Cybersecurity For Dummies. Joseph Steinberg
Читать онлайн книгу.Spyware is software that surreptitiously, and without permission, collects information from a device. Spyware may capture a user’s keystrokes (in which case it is called a keylogger), video from a video camera, audio from a microphone, screen images, and so on.
It is important to understand the difference between spyware and invasive programs. Some technologies that may technically be considered spyware if users had not been told that they were being tracked online are in use by legitimate businesses; they may be invasive, but they are not malware. These types of nonspyware that also spies includes beacons that check whether a user loaded a particular web page and tracking cookies installed by websites or apps. Some experts have argued that any software that tracks a smartphone’s location while the app is not being actively used by the device’s user also falls into the category of nonspyware that also spies — a definition that would include popular apps, such as Uber.
Cryptocurrency miners
Cryptocurrency miners, or cryptominers, are malware that, without any permission from devices’ owners, commandeers infected devices’ brainpower (its CPU cycles) to generate new units of a particular cryptocurrency (which the malware gives to the criminals operating the malware) by completing complex math problems that require significant processing power to solve.
The proliferation of cryptocurrency miners exploded in 2017 with the rise of cryptocurrency values. Even after price levels subsequently dropped, the miners are still ubiquitous as once criminals have invested in creating the miners, there is little cost in continuing to deploy them. Not surprisingly, as cryptocurrency prices began to rise again in 2019, new strains of cryptominers began to appear as well — some of which specifically target Android smartphones.
Many low-end cybercriminals favor using cryptominers. Even if each miner, on its own, pays the attacker very little, miners are easy to obtain and directly monetize cyberattacks without the need for extra steps (such as collecting a ransom) or the need for sophisticated command and control systems.
Adware
Adware is software that generates revenue for the party operating it by displaying online advertisements on a device. Adware may be malware — that is, installed and run without the permission of a device’s owner — or it may be a legitimate component of software (for example, installed knowingly by users as part of some free, ad-supported package).
Some security professionals refer to the former as adware malware, and the latter as adware. Because no consensus exists, it’s best to clarify which of the two is being discussed when you hear someone mention just the generic term adware.Blended malware
Blended malware is malware that utilizes multiple types of malware technology as part of an attack — for example, combining features of Trojans, worms, and viruses.
Blended malware can be quite sophisticated and often stems from skilled attackers.
Zero-day malware
Zero-day malware is any malware that exploits a vulnerability not previously known to the public or to the vendor of the technology containing the vulnerability, and is, as such, often extremely potent.
Regularly creating zero-day malware requires significant resource and development. It’s quite expensive and is often crafted by the cyber armies of nation states rather than by other hackers.
Commercial purveyors of zero day malware have been known to charge over $1 million for a single exploit.
Fake malware on computers
Ironically, some attackers don’t even bother to actually hack computers. Instead, they just send messages to would-be victims that the would-be victims’ computers are infected and that to re-secure the device the intended victims must pay some fee or purchase some security software. Sometimes criminals are able to display messages to such an effect in a pop-up window, and sometimes they keep things simple, and just send the messages via email.
Fake malware on mobile devices
Fake malware may be even more common on mobile devices than on laptops and other computers. For various technical reasons, it is harder to hack mobile devices, so many criminals go for the “low hanging fruit” and just pretend to have compromised devices in order to get would-be victims to pay up. There are even flavors of “mobile device ransomware” that display ransomware-type demands without ever having encrypted anything on the mobile device.
Fake security subscription renewal notifications
A type of social-engineering attack that exploits people’s desire to remain cybersecure (and that I have included in the malware section because it is directly related to protection against malware), is fake “renewal notices” from anti-malware product vendors. Email that says one’s security software subscription is expiring and asks users to click a link (don’t do it!) or to otherwise submit payment for a renewal, can closely parallel their legitimate counterparts. This sort of attack has become extremely common during the COVID-19 pandemic era during which many people worked from home and, more often than ever before, were responsible for making sure they had current security software subscriptions.
Poisoned Web Service Attacks
Many different types of attacks leverage vulnerabilities in servers, and new weaknesses are constantly discovered, which is why cybersecurity professionals have full-time jobs keeping servers safe. Entire books — or even several series of books — can be written on such a topic, which is, obviously, beyond the scope of this work.
That said, it is important for you to understand the basic concepts of server-based attacks because some such attacks can directly impact you.
One such form of attack is a poisoned web service attack, or a poisoned web page attack. In this type of attack, an attacker hacks into a web server and inserts code onto it that causes it to attack users when they access a page or set of pages that the server is serving.
For example, a hacker may compromise the web server serving www.abc123.com
and modify the home page that is served to users accessing the site so that the home page contains malware.
But a hacker does not even need to necessarily breach a system in order to poison web pages!
If a site that allows users to comment on posts isn't properly secured, for example, it may allow a user to add the text of various commands within a comment — commands that, if crafted properly, may be executed by users’ browsers any time they load the page that displays the comment. A criminal can insert a command to run a script on the criminal’s website, which can receive the authentication credentials of the user to the original site because it is called within the context of one of that site’s web pages. Such an attack is known as cross-site scripting, and it continues to be a problem even after over a decade of being addressed.
Network Infrastructure Poisoning
As with web servers, many different types of attacks leverage vulnerabilities in network infrastructure, and new weaknesses are constantly discovered. The vast majority of this topic is beyond the scope of this book. That said, as is the case with poisoned web servers, you need to understand the basic concepts of server-based attacks because some such attacks can directly impact you. For example, criminals may exploit various weaknesses in order to add corrupt domain name system (DNS) data into a DNS server.
DNS