1.2 Given a scenario, analyze potential indicators to determine the type of attack. Flashcards
Malware
Any element of software performing an unwanted function from perspective of a legit user/owner of system
Ransomware
Encrypts a user’s data, demanding ransom in return for decrypting the data
Trojans
Means of delivering malicious software disguising inside a benign host file
Worms
Self-contained applications that don’t require becoming attached directly to a host file or hard drive to infect a system. Focused on replication and distribution, rather than damage and destruction. Also be designed as delivery mechanisms to deposit other types of malware.
Potentially unwanted programs (PUPs)
Any type of questionable software not specifically malware but still otherwise unwanted.
Virus
Programs designed to spread from one system to another through self-replication and perform a wide range of malicious activities. Reside in memory only, do not save themselves to local storage devices
Forms:
Common/file
Boot sector
Fileless
Command and control (C&C or C2)
Intermediary serving as host of connection between attacker and bots where commands are distributed and info exchanged. Assists attacker in remaining anonymous while controlling botnet agents.
Any communications system can be used as C&C including internet relay chat (IRC) channels, IM, FB accounts, Twitter accounts, etc.
Bots
It is used to describe a massive deployment of malicious code onto numerous compromised systems that are all remotely controlled by a hacker. The term botnet is a shortened form of the phrase “software robot network”.
Although they’re most commonly known to be used to perform DoS flooding attacks, they can also be used to transmit spam, password cracking, or perform any other malicious activity.
Cryptomalware (aka crypto mining/jacking)
Uses system resources to mine cryptocurrencies, often designed to remain hidden.
Logic bombs
Form of malicious code remaining dormant until triggering event/condition
Spyware
Form of malicious code collecting info about users w/o knowledge or permission
Keylogger
A PUP recording keystrokes. Usually stored in a file, sometimes stored in memory until transported.
Remote access trojan (RAT)
Malware granting a level of remote control access to a system
Rootkit
Malware embedded w/in OS. Can manipulate system info seen by OS and displayed to users, may replace OS kernel, device drivers, etc.
Backdoor
Refers to two types of attacks/problems:
Developer installed access method bypassing security restrictions, hard-coded account, password, or command sequence.
hacker installed remote-access remote-control tool.
Spraying (aka Credential Stuffing)
Attempt to log into a user account through repeated attempts of submitting generated or pulled-from-a-list creds
Dictionary attack
Password guessing by using a precompiled list of possible passwords
Brute force
Tries every possible valid combination of characters to construct possible passwords
Offline password attack
When not working against a live target system, but instead on an offline copy
Online password attack
Against a live logon prompt
Rainbow table
Pre-computed hash tables, comparing hash values to the table to find the plaintext password
Plaintext/unencrypted
Clear-text/unencrypted passwords are unacceptable
Malicious Universal Serial Bus (USB) cable
Device crafted to perform unwanted activities against a computer and/or mobile device or peripheral
Malicious Flash Drive
A USB drive, typically pre-loaded with malware, is physically left in a location with the intent that an unsuspecting individual will pick it up and plug it into a computer.
Card cloning
Duplication or skimming of data from a targeted source card and writing it onto a new card
Skimming
A fast and interactive way to quickly obtain payment card data and personal information from ATMs and checkout scanners.
Adversarial artificial intelligence (AAI or AML)
When computational systems are set up to operate in opposition to automate process of developing system defenses and attacks
Generative Adversarial Network (GAN)
Works by generating data samples from the statistical distribution of the data from a generator network and a discriminator network.
Tainted Training Data for ML
a type of attack in which the attacker intentionally provides incorrect or biased data to the machine learning model during the training phase.
Supply-chain attacks
A type of cyberattack that targets a trusted third-party vendor who offers services or software vital to the supply chain. Inject malicious code into an application in order to infect all users of an app
Cloud-based vs. on-premises attacks
Cloud security is just as important as on-premises security, and in some cases, it can be even more secure. Many companies are hesitant to move to the cloud, fearing that it is not as secure as on-premises infrastructure. However, this is a misconception
Birthday
Used against hashing and other forms of cryptography involving finite sets (either hashes or keys)
Collision
When output of two cryptographic operations produce the same result, having different inputs. Tries to find two inputs producing the same hash value
Downgrade
Prevents client from successfully negotiating robust high-grade encryption, generally rolling back to earlier versions of encryption protocols
