It’s no surprise that security attacks are getting more complex and sophisticated to deal with. Such advancement in the technology of cyber-crime makes it paramount that IT security teams start understanding new-age threats, and equip themselves with proper strategies to counter attacks. Blended threats are one of the many complex attacks to detect and contain. A blended threat is one that combines several types of malware exploits and inflicts a multi-pronged attack against network computers. Hackers introduce threat vectors in various parts of your IT infrastructure and use multiple methods to coordinate and propagate them across your network.

 

Constituents of a Blended Threat

A blended threat may comprise of a combination of viruses, worms, Trojan horse, or a piece of malicious code such as bots, rootkits and spyware, etc. In Part 1 of this two-part blog series, let’s understand the differences between each of these threat vectors, and then, in Part 2, see how a blended threat works, and how it can be prevented.

 

What is a Computer Virus?

A computer virus is a malware that is available, in most cases, as an executable file that, when run, cause damage to your computer. Viruses can also spread, like an infection, to other systems attached to your network and

Blended Threat.png

affect them. A virus is generally activated by human action, i.e. when the malware executable is accidentally or intentionally executed. The defining characteristic of viruses is that they are self-replicating computer programs which install themselves without the user's consent.

 

What is a Computer Worm?

A computer worm is similar to a virus in its characteristic of propagating from one system to another and causing damage, but differs in the way it is activated. In contrast to the virus, a worm need not always be executed by human action. Worms are standalone software that exploit a vulnerability on the target system by taking advantage of your system’s information sharing and transport features, allowing it to spread unaided through the network.

 

What is a Trojan Horse?

A Trojan horse is a type of malware that tricks computer users into loading or executing it. A Trojan conceals harmful and malicious code and can pose a number of threats ranging from annoying window pop-ups to deleting files and stealing data.

 

What is a Rootkit?

A rootkit is a type of malware that is designed to conceal viruses and other malware from your anti-virus software. Rootkits also prevent malicious processes from being visible to the system administrators. Rootkits achieve this concealment by modifying the host’s operating system and they are activated before the OS boots up.

 

What is a Bot?

Bots (short for robot) are automated programs that is used by a hacker to simulate user activity on the target system. As defined by Cisco, a malicious bot is self-propagating malware designed to infect a host and connect back to a central server or servers that act as a command and control (C&C) center for an entire network of compromised devices, or "botnet." [1]

 

What is a Backdoor?

In a normal computer operating system, a backdoor is method of bypassing normal system authentication and security mechanisms. This is made available during the development phase of an OS, and programmers use it for testing and troubleshooting purposes. The backdoor is typically removed when development is over and the OS is ready to be shipped. Hackers exploit undetected backdoors and associated vulnerabilities to gain unauthorized access into your system and secure remote access.

 

What is Spyware?

A spyware is also a type of malware that aids the hacker in gathering or stealing from the host computer. Spyware can get into a computer as part of any untrusted download of executables. They secretly get into your system, and relay information back to the hacker.

 

 

A blended threat involves a combination of multiple choices of the above attack vectors, and is carefully planned and coordinated to cause maximum damage and financial loss to the victim organization, network and computers. We’ll learn more about blended threats in Part 2.

 

Read this White Paper

 

Sec Mgmt Checklist.png