Cyberthreats by Malware

1. 00:00In our openHPI course on Cyber threats by Malware, we now
2. 00:05have a look at the attackers and their motivation.
3. 00:12I remind you the situation - we have the internet, we have so many
4. 00:16networks that are inter-connected in the internet
5. 00:20and which provides this virtual network, which offers so many
6. 00:25services to the users, users are accessing
7. 00:30these services in the internet by means of their tools, their laptops, their smartphone,
8. 00:35their tablets and then we have attackers
9. 00:38which are really
10. 00:42using all possibilities to attack
11. 00:45the internet, the internet services, the user
12. 00:49to get access to their data, to misuse the services, to find the possibility
13. 00:58to earn money in a criminal way.
14. 01:02And what we want to do is to have a closer look on the different types of
15. 01:07attackers in the internet.
16. 01:09So let's start with the so called Insiders.
17. 01:15These are company's own employees. They could attack or steal company's resources,
18. 01:22for example confidential documents or servers, misusing
19. 01:28their privilege in the company and this is often much easier
20. 01:33for insider to do than for externals because we have to
21. 01:40imagine that there is a world outside the company and outside
22. 01:44the network and the services of the company and there are the bad guys
23. 01:49and inside the service company's boundaries there are the good guys.
24. 01:55And many of the security infrastructure is designed following this image.
25. 02:03But of course this image is wrong. The
26. 02:06attackers can also sit inside the company
27. 02:10and they could have different motives, for example,
28. 02:14simply curiosity or frustration about the
29. 02:18work, revenge, greed, envy - there are many human
30. 02:24motivations that an insider brings to have a look to some
31. 02:30secret documents, to try to get access to servers and others.
32. 02:35So insider attacks are particularly dangerous
33. 02:41because they come from inside the company's network, from the intranet,
34. 02:47and I already mentioned many
35. 02:50security and protection tools, like for example firewalls are
36. 02:54typically designed in a way that
37. 02:57messages that come from the inside are not taken with the same
38. 03:02care as messages that come from the outside.
39. 03:07So the
40. 03:10motives or behavior, it could be a naivety,
41. 03:14it could be carelessness. This opens doors for social hacking
42. 03:20that provides attackers a possibility to bring the people inside a company
43. 03:27for example to do something they would not do alone, for example download
44. 03:34some malware or others.
45. 03:37And there is an increased risk by these types of attack
46. 03:42because of the integration of home offices.
47. 03:46The idea bring your own device, use your device as well in
48. 03:50a private life, as well for the business,
49. 03:55this inside and connected to the resources of corporate networks, this makes
50. 04:03the situation much more difficult to protect the system and it makes it easier
51. 04:11for the attackers to attack, to steal resources or misuse resources
52. 04:17inside the company's network.
53. 04:20So the noncompliance with internal security instructions
54. 04:25that opens the door for attackers, so here it's really important for the companies
55. 04:31to educate their people to formulate clear rules,
56. 04:36that's called security policy,
57. 04:39so that the people
58. 04:42the insiders are not doing,
59. 04:48by means of carelessness or with activity, attacks in the network.
60. 04:54Another potential group of attackers in the internet
61. 04:57are the so called Script Kiddies.
62. 05:00These are attackers without deep cybersecurity knowledge
63. 05:06who launch cyber attacks using hacker tools, looking in the
64. 05:11internet for such hacker tools and play around with the hacker tools and try
65. 05:15to apply them. For that reason often one speaks of the Script
66. 05:20Kiddies, of school kids or students that also have time that are driven by
67. 05:26which are driven by curiosity just for fun to do something,
68. 05:31show off that one is able, to have an impact
69. 05:36by means of such an attack.
70. 05:39So indiscriminate and usually its done usually without direct
71. 05:47criminal intent. Mostly young people,
72. 05:51I already mentioned pupils, students starting to learn about cyber
73. 05:55security, they are experimenting and looking around. And it is so easy
74. 06:01to find hacking tools in the internet which can be used for such
75. 06:10cyber attacks, which can easily be downloaded and then misused makes this type
76. 06:15of attack also dangerous.
77. 06:18In particular, such Denial- of-Service-Attacks, the DoS
78. 06:24are dangerous. Here by means of a huge number of
79. 06:31requests to services the service is brought in a situation
80. 06:37that it's no more able to regularly
81. 06:40respond to all these requests.
82. 06:44These are not request for using the service, these are only a
83. 06:49huge number of risk
84. 06:51requests to
85. 06:55attack the service, to make the service no more available for other uses
86. 07:01and so to overload the situation.
87. 07:05Another potential attacker on the internet are the hackers.
88. 07:10Unfortunately the term hacker has different interpretations.
89. 07:16Originally the term was used in recognition of particularly
90. 07:20creative and talented individuals which were able to design such an attack.
91. 07:28I mentioned, today the attackers, cybercriminals can get the attack
92. 07:33tools easily from the internet. So this
93. 07:36is no more proof that they are able to design this by himself.
94. 07:42Later then hacker has got a negative connotation
95. 07:48by the media to the indiscretion and damages by their cyber attacks.
96. 07:54Sometimes they want to
97. 07:57shed light to a certain point but
98. 08:00in doing that they create a big damage. So typically now hacker
99. 08:05is no more used in this originally positive meaning mostly.
100. 08:13Mostly this term refers to people with in-depth technical
101. 08:19knowledge and if we have a closer look, then today
102. 08:25often hackers are categorized in different groups. We have he white hat
103. 08:32hacker, we have the grey hat hacker, we have the black hat hacker, we have hacktivists.
104. 08:39Let's have a closer look when we speak about white hat hackers.
105. 08:44These are the good hackers. These are the ethical hackers.
106. 08:50These are professional experts who look for security vulnerabilities in computer systems,
107. 08:57in application, services, networks.
108. 09:00So for example we develop a large SchulCloud system and we asked
109. 09:06such ethical hackers to attack
110. 09:11what we are designing to find out whether there are vulnerabilities
111. 09:16before we make the system public. So this is the help such
112. 09:22white-hat hackers are providing
113. 09:25motives are good samaritan and increase cyber security awareness.
114. 09:30So they perform security analysis
115. 09:34of systems, they perform penetration tests
116. 09:38to detect security gaps and report these gaps
117. 09:44to the owner of the system so that the owner is able to
118. 09:48to increase the security of the system.
119. 09:53So the information of the authorized owner about the discovered security gaps,
120. 09:59this is a characteristic of the work of the white-hat hacker
121. 10:04to help to improve the security of that computer systems.
122. 10:10And what they do with this is they help to prevent future attacks on the system
123. 10:17by cyber criminals.
124. 10:21If we look to the other side, these are the
125. 10:24black-hat hackers. These are also called the
126. 10:30evil hackers and cybercriminals.
127. 10:34Mostly these are professional computer experts who hack the computer system
128. 10:40with some criminal
129. 10:44motivation, to do some criminal activity,
130. 10:48for example to steal data, to manipulate the system, to
131. 10:54install a backdoor to be able to
132. 10:58get access to the system. So they do this for self interest, for example
133. 11:04to get money by selling the
134. 11:07stolen data and greed for profit.
135. 11:11So motives here are typically the motives of criminals
136. 11:16to easily earn money, to get power, blackmail, notoriety and others.
137. 11:23So the exploits that are discovered
138. 11:28from discovered security gaps,
139. 11:31these are done to gain unauthorized
140. 11:37access to the system. Here I
141. 11:45better say unauthorized, I mean
142. 11:48authorized was that when they find a way,
143. 11:52for example to steal the data of authorized users
144. 11:56or find ways to overcome this authorized station, then
145. 12:02they get access to the system and can do their every work.
146. 12:08The aim is to launch crimes such as data theft, identities theft,
147. 12:14service destruction and others.
148. 12:16For their own benefit,
149. 12:20on behalf of others to gain money by means of the attack. In most cases
150. 12:27the discovered security gaps are kept secret. So when they find a way
151. 12:34how it's possible to
152. 12:39attack a system and to break into a system,
153. 12:42then typically they will not tell how they did it
154. 12:46to prevent that this vulnerability is closed.
155. 12:51So they share this knowledge with other black hat hackers, for example
156. 12:57to get money they give this information in darknet, so to
157. 13:03earn money and support other cybercriminals.
158. 13:09The black hat hackers could sell stolen information.
159. 13:14They could sell it to the public.
160. 13:19Usually it's organized and done in the darknet.
161. 13:23For example some information you can find here in this cited website.
162. 13:30For example, when you want to buy an email account and you
163. 13:34can do this for a few dollars, if you want to
164. 13:40illegally get the driving licence information, you have to pay about twenty dollars,
165. 13:46credit card details are available between eight
166. 13:51and twenty two dollars and medical records are up to a thousand dollars.
167. 13:58These black hat hackers also provide services and tools for various
168. 14:05illegal activities. For example, tools to hack Facebook accounts.
169. 14:11You have to pay for an attack over three months here only twenty dollars.
170. 14:19Or to change the rating on Google and Co or to access special user accounts.
171. 14:30Such things are sold as a service typically in a darknet so that other
172. 14:37cybercriminals can misuse this, access all this data for their work.
173. 14:45And when we speak about grey hat hacker then it's an
174. 14:50immediate group between the
175. 14:53white hat hacker and the black hat hacker. Sometimes
176. 14:59they do good work sometimes they do bad work.
177. 15:03Also they are mostly professional computer experts who have both
178. 15:08benign and malicious selfish goals.
179. 15:12So the exploit found
180. 15:16which are misusing a security gap in the computer systems, sometimes it is
181. 15:23announced sometimes it is sold.
182. 15:27So they possibly launch criminal activities for their own profit.
183. 15:33The grey hat hackers publish found security gaps to
184. 15:38increase security awareness. So this is some positive
185. 15:43thing what they are doing
186. 15:45and a special group of
187. 15:49these grey hat hackers are so called hacktivists.
188. 15:53Hacktivists is a created
189. 15:57word from hacker and activist.
190. 16:01So hacktivists are individuals or groups who hack computer systems for ideological reasons,
191. 16:08for social, political, or religious reasons.
192. 16:12So the motives are they want to raise awareness, for self ego,
193. 16:18there are political goals they perform.
194. 16:23So they launch attacks to computer systems to highlight some issues to the public.
195. 16:31For example they believe with this activity to contribute to higher causes,
196. 16:40they do not shy away from criminal activities for following their
197. 16:48political or ideological thinking and they
198. 16:53try to influence the media and the public opinion
199. 16:58often with false reports or confusing ideological phrases.
200. 17:04Some known groups here are the group Anonymous which is
201. 17:10such a hacktivistic group.
202. 17:13And then when we consider the
203. 17:17motivation of the attackers in the internet, we have see common criminals.
204. 17:21So criminals who use the internet for their activities.
205. 17:26They do their traditional criminal work and use the internet to prepare this,
206. 17:34to exchange information with the partners and they of course want to
207. 17:41use the potential of the internet as a global marketplace for their criminal activities.
208. 17:50So they use the internet for criminal activities, for example drugs and arms,
209. 17:57trafficking, extortion, computer fraud and other things.
210. 18:03For the authorities it becomes more difficult to enforce the
211. 18:08law and investigate the criminal activities on the internet
212. 18:13than in the physical world.
213. 18:15So therefore the governments may be interested to install
214. 18:20backdoors in cryptographic protected systems
215. 18:24to get access to the information that are cryptographically protected, exchanged
216. 18:30by such criminals and terrorists.
217. 18:35And then the next group of attackers with some own motivations
218. 18:41our secret services and our
219. 18:45attackers that do espionage.
220. 18:49The extensive possibilities of the internet of our high potential
221. 18:54for spies, for secret services.
222. 18:58So economic crime is to steal confidential information,
223. 19:03development, information, spying out competitors
224. 19:08in any area. For espionage, spying out on political
225. 19:14interesting actors, spying out the
226. 19:18communication of politicians
227. 19:21and of other countries,
228. 19:24spying out international political organization and others
229. 19:30and of course performing politically or economically motivated cyberattacks
230. 19:37on services or on computer systems.
231. 19:41One example to mention here is Stuxnet.
232. 19:45Stuxnet is a malware, or a group of malware
233. 19:50attacking Windows networks and proprietary programmable systems
234. 19:55of nuclear plants with the aim of destroying
235. 20:00the Iranian uranium enrichment plants and this of course was
236. 20:06organized by such attackers from the field of secret services and espionage
237. 20:13and this is where we have a closer look in our excursus when we speak about
238. 20:21advanced persistence threats.
239. 20:24And then here also this is a notion,
240. 20:28you should remember "zero day vulnerabilites".
241. 20:34These are vulnerabilites not detected yet and not publicly known
242. 20:39and these secret services and espionage, they have a lot of
243. 20:45means and money in the back. They often use as such zero-knowledge vulnerabilities
244. 20:52for their work.
245. 20:54There are more motivations but this is to see that the attackers
246. 21:00often have very different backgrounds and very different motivations for their
247. 21:06cybercriminal activities and this is important to take into account
248. 21:12when we think about how to protect our systems.

To enable the transcript, please select a language in the video player settings menu.