Blended malware
Blended malware is malware that utilizes multiple types of malware technology as part of an attack — for example, combining features of Trojans, worms, and viruses.
Blended malware can be quite sophisticated and often stems from skilled attackers.
Zero-day malware
Zero-day malware is any malware that exploits a vulnerability not previously known to the public or to the vendor of the technology containing the vulnerability, and is, as such, often extremely potent.
Regularly creating zero-day malware requires significant resource and development. It’s quite expensive and is often crafted by the cyber armies of nation states rather than by other hackers.
Commercial purveyors of zero day malware have been known to charge over $1 million for a single exploit.
Fake malware on computers
Ironically, some attackers don’t even bother to actually hack computers. Instead, they just send messages to would-be victims that the would-be victims’ computers are infected and that to re-secure the device the intended victims must pay some fee or purchase some security software. Sometimes criminals are able to display messages to such an effect in a pop-up window, and sometimes they keep things simple, and just send the messages via email.
Fake malware on mobile devices
Fake malware may be even more common on mobile devices than on laptops and other computers. For various technical reasons, it is harder to hack mobile devices, so many criminals go for the “low hanging fruit” and just pretend to have compromised devices in order to get would-be victims to pay up. There are even flavors of “mobile device ransomware” that display ransomware-type demands without ever having encrypted anything on the mobile device.
Fake security subscription renewal notifications
A type of social-engineering attack that exploits people’s desire to remain cybersecure (and that I have included in the malware section because it is directly related to protection against malware), is fake “renewal notices” from anti-malware product vendors. Email that says one’s security software subscription is expiring and asks users to click a link (don’t do it!) or to otherwise submit payment for a renewal, can closely parallel their legitimate counterparts. This sort of attack has become extremely common during the COVID-19 pandemic era during which many people worked from home and, more often than ever before, were responsible for making sure they had current security software subscriptions.
Poisoned Web Service Attacks
Many different types of attacks leverage vulnerabilities in servers, and new weaknesses are constantly discovered, which is why cybersecurity professionals have full-time jobs keeping servers safe. Entire books — or even several series of books — can be written on such a topic, which is, obviously, beyond the scope of this work.
That said, it is important for you to understand the basic concepts of server-based attacks because some such attacks can directly impact you.
One such form of attack is a poisoned web service attack, or a poisoned web page attack. In this type of attack, an attacker hacks into a web server and inserts code onto it that causes it to attack users when they access a page or set of pages that the server is serving.
For example, a hacker may compromise the web server serving www.abc123.com and modify the home page that is served to users accessing the site so that the home page contains malware.
But a hacker does not even need to necessarily breach a system in order to poison web pages!
If a site that allows users to comment on posts isn't properly secured, for example, it may allow a user to add the text of various commands within a comment — commands that, if crafted properly, may be executed by users’ browsers any time they load the page that displays the comment. A criminal can insert a command to run a script on the criminal’s website, which can receive the authentication credentials of the user to the original site because it is called within the context of one of that site’s web pages. Such an attack is known as cross-site scripting, and it continues to be a problem even after over a decade of being addressed.
Network Infrastructure Poisoning
As with web servers, many different types of attacks leverage vulnerabilities in network infrastructure, and new weaknesses are constantly discovered. The vast majority of this topic is beyond the scope of this book. That said, as is the case with poisoned web servers, you need to understand the basic concepts of server-based attacks because some such attacks can directly impact you. For example, criminals may exploit various weaknesses in order to add corrupt domain name system (DNS) data into a DNS server.
DNS is the directory of the Internet that translates human readable addresses into their numeric, computer-usable equivalents (IP addresses). For example, if you enter https://JosephSteinberg.com into your web browser, DNS directs your connection to an address taking the form of four numbers less than 256 and separated by periods, such as 104.18.45.53.
By inserting incorrect information into DNS tables, a criminal can cause a DNS server to return an incorrect IP address to a user’s computer. Such an attack can easily result in a user’s traffic being diverted to a computer of the attacker’s choice instead of the user’s intended destination. If the criminal sets up a phony bank site on the server to which traffic is being diverted, for example, and impersonates on that server a bank that the user was trying to reach, even a user who enters the bank URL into a browser (as opposed to just clicking on a link) may fall prey after being diverted to the bogus site. (This type of attack is known as DNS poisoning or pharming.)
Malvertising
Malvertising is an abbreviation of the words malicious advertising and refers to the use of online advertising as a vehicle to spread malware or to launch some other form of a cyberattack.
Because many websites display ads that are served and managed by third-party networks and that contain links to various other third parties, online advertisements are a great vehicle for attackers. Even companies that adequately secure their websites may not take proper precautions to ensure that they do not deliver problematic advertisements created by, and managed by, someone else.
As such, malvertising sometimes allows criminals to insert their content into reputable and high-profile websites with large numbers of visitors (something that would be difficult for crooks to achieve otherwise), many of whom may be security conscious and who would not have been exposed to the criminal’s content had it been posted
