaryDr.Rocky Termanini, in Storing Digital Binary Data in Cellular DNA, 2020 Malware TechnologyMalware is considered a portmanteau for malicious software, which is intentionally designed to cause damage to a computer, server, client, or computer network. The code is described as computer viruses, worms, Trojan horses, ransomware, spyware, adware, and scareware, among other terms. The Internet has given us the good, the bad, and the ugly. Fig. 9.15 clearly shows the impact on our societal fabric. In fact, the impact is so globally ubiquitous. The most stupefying phenomenon is that within 30 years, the Internet existence, the Dark Web—like cancer—occupied most of the Web. Although the Deep Web will not take over all of the Internet, many applications of the surface Web will have private front ends with virtual pipelines into the Deep Web. As technology keeps producing new applications, malware hackers will be standing on the fence before developing new attack vectors and distributed payloads. So the Internet iceberg is split into three layers. Figure 9.15. The malware WebSphere surrounds the earth with variable contour that reflects the impact per region and country. For example, the United States has higher malware damage and risk than any other country, followed by South East Asia and Europe. We identified blockchain and DNA digital malware areas with different patterns. Extracted from MERIT CyberSecurity Library.Surface Web: This is the portion where the content that the average users used it on daily basis. This is your Facebook.com, reddit.com, justice.gov, and harvard.edu. Deep Web: Right below the surface of where the Internet iceberg meets the Deep Web. It comprises the same general hostnames as sites on the Surface Web, but along with the extension of those domains. This is the specific URL of your Facebook Messenger thread with a friend, or the Department of Justice's public archival material, or Harvard's internal communications system. The Deep Web is most of the Internet as a whole. Dark Web: The dwindling portion at the very bottom of the iceberg is a subset of the Deep Web that is only accessible through software that guards anonymity. Because of this, the Dark Web is home to entities that do not want to be found. To expand on that visual, it is necessary to explain that the Dark Web contains URLs that end in .onion rather than .com, .gov, or .edu. The network that these .onion URLs reside on cannot be accessed with the same browser you use to access your Facebook messages, the justice department's archive, or your Harvard email account. You can use a simple Chrome or Safari to access these. The Dark Web requires a specific software program—the Onion Router (the Tor browser)—to do the trick, and it offers you a special layer of anonymity that the Surface Web and the Deep Web cannot. As such, the Dark Web is a place for people and activities who do not want to be found through standard means. It is complete with illegal trade markets and forums, hacking communities, private communications between journalists and whistleblowers, and more. View chapterPurchase book Read full chapter URL: https://www.sciencedirect.com/science/article/pii/B9780128232958000094 Will the new security trends achieve the skin in the game? (Lesson learned from recent IOCs)Giovanni Bottazzi, ... Luciano Capone, in Strategy, Leadership, and AI in the Cyber Ecosystem, 2021 2 Most widespread cybersecurity threatsCurrently the most widespread cybersecurity threats are as follows (Carfagno, 2018): 1.Malware: Any program or file that is harmful to a computer user. Types of malware can include computer viruses, worms, Trojan horses, and spyware. These malicious programs can perform a variety of different functions such as stealing, encrypting, or deleting sensitive data; altering or hijacking core computing functions; and monitoring users’ computer activity without their permission. Today, over 90% of malware is delivered via email, typically hidden in the form of infected attachments or inconspicuous links. One well-intentioned employee, just clicking or downloading a malware, can cross also the best defensive moats. The average cost of a malware attack hovers around $2.4 million, according to research from Accenture. If that figure seems high, remember it considers the nearly 50 needed to identify, address, patch, and repair affected systems. 2.Phishing: Uses disguised email as a weapon. The goal is to trick the email receiver into believing that the message is something they want or need—a request from their bank, for instance, or a note from someone in their company—and, thus, to trick the user to click a link or download an attachment. What really distinguishes phishing is the form the message takes: the attackers personify a trusted entity of some kind, often a real or plausibly real person or a company the victim might do business with. In a global survey of IT decision makers, over half stated targeting phishing schemes were the top cybersecurity threat faced by their organisation. A single lost or stolen individual's record costs business $225. Yet, few cyberattacks only target one record. Over 74% of cyberattacked companies who experienced stolen data averaged 1000 files lost during their breaches. 3.Ransomware: Is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users’ files unless a ransom is paid (Trend Micro (s.d.), n.d.). More modern ransomware families, collectively categorized as cryptoransomware, encrypt certain file types on infected systems and force users to pay the ransom through certain online payment methods to get a decryption key, as already shown in (Me, 2003). Ransomware attacks strike every 14 s. They are amongst the most rapid paced and prevalent of cybersecurity threats lodged at organisations, with the usual intent of shutting down servers or holding data and file hostage until a suitable ransom is paid. Without holistic data backup, ransomware can cause chaos. Between system downtimes, lost data, damaged data, patching systems, and cost to training employees to avoid repeat incidents, ransomware attacks cost businesses approximately $11.5 billion in 2019, without considering the cost of the ransom itself if companies opt to pay. 4.Fileless attacks (Carbon Black (s.d.), n.d.): They operate without using traditional executable files as a first level of attack like traditional malware. Rather than using malicious software or downloads of executable files as its primary entry point onto corporate networks, fileless malware often hides in memory or other difficult-to-detect locations. From there, it is written directly to RAM rather than to disk to execute a series of events or is coupled with other attack vectors such as ransomware to accomplish its malicious intent. Because fileless malware doesn’t write anything to disk like traditional malware does, it leaves no immediate trace of its existence behind and thus avoids detection by traditional antivirus security. Like ransomware, fileless attacks have seen an uptick in recent years. Nearly 77% of 2017’s known attacks were fileless. Fileless attacks cost businesses $5 million when fully executed. Other research indicates fileless attacks’ costs can be projected to be $300 per employee. 5.Human error: Unintended disclosures, accidental data deletions, or improper disposals of sensitive files all fall under human errors, a common yet under-the-radar enterprise threat. Human errors should focus the attention on terms like cybersecurity awareness and the data-handling policies. Accounting for 27% of data breaches, this type of cybersecurity threat costs businesses around $148 per compromised record and can take up to 196 days to uncover and reconcile. Is a piece of self replicating code embedded within another program?a virus is a piece of self replicating code embedded within another program called a host. A worm is a self-contained program that spreads through a computer network by exploiting holes.
Is a program with a benign capability that conceals a sinister purpose?A program with a benign capability that conceals another, sinister purpose is called a trojan horse.
Is a software application installed on a single computer that can selectively block network traffic to and from that computer?A firewall is a computer network security system that restricts internet traffic in, out, or within a private network. This software or dedicated hardware-software unit functions by selectively blocking or allowing data packets.
Is the hijacking of an open web session by the capturing of a user's cookie?In computer science, session hijacking, sometimes also known as cookie hijacking, is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system.
|
