Endpoint Threats.

Threats
Malicious attempt to damage or disrupt a computer network or system.

File Less Adware &

Malware Trojans
Attacks Spyware

DoS &
PUAs Ransomware Rootkits
DDoS
 Malware
 Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network.

 When endpoint protection is considered, malicious software programs (malware) is often the primary concern.
Malware includes both known as well as never-seen-before malware. Often, solutions struggle to detect the
unknown malware.
 File-less Attacks(Memory Attacks)
 File-less malware is a type of malicious activity that uses native, legitimate tools built into a system to execute a cyber
attack. Unlike traditional malware, file-less malware does not require an attacker to install any code on a target’s system,
making it hard to detect.

 This file-less technique of using native tools to conduct a malicious attack is called “living off the land”.
Trojans
A Trojan horse is a type of malware that downloads onto a computer disguised as a legitimate program. A Trojan
horse is so-called due to its delivery method, which typically sees an attacker use social engineering to hide
malicious code within legitimate software. However, unlike computer viruses or worms, a Trojan does not self-
replicate, so it needs to be installed by a valid user.
How Do Trojans Work?
Unlike computer viruses, a Trojan horse cannot manifest by itself, so it needs a user to download the
server side of the application for it to work. This means the executable (.exe) file should be
implemented and the program installed for the Trojan to attack a device’s system.

A Trojan virus spreads through legitimate-looking emails and files attached to emails, which are
spammed to reach the inboxes of as many people as possible. When the email is opened and the
malicious attachment is downloaded, the Trojan server will install and automatically run every time
the infected device is turned on.
 Ransomware
 Ransomware is a type of malware attack in which the attacker locks and encrypts the victim’s data and then
demands a payment to unlock and decrypt the data.

 The two primary types of ransomware are file encryptors and disk encryptors (wipers). File encryptors are the most
common, which encrypt the victim’s files and holds them for ransom. Disk encryptors lock up the victim's entire hard
drive, not just the files, or wipes it completely
WannaCry
NotPetya
and Petya
Ryuk
 Adware , Spyware & PUAs
 By “adware” we consider any software that is designed to track data of your browsing habits and, based on that,
show you advertisements and pop-ups. Adware collects data with your consent — and is even a legitimate source
of income for companies that allow users to try their software for free, but with advertisements showing while
using the software.

 Spyware works similarly to adware, but is installed on your computer without your knowledge. It can contain
keyloggers that record personal information including email addresses, passwords, even credit card numbers,
making it dangerous because of the high risk of identity theft.

 Potentially unwanted applications (PUA): PUAs are

applications that are not technically malware, but are
likely not something you want running on your
machine, such as adware. PUA detection has become
increasingly important with the rise of cryptomining
programs used in cryptojacking attacks.
 DoS & DDoS
 A denial-of-service (DoS) attack is a security threat that occurs
when an attacker makes it impossible for legitimate users to
access computer systems, network, services or other information
technology (IT) resources. Attackers in these types of attacks
typically flood web servers, systems or networks with traffic that
overwhelms the victim's resources and makes it difficult or
impossible for anyone else to access them.

 A DDoS attack is similar to a DoS attack, except that while a DoS attack uses one computer or network to spawn
an attack, a DDoS attack uses multiple. DDoS attacks are launched from multiple systems, while DOS (denial-of-
service) attacks originate from just one system. DDoS attacks are faster and harder to block than DOS attacks.
DOS attacks are easier to block because there is only one attacking machine to identify.
 Rootkits
 A Rootkit is defined as a malicious computer software hidden deep inside a PC and remains undetectable.
Although this software on their own may not be harmful, they hide worms, bot & malware. Attackers can have ‘root’
access to the user’s computer using a harmful software. Hence, it is considered extremely dangerous for user’s privacy
and PC users need an anti-rootkit software.