Upload File

malicious code hacking natural disaster theft

28

Upload: andra-hamilton

Post on 18-Jan-2016

216 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • Malicious CodeHackingNatural DisasterTheft

  • The effect is caused by an agent, with the intention to cause damage.

    The agent for malicious code is the writer of the code, or any person who causes its distribution.

    There are various kinds of malicious code, include virus, Trojan horse, worm and many others.

  • Hacking is a source of threat to security in computer. It is defined as unauthorized access to the computer system by a hacker.

    Hackers are persons who learn about the computer system in detail. They write program referred to as hacks.

    Hackers may use a modem or cable to hack the targeted computers.

  • Computers are also threatened by natural or environmental disaster. Be it at home, stores, offices and also automobiles. Examples of natural and environmental disasters: Flood FireEarthquakes, storms and tornadosExcessive HeatInadequate Power Supply

  • Two types of computer theft:Computer is used to steal money, goods, information and resources.Stealing of computer, especially notebook and PDAs.

  • Once the hacker gains access to the network, four types of threat may arise:Information theftIdentity theftData loss / manipulationDisruption of service

  • Information TheftBreaking into a computer to obtain confidential information. Information can be used or sold for various purposes. Example: Stealing a organizations proprietary information, such as research and development information

    Identity theftA form of information theft where personal information is stolen for the purpose of taking over someones identity. Using this information an individual can obtain legal documents, apply for credit and make authorized online purchases.

  • Data Loss and ManipulationBreaking into a computer to destroy or after data records. Example of data loss: sending a virus that reformats a computer hard drive. Example of data manipulation: breaking into a records system to change information, such as the price of an item.

    Disruption of ServicePreventing legitimate users from accessing services to which they should be entitled.

  • Security threats from network intruders can come from both internal and external sources.

    External Threats- External threats arise from individuals working outside of an organization. They do not have authorized access to the computer systems or network. External attackers work their way into a network mainly from the Internet, wireless links or dialup access servers.

    Internal Threats- Internal threats occur when someone has authorized access to the network through a user account or have physical access to the network equipment. The internal attacker knows the internal politics and people. They often know what information is both valuable and vulnerable and how to get to it.

  • Common methods of exploiting human weaknesses.

    Social Engineering refers to a collection of techniques used to deceive internal users into performing specific actions or revealing confidential information.

    Attacker takes advantage of unsuspecting legitimate users to gain access to internal resources and private information, such as bank account numbers or passwords. Three of the most commonly used techniques in social engineering are: pretexting, phishing, and vishing.

  • PretextingTarget is typically contacted over the telephone. For example, if an attacker knows the target's social security number, they may use that information to gain the trust of their target. The target is then more likely to release further information.

    PhishingThey typically contact the target individual (the phishee) via email. The phisher might ask for verification of information, such as passwords or usernames in order prevent some terrible consequence from occurring.

    Vishing / Phone PhishingA new form of social engineering that uses Voice over IP (VoIP). With vishing, an unsuspecting user is sent a voice mail instructing them to call a number which appears to be a legitimate telephone-banking service. The call is then intercepted by a thief. Bank account numbers or passwords entered over the phone for verification are then stolen.

  • VIRUSWORMSTROJANCharacteristic- Replicates itself, and propagated with human intrusion- Replicate itself and propagated without human intrusion- Does not replicate itself.Distributionvia email attachments, downloaded files, instant messages or via diskette, CD or USB devices.through email or file transfer.by opening an email attachment or downloading and running a file from the Internet.Effect to systemviruses can erase or files and applications, crash your system. system hang or slowcreate a back door into a system allowing hackers to gain access.

  • DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended users. DoS attacks can target end user systems, servers, routers, and network links.

    In general, DoS attacks seek to:Flood a system or network with traffic to prevent legitimate network traffic from flowing Disrupt connections between a client and server to prevent access to a service

  • Two common DoS attacks are:

    SYN (synchronous) Flooding - a flood of packets are sent to a server requesting a client connection. The packets contain invalid source IP addresses. The server becomes occupied trying to respond to these fake requests and therefore cannot respond to legitimate ones.

    Ping of death: a packet that is greater in size than the maximum allowed by IP (65,535 bytes) is sent to a device. This can cause the receiving system to crash.

  • It is designed to saturate and overwhelm network links with useless data.

    DDoS operates on a much larger scale than DoS attacks. Typically hundreds or thousands of attack points attempt to overwhelm a target simultaneously.

    The attack points may be unsuspecting computers that have been previously infected by the DDoS code. The systems that are infected with the DDoS code attack the target site when invoked.

  • A Brute force attack is another type of attack that may result in denial of services.

    With brute force attacks, a fast computer is used to try to guess passwords or to decipher an encryption code.

    The attacker tries a large number of possibilities in rapid succession to gain access or crack the code.

    Brute force attacks can cause a denial of service due to excessive traffic to a specific resource or by locking out user accounts.

  • Discuss in group about the topic given below.1. Spyware ( Group 1 n 2)2. Tracking Cookies ( Group 3 n 4)3. Adware ( Group 5 n 6)4. Pop-Up ( Group 7 n 8)5. Spam ( Group 9 n 10)*** Present on next class using Power Point

  • Not all attacks do damage or prevent legitimate users from having access to resources. Many threats are designed to collect information about users which can be used for advertising, marketing and research purposes. These include Spyware, Tracking Cookies, Adware and Pop-ups. While these may not damage a computer, they invade privacy and can be annoying.

  • Is a program that gathers personal information from your computer without your permission or knowledge. This information is sent to advertisers or others on the Internet and can include passwords and account numbers. Usually installed unknowingly when downloading a file, installing another program or clicking a popup. It can slow down a computer and make changes to internal settings creating more vulnerabilities for other threats. Very difficult to remove.

  • Used to record information about an Internet user when they visit websites. Cookies may be useful or desirable by allowing personalization and other time saving techniques. Many web sites require that cookies be enabled in order to allow the user to connect.

  • Adware is a form of spyware used to collect information about a user based on websites the user visits. That information is then used for targeted advertising. Adware is commonly installed by a user in exchange for a "free" product. When a user opens a browser window, Adware can start new browser instances which attempt to advertize products or services based on a user's surfing practices. The unwanted browser windows can open repeatedly, and can make surfing the Internet very difficult, especially with slow Internet connections. Adware can be very difficult to uninstall.

  • Pop-ups and pop-unders are additional advertising windows that display when visiting a web site. Unlike Adware, pop-ups and pop-unders are not intended to collect information about the user and are typically associated only with the web-site being visited. Pop-ups: open in front of the current browser window. Pop-unders: open behind the current browser window.They can be annoying and usually advertise products or services that are undesirable.

  • Spam is a serious network threat that can overload ISPs, email servers and individual end-user systems. A person or organization responsible for sending spam is called a spammer. Spammers often make use of unsecured email servers to forward email. Spammers can use hacking techniques, such as viruses, worms and Trojan horses to take control of home computers. These computers are then used to send spam without the owner's knowledge. Spam can be sent via email or more recently via Instant messaging software.

  • What is a computer security? A computer security risk is an event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability. Some breaches to computer security are accidental. Others are planned intrusions. People who commit or responsible to wrong doing is a perpetrator. Perpetrator also exists in computer system.

  • Anti-Virus - Antivirus software is a program that detects viruses in your computer memory, storage media or incoming files. It will identify, prevent and eliminate computer viruses and other malicious software. Examples of antivirus software are McAfee VirusScan, Norton AntiVirus, Trend Micro PC-cillin, and Doctor Solomon. Anti-Spyware - Anti-spyware software is a program that detects, quarantines and removes spyware to prevent them from getting into your computer. Examples of anti-spyware software are Lavasoft Ad-Aware SE Personal, PC Health Plan, and Malware Scanner. Data Backup - A data backup is a duplication of a file, program or disk that can be used if the original source is lost, damaged or destroyed. Cryptography - Cryptography is a process associated with encryption and decryption. Cryptography is used when we want to send secured information Firewall - A firewall restricts information that comes to your computer from other computers. It gives you more control over the data on your computer and provides a defense against people or programs (including viruses and worms) that try to connect to your computer without invitation. Human Aspects - (Locked Windows, Locked Cabinets, Locked Grill, Alarm System, Log Book, Implementing user identification, Security Guard)


Authentication. Security. Trust. · Authentication. Security. Trust. The threat of malware Web-based Malware - (Drive-by Downloading) is a hacking technique which injects malicious

Cybersecurity Imperative: Computer Fraud, Hacking & Theft

Ethical Hacking: Hacking GMail. Teaching Hacking

VTI for Banking Trojans · As banking transactions and commerce have moved online, so has fraud and theft. Hacking for fun has shifted to hacking for profit (interception of banking

Trend Micro MOBILE SECURITY Personal Edition · It safeguards against malicious apps, fraudulent websites, and identity theft so you can safely bank, browse, shop, and socialize

Identity theft REPAIR KIT - in.nau.edu · involves the theft of files, hacking into electronic files or bribing an employee for access to files at a business; diverting your mail

GEM Investment Club...•Exposure to Hacking and Online Identity Theft. •Prolonged low-interest-rateenvironment : challenge for the models of financial institutions. •Business

Corporate Intelligence Services · social media activities that are discussed in difficult to navigate forums including theft of intellectual pr operty, c yber hacking, identify theft,

PFPA Lesson Plan_042014 - Web viewMaintain the DD Form 2501, ... 4. Classified material in the National Capital Region (NCR) ... Hacking. Theft. Planted code

Malicious Code as Weapon Malicious Code as Weapon

FIDUCIARY DUTY · Identity Theft 25 Risk Identification. Fire Windstorm Rain Malicious mischief Water Sinkhole collapse Earthquake Disappearance Power outage Theft Electrical overload

Data breaches and identity theft through hacking: The

Unit 2 - Hardware Computer Security. What is computer security? Measures that are taken to prevent computer systems from malicious attacks, theft, or

They are used for preventing or solving. shoplifting Armed robbery vadalism hacking hijacking Theft/burglarymurder rape Drug dealing kidnapping smuggling

Residential Brochure Temporary Minus LegislativeVandalism & malicious mischief Theft Volcanic eruption Falling objects Weight of ice, snow, sleet Sudden & accidental water damage Breakage

Hacking Exposed: Live 2009 - McAfee€¦ · wireless Social Engineering POOR COMMON SENSE MALICIOUS INTENT MISUSED FUNCTIONALITY DESIGN FLAWS. Threats The land of opportunity

Commercial vehicle breakdown insurance provided by Green Flag€¦ · theft, malicious damage, flat tyre, lack of fuel, flat battery, loss or breakage of vehicle keys, occurring within

OWASP Foundation | Open Source Foundation for Application … · 2020. 1. 17. · Hacking Exposed Web 2.0 application, ... Honeyclients are active security devices in search of malicious

Computer Crime, Cybercrime, Hacking Tactics, Cyber Theft, Viruses, Worms, Adware, Spyware

SEP Cloud Application Protection Service for Salesforce · Accidental deletion & overwrites 63% Closing accounts 10% Hacking & Insider Threats 20% Hackers 13% Malicious deletes 7%

picoCTF: Teaching 10,000 High School Students to Hack · 2019-09-06 · Ethics Hacking tends to be misrepresented as a malicious activity. Done legally, hacking is not only a creative

Technology Ethics, Computer Crime, Cybercrime, Hacking Tactics, Cyber Theft, Internet Abuses in the Workplace, Software Piracy, Theft of Intellectual Property,

PROTECT YOURSELF AND YOUR IDENTITYftpcontent5.worldnow.com/wvtm/docs/chasebank.pdf · Evaluate and protect your computer – If you identify hacking (the installation of malicious

DIYTP 2009. What is Cybercrime? Using the Internet to commit a crime. Identity Theft Hacking Viruses Facilitation of traditional criminal activity

Malicious Software - Sirindhorn International Institute of Technologyict.siit.tu.ac.th/.../CSS322Y10S2L16-Malicious-Software.pdf · 2011-10-07 · CSS322 Malicious Software Malicious

Taxonomy of Malicious Programs Malicious Softwareabc/teaching/bbs677/slides/Malware_4.pdf · Taxonomy of Malicious Programs Needs Host Program Independent Programs Malicious Trapdoors

INTERNET SAFETY Lynn W Zimmerman, PhD. Hacking Identity theft Stolen passwords Invasion of privacy POTENTIAL PROBLEMS Stalking Cyber-bullying

Lesson 2 - Protecting Yourself Online · •Protect yourself against malware/hacking •Protect yourself against identity theft Objectives ... malicious intent. Two types of malware:

Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy

Smart Growth Online - - Implications for Transport Planningsmartgrowth.org/wp-content/uploads/2020/06/2020-0529...Malicious hacking. Self-driving technologies can be manipulated for

Security Risks Viruses, worms, Trojans Hacking Spyware, phishing Keylogging Online fraud Identity theft DOS (Denial of Service attacks

MONITORING SOLUTIONS FOR Fire & Security · detection before the event occurs, whether it is malicious (terrorist or product theft) or accidental (3rd party digging) › Prevention

 · DEMO –Sensitive Data Protection Web Isolation 19 Enable Sensitive Data Protection ... Dynamic DNS Host File Storage/ Sharing Hacking Uncategorized Suspicious Malicious

Webroot SecureAnywhere Business Mobile Protection€¦ · from malware, malicious websites, and app hijacks, while protecting corporate and user data against accidental loss or theft

Verisk Analytics · 2019-12-16 · Sept-2017 YTD margins: 49.0% (50.5% organic margins) ... (e.g. off-us spend) •Income modeling •Fraud (malicious intent, id theft, ... Features