Malware and Social Engineering Threats

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

8 hours 33 minutes
Video Transcription
the importance of cybersecurity can almost be summed up with one word. Information.
Social Security or credit card numbers. Trade secrets Classified national security information are just a few examples of information that malicious actors seek out for financial, political or personal gain.
Protecting access to this data is critical.
Malicious actors may use code scripts or other applications to breach systems in an attempt to obtain restricted data.
The shorthand term for any malicious software designed to damage or disrupt a computer system is known as malware. There are several types of male where each with its own purpose.
One of the most common types of Miller is a virus. A virus is a self replicating program that requires user activation to spread. Viruses are most commonly sent through email, removable media drives, Microsoft Office files and Adobe pdf files.
When a user executes the infected file, the virus performs desired actions on the system, including infecting other files.
Worms are self replicating programs that don't require user intervention to spread
worms, exploit vulnerabilities and operating systems and applications, and they use the networks to send copies of themselves to other computers. Worms cause harm by consuming band with the leading files or installing backdoors, enabling hidden access into a computer.
A Trojan horse is malicious code that sneaks past security monitoring by pretending to be a normal file.
However, when a user executes the Trojan file, it establishes a backdoor into the user system.
When activated, a Trojan enables a hacker to spy, steal data and perform virtually any function on the system. Spyware. As the term implies spies on user activity. It can capture information such as what programs and Web sites appear on the screen. What is in view of a webcam
and records keystrokes without the user's knowledge or consent.
A rook. It seeks to gain elevated privileges or root access on a system by using a kit or collection of software that implements malicious code with root level access to a system that hacker essentially owns. That system.
Ransom. Worrying Crips files on a computer and holds the data hostage Until the ransom is paid by the user, ransomware can restrict access the system data or resource is or display inappropriate images. A ransom must be paid within a set amount of time for the attacker to release their hold.
This type of male wear, which has steadily grown in notoriety, and the number of victims takes advantage of unpatched systems.
Another threat commonly leveraged. Buy malware are botnets. Botnets are a collection of computers that are used in a malicious way, such as attempting to connect to a computer over and over overwhelming it until it is rendered unresponsive, causing a denial of service attack an infected system, maybe participating as a body,
and one of these attacks without the user. Being aware.
This is known as a zombie
brute force is another attack carried out against the computer.
This attack uses a script or other application toe automate many consecutive guesses of a password or pin. One type of brute force is a dictionary attack where all words and a dictionary are used as guesses. Attacks like these are why password policies like requiring complex combinations or limiting the number of tries after unsuccessful attempts
are important.
While many of these attacks can be prevented by keeping system's updated and patched, hackers are always one step ahead, making tweaks to Mel, where changing its signature where anti virus and intrusion detection systems wouldn't recognize or alert on the new form of the infected file.
This is known as a zero day attack and attack, where patches, updates or mitigation strategies do not yet exist. Other threats target the people in an organization the most commonly known is social engineering. Social engineering is particularly dangerous, as it has a very high success rate,
does not require sophisticated technology to carry out,
and even the most secure environments cannot prevent it. In a social engineering attack, a malicious actor praise upon an unsuspecting individual to trick them into providing access to information. A system network were even a restricted area.
Social engineering attacks come in several forms, with many terms to describe them, starting with physical entry into a building or secure area where a key card or pen is needed for entry.
When an individual provides the means of authentication to be granted access into a restricted area and then allows another individual to follow behind them without authenticating that is known as tailgating. The tell gator may appear to have their hands full or provide a reasonable excuse as to why they don't have their access card, and the unwitting victim,
intended to be helpful has just provided unauthorized access.
Another tactic is shoulder surfing, just as it sounds, is when an unwelcomed prior is looking over someone's shoulder as they enter a password, a pen or reviewing sensitive information and attempt to learn that passcode or information. Arguably the most popular and successful social engineering scheme is fishing.
Fishing is when an attacker creates an email that looks legitimate
but actually contains an exploit, whether an attachment containing an infected file or linked to a malicious website
that a user unwittingly clicks and executes again. The human element is preyed upon by convincing the user to believe it's an email that needs their attention, such as a message from the bank or human resource is spearfishing is similar, but it is more narrowly focused, targeting a specific individual or organization
by containing details relating to the victim and may include spoofing a legitimate source,
convincing the victim the emails. Actually, from that source, year after year, security breach reports highlight that humans are the weakest link and security the vast majority of security breaches Were successful duty users falling victim to a social engineering attack, primarily fishing, but also the use of weak passwords and not keeping systems patched and up to date
security. Best practices, including routine trainings and awareness programs, are crucial to mitigating these threats
and protecting the security posture of an organization.
Up Next