Cyberthreats by Malware

1. 00:01In our openHPI course about Cyberthreats by Malware,
2. 00:04we now want to discuss how malware finds its way to your computer.
3. 00:12We already mentioned malware is the central attack vector in the internet.
4. 00:19It is one of the central weapons of the cybercriminals.
5. 00:25The devices of users, the computer systems they could be a potential target
6. 00:32for malware. So with malware,
7. 00:36the end user systems can be infected, with malware all the service providers
8. 00:42systems can be infected. So potentially home computers
9. 00:48are more vulnerable to malware attacks over the internet because typically the protection
10. 00:55is less than with professional service providers.
11. 01:00So malware are especially easy to use for attacks.
12. 01:08So a malware offers a wide range of functionalities
13. 01:13and unlimited possibilities for attacks
14. 01:18when the attacker manages to
15. 01:22install such malware on the computer systems of the users,
16. 01:29on the devices of the users then they have an easy
17. 01:34game to do their better work.
18. 01:39So what they want to use by such attacks? They want to misuse computing power
19. 01:45they want to utilize computing power for their own purposes, typically
20. 01:51criminal and bad purposes. They want to do data destruction -
21. 01:58data theft, data manipulation.
22. 02:00They want to destruct entire computer systems.
23. 02:06They want to send and
24. 02:10show advertisements to earn money for doing this.
25. 02:15They often create fear in the user
26. 02:20and then they misuse this fear for their purpose.
27. 02:24We will see this in more detail. To send blackmail, to perform espionage,
28. 02:32many other activities are performed by means of malware.
29. 02:39Now the question is how the malware here from the hacker
30. 02:43comes over the internet to the system of the users.
31. 02:48So the cybercriminals first they developed the malware.
32. 02:53They developed the malware to infect the victim systems. There is a large
33. 02:58library of such malwares, often malware is adapted to a certain
34. 03:02purpose, to a certain attack process. So the cyber criminal
35. 03:07prepares such a malware and then they send it as they try to
36. 03:12get it installed on the user systems. So one way, for example, is
37. 03:18that the cyber criminals
38. 03:20inject the malware to a medium, for example to such an application an email
39. 03:28or a website or others and then in case of email, send this email
40. 03:34over the internet to the
41. 03:38user and when the victim
42. 03:43accesses a medium, for example to open
43. 03:48the email and to open the attachment of the email,
44. 03:52then the malware which is hidden in that
45. 03:57attachment is installing itself in the victim's computer system.
46. 04:03The victim - the user doesn't become aware of that.
47. 04:08So at the end his system or certain programs or applications are infected.
48. 04:15The user is not aware of that. The user uses the systems, uses the applications
49. 04:21and then the malware can do its bad work.
50. 04:27So the attack vector of such malware attacks is in general
51. 04:34that the malware need to be installed on the computer systems of the victim.
52. 04:41There are different possibilities to do this.
53. 04:45The human factor, social engineering methods to convince the user
54. 04:51to do for some good reason
55. 04:54installing the software,
56. 04:56or technical factors technical failures can be misused
57. 05:01so that the malware is installed at the user's system.
58. 05:08And then it becomes easy for the attacker.
59. 05:12So the attack here is how to get the malware
60. 05:17installed on the user system. Let's discuss this attack vector human - the user.
61. 05:24So often a victim's lack of attention is enough to get a malware installed
62. 05:32on his or her computer system.
63. 05:36So the malware could also be injected into the computer system
64. 05:40by social engineering. For example
65. 05:44promising the user to install some important
66. 05:48program the user wants to have and misusing this also to install then
67. 05:56malware beside of the software.
68. 05:59So examples, I already mentioned this, open an email
69. 06:05an email with a malicious attachment or downloading something from the internet,
70. 06:11for example a new application or
71. 06:17special information or a game
72. 06:22or something like that and then after opening that
73. 06:28system which was infected by malware, then malware is installed
74. 06:34on the side of the user. So if we look at some statistics, then
75. 06:39it's about half and half that people open an
76. 06:44unknown attachment or application.
77. 06:49About a half doesn't do this.
78. 06:52So here we see almost a half which opens such unknown attachments for curiosity
79. 07:00or carelessness or negligence or others.
80. 07:04So this is then the attacker have one.
81. 07:09This way as soon as a
82. 07:11user opens his attachment the malware
83. 07:16will be installed on his system.
84. 07:21Also the promise here in internet you can install some helpful software
85. 07:26to clean your system or even to find out whether
86. 07:31there is malware on your system. Often such systems
87. 07:36that are available in the internet are
88. 07:39infected with malware. Malware is hidden in that
89. 07:46programs and the user that wants to have this functionality
90. 07:51on his system is installing is downloading that system and then
91. 07:55he or she also downloads the malware hidden in that system.
92. 08:02Another way to your computer is to misuse USB sticks.
93. 08:07So connecting a foreign USB stick which was in fact, in which
94. 08:13a malware was installed, and in the moment the
95. 08:19USB stick is connected and the data
96. 08:25explorer is used to see what is
97. 08:31stored on this USB stick, then in that system the malware already infects
98. 08:37the computer. And then public WiFi networks are a way to
99. 08:44bring systems
100. 08:48malware to your computer. We will discuss
101. 08:53certain points when we speak about different types of malware
102. 08:57even in more detail. Here in the general,
103. 09:01after the attack vector human, I want to also mention the attack vector
104. 09:06technical. Technical is that, malware could, in fact the computer system
105. 09:11without any user interaction.
106. 09:16So this is more difficult for the cybercriminals. They exploit
107. 09:23available vulnerabilities in the system of the victim in the system
108. 09:28they want to target and then if they see that there are inadequate
109. 09:34security protection measures or that there are some failures in the
110. 09:39configuration, then they find a way to
111. 09:45bring, to install their malware.
112. 09:48In the same network, if sometimes a computer gets infected in the network
113. 09:54then it's also highly probably that also other computers in that network
114. 10:01get infected without any kind of interaction.
115. 10:06So it's really dangerous - this malware and the attack vector is
116. 10:14for the cybercriminals how to get the malware
117. 10:18installed at the user's system.

To enable the transcript, please select a language in the video player settings menu.