glass class - the malware maze
Hello, welcome to another Glass Class session. Today I'm going to talk about the various stages in a malware attack chain.
The first, primary goal of an attacker is to deliver the initial malicious code. They use various means such as external storage devices, enterprise file sharing services, email attachments, and malicious URL links. Once that malicious code is delivered, its next goal is to find vulnerabilities in the client's systems. Based on the vulnerabilities that were detected by the malicious code, it downloads appropriate exploits in stage two.
In stage three, these exploits download more malware - download malware and install it. One of the commonly used methodologies in downloading and installing malware is called drive-by install - where malware is installed whether by end user's authorization because they are unaware of the consequences, or, even worse is that without authorization of the end user.
Once that malware is installed in stage three, the next goal of the attacker is to gain and maintain control of that malware - to communicate with it to achieve the objectives of an attack. The final stage is where the attacker tries to achieve the objectives of the attack. These objectives could be exfiltrating confidential and private data, expanding the attack to other systems in the network, or destroying and encrypting data on client's systems and servers, which is commonly used by a ransomware.
That's been another Glass class session, thank you for joining.