The Internet is full of risks! Whenever you go online, there is a possibility that you will encounter a risk. There are different types of computer threats with varying associations of damaging effects. For example, some threats may damage or corrupt your installed operating system and force you to reinstall it. Another type may steal your credentials and saved passwords. Still other threats may not bring any harm to your PC; instead, they will track your online activities and invade your privacy.
Today, criminals are smarter than ever before, and malicious programs are more sophisticated. Modern malware can infect a target PC and remain undetected for a long time. The motive behind the majority of cyber-attacks nowadays is not to damage your machine but instead to steal your money, to access your private information, or to acquire your logon credentials.
Malware is short for “malicious software” and is any software employed to bring damage to computing devices (computers, smartphones, etc.) or the stored content (data or applications). Malware corruption can manifest in different ways, such as formatting your hard disk, deleting or corrupting files, stealing saved login information, gathering sensitive information (your files and private photos), or simply displaying unwanted advertisements on your screen. Many malware variants are stealthy and operate silently without the user’s knowledge or awareness. Malware is a term used to refer to many types of malicious software such as computer viruses, worms, Trojan horses, spyware, ransomware, scareware, and adware.
Hacking is the process of invading your privacy by gaining unauthorized access to your computing device. Hackers usually scan your machines for vulnerabilities (such as unpatched Windows updates) and gain access through them. After gaining access, they may install a keylogger or a Trojan horse to maintain their access, to begin stealing information, or to spy on user activities.
Pharming is a cyber-attack intended to redirect users from a legitimate web site to a fraudulent site without their knowledge. Pharming can be conducted either by changing the hosts file on a victim’s computer or by poisoning the Domain Name System (DNS) server records with false information to lead users to unwanted destinations. DNS servers are computers responsible for resolving Internet names into their real Internet Protocol (IP) addresses.
Phishing messages come in different shapes, such as SMS messages, e-mails, and web site links (URLs), all of which are designed to look genuine and use the same format as the legitimate company. Phishing aims to collect user-sensitive details (such as banking information, passwords, and credit card details) by tricking the end user into handing the information to the attacker. Phishing is covered in detail later in this chapter.
Ransomware is computer malware that installs silently on the user machine. Its objective is to deny access to user files, sometimes encrypting the entire hard disk drive and even all the attached external disk drives. It then demands that the user pay a ransom to get the malware creator to remove the restriction so the user can regain access to the system and stored assets
Adware and Spyware
Adware is used to collect information about you and your machine. It usually comes with free software or useful plug-ins or search bars for web browsers; once installed, it begins tracking your online activities and may then send it to outside parties. Many free games and free system utilities contain adware. As we already said in Chapter 1, few users read the end-user license agreements (EULAs) and simply click the “I agree” button without knowing that the freeware may contain adware (which is clearly stated in their EULAs).
Spyware in the form of a keylogger will seek to steal everything you type on your keyboard (usernames and passwords) and send it to its operator. Some spyware can facilitate installing a virus on your operating system, rendering it inoperable. Other forms can do this via the in-house/in-home Wi-Fi connection, communicating any acquired credentials and information into the hands of an awaiting actor.
This type of malware can infect computers silently. It usually installs itself as part of a legitimate software installation. In fact, many Trojans work stealthily in the background and are undetectable by antivirus programs. Most of the popular banking threats come from a Trojan family like Zeus and SpyEye. Trojans can potentially gain access to all your system functions including the camera and microphone. They also have the ability to delete files and monitor your online activities and keystrokes or even to detect other Trojans that may be installed by other criminals and then to remove them, making the new resident Trojan the only active variant on the target system
viruses have been around now for at least two decades and are one of the oldest traditional risks known since the early days of personal computers. They have morphed through many variations of dangerous profiles. A virus is a malicious program that infects a target PC or its content with the objective to make the computer inoperable, thus possibly forcing drastic action like a reformat to return to its normal state. Some viruses cause more damage such as stealing your contact list and credentials and facilitating unauthorized access to your machine. Nowadays, viruses are not widely used because they have been replaced with other types of malware that enable attackers to generate revenue from their attacks such as ransomware.
The Morris worm, or Internet worm, was one of the first to be seen in the wild. In November 1988, it was distributed via the Internet and caused significant damage to the infected systems. This is now another type of old-school attack that is still widely used. However, unlike viruses, which aim to destroy or compromise the OS, the worm works to spread from one machine to another through internal networks or the Internet. Many types of worms attack the e-mail client (e.g., Microsoft Outlook or Thunderbird) and copy themselves to all contacts in the address book to further distribute their infection to new locations. Worms can make computers run slowly because they can consume your disk space and Internet bandwidth. Worm propagations can cause tremendous lost in revenue for companies when spread inside a company’s intranet.
No matter whether you are at home, at work, or at a public access point, hackers can intercept communication communicated through unprotected wireless networks and access points. Such attacks can result in intercepting all your online communications, including your usernames and passwords, and of course may provide access to your online banking details.
Scareware is a form of malicious software that uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software.2 For example, scareware can report to a user that his or her machine is full of spyware and other infections and he or she must act promptly and purchase an anti-malware solution (which is fake!). The idea here is to trick the user into purchasing something unnecessarily in order to take his or her money.
Distributed Denial-of-Service Attacks
A distributed denial-of-service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. Attackers build networks of infected computers, which could be millions of machines, known as botnets, by spreading malicious software through e-mails, web sites, and social media. Once infected, these machines can be controlled remotely by a bot master, without their owners’ knowledge, and used like an army to launch an attack against any target.
Botnets can generate huge floods of traffic to overwhelm a target. These floods can be generated in multiple ways, such as sending more connection requests than a server can handle, manipulating the TCP flags (like the well-known Christmas Tree attack did), or having computers send the victim huge amounts of random data to use up the target’s bandwidth.
A rootkit is a dangerous type of malware; it can potentially gain full access (administrative access) over the system and has the ability to prevent normal detection programs (antivirus and anti-rootkit programs) from noticing its presence. Some dangerous rootkits attack at the hardware level (firmware rootkit), and removal may require hardware replacement or specialized intervention.
In this attack, an intruder will steal your private data through the USB charging port of your smartphone, tablet, or laptop when you connect your device to a public power-charging station such as the ones available in airports, conferences, and restaurants. Malware can also get installed using this technique. To counter such risks, do not charge your computing device in public charging stations; use personal power bank units instead.