RISK ANALYSIS

VIRUS
 A virus is a computer code or program, which is capable of affecting your computer data badly
by corrupting or destroying them.
 Computer virus has the tendency to make its duplicate copies at a swift pace, and also spread
it across every folder and damage the data of your computer system.
 A computer virus is actually a malicious software program or "malware" that, when infecting
your system, replicates itself by modifying other computer programs and inserting its own
code.
 Various types of viruses:
 Boot sector Virus:
It infects the boot sector of the system, executing every time system is booted and before the operating system is loaded. It
infects other bootable media like floppy disks. These are also known as memory viruses as they do not infect the file systems.
 Direct action virus
A virus that attaches itself to executable files, such as .COM or .EXE, to carry out specific actions, such as
infecting and modifying files
 Resident virus
A file infector that installs itself on a computer, allowing it to continue working even after the original infection source is
removed.
 Multipartite virus
A virus that combines features of file-infecting viruses and boot-sector viruses, allowing it to target multiple file types and
the boot sector of a computer's storage device.
 Polymorphic Virus:
A virus signature is a pattern that can identify a virus(a series of bytes that make up virus code). So in order to avoid detection
by antivirus a polymorphic virus changes each time it is installed. The functionality of the virus remains the same but its
signature is changed.
 Space filler virus: this is also called “Cavity Viruses” because as they fill up the empty spaces between between the code.
 Macro virus
A virus stored in a document that can spread when the file is transferred to another computer, often
through email attachments.
 Overwrite virus
A virus that destroys the original program code installed on a computer system, rendering the
program inoperable.
 Rootkit virus:
A rootkit is a type of malware that gives cybercriminals access to a computer without the
user's knowledge. Rootkits can be difficult to detect and remove, and can remain hidden on a
computer for a long time
 System and Boot record infector:
A boot sector virus, also known as a boot infector, is a type of malware that infects a
computer's boot sector. The boot sector is a physical section of a computer's storage device that
contains instructions for starting up the operating system.
 WORM
 A worm is a type of malware that can replicate itself and spread across
a network without user intervention.
 Worms can cause a variety of problems, including:
Overloading systems: Worms can consume a lot of memory and bandwidth, which can
overload systems and make them unreliable.
Stealing information: Worms can exploit vulnerabilities in security software to steal
sensitive information.
Corrupting files: Worms can change or delete files.
Introducing other malware: Worms can introduce other malware onto infected systems.
 TYPES OF WORMS
 Email Worms: Email Worms spread through malicious email as an attachment or a link of a
malicious website.
 Instant Messaging Worms: Instant Messaging Worms spread by sending links to the contact
list of instant messaging applications such as Messenger, WhatsApp, Skype, etc.
 Internet Worms: Internet worm searches all available network resources using local operating
system services and/or scans compromised computers over the Internet.
 IRC Worms: IRC Worms spread through Internet Relay Chat (IRC) chat channels, sending
infected files or links to infected websites.
 File sharing Worms: File sharing Worms place a copy of them in a shared folder and distribute
them via Peer To Peer network.
 IRC-Worm
 An IRC-worm makes use of Internet Relay Chat (IRC) networks to send itself over to other host
machines. An IRC-worm drops a script into the IRC’s client directory within the machine it infects.
 TROJANS
 A Trojan is a type of malware that appears to be a legitimate program or file, but actually performs malicious actions:
How it works
 Trojans are often disguised as free software, videos, music, or advertisements. They can be delivered as email
attachments or downloads from malicious websites.
What it does
Once installed, Trojans can:
 Spy on users' online activity
 Steal sensitive data
 Deleting data
 Modifying data
 Download additional malware
 Disable antivirus software
 Hijack the computer and make it part of a criminal DDoS network
 Types of Trojan
 DDoS Trojans
These Trojans are used to perform Distributed Denial of Service (DDoS) attacks, which flood a network or
machine with requests from multiple sources to disable it.
 Banking Trojans
These Trojans are designed to steal confidential user data like passwords, login credentials, bank card
information, or SMS authentication.
 Exploit Trojans
These Trojans inject a machine with code that takes advantage of a weakness in a specific piece of software.
 Rootkit Trojans
These Trojans prevent the discovery of malware that's already infecting a system.
 A zombie Trojan
A zombie computer is a device that has been infected with malicious software, such as a Trojan horse, that
allows a hacker to remotely control it.
 APT(Advanced Persistent Threat)
 APT stands for Advanced Persistent Threat, which is a type of cyber attack where an intruder gains unauthorized access to a network and remains undetected for a long
time. The goal of an APT is to steal sensitive data, usually intellectual property, from the target organization

 These are steps that the attacker performs in Advanced Persistent Threat(APT) to gain unauthorized access and maintain access on the network
which are as follows :
 Gain access : The attackers can gain access through the network. This is done through spear-phishing email or other methods where the attacker’s
main intention is to insert the malicious software into the target network.
 Broadening its access : When the access part is done by the attacker, they start exploiting the malware. This exploiting of malware makes the
attacker move around without even getting detected.
 Gaining more access : When the attacker has gained access to the network, they may use some ways like password cracking to get the
administrative rights. This will allow the attacker to get more control of the system and get access at a deeper level.
 Move at will : When the attacker has breached all the system and got the administrative rights they can move around.
 Harvesting of data : When the attackers are in the system, they start harvesting the data and store those data on their own system. They can remain
in the system for a longer period of time until they are detected.
 TYPES OF ATTACKS
 PHYSICAL LAYER ATTACKS- Physical damage to computer
 Data link layer attacks:
 A man-in-the-middle (MitM):
A man-in-the-middle (MitM) attack is a type of cyber attack in which
the attacker secretly intercepts and relays messages between two
parties who believe they are communicating directly with each other.
During MitM attacks, cybercriminals insert themselves in the middle
of data transactions or online communication. Through the
distribution of malware, the attacker gains easy access to the user's
web browser and the data it sends and receives during transactions.
Online banking and e-commerce sites, which require secure
authentication with a public key and a private key, are the prime
targets of MitM attacks as they enable attackers to capture login
credentials and other confidential information.
 ARP SPOOFING:
Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Spoofing can apply to emails, phone
calls, and websites, or can be more technical, such as a computer spoofing an IP address, Address Resolution Protocol (ARP), or Domain Name System
(DNS) server.
 The attacker must have access to the network. They scan the network to determine the IP addresses of at least two devices—let’s say these are a
workstation and a router.
 The attacker uses a spoofing tool, such as Arpspoof or Driftnet, to send out forged ARP responses.
 The forged responses advertise that the correct MAC address for both IP addresses, belonging to the router and workstation, is the attacker’s MAC
address. This fools both router and workstation to connect to the attacker’s machine, instead of to each other.
 The two devices update their ARP cache entries and from that point onwards, communicate with the attacker instead of directly with each other.
 The attacker is now secretly in the middle of all communications.
 MAC Flooding:
A MAC flooding attack, also known as a MAC table overflow
attack, is a type of network security attack that targets
network switches. It involves overwhelming a switch’s MAC
address table by flooding it with a massive amount of
spoofed Ethernet frames, each containing a unique source
MAC address.
 Port stealing:
 Port stealing is a man-in-the-middle attack via a LAN switch.
It attempts to intercept packets sent to another host by
stealing the switch’s port from the desired host. This attack is
intended to be used only on the local network. The attacker
uses the victim’s stolen MAC address to force the switch to
modify the forwarding table.
 NETWORK LAYER ATTACKS
Network layer attacks are a type of cyber attack that target the network
layer of the OSI model to gain access to a computer system:
 Purpose
Hackers use network layer attacks to gain access to isolated systems,
such as those on corporate networks or at home. Once they have
access, they can steal information or install malware.
 How they work
Attackers connect directly to the target machine using wired or wireless
connections. They can use a variety of methods, including:
IP spoofing: Attackers send messages to the server using a "trusted" IP address instead
of their own.
DDoS attacks: Attackers use multiple systems to bombard the victim's server with
traffic, causing the server to malfunction.
ARP floods: Attackers send a large number of ARP requests to flood the network and
make it unavailable.
ICMP floods: Attackers send a large number of ICMP packets to the target system or
 Application Layer Attacks
 Application layer attacks are attempts to gain unauthorized access to an organization’s servers
through software vulnerabilities.
 SQL injections:
SQL injection is a code injection technique that might destroy your database.Exploiting a
vulnerability in a web application to gain unauthorized access or manipulate application behavior
 Unauthorized access to network shares:
Unauthorized access to network shares is when someone enters or uses a network, system, or data
without permission
 Buffer overload:
In a buffer-overflow attack, the extra data sometimes holds specific instructions for actions
intended by a hacker or malicious user; for example, the data could trigger a response that damages
files
 password cracking attacks:
Guessing or use Brute force.This attack runs through combinations of characters of a predetermined
length until it finds the combination that matches the password.
 P2P attacks:
A peer-to-peer (P2P) attack is a method used by attackers to take advantage of vulnerabilities in P2P
 Risk Analysis
 Risk analysis in information security is the process of identifying,
evaluating, and prioritizing risks to an organization's information
systems and data. The goal of risk analysis is to help decision-
makers understand the potential impact of threats so they can
allocate resources to mitigate risk
 Here are some steps involved in risk analysis:
Conduct risk assessment survey
Identify the risk
Analyze the risk
Develop the risk management plan
Implement the risk management plan
Monitor the risk