Cyber Security and Digital Forensics - Coursework Example

Cyber Security and Digital Forensics: Insistent Growth of Malware Threat to Enterprises [Name] [Professor Name] [Course] [Date] Table of Contents Table of Contents 1 Introduction 2 Defining malware and vulnerability of business networks 3 Vulnerability of Businesses 5 Classes of malicious software 5 Categories of Malware 5 Viruses 6 Worms 7 Trojans 7 Further security threats 8 Exploits 8 Back door 8 Rogueware 8 Zombies 9 Phishing 9 Spear phishing 10 Best practices to combat worms, viruses and Trojans 10 Conclusion 11 Works Cited 12 Introduction The rapid penetration of internet has raised the potential for security threats for businesses globally. At present, cyber security is considered as one of the crucial parameters for acceptance of any internet technology. Indeed, in 2013 alone, studies have shown that dealing with malware will cost global business up to $112 billion (Ashford). In particular, any node of attack in wireless network provides an irregular behaviour termed as malicious behaviour. Under this scenario, the whole operation of a network becomes compromised by malware. Malware is a common term applied in defining malicious software that contributes to security threats to a computer system and the internet (Rossow 5-6). This essay argues that many businesses are unaware of attacks and have slow responses to these risks that endanger the security of the entire organization. The premise of this argument is that reliance on passive antimalware and antivirus software have created a false sense of security for businesses leaving them vulnerable to serious attacks since they fail to actively monitor their systems. Defining malware and vulnerability of business networks The reliability and availability of wireless networks is increasingly compromised by viruses, Trojans and warms. Malware represents an intentional and malicious discharge of software aimed at impacting the profitability and productivity of individuals or businesses. Logan and Logan (301) estimate that for every 1,000 computers, the rate of infection will be 105. A disaster refers to simultaneous attack on more than 25 computers causing major damage. Virus, Trojans and worms all form part of a class of software called malware. Most malwares compromise information privacy and modifies the system information and data. Information system experts agree that cyber insecurity caused by different classes of malware is the most inherent costs of doing online business. It is therefore critical that organizations must take the required steps to protect information and to provide proper risk management that could prevent data breach (Sophia). Basically, security threat refers to a potential cause of unwanted occurrence that may damage a system or network. Wireless network are vulnerable to various security threats and attacks, where malware attacks pose the greatest threat by exploiting weaknesses of the wireless network (BITS 19). Malware, also known as malicious code, is an acronym for malicious software. Basically, it refers to software or code that is particularly designed to disrupt, damage and steal or even inflict unwarranted and illegitimate action on the host, network or data (Rossow 5-6). There are several classes of malware, each with varying degrees of proliferation and ways of infecting systems. Malware infests the system by being bundled with other software programs. Alternatively, it can be attached as macros to files. Other malware may however be installed through exploitation of a vulnerability in an operating system (OS), other software or network device, including a hole in a browser that needs users to visit a site in order to infect their computer systems. A majority of the malware may however be installed through some action from the user, such as downloading a file from the internet or click on an email attachment (Mohammed et al 115-116). Damage from malware often ranges from the potential to cause minor effects such as browser pop up ads to major effects such as stealing private information, destroying information and disabling an entire system or network. Although malware cannot damage a system’s physical hardware, it has the potential to damage the data and software stored on equipment. The most common malwares are worms, viruses, bots, Trojans, spyware, backdoors and adware. Vulnerability of Businesses Studies have estimated that up to 6 percent of companies that suffer from a catastrophic date loss get to survive business disruption. There is also significant loss reported in work productivity of the employees whose computers are affected by viruses, worms or Trojan horse. A survey of large firms operating with up to 500 computers evidenced that the average time to recover from a malware attack may take up to 23 days. Some 75 percent of the companies surveyed had substantial virus outbreak and around 62 percent of the files corrupted by malicious programs. Based on these findings, it is clear that business have neglected the need to protect their systems against the attacks despite substantial losses (Logan and Logan 301-302). Classes of malicious software Two of the most common classes of malware are viruses and worms. These forms of programs can self-replicate, spread their reproductions and even modify their copies. In order to be classified as a worm or a virus, these forms of malware have to have a property to propagate. While worms are relatively independent in their way they operate, viruses depend on the host programs to spread themselves (Padmavathi and Divya 66-67). Categories of Malware The various categories of malware are listed below. Table 1: Malware classification Viruses Computer viruses are forms of malware that propagate by becoming a component of another program or inserting a copy of themselves. A computer virus spreads from one computer to the other leaving behind infections as it passes through. This type of malware varies in severity, ranging from mild irritating effects that damage software or data to effects such as denial-of-service (DoS) on the system (Mohammed et al 115-116). Nearly all viruses that are attached to a file that can be executable; this means that the infections may exist on the system even if it may not have the capability to spread when a user gets to open the malicious program or host file. In most cases, the host file or malicious program will keep function after the viral infection. In some cases however, a number of viruses may overwrite other programs with the copies that will destroy the host program. Viruses that are spread when the file or the program they are attached to are transmitted from a computer to the other through the network, file sharing, a disk or infected email attachments (BITS 19). Worms Like viruses, worms replicate functional copies of themselves. Additionally, they can cause security risks that are similar to those caused by viruses. In contrast however, they do not need a host file to spread. In fact, they are standalone software that self-propagates without requiring human help or host file to propagate. Rather, they will exploit vulnerability on a system to execute themselves. A worm transmits into a computer through the vulnerability and will in most cases take advantage of information- or file-transport features on the system, hence allowing it to spread unassisted. Trojans A Trojan is a kind of malware that although may look legitimate, tricks users into executing or loading before they execute themselves into the target system. Once activated, it has the capability to execute further attacks on the host system, ranging from popping windows to stealing and deleting files. In some instances, they can create backdoors hence giving malicious users or hackers access to the system. However, unlike worms or viruses, they do not replicate through infecting files. Additionally, they do not self-replicate. They usually spread through user interactions such as downloading malicious files or clicking on email attachments. Further security threats Exploits An exploit is a piece of command, software or methodology with the tendency to attack certain security vulnerability. However, they are not often malicious in nature, and may in most cases serve as a warning that vulnerability exists in the system. In any case, it is a common constituted of malware. Exploits have made businesses more vulnerable to hackers. For instance, one exploit can account for more than 90,000 unique malicious codes (Symantec 8). Back door A back door refers to an undocumented means of accessing a target system through the normal authentication procedure. Original programmers may place back door in a software, while others may be placed on the system using a typical system breach such as through a worm and virus. Normally, attackers make use of back doors to ensure more convenient and continued access to a system once compromised. Rogueware Rogueware, or rogue security software, is a form of internet fraud that uses malware to mislead users to pay money for simulated removal of malware that it claims to get rid of and instead introduces malware to the system. For instance, a website displays a fake warning dialogue that informs the user that his system is infected with a worm or virus. Its further encourages the user to purchase or install a scareware in the hope that they are buying genuine antivirus software. Zombies A zombie consists of a computer that is connected to the internet a hacker has compromised. A Trojan or virus may be used to perform malicious attacks under a remote direction. Typically, owners of such computer are unaware that their computers are being used in that regard, hence the name ‘zombie.’ Zombies have been used by malicious users to send email spams. Indeed, statistics show that an overwhelming 50 to 80 percent of all spam worldwide are sent by zombie computers. This enables spammers to avoid being detected and to reduce their bandwidth costs as owners of the zombies pay for own bandwidth. They extend the further spread of Trojan horse. Additionally, they rely on the exchanges of emails through recipients. Phishing Phishing refers to an attempt to obtain information such as passwords, usernames and confidential information (such as credit card information) by faking oneself as a being a trustworthy entity through electronic communication. A typical example is through the use of phishing emails that possess links to websites infected with malware. The practice is usually undertaken through instant messaging or mail spoofing and directs a target user to enter personal information on fake website that looks almost similar to a legitimate one. Globally, businesses have failed to protect their systems from these vulnerabilities. Studies have shown that financial institutions are the most affected with regard to phishing. For instance, in the United States, emails purporting to be from Internal Revenue Services have been used by phishers to steal sensitive information from taxpayers. Spear phishing Spear phishing refers to an email spoofing fraud targeted at specific organisations and that seel unauthorised access to confidential information. Once, an employee of the organizations click on the malicious link, the company’s network becomes infected. Studies have showed that spear phishing is becoming a threat to industrial control system because of lack of awareness of such malware. A study on companies using Supervisory Control and Data Acquisition (SCADA) systems showed that 26 percent of spear phishing attacks at any one time could be successful (Mello). Best practices to combat worms, viruses and Trojans A critical step towards protecting a computer system is to ensure that the operating system is up to date. Put differently, there is a need for a user to apply the most recent fixes and patches suggested by the operating system vendor. Additionally, installation or antivirus software onto the system and frequent download of updates will ensure that the antivirus software gets the latest fixes to combat worms, Trojans, viruses and worms (Security TechCenter). It is also critical to ensure that the antivirus program has the capability to scan files and emails as they are downloaded from the internet. This is to ensure that malicious programs are blocked from gaining access into the computer. Installing a firewall is also crucial and serves similar functions. Some experts have argued that educating employees on the threats of malware that are delivered through emails, such as phishing and spear phishing, can play a critical role in reducing the threats (Starr). Holistic approaches to deploying several internet security defences such as web application firewalls, secure coding, firewalls and intrusion detection systems (IDS) and vulnerability assessments (Symantec 8). Conclusion In conclusion, global enterprises are unaware of attacks and have slow responses to these risks that endanger the security of the entire organization. This is because of reliance on passive antimalware and antivirus software have created a false sense of security for businesses leaving them vulnerable to serious attacks since they fail to actively monitor their systems. Given the rise in threats in enterprise ICT security, it becomes increasingly crucial that businesses have to change their mind-sets to adopt cyber security measures. Under this circumstance, holistic approaches to deploying several internet security defences such as web application firewalls, secure coding, firewalls and intrusion detection systems (IDS) and vulnerability assessments. Works Cited Ashford, Warwick. "Malware in counterfeit software to cost business $114bn in 2013." Computer Weekly, 2013. 31 Oct 2013 BITS. Malware Risks and Mitigation Report. BITS: Washington DC, 2011. Logan, Patricia & Logan, Stephen. "Bitten by a Bug: A Case Study in Malware Infection." Journal of Information Systems Education, 14.3 (2005) 301-304 Mello, John, "Spear phishing poses threat to industrial control systems." Data Protection, 2013. 31 Oct 2013 Mohammed, Aliyu, Haitham A. Jamil, Sulaiman Mohd Nor, Muhammad Nadzir. "Malware Risk Analysis on the Campus Network with Bayesian Belief Network." International Journal of Network Security & Its Applications 5.4 (2009): 115-128 Padmavathi , G. & Divya, S. "A Survey on Various Security Threats and Classification of Malware Attacks, Vulnerabilities and Detection Techniques." The International Journal of Computer Science & Applications 2.4 (2013): 66-72 Rossow, Christian. Using Malware Analysis to Evaluate Botnet Resilience . Vrije Universiteit, 2012. 31 Oct 2013 Starr, Jasmine. "The Dangers of Malware in Your Business." Yahoo Voices, 2010. 31 Oct 2013 Security TechCenter. Strategies for Managing Malware Risks. 2006. 31 Oct 2013. Sophia, Mary. UAE Has Highest Malware Infection Rate In ME. Gulf Business, 2013. 31 Oct 2013. Symantec. The Ongoing Malware Threat: How Malware Infects Websites and Harms Businesses — and What You Can Do to Stop It, 2012. 31 Oct 2013 Read More