[lt.gif]
[rt.gif]

logo






shield shield

 DDACS 2.0.1

   Protect yourself at all times!





Attacks

You likely understand that your computer (and therefore you) are vulnerable to cyber attacks. But what are these attacks? What should you be aware and afraid of? If you can answer the questions well, you can protect especially what you need and save many resources on more general protectionmechanisms.

You likely heard about security and privacy software solutions. Security software relates to method of attack and privacy relates to one of targets.

An attack is a sequence of steps that cause you harm. We talk about cyber attacks, so method, target or both are cyber: method is exercised using computer software and/or target is computer information. Except for cases when the attacker gets physical access to your computer, method is cyber (computer program that executes malicious algorithm).

We will review some frequent attacks and identify their protection points. We will call this way accesses that are necessary in order for the attack to succeed. Security software can identify protection points in order to deny these accesses and thus prevent the attack.

Let's note in advance that in all cases when method is cyber, one of protection points is starting and running malware. This protection point is the most complex and the least preferable: in order to decide to prevent a program from running it must be ruled as malware - had been previously caught on non-legitimate access. Additionally, this protection point doesn't work for infected legitimate (or even necessary system) programs.

Below we will mention only additional protection points.


1. Stealing information

The attacker wants to steal some secret data of yours:
databases, source code, drawings, schemes, documents, accounts and passwords, security private keys and certificates, etc. for their benefit.

Stealing information includes reading (copying) the information from file and sending it over internet (taking it away). If you missed the attack, it's not possible to detect it afterwards: the secret data remains in place and there are not traces that it has been stolen, so you may be not able to take appropriate action in time.

Protection points: reading files with the secret data and sending it over internet.


2. Destroying information

The attacker wants to destroy your secret data in order to prevent you using it to your benefit.

Destroying information includes removing the files from your storage. This attack retains traces - when you need your files you discover that they are removed, so you can take appropriate action.

Protection points: deleting files.


3.  Spying

The attacker wants to obtain information about you that they would otherwise not get: what programs you use, what are your habits in iternet use, even how fast you type. The attacker can use this information to their benefit.

Such an attack doesn't leave traces, if you missed its instantiaion, you will not know that you are attacked and will not be able to take appropriate action.

Protection points: only running the offending program.


4. Denial of Service

The attacker wants to prevent you from properly use your computer: limit or disable you from accessing internet or running your important programs. This attack doesn't target particular information files but rather your ability to use your computer productively. It can be detected by identifying programs that eat up your internet connection, CPU, memory and disk usage. (Though you can never know if DoS is due to a deliberate attack or bug in a legitimate program - but do you care?)

Protection points: deleting important executable files and running the offending program.


5. Opening remote access

The attacker tricks you to install the remote access server and attacks manually.

Of course, you don't open remote access to your computer to public internet. But the attacker tricks you to install a program that opens an internet connection, accepts commands from remote server and sends back data.

This is a secondary attack. The attacker will use the installed remote access server in order to conduct other primary attacks manually.

Protection points: connecting to internet sites.


6. Distributing the attack

This is a secondary attack. The attacker wants you to run the attacking software and conduct other kinds of attacks.

For any attempted attack the attacker needs you to run the appropriate software. One of the methods to achieve it is to run an installer.

In Windows running an installer is a security event. The installer run-time environment is elevated (virtually always installer runs as an Administrator) and there are many security shortcomings in order to allow installer run not interfered. For many attacks it's enough to run the malicious part of software once, so you allow for an attack by just running an installer for otherwise legitimate software. In many cases when you get software from a distribution site you run a first-stage installer that doesn't have anything to do with the software vendor. In many other cases you may be dealing with the stolen code signing certificate. All-in-all you must be extremely careful towards security when running an installer, and it's major justification for zero-day protection.

Protection points: writing to executable files

Distribution of an attack can tak form of:

a) virus: there is a dedicated distribution malware part, which will seek and modify executable files to make sure that they run at attack along with their legitimate functionality.

b) warm: making the malware program appealing and having it run at least once. If needed, it can save a local copy and make it run e.g. at computer start-up.


7. Physical access

This is a secondary attack. The attacker gains the physical access to your computer because you granted it yourself - the attacker is your friend, relative or impersonated thereof. The attacker gains your and Administrator access rights and can do any harm.

Protection points: reading, writing, deleting files, connecting to internet sites. Running custom/random programs.

The attacker who gains physical access to your computer can impersonate as you and engage in improper or illegal activities as you, leaving you with hard time afterwards to prove that it wasn't you. For the purpose of other review impersonating is the same as stealing any other personal secret information.









© Daniel Drubin 2020