1.2 - Attack Types Flashcards
Define Malware.
A form of malicious software that is used for some nefarious purpose (gathering information, forcing a pc to participate in a group, showing advertising, etc.)
List as many types of malware as you can.
- Viruses
- Crypto-malware
- Ransomware
- Worms
- Trojan Horse
- Rootkit
- Keylogger
- Adware / Spyware
- Botnet
What are some ways that you can prevent a PC from getting malware?
- Don’t click email links
- Keep OS updated
- Keep applications updated and check with
publisher
Define Virus.
A type of malware that can reproduce itself but requires user input in order to start infecting. It reproduces through file systems or the network.
List the types of viruses.
- Program Virus
- Boot Sector Virus
- Script Virus
- Macro Virus
- Fileless Virus
Define Program Virus.
A virus that runs within an application.
Define Boot Sector Virus.
A virus that runs within the boot sector of an OS and starts upon a system booting up.
Define Script Virus.
A virus that runs off a script that is either OS or browser-based.
Define Fileless Virus.
A virus that is never saved into the file system of the OS. It only ever runs on the memory of a system.
Define Macro Virus.
A virus that runs off of a macro typically found within Microsoft Office.
Define Worm.
A form of malware that self-replicates. It does not require user input in order to start. It often uses the network as a transmission medium. Self-propagates and spreads quickly.
Define Ransomware.
An attack in which a bad actor takes, acts like they have taken, or encrypts your data until you pay them to get it back.
Define Crypto-Malware.
A ransomware attack in which the victim’s data is encrypted. A decryption key must be obtained from the bad actors.
What are 5 ways to protect against ransomware?
- Always have a backup
- Keep your OS system up to date
- Keep your applications up to date
- Keep your anti-virus / anti-malware signatures up
to date - Keep everything up to date
Define Trojan Horse.
A type of malware that pretends to be something else to make its way on your computer. It can open up a way for other types of malware.
Define Remote Access Trojans (RATs).
A type of trojan horse that allows for remote administrative control of a device.
List 3 ways to protect a PC against Trojan Horses and RATs.
- Don’t run unknown software
- Keep anti-virus / anti-malware signatures updated
- Always have a backup
Define Rootkit.
A type of malware that is within the system files making it incredibly difficult to remove. It can often be invisible to the OS.
What are 3 ways to deal with rootkits?
- Looking for the unusual (via anti-malware scans)
- Use a remover specific to the rootkit
- Secure boot with UEFI
Define Adware.
A type of malware that attempts to flood your screen with ads.
Define Spyware.
A type of malware that spies on you. It might take note of sites that you visit or log passwords.
Define Keylogger.
A type of spyware that logs your keystrokes.
What are 4 ways to protect against spyware and malware?
- Maintain your anti-virus / anti-malware
- Always know what you are isntalling
- Backups
- Run some scans
Define a Bot.
A type of software application or script that performs automated tasks on command. Bad bots perform malicious tasks that allow an attacker to remotely take control over an infected computer.
Define Botnet.
A group of bots working together for some malicious purpose, such as a DDoS or botnets as a service.
What are three ways to stop bots?
- Prevent the initial infection through
- OS and application patches
- Anti-virus/ anti-malware and updated
signatures - Identify an existing infection
- Prevent command and control (C&C) via firewall
and IPS
Define Logic Bomb.
A set of instructions secretly incorporated into a program so that if a particular condition is satisfied they will be carried out, usually with harmful effects.
What are three ways to prevent logic bombs?
- Process and Procedures with formal change
controls - Electronic monitoring
- Constant auditing
Define a hash.
The process of transforming any given key or string of characters into a fixed-length string of text.
Define a spraying attack.
A type of brute force attack where a malicious actor attempts the same password on many accounts before moving on to another one and repeating the process. Attempt to no lockout to raise no alarms.
Define a brute force attack.
An attempt to break into an account by using every possible password combination until the hash is matched.
Define a dictionary attack.
A type of brute force attack where an intruder attempts to crack a password-protected security system with a “dictionary list” of common words and phrases used by businesses and individuals. Can substitute letters with numbers and special characters.
Define rainbow tables.
An optimized, pre-built set of hashes. A password hacking tool that uses a precomputed table of reversed password hashes to crack passwords in a database.
Define salt.
Random data added to a password when hashing. Every password gets random salt inserted. Rainbow tables can’t deal with salt.
Define malicious USB cable.
A USB cable that appears to be a typical USB cable, but it registers as a HID. It installs malicious software.
Define malicious flash drive.
A flashdrive that appears innocent, but it has malicious software on it. Can act as an HID. Can use macros in document, boot to itself, or act as an ethernet adapter.
Define skimming.
The act of stealing credit card information, usually during a normal transaction. Can copy data from the magnetic strip. Can be done at an ATM.
Define card cloning.
The act of creating a duplicate of a card. This can only be done on magnetic strip cards. Card information is often gained by skimming.
Define evasion attacks.
Attacks at the testing time of an AI, in which the attacker aims to manipulate the input data to produce an error in the machine learning system. Does not alter the behavior of the AI, exploits its blinds spots and weaknesses to produced desired errors.
Define data poisoning.
Manipulating training datasets by injecting poisoned or polluted data to control the behavior of the trained ML model and deliver false results. AI
Name three ways to secure the learning algorithms for AI.
1) Check the training data (cross check and verify)
2) Constantly retrain with new data
3) Train the AI with possible poisoning
Name a few ways that you can secure a supply chain.
1) Keep an eye out for servers, router, switches,
firewalls and software
2) Use a small supplier base
3) Strict controls over policies and procedures
4) Security should be part of the overall design
What are some features of cloud-based security?
+ Centralized and costs less
+ No dedicated hardware, no data center to secure
+ A third-party handles everything
+ Data is in a secure environment
+ Cloud providers are managing large-scale security
+ Limited downtime
+ Scalable security options
- Third-party may have access to the data
- Users must follow security best-practices
- May not be as customizable as necessary
What are some features of on-premise security?
+ Complete control
+ On-site IT team can manage security better
+ Local team maintains uptime and availability
- Burden is on the client
- Data center security and infrastructure costs
- Security changes can take time
- Staffing costs
Define birthday attack.
When the same hash value is created for two different plaintexts, aka hash collision. The attacker will generate multiple versions of plaintext to match the hashes.
Define hash collision.
Occurs when two different inputs produce the same hash value. This can happen for various reasons, such as using a weak or flawed hashing algorithm, having a small hash space, or having a large number of inputs.
Define downgrade attack.
Attacks that take advantage of a system’s backward compatibility to force it into less secure modes of operation. Systems that can use encrypted or unencrypted connections are at the greatest risk from downgrade attacks.
