1.2 - Attack Types

Question 1

Define Malware.

Answer 1

A form of malicious software that is used for some nefarious purpose (gathering information, forcing a pc to participate in a group, showing advertising, etc.)

Question 2

List as many types of malware as you can.

Answer 2

1. Viruses
2. Crypto-malware
3. Ransomware
4. Worms
5. Trojan Horse
6. Rootkit
7. Keylogger
8. Adware / Spyware
9. Botnet

Question 3

What are some ways that you can prevent a PC from getting malware?

Answer 3

1. Don’t click email links
2. Keep OS updated
3. Keep applications updated and check with
   publisher

Question 4

Define Virus.

Answer 4

A type of malware that can reproduce itself but requires user input in order to start infecting. It reproduces through file systems or the network.

Question 5

List the types of viruses.

Answer 5

1. Program Virus
2. Boot Sector Virus
3. Script Virus
4. Macro Virus
5. Fileless Virus

Question 6

Define Program Virus.

Answer 6

A virus that runs within an application.

Question 7

Define Boot Sector Virus.

Answer 7

A virus that runs within the boot sector of an OS and starts upon a system booting up.

Question 8

Define Script Virus.

Answer 8

A virus that runs off a script that is either OS or browser-based.

Question 9

Define Fileless Virus.

Answer 9

A virus that is never saved into the file system of the OS. It only ever runs on the memory of a system.

Question 10

Define Macro Virus.

Answer 10

A virus that runs off of a macro typically found within Microsoft Office.

Question 11

Define Worm.

Answer 11

A form of malware that self-replicates. It does not require user input in order to start. It often uses the network as a transmission medium. Self-propagates and spreads quickly.

Question 12

Define Ransomware.

Answer 12

An attack in which a bad actor takes, acts like they have taken, or encrypts your data until you pay them to get it back.

Question 13

Define Crypto-Malware.

Answer 13

A ransomware attack in which the victim’s data is encrypted. A decryption key must be obtained from the bad actors.

Question 14

What are 5 ways to protect against ransomware?

Answer 14

1. Always have a backup
2. Keep your OS system up to date
3. Keep your applications up to date
4. Keep your anti-virus / anti-malware signatures up
   to date
5. Keep everything up to date

Question 15

Define Trojan Horse.

Answer 15

A type of malware that pretends to be something else to make its way on your computer. It can open up a way for other types of malware.

Question 16

Define Remote Access Trojans (RATs).

Answer 16

A type of trojan horse that allows for remote administrative control of a device.

Question 17

List 3 ways to protect a PC against Trojan Horses and RATs.

Answer 17

1. Don’t run unknown software
2. Keep anti-virus / anti-malware signatures updated
3. Always have a backup

Question 18

Define Rootkit.

Answer 18

A type of malware that is within the system files making it incredibly difficult to remove. It can often be invisible to the OS.

Question 19

What are 3 ways to deal with rootkits?

Answer 19

1. Looking for the unusual (via anti-malware scans)
2. Use a remover specific to the rootkit
3. Secure boot with UEFI

Question 20

Define Adware.

Answer 20

A type of malware that attempts to flood your screen with ads.

Question 21

Define Spyware.

Answer 21

A type of malware that spies on you. It might take note of sites that you visit or log passwords.

Question 22

Define Keylogger.

Answer 22

A type of spyware that logs your keystrokes.

Question 23

What are 4 ways to protect against spyware and malware?

Answer 23

1. Maintain your anti-virus / anti-malware
2. Always know what you are isntalling
3. Backups
4. Run some scans

Question 24

Define a Bot.

Answer 24

A type of software application or script that performs automated tasks on command. Bad bots perform malicious tasks that allow an attacker to remotely take control over an infected computer.

Question 25

Define Botnet.

Answer 25

A group of bots working together for some malicious purpose, such as a DDoS or botnets as a service.

Question 26

What are three ways to stop bots?

Answer 26

1. Prevent the initial infection through
   - OS and application patches
   - Anti-virus/ anti-malware and updated
   signatures
2. Identify an existing infection
3. Prevent command and control (C&C) via firewall
   and IPS

Question 27

Define Logic Bomb.

Answer 27

A set of instructions secretly incorporated into a program so that if a particular condition is satisfied they will be carried out, usually with harmful effects.

Question 28

What are three ways to prevent logic bombs?

Answer 28

1. Process and Procedures with formal change
   controls
2. Electronic monitoring
3. Constant auditing

Question 29

Define a hash.

Answer 29

The process of transforming any given key or string of characters into a fixed-length string of text.

Question 30

Define a spraying attack.

Answer 30

A type of brute force attack where a malicious actor attempts the same password on many accounts before moving on to another one and repeating the process. Attempt to no lockout to raise no alarms.

Question 31

Define a brute force attack.

Answer 31

An attempt to break into an account by using every possible password combination until the hash is matched.

Question 32

Define a dictionary attack.

Answer 32

A type of brute force attack where an intruder attempts to crack a password-protected security system with a “dictionary list” of common words and phrases used by businesses and individuals. Can substitute letters with numbers and special characters.

Question 33

Define rainbow tables.

Answer 33

An optimized, pre-built set of hashes. A password hacking tool that uses a precomputed table of reversed password hashes to crack passwords in a database.

Question 34

Define salt.

Answer 34

Random data added to a password when hashing. Every password gets random salt inserted. Rainbow tables can’t deal with salt.

Question 35

Define malicious USB cable.

Answer 35

A USB cable that appears to be a typical USB cable, but it registers as a HID. It installs malicious software.

Question 36

Define malicious flash drive.

Answer 36

A flashdrive that appears innocent, but it has malicious software on it. Can act as an HID. Can use macros in document, boot to itself, or act as an ethernet adapter.

Question 37

Define skimming.

Answer 37

The act of stealing credit card information, usually during a normal transaction. Can copy data from the magnetic strip. Can be done at an ATM.

Question 38

Define card cloning.

Answer 38

The act of creating a duplicate of a card. This can only be done on magnetic strip cards. Card information is often gained by skimming.

Question 39

Define evasion attacks.

Answer 39

Attacks at the testing time of an AI, in which the attacker aims to manipulate the input data to produce an error in the machine learning system. Does not alter the behavior of the AI, exploits its blinds spots and weaknesses to produced desired errors.

Question 40

Define data poisoning.

Answer 40

Manipulating training datasets by injecting poisoned or polluted data to control the behavior of the trained ML model and deliver false results. AI

Question 41

Name three ways to secure the learning algorithms for AI.

Answer 41

1) Check the training data (cross check and verify)
2) Constantly retrain with new data
3) Train the AI with possible poisoning

Question 42

Name a few ways that you can secure a supply chain.

Answer 42

1) Keep an eye out for servers, router, switches,
firewalls and software
2) Use a small supplier base
3) Strict controls over policies and procedures
4) Security should be part of the overall design

Question 43

What are some features of cloud-based security?

Answer 43

+ Centralized and costs less
+ No dedicated hardware, no data center to secure
+ A third-party handles everything
+ Data is in a secure environment
+ Cloud providers are managing large-scale security
+ Limited downtime
+ Scalable security options

• Third-party may have access to the data
• Users must follow security best-practices
• May not be as customizable as necessary

Question 44

What are some features of on-premise security?

Answer 44

+ Complete control
+ On-site IT team can manage security better
+ Local team maintains uptime and availability

• Burden is on the client
• Data center security and infrastructure costs
• Security changes can take time
• Staffing costs

Question 45

Define birthday attack.

Answer 45

When the same hash value is created for two different plaintexts, aka hash collision. The attacker will generate multiple versions of plaintext to match the hashes.

Question 46

Define hash collision.

Answer 46

Occurs when two different inputs produce the same hash value. This can happen for various reasons, such as using a weak or flawed hashing algorithm, having a small hash space, or having a large number of inputs.

Question 47

Define downgrade attack.

Answer 47

Attacks that take advantage of a system’s backward compatibility to force it into less secure modes of operation. Systems that can use encrypted or unencrypted connections are at the greatest risk from downgrade attacks.