Malware, Online Social Effects, Threat Modelling
Studied by 0 people
Knowt Play
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/37
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
38 Terms
The Weakest Link Principle
People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems” (Bruce Schneier, 2000, p. 149)
Exploitation of software and information systems often targets the weakest link:
Human factors: Social engineering, unintentional errors
Technology vulnerabilities:
Outdated or insecure apps
Operating system defects
Exposed personal traits:
Oversharing on social media (e.g., sensitive interests or habits)
Role of Designers (i.e., You!):
Anticipate and mitigate potential threats
Build systems that prioritize security and user awareness
What is Malware?
Malware is short for Malicious software
Any software designed to cause harm to computer systems, networks, or users
Malware can take many forms
What does Malware do?
Malware is designed to harm and exploit your computer or network
Steal sensitive information like passwords and credit card numbers
Disrupt system’s operations
Allow attackers to gain unauthorized access to your device
Virus
Malicious executable code attached to another executable file
Resident Virus (stays in memory) vs. Non-Resident Virus (Don’t stay after execution)
How It Spreads: Through infected files
Impact: Can corrupt files, slow down systems, or cause crashes
Prevention: Use antivirus and avoid untrusted files
Virus Example
Conficker (2008)
Virus that exploited Win32 weaknesses to create a distributed remote-controlled botnet
It worked by killing the tasks associated with antivirus software before it could be detected
15,000,000 computers affected
Worm
Self-replicating malware that doesn’t require a host to spread
Compared to a virus they don’t need a host program, can run by themselves
How It Spreads: Exploits security flaws to propagate over networks
Impact: Disrupts networks and consumes bandwidth
Prevention: Regular updates and firewall use
Worm Example
ILOVEYOU Worm (2000)
Email attachments containing Visual Basic Script that damaged the computer by overwriting files
Opening the attachment sent the email to the user’s contacts
Trojan
Malware disguised as legitimate software to trick users to install them
Normally something you want
How It Spreads: Delivered through phishing or malicious downloads
Impact: Steals data or provides unauthorized access
Prevention: Be cautious with emails and downloads
Trojan Example
Back Orifice (1998):
User installs server-side program
3rd party can then control/access the machine via client
Ransomware
Infects computer, encrypts files or locks systems for ransom
How It Spreads: Typically, via phishing emails or infected websites
Impact: Data loss, financial extortion, and system downtime
Prevention: Backup important files and avoid suspicious links
Ransomware Example
WannaCry (2017)
Exploited a vulnerability in Windows systems
Encrypted files demanding Bitcoin payments
Spread across the globe, affecting thousands of organizations, including the NHS in the UK
Zombie
A compromised computer controlled by hackers to perform malicious acts
How It Spreads: Zombies can be created by any malware, i.e., Trojans or worms
Impact: Used in botnets for spam or Distributed Denial of Service (DDoS) attacks
Prevention: Regular updates, monitor, unusual activity, and strong authentication
Zombie Example
Zeus Trojan (2007)
The Zeus Trojan is notorious for turning infected systems into zombies for use in a botnet
Typically for stealing banking credentials and launching DDoS attacks
Botnet
A network of zombies controlled remotely by cybercriminals
How It Spreads: Malware infiltrates devices, turning them into bots that can be used for malicious purposes
Impact: Used to launch attacks like DDoS, send spam emails, or steal sensitive information
Prevention: Secure IoT devices, use firewalls, and antivirus software
Botnet Example
Mirai Botnet (2016)
The Mirai botnet exploited unsecured IoT devices like cameras and routers
Turned them into bots for large-scale DDoS attacks that brought down major websites and services
DDoS (Distributed Denial of Service) Attack
When a hacker makes a website or other service inaccessible by flooding it with requests from many different devices - involves zombies
How Malware Gains Access
Phishing Emails: Malicious attachments or links trick users into downloading malware
Exploiting Vulnerabilities: Malware often takes advantage of unpatched software or system weaknesses
Social Engineering: Attackers manipulate victims into revealing sensitive information or executing malicious code
Malicious Websites/Ads: Malware is delivered through compromised or fake websites and ads
Infected Software/Downloads: Malware can hide in seemingly legitimate software or files
Effects of Malware
Data Theft: Personal, financial, or business data is stolen for malicious use
System Damage: Malware can corrupt or delete files, slow down or crash systems
Loss of Privacy: Sensitive information such as passwords or browsing history may be exposed
Financial Loss: Ransomware and data breaches can lead to direct financial damage
Performance Issues: Malware can reduce system speed or disrupt normal operation
Reputation Damage: Organizations or individuals may suffer from compromised trust and credibility
Malware Practitioners
Cybercriminals: Individuals or groups who create and distribute malware for financial gain
Hacktivists: People or organizations who use malware as a tool for political or social causes
State-Sponsored Actors: Governments or military organizations that use malware for espionage, sabotage, or warfare
Script Kiddies: Less skilled attackers who use pre-made malware for fun or to gain attention
Cybersecurity Researchers: Ethical hackers who analyse malware to develop protections or solutions (often the counterforce to malicious actors)
Malevolent Online Practices
Creation and use of malware is NOT the only malevolent practice on the Web…
Rise of social networks & digital communication → New malicious practices
Often target vulnerable groups:
Elderly people
Single men and women
Children
Phishing
Spam emails containing a convincing hyperlink
Looks like it’s from a trusted source
Actual address may be foreign or suspicious
Victims tricked into entering personal info
Clicking confirms your email is active → more spam
Examples: Banks, tax agencies, social media 25
Compare with spear-phishing
A more targeted and personalized form of phishing where attackers tailor their fraudulent messages to a specific individual or organization
Social Engineering
Social engineering is often described as “hacking without code”
Based on the principle of trust
The perpetrator collects data through:
Dumpster diving (that’s why you should always shred documents)
Monitoring social media e.g., Facebook and Twitter
Shoulder surfing (peeking at screen in public)
The perpetrator convinces the victim to trust them, ask for money/details:
Via a dating site - Serious Organized Crime Agency reported 200k victims in the UK up to 2011
Contact methods: email, telephone, social networking sites
Grooming
Gaining trust of a victim by being nice over time
Often a long process of building rapport
Once trust has been gained and established:
Get the victim to reveal information about themselves
i.e. key personal data for online banking
Involve them in a crime unknowingly
Handling stolen goods, provision of alibis
Not just restricted to paedophiles:
Romance scams con single adults out of money
Online Stalking
Stalking: obsessively following or watching a person without their knowledge
Often “lateral” (covert) surveillance
Increase due to social networks:
Checking a former partner’s statuses or updates
Lateral surveillance: viewing someone’s online presence without their knowledge
Employers do background checks online
Doxing: publishing private data (addresses, phone numbers) with malicious intent
Deep Fakes and Synthetic Media
Deep Fakes: AI‐generated images, videos, or audio that appear real
Technology uses machine learning to mimic faces, voices, or actions
Applications in Cybercrime:
Impersonating executives for fraud (e.g., fake calls or emails)
Creating fake evidence for blackmail or manipulation
Spreading misinformation or fake political speeches
Broader Implications:
Challenges in verifying authentic media
Misinformation and Propaganda
Misinformation: Sharing false or misleading information unintentionally
Disinformation: Deliberate spread of false information to manipulate or deceive
Techniques:
Fake news, doctored images, AI-generated content
Bots and fake accounts amplifying narratives
Deepfakes used to fabricate speeches or events
Impacts:
Erodes trust in media and institutions
Polarizes society and amplifies echo chambers
Influences political outcomes and public opinion
Threat Modelling
A technique within the security lifecycle to analyse a system’s security & privacy concerns
Why Threat Model?
Recognize potential failures or attacks
Identify design & implementation flaws early
Inform decisions throughout development, testing, & deployment
Phases of Threat Modelling
Asset Identification
Determine what you’re trying to protect
Threat Analysis
Identify potential attacks or events that could compromise these assets
Vulnerability Analysis
Pinpoint the weaknesses in the setup–both technical and organizational
Risk Assessment
Evaluate the likelihood and impact of each threat
Risk Communication
Share the findings with stakeholders (developers, management, end-users)
These phases identify:
Which assets need protection
Relevant threats & vulnerabilities
Risk level for each threat
Mitigation & contingency priorities
What is a Threat Agent
Natural threats and/or accidents
Non-intentional threat agents (e.g., floods, fires, user mistakes)
Malicious agents
Intentional actions, the ones everyone thinks of
Characteristics
Motivation
Capability
Access
Amplifiers
Inhibitors
Natural Threats
Well-studied (insurance data, actuarial tables)
Relatively predictable in terms of frequency so organizations can plan accordingly
Accidental Threats
Come from human error with no malicious intent
lost or stolen devices, misconfigurations, or employees clicking on phishing links
Hard to track
Implement awareness training, strict policies around data handling, and proper incident reporting
Malicious Agents
An agent can be an individual or group that implements a threat
Influenced by amplifiers(motivators, resources, alliances) or inhibitors (legal risk, limited access, fear of exposure)
Characteristics:
Motivation: Why do they act?
Capability: Skills & resources
Catalyst: What triggered the action?
Inhibitors: What might deter them?
Amplifiers: What might push them forward?
Success Factors:
An exploitable vulnerability and a system worth attacking
Sequence of Factors
Threat Modelling Frameworks
STRIDE and DREAD threat models are frameworks used in threat modeling
They are systematic processes to identify and assess security risks in a system
STRIDE
A mnemonic that categorizes potential threats based on the types of attacks they represent
Each letter corresponds to a specific category of threat:
DREAD
A risk assessment model that evaluates threats based on five criteria
It’s a scoring system designed to prioritize and quantify risks
Key Takeaways
Understanding malware types is essential for effective prevention and response
Cybercriminals exploit trust and human behaviour via phishing, grooming, social engineering, and stalking
Threat Modelling is a proactive method to building secure systems
Core Message
Cybersecurity is a balance of addressing technical vulnerabilities (e.g., malware, system weaknesses) and human factors (e.g., phishing, social engineering)