Notes on Malicious Code and Network Security

Introduction to Network Security Threats

• Attackers use various methods to gain access to systems.
• Common techniques include:
  • Social Engineering: Trick users into revealing access credentials.
  • Default Credentials: Exploit unchanged default settings on equipment.
  • Misconfigurations: Use errors left by users to access networks.

Non-Technical Attacks

• Some attacks don't require advanced technical knowledge.
• Examples include using default credentials or misconfigurations.
• Defense against these involves proper configuration and user vigilance.

Technical Attacks with Malicious Code

• When non-technical methods fail, attackers use malicious code.
• Malicious Code: Refers to various methods to compromise systems.
  • Can be executables, scripts, macroviruses, Trojan horses, etc.

Defense Against Malicious Code

• Strong defenses required against malicious code:
  • Anti-malware: Blocks harmful executables and scripts.
  • Firewalls: Prevents malicious traffic from entering networks.
  • Updates and Patches: Fix vulnerabilities in software.
  • User Training: Encourages secure computing practices to avoid social engineering and phishing.

Case Studies

1. WannaCry Ransomware Attack

• Utilized a Windows vulnerability in SMB (Server Message Block) Version 1.
• Allowed attackers to execute arbitrary code on user machines.
• Led to the installation of ransomware software.

2. British Airways Cross-Site Scripting Attack

• Attackers placed 22 lines of malicious JavaScript on checkout pages.
• Resulted in the theft of credit card information.
• Approximately 380,000 victims affected.

3. Estonian Central Health Database SQL Injection

• Attackers used SQL injection to gain database access.
• Breach exposed health information for Estonia's citizens.

Conclusion

• Various forms of malicious code present a significant threat.
• Continuous vigilance and robust security practices are essential to defending against these threats.