When talking about web security, there are several adversarial models. First, the client can be the attacker, and the server can be the victim. In this scenario, the client would send malicious requests trying to hack the server. Second, the server can be the attacker, and the client, the victim. In this scenario, the server would reply with malicious responses, trying to hack the client. Finally, clients can attack other clients via servers by poisoning them in such a way that they spread this malice to other clients they serve. Let’s start with the first case, clients attacking servers. And with the most famous example of it, SQL injections. We’ve actually seen a similar vulnerability in the first lesson when we discussed code injections. In both scenarios, a server is using input received from the client to run code, so if it’s not careful, the client will be able to inject input that will run as code. In the case of SQL injections, we’ll be dealing with SQL, or Structured Query Language, which is a programming language for what’s called relational databases. CISSP databases are systems that store data in tables and are widely used by servers to store user information, content, and so on.
The various flaws in design implementation and operation that makeup information security. But we haven’t really talked about who or what exploits these vulnerabilities. What makes information security so relevant? We did mention hackers, of course, but they are still only human, with limited time and limited reach. No, in order to really scale, we have to automate. We have to use the software. And when such software is used for malicious purposes, we call it malware. Malware has many faces: Computer viruses, worms, Trojan horses, stealware, scareware, ransomware, and the list goes on. The reason it has so many faces is that it has as many purposes. Theft, impersonation, espionage, and even cyber warfare. CISSP Certification lesson, we’ll trace malware back to its very origins and understand how it has evolved, how it replicates, survives, and behaves. And what can be done to stop it? So, then, we talked about how malware can replicate and spread. It can passively copy itself onto other files, actively exploit vulnerabilities and push forward, or trick the user into letting it in. But how does it survive once inside? Again, we can distinguish between three survival strategies: non-resident malware, resident malware, and backdoors. A non-resident malware is, as its name suggests, only present in the infected computer temporarily. And as such, it usually does its thing, like delete some important files or steal some sensitive information, then moves on. A resident malware, on the other hand, takes root in the infected host and can systematically compromise the system, spy on the user, etc. The trade-off is obvious. Non-resident malware is easier to recover from because once the damage is done, there’s no one left to fight, and we’re free to rebuild the ruins. But it’s also harder to catch because it leaves fewer traces. A resident malware, while more likely to be captured, analyzed, and ultimately vaccinated against, is also much more powerful and potentially harmful. The third kind, backdoors, strike a balance between the two. In this case, the malware is non-resident, in the sense that it doesn’t remain as some actual running process, but it does leave something behind. Specifically, it changes something or weakens something so that the next time it comes around, it’s easier for it to infiltrate the system and hijack control. In other words, having broken into the house through the front door once, it goes away but leaves some back door open for the future by Sprintzeal.
Okay, so we know how malware replicates and how malware survives. But why does it replicate and survive? What is its purpose? One common purpose is resource theft. Having gained access to a system, the malware would use its processing power, For example, to mine cryptocurrencies. The popular BitTorrent client Torrent actually did just that, effectively making it a Trojan horse. People would willingly download and install it for its torrent-related functionality, and it would, in turn, use their computers to mine bitcoin in the background.
Another common purpose is identity theft hijacking systems to impersonate users. Take stealware, for example. Some websites, like booking or travel services,
All these needs to be avoided at all costs to make sure that the insider hacking protocols don’t get enough sustaining environment to complete their work if we want to leave an “internet crime-free” atmosphere.