CYBER SECURITY

Week 2: Cyberattacks – Classification of Attacks –

Vulnerabilities – Threats – Risks
Module 6: Classification of Malware Attacks-Vulnerabilities-
Threats
Course Co-Ordinator Content Reviewer Content Writer
Dr. Padmavathi Ganapathi Dr V Rhymend Uthariaraj Ms. M. Kalaivani
Professor-Department of Professor, Assistant Consultant
Computer Science Department of Information Tata Consultancy Services
Avinashilingam Institute for Technology TCS Centre, Infopark
Home Science and Madras Institute of Technology Kakkanad, Kochi-682042.
Higher Education for Women Campus, kalaivanim@gmail.com
(Deemed-to-be-University), Anna University, +919597390087
Coimbatore Chennai-600 044.
padmavathi.avinashilingam@ rhymend@annauniv.edu
gmail.com +919444150081
9486772744

1
 Objectives

✓Paraphrase the technical classification of

Malware Attacks - a type of Cyber Attacks
✓Present different types of Vulnerabilities and
Threats

2
 Learning Outcomes
✓Organize and Group Specific Class of Cyber
Attacks
✓Enumerate the types of vulnerability weakness
and how it is exploited
✓Judge the various threat types

3
 Outline
Malware Attacks and its types
Macro viruses
File infectors
Boot-record/ System infectors
Polymorphic viruses
Stealth viruses
Trojans
Logic bombs
Worms
Droppers
Ransomware
Adware and Spyware 4
 Outline
Classification of Vulnerabilities
Technology Weakness
Configuration Weakness
Security policy Weakness
Types of Threats
Unstructured Threats
Structured Threats
External Threats
Internal Threats
5
 Malware attacks

• It is a malicious or unwanted software

• It is installed in the system without the
knowledge of the user
• A genuine code is attached with the malicious
program and broadcasted
• It duplicates itself in the global network

6
 Common types of Malwares
Macro
Viruses
File
Spyware infectors

Boot-record/System
infectors
Adware

Polymorphic
Ransomware viruses

Stealth
Droppers virus
Malwares

Worms
Trojans
Logic
bombs
7
 Macro Viruses

Macro Viruses in Word Documents

The Global Template is used

as the basis for the document
settings and macros

When an infected document is

opened with Word, it will usually
copy its macro codes in the
Global Template
With the macro virus already
resident in the Global Template, it
can already produce additional
copies of itself to other documents
accesses by Word

8
 File Infectors
• This type of viruses basically is attached to
executable code such as exe files
• Whenever the exe file loads the code the virus
is installed

The file infector virus arrives via

malicious code online.

The File infector virus seeks out It gathers information from the affected
.exe files to infect the files present file system and starts duplicating and
in the system. hiding in the system directories.
9
 Polymorphic Viruses
• These viruses hide themselves in various
cycles of encryption and decryption
Mutation Engine
(to produce unlimited
number of different
decryptors)

Decryptor

Virus Encrypted virus Decrypted Encrypted virus

Body Body virus Body Body

Infection Process

10
 Trojans
• A malicious function which hides in a useful
program is known as Trojan or Trojan horse

TROJAN
Attacker Victim
Infection occurs

ICQ (Internet
Chat Query)
Server IP Address
IP Address
and Port
and Port

Connection
11
 Logic bombs
• These are added with an application and get
triggered during a specific scenario

Name not found

Name not found
Name not found
Deletes files if the logic
name is not found is not
satisfied

Programmer Insert code

Logic bomb

12
 Worms
• Worms are self-contained programs that
propagate across computers and networks
• It is different from viruses and is not attached
with host file
• It is transferred via emails
Initial Infection

Worm

Server

Attacker

13
 Droppers and Ransomware

• Droppers are programs used to download and

install viruses on a computer system
• Ransomware controls and blocks the victim’s
information access till ransom is paid

14
 Adware
• Adware is used by the companies for
marketing and advertising banners
• They are displayed when any kind of program
is running in the machine

15
 Spyware
• It is a type of program that could be installed
on the system to gather the useful information
about the users
Password

********
Mail
contents
Spyware
Monitors

Spyware

Confidential
information
Website visits 16
 Similarities and differences between
Virus, Worms and Trojan horse
Steal information Self-replicates

Delete data Alter data

Virus
Passive transmission
Software code
Can mutate

Steal information Self-replicates

Delete data Alter data

Worm
Self-contained Active transmission
software Can mutate

Steal information Non-Self-replicating

Can open a backdoor Conscript host for
Trojan horse
botnet
Disguised as a Keystroke and
useful program webcam logging
17
Top 10 Malware Breakdown according
to MS-ISAC report
TOP 10 MALWARE BREAKDOWN
WannaCry Emotet ZeuS Kovter CoinMiner
Mirai NanoCore Gh0st Smoke Loader Ursnif

4%
5%
5%
26%

6%

6%

7%

17%
8%

16%

18
 Types of malware reported to MS-ISAC
• WannaCry is a Ransomware malware
• Emotet downloads or drops Trojans
• ZeuS is also an integrated banking Trojan
• Kovter is a kind of adware
• CoinMiner is a type of ransomware
• Mirai is a malware Botnet
• NanoCore is a Remote Access Trojan (RAT)
• Gh0st is a RAT that is dropped by other malware
• Smoke Leader is distributed by malicious spams
• Ursnif is a type of banking trojans

19
 Classification of Vulnerabilities
• Every network consists of vulnerabilities which
can be referred to as “soft spots”
• They might be present in network or can be
created by individual devices

Technology weakness

Vulnerabilities Configuration weakness

Security policy weakness

20
 Technology weaknesses

• Fundamental security weaknesses are

common in computer and network technologies
• It may be due to the following reasons:
• Network equipment weaknesses
• TCP/IP protocol weaknesses and
• Operating system weaknesses

21
 Configuration Weaknesses

• This should be learnt by the network

engineers/network administrator
• It is essential to correctly configure the network
devices

22
 Types of Configuration Weaknesses

• Unsecured user accounts

• System accounts with easily guessed
passwords
• Misconfigured Internet services
• Unsecured default settings within products

23
 Security policy weaknesses

• Unexpected security threats are created due to

Security policy weaknesses
• If the users do not follow the security policy, the
network can face security risks

24
 Types of Threats

Unstructured threats

Structured threats

Threats
External threats

Internal threats

25
Threat types

26
 Common Cyber Attacks Terms

• Hacker
• Cracker
• Phreaker
• Spammer
• Phisher
• White hat
• Black hat

27
 Conclusion

• Malwares are very important class of Cyber

Attacks that are on the rise today
• Moreover, Vulnerabilities and threats are major
cause or consequence of a Cyber Attack
• This section has discussed the important types
of malwares, vulnerabilities and threats

28
Thank you

29