1.2 Given a scenario, analyze potential indicators to determine the type of attack.

Question 1

Malware

Answer 1

Any element of software performing an unwanted function from perspective of a legit user/owner of system

Question 2

Ransomware

Answer 2

Encrypts a user’s data, demanding ransom in return for decrypting the data

Question 2

Trojans

Answer 2

Means of delivering malicious software disguising inside a benign host file

Question 3

Worms

Answer 3

Self-contained applications that don’t require becoming attached directly to a host file or hard drive to infect a system. Focused on replication and distribution, rather than damage and destruction. Also be designed as delivery mechanisms to deposit other types of malware.

Question 4

Potentially unwanted programs (PUPs)

Answer 4

Any type of questionable software not specifically malware but still otherwise unwanted.

Question 5

Virus

Answer 5

Programs designed to spread from one system to another through self-replication and perform a wide range of malicious activities. Reside in memory only, do not save themselves to local storage devices

Forms:

Common/file

Boot sector

Fileless

Question 6

Command and control (C&C or C2)

Answer 6

Intermediary serving as host of connection between attacker and bots where commands are distributed and info exchanged. Assists attacker in remaining anonymous while controlling botnet agents.

Any communications system can be used as C&C including internet relay chat (IRC) channels, IM, FB accounts, Twitter accounts, etc.

Question 7

Bots

Answer 7

It is used to describe a massive deployment of malicious code onto numerous compromised systems that are all remotely controlled by a hacker. The term botnet is a shortened form of the phrase “software robot network”.

Although they’re most commonly known to be used to perform DoS flooding attacks, they can also be used to transmit spam, password cracking, or perform any other malicious activity.

Question 8

Cryptomalware (aka crypto mining/jacking)

Answer 8

Uses system resources to mine cryptocurrencies, often designed to remain hidden.

Question 9

Logic bombs

Answer 9

Form of malicious code remaining dormant until triggering event/condition

Question 10

Spyware

Answer 10

Form of malicious code collecting info about users w/o knowledge or permission

Question 11

Keylogger

Answer 11

A PUP recording keystrokes. Usually stored in a file, sometimes stored in memory until transported.

Question 12

Remote access trojan (RAT)

Answer 12

Malware granting a level of remote control access to a system

Question 13

Rootkit

Answer 13

Malware embedded w/in OS. Can manipulate system info seen by OS and displayed to users, may replace OS kernel, device drivers, etc.

Question 14

Backdoor

Answer 14

Refers to two types of attacks/problems:

Developer installed access method bypassing security restrictions, hard-coded account, password, or command sequence.

hacker installed remote-access remote-control tool.

Question 15

Spraying (aka Credential Stuffing)

Answer 15

Attempt to log into a user account through repeated attempts of submitting generated or pulled-from-a-list creds

Question 16

Dictionary attack

Answer 16

Password guessing by using a precompiled list of possible passwords

Question 17

Brute force

Answer 17

Tries every possible valid combination of characters to construct possible passwords

Question 18

Offline password attack

Answer 18

When not working against a live target system, but instead on an offline copy

Question 19

Online password attack

Answer 19

Against a live logon prompt

Question 20

Rainbow table

Answer 20

Pre-computed hash tables, comparing hash values to the table to find the plaintext password

Question 21

Plaintext/unencrypted

Answer 21

Clear-text/unencrypted passwords are unacceptable

Question 22

Malicious Universal Serial Bus (USB) cable

Answer 22

Device crafted to perform unwanted activities against a computer and/or mobile device or peripheral

Question 23

Malicious Flash Drive

Answer 23

A USB drive, typically pre-loaded with malware, is physically left in a location with the intent that an unsuspecting individual will pick it up and plug it into a computer.

Question 24

Card cloning

Answer 24

Duplication or skimming of data from a targeted source card and writing it onto a new card

Question 25

Skimming

Answer 25

A fast and interactive way to quickly obtain payment card data and personal information from ATMs and checkout scanners.

Question 26

Adversarial artificial intelligence (AAI or AML)

Answer 26

When computational systems are set up to operate in opposition to automate process of developing system defenses and attacks

Question 27

Generative Adversarial Network (GAN)

Answer 27

Works by generating data samples from the statistical distribution of the data from a generator network and a discriminator network.

Question 28

Tainted Training Data for ML

Answer 28

a type of attack in which the attacker intentionally provides incorrect or biased data to the machine learning model during the training phase.

Question 29

Supply-chain attacks

Answer 29

A type of cyberattack that targets a trusted third-party vendor who offers services or software vital to the supply chain. Inject malicious code into an application in order to infect all users of an app

Question 30

Cloud-based vs. on-premises attacks

Answer 30

Cloud security is just as important as on-premises security, and in some cases, it can be even more secure. Many companies are hesitant to move to the cloud, fearing that it is not as secure as on-premises infrastructure. However, this is a misconception

Question 31

Birthday

Answer 31

Used against hashing and other forms of cryptography involving finite sets (either hashes or keys)

Question 32

Collision

Answer 32

When output of two cryptographic operations produce the same result, having different inputs. Tries to find two inputs producing the same hash value

Question 33

Downgrade

Answer 33

Prevents client from successfully negotiating robust high-grade encryption, generally rolling back to earlier versions of encryption protocols