1-Threats, Attacks and Vulnerabilities Flashcards
What is an Indicator of Compromise (IOC)?
Artifacts observed that indicate (with a high degree of confidence) a computer intrusion.
What is a virus?
Malicious code that requires user interaction to install and replicate.
What is Crypto-malware/Ransomware?
Malicious applications that scare or scam users into taking some type of action (i.e. paying for removal/decryption).
What is a worm?
Self-replicating program that is usually self-contained and can execute and spread without user interaction.
What are the two main types of worms?
Network Service Worm and Mass Mailing worms.
What does a Network Service Worm exploit?
Network vulnerabilities.
What is a Trojan?
Seemingly friendly software that contains hidden malicious software.
What is a Rootkit?
Malicious code that installs itself at the OS or Kernel level to avoid detection.
Why are Rootkits difficult to remove?
They load before the OS loads and can disable anti-virus and anti-malware software.
What is a Keylogger?
Malicious application that once installed on a host can capture all keystrokes such as passwords.
What is Adware?
Malware that is installed on an infected machine to deliver ads.
What is Spyware?
Malicious software that captures user activity and reports back.
What are Botnets?
Malicious code that infects large numbers of hosts for the purpose of launching large scale attacks on specific targets.
What are the components of a Botnet?
Command & Control Servers
Bots (zombie) computers
What is a Logic Bomb?
Malicious code that triggers after a period of time based on some date or specific activity.
What is a Backdoor?
Software that installs for the purpose of opening ports and installing additional software.
What is Social Engineering?
Taking advantage of people with the goal of collecting useful information i.e. preying on people’s natural willingness to be helpful.
What is Vishing?
Social Engineering techniques designed to get the victim to divulge personal or sensitive information over the phone i.e. posing as a legitimate company or an employee.
What is Tailgating?
Following someone into a building through a gated or badged access area.
What is Impersonation?
Impersonating people or sniffing network packets and putting them back on the wire to execute a replay attack.
What helps mitigate the effectiveness of replay attacks?
Packet sequencing.
What is Dumpster Diving?
Removing trash from dumpsters that could reveal sensitive information.
How do you mitigate dumpster diving?
Shred documents, lock waste cans, etc.
What is Shoulder Surfing?
Watching over someone as they enter credentials into a site.
What is a Hoax?
Social engineering technique using the phone and/or voicemail to trick the target into providing sensitive information.
What is Phishing?
Attack usually via email where the attacker poses as someone else with the hopes that you will click a link, etc.
What is Spear Phishing?
Phishing attack targeted at a specific target.
What is Whale Phishing?
Phishing attack targeted at Execs.
What is a Watering Hole attack?
Sophisticated attack that identifies less secure websites users in a particular company or organization are likely to visit.
Attackers then plant malware on the sites that infect users once they visit
May download additional software onto the computer, scan for other exploits, etc.
What are Social Engineers good at?
Asking non-invasive or unimportant questions to gather info over time.
What are the 6 Principles (Reasons for Effectiveness) behind Social Engineer?
Authority Intimidation Consensus/Social Proof Familiarity/Liking Trust Scarcity/Urgency
How is Authority used in Social Engineering?
Bad actor appears to know what they’re talking about or has special knowledge of the company, name drops, technical jargon, etc.
How do Social Engineers use Intimidation?
Threaten negative action, threaten to release sensitive information, etc.
What does Consensus/Social Proof mean with regards to Social Engineer?
People are more likely to act when they believe they are in alignment with the larger group.
How is Familiarity/Liking abused by Social Engineers?
Attacker will establish a common contact or friend to gain more trust.
How is Trust abused by Social Engineers?
Try to name drop, use authority, etc. to make themselves appear more trustworthy.