Hello and welcome. My name is Tyler Brakeman with Aruba, Hewlett Packard Enterprise company and this is the Aruba Network Security Basics Part 1. This is our third video in this series. We're in the last video, we took a look at malware, how we define exploits and threats. Now we're going to take a deeper dive into the world of those threats and start jumping into different types of malware and how that Malware is defined. Malware, how it infects a system. What we're going to be looking at is two things here, viruses and worms. A virus is defined as infection requiring the user to do something. In other words, if we take a bad actor, if you remember, a bad actor was someone who has malicious intent against our network. They're out to get us intentionally as opposed to just someone to be a bit lazy. A malicious user, or let's call her Mallory for malicious. Well, this is Mallory here, wants to take over User A and call her Alice. Maybe User B, Bob will show up as well. For now we got a Alice and malicious Mallory delivering poor Alice here, a virus through a thumb-drive, an e-mail, however, she can get Alice to click on something or to open a link. If Alice clicks on the link in her email, boom, the virus is able to execute code and ultimately sync its teeth into Alice's machine. This software will replicate and spread, for example, infecting other e-mails or getting Alice to click on a link that then mails that same copy of this malicious code to all of her co-worker. Poor B, User B here, Bob is now infected from Mallory's initial delivery through Alice clicking on this link. You might say, "Well then okay, well, if that's a virus, what's the difference between a virus and a worm?" We may have heard the term worms before. Worms are a type of virus and they work essentially the same way except for one key difference, where a virus requires Alice to click on a link or to open up a file to do something that then executes that link with Alice's writes on the network, worms is spread on their own. This would be a virus that rides on its own, SMTP, or Simple Mail Transport Protocol server, meaning, you might think you need this big machine, but you actually don't. You can create software that can essentially mail itself out if that's the case. Worms essentially have their own car. They can jump from machine to machine to machine once they're inside a network without the user really needing to do anything other than having a running computer on the network there. Let's take a look at Trojans then. The idea of a Trojan is where the software, the virus is installed in software that Bob wants or Bob would want to click on. Bob gets the software that he wants, but with it behind the scenes, a Trojan has now been executed. What then is malvertising? Malvertising called drive by downloading, a user goes to a software website where they can download illegal files or movies or programs and that untrusted web-server could then infect Alice. But a lot of times this occurs where Alice simply goes to a trusted website. Here, like Facebook or some other website. Now that Facebook would give you viruses, but some other trusted website and that website could have been infected or have an infected ad that they're hosting on that trusted website. Let's take a look at adware. Adware sometimes classified as potentially unwanted programs or PUP is, these are just ads. You can argue that these are not viruses, that they're not malicious. They're just simply there to advertise to you, but they can cause unwanted pop-ups even when you're not connected to the internet. Spyware which I was showing here, this is a bit more malicious where it's not so much ads that are tracking what websites you go to, spyware takes it to another level where they're tracking keystrokes, they're taking screenshots, they might be recording from a microphone or capturing webcam photos. They are spying on the activity of the user. This is something where it's for malicious purposes. Mallory, the malicious is here trying to gather keystrokes in hope of capturing maybe a credit card that you type in or passwords that you type in. Ransomware is, get this, is where the virus, what it does is it silently infects your system, doesn't advertise to you, doesn't spy on you necessarily, maybe it does, but its ultimate goal is is to encrypt your files and if you haven't attached drive encrypt that as well. Imagine all of your taxes, all of your photos, all of your documents that are on your local computer being silently encrypted in the background and then once it's finished, it pops up and says, hey, your files have been encrypted. If you want the key to decrypt them, pay us 0.1 Bitcoin or several thousand dollars or a $100, whatever they think they can get from you. The best defense against something like ransomware is to backup your data. Crypto mining is an interesting piece of malware, kind of along the lines of ransomware, except what they're doing with crypto mining is instead of holding your data ransom, their taking your CPU processing and your GPU processing if available. They're stealing your resources in order to use your machine to do their hash decryption for things like Bitcoin or Dogecoin or whatever type of light coin you want to look at in order to gain monetary resources. The last one here we'll take a look at is remote administration tool and remote access Trojan or RAT and rootkits. Often what Mallory we'll do first of all, is install a backdoor on your computer. That's what a remote administration tool is. Is effectively a backdoor for Mallory's computer to be able to issue command and control commands and essentially own your machine. A rootkit is when she installs a virus in such a way that even your antivirus will skip over it and the operating system will hide it for her. Probably the best defense against all of these, again, patches operating system. Once Mallory has control of your machine, often what these hackers will do is they'll take over other machines as well. You'll see some of these botnets get to some crazy numbers of not just hundreds, but thousands, tens of thousands of machines that are all managed by a single call home point. If one machine is attacking a target that's known as a simple denial of service. But if Mallory can get multiple devices to participate in the attack, that's known as a distributed denial-of-service or a DDoS attack. I talked about the denial-of-service, briefly went over that and the distributed denial-of-service. A denial-of-service is where you're simply attacking a machine. Often this is used in order to deny the access for your legitimate users. It could be a service, denial-of-service where you're targeting a vulnerability to freeze a particular server like a web server or file server. It could be a networking denial-of-service, and then finally a wireless denial-of-service where they use wireless Jamey and techniques or disassociation flood attacks or whatever to bring down the wireless in a particular area. A distributed denial-of-service is simply a denial-of-service that spread across multiple bonded out machines, all working in coordination against a single target. From an internal security control, you want to prevent your endpoints from becoming part of this botnet and then we can look at and detect rate-limiting endpoint bots. We can say, hey, Bob why is your computer uploading 10 gigs of random data with spoofed IP addresses, so no one can see where it's coming from. That seems a bit odd. These are the types of things that as a network administrator, as a good guy, we want to look out for and make sure that we're aware that we're participating in one, better yet, update our operating systems so we can prevent the endpoints from becoming bots in the first place. Let's stop there. In the next video, we're going to dive a bit deeper into the networking attacks, some of which I alluded to here with app attacks, for example. I'm going to go into those which are a bit more technical, but I'll do my best to summarize what's involved. But in this video, we did cover a range of different threats across the network and the definitions of not only the different virus types and how they're deployed, but also taking a look at denial-of-service and distributed denial of services here, where devices can be coordinated in such a way that they can be more effective towards these larger targets. I hope this was informative for you. I'll see you guys in the next video. Thank you very much.
