Viruses and Malicious Code

docx

School

Lehigh Carbon Community College *

*We aren’t endorsed by this school

Course

527

Subject

Computer Science

Date

Feb 20, 2024

Type

docx

Pages

7

Uploaded by CommodoreField5003

Report
Viruses and Malicious Code Tatiana Fleetwood-Mack CIS 552: Viruses and Malicious Code Steven Epstein February 4, 2024 1
Viruses and Malicious Code The advent of the internet and the interconnected nature of modern computing have paved the way for an unprecedented rise in cyber threats. Among the most prevalent and damaging are viruses, malicious code, and hoaxes. Understanding the nature of these threats is crucial for devising effective strategies to mitigate their impact on computers and productivity. Viruses, Malicious Code, and Hoaxes Viruses are malicious programs designed to replicate and spread from one computer to another. They can infect files, damage software, and compromise the overall functionality of a system. The threat posed by viruses ranges from mere inconvenience to catastrophic loss of data and functionality. Common transmission vectors include email attachments, infected software downloads, and compromised websites. The impact of viruses on productivity is substantial. Downtime caused by infected systems, data loss, and the resources required for recovery contribute to a direct financial toll on businesses. Additionally, the reputational damage resulting from a virus attack can erode customer trust and confidence. Malicious code encompasses a broader category of harmful software, including but not limited to viruses (Gordon-Murnane, L. 1999). This category includes worms, trojans, ransomware, and spyware, each with its own set of destructive capabilities. Worms, for instance, self-replicate and spread independently, while trojans disguise themselves as legitimate software to deceive users into installing them. The effects of malicious code are multifaceted, ranging from data theft and financial loss to privacy breaches. The use of ransomware, in particular, has seen a significant rise, with attackers encrypting sensitive data and demanding payment for its release(Gordon-Murnane, L. 2
1999). Such attacks can bring operations to a standstill, affecting productivity and causing severe financial consequences. While virus hoaxes may not directly infect systems, they can contribute to panic, misinformation, and wasted resources. Hoaxes often circulate false information about non- existent threats, leading users to take unnecessary precautions or causing unnecessary disruptions (Gordon-Murnane, L. 1999). These can include spreading false alerts about harmful files, programs, or emails that do not actually pose a threat. The impact of virus hoaxes on productivity is more indirect but can still be significant. The time and resources spent investigating and responding to false threats divert attention from genuine security concerns, leading to inefficiencies in both individual and organizational processes (Gordon-Murnane, L. 1999). To counter the threat posed by viruses, malicious code, and hoaxes, a multi-faceted approach is necessary. This includes implementing robust cybersecurity measures such as antivirus software, firewalls, and intrusion detection systems. Regular software updates and patches are critical to closing vulnerabilities that malicious actors may exploit. User education and awareness training are equally important. Teaching individuals about the risks of opening suspicious emails, downloading files from untrusted sources, and falling victim to social engineering tactics can significantly reduce the likelihood of successful attacks. Denial of Service (DoS) Attacks and Blended Threats Denial of Service (DoS) attacks and blended threats represent two distinct yet interconnected challenges in the cybersecurity landscape. This report aims to analyze the nature, impact, and mitigation strategies for both denial-of-service attacks and blended threats, providing insights into the evolving tactics used by cyber adversaries. 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Denial of Service attacks aim to disrupt the normal functioning of a system, network, or service by overwhelming it with a flood of traffic or exploiting vulnerabilities. These attacks can be classified into three main categories, Flooding Attacks which involves overwhelming a target with a massive volume of traffic, such as in a Distributed Denial of Service (DDoS) attack (Schaap, A. J., 2009). Attackers often harness botnets, networks of compromised devices, to amplify the impact and make it challenging to trace the origin of the attack. Protocol Exploitation which targets vulnerabilities in network protocols to exhaust system resources (Schaap, A. J., 2009). For example, attackers might exploit weaknesses in the Transmission Control Protocol (TCP) or the Internet Control Message Protocol (ICMP) to disrupt network communications. Application Layer Attacks which focuses on exploiting vulnerabilities in specific applications or services, making it difficult to distinguish malicious traffic from legitimate requests (Schaap, A. J., 2009). These attacks often target web servers, DNS, or other critical applications. The impact of DoS attacks is severe, leading to service disruptions, downtime, and financial losses (Schaap, A. J., 2009). Critical infrastructure, financial services, and online platforms are particularly vulnerable, as prolonged outages can have cascading effects on both individuals and businesses. Blended threats combine multiple attack vectors to exploit vulnerabilities and maximize their impact. These threats often involve a combination of malware, social engineering, and network-based attacks. There are many characteristics that blended threats include (Schaap, A. J., 2009). Malware Propagation, Blended threats commonly use malicious software to compromise systems. Once inside a network, the malware can exploit vulnerabilities, exfiltrate data, or act as a foothold for further attacks. Social Engineering is attackers may employ tactics to deceive users or gain their trust, leading to actions that compromise security, such as clicking 4
on malicious links or providing sensitive information (Schaap, A. J., 2009). Exploitation of Vulnerabilities is when blended threats leverage known vulnerabilities in software, hardware, or human behavior. This exploitation across multiple fronts makes them challenging to detect and mitigate (Schaap, A. J., 2009).. The impact of blended threats is often more significant than individual attacks, as they exploit weaknesses at multiple levels. Businesses, government entities, and individuals must be vigilant against these sophisticated threats that continually adapt to security measures. Trojan horse A Trojan horse is a type of malware that disguises itself as a legitimate or benign program while carrying out malicious activities in the background. Unlike a standard virus, a Trojan horse does not replicate itself independently. Instead, it relies on the user's actions to be executed. The key differences lie in their modes of operation, a virus self-replicates and spreads, attaching itself to host files, while a Trojan horse relies on social engineering to trick users into installing it (Ribas Monteiro, Et al, 2023). Trojans often create backdoors, allowing unauthorized access to the compromised system, and can perform various malicious actions, such as stealing data, installing additional malware, or facilitating remote control (Ribas Monteiro, Et al, 2023). The deceptive nature of Trojan horses makes them distinct from viruses, emphasizing the importance of user awareness and security measures to prevent their infiltration. Two significant threat vectors Phishing Attacks and Malware Injection through Software Vulnerabilities. Phishing Attacks involves the use of deceptive techniques to trick individuals into revealing sensitive information, such as usernames, passwords, or financial details. These attacks commonly leverage email, social engineering, or malicious websites to exploit human vulnerabilities 5
(Shaukat, M, Et Al, 2023). Implementing advanced email filtering solutions is critical in identifying and quarantining phishing emails. Additionally, the use of email authentication protocols like DMARC helps verify the legitimacy of incoming emails, reducing the likelihood of successful phishing attacks. Conducting regular cybersecurity awareness training plays a pivotal role in educating users about recognizing phishing attempts (Shaukat, M, Et Al, 2023). Emphasizing the importance of verifying email sources, avoiding clicking on suspicious links, and exercising caution when sharing sensitive information online strengthens the human element of defense against phishing attacks. Malicious actors exploit vulnerabilities in software, such as operating systems or applications, to inject and execute malware. This can lead to unauthorized access, data theft, or disruption of services. Implementing a robust patch management process is crucial to ensure that all software and systems are regularly updated. Regular patching addresses known vulnerabilities, reducing the risk of exploitation by closing security gaps and keeping systems resilient against malware injection (Shaukat, M, Et Al, 2023). Deploying Intrusion Prevention Systems (IPS) is essential in monitoring network and system activities. IPS solutions can detect abnormal behavior and block or mitigate potential threats in real-time (Shaukat, M, Et Al, 2023). Identifying and preventing the exploitation of vulnerabilities, IPS enhances the overall security posture against malware injection. The dynamic and evolving nature of cyber threats requires a proactive and multi-layered cybersecurity approach. Organizations must invest in robust technical controls, user education, and continuous adaptation to stay ahead of sophisticated adversaries. As cyber threats continue to evolve, maintaining a resilient cybersecurity posture is imperative for safeguarding computers, data, and overall productivity. 6
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Sources Gordon-Murnane, L. (1999). Cyber-Threats: Protect Against Computer Viruses with Alerts, Warnings, and Advisories. Searcher (1070-4795), 7(7), 59. Ribas Monteiro, Luiz Fernando, Yuri R. Rodrigues, and A. C. Zambroni de Souza. 2023. “Cybersecurity in Cyber–Physical Power Systems.” Energies (19961073) 16 (12): 4556. doi:10.3390/en16124556. Schaap, A. J. (2009). Cyber Warfare Operations: Development and Use under International Law. Air Force Law Review, 64, 121–173. Shaukat, M. W., Amin, R., Muslam, M. M. A., Alshehri, A. H., & Xie, J. (2023). A Hybrid Approach for Alluring Ads Phishing Attack Detection Using Machine Learning. Sensors (14248220), 23(19), 8070. https://doi.org/10.3390/s23198070 7

Related Documents

INT 220 Business Brief mod 2.docx
Case Study, Muscle, BIOS 252.docx
Homework_1 2.pdf
1_senator_pca - Jupyter Notebook.pdf
Mitigating Risk .docx
Performance Lab 2.docx
Cybercrime Tech:Response .docx
ITN v7 SG SECTION 1 (Modules 1-3).docx
M04 Quiz Take 1.pdf
M02 Quiz Take 2.pdf
Quiz M01 Take 2.pdf
M04 Quiz Take 2.pdf
Recommended textbooks for you
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
SEE MORE TEXTBOOKS