1.1 Given a scenario, analyze indicators of compromise and determine the type of malware. Flashcards

1
Q

Malware

A

Malicious software

Gather information - Keystrokes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Virus

A

Malware that can reproduce itself through file systems or the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Program viruses

A

It’s part of the application
• Boot sector viruses - Who needs an OS?
• Script viruses - Operating system and browser-based
• Macro viruses - Common in Microsoft Office

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Boot sector viruses

A

Virus type that undermines OS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Script viruses

A

Operating system and browser-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Macro viruses

A

Common in Microsoft Office

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Worms

A

• Malware that self-replicates
• Doesn’t need you to do anything
• Uses the network as a transmission medium
• Self-propagates and spreads quickly
• Firewalls and IDS/IPS can mitigate many worm infestations
BAD when they get inside

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Worms Process

A
1. Infected computer
searches	for vulnerable system
2. Vulnerable	computer is exploited
3. Backdoor is installedand	
downloads worm
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

• Personal data

A
  • Important documents

* Family pictures and videos

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

• Organization data

A
  • Planning documents
  • Employee personally identifiable information (PII)
  • Financial information
  • Company private data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Ransomware

A

Hold your computer, data hostage
could be fake
security professional can help get rid of this type of malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

• Crypto-malware

A

New generation of ransomware
• Your data is unavailable until you provide cash
• Malware encrypts your data files
• Pictures, documents, music, movies, etc.
• Your OS remains available
• They want you running, but not working
• You must pay the bad guys to obtain the decryption key
• Untraceable payment system
• An unfortunate use of public-key cryptography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Ransomware Protection

A

an offline backup, ideally
• Patch those vulnerabilities operating system , applications security patches
antivirus/anit-malware signatures are up to date

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Trojan horse

A
  • Software that pretends to be something else
  • Circumvents your existing security
  • The better Trojans are built to avoid and disable AV
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Backdoors

A
  • Often placed on your computer through malware
  • Some malware software can take advantage of backdoors created by other malware
  • Some software includes a backdoor
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Remote Access Trojans (RATs)

A
  • Remote Administration Tool
  • Malware installs the server/service/host - Bad guys connect with the client software
  • Control a device -• Key logging, screen recording /screenshots, copy files
  • Embed more malware
17
Q

Rootkits

A
  • Modifies core system - kernel
  • Can be invisible to the operating system
  • Won’t see it in Task Manager or anti-virus utilities
  • If you can’t see it, you can’t stop it
18
Q

Kernel drivers

A
  • Zeus/Zbot malware
  • Famous for cleaning out bank accounts
  • Now combined with Necurs rootkit
  • Necurs is a kernel-level driver
  • Necurs makes sure you can’t delete Zbot
  • Access denied
  • Trying to stop the Windows process?
  • Error terminating process: Access denied
19
Q

Keyloggers

A
• Your keystrokes contain-Web site login URLs, passwords, email messages and  Save all of your input
• Send it to the bad guys
• Circumvents encryption protections
• Your keystrokes are in the clear
• Other data logging
• Clipboard logging, screen logging,
instant messaging, search engine queries
20
Q

Preventing Keyloggers

A
  • Use anti-virus/anti-malware
  • Keep your signatures updated
  • Block unauthorized communication
  • Run a keylogging scanner
21
Q

Adware

A
  • Pop-ups with pop-ups
  • May cause performance issues
  • May be included with other software installations
22
Q

Spyware

A
  • Malware that spies on you
  • Advertising, identity theft, affiliate fraud
  • Can trick you into installing
  • Peer to peer, fake security software
  • Browser monitoring - Capture surfing habits
  • Keyloggers
  • Capture every keystroke, send it back to the mother ship
23
Q

Protecting against adware/spyware

A
  • Maintain your anti-virus / anti-malware
  • Always have the latest signatures
  • Always know what you’re installing
  • And watch your options during the installation
  • backup?•
  • Cleaning adware by Run some scans
  • Malwarebytes for example
24
Q

Botnets

A

• Robot networks
• Once your machine is infected, it becomes a bot
• from • OS or application vulnerability
or Trojan Horses - You run a program or click an ad you THOUGHT was legit, but…
• Distributed Denial of service (DDoS)
• Botnets are for sale

25
Q

Prevent Bots

A
• OS and application patches
Anti-virus/anti-malware 
and updated signatures
Prevent command and control (C&C)
• Block at the firewall
• Identify at the workstation with a 
host-based firewall or host-based IPS
26
Q

Logic bomb

A
Waits for a predefined event
• Often left by someone with grudge
• Time bomb - Time or date
• User event - Logic bomb
• Difficult to identify
• Difficult to recover if it goes of
27
Q

Preventing a logic bomb

A
  • Process and procedures
  • Formal change control
  • Electronic monitoring
  • Alert on changes
  • Host-based intrusion detection, Tripwire, etc.
  • Constant auditing
  • An administrator can circumvent existing systems
28
Q

Phishing

A

• Social engineering with a touch of spoofing

29
Q

• Vishing

A

done over the phone

• Fake security checks or bank updates

30
Q

Spearfishing

A

Spearfishing

31
Q

whaling

A

• Spear phishing the CEO is