COMPUTER THREATS

Definition
A computer system threat is anything that leads to loss or corruption of data or physical
damage to the hardware and/or infrastructure. Knowing how to identify computer security
threats is the first step in protecting computer systems. The threats could be intentional,
accidental or caused by natural disasters.
Types of Threats:
A security threat is a threat that has the potential to harm computer systems and organizations.
The cause could be physical, such as a computer containing sensitive information being
stolen. It’s also possible that the cause isn’t physical, such as a viral attack.
1. Physical Threats: A physical danger to computer systems is a potential cause of an
occurrence/event that could result in data loss or physical damage. It can be classified as:
• Internal: Short circuit, fire, non-stable supply of power, hardware failure due to
excess humidity, etc. cause it.
• External: Disasters such as floods, earthquakes, landscapes, etc.
• Human: Destroying of infrastructure and/or hardware, thefts, disruption, and
unintentional/intentional errors are among the threats.
To protect computer systems from the above-mentioned physical threats, an organization must
have physical security control measures. The following list shows some of the possible
measures that can be taken:

• Internal: Fire threats could be prevented by the use of automatic fire detectors and
extinguishers that do not use water to put out a fire. The unstable power supply can be
prevented by the use of voltage controllers. An air conditioner can be used to control
the humidity in the computer room.
• External: Lightning protection systems can be used to protect computer systems
against such attacks. Lightning protection systems are not 100% perfect, but to a certain
extent, they reduce the chances of Lightning causing damage. Housing computer
systems in high lands are one of the possible ways of protecting systems against floods.
• Humans: Threats such as theft can be prevented by use of locked doors and restricted
access to computer rooms.

2. Non-physical threats: A non-physical threat is a potential source of an incident that could

result in:

• Loss or corruption of system data

• Disrupt business operations that rely on computer systems
• Loss of sensitive information
• Illegal monitoring of activities on computer systems
• Cyber Security Breaches
• Others

These non-physical threats include malware, Denial of sevice attacks, phishing etc.

Malware
Short for Malicious Software, malware is any code that can be used to steal data, bypass access
controls, or cause harm to, or compromise a system. In other words it is a type of computer

1
program that infiltrates and damages systems without the users’ knowledge. Malware tries to
go unnoticed by either hiding or not letting the user know about its presence on the system.
Below are a few common types of malwares:

➢ Spyware

This malware is design to track and spy on the user. Spyware often includes activity trackers,
keystroke collection, and data capture. In an attempt to overcome security measures, spyware
often modifies security settings. Spyware often bundles itself with legitimate software or with
Trojan horses. An example of a spyware are keyloggers (they can monitor a user’s computer
activity in real-time. Keylogger is a program that runs in the background and records every
keystroke made by a user, then sends the data to a hacker with the intent of stealing passwords
and financial information).

➢ Adware

Advertising supported software is designed to automatically deliver advertisements. Adware is

often installed with some versions of software. Some adware is designed to only deliver
advertisements but it is also common for adware to come with spyware.

➢ Bot

From the word robot, a bot is malware designed to automatically perform action, usually online.
While most bots are harmless, one increasing use of malicious bots are botnets. Several
computers are infected with bots which are programmed to quietly wait for commands provided
by the attacker.

➢ Ransomware

This malware is designed to hold a computer system or the data it contains captive until a
payment is made. Ransomware usually works by encrypting data in the computer with a key
unknown to the user. Some other versions of ransomware can take advantage of specific system
vulnerabilities to lock down the system. Ransomware is spread by a downloaded file or some
software vulnerability.

➢ Scareware

This is a type of malware designed to persuade the user to take a specific action based on fear.
Scareware forges pop-up windows that resemble operating system dialogue windows. These
windows convey forged messages stating the system is at risk or needs the execution of a
specific program to return to normal operation. In reality, no problems were assessed or
detected and if the user agrees and clears the mentioned program to execute, his or her system
will be infected with malware.

➢ Rootkit

This malware is designed to modify the operating system to create a backdoor. Attackers then
use the backdoor to access the computer remotely. Most rootkits take advantage of software
vulnerabilities to perform privilege escalation and modify system files. It is also common for

2
rootkits to modify system forensics and monitoring tools, making them very hard to detect.
Often, a computer infected by a rootkit must be wiped and reinstalled.

➢ Trojan horse

A Trojan horse is malware that carries out malicious operations under the guise of a desired
operation. This malicious code exploits the privileges of the user that runs it. Often, Trojans
are found in image files, audio files or games. A Trojan horse differs from a virus because it
binds itself to non-executable files.

➢ Worms

Worms are malicious code that replicate themselves by independently exploiting

vulnerabilities in networks. Worms usually slow down networks. Whereas a virus requires a
host program to run, worms can run by themselves. Other than the initial infection, they no
longer require user participation. After a host is infected, the worm is able to spread very
quickly over the network. Worms share similar patterns. They all have an enabling
vulnerability, a way to propagate themselves, and they all contain a payload. Worms are
responsible for some of the most devastating attacks on the Internet

➢ Denial Of Service (DoS) Attacks

A Denial-of-Service attack is one in which an attacker tries to prohibit legitimate users from
obtaining information or services. An attacker tries to make a system or network resource
unavailable to its intended users in this attack. The web servers of large organizations such
as banking, commerce, trading organizations, etc. are the victims.

➢ Phishing
Phishing is a type of attack that is frequently used to obtain sensitive information from users,
such as login credentials and credit card details. They deceive users into giving critical
information, such as bank and credit card information, or access to personal accounts, by
sending spam, malicious Web sites, email messages, and instant chats.

Man-In-The-Middle (MitM) – MitM allows the attacker to take control over a device without
the user’s knowledge. With that level of access, the attacker can intercept and capture user
information before relaying it to its intended destination. MitM attacks are widely used to steal
financial information. Many malware and techniques exist to provide attackers with MitM
capabilities.

Man-In-The-Mobile (MitMo) – A variation of man-in-middle, MitMo is a type of attack used

to take control over a mobile device. When infected, the mobile device can be instructed to
exfiltrate user-sensitive information and send it to the attackers. ZeuS, an example of an exploit
with MitMo capabilities, allows attackers quietly to capture 2-step verification SMS messages
sent to users.

➢ Virus

A virus is malicious executable code that is attached to other executable files, often legitimate
programs. Most viruses require end-user activation and can activate at a specific time or date.
Viruses can be harmless and simply display a picture or they can be destructive, such as those

3
that modify or delete data. Viruses can also be programmed to mutate to avoid detection. Most
viruses are now spread by USB drives, optical disks, network shares, or email.

❖ Types of Computer Virus

Discussed below are the different types of computer viruses:

• Boot Sector Virus – It is a type of virus that infects the boot sector of floppy disks or
the Master Boot Record (MBR) of hard disks. The Boot sector comprises all the files
which are required to start the Operating system of the computer. The virus either
overwrites the existing program or copies itself to another part of the disk.
• Direct Action Virus – When a virus attaches itself directly to a .exe or .com file and
enters the device while its execution is called a Direct Action Virus. If it gets installed
in the memory, it keeps itself hidden. It is also known as Non-Resident Virus.
• Resident Virus – A virus which saves itself in the memory of the computer and then
infects other files and programs when its originating program is no longer working.
This virus can easily infect other files because it is hidden in the memory and is hard to
be removed from the system.
• Multipartite Virus – A virus which can attack both, the boot sector and the executable
files of an already infected computer is called a multipartite virus. If a multipartite virus
attacks your system, you are at risk of cyber threat.
• Overwrite Virus – One of the most harmful viruses, the overwrite virus can completely
remove the existing program and replace it with the malicious code by overwriting it.
Gradually it can completely replace the host’s programming code with the harmful
code.
• Polymorphic Virus – Spread through spam and infected websites, the polymorphic
virus are file infectors which are complex and are tough to detect. They create a
modified or morphed version of the existing program and infect the system and retain
the original code.
• File Infector Virus – As the name suggests, it first infects a single file and then later
spreads itself to other executable files and programs. The main source of this virus are
games and word processors.
• Spacefiller Virus – It is a rare type of virus which fills in the empty spaces of a file
with viruses. It is known as cavity virus. It will neither affect the size of the file nor can
be detected easily.
• Macro Virus – A virus written in the same macro language as used in the software
program and infects the computer if a word processor file is opened. Mainly the source
of such viruses is via emails.

❖ Symptoms of Malware

Regardless of the type of malware a system has been infected with, these are common malware
symptoms:

• There is an increase in CPU usage.

• There is a decrease in computer speed.
• The computer freezes or crashes often.
4
 • There is a decrease in Web browsing speed.
• There are unexplainable problems with network connections.
• Files are modified.
• Files are deleted.
• There is a presence of unknown files, programs, or desktop icons.
• There are unknown processes running.
• Programs are turning off or reconfiguring themselves.
• Email is being sent without the user’s knowledge or consent.

❖ Protecting your computing devices

Your computing devices store your data and are the portal to your online life. Below is a short
list of steps you can take to protect your computing devices from intrusion:

• Keep the Firewall On – Whether it is a software firewall or a hardware firewall on a

router, the firewall should be turned on and updated to prevent hackers from accessing
your personal or company data.
• Use Antivirus and Antispyware – Malicious software, such as viruses, Trojan horses,
worms, ransomware and spyware, are installed on your computing devices without your
permission, in order to gain access to your computer and your data. Viruses can destroy
your data, slow down your computer, or take over your computer. One-way viruses can
take over your computer is by allowing spammers to broadcast emails using your account.
Spyware can monitor your online activities, collect your personal information, or produce
unwanted pop-up ads on your web browser while you are online. A good rule is to only
download software from trusted websites to avoid getting spyware in the first place.
Antivirus software (examples include Avast, Kaspersky, Microsoft security essentials,
Norton, AVG etc) is designed to scan your computer and incoming email for viruses and
delete them. Sometimes antivirus software also includes antispyware. Keep your software
up to date to protect your computer from the newest malicious software.
• Manage Your Operating System and Browser – Hackers are always trying to take
advantage of vulnerabilities in your operating systems and your web browsers. To protect
your computer and your data, set the security settings on your computer and browser at
medium or higher. Update your computer’s operating system including your web
browsers and regularly download and install the latest software patches and security
updates from the vendors.
• Protect All Your Devices – Your computing devices, whether they are PCs, laptops,
tablets, or smartphones, should be password protected to prevent unauthorized access. The
stored information should be encrypted, especially for sensitive or confidential data. For
mobile devices, only store necessary information, in case these devices are stolen or lost
when you are away from your home. If any one of your devices is compromised, the
criminals may have access to all your data through your cloud-storage service provider,
such as iCloud or Google drive.
• Use unique passwords for each online account.
• Backup your data.
• Encrypt your data.

5
 ❖ Confidentiality, Integrity, and Availability

Confidentiality, integrity and availability, known as the CIA triad, is a guideline for
information security for an organization. Confidentiality ensures the privacy of data by
restricting access through authentication encryption. Integrity assures that the information is
accurate and trustworthy. Availability ensures that the information is accessible to authorized
people.

• Confidentiality

Another term for confidentiality would be privacy. Company policies should restrict access to
the information to authorized personnel and ensure that only those authorized individuals view
this data. The data may be compartmentalized according to the security or sensitivity level of
the information. For example, a Java program developer should not have to access to the
personal information of all employees. Furthermore, employees should receive training to
understand the best practices in safeguarding sensitive information to protect themselves and
the company from attacks. Methods to ensure confidentiality include data encryption, username
ID and password, two factor authentication, and minimizing exposure of sensitive information.

• Integrity

Integrity is accuracy, consistency, and trustworthiness of the data during its entire life cycle.
Data must be unaltered during transit and not changed by unauthorized entities. File
permissions and user access control can prevent unauthorized access. Version control can be
used to prevent accidental changes by authorized users. Backups must be available to restore
any corrupted data, and checksum hashing can be used to verify integrity of the data during
transfer.

• Availability

Maintaining equipment, performing hardware repairs, keeping operating systems and software
up to date, and creating backups ensure the availability of the network and data to the
authorized users. Plans should be in place to recover quickly from natural or man-made
disasters. Security equipment or software, such as firewalls, guard against downtime due to
attacks such as denial of service (DoS). Denial of service occurs when an attacker attempts to
overwhelm resources so the services are not available to the users.