Evolution of Malware in Computer Security

Question

Task: In this assessment, you are required to provide a complete report of your research project, that you chose in Assessment 3 (Research Project Abstract) by discussing the following aspects:

• Overview of the topic
• Relevant technologies and applications of those technologies
• Highlighting the challenges/problems in your chosen research area
• Identification of any gaps in the literature by: discussing areas/issues that you believe have been addressed in the current literature; highlighting areas/issues that have not been addressed or adequately addressed; and discussing your view(s) on the issue(s) that you see as being critical.
• Summarize the future research directions based on the identified research gaps

To accomplish the above, you are expected to read and critically evaluate recent research in your selected research area by citing a minimum of 7 research articles. Students are encouraged to access such research articles from well-known and reputed research portals such as IEEE, ACM, Springer, Science Direct etc. Please note Wikipedia and general blogs will not be considered as acceptable citations.

Answer

Introduction and background
The sophistication, diversity, and availability of malicious software pose widespread challenging situations for securing networks as well as end hosts from several types of attacks. Malicious activities on the internet are growing day by day with a very high speed. Malware is known as a collective term for any type of malicious software program which enters the system in the system without authorization or permission of system's user. The term is made out of an amalgamation of the words ‘malicious' and ‘software program'. Malware is a very massive hazard in this new era of the modernized computing world. It keeps developing inability and strengthening more in complexity. As more and more business enterprises try to deal with the problem, the number of websites distribute the malware is growing at a frightening rate and is totally getting out of users control and it becomes difficult for users to manage it [1]. Most of the times malware enters in the system while downloading the documents over the Internet. Once malicious software program unearths its way into users system, it completely scans for the vulnerabilities of running system as well as to carry out some unintended activities on the user gadget and subsequently slowing down the device or system's performance. Malware has the potential to infect executable code, boot walls of drives, data/system files, and moreover create the excessive site visitors on the network and leading to a denial of system services. When the user executes the infected document; it will become resident in system memory and infect every other file executed afterward. If the running system has vulnerability, the malware also can take manage of gadget and infect other structures on the network. Such type of malicious programs (the virus is the extra popular term) also is referred to as parasites moreover adversely affect the overall performance of system commonly resulting in system slow-down. Networkings provide a main infrastructures or system for diverse recent application and these applications are target for the malware evolution. In this computer security assignment, structure literature for the evolution of malware has also been proposed [2].

Evolution of Malware
The Cisco 2018 Annual Cyber Security Report shows that the development of malware is one of the most important developments in the 2017 attack area (Apvrille, 2014). Attackers are taking malware to new levels of sophistication and impact, and the variety is growing. Malware can be used to obtain economic benefits or, in some cases, only to destroy systems and data. The malware was once distributed in three ways: through downloads emails or physical media such as USB sticks. Some kind of manual intervention is required for malware and infected devices to be distributed. However, the new carrier used by attacker's means that no human interaction is required to initiate network-based ransomware activities [5]. According to Cisco threat researchers, Nyetya and WannaCry are just trying out what is going to happen. Malware can knock down the Internet, so defenders should be prepared. Malware is short for malicious software, malware specific application or program which is made to cause damages to users. Malware can be used to steal sensitive information, halt computer operation, or acquire access to a personal computer system [3].

Security goals and the importance of maintaining the secure computing environment: As per the study conducted by Apvrille, (2014), Malware can hide its identity and survive for long periods of time. During this time it can spy users and steal their information without their knowledge about its existence. The increasing use of the internet has made the internet a unique platform for several malicious activities (Apvrille, 2014). Different type of malicious codes is executable code and has the capability to completely replicate. It also makes their survival strong.

Concept of Cryptographic algorithm: The core of cryptography is mathematics. Pure, simple, undiluted math, Math's algorithm is the basis for the encryption. Data encryption is the foundation of privacy as well as security of data on the Internet. Even if it's a bit complicated, users have to build an algorithm to fight the computer. As computers become more intelligent and algorithms become very week and user must consider new solutions for data security. This is the way cryptography develops to defeat the spammers. Symmetric key algorithms (named as key algorithms) use the concept of keys and locks to encrypt plaintext as well as decrypt the ciphertext data. Similar "key" is used to completely decrypt and encrypt the files. They are likewise classified by block ciphers and stream ciphers. Stream cipher is a combination of a plaintext number and a pseudo-random cipher digital stream. The block cipher takes the number of bits and encrypts them as a unit (called rounding), filling the plaintext to make it a multiple of the block size. As per Bai, Mu & Zou, (2014) Malware disturbance and damages so it has been considered as critical users of the internet, a technology developed; there is a continuous conflict between hacker who develops malware and security professional who develop detection and prevention methods. Based on the Symantec Internet security report, in 2009 there were more than 2.89 million different malware were detected [6]. These statistics had increased in 2010 and 2011 to about 286 million and 403 million, which means it has increased to more than 100 times than that before 2009 [7].

Malicious activities that affect computer security: As many cybersecurity professionals know, the threat landscape is continuing to become more complex, with large increases in cybercriminal activity around the world. 2017 was no exception. In their Annual Cybersecurity Report (ACR), Cisco threat researchers share significant findings of attacker behavior over the past 12 to 18 months (Barat, Prelipcean & Gavrilu?, 2013). Among the key takeaways, perhaps none is more perplexing than the evolution of malware seen recently in headline-worthy events like WannaCry and Nyetya. It appears malware has evolved both in motivation and in functionality. Although for the purpose of financial gain, newer ransomware strains have become automated to create a larger impact without the need for user interaction.

The emergence of web-based ransomware passwords eliminates the need for human factors when launching ransomware activities [11]. For some opponents, the prize is not a ransom, but a system and data deletion, because Nyetya wipes malware pretending to be blackmail the software proves this. Ismail, Marsono, Khammas states that the trends in the number of malware affects the maintainer's detection time, which is an important indicator of an organization's ability to understand the performance of its security defenses under the pressure of persistent malware attacks deployed by adversaries. Previously, patching vulnerability within 30 days was considered best practice, but now, practitioners are in a constant race against the clock where even the median TTD of 4.6 hours as measured by Cisco is much too long. It is as if cybersecurity must now predict the future [12].

Security mechanism of a trusted operating system: The most common security mechanisms implemented by ISPs, MSPs, and service providers are often anti-spam and anti-phishing filters. The numbers vary widely, but even the most conservative research shows that at least 80 out of every 100 emails can be considered spam. This is a big challenge for service providers, but there are many specialized data sources, block lists and DNSRBL to help manage this situation. In all spam, more and more emails can be considered phishing scams. These messages pretend to be from legitimate and familiar brands to induce victims to reveal their personally identifiable information or financial data. This threat has also been well studied and many companies offer detection and mitigation mechanisms. There is an additional threat in spam and phishing emails: malware in malicious attachments or web links. In the past few years, the information security industry has seen the most common use of a variety of malware infections and malicious email messages.

Assess control mechanism and user authentication process: A formal and properly documented access control policy which addresses the goals, scope, roles, management commitments, responsibilities, coordination, and compliance between organizational entities; moreover facilitates the implementation of the access control systems and policies and related access controls program. This control is designed to generate the policies and procedures needed to effectively implement the security measure and control enhancements selected in the data access control system. Policies and procedures are in compliance with appropriate federal laws, administrative orders, directives, regulations, policies, standards, and guidelines [3]. Existing organizational procedures and policies may not require additional specific policies and procedures. Access control policies can be different part of the organization's general information or data security strategy. Access control programs can be completely developed for the security programs and specific information systems when needed. Organizational risk management strategies are a key factor in developing access control strategies. The key logger records all keys touched by the user, including typed emails and documents, and passwords entered for verification purposes. Typically, an attacker uses such malware to obtain a password so that they can hack into a network or user account. However, employers sometimes use a key logger to determine whether their employees are engaged in any criminal or unethical behavior in the corporate system.

Fortunately, many clues are available to defenders as to what is out there, so the sooner professionals recognize the scale and speed at which the adversaries are amassing furthermore refining their cyber weaponry,” the quicker and more agile they can be at mitigating threats. According to Kapse & Gupta, resources like the Cisco 2018 Annual Cybersecurity Report offer an inside look at areas of focus for both attackers and defenders so security strategies may be adjusted accordingly and threats can be responded to more quickly [10].

However, people did not take a long time to go beyond the border through simple mischief and start making malware, which was designed to attack the victim on a real attack. Just a year later, after a discovery of own malware in wild, word "computer virus" was used in reference to malicious programs used to destroy data or harm the system. Shortly after first computer or Pc virus, the first version of the antivirus software was written in the form of public product at the end of 1980s [7]. Since advent of the antivirus software, complexity as well as functionality of these malware or viruses has increased rapidly, and it appears that they have not disappeared. Over time, computer viruses are divided into many different categories so that it can be defined how they behave. Although the original "virus" was the primary word for all naughty software, the word became malware capable of attacking its targeted machine, but it was not able to replicate itself. Some bugs describe a virus that can be transmitted by replication itself. Leenu Singh & Hassan states that named after the notorious Trojan Horse, Trojan Horse is known as software that pretends to be a thing like games or other soft software but is actually designed to create harmful code. Ultimately "malware" was created and changed as a common word for all malware as "viruses" (Mahawer & Nagaraju, 2013).

At present, the globe is dealing with the lots of computer threats every day. Some people are almost blurred behind security software and hardware devices because they are suffering from these attacks. Cryptolocker and its derivatives, cryptowol, along with crypto, started approximately September 2013. This series of malware are called ransomware - malware requires a ransom in exchange for access to victim's file or computer. Although this method has also been use by malware as late 1980s, the most of the techniques do not cause the cause of terror like cryptolocker because most are easily destroyed [2]. However, cryptolocker uses strong encryption to dissolve all its files, and it cannot be recovered without encrypting a distinctive personal key to encrypt it.

Foundational security policies and models: Malware poses a serious threat to the organization, so effective malware control is critical. When technically feasible or approved anti-virus software run continuously on relevant equipment and be frequently updated. Further technical moreover programmatic controls are essential to address the malware risks, including effective incident backup, responses, and other business continuity, and contingency arrangements in the event of a serious incident. This policy covers computer viruses, network worms, Trojan horse programs, rootkits, keyloggers, traps, backdoors, adware, spyware, crimeware, intimidation software, ransomware, encryption programs, advanced persistent threats (APT), etc collectively referred to as malware (shrinking malware). The firewall and intrusion detection system act as traffic police for network activity and block any suspicious events. This is an enterprise-class technology that protects users' computers, servers or networks from malicious applications or network attacks [1].

Gaps in the literature
Areas/issues that you believe have been addressed in the current literature; this document gives readers an idea of what the technology is implementing to conceive of the malware and to prevent unauthorized computer and network access. Paper also searches for how cyber criminals use various measures to infect computers and networks, and it is important to implement various security applications to block access to data. It also includes a brief history of computer and information system exploit protection to provide readers with basic knowledge of computer security moreover protection before Internet becomes a international fixture [6].

In this literature, the problem of detecting new and unknown malware is not properly resolved. We discussed current technologies and how we detect malware in an effective way. There is no isolation environment set up for reverse engineering; moreover, each executable is strictly reversed to easily find its properties and behavior. The results obtained in this document are not satisfactory. By analyzing the experimental results, it has been concluded that by reversing the data to find the static moreover behavioral characteristics of the malware, it helps to detect malware that is missing from the new document.

Future research directions
We've reversed every malware and its evolution to extract as many of the possible features as possible with the tools utilized by today's computer security professionals [9]. However, after the reversal is complete, we are unable to analyze the method to address space of executable in physical memory because the memory analysis tool has been released. Analyzing the address space reveals more interesting information about the process to more accurately analyze its behavior. In addition, manually reversing each malware is a time-consuming process that requires a lot of effort to process thousands of new malware generated each day. One way to solve this issue is to completely automate the entire reverse engineering process (Barat, Prelipcean & Gavrilu?, 2013). Even though there are some automated reverse engineering tools, they don’t record the complete details of the malware.

Conclusion
In conclusion of this computer security assignment, many security measures need to be properly implemented to protect the computers as well as networks from all type of malware. It was discussed in this computer security assignment most safety measures available to user are designed to protect computers from spam, adware, malware, and different type of general viruses. While many companies offer these services, cyber criminals are always looking more and more new ways or methods to bypass firewalls; along with anti-virus software, as well as in some cases they are very successful. As there are many various spammers and hackers in the world, new methods to address these obstacles are often developed moreover it can be extremely difficult to catch them. It was observed in this computer security assignment that if users or system managers take suitable and appropriate steps, for example, installing firewall, using anti malware or anti-virus software then they will surely be fewer likely to fall victim to cyber criminals.

References
[1]L. Leenu Singh and S. Hassan, "Virtualization Evolution For Transparent Malware Analysis", International Journal of Scientific Research, vol. 2, no. 6, pp. 101-104, 2017.

[2]D. Mahawer and A. Nagaraju, "Metamorphic malware detection using base malware identification approach", Security and Communication Networks, vol. 7, no. 11, pp. 1719-1733, 2015.

[3]F. Mercaldo, A. Di Sorbo, C. Visaggio, A. Cimitile and F. Martinelli, "An exploratory study on the evolution of Android malware quality", Journal of Software: Evolution and Process, p. e1978, 2018.

[4]M. Pope, M. Warkentin and X. Luo, "Evolutionary Malware", International Journal of Wireless Networks and Broadband Technologies, vol. 2, no. 3, pp. 52-60, 2014.

[5]R. Rodríguez, "Erratum to: Evolution and characterization of point-of-sale RAM scraping malware", Journal of Computer Virology and Hacking Techniques, vol. 13, no. 2, pp. 139-139, 2016.

[6]J. Seideman, B. Khan and C. Vargas, "Quantifying Malware Evolution through Archaeology", Journal of Information Security, vol. 06, no. 02, pp. 101-110, 2015.

[7]F. Touchette, "The evolution of malware", Network Security, vol. 2016, no. 1, pp. 11-14, 2016.

[8]F. Mercaldo, A. Di Sorbo, C. Visaggio, A. Cimitile and F. Martinelli, "An exploratory study on the evolution of Android malware quality", Journal of Software: Evolution and Process, p. e1978, 2018.

[9]A. Apvrille, "The evolution of mobile malware", Computer Fraud & Security, vol. 2014, no. 8, pp. 18-20, 2014.

[10]D. Mahawer and A. Nagaraju, "Metamorphic malware detection using base malware identification approach", Security and Communication Networks, vol. 7, no. 11, pp. 1719-1733, 2013.

[10]D. Mahawer and A. Nagaraju, "Metamorphic malware detection using base malware identification approach", Security and Communication Networks, vol. 7, no. 11, pp. 1719-1733, 2013.

[12]G. Cluley, "Sizing up the malware threat – key malware trends for 2010", Network Security, vol. 2010, no. 4, pp. 8-10, 2016.