Common Security Threats – CompTIA A+ 220-802: 2.2

There are many security threats constantly attacking our computers and our data. In this video, you’ll learn about social engineering, shoulder surfing, malware, rootkits, and much more.

<< Previous Video: Security AwarenessNext: Workstation Security Best Practices >>

One security technique that is impossible to detect electronically is something called social engineering. Social engineering is with somebody communicates with you directly on a social level to try to gather information from you or get you to do something.

A common way for this social engineering to manifest itself is with a phone call. You get a phone call at your desk. It sounds like somebody is from the Help Desk. They give a name of somebody you know in the Help Desk. They talk about your department, where you happen to be.

They have information about where your office is. And they’re saying that they’re having a problem. All they need is your user name and your password, and they’ll be able to solve this problem without there being any issues whatsoever.

And because you’re now trusting this person, you’re more apt to provide them with the information that they’re looking for.

You also want to look for social engineering that might be in your building. Maybe it’s somebody walking in, they say they’re with the telecommunications company. Maybe they’re there to fix a copier. You want to be sure that everybody follows the right processes, that everybody has badges, that you’ve checked their identification, so that you can make sure that nobody is gaining access to resources that they should not be.

Some of the most important assets that your organization has is the data that’s on your computer systems. And that data becomes extremely valuable. And if I can read it right off of your screen, it’s very, very easy now for me to gather that intel. I don’t have to know your user name. I don’t have to know your password.

I don’t have to be in your building. You’ve brought your laptop to an airport. You’re sitting on a plane and you’re working on a spreadsheet or a presentation, and now I can see it. I’m sitting right behind your shoulder. You don’t even know that I’m looking at it. It’s a very, very easy way for people to gather those pieces of information.

You don’t even have to be nearby. You can even use a binocular. You can use telescopes. Sometimes they will even put software on your computer, so that any time of day, if they would just like to connect via a remote desktop or web cam session, they’re able to do that, as well. So make sure that you’re very aware of your surroundings, and so that you know that nobody’s looking into your screen when they should not be.

There’s been a huge increase in the amount of malware that we’re seeing. And the malware can take all kinds of different forms. Maybe it’s something that sits behind the scenes and simply watches everything that you type in and then sends those key strokes out to a central server that they used to gather your user name, your password, your credentials that you use to log into your bank, for instance.

Maybe they’re only interested in putting some software on your computer, so that later on they can have your computer perform tasks for them. Maybe your computer is participating in a distributed denial of service attack, and you’re just one of those devices sending that information. Maybe your device is now spamming, sending out emails. It all depends on what the malware authors want to do.

Maybe the malware is going right after your pocketbook. Maybe they want your money. They’re encrypting information on your computer. They’re locking it up, and they’re putting a message on the screen that says, you’ve been doing something illegal. To unlock the computer, you have to give us $200.

And to do that, you simply send information through these processes. In fact, they put the logos right at the bottom of the screen to tell you where you can wire that money. Obviously, this is illegal. And this is not something that you have done illegal. The bad guys are simply locking your machine up in the hopes that you’ll send them this cash.

And maybe it’s just a virus. Maybe it’s there just to delete information or make your system unusable. Regardless of the method that’s being used and the information that’s being gathered, all of these things can create problems for you and send information out to the bad guys.

A security threat that’s not as common as malware, but certainly is very much a concern are rootkits. Rootkits come from the name “root” in Linux. And we call them rootkits, because they get into the kernel of your computer and they modify some of the core system files that are on your system.

What’s even worse is they become invisible. It’s impossible to find this rootkit through normal means. You won’t see it in your Task Manager. You won’t see the files necessary for the rootkit, because it’s part of the operating system kernel itself.

Because of this, the anti-virus that you have, the anti-malware that you’re running, they can’t see any of this rootkit information. So therefore, they can’t identify it and certainly can’t remove it from your computer.

Things like hiding in the operating system is very common, whether it’s something that’s integrated to the kernel or maybe it’s hiding in plain sight. For instance, if you look at your Windows system folder, it’s about 800 megabytes of information and 2,000 files.

If I simply add another file into this directory, are you even going to notice? There’s so much information in there currently. And if I give it an odd name, like run32dl1.dll, and I’m the listing through the files, I might even miss it then.

These rootkits use a lot of different ways to hide themselves, so make sure that you keep your operating system updated so these rootkits can’t find a way onto your system in the first place.

One of the most notorious rootkits– and we’re still talking about this rootkit today– was in 2005 from Sony BMG. You got a music CD. You put it into your computer. And behind the scenes, without your permission, without any messages, it installed a DRM application, a digital rights management application, onto your computer. That was a rootkit.

It could take any file, any directory, any process, any registry key, and it could hide itself by simply using $sys$. And so it hid itself, effectively becoming a rootkit. Now what was interesting is because this rootkit was in place and so many people were listening to these CDs, now the bad guys thought, I could hide my code and my malware using exactly the same technique. And it didn’t take long for the bad guys to do this.

Sony created a patch for this to try to roll some of these problems back. But of course, the patch itself created another avenue for bad guys to install malware. So that didn’t work very well. Ultimately, there was a lawsuit that was settled in December of 2005. The CDs were recalled, and everybody got $7.50 for their troubles, that of course, they could use to buy more music.

Not sure that was a great result, but ultimately, it showed us that these rootkits can be a significant problem.

What the bad guys have found, though, is that it’s exceptionally easy to get information from you without even installing software on your computer. They do this through a method called phishing. This phishing method is a little bit of social engineering. It’s a little bit of spoofing. They combine it all together, and they get your user name and your password.

You usually see this show up in something like a mail message. And it looks like a mail message from someone you trust. And that mail message says, I saw a funny video of you on the internet. Click here, and we can have a look at it and laugh at it together.

And when you click, it takes you, perhaps, to YouTube, but it presents you with your YouTube credentials. And then you put in your YouTube credentials, but what you don’t realize is that really wasn’t the YouTube page. And when you put in your credentials, you’re really putting in your credentials on the bad guy’s site. Now they have your credentials for YouTube.

What if it’s something that’s even worse than that? Maybe you’re logging in, or you think you’re logging in, to Paypal. But if you look at it, it looks just like the Paypal site. Everything looks exactly the same as when you would normally log in to Paypal. However , the URL is not actually the Paypal site. But if you weren’t specifically looking for that, this would look just fine.

Sometimes, though, you can find little things that are wrong. You can find a misspelling, or you can find, for instance, an image that isn’t loading properly on the site. And that might tip you off that this may not be the actual site that you’re looking at.

There’s something also called spear phishing, where the bad guys are identifying very specific users and targeting those people directly. If you want to have access to somebody’s Twitter account, then you need to find out who manages it. And you send that spam to try to get them to log into a fake Twitter site that’s now going to give you those credentials.

It’s exceptionally easy. The bad guys don’t need to install any software on your computer. All they’re doing is making you click the wrong thing and input information into something that looks legitimate, but it really isn’t.

Of course, we’re still having significant problems with viruses on our computers. These viruses are little pieces of code that are able to get onto your computer and then reproduce themselves, just like a real virus in the human body. It doesn’t require that you click anything, all it needs you to do is run a program. It piggy backs along with that program, and then spreads itself somewhere else.

Not only can it reproduce through the file system that’s on your computer, but viruses these days can reproduce across the network. And since we’re all connected to networks these days, it’s an exceptionally easy way for the virus to move from system to system.

Some viruses you may not even notice. They’re so innocuous. They don’t really do anything on your computer, or maybe they’re waiting for a certain amount of time. So you don’t even know that they’re there.

Other types of viruses are very invasive. They’re deleting files. They’re creating high levels of utilization, and you have to find some way to remove that virus from your computer.

There’s a lot of different antivirus applications out there. You need to make sure you’re running one on your computer. And we’re finding new viruses, thousands of new viruses, every week, which means you also have to make sure that you update those signatures. So even if you’re running an antivirus program, that doesn’t do you any good unless you’re constantly getting those updates from your antivirus manufacturer.

Another nasty type of malware is one called a worm. A worm can replicate itself without any type of user intervention. It doesn’t need you to run a program. It can take care of that process on its own. Because of that, it can simply hop around the network. In fact, it can do it very, very quickly and infect a very large number of computers in a very short period of time.

Sometimes these worms can be built to try to do good things. There was a worm that was created called Nachi that tried to patch a computer all over the internet to avoid getting another kind of worm. I don’t know if really that’s a good thing or a bad thing, but it was certainly an idea that was tried, probably because it’s so hard to stop these once they get going.

We can sometimes stop these worms at the edge of our network, using intrusion detection or intrusion prevention products. But once the worm gets inside of the network, there’s nothing to stop it. And it can bounce around and infect anybody’s network very, very quickly.