We hope to demystify cyber security for you. Learn to speak like a pro and check out the most important security terms with our official explanations from F-Secure Labs.
Article Link: https://business.f-secure.com/security-a-to-z-glossary-of-the-most-important-terms
A Presentation On Basic Network Security And Viruses For College Level. Basics on Networking, Network Security, Virus, Spyware, Vulnerability, Hacking And Indian Laws To Prevent Hacking
What is IDS?
Software or hardware device
Monitors network or hosts for:
Malware (viruses, trojans, worms)
Network attacks via vulnerable ports
Host based attacks, e.g. privilege escalation
What is in an IDS?
An IDS normally consists of:
Various sensors based within the network or on hosts
These are responsible for generating the security events
A central engine
This correlates the events and uses heuristic techniques and rules to create alerts
A console
To enable an administrator to monitor the alerts and configure/tune the sensors
Different types of IDS
Network IDS (NIDS)
Examines all network traffic that passes the NIC that the sensor is running on
Host based IDS (HIDS)
An agent on the host that monitors host activities and log files
Stack-Based IDS
An agent on the host that monitors all of the packets that leave or enter the host
Can monitor a specific protocol(s) (e.g. HTTP for webserver)
A Presentation On Basic Network Security And Viruses For College Level. Basics on Networking, Network Security, Virus, Spyware, Vulnerability, Hacking And Indian Laws To Prevent Hacking
What is IDS?
Software or hardware device
Monitors network or hosts for:
Malware (viruses, trojans, worms)
Network attacks via vulnerable ports
Host based attacks, e.g. privilege escalation
What is in an IDS?
An IDS normally consists of:
Various sensors based within the network or on hosts
These are responsible for generating the security events
A central engine
This correlates the events and uses heuristic techniques and rules to create alerts
A console
To enable an administrator to monitor the alerts and configure/tune the sensors
Different types of IDS
Network IDS (NIDS)
Examines all network traffic that passes the NIC that the sensor is running on
Host based IDS (HIDS)
An agent on the host that monitors host activities and log files
Stack-Based IDS
An agent on the host that monitors all of the packets that leave or enter the host
Can monitor a specific protocol(s) (e.g. HTTP for webserver)
Making Threat Management More ManageableIBM Security
With significant breaches of personal and corporate data being announced on a near-regular cadence, there is even more value in understanding both how the dynamic attack chain really works, and what tools your organization can use to disrupt it. From break-in to exfiltration, follow along step-by-step to understand how easy it is for attackers to infiltrate your network and steal sensitive data. Learn what technologies you can use to combat these threats and contain the impact of a breach, and determine what protection strategy you should encompass to make threat management more manageable.
View the full on-demand webcast:http://securityintelligence.com/events/making-threat-management-manageable/#.VMvYyPMo6Mp
Symantec propone un'analisi approfondita sui Rogue Security Software. I RSS sono applicazioni fasulle che fingono di fornire servizi di tutela della sicurezza informatica ma che, al contrario, hanno come obiettivo quello di installare dei codici maligni che compromettono la sicurezza generale della macchina.
Panoramica - Rischi - Principali modalità di diffusione e distribuzione.
Il periodo di osservazione va da luglio 2008 a giugno 2009.
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
Intrusion detection system (IDS) is software that automates the intrusion detection process. The primary responsibility of an IDS is to detect unwanted and malicious activities. Intrusion prevention system (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents.
Ransomware is targeted at user workstations and often uses social engineering to get the user to initiate the ransomware. System/network administrators and developers are targeted using polluted utilities.
Find out more at https://www.osirium.com
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
Benny Czarny presented an introduction to malware and anti-malware to computer science students at San Francisco State University. The presentation introduced the concept of malware, types of malware, and methods for detecting malware. Benny provided examples of historical malware and illustrations of the difficulties that security vendors face in detecting threats.
Ransomware is one of the types of malware which is the result of sophisticated effort to compromise the modern computer structures. In this paper we examine the current history of ransomware and its growth to the recent form of large-scale ransomware attacks (ones that interrupt whole organizations). Within that timeframe, public reporting, articles, and news media reporting on large-scale ransomware attacks is reviewed to create an experimental analysis of ransom payments, circumstances that led to those payments, and if data was eventually recovered through a literature study for the people victimized by ransomware. Increasing threats due to ease of transfer of ransomware over internet are also talk over. Finally, low level awareness among company professionals is confirmed and reluctance to payment on being a victim is found as a common trait.
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingMuhammad FAHAD
The “cyber kill chain” is a sequence of stages required for an
attacker to successfully infiltrate a network and exfiltrate data
from it. Each stage demonstrates a specific goal along the attacker’s
path. Designing your monitoring and response plan around the cyber kill chain model is an effective method because it focuses on
how actual attacks happen.
Making Threat Management More ManageableIBM Security
With significant breaches of personal and corporate data being announced on a near-regular cadence, there is even more value in understanding both how the dynamic attack chain really works, and what tools your organization can use to disrupt it. From break-in to exfiltration, follow along step-by-step to understand how easy it is for attackers to infiltrate your network and steal sensitive data. Learn what technologies you can use to combat these threats and contain the impact of a breach, and determine what protection strategy you should encompass to make threat management more manageable.
View the full on-demand webcast:http://securityintelligence.com/events/making-threat-management-manageable/#.VMvYyPMo6Mp
Symantec propone un'analisi approfondita sui Rogue Security Software. I RSS sono applicazioni fasulle che fingono di fornire servizi di tutela della sicurezza informatica ma che, al contrario, hanno come obiettivo quello di installare dei codici maligni che compromettono la sicurezza generale della macchina.
Panoramica - Rischi - Principali modalità di diffusione e distribuzione.
Il periodo di osservazione va da luglio 2008 a giugno 2009.
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
Intrusion detection system (IDS) is software that automates the intrusion detection process. The primary responsibility of an IDS is to detect unwanted and malicious activities. Intrusion prevention system (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents.
Ransomware is targeted at user workstations and often uses social engineering to get the user to initiate the ransomware. System/network administrators and developers are targeted using polluted utilities.
Find out more at https://www.osirium.com
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
Benny Czarny presented an introduction to malware and anti-malware to computer science students at San Francisco State University. The presentation introduced the concept of malware, types of malware, and methods for detecting malware. Benny provided examples of historical malware and illustrations of the difficulties that security vendors face in detecting threats.
Ransomware is one of the types of malware which is the result of sophisticated effort to compromise the modern computer structures. In this paper we examine the current history of ransomware and its growth to the recent form of large-scale ransomware attacks (ones that interrupt whole organizations). Within that timeframe, public reporting, articles, and news media reporting on large-scale ransomware attacks is reviewed to create an experimental analysis of ransom payments, circumstances that led to those payments, and if data was eventually recovered through a literature study for the people victimized by ransomware. Increasing threats due to ease of transfer of ransomware over internet are also talk over. Finally, low level awareness among company professionals is confirmed and reluctance to payment on being a victim is found as a common trait.
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingMuhammad FAHAD
The “cyber kill chain” is a sequence of stages required for an
attacker to successfully infiltrate a network and exfiltrate data
from it. Each stage demonstrates a specific goal along the attacker’s
path. Designing your monitoring and response plan around the cyber kill chain model is an effective method because it focuses on
how actual attacks happen.
Abstract-Denial-of-Service attacks, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many Dos attacks, such as the Ping of Death ,Teardrop attacks etc., exploit the limitations in the TCP/IP protocols. like viruses, new Dos attacks are constantly being dreamed up by hackers.So the users have to take own effort of a large number of protected system such as Firewall or up-to-date antivirus software. . If the system or links are affected from an attack then the legitimate clients may not be able to connect it.. This detection system is the next level of the security to protect the server from major problems occurs such as Dos attacks, Flood IP attacks, and also the Proxy Surfer. So these kinds of anonymous activities barred out by using this Concept.
Detection of Distributed Denial of Service Attacksijdmtaiir
Denial-of-Service attacks, a type of attack on
a network that is designed to bring the network to its knees by
flooding it with useless traffic. Many Dos attacks, such as
the Ping of Death ,Teardrop attacks etc., exploit the limitations
in the TCP/IP protocols. like viruses, new Dos attacks are
constantly being dreamed up by hackers.So the users have to
take own effort of a large number of protected system such as
Firewall or up-to-date antivirus software. . If the system or
links are affected from an attack then the legitimate clients may
not be able to connect it.. This detection system is the next
level of the security to protect the server from major problems
occurs such as Dos attacks, Flood IP attacks, and also the
Proxy Surfer. So these kinds of anonymous activities barred
out by using this Concept
The Contents of "Basics of hacking" :
*What is hacking?
*Who is hacker?
*Classification of Hackers
*Typical approach in an attack
*What is security exploits?
*Vulnerability scanner
*Password cracking
*Packet sniffer
*Spoofing attack
*Rootkit
*Social engineering
*Trojan horses
*Viruses
*Worms
*Key loggers
Protect Your IT Infrastructure from Zero-Day Attacks and New VulnerabilitiesSymantec
Protecting a business’s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure with both customer and partner portals. The infrastructure typically employs a mix of databases, in-house applications, third-party applications and web services, running in a heterogeneous OS environment and is constantly changing as technology advances and new business applications are added.
To ensure a base level of security and compliance, IT installs antivirus and uses a complex series of static network zones to protect the infrastructure.
This approach makes it difficult and slow to deploy new business applications and only provides protection from a casual attacker. The architecture becomes more complex as more applications and business services are introduced. Increasing IT infrastructure complexity also exacerbates existing challenges in protecting the environment from zero-day threats and from malicious actors eager to take advantage of newly discovered vulnerabilities.
RSAC 2021 Spelunking Through the Steps of a Control System HackDan Gunter
Ever wonder what a hack on an industrial process using real-world Tactics Techniques and Procedures (TTP) really looks like? This session will demonstrate an attack step by step from the initial discovery, to the physical impact to reducing the chance of the attack in the first place.
How data breaches happen? What are their business implications? Learn more how to react when an incident does happen and how to get back to business as quickly as possible afterwards.
Article URL: https://business.f-secure.com/webinar-post-mortem-of-a-data-breach
In this webinar, Janne Pirttilahti, Director, New Services from F-Secure Cyber Security Services, will explain essential predictive measures, how to acquire evidence-based knowledge about existing or emerging adversaries and threats, and how to turn that insight into actions to better protect your organization.
Article URL: https://business.f-secure.com/webinar-how-to-predict-threat-landscape
When a cyber security incident occurs, you need to understand exactly how the attack happened, so you can plan the best way to respond. Earlier this week, we hosted a webinar where our cyber security expert, Janne Kauhanen, talked about incident response.
Article URL: https://business.f-secure.com/got-hacked-cyber-security-webinar4
Building in-house breach detection and response capabilities is difficult. When chosen right, your managed detection and response service provider actually become your cyber security partner: its capabilities become an extension of your own. One of the biggest reasons why your organization should consider a managed security service instead of an in-house SIEM (security information and event management) deployment for breach detection and response: cost, cost, cost!
Le Chief Research Officer de F-Secure Mikko Hypponen donnera une conférence de 45 minutes intitulée « The Cyber Arms Race » (conférence C16) le mercredi 25 janvier de 14h45 à 15h30, où il analysera l’évolution récente des cyber menaces. Il abordera notamment les élections et la cyber géopolitique, ainsi que le danger des Objets Connectés. Cette conférence sera traduite simultanément en français.
Le Chief Research Officer de F-Secure Mikko Hypponen donnera une conférence de 45 minutes intitulée « The Cyber Arms Race » (conférence C16) le mercredi 25 janvier de 14h45 à 15h30, où il analysera l’évolution récente des cyber menaces. Il abordera notamment les élections et la cyber géopolitique, ainsi que le danger des Objets Connectés. Cette conférence sera traduite simultanément en français.
Sur place, nos experts vous présenteront également le panel des nouvelles solutions de cyber sécurité F-Secure, notamment Radar, une solution d’analyse des vulnérabilités des réseaux.
Retrouvez-nous au FIC du mardi 24 au mercredi 25 janvier sur le stand B24 : nous répondrons à toutes vos questions en matière de cyber sécurité et de protection des données.
Cyber security webinar 6 - How to build systems that resist attacks?F-Secure Corporation
Building secure software starts from the very beginning of the development process. Trying to fix security at the end of the development cycle is much harder. And even if it is impossible to build systems that would be totally secure from every breach attempt and that have no flaws, you can build systems that cyber attackers will find extremely hard to breach. Find out more how to build secure systems from the webinar recording in the following link and the presentation slides.
https://business.f-secure.com/how-to-build-systems-that-resist-attacks/
There are many ways to protect servers from cyber-attacks. However, in the end, your best defense is to limit the attacker’s options. You can do this by minimizing the possible entry points into your network, by minimizing the tools available on the server, by making the data difficult to access in various ways, and by making the data useless when extracted from the content. Learn more about the ways to defend servers by watching the webinar recording from the following link and find more information in this presentation slides.
https://business.f-secure.com/defending-servers-recording-from-cyber-security-webinar-3/
Cybercrime is a business just like any other. And in business, there are budgets to stick to, and bosses to report to. Therefore, most cyber criminals are after easy money. They want quick wins with minimal effort – just because they can! Mass production is the key to profitability, even in the malware business.
Learn more about the specific actions you can and should take to secure your workstations in the webinar recording in the following link and the presentation slides here.
https://business.f-secure.com/defending-workstations-recording-from-cyber-security-webinar-2/
There is nothing mystical about cyber security. Any company can be a target – if not specifically selected, then a target of opportunity. Cyber attackers try to get their victims any way they can, and will do anything to profit. Watch the recording of cyber-security first webinar and download the presentation materiel to learn more how you can prevent from targeted cyber attacks.
Article URL : https://business.f-secure.com/cyber-security-what-is-it-all-about/
F-Secure Radar offers you complete control over vulnerability management.
It lets you:
- Map your true attack surface, before someone else does
- Measure yourself against PCI compliance
- Improve your security measures with easy management
- Get customized reports that fit your company’s needs
- Scale and adapt F-Secure Radar to your needs
- Use seamless API integration with 3rd party solutions
F-Secure Radar is a European solution that can be implemented on premise or be used from the cloud.
F-Secure Policy Manager - onsite security management with superior controlF-Secure Corporation
Get on top of your IT security and manage risks centrally.
Policy Manager gives you the control of your IT security. You decide what sites your employees are allowed to access, and what software is allowed to be run the web.
F-Secure Policy Manager automates daily operations such as protection of new computers and removal of disconnected hosts. This allows you to focus on more critical issues. Multiple administrators with different admin level rights can work simultaneously and you can control their access rights individually.
Online Threats and Malware Trends in India 2012-2014.
Summary:
- The top malware infection in India is still Botnet related.
- Hackers own your PC’s and use them for spamming, DDOS or other malicious activity to make money.
- Banking related malware has been consistently topping the chart in India.
- Ramnit malware steals bank user names and passwords.
- The malware spreads through USB removable drives.
- PC’s in India are moving away from Windows XP.
- We have also observed the decline in Downadup/Conficker infection over the past 3 years in India.
AV-Test awarded F-Secure with "Best Protection" award for corporate endpoint protection. This is the 4th year in a row that F-Secure has received this award, clearly showing that our Windows security is of top-notch quality.
Six things to take into account when choosing cloud solutionsF-Secure Corporation
1. What is the Cloud?
2. Where is my data actually kept?
3. What are the benefits of the cloud?
4. How do I know it’s secure?
5. Best practices when using cloud solutions
6. What to consider when choosing cloud services
Security is usually one of the major concerns for companies that evaluate cloud services. However, with the right approach, secure cloud services are a possibility that can keep your business confidential.
So what are the major considerations when choosing a cloud solution?
Small and midsize companies (<250 employees) drive global economy, accounting for 99% of all global enterprises and two thirds of employment. There are currently over 203 million SMBs worldwide. It’s a business with a huge potential.
Digital attacks targeted at the smaller end of business are also on the rise, and the need for small business protection s is imminent. Largely under- or unprotected, they are the digital villain’s dream. Together with our partner network, F-Secure stands in the vanguard and leads the front to safe business and business confidentiality.
The information released by whistleblower Edward Snowden exposed and unprecedented amount of government surveillance. The new film CITIZENFOUR just how significant this information is.
Digitaliseringens påverkan gör att vårt sätt att arbeta genomgår en förändring. Det som en gång var en värld av kontorsmoduler och stationära datorer, är nu ett nätverk av mobila enheter – smartphones, surfplattor och laptops.
I takt med att privat- och yrkesliv i allt större takt flyter ihop, kommer det bara att återstå en tunn suddig skiljelinje mellan yrkesroll och konsument. Anställda i små och medelstora företag använder samma enheter både privat som i jobbet. Jobbet är en aktivitet, och inte en plats man går till. Oberoende av plats, och inte längre begränsat till kontoret, kommer arbetsplatsen att omfatta kundbesök, caféer, seminarier, flygplan, hotell och sträcka sig utanför den traditionella kontorstiden. Vi går från 9–5 till en 24/7-kultur. Att möjliggöra flexibla arbetssätt är ett fundament för det moderna affärslivet.
Den nya världen för med sig både nya möjligheter och hot. När företaget sprider ut sig över världen och nås från massor av olika enheter från en ständigt föränderlig arbetsstyrka, exponeras företagens information för en allt större mängd hot så som digileaks, nätfiske, datastöld, förstörelse och bedrägerier.
Vidtar du det nödvändiga säkerhetsåtgärderna för att hålla ditt företag säkert?
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
3. 3SWITCH ON FREEDOM
B
BACKDOOR
A remote administration utility that bypasses normal security mechanisms to secretly
control a program, computer or network. These utilities may be legitimate, and may be
used for legitimate reasons by authorized administrators, but they may also be misused
by attackers. A backdoor is usually able to gain control of a system because it exploits
vulnerabilities, bugs or undocumented processes in the system’s code.
BANKING FRAUD / TROJAN
Malware that attackers use to access their
victim’s online banking.
BOTNET
Anetwork ofdevicesinfectedwith
a specializedformofmalwareknownas
a botthatcanberemotelycontrolledbyan
attacker,usuallyvia a command-and-control
(C&C) server.Eachinfectedcomputer may
beknownasa bot,a zombiecomputer,or
a zombie.Anattacker,or groupofattackers,
canharnessthecollectiveresourcesof
a botnettoperformmajor maliciousactions,
suchassendingmillionsofspamemails,
launchinga distributeddenial-of-service
(DDoS),attack andmuchmore.
BRUTE-FORCE ATTACK
Atypeofattackthattypicallytargets
authenticationmechanismssuchas
passwords.Abrute-forceattackisan
exhaustive,trial-and-errorattemptthat
involvesrapidlycyclingthrough
acomprehensivelistofpossiblepasswords
ordecryptionkeys,untilthecorrectone
isentered.Brute-forceattackscommonly
succeedduetoweakpasswordsand/or
humanerrororlaxness.Often,abrute-force
attackiscombinedwithadictionaryattack,
whichusesalonglistofwordstakenfrom
dictionariesandpopularculturereferences.
Unlikeastandardbrute-forceattack,
adictionaryattackuseswordsthatare
thoughttobethemostlikelytosucceed.
A
ADWARE
AdwareisF-Secure’sclassificationnameforsoftwarethat
displaysadvertisementsonthecomputersordevices.
Theadvertisementsmaybedisplayedonthedesktopor
duringawebbrowsingsession.Adwareisoftenbundled
withfreesoftwarethatprovidessomefunctionalityto
theuser.Revenuefromtheadvertisingisusedtooffset
thecostofdevelopingthesoftware,whichistherefore
knownas‘ad-supported’.
ATTACK SURFACE
Codethatisactiveinatargetsystemandsomehow
involvedinprocessinginputthatcanbeusedinattacks.
Anyvulnerabilitiesthatcanbeexploitedarepartof
attacksurface.Thebasicidea insecurityistodisableall
unnecessaryfeaturesinsoftware,andthuslimitattack
surfaces.Disablingcodeinthismanner preventsitfrom
beingexploited-evenifitcontainsa vulnerability.
ATTACK VECTOR
Method of contact used to
attack victims. Examples of
typical attack vectors include
email, the web, and USB media.
4. 4SWITCH ON FREEDOM
CYBER ATTACK
Cyberattackstargetcomputerized
infrastructure,andcanthereforeproduce
affectsoutsideofthecomputingdomain.
Effectsarewhatdefinecyberattacks,not
methods.Ifadenial-of-serviceattackagainst
abankwebsitecrashespaymentprocessing
servers,andpreventspeoplefrompayingfor
thingswithcreditcardsorwithdrawingmoney
fromanATM,itisacyberattack.Anattack
againstahobbygameservermaybetechnically
identical,butifitonlyaffectsthatparticular
game,itwouldnotbeconsideredacyberattack.
CYBER SECURITY
Security that focuses on preventing
cyber attacks. Basically the same as
information security, except that
one should also consider the effects
that attackers can produce once they
have control of corporate systems and
build custom security mechanisms for
critical resources. A typical example
would be restricting the network
connections for workstations with
access to a corporate bank account,
or a production line controller
computer, etc. Cyber security is also
used by less honest consultants as a way
to rename everything that used to be
called information security in order to
charge bigger fees from customers.
CYBER ESPIONAGE
Espionage using
computers as tools for
espionage. It typically
involves hacking or using
malware to break into
corporate computers and
stealing information.
C
CLIENT / ENDPOINT
PC/Mac workstation or laptop,
or a mobile phone. Basically
anything that runs code, and
capable of running security
software. The basic definition
of a client is a device that can
run independent applications,
while a terminal is just a screen
that input access to computer
that is somewhere else.
CLOUD SECURITY
Security that is provided from a remote server.
The benefit of cloud security is that a remote
server receives information from multiple
sources, so it can make better decisions.
Another security benefit of cloud security
is that attackers cannot reverse engineer
security features that are implemented
at remote cloud server.
COMMAND AND CONTROL / C2
The command and control(C&C, or CC)
server of a botnet is the main control
point for the entire network of enslaved
computers.
5. 5SWITCH ON FREEDOM
D
DATA BREACH
An incident that involves data
leaking from an organization
as the result of a successful attack.
DDOS
AtypeofattackconductedovertheInternet,using
thecombinedresourcesofmanycomputersto
bombard,andfrequentlycrash,atargetedcomputer
systemorresource(e.g.,aprogram,websiteor
network).Therearevarioustypesof distributed
denial-of-service (DDoS) attacksthatcanbe
conductedindifferentways basedonhowtheattack
isconducted.DDoSattacksaresometimesincluded
aspartofawormortrojan’spayload-allinfected
computersaredirectedtoattacktheselectedtarget.
DDoSattacksarealsooftenperformedbybotnets,
asthecombinedresourcesofallthecomputersin
thebotnetcangenerateaterrificamountofdata,
enoughtooverwhelmmosttarget’sdefenseswithin
seconds.DDoSattackshavebecomeoneofthemore
dangerousmenacesofthemodernInternet.
DLP
Data Leakage Prevention -
a software or service used to detect
and possibly prevent information/
data breaches.
DOMAIN
A domain name (e.g. www.f-secure.com) is a human-friendly
text string given to identify a specific resource on the Internet –
in most cases, a website. Each domain name maps to a specific
IP address. Domain names are used because IP addresses, which
are what the computers use to identify common resources,
aren’t easy for humans to remember. Domain names are a part
of the hierarchical Domain Name System (DNS) used to organize
all resources on the Internet.
DRIVE-BY DOWNLOAD
The automatic download of a program from a visited website
onto a user’s computer, almost always without their knowledge
or authorization. Drive-by downloads are often used in conjunction
with Search Engine Optimization (SEO) attacks, in which search
engine results are poisoned in order to redirect users to a malicious
site where the drive-by attack can take place. The term ‘drive-by
download’ is most frequently used to describe the situation of a
website forcibly and silently downloading malware on to a visitor’s
system, but clicking on pop-up ads or viewing an email message
may also result in the user being subjected to this attack.
6. 6SWITCH ON FREEDOM
E
ENCRYPTION
The use of a cipher or algorithm to transform data, such
as a program’s code, into an unintelligible form. There are many
different ways to perform encryption, based on the algorithm
or cipher used. Some examples of encryption algorithms include
ROT13 and the Vigenere cipher. Encryption usually requires a
specific piece of information (a ‘key’) in order to transform the
encrypted information back to a usable state when necessary.
The simplest form of encryption uses a static unchanging key;
more sophisticated encryption may involve changes in the key
itself as well as the code to be transformed. Virus writers use
encryption to create encrypted viruses, which are harder for
antivirus programs to detect. Once installed, the encrypted virus
uses the key to decrypt its own code and execute it.
HACKING
Act of breaking into workstations,
servers or mobile phones through
a network or other connection.
A typical example of hacking would
be someone finding a vulnerability
in a server and then using an exploit
against that vulnerability to access
the system.
HEURISTICS
Reasoning based automation that is used to
detect malware or other attacks. Both clients
and servers in security clouds use heuristics.
Basically, heuristics model human decisions
for computer programs, allowing those
programs to automate decision making
processes. F-Secure uses heuristics to detect
malware and other types of attacks.
EXPLOIT VS EXPLOIT KIT
Exploit: An object - a program, a section of code, even a string of characters - that takes
advantage of a vulnerability in a program or operating system to perform various actions.
An exploit is almost always used in a malicious context. If successfully used, exploits can
provide an attacker with a wide range of possible actions, from viewing data on a restricted-
user database to almost complete control of a compromised system. Exploit kit: A server
which has a selection of exploits targeting vulnerabilities in several softwares or versions,
and a capability to analyze the client and select proper exploit. Typical exploit kit has
a selection of exploits for different web browsers and plugins.
HACKTIVISM
Type of activism which uses hacking in order
to push some agenda. Most typical cases of
hacktivism involve website defacement in
which attackers gain control of a web page
and change it to show political or other
messages. Twitter, Facebook and other
social media accounts are often seized for
hacktivism purposes.
HARDENING
Improving the security of a server
or workstation by modifying
security, server or application
settings. A typical example of
hardening would be to reduce an
attack surface by disabling features
that are not needed by a client or
server application. For example,
disabling JavaScript from a PDF
reader will break most PDF exploits.
H
7. 7SWITCH ON FREEDOM
K
L
M
KEYLOGGER
A program or hardware component that surreptitiously monitors and stores all the strokes
typed into a device’s keyboard. Some keylogger programs will also forward the stored
information to an external server for easier retrieval by the attacker. Keyloggers are typically
used by attackers to steal vital information such as personal details, credit card details, online
account login credentials, and so on. The stolen information can then be used to perpetrate
crimes such as identity theft, online fraud, monetary theft, and so on. Keylogger programs
are typically installed on a device by other malware, though they may also be manually
installed by an attacker with physical access to a device. Hardware components must
be manually installed.
MAN-IN-THE-MIDDLE ATTACK
A type of attack that involves an undetected third-party actively
eavesdropping and controlling communications between
two systems. The specific technical details of how the attack
is performed depends on the type of communication being
intercepted (wireless, Internet, mail, etc.), but for it to be
successful, the attacker must be able to impersonate each side
of the dialogue and convince them that the communication is
private and authentic. MITM attacks are usually done in order
to intercept or modify messages sent between the two systems,
or to inject false information.
LAYERED PROTECTION
A protection principle in which multiple methods are used to
protect against attacks. Layered protection is based on the
reality that it is almost impossible to make one security solution
that can stop 100% of attacks. Providing layered protection
requires the use of multiple technologies in security solutions.
ONLINE SCAMS = PHISHING
A type of social engineering attack in which fraudulent communications are used to trick the
user into giving out sensitive information, such as passwords, account information, and other
details. Phishing is a criminal activity in many jurisdictions. A phishing attack usually involves a
fake communication, often supposedly from a trusted corporation or institution that requires
some kind of response from the user. Usually, the subject matter is enticing or alarming, to
motivate the user into complying. Victims are then directed to a specific (usually fraudulent)
website in order to trick them into providing information to the attackers. Phishing attempts
are most commonly done via email, but attempts made by instant messages, SMS messages,
and even voicemail are also known. Malware may also drop phishing communications as part
of their payload. Phishing can often be executed using spam emails, but targeted phishing
attacks can also occur. The information stolen can have considerable value to a criminal, but
its loss can be even more significant to the victim. Such information theft is rapidly becoming
a major concern for law enforcement agencies and web service operators worldwide.O
8. 8SWITCH ON FREEDOM
P
PATCHING
Aprogramor pieceofcodeissuedbya program
vendor tofix issuesina programor operating
system.Patchesareusuallyissuedtofix bugs,
vulnerabilitiesor usabilityissues.Agoodsecurity
practiceistoinstallpatchesassoonaspossibleafter
theyarereleased.Unfortunately,for manybusinesses
andhomeusers,theremaybea significantdelay
betweenthetimea patchisreleasedandwhen
itisinstalledonanaffectedapplication
or machine,leavingthemvulnerabletoattacks.
RANSOMWARE
Amaliciousapplicationthatstealsor encryptsa user’s
dataorsystem,thendemandsa ransompaymentto
restorethedataornormalsystemaccess.Ransomware
programstypicallyencryptfilesona computer or device,
thendisplaysamessagestatingthattheuser needsto
payacertainsuminaspecifiedmanner.Thespecifics
ofhowtheencryptionisdone,thekindofmessage
displayed,andthepaymentmethodtobeusedusually
differbasedontheransomwarefamilyinvolved.Thisform
ofextortionworksontheassumptionthattheuser values
thedataenoughtopayforitsrecovery.However,there
isnoguaranteeofactualrecovery,evenafter a payment
ismade.Asencryptionisusuallyextremelydifficultto
break,thebestsafeguardagainstlosingaccesstocritical
datathiswayistokeepup-to-datebackupsofyour files
inaseparate,unconnectedlocationor device.
Up-to-dateantivirusprotectionanduser cautionarealso
keyinavoidingunintentional contactwithransomware.R REMOTE CODE EXECUTION
In computer security, remote code execution means
that an outside party being able to run arbitrary
commands on a target machine or in a target process,
almost always with malicious intent. Remote code
execution is usually the goal of a system or program
exploit, as it essentially means an attacker can take
complete control of the compromised machine.
REPUTATION
Information about whether
an application, URL or some
object is malicious, known
to be clean, or unknown.
Reputation is the information
that is used for whitelisting or
blacklisting applications.
9. 9SWITCH ON FREEDOM
SANDBOXING
An isolated, tightly controlled virtual environment that
replicates a normal computer system. Sandboxes are usually
virtual machines installed as a completely contained entity
on a host, or ‘real’ machine. Security researchers often use
sandboxes to run and examine suspect, untested or malicious
code without risking damage to their actual systems. Modern
antivirus programs also use sandboxes to run suspicious
programs found on a device, which allows the program to
be scanned in order to examine its behavior. If the suspect
program performs a harmful routine within the sandbox, it can
be identified as malicious without affecting the actual machine.
As malware evolves constantly, some sophisticated threats are
now ‘VM-aware’. They first check for the presence of a virtual
machine or sandbox on the system. If found, the malware
can refuse to run, or even uninstall itself as a precaution
against detection.
S
SOCIAL ENGINEERING
A general term used to describe attacks that leverage
psychological or social pressures to dupe an unsuspecting victim
into providing sensitive information such as passwords, account
details and so on. Social engineering attacks can take place both
online and offline. Online social engineering attacks usually
take the form of phishing or pharming attempts, which present
unsuspecting users with legitimate looking emails or websites
in order to convince potential victims to part with important
information or money. Another form of online social engineering
involves convincing a user to download a file, usually in the
guise of a security or application update, game or other desired
program. However, once downloaded and run, the file turns out
to be something entirely different, and almost always malicious.
Social engineering attacks tend to be effective in spite of their
simplicity, as they exploit natural human tendencies based on
trust, desire and curiosity.
SPEAR-PHISHING
Phishing in which the attacker has studied the target and
is able to personalize the attack to make it more credible.
Spearphishing is also used for sending malicious documents
with customized content, while conventional phishing attacks
are used to describe attacks which rely for scams rather than
malware or exploits.
10. 10SWITCH ON FREEDOM
SQL INJECTION
A type of attack that exploits poor user-input filtering to inject and run executable
commands in improperly configured Structured Query Language (SQL) databases.
Technically, a few types of SQL injection attacks are possible, but the end result of all
successful SQL injection attacks is that an attacker can manipulate or gain total control over
the database. SQL databases are a common feature of many applications. Often, companies
will use such databases for vital operations such as payrolls and customer records. The
most commonly reported attacks are launched against databases that can be accessed
via a website, simply because these databases are much easier for a hacker to reach. SQL
databases are commonly used on websites with dynamic content, making them popular
targets for hackers. SQL injection attacks only work against databases that don’t sanitize
user input properly. Whenever a user interacts with a database, such as by trying to log into
a “Members Only” section of a website, any input they provide should be ‘sanitized’, or
checked to make sure it doesn’t contain invalid characters. Poor or improper checking of the
data input may cause programming errors, which an alert or malicious user can then exploit.
SPYWARE
Aprogramdesignedtocompromisepersonalor confidential
information.Spywarecanbe installedona systemwithouta user’s
authorizationorknowledge.Spywarecanvarywidelyinthekinds
ofactionstheyperform.Somecommonactionsincludedisplaying
unsolicitedpop-ups,hijackinga browser’shomeor searchpages,
redirectingbrowsingresults,andmonitoringuser activities.These
actionsmayborderon,orbeoutrightconsidered,asmalicious.
Spywareissometimesconsidereda grayarea intermsofethics
andlegality.Dependingonthespecific action,contextofuseand
applicablelaws,spywaremay belegalandacceptable,dubious
butunlegislated,oroutrightillegalandunethical.Complicating
theissueisthatsomespywareisnotintentionallydesignedas
such.Instead,programmingerrorsmayresultinthemperforming
actionsthatmakethembehavelikespyware.Oncetheflawsare
corrected,theprogrammaythenbereclassified.
S
SPOOFING
The act of falsifying characteristics or data. Spoofing is usually
done in order to conduct malicious activities. For example, if
a spam email’s header is replaced with a false sender address
in order to hide the actual source of the spam, the email
header is said to be ‘spoofed’. An attack can also involve
elements of spoofing, as it prevents or complicates the
process of identifying the correct source of the attack. There
are many kinds of such ‘spoofing attacks’: email spoofing,
Internet Protocol spoofing, URL spoofing, and so on.
11. 11SWITCH ON FREEDOM
TCP
Transmission
Control Protocol,
the most commonly
used networking
protocol used to send
packages through
the Internet.
UNWANTED SOFTWARE/APP
Software that is not malware, but has annoying
or intrusive features that make it something
most people would prefer not to run. A typical
example would be adware that focuses only
on information gathering, and does not display
advertisements by itself.
T
U
TROJAN
This is a deceptive program that performs additional actions
without the user’s knowledge or permission. It does not
replicate itself. Trojans were named after the Trojan Horse of
Greek legend, and are sometimes referred to as Trojan Horse
programs. Quite often, the Trojan will have, or pretend to have,
a functionality that offers a useful service to the user -
a screensaver, a utility program, a service pack or application
update and so on - in order to encourage the user to run the
file. While the legitimate action is executing, the Trojan silently
performs its unauthorized routines in the background.
The effects of a Trojan’s payload on a computer system can
range from mildly annoying pranks (like changing desktop icon
positions) to serious, user-inhibiting functions (like disabling
the keyboard or mouse). They can even produce critically
destructive actions (like erasing files or stealing data). Trojans
can cause significant damage by stealing financially sensitive
data such as bank account credentials, or personal information
that can be used for identity theft. There are numerous types
of Trojans, and they can be categorized based on the malicious
action(s) they perform.
TWO-FACTOR
AUTHENTICATION
User login method that requires
information in addition to
a username and password.
A typical example of two-factor
authentication would
be verification through an SMS.
VULNERABILITY
A flaw or security loophole in a program, web service, network, or operating system that
allows a user or attacker to perform unintended actions, or gain unauthorized access.
A vulnerability can be a flaw in a program’s fundamental design, a bug in its code that allows
improper usage of the program, or simply weak security practices that allow attackers to
access the program without directly affecting its code. Fixing a vulnerability requires the
program vendor to create a patch (adding or changing the source code to rectify the flaw
or loophole) and distribute it to all users of the vulnerable product to protect them from
possible exploitation. A publicly announced vulnerability is often targeted by attackers, who
attempt to exploit it before the vendor can create and release a patch (known as a zero-day
attack). Unfortunately, there is often a significant time gap between when a patch is released,
and when it is installed on a vulnerable machine. During that time, the machine remains
exposed to attacks targeting the vulnerability.
V
12. 12SWITCH ON FREEDOM
ZOMBIE (IN CONNECTION TO BOTNETS)
Acomputer,serverormobiledevicethathasbeeninfectedwithspecializedmalwareknown
asabot,whichallowsanattacker tocontrolit.Azombiemachineisalsooftenknownasa bot.
Zombieorbotmachinesareusuallyropedintoa network ofsimilarlyinfecteddevices,known
asabotnet.Thiscollectivegroupofcontrolledmachinesisunder thecontroloftheattacker(s),
whocanbereferredtoasthe botnetcontroller,operator or botherder.Instructionsfromthe
botherdertoazombieinthebotnet- or toallofthem- areusuallysentvia a Commandand
Control(CnC)server,whichrelaysthecommands.TheCnCserver couldbea server,a malicious
orcompromisedwebsite,orevena hijackedsocialmedia account.Somebotnetsalsousea
peer-to-peer(P2P)commandstructure,sothatinstructionsarerelayedbetweeninfected
machines,makingitmuchharder totracetheattacker(s).Thecollectiveresourcesofallthe
machinesinabotnetareoftenusedfor maliciousactivity,suchaslaunchingdistributeddenial
ofservice(DDoS)attacks,sendingoutspam,andsoon.Often,thelegitimateowner or user
ofazombiemachinehasnoidea thatthedevicehasbeenhijackedandputtonefarioususe.
WORM
A program that replicates by sending copies of itself
from one infected system to other systems or devices
accessible over a network. Though most worms only
focus on self-propagating, some also include other
malicious actions in their payload - for example,
installing other malware, changing system settings, and
so on. A worm is usually classified based on the type of
network it uses to spread, such as the Internet, email,
IRC chat channels, peer-to-peer networks, Bluetooth,
SMS, or social media networks. A worm-infected
machine can suffer from productivity and network
issues if the malware’s propagation takes up too
much of the system’s resources. If many machines in a
network are simultaneously sending out worm copies,
the entire network may be affected, causing significant
disruption and inconvenience.
WHALING
Whaling is basically the
same as spear-phishing, i.e.
a type of social engineering
attack in which fraudulent
communications are used
to trick the user into giving
out sensitive information.
The difference is, however,
in the target. Whaling refers
to specifically highly targeted
attacks against the executives
and other high profile targets.
These targets hold business
critical data, and are worth
the extra effort of catching
the “big phis”.
ZERO-DAY
Azero-dayvulnerabilityisa vulnerabilitythatisstillunknownto
thevendor,andtherefore,unpatched.Attacksthatareperformed
beforethevulnerabilityhasa publiclyavailablepatch,or even
beforetheyareknowntothevendor arecalledzerodayattacks.
Evenafter a patchbecomespubliclyavailable,thereisoftena
timegapbeforemostcompaniesor homesuserscaninstallthe
patchona vulnerablemachine,whichgivesattackersanadditional
opportunitytoperforma successfulattack.Duetothehigh
chanceofattackerstargetinga vulnerabilitythathasbeenrecently
announced,manysecurityresearcherswillwork quietlywith
vendorstocreateandreleasethepatchfor a vulnerabilitybefore
publishingthenewstothegeneralpublic.
W
Z