A vulnerability is a security issue or flaw that an attacker can exploit to gain access into a network system or application.
Exploits are implementations of vulnerabilities in a form of code that can be used to achieve the goal of remote access, privilege escalation etc.
A threat is a possible danger that an asset might be compromised due to a breach and cause harm to the system. Threats are an important part of risk analysis, by identifying threats you can give your security strategy some focus and reduce the chance of neglecting important areas of risk that might otherwise remain unprotected. Threats can take many different forms so to keep your system secure you should have a proper plan to execute enough to manage the most significant threats. Security Professionals mostly know that many real-world threats come from inside the organization, that is why just building a wall around your trusted interior is not good enough.
A threat vector is a term used to describe where the threats are originated and also the path the threat takes to reach the target.
One of the simple threat vector example is E-mail message sent from outside the organization to an inside employee containing an invincible subject line along with an executable attachment. It is important to understand threat vector and consider them while making security controls.
|Service Provider||Complete Deletion||Financial Data|
|Reseller||Partial Deletion||Credit Card Number|
|Terrorist||Denial of Service||Network|
|Internet Attacker||Malfunction||Operating System|
A malware is a piece of software or code that carries a payload that can exploit a vulnerability within a system and perform different actions.
The life Cycle of a malicious code is Find, Exploit, Infect, Repeat.
- There are different types of Malware,
A computer virus is a type of malicious software that replicates itself when executed. It infects other files and spreads rapidly. Virus infection is simply another way of saying the virus made a copy of itself and increases in number(replicates) and is spread to the host file so that whenever the host file is executed the virus is also executed. A virus can infect program files, boot sectors, hard drives, partition tables, data files, macro routines and scripting files.
The damage routine of a virus or any malware program is called the payload. Most of the malware programs end up causing program crashes or any other type of issues.
A computer worm is a type of malware that copies itself and spreads from one computer to another, and it does not need to attach itself to software or a program to cause damage. An example of a worm on the internet is Bugbear. Bugbear was released in June 2003 arriving as a file attachment in a bogus e-mail. Bugbear looks to gain access to weakly password. It also drops off and triggers a keylogging program that records user’s keystrokes in an attempt to capture passwords. Bugbear opens up a backdoor service on port 1080 to allow attackers to manipulate and terminate files. Bugbear was one of the most successful worms of 2003.
Trojan or Trojan Horse:
A Trojan Horse usually arrives via email or the users get it from visiting infected websites. The trojan must be executed by the victim and typically provide remote access for an attacker. Trojans make a backdoor in the system. Many people are infected by trojans for months and years without realizing it. If trojan simply starts a malicious action and doesn’t pretend to be an acceptable program it’s called direct-action trojan. An example of direct-action trojan is JS. ExitW. It can be downloaded and activated when unsuspecting users browse malicious websites. In one case this trojan posed as a collection of Justin Timberlake pictures and turned up in a search using Google. The link instead of leading to the pictures downloaded and installed the JS.ExitW trojan, many trojans are not so harmful.
Ransomware is a type of malware program that encrypts the system’s data and holds the hostage waiting for a cryptocurrency or any other payment. This attack takes advantage of human, system, network, and software vulnerabilities to infect the victim’s device which can be a computer, printer, smartphone, etc. It is a growing threat, generating lots of dollars in payments to cybercriminals. CryptoLocker was one of the most profitable ransomware strains of its time. Between September and December 2013, CryptoLocker infected more than 250,000 systems. It can also scan mapped network drives, and encrypt files, it has permission to write.
Scareware is a form of malware that uses social engineering that tricks users to believe their computer is infected with fictional malware and suggests fake malicious software as the solution. Scareware is also known as fraud-ware that relies on the emotional response of the user. It usually generates pop-ups on your that resemble error messages from legitimate security software providers. Some may also even look like error messages that the operating system generates. Identity theft is also a common result of scareware attacks.