Q

Define and discuss malware analysis, and the primary motive for conducting malware analysis

Home, - Comment on the role of malware in cyber-attacks

Question:

The number of cyber-attacks is increasing substantially. Cyber-attacks target government, military, public and private sector, and focus on individuals and organizations to extract valuable information. Most of these attacks use malicious software (also called malware) to infect their targets. It is therefore important to have the knowledge, skills, and tools to analyse malicious software to detect, investigate and defend against these attacks. Based on your understanding of malware analysis, answer the following questions:

i) Comment on the role of malware in cyber-attacks.

Answer: Crucial role is played by malware in cyber attacks

a) Malware provide the platform for the hackers to hack the private information of the users stored in the systems of the users. It is a type of cyber attack through which an attacker can get access to the private information of the target user and harm the user over the internet by misusing such information.

b) The hackers use the malware to hack the target user sensitive data such as access to bank accounts of the users and their login id and passwords.

c) Malware also play a crucial role in infecting the system of the user and then the system can be used for cryptocurrencies like bit coin.

d) They can play role in the initiation of denial of the service attack.

e) They can play role in spying on the system of the user.

ii) Define and discuss malware analysis, and the primary motive for conducting malware analysis.

Answer: Definition
Malware analysis is a tool used to detect the suspicious files which the hacker installs in the system to hack the private information of the target user [1].

Benefits
The malware analysis tool helps to identify the procedure which is used to activate malware and the target file which the hacker is intended to harm. The tool provides the security to the users over the internet from the malicious users by using count measures for the prevention from the vulnerabilities to converting into threats and preventing the loss of the sensitive information of the users.
Primary motive of conducting malware analysis is
a) Triaging of incidents with their level of severity
b) Detection of vulnerabilities in the system
c) Detection of malware
d) To prepare incident response by detecting threats and placing remedies in place

iii) Why must malware analysis be conducted in an isolated environment? Justify your answer.

Answer: Isolated environment must be there for the analysis of the malware to protect the injection of the malicious code into the applications of the system and for the encryption of the malicious code. The malware analysis in real environment can affect the working of the system so, it must be done in separate environment only.

iv) Define and evaluate the classification techniques for malware analysis

Answer: Malware analysis techniques can be classified in three categories.
Static analysis
Dynamic analysis
Hybrid analysis

Static analysis
The examination of the files is done in the static analysis in order to find the malicious intent in the file. The malicious infrastructure can be identified in this.
The code is not run in the static analysis

Dynamic analysis
The malicious code is run in the isolated environment in case of the dynamic analysis. The malware in action is watched by the users but it is not able to infect the system as it is conducted in virtual environment. The true nature of the threat can be detected by using this analysis.

Hybrid analysis

The indicators of the compromise can be detected by this technique by using the both the static examination of file as well as running of the actual code. The pros of both approaches can be accessed in this technique.


Leave a comment


Captcha

Related :-