|
Attacks
You
likely understand that your computer (and therefore you) are vulnerable
to cyber attacks. But what are these attacks? What should you be aware
and afraid of? If you can answer the questions well, you can protect
especially what you need and save many resources on more general
protectionmechanisms.
You likely heard about security and privacy software solutions. Security software relates to method of attack and privacy relates to one of targets.
An attack is a sequence of
steps that cause you harm. We talk about cyber attacks, so method,
target or both are cyber: method is exercised using computer software
and/or target is computer information. Except for cases when the
attacker gets physical access to your computer, method is cyber
(computer program that executes malicious algorithm).
We will review some frequent attacks and identify their protection points.
We will call this way accesses that are necessary in order for the
attack to succeed. Security software can identify protection points in
order to deny these accesses and thus prevent the attack.
Let's note in advance that in all cases when method is cyber, one of protection points is starting and running malware.
This protection point is the most complex and the least preferable: in
order to decide to prevent a program from running it must be ruled as
malware - had been previously caught on non-legitimate access. Additionally, this protection point doesn't work for infected legitimate (or even necessary system) programs.
Below we will mention only additional protection points.
1. Stealing information
The attacker wants to steal some secret data of yours: databases, source code, drawings, schemes, documents, accounts and passwords, security private keys and certificates, etc. for their benefit.
Stealing information includes reading (copying) the information from
file and sending it over internet (taking it away). If you missed the
attack, it's not possible to detect it afterwards: the secret data
remains in place and there are not traces that it has been stolen, so
you may be not able to take appropriate action in time.
Protection points: reading files with the secret data and sending it over internet.
2. Destroying information
The attacker wants to destroy your secret data in order to prevent you using it to your benefit.
Destroying information includes removing
the files from your storage. This attack retains traces - when you need
your files you discover that they are removed, so you can take
appropriate action.
Protection points: deleting files.
3. Spying
The attacker wants to obtain information about you that they would
otherwise not get: what programs you use, what are your habits in
iternet use, even how fast you type. The attacker can use this
information to their benefit.
Such an attack doesn't leave traces, if you missed its instantiaion,
you will not know that you are attacked and will not be able to take
appropriate action.
Protection points: only running the offending program.
4. Denial of Service
The attacker wants to prevent you from properly use your computer:
limit or disable you from accessing internet or running your important
programs. This attack doesn't target particular information files but
rather your ability to use your computer productively. It can be
detected by identifying programs that eat up your internet connection,
CPU, memory and disk usage. (Though you can never know if DoS is due to
a deliberate attack or bug in a legitimate program - but do you care?)
Protection points: deleting important executable files and running the offending program.
5. Opening remote access
The attacker tricks you to install the remote access server and attacks manually.
Of course, you don't open remote access to your computer to public
internet. But the attacker tricks you to install a program that opens
an internet connection, accepts commands from remote server and sends
back data.
This is a secondary attack. The attacker will use the installed remote access server in order to conduct other primary attacks manually.
Protection points: connecting to internet sites.
6. Distributing the attack
This is a secondary attack. The attacker wants you to run the attacking software and conduct other kinds of attacks.
For any attempted attack the attacker needs you to run the appropriate software. One of the methods to achieve it is to run an installer.
In Windows running an installer is a security event.
The installer run-time environment is elevated (virtually always
installer runs as an Administrator) and there are many security
shortcomings in order to allow installer run not interfered. For many attacks it's enough to run the malicious part of software once,
so you allow for an attack by just running an installer for otherwise
legitimate software. In many cases when you get software from a
distribution site you run a first-stage installer that doesn't have anything to do with the software vendor. In many other cases you may be dealing with the stolen code signing certificate. All-in-all you must be extremely careful towards security when running an installer, and it's major justification for zero-day protection.
Protection points: writing to executable files
Distribution of an attack can tak form of:
a) virus: there is a dedicated
distribution malware part, which will seek and modify executable files
to make sure that they run at attack along with their legitimate
functionality.
b) warm:
making the malware program appealing and having it run at least once.
If needed, it can save a local copy and make it run e.g. at computer
start-up.
7. Physical access
This is a secondary attack. The attacker gains the physical
access to your computer because you granted it yourself - the attacker
is your friend, relative or impersonated thereof. The attacker gains
your and Administrator access rights and can do any harm.
Protection points: reading, writing, deleting files, connecting to internet sites. Running custom/random programs.
The attacker who gains physical access to your computer can impersonate as you and engage in improper or illegal activities as you,
leaving you with hard time afterwards to prove that it wasn't you. For
the purpose of other review impersonating is the same as stealing any
other personal secret information.
|
|
|
|
|
|
|
|