1.2 Attack Types Flashcards
Define Ransomware
Denying one access to their data until a ransom is paid
Define Trojan
Malicious software disguised as a valid program to trick users into installing it
Define Worm
Malware that can spread without any human interaction
What is the difference between a virus and a worm?
Virus requires human interaction to be installed, a worm is able to install and spread itself
Define Potentially unwanted programs (PUPs)
Programs that aren’t necessarily harmful, but cause unwanted annoyances, like pop-up ads, alternate internet search engines
How do fileless viruses evade detection?
By running as a valid process, such as Flash, JavaScript, or PowerShell, modify registry to add to start-up programs/processes
Define Fileless virus
A virus that runs in memory but is never installed to the hard drive and evades detection by anti-virus programs with this technique
Define Command and Control
Server that controls the bots established in a botnet
Define Bots/Botnet
Infecting multiple computers with a virus to launch complex attacks coming from multiple locations, such as a DDoS (Distributed Denial of Service) attack
Define Crypto-malware
Type of ransomware that encrypts ones data until a ransom is paid to get the decryption key
How to protect against crypto-malware attacks (other than anti-virus/malware)?
Keep system backups on device inaccessible from the computer/server
Define Logic Bomb
Malware designed to take action in the future based on a date or action
Define Spyware
Malware that forwards information, such as keystrokes or internet browsing history, to a threat actor
Define Keylogger and its attack advantage (2)
- Malware that can send typed input, clipboard data and screenshots to an attacker
- bypasses encryption so can get passwords
Define Remote access trojan (RAT)
Malware that allows complete remote control of a system
Define Rootkit
Malware that embeds in the kernel of the OS and is very difficult to remove or detect
What is the best way to protect against Rootkits?
UEFI BIOS secure boot to prevent boot if kernel has been modified
Define Backdoor
Creation of an opening in the system to bypass security and allow installation of other malware or remote system access
Define Password attack - Spraying
To avoid account lockout, just a few common passwords from a list are tried before moving on
Define Password attack - Dictionary
Sub-type of brute force attack that uses a pre-defined list of common words to find a password match
Define Password Attack - Offline vs Online
- An online password attack has limited potential since actively trying username/passwords is limited to a certain number of failed attempts before the account is locked out
- Offline password attacks are done by obtaining the files containing usernames/passwords and then cracking those with equipment offline or separate from the live website or organization
Define Password attack - Brute force
Trying every possible combination of letters, numbers and characters until the password match is found
Define Password attack - Rainbow tables
A dictionary that stores the hashed result of the plaintext password, instead of the plaintext
Define Password attack - Plaintext/unencrypted
Passwords stored as plaintext, if compromised, every password in that file or database are compromised
Malicious USB cable
Normal looking USB cable that has additional electronics inside allowing it to compromise any system that it is plugged into
Malicious flash drive
- Same capabilities as malicious USB cable
- Also can have malware embedded in normal looking files that executes upon opening the file
Card cloning
Copying the magnetic strip of a card onto a new card that an attacker can use
True/False: Chips on cards can be cloned
False
Skimming
Obtaining card information from the magnetic strip when a card is swiped or from the system that has the magnetic strip reader
Adversarial AI - Tainted training data for machine learning (ML)
Providing invalid data to an AI system to influence its learning process so that it produces a malicious output, also called “poisoning”
Adversarial AI - Security of machine learning algorithms
If AI data has personal information, attackers can figure out how to manipulate the AI to obtain that information
Supply-chain attacks
Exploitation of vendors used by an organization for attacks
2 Examples of Supply-chain attacks
- Compromising equipment before vendor delivers it to the organization
- Compromising security credentials vendor uses to access the organization
Advantage of using on-premises infrastructure
Complete control and knowledge of the security of stored data
Advantages of using cloud-based infrastructure (2)
- Advantages of large-scale, higher, security that may be out of budget or skill for an organization to implement
- Implementing changes is much since it usually involves just spinning up a virtual device
Cryptographic attack - Birthday
A brute force attack to break encryption due to hash collisions
Cryptographic attack - Collision
When a hashing algorithm produces the same hash for at least 2 different inputs
How to prevent birthday/collision based attacks
Use longer hashes
Cryptographic attack - Downgrade
A man-in-the-middle attack that influences the encryption level chosen between 2 end devices for the transport of data to be a lower, less secure encryption so that it can be more easily broken and intercept the communication
