1.2 Flashcards
Given a senario, analyze potential indicators to determine the type of attack
Malware
Malicious software, can do anything from gathering keystrokes, controlling affected pcs, to showing advertisements, and encrypting your data.
Virus
Malware that can reproduce itself, but it requires the user to execute the program that contains the virus. It than reproduces the filesystem or network to reproduce and spread.
Program Virus
Virus that is part of an application
Boot sector virus
Virus that lives in the boot sector of the storage device. It starts when the OS is started.
Script Vrius
Operating system and browser based scripts, powershell ext.
Macro Virus
Common in Microsoft Office apps, utalizes macros at startup of application. Hides in simple files like xml, docs, ext.
Fileless virus
A stealth attack, doesn’t actually save to the storage drive. It instead operates souley in the memory of the PC. Usually from clicking a malicious link on a website, then it exploits a flash/java/windows vulnerability. It than launches powershell and downloads payload in ram.
Worms
Malware that self-replicates, uses network as transmission. Can do so without user activation
Ransomware
A type of malware attack that holds your data ransom, sometimes by just making the user think they are locked out from their data.
Crypto-malware
A newer generation of ransomware that makes your data unavailable by encrypting your data until you provide cash.
Protect Against Ransomeware
1) Always have a backup - ideally offline
2) Keep operationg system up to date
3) Keep aplications up to date
4) Keep antivirus/anti malware up to date
Trojan Horse
A software that pretends to be something else
Potentially Unwanted Program (PUP)
Often installed along with other software, many different types that include intrusive toolbars, adware, ext
Remote Access Trojans (RATs)
Aka Remote Administration Tool, gives attacker administrative control of a device.
Rootkits
Modifies core system files part of the kernel.
Finding and removing rootkits
Secure boot with UEFI adds additional boot security.
Adware
May cause performance issues, especially over the network by spamming your pc with ads. Often times they are PUPs.
Spyware
Malware that spies on you, usually it is a trojan horse.
Bots
Once your machine it becomes a bot, used by an attack usually alongside other infected other bots from the C&C server (Command and Control)
Botnets
A group of bots working together, often times utilizing a Distributed Denial of Service attack (DDos)
Logic Bomb
Waits for a predefined event and issues a command. Often left by someone with a grudge.
Plaintext/ Unencrypted password
Some applications store passwords “in the clear” Never store passwords as plaintexts
Hashing a password
Hashes represents data as a fixed-length string of text
Brute force
Try every possible password combination until the has is matched. It either attacks a password at a login prompt - which is harder as it will usually get locked out after a few attempts -, or by obtaining the password hash.
Spraying Attack
Tries to login with a list of common passwords on many accounts. Fewer attempts on more accounts.
Dictionary Attacks
Use a dictionary to find common words, many common wordlists available. Some are customized by language or line of work - and also preform letter substitutions (p@$$w0rd)
Rainbow Table
An optimized, prebuilt set of hashes. Saves time because the hash chains are pre-calculated. This greatly cuts down on the time it takes to crack a password as it just needs to lookup the hashes instead of calculating them.
Salting Hashes
Salt is a bit of random data added to the password before the password is hashed. This can make two passwords that are the same have different hashes because of the random data added to the calculation. This is a great method to defend against rainbow tables.
Malicious USB Cable
A physical attack that uses a normal looking USB cable that contains some additional components inside. Often time tells the PC that it is an input device, and then uses that to type commands into the PC without the user’s knowledge. To defend against this, only use USB cables from known trusted sources.
Malicious flash drive
Physical attack that uses a normal looking flash drive. Similar to a Malicious USB cable, has additional components that allow it to input commands to a PC by acting as a HID (human interface device). It may also contain virus within the files on the USB, act as a boot device to infect the computer on boot, or act as an ethernet adapter and redirects traffic requests.
Skimming
Stealing credit card information during normal transactions. Attackers will copy data from the magnetic stripe or from the machine logging the purchase. Often times, it will include a small camera to watch for pin # input. To defend, check the physical card reader and look for signs of tampering.
Card Cloning
Gets card details from a skinner, and then duplicates the card. Would only be able to use magnetic stripe cards, as the chips on cards cannot be duplicated. Cloned gift cars are the most common occurrence.
Machine Learning
Computers are getting smarter by utilizing Machine Learning (ML). It requires a lot of data to train the computers, but they will get better over time with more data.
Poisoning the Training Data
Attackers send modified data to confuse the Artificial Intelligence (AI) with the intention of making the AI to behave incorrectly.
Evasion Attacks
AI is only as good as the training and programming. Attackers will target holes and limitations, and will often time change their attacks once the holes are filled.
Securing Learning Algorithms
Check training data, constantly retrain with new data, and train the AI with possible poisoning methods.
Suppply Chain
Attackers will infect vulnerabilities along the supply chain and abuse the fact that companies will trust their supply chain.
Supply Chain Security
Use trusted it infrastructure equipment, cut down on number of suppliers, and strict controls over policies and procedures.
Categories for IT Security
Cloud based & on premises.
On Premises Security
Full control over everything in house, and a local team can ensure everything is secure. No waiting for support as checks can occur at any time, but security changes may take additional time and cost.
Cloud based Security
Data is in a security environment, but third party may have access to data. Cloud providers have more experience managing large scale security, so the biggest security risk is on users to follow best practices. Cloud security options are scalable but may not be as customizable.
Cryptographic Attacks
Attackers will try to find vulnerabilities to crack into cryptographic security. The problem often lies in the implantation over the cryptographic methods themselves.
Birthday Attack
Utilizes the birthday paradox to find hash collisions, where to different plaintexts passwords would create the same hash value. To protect against this, you can use a large hash output size.
Hash Collisions
Hash digests are supposed to be unique, and different input data should never create the same hash.
Downgrade Attack
Instead of using perfectly good encryption, the systems are forced to downgrade into a vulnerable encryption method.
