1.0 - Threats, Attacks, & Vulnerabilities Flashcards
Define
Typosqautting
A type of URL hijacking, using a misspelled version of a legitimate website URL
Define
Pharming
• Like phishing, but harvesting large groups of people
• Often utilizes a poisoned DNS server or client vulnerabilities
• Relatively rare, but they do occur
Define
Vishing
• Voice phishing, done over phone or voicemail
• Caller ID spoofing is common
Define
Smishing
• SMS phishing, performed via text message
• Caller ID spoofing is common
Define
Spear phishing
• Target phishing attacks, going after a very specific person or group.
• Utilize inside information, or public information gathered through reconnaissance, to make the attack more believable
Define
Whaling
• A spear phishing attack with a large target such as a CEO or CFO
• Typically for the purpose of getting funds from someone with access to a large bank account
Define
Dumpster Diving
• Gather personal details by going through trash, to use for phishing attacks and impersonation
How to Protect against Dumpster Diving?
• Shred or burn your documents
• Secure your garbage
Define
Shoulder Surfing
• Looking over someone’s shoulder to view private information, passwords, etc.
• Can be done from a distance using binoculars, telescopes, webcam monitoring
How to protect against Shoulder Surfing?
• Be aware of surroundings
• Use privacy filter (screen that blocks view from angles)
• Keep monitor facing away from windows, hallways
• Don’t do sensitive work in public area
Define
Watering Hole Attack
• When you can’t attack an organization directly, you can attack a third-party that is associated with them.
• The third party is termed the “watering hole.”
• Ex, hijack a website that the victim uses.
• The attack is looking for specific victims, but often all visitors of the watering hole are infected / attacked.
How to protect against a Watering Hole Attack?
• Make sure your own defenses are very good
• Use a multi-layered defense
Define
SPIM
Spam over Instant Messaging
Define
Spam
• Unsolicited messages, typically over email or on forums, etc.
• Can be malicious, but not necessarily so.
• Includes commercial advertising, non-commercial proselytizing, as well as malicious attacks like phishing
What are the problems caused by spam?
• Security concerns
• resource utilization
• storage costs
• management of spam
How to protect against spam?
• It is necessary to combine multiple approaches.
• Mail gateways / filters
• Utilize Allow lists
• SMTP standards checking (blocking anything not following RFC standards)
• rDNS check
• Tarpitting
• Recipient filtering
Define
Recipient Filtering
Blocking all email not addressed to a valid recipient
Define
rDNS
• Reverse DNS
• Confirms if a sender’s domain matches their IP address
Define
Tarpitting
• Intentionally slowing down server performance to slow down / mitigate an attack
• Ex. slow delivery of e-mail to prevent mass mailed spam, so the spammers move on from you
Define
Tailgating
• use an authorized person to gain unauthorized access to a building
• May involve social engineering such as walking with your hands full, posing as a 3rd party vendor, etc.
How to protect against tailgaiting?
• A no-tailgating policy
• Policy that all visitors must wear badges
• Mechanically prevent more than one person from entering at a time, such as a rotary, vestibule, airlock
What are some principles of social engineering?
• Authority
• Intimidation
• Scarcity
• Urgency
• Consensus / social proof
• Familiarity / Liking
• Trust
Define
Virus
• Malware that can reproduce itself
• Requires human interaction to execute
Define
Worm
A virus that can replicate and jump from machine to machine without requiring any human interaction
Describe some virus types
• Program virus: part of an application
• Boot sector virus: runs when booting system
• Script virus: can be operating-system or browser-based
• Macro virus: common in Microsoft Office
How to protect against ransomware?
• Always have a backup, ideally offline and disconnected
• Keep OS and applications up-to-date
• Keep anti-virus/malware signatures up-to-date
• Keep everything up-to-date
Difference between ransomware and crypto-malware?
• Ransomware may not necessarily encrypt your files, it can be any malware that requires payment to remove it
• Crypto-malware that encrypts your files is the most common form of ransomware today
• Therefore, ransomware is usually used exclusively to refer to crypto-malware
Define
Trojan horse
• Software that pretends to be something else
• Doesn’t really care much about replicating
Define
Fileless Virus
• Runs only in memory, saves nothing to system
• That makes it difficult to be detected
• Might modify the registry so it can run again after reboot
Examples of a PUP?
• Browser toolbar
• Backup utility that displays ads
• Browser search engine hijacker
Define
RAT
• Remote Access Trojan
• aka Remote Administration Tool
• A tool that gives administrative access to a remote user
How to protect against RATs?
• Don’t run unknown software
• Don’t follow unknown links
• Keep anti-virus/OS/applications up-to-date
• Always have a backup
Define
Rootkit
• Modifies core system files, becomes part of the kernel
• Can therefore be invisible to the OS; won’t be seen in task manager
• Thus invisible to traditional anti-virus utilities
• Very difficult to remove even if discovered, because it is now part of the operating system
How to protect against Rootkits?
• Use a remover that is specific to the rootkit; these are usually developed after a rootkit is discovered
• Use Secure Boot on UEFI
Define
Secure Boot
• A feature of UEFI
• Looks at the kernel, and will not boot a system that has been modified (or a system that does not support the Secure Boot feature)
Define
Bot
• Malware that infects a machine for purposes of automation.
• Receives instructions from a Command and Control server.
• May make your machine participate in attacks, etc.
Define
C&C
• Command and Control
• The server that controls bots / botnets
Define
Botnet
• A system of Bots working together
What are botnets often used for?
• DDoS attacks
• Relay spam
• Proxy network traffic
• Various distributed computing tasks
• That computing power may be rented out for sale (DDoS as a Service)
How to protect against bots?
• Prevent initial infection by keeping up-to-date, don’t download unknown things, etc.
• Network monitoring
• Use firewall to block C&C communications
Define
Logic Bomb
• Something left on a system that waits for a predefined event
• Can be triggered by a date/time, or by a user action, or system event, etc.
• Often destroys itself, making it difficult to gather evidence after attack
How to protect against Logic Bombs?
• Each is unique, so there are no predefined signatures; difficult to detect
• Process and procedures are a good strategy
• Formal change control; all modifications must be documented; undocumented changes trigger an investigation
• Monitoring that alerts on changes
• Host-based intrusion detection
• Applications like Tripwire
• Constant auditing
Define
Spraying Attack
• Trying a small number of very common passwords to log in to a multitude of accounts
• Avoids locking any accounts by only trying a few of the most common passwords before moving on
• No lockouts, no alarms, no alerts
Define
Brute Force Attack
• Try every possible password combination until the right one is matched
• Can take a very long time if a strong hashing algorithm is used
• Requires a large amount of processing power.
• When performed Online, it usually results in account lockouts.
Define
Offline Brute Force Attack
• When an attacker has obtained a hashed password, they can create hashes of guessed passwords and see if the hashes match. If they match, the attacker has guessed the password.
• Does not result in an account lockout or any alerts because the attack is not performed against the login system.
Define
Dictionary Attack
• Similar to brute force, but uses common words rather than every possible combination of characters
• Password crackers may utilize letter common substitutions
e.g., as in p@$$w0rd
• Still takes a very long time
Define
Rainbow Table
• An optimized, pre-built set of hashes
• Contains pre-calculated hash chains
• Allows you to compare password hashes without needing to do hash calculations of guessed passwords.
Define
Salt
• Random data added to a password when hashing
• Every user gets their own unique salt, so hashes are unique even if passwords are the same
• A type of cryptographic nonce
Where is a password’s Salt information stored?
• It is commonly stored with the password
What does the use of Salt protect against?
• It prevents the use of rainbow tables
• Does not stop a brute force, but slows it down.
• If an attacker acquires a hashed password, they would also need to know the salt in order to perform an Offline Brute Force attack.
Define:
Malicious USB Cable
• Looks like a normal USB cable / charger, but has additional electronics inside
• When a victim inserts it into a computer, it runs malicious software
Define:
Malicious USB flash drive
• Looks like a normal USB thumb drive / flash drive, but has additional electronics inside
• When a victim inserts it into a computer, it runs malicious software
• Attackers may leave flash drives on tables or on the ground, knowing curious people will plug them in to see what’s on them.
How do malicious USB cables / drives initiate malicious software?
- Auto-Run: Older operating systems would automatically run files on USB devices, but in modern systems, this is now disabled or removed by default.
- HID: The device can still act as an HID (Human Interface Device) and behave as a keyboard and/or mouse, allowing it to type pre-programmed input on your system, such as launching a command prompt and running commands.
- Files: The flash drive may simply contain malicious files and malware that, once interacted with by the user, will infect the system.
- Boot Device: If configured as a boot device, and a victim leaves it inserted when they reboot their computer, it may boot to the malicious USB which can then infect the computer.
- Wireless network adapter: Can connect the device to another network, redirect or modify internet traffic requests, act as a wireless gateway for other devices, etc.
Define
HID
• Human Interface Device
• Examples: Keyboard, Mouse
Define
Skimming
• Stealing credit card information, usually during a normal transaction
• Can either be skimmed from the card itself (the magnetic strip) or from the computer that it interacts with
Define
ATM Skimming
• An additional step of a Skimming attack, a small camera is added to the environment to record your PIN entry
Define:
Card Cloning
• Creating a duplicate of a credit card using information obtained from a skimmer.
• The cloned card can only be used for transactions using the magnetic stripe, as the chip can’t be cloned.
• Common for gift cards, which don’t utilize a chip.
Define
“Poisoning the training data”
• An attack on machine learning / AI
• Attackers send modified training data to confuse the AI / cause it to behave incorrectly
• AI is only as good as its training process
Define
Evasion Attack
• Finding limitations in an AI system in order to circumvent it
• Since AI is trained by specific criteria, it can be fooled if attackers change up their approach
How to protect against attacks on AI / machine learning?
• Check the training data to verify contents
• Constantly retrain with new data, more data, better data
• Train the AI to recognize potential poison data and evasion attacks
Define
Supply Chain
• All steps in the process from raw materials to end-user
• Includes raw materials, suppliers, manufacturers, distributors, customers, consumers
Define
Supply Chain Attack
• Attacking a target by going after another vendor in their supply chain
• Ex., if an HVAC vendor has VPN access to a target’s network, you attack the vendor to exploit that access
• Ex., you put malicious code or hardware into a device that is being sold down the supply chain
• One exploit can infect the entire chain
On-Premises vs. In-Cloud Security:
List PROS of ON PREM
• Full control of security
• Local on-site IT can manage more attentively
• System checks can occur at any time
• Don’t need to call outside team for support
On-Premises vs. In-Cloud Security:
List CONS of ON PREM
• A local team can be expensive and difficult to staff
• Security changes can take time. New equipment, configurations, and additional costs.
On-Premises vs. In-Cloud Security:
List PROS of IN-CLOUD
• Data is in a secure environment
• Strict physical access controls
• Automated security updates
• Fault-tolerance and redundancy lead to limited downtime, higher availability
• One-click deployments
On-Premises vs. In-Cloud Security:
List CONS of IN-CLOUD
• Third-parties may have access to your data
• Users must still be trained to follow security best-practices
• May not be as customizable
Define
Birthday Attack
• A type of Cryptographic Attack
• The attacker generates multiple versions of plaintext to try to match the hash of the target encrypted text
• i.e., try to find a collision through brute force
• Once matched, they can fake signatures, certificates, etc.
Define
Collision
• In Cryptography, a collision is when two different plaintexts have the same hash value
How to protect against a Birthday Attack?
Use a long hash output size
What is a Downgrade Attack?
• An attacker forces systems to downgrade their security to a form of encryption that is more vulnerable
• May be performed by influencing / intercepting the initial negotiation when encryption forms are determined
How to protect against Downgrade Attacks?
Do not allow a fallback to lower levels of encryption that are known to be vulnerable.
Define
Privilege Escalation
• Gaining higher level access to a system
• Either through exploiting a vulnerability, bug, or design flaw
• Typically used to access the root or admin account
Define
Horizontal Privilege Escalation
• Gaining access through one account to a different account
• Unlike normal privilege escalation, the access is not necessarily higher, just different
How to protect against Privilege Escalation?
• Ensure all systems are patched
• Keep AV software updated
• Utilize Data Execution Prevention
• Utilize Address space layout randomization
Define
Data Execution Prevention
• A safeguard on an operating system
• Only allows applications to run in certain areas of memory where that function is allowed.
• Allows only applications in executable areas to run
• If an attacker tries to run an application in the data section of memory, it is blocked
Define
Address Space Layout Randomization
• A safeguard on an operating system
• Randomizes where information is stored in memory
• If an attacker finds a way to take advantage of a memory address on one system, they will not be able to duplicate that on another system
• Prevents a buffer overrun at a known memory address
What are the legalities around Dumpster Diving?
• Varies in different countries
• In the US, it is LEGAL, not illegal, to go through someone else’s trash. Nobody owns trash.
• However, you cannot break the law in order to gain access to the trash (i.e. if it is on private property with No Trespassing signs)
Define
XSS
• Cross Site Scripting
• Name comes from its original association with browser security flaws.
• Info from one site could be shared with another.
• A common vulnerability with web-based applications.
• (Not to be confused with Cascading Styles Sheets / CSS)
Define
Non-Persistent XSS Attack
• If a website allows scripts to be run in user input (such as a search field), it is vulnerable for this type of attack.
• An attacker e-mails a link to the site, containing embedded input to run a script
• Once clicked, the site executes in the victim’s browser, as if it came from the server.
• The payload of the script is usually sent to the attacker, and may contain session IDs, credentials, etc.
