Cyber Security

Attack using Malware or Lifecycle of Malware

Group 10

Eman Saeed (23211)

Umais Gillani (23212)
Zainab Batool (23213)
Alishba Zaheer (23222)
Minahil Omer (23256)
Introduction

 Malware:
Malware is malicious software and refers to any software that is designed to cause harm to
computer systems, networks, or users. Malware can take many forms. Individuals and
organizations need to be aware of the different types of malware and take steps to protect
their systems, such as using antivirus software, keeping software and systems up-to-date,
and being cautious when opening email attachments or downloading software from the
internet.
 What is Malware?
Malware is soft and ware that gets into the system without user consent to steal the user’s
private confidential data, including bank details and passwords. They also generate
annoying pop-up ads and change system settings.
 What Does Malware Do?
Malware is designed to harm and exploit your computer or network. It can steal sensitive
information like passwords and credit card numbers, disrupt your system’s operations, and
even allow attackers to gain unauthorized access to your device. Some types of malware, such
as ransomware, encrypt your files and demand payment to unlock them, while spyware
monitors your activities and sends the information back to the attacker. Additionally, malware
can spread to other devices on the same network, making it a significant threat. Protecting
your devices with up-to-date antivirus software and being cautious about your open links and
attachments can help mitigate these risks.
 Why Do Cybercriminals Use Malware?
Cybercriminals (bad people on the internet) use malware (bad software) for different bad reasons.
Here’s what they do with it:
1. To trick people and steal personal information
They send fake messages or create fake websites to make you give them your:
 Name
 Passwords
 ID numbers
 Then they use your information to pretend to be you (this is called identity theft).
2. To steal money or credit card details
 They use malware to get into your bank account or credit card info, and then they use it to
steal your money.
3. To control many computers and attack websites
 They can take over many computers at once and use them to attack other websites.
This is called a Denial-of-Service (DoS) attack, which makes a website crash or stop working.
 4. To secretly use your computer to make cryptocurrency
 They install malware that uses your computer to create digital money like Bitcoin, without you
knowing.
 Types of Malware

Virus:
A computer virus is a type of malicious software (malware) that
attaches itself to clean files or programs and spreads when that
file or program is run. It can corrupt, delete, or steal data, and
sometimes damage system functions.
✅ Protection Against Viruses:
Use reliable antivirus software and keep it updated.
Don’t open suspicious emails or unknown attachments.
Keep your system and applications updated with the latest
security patches.
Avoid downloading pirated software or files from untrusted
websites.
Regularly back up your data to recover in case of infection.
Worm:

A worm is a type of malware that replicates itself and spreads across networks without
needing to attach to files or programs. It can slow down systems, consume bandwidth, and
create backdoors for hackers.
✅ Protection Against Worms:
 Use a firewall to block unauthorized network access.
 Install security updates for your operating system and software.
 Use strong, unique passwords for your devices and networks.
 Scan USBs and external drives before opening them.
 Monitor network activity for unusual traffic or behavior.
Cyber Attack Life Cycle:-

 The Cyber Attack Lifecycle is a process or a model by which a typical attacker

would advance or proceed through a sequence of events to successfully infiltrate
an organization’s network and exfiltrate information, data, or trade secrets from it.
When cyber attackers make their plan or strategies to infiltrate an organization’s
network and exfiltrate data from it, they follow certain steps or stages through
which they must progress carefully and successfully in each stage to make the
attack successful. And if any adversary (blocking from the organization’s side or
any cyber threat prevention software) occurs at any point in the cycle or stage
then it can break the chain of attack.
 Now that we have the overview of the cyber-attack lifecycle and its way to be
successful through some stages, therefore we must know and should have a
deeper understanding of its cycle or stages.
What is Cyber Attack Life Cycle?

 The Cyber Attack Life Cycle is a framework that outlines the stages
an attacker goes through to execute a successful cyber attack. It
typically includes stages such as reconnaissance (gathering
information about the target), weaponization (creating malicious
payloads), delivery (sending the payload to the target), exploitation
(exploiting vulnerabilities), installation (installing malware or
backdoors), command and control (establishing communication
with the compromised system), and execution (carrying out the
attack’s objectives). Understanding this cycle helps organizations
identify and mitigate threats at each stage.
stages of a cyber security attack:

1. Reconnaissance (Info Gathering):

The attacker collects information about the target.
Example: Scanning a company’s website to find employee email.
2. Weaponization:
The attacker creates a tool (like malware) to use in the attack.
Example:
Making a fake PDF that contains a virus.
3. Delivery:
The attacker sends the malicious tool to the target.
Example: Emailing the fake PDF to an employee.
4. Exploitation:
The tool takes advantage of a weakness.
Example: When the employee opens the fake PDF, the virus
runs.
5. Installation:
The malware is installed on the target’s system.
Example: A keylogger is installed to steal passwords.
6. Command & Control (C2):
The attacker takes control of the system remotely.
Example: The hacker sends commands to the infected
computer.
7. Actions on Objectives:
The attacker does what they planned (steal, damage, etc.).
Example: Stealing files, money, or shutting down systems.
Ways to Break the Cyber Attack Life Cycle:

1. Security Awareness Training:

 Teach users what they should and shouldn’t post online.
Example: Employees should avoid posting work-related details or credentials on social
media, like sharing pictures of ID cards or mentioning internal tools.
 Regularly monitor network traffic to detect suspicious activity early.
Example: If a user's device is sending large amounts of data at night when it's usually idle,
it could indicate a data breach attempt.
2. Perimeter Protection:
 Block malicious websites and automatically detect unknown
malware to provide real-time protection.
Example: A security system should prevent users from accessing a
phishing website even if they click a suspicious link in an email.
 Continuously educate users about spear-phishing and suspicious
emails.
Example: Conduct monthly workshops or simulations where users
are tested on identifying fake emails pretending to be from the CEO.
3. Limited Admin Access:
 Do not grant unnecessary administrative rights to users.
Example: An intern should not have the same access rights as an IT
administrator. This limits potential damage if their account is
compromised.
 Block installation of malware—whether known or unknown—on
endpoints, networks, and cloud services.
Example: Use endpoint protection tools that can stop new malware
even if it's not yet in the antivirus database.
4. Threat Hunting and URL Filtering:
 Proactively search for indicators of compromise (IoCs) in
the network.
Example: If an unusual login from a foreign IP address is
detected, security teams should investigate immediately.
 Use URL filtering to block traffic going to malicious
websites.
Example: If someone tries to visit a fake banking site, the
filter should prevent access and alert the security team.
Real-World Cyber Attacks:

 Password Leak (Dotcom Tools):

In 2009, the Dotcom Tools website suffered a big password breach, exposing data from 32
million accounts. The website still exists today: Dotcom-Tools.com
 Email Tricks and Phishing Attacks:
Cybercriminals use smart techniques to trick employees into clicking harmful email links
or downloading fake files. That’s why we created a blog called “10 Steps to Protect Your
Business from Cybercrime” with easy tips for protection.
 Ransomware Attack (2017):
A major ransomware attack in 2017 affected over 200,000 computers across 150+
countries. It caused around $6 billion in damages to industries.
Real-World Cyber Attacks:

 Yahoo Hack (2014):

In 2014, hackers stole data from 500 million Yahoo accounts. Passwords and basic
information were stolen, but banking details stayed safe.
 Adobe Attack:
At first, it was believed only 2.9 million Adobe users were affected. Later, it was
discovered that 38 million users had their data stolen, including user IDs and passwords.
 Melissa Virus (1999):
A person named David Lee Smith created the Melissa virus, which spread through
Microsoft Word files. It hit many companies, including Microsoft, and cost around $80
million in damage control.
 Cyber Threat Awareness in Education:
Now, the top 10 engineering colleges in Tamil Nadu have added cybersecurity to their
computer engineering courses to raise student awareness about cyber threats.