midterm examination course title principles of information security

Group 3 Project: Research on malicious codes: Analyzing the malicious codes malware, ransomware or phishing attack and methods for preventing the malicious codes.. Motivation for choosi

VIETNAM NATIONAL UNIVERSITY, HA NOI VNU- INTERNATIONAL SCHOOL

COURSE TITLE: Principles of Information SecurityProject + Presentation

Group 3

Project: Research on malicious codes: Analyzing the malicious codes ( malware, ransomware or phishing attack) and methods for preventing the malicious codes

Contribution

Student’s Name Student ID Task

Pham Vu Quynh Anh 21070633 Introductio, Chapter 1 andMalware

Nguyen Chi Nghia 19071067 Phishing attack and chapter 3

Nguyen Bao Ngoc 20070963 Ransomware and Conclusion

CONTENTS

LIST OF TABLES 3

LIST OF FIGURES 3

INTRODUCTION 4

I Motivation for choosing the topic 4

II Purpose of the research project 4

CHAPTER 1 DEFINITION AND DETRIMENTAL EFFECTS OF MALICIOUS CODE 5

I Definition 5

II Significance of Malicious Codes 5

CHAPTER 2 SOME TYPICAL MALICIOUS 6

I Malicious Codes: Malware 6

1 Definition and types of malware (viruses, worms, Trojans, etc.) 6

2 Characteristics and behavior of malware 7

3 Examples of notable malware attacks 8

4 Methods for preventing malware 10

II Malicious Codes: Ransomware 11

1 Definition and explanation of ransomware 11

2 Characteristics and behavior of ransomware 12

3 Examples of notable ransomware attacks 12

4 Methods for preventing ransomware 14

III Malicious Codes: Phishing Attacks 15

1 Definition and explanation of phishing attacks 15

2 Characteristics and methods used in phishing attacks 15

3 Examples of notable phishing attacks 16

4 Methods for preventing phishing attacks 18

CHAPTER 3 COMPARATIVE ANALYSIS 20

I Similarities and differences between malware, ransomware, and phishing attacks 20

2 Significant differences between Ransomware, Malware, and Phishing: 20 II Common prevention methods applicable to all three types of malicious codes 21 CONCLUSION 23

I Recap of key findings on malicious codes and prevention methods 23 II Importance of implementing preventive measures to mitigate risks

23

III Future considerations and emerging trends in malicious codes and prevention 23 REFERENCE 24

INTRODUCTION I Motivation for choosing the topic

Malicious codes, such as malware, ransomware, and phishing attacks, pose a significant threat to individuals, organizations, and governments around the world These attacks are becoming increasingly sophisticated and frequent, and they are causing billions of dollars in losses each year Overall, studying malicious codes, such as malware, ransomware, and phishing attacks, is vital in addressing the ever-growing cybersecurity challenges and protecting individuals, organizations, and critical infrastructures from potential threats II Purpose of the research project

The research project aims to understand various types of malicious codes, analyze their characteristics, and assess the risks they pose to computer systems and individuals It also aims to explore prevention and mitigation strategies, conduct case studies, and compare different types of malicious codes By doing so, the project seeks to enhance knowledge, raise awareness, and contribute to cybersecurity efforts in protecting against and mitigating the risks of malicious codes

CHAPTER DEFINITION AND DETRIMENTAL EFFECTS OF 1.MALICIOUS CODE

I Definition

Malicious code is a term for code ( whether it be part of a script or embedded in a software system) designed to cause damage, security breaches or other threats to application security An important part of this definition is intent NonMalicious attacks do happen and are often accidental or due to negligence Malware can infect a network from a phishing email, for example

Malicious code comes in many forms: ● Trojans

● Viruses ● Ransomware ● Phishing attacks

II Significance of Malicious Codes

Malicious code can cause serious harm to individuals, organizations, and society It poses a security threat, proliferates and becomes more sophisticated over time, has an economic impact, invades privacy, and disrupts operations Implementing cybersecurity practices and preventive measures is crucial to mitigate these risks and protect against malicious code

CHAPTER 2 SOME TYPICAL MALICIOUS I Malicious Codes: Malware

1 Definition and types of malware (viruses, worms, Trojans, etc.)

Malware is a general term for any software program or code that is designed to cause harm to a computer system or network It can be used to steal data, damage files, or even take control of a system Malware is becoming increasingly sophisticated and difficult to detect, and it is a serious threat to individuals and businesses alike.Malware can be designed to do a variety of things, including:

● Steal data, such as passwords, credit card numbers, or personal information ● Disrupt or disable computer systems

● Take control of computer systems ● Launch denial- -service attacks of● Extort money from victims

There are many different types of malware, but some of the most common include:

- Viruses: Viruses are self-replicating programs that can attach themselves to other programs and files Once a virus has infected a system, it can spread to other systems and networks

- Worms: Worms are similar to viruses, but they do not need to attach themselves to other programs or files to spread Instead, they can exploit vulnerabilities in software to spread automatically

- Trojans: Trojans are malicious programs that disguise themselves as legitimate programs Once a Trojan has been installed on a system, it can allow the attacker to take control of the system or steal data

- Spyware: Spyware is malicious software that is designed to monitor a user's activity on their computer Spyware can be used to steal passwords, credit card numbers, and other sensitive information

- Ransomware: Ransomware is malicious software that encrypts a user's files and demands a ransom payment in order to decrypt the files

Other types of malware include:

- Adware: Adware is malicious software that displays unwanted advertisements on a user's computer

- Rootkits: Rootkits are malicious programs that give the attacker complete control over a system Rootkits are often difficult to detect and remove - Logic bombs: Logic bombs are malicious programs that are designed to

trigger a harmful event at a specific time or when a certain condition is met - Backdoors: Backdoors are malicious programs that create a hidden entrance

into a system that the attacker can use to gain access to the system 2 Characteristics and behavior of malware

Malware is any malicious software program or code that is designed to harm a computer system or network It can be used to steal data, damage files, or even take control of a system Malware is becoming increasingly sophisticated and difficult to detect, and it is a serious threat to individuals and businesses alike

Malware can have a variety of characteristics, depending on the type of malware However, some common characteristics include:

- Self-replication: Malware can often replicate itself, allowing it to spread to other systems and networks

- Stealth: Malware is often designed to be stealthy, making it difficult to detect and remove

- Polymorphism: Malware can often change its form or appearance, making it difficult for security software to detect

- Persistence: Malware can often persist on a system even after it has been detected and removed

Malware can also have a variety of behaviors, depending on the type of malware However, some common behaviors include:

- Stealing data: Malware can be used to steal a variety of data, including passwords, credit card numbers, and other sensitive information

- Disabling security software: Malware can often disable security software, making it easier for other malware to infect the system

- Taking control of the system: Malware can often take control of a system, allowing the attacker to remotely control the system or install other malware - Encrypting files: Ransomware is a type of malware that encrypts a user's files

and demands a ransom payment in order to decrypt the files

3 Examples of notable malware attacks

There have been many notable malware attacks over the years, some of which have had a significant impact on individuals, businesses, and governments Here are a few examples:

a Stuxnet (2010)

Stuxnet was a computer worm that was first discovered in 2010 It is widely believed to have been developed by the United States and Israel to target Iran's nuclear program Stuxnet was designed to attack Siemens SCADA systems, which are used to control industrial processes It was able to infiltrate these systems and cause them to malfunction, leading to damage to centrifuges used to enrich uranium

Stuxnet was a highly sophisticated piece of malware, and it was able to evade detection for a long period of time It is considered to be one of the first examples of a cyberweapon, and it has raised concerns about the potential for cyberwarfare

Stuxnet had a significant impact on Iran's nuclear program, and it is believed to have delayed the program by several years It also showed that cyberweapons can be used to cause real-world damage

Here are some of the key features of Stuxnet:

● It was a highly targeted attack, designed to specifically attack Iran's nuclear program

● It was very sophisticated and was able to evade detection for a long period of time

● It was able to cause real-world damage, by damaging centrifuges used to enrich uranium

● It raised concerns about the potential for cyberwarfare

Stuxnet was a highly sophisticated computer worm/malware discovered in June 2010 It targeted Iranian industrial facilities, including a uranium enrichment plant, and raised concerns about the potential for computer worms to be used for sabotage rather than just information theft Stuxnet had a complex operating mechanism and unique characteristics It exploited previously unknown vulnerabilities to achieve its objectives The detailed process is as follows:

Figure 1 Stuxnet attack process

b Mirai (2016)

Mirai was a botnet malware discovered in 2016, believed to be developed by a group of hackers in Russia It targeted insecure Internet of Things (IoT) devices, infecting them to create a network of compromised devices Mirai used this botnet to launch distributed denial- -service (DDoS) attacks on ofwebsites and online services It spread rapidly by exploiting vulnerabilities and weak default passwords on IoT devices

The impact of Mirai was significant, as it was responsible for high-profile DDoS attacks in 2016, causing widespread outages of popular websites and services It highlighted the potential threat posed by insecure IoT devices and the need to improve their security

The Mirai botnet attack process can be summarized in three main steps: - Step 1 Scanning: The botnet scans the internet for vulnerable IoT devices It

looks for devices with weak security configurations or default credentials - Step 2 Compromising: Once vulnerable devices are identified, Mirai exploits

their vulnerabilities to gain unauthorized access and control over them It infects the devices with the Mirai malware, turning them into botnet nodes - Step 3 Launching Attacks: The infected devices, now part of the Mirai botnet,

are instructed to carry out distributed denial- -service (DDoS) attacks of

These attacks involve flooding target websites or services with massive amounts of traffic, overwhelming their resources and causing disruptions

Figure 2 Mirai attack process

4 Methods for preventing malware

Malware is a serious threat to individuals, businesses, and organizations of all sizes By taking steps to prevent malware infections, you can help protect yourself and your systems from harm

a Installing reputable antivirus software

Antivirus software plays a crucial role in detecting and removing malware from your system When selecting antivirus software, it's important to consider factors such as effectiveness, features, ease of use, and price There are many antivirus software options available on the market, both free and paid.There are a number of free antivirus software options available that offer a good level of protection Some of the most popular free antivirus software include:Avast Free Antivirus, AVG Free Antivirus, Malwarebytes Free…

Paid antivirus software typically offers more features and protection than free antivirus software Some of the most popular paid antivirus software include: McAfee Total Protection, Norton AntiVirus Plus, Kaspersky Internet Security…

b Keeping software and operating systems updated

Keep your software and operating systems up to date Software developers regularly release updates to their software to patch security vulnerabilities It is important to install these updates as soon as they are available This will

help to protect your system from malware that exploits known security vulnerabilities

c Exercising caution with downloads and email attachments

Be careful about what links you click on in emails, social media posts, and websites Phishing attacks often use malicious links to trick people into revealing their personal information or installing malware on their systems Only download files from trusted sources and only open email attachments from people you know If you are unsure about a download or email attachment, do not open it

d Enabling firewalls and network security measures

Firewalls and network security measures can help to protect your system from unauthorized access and malware attacks It is important to enable firewalls and network security measures on your system and to keep them up to date Besides, use strong passwords for all of your online accounts and enable two-factor authentication whenever possible This will help to protect your accounts from being compromised by attackers

Malware is a serious threat to individuals and organizations alike By understanding the different types of malware and taking steps to prevent malware infections, you can help to protect your computer systems and data II Malicious Codes: Ransomware

1 Definition and explanation of ransomware

Ransomware is a type of malware that encrypts a victim's files and demands a ransom payment in order to decrypt them Ransomware attacks can target individuals, businesses, and even governments

Ransomware can be delivered in a variety of ways, including:

- Email attachments: Ransomware can be disguised as an attachment to an email message When the victim opens the attachment, the ransomware is installed on their computer

- Malvertising: Malvertising is malicious advertising that can be embedded on websites or in social media posts When a victim clicks on a malvertisement, the ransomware is installed on their computer

- Exploit kits: Exploit kits are malicious software that scans for vulnerabilities in computer systems When an exploit kit finds a vulnerability, it can install ransomware on the victim's computer

Once ransomware is installed on a victim's computer, it will encrypt the victim's files The encryption process makes the files unreadable and unusable The ransomware will then display a message to the victim demanding a ransom payment in order to decrypt the files

The ransom payment is typically demanded in cryptocurrency, such as Bitcoin or Ethereum This makes it difficult for law enforcement to track the payments and identify the attackers

2 Characteristics and behavior of ransomware

Ransomware exhibits several characteristics and behaviors that distinguish it from other types of malware:

- Encryption: Ransomware encrypts the victim's files or data, rendering them inaccessible without the decryption key

- Ransom Demand: Attackers demand a ransom payment from the victim in exchange for the decryption key

- Payment in Cryptocurrency: Ransom payments are typically requested in cryptocurrencies like Bitcoin, which provide a certain level of anonymity for the attackers

- Time Pressure: Ransomware often imposes a time limit for the ransom payment, threatening to permanently delete the encrypted files if the payment is not made within the specified timeframe

- Propagation: Ransomware can spread through various means, including malicious email attachments, infected websites, or exploiting vulnerabilities in software or operating systems

- Evolution: Ransomware continues to evolve, with new variants and techniques emerging over time, making it challenging to detect and mitigate 3 Examples of notable ransomware attacks

a WannaCry

WannaCry is a ransomware worm that spread rapidly through a number of computer networks in May of 2017 After infecting a Windows computer, it encrypts files on the PC's hard drive, making them impossible for users to access, then demands a ransom payment in bitcoin in order to decrypt them WannaCry exploited a known vulnerability in the Microsoft Server Message Block (SMB) protocol, which is used to share files and printers across