Information Security - Protecting Company Data: Malware Trends and Mitigation Strategies (Course Id 1542)

Computer Software & Applications - Computer Software & Applications for Course Id 1542

The malware and cybersecurity landscapes are constantly shifting in response to the actions of one another. On one side, cybersecurity experts are identifying, analyzing, and patching new forms of malware as consistently as possible so they can be detected by antivirus software and purged from infected systems before they can cause harm to their potential victims. On the other side, malware creators and cybercriminal organizations are constantly creating new malware, and altering old malware, to circumvent cybersecurity efforts and continue to infect as many computers as possible for a variety of purposes. This course will identify the overarching concepts that make up the current information security landscape. This course will provide an overview of the different types of malware that can infect a computer system as well as the different techniques used to conduct both phishing attacks and identity theft. This course will identify the general malware trends over the past several years and explain how the current malware landscape arrived at where it is today. Finally, this course will describe the most commonly seen pieces of malware from this year and provide both an in-depth explanation on how the malware operates and best practices to properly deal with each piece of malware.

NASBA QAS - Text - NASBA Registry - 1542

Course Learning Objectives

• Identify the importance of information security for CPAs and Tax Practitioners,
• Identify the different types of malware that can infect computer systems,
• Define the term “Phishing” and recognize how phishing occurs,
• Define the term “Identify Theft” and recognize how identify theft most commonly occurs,
• Identify the major malware events that have occurred in recent years, and
• Identify the operating processes and mitigation techniques for the most commonly seen malware programs of the current year.

Chapter 1 - Information Security - Protecting Company Data: Malware Trends and Mitigation Strategies

Course Learning Objectives

Introduction

Information Security

Internet

Information Security Tools and Processes

Application security

Cloud security

Cryptography

Infrastructure security

Incident response

Vulnerability management

Security Concepts

Confidentiality

Integrity

Availability

People Accessing Information

Authentication

Authorization

Nonrepudiation

Malware Definition

Viruses and Worms

Virus

Worm

Trojans

Backdoor / Remote Access Trojan (RAT)

Botnets

Adware

Information stealers

Ransomware

Rootkits

Downloaders or droppers

File Wipers

Spyware

Malware Summary

Phishing

Spear Phishing

Clone Phishing

Whale Phishing

Social Media Phishing

Phishing Evolution

Phishing Opportunities

Criminals are Learning and Evolving

Phishing Tools

Bots/Botnets

Phishing Kits

URL Obfuscation

Simple HTML redirection

Use of JPEG images

Use of alternate IP addresses

Registration of similar domain names

Web Browser Vulnerabilities used for Phishing

Session Hijacking

Domain Name Resolving Attacks

Global DNS Hijacking Campaign

Cross-Site Scripting Attacks

Domain Name Typos

Man-in-the-Middle Attacks

Phishing

Bancos

Bankash

W32/Grams

CoreFloo

Dyre Banking Malware

Phishing Mitigations

Phishing Solutions

Prevent Phishing Attacks

Identity Theft

Identity Theft Methods

Trash Sifting/Dumpster Diving

Mail Theft

Address Manipulation:

Skimming

Scanning

Straightforward Theft:

Conning

Identity Theft Crimes

Yahoo Data Breach

Equifax breach

Target Data Breach

Malware Trends

2014 Malware Trends

Increases in Researcher Evasion

Malware Source Code Leaks

Changes in Account Takeover Fraud Execution

Mobile SMS Malware Rose in Popularity

Obsolete Malware Infection Techniques Started Making a Comeback

2015 Malware Trends

Mobile Banking Trojans on the Rise

Overlay of Malware on Top of Legitimate Applications

Increases in Mobile Ransomware

First Ransomware for Linux Detected

Encryption-Based Ransomware is on the Rise

2016 Malware Trends

Ransomware Solidified Itself as a Serious Threat

Underground Cybercriminal Marketplaces are Becoming More Common

$100 Million was Stolen from Banks in SWIFT-Enabled Transfers

BlackEnergy Wreaked Havok on Vulnerable Critical Ukrainian Infrastructure

Mirai Botnet Attack Shows the Vulnerability of Internet of Things (IoT) Devices

Mobile Adware Infections Increase Dramatically

2017 Malware Trends

Despite the Plateauing of new Ransomware Families, WannaCry and NotPetya take the Ransomware Landscape by storm

Mobile “Evasive” Malware is Extremely Popular and More Dangerous Than It’s Ever Been

Losses from Business Email Compromise and CEO Fraud Reach $5 Billion

2018 Malware Trends

Botnets Are Now Used to Attack Both Organizations and Users of Infected Computers

As Rooted Mobile Malware Declines in Popularity, Traditional Malware Infection Rates Surge

With the Rising Value of Cryptocurrency, Mining Malware is Rising in Popularity

2019 Malware Trends

WannaCry Ransomware

Kovter Click Fraud Malware

Gh0st RAT

NanoCore RAT

CoinMiner Cryptocurrency Mining Malware

ZeuS Modular Banking Malware

Emotet Infostealer

Trickbot Banking Trojan

Qakbot Financial Malware

Dridex Banking Trojan

Common Malware Threats of 2020

KMS

Dridex Banking Trojan

Tech Support Scams

Glupteba Trojan

Infostealers

Important Mentions: Trickbot and Emotet Infostealer

Malware Trends to be Aware of in 2021

Ransomware Attacks Will Continue to Increase in Both Number and Sophistication in 2021

Cybercriminals and Threat Actors will Continue to Exploit the COVID-19 Pandemic

Non-Windows Malware Attacks are Increasing

Vulnerabilities that Enable Malware will Likely Increase in 2021

Glossary