COMPUTER SECURITY 10 Most Frequently Exploited Hardware And Firmware

Vulnerabilities,
Computer security
1 . Directory Traversal
- also known as Cybersecurity
- refers to safeguarding computer systems and data from damage, - Outdated computer routers can possess severe weaknesses that
theft, and unauthorized access. allow external attackers to manipulate and gain control over
- safeguarding information and system access requires more them.
advanced and intricate techniques. - discovered by security researcher Kyle Lovett, which affects
- physical hardware can be protected using traditional methods over 700,000 ADSL routers distributed to multiple customers.
such as serial numbers, locks, and alarms, - This flaw enables hackers to extract administrative information,
providing them with unauthorized access to the affected routers.
The security measures addressing various threats such as
2. Rowhammer
- theft of data (such as government secrets),
- vandalism (caused by computer viruses), - It is a type of vulnerability that impacts certain modern DDR
- fraud (e.g., employee theft from banks), and DRAM devices.
- invasion of privacy (e.g., illegal accessing of protected financial - It occurs when a specific memory row is repeatedly accessed,
or medical data). which can cause adjacent rows to experience bit flips.
Essentially, this means that an attacker could potentially alter
One common way to protect against these threats is to any value within the memory's bits.
- electronically track and record the access and activities of users 3. Meltdown RDCL (Rogue Data Cache Load)
by assigning individual passwords to each person with system
access. - It exploits the non-functional execution features found in Intel
CPUs. This vulnerability can be leveraged by hackers to bypass
The computer system can automatically log which files were the privilege boundaries established within the kernel, which
accessed under each password. Additionally, data can be stored on a typically serve to protect sensitive information.
separate device or medium that is not normally accessible through the
computer system, and encryption can be used to ensure that data can 4. Thunderclap
only be accessed by those with a unique encryption key.
- It is a collection of hardware vulnerabilities that reside in the
Hardware and firmware vulnerabilities thunderclap hardware interface produced by Intel.
- represent a significant threat to the security of computer systems - It can be used by hackers with physical access to a thunderclap
and can potentially expose a business and its customers' port to overtake a target system in just a few seconds,
sensitive data to risk. - executing arbitrary code at the highest level of privilege and
- The consequences include loss of sales, damage to reputation, gaining access to encryption keys, passwords, banking logins
and penalties. and other data.

Primary causes of hardware and firmware vulnerabilities 5. Speculative Store Bypass (SBS)

- is the continued use of legacy systems and outdated software. - It is a form of the Spectre security vulnerability, allows hackers
These systems may no longer be supported or maintained by to perform memory readers before memory write addresses are
their respective vendors, making them vulnerable to exposed, potentially allowing them to leak cross-process data.
exploitation. The vulnerability affects various processor types, including
- Attackers may use these vulnerabilities to gain access to a Intel, AMD, and ARM.
business's systems and data, inject malware, or hijack
applications. 6. Screwed drivers
- The concerning aspect of many of these vulnerabilities is that
- This vulnerability allows hackers to leak the contents of the
they may not raise a red flag, and attackers may be able to
floating-point unit (FPU) in modern Intel CPUs. The FPU is a
exploit them undetected. This can result in data breaches that
coprocessor that enhances mathematical processing of floating-
go undetected for extended periods, allowing hackers to steal
point numbers.
sensitive information or compromise critical systems.
- By exploiting this vulnerability, hackers can cause local
To mitigate the risks associated with hardware and firmware processes to leak the contents of the FPU registers that are
vulnerabilities, connected to another process.

- ongoing monitoring and assessment of systems, 7. Foreshadow

o Regularly monitoring and testing systems for
- It is a security issue that affects Intel CPUs and allows hackers
vulnerabilities can help identify potential weaknesses and to extract sensitive data from the L1 data cache of the processor.
allow businesses to take proactive measures to address - The L1 data cache is accessible to all processor cores, which
them. means that hackers can read any information present in the
- hardware and firmware updates cache, such as protected data associated with the system
o Updating hardware and firmware is also critical as vendors management mode (SMM), the operating system's kernel, or
often release updates to address known vulnerabilities. other virtual machines managed by external cloud providers.
- secure coding practices
8. Intel LazyFP History of Computer Virus

- This vulnerability in modern Intel CPUs allows hackers to 1971 Creeper

extract the contents of the floating-point unit (FPU), a math
coprocessor used to enhance mathematical processing of - by a programmer named Bob Thomas.
floating-point numbers. - was designed to infect the Advanced Research Projects Agency
- By exploiting this vulnerability, hackers can cause local Network (ARPANET), an early version of the internet.
processes to inadvertently leak the contents of FPU registers - Creeper would move from one computer to another and display
connected to another process, potentially leading to the theft of the message "I'm the creeper, catch me if you can!"
sensitive data.
Reaper
9. SWAPGS attack
- In response to Creeper, another programmer named Ray
- Bitdefender researchers have discovered a new side-channel Tomlinson
vulnerability that affects Intel CPUs and can be exploited by - first antivirus program
hackers to gain access to sensitive data. This exploit is called the - which was designed to detect and remove the Creeper virus.
SWAPGS attack and takes advantage of the inadequately - This marked the beginning of the ongoing battle between virus
documented behavior of the SWAPGS system instruction used by creators and antivirus developers.
the operating system to switch between two "model-specific
1980s and 1990s
registers".
- By using this vulnerability, hackers can access confidential - viruses became more sophisticated and began to spread more
information stored in the kernel memory, such as passwords and quickly, thanks in part to the widespread use of personal
encryption keys. computers and the internet.
- Some of the most notable viruses from this time include the
10. Fallout
o "Jerusalem" virus, which infected executable files and
- This vulnerability is a form of speculative execution that allows caused damage on Friday the 13th, and the
hackers to access sensitive information on a targeted computer o "Melissa" virus, which spread rapidly through email and
by attacking data stored in the cloud or leaking it on malicious caused millions of dollars in damages.
websites.
As the internet grew in popularity, so did the number and complexity
- It takes advantage of Microarchitecture Data Sampling (MDS)
of computer viruses. Today, viruses can be spread through email
side-channel weaknesses in Intel CPUs, which can impact both
attachments, social media, instant messaging, and other forms of
hypervisors and operating systems.
online communication. While antivirus programs have become more
Hardware and firmware vulnerabilities are a significant threat to the advanced, viruses continue to be a threat to computer security and
security and integrity of computer systems. These vulnerabilities can privacy.
be exploited by hackers to gain unauthorized access to sensitive data,
_____________________________________________________
steal information, or take control of a system. The consequences of
these attacks can be severe and can result in financial losses, History of Computer Trojan Horses
reputational damage, and legal consequences. It is important for
hardware and firmware manufacturers to take steps to identify and "Trojan horse"
address vulnerabilities in their products, and for users to stay
informed about the latest threats and take steps to protect their - comes from the ancient Greek story of the Trojan War, in which
systems. the Greeks used a giant wooden horse to gain access to the city
of Troy.
_______________________________________________________ - The Trojans brought the horse inside their city walls, not
realizing that Greek soldiers were hiding inside, and were
Virus and other Malicious Programs subsequently defeated.
- In the early days of computing, the term "Trojan horse" was
Computer Virus
used to describe a program that appeared to be harmless or
- One of the most well-known types of malicious programs useful, but actually contained hidden malicious code.
Viruses are designed to spread from one computer to another by - One of the first known Trojan horses was the
attaching themselves to files or software programs. o "Animal" virus, which was created in 1975 and infected
- They can be spread through email attachments, infected Apple II computers.
websites, and infected software downloads.
- Once a virus infects a computer, it can cause a range of 1980s and 1990s
problems, including deleting or corrupting files, slowing down - Trojan horses became increasingly common as computers
system performance, and stealing personal information. became more widespread and connected to the internet. One of
Computer Virus - the most famous Trojan horses from this time was the
"AOL4FREE" program, which promised free access to AOL's
- is a self-replicating program that can attach itself to other files, internet service but actually contained a Trojan horse that
programs, and devices allowed the attacker to take control of the victim's computer.
- it slows down the computer's performance, damaging or - Today, Trojan horses continue to be a common form of
destroying files, and even stealing sensitive information such as malware, often spread through email attachments, malicious
login credentials and personal data. websites, or other forms of social engineering.
- Trojan horses can be used for a range of purposes, including How can we protect our computers from Computer Worms?
stealing personal information, taking control of a computer, or
spreading other forms of malware. To protect against worms, it's important to keep your computer's
operating system and software up to date with the latest security
How can we protect our computers from Trojan Horses? patches, use antivirus software, and be cautious when downloading
and opening files from the internet.
- To protect against Trojan horses, it's important to be cautious
when downloading and installing software, and to keep your It's also important to be aware of social engineering tactics that
computer's antivirus software up to date. attackers may use to trick you into installing malware, such as
- It's also a good idea to use strong passwords and avoid clicking phishing emails or fake software updates.
on suspicious links or email attachments.
___________________________________________________
_____________________________________________________
Ransomware
Worm Computer Virus
This is a type of malicious program that has become increasingly
- Unlike viruses, worms do not require user intervention to prevalent in recent years. It is a form of malware that encrypts files
spread. Once a worm infects a system, it can replicate itself and on a computer or mobile device, rendering them inaccessible to the
spread to other devices or systems connected to the network. user. The attackers then demand payment, usually in cryptocurrency,
- This means that a worm can quickly infect a large number of in exchange for the decryption key 1 that will unlock the files. This
devices or systems in a short amount of time, causing can be a devastating experience for individuals, businesses, and
widespread damage. organizations that rely on their digital data.
- One example of a worm is the infamous "ILOVEYOU" worm,
which spread through email attachments in 2000. The worm
caused significant damage, infecting millions of computers and
History of Computer Ransomware
causing an estimated $10 billion in damages.
1989 "AIDS Trojan."
History of Computer Worms
- The first known instance of computer ransomware occurred
1971 "Creeper",
- biologist named Joseph Popp distributed a program
- The first computer worm was created in by Bob Thomas, a - the Popp's program claimed to be a questionnaire about AIDS,
programmer at BBN Technologies. but it actually encrypted the victim's files and demanded a
- was a self-replicating program that spread through the ransom of $189 to be sent to a post office box in Panama to
ARPANET, a precursor to the internet. unlock them.
- The Creeper worm displayed the message "I'm the creeper, - Popp was eventually arrested, but his AIDS Trojan had already
catch me if you can!" and was not malicious, but it demonstrated infected thousands of computers.
the potential of self-replicating programs to spread quickly
In the years since the AIDS Trojan, ransomware has become an
through computer networks.
increasingly common form of malware. One of the most notorious
In the early 1980s, ransomware attacks occurred in

- another notable worm was created by graduate student - 2017, when the WannaCry ransomware spread rapidly across
Fred Cohen, the globe, infecting hundreds of thousands of computers in over
o who demonstrated how a self-replicating program could be 150 countries.
used to spread through a network and take control of multiple - The WannaCry ransomware encrypted victims' files and
computers. demanded a ransom of $300 in Bitcoin to be paid to an
o This led to increased interest in computer security and the anonymous address.
development of antivirus software to detect and remove Other notable ransomware attacks include the
malware.
- 2012 Reveton ransomware, which claimed to be from law
1988 Morris worm enforcement and accused victims of illegal activity, and the
- 2014 Cryptolocker ransomware, which used advanced
- The first major outbreak of a computer worm occurred
encryption to lock victims' files.
- created by Cornell University graduate student Robert Tappan
Morris. How can we protect our computers from Ransomware?
- The Morris worm spread rapidly through the internet, infecting
thousands of computers and causing significant disruption. To protect against ransomware, it's important to keep your computer's
- Morris was later convicted of computer fraud and sentenced to operating system and software up to date with the latest security
three years of probation and a fine of $10,000. patches, use antivirus software, and be cautious when opening email
attachments or downloading files from the internet. It's also a good
Other Notable Worm Outbreaks idea to regularly back up important data to a secure location, so that
it can be restored in the event of a ransomware attack.
- Code Red worm in 2001
- WannaCry ransomware worm in 2017.

Worms remain a significant threat to computer security, as they can ___________________________________________________

spread rapidly through networks and cause significant damage.
Spyware Virus countermeasures

- Spyware is a particularly insidious type of malicious program One of the most important countermeasures against viruses is to keep
that is designed to operate covertly on a user's computer or software and operating systems up to date. This includes regularly
mobile device, often without their knowledge or consent. Once downloading and installing updates from trusted sources. These
installed, it can monitor a user's activity and collect sensitive updates often contain security patches that can address vulnerabilities
information, including login credentials, browsing history, and that could be exploited by malicious programs. Failure to keep
personal data such as credit card details. software up to date can leave devices open to attack, as hackers are
constantly looking for new ways to exploit vulnerabilities in outdated
History of Spyware software. Below are some of the countermeasures that we can do.
Spyware has been around since the early days of the internet, 1. Use Antivirus Software
although it was not widely known or understood until the early
2000s. Antivirus software

1995 "SurfWatch," - is designed to identify and remove viruses and other malicious
software from computers and mobile devices.
- The first known instance of spyware - It works by scanning the files and system of a device for specific
- created in to filter internet content for children. patterns of code that match known viruses or malware.
- SurfWatch was criticized for collecting data on users' browsing - Antivirus software typically updates its virus definitions on a
habits and sharing it with advertisers. regular basis to ensure it can detect the latest threats.
Throughout the late 1990s and early 2000s, a number of other Once a virus is detected, the antivirus software will typically take one
programs emerged that were designed to monitor users' activities on of two actions:
the internet. Some of these programs, known as
- it will either remove the virus from the device entirely or
"Adware," - quarantine it in a safe location to prevent it from causing
further harm. Quarantining a virus involves isolating it from the
- were designed to display targeted ads based on users' browsing
rest of the system, so it cannot spread or cause further damage.
habits. However, other programs were more malicious,
The user can then choose whether to delete the virus or try to
collecting sensitive data such as login credentials, credit card
repair the infected file.
numbers, and other personal information.
Commercial antivirus software packages like
"Gator,"
- Norton, McAfee, and Kaspersky offer a range of features and
- One of the most notorious spyware programs
options, including automatic updates, real-time protection, and
- created by a company called Claria.
scanning of email attachments and web pages. These software
- Gator was bundled with free software downloads and would
packages typically require an annual subscription fee, and the
monitor users' web browsing to display targeted ads.
cost can vary depending on the number of devices covered and
- However, Gator also collected usernames and passwords for
the level of protection required.
email accounts and other online services, leading to concerns
about identity theft. There are also free antivirus software options available, such as
As spyware became more widespread, a number of companies began - Avast and AVG. These software packages provide basic
developing tools to detect and remove it. Today, most antivirus protection against viruses and malware but may not offer all of
software includes features for detecting and removing spyware, and the features and options of a commercial package. However,
many internet browsers have built-in protections against spyware and they can be a good option for users who cannot afford or do not
other forms of malware. want to pay for antivirus software.
How can we protect our computers from Spyware? While antivirus software is an effective countermeasure against
viruses and other malicious programs, it is not foolproof. New
To protect against spyware, it's important to be cautious when
viruses and malware are constantly being developed, and it may take
downloading and installing software, especially from untrusted
some time for antivirus software to detect and respond to these new
sources. It's also a good idea to keep your operating system and
threats. Additionally, some viruses and malware are designed to
software up to date with the latest security patches, use antivirus
evade detection by antivirus software, making it important for users
software, and be cautious when opening email attachments or
to practice safe computing habits and exercise caution when
clicking on links from unknown sources. Additionally, it's important
downloading files or clicking on links from unknown sources.
to be aware of social engineering tactics that attackers may use to
trick you into installing spyware or other forms of malware. 2. Keep Operating System up to Date

Installing security patches is a critical step in protecting against

cyber-attacks. Attackers often exploit known vulnerabilities in
software to gain access to a system or network. By installing security
patches as soon as they become available, users can prevent attackers
from exploiting these vulnerabilities.

One reason why software vulnerabilities are so common is that

software is incredibly complex. Modern operating systems and
applications consist of millions of lines of code, and it's impossible to Remember, a strong password is an important step in protecting your
catch every single bug or flaw during the development process. This online accounts and personal information, but it's not the only step.
is why software developers rely on bug reports from users and It's also important to keep your computer and software up to date
security researchers to identify vulnerabilities. with the latest security patches, use antivirus software, and be
cautious when opening email attachments or clicking on links from
In addition to keeping software up to date, there are other measures unknown sources.
that users can take to protect their systems and networks. For
example, users can implement strong passwords, use two-factor Secure Your Email
authentication, and avoid clicking on suspicious links or
downloading unknown files. It's also a good idea to use anti-virus and Email
anti-malware software to detect and remove malicious programs.
- has become an integral part of modern communication, and it is
3. Using Strong Passwords also a common vector for viruses and other malicious programs.
- Attackers use email to distribute malware, phishing emails, and
Passwords are the first line of defense against unauthorized access to other forms of malicious content to unsuspecting recipients.
user accounts, and it's important to create strong and unique - In order to protect against these threats, individuals and
passwords that cannot be easily guessed or cracked by hackers. A organizations must be cautious when opening email attachments
strong password should be complex and contain a mix of letters, or clicking on links.
numbers, and symbols. Avoid using common words, phrases, or
easily guessable information, such as your name, birthdate, or One of the most important steps that individuals and organizations
address. can take to protect themselves from email-based threats is to

Using a password manager can also be helpful in creating and - be vigilant when opening email attachments. Malware can be
managing strong passwords. embedded in email attachments in a variety of ways, including
as macros in Microsoft Office documents or as executable files
- A password manager is a software application that securely disguised as harmless documents. When in doubt, it is best to err
stores and manages all of a user's passwords. on the side of caution and avoid opening suspicious
- With a password manager, users only need to remember one attachments.
master password to access their password vault, and the
password manager can generate and auto-fill strong and unique Another common tactic used by attackers is to include links in
passwords for each account. emails that direct users to malicious websites. These websites may
attempt to steal login credentials or install malware on the user's
It's also important to change passwords regularly to ensure that even computer. Before clicking on any links in emails, users should
if a hacker gains access to a password, they will not be able to use it carefully examine the link and ensure that it is legitimate. One way to
for an extended period of time. Passwords should be changed at least do this is to hover the mouse over the link to see the actual URL. If
every six months or whenever there is a potential compromise of the the URL does not match the expected destination, it is likely a
account, such as after a data breach. phishing attempt.

How to Create a Strong Passwords? Regular data backups

Creating a strong password is an important step in protecting your - are an essential component of any comprehensive cybersecurity
online accounts and personal information from cyber threats. Here strategy. Backups can help protect against a wide range of
are some tips for creating a strong password: threats, including viruses and other malicious programs, natural
disasters, and hardware failures.
1. Use a combination of letters, numbers, and symbols. A - In the event that a device becomes infected with a virus,
strong password should include a mix of upper and restoring data from a backup can help minimize the impact of
lowercase letters, numbers, and special characters like ! the attack.
@#$%^&*()_+. - By restoring data from a backup, users can effectively "roll
2. Make it long. The longer your password is, the harder it back" their system to a previous point in time before the virus
will be for hackers to guess or crack. Aim for a minimum of was present. This can help ensure that important data is not lost
12 characters. or compromised due to the attack.
3. Avoid predictable patterns. Avoid using common words - However, it is important to note that simply creating backups is
or phrases, and avoid using easily guessable patterns like not enough. Backups should be stored securely to prevent
"123456" or "qwerty." unauthorized access or theft. This may involve encrypting the
4. Use a passphrase. Consider using a passphrase instead of a backups or storing them in a secure offsite location. It is also
password. A passphrase is a string of words that are easy important to test backups regularly to ensure that they are
for you to remember but difficult for others to guess. For functioning properly and that the data can be restored in the
example, "correcthorsebatterystaple" is a popular event of an attack.
passphrase that is easy to remember but difficult to crack.
5. Don't reuse passwords. It's important to use a unique In addition to these countermeasures, individuals and organizations
password for each of your online accounts. If one password can also take proactive steps to protect against viruses and other
is compromised, it can put all of your accounts at risk. malicious programs.
6. Use a password manager. Consider using a password
manager to generate and store strong passwords for you. - These steps include educating employees about the risks of
Password managers can also help you keep track of all your clicking on links or opening email attachments, implementing
different passwords across different accounts. network security measures like firewalls and intrusion detection
 systems, and using two-factor authentication to protect against - These systems collect and analyze data from a variety of
unauthorized access. sources, including firewalls, IPS, and network logs.
- SIEM systems can identify patterns of activity that may indicate
Viruses and other malicious programs are a significant threat to an attack is in progress and alert security personnel.
computer and mobile device users worldwide. However, there are
several countermeasures that individuals and organizations can take In addition to these technologies, there are other best practices that
to protect themselves. By using antivirus software, keeping software organizations can follow to improve their ability to detect and prevent
up to date, using strong passwords, being cautious when opening intrusions. These include regular software updates to patch known
email attachments or clicking on links, performing regular backups, vulnerabilities, user education to help individuals identify and
and taking proactive steps to protect against viruses and other avoid phishing and social engineering attacks, and regular backups
malicious programs, users can reduce their risk of being infected and of important data to help recover from attacks.
minimize the impact of any attacks that do occur.
Password Management
Intrusion Techniques and Detection
Intrusion techniques Passwords have long been a primary method of authentication for
web accounts, and they remain one of the most secure methods
- are the methods used by attackers to gain unauthorized access to available today. However, passwords are also subject to a number of
a computer network or system. security threats when mishandled. As a result, it is important for users
- Attackers can use a variety of techniques to gain access to to follow best practices for password management to ensure that their
sensitive information, steal data, or disrupt operations. passwords remain as secure as possible.
- can range from relatively simple methods such as guessing weak
passwords to complex methods such as exploiting software Password management
vulnerabilities.
- involves a set of principles and best practices for storing and
One common intrusion technique managing passwords in an efficient and secure manner. These
Social Engineering practices are designed to prevent unauthorized access to
passwords and to minimize the risk of password theft.
- involves manipulating individuals into divulging sensitive - One of the most important aspects of password management is
information or performing actions 1 that compromise security. the creation of strong, complex passwords. Strong passwords
- For example, an attacker may pose as a trusted source such as an should be at least 12 characters long and should include a mix
IT administrator or bank representative and request sensitive of upper and lowercase, letters, numbers, and symbols.
information such as usernames, passwords, or credit card Passwords should also be unique for each account, meaning that
numbers. users should not reuse passwords across multiple accounts.

Malware What are the challenges in password management?

- is a type of software designed to harm or exploit computer There are many challenges in securing passwords in this digital era.
systems. Malware can take many forms, including viruses, When the number of web services used by individuals are increasing
worms, Trojans, and ransomware. year-over-year on one end, the number of cybercrimes is also
- Malware can be used to steal sensitive data, monitor user skyrocketing on the other end. Here are a few common threats to
activity, or disrupt system operations. protecting our passwords:
 Login spoofing - Passwords are illegally collected through
Phishing a fake login page by cybercriminals.
- is another technique that attackers use to gain access to sensitive  Sniffing attack - Passwords are stolen using illegal
information. Phishing involves sending fake emails that appear network access and with tools like key loggers.
to come from a trusted source, such as a bank or social media  Shoulder surfing attack - Stealing passwords when
- These emails often contain links or attachments that, when someone types them, at times using a micro-camera and
clicked, can install malware or direct users to a fake login page gaining access to user data.
where attackers can steal login credentials.  Brute force attack - Stealing passwords with the help of
Intrusion detection automated tools and gaining access to user data.
- refers to the methods and technologies used to detect and  Data breach - Stealing login credentials and other
prevent attacks. Intrusion detection can take many forms, confidential data directly from the website database.
including firewalls, intrusion prevention systems, and security All of these threats create an opportunity for attackers to steal user
information and event management (SIEM) systems. passwords and enjoy unlimited access benefits. Let's take a look at
how individuals and businesses typically manage their passwords.
Firewalls
- are a type of security system that sits between a network and the Traditional Methods of Password Management
internet. Firewalls can be configured to block traffic from known  Writing down passwords on sticky notes, post-its, etc.
malicious sources or to only allow traffic from trusted sources.
 Sharing them via spreadsheets, email, telephone, etc.
- Intrusion prevention systems (IPS) are similar to firewalls but
 Using simple and easy to guess passwords
also have the ability to analyze traffic in real-time and block
 Reusing them for all web applications
traffic that matches known attack signatures.
 Often forgetting passwords and seeking the help of 'Forgot
SIEM systems Password' option
While hackers are equipped with advanced tools and attacks,
- are another important tool for intrusion detection. individuals and businesses still rely on traditional methods of
password management. This clearly raises the need for the best Passwords
password management practices to curb security threats. password manager
How to Create a Strong Passwords?
Use strong and unique passwords for all websites and Use a combination of letters, numbers, and symbols.
applications Make it long.
Avoid predictable patterns.
 Reset passwords at regular intervals
Use a passphrase.
 Configure two-factor authentication for all accounts
Don't reuse passwords.
 Securely share passwords with friends, family, and colleagues
Use a password manager.
 Store all enterprise passwords in one place and enforce secure
Secure Your Email
password policies within the business environment
Email
 Periodically review the violations and take necessary actions.
email-based threats
Regular data backups
Computer security
Intrusion Techniques and Detection
Hardware and firmware vulnerabilities
Intrusion techniques
10 Most Frequently Exploited Hardware And Firmware
Social Engineering
Vulnerabilities,
Malware
1 . Directory Traversal
Phishing
2. Rowhammer
Intrusion detection
3. Meltdown RDCL (Rogue Data Cache Load)
SIEM systems
4. Thunderclap
5. Speculative Store Bypass (SBS)
Password Management
6. Screwed drivers
What are the challenges in password management?
7. Foreshadow
Login spoofing
8. Intel LazyFP
Sniffing attack
9. SWAPGS attack
Shoulder surfing attack
10. Fallout
Brute force attack
Virus and other Malicious Programs
Data breach
Computer Virus
Traditional Methods of Password Management
Computer Virus
Use strong and unique passwords for all websites and
History of Computer Virus
applications
1971 Creeper
HOW TO PROTECT YOUR COMPUTER FROM
Reaper
RANSOMWARE?
1980s and 1990s
OW TO PROTECT YOUR COMPUTER FROM
History of Computer Trojan Horses
RANSOMWARE?
"Trojan horse"
1980s and 1990s
How can we protect our computers from Trojan Horses?
_____________________________________________________
Worm Computer Virus
History of Computer Worms
1971 "Creeper",
In the early 1980s,
1988 Morris worm
Other Notable Worm Outbreaks
How can we protect our computers from Computer Worms?
Ransomware
History of Computer Ransomware
1989 "AIDS Trojan."
How can we protect our computers from Ransomware?
Spyware
History of Spyware
1995 "SurfWatch,"
"Adware,"
"Gator,"
How can we protect our computers from Spyware?

Virus countermeasures
1. Use Antivirus Software
Antivirus software
software packages
free antivirus software options
2. Keep Operating System up to Date
3. Using Strong Passwords
Cybersecurity, 10 Most Frequently Exploited Hardware And Firmware
- also known as computer security, Vulnerabilities
- is the practice of protecting computer systems and data from
damage, theft, and unauthorized access. 1. Directory Traversal
- is often confused with related terms such as information - Vulnerability in outdated ADSL routers.
security and network security. - Allows attackers to manipulate router settings and extract
Information Security - focused on protecting information in all forms administrative information.
Network Security - focused on securing communication between devices - In 2019, multiple router models were discovered to be
vulnerable to directory traversal attacks. Specifically, attackers
Importance of Cybersecurity exploited the /../../ path to access sensitive configuration files,
- Safeguards critical data and infrastructure. such as /etc/passwd, which contains user account information
- Cybersecurity is essential for safeguarding personal, (Dizdar, 2024).
organizational, and national interests in a world increasingly 2. Rowhammer - bit flips
reliant on digital technology. - Affects certain DDR DRAM devices.
- It protects sensitive data, ensures business continuity, and - Repeatedly accessing a memory row causes adjacent rows to
maintains trust in digital systems experience bit flips, enabling attackers to alter memory data.
- In 2015, security researchers demonstrated that Rowhammer
Traditional vs. Advanced Security Methods: attacks could be executed through JavaScript code running
- Traditional methods: Serial numbers, locks, and alarms for within a web browser. Dubbed "Rowhammer.js," this exploit
hardware protection. showcased that by crafting specific JavaScript code, an
- Advanced techniques: Encryption, password-protected attacker could induce bit flips in DRAM cells without needing
access, and data activity logging. direct access to the hardware
3. Meltdown (RDCL: Rogue Data Cache Load
Common Cybersecurity Threats - Found in Intel CPUs, exploits privilege boundaries to access
- Data theft - Stealing sensitive information like government sensitive kernel data.
secrets. - When Meltdown was disclosed, researchers demonstrated that
- Fraud- Unauthorized financial transactions. an attacker could use a few lines of JavaScript to exploit the
- Vandalism - Disrupting systems with viruses or malware. vulnerability, bypassing access controls and reading protected
- Invasion of privacy- Illegal access to personal or financial memory directly. This prompted immediate global updates and
records patches for affected processors (Lipp et al., n.d.).
4. Thunderclap – arbitrary code
Security Measures and Applications - Exploits vulnerabilities in Thunderbolt ports. Hackers gain full
- Cybersecurity measures system control by injecting arbitrary code.
 are methods and technologies used to protect computer - In 2019, researchers found that attackers could use a
systems, networks, and data. maliciously crafted Thunderbolt device to exploit direct
 These measures ensure that information remains safe, memory access (DMA) provided by Thunderbolt ports. This
confidential, and accessible only to authorized users enabled full system compromise, including the ability to read
or write system memory
Cybersecurity Techniques 5. Speculative Store Bypass (SBS)
- Password and Authentication - Affects Intel, AMD, and ARM processors.
- Activity Logs - Allows attackers to read memory data before memory write
- Data Encryption addresses are exposed.
- In May 2018, the Spectre/Meltdown saga continued with the
Storage Solutions discovery of new variants of Spectre, namely variants 3a and
- Offline Storage 4. These variants were based on a flaw called speculative store
- Encrypted Storage bypass
6. Screwed Drivers
Hardware and Vulnerabilities - Vulnerability in Intel CPUs. Enables attackers to leak contents
- are weaknesses in physical devices and their software that can of the floating-point unit (FPU) registers, leading to data
be exploited by attackers. exposure.
- EXAMPLE: Companies like Intel and cloud providers were
Consequences of Vulnerabilities proactive in issuing patches to prevent this attack. However,
- Loss of Sales no widely publicized real-world breach has been linked to this
- Reputational Damage vulnerability.
- Legal Penalties 7. Foreshadow – L1 chache
- Affects Intel CPUs by extracting data from the L1 cache.
Causes of Vulnerabilities Targets sensitive data like encryption keys or system
- Legacy system and outdated software management mode (SMM) information.
- EXAMPLE: In 2018, researchers discovered that Foreshadow
Mitigations (also known as L1 Terminal Fault) could exploit Intel CPUs’
- Monitor and assess systems speculative execution. This vulnerability allowed attackers to
- Hardware and firmware updates extract data from the L1 cache, a high-speed memory used by
- Secured coding practices the processor.
8. Intel LazyFP - ILOVEYOU
- Exploits the FPU to cause inadvertent data leakage between - Code Red
processes. - Nimda
- Results in the theft of sensitive information. - Slammer
- EXAMPLE: This vulnerability was similar to Spectre and - Blaster
Meltdown in that it could enable cross-process data leakage. - Mydoom
- Sasser
For example, a malicious program running on the same server
- Zeus
could steal data from other programs that shared the CPU,
- Conficker
even if those programs were supposed to be isolated from each - Stuxnet
other
9. SWAPGS Attack – kernel memory  ILOVEYOU: A worm that spread through email, disguised as a love letter
- A side-channel vulnerability in Intel CPUs. Hackers access attachment. Opening the attachment would execute the worm, sending copies of itself to
everyone in the victim's address book and overwriting various files.
kernel memory containing sensitive data, such as passwords  Code Red: A worm that targeted Microsoft IIS web servers. It exploited a
and encryption keys. vulnerability to deface websites and spread rapidly.
 Nimda: A fast-spreading worm that used multiple methods to propagate, including
- EXAMPLE: In 2019, researchers demonstrated that SWAPGS email, web servers, and shared network drives. It aimed to create backdoors on infected
could allow attackers to access the kernel memory, potentially systems.
compromising everything from passwords to encryption keys.  Slammer: A SQL Slammer (or Sapphire) worm that targeted Microsoft SQL Server.
It caused a significant slowdown of the internet due to its rapid spread and the large
10. Fallout – cloud data leak information amount of traffic it generated.
- Exploits weaknesses in speculative execution. Allows hackers  Blaster: A worm that exploited a vulnerability in Windows RPC (Remote Procedure
to access cloud data or leak information on malicious Call) service. It caused system instability and reboots.
 Mydoom: A fast-spreading email worm that was designed to harvest email addresses
websites. for spamming purposes and launch a denial-of-service attack against SCO (The SCO
- EXAMPLE: Attackers could access sensitive data from other Group).
 Sasser: A worm that exploited a vulnerability in the LSASS (Local Security Authority
virtual machines on the same physical server, which is a major Subsystem Service) in Windows. It caused system crashes and reboots.
concern in shared cloud environments  Zeus: A trojan that steals banking information and other credentials. It's often spread
through phishing emails or drive-by downloads.
 Conficker: A worm that spread through various methods, including network shares,
Preventive Measures for Hardware and Firmware Vulnerabilities USB drives, and exploiting vulnerabilities in Windows. It created a botnet of infected
1. system monitoring computers.
 Stuxnet: A sophisticated worm that targeted programmable logic controllers (PLCs)
 regularly assess and test systems for potential weaknesses. used in industrial control systems, specifically Iranian nuclear facilities. It's believed to be
2. updates and patches a cyberweapon.
 install hardware and firmware updates released by vendors
to address known vulnerabilities TYPES OF VIRUSES
3. secure coding practices - Boot Sector Virus
 Follow best practices to minimize vulnerabilities in - Web Scripting Virus
software and firmware development - Browser Hijacker
- Resident Virus
- Direct Action Virus
Awareness And Proactive Steps
- Polymorphic Virus
- Stay informed about new vulnerabilities and emerging threats. - File Infector Virus
- Implement a robust security framework for continuous - Multipartite Virus
protection - Macro Virus

Conclusion  Boot Sector Virus: Infects the boot sector of a disk (floppy or hard drive). When the
computer starts up, the virus loads and can then spread to other disks. These are less
- Cybersecurity is critical for protecting sensitive data and common now due to the decline of floppy disks.
maintaining system integrity.  Web Scripting Virus: Uses scripts embedded in web pages to infect computers.
- Understanding and mitigating hardware vulnerabilities is These scripts can exploit vulnerabilities in browsers or rely on users clicking malicious
links or downloading infected files. Cross-site scripting (XSS) is a common type of attack
essential to prevent severe consequences. that uses this method.
- Collaborative efforts between manufacturers, businesses, and  Browser Hijacker: Changes browser settings without the user's consent. This can
include changing the homepage, default search engine, or displaying unwanted pop-ups.
users are necessary to stay ahead of evolving threats The goal is often to drive traffic to specific websites or generate ad revenue.
 Resident Virus: Installs itself in memory and can infect files whenever they are
VIRUS and OTHER MALICIOUS PROGRAMS accessed or executed. It stays active even after the original infected program is closed.
 Direct Action Virus: Also known as a non-resident virus, it infects files when they
Computer Virus are executed and then looks for other files to infect. It doesn't stay resident in memory.
- A self-replicating program that spreads via email attachments,  Polymorphic Virus: Changes its code to avoid detection by antivirus software. Each
infected websites, or downloads, causing system slowdowns, generation of the virus looks different, making it harder for traditional signature-based
scanners to identify.
file damage, and data theft.  File Infector Virus: Attaches itself to executable files (like .exe files). When the
HISTORY OF COMPUTER VIRUS infected file is run, the virus is activated and can spread to other files.
 Multipartite Virus: Uses multiple methods to spread. For example, it might infect
 1971: The first computer virus, “Creeper”, was created by both the boot sector and executable files. This makes it more difficult to eradicate.
Bob Thomas.  Macro Virus: Infects files that use macros, such as Microsoft Word documents or
 First Antivirus: Ray Tomlinson developed "Reaper" to Excel spreadsheets. When the infected file is opened, the macro code is executed,
remove the Creeper virus. potentially spreading the virus to other documents
 1980s - 1990s: Jerusalem Virus and Melissa Virus

NOTABLE COMPUTER VIRUSES WAYS TO PROTECT YOUR COMPUTER FROM VIRUSES

 - Install Antivirus Software 3. Missing files
- Enable Firewalls 4. Hidden files or folders
- Keep Software Updated 5. Programs running or websites opening automatically
- Avoid Suspicious Links and Attachments 6. Unusual program behavior such as notification pop-ups,
- Download from Trusted Sources error messages, etc.
- Use Strong Passwords 7. Emails sent to your email contacts without your knowledge
- Backup Your Data
- Be Cautious on Public Wi-Fi Signs Of A Ransomware Attack on Your Device
- Enable Two-Factor Authentication (2FA) 1. File Access Issue
- Educate Yourself 2. Ransom Note
3. Sudden Slowness
Understanding Malware: Its Origins, Warning Signs, and How to 4. Missing or Renamed Files
Stay Protected
- In today’s digital world, our dependence on technology for
Signs Of A Ransomware Attack on Your Device
everyday tasks has never been greater. As we engage in online
1. Unusual Slowness or Crashes
activities such as banking, shopping, and communication, we
2. Increased Data Usage
are constantly exposed to the risks of cyber threats that can
3. Unexpected Pop-ups & Ads
compromise our privacy and security. While digital
4. Unknown Apps or Software Installed
advancements have made our lives more convenient, they have
5. Battery Draining Faster Than Usual
also created new opportunities for cybercriminals to exploit
6. Changes in Browser Homepage or Settings
vulnerabilities in systems and devices.
7. Overheating Without Heavy Usage
8. Unauthorized Access to Camera or Microphone
MALWARE ATTACKS
9. Suspicious Messages Sent Without Your Knowledge
1. Trojan Horses
2. Computer worms
3. Ransomware
4. Spyware HOW TO PROTECT YOUR COMPUTER FROM TROJAN
HORSES?
TROJAN HORSEs 1. Install a Reliable Antivirus
- A Trojan virus often referred as a Trojan or Trojan Horse is 2. Enable Firewall Protection
a type of malicious software that masquerades as legitimate 3. Use Strong Passwords
software or files to deceive users into downloading and 4. Update Software Regularly
executing them. 5. Avoid Clicking on suspicious Links
- Origin of the Name: Inspired by the ancient Greek story of the 6. Beware of Suspicious Email Attachments
Trojan War. 7. Avoid Downloading Suspicious File
8. Backup Important Data
HISTORY OF TROJAN HORSES 9. Monitor System Performance
Early Days of Trojan Horses (1970s - 1980s)
 First Known Trojan: Animal Virus (1975) – targeted HOW TO PROTECT YOUR COMPUTER FROM COMPUTER
Apple II computers. WORMS?
 Function: Appeared harmless but contained hidden 1. Keep your computer's operating system and software up to
malicious code. date with the latest security patches
Growth and Evolution (1980s - 1990s) 2. Be cautious when downloading and opening files from the
- Increased Spread: As computers and internet use expanded, internet
Trojans became more common. 3. Be cautious when opening email attachments or links.
4. Don’t click on pop-up ads while you’re browsing.
 Notable Example: AOLAFREE – promised free AOL
5. Use Antivirus Software
access but allowed hackers to control victims' computers.
6. Update your Passwords
Trojan Horses in the Modern Era
HOW TO PROTECT YOUR COMPUTER FROM
 Common Distribution Methods:
o Email attachments RANSOMWARE?
o Malicious websites 1. Keep Software Updated
2. Backup Regularly
o Social engineering tactics
3. Enable a Firewall
 Uses:
o Stealing personal data 4. Use Antivirus/Anti-
5. Ransomware Software
o Taking remote control of devices
6. Be Cautious with Emails and links
o Spreading additional malware
7. Limit User Privileges
Signs of a TROJAN HORSES HOW TO PROTECT YOUR COMPUTER FROM
- Attack on Your Device RANSOMWARE?
- Strange Messages and Pop-Ups 1. Install & Regularly Update Antivirus Software
- Very Slow Computer 2. Use a Secure, Updated Web Browser
- Interrupted Internet Connection 3. Enable Firewall Protection
- Malicious Windows 4. Avoid Clicking Suspicious Links & Attachments
- Deactivated Virus protection and Firewall 5. Download Software Only from Trusted Sources
Signs of a computer worms Attack on Your Device 6. Use Strong, Unique Passwords
1. A full hard drive 7. Update Your Operating System & Apps Regularly
2. Unusual network activity 8. Perform Regular Data Backups
 9. Avoid Public Wi-Fi or Use a VPN 
Were designed to display targeted ads based on browsing
habits.
Gator (Early 2000s)
Computer Worms  Created by a company called Claria
- It is a type of malicious software that self-replicates and  Bundled with free software downloads.
spreads independently across networks without requiring a
host file or human intervention. Throughout history,
- It exploits security vulnerabilities in operating systems, email - Trojan horses have deceived users by masquerading as
systems, or networks to infect multiple devices, often leading legitimate software,
to system slowdowns, data theft, and network congestion. - worms have spread autonomously across networks,
- ransomware has held critical data hostage, and
HISTORY of Computer Worms
- spyware has secretly collected sensitive user information.
1971: The Creeper Worm
 First computer worm that was created by Bob Thomas.
 Spread through ARPANET (a precursor to the internet). Virus Countermeasures, Intrusion Techniques And Detection,
1980s: Fred Cohen’s Research And Password Management
- Fred Cohen, a graduate student.
- A self-replicating program could spread through networks and VIRUS
control multiple computers. - designed to spread from one computer to another by attaching
1988: The Morris Worm themselves to files or software programs
- First major internet worm outbreak that was created by Robert
Tappan Morris. 1. Use Antivirus Software
2000: ILOVEYOU Worm - Antivirus software detects, removes, or quarantines threats.
 One of the most damaging worms in history. - Commercial options (Norton, McAfee, Kaspersky) offer
2001: Code Red Worm advanced protection.
 Targeting the Microsoft IIS (Internet Information Services) - Free options (Avast, AVG) provide basic security.
servers.
- Antivirus updates are necessary to detect new threats. It is not
2017: WannaCry Ransomware Worm
foolproof.
 A modern worm that combined ransomware and worm
capabilities.
2. Keep Operating Systems And Software Updated
RANSOMWARE - Modern software is complex, so flaws are inevitable.
- is malicious software that locks up files and data via - Updates fix security vulnerabilities.
encryption and holds them for ransom.
3. Use Strong Password
HISTORY OF RANSOMWARE - Use long, complex passwords with symbols, numbers, and
The First Ransomware - The AIDS Trojan (1989) letters.
 Created by Dr. Joseph Popp, a biologist - Avoid predictable patterns or personal information.
 Aids trojan or the PC Cyborg Virus - Use a password manager to store and create strong passwords.
 “AIDS INFORMATION- INTRODUCTORY DISKETTE” - Change passwords regularly.
 Distributed as a questionnaire about AIDS
4. Use Strong Password
WannaCry Ransomware (2017) How to create a strong password?
 Spread globally, infecting hundreds of thousands of 1. Use of combination of letters, numbers, and symbols
computers in over 150 countries 2. Make it long - minimum of 12 characters
 Used a vulnerability in Microsoft Windows 3. Avoid predictable pattern
 Encrypted victims' files 4. Use a passphrase
 Ransom Demand: $300 in Bitcoin 5. Don’t reuse password
6. Use a password manager
Other Notable Ransomware Attacks 5. Secure Your Email
1. Reveton (2012) - Beware of phishing emails that contain fake links or
 Also known as Win23/Reveton.A, the FBI Virus, or the attachments.
Police Trojan - Do not open attachments from unknown sources.
 Claimed to be from law enforcement 6. Regular Data Backups
 Accused victims of illegal activity - Back up data regularly to prevent loss.
2. Cryptolocker (2014) - Store backups securely
 Used advanced encryption to lock files
 Payment demanded in Bitcoin INTRUSION TECHNIQUES
- Intrusion techniques are the methods used by attackers to gain
SPYWARE unauthorized access to a computer network or system.
- is a type of malicious software that secretly monitors a user's - Attackers can use a variety of techniques to gain access to
activities and collects sensitive data without their consent. sensitive information, steal data, or disrupt operations.
Three Common Intrusion Techniques
HISTORY OF SPYWARE 1. Social Engineering
SurfWatch (1995) 2. Malware
 Originally for filtering internet content for children. 3. Network Attacks
Rise of Adware (Late 1990s - Early 2000s)
 4. Brute Force Attack
Social engineering a. An attacker utilizes a hacking tool
- involves manipulating individuals into divulging sensitive b. The hacking tool attempts multiple logins
information or performing actions that compromise security c. The system returns a valid or invalid response
5. Data Breach
Examples Of Social Engineering 01
1. Phising METHODS TO MANAGE PASSWORD
2. Spear Phising TRADITIONAL METHODS OF PASSWORD MANAGEMENT
3. Whaling - Writing Down password on sticky notes
4. Baiting - Sharing them via spreadsheets, emails, telephones
5. Vishing - Using Simple and easy to guess passwords
6. Smishing - Reusing them for all web applications
7. Piggybacking - Often forgetting password and seeking the help of ‘Forget
8. Tailgaiting Password’ option
9. Scareware USE STRONG AND UNIQUE PASSWORDS FOR ALL
10. Honey trap WEBSITES AND APPLICATION
- Reset passwords at regular intervals
Malware - Configure two-factor authentication for all accounts
- is a type of software designed to harm or exploit computer - Securely share passwords with friends, family, and colleagues
systems. It is used to steal sensitive data, monitor user activity, - Store all enterprise passwords in one place and enforce secure
or disrupt system operations. password policies within the business environment
Network attack - Periodically review the violations and take necessary actions
- is a deliberate attempt to breach or disrupt the normal CONCLUSION
operations of a computer network, often aiming to steal As cyber threats evolve, organizations must implement virus
information, disrupt services or cause damage by exploiting countermeasures, intrusion detection, and strong password
vulnerabilities within the network infrastructure. management. Tradition methods approaches have stood as basic
standards, but they create weak password vulnerabilities and patterns
Intrusion Detection of reuse, thus, making MFA, password managers, and automated
- Methods and technologies used to detect and prevent attacks tracking are essential. Continuous proactive action combined with
and unauthorized access to systems or networks information awareness leads to the substantial decrease of potential
risks as well as the strengthening of defensive measures against cyber
FORMS OF INTRUTION DETECTION threats.
1. Firewalls
2. Intrution Prevention Systems (IPS)
3. Security Information and Event Management (SIEM) Systems

Firewalls
- Act as "gate keeper" between internal network (LAN) and
external network (WAN)
- Hardware Firewalls
- Software Firewalls

Intrution Prevention Systems (Ips)

- It is similar to firewalls but smarter. It analyze traffic in real-
time and block known attack patterns or signatures.

Security Information And Event Management (Siem) Systems

- It monitor and collect data from firewalls, IPS, and other
devices. Analyze data for suspicious activities.

Password Management
- This involves creating, storing, and organizing password in a
secure manner.
Password - It is a secret combination of characters used to grant
access to a system, account, or device.

Password Management
- Creating strong and hard-to-guess passwords
- Storing passwords securely to prevent loss or theft
- Using the right system to keep track of passwords safely
CHALLENGES IN PASSWORD MANAGEMENT
1. Login Spoofing
2. Sniffing Attack
3. Shoulder Surfing Attack