PACE-IT: Common Security Threats - YouTube

Hello, I'm Brian Ferrill, and welcome to PACE I T's session on common security threats.

Today, we're going to discuss directed security threats and then we will move on to security

threats that are more along the lines of opportunity attacks. With that, let's go ahead and begin

this session. I'm going to begin by stating that not all

attacks fall into a neatly confined category. Many times, different attacks are combined

to increase their effectiveness. Now, let's move on to directed security threats.

Now, directed security threats are those security threats, or those attacks, that are intentional in nature.

The first one that we'll mention is shoulder surfing. That is where someone

is looking over your shoulder in an attempt to gain access to information that they're

not supposed to have. That's where they watch you type in your password or your PIN.

As a side note, the user doesn't need to be present for shoulder surfing to occur, you can just

leave your PC running without a screensaver. Then there's social engineering. This is where

social pressure is applied to get a user to divulge information or secrets. Social engineering

can occur in person, over the phone, through email, fake memos, so on and so forth-anything

that tricks the user into divulging information that they shouldn't.

Now, there are several different types of social engineering attacks. The first one

we're going to mention is phishing. Phishing is an attempt to get the end user to divulge

sensitive information, as in usernames and passwords or bank account numbers. Phishing

always occurs through electronic media, through email or through websites.

Which brings us to pharming-pharming is closely related to phishing, but it can be more passive in nature.

Pharming specifically uses a Web page or site to glean sensitive information.

The attacker develops a fake website and entices the end user into putting in their credentials,

and then the attacker gleans that information. Now, let's move on to opportunity security threats.

These are more along the lines of threats by opportunity. They exploit weaknesses

and vulnerabilities. The first opportunity security threat we're going to mention is malware.

Malware is a broad category. It's usually defined as malicious software that

has the intent of causing harm. But it can also describe legitimate code that is written poorly.

It's so broad that it actually covers any code based security threat.

The first one that we're going to mention is rootkits. Rootkits are stealth software

that take over the root account-the administrative account. Rootkits attempt to hide their presence

from the end user and antivirus through their authority level. Rootkits can be extremely

difficult to remove because of their level of access to the system. They may actually

overwrite the boot sector, so that you can't remove them easily and need to actually reformat

the whole hard drive. Another type of malware is spyware.

Spyware is software that installs itself with the intent of collecting user data or information

on habits without the user's consent. It's often configured to collect this information

and then send it to a remote site at a specified time, or it can just store it in a hidden

file and wait for the attacker to come by and collect it. It has to have a host file

in order to operate. When the host file is run, the virus is executed, and then whatever

payload is there is also executed. Now, there are different types of viruses.

There's a program or application virus, and it attaches itself to a program or application

of course. There's a boot sector virus. Now, this attaches itself to the boot sector of

the PC. When the PC boots up, the payload is delivered. There are polymorphic viruses.

They attempt to hide their presence by changing their signature on a regular basis. There

are stealth viruses. That would be like your rootkit. Then there are multipartite viruses.

They combine several components into one packet. None of the components on their own are effective.

Now, viruses can combine several of these into one package and it would still be called a virus.

Now, worms are different than viruses.

Worms are malware that do not need a host file. They exploit network resources and services

to propagate and to move. They are self-replicating, unlike viruses. Worms mainly consume network

resources, often resulting in a downed network. Now, Trojans are malware that hides its purpose

by disguising itself as something that the end user desires. They often come in games,

free games in particular. The end user gets tricked into downloading the Trojan and the

virus package is delivered. This is often the attack vector that is used to establish

botnets or zombie nodes. That concludes this session on common security threats.

We briefly discussed directed security threats and then threats of opportunity.

Now, on behalf of PACE I T, thank you for watching this

session and I'm sure we will do some more soon.