The Cyberwar

The development of information technology and the expansion of Internet communications is the phenomenon that is affecting and transforming our society during the last two centuries.

The growth of the technologies has facilitated a significant increase of threats, among these, malicious code is one of the biggest problem facing the digital universe.

The Cyberwar

Cyber war is the deliberate attacking of electronic technology to disrupt the activities of the Cyber opponent (Government, Military, Bank…)

Today, the world is so immersed in technology that activities in cyberspace have become inseparable from the everyday operations of business, education, government, and the military.

Cyberwar, in fact, is part of the evolution of conventional warfare, which itself is linked to broader social and political change. It is no longer easy to imagine a confrontation that does not include some element of cyber-activity, such as surveillance or sabotage. Asking whether cyberwar is real, then, is less important than concentrating on how to contain the threats posed by some uses of computer technology. After all, a cyber-attack need not kill someone or cause major material damage to still be considered dangerous.

Cyber-espionage has replaced the old fashion spying methodology to obtain secret and confidential data.

Therefore malware, together with other malicious activities are increasingly becoming a true weapon in the hands of the Military and Governments, used to re-establish the balance of power or better the balance of threat.

A real war is happening out there and it’s taking place on a digital battle field.

It is extremely important to investments in Security and countermeasures in order to protect critical assets. The infrastructure must to be ready to front new and persistent threat that may hit economical and reputational losses.

Some of the threats may impact the infrastructures are:

  • The Use of Social Engineering techniques (Phishing, Scamming, Theft, Fraud and Unauthorized Activity…)
  • DDoS attack to disrupt Web applications and Servers
  • Malware infection infecting emails and data
  • Bug and Vulnerabilities that may be used to perform an attack

As cyber defense efforts increase, passive efforts such as establishing anti-virus software, firewall protection, or improving password strength and encryption, and the organization’s workload are constantly challenged by the need to apply patches immediately.

Security researchers are uncovering close to 55,000 new malware samples a day, overwhelming malware analysis resources. Increasingly, automated analysis technologies are used to keep up with the volume, but they still lack the precision to decipher compressed, encrypted, and obfuscated malware.

During the last decade, Virus and malicious code have been one of the most effective cyber weapons. The code can be hidden in many type of objects, it’s hard to detect and provide lower origin traceability compared to DDoS attacks.

A “good” code can have a big value on the black market. Simply using Russian forums and websites such as: damagelab.org, xakeroff.net, hackzone.ru, angry-hack.ru or forum.softxaker.ru, everyone can buy or sell malicious code. But apparently sophisticated virus can are commissioned directly by crime organizations or governments.

The Malware

Malware is: “A code designed to intentionally damage or disrupts a system and the data stored”

The term malware comes from the contraction of two English words, respectively MALicious and softWARE.

Malwares have three main objectives:

  • Install on a device (e.g. a computer or smartphone). To have better chances of surviving is necessary that these programs have the higher compatibility with target platforms.
  • Hide from user and administrator, in order to survive the longer possible. To achieve his goal, the malware often uses a very sophisticated masking technique, which makes it virtually invisible.
  • To propagate much as possible and compromise the highest number of devices and files.

The communication medium it’s very important for this purpose.

Devices such as: floppy disks, Cd/DVD Rom, USB memory, emails, compromised Web pages or even File Sharing applications and messaging software, are fantastic propagation

To propagate over the network and infect local data, the malware generally exploit a weakness or vulnerabilities on the target system such as:

  • Non-expert users
  • Vulnerable Software and operating system
  • Weak Network infrastructure (e.g. bad configuration of the access and services)
  • Inadequate security measures (lack

Types of Malware

There is a wide range of malicious software but malware are catalogued and inserted into a specific category, based on the characteristics of the malware itself and the task that must performed. Here is a list of the main

VIRUS

The virus is the most typical malicious code available on the market and is consistently the most developed by the code writers.

It is similar to a biological virus, and contains a sequence of instructions, some of which are delegated to the replication of the entire code.

After being “reproductive”, the viruses start to do a variety of activities, destructive and/or obstruction.

For example, the Virus could infect the MBR (Master Boot Record) installed on the first sector of the Hard Disk (called the boot sector), that contains machine code to be loaded into random-access memory (RAM) by a computer system’s built-in firmware. This may destroy the entire logical partition and prevent the computer from boot up correctly.

WORM

Is another form of malicious code. In the past we have had many “Famous” worms that have infected thousands if not millions of PCs connected to the Internet.

In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do not require a host program or human help to propagate. Generally the Worm infects the computer using vulnerabilities present in the system.

TROJAN HORSE (Backdoor)

Is very similar to a backdoor. Using some Social Engineering techniques, users are typically tricked into executing the malicious program on their systems. After it is activated, it can achieve any kind of attacks on the host, such as: Damage the partitions, deleting files, stealing data, or activating and spreading other malware, over the network. Trojans are also known to create back doors to give malicious users remote access to the system.

ROOTKIT

Is one of the most complex types to be developed and to identify, in fact, the authors of Rootkits are expert programmers and are very familiar with the structure and mechanisms of low-level development.

Rootkits are malicious software with the task of operating in hidden mode from Operating System. perspective, and to do that are programmed to work as close as possible to the heart of the Operating System (called Kernel Space).

The rootkit may be able to subvert the software that is intended to find it. Detection methods include using an alternative and trusted operating system, behavioral-based methods, signature scanning, difference scanning, and memory dump analysis.

Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel.

Reinstallation of the operating system and hardware replacement may be the only available to solution to the problem.

KEYLOGGERS

Are tools with the purpose to record everything have been typed by users.

User types on the keyboard while the tool intercept valuable information such as passwords and card numbers credit.

They can be either hardware or software, but of course only the seconds is in the category of malware.

To accomplish their task, Keyloggers use some techniques typical of rootkits, such as changing drivers keyboards or change the specifications of the OS libraries and the most advanced.

SPYWARE

The name of this malicious application is very descriptive and explains what the main targets of this malware are. Spyware operated on 2 different attack strategies.

1)      First collects the online activities (visited websites, subscriptions to services, shopping, etc.)

2)      In addition to the user’s online habits, the spyware, collect also passwords, numbers of credit cards, and other sensitive information, generally helped by a keyloggers

In both cases, this software is not capable of self-propagating to install and require no user intervention.

ADWARE

The term derives from the English contraction of ADvertising-supported softWARE, which can be translated as software supported by advertising and indicates those programs that use them during the show advertisements allowing the free distribution or otherwise at reduced prices. Next, the user may have in later decided to remove such notices by the payment of a license. Of themselves, these software do not fall into the category of malware if it were not which often implement some of the characteristics of spyware in order to present the user with advertisements focused on its interests.

HIJACKER

This software is able to change the homepage of the browser with the purpose of directing it  on pages that contain other types of malware that can spread through browser using existing bugs.

RANSOMEWHERE

is a class of malware recent enough and can be divided even more `or` u specifically in cryptovirus, cryptotrojan or cryptoworm.

As one can guess from the names of these special versions of viruses, trojans and worms that can encrypt the contents of the more u popular types of files on the hard disk of the user. The aim is to can then blackmail the victim for ransom in change the password to decrypt the documents. The user does not have backup copies of the files most important things that he meant to pay as request, would be unfortunate, however, in the typical condition of all cases of blackmail, that is, that they have no guarantee that the terms misadventure after payment of the agreed sum.

DIALER

This category is slowly disappearing with the advent of xDSL and fiber optics.

Originally, their sole purpose was to create dial-up connections in order to connect to the internet, but later began to spread versions contact numbers programmed for a particular phone services characterized by high costs and distinguishable by their prefix, in origin 144, then 166 and finally 899 and 892. Thanks to the use of modem ADSL, the computer no longer has the option to make those kinds of connections, consequently the number of potential victims is decreasing quickly.

RABBIT

Also this class of malware losing popularity, but unlike dialer not for particular technological innovations, but because a radical change in the motivations that lead to the spread of malware. Today, in fact, the vast majority of programs malicious in circulation have the purpose to obtain a gain to organizations criminals, while the Rabbit have the sole purpose of reproducing continuously to saturate the system’s resources and unlike the Viruses do not infect any files.

December 12, 2014
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013