Abstract—With always evolving technologies many devices are emerging which has the ability to connect to other devices across the world using internet, it is always a big challenge to protect them from being breached by the hacker. These hackers always are one step ahead in exploiting the vulnerabilities of an organization’s network. Here we discuss types of malware attacks that took place in the recent past which caused a big harm to many organizations costing them money and resource, and some of the steps a company can take to prevent the hackers to invade their networks.
Keywords—malware, mirai, wannacry, locky, ransomware, botnet.
I. Introduction
The term malware is an abbreviation for Malicious software. To put it in simple terms, a malware is a program that was written with the intention of harming a system or a network. At the beginning these malwares were written by rebel hackers, to test their skills and wits against any system they decided to take over. But now-a-days, these black hat developers sell their software to the highest bidder in the market. It can be a criminal organization or a government agency who are trying to access the data present in a remote computer, mobile devices or a network. Malwares are categorized into different types based on their functions like computer worm, computer viruses, trojan horse, spyware, adware, botnet, wiper, scareware, backdoor, ransomware to name a few.
Get Help With Your Essay
If you need assistance with writing your essay, our professional essay writing service is here to help!
II. Types of Malwares
A. Computer Worm
A Computer Worm is an independent malware Computer program that replicates itself over the network without the knowledge of the users. It spreads itself on the computer network so that it can gain access to the target computer when its security fails. They always cause some harm to the network, even as simple as consuming the bandwidth. [2] They often exploit the weakness in the operating system or software. They are the most successful and long-lived forms of malware out there. [3]
B. Trojan Horse
A standout amongst the most widely recognized types of malware “the Trojan horse” is a type of vindictive software which frequently camouflages itself as a real tool that tricks the client so it can complete its malicious objectives. Its name originates from the story of ancient Troy, with a small team of Greek soldiers hiding inside a giant wooden horse, which they claimed was a gift to the city of Troy. The group inside the wooden horse emerged and took over the city once they were inside the city walls. 
Fig. 1. Depiction of Trojan Horse used by Greeks. [3]
Trojan malware works similarly, in that it sneaks into your system – regularly masked as an authentic tool like an update or a Flash download – at that point, once inside your system, it starts its assaults. Depending on its abilities a Trojan can then possibly access and catch everything – logins and passwords, keystrokes, screen captures, framework data, managing an account points of interest, and increasingly and furtively send everything to the assailants. Once in a while a Trojan can even enable attackers to change information. The intensity of Trojan horse makes it a valuable tool for everybody from solo hackers, to criminal groups to state-supported operations participating in full-scale undercover work.[3]
C. Ransomware
Ransomware is a type of malicious software that threatens to publish the victim’s data or continue to block access to it unless a ransom is paid. A knowledgeable person will be able to unlock the systems, locked by a simple ransomware. While sophisticated malwares use techniques, which encrypts the files of the victim, making them impossible to access, and demands a ransom to decrypt the file back to its original state. If the attack is carried out properly, recovering the files without the decryption key is next to impossible. It is also very difficult to trace the attacker. [4]
D. Computer Virus
Viruses are programs which has the capability to spread independently by making duplicates of themselves and afterward invading other computer programs. Virus is the best known and most seasoned kind of malware. A Virus replicates itself after a malicious program executes and it starts to interferes with a computer’s capacities, keeps an eye on the users, deletes information, or even causes harm to the hardware. [1]
E. Spyware
A spyware is a piece of software sends user data and their activities to the creator of the software, without the knowledge of the user. They might arrive as a trojan software or downloaded into the computers by other ways. [3]
F. Wiper malware
Wiper malware has one basic objective: To destroy or eradicate all information from the target network or system. The wiping could occur after the attackers have subtly removed target information from the system for themselves, or it could be installed with the pure intention of disrupting the system. One of the primary significant types of wiper malware was Shamoon, which infected the systems of Saudi energy companies with the point of taking information and wiping it from the contaminated machine. A standout amongst the most prominent wipers of ongoing occasions was Petya ransomware. The malware was first thought to be ransomware. In any case, analysts found that there was no chance to get for victim’s information by means of paying the payment, but also its goal was to hopelessly erase the information. [3]
G. Adware
The goal of adware is to make revenue to cybercriminals. It pushes advertisements onto the users in such a way that the only way to get out of it is to click through them. This creates clicks for the cybercriminals through which they earn money. They don’t steal user’s data or harm the computer system. [3]
H. Botnet
A botnet is a group of computers on a network which gets hijacked by the attacker, who can use them for a specific operation. Most of the time the attackers perform DDoS attacks through botnets by flooding the network of the victim with unwanted traffic, which brings the whole network down. [3]
I. Scareware
This malware displays fake pop up warnings on the screen saying that their computer has been infected by a malware. Another software is advertised which tells the user that it will remove that particular malware and pushes the user to purchase it. Usually the computer gets infected by the malware that the user bought which was advertised. [1]
J. Backdoor
They are known as trapdoor, it is the part of a software that creates a backdoor which is accessed by the attacker. This operation takes place without the user knowing about it. By getting the remote access to a computer on a network, the attacker can perform DDoS attacks to paralyze a network by flooding it with traffic. [1]
III. malware attacks that caused big impact
1. mirai botnet
In September 2016, a French webhost and cloud service provider called OVH was attacked using the Mirai malware with the traffic speed of 1.1 Tbps. The attacker released the source code of Mirai malware and they offered Mirai botnets for rent with upwards of 400,000 simultaneously connected devices. More Mirai assaults followed on October 2016 against the service providing company called Dyn, that brought down many sites—including Twitter, Netflix, Reddit, and GitHub—for a few hours.
Mirai essentially spreads by first tainting gadgets, for example, webcams, DVRs, and routers that run a version of BusyBox (busybox.net). It then predicts the administration accreditations of other IoT gadgets by brute force, by referring small dictionary of potential username and password sets.
Today, different strands of Mirai malwares are created day by day, and the way that they can proceed to multiply and dispense real harm by utilizing a similar intrusion technique as the first malware attack on the IoT gadgets due to lack of steps taken by the vendors or ignoring it. Shockingly, IoT botnets have gotten just sporadic consideration from scientists. If the security network doesn’t react quickly, even more sophisticated attacks will be carried by the hacker which might result in the huge part of internet to come to a halt. [5]
Fig. 2. Mirai botnet operation and communication. [5]
A Mirai botnet main purpose is to replicate itself on a network and infect as many devices as possible. The infected devices then attack the targeted server on the network from the person who gives the command to the bot or also known as botmaster. The command and control (C&C) server gives the botmaster the centralized control over the network, with which the botmaster can check the condition of the botnet and start the DDoS attack. [5]
The Miria botnet has two stages of attack they are replication module and the other one is attack module. Let us see how both the modules work in details:
- Replication Module
- The replication module is in charge of enslaving as many IoT devices as possible. It achieves this by randomly scanning the entire internet to find the insecure IoT devices, to take control and prepare them for attacking. [6]
Fig. 3. Illustration of Replication Module. [6]
- In the initial attack on the IoT devices the Mirai malware relied on 64 well known default usernames and passwords pairs. While this assault was low tech, it demonstrated great success and it compromised more than 600,000 IoT gadgets. [6]
- Attack module
Fig. 4. Illustration of Attack Module. [6]
- In this module the malware carries out DDoS attacks against the devices whose information is provided by the C&C servers. This module allows Mirai malware to use various attacks such as application-layer attacks, TCP state-exhaustion attacks, and volumetric attacks by using various DDoS code techniques such as HTTP flooding, UDP flooding, and all TCP state-exhaustion attacks. [6]
2. wannacry Ransomware
This ransomware attack is also referred as WCRY or WannaCry. The latest attack occurred on 12 May 2017, “WanaCrypt0r 2.0” the latest version of WannaCry ransomware struck National Health Service (NHS) in United Kingdom, through the internet service provider Telefonica. The Ransomware has affected more than 300,000 organizations worldwide altogether. [9] WannaCry infects the computers by exploiting CVE-2017-0144, which a vulnerability in Microsoft Server Message Block 1.0 (SMBv1). This information was leaked by one of the members of the hacker group called the Shadow Brokers, known as the “EternalBlue” exploit. Although, Microsoft’s Security Response Center (MSRC) patched the flaw by releasing MS17-010 patch in March 2017. Many organizations and Institutions failed to install this patch which left the systems vulnerable to the attacks. [7]
Fig. 4. Screenshot of the user infected by WannaCry.
When the system gets infected with this malware, it targets and encrypts 176 file types. It also targets database files, multimedia and archive files, even Microsoft Office documents. It generates a random note to the users who got infected initially demanding US$300 worth of Bitcoins. The amount keeps increasing after a certain amount of time limit. And there will be popup mentioning that all the data of the victim will be deleted if not paid. [7]
WannaCry has a worm-like properties which helps it to spread across networks, attacking the systems connected to the network without the knowledge of the user. The whole network comes under risk of the attack even if one of the computers gets infected. [7]
3. locky virus
Locky was first discovered in February 2016 by a cybersecurity firm, it observed that more than 23 million emails containing attachments with Locky virus in it was sent in the period of 24 hours. It uses various scripting languages which executes complex attacks such as domain generation algorithm, complex spam email campaigns, server-side encryption, and generic PE packers. The authors of the malware have ironed out the flaws and added some features which has made it even more difficult to detect. The ransomware utilizes RSA-2048 + AES-128 cipher encrypts the files. The ransomware encrypts the data on all the fixed hard drives, removable drives, RAM and network which is impossible to decrypt, as the keys are generated on the server side.
Fig.5. Screenshot of the user’s screen infected by Locky. [8]
The ransomware asks for the payment between the amount of 0.5 to 1 bitcoin. Locky has found its way into many countries such as France, Italy, Germany, USA, Spain and many more where it effects wide range of file formats including files used by engineers, designers, developers and testers. It will be a huge blow to small businesses because of this as they will not have the ability to recover the files. The malware spreads through phony emails and attachments such as .doc, .xls or .zip. By using the social engineering techniques, they trick people to enable the macros by displaying the popup message saying that “enable macro if data encoding is incorrect” when you click on the document that is attached to the received email. [8]
Fig. 6. Screenshot of the user’s screen infected by Locky. [8]
IV. prevention steps to be taken by organizations
We must understand that organizations should take some necessary steps to defend themselves from any type of the external or internal attacks. These are few of the step the companies need to follow:
- Install layered security system on the organization’s network, which consists of the components such as Intrusion Detection System (IDS), Intrusion Protection System (IPS), web security gateway solutions, gateway antivirus, network-based antivirus on all the systems to name a few. [10]
- Conduct security awareness programs for the employees to educate them on types of malware and phishing attacks and the steps to take to prevent the attacks on the organization’s network.
- Keep all the systems updated, i.e install latest security updates and patches provided by the companies developing the operating systems or softwares. [10]
- Backup your data frequently by connecting the backup drives to the system during the backup process and then disconnect it, to lower the probability of the backup also getting infected. [10]
- Have a good response plan in case the organization comes under cyber attack. [10]
- Always encrypt sensitive data before uploading it to the company’s server or to the cloud. [10]
V. conclusion
In today’s world where new mutations of malwares are being created from the hackers. An organization should take all the precautions to cover all the gaps in its defense against any type of cyber attacks.
reference
[1] J. Raymond, “What is Malware and How Can We Prevent It?”, Comodo Antivirus Blogs | Anti-Virus Software Updates, 2018. [Online]. Available: https://antivirus.comodo.com/blog/how-to/what-is-malware/. [Accessed: 21- Oct- 2018].
[2] “Computer worm”, En.wikipedia.org, 2018. [Online]. Available: https://en.wikipedia.org/wiki/Computer_worm. [Accessed: 21- Oct- 2018].
[3] D. Palmer, “What is malware? Everything you need to know about viruses, trojans and malicious software | ZDNet”, ZDNet, 2018. [Online]. Available: https://www.zdnet.com/article/what-is-malware-everything-you-need-to-know-about-viruses-trojans-and-malicious-software/. [Accessed: 21- Oct- 2018].
[4] “Ransomware”, En.wikipedia.org, 2018. [Online]. Available: https://en.wikipedia.org/wiki/Ransomware. [Accessed: 21- Oct- 2018].
[5] C. Kolias, G. Kambourakis, A. Stavrou and J. Voas, “DDoS in the IoT: Mirai and Other Botnets”, Computer, vol. 50, no. 7, pp. 80-84, 2017.
[6] “Inside the infamous Mirai IoT Botnet: A Retrospective Analysis”, The Cloudflare Blog, 2018. [Online]. Available: https://blog.cloudflare.com/inside-mirai-the-infamous-iot-botnet-a-retrospective-analysis/. [Accessed: 21- Oct- 2018].
[7] “Preventing WannaCry Ransomware (WCRY) attack using Trend Micro Products”, Success.trendmicro.com, 2018. [Online]. Available: https://success.trendmicro.com/solution/1117391-preventing-wannacry-wcry-ransomware-attacks-using-trend-micro-products. [Accessed: 21- Oct- 2018].
[8] “Locky ransomware – what it is and how to protect your PC | Avast”, Avast.com, 2018. [Online]. Available: https://www.avast.com/c-locky. [Accessed: 21- Oct- 2018].
[9] D. Bisson, “10 of the Most Significant Ransomware Attacks of 2017”, The State of Security, 2017. [Online]. Available: https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/10-significant-ransomware-attacks-2017/. [Accessed: 21- Oct- 2018].
[10] “10 Tips for Defending Your Business Against Malware Attacks”, Medium,2018.[Online].Available:https://medium.com/@Imaginovation/10-tips-for-defending-your-business-against-malware-attacks-
db70ef22cc9c. [Accessed: 21- Oct- 2018].
[11] R. Bond, “5 Ways to Protect Your Small Business from Cyber Attacks”, Hitachi Systems Security | Managed Security Services Provider, 2017. [Online]. Available: https://www.hitachi-systems-security.com/blog/5-ways-to-protect-your-small-business-from-cyber-attacks/. [Accessed: 21- Oct- 2018].
Cite This Work
To export a reference to this article please select a referencing style below:
