Question

Ryan is a hacker who plans to exploit victims by uploading a malicious webpage in the cloud. He uses a vulnerability to exploit the cloud presence of XYZ Coffee, a legitimate company. From there, he installs a malware that inserts a malicious payload into web pages displayed, social media, and hides his malicious activity from the anti-virus. He then redirects victims to the website, which infects them with malware. In addition, the hacker used anti forensics tools. Users complain to the legitimate company that they are being infected, so the company seeks to fix the problem and investigate the crime. Answer the following questions based on this scenario. a) Provide a list of potential digital evidence and media that the investigator is going to seize for possible forensic examination in this case study. How would you gain access to this evidence? [2+3= 5 Marks] b) Explain two acquisition methods that you should use in this situation. [5 Marks] c) Describe significant challenges with cloud forensics, including forensic acquisition and evidence preservation. [5 Marks] d) Explain what "anti-forensics" is, and provide detail on some anti-forensics tactics that could be used in this case study. [2+3=5 marks] e) How should you proceed if the suspect’s computer is running? [5 mar

k

Answer 1

Grayware is a form of malware that doesn’t really do any physical damage to your data as other malware can, and it presents itself in a more annoying matter, such as adware and spyware. It has a high prevalence in social media, usually in the form of “click bait”, where an enticing article will lead you to a website that asks that you fill out a quick survey before accessing the media. That information is then collected and sold to other cybercriminals and can be used in attempts to hack into your personal.

Exploit kits are generally what they sound like - a malicious toolkit that searches your computer for software that has not been updated. These kits look for security holes in software with the goal of implanting malware on the user’s machines. This can happen by visiting websites that have malvertising on them. Malvertising can be found on any website, trusted or unknown, and it uses online advertising by embedding malicious code in legitimate advertisements. Recently, Yahoo was a target of this by hosting malicious ads that redirected users to websites hosting these kits. Exploit kits are not always found in malvertising, however. The popular men’s website Askmen.com was recently compromised to redirect users to a site hosting an exploit kit. This is why it is very important to make sure all of your software is up to date.

Ransomware on computers isn’t a new threat, but recently it has started to migrate to popular mobile platforms. Ransomware is a program that will target important files such as photos and documents and encrypts them, blocking the user from accessing them. The user is then sent a message demanding payment to unlock the files. Earlier this year, the first versions of mobile ransomware were spotted in the wild. The ransomware is contracted by visiting an infected site and then is automatically downloaded to the phone, or by downloading a malicious app. If your device becomes infected, do not pay the fee! Instead, make sure you get in the habit of regular backups and restore your phone from the most recent backup.

There have been a few instances of gaming malware in the media lately. One that may not cost you money, but it can cost you the many hours you’ve spent building up your characters. Twitch.tv, a website used to stream live gameplay was recently infiltrated by a bot in their chat rooms that lured users using raffles. Upon clicking the link to enter the raffle, a Java form displays a phony raffle form. After filling out the form, the malware installs itself on the user’s computer, targets the user’s Steam account and then wipes out the entire Steam wallet and inventory. In turn, the cybercriminals will sell the user’s items on the Steam community for money. Similarly, there was an issue with a malicious trojan in the popular World of Warcraft game, masquerading as a legitimate game add-on.

Browser extensions are a very popular add-on used for a multitude of tasks while surfing the Internet. But I bet you’re not aware that some of them can be stealing your information! Some malicious extensions will either track every site you visit or inject adware into those sites. While this is not a huge concern as far as what this will do to the data on your computer, it is a pretty large privacy concern. Attackers can use these extensions to perform click fraud by adding rogue ads to websites and redirecting you to those sites. Although this is lower on the threat level, this newer form of malware is evolving into something much more invasive. As a matter of fact, the European Union Agency for Network and Information Security (ENISA) has warned that there has been an increase in malicious browser extensions that are aimed at taking over social network accounts. So while at the moment, they’re not at the top of the threat list, they’re definitely something to keep an eye on.

Internet threats can appear in all shapes and sizes, many of which you may not be aware of. Luckily, the new Norton is. We have your back so you don’t have to worry about every little thing you may come across, and you can go about your business and leave the complicated stuff to us.