Future is digging history
Dear readers I am starting new blog writing under the name (concept) of future is digging history intended to share the thoughts on different topics including technical and non technical that require to look into the history to learn from it and apply to the current situation.
Starting with the first blog under "future is digging history"highlighting ITsec.
IT security
Security has been a hot topic, hot in the sense that needs to be handled on the highest priority.
Unfortunately most of the IT professionals don not have any idea about the types of threats and how do they work which is most important to prevent our system from them.
So, in this blog will try to highlight the types of threats and their basic working.
- The first and most important point about the attackers and defenders is that there is much barrier in the proficiency between them.
I mean by proficiency, the intelligence attackers have gained compare to the defenders(include OSes, Antiviruses, firewalls, IDS/IPS and many more).
Below summary shows the ratio of code(LOC) written to attack the vulnarability in the system and data to the code written by defenders(you know):
120:1 - Struxnet to average malware
500:1 - Simple text editor to average malware
2000:1 - Malware suite to average malware
100,000:1 - Defensive tools to average malware
1000,000:1 - Target OS to average malware
[From the defenders' point of view, the ratio of defensive tools and target operating systems to average malware samples seems fairly bleak.
(Don't you think this is surprising! to us being IT professionals)]
- Secondly will see the core of this blog, what does the Malware mean:
Malware includes Viruses, trojan horses, worms, rootkits, scarewares and spywares and many others with different names having similar functionality(Ex. Ramsomware).
- Broad categoryies of Malwares:
1. Static viruses
2. Polymorphic viruses
- Types/Categories of Malwares based on functionality:
1. Backdoor
2. Botnet
3. Downloader
4. Information-stealer(includes sniffers, password hash grabbers, keyloggers etc.)
5. Launcher
6. Rootkit
7. Scareware
8. spam sender
9. Worm or Viruses
- Finally will discuss basic functionality of different kinds of malwares:
1. Rootkits:
Rootkits modify the internal functionality of the OS to conceal their existance.
These modifiers can hide files, processes, network connections and other resources from running programs.
The majority of rootkits in use operate by somehow modifying kernel.
Both the Rootkits and the defensive mechanisms are more effective when they run at the kernel level, rather than at the user level.
2. Downloder/Launcer:
Two commonly encountered types of malware are downloaders and launchers.
Downloders simply download another piece of malware from the internet and execute it on the local system.
A launcher(also known as loader) is any executable that installs malware fro immediate or future covert execution.
3. Backdoors:
A backdoor is a type of malware that provides an attacker with remote access to a victim's machine.
These are the most commonly found type of malwares.
Backdoors communicate over internet in numerous ways, but a common method is over port 80 using the HTTP protocol.
The botnet listed above in the types/categories of malware is kind of backdoor.
4. Credential stealer(Information-stealer):
Programs that wait for user to log-in in order to steal their credentials.
Programs that dump information stored in OS such as password hashes, to be used directly or cracked offline.
Programs that log keystrokes come under this category.
5. Other malwares(Worm and Viruses or spywares)
They simply malfunction the executables directly or use system vulneribilities of system to attack.
The classic example is Ransomware and the security threat topic is incompelete without the mention of Wannacry.
Conclusion: This is the very basic information that every IT professional including system programmers, DevOps, system admins and not to mention defensive tools developer should know.
The security topic is very vast and can not explained on the single blog.
[If you liked this information and I am ready to share more detailed information on this topoc or will go to anotehr topics:)]
Thanks,
Anand Mokashi, Research Engineer in R&D Lab.