1.2Given a scenario, analyze potential indicators to determine the type of attack. Flashcards
(34 cards)
Ransomware
Ransomware is a type of malware from cryptovirology that threatens to publish the victim’s personal data or perpetually block access to it unless a ransom is paid.
Trojans
Trojan viruses are a type of malware that invade your computer disguised as a real, operational programs.
Worms
A computer worm is a type of malware that spreads copies of itself from computer to computer. A worm can replicate itself without any human interaction, and it does not need to attach itself to a software program in order to cause damage.
Potentially unwanted programs (PUPs)
A potentially unwanted program (PUP) is a program that may be unwanted, despite the possibility that users consented to download it. PUPs include spyware, adware and dialers, and are often downloaded in conjunction with a program that the user wants.
Fileless virus
While not considered a traditional virus, fileless malware does work in a similar way—it operates in memory. Without being stored in a file or installed directly on a machine, fileless infections go straight into memory and the malicious content never touches the hard drive.
Command and control
A command-and-control [C&C] server is a computer controlled by an attacker or cybercriminal which is used to send commands to systems compromised by malware and receive stolen data from a target network.
Bots
How do bots work? Typically, bots operate over a network. Bots that can communicate with one another will use internet-based services to do so – such as instant messaging, interfaces like Twitterbots or through Internet Relay Chat (IRC). Bots are made from sets of algorithms which help them to carry out their tasks.
Cryptomalware
A silent threat, crypto-malware is often disguised as legitimate software that, once downloaded, embeds malicious code into various applications and programs. This code will run in the background and mine for currency any time the victim uses their device.
Logic bombs
A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files (such as a salary database trigger), should they ever be terminated from the company.
Spyware
Spyware is a kind of malware that monitors and tracks your device and internet activity to gather information for third parties. It works underground or attaches to your device’s operating system. This way, you hardly even know that they are there.
Keyloggers
Keyloggers are built for the act of keystroke logging — creating records of everything you type on a computer or mobile keyboard. These are used to quietly monitor your computer activity while you use your devices as normal.
Remote access Trojan (RAT)
Remote Access Trojans (RATs) use the victim’s access permissions and infect computers to give cyberattackers unlimited access to the data on the PC. Cybercriminals can use RATs to exfiltrate confidential information.
Rootkit
A rootkit is a malicious software bundle designed to give unauthorized access to a computer or other software. Rootkits are hard to detect and can conceal their presence within an infected system. Hackers use rootkit malware to remotely access your computer, manipulate it, and steal data.
Backdoor
A backdoor is a malware type that negates normal authentication procedures to access a system. As a result, remote access is granted to resources within an application, such as databases and file servers, giving perpetrators the ability to remotely issue system commands and update malware.
Password attacks Spraying
Password Spraying Attack is a type of brute force attack where a malicious actor attempts the same password on many accounts before moving on to another one and repeating the process. This is effective because many users use simple, predictable passwords, such as “password123.”
Password attacks Dictionary
dictionary attack is simple in theory. It is based on a simple assumption: users don’t want to or cannot memorize long, random sequences of characters, and therefore they pick existing words, typically from an existing language. You can, therefore, take a dictionary or a word list and hash them.
Password attacks Brute force
A brute force attack uses trial-and-error to guess login info, encryption keys, or find a hidden web page. Hackers work through all possible combinations hoping to guess correctly.
Password attacks Brute force
- Offline
the offline mode of the attack requires the attacker to steal the password file first, but enables an unconstrained guessing of passwords, free of any application or network related rate limitations.
Password attacks Brute force Online
In the online mode of the attack, the attacker must use the same login interface as the user application.
Password attacks Rainbow table
The rainbow table itself refers to a precomputed table that contains the password hash value for each plain text character used during the authentication process. If hackers gain access to the list of password hashes, they can crack all passwords very quickly with a rainbow table.
During a network attack, the rainbow table compares its hashes to the hashes in the database to crack the code and gain access to information.
Password attacks Plaintext/unencrypted
In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms.
Physical attacks-Malicious Universal
Malicious universal attacks
It basically doesn’t matter where the thing lies or resides, this system of the attack surface, but it’s universally applicable. So there things like Gates, locks, doors, all the things that we should be aware of from a physical security standpoint.
Physical attacks-Serial Bus (USB) cable
USB cable designed to infect connected devices with malware. This malicious cable works by injecting keystrokes onto your computer upon being plugged into a USB-friendly device.
Physical attacks-Malicious flash drive
In the most basic of USB drop attacks, the user clicks on one of the files on the drive. This unleashes a malicious code that automatically activates upon viewing and can download further malware from the Internet.