1.2 Given a scenario, analyze potential indicators to determine the type of attack. Flashcards

1
Q

Malware

A

software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Ransomware

A

A cryptoviral Malware that threatens to publish the victim’s personal data or perpetually block access to it unless an amount of currency is paid. While some simple versions may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim’s files, making them inaccessible, and demands a payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the payments, making tracing and prosecuting the perpetrators difficult. Payment doesn’t guarantee a full return of the data, or prevent the threat actor from releasing the data harvested on dark web.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Trojan Horse and Remote Access Trojan (RAT)

A

malware that is a file, program, or piece of code that appears to be legitimate and safe, but is actually malware. Usually are packaged and delivered inside legitimate software, and they’re often designed to spy on victims or steal data. Usually also downloads additional malware after you install them. A more advanced version give the attack remote access the the infected host.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Potentially unwanted programs (PUPs)

A

A program that may be unwanted, despite the possibility that users consented to download it. Includes spyware, adware and dialers, bloatware, and are often downloaded in conjunction with a program that the user wants.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Fileless Malware

A

A type of malicious activity that uses native, legitimate tools built into a system to execute a cyber attack. Unlike traditional malware, this malware does not require an attacker to install any code on a target’s system, making it hard to detect.

  • A stealth attack. Does a good job of avoiding anti-virus detection.
  • Operates in RAM, and never installs in a file or application.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Command and control

A

A computer controlled by an attacker or cybercriminal which is used to send commands to systems compromised by malware and receive stolen data from a target network.

Also can serves as the headquarters for compromised machines in a botnet. It can be used to disseminate commands that can steal data, spread malware, disrupt web services, and more. systems used by botnets may follow any of these three models: the centralized model, the peer-to-peer [P2P] model, and the random model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Command and Control: Cenralized

A

Functions much like the traditional client-server relationship. A malware “client” will phone home and check for instructions. In practice, an attacker’s server-side infrastructure is often far more complex than a single server and may include redirectors, load balancers, and defense measures to detect security researchers and law enforcement. Public cloud services and Content Delivery Networks (CDNs) are frequently used to host or mask activity. It’s also common for hackers to compromise legitimate websites and use them to host command and control servers without the owner’s knowledge.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Command and Control: Peer-To-Peer

A

command and control instructions are delivered in a decentralized fashion, with members of a botnet relaying messages between one another. Some of the bots may still function as servers, but there is no central or “master” node. This makes it far more difficult to disrupt than a centralized model but can also make it more difficult for the attacker to issue instructions to the entire botnet. P2P networks are sometimes used as a fallback mechanism in case the primary C2 channel is disrupted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Command and Control: Out of Band and Random

A

A number of unusual techniques have been observed for issuing instructions to infected hosts. Hackers have made extensive use of social media platforms as unconventional C2 platforms because they are rarely blocked. A project called Twittor aims to provide a fully functional command and control platform using only direct messages on Twitter. Hackers have also been observed using Gmail, IRC chat rooms, and even Pinterest to issue C&C messages to compromised hosts. It’s also been theorized that command and control infrastructure could be entirely random, with an attacker scanning large swaths of the Internet in hopes of finding an infected host.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Bots and Botnet

A

self-propagating malware that infects its host and connects back to a central server(s). The server functions as a “command and control center”, or a network of compromised computers and similar devices. Malicious Host have the “worm-like ability to self-propagate,” and can also:

    Gather passwords
    Log keystrokes
    Obtain financial information
    Relay spam
    Capture and analyze packets
    Launch DoS attacks
    Open back doors on the infected computer
    Exploit back doors opened by viruses and worms

usually used to infect large numbers of computers in order to create a larger network of infected hosts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

CryptoMalware

A

a type of malware that allows threat actors to use someone else’s computer or server to mine for cryptocurrencies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Logic Bomb

A

is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files, should they ever be terminated from the company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Spyware

A

is software with malicious behavior that aims to covertly gather information about a person or organization and send it to another entity in a way that harms the user. For example, by violating their privacy or endangering their device’s security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Keyloggers

A

a computer program that records every keystroke made by a computer user, especially in order to gain fraudulent access to passwords and other confidential information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Rootkit

A

is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Backdoor

A

is a malware type that negates normal authentication procedures to access a system. As a result, remote access is granted to resources within an application, such as databases and file servers, giving perpetrators the ability to remotely issue system commands and update malware.

17
Q

Password attacks

A

any of the various methods used to maliciously authenticate into password-protected accounts. These attacks are typically facilitated through the use of software that expedites cracking or guessing passwords.

18
Q

Password Spraying

A

an attack that attempts to access a large number of accounts (usernames) with a few commonly used passwords. Traditional brute-force attacks attempt to gain unauthorized access to a single account by guessing the password.

19
Q

Dictionary Attack

A

a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary as a password.

20
Q

Brute Force Attack

A

a hacking method that uses trial and error to crack passwords, login credentials, and encryption keys. It is a simple yet reliable tactic for gaining unauthorized access to individual accounts and organizations’ systems and networks.

21
Q

What is the difference between online and offline brute force?

A

In case of an offline attack, the attacker has access to the encrypted material or a password hash and tries different key without the risk of discovery or interference. In an online attack, the attacker needs to interact with a target system.

22
Q

Rainbow Table Attack

A

a precomputed table for caching the output of cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering a key derivation function (or credit card numbers, etc.) up to a certain length consisting of a limited set of characters. It is a practical example of a space–time tradeoff, using less computer processing time and more storage than a brute-force attack which calculates a hash on every attempt, but more processing time and less storage than a simple key derivation function with one entry per hash. Use of a key derivation that employs a salt makes this attack infeasible.

23
Q

Plaintext/unencrypted

A

is usually ordinary readable text before it is encrypted into ciphertext, or readable text after it is decrypted.

24
Q

Physical Attacks

A

intentional offensive actions which aim to destroy, expose, alter, disable, steal or gain unauthorized access to physical assets such as infrastructure, hardware, or interconnection.

25
Q

Malicious Cable

A

any cable (electrical or optical) which performs an unexpected, and unwanted function. Data exfiltration, GPS tracking, and audio eavesdropping are the primary malicious functions.

26
Q

Malicious Flash Drive

A

A device that contains a predefined attack script. This in turn allows them to access and copy users’ data, gain access to their keyboard and screen which allows them to see everything they do or eventually to encrypt their data in exchange for a ransom.

27
Q

RFID Card Cloning

A

An attacker analyzes data returned by an RFID chip and uses this information to duplicate a RFID signal that responds identically to the target chip. In some cases RFID chips are used for building access control, employee identification, or as markers on products being delivered along a supply chain.

28
Q

Credit Card cloning/Skimming

A

making an unauthorized copy of a credit card.

29
Q

Adversarial Artificial Intelligence

A

the use of artificial intelligence and machine learning within offensive cyber activity.

30
Q

Tainted training data for machine learning (ML)

Data poisoning

A

this technique involves an attacker inserting corrupt data in the training dataset to compromise a target machine learning model during training.

31
Q

Security of machine learning algorithms

A

Cross check and verify the training data
Constantly retrain with new, more, and better data
Train the AI with possible poisoning. What would the attacker try to do?

32
Q

Supply Chain Attack

A

is a cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply chain. The attack can occur in any industry, from the financial sector, oil industry, to a government sector. This attack can happen in software or hardware

33
Q

Cryptographic attacks

A

a method for circumventing the security of a cryptographic system by finding a weakness in a code, cipher, cryptographic protocol or key management scheme.