1.2 Given a scenario, analyze potential indicators to determine the type of attack

Question 1

What is Malware?

Answer 1

Malicious Software with the intent to gain control, do damage, or extract financial gain.

Question 2

What is Ransomware?

Answer 2

Any form of malware that makes you pay to get the malware to go away, it is called ransomware.

Question 3

What are trojans?

Answer 3

It’s less of a type of malware and more of a method in which the malware spreads or plants itself. It’s a piece of software that is useful to the victim. It’s goals are usually to collect personal information from the user.

Question 4

What are worms?

Answer 4

The malware infects memory areas with buffer overflows and propagating themselves by attempting to contact random IP addresses. They are easy to detect, but their code execution proved to be a problem.

Question 5

What are Potentially unwanted Programs (PuPs)?

Answer 5

These are technically not malware, but can be undesirable. This is a blanket term for adware, bloatware, crapware, etc. These are different from malware in that the user consents to them being downloaded. These are usually coupled with legitimate programs as add-ons.

Question 6

What is a fileless virus?

Answer 6

A fileless virus is a vicious malware that behaves similar to a regular virus that attacks and propagates, but only lives in memory. It often uses tools built into windows like PowerShell to attack that very system. Anti-malware struggles to ID this malware.

Question 7

What is Command and Control (CnC)?

Answer 7

These are servers that control the actions of the bots. CnCs try to automate the control, not requiring human interaction after the initial programming.

Question 8

What are bots/botnets?

Answer 8

Botnets are a distributed type of malware that uses remotely controlled malware that has infected several different computers. The idea is to create a large robot-like network used to wage large-scale attacks on systems and networks. Bots are used to carry on the orders of the attacker once the attack begins.

Question 9

What is Cryptomalware?

Answer 9

This malware uses some form of encryption to lock a user out of a system. Once a system is encrypted, usually the victim will have to pay to get their data unencrypted again.

Question 10

What are Logic Bombs?

Answer 10

It is usually a script that is set to execute either at a specific time or when certain events or circumstances have taken place on the system. Detecting them is hard because it involves auditing a system and analyzing the files. Usually placed by disgruntled employees.

Question 11

What is Spyware?

Answer 11

It isn’t a type of malware; it is more of a goal instead. Spyware is a virus or trojan in form ,but we tend to classify it more by its function rather than type. It is used for observing user actions, as well as stealing information.

Question 12

What are Keyloggers?

Answer 12

A keylogger is a piece of malware that records keystrokes. Most will store a certain amount of keystrokes before sending it off in a file to a bad actor.

Question 13

What is a Remote Access Trojan (RAT)?

Answer 13

A remote administration tool maliciously installed as a trojan horse to give a remote user some level of control of the infected system.

Question 14

What is a rootkit?

Answer 14

A piece of malware that attempts to infect critical operating system files on the host. These are hard to detect from antivirus software.

Question 15

What is a backdoor?

Answer 15

An entry method into a piece of software that wasn’t intended to be used by normal users. Bad actors can use these to consistently get into a system for malicious reasons.

Question 16

What is a Password attack?

Answer 16

An attempt to extract a plaintext key or password from ciphertext or hashes to gain entry to unauthorized data.

Question 17

What is a Password Spraying Attack?

Answer 17

An attacker applies a few common passwords to many accounts in an organization. This tends to work with single sign-on systems better than others.

Question 18

What is a Dictionary Attack?

Answer 18

A program that will read contents from a file that uses common words in a dictionary to attempt to crack a password.

Question 19

What is a Brute Force attack?

Answer 19

Attempts to derive a password or key by inspecting either ciphertext or a hash and then trying every possible combination of key or hash until it can decrypt the plaintext or generate a match.

Question 20

What is an offline Brute force attack?

Answer 20

In an offline brute force, an attacker has access to the encrypted material or a password hash and tries different keys without the risk of discovery.

Question 21

What is an online brute force attack?

Answer 21

In an online attack, an attacker needs to interact with a target system.

Question 22

What is a Rainbow Table?

Answer 22

These are binary files, not text files.. These store the hashes of passwords so that, if a match were to occur, it would crack a password.

Question 23

What is a plaintext/Unencrpyted attack?

Answer 23

Attackers use packet sniffing software to monitor and capture traffic on a network. If a password is sent in plaintext or unencrypted, then the attacker has the password. It is referred to a generic packet sniffing attack.

Question 24

What is a physical attack on a system?

Answer 24

An attacker can connect many tools that may gather all kinds of information about a system.

Question 25

What is a malicious USB cable?

Answer 25

USBS can be used to send preconfigured commands or deliver a payload. It also doubles as a regular cable but it also steals information. The way to fix is to disable any USB ports

Question 26

What is a malicious flash drive?

Answer 26

It is a removable device that can deliver payloads, steal information, or execute preconfigured commands. To fix this problem, disable USB ports.

Question 27

What is Card cloning?

Answer 27

The information on any magnetic stripe on a plastic card can be cloned and then placed on another card.

Question 28

What is Skimming?

Answer 28

These are devices placed on top of card readers of machines like ATMS, vending machines, gas pumps, etc. They read the information on the magnetic stripes.

Question 29

What is Adversarial Artificial Intelligence?

Answer 29

AI that can insert tainted training data for machine learning, thus disrupting the defense. This is the process of deliberately deceiving to penetrate AI defenses.

Question 30

What is Tainted Training data for machine learning?

Answer 30

Attackers could deliberately salt misleading or fuzz to mess with the defender’s AI.

Question 31

What is security of machine learning algorithms?

Answer 31

This helps to guard against the discovery of algorithms AI defense systems to stop attackers from penetrating these AI systems.

Question 32

What are supply-chain attacks?

Answer 32

When an attacker infects a product that is then bought by the victim and this product then infects the system it is connected to.

Question 33

Define cloud-based vs. on-premises attacks.

Answer 33

Just know that the physical component of on-premises vulnerabilities and attacks don’t apply to cloud-based, but the network-specific vulnerabilities and attacks apply to both still.

Question 34

What are Cryptographic Attacks?

Answer 34

Every attack starts by careful inspection of the cryptosystem and aggressively probing and experimenting to find some form of weakness. Many cryptographic attacks target cracking passwords.

Question 35

What is a birthday attack?

Answer 35

It is a statistic that it’ll take roughly half the hashes to find a collision/match using a brute force attack.

Question 36

What is a collision attack?

Answer 36

It’s when two different values produce the same hash, thus a collision has occurred. Attackers try to take advantage because they don’t need to know the private key, just a value that produces an identical signature.

Question 37

What is a downgrade attack?

Answer 37

The attack makes a legitimate request to the web server to use a weak, deprecated algorithm in hopes of then successfully getting keys, passwords, and so forth.