Chapter 6 Threats, vulnerabilities & attacks. Flashcards
An attack by a nation state/government which is highly organized? what are they called and their goals?
State actors, advanced persistent threat. They have specific goals, propaganda, information seeking, secrets etc. Not really money.
Hacktivist primary reason
Activism, further a cause
Black vs white vs grey hat
Black - unauthorized hacker committing crime
White - authorized hacker, pen tester
grey semi authorized, good intentions but may cross a line like a hacktivist.
What is an insider threat?
someone who has access to internal resources which could lead to data exfiltration
Motivations of a competitor?
economic gain/competition/stealing propriety information
Unauthorized applications or actions within a company are called
Shadow IT
Define a virus
malicious code that attaches itself to an application, must be executed in order to run. Tries to replicate and attach to other files. At some point delivers its payload. May delete files, reboot, join botnet etc.
Define a worm
Travels through a network, doesn’t need an application or user interaction (like viruses do), resides in memory, consumes network bandwidth, self-replicating.
What is the hallmark of a logic bomb?
executes depending on a certain condition that is met.
Hall mark of a trojan and what is a RAT?
Appears to be something useful or enticing but is actually something else. Includes a malicious component, such as installing a backdoor. RAT is a remote access trojan, allows attackers to control from a remote location, or send keylogs to remote locations.
What about spyware? what does it do
it can monitor users information and behaviours, may include a keylogger and send this information, used for impersonation, advertising etc.
Hallmarks of a rootkit? how does it avoid detection?
Hides in the system, avoids detection, access to the root/kernal installs hooks into memory prevents antivirus software making calls to the OS, they hide their processes in RAM
A trojan that locks people out of their resources? why?
Ransomware, cryptomalware. To demand a ransom usually.
Define hallmarks PUP
potentially unwanted programs. may be legit, maybe not, some may be malware, spyware etc.
How might fileless viruses work?
running in memory, might work via memory code injections, script-based techniques such as powershell, registry manipulation, may be embedded in other files.
What are indicators of malware?
Increased network traffic (to specific unknown IPs), data exfiltration (may be encrypted, may not), outgoing spam,
Common hallmarks of social engineering?
Flattery, authority, impersonation, tailgating, using a I know someone/common grounds. Shoulder surfing can be apart of it
What is a Hoax?
often through email, impending doom, can be very damaging, waste time, aren’t real. Ï have these naked pictures of you, send me bitcoin”
Water hole attack?
in a common place, can be a website, cafe,
Typosquatting, pretexting, prepending
changing the URL to look similar, pretexting - adding a pretext to a situation to try and elicit information/request, prepending is the same
Invoice scams
Trick you into paying a fake invoice
Credential harvesting
techniques used to gather credentials, fake login page etc. Key loggers
OSIT gathering: social engineering what is it?
reconnaissance,
Hybrid warfare?
Use of social media (or other means) to spread misinformation (may be used by state actors? propaganda?)
