Domain 1.0 Threats, Attacks, and Vulnerabilities

Question 1

worm

Answer 1

a memory- resident malware that run without user intervention and replicate over network resources

Question 2

fileless malware

Answer 2

does write its code to disk. It uses memory resident techniques to run its own process, within a host process or dynamic link library

Question 3

dynamic link library

Answer 3

a collection of small programs that larger programs can load when needed to complete specific tasks

Question 4

shellcode

Answer 4

lightweight block of malicious code that exploits a software vulnerability to gain initial access to a victim system

Question 5

“live off the land” malware

Answer 5

malware may use legitimate system scripting tools, notably PowerShell and Windows Management Instrumentation (WMI) to execute payload actions

Question 6

advance persistent threat (APT) and advanced volatile threat (AVT)

Answer 6

describe class of modern filess/live off the land malware

Question 7

Low Observable Characteristics (LOC) attack

Answer 7

a type of stealth attack that evades detection by most security solutions and impacts forensic analysis efforts

Question 8

backdoor

Answer 8

any type of access method to a host that circumvents the usual authentication method and gives the remotes user administrative control

Question 9

Remote Access Trojan or Remote Administration Tool (RAT)

Answer 9

a backdoor malware that mimics the functionality of legitimate remote control programs but is designed specifically to operate covertly
A host that is under control by a RAT is called a zombie

Question 10

command and control (C2 or C&C)

Answer 10

an infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets

Question 11

covert channel

Answer 11

a type of attack that subverts network security systems and policies to transfer data without authorization or detection

Question 12

Internet relay chat (IRC)

Answer 12

a group communication protocol that enables users to chat, send private messages, and share files

Question 13

rootkit

Answer 13

a class of malware that modifies system files, often at the kernel level to conceal its presence

Question 14

Crypto-malware ransomeware

Answer 14

encrypts data files on any fixed, removable, and network drives
the user will be unable to access files without obtaining the private encryption key, held by the attacker
Cryptolocker

Question 15

crypto-mining/cryptojacking

Answer 15

hijacks the resources of the host to perform cryptocurrency mining

Question 16

logic bomb

Answer 16

an event that triggers an undesirable event
the infected systems has a pre-configured time or date (time bomb) or system or user event
also called a mine

Question 17

endpoint protection platforms

Answer 17

a software agent and monitoring system that performs multiple security tasks

Question 18

user and entity behavior analytics (UEBA)

Answer 18

a system that can provide automated identification of suspicious activity by user accounts and computer hosts

Question 19

anomaly analysis

Answer 19

a network monitoring system that uses a baseline of acceptable outcomes or event patterns to identify events that fall outside the acceptable range

Question 20

sandbox

Answer 20

a system configured to be completely isolated from its host so that the malware cannot break out
Cuckoo

Question 21

abnormal process behavior

Answer 21

indicators that a legitimate OS process has been corrupted with malicious code for the purpose of damaging or compromising the system