1.2 Given a scenario, analyze potential indicators to determine the type of attack Flashcards
What is Malware?
Malicious Software with the intent to gain control, do damage, or extract financial gain.
What is Ransomware?
Any form of malware that makes you pay to get the malware to go away, it is called ransomware.
What are trojans?
It’s less of a type of malware and more of a method in which the malware spreads or plants itself. It’s a piece of software that is useful to the victim. It’s goals are usually to collect personal information from the user.
What are worms?
The malware infects memory areas with buffer overflows and propagating themselves by attempting to contact random IP addresses. They are easy to detect, but their code execution proved to be a problem.
What are Potentially unwanted Programs (PuPs)?
These are technically not malware, but can be undesirable. This is a blanket term for adware, bloatware, crapware, etc. These are different from malware in that the user consents to them being downloaded. These are usually coupled with legitimate programs as add-ons.
What is a fileless virus?
A fileless virus is a vicious malware that behaves similar to a regular virus that attacks and propagates, but only lives in memory. It often uses tools built into windows like PowerShell to attack that very system. Anti-malware struggles to ID this malware.
What is Command and Control (CnC)?
These are servers that control the actions of the bots. CnCs try to automate the control, not requiring human interaction after the initial programming.
What are bots/botnets?
Botnets are a distributed type of malware that uses remotely controlled malware that has infected several different computers. The idea is to create a large robot-like network used to wage large-scale attacks on systems and networks. Bots are used to carry on the orders of the attacker once the attack begins.
What is Cryptomalware?
This malware uses some form of encryption to lock a user out of a system. Once a system is encrypted, usually the victim will have to pay to get their data unencrypted again.
What are Logic Bombs?
It is usually a script that is set to execute either at a specific time or when certain events or circumstances have taken place on the system. Detecting them is hard because it involves auditing a system and analyzing the files. Usually placed by disgruntled employees.
What is Spyware?
It isn’t a type of malware; it is more of a goal instead. Spyware is a virus or trojan in form ,but we tend to classify it more by its function rather than type. It is used for observing user actions, as well as stealing information.
What are Keyloggers?
A keylogger is a piece of malware that records keystrokes. Most will store a certain amount of keystrokes before sending it off in a file to a bad actor.
What is a Remote Access Trojan (RAT)?
A remote administration tool maliciously installed as a trojan horse to give a remote user some level of control of the infected system.
What is a rootkit?
A piece of malware that attempts to infect critical operating system files on the host. These are hard to detect from antivirus software.
What is a backdoor?
An entry method into a piece of software that wasn’t intended to be used by normal users. Bad actors can use these to consistently get into a system for malicious reasons.
What is a Password attack?
An attempt to extract a plaintext key or password from ciphertext or hashes to gain entry to unauthorized data.
What is a Password Spraying Attack?
An attacker applies a few common passwords to many accounts in an organization. This tends to work with single sign-on systems better than others.
What is a Dictionary Attack?
A program that will read contents from a file that uses common words in a dictionary to attempt to crack a password.
What is a Brute Force attack?
Attempts to derive a password or key by inspecting either ciphertext or a hash and then trying every possible combination of key or hash until it can decrypt the plaintext or generate a match.
What is an offline Brute force attack?
In an offline brute force, an attacker has access to the encrypted material or a password hash and tries different keys without the risk of discovery.
What is an online brute force attack?
In an online attack, an attacker needs to interact with a target system.
What is a Rainbow Table?
These are binary files, not text files.. These store the hashes of passwords so that, if a match were to occur, it would crack a password.
What is a plaintext/Unencrpyted attack?
Attackers use packet sniffing software to monitor and capture traffic on a network. If a password is sent in plaintext or unencrypted, then the attacker has the password. It is referred to a generic packet sniffing attack.
What is a physical attack on a system?
An attacker can connect many tools that may gather all kinds of information about a system.
