An OPERATING SYSTEM ATTACK is an exploit that compromises the lower levels of a device or computer system. This is an idea strategy in cyber warfare since supposedly, protection and countermeasures are not as sophisticated toward the bottom of a technology stack. If malicious code can indeed be implemented in bytecode or machine language, it will allow it to bypass a significant number of measures found in most antivirus (AV) products on the market.
An operating system attack is also more malicious than those which merely target the settings of a web browser, or the files and programs installed on a computer. As its name implies, it can actually disrupt the operation of an entire device. It’s worth noting that the most vulnerable operating systems in these kinds of attacks are those within the Windows family of products. But there are times in which Linux and UNIX based systems (like OSX) are susceptible, too.
Different Types of OS Attacks
If a hacker can indeed penetrate the central component of a computer (its kernel), then in theory, he or she can go on to attack any layer within the operating system. Prior to the release of Windows 8 and 10, these were mostly password attacks that involved authenticating into the system without using the OS login screen. Here, attackers were able to use the Windows recovery mode to enable user access to the command prompt, or, its disk operating system (DOS).
The hacker was then able to create a new user account with administrative privileges—even without direct access to the computer’s filesystem. This enabled unfettered access to the targeted system. After accomplishing their intended goal(s), they would then delete the newly created account to cover their tracks. In 2012, this known vulnerability was fixed with a software patch available for both Windows 8 and Windows 10 operating systems, but computers running Windows 7 are still vulnerable to this day.
Another type of operating system attack uses the proprietary features of an OS product to gain direct access to the computer’s filesystem. An example of such a use case involves the Windows narrator software, which was first released in 2009 as part of the Windows 7 product. Although it’s intended use was to increase accessibility—particularly for users with disabilities or limited input device capabilities, it ultimately provided a backdoor into the operating system through DLL side loading.
This technique makes it very difficult for antivirus (AV) solutions, which usually sit on top of operating systems, to detect intrusion and abnormal behavior. The malware makes it possible for the system to be controlled remotely, and gives its author more than just read-only access. Attackers are able to create, delete, rename and move files without consent. They are also able to edit entries in the registry, change permissions of applications, and even start or kill processes in the background. An operating system attack of this nature usually leads to the introduction of more executable (EXE) files that provide additional access.
Limitations of an Operating System Attack
The closer you get to the byte or circuit level of a computer, the more specific a software program has to be. While bytecode is a compilation of a general-purpose programming language into lower-level sets of instructions, it still requires the assistance of a software interpreter to be executed or further assembled into machine code. The Assembler language (ASM) is the true vernacular of a given machine. But this convention varies from machine to machine, which makes attacks at certain OS levels either impossible or impractical.
Preventing an Operating System Attack
Most operating systems that are still being supported are designed to constantly check their systems for bugs and exploitable features. So the first step in mitigating an operating system attack is to use an OS that is still supported by the software vendor. The use of older OS products, like Windows Vista and below, pose a much greater risk. This aside, users should always keep their system up-to-date by accepting and installing any new software patches. Coupled with a good antivirus solution, you can limit or otherwise prevent the likelihood of an OS Attack.