What is a cyber attack?

Phishing attack: An email spoofing-based attack or similarly, cloned website-based attacks.

A phishing attack is the common practice of sending malicious emails that masquerade as though they come from a trusted source.

Phishing attacks often appear to come from easily recognized organizations, such as a large bank or social media site. Attackers often target large groups of people and are often successful because many of their targets will use that bank or website. These victims won’t check if the email is legitimate before clicking on malicious links or downloading malicious attachments.

Attackers may use social engineering techniques and computer programming expertise along with link manipulation, image filter evasion and website forgery to trick victims into believing that the attacker’s content is bona fide.

What does a phishing attack target? Phishing attacks target victims in an effort to steal their private or otherwise sensitive information, such as credit card numbers, social security numbers, or similar personally identifiable information (PII) or website login credentials.

What’s the result of a phishing attack? A successful phishing attack requires a victim to click on a malicious link or input private or sensitive information. If phishing attack is successful, then the attacker can attempt to use the victim’s information for the attacker’s own gain, often through a variety of identity-theft-related cybercrimes.

How can you prevent a phishing attack? The good news is that most phishing attacks prey on human error. If you exercise critical thinking and are discerning with what emails and websites you interact with, then you can greatly reduce your risk of falling victim to a phishing attack. Use the following strategies to help prevent phishing attacks:

The simplest method for verifying whether any content is genuine is to ask the listed sender about it. Send an independent email, call the sender, or stop by the sender’s desk and ask.  

Don’t just accept that an email or website is genuine. Make a point to review the content. If you have any doubts about its validity, then don’t engage with it and immediately reach out to your IT department or cybersecurity department.

• Hover your mouse’s cursor over any links. Don’t immediately click them. Your cursor should display the URL that the link will lead you to. Use critical thinking to determine if it’s legitimate.
• Check the email headers of messages you received. These headers are key for understanding how an email made it to your email address. Review the “Reply to” and “Return path” parameters. They should have the same domain or address that sent you the email.
• Provided you have access to a sandbox environment, you can test your email’s content from there, tracking the log of activity after opening an attacking email or clicking the email links.
• Update your network and computer security regularly, including antivirus and anti-malware software and firewalls.
• Never include private information like your social security number or credit card number over email.¹¹

Spear phishing attack: Similar to a phishing attack, these attacks also use email spoofing or cloned websites.

A spear phishing attack is a specialized and finely targeted phishing attack that not only appears to come from a trusted source, but from one that’s close to the target, such as from within the target’s organization.

Spear phishing attackers are frequently methodical about researching their targets, crafting messages to them that seem personal and relevant.

What does a spear phishing attack target? Spear phishing attacks can target groups of people, such as those that work for the same company or on the same team, in an effort to steal trade secrets or similarly classified information.

What’s the result of a spear phishing attack? Like a phishing attack, spear fishing attackers want to trick you into entering private information like trade secrets, PII or your login credentials. Once acquired, they can sell this information on the deep web or use it to commit identity theft or similar cybercrimes.

What’s scary about spear phishing? Because of how personal and relevant the content of the spear phishing’s messages appear, spear phishing attacks are difficult to identify and defend against. Attackers may look up the name of an organization’s CEO or that of a manager or team lead, and then compose a spear phishing email that masquerades as if it was sent by this authority figure to other accounts within the company.

How can you prevent a spear phishing attack? All the same strategies for defending against phishing attacks also work for defending against spear phishing attacks.¹²

Drive-by download attack: Drive-by download attacks can install spyware, adware and malware, and even a non-malicious program that you didn’t want to install onto your computer or device.

What does a drive-by download attack target? Hackers locate vulnerable websites and insert malicious script into the site’s HTTP or Hypertext Preprocessor (PHP) code.

What’s the result of a drive-by download attack? This malicious script could directly install malware onto the computer or device of a user who visits that site or sees that pop-up window. The script could redirect the user to another site that’s controlled by the hackers.

What’s scary about a drive-by download attack? Unlike phishing and other spoofing attacks, drive-by download attacks don’t necessarily rely on the user to enable the attacker’s trap. These attacks can engage with a computer or device without the user’s consent.

• Targets don’t have to click a download or install button.
• Drive-by download attacks take advantage of apps, operating systems, and web browsers with security vulnerabilities.

How do you prevent a drive-by download attack? Ensure that your operating systems, browsers and apps are up to date. You can usually verify all your software is up to date by using a check for updates feature.

Be sure to use antivirus software and keep it updated and Avoid websites that may contain malicious code in favor of sites that you know are safe. Exercise general caution, as even safe sites can get hacked.

• We shouldn’t have to say this, but avoid illegally downloading anything like music or movies and participating in similar forms of internet piracy. There are lots of safe, free-for-use streaming services online that you can use without risk of getting malware or viruses.

Try to limit how many unnecessary programs, apps and plug-ins that you have on your computers and devices. The more of them you have, the more likely you are to have vulnerabilities that can be exploited.

• Be careful when you download a new program, app or something similar. Sometimes hackers can attempt to include unwanted programs for installation along with the desired programs.¹³

Password attack or password cracking: Users’ passwords and relevant login credentials function almost as a sort of digital collateral for would-be attackers.

What does a password attack target? Attackers using a password try to steal a user’s or many different users’ passwords. Attackers may try to access these passwords through the following methods:

• Searching that user’s desk, scrutinizing if the user wrote down their login credentials on a sticky note or in a notebook.
  • Attempting password sniffing on the user’s network connection to gain access to unencrypted passwords.
  • Applying social engineering or guessing to determine a user’s password.

What’s the result of a password attack? Similar to a phishing attack, if the attack is successful, then the attacker can attempt to use the victim’s password, persistent identifier (PI or PID), or similar private information for the attacker’s own gain, including identity theft and cybercrimes, or selling the victim’s private information on the dark web.

How can you prevent a password attack?

• Create complex passwords that use a combination of uppercase and lowercase letters and symbols.
• Set a limit on how many unsuccessful login attempts are allowed.
• If a user is unable to successfully login after the designated number of unsuccessful login attempts, then temporarily lock the user out of the account and prompt the user to reset the password.¹⁴
  • Locking accounts prevents attackers from trying multiple passwords when they’re attempting to discover the correct password.
• The eponymous Netwrix article Password Policy Best Practices offers additional guidelines for creating tough-to-crack passwords and how to be forward-thinking with your password policies.

Additional types of password attacks include the following examples:

• Brute force attack or brute force cracking or brute force: A password attack that uses many password guesses to generate a correct password guess.

What does a brute force attack target? Brute force attacks are password attacks where the attackers try to ascertain a user’s password or personal identification number (PIN) through a trial-and-error approach. Attackers may apply logic to guessing the user’s password, using the user’s name, job title, hobbies or pet’s name.

What’s required for a brute force attack to be successful? Brute force attacks tend to consume lots of time and resources. The success of a brute force attack is generally rooted in the attack’s computing power and how many password combinations were performed by the attack, as opposed to a complex algorithm.

What’s scary about brute force attacks?

Brute force attackers can use automated software to produce a staggering amount of diverse guesses, including running through a seemingly infinite combination of letters and numbers.

In addition to stealing passwords, brute force attacks can be used to unencrypt data or probe the network security of a government or business.¹⁵

• Dictionary attack: A password attack that tries to overcome the security of a password protected computer, server or network to gain access to that secure computer, server or network.

What does a dictionary attack target? A dictionary attack may use different methods or techniques to gain access to a secure computer, server or network. These approaches include the following examples:

Dictionary attacks get their name from the technique where the attack attempts to use each word in a dictionary to find the correct password or the decryption key for any messages or documents that were encrypted.

A dictionary attack may duplicate an encrypted message or file that contains the passwords that it’s trying to access. The approach then applies the same encryption to a list of common passwords in the hope that they will find matching results.

How can you prevent a dictionary attack? Dictionary attacks tend to be ineffective against computers, servers and networks that use multi-word passwords and those that use randomly generated combinations of uppercase and lowercase letters, with numbers and symbols.

Having a tiny delated response from a server hinders attackers from checking many passwords in a brief time period.

As with most password attacks, it’s a good idea to establish automatic temporary locking on an account after a certain number of unsuccessful login attempts.¹⁶

Structured Query Language (SQL) injection attack: These attacks are a recurring issue with database-driven sites.

What does a SQL injection attack target? SQL injection attacks embed malicious code in a vulnerable application, and then shifts to the backend database. This malicious code quickly yields backend database query results, performs commands and similar actions that weren’t requested by the user.

What’s the result of a successful SQL injection attack? Successful SQL injection attacks provide the attacker with access to the database. The attacker is able to read sensitive or private data, insert, update, delete or otherwise modify the data, perform shutdowns on the database and similar administrator operations, send commands to the operating system, or retrieve content from specific files.

What’s scary about a SQL injection attack? Like many other cyber attacks, SQL injection attacks prey on vulnerabilities. SQL offers no substantial distinction between the data planes and control planes and most SQL injection attacks are successful against websites that apply dynamic SQL. Because of the commonness of older functional interfaces, SQL injection attacks are often successful against PHP and auxiliary storage pool (ASP) apps.

How can you prevent a SQL injection attack?

• Applying the least privilege permissions model in your databases helps boost your resistance to SQL injection attacks.
• Opt for stored procedures that lack any dynamic SQL and prepared statements like parameterized queries. Melnick notes that the “code that is executed against the database must be strong enough to prevent injection attacks.” He also argues in favor of validating the “input data against a white list on the application level.”
• Solid application design boosts resistance against SQL attacks. This method is particularly noticeable in modules that need user input to support database queries and commands.
• Apps with programmatic interfaces like J2EE and ASP.NET are the inverse of PHP and ASP apps, making them more resistant to SQL injection attacks.¹⁷

Cross-site scripting (XSS) attack: These attacks insert malicious code into the script of a genuine website or application, often using third-party web resources, to get a user’s information. Attackers frequently use JavaScript for XSS attacks, but Microsoft VCScript, ActiveX and Adobe Flash can be used, as well.

What does an XSS attack target? XSS attacks target a victim’s private information by exploiting XSS security vulnerabilities and by injecting malicious, client-side script.

What’s the result of a successful XSS attack? If an XSS attack is successful, then the attacker gains access to the victim’s privileges and the ability to remotely take over the victim’s session before the session cookie expires. The attacker could do the following:

• Hijack the victim’s account
  • Record the victim’s keystrokes and capture screen shots of the victim’s activity
  • Accrue the victim’s network information and private information
  • Steal the victim’s cookies
  • Establish false advertising
  • Connect the victim’s computer to a malicious server
  • Implement malicious modifications in the user settings of the victim’s account

What’s scary about an XSS attack? Unlike VCScript, ActiveX and Flash, JavaScript widely used all over the web. Avoiding using it is difficult.

How can you prevent an XSS attack? Before reflecting an HTTP request back, developers can sanitize the user’s data input, and ensure that all of the data is validated, filtered or escaped prior to echoing anything back to the user.

• ?, &, /, <, >, and similar special characters, as well as spaces, need to be converted to their HTML or URL encoded equivalents.
• Ensure that client-side scripts can be disabled by users.¹⁸

Eavesdropping attack: Actual eavesdropping in everyday life involves intercepting communication. Eavesdropping can just be the act of listening to other people talk without them realizing it. It can also be done using technology like microphones, cameras and other recording devices.

Eavesdropping attacks involve an attacker trying to intercept one or more communications sent by the victim. Network eavesdropping, a common name for an eavesdropping attack that involves sniffing for data in the digital world, uses programs to sniff and record packets of a network’s data communications, and then listen to or scan them for analysis and decryption.

For example, protocol analyzers can pick up and record the content of voice over IP (VoIP). Specialized software can then convert these recordings into audio files.  Laptops, cellphones and other devices with microphones can be hacked by attackers looking to secretly record and receive data.

Because all the network’s communications are forwarded to all the ports and a sniffer will just accept all the incoming data, data sniffing is very simple to perform on a local network that uses a hub. Data sniffing is also simple to perform on wireless networks that don’t securely broadcast their data, so non-recipients with the right tools are able to receive the data

There are two types of eavesdropping attacks:

• Passive eavesdropping attacks: An attacker listens to the digital or analog voice communication transmissions on a network to steal private information. It’s frequently more important to detect passive eavesdropping as opposed to active eavesdropping.
• Active eavesdropping attacks, also known as probing, scanning or tampering: Attackers disguise themselves as friendly units and send queries to transmitters to steal private information. Active eavesdropping involves the interception or sniffing of communication data, regardless of its form. These attacks require the attacker to conduct passive eavesdropping to accrue knowledge of the network’s friendly units.   

What does an eavesdropping attack target? Attackers target the victim’s private information, such as their passwords, credit card numbers, social security number and similar information that might be transmitted over the network. For example, VoIP calls made using IP-based communication can be picked up and recorded using protocol analyzers and then converted to audio files using other specialized software.

What’s the result of a successful eavesdropping attack? As with many other types of cyber attack, once attackers have your private information, they can sell it on the deep web or use it to commit identity theft or similar cybercrimes.

What’s scary about an eavesdropping attack?

• Hacking into devices, such as IP phones, is also done to eavesdrop on the owner of the phone by remotely activating the speaker phone function.
• Devices with microphones, including laptops and cellphones, also can be hacked to remotely activate their microphones and discretely send data to the attacker.
• Data sniffing is easily done on a local network that uses a hub since all communications are sent to all the ports—non-recipients just drop the data—and a sniffer will simply accept all of the incoming data.
• The same goes for wireless networking where data is broadcast so even non-recipients can receive the data if they have the proper tools.

How can you prevent an eavesdropping attack? Data encryption is the best countermeasure for eavesdropping.

Passive eavesdropping is usually the precursor to active eavesdropping attacks. If passive eavesdropping can be detected, then active eavesdropping can be prevented.¹⁹

Birthday attacks: These attacks are cryptographic cyber attacks and brute force attacks that are performed against hash algorithms used for the integrity verification of a message, software or electronic signature.

For example, a hash function processes a message and produces a fixed-length message digest (MD) that’s independent of the input message’s length. Melnick notes that “this MD uniquely characterizes the message” and continues that the birthday attack references the likelihood of discovering two random messages which produce an identical MD when a hash function processes them. Provided an attacker can determine an identical MD for the attacker’s message that matches the attacker’s victim’s, then the attacker can stealthily replace the victim’s message with the malicious one.

On his titular blog, Daniel Miessler notes that birthday attacks make “the brute forcing of one-way hashes easier.” The attack is based on the birthday paradox, which argues that “in order for there to be a 50% chance that someone in a given room shares your birthday, you need 253 people in the room”.²⁰

Geeks for Geeks notes that success for a birthday attack is largely dependent on the high probability of collisions occurring between a fixed degree of permutations and random attack attempts, which are factors of the birthday paradox problem.²¹

What does a birthday attack target? By exploiting the mathematics behind the probability theory’s birthday problem, a birthday attack can be used to disrupt the communication between two or more people, groups or entities.

In its video on birthday attacks, Audiepedia argues that digital signatures are susceptible to birthday attacks.²²

What’s the result of a successful birthday attack? In one example regarding the digital signature’s vulnerability, an attacker gets a victim to sign a genuine contract. The attacker then attaches the victim’s signature to a malicious contract with an identical hash value to the genuine contract.

What are some vulnerabilities to a birthday attack and how can you prevent a birthday attack? For the malicious contract example, the victim can make inoffensive changes to the contract before the victim sign it and then save a copy of the original contract after signing it to use as proof. This process can be used as evidence that the victim didn’t sign the malicious contract.

Preventing birthday attacks follows the same methodology as preventing password attacks. Whereas users can create longer, more complicated passwords that are impossible to guess. So too, users can apply this strategy in defense against birthday attacks.

Users can increase the output length of the signature scheme’s hash function, incorporating two times as many bits as needed for preventing regular brute-force attacks.

ScienceDirect argues that hashes have the vulnerability that “the same data will always produce the same hash”.²³ Because of this vulnerability, attackers can use precomputed hash dictionaries to glean commonly used passwords.

One solution for this vulnerability is to add “salt” to the password, ensuring a different hash each time. ScienceDirect states that “the salt should be a large random number uniquely generated for that purpose.” It goes on to note that users don’t have to keep the salt private, they can save the salt and the hash together.

Even if attackers gain access to the hashes and the salts, they will still have to individually compute each hash and otherwise won’t receive any benefits from previously cracked passwords.

Malware or malware attack or malicious software: The most well-known type of cyber attack, malware is unwanted software that’s installed on a victim’s computer without consent. This software is meant to bring harm to the victim’s computer or the victim, although the effects of the malware may not be immediate. Once installed, malware can hide in the victim’s computer and quietly replicate itself.

What does malware target? Malware usually works to steal private data from a victim, delete the victim’s documents or install other malicious software. It can be used to spy on a victim’s internet traffic or user information or damage the victim’s computer system.

How can you prevent getting malware? Preventing your computer from getting malware is vastly easier to do than to remove malware from your computer once you’ve been infected.

• Ensure that you have supported antivirus and anti-malware software that’s enabled and up to date.

• Use a firewall for additional security, since having security redundancies fosters cyber resilience.
  • Regularly establish recovery points, so that if your computer does become infected, can always restart it from that recovery point.

Several of the most common types of malware include the following:

• Macro virus:

Macro viruses are computer viruses that replace a macro, which is what allows a program to function and sets off an assigned group of actions or commands. After a micro virus has embedded itself into a program, it will hijack the app’s actions or commands, such as those for launching the program when the computer starts up or opening an existing document.

What does a macro virus target? This malware begins by infecting applications within programs, with Microsoft Word and Excel being prominent examples.

What’s the result of a successful macro virus? The macro virus will replicate itself, and gradually infect other parts of the computer. This process leads to permanent damage to the computer, making it unusable, and potential theft of the victim’s private information.

What’s scary about a macro virus?

Not all macro viruses are detectable by antivirus software, though most are.

Word processing programs are especially vulnerable because macro viruses replace prompt commands and macros viruses work to hijack these commands. Therefore, the simple act of opening an existing document can launch a malicious macro virus.

Email attachments, modems, networks and flash drives can be used to spread macro viruses.

• Melissa:

A macro virus developed by David Smith in 1999, Melissa came in a Word document that, after it was downloaded, would replicate itself into the victim’s email. Melissa would then send automated messages with copies of the Word document attached to the first addresses in the victim’s contacts list, perpetuating the infection of others as these contacts downloaded the Word document, allowing the infection process to proliferate.

Melissa reportedly affected 1 million computers and caused USD 80 million worth of damages.²³

• File infector virus, file infecting virus or file injector virus: One of the most common types of malware

What does a file infector virus target? A file infector virus overwrites existing code or inserts infected code into an executable file (.EXE) and files with .COM extensions. Similar to macro viruses, this malware also infects executable programs, such as word processors, spreadsheet applications and video games. When it’s launched, the file may partially or totally be written over by the file infector virus.

What’s the result of a successful file infector virus?After an infector virus infects a program, it then works to spread itself to other programs on the same computer, and onto other computers on the same network. Some file infector viruses are capable of totally reformatting a hard drive.

What’s scary about a file infector virus?

Macintosh, Windows and UNIX are all operating systems that are vulnerable to infector viruses.

Win32.Sality.BK: This file-infector virus was one of the 10 most common malware infections of 2011 and 2012.²⁴

• System or boot-record infectors:

What does a system infector target? System infector viruses infect the executable code by attaching itself to the following, depending on the storage device:

Master boot record – hard drive

DOS bootsector – diskette or USB thumb drive

Victims of system infectors usually become infected after they receive a storage device that contains the virus. A system boot or reboot triggers a boot disk and if an infected storage device is connected with the system, then the infected device can modify or replace the system’s boot code. The system infector loads and runs itself into the master boot record.

What’s the result of a successful system infector? After the computer has booted and the virus is loaded into memory, the virus can then proliferate and spread to other storage devices and computers on the network.

How common are system infector viruses today? SearchSecurity argues that system infectors and other boot viruses are “less common now as today's devices rely less on physical storage media”.²⁵

• Polymorphic virus:

Upon infection, the polymorphic virus duplicates itself by creating usable, albeit slightly modified, copies of itself.

What does a polymorphic virus target? This complicated malware affects functions and data types. Polymorphic viruses actively conceal themselves using encryption and decryption. A decryption program begins by decrypting an encrypted polymorphic virus an affiliated mutation engine.

Infection usually proceeds in the following process:

1. The polymorphic virus infects an area of code.

2. The mutation engine creates a decryption routine.

3. The virus encrypts the following:

a. The mutation engine 

b. A modified duplicate of the virus containing an algorithm that corresponds with the new decryption routine

4. The mutation engine and virus are attached to new code.

5. Repeat steps 1 through 4.

What’s the result of a successful polymorphic virus? In addition to copying itself and spreading throughout the victim’s computer, polymorphic viruses alter functions and data types. For example, a polymorphic virus could switch the function so that when you press the “A” key, it inputs the letter “D” instead.

What’s scary about a polymorphic virus? Since functions and data types are part of polymorphism and functional programming languages broadly use polymorphism, polymorphic viruses can be created with a broad range of purposes.

Because of how they modify their source code, polymorphic viruses are considerably difficult to detect by scanning. Techopedia argues that to detect polymorphic viruses, [you need] a scanner with strong string detection and the ability to scan different strings is necessary.

Most scanners won’t be able to detect a polymorphic virus unless “brute-force programs [are] written to combat and detect the polymorphic virus with novel variant configurations”.²⁶

Removing a polymorphic virus is more difficult than detecting it. Programmers must rewrite language strings, a process that’s time-consuming, costly and complex.

How can you prevent a polymorphic virus infection? Antivirus software, with the latest updates, definitions and tools like Process Hacker, can often detect polymorphic viruses before an infection when they copy and modify themselves.

• Stealth virus:

Stealth viruses target operating system processes and antivirus or anti-malware detection software, manipulating them so they believe that uninfected areas of a system are infected and infected areas are uninfected. This process helps the malware to remain hidden from the victim’s system.

What’s the result of a successful stealth virus? As the virus spreads, the compromised software isn’t able to detect or remove it. It hides manipulated computer data and similar harmful control functions within system memory.

Stealth viruses can further avoid antivirus detection by using the following types of self-modification:

Code modification: Altering the code and virus signature of each file that it infects

Encryption: Using simple encryption to encrypt data and using a different encryption key for every infected file

What's scary about stealth viruses? Stealth viruses can avoid antivirus software detection by self-copying themselves into files, and partitions, boot sectors and other undetectable places on your computer.

How can you prevent a stealth virus infection? Antivirus software with the latest updates and definitions should be able to detect a stealth virus as it attempts to get to your system.²⁷

Brain: Widely considered to be the first stealth virus, Brain operated on MS-DOS. During the 1980s, it infected 5.25-inch floppy disks and spread itself onto computer systems worldwide.²⁸

• Trojan or Trojan horse: True to its namesake, a Trojan masquerades as a benign virus until it’s activated when it’s revealed to be a malicious one. Unlike viruses, Trojans don’t self-replicate.

What’s the result of a successful Trojan infection? Trojans actively undermine the victim’s system, frequently establishing vulnerabilities that the attacker can exploit, such as opening a high-numbered port that would allow an attacker to listen in on the victim and gain access to the victim’s system.²⁹

Several results of a Trojan infection include the following examples:

Keyloggers monitoring the victim’s activity and helping the attacker steal the victim’s passwords, credit card numbers, or similar private information

Gaining control of the victim’s webcam to monitor or record video of them

Taking screen shots of the victim’s computer activity

Using the victim’s computer to forward Trojans and other viruses and malware to vulnerable computers on the victim’s network

Formatting the victim’s storage devices

Stealing, encrypting, deleting or otherwise manipulating files and file systems on the victim’s computer

Some of the most common types of Trojans include the following examples:

Backdoor Trojan:

A backdoor Trojan creates a backdoor vulnerability in the victim’s system that allows the attacker to gain remote control over the victim’s infected computer, giving the attacker almost total control over the victim’s system.³⁰

What’s the result of a successful backdoor Trojan infection? This Trojan is frequently used to link up a group of victims’ computers into a botnet or zombie network that can then be used for cybercrime.

Downloader Trojan:

Attackers use this Trojan to download from the internet and install other Trojans and viruses, and hide malicious programs.

What’s scary about a downloader Trojan? Some antivirus programs are unable to scan all the components within this Trojan.Infostealer Trojan:

This Trojan tries to steal private information from the victim’s computer and aggregate as much of it as possible. After the Infostealer collects the victim’s private information, it forwards it back to the attacker.

What’s scary about an infostealer Trojan? Infostealer Trojans often use keylogging to gather email passwords, bank account information, credit card numbers, and similar private information from the victim.³¹

Remote access Trojan (RAT):

Not to be confused with a remote administration tool, it’s a program with both legitimate and malicious applications. A RAT has a backdoor that gives the attacker administrative control over the victim’s computer. RATs are secretly downloaded along with a game or other user-requested program or as part of an email attachment.

After the victim’s computer is infected, the attacker may use it to spread the RAT to other computers on the network and create a botnet or zombie network.

What’s scary about a RAT? RATs don’t usually display in a computer’s list of running programs and tasks. This ability makes them difficult for antivirus software to detect.

This issue is exacerbated because, once a system is infected, the attacker can often hide any change in the victim’s system’s resources and performance, preventing any system alerts from occurring.³²

Data-sending Trojan:

This Trojan works to syphon private or other information from the victim’s computer back to the attacker. While this information is often like a victim’s passwords or credit card numbers, it can also be less malicious.

Data-sending Trojans can also aggregate information about a victim’s internet activity for relevant ads looking to target the user. A duplicitous version of this Trojan is found with antivirus or anti-malware software ads that inform victims that their computers are infected with a Trojan.

For example, “Your computer is infected with a virus. For $19.99, Trojan Buster, Inc. can remove it.” These ads are boosted by the data-sending Trojan for a product that’s meant to remove the virus itself from the victim’s computer.³³

Trojan.FakeAV:

Similar to a data-sending Trojan, a Trojan.FakeAV is a program that masquerades as fake security status on the victim’s computer. This Trojan displays fake computer scans and alert messages of a non-existing malware or virus infection or similar security issues and prompts the victim to purchase its recommended antivirus product as a solution.

Trojan.FakeAVs can be installed by downloader Trojans or other malware. EnigmaSoft argues that one vendor is probably responsible for 80 percent of all misleading applications, and that most of these applications are cloned or reskinned to appear different but perform as they had previously.³⁴

Destructive Trojan:

True to its name, a destructive Trojan is designed to destroy or delete files and not steal information. Destructive Trojans don’t replicate themselves.

What’s scary about a destructive Trojan? They’re usually programmed to perform like a logic bomb and attack the victim’s computer. After a system is infected, a destructive Trojan begins arbitrarily deleting files, folders and registry entries, which can cause OS failure.³⁵

Proxy Trojan:

As its name implies, proxy Trojans hijack their victim’s computer, converting it into a proxy server, part of a botnet. Similar to a RAT, the proxy Trojan is secretly downloaded along with a legitimate download or attachment or is disguised as a legitimate software download or attachment.³⁶

Trojan-GameThief:

Similar to a data-sending Trojan, the Trojan-GameThief is a Trojan that steals its victim’s user account information, the information used for online games, and then transmit it back to the attacker.³⁷

Trojan-Ransom:

Similar to ransomware, this Trojan modifies victims’ computers using encryption or another means that prevents the victims from fully using or accessing their data until the attacker’s ransom has been paid.³⁸

• Logic bomb, slag code or malicious logic:

This malicious software functions similar to a time bomb. A logic bomb remains inactive until it’s triggered at a preprogramed date and time or when certain logical conditions are met.

Once triggered and activated, the logic bomb damages the victim’s computer using data corruption, file deletion or hard drive clearing. Similar to Trojans, worms and other malware, logic bombs are secretly installed on a victim’s computer using malicious code, and then remain hidden until they’re triggered.

What’s a logic bomb used for? Logic bombs are frequently used by attackers to get revenge on a victim or for cyber sabotage against a victim’s work. Logic bombs can also be used for less malicious means, such as for free software trials that deactivate the program after a predetermined date or amount of time.

What’s scary about a logic bomb? Techopedia notes that former White House counterterrorism expert, Richard Clarke, expressed considerable concern about the vulnerabilities of the United States to logic bombs. Because the US infrastructure relied more on computer networks than other modern countries, a precise series of logic bomb attacks could shut down much of the US urban transit and banking systems.³⁹

How can you prevent a logic bomb attack? In addition to the usual tips for boosting cyber resilience, such as maintaining up-to-date antivirus software and running regular virus scans for all files on your computer, you can also practice the following to protect your enterprise against logic bombs:

Promote regular cybersecurity and cyber resilience training and education.

Ensure that the auto-protect and email screening features are activated.

Individually protect all computers within your networks.

Establish regular recovery points for your systems. This process won’t necessarily protect you from a logic bomb attack, but it will allow you to recover more quickly following an attack.³⁹

• Worm:

A worm is a type of malware that doesn’t attack a host file and replicates itself as it travels across computers and networks and leaves copies of itself in the memory of each computer.

Not every worm causes malicious activity. Some just don’t do anything. A malicious worm’s code is called a payload.

What does a worm target? Attackers will often attempt to infect their victim’s computers by sending worms as email attachments that masquerade as though they’re from trusted senders, tricking their victims into opening or downloading them and activating the worm.

What’s the result of a successful worm infection? Once infected, a worm will attempt to send copies of itself to the contacts listed in the victim’s email account and address book. Worm infection can result in overloading email servers and denial-of-service attacks against the network’s nodes and other malicious activities.⁴⁰

Stuxnet: Arguably the most famous or infamous computer worm, Stuxnet was discovered by two Iranian security researchers in July of 2010. A weapon of cyber warfare and an intricately complex worm, research eventually concluded that Stuxnet was attacking an Iranian power plan to sabotage the Iranian production of a nuclear weapon.⁴¹

• Dropper or virus dropper:

What does a dropper target? A relatively new type of malware, droppers are programs that contain viruses meant to harm their victim’s computer. Droppers launch viruses by “dropping” or installing them onto their victim’s computer. They’re often hidden within downloads or malicious email attachments that appear to be from a trusted sender.

What’s the result of a successful dropper infection? After hiding themselves within their victim’s computer or directory, droppers launch the payload that was contained within them. Dropper viruses are often Trojans and virus installation happens in the form of the payload. A dropper’s payload can cause its victim’s computers to suffer performance issues like slowdown. Droppers can also be used to aggregate and steal private information.

What’s scary about a dropper? Because they don’t necessarily contain malicious code, droppers can be difficult for antivirus software to detect and isolate. Sophisticated droppers can connect to the web to receive updates against antivirus software to help them avoid detection.

How can you prevent a dropper infection? In addition to general cyber resilience practices, anti-spyware software is considered to be the most effective tool for dropper detection and removal.⁴²

• Ransomware, crypto virus, crypto Trojan or crypto worm:
  

Malicious email attachments, infected software downloads and visiting malicious websites or clicking malicious links are how most computers get infected with ransomware. Some malicious applications can masquerade as the police or a government agency, claim that a victim’s system is locked down for security reasons and that a fee or fine is required for them to regain access to it.

What does ransomware target? This malware infects a victim’s computer or system and locks or otherwise limits access to that computer or system until a ransom is paid to relinquish the attacker’s control over it.

What’s the result of a successful ransomware infection? More sophisticated ransomware uses encryption for crypto-viral extortion, encrypting the victim’s files so that it’s impossible for them to recover them with the correct decryption key. The ransomware then sends the victim pop-up windows prompting the victim to pay a ransom to get full access to the victim’s computer.⁴³

Ransomware attacks against governments worldwide:

As of the end of October 2019, CNN reports that there have been 140 ransomware attacks that targeted state and local branches of the US government, including attacks on government offices, hospitals and healthcare providers.

The US isn’t alone when it comes to ransomware attacks. Small and large governments around the world are falling victim to ransomware attacks.

The ensuing paralysis halts government functions and services, such as the distribution of water and power utilities or the ability of residents to pay their bills. In some cases, hospitals were unable to admit new patients and struggled to deal with the existing patients in their care.⁴⁴

RobbinHood: This infamous ransomware was responsible for attacks on and damage to the following US cities:

Atlanta, GA, March 2018

Baltimore, MD, May 2019

Greenville, NC, April 2019⁴⁵

• Adware, freeware or pitchware: 

Adware is commonly used in web-based marketing online as advertising banners that display while a program is running, such as pop-ups. Adware can be downloaded automatically to your computer without your permission while you are browsing online.

There are generally two categories of adware:

Legitimate, which offers free or trial versions of products

Spyware that compromises users’ privacy and tracks their website history and preferences

Blurring the line between these categories, some adware can appear legitimate but use spyware to collect search data from a victim’s browser for targeted, user-specific advertisements.

How can you prevent getting adware or remove it?

Licensed anti-adware software is often better at removing adware from a computer than unlicensed versions.

Some antivirus programs have packages that include anti-adware software.⁴⁶

• Spyware:

If you use peer-to-peer (PTP) file sharing software, then you’re at greater risk of getting spyware or a virus on your computer. Cookies and spyware can appear similar to your computer.

What does spyware target? Similar to how adware functions, spyware is infiltration software that monitors unsuspecting victims and collects information about them, their computers, and what sites they visit.

Victims often get spyware by installing a free online software that has spyware bundled with it or by clicking on a malicious link.

What’s the result of a successful spyware infiltration? Spyware discretely tracks user activity, including the user’s private information, and forwards it to a remote location or back to its creator. Spyware can download and install other malicious programs onto its victim’s computer.

How can you prevent a spyware infection? Updated anti-spyware software is a good tool for detecting and removing spyware from your computer. Just be aware that antivirus software isn’t always able to detect spyware, especially if it's very new spyware.⁴⁷