Principles of Cybersecurity, 1st Edition page 42

Copyright Goodheart-Willcox Co., Inc. 42 Principles of Cybersecurity this process on each new system. The MyDoom worm slowed down Internet access by 10 percent and caused roughly 38 billion dollars in damages. Time or Logic Bomb A time bomb or logic bomb is malicious software that does not launch imme- diately when a system is infected. Instead, it relies on some type of trigger, which can be a date, time, or condition. The malware remains dormant looking for the trigger. When the trigger occurs, the payload is unleashed. A time bomb deploys its payload when a date or time occurs. An early exam- ple of a time bomb is a virus called Michelangelo. This virus delivered its payload only on the day of Michelangelo’s birthday, which is March 6th. Once the payload was delivered, it reformatted the infected system’s hard disk by overwriting data with random characters. A logic bomb will deploy when conditions exist that the malware is seeking. The Stuxnet virus discussed in Chapter 1 illustrates this. Stuxnet did nothing to systems that did not have the Siemens software installed. It only delivered its pay- load when this software was present. Armored Virus An armored virus is designed to prevent security analysts from reading the source code. It does so by attempting to prevent access to or disassembly of the code itself. Armored viruses use special methods to attempt to ward off antivirus software, technicians, and ultimately detection. Ransomware Ransomware is fast becoming a serious threat to users. Ransomware does not steal or destroy data, rather it encrypts data so the user cannot access it unless a fee is paid to the hacker. Usually, the ransom must be paid via Bitcoins, which makes it diffi cult to trace. This type of malware is referred to as cryptomalware. Encryption is when data are converted into unreadable characters by apply- ing a security key. To read the data, the correct key (or algorithm) must be used to convert the data back into readable data, as shown in Figure 2-7. With ransom- ware, hackers hold your data hostage until a ransom is paid to receive the decryp- tion key. A computer system is usually infected with ransomware when a user opens an infected e-mail attachment. Ransomware can also be spread when a user visits a web page that is infected. The ransomware is automatically downloaded. This action is known as a drive-by-download. An example of ransomware occurred with Hollywood Presbyterian Hos- pital. Computer systems needed for pharmaceutical orders, lab work, and the emergency room were locked until a ransom of 17,000 bitcoins, or roughly 3 mil- lion dollars, was paid. The hospital paid the ransom. It was fortunate the hackers Bitcoin is an electronic currency invented in 2008 and released as an open- source tool in 2009. It is a peer-to-peer system of transactions that does not involve banks, third- party organizations, or governments. FYI Hi There! Encrypted Data Readable Data Readable Data Receiver’s Public Key Receiver’s Private Key Data are Scrambled Data are Unscrambled Encryption &j9e#%c@j Decryption Hi There! Goodheart-Willcox Publisher cTermit/Shutterstock.com Figure 2-7. Encryption makes data unreadable without the proper key to unlock the encryption.

Previous Page Next Page

Principles of Cybersecurity, 1st Edition Page 42 (54 of 634)

Resources and Downloads

Help