1.2 Flashcards
Given a scenario, analyze potential indicators to determine the type of attack.
Software that has been designed for some nefarious purpose.
Malware
Is a form of malware that performs some action and extracts a ransom from the user. Typically encrypts files on a system and then leaves them unusable.
Ransomware
Is a piece of software that appears to do one thing (and may in fact, actually do that thing) but hides some other functionality.
Trojans
Is a type of malware that self-replicates. It doesn’t need you to take any action. Uses the network as a transmission medium. Self propagates and spreads quickly.
Worms
Potentially unwanted programs that may have adverse effects on a computer’s security or privacy. Frequently, these involve Adware or Spyware components and are used for revenue generation purposes.
Potentially unwanted programs (PUPs)
A type of malware that operates only in Random Access Memory (RAM), never touching the filesystem. Makes it harder to detect.
Fileless Virus
A type of server that is used by hackers to control bots.
Command and control
A functioning piece of software that performs some task, under the control of another program.
Bots
Is a type of malware that uses a system’s resources to mine cryptocurrency. This is really just a theft-of-service attack where an attacker is using the CPU cycles of someone else’s computer to do the cryptomining.
Cryptomalware
A piece of code that sits dormant for a period of time until some event or date invokes its malicious payload. Often left by someone with a grudge against an organization.
Logic bombs
Is malware that spies on users, recording and reporting on their activities. Typically installed without a user’s knowledge. It can record keystrokes (keylogging). It can monitor what websites and applications a user visits/uses.
Spyware
A piece of software that logs all of the keystrokes that a user enters
Keyloggers
Is a type of malware that allows a remote attacker to control a system as if they had physical access to it. Attacker can perform actions such as key logging, screen recording/screenshots, copy files, embed more malware.
Remote access Trojan (RAT)
A form of malware that modifies core system files located in the Kernel of the Operating System. Can be invisible to the OS because it won’t be seen by the task manager. Also invisible to traditional anti-virus utilities. Originally a Unix technique.
Rootkit
Programs that attackers install after gaining unauthorized access to a system to ensure that they can continue to have unrestricted access to the system, even if their initial access method is discovered and blocked.
Backdoor
Unauthorized attempts to gain access to user accounts or systems by exploiting weaknesses in password security.
Password Attacks
A type of password attack that uses a limited number of commonly used passwords and applies them to a large number of accounts.
Spraying Attack
A type of password attack that uses a password-cracking program that uses a list of dictionary words to try to guess the password. Many common wordlists available on the internet. Wordlists can be customized by language or line of work.
Dictionary Attack
When an attacker tries every possible combination of password until there is a match.
Brute force attack
A category of Brute force attacks. When a list of users and hashes is obtained. Using high-performance GPU-based parallel machines to compare the hashes of a potential password with the stored password hash..
Brute force attack (Offline)
A category of Brute force attacks. When the brute force attack occurs in real time against a system. Very slow and very easy to see by network security monitoring. Most accounts will lockout after a number of failed attempts.
Brute force attack (Online)
Are optimized, pre-built sets of hashes. Saves time and storage space. Doesn’t need to contain every hash. Incorporating a ____________ will lead to remarkable speed increases for password cracking.
Rainbow table
Refers to a situation where an attacker attempts to gain unauthorized access to sensitive information without the need to decipher or break encryption. In other words, the target data is in its original, readable form without any cryptographic protection.
Plaintext/unencrypted attack
A type of attack that occurs when a physical element such as a flash drive is left for someone to use.
Physical Attacks
Looks like a normal ________ cable but contains embedded electronics inside. Once connected, the cable downloads and installs malicious software.
Malicious Universal Serial Bus (USB) cable
Used to dupe users into picking them up, plugging them into their machine, and accessing an attractive folder such as “HR data” or sensitive pictures”. Deliver malicious payload to the machine when files from the _______ are opened or downloaded.
Malicious flash drive
The act of copying the information on the magnetic strip of a debit or credit card and using it to make a clone of your card.
Card cloning
Physical devices built to intercept a credit card. These devices are placed on credit card readers to steal the data from the card.
Skimming
Is the use of complex models to simulate functions of the brain. A means to impart analytical abilities to the things we use, from robot vacuum cleaners to smartphone apps, to digital assistants.
Adversarial Artificial Intelligence (AI)
One of the attack vectors that attackers can use against Machine Learning (ML) systems. ML algorithms needs retraining or updating to make it effective against differing inputs. Each of these updates represents an opportunity to _____ the input data set.
Tainted training data for
machine learning (ML)
Cross check and verify the training data, constantly retrain with new data (more data and better data), train the AI with possible poisoning
Ways to secure machine learning algorithms
A type of attack that targets the vulnerabilities or weaknesses in the supply chain of a company or organization.
Supply-chain attacks
- Customize your security posture
o Full control when everything is in-house - On-site IT Team can manage security better
o The local team can ensure everything is secure
o A local team can be expensive and difficult to staff - Local team maintains uptime and availability
- System checks can occur at anytime
- No phone call for support
- Security changes can take time
o New equipment, configuration, and additional costs.
on-premises security
- Data is in a secure environment
o No physical access to the data center
o Third-party may have access to the data - Cloud providers are managing large-scale security
o Automated signatures and security updates
o Users must follow security best-practices - Limited downtime
o Extensive fault-tolerance and around the clock monitoring - Scalable Security options
o One-click security deployments
o This may not be as customizable as necessary
Cloud-based security
Attacks against the cryptographic system.
Cryptographic Attacks
Is a specific type of attack that exploits the ________ paradox to compromise the integrity or security of cryptographic systems. This attack is most commonly associated with hash functions and digital signatures. The __________ paradox refers to the probability that, in a relatively small group of entities, there is a higher chance of finding two entities with the same property than one might expect.
Birthday attacks
A type of attack where two different inputs yield the same output of a hash function. When an attacker successfully finds a ___________ in a hash function, it means they have identified two different inputs that produce the same hash value. This situation can be exploited in various ways depending on the context and the specific application involved
Collision
is a type of attack where an attacker intentionally forces a system to use older or weaker security protocols or cryptographic algorithms. The goal of this type of attack is to exploit vulnerabilities in outdated or less secure protocols.
Downgrade
