Cybersecurity Threats and Defense Strategies: Key Virus Types, Attacks, and Business Continuity

Adware

Adware displays pop-up advertisements to users based on their activities, URLs they have visited, applications that have accessed, and so on.

Virus

Viruses are programs designed to spread from one system to another through self-replication and to perform a wide range of malicious activities.

Polymorphic viruses

Polymorphic viruses have the ability to alter their own code in order to avoid detection by antivirus scanners.

Macro viruses

Macro viruses live within documents or emails and exploit the scripting capabilities of productivity software.

Stealth viruses

Stealth viruses attempt to avoid detection by masking or hiding their activities.

Armored viruses

Armored viruses are designed to be difficult to detect and remove.

Retroviruses

Retroviruses specifically target antivirus systems to render them useless.

Phage viruses

Phage viruses modify or infect many aspects of the system so they can generate themselves from any remaining on remote parts.

Companion virus

A companion virus borrows the root filename of the common executable and then gives itself the .com extension in an attempt to get itself launched rather than the intended application.

Worms

A worm is malicious software that travels throughout a network without the assistance of a host application or user interaction.

Spyware

Spyware is software that is installed on a user's system without her awareness or consent, often to take control over the user's computer.

Trojan

A Trojan horse is a form of malicious software that is disguised as something useful or legitimate.

Root kits

A root kit is a group of programs that hides the fact that the system has been infected or compromised by malicious code.

Backdoors

The term backdoor can refer to a developer installed access method that bypasses security restrictions or a hacker installed remote access client.

Logic bomb

A logic bomb is a form of malicious code that remains dormant until a triggering event occurs.

Botnets

A botnet is a network of robots or malicious software agents controlled by a hacker to launch massive attacks against targets.

DoS (denial of service)

A denial-of-service attack is intended to make a computer's resources or services unavailable to users.

SYN Flood Attack

The SYN Flood attack disrupts the TCP initiation process by withholding the third packet of the TCP three-way handshake.

Smurf attack

In a Smurf attack, the attacker sends ICMP broadcast to a network with a false IP address, overloading the victim with ICMP responses.

DDoS (distributed denial of service)

A DDoS attack includes multiple attacking computers, often part of a botnet, to overwhelm a target.

Spoofing

Spoofing is where one person or entity impersonates or masquerades as something else, often modifying the source IP address.

Man-in-the-middle

A man-in-the-middle attack is an eavesdropping attack where attackers position themselves in the communication stream between a client and server.

Replay attacks

A replay attack involves capturing network traffic and then replaying that traffic to gain unauthorized access to a system.

TCP/IP hijacking

TCP/IP hijacking is where a third party takes over a session and logically disconnects a client that was originally involved.

Shoulder surfing

Shoulder surfing occurs when someone watches your keyboard or display to learn your password or confidential information.

Dumpster diving

Dumpster diving is the act of digging through trash to obtain information about a target organization or individual.

Impersonations

Impersonation is the act of taking on the identity of someone else.

Phishing

Phishing is the practice of sending unwanted email to trick users into revealing personal information or clicking on a link.

Spear phishing

Spear phishing is a targeted form of phishing where the message is crafted specifically for an individual or group.

Whaling

A form of fishing that targets specific high-value targets and sends messages tailored to their needs.

Vishing

Fishing done over VoIP technology.

Piggybacking or tailgating

A practice of one person following closely behind another without showing credentials.

Pharming

A malicious redirection of a valid website's URL or IP address to a fake website.

Hoaxes

A form of social engineering designed to convince targets to perform actions that reduce their IT security.

The Melissa Virus

A computer virus that tempts recipients into opening a document, replicating itself to the top 50 people in the recipient's email address book.

ILOVEYOU

A standalone program worm that replicated itself, causing an estimated $10 billion in damages.

Code Red

A worm that exploited a flaw in Microsoft Internet Information Server, bringing down websites including whitehouse.gov.

Nimda

A worm targeting Internet servers that created a backdoor into the victim's operating system.

MYDoom

The most destructive computer virus in history, spreading through emails and carrying two payloads: a backdoor and a DDoS attack.

Sasser

A worm that used RPC Exploit to infect Windows machines without requiring human intervention.

Storm

A worm that infected computers through email and forced them to join a Botnet.

Grayware

Encompasses spyware, adware, dialers, joke programs, remote access tools, and other unwelcome files designed to harm computer performance.

Disasters

Can include natural disasters like hurricanes and earthquakes, as well as fires, attacks, and hardware/software failures.

Business continuity

Processes and policies that minimize the impact of system or network failures.

Business continuity planning (BCP)

A process of implementing policies to counteract the effects of losses or failures of critical business processes.

Business Impact Analysis (BIA)

Identifies critical functions, prioritizes them, and estimates the impact on the organization.

Quantitative Risk Assessment

Measures risk using specific monetary amounts to prioritize risks.

Qualitative Risk Assessment

Categorizes risks based on probability and impact using terms like low, medium, and high.

Single Point of Failure

Any single component whose failure could cause the entire system to fail.

High Availability

The process of keeping services operational during an outage, aiming for 99.999% availability.

Redundancy

Systems that are duplicated or fail over to other systems in the event of a malfunction.

Fail-over

The process of reconstructing a system or switching over to other systems when a failure is detected.

Fault Tolerance

The ability of a system to sustain operations in the event of a component failure.

Spare Parts

Key components that should be available for fault tolerance.

Uninterruptible Power Supply (UPS)

A device that allows you to continue to function in the absence of power for only a short duration.

Backup Generator

A generator that runs off of gasoline, propane, natural gas, or diesel and can generate the electricity needed to provide steady power.

Redundant Array of Independent Disks (RAID)

RAID disks increase performance and provide fault tolerance for disks.

RAID-0

Does not provide any redundancy or fault tolerance; it is disk striping that results in increased reading and writing performance.

RAID-1

Disk mirroring where everything stored on one drive is also stored on the other, providing 100% redundancy.

RAID-3

Disk striping with a parity disk; common in older systems and supported by most UNIX systems.

RAID-5

Disk striping with distributed parity; one of the most common forms of RAID in use today.

RAID-10

Combines RAID-1 and RAID-0, first striping the data then mirroring it.

Hot Site

Operational 24/7, can take over functionality from a primary site within minutes of failure.

Cold Site

Has basic infrastructure but requires equipment and data to be brought in and enabled.

Warm Site

A compromise between a hot site and a cold site, providing systems and media capabilities.

Working Copies

Partial or full backups kept for immediate recovery purposes.

On-site Storage

A location on the site of the computer center used to store information locally.

Off-site Storage

A location away from the computer center where paper copies and backup media are kept.

Disaster Recovery Plan

A plan focused on reestablishing services and minimizing losses, including redundancy solutions and backups.

Full Backup

A complete, comprehensive backup of all files on a disk or server.

Incremental Backup

A partial backup that stores only the information that has changed since the last full or incremental backup.

Differential Backup

Backs up any files altered since the last full backup, making duplicate copies of unchanged files since the last differential backup.

Class A Fire

Ordinary combustibles including wood, paper, cloth, rubber, trash, and plastics.

Class B Fire

Flammable liquids including gasoline, propane, solvents, oil, paint, and other synthetic or oil-based products.

Class C Fire

Electrical equipment fires, fought by displacing oxygen or disrupting the fire's chain reaction.

Class D Fire

Combustible metals such as magnesium, lithium, titanium, and sodium.

HVAC

Heating, ventilation, and air conditioning systems important for environmental control in computer environments.

Confidentiality

Implemented to prevent the unauthorized disclosure of data through methods such as authentication, access controls, and cryptography.

Integrity

Implemented to verify that data is not modified, tampered, or corrupted, enforced by hashing.

Availability

Data and services must be available when needed, achieved through redundancies and backups.

Non-repudiation

Provides definitive proof of a sender's identity to prevent denial of a specific action.

Implicit Deny

Indicates that unless something is specifically allowed, it is denied.

Three Factors of Authentication

Something you know (username/password), something you have (smart cards), and something you are (fingerprint, biometrics).

Identification vs. Authentication

Identification is verifying someone's identity, while authentication is providing credentials to the authenticator.

Multifactor Authentication

When two or more access methods are included in the authentication process.

Kerberos

The authentication mechanism used in domains and UNIX realms, requiring a key distribution center (KDC) to issue time-stamped tickets.

Remote Access Authentication

Authentication used when a user accesses a private network from outside the network.

PAP

Password authentication protocol used in point to point protocol (PPP) to authenticate clients.

CHAP

Challenge handshake authentication protocol that uses a handshake process where the server challenges the client with a nonce.

MS-CHAP

Microsoft's implementation of CHAP, dedicated to most clients only.

MS-CHAPv2

An improvement over MS-CHAP that includes the ability to perform mutual authentication.

RADIUS

Remote authentication dial-in user service, a decentralized authentication service.

TACACS/TACACS+

Cisco's alternatives to RADIUS that use port 49.

Mandatory Access Control (MAC)

A model that uses sensitivity labels for users and data with predefined access privileges.

Discretionary Access Control (DAC)

A model where every object has an owner who has full explicit control of the object.

Role and Rule-Based Access Control (RBAC)

A model that uses roles to grant access based on assigned jobs, functions, or tasks.

Mantraps

A physical security method that creates a buffer zone to a secure area.

Hardware Security

Involves adding cable locks to computers to prevent theft.

Video Surveillance

Security cameras used to monitor situations and aid in investigations.

Environmental Monitoring

Humidity control to protect electronic components from damage.