This website uses cookies to ensure you get the best experience on our website. More info. Accept Reject
Menu
Menu

Blog

Go

A - Z of Security Threats

A-Z Security Threats

Are you a cyber security brain box or are you left scratching your head understanding your DNS from your APTs? Fear not, join us on our journey through the A-Z of security threats and become a cybersmart hero! We will update the list every week with a new addition to our list so stay tuned.

Here's our first instalment!

Advanced Persistent Threat (APT)

An APT is a type of targeted attack. They are characterised by an attacker who has time and resources to plan an infiltration into a network. Once these attackers have a foothold in a network they will start to actively manage their attack, seeking information more complex than financial data. APTs will remain on a network for some time and should not be confused with Botnets which are mostly opportunistic and seek any available victim rather than specific data.

Adware

Adware displays advertising banners or pop-ups on a computer when you use an application. When used correctly it can fund the development of freely distributed software for example like Android apps.

Adware becomes a nuisance if it installs itself on your device or applications without permission, hijacks your web browser to display more unwanted ads, gathers data on your web browsing without your permission and is not easily removed. Adware can cause your devise to slow down, become unstable and cause your internet connection to become slow through ads being downloaded. Adware can be detected by some antivirus programs but there are also programs especially for searching out Adware to allow its removal from your devise.

Anonymizing Proxy

Anonymizing proxies allow people to hide previous web browsing history, bypassing web security, to view unauthorised sites from a works computer. Beware that a company can be legally liable if computers are used to view pornographic, hate propaganda, encourage illegal behaviour or illegal downloads such as films and software.

Autorun Worm

Autorun worms are malicious programs that take advantage of the Windows Autorun feature. Commonly distributed on USB drives they execute automatically when the device on which they are stored is plugged into a computer. On patched or newer operating systems Autorun has been set to off as a defult this means Autorun Worms should pose less of a threat in the future.

Backdoor Trojoan

Backdoor Trojans may pose as legitimate software to fool users into running it. Users may also unknowingly allow Trojans onto their computers by clicking a link in a spam email or visiting a malicious webpage. Once a Trojan runs it will add itself to the computer’s startup routine. It will then monitor the computer until the user is connected to the Internet. When the computer goes online, the person who sent the Trojan can perform many actions—for example, run programs on the infected computer, access personal files, modify and upload files, track the user’s keystrokes, or send out spam email.

To avoid backdoor Trojans, you should keep your computers up to date with the latest patches (to close down vulnerabilities in the operating system), and run anti-spam and antivirus software. You should also use a firewall, which can prevent Trojans from accessing the Internet to make contact with the hacker. 

Boot Sector Malware

When you start-up a computer, the hardware looks for the boot sector program which is usually found on the hard disk (but can be on a CD/DVD or Flash Drive), and runs it. This program then loads the rest of the operating system into the computer's memory.

Boot sector malware replaces the original boot sector with a modified version (and usually hides the original somewhere else on the hard disk). The next time you start up, the infected boot sector is used and the malware becomes active.  Boot sectors are now used by some malware designed to load before the operating system in order to conceal its presence.

Botnet

A botnet is a collection of infected computers that are remotely controlled by a hacker. Once the device is infected with malicious software (bot) hackers can control the device remotely over the internet without the user being aware. A collective of these computers is called a botnet and can be shared or access sold to control it, allowing others to use it for malicious purposes. An example is, spammers can use a botnet to send out spam email. Most spam emails are sent this way allowing the spammer to avoid detection avoiding being blacklisted. Hackers also use botnets to launch DDoS attacks, arranging for thousands of computers to access the same website, so that the web server is unable to handle requests to reach it. This then makes the website inaccessible.

Browser Hijacker

Browser hijackers will change the default homepage and search engine in your internet browser without your permission. When this happens you may find you cannot change your browser's homepage once hijacked. Some hijackers will edit the Windows registry so that the hijacked settings are restored every time you restart you computer. Other versions will remove options from the browser's tools menu, leaving you unable to reset the start page.

Browser hijacking is used to boost advertising revenue, as in the use of blackhat Search Engine Optimization (SEO), to inflate a site’s page ranking in search results.

Browser hackers will also use clickjacking, also known as a UI redress attack, by inserting multiple transparent, or opaque, layers on a webpage. This technique can trick a user into clicking on a button or link on a page other than the one they were intending to click on. Effectively the attacker is hijacking clicks meant for one page and routing them to other another page, most likely owned by another application, domain, or both.  Although these threats don’t reside on your PC, they do affect your browsing experience.

Brute Force Attack

A brute force attack is when hackers try a large number of possible keyword or password combinations to gain unauthorised access to a system or file. Hackers use computer programs to try a very large number of passwords to decrypt the message or access the system. To prevent these attacks it is importnant to implement secure passwords.

Buffer Overflow

A Buffer Overflow occurs when a program stores excess data by overwriting other parts of the computer's memory. This then causes errors or the computer to crash. A Buffer Overflow attack takes advantage of this weakness by sending more data than the computer expects. The program may then read in more data than it has space to cope with and will then overwrite other parts of the memory used for other purposes. This may allow unauthorised code to execute or crash the system. This type of attack can occur in any application not just opperating systems or core programs.

For more information on It Security services from NCI Technolohies click here.

Alternatively contact us or telephone 01326 379 497

 

Source: Sophos - Threatsaurus - The A-Z of computer & data security threats

BACK

Share

Comments

Leave a comment below

Cancel Submit