A logic bomb is a malicious program that waits for a trigger, such as a specified date or database entry, to set off malicious code. Until this trigger event happens, the logic bomb will remain inactive.
Once activated, a logic bomb implements malicious code that causes harm to a computer in various ways. It can sabotage database records, erase files, and attack operating systems or applications.
Cybersecurity specialists have recently discovered logic bombs that attack and destroy the hardware components in a device or server, including cooling fans, central processing units (CPUs), memory, hard drives, and power supplies. The logic bomb overdrives these components until they overheat or fail.
This malware is designed to hold a computer system or the data it contains captive until a payment is made.
Ransomware usually works by encrypting your data so that you cannot access it. According to ransomware claims, once the ransom is paid via an untraceable payment system, the cybercriminal will supply a program that decrypts the files or sends an unlock code. In reality, many victims do not gain access to their data even after they have paid.
Some versions of ransomware take advantage of specific system vulnerabilities. Ransomware is often spread through phishing emails that encourage you to download a malicious attachment, or through a software vulnerability.
Denial of Service Attacks (38.3.4)
Denial of service (DoS) attacks are a type of network attack that is relatively simple to conduct, even for an unskilled attacker. These attacks are a major risk as they usually result in some sort of interruption to network services, causing a significant loss of time and money. Even operational technologies, which consist of hardware or software that controls physical devices or processes in buildings, factories, or utility providers, are vulnerable to DoS attacks, which can cause system shutdown, in extreme circumstances.
The following are two main types of DoS attacks.
Overwhelming Quantity of Traffic
This is when a network, host, or application is sent an enormous amount of data at a rate which it cannot handle. This causes a slowdown in transmission or response, or causes the device or service to crash.
A packet is a collection of data that flows between a source and a destination computer or application over a network, such as the Internet. When a maliciously formatted packet is sent, the receiver will be unable to handle it.
For example, if an attacker forwards packets containing errors or improperly formatted packets that cannot be identified by an application, this will cause the receiving device to run very slowly or crash.
There are many essential technical services needed for a network to operate—such as routing, addressing, and domain naming. These are prime targets for attack.
The following are examples of how cybercriminals can take advantage of vulnerabilities in these services.
The Domain Name System (DNS) is used by DNS servers to translate a domain name, such as www.cisco.com, into a numerical IP address so that computers can understand it. If a DNS server does not know an IP address, it will ask another DNS server.
An organization needs to monitor its domain reputation, including its IP address, to help protect against malicious external domains. Domain reputation is used to classify emails as spam or potential security threats.
DNS spoofing or DNS cache poisoning is an attack in which false data is introduced into a DNS resolver cache—the temporary database on a computer’s operating system that records recent visits to websites and other Internet domains.
These attacks exploit a weakness in the DNS caching software that causes DNS servers to redirect traffic for a legitimate domain to the IP address of an illicit server.
When an attacker wrongfully gains control of a target’s DNS information, they can make unauthorized changes to it. This is known as domain hijacking.
The most common way of hijacking a domain name is to change the administrator’s contact email address through social engineering or by hacking into the administrator’s email account. The administrator’s email address can be easily found via the WHOIS record for the domain, which is of public record.
Uniform Resource Locator (URL) Redirection
A uniform resource locator (URL) is a unique identifier for finding a specific resource on the Internet. Redirecting a URL commonly happens for legitimate purposes.
For example, you have logged into an eLearning portal to begin this course. If you log out of the portal and return to it another time, the portal will redirect you back to the login page.
It is this type of functionality that attackers can exploit. Instead of taking you to the eLearning login page, they can redirect you to a malicious site.