1 00:00:00,330 --> 00:00:06,960 Let us begin by understanding the definition of a malware. Malware is a software intentionally designed 2 00:00:06,960 --> 00:00:10,430 to cause damage or gain unauthorized access to a computer. 3 00:00:11,480 --> 00:00:16,400 It is derived from two words, malicious and software. 4 00:00:18,280 --> 00:00:25,150 These malicious programs are written by cyber attackers or more precisely, in case of a malware, they 5 00:00:25,150 --> 00:00:26,840 are called malware authors. 6 00:00:28,300 --> 00:00:32,640 More than 300000 new malware are created every day. 7 00:00:34,230 --> 00:00:41,790 While all attacks are bad for a company, malware attacks in particular are biggest threat to an organization. 8 00:00:42,910 --> 00:00:48,790 This is mainly because the malware may sometimes go undetected for several weeks in a network. 9 00:00:51,250 --> 00:00:58,780 Now, let's try to understand the maliciousness of a malware or in other words, what are the typical 10 00:00:58,780 --> 00:01:00,310 intentions of a malware? 11 00:01:02,260 --> 00:01:10,120 In early days of computer evolution, malwares were created more for fun, and they were annoying, but 12 00:01:10,120 --> 00:01:10,990 not dangerous. 13 00:01:12,060 --> 00:01:18,360 They were programmed to do things like slowing down the computer or generating random pop ups. 14 00:01:19,260 --> 00:01:22,920 They were also designed to multiply and spread to other systems. 15 00:01:24,270 --> 00:01:31,650 Eventually, malwares became more malicious in nature, wherein they tried to install other applications, 16 00:01:32,220 --> 00:01:36,390 steal sensitive information or trick people and scam them. 17 00:01:38,020 --> 00:01:43,950 Malwares are also designed to delete critical files on a system to make it malfunction. 18 00:01:44,810 --> 00:01:52,550 Or as in recent years, Malwares can encrypt your system and ask for ransom to get the decryption key. 19 00:01:53,880 --> 00:01:59,850 Some malwares are also built to stop critical services or shut down important servers. 20 00:02:01,080 --> 00:02:09,420 More advanced malwares are developed to give unauthorized access to the hackers or gather and send 21 00:02:09,480 --> 00:02:13,340 sensitive information that can be used to launch other attacks. 22 00:02:14,620 --> 00:02:22,060 There is a specific type of malware family called botnet in which the malware are built to take part 23 00:02:22,060 --> 00:02:23,500 in a larger attacks. 24 00:02:24,480 --> 00:02:32,180 When machines are infected with such botnets, they turn into zombie computers and act on the Masters 25 00:02:32,190 --> 00:02:32,640 order. 26 00:02:34,000 --> 00:02:39,780 Malwares can be designed to do a lot of things, but this list gives you an overall picture. 27 00:02:42,530 --> 00:02:48,640 Once the malware is developed, it has to be distributed so that it infects the target computer. 28 00:02:49,960 --> 00:02:55,630 Some malwares are designed to attack a specific target and some malware are designed to attack any possible 29 00:02:55,630 --> 00:02:56,040 machine. 30 00:02:57,420 --> 00:03:02,820 So in order to infect the target machine, attackers use various delivery methods. 31 00:03:04,110 --> 00:03:08,830 One way is if the attacker has the direct physical access to the target machine. 32 00:03:09,600 --> 00:03:16,420 Typically, this is done over a period of time by gaining trust of the actual owner or user of the machine. 33 00:03:17,400 --> 00:03:23,640 We have seen this in movies where an attacker befriends a target and gets close to him or her. 34 00:03:23,880 --> 00:03:30,690 And finally, once they win the trust, the attacker borrows the laptop using an excuse of checking 35 00:03:30,690 --> 00:03:33,750 some urgent e-mail or any similar excuses. 36 00:03:36,060 --> 00:03:40,330 When the access is given, the attacker infects the computer with the malware. 37 00:03:40,950 --> 00:03:47,760 Of course, this method is challenging and time consuming, but still used in some cases where the security 38 00:03:47,760 --> 00:03:49,280 of the company is very high. 39 00:03:51,430 --> 00:03:57,340 Another method of getting the malware into the target machine is by using external storage devices. 40 00:03:58,710 --> 00:04:07,440 In this method, the attacker usually spills few infected USB sticks near the target, usually in the basement 41 00:04:07,440 --> 00:04:09,910 of the office or car parking space. 42 00:04:10,920 --> 00:04:18,240 It's a human tendency that when we get a USB storage device, we would like to know what is the content 43 00:04:18,630 --> 00:04:23,150 of the USB drive, or at least we would like to check if it works. 44 00:04:24,150 --> 00:04:30,600 And when an innocent unsuspecting user puts the infected USB in the computer, the malware infects the 45 00:04:30,600 --> 00:04:30,980 machine. 46 00:04:32,130 --> 00:04:36,300 Here, the attacker makes use of the curious nature of human beings. 47 00:04:38,900 --> 00:04:45,440 Another popular method used to deliver malware is email, in some cases, the malware is sent as an 48 00:04:45,440 --> 00:04:46,610 attachment in the e-mail. 49 00:04:47,540 --> 00:04:53,660 This method is less effective as the email security scanners might detect the malware and deleted. 50 00:04:54,680 --> 00:05:03,380 Alternately, the attacker just puts a link in the email that, when clicked, will download the actual 51 00:05:03,380 --> 00:05:04,760 malware from the Internet. 52 00:05:05,820 --> 00:05:12,540 The attacker has to write a compelling e-mail in order to ensure the user actually downloads the attached 53 00:05:12,540 --> 00:05:14,250 file or clicks on the link. 54 00:05:15,340 --> 00:05:22,060 This is done by creating some sense of urgency, like your credit card will be blocked if you do not 55 00:05:22,060 --> 00:05:27,220 verify the details or here is your order summary on amazon. 56 00:05:28,500 --> 00:05:30,900 Such attacks are called phishing attacks. 57 00:05:32,560 --> 00:05:39,610 Most popular method of distributing malware is through website, no the attacker does not create his 58 00:05:39,610 --> 00:05:44,110 own website and put some malware there so that the visitors will come and download. 59 00:05:45,590 --> 00:05:51,110 Because it is extremely difficult to build a website and make it popular to attract more users. 60 00:05:51,990 --> 00:06:01,240 Instead, the attacker spends time compromising an already popular website, usually websites of celebrities. 61 00:06:02,330 --> 00:06:07,000 So when a innocent user is thinking he is downloading a picture of Tom Cruise. 62 00:06:07,460 --> 00:06:09,680 He is, in fact, downloading a Malware. 63 00:06:10,780 --> 00:06:17,140 Celebrity names are very much used in malware distribution, that's why some security companies come 64 00:06:17,140 --> 00:06:20,040 up with the most dangerous celebrity list every year. 65 00:06:22,270 --> 00:06:30,280 Also, attackers use a technique called drive by downloads in which a website visitor need not click 66 00:06:30,280 --> 00:06:33,110 on any link just by visiting the website. 67 00:06:33,130 --> 00:06:34,900 The malware will be downloaded. 68 00:06:37,020 --> 00:06:45,600 Another way attackers lure users into downloading the malware is through malvertising or malware advertising. 69 00:06:46,260 --> 00:06:53,310 Examples of these might include online spin the wheel end of season sale on popular brands offering 70 00:06:53,310 --> 00:06:55,710 80 to 90 percent discount, etc.. 71 00:06:57,820 --> 00:07:05,710 OK, now that we know how malwares are distributed, one question still remains whom do the attackers 72 00:07:05,710 --> 00:07:06,130 target? 73 00:07:07,000 --> 00:07:09,820 How do they choose whose machine to infect? 74 00:07:10,750 --> 00:07:14,800 To answer this question, we will need to understand the two types of attack. 75 00:07:16,360 --> 00:07:23,170 Depending on who is the target of a attack, or a malware they can be categorized into two types. 76 00:07:24,330 --> 00:07:31,970 Commodity malware and APT malware, APT here stands for Advanced Persistent Threat. 77 00:07:33,310 --> 00:07:39,040 To give you a real life comparison, commodity malwares are more like street muggers. 78 00:07:40,050 --> 00:07:42,930 And APT malwares are like bank robbery. 79 00:07:44,350 --> 00:07:50,880 Now, what do I mean by that commodity malwares usually do not have a specific target, just like street 80 00:07:51,100 --> 00:07:51,640 mugger's. 81 00:07:53,280 --> 00:07:56,340 They need money and they will attack anyone. 82 00:07:57,340 --> 00:08:03,790 On the other hand, APT malwares have a very specific target, this target is identified after doing 83 00:08:03,790 --> 00:08:06,040 a lot of research and reconnaissance. 84 00:08:08,050 --> 00:08:11,860 Commodity malware attacks are very aggressive in distributing their malwares. 85 00:08:12,310 --> 00:08:15,330 For them, it is, the more the merrier. 86 00:08:16,820 --> 00:08:24,890 But APT malware authors are very covert and stealth in infecting their selected targets, commodity 87 00:08:24,890 --> 00:08:31,520 malwares are usually built with well-known vulnerabilities and exploit like a mugger using simple tools like 88 00:08:31,520 --> 00:08:32,410 a knife or a gun. 89 00:08:34,440 --> 00:08:38,940 APT malwares are typically built with zero-day vulnerabilities and exploit. 90 00:08:40,060 --> 00:08:43,060 Just like the bank robbery needs advanced tools and weapons. 91 00:08:45,690 --> 00:08:48,470 It is comparatively easy to build a commodity malware. 92 00:08:49,230 --> 00:08:53,110 In other words, a attacker with average skills, can develop a commodity malware. 93 00:08:53,850 --> 00:08:58,560 It takes a sophisticated and advanced skills to build an APT malware. 94 00:08:59,580 --> 00:09:06,560 Example of a commodity malware is WannaCry which will designed to infect every possible Windows machine with 95 00:09:06,560 --> 00:09:08,320 SMB vulnerability. 96 00:09:09,870 --> 00:09:17,190 An excellent example of a APT malware is Stuxnet, which is believed to be developed by US and Israel 97 00:09:17,370 --> 00:09:20,230 to take down Iran's nuclear facility. 98 00:09:21,890 --> 00:09:28,520 In a nutshell, some malwares are written to infect every possible machine and some others are designed to 99 00:09:28,520 --> 00:09:30,790 attack a specific target.