Malware

Malware is short for “malicious software” and is any software employed to cause damage to computing devices (computers, smartphones, etc.) or the stored content (data or applications).

Malware caused system corruption can manifest itself in different ways, such as formatting your hard disk, deleting or corrupting files, stealing saved login information, gathering sensitive information (your files and private photos), or displaying unwanted adware .

Many malware variants are stealthy and operate silently without the user’s knowledge or awareness.

  • Effective counter measures for malware is an up-to-date antivirus solution.
  • The best antivirus products are heuristic and threat intelligence based.
  • Good antivirus products run a local firewall which prevents rogue software reaching out to the internet.
  • Anti virus products which are only signature based are now considered to be ineffective.
  • Avoid using a privileged administrator account for normal user activities.

Hacking

Hacking is the process of invading your privacy by gaining unauthorized access to your computing device.

Hackers usually scan your machines for vulnerabilities (such as unpatched Windows updates) and gain access exploiting the vulnerabilities and the lack of maintenance.

After gaining access, they may install a keylogger to record anything you type including passwords or Remote Access Trojan (RATs) to maintain access, steal information, spy on user activities and identify other resources to attack.

  • To counter this threat you should keep your PC and mobile devices as fully patched as possible.
  • Software vendors work hard to resolve vulnerabilities to mitigate the deployment of hacking tools.
  • Effective backups, stored off line, provide a you with capability to restoring your device to a known good state.

 

Pharming

Pharming is a cyber-attack intended to redirect users from a legitimate web site to a fraudulent site without their knowledge.

It is conducted by changing the hosts file on a victim’s computer or by poisoning the Domain Name System (DNS) records with false information to lead users to unwanted destinations.

When the user types the legitimate URL, the browser, then redirect traffic to a malicious “cloned” web site that has the same look and feel.

  • When the user enters his or her username and password, the malicious web site will receive them instead of the original one, thus resulting in a compromised user account and credentials.
  • Effective counter measures can be having a different password for each site and using MFA.
  • Multi Factor Authentication such as a token on a mobile phone makes the stolen credentials more difficult to exploit.

Phishing

Phishing messages come in different shapes, such as SMS messages, e-mails, and web site links (URLs), all of which are designed to look genuine and use the same format as the legitimate company.

Technically, phishing is not a malware type, but rather a delivery method criminals use to distribute many types of malware.

Phishing aims to collect user-sensitive details (such as banking information, passwords, and credit card details) by tricking the end user into handing the information to the attacker.

  • Counteract this attack with careful inspection of your e-mails. Look for spelling or grammar errors, check the sender, does the subject seem sensible?
  • Phishing e-mails will typically have multiple genuine links with one or more malicious links. By hovering over the link or hypertext  you can see the real URL.
  • Malicious links will often take you to a page which requests your credentials.
  • Unless you have used the site before and you are sure this is expected, be suspicious and avoid using the links.

Ransomware

Ransomware is computer malware designed to deny access to user files, sometimes encrypting the entire hard disk drive and even all the attached external disk drives.

It is designed to demand that the user pay a ransom to get the malware creator to remove the restriction (such as supplying the encryption key) so the user can regain access to the system and stored assets.

Most ransomware hits devices through phishing e-mails and pop-up advertisements.

There are three major types of ransomware:

  • The first type locks the system in a way that is not difficult for a technical person to reverse; it displays a message requesting payment to unlock it.
  • The second type, encrypts the whole disk drive, and any removable storage, then demand a ransom to decrypt it. There is no guarantee of getting any data back.
  • The third type pretends to be ransomware but is actually “trickware”, which can easily be removed.

Ransomware usually comes hidden in a legitimate file. When the user installs the legitimate program, the ransomware gets installed as well without the user’s knowledge.

As the number of attacks increase, it has become a global problem that threatens both individuals and companies.

Ransomware is now the number-one security concern for organizations such as Royal Holloway.

The National Cyber Security Centre has issued alerts to Universities being targeted by attackers.

Operations at the University  of Newcastle were severely compromised by a recent ransomware attack.

The recovery was estimated to take  three weeks.

Staff and students are enduring systems being taken off line at short notice to deal with the crisis.

The goal of the extortionist deploying ransomware is to separate you from your critical information or information which have value.

If your device is infected with ransomware it will become unresponsive and you will be presented with a ransom note with a demand for payment with bitcoin or other cryptocurrency.

The best defense to ransomware are good quality backups. Good backups mean you can restore your device to a known good state without too much difficulty.

If you receive a ransom note the first step is to disconnect your device from the network, or wi-fi network.

Contact the IT Service Desk if you are suffering with a ransomware attack.

It is not recommended to pay the ransom as often the decryption keys are never sent.

Countermeasures to ransomware are good quality backups and keeping your pc and mobile devices as fully patched as possible.

Scareware

Scareware is a form of malicious software that uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software.

For example, scareware can report to a user that his or her machine is full of spyware and other infections and he or she must act promptly and purchase an anti-malware solution (which is fake!).

The idea here is to trick the user into purchasing something unnecessarily in order to take his or her money.

If you feel pressured, suspicious or need support reach out to the college via the IT Service Desk.

 

Adware / Spyware

Adware is used to collect information about you and your machine. It usually comes with free software or useful plug-ins or search bars for web browsers; once installed, it begins tracking your online activities and may then send it to outside parties. Many free games and free system utilities contain adware

Spyware in the form of a keylogger will seek to steal everything you type on your keyboard (usernames and passwords) and send it to its operator.

Some spyware can facilitate installing a virus on your operating system, rendering it inoperable.

Counteract adware and spyware with antivirus programs and adblockers.

You may wish to manage your cookies setting in your browser and you may wish to block third party cookies (tracking cookies).

Be wary of bundled software, anti-virus detection will often flag this type of program as potentially unwanted program (PUP).

 

Trojans

This type of malware usually installs itself as part of a legitimate software installation. Many trojans work stealthily in the background and are undetectable by antivirus programs.

Trojans can potentially gain access to all your system functions including the camera and microphone.

Trojans have the ability to delete files and monitor your online activities and keystrokes or even to detect other trojans that may be installed by other criminals and then to remove them, making the new resident trojan the only active variant on the target system.

These types of malware exploit vulnerabilities which make regular patching of your device a good option as a counter measure.

If possible minimize the amount of software which you install onto your device and download programs from reputable sites.

Viruses

A virus is a malicious program that infects a target PC or its content with the objective to make the computer inoperable, thus possibly forcing drastic action like a reformat to return to its normal state.

Some viruses cause further damage by stealing your contact list and credentials, and facilitating unauthorized access to your machine.

Nowadays, viruses are not widely used because they have been superseded by malware that enable attackers to generate revenue from their attacks such as ransomware.

  • Reliable anti-virus software is used to mitigate viruses.
  • Run a local firewall.

Worms

Worms can make computers run slowly because they can consume your disk space and Internet bandwidth.

However, unlike viruses, which aim to destroy or compromise the OS, the worm works to spread from one machine to another through internal networks or the Internet.

Worms may spread via USB devices.

Many types of worms attack the e-mail client (e.g., Microsoft Outlook or Thunderbird) and copy themselves to all contacts in the address book to further distribute their infection to new locations.

Countering this threat involves blocking Autoplay capabilities. This is aimed at preventing malicious exe files from being deployed automatically.

To counter the threats scan all external media such as USB memory sticks with a reliable antivirus product.

Always be suspicious of any USB memory device found in the street.

Wi-Fi Eavesdropping

No matter whether you are at home, at work, or at a public access point, hackers can intercept communication communicated through unprotected wireless networks and access points.

Such attacks can result in intercepting all your online communications, including your usernames and passwords, and of course may provide access to your online banking details.

  • Wireless communication should be encrypted.
  • Wireless router password should be changed from the default values.