Embed Size (px)
Citation preview
IASP 470
The Internet of Insecure Things Professor Yoon
Group Paper
Student Name Work Accomplished
Thomas Hayes Cloud data, Cars, Wi-Fi, Wireless Devices, and Database Security
Iliandra Gonzalez Software, DDoS, Botnet, Malware,
Spyware, Keylogging, and Ransomware.
Abstract
There are numerous security risk on the internet that can cause problems to users. In the
spectrum of the internet and risk, there are a couple of key things to be aware of. In the internet
of insecure things, the more devices that are connected to the internet, the more vulnerabilities
there are exposed too. In technology there are software, cloud data, cars, Wi-Fi, and database
security that are prone to attacks or risks to end users. These threats are usually DDoS, botnets,
many forms of malware, spyware, keylogging, and ransomware.
We live in a world where the internet has become an extremely important aspect of our
everyday lives. Although there are more and more technological advances that are being created
constantly, there are more and more risks and threats that come with the new advances in
technology. Many people are not aware of the risks and threats that are present on the internet. It
is important to be aware and be educated of these risks. The term IoT illustrates the present day
dependency on the internet.
The internet of insecure things (IoT) is a term referring to the growing number of devices
being connected to the internet. Essentially all the “things” mentioned have security holes that
can put users at risk, every if they appear harmless. This terminology is not a new concept, it
first appeared in the early 2000’s by Kevin Ashton. Ashton laid the foundation of internet of
insecure things at MIT’s AutoID lab. This concept was dynamic because of its simplicity. During
the time of this, not all devices communicated with each other and stored the data in computers.
The concept of IoT is the possibility of all objects communicating with each other while being
managed by computers. In a 1999 article for the RFID Journal Ashton wrote the following:
“If we had computers that knew everything there was to know about things-
using data they gathered without any help from us—we would be able to track
and count everything, and greatly reduce waste, loss and cost. We would know
when things needed replacing, repairing or recalling, and whether they were
fresh or past their best. We need to empower computers with their own means
of gathering information, so they can see, hear and smell the world for
themselves, in all its random glory. RFID and sensor technology enable
computers to observe, identify and understand the world- without the limitations
of human-entered data.”
Obviously given that information presently, is humorous. We have technology that
communicates easily to other devices and effectively stores data with humans needed to enter
that data. This was a revolutionary idea that benefited and resulted to today’s modern
technology. The following technologies, although overlooked, are what IoT strived for and
became foundations for communications for data to be shared.
Software are one of the many programs available on the internet. The term software is a
general term, it is for various kinds of programs used to operate computers and related devices.
There are two types of software, systems software and application software. This is relevant
because users use and encounter both system and application software. Users can be exposed to
security holes in software unknowingly.
System software are programs that are exclusively dedicated to controlling the computer
itself. Examples of this are file management utilities, operating system, and disk operating
system (DOS). Two types of system software that are a requirement for a device are operating
system, and utility software. An operating system is a software program that enables the
computer hardware to communicate and operate with the computer software. This allows the
computer to function; without a computer operating system, the computer and software programs
would be useless. Examples of operating systems (OS) are commonly Microsoft Windows,
Apple macOS, and many Linux based systems. Utility software is a computer system software
intended to analyze, configure, monitor, and help maintain a computer. The size of a utility is
smaller than a standard program size, and usually includes an operating system. There are
numerous utility software available for the computer, some are antivirus programs, disk tools,
and backup software.
System software are designed to provide a platform for other software. System software
is a type of computer program that is designed to run a computer’s hardware and application
programs. This software is the interface between the hardware and user applications. As stated
prior, there are two main types of system software, the operating system and the utility software.
Utility software is intended to help maintain a computer. It is typically small, and provides
additional capabilities provided by the operating system. Some of utility software given were
antivirus programs, disk tools, and backup software. Some of these programs and nonessential
part of the operating system. An example of this is the print feature that comes with the operating
system. While utility has usages like this, it can also be an application.
A utility software is an application that is limited in capability but very specialized. An
example of this is the search and replace utility. Some operating systems provide a limited
capability to do a search and replace for given character strings, usually the application is
available but up to user if it will be used. Keep in mind the utility program, and utility software
are programs that are designed for certain tasks that overall help the device perform better. It
should not be confused with application software, which is similar but is not considered a system
software. Utility programs are mostly all free and are available on the internet. They are
available with the operating system as a package while some it up to user preference so it is up to
the user to find it.
System software, such as the utility programs, allow users to directly interact with it.
While other system software, such as the operating system (OS) runs in the background keeping
the device functional. Some system software are capable of allowing users to interact directly
with the hardware functionality. Examples of this can be illustrated with the utility programs like
control panel or the device manager. The control panel is used to configure and manage
practically all aspects of Windows such as keyboard/ mouse functionality, power options,
network settings, users and passwords, desktop background, and many more options. While the
device manager is a control panel that is tailored for hardware, it allows users to view and control
the hardware attached to the computer. The list of hardware can be sorted by various criteria.
Another form of software that does not fall under system software, but is a form of
software is application software. Application software is a program or group of programs
designed for end users. System software consist of low level programs that communicate with
the computer at a basic level. While application software resides above system software. Most
application software are database programs, word processors and spreadsheets. Application
software can be published alone as a single application or usually it will be grouped along with
system software. Examples of application software are Microsoft Office which included all of
the above, Adobe Photoshop which allows users to edit pictures, Chrome, Explorer, Firefox that
allow you to browse the internet, and Outlook which allow users to check their email.
Cloud data can be a blessing and an extremely great resource for users to store any
amounts of data for little to no cost. It allows users to save money by not having to purchase hard
drives or flash drives. This is a great resource that is readily available, however, it also poses a
great risk. Users may store sensitive information on the cloud or information that they do not
want to be shared. Hackers see this is a gold mine of information for them to steal. In 2016,
Apple, one of the biggest companies that allows users to store their data on the cloud was
breached. This was a result of a vulnerability in Apple’s password security system. It allowed
hackers to be able to guess passwords and security questions of users and gain access to their
cloud and all the information they stored on the cloud (Rubenking).
Businesses that offer cloud software take different measures to ensure that their users
data and information and secure and cannot be compromised. The businesses will encrypt the
data that is being stores with many different complex encryption methods. However, this does
not make it totally secure. The security on a cloud is typically more secure than on an average
user’s computer, however, the cloud can still be hacked. Weak passwords can be unsecure and
can be easily guessed by hackers. Users will also use the same password that they use on
different platforms. The other platform can be hacked, and they can give access to your data by
using that same password. Users should not use passwords that are related to their personal life.
A password should not contain your name, birthday, or anything related to that matter. This can
make is easy for hackers to guess your password. Users can also seek out their own encryption
options to encrypt their files and make them more secure. They can have access to encryption
options that the cloud companies do not use and this can make it harder for hackers to be able to
decrypt your password (Ko).
To prevent your information from being stolen it is best to encrypt your data on your
personal computer. A good option when browsing the web is to use a Virtual Private Network
also known as VPN. The purpose of a Virtual Private Network is to encrypt your traffic as you
browse the web. Your traffic will not be encrypted between the VPN server and the website
unless you are connected to a HTTPS website. This is a good option for security, however, your
files will not become encrypted and you can still be tracked while using a VPN. When a file
become encrypted a back door is typically created. The back door is created as a way for the
company to get past the encryption if they need to. Hackers can gain access to the back door and
will be able to bypass the encryption. In 2016, the FBI requested a back door to gain access to an
iPhone from apple, however, Apple refused to give them access to it. This is because apple does
not create back doors for their encryption and they refused to create one for the FBI. Apple did
not create a back door, because they do not want to give hackers a chance to be able to get past
their encryption and Apple felt it would get leaked sooner or later. Once Apple had the
cryptographic servers running they will physically destroy the keys that would permit
modification and allow access. Hackers can not use them to get in this way, however, Apple will
not be able to modify them either.
As technology keeps moving forward, cars today become more and more reliant on
technology. We are in an age where cars can drive on their own and this is all due to technology.
However, just like anything else in the technology world cars can be vulnerable to being
hacked. Hacking into a car’s system is inefficient for hackers as it is a low-reward and high-risk
and effort. Cars can have built in Wi-Fi and Bluetooth systems. This is what typically will be
hacked as hackers will want to steal your data and will most likely go unnoticed. However there
are other ways that a car can be hacked. The on-board diagnostics or OBD-II port of a car is
connected to the car’s controller area network bus. The more advanced that the car is the more
systems that will be connected to the controller area network bus. On most modern cars the
OBD-II port will control the steering, braking, engine, fuel management, advanced safety, drive
assistance systems, door locks, and window controls. Exploiting the OBD-II port can be a
difficult task. Specific software for the make, model, and year of the car will be required to do
this exploit. It is not very rewarding for hackers to take control of the car unless they are
planning on stealing it. They will also do this is they want to take control of the car to hurt the
driver or other people (Vincent).
Another way that cars can be hacked are through smart keys. Many modern cars will
come with a keypad that is used to lock and unlock the doors, or to start the car. The keypad will
send a specific signal to the car for it to be able to perform the action. There are technologies that
can capture signals that are sent to the car and can copy that signal. Hackers can also use brute
force to break into the car without having to physically break the window to gain access. They
can also use signal amplifiers to be able to access the signal from far away distances without the
owner knowing. Bluetooth systems are a standard in modern cars. Bluetooth systems can provide
a direct pathway to the car’s controller area network bus and can allow hackers to inject
malicious signals into different systems in the car. If the car has a tire pressure monitoring
system it is at risk of vulnerabilities. The sensors for the tire pressure monitoring system are
often set up to speak to other systems in the car, including: the anti-lock brake system, and
dashboard displays. Malicious files or data can be downloaded onto your smart phone without
you even knowing. If the phone contains the malicious file or data and plugged into a USB, or
aux port the malicious code can download into the car’s systems and can cause many problems.
Car manufacturers can provide apps that can be used to communicate with your car. It is similar
to the keypad where you can start your car, and unlock and lock the doors with the app.
However, if the app gets hacked the hackers will be able to do these functions. Ransomware is
not only happening on personal computers it is happening in modern cars as well. A pop up will
appear on your cars information screen stating that the car will not start again until money wire
to a specific place (Vincent).
Wi-Fi can be a great way to provide internet access to many users, however, Wi-Fi can be
seen as extremely vulnerable even when it is secured with a password. According to researchers
at the KU Leuven University in Belgium, the WPA2 protocol that is used to protect Wi-Fi
networks has weaknesses and vulnerabilities. Hackers are able to exploit the weaknesses and
vulnerabilities to inject and manipulate data. This can be used to steal sensitive information such
as passwords and credit cards. Many different operating systems are at risk, including: Android,
Apple, Linux, Windows, OpenBSD, and Linksys. In 2017, The United States Computer
Emergency Readiness Team issued a statement regarding exploiting vulnerabilities including
decryption, packet relay, TCP connection hijacking, and HTTP content injection. The
vulnerabilities are in the protocol itself and not in a specific device or software. Websites that do
not indicate their support for HTTPS should be considered unsecure and all of the information
that will be sent will be public. Users that use Wi-Fi from their routers should be aware that even
though it is password secured it is still vulnerable. Home internet connections will not be secure
any time soon. Wireless routers are rarely updated for security measures. The attacks are
considered complex and does not seem likely that any major attacks will happen exploiting these
vulnerabilities, however, the possibility is still out there and any sensitive information should not
be sent over Wi-Fi (Hern).
One attack that hackers are using is called KRACKs, also known as key reinstallation
attacks. The weakness is in the Wi-Fi protocol itself and not in any individual products or
implementations, therefore, hackers are able to use this method on most modern Wi-Fi systems.
This attack will allow the hacker to decrypt all of the data the victim will send. This attack is
especially devastating against Linux and devices running Android 6.0 and higher. This is due to
the fact that Android and Linux are able to be tricked into reinstalling an all-zero encryption key
instead of the real encryption key. Linux and Android devices commonly use version 2.4 and
above of wpa_supplicant, version 2.4 and up will clear the encryption key from memory once it
is created for the first time which allows the hacker to install an all-zero encryption key. When
the client receives retransmitted message 3 out of 4 of the handshake it will attempt to reinstall
an encryption key, which will be the hacker’s all-zero encryption key. When the all-zero
encryption key is installed associated parameters such as the incremental transmit packet and
receive packet are reset to their initial values allowing the hacker to manipulate the packets.
When this happens the encryption protocol will attempt to reuse keystream when encrypting the
packets. This will cause the keystream to become known and will allow the packets to be able to
be modified. The ability to decrypt the packets can be used to decrypt TCP SYN packets, this
allows the hackers to obtain the TCP sequence and hijack TCP connections. Hackers can use this
to do a common attack against Wi-Fi networks, they will inject data into the HTTP connection
(Vanhoef).
Databases can store personal information which can be a major target to hackers. A
database engine is responsible to accept SQL queries requests and execute those requests. The
requests will provide data back to the database and the querying computer. Databases listen to
queries on one or more TCPIP ports. Databases also work with the operating system to gain
better control on the disk and memory resources. Most modern databases provide additional
services such as web services, and data encryption. The database can use authentication and
access controls provided which can be important for security purposes, however, most users will
only use the controls provided by the database engine itself. One important aspect about
databases that users who use large databases need to consider is database performance. If a large
database does not have good performance and is not optimized well it can cause many problems.
Poor database performance can cause data to not be able to be accessed and if there is a website
that is dependent on that data it will not be able to function. Securing the database poorly or
having too much security can cause database performance issues as well (Smith).
Databases are a widely and continuously accessible component which makes it more
vulnerable to attacks. Database security requires careful design and requires modifications to all
network layers. There are many different ways that hackers will try to gain access to databases to
steal any information that the databases contain. Hackers will try to gain access to the database
by attempting to guess the username and password to the web server. Application configuration
files typically contain the default username and password to the web server. It is more common
than not that administrators do not change the default username or password to the web server.
As soon as the web server is bought the default username and password should be changed and
deleted from the configuration files. Packet sniffing is also a viable option for hackers to gain
access into the web server. Hackers will use a packet sniffer to capture packets going to and from
the database. The packets can be analyzed to be able to decipher the username and password to
log in to the web server. However, if the traffic is encrypted it will be more difficult use a packet
sniffer. When a web server gets a request it receives it in the form of a web url which will
contain a query string parameter which will direct the web application to the database to fetch the
requested data. If the developers are not fully aware of this method of attacking a database it can
cause many loopholes to open up for hackers to take advantage of (Smith).
The most common form of database attacks is SQL Injection. This attack in not just a
database attack but it is a combination of database and web vulnerability. It is done by creating
webpages which contain parts of SQL query statements which is filled up with relevant
information. If the database is not secure and not capable of handing the request it will send the
fake request to the database. The attacker can run a query to dump the entire database onto their
computer using this method. Another popular form of database attack that hacker’s use is
privilege evaluation. They will inject scripts which find out different levels of privileges and will
find one that they can access. Vulnerabilities by inefficient code in the database is a problem for
many database systems. Hacker’s will also do a Denial of Service attacks on databases. The
hacker will plant code on either the web server itself or the database which will send requests to
the database in an attempt to overwhelm the database causing in to not be able to function. The
queries will either be at the application layer or TCP layer and it will layer and dump database
contents in a loop, or a SYN packet storm. The database will stop accepting queries (Smith).
Database defense is very important for any business to have. Database servers are the
most important component of the whole database systems and must be secure on multiple levels
to ensure security. Patching is a first level defense of databases. A complex patching system
must be attached to the servers to make the database more secure. It is a good practice to disable
unwanted and unused database services. This is to prevent any vulnerabilities that those services
may contain. It may be harder to locate where the vulnerability is if an unused service is being
exploited. Any data that is being stored on the database should be encrypted by SSL or TLS
encryption. These encryption methods will help to prevent packet sniffing of data requested by
the database and the server. A database firewall should be present and should put restrictions to
only allow the database port to be accessible by a certain set of IP addresses. Businesses who
store massive amounts of data should have honeypots. A honeypot’s purpose is to deploy a fake
database server when the real one is being invaded. This will lure the hacker away from the real
database and direct them to a fake one.
In the grand scheme of the internet there are many forms of security risk or forms of
attacks. In cyber security, it is best to familiarize yourself with attacks in order to identify them
when it occurs. The forms of attacks or rather security risk are DDoS, Botnet, Malware, spyware,
and keylogging. They are the predators in a sense, when it comes to the internet. (IoT) Internet of
insecure things is focused on the risks of having more devices connected to the internet.
The first form of attack is DDoS. DDoS stands for distributed denial of service. It is a
subclass of denial of service (DoS). A distributed denial of service is an attack that involves
multiple botnets to overwhelm a target. Unlike the other kind of cyberattacks, distributed denial
of service, it does not attempt to breach your security perimeter. The focus of this form of attack
is to overwhelm the target. The target can be, and is not limited to a website and servers.
Distributed denial of service achieve this by sending large amounts of fake data to the website
until it because unavailable. This form of attack is highly noticeable for it impacts the entire
online user base. It is due to this, this form of attack has become popular for hacktivists to make
a point; or in some cases, become a champion. DDoS attacks can last days, months or even
years. For an online organization it can be destructing for business.
There are multiple attacks types that DDoS can use to target sites. However since DDos
is a sub category in DoS. DoS is Denial of service, a DoS attack is a single perpetrator using a
single connection to exploit a software vulnerability or flood a target with fake request. They
attempt to flood the target with fake request in order to exhaust server resources. Examples of
these resources are RAM and CPU. The main difference between DoS and DDoS is the amount
of users. DDoS will use multiple devices that are infected with malware to get to a target, while
DoS is a single users looking for exploits.
There are two general categories of attacks the DDoS are divided in. The application
layer attacks, and the network layer attacks. Since DDoS is a sub category to DoS, DoS is
capable of doing the same attacks. The application layer attacks can either be DoS or DDoS
threats that overload a server by sending request requiring handling and processing. This
category of attack can include HTTP floods slow attacks, such as Slowloris, RUDY, and DNS
query flood attacks. The application layer attacks is a layer seven attack. The application layer
attacks are measured in requests per second (RPS). The standard requirement to cripple most
medium sized websites is fifty to hundred request per second.
The other general category of attack is network layer attacks. This form of attack is
usually always used by DDoS. Network layer attacks are set up to clog the pipes connecting your
network. Any attacks in this category include UDP flood, SYN flood, NTP amplification and
DNS amplification attacks. These attacks can be used to prevent access to your servers and can
cause other severe operational damages. Almost all DDoS attacks will consist of high traffic
events. The network layer attacks is a layer three through four attack.
The next threat is botnets. In the previous form of attacks, the distributed denial of
service attack used botnets to flood websites and servers. Botnets is a network of private
computers infected and controlled as a group. Botnets are a collection of internet connected
devices, this includes personal computers, servers, smartphones, and any internet connected
device. Each of these devices must be infected and controlled by a type of malware. In most
cases, users are unaware of the botnet infecting their system. The infected devices are then
controlled remotely and are used for specific actions. This is done so the end user will not
become aware of the botnet. Botnets are used to send email spam, generate malicious traffic for
DDoS attacks and click fraud campaigns.
The word botnets derive from the word robot and network. The robot in this case is the
device that is infected by the malware. This “robot” then joins a network of infected devices
controlled by a single attacker or a group. This form of malware searches for vulnerable devices
through the internet. It does not target specific devices, individuals or companies. The objective
for botnets is to infect multiple devices, the more the merrier. It will not waste time attempting to
retrieve one device when it could easily spend that time infecting as many devices as possible.
What follows after this is it will use the computing power and resources of those devices for
automated tasks that will not get noticed by the end user.
The botnet malware does have an architecture to it. The botnet infection is usually spread
through malware. It is designed to automatically scan systems and devices for common
vulnerabilities. It aims to infect as many devices as possible. Botnet will also scan for ineffective
or outdated security products, examples of this are firewalls and antivirus software. There are
two ways the attackers can control the bots. The traditional way which is the client/server
approach and the peer-to-peer network approach. The attackers typically control the bots after
the achieved number of devices are controlled.
The traditional client/server approach involves the command-and-control server. This is
done through a communications protocol, IRC or internet relay chat can be used as an example.
The bots then get controlled or they await commands from the command-and-control server
before initiating any malicious actions.
The other approach is peer-to-peer network. The main difference is the bots will not use
command-and-control server. Instead they would use a peer-to-peer botnet decentralized
approach. Some of the bots would be programmed to scan for malicious websites or for other
devices in the botnet. The botnets would then share updated commands or even the latest
versions of the botnet malware. This approach is most used today since C&C communications
are often now monitored for any botnet operations.
Malware is everywhere on the internet. Malware is a software that is intended to damage
or disable a computer or computer systems. Malware is any program or file that is potentially
harmful to a computer user. This includes computer viruses, worms, Trojan horses and spyware.
Often malware can perform various functions including but not limited to stealing, encrypting,
altering and hijacking core computing functions. There are many different types of malware that
contain unique characteristics. The ones mentioned previously each have their own trait and
characteristics.
A virus is the most common type of malware. It is a virus that infects the computer with a
malicious code that replicates by copying itself to another program. It can change itself to a
computer boot sector or document and change how the computer works. The virus requires
someone to spread the infection without permission of the end user or the systems administrator.
There are many ways a virus can spread, it can be sent as an email attachment, clicking on an
executable file, visiting an infected website or by viewing an infected website advertisement.
Another way viruses can be spread is through USB drives or infected removable storage devices.
Once a virus infects the host, it can begin infecting other system software or resources.
Another type of malware is a worm. Worms are like viruses in terms of infecting other
devices. A computer worm is a type of malicious software program that infects other computers
while remaining active on infected systems. A worm can self-replicate, it will duplicate itself to
spread to uninfected computers. Worms use parts of an operating system that are automatics and
not visible to users. In most cases, worms are noticed only when their replication consumes
system resources, which will slow the computer down or halt other tasks. A worm, unlike the
virus can be spread without any user interaction. The only requirement the worm needs is for it
to become active on an infected system. Worms rely on networking protocols to multiply. It does
this by searching for other networks via scanning and other networks will respond to the infected
one.
Another form of malware is spyware. Spyware is a malware that is designed to collect
information and data on users. Spyware is installed on a computer and observes activity without
the user’s knowledge. This type of malware is very controversial because it can violate the user’s
privacy. It has a high potential of being abused. Spyware can be also referred to tracking
software. This can be found in multiple places, for example workplaces can have software
installed to monitor employees browsing activities. Spyware is difficult to detect, the only way
an end user would know their computer was infected with spyware is a reduction in the
processor. To notice it in mobile devices, the data usage and battery life would take a toll. There
are different types of spyware that are ethical, one of the many is keylogging.
Similar to spyware, keylogging is a system monitor or a keystroke logger. It is a type of
surveillance technology that is used to monitor and record each keystroke typed on a specific
computers keyboard. This monitoring software is available for smartphones such as iPhones and
Android devices. Keyloggers are often used to steal personally identifiable information (PII).
They are also used to steal login credentials and sensitive data. There are ethical uses for
keylogging such as employers observing employees’ computer activities. Parents supervising
their children’s internet usage, or users trying to track unauthorized activity on their devices.
There are different types of keyloggers, a hardware-based keylogger and a keylogging
software program. A hardware-based keylogger is a small device that serves as a connector
between the computer keyboard and the computer. The device resembles an ordinary keyboard
adaptor, the USB part. Since most computers have their keyboards connected to the back of their
computer, making it easy to hide without the user’s knowledge. When the user types on the
keyboard, the keylogger collects each keystroke and then saves the data. The data gets saved as
text on its own hard drive. This hard drive can have a memory up to several gigabytes. The only
downside to this, is the individual who installed the keylogger must retrieve and remove the
device.
The other type of keylogger is a keylogging software program. A common keylogger
program typically consists of two files that get installed. These two files must be in the same
directory. The two files are a dynamic link library (DLL) file that executes the recording of the
data, the second file is the executable file. This file is what installs the DLL file and triggers it to
work. After this is done, the program then begins to record each keystroke the user types and
then uploads the information over the internet. This is done periodically and sent to whoever
installed the program. Some of the keylogging programs include a function for recording user
data besides the keystrokes. It could capture anything that has been copied to the clipboard or
take screenshots of the users screen or application.
There are ways to detecting, and preventing keylogging from a user’s computer.
However, no one method is more effective than the other. The software Anitkeylogger is a
software designed to scan for any software-based keyloggers. This is done by comparing the files
on a computer against a keylogger signature base or using a checklist of common keylogger
attributes In the case of detecting keylogging, an anitkeylogger would be more effective than
antivirus or antispyware program. Simply because an antikeylogger would have a better chance
to identify a keylogger as a legitimate program instead of spyware. Another use of detection is
application whitelisting. This will give the user a notification each time an application tried to
make a network connection. This will prevent keyloggers from infecting the user’s computer.
Following my earlier example on malware that is designed for a specific purpose,
ransomware is one of the few that fall in this category. Ransomware is a subset of malware in
which the data on a victim’s computer is locked. The malware then demands payment for the
data and returned to the user. Ransomware typically locks the user by encrypting the data, then
demanding money to decrypt it. This form of attack differs from the others because unlike other
malware, ransomware will notify the user when the attack occurred. The notification will provide
the user with instructions on how to retrieve their data back by payment. The payment often is a
virtual currency so that the cybercriminal’s identity is not known. Examples of virtual currency
are bitcoin. Another form of payment are prepaid cards/vouchers.
Ransomware can be spread through email attachments, infected software applications,
infected external storage devices and compromised websites. Ransomware does not rely on user
interaction. Attacks recently have used remote desktop protocol just to avoid using user
interaction. One attack called lock screen is a variant of the ransomware attack. The malicious
attacker would change the victim’s login credentials on their device. This is kidnapping data; the
malware can encrypt files on this device and even other connected network devices. To prevent a
ransomware attack, constantly backing up your files daily can avoid the end user losing anything
if attacked.
To conclude, there are many great resources on the internet available to users, however,
there are risks as well. Hackers will attempt to steal your data, and your information without you
being aware that it is happening. Large businesses are having all their customers’ information
stolen. This is done using many different forms of malware including: spyware, Trojans, DDoS,
botnet, ransomware, and many different forms of malware. Databases and cloud storage are a
very efficient way to store data, however, hackers see these as a goldmine of information that
they will attempt to steal.
Works Cited:
Hern, A. (2017, October 16). “All wifi networks' are vulnerable to hacking, security expert
discovers.”
Ko, E. (2018, January). “5 Safety Concerns with Cloud Data Storage, Answered.”
Rubenking, N. (2017, December). “The Best Encryption Software of 2018.”
Smith, K. (2017). “Cyber Attacks Explained: Database Hacking.”
Vanhoef, M. (2016). “Key Reinstallation Attacks Breaking WPA2 by forcing nonce reuse.”
Vincent, J. (2016, October). “5 Ways Your Car Can Get Hacked.”
https://www.incapsula.com/ddos/denial-of-service.html
https://searchsecurity.techtarget.com/definition/botnet
https://searchsecurity.techtarget.com/definition/malware
https://searchsecurity.techtarget.com/definition/spyware
https://searchsecurity.techtarget.com/definition/keylogger
https://www.cisco.com/c/dam/en_us/solutions/trends/iot/introduction_to_IoT_november.pdf
