1.2 Malware & common attacks

Question 1

What is a malware?

Answer 1

malicious software, can aim at gather information or take control of your computer and make it a botnet

Question 2

What are the different type of malware?

Answer 2

• viruses
• crypto-malware
• worms
• trojan horse
• rootkit
• keylogger
• adware/spyware
• botnet

Question 3

How to get a malware?

Answer 3

can be dl via a click on an email, or via web page pop up, or via a vunerability

Question 4

What is a virus?

Answer 4

a malware that can reproduce itself through file systems or network

Question 5

What is the different virus type ?

Answer 5

• program viruses (in applications)
• boot sector viruses (when the OS boot)
• script viruses
• macro viruses (inside a macro in microsoft office)
• fileless virus

Question 6

What is a fileless virus?

Answer 6

type of malware that uses native, legitimate tools built into a system to execute a cyber attack. Unlike traditional malware, fileless malware does not require an attacker to install any code on a target’s system, making it hard to detect.

Question 7

How fileless malware work?

Answer 7

1/user click on malicious website link
2/ website exploit a vulnerability
3/ launch powershell and dl payloads in RAM
4/ run powershell script and exec in memory

Question 8

What is a worm?

Answer 8

type of malware that self replicated and self spread through a network

Question 9

How a worm can be detected?

Answer 9

by a firewalls and IDS/IPS before the infection, the worm should be signature based

Question 10

What is a ransomware?

Answer 10

malware that employs encryption to hold a victim’s information at ransom

Question 11

What is crypto malware?

Answer 11

same as ransomware, the data are encrypted and the ransom needs to be paid if you want the data back

Question 12

How to protect against ransomware

Answer 12

• have a backup
• update OS
• update apps
• update antivirus/malware to get the latest signature

Question 13

what is trojan horse?

Answer 13

software that pretend to be something else and in reality you are installing a malware, once it is inside in can open backdoor or dl file etc

Question 14

what is a PUP

Answer 14

Potentially Uwanted Software that can be dl by a trojan (eg agressive browser toolbar, unwanted ad etc)

Question 15

what is a backdoor?

Answer 15

can be open thans to a malware. It is a undocumented way of gaining access to a computer without having to redo the whole attack for the hacker. SOme software like Linux includ backdoor to the kernel

Question 16

How to prevent a trojan?

Answer 16

• update antivirus with the lates signature
• have a backup
• don’t click on unknown link

Question 17

What is a rootkit?

Answer 17

type of malware that give access and modify file on the kernel (and not the OS), it can be invisible

Question 18

Is a rootkit can be identified?

Answer 18

yes some antivirus can and software that secure boot exists

Question 19

what is a spyware?

Answer 19

type of malware that steals sensitive info and gather data. It can analyse the activity on internet and use keylogger to capture credential once the victim log in a website. It can be install via a trojan

Question 20

how to protect against spyware/adware?

Answer 20

• antivirus/anti malware with latest signature
• know exactly what you are installing
• do backups

Question 21

What are bots?

Answer 21

type of malware that infects a device to make it a bot remotely contolled by the hacker

Question 22

what is botnets ?

Answer 22

a group of bots working toghether. It can be used to do DDos, relay spam, proxy network traffic

Question 23

How to prevent for bot ?

Answer 23

• update OS
• update antivirus/malware
• identify an existing infection
• prevent command and control (block at firewall, IPS)

Question 24

what is a logic bomb?

Answer 24

type of malware that is triggered when a logical condition is met such as after a number of transactions have been processed, or on a specific date. Difficult to spot cos logic bomb can delete themselves and no signature predefined in antivirus

Question 25

How to prevent from logic bomb?

Answer 25

• Formal change control & procedure (is there a process in place for change in the server?)
  -host based intrusion dection
• constant auditing of systems

Question 26

What is the best way to store a password?

Answer 26

by hashing that it irreversible

Question 27

what is a spraying attack (this is not malware)

Answer 27

when an attacker uses common passwords to attempt to access several accounts on one domain. Using a list of common weak passwords, such as 123456 or password1, an attacker can potentially access hundreds of accounts in one attack. it avoid the account to be locked

Question 28

What is a bruteforce attack?

Answer 28

try every possible password combination until the hash matches the password’ hash. It can be detected and the account can be locked

Question 29

What is a dictionnarry attack ?

Answer 29

use a dictionary to find common words, many wordlists are available on the internet

Question 30

What is a rainbow table?

Answer 30

an optimized, pre-built set of hashes stored in a table and help to find hashes corresponding to a password

Question 31

what is “adding a salt”

Answer 31

it refers to adding random data to a password when hashing so that it can be easily unshash via a rainbow table, it slow the bruteforce attack (e.g. password +MeNvg)

Question 32

What are the different type of physical attacks?

Answer 32

• malicious USB cable: cable which perform unwanted function once connected (dl malware, data exfiltration, gps tracking etc). Often detected as mouse or keyboard by computer
• malicious usb flash drive: USB infected with malware that are dl once connected to pc
• skimming: stealing credit card info during a normal transaction
• card cloning: cloning a credit card

Question 33

what is poisoning the training data attack?

Answer 33

it is a type of attack directed to machine learning. As ML require a lot to data for the AI to function,, an attacer can confuse the AI by sending modified data

Question 34

What is the difference between cloud based and on premises attack?

Answer 34

• cloud: security is centralized and costs less
• onpremises: security and infra cost on the client

Question 35

what are cryptographic attacks?

Answer 35

• collision: 2 plaintext created the same hash value
• downgrade attack: scenario in which a malicious actor attempts to force a server or client to use a lower version of a cryptographic protocol (such as TLS or SSL), a cipher suite (such as an export-grade cipher, instead of a standard one), or a connection type (HTTP, instead of HTTPS)