1
00:00:00,330 --> 00:00:06,960
Let us begin by understanding the definition of a malware. Malware is a software intentionally designed

2
00:00:06,960 --> 00:00:10,430
to cause damage or gain unauthorized access to a computer.

3
00:00:11,480 --> 00:00:16,400
It is derived from two words, malicious and software.

4
00:00:18,280 --> 00:00:25,150
These malicious programs are written by cyber attackers or more precisely, in case of a malware, they

5
00:00:25,150 --> 00:00:26,840
are called malware authors.

6
00:00:28,300 --> 00:00:32,640
More than 300000 new malware are created every day.

7
00:00:34,230 --> 00:00:41,790
While all attacks are bad for a company, malware attacks in particular are biggest threat to an organization.

8
00:00:42,910 --> 00:00:48,790
This is mainly because the malware may sometimes go undetected for several weeks in a network.

9
00:00:51,250 --> 00:00:58,780
Now, let's try to understand the maliciousness of a malware or in other words, what are the typical

10
00:00:58,780 --> 00:01:00,310
intentions of a malware?

11
00:01:02,260 --> 00:01:10,120
In early days of computer evolution, malwares were created more for fun, and they were annoying, but

12
00:01:10,120 --> 00:01:10,990
not dangerous.

13
00:01:12,060 --> 00:01:18,360
They were programmed to do things like slowing down the computer or generating random pop ups.

14
00:01:19,260 --> 00:01:22,920
They were also designed to multiply and spread to other systems.

15
00:01:24,270 --> 00:01:31,650
Eventually, malwares became more malicious in nature, wherein they tried to install other applications,

16
00:01:32,220 --> 00:01:36,390
steal sensitive information or trick people and scam them.

17
00:01:38,020 --> 00:01:43,950
Malwares are also designed to delete critical files on a system to make it malfunction.

18
00:01:44,810 --> 00:01:52,550
Or as in recent years, Malwares can encrypt your system and ask for ransom to get the decryption key.

19
00:01:53,880 --> 00:01:59,850
Some malwares are also built to stop critical services or shut down important servers.

20
00:02:01,080 --> 00:02:09,420
More advanced malwares are developed to give unauthorized access to the hackers or gather and send

21
00:02:09,480 --> 00:02:13,340
sensitive information that can be used to launch other attacks.

22
00:02:14,620 --> 00:02:22,060
There is a specific type of malware family called botnet in which the malware are built to take part

23
00:02:22,060 --> 00:02:23,500
in a larger attacks.

24
00:02:24,480 --> 00:02:32,180
When machines are infected with such botnets, they turn into zombie computers and act on the Masters

25
00:02:32,190 --> 00:02:32,640
order.

26
00:02:34,000 --> 00:02:39,780
Malwares can be designed to do a lot of things, but this list gives you an overall picture.

27
00:02:42,530 --> 00:02:48,640
Once the malware is developed, it has to be distributed so that it infects the target computer.

28
00:02:49,960 --> 00:02:55,630
Some malwares are designed to attack a specific target and some malware are designed to attack any possible

29
00:02:55,630 --> 00:02:56,040
machine.

30
00:02:57,420 --> 00:03:02,820
So in order to infect the target machine, attackers use various delivery methods.

31
00:03:04,110 --> 00:03:08,830
One way is if the attacker has the direct physical access to the target machine.

32
00:03:09,600 --> 00:03:16,420
Typically, this is done over a period of time by gaining trust of the actual owner or user of the machine.

33
00:03:17,400 --> 00:03:23,640
We have seen this in movies where an attacker befriends a target and gets close to him or her.

34
00:03:23,880 --> 00:03:30,690
And finally, once they win the trust, the attacker borrows the laptop using an excuse of checking

35
00:03:30,690 --> 00:03:33,750
some urgent e-mail or any similar excuses.

36
00:03:36,060 --> 00:03:40,330
When the access is given, the attacker infects the computer with the malware.

37
00:03:40,950 --> 00:03:47,760
Of course, this method is challenging and time consuming, but still used in some cases where the security

38
00:03:47,760 --> 00:03:49,280
of the company is very high.

39
00:03:51,430 --> 00:03:57,340
Another method of getting the malware into the target machine is by using external storage devices.

40
00:03:58,710 --> 00:04:07,440
In this method, the attacker usually spills few infected USB sticks near the target, usually in the basement

41
00:04:07,440 --> 00:04:09,910
of the office or car parking space.

42
00:04:10,920 --> 00:04:18,240
It's a human tendency that when we get a USB storage device, we would like to know what is the content

43
00:04:18,630 --> 00:04:23,150
of the USB drive, or at least we would like to check if it works.

44
00:04:24,150 --> 00:04:30,600
And when an innocent unsuspecting user puts the infected USB in the computer, the malware infects the

45
00:04:30,600 --> 00:04:30,980
machine.

46
00:04:32,130 --> 00:04:36,300
Here, the attacker makes use of the curious nature of human beings.

47
00:04:38,900 --> 00:04:45,440
Another popular method used to deliver malware is email, in some cases, the malware is sent as an

48
00:04:45,440 --> 00:04:46,610
attachment in the e-mail.

49
00:04:47,540 --> 00:04:53,660
This method is less effective as the email security scanners might detect the malware and deleted.

50
00:04:54,680 --> 00:05:03,380
Alternately, the attacker just puts a link in the email that, when clicked, will download the actual

51
00:05:03,380 --> 00:05:04,760
malware from the Internet.

52
00:05:05,820 --> 00:05:12,540
The attacker has to write a compelling e-mail in order to ensure the user actually downloads the attached

53
00:05:12,540 --> 00:05:14,250
file or clicks on the link.

54
00:05:15,340 --> 00:05:22,060
This is done by creating some sense of urgency, like your credit card will be blocked if you do not

55
00:05:22,060 --> 00:05:27,220
verify the details or here is your order summary on amazon.

56
00:05:28,500 --> 00:05:30,900
Such attacks are called phishing attacks.

57
00:05:32,560 --> 00:05:39,610
Most popular method of distributing malware is through website, no the attacker does not create his

58
00:05:39,610 --> 00:05:44,110
own website and put some malware there so that the visitors will come and download.

59
00:05:45,590 --> 00:05:51,110
Because it is extremely difficult to build a website and make it popular to attract more users.

60
00:05:51,990 --> 00:06:01,240
Instead, the attacker spends time compromising an already popular website, usually websites of celebrities.

61
00:06:02,330 --> 00:06:07,000
So when a innocent user is thinking he is downloading a picture of Tom Cruise.

62
00:06:07,460 --> 00:06:09,680
He is, in fact, downloading a Malware.

63
00:06:10,780 --> 00:06:17,140
Celebrity names are very much used in malware distribution, that's why some security companies come

64
00:06:17,140 --> 00:06:20,040
up with the most dangerous celebrity list every year.

65
00:06:22,270 --> 00:06:30,280
Also, attackers use a technique called drive by downloads in which a website visitor need not click

66
00:06:30,280 --> 00:06:33,110
on any link just by visiting the website.

67
00:06:33,130 --> 00:06:34,900
The malware will be downloaded.

68
00:06:37,020 --> 00:06:45,600
Another way attackers lure users into downloading the malware is through malvertising or malware advertising.

69
00:06:46,260 --> 00:06:53,310
Examples of these might include online spin the wheel end of season sale on popular brands offering

70
00:06:53,310 --> 00:06:55,710
80 to 90 percent discount, etc..

71
00:06:57,820 --> 00:07:05,710
OK, now that we know how malwares are distributed, one question still remains whom do the attackers

72
00:07:05,710 --> 00:07:06,130
target?

73
00:07:07,000 --> 00:07:09,820
How do they choose whose machine to infect?

74
00:07:10,750 --> 00:07:14,800
To answer this question, we will need to understand the two types of attack.

75
00:07:16,360 --> 00:07:23,170
Depending on who is the target of a attack, or a malware they can be categorized into two types.

76
00:07:24,330 --> 00:07:31,970
Commodity malware and APT malware, APT here stands for Advanced Persistent Threat.

77
00:07:33,310 --> 00:07:39,040
To give you a real life comparison, commodity malwares are more like street muggers.

78
00:07:40,050 --> 00:07:42,930
And APT malwares are like bank robbery.

79
00:07:44,350 --> 00:07:50,880
Now, what do I mean by that commodity malwares usually do not have a specific target, just like street

80
00:07:51,100 --> 00:07:51,640
mugger's.

81
00:07:53,280 --> 00:07:56,340
They need money and they will attack anyone.

82
00:07:57,340 --> 00:08:03,790
On the other hand, APT malwares have a very specific target, this target is identified after doing

83
00:08:03,790 --> 00:08:06,040
a lot of research and reconnaissance.

84
00:08:08,050 --> 00:08:11,860
Commodity malware attacks are very aggressive in distributing their malwares.

85
00:08:12,310 --> 00:08:15,330
For them, it is, the more the merrier.

86
00:08:16,820 --> 00:08:24,890
But APT malware authors are very covert and stealth in infecting their selected targets, commodity

87
00:08:24,890 --> 00:08:31,520
malwares are usually built with well-known vulnerabilities and exploit like a mugger using simple tools like

88
00:08:31,520 --> 00:08:32,410
a knife or a gun.

89
00:08:34,440 --> 00:08:38,940
APT malwares are typically built with zero-day vulnerabilities and exploit.

90
00:08:40,060 --> 00:08:43,060
Just like the bank robbery needs advanced tools and weapons.

91
00:08:45,690 --> 00:08:48,470
It is comparatively easy to build a commodity malware.

92
00:08:49,230 --> 00:08:53,110
In other words, a attacker with average skills, can develop a commodity malware.

93
00:08:53,850 --> 00:08:58,560
It takes a sophisticated and advanced skills to build an APT malware.

94
00:08:59,580 --> 00:09:06,560
Example of a commodity malware is WannaCry which will designed to infect every possible Windows machine with

95
00:09:06,560 --> 00:09:08,320
SMB vulnerability.

96
00:09:09,870 --> 00:09:17,190
An excellent example of a APT malware is Stuxnet, which is believed to be developed by US and Israel

97
00:09:17,370 --> 00:09:20,230
to take down Iran's nuclear facility.

98
00:09:21,890 --> 00:09:28,520
In a nutshell, some malwares are written to infect every possible machine and some others are designed to

99
00:09:28,520 --> 00:09:30,790
attack a specific target.