1.2 Given a scenario, analyze potential indicators to determine the type of attack. Flashcards
Malware
Malware or malicious code is any element of software that performs an unwanted function from the perspective of the legitimate user or owner of a computer system.
Ransomware
Ransomware is a form of malware that takes over a computer
system, usually by encrypting user data, to hinder its use while demanding payment.
Trojan
A Trojan or Trojan horse is a means of delivering malicious software
by disguising inside of something useful or legitimate.
Worms
Worms are designed to exploit a specific vulnerability in a system and
then use that flaw to replicate themselves to other systems. Worms typically focus on replication and distribution, rather than on direct damage and destruction.
PUPs
Potentially unwanted programs (PUPs) are any type of questionable
software. Anything that is not specifically malware but still otherwise unwanted on a typcal computer system could be considered a PUP.
File less virus
Fileless viruses reside in memory only and do not save themselves to the local storage devices.
command and control.
Command and control (C&C) is an intermediary
communication service often used by botnets.
Bots and Botnets
Bots are the infection agents that make up a botnet. A botnet is a network of systems infected by malicious software agents controlled by a hacker to
launch massive attacks against targets.
Cryptomalware
Cryptomalware is a form of malware that uses the system
resources of an infected computer to mine cryptocurrencies.
Logic Bombs
A logic bomb is a form of malicious code that remains dormant
until a triggering event or condition occurs.
Spyware
Spyware is any form of malicious code or even business or
commercial code that collects information about users without their direct knowledge or
permission.
Understand adwa
Adware
Adware displays pop-up or alternate advertisements to users based
on their activities, URLs they have visited, applications they have accessed, and so on.
Keylogger
A keylogger is a form of unwanted software that records the keystrokes typed into a system’s keyboard.
RAT
A remote-access Trojan (RAT) is a form of malicious code that grants
an attacker some level of remote-control access to a compromised system
Rootkits
A rootkit is a special type of hacker tool that embeds itself deep
within an operating system (OS), where it can manipulate information seen by the OS and
displayed to users.
Backdoor Attacks
There are two types of backdoor attacks: a developer installed access method that bypasses any and all security restrictions, or a hacker-installed
remote-access client.
Password Attacks
Password attacks are collectively known as password
cracking or password guessing. Forms of password attacks include brute force (also known
as a birthday attack), dictionary, hybrid, and rainbow tables.
Spraying and Stuffing
Spraying or stuffing of passwords/credentials is the
attempt to log into a user account through repeated attempts of submitting generated or
pulled-from-a-list credentials.
Dictionary Attacks.
dictionary attack performs password guessing by using
a preexisting or precompiled list of possible passwords.
brute-force attacks
A brute-force attack tries every valid combination of
characters to construct possible passwords.
Understand online vs. offline password cracking
An online password attack occurs
against a live logon prompt. An offline attack is one where the attacker is working on their
own independent computers to compromise a password hash.
Rainbow Tables.
Rainbow tables take advantage of a concept known as a hash
chain. It offers relatively fast password cracking, but at the expense of spending the time
and effort beforehand to craft the rainbow table hash chain database.
malicious USB cables and flash drives
A malicious universal serial bus (USB)
cable or flash drive is a device crafted to perform unwanted activities against a computer
and/or mobile device or peripheral without the victim realizing the attack is occurring.
Attacks include exfiltrating data and injecting malware.
Card cloning and skimming
Card cloning is the duplication of data
(skimming) from a targeted source card onto a blank new card.
Adversarial AI.
Adversarial artificial intelligence (AI) (AAI) or adversarial machine learning (ML) (AML) is a training or programming technique where computational systems are set up to operate in opposition to automate the process of developing system defenses and attacks. This is also called a generative adversarial network (GAN)
supply-chain attacks
Supply chain attacks could result in flawed or less reliable products or could allow for remote access or listening mechanisms to be embedding
into otherwise functioning equipment.
