What we once referred to as “Gangs” of cyber criminals are now better described as “Organisations”; Operating in a professional manner, taking feedback from clients, offering a range of services and even collaborating with other “Organisations” in order to achieve a higher goal.
“Criminal “companies” now operate together, employing similar tactics as legitimate industries: selling packaged tools and platforms to their customers; providing malware-as-a-service; demonstrating innovation, usability and professional excellence; and offering outsourced capabilities with training and technical support.” “For any legitimate businesses still thinking cybercrime doesn’t have industrial strength behind it, they will likely find themselves the next target. Which make this assessment more than just a wake up call.” – Quotation taken from The National Crime Agency (NCA) and National Cyber Security Centre (NCSC) 2017 report into ‘The cyber threat to UK businesses’
In computing, a Trojan horse is a program that appears harmless, but is, in fact, malicious. Attackers have long used Trojan horses as a way to trick end users into installing malware. Typically, the malicious programming is hidden within an innocent-looking email attachment or free program, such as a game. When the user downloads the Trojan horse, the malware that is hidden inside is also downloaded. Once inside the computing device, the malicious codecan execute whatever task the attacker designed it to carry out.
Distributed denial of service (DDoS) attacks are a subclass of denial of service (DoS) attacks. A DDoS attack involves multiple connected online devices, collectively known as a botnet, which are used to overwhelm a target website with fake traffic.
Unlike other kinds of cyberattacks, DDoS assaults don’t attempt to breach your security perimeter. Rather, they aim to make your website and servers unavailable to legitimate users. DDoS can also be used as a smokescreen for other malicious activities and to take down security appliances, breaching the target’s security perimeter.
A successful DDoS attack is a highly noticeable event impacting an entire online user base. This makes it a popular weapon of choice for hacktivists, cyber vandals, extortionists and anyone else looking to make a point or champion a cause.
A computer virus is malicious code that replicates by copying itself to another program, computer boot sector or document and changes how a computer works. The virus requires someone to knowingly or unknowingly spread the infection without the knowledge or permission of a user or system administrator.
A botnet is a network of interconnected, autonomous computers that are infected with malicious software that is controlled by the owner of the malware, the bot herder. Once the software is installed in a computer, the bot is forced to carry out the commands of the bot herder, who can launch malicious attacks using some or all of the botnet’s compromised computers. Botnets vary in size, complexity and sophistication. The botnet commander can use the botnet for denial of service attacks, spamming, traffic monitoring, identity theft and financial gain. Each bot in a botnet communicates with the botnet’s command-and-control center (C&C), and the herder has administrative privileges over all infected computers remotely from the C&C. A compromised computer communicates with the bot herder through covert communication channels such as IRC, peer-to-peer networks and social networking sites. The botnet’s command-and-control center is used to send instructions to zombie computers, often over http or with more modern methods such as P2P and social networks. The most advanced way of controlling botnets is over P2P networks, which gives the herder the ability to switch servers quickly to avoid detection, and disabling botnets on these networks can be nearly impossible.1 Uri Rivner, head of new technologies for consumer identity protection at RSA, says herders have four choices for C&C channels: herders can build their own C&C servers; use bulletproof hosting; use cloud services; or use social networks
A zero-day (also known as zero-hour or 0-day or day zero) vulnerability is an undisclosed computer-softwarevulnerability that hackers can exploit to adversely affect computer programs, data, additional computers or a network.
It is known as a “zero-day” because it is not publicly reported or announced before becoming active, leaving the software’s author with zero days in which to create patches or advise workarounds to mitigate its actions. In effect, no time has passed since the exploitable bug’s existence was disclosed. Similarly, an exploitable bug that has been known for thirty days is sometimes called a 30-day exploit.
The fewer the days the bug has been known about, the higher the chance no fix or mitigation has been developed. The more recently the exploit was published, the higher is the probability that an attack against a particular instantiation of software that was afflicted with the exploitable bug will be successful, because even if there is a patch, not every user of that software will have applied it. For zero-day exploits, the probability that a user has patched their bugs is of course zero.
Polymorphic malware is harmful, destructive or intrusive computer software such as a virus, worm, Trojan or spyware that constantly changes (“morphs”), making it difficult to detect with anti-malware programs. Evolution of the malicious code can occur in a variety of ways such as filename changes, compression and encryption with variable keys.
Ransomware is a subset of malware in which the data on a victim’s computer is locked, typically by encryption, and payment is demanded before the ransomed data is decrypted and access returned to the victim. The motive for ransomware attacks is nearly always monetary, and unlike other types of attacks, the victim is usually notified that an exploit has occurred and is given instructions for how to recover from the attack.