Attack Vectors: Malware & Phishing

Introduction 

Cybercriminals launch cyber-attacks using one or more computers against a single or many computers or networks. Cyber attacks have the potential to maliciously damage or disable the computers, steal data, or utilize a breached computer to launch different attacks on other computers. In 2019, The Cybersecurity and Infrastructure Security Agency (CISA) reported a total of 1470 breaches, an increase from 1250 in 2018. In 2019 also, there were 164.5 million cases of information expose and the average cost per lost records was $100 (CISA, 2020). Cybersecurity professionals living in the contemporary cyber-would are motivated to keep their enterprises safe from cybercriminals and their attacks. Therefore, understanding the attack vectors is imperative to keeping their enterprises secure from breaches. Cyber attack vectors are methods that cybercriminals utilize in infiltrating the entire network or system. Attack vectors give hackers an upper hand in exploiting the vulnerabilities in the enterprise’s network or system. CISA reported that 90% of phishing and malware attacks on business led to successful breaching of data in 2019 (CISA, 2020). This paper explores malware attacks and phishing as the two main cyber-attack vectors and how to avoid them. 

Malware 

Malware is also known as malicious software and is a threat to the devices and cybersecurity of an enterprise. Cyber attackers use malicious software to gain access or disabling a computer’s network without the knowledge of the user or enterprise, who are the victims of these attacks. Cybercriminals develop malicious software that is then installed in devices of other people or enterprises in order to gain access to their information or cause damage to the network or system, usually for financial gains (Nguyen, Ly, & Hwang, 2018). There are different types of malware that include viruses, ransomware, Trojan horses, and spyware. Malicious software can be installed in different devices and operating systems, including Android, iOS, MacOS, and Microsoft Windows (Baldix, n.d.). The most common malware attacks are the ransomware, which have been growing rapidly with advancements in technology. In 2018, mobile ransomware attacks increased by 33% from 2017, and most of them occurred in the United States, where the victims were required to pay a ransom to the cybercriminals in order to gain access their encrypted information and files (Nguyen, Ly, & Hwang, 2018). 

Types of malware attacks 

With technological advances and changes in information security, malware attacks become more sophisticated every year. Since malicious software are difficult to detect and since user devices become infected without their knowledge, this is one of the most preferred attack vectors by cybercriminals to threatening the information and security of individuals and enterprises. Some of the most common malware attacks are exploit kits, malicious websites and drive-by-downloads, malicious advertising, man-in-the-middle (MitM) attacks, and man-in-the-browser (MitB) attacks (Nguyen, Ly, & Hwang, 2018). 

Exploit Kits 

Attackers utilize malicious toolkits to find software vulnerabilities on a targeted computer, network, or mobile device. Exploit kits have prewritten codes that facilitate searching of vulnerabilities. After vulnerability is discovered, the kit injects malware into the device via a security hole. Exploit kits are highly successful because most individuals and enterprises do not run software updates as soon as they are made available, creating a delay in patching the flaws in the security of their devices (Nguyen, Ly, & Hwang, 2018). 

Malicious Websites and Drive-By-Downloads 

Drive-by-downloads occurs when users visit malicious websites that host exploit kits for malicious software. No interaction is required for drive-by-downloads. The user has to only visit the malicious website or the infected page. The exploit kit then looks for vulnerabilities in the browser’s software and then a malware is injected through a security hole (Nguyen, Ly, & Hwang, 2018). 

Malicious advertising 

Malicious advertising is a popular attack technique among the attackers. Cybercriminals purchase legitimate advertising websites and then embed malicious codes within the advertisement. In a similar manner to drive-by-downloads, no interaction is necessary for the user to download the malicious codes and make the malware attack successful (Nguyen, Ly, & Hwang, 2018). 

Man-In-The-Middle (MITM) Attacks 

MITM attacks involve poorly secured or unsecured Wi-Fi routers, whereby the attackers scan the routers by utilizing unique codes that search for vulnerabilities such as weak passwords and default password use. After the attackers have identified the vulnerability, they infiltrate the user’s computers and block the websites that the users visit. In this process, the information and messages such as passwords that the users transfer from the computer to the website are blocked (Nguyen, Ly, & Hwang, 2018). 

Man-In-The-Browser (MITB) Attacks 

Similar to the MITM attacks, MITB attacks require the attackers to inject malware into the user’s devices, which are then installed into the browser while the user is not aware. The malicious software then records data that is being transferred from the victim and the targeted web pages. After the malicious software gathers data that it was programmed to gather, this data is transmitted back to the cybercriminals. MITM and MITB attacks have similar goals but MITB attacks are simpler and preferred by the attackers because they do not have to be within the physical reach of the targeted router like in MITM (Nguyen, Ly, & Hwang, 2018). 

Preventing Malware Attacks 

Preventing devices and networks from being infected with malware involves use of protective tools and forecasting of malware. There are different actions that can be taken to protect the devices that are connected to the internet from malware attacks. There are also malware protection forecasting tools that are required to predict the generation of malicious software and codes. Protection is important because, without it, the data of individual users and enterprises is threatened by unauthorized access which can allow for the injection of dangerous malware into their networks. For organizations, malware within their networks leads to loss of revenue and data, and in worse cases the damaging of the company’s reputation through data breaches (Baldix, n.d.). 

The first method to protect devices and networks from malware attacks is to keep software updated at all times. Software updates are critical because of their ability to repair the security holes that have been discovered and fixing or removing different bugs. As soon as software updates become available, enterprises ought to run them so as to make those changes. Software updates prevent attackers from gaining access to the computers and networks via the vulnerabilities that existed in the previous and outdated systems (Baldix, n.d.). 

Another strategy to prevent attacks through malicious software and codes is to install reputable anti-virus software from trusted software vendors. Anti-virus software gives protection of devices form the threats posed by malicious software to the system. It is programmed to scan the computers and devices and detect malicious vectors as well as provide automatic updates that improve protection against emerging malwares (Baldix, n.d.). 

Also, it is important for individual users and organizations to back up their files and information on a regular basis. Data should be copied to external hard drives or cloud storages, where it can be retrieved in case the data in the devices or networks is compromised by attackers during malware attacks (Nguyen, Ly, & Hwang, 2018). Back up is an effective strategy that allows cybersecurity professionals to retrieve valuable information in case of attacks, particularly the ransomware attacks that can have hefty financial implications for a company or individual in case a ransom is paid to retrieve the encrypted data. 

Another way to protect devices from malicious software and codes is through a firewall. A firewall is vital in preventing the malicious attacks because it blocks dangerous and unauthorized traffic from a fraudulent computer network from accessing the devices and their networks (Baldix, n.d.). By providing extra protection in addition to the anti-virus software, the sensitive data is protected and the chances of attack are decreased. 

Finally, forecasting malware attacks is important in preventing potential malware attacks. Using time series analysis, the structure of malware data can be explored and then the linear and non-linear patterns can be utilized in forecasting the number of potential malware attacks. Also, modelling the process of malware detection is possible by using the linear and non-linear patterns of malware attacks. This is important for cybersecurity professionals and intelligence services during threat assessments for their computers and network systems. According to Nguyen, Ly & Hwang (2018) forecasting also promotes early detection of malicious codes and software that can be avoided on time. Through cyber-attacks forecasting, enterprises are able to allocate resources and capacities in a proactive way to protect their cyber resources. Moreover, increased awareness through predictive cyber defense improves cybersecurity against malware attacks by optimizing the human and technical capacities of an organization. 

Phishing 

Phishing is a tactic that is utilized by cybercriminals in contacting the targeted individuals by text message, telephone or email. The cybercriminals pose as legitimate individuals or enterprises with the intention of luring individuals to give sensitive information, for example, personal identity data, passwords, credit card information, and bank details (Chaudhry, Chaudhry & Rittenhouse, 2016). Phishing is one of the most successful social engineering attack vectors that is utilized by cybercriminals because most of the phishing schemes are made to look totally safe. According to CISA, phishing is a dangerous attack vector with the capacity to overcome close to all the traditional security measures, for example endpoint controls and email gateways (CISA, 2020). In most cases, cybercriminals initiate phishing attempts as social engineering attacks with the attempt to steal the information of users and masquerade as trusted entities, which dupes the victim into opening the instant messages, text messages or emails. After opening, the victim is then tricked into opening or clicking a malicious link that initiates the installation of malicious software or freezes the device’s system and demands a ransom in return for the sensitive information that has been encrypted. 

Phishing attacks have devastating outcomes for both individuals and enterprises that have fallen prey to the malicious activities of the attackers. For individual users, phishing gives the cybercriminals the power to make unauthorized purchases using the details of the victim, steal their funds, or carry out theft activities using the information of the victims (Vilic, 2019). For enterprises and corporations, phishing is utilized by cybercriminals to gain access to their networks in order to carry out a massive attack, for instance, the advanced persistent threat (APT) event. During APT, the workers of a company are manipulated by the cybercriminals to dodge the security measures, spread malware within the company’s network environment, and obtain special access to the secured information. Corporations that suffer such attacks might collapse due to hefty financial losses in addition to the reduction in market share, damaging of their reputation, and reduced trust from clients and partners (Chaudhry, Chaudhry & Rittenhouse, 2016). Based on the extent of a phishing attack, the implications for the organization might turn into a security threat that can put the organization in a difficult time as it tries to recover. 

Phishing techniques 

Internet users or users of different devices such as phones, tablets and computers are targeted by cybercriminals through phishing scams. According to Vilic (2019), there are different phishing techniques that are utilized in scamming the targeted users and they usually attempt to: Infect the targeted devices with malware, gain control of user accounts on the web, steal confidential and private data so as to ask for a ransom in return, and to convince the users to send funds to certain accounts. To achieve these objectives, cybercriminals utilize phishing techniques such as spam phishing, targeted phishing, smishing and vishing, and angler phishing. 

Spam Phishing 

Most of the phishing attacks are categorized into spam phishing because the cybercriminals usually utilize a wide network in order to trick unsuspecting individuals into phishing scams. Chaudhry, Chaudhry & Rittenhouse (2016) define spam as “The electronic unsolicited email messages that reach the recipient with the intention of commercial advertising, non-commercial opinions, or for prohibited purposes such as fraudulent activities or phishing” (p. 249). Spam messages are annoying and can be a threat as well, particularly if they are part pf the phishing attempt by the attackers. Cybercriminals send spam messages in massive quantities to a large number of users and look to benefit in a number of ways such as: Making money from a certain percentage of users that respond to the spam messages, introducing and spreading malware into users’ devices, running phishing scams so as to gain log in credentials, credit card information, and bank data among other sensitive data. 

Targeted Phishing 

Under targeted phishing, cybercriminals utilize either spear phishing or whaling. While sending messages that masquerade as genuine companies that target millions of individuals and enterprises on a daily basis. Under spear phishing, malicious emails are sent to a particular person whose information is already fully or partly known by the cybercriminals. The attackers have prior knowledge of the victim’s name, place of work, job title, email address, and details about their job description. According to Baldix (n.d), phishers obtain this information form different sources such as data breaches, social media profiles, and from public information about the target. Vilic (2019) spear phising has been used in famous data breaches such as the Democratic National Committee hacking. Initially, emails containing malicious attachments were sent to approximately 1000 email accounts and significant success was achived by these hackers in the first attempt. In the second attempt, members of the committee were lured into sharing their login credentials. The emails were stolen by hackers belonging to the Guccifer 2.0 group, that was alleged to part of the Russian intelligence agency hackers following an inbestigation that was carried out by Mueller investigation (Chaudhry, Chaudhry & Rittenhouse, 2016). 

Whaling attacks are utilized by cybercrminals to pretend as senior members of companies and are targeted at other top administrators or senior managers in companies, with the intention of stealing funds or confidential information, obtain access to the computer and network systems for crime. Whaling attacks are more targeted as compared to spear phishing attacks, because they are focused on the senior executives of organizations, who have higher ranks in the organizations as compared to the normal employees (Baldix, n.d). Even though the final result of whaling attacks is similar to other forms of phishing attacks, different techniques are used in this case. Luring attempts such as malicious URLs and links to fake sites are not useful in whaling because the cybercriminals pretend to be senior members of a company by imitating them. According to Vilic (2019), the most common whaling attempts are the scams that involve cases of fake tax returns because the tax forms host different information about such as the names, addresses, contact information, and bank account details. 

Smishing and Vishing 

With smishing and vishing, the cybercriminals utilize telephones as the communication method. Smishing involves sending texts with malicious links and URLs to fake sites whereas vishing involves conversations through telephone. According to Chaudhry, Chaudhry & Rittenhouse (2016), the most common smishing and vishing scam involves the cybercriminals pretending to be fraud investigators from banks or card firms and informing the victims about the breaches of their accounts. Following this, the criminals ask the victims to give the details of their payment cards for identity verification or for money transfer into “secure accounts” - which are their accounts. 

Angler Phishing 

Baldix. (n.d.) classifies angler phising as a new attack vector, whereby the cybercriminals utilize social media in tricking the victims. Through the use of fake URLs and cloned webpages, the cybercriminals persuade the victims so as to obtain their confidential and sensitive information as well as download malicoius software. As an alternative, cybercriminals utilize the information that is willingly posted by people on social media in order to develop targeted attacks. Chaudhry, Chaudhry & Rittenhouse (2016) provide an example of angler phishing attack that was carried out on Facebook in 2016 by cybercriminals. Thousands of Facebook users received messages that informed them about being mentioned in a post. The criminals had launched this message to begin an attack that was staged in two phases. First, the users downloaded a Trojan that contained a malicious browser extension into their computers. Next, after the users logged into their Facebook accounts using the infected browsers, the cybercriminals were able to hijack their user accounts, alter the privacy settings, pirate users’ personal information, and spread the malware through the friends of the victim on Facebook. 

Preventing Phishing Attacks 

The protection from phishing attacks requires the implementation of protective measures and steps by both individual users and enterprises. Users are required to remain vigilant and think before they open spoofed messages. Spoofed messages sent through email, text messages, and instant messaging contains some mistakes that can help users identify the true identity of an attempted phishing scam. Such mistakes can include spelling errors or domain name changes. When such messages are received, users should first think the reason behind receiving them (Chaudhry, Chaudhry & Rittenhouse, 2016). 

For enterprises, there are different measures that can be implemented to mitigate the phishing techniques that are used by cybercriminals. First, enterprises can implement two-factor authentication (2FA) into their network systems and devices to counter phishing attempts. 2FA adds an extra layer for verification during login into sensitive applications and webpages. Two-factor authentication is dependent on users the knowledge of the users about their usernames and passwords and having their devices, such as smartphones, tablets, and computers. In the event of a compromise of the workers, two-factor authentication prevents the utilization of their compromised information because they are not adequate to gain entry on their own (Baldix, n.d). Moreover, enterprises can enforce policies for strict management of policies. For instance, companies can introduce policies requiring their workers to change their log in credentials and be restricted from using similar credentials for multiple applications and webpages. Nonetheless, educational campaigns can paly a key role in the reduction of phishing attacks by imposing safe practices such as not clicking external email links or unknown URLs (Vilic, 2019). 

Conclusion 

In conclusion, the end goal, of cyber attack vectors such as malware and phishing is to access the sensitive information from devices and systems of individuals and enterprises. If left unsecured, devices and systems with access to sensitive information pose a huge threat to individuals and enterprises. In order to stay ahead of cybercriminals, individuals and enterprises should begin by comprehending the vulnerabilities that attackers can use to breach their cybersecurity mechanisms. Following this, they should put in place protection mechanisms for securing their cybersecurity. Malware and phishing attacks are the two main cyber-attack vectors that affect individual users and enterprises. Malware attacks occur in form of exploit kits, malicious websites and drive-by-downloads, malicious advertising, man-in-the-middle (MitM) attacks, and man-in-the-browser (MitB) attacks whereas phishing attacks are initiated through techniques such as spam phishing, targeted phishing, smishing and vishing, and angler phishing. Evidence has shown that the attack vectors utilized by cybercriminals can be avoided by maintaining strict security measures to limit or deal with their damaging effects. 

References 

Baldix. (n.d.). 8 Common Cyber Attack Vectors and How to Avoid Them . Retrieved from Balbix: https://www.balbix.com/insights/attack-vectors-and-breach-methods/ 

Chaudhry, J. A., Chaudhry, S. A., & Rittenhouse, R. G. (2016). Phishing attacks and defenses. International Journal of Security and Its Applications, 10 (1), 247-256. doi:http://dx.doi.org/10.14257/ijsia.2016.10.1.23 

Nguyen, T.-K., Ly, V. D., & Hwang, S. O. (2018). An efficient neural network model for time. Journal of Intelligent & Fuzzy Systems, 35 (2), 6089–6100. doi:10.3233/JIFS-169849 

Vilic, V. M. (2019). Phising and pharming as forms of identity theft. Balkan Social Science Review , 43-57.