1.2 Attack Types Flashcards
Define Ransomware
Denying one access to their data until a ransom is paid
Define Trojan
Malicious software disguised as a valid program to trick users into installing it
Define Worm
Malware that can spread without any human interaction
What is the difference between a virus and a worm?
Virus requires human interaction to be installed, a worm is able to install and spread itself
Define Potentially unwanted programs (PUPs)
Programs that aren’t necessarily harmful, but cause unwanted annoyances, like pop-up ads, alternate internet search engines
How do fileless viruses evade detection?
By running as a valid process, such as Flash, JavaScript, or PowerShell, modify registry to add to start-up programs/processes
Define Fileless virus
A virus that runs in memory but is never installed to the hard drive and evades detection by anti-virus programs with this technique
Define Command and Control
Server that controls the bots established in a botnet
Define Bots/Botnet
Infecting multiple computers with a virus to launch complex attacks coming from multiple locations, such as a DDoS (Distributed Denial of Service) attack
Define Crypto-malware
Type of ransomware that encrypts ones data until a ransom is paid to get the decryption key
How to protect against crypto-malware attacks (other than anti-virus/malware)?
Keep system backups on device inaccessible from the computer/server
Define Logic Bomb
Malware designed to take action in the future based on a date or action
Define Spyware
Malware that forwards information, such as keystrokes or internet browsing history, to a threat actor
Define Keylogger and its attack advantage (2)
- Malware that can send typed input, clipboard data and screenshots to an attacker
- bypasses encryption so can get passwords
Define Remote access trojan (RAT)
Malware that allows complete remote control of a system
Define Rootkit
Malware that embeds in the kernel of the OS and is very difficult to remove or detect
What is the best way to protect against Rootkits?
UEFI BIOS secure boot to prevent boot if kernel has been modified
Define Backdoor
Creation of an opening in the system to bypass security and allow installation of other malware or remote system access
Define Password attack - Spraying
To avoid account lockout, just a few common passwords from a list are tried before moving on
Define Password attack - Dictionary
Sub-type of brute force attack that uses a pre-defined list of common words to find a password match
Define Password Attack - Offline vs Online
- An online password attack has limited potential since actively trying username/passwords is limited to a certain number of failed attempts before the account is locked out
- Offline password attacks are done by obtaining the files containing usernames/passwords and then cracking those with equipment offline or separate from the live website or organization
Define Password attack - Brute force
Trying every possible combination of letters, numbers and characters until the password match is found
Define Password attack - Rainbow tables
A dictionary that stores the hashed result of the plaintext password, instead of the plaintext
Define Password attack - Plaintext/unencrypted
Passwords stored as plaintext, if compromised, every password in that file or database are compromised
