🦠 Malware (Malicious Software)
🧠 What is Malware?
Malware is any software designed to harm, exploit, or otherwise compromise the operation of a computer system. It includes viruses, worms, ransomware, spyware, and other harmful software.
Types of Malware:
| Malware Type |
Description |
Example |
Key Features |
| Virus |
Attaches itself to legitimate programs and spreads |
MS Word macro viruses |
Requires user execution, can corrupt files |
| Worm |
Self-replicating and spreads without user action |
SQL Slammer, WannaCry |
Spreads via networks, doesn't need a host |
| Trojan Horse |
Disguised as legitimate software, but harmful |
Zeus Trojan |
Backdoors for attackers, keyloggers |
| Ransomware |
Encrypts files and demands payment for decryption |
WannaCry, CryptoLocker |
Disrupts business, data loss if not recovered |
| Spyware |
Secretly collects user data and sends it to third parties |
Adware, keyloggers |
Collects personal information, usually silently |
| Rootkit |
Hides malicious software from detection |
Stuxnet |
Provides remote access, hides presence |
| Adware |
Displays unwanted advertisements |
PUPs (Potentially Unwanted Programs) |
Often bundled with free software |
| Botnet |
Network of infected machines controlled by an attacker |
Mirai botnet |
Used for DDoS attacks or spamming |
| Keylogger |
Records keystrokes and sends them to attackers |
Zeus, Perfect Keylogger |
Collects sensitive info like passwords |
🚨 How Malware Spreads:
- Email Attachments: Malicious files disguised as attachments.
- Drive-by Downloads: Infected websites triggering downloads.
- USB Devices: Malware that spreads through infected USB drives.
- Social Engineering: Trick users into executing malicious software (e.g., phishing).
🛡️ Protection Against Malware:
| Protection Measure |
Description |
| Antivirus/Antimalware Software |
Detects and removes malware (e.g., Norton, Malwarebytes) |
| Firewalls |
Prevents unauthorized network access |
| Regular Updates/Patching |
Keeps software up-to-date to fix vulnerabilities |
| Email Filtering |
Blocks phishing emails and malicious attachments |
| Behavioral Analysis |
Monitors suspicious activity in real time |
| Backup and Recovery |
Regularly back up important files to restore after ransomware attacks |
| User Awareness Training |
Teach users to recognize phishing attacks, avoid suspicious downloads, etc. |
🗄️ Database Security
🧠 What is Database Security?
Database security involves protecting the database from unauthorized access, misuse, or corruption. Databases often store sensitive data like personal information, financial records, and proprietary business data.
Key Database Security Threats:
| Threat Type |
Description |
Example |
| SQL Injection |
Malicious SQL queries injected into input fields |
Attackers extract or modify database records by manipulating input |
| Unauthorized Access |
Gaining access to database without proper authorization |
Exploiting weak passwords or unpatched vulnerabilities |
| Data Breach |
Unauthorized viewing, copying, or transmitting sensitive data |
Hackers steal customer data (e.g., credit card numbers) |
| Privilege Escalation |
Unauthorized users gaining elevated privileges |
A normal user gaining admin access to delete records |
| Data Corruption |
Altering, destroying, or misrepresenting data |
Attacks that modify financial records or destroy important data |
| Insider Threats |
Malicious actions by employees or trusted individuals |
A disgruntled employee leaks customer data or deletes files |
| Lack of Encryption |
Storing sensitive data in plain text without encryption |
Sensitive data accessed during a breach is unprotected |
🛡️ Protecting Databases:
| Protection Measure |
Description |
| Access Control |
Restrict database access to authorized users and applications. Use RBAC (Role-Based Access Control) or ABAC (Attribute-Based Access Control). |
| Encryption |
Encrypt sensitive data both at rest (stored) and in transit (while being transmitted). Use AES for strong encryption. |
| Database Auditing |
Monitor all access and modification events to detect unauthorized actions (e.g., SQL Server Audit, Oracle Audit). |
| Patching and Updates |
Regularly apply patches and updates to address known vulnerabilities in the database software. |
| SQL Injection Prevention |
Use parameterized queries and prepared statements to prevent attackers from injecting malicious SQL. |
| Data Masking |
Replace sensitive data with fake but realistic-looking values during testing or development to prevent exposure. |
| Backup and Recovery |
Regularly back up databases and implement a recovery strategy to ensure data can be restored in case of attack or failure. |
| Firewalls |
Use database firewalls to detect and block malicious activity (e.g., IBM Guardium, Imperva). |
| Strong Authentication |
Enforce strong authentication mechanisms, including multi-factor authentication (MFA), to ensure that only authorized users can access the database. |
| Segmentation & Network Security |
Ensure the database is isolated from the general network and properly firewalled to limit exposure. |
📦 Key Principles of Database Security:
| Principle |
Explanation |
| Confidentiality |
Ensuring that sensitive data is only accessible to authorized users. |
| Integrity |
Ensuring that data is accurate and has not been tampered with. |
| Availability |
Ensuring that the database is always available and functioning as expected. |
| Non-repudiation |
Ensuring that actions on the database (e.g., queries, modifications) can be tracked to their origin, preventing denial of malicious actions. |
🔄 Relationship Between Malware and Database Security:
- Malware can be used to gain unauthorized access to databases, corrupt data, or exfiltrate sensitive information.
- Database security techniques (encryption, access control, auditing) help prevent malware from exploiting weaknesses in the database.
🔒 Best Practices for Both:
- Regular Patching: Keep both software and databases up-to-date with the latest security patches.
- Least Privilege: Ensure users and applications have only the permissions they need.
- Data Encryption: Always encrypt sensitive data both at rest and in transit.
- Monitoring: Use tools for continuous monitoring and logging to detect unusual behavior or unauthorized access attempts.