This chapter brings physical access and computer forensics in one chapter since they employ similar methods, so the techniques of handling these threats are in many ways similar.
This type of threat has to do with obtaining physical access to a device with the intention of stealing information or performing certain actions that can inflict damage to the user. Stealing information directly, installing malicious software and connecting external media are the most common attacks.
Let’s look at an example of a physical access attack. A perpetrator snooped on your password, personally or via a miniature camera near your computer. Then he has to wait for you to leave your workstation for a while so that he could install some spyware to your computer. The program will be running unbeknownst to you, collecting all the information and sending it to the perpetrator.
Interview widget: Do you know how to view the programs whitelisted by your antivirus?
Spyware can be acquired absolutely legally, and mostly these programs are intended for parental control. Unlike malicious software, these programs require physical access to computer; RATs belong to a special type of malware that controls a system remotely without physical access to the device and administrator password.
The common functionality of such software includes recording what you do on your screen, recording all keys you press, controlling the perimeter using the web camera and microphone, creating easy-to-use reports about user’s activity. In addition to secretly collecting information, some of these programs can censor user’s activities, for instance, by blocking access to some sites.
How do you protect yourself from similar threats? First, you need to add fake symbols in your password, this will protect you from bystanders who could snoop on your monitor. You will learn how to add fake symbols in the chapter focusing on passwords. Second, you should install and set up Panic Button – the application that protects from unsanctioned access to a computer. You can take it a step further – there are freely available locks, safes and alarms for laptops. As you work through this course, you will learn about all these methods in detail.
Another common type of attack has to do with connecting external devices. For instance, a USB flash drive gets attached to your computer without your knowledge. As the system boots up with this USB memory, you get infected with malware.
The darknet can offer already adjusted USB flash drives, and the only thing a perpetrator has to do is to insert the memory stick into the victim’s computer in hope that he or she hasn’t read the materials of this course. You don’t always need a perpetrator to have your computer infected via an infected USB flash drive. Sometimes a virus can write itself into the flash-drive independently, while its owner turns out to be an ignorant victim.
After getting into your computer, malware often writes itself into all external media that will then infect more and more devices. A lot of Trojans, including the notorious Sality, ZeuS Citadel and Zeus Gameover, still spread using this kind of attack. This infection method was the most popular in the 2000s and is currently on the wane as more and more often files are passed through the web.
You will learn how to protect yourself from this problem, including how to create the trusted device lists and block untrusted devices, use USBkill software, open files in a sandbox. We will give you a breakdown of built-in protection mechanisms such as Secure Boot. You will get to test the security of devices by learning how to