China
Africa
Explore chapters and articles related to this topic
Case Studies
Published in G. K. Awari, Sarvesh V. Warjurkar, Ethics in Information Technology, 2022
G. K. Awari, Sarvesh V. Warjurkar
There are a number of types of security breaches depending on how access has been gained to the system: An exploit attacks system vulnerability, such as an out-of-date operating system. Legacy systems which haven’t been updated, for instance, in businesses where outdated and versions of Microsoft Windows that are no longer supported are being used, are particularly vulnerable to exploits.Weak passwords can be cracked or guessed. Even now, some people are still using the password ‘password’, and ‘pa$$word’ is not much more secure.Malware attacks, such as phishing emails can be used to gain entry. It only takes one employee to click on a link in a phishing email to allow malicious software to start spreading throughout the network.Drive-by downloads use viruses or malware delivered through a compromised or spoofed website.Social engineering can also be used to gain access. For instance, an intruder phones an employee claiming to be from the company’s IT helpdesk and asks for the password in order to ‘fix’ the computer.
IoT Security Frameworks and Countermeasures
Published in Stavros Shiaeles, Nicholas Kolokotronis, Internet of Things, Threats, Landscape, and Countermeasures, 2021
G. Bendiab, B. Saridou, L. Barlow, N. Savage, S. Shiaeles
Drive-by download attacks is another threat that cannot be dealt with by security procedures describing new updates and software installations. A drive-by download attack is a common attack among cybercriminals in which an automated download of software is installed on a device without the user’s consent. Downloading malware can happen in one of two ways:The user has authorized the download but is not aware that the download includes a malicious program, for instance, an unknown or counterfeit executable program, ActiveX component, or Java applet.The user has not authorized the download and is not aware that the download has been installed on the device, for instance, a virus, spyware, malware, or crimeware.Essentially, the download can be initiated in various ways, such as an email attachment, a malicious link online, an advertisement pop-up window [97], etc.
An Overview about the Cyberattacks in Grid and Like Systems
Published in Fadi Al-Turjman, Smart Grid in IoT-Enabled Spaces, 2020
Drive-by download attacks involve malicious JavaScript and do not require action from the user. Malicious URLs use Blackhat Search Engine Optimization (SEO) to attract targets. A web-based attack’s roles in the kill chain are the creation, delivery, and execution of a payload targeted to a particular vulnerability. Mitigation includes patching vulnerabilities and web traffic filtering.
Assessment of supervised machine learning algorithms using dynamic API calls for malware detection
Published in International Journal of Computers and Applications, 2022
It is an undeniable fact that computer and mobile system are very susceptible to the malware attacks. There are many ways through which malware can enter into digital devices such as drive-by-download, flash drives, while connecting to the affected machine or malware exploits the vulnerability of the system as well [1–3]. Various anti-malware organizations are developing defending software. On the flip side, malware developers are breaking or bypassing the defending software. For developing malware detection systems, malware is analyzed either using static analysis or dynamic analysis [4,29]. In static analysis, malware files are not executed. Only the signatures, which can represent the files, are extracted like hash value, strings, opcodes, etc. The problems of static analysis techniques are, these techniques can’t detect the unknown malware because the signature of that file is not known to malware detector. As well as the variants of malware which are developed using obfuscation techniques can evade the signature-based techniques, whereas dynamic analysis techniques are more robust to deal with new and obfuscated malware [5,6]. In dynamic analysis, sample files are executed in a controlled environment and runtime activities are captured.