Malware, Zero Day, APT, rootkits, DDoS, ransomware … Understanding security threats

Denial of service, intrusion into the corporate system for hacking and data theft, today cyber attack techniques are numerous and increasingly sophisticated. To understand them is already to protect oneself.

No company is safe from a cyberattack. Malware, APT, DoS, DDoS, ransomware … the processes are numerous and the objectives varied.

Vincent Nguyen, Manager of CERT-Wavestone, categorizes cyberattacks into three levels: “The first is the diffuse attack, that is, mass aggression. In this process, the goal is to randomly reach as many companies or individuals as possible. There is no real target, the attacker is simply trying to kill as many people as possible. ”

This type of aggression uses spam and phishing, that is to say the massive sending of emails accompanied by a message prompting the recipient to click on a link to extract information, or to open an infected document by a virus to hack its data, or to install a data encryption software to request a ransom in exchange for the decryption key (ransomware).

Attacks that use system vulnerabilities

The second category concerns so-called “opportunistic” cyberattacks. In this case, the method relies on the use of system faults. “This is how WannaCry, the latest such attack, used theft of NSA-built tools that exploited security vulnerabilities in several systems, including Windows XP and Windows 10. a fix by Microsoft a month before the attack, many companies were infected because they had not made the updates. WannaCry has spread globally and paralyzed many large groups like Renault or Telefonica, “says Vincent Nguyen.

DDoS and APT: targeted and sophisticated attacks

Third level, advanced and targeted attacks. “In this category, we often talk about APT or Advanced Persistent Threat,” says our expert. Very sophisticated, these attacks are often carried out by states against other states or against large companies. “Let’s mention that the NSA against Belgacom (Belgian telecom operator) two years ago, to listen to conversations between states before the holding of the G20” illustrates our interlocutor.

APT consists of infiltrating the company’s system and staying there for as long as possible in order to collect as much information as possible. Three years ago, the average time of an intrusion before detection was 250 days. Today it is 150 days.

“Among the arsenal of attackers leading this type of offensive, Zero Day is the ultimate weapon,” said our interlocutor. Recall that a Zero Day involves a vulnerability that has not been known. “When a Zero Day is discovered, the publisher is mobilized to find and quickly develop a patch, because all applications are vulnerable. None are infallible, insists our expert. Moreover, theoretically, Alan Turing had shown that any system could be vulnerable. ”

Distributed Denial of Service (DDoS) or Distributed Denial of Service (DDoS) is another category of targeted attack. In this case, the technique involves mobilizing thousands of machines to simultaneously send millions of requests on a target to saturate the network and make it inaccessible. “We remember the denial of service fomented December 25, 2014 against Sony and Microsoft. A DDoS has made the networks of the PlayStation and the Xbox unavailable “says Vincent Nguyen. An action that significantly tarnishes the image of companies. In this area, two groups of cybercriminals excel: the DD4BC and Lizard Squad.

Whether denial of service, hacking or data theft, targeted attacks or not, one thing is certain: all companies are exposed. Also, to guard against these events, it is essential to know and understand the variety of techniques used.

Leave a Reply

Your email address will not be published. Required fields are marked *