Taking cybersecurity threats seriously can be a challenge with all the playful names floating around, but the damage caused can be devastating. Could all of these cyberthreat “nicknames” create confusion between admins and execs? Austin based software research company, Software Advice, asked IT security experts, including our own Jared Schemanski, to bridge the communication gap with storytelling, analogies and examples of real-life consequences of five common cyberthreats.
See our take on the most commonly confused threat names and their definitions -- Cybersecurity 101.
DDoS Attacks
Definition: DDoS stands for “distributed denial-of-service” attack. This type of attack is carried out by a bot network or “botnet” of “zombie” computers which have been unwillingly taken over by a hacker or hacktivist. The attack uses hundreds or thousands of computers in the botnet to send data or requests to a website or network service such as email in a continuous loop over and over again. The objective of the attack is to overwhelm a system with activity until a particular service (i.e. email, POS systems, company website, etc.) is responds too slowly for use or crashes completely. Many times a company will be contacted by the hacker demanding money to stop the DDoS attack and because the flood is coming from so many globally dispersed individual systems, it’s not easy to stop by blocking IP addresses from a certain region or country. Hackers in control of large Botnets wield a lot of power in the hacking community. A persistent DDOS attack can even put a company out of business. The best defense for a DDoS attack is to have another set of servers to switch a website or service to, which has a different IP address.
Analogy(s)/Example(s): A DDoS attack can happen to any type of business (i.e. retailer, franchise, corporation, etc.), but a good example of this is a retail store that is attacked at the peak of the holiday season. The overwhelming activity forces a system shut down and the retailer loses the ability to use their computer systems. One of the more recent cases of a large DDoS attack was on the newsfeed website Feedly, where the assault swarmed the website’s RSS (Rich Site Summary) provider, to take over its servers and in turn, shut down the site.
Repercussions to Business: These attacks don’t result in the theft of information, but the down-time in a company’s system can result in lost revenue, a standstill in productivity and damage to customer loyalty. If the attack is personal, it can continue even after a website or service has moved to an alternate IP range. This has happened with some companies who ultimately went out of business because they were not able to stop the attack.
Zombie & Botnet
Definition: A zombie computer, or bot—short for robot—is an intruder-controlled computer that is operated remotely by a cybercriminal whose goal is to spread spam or perform tasks such as a DDoS attack without your knowledge. The bots can form a network, known as a botnet that can coordinate activities across infected computers and servers. The largest botnet known to exist was the BredoLabs botnet, which had over 30 million computers in its zombie slave bot network.
Analogy(s)/Example(s): BredoLabs is both a Trojan Horse and the largest botnet ever discovered.
The BredoLab botnet was used for mass email spamming, which is still the most widely used purposes for Botnets. BredoLabs was sending as many as 3 billion junk and infected emails per month through its zombie network of bots.
Repercussions to Business: If a business computer has been compromised and turned into a zombie bot, one thing could be a lack of productivity from the user of the system due to slowness of not only the computer itself, but the internet connection as well. Farther reaching effects would be a general network slowdown because the infected bot computer is performing tasks assigned by the hacker and owner of the bot network. One thing network administrators should keep an eye out for is any system on the network that is using more bandwidth than other systems and especially if a system is “uploading” a lot of data, which could be a sign that the compromised system is a Bot which is spreading SPAM out to the internet. Another repercussion could be the business getting blacklisted or shut down by their ISP because of heavy network traffic and being targeted.
Spyware
Definition: Spyware is any kind of software that behaves on its own, without a user’s consent. Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else, most times some type of free software. Spyware gets its name mostly from its ability to collect personal or sensitive information and track activity without being noticed. The tracking and storing abilities of spyware can be used to display personalized advertisements (adware) as well as find logins or credit card information. It can also make changes to software settings, which cause your computer to slow down or crash.
Analogy(s)/Example(s): Many times a user will get some type of Spyware installed on their system when they install some type of free software or “freeware”. The authors of these free software programs do not make money from the distribution of their programs, so instead they take money from Spyware software writers to include or bundle the Spyware with the installation of the free software. Sometimes there’s a checkbox during the software installation which allows you to include or reject the additional program being bundled, but most often times it is installed in the background without knowledge from the user. A popular example of this are the browser “toolbars” that get installed on users systems, most times with the user not sure how it even got there. These toolbars try to mask themselves as useful for searching or adding features to the browser, but it is also “spying” on what the user is doing online and sometimes even recording or “keylogging” things the user is typing in, like personal, banking or credit card info. Another thing these types of Spyware are famous for is redirecting your browser home page to something else. This increases the “hits” on the alternate homepage, improving Google Search rankings and ad revenue when ads are placed on the page. Even when a user changes their homepage back in their internet settings, the Spyware causes the system to revert back to the alternate home page.
Repercussions to Business: Businesses can be affected in two major ways from Spyware. The first being a general slowdown in infected systems and sometimes redirecting traffic to alternate websites to the point where it slows down productivity. The second being a security risk, since Spyware can collect data from users filling in forms, typing in passwords and even credit card data or company protected sensitive information.
Trojan or Trojan Horse
Definition: Trojan Horse software introduces itself on a computer as a harmless message, advertisement, or download, which tricks you into installing it on your system. Once the message or link is clicked, your computer becomes “infected” with the software. They are most commonly used for online fraud and theft. Like Spyware, Trojan horses can also hide within other seemingly harmless programs and when the initial program is installed, the Trojan is also installed in the background. The most common way Trojan horses spread is through e-mail attachments. The developers of these applications typically use spamming techniques to send out thousands of e-mails to unsuspecting people and those who open the messages and download the attachment end up getting their systems infected.
A Trojan Horse is just the “payload” or “container” and the real deliverable could be a virus, a worm, or even a set of codes which turn the users system into a Bot or Zombie computer as part of a Botnet.
Analogy(s)/Example(s): One of the most popular ways to deliver a Trojan is a variation of the phishing e-mail scams.
The e-mail might say it's from UPS, FedEx, a bank or other company telling you there’s a problem with your shipment or account of some nature. They then attach a file for you to open to resolve the issue.
The attachment might look like a normal file, but it really contains a Trojan. Clicking on the file installs it without you even knowing.
Similar scams appear on Facebook and Twitter. You think you're going to watch a funny video about cats. But before you can watch it, a popup tells you to update your video player. The "update" file it provides is really a Trojan.
Repercussions to Business: The repercussions to businesses from a Trojan Horse would depend on the deliverable. It could be damaging on the level of Spyware or more serious if the users system has been compromised and turned into a Bot or Zombie. One thing network administrators should keep an eye out for is any system on the network that is using more bandwidth than other systems and especially if a system is “uploading” a lot of data, which could be a sign that the compromised system is a Bot which is spreading SPAM out to the internet. If the Trojan Horse delivered a virus to the host computer, the repercussions could be wide spreading….infecting other systems on the network and causing havoc for network administrators.
