1.0 - Threats, Attacks, & Vulnerabilities Flashcards
Define
Typosqautting
A type of URL hijacking, using a misspelled version of a legitimate website URL
Define
Pharming
- Like phishing, but harvesting large groups of people
- Often utilizes a poisoned DNS server or client vulnerabilities
- Relatively rare, but they do occur
Define
Vishing
- Voice phishing, done over phone or voicemail
* Caller ID spoofing is common
Define
Smishing
- SMS phishing, performed via text message
* Caller ID spoofing is common
Define
Spear phishing
- Target phishing attacks, going after a very specific person or group.
- Utilize inside information, or public information gathered through reconnaissance, to make the attack more believable
Define
Whaling
- A spear phishing attack with a large target such as a CEO or CFO
- Typically for the purpose of getting funds from someone with access to a large bank account
Define
Dumpster Diving
• Gather personal details by going through trash, to use for phishing attacks and impersonation
How to Protect against Dumpster Diving?
- Shred or burn your documents
* Secure your garbage
Define
Shoulder Surfing
- Looking over someone’s shoulder to view private information, passwords, etc.
- Can be done from a distance using binoculars, telescopes, webcam monitoring
How to protect against Shoulder Surfing?
- Be aware of surroundings
- Use privacy filter (screen that blocks view from angles)
- Keep monitor facing away from windows, hallways
- Don’t do sensitive work in public area
Define
Watering Hole Attack
- When you can’t attack an organization directly, you can attack a third-party that is associated with them.
- The third party is termed the “watering hole.”
- Ex, hijack a website that the victim uses.
- The attack is looking for specific victims, but often all visitors of the watering hole are infected / attacked.
How to protect against a Watering Hole Attack?
- Make sure your own defenses are very good
* Use a multi-layered defense
Define
SPIM
Spam over Instant Messaging
Define
Spam
- Unsolicited messages, typically over email or on forums, etc.
- Can be malicious, but not necessarily so.
- Includes commercial advertising, non-commercial proselytizing, as well as malicious attacks like phishing
What are the problems caused by spam?
- Security concerns
- resource utilization
- storage costs
- management of spam
How to protect against spam?
- It is necessary to combine multiple approaches.
- Mail gateways / filters
- Utilize Allow lists
- SMTP standards checking (blocking anything not following RFC standards)
- rDNS check
- Tarpitting
- Recipient filtering
Define
Recipient Filtering
Blocking all email not addressed to a valid recipient
Define
rDNS
- Reverse DNS
* Confirms if a sender’s domain matches their IP address
Define
Tarpitting
- Intentionally slowing down server performance to slow down / mitigate an attack
- Ex. slow delivery of e-mail to prevent mass mailed spam, so the spammers move on from you
Define
Tailgating
- use an authorized person to gain unauthorized access to a building
- May involve social engineering such as walking with your hands full, posing as a 3rd party vendor, etc.
How to protect against tailgaiting?
- A no-tailgating policy
- Policy that all visitors must wear badges
- Mechanically prevent more than one person from entering at a time, such as a rotary, vestibule, airlock
What are some principles of social engineering?
- Authority
- Intimidation
- Scarcity
- Urgency
- Consensus / social proof
- Familiarity / Liking
- Trust
Define
Virus
- Malware that can reproduce itself
* Requires human interaction to execute
Define
Worm
A virus that can replicate and jump from machine to machine without requiring any human interaction
Describe some virus types
- Program virus: part of an application
- Boot sector virus: runs when booting system
- Script virus: can be operating-system or browser-based
- Macro virus: common in Microsoft Office
How to protect against ransomware?
- Always have a backup, ideally offline and disconnected
- Keep OS and applications up-to-date
- Keep anti-virus/malware signatures up-to-date
- Keep everything up-to-date
Difference between ransomware and crypto-malware?
- Ransomware may not necessarily encrypt your files, it can be any malware that requires payment to remove it
- Crypto-malware that encrypts your files is the most common form of ransomware today
- Therefore, ransomware is usually used exclusively to refer to crypto-malware
Define
Trojan horse
- Software that pretends to be something else
* Doesn’t really care much about replicating
Define
Fileless Virus
- Runs only in memory, saves nothing to system
- That makes it difficult to be detected
- Might modify the registry so it can run again after reboot
Examples of a PUP?
- Browser toolbar
- Backup utility that displays ads
- Browser search engine hijacker
Define
RAT
- Remote Access Trojan
- aka Remote Administration Tool
- A tool that gives administrative access to a remote user
How to protect against RATs?
- Don’t run unknown software
- Don’t follow unknown links
- Keep anti-virus/OS/applications up-to-date
- Always have a backup
Define
Rootkit
- Modifies core system files, becomes part of the kernel
- Can therefore be invisible to the OS; won’t be seen in task manager
- Thus invisible to traditional anti-virus utilities
- Very difficult to remove even if discovered, because it is now part of the operating system
How to protect against Rootkits?
- Use a remover that is specific to the rootkit; these are usually developed after a rootkit is discovered
- Use Secure Boot on UEFI
Define
Secure Boot
- A feature of UEFI
- Looks at the kernel, and will not boot a system that has been modified (or a system that does not support the Secure Boot feature)
Define
Bot
- Malware that infects a machine for purposes of automation.
- Receives instructions from a Command and Control server.
- May make your machine participate in attacks, etc.
Define
C&C
- Command and Control
* The server that controls bots / botnets
Define
Botnet
• A system of Bots working together
What are botnets often used for?
- DDoS attacks
- Relay spam
- Proxy network traffic
- Various distributed computing tasks
- That computing power may be rented out for sale (DDoS as a Service)
How to protect against bots?
- Prevent initial infection by keeping up-to-date, don’t download unknown things, etc.
- Network monitoring
- Use firewall to block C&C communications
Define
Logic Bomb
- Something left on a system that waits for a predefined event
- Can be triggered by a date/time, or by a user action, or system event, etc.
- Often destroys itself, making it difficult to gather evidence after attack
How to protect against Logic Bombs?
- Each is unique, so there are no predefined signatures; difficult to detect
- Process and procedures are a good strategy
- Formal change control; all modifications must be documented; undocumented changes trigger an investigation
- Monitoring that alerts on changes
- Host-based intrusion detection
- Applications like Tripwire
- Constant auditing
Define
Spraying Attack
- Trying a small number of very common passwords to log in to a multitude of accounts
- Avoids locking any accounts by only trying a few of the most common passwords before moving on
- No lockouts, no alarms, no alerts
Define
Brute Force Attack
- Try every possible password combination until the right one is matched
- Can take a very long time if a strong hashing algorithm is used
- Requires a large amount of processing power.
- When performed Online, it usually results in account lockouts.
Define
Offline Brute Force Attack
- When an attacker has obtained a hashed password, they can create hashes of guessed passwords and see if the hashes match. If they match, the attacker has guessed the password.
- Does not result in an account lockout or any alerts because the attack is not performed against the login system.
Define
Dictionary Attack
• Similar to brute force, but uses common words rather than every possible combination of characters
• Password crackers may utilize letter common substitutions
e.g., as in p@$$w0rd
• Still takes a very long time
Define
Rainbow Table
- An optimized, pre-built set of hashes
- Contains pre-calculated hash chains
- Allows you to compare password hashes without needing to do hash calculations of guessed passwords.
Define
Salt
- Random data added to a password when hashing
- Every user gets their own unique salt, so hashes are unique even if passwords are the same
- A type of cryptographic nonce
Where is a password’s Salt information stored?
• It is commonly stored with the password
What does the use of Salt protect against?
- It prevents the use of rainbow tables
- Does not stop a brute force, but slows it down.
- If an attacker acquires a hashed password, they would also need to know the salt in order to perform an Offline Brute Force attack.
Define:
Malicious USB Cable
- Looks like a normal USB cable / charger, but has additional electronics inside
- When a victim inserts it into a computer, it runs malicious software
Define:
Malicious USB flash drive
- Looks like a normal USB thumb drive / flash drive, but has additional electronics inside
- When a victim inserts it into a computer, it runs malicious software
- Attackers may leave flash drives on tables or on the ground, knowing curious people will plug them in to see what’s on them.
How do malicious USB cables / drives initiate malicious software?
- Auto-Run: Older operating systems would automatically run files on USB devices, but in modern systems, this is now disabled or removed by default.
- HID: The device can still act as an HID (Human Interface Device) and behave as a keyboard and/or mouse, allowing it to type pre-programmed input on your system, such as launching a command prompt and running commands.
- Files: The flash drive may simply contain malicious files and malware that, once interacted with by the user, will infect the system.
- Boot Device: If configured as a boot device, and a victim leaves it inserted when they reboot their computer, it may boot to the malicious USB which can then infect the computer.
- Wireless network adapter: Can connect the device to another network, redirect or modify internet traffic requests, act as a wireless gateway for other devices, etc.
Define
HID
- Human Interface Device
* Examples: Keyboard, Mouse
Define
Skimming
- Stealing credit card information, usually during a normal transaction
- Can either be skimmed from the card itself (the magnetic strip) or from the computer that it interacts with
Define
ATM Skimming
• An additional step of a Skimming attack, a small camera is added to the environment to record your PIN entry
Define:
Card Cloning
- Creating a duplicate of a credit card using information obtained from a skimmer.
- The cloned card can only be used for transactions using the magnetic stripe, as the chip can’t be cloned.
- Common for gift cards, which don’t utilize a chip.
Define
“Poisoning the training data”
- An attack on machine learning / AI
- Attackers send modified training data to confuse the AI / cause it to behave incorrectly
- AI is only as good as its training process
Define
Evasion Attack
- Finding limitations in an AI system in order to circumvent it
- Since AI is trained by specific criteria, it can be fooled if attackers change up their approach
How to protect against attacks on AI / machine learning?
- Check the training data to verify contents
- Constantly retrain with new data, more data, better data
- Train the AI to recognize potential poison data and evasion attacks
Define
Supply Chain
- All steps in the process from raw materials to end-user
* Includes raw materials, suppliers, manufacturers, distributors, customers, consumers
Define
Supply Chain Attack
- Attacking a target by going after another vendor in their supply chain
- Ex., if an HVAC vendor has VPN access to a target’s network, you attack the vendor to exploit that access
- Ex., you put malicious code or hardware into a device that is being sold down the supply chain
- One exploit can infect the entire chain
On-Premises vs. In-Cloud Security:
List PROS of ON PREM
- Full control of security
- Local on-site IT can manage more attentively
- System checks can occur at any time
- Don’t need to call outside team for support
On-Premises vs. In-Cloud Security:
List CONS of ON PREM
- A local team can be expensive and difficult to staff
* Security changes can take time. New equipment, configurations, and additional costs.
On-Premises vs. In-Cloud Security:
List PROS of IN-CLOUD
- Data is in a secure environment
- Strict physical access controls
- Automated security updates
- Fault-tolerance and redundancy lead to limited downtime, higher availability
- One-click deployments
On-Premises vs. In-Cloud Security:
List CONS of IN-CLOUD
- Third-parties may have access to your data
- Users must still be trained to follow security best-practices
- May not be as customizable
Define
Birthday Attack
- A type of Cryptographic Attack
- The attacker generates multiple versions of plaintext to try to match the hash of the target encrypted text
- i.e., try to find a collision through brute force
- Once matched, they can fake signatures, certificates, etc.
Define
Collision
• In Cryptography, a collision is when two different plaintexts have the same hash value
How to protect against a Birthday Attack?
Use a long hash output size
What is a Downgrade Attack?
- An attacker forces systems to downgrade their security to a form of encryption that is more vulnerable
- May be performed by influencing / intercepting the initial negotiation when encryption forms are determined
How to protect against Downgrade Attacks?
Do not allow a fallback to lower levels of encryption that are known to be vulnerable.
Define
Privilege Escalation
- Gaining higher level access to a system
- Either through exploiting a vulnerability, bug, or design flaw
- Typically used to access the root or admin account
Define
Horizontal Privilege Escalation
- Gaining access through one account to a different account
* Unlike normal privilege escalation, the access is not necessarily higher, just different
How to protect against Privilege Escalation?
- Ensure all systems are patched
- Keep AV software updated
- Utilize Data Execution Prevention
- Utilize Address space layout randomization
Define
Data Execution Prevention
- A safeguard on an operating system
- Only allows applications to run in certain areas of memory where that function is allowed.
- Allows only applications in executable areas to run
- If an attacker tries to run an application in the data section of memory, it is blocked
Define
Address Space Layout Randomization
- A safeguard on an operating system
- Randomizes where information is stored in memory
- If an attacker finds a way to take advantage of a memory address on one system, they will not be able to duplicate that on another system
- Prevents a buffer overrun at a known memory address
What are the legalities around Dumpster Diving?
- Varies in different countries
- In the US, it is LEGAL, not illegal, to go through someone else’s trash. Nobody owns trash.
- However, you cannot break the law in order to gain access to the trash (i.e. if it is on private property with No Trespassing signs)
Define
XSS
- Cross Site Scripting
- Name comes from its original association with browser security flaws.
- Info from one site could be shared with another.
- A common vulnerability with web-based applications.
- (Not to be confused with Cascading Styles Sheets / CSS)
Define
Non-Persistent XSS Attack
- If a website allows scripts to be run in user input (such as a search field), it is vulnerable for this type of attack.
- An attacker e-mails a link to the site, containing embedded input to run a script
- Once clicked, the site executes in the victim’s browser, as if it came from the server.
- The payload of the script is usually sent to the attacker, and may contain session IDs, credentials, etc.
