SlideShare uma empresa Scribd logo
1 de 3
Baixar para ler offline
The Malware (R)evolution
Decades after the invention of the Internet, human kind has come to accept evolution as an unavoidable
happening. As minds evolve, so does technology. And while we’re at that, cybersecurity is pretty much obliged
to maintain itself at the very forefront of this phenomenon in order to keep up the pace with the mutations
arising from the cyber-criminal world. That being said, not only have computer viruses gotten stronger, but
they’ve also gotten more and more complex. And with this unwavering malware evolution, terminology was
bound to catch up. Or at least try to do so.
Only last year, the total number of active malware detected went up to 230,000 unique samples /day (according
to Panda Security), with an increase of 43% compared to the same period in 2014. Obviously, cyber-experts
didn’t come up with new names for all of them. Instead, they’ve gathered all malicious software under one single
umbrella term – malware, with a handful of sub-terms ranging from your average virus to the infamous
ransomware. As such, whereas malware typology is not all that rich, some of these sub-terms may explain how
a malware is distributed or installed, while some focus only on the actions it performs.
Press articles often try to simplify reading and, as a result, don’t always go that much into detail when illustrating
a new cyber-attack to the broad public. That being said, we thought it might be helpful to write a post on this
exact topic and demystify malware typology. Because, whereas we might not all be cybersecurity prodigie s,
understanding more about the threats on our machines can help us better protect ourselves. Without further
ado, we give to you our very own Malware Dictionary.
A is for Adware
This is perhaps one of the mildest of all malicious threats we encounter on the Internet. Adware is a malware
that, as the name would have it, pollutes users with unrequested advertising. Over the course of our digital lives,
we’ve all stumbled upon the notorious pop-up window that just refuses to close. Whereas this is its most
common form, adware can also be distributed along with free software and/or browser toolbars. While it may
sometimes be used with the aim of collecting user data in order to push targeted advertising campaigns, this
type of malware can also contain or be classified as spyware (see below I is for ISM).
B is for Backdoor
The term ‘backdoor’ is pretty much self-explanatory. It refers to a state of established access within an
information system, all the while staying under the radar. A backdoor enables hackers to remotely connect onto
the victim’s computer and take over control. Although the line between a backdoor and a network vulnerability
can be quite fine, the two are not to be confused – a backdoor is created (remember theFBiOS?), while a
vulnerability has always been there (thanks for sharing, NSA). This particular threat category provides a network
connection for hackers to take advantage of in many and various ways.
B is also for Botnet
As we’ve already covered in a previous article, several connected bots form a botnet, a network made entirely
C is for Cryptolocker
Given the hype created around cryptolocker this year, we might think a definition isn’t really necessary. But, for
the sake of it, here goes. First of all, one has to know that this type of malware is a subcategory of the
ransomware family, the blanket term for all malware which may prevent a user from accessing his/her computer
or files. Taking its name from the first of its kind, cryptolockers nowadays follow the exact same pattern as the
original one, starting with the encryption of the files taken hostage. And, unfortunately, we all know how the
rest of story goes: in exchange for regaining access to one’s beloved data, one does not just simply ignore the
ransom.
D is for Downloader
A downloader malware is a malicious programme used to download other malicious pieces of code on the
infected workstation. In theory, this doesn’t sound that bad: a bunch of software just waiting around to strike
when the moment’s right. If you’ve read our previous article which talks about the core modules of Project
Sauron, then you probably know that this stepping-stone is, in fact, a killing one.
H is for Hijacker
Browser hijackers are made of malicious code developed especially in order to take control of your browser
settings. It is distributed very much the same way as adware – after installing free software or browser toolbars.
The result? You may notice that your homepage or your standard search provider was switched, for example.
What you may not notice right away is that some hijackers can also mess around with your browser’s proxy
settings. Online safety compromised.
I is for ISM…
…or Information Stealing Malware. Just another fancy name for spyware, this category describes all malware
developed to unlawfully recover sensitive user data (such as your banking details and other personal
information). It accounts for no more and no less that 5% of the malware surge. But since stealing for the fun
of it is not really that profitable, this data then ends up for sale on the Dark Web (see Operation Ghoul and
the HawkEye malware).
K is for Keyloggers
One of the fascinating traits of the HawkEye malware is its ability to trace a user’s keystrokes. This alone was
reason enough for us to create a separate category for this refined type of spyware – the keylogger. Able to
retrieve basically everything you might type using your keyboard, from passwords to personal conversations,
keylogger is a fairly powerful malicious software. When there’s no need to crack password hashes, we should
think so.
R is for Rootkit
A root kit is a very dangerous type of software that allows its owner to gain root privileges on the targeted
machine. It is then capable of – among other things – concealing its presence entirely.
As such, a rootkit is almost impossible to detect, as it digs deep into the lower levels of your machine, next to
the kernel.
S is for Scareware
A scareware is a malware that preys on people’s weaknesses, blackmailing users with content it might find on
the targeted machines. As opposed to being afraid of losing their data (see C is for Cryptolocker), the victims
of a scareware fear their data being exposed. The added ‘bonus’ here? A scareware will employ tactics which
strongly embarrass the victim and prevent him/her from escalating the issue to a system administrator.
T is for Trojan (horse)
A Trojan horse is one of those malware that would probably win an Oscar for its performance (if you’re even
the slightest into Greek mythology, then you’ve probably already got the hint). It’s also the most widely spread
cyber-threat (71% of all IT security incidents are Trojans). Basically, what it does is that it acts as something you
might need to install/launch on your machine. A Trojan presents itself as an ordinary application or so it would
seem, since it also contains a malicious payload. Once launched, this particular cyber-threat is used to… oh well,
it’s all depends on the hacker’s imagination. It can steal your information, establish a backdoor, escalate
privileges, launch other types of malware and even turn your machine into a zombie-bot.
V is for Virus
Viruses accounts for over 10% of the entire cyber-threat pallete. A virus is a malicious software capable of
spreading from one computer to another by associating itself to existing programs, script files or documents. It
then replicates itself when the vector in use is launched by the user. The end goal? Let’s just say it takes after
the Trojan horse in this department.
W is for Worm
A worm’s modus operandi is very much alike to that of a computer virus. The main difference here is that, on
top of stealing data and/or turning your computer into a member of the botnet sect, worms will also attempt
to ‘eat’ the information on the host machine. Although classified into the viral family, a worm can do increasingly
more damage as it does not rely on human interaction to self-replicate.
So our dictionary might be missing a few letters. New ones will probably be added in the years to come because,
guess what, the malware revolution is not over. With attacks increasing in sophistication, we urge enterprises
everywhere to stay alert and reinforce their systems and security solutions. Businesses need to be able to speak
fluently the cybersecurity language in order to not fail the ultimate spelling exam.

Mais conteúdo relacionado

Mais procurados

trojon horse Seminar report
 trojon horse Seminar report trojon horse Seminar report
trojon horse Seminar reportNamanKikani
 
Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up bookDiego Souza
 
The process of computer security
The process of computer securityThe process of computer security
The process of computer securityWritingHubUK
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types  !Type of Malware and its different analysis and its types  !
Type of Malware and its different analysis and its types !Mohammed Jaseem Tp
 
IT Security Seminar Cougar CPS
IT  Security  Seminar  Cougar  CPSIT  Security  Seminar  Cougar  CPS
IT Security Seminar Cougar CPScougarcps
 
Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoorsShrey Vyas
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationMaaz Ahmed Shaikh
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing ThreatNick Miller
 
Virus trojanworm
Virus trojanwormVirus trojanworm
Virus trojanwormJenMorri
 
Preventing lateral spread of ransomware
Preventing lateral spread of ransomwarePreventing lateral spread of ransomware
Preventing lateral spread of ransomwareOsirium Limited
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Roger Hagedorn
 
Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesAvinash Sinha
 
Thane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationThane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationJeff Zahn
 

Mais procurados (20)

trojon horse Seminar report
 trojon horse Seminar report trojon horse Seminar report
trojon horse Seminar report
 
Information security
Information securityInformation security
Information security
 
The Rise of Ransomware
The Rise of RansomwareThe Rise of Ransomware
The Rise of Ransomware
 
Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up book
 
Cyber Attacks
Cyber AttacksCyber Attacks
Cyber Attacks
 
MALWARE
MALWAREMALWARE
MALWARE
 
Sophos a-to-z
Sophos a-to-z Sophos a-to-z
Sophos a-to-z
 
The process of computer security
The process of computer securityThe process of computer security
The process of computer security
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types  !Type of Malware and its different analysis and its types  !
Type of Malware and its different analysis and its types !
 
IT Security Seminar Cougar CPS
IT  Security  Seminar  Cougar  CPSIT  Security  Seminar  Cougar  CPS
IT Security Seminar Cougar CPS
 
Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoors
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and Mitigation
 
Malware
MalwareMalware
Malware
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing Threat
 
Mobile Malware
Mobile MalwareMobile Malware
Mobile Malware
 
Virus trojanworm
Virus trojanwormVirus trojanworm
Virus trojanworm
 
Preventing lateral spread of ransomware
Preventing lateral spread of ransomwarePreventing lateral spread of ransomware
Preventing lateral spread of ransomware
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
 
Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation Techniques
 
Thane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationThane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentation
 

Destaque

Bryan orozco
Bryan orozcoBryan orozco
Bryan orozconegro220
 
Portofino 4: Creare Webapp da Database Esistenti in 30 Secondi
Portofino 4: Creare Webapp da Database Esistenti in 30 SecondiPortofino 4: Creare Webapp da Database Esistenti in 30 Secondi
Portofino 4: Creare Webapp da Database Esistenti in 30 SecondiPaolo Predonzani
 
Inherited Marketo? Making it Work for Your Organization
Inherited Marketo? Making it Work for Your OrganizationInherited Marketo? Making it Work for Your Organization
Inherited Marketo? Making it Work for Your OrganizationCindy Zhou
 
Flashtennis semanario 28 noviembre 2016
Flashtennis semanario 28 noviembre 2016Flashtennis semanario 28 noviembre 2016
Flashtennis semanario 28 noviembre 2016Edgar Gonzalez Allegre
 
CV complete on English Edo
CV complete on English EdoCV complete on English Edo
CV complete on English EdoEdward Prasetyo
 
Design for Hypermedia - Class 08 (2015B)
Design for Hypermedia - Class 08 (2015B)Design for Hypermedia - Class 08 (2015B)
Design for Hypermedia - Class 08 (2015B)Bryan Chung
 
Create first-web application-googleappengine
Create first-web application-googleappengineCreate first-web application-googleappengine
Create first-web application-googleappenginemarwa Ayad Mohamed
 
5. material e instrumental sanitario
5. material e instrumental sanitario5. material e instrumental sanitario
5. material e instrumental sanitariocaedhmh
 
Illegal immigration
Illegal immigrationIllegal immigration
Illegal immigrationmrbruns
 
Безопасность веб-приложений: starter edition
Безопасность веб-приложений: starter editionБезопасность веб-приложений: starter edition
Безопасность веб-приложений: starter editionAndrew Petukhov
 
Ali Murtadlo Bni life id
Ali Murtadlo Bni life idAli Murtadlo Bni life id
Ali Murtadlo Bni life idAli Murtadlo
 

Destaque (14)

55 mais perto da tua cruz
55   mais perto da tua cruz55   mais perto da tua cruz
55 mais perto da tua cruz
 
Bryan orozco
Bryan orozcoBryan orozco
Bryan orozco
 
Portofino 4: Creare Webapp da Database Esistenti in 30 Secondi
Portofino 4: Creare Webapp da Database Esistenti in 30 SecondiPortofino 4: Creare Webapp da Database Esistenti in 30 Secondi
Portofino 4: Creare Webapp da Database Esistenti in 30 Secondi
 
Inherited Marketo? Making it Work for Your Organization
Inherited Marketo? Making it Work for Your OrganizationInherited Marketo? Making it Work for Your Organization
Inherited Marketo? Making it Work for Your Organization
 
Flashtennis semanario 28 noviembre 2016
Flashtennis semanario 28 noviembre 2016Flashtennis semanario 28 noviembre 2016
Flashtennis semanario 28 noviembre 2016
 
CV complete on English Edo
CV complete on English EdoCV complete on English Edo
CV complete on English Edo
 
Design for Hypermedia - Class 08 (2015B)
Design for Hypermedia - Class 08 (2015B)Design for Hypermedia - Class 08 (2015B)
Design for Hypermedia - Class 08 (2015B)
 
Create first-web application-googleappengine
Create first-web application-googleappengineCreate first-web application-googleappengine
Create first-web application-googleappengine
 
5. material e instrumental sanitario
5. material e instrumental sanitario5. material e instrumental sanitario
5. material e instrumental sanitario
 
Illegal immigration
Illegal immigrationIllegal immigration
Illegal immigration
 
Tuberculosis
TuberculosisTuberculosis
Tuberculosis
 
Безопасность веб-приложений: starter edition
Безопасность веб-приложений: starter editionБезопасность веб-приложений: starter edition
Безопасность веб-приложений: starter edition
 
Truth table
Truth tableTruth table
Truth table
 
Ali Murtadlo Bni life id
Ali Murtadlo Bni life idAli Murtadlo Bni life id
Ali Murtadlo Bni life id
 

Semelhante a The malware (r)evolution

What Does Crime Use Zeus Trojan
What Does Crime Use Zeus TrojanWhat Does Crime Use Zeus Trojan
What Does Crime Use Zeus TrojanRobynn Dixon
 
Malware And Its Effects On Society
Malware And Its Effects On SocietyMalware And Its Effects On Society
Malware And Its Effects On SocietyAmelia Richardson
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Satria Ady Pradana
 
Types of Malware.docx
Types of Malware.docxTypes of Malware.docx
Types of Malware.docxSarahReese14
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
Ietf Is For Make Internet Work Better
Ietf Is For Make Internet Work BetterIetf Is For Make Internet Work Better
Ietf Is For Make Internet Work BetterMary Brown
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)EC-Council
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsConnecting Up
 
Persuasive Essay On Cyber Warfare
Persuasive Essay On Cyber WarfarePersuasive Essay On Cyber Warfare
Persuasive Essay On Cyber WarfareTiffany Sandoval
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareSymantec
 
Ethical hacking trojans, worms and spyware
Ethical hacking    trojans, worms and spywareEthical hacking    trojans, worms and spyware
Ethical hacking trojans, worms and spywaremissstevenson01
 
Computer Security Case Study
Computer Security Case StudyComputer Security Case Study
Computer Security Case StudyPatricia Adams
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES Sagilasagi1
 
CS111-PART 7 (MALWARE).pdf
CS111-PART 7 (MALWARE).pdfCS111-PART 7 (MALWARE).pdf
CS111-PART 7 (MALWARE).pdfKakai Catalan
 

Semelhante a The malware (r)evolution (20)

What Does Crime Use Zeus Trojan
What Does Crime Use Zeus TrojanWhat Does Crime Use Zeus Trojan
What Does Crime Use Zeus Trojan
 
MALWARES.pptx
MALWARES.pptxMALWARES.pptx
MALWARES.pptx
 
Malware And Its Effects On Society
Malware And Its Effects On SocietyMalware And Its Effects On Society
Malware And Its Effects On Society
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)
 
Types of Malware.docx
Types of Malware.docxTypes of Malware.docx
Types of Malware.docx
 
viruses.pptx
viruses.pptxviruses.pptx
viruses.pptx
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
Ietf Is For Make Internet Work Better
Ietf Is For Make Internet Work BetterIetf Is For Make Internet Work Better
Ietf Is For Make Internet Work Better
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
 
virus
virusvirus
virus
 
Persuasive Essay On Cyber Warfare
Persuasive Essay On Cyber WarfarePersuasive Essay On Cyber Warfare
Persuasive Essay On Cyber Warfare
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of Ransomware
 
Ethical hacking trojans, worms and spyware
Ethical hacking    trojans, worms and spywareEthical hacking    trojans, worms and spyware
Ethical hacking trojans, worms and spyware
 
Computer Security Case Study
Computer Security Case StudyComputer Security Case Study
Computer Security Case Study
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES
 
Dickmaster
DickmasterDickmaster
Dickmaster
 
What is malware
What is malwareWhat is malware
What is malware
 
CS111-PART 7 (MALWARE).pdf
CS111-PART 7 (MALWARE).pdfCS111-PART 7 (MALWARE).pdf
CS111-PART 7 (MALWARE).pdf
 

Mais de ITrust - Cybersecurity as a Service

L’Intelligence Artificielle : un ‘booster’ pour la cybersécurité
L’Intelligence Artificielle : un ‘booster’ pour la cybersécuritéL’Intelligence Artificielle : un ‘booster’ pour la cybersécurité
L’Intelligence Artificielle : un ‘booster’ pour la cybersécuritéITrust - Cybersecurity as a Service
 
Quand les cybercriminels n’ont plus besoin de fuir les logiciels de sécurité
Quand les cybercriminels n’ont plus besoin de fuir les logiciels de sécuritéQuand les cybercriminels n’ont plus besoin de fuir les logiciels de sécurité
Quand les cybercriminels n’ont plus besoin de fuir les logiciels de sécuritéITrust - Cybersecurity as a Service
 
Artificial intelligence and machine learning: ultimate game changers
Artificial intelligence and machine learning: ultimate game changersArtificial intelligence and machine learning: ultimate game changers
Artificial intelligence and machine learning: ultimate game changersITrust - Cybersecurity as a Service
 
Passer de la détection d’anomalies à la détection de menaces
Passer de la détection d’anomalies à la détection de menacesPasser de la détection d’anomalies à la détection de menaces
Passer de la détection d’anomalies à la détection de menacesITrust - Cybersecurity as a Service
 
Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...
Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...
Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...ITrust - Cybersecurity as a Service
 

Mais de ITrust - Cybersecurity as a Service (20)

IT security : a five-legged sheep
IT security : a five-legged sheepIT security : a five-legged sheep
IT security : a five-legged sheep
 
Petya, pire que WannaCry ?
Petya, pire que WannaCry ?Petya, pire que WannaCry ?
Petya, pire que WannaCry ?
 
L’Intelligence Artificielle : un ‘booster’ pour la cybersécurité
L’Intelligence Artificielle : un ‘booster’ pour la cybersécuritéL’Intelligence Artificielle : un ‘booster’ pour la cybersécurité
L’Intelligence Artificielle : un ‘booster’ pour la cybersécurité
 
Manifeste ResistanceCYBER 29.05.17
Manifeste ResistanceCYBER 29.05.17Manifeste ResistanceCYBER 29.05.17
Manifeste ResistanceCYBER 29.05.17
 
Advanced persistent threats, entre mythe et réalité
Advanced persistent threats, entre mythe et réalitéAdvanced persistent threats, entre mythe et réalité
Advanced persistent threats, entre mythe et réalité
 
Quand les cybercriminels n’ont plus besoin de fuir les logiciels de sécurité
Quand les cybercriminels n’ont plus besoin de fuir les logiciels de sécuritéQuand les cybercriminels n’ont plus besoin de fuir les logiciels de sécurité
Quand les cybercriminels n’ont plus besoin de fuir les logiciels de sécurité
 
Artificial intelligence and machine learning: ultimate game changers
Artificial intelligence and machine learning: ultimate game changersArtificial intelligence and machine learning: ultimate game changers
Artificial intelligence and machine learning: ultimate game changers
 
Manifeste ResistanceCYBER 19.05.17
Manifeste ResistanceCYBER 19.05.17Manifeste ResistanceCYBER 19.05.17
Manifeste ResistanceCYBER 19.05.17
 
Manifeste ResistanceCYBER 18.05.17
Manifeste ResistanceCYBER 18.05.17Manifeste ResistanceCYBER 18.05.17
Manifeste ResistanceCYBER 18.05.17
 
Manifeste ResistanceCYBER 17.05.17
Manifeste ResistanceCYBER 17.05.17Manifeste ResistanceCYBER 17.05.17
Manifeste ResistanceCYBER 17.05.17
 
Manifeste ResistanceCYBER 15.05.17
Manifeste ResistanceCYBER 15.05.17Manifeste ResistanceCYBER 15.05.17
Manifeste ResistanceCYBER 15.05.17
 
Passer de la détection d’anomalies à la détection de menaces
Passer de la détection d’anomalies à la détection de menacesPasser de la détection d’anomalies à la détection de menaces
Passer de la détection d’anomalies à la détection de menaces
 
Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...
Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...
Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...
 
L’étrange histoire d’un piratage en Angleterre
L’étrange histoire d’un piratage en AngleterreL’étrange histoire d’un piratage en Angleterre
L’étrange histoire d’un piratage en Angleterre
 
Ignorance is bliss, but not for MongoDB
Ignorance is bliss, but not for MongoDBIgnorance is bliss, but not for MongoDB
Ignorance is bliss, but not for MongoDB
 
Cisco WebEx vulnerability: it’s a kind of magic
Cisco WebEx vulnerability: it’s a kind of magicCisco WebEx vulnerability: it’s a kind of magic
Cisco WebEx vulnerability: it’s a kind of magic
 
ITrust Company Overview FR
ITrust Company Overview FRITrust Company Overview FR
ITrust Company Overview FR
 
ITrust Company Overview EN
ITrust Company Overview ENITrust Company Overview EN
ITrust Company Overview EN
 
SOC OEM - Datasheet FR
SOC OEM - Datasheet FRSOC OEM - Datasheet FR
SOC OEM - Datasheet FR
 
SOC OEM - Datasheet EN
SOC OEM - Datasheet ENSOC OEM - Datasheet EN
SOC OEM - Datasheet EN
 

Último

Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsYour Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsJaydeep Chhasatia
 
Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024Mind IT Systems
 
Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies
 
Mastering Kubernetes - Basics and Advanced Concepts using Example Project
Mastering Kubernetes - Basics and Advanced Concepts using Example ProjectMastering Kubernetes - Basics and Advanced Concepts using Example Project
Mastering Kubernetes - Basics and Advanced Concepts using Example Projectwajrcs
 
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine HarmonyLeveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmonyelliciumsolutionspun
 
Kubernetes go-live checklist for your microservices.pptx
Kubernetes go-live checklist for your microservices.pptxKubernetes go-live checklist for your microservices.pptx
Kubernetes go-live checklist for your microservices.pptxPrakarsh -
 
Growing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesGrowing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesSoftwareMill
 
Webinar - IA generativa e grafi Neo4j: RAG time!
Webinar - IA generativa e grafi Neo4j: RAG time!Webinar - IA generativa e grafi Neo4j: RAG time!
Webinar - IA generativa e grafi Neo4j: RAG time!Neo4j
 
Introduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptxIntroduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptxIntelliSource Technologies
 
eAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionseAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionsNirav Modi
 
IA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeIA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeNeo4j
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfTobias Schneck
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadIvo Andreev
 
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Jaydeep Chhasatia
 
ERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxAutus Cyber Tech
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorShane Coughlan
 
Why Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdfWhy Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdfBrain Inventory
 
Deep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampDeep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampVICTOR MAESTRE RAMIREZ
 
Watermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesWatermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesShyamsundar Das
 

Último (20)

Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsYour Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
 
Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024
 
Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in Trivandrum
 
Mastering Kubernetes - Basics and Advanced Concepts using Example Project
Mastering Kubernetes - Basics and Advanced Concepts using Example ProjectMastering Kubernetes - Basics and Advanced Concepts using Example Project
Mastering Kubernetes - Basics and Advanced Concepts using Example Project
 
Sustainable Web Design - Claire Thornewill
Sustainable Web Design - Claire ThornewillSustainable Web Design - Claire Thornewill
Sustainable Web Design - Claire Thornewill
 
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine HarmonyLeveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
 
Kubernetes go-live checklist for your microservices.pptx
Kubernetes go-live checklist for your microservices.pptxKubernetes go-live checklist for your microservices.pptx
Kubernetes go-live checklist for your microservices.pptx
 
Growing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesGrowing Oxen: channel operators and retries
Growing Oxen: channel operators and retries
 
Webinar - IA generativa e grafi Neo4j: RAG time!
Webinar - IA generativa e grafi Neo4j: RAG time!Webinar - IA generativa e grafi Neo4j: RAG time!
Webinar - IA generativa e grafi Neo4j: RAG time!
 
Introduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptxIntroduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptx
 
eAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionseAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspections
 
IA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeIA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG time
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and Bad
 
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
 
ERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptx
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
 
Why Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdfWhy Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdf
 
Deep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampDeep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - Datacamp
 
Watermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesWatermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security Challenges
 

The malware (r)evolution

  • 1. The Malware (R)evolution Decades after the invention of the Internet, human kind has come to accept evolution as an unavoidable happening. As minds evolve, so does technology. And while we’re at that, cybersecurity is pretty much obliged to maintain itself at the very forefront of this phenomenon in order to keep up the pace with the mutations arising from the cyber-criminal world. That being said, not only have computer viruses gotten stronger, but they’ve also gotten more and more complex. And with this unwavering malware evolution, terminology was bound to catch up. Or at least try to do so. Only last year, the total number of active malware detected went up to 230,000 unique samples /day (according to Panda Security), with an increase of 43% compared to the same period in 2014. Obviously, cyber-experts didn’t come up with new names for all of them. Instead, they’ve gathered all malicious software under one single umbrella term – malware, with a handful of sub-terms ranging from your average virus to the infamous ransomware. As such, whereas malware typology is not all that rich, some of these sub-terms may explain how a malware is distributed or installed, while some focus only on the actions it performs. Press articles often try to simplify reading and, as a result, don’t always go that much into detail when illustrating a new cyber-attack to the broad public. That being said, we thought it might be helpful to write a post on this exact topic and demystify malware typology. Because, whereas we might not all be cybersecurity prodigie s, understanding more about the threats on our machines can help us better protect ourselves. Without further ado, we give to you our very own Malware Dictionary. A is for Adware This is perhaps one of the mildest of all malicious threats we encounter on the Internet. Adware is a malware that, as the name would have it, pollutes users with unrequested advertising. Over the course of our digital lives, we’ve all stumbled upon the notorious pop-up window that just refuses to close. Whereas this is its most common form, adware can also be distributed along with free software and/or browser toolbars. While it may sometimes be used with the aim of collecting user data in order to push targeted advertising campaigns, this type of malware can also contain or be classified as spyware (see below I is for ISM). B is for Backdoor The term ‘backdoor’ is pretty much self-explanatory. It refers to a state of established access within an information system, all the while staying under the radar. A backdoor enables hackers to remotely connect onto the victim’s computer and take over control. Although the line between a backdoor and a network vulnerability can be quite fine, the two are not to be confused – a backdoor is created (remember theFBiOS?), while a vulnerability has always been there (thanks for sharing, NSA). This particular threat category provides a network connection for hackers to take advantage of in many and various ways. B is also for Botnet As we’ve already covered in a previous article, several connected bots form a botnet, a network made entirely
  • 2. C is for Cryptolocker Given the hype created around cryptolocker this year, we might think a definition isn’t really necessary. But, for the sake of it, here goes. First of all, one has to know that this type of malware is a subcategory of the ransomware family, the blanket term for all malware which may prevent a user from accessing his/her computer or files. Taking its name from the first of its kind, cryptolockers nowadays follow the exact same pattern as the original one, starting with the encryption of the files taken hostage. And, unfortunately, we all know how the rest of story goes: in exchange for regaining access to one’s beloved data, one does not just simply ignore the ransom. D is for Downloader A downloader malware is a malicious programme used to download other malicious pieces of code on the infected workstation. In theory, this doesn’t sound that bad: a bunch of software just waiting around to strike when the moment’s right. If you’ve read our previous article which talks about the core modules of Project Sauron, then you probably know that this stepping-stone is, in fact, a killing one. H is for Hijacker Browser hijackers are made of malicious code developed especially in order to take control of your browser settings. It is distributed very much the same way as adware – after installing free software or browser toolbars. The result? You may notice that your homepage or your standard search provider was switched, for example. What you may not notice right away is that some hijackers can also mess around with your browser’s proxy settings. Online safety compromised. I is for ISM… …or Information Stealing Malware. Just another fancy name for spyware, this category describes all malware developed to unlawfully recover sensitive user data (such as your banking details and other personal information). It accounts for no more and no less that 5% of the malware surge. But since stealing for the fun of it is not really that profitable, this data then ends up for sale on the Dark Web (see Operation Ghoul and the HawkEye malware). K is for Keyloggers One of the fascinating traits of the HawkEye malware is its ability to trace a user’s keystrokes. This alone was reason enough for us to create a separate category for this refined type of spyware – the keylogger. Able to retrieve basically everything you might type using your keyboard, from passwords to personal conversations, keylogger is a fairly powerful malicious software. When there’s no need to crack password hashes, we should think so.
  • 3. R is for Rootkit A root kit is a very dangerous type of software that allows its owner to gain root privileges on the targeted machine. It is then capable of – among other things – concealing its presence entirely. As such, a rootkit is almost impossible to detect, as it digs deep into the lower levels of your machine, next to the kernel. S is for Scareware A scareware is a malware that preys on people’s weaknesses, blackmailing users with content it might find on the targeted machines. As opposed to being afraid of losing their data (see C is for Cryptolocker), the victims of a scareware fear their data being exposed. The added ‘bonus’ here? A scareware will employ tactics which strongly embarrass the victim and prevent him/her from escalating the issue to a system administrator. T is for Trojan (horse) A Trojan horse is one of those malware that would probably win an Oscar for its performance (if you’re even the slightest into Greek mythology, then you’ve probably already got the hint). It’s also the most widely spread cyber-threat (71% of all IT security incidents are Trojans). Basically, what it does is that it acts as something you might need to install/launch on your machine. A Trojan presents itself as an ordinary application or so it would seem, since it also contains a malicious payload. Once launched, this particular cyber-threat is used to… oh well, it’s all depends on the hacker’s imagination. It can steal your information, establish a backdoor, escalate privileges, launch other types of malware and even turn your machine into a zombie-bot. V is for Virus Viruses accounts for over 10% of the entire cyber-threat pallete. A virus is a malicious software capable of spreading from one computer to another by associating itself to existing programs, script files or documents. It then replicates itself when the vector in use is launched by the user. The end goal? Let’s just say it takes after the Trojan horse in this department. W is for Worm A worm’s modus operandi is very much alike to that of a computer virus. The main difference here is that, on top of stealing data and/or turning your computer into a member of the botnet sect, worms will also attempt to ‘eat’ the information on the host machine. Although classified into the viral family, a worm can do increasingly more damage as it does not rely on human interaction to self-replicate. So our dictionary might be missing a few letters. New ones will probably be added in the years to come because, guess what, the malware revolution is not over. With attacks increasing in sophistication, we urge enterprises everywhere to stay alert and reinforce their systems and security solutions. Businesses need to be able to speak fluently the cybersecurity language in order to not fail the ultimate spelling exam.