Week 14 - Malware, Social Effects and Threat Modelling

Question 1

Weakest Link Principle

Answer 1

People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems.

Question 2

How weakest link principle is exploited

Answer 2

• Human factors: social engineering, unintentional errors.
• Technology vulnerabilities: outdated or insecure apps, operating system defects.
• Exposed personal traits: oversharing on social media (e.g., sensitive interests or habits).

Question 3

Malware

Answer 3

• Any software designed to cause harm to computer systems, networks, or users.
• It is designed to harm and exploit your computer or network by stealing sensitive information, disrupting systems operations or gaining unauthorised access to your device.
• Short for Malicious software.

Question 4

Types of malware - virus

Answer 4

• Malicious executable code attached to another executable file.
• Spreads through infected files.
• Can corrupt files, slow down systems or cause crashes.
• Can be prevented by using antivirus and avoiding untrusted files.
• 2 types:
  − Resident virus: stays in memory.
  − Non-resident virus: does not stay in memory after execution.

Question 5

Types of malware - worm

Answer 5

• Self-replicating malware that doesn’t require a host to spread.
• Spreads by exploiting security flaws to spread over networks.
• Disrupts networks and consumes bandwidths.
• Can be prevented through regular updates and firewall use.

Question 6

Types of malware - trojan

Answer 6

• Malware disguised as legitimate software to trick users to install them.
• Spreads by delivering itself through phishing or malicious downloads.
• Steals data or provides unauthorized access.
• Can be prevented by applying caution with emails and downloads.

Question 7

Types of malware - ransomware

Answer 7

• Infects computer, encrypts files or locks systems for ransom.
• Spreads through phishing emails or infected websites.
• Causes data loss, financial distortion and system downtime.
• Can be prevented by backing up important files and avoiding suspicious links.

Question 8

Types of malware - zombie

Answer 8

• A compromised computer controlled by hackers to perform malicious acts.
• Spreads through other types of malware like trojans or worms.
• Used in botnets for spam or Distributed Denial of Service (DDoS) attacks.
• Can be prevented through regular updates, monitoring unusual activity and strong authentication.

Question 9

Types of malware - botnet

Answer 9

• A network of zombies controlled remotely by cybercriminals.
• Spreads by malware infiltrating devices and turning them into a bot/zombie that can be used for malicious purposes.
• Used to launch DDOs attacks, send spam emails or steal sensitive information.
• Can be prevented with secure IoT devices, use of firewalls and antivirus software.

Question 10

Distributed Denial of Service (DDoS) attacks

Answer 10

A hacker making a website or other service inaccessible by flooding it with requests from many different devices.

Question 11

How does malware gain access

Answer 11

• Phishing emails: malicious attachments or links trick users into downloading malware.
• Exploiting vulnerabilities: malware often takes advantage of unpatched software/ system weaknesses.
• Social engineering: attackers manipulate victims into revealing sensitive
  information or executing malicious code.
• Malicious Websites/Ads: Malware is delivered through compromised or fake websites and ads.
• Infected Software/Downloads: Malware can hide in seemingly legitimate software or files.

Question 12

Effects of Malware

Answer 12

• Data Theft: Personal, financial, or business data is stolen for malicious use.
• System Damage: Malware can corrupt or delete files, slow down or crash systems.
• Loss of Privacy: Sensitive information such as passwords or browsing history may be exposed.
• Financial Loss: Ransomware and data breaches can lead to direct financial damage.
• Performance Issues: Malware can reduce system speed or disrupt normal operation.
• Reputation Damage: Organizations or individuals may suffer from compromised trust and credibility.

Question 13

Malware Practitioners

Answer 13

• Cybercriminals: individuals or groups who create and distribute malware for financial gain.
• Hacktivists: people or organisations who use malware as a tool for political or social causes.
• State-sponsored actors: government or military organisations that use malware for sabotage, warfare etc.
• Script kiddies: less skilled attackers who use pre-made malware for fun or attention.
• Cybersecurity researchers: ethical hackers who analyse malware to develop protections or solutions.

Question 14

Other types of malevolent practice

Answer 14

• Phishing and spear phishing
• Social engineering
• Grooming
• Online stalking
• Doxing
• Deepfakes
• Misinformation

Question 15

Phishing and spear phishing

Answer 15

• Phishing: spam emails that look legitimate that trick users into entering personal info or even confirming if they click a link so could receive spam in the future.
• Spear phishing: similar to phishing but is more targeted and personalised type where attackers tailor their fraudulent messages to a specific individual or organization.

Question 16

Grooming

Answer 16

Gaining trust of a victim by being nice, often over a long period of time. Once trust is established, perpetrator either gets the victim to reveal personal info or unknowingly involves them.

Question 16

Social engineering

Answer 16

Perpetrator collects data by dumpster diving (sorting through bins), monitoring social media or should surfing (looking at peoples screens in public) rather than gaining information through code/software.
The perpetrator convinces the victim to trust them then asks for money/details.

Question 17

Online stalking

Answer 17

Obsessively following or watching a person without their knowledge, often through covert surveillance.

Question 18

Doxing

Answer 18

Publishing private data (addresses, phone numbers) with malicious intent.

Question 19

Deepfakes

Answer 19

AI‐generated images, videos, or audio that appear real. The deepfake is then used to spread misinformation, commit fraud through impersonation or create fake evidence for blackmail or manipulation.

Question 20

Misinformation

Answer 20

• Misinformation: unintentionally sharing false or misleading information.
• Disinformation: intentionally sharing false or misleading information to manipulate or deceive.
  Can be used to manipulate opinions, erode trust, influence political outcomes or create echo chambers.

Question 21

Threat modelling

Answer 21

• A technique within the security lifecycle to analyse a system’s security & privacy concerns.
• Can allow for recognising potential failures/attacks, identifying design and implementation flaws early and informing decisions throughout development, testing and deployment.

Question 22

What are the 5 key phases of threat modelling

Answer 22

• Asset identification.
• Threat analysis.
• Vulnerability analysis.
• Risk assessment.
• Risk communication.

Question 23

Asset identification

Answer 23

Determine what you are trying to detect.
Identifies what assets you are trying to protect.

Question 24

Threat analysis

Answer 24

Identify potential attacks or events that could compromise the identified assets. Identifies relevant threats and vulnerabilities.

Question 25

Vulnerability analysis

Answer 25

Pinpoint the weakness, both technical and organisational. Identifies risk level for identified threats and vulnerabilities.

Question 26

Risk assessment

Answer 26

Evaluate the likelihood and impact of each threat. Identifies mitigation and contingency priorities for the relevant threats and weaknesses.

Question 27

Risk communication

Answer 27

Share the findings with stakeholders.

Question 28

Natural threats

Answer 28

- Natural threat/ accidents: Non-intentional threat agents (e.g., floods, fires, user mistakes). - Natural threats are well studied and relatively predictable in frequency. Can plan accordingly. - Accidental threats come from human error without malicious intent. They are hard to track or predict. Need to implement training, policies and reporting to handle.

Question 29

malicious threats

Answer 29

- Intentional threat agents. - Characteristics: − motivation: why do they act. − capability: skills and resources. − catalyst: what triggered the event. − inhibitors: what might deter them. − amplifiers: what might push them forward.

Question 30

Threat modelling frameworks

Answer 30

- STRIDE: a systematic processes to identify and assess security risks in a system. It is a mnemonic that categorizes potential threats based on the types of attacks they represent, each letter corresponds to a specific category of threat. - DREAD: a risk assessment model that evaluates threats based on five criteria. It is a scoring system designed to prioritise and quantify risks.

Question 31

STRIED threat modelling framework

Answer 31

- Spoofing: Impersonating a user, device, or system to gain unauthorized access. - Tampering: unauthorised modification of data during transit or at rest. - Repudiation: Denying performing an action, often due to a lack of proper logging or auditing. - Information disclose: Unauthorized access to sensitive data. - Denial of service: Disrupting service availability by overwhelming the system or exploiting weaknesses. - Elevation of privilege: Gaining unauthorized, higher-level access to the system.

Question 32

DREAD threat modelling framework

Answer 32

- Damage potential: How bad would the impact be if the threat is realized? - Reproducibility: How easy is it for an attacker to replicate the threat? - Exploitability: How easy is it for an attacker to launch the attack? - Affected users: How many users or systems would be impacted? - Discoverability: How likely is it that the vulnerability will be found by attackers?