1.2 Flashcards
Given a scenario, analyze potential indicators to determine the type of attack.
Software that has been designed for some nefarious purpose.
Malware
Is a form of malware that performs some action and extracts a ransom from the user. Typically encrypts files on a system and then leaves them unusable.
Ransomware
Is a piece of software that appears to do one thing (and may in fact, actually do that thing) but hides some other functionality.
Trojans
Is a type of malware that self-replicates. It doesn’t need you to take any action. Uses the network as a transmission medium. Self propagates and spreads quickly.
Worms
Potentially unwanted programs that may have adverse effects on a computer’s security or privacy. Frequently, these involve Adware or Spyware components and are used for revenue generation purposes.
Potentially unwanted programs (PUPs)
A type of malware that operates only in Random Access Memory (RAM), never touching the filesystem. Makes it harder to detect.
Fileless Virus
A type of server that is used by hackers to control bots.
Command and control
A functioning piece of software that performs some task, under the control of another program.
Bots
Is a type of malware that uses a system’s resources to mine cryptocurrency. This is really just a theft-of-service attack where an attacker is using the CPU cycles of someone else’s computer to do the cryptomining.
Cryptomalware
A piece of code that sits dormant for a period of time until some event or date invokes its malicious payload. Often left by someone with a grudge against an organization.
Logic bombs
Is malware that spies on users, recording and reporting on their activities. Typically installed without a user’s knowledge. It can record keystrokes (keylogging). It can monitor what websites and applications a user visits/uses.
Spyware
A piece of software that logs all of the keystrokes that a user enters
Keyloggers
Is a type of malware that allows a remote attacker to control a system as if they had physical access to it. Attacker can perform actions such as key logging, screen recording/screenshots, copy files, embed more malware.
Remote access Trojan (RAT)
A form of malware that modifies core system files located in the Kernel of the Operating System. Can be invisible to the OS because it won’t be seen by the task manager. Also invisible to traditional anti-virus utilities. Originally a Unix technique.
Rootkit
Programs that attackers install after gaining unauthorized access to a system to ensure that they can continue to have unrestricted access to the system, even if their initial access method is discovered and blocked.
Backdoor
Unauthorized attempts to gain access to user accounts or systems by exploiting weaknesses in password security.
Password Attacks
A type of password attack that uses a limited number of commonly used passwords and applies them to a large number of accounts.
Spraying Attack
A type of password attack that uses a password-cracking program that uses a list of dictionary words to try to guess the password. Many common wordlists available on the internet. Wordlists can be customized by language or line of work.
Dictionary Attack
When an attacker tries every possible combination of password until there is a match.
Brute force attack
A category of Brute force attacks. When a list of users and hashes is obtained. Using high-performance GPU-based parallel machines to compare the hashes of a potential password with the stored password hash..
Brute force attack (Offline)
A category of Brute force attacks. When the brute force attack occurs in real time against a system. Very slow and very easy to see by network security monitoring. Most accounts will lockout after a number of failed attempts.
Brute force attack (Online)
Are optimized, pre-built sets of hashes. Saves time and storage space. Doesn’t need to contain every hash. Incorporating a ____________ will lead to remarkable speed increases for password cracking.
Rainbow table
Refers to a situation where an attacker attempts to gain unauthorized access to sensitive information without the need to decipher or break encryption. In other words, the target data is in its original, readable form without any cryptographic protection.
Plaintext/unencrypted attack
A type of attack that occurs when a physical element such as a flash drive is left for someone to use.
Physical Attacks