1.2Given a scenario, analyze potential indicators to determine the type of attack.

Question 1

Ransomware

Answer 1

Ransomware is a type of malware from cryptovirology that threatens to publish the victim’s personal data or perpetually block access to it unless a ransom is paid.

Question 2

Trojans

Answer 2

Trojan viruses are a type of malware that invade your computer disguised as a real, operational programs.

Question 3

Worms

Answer 3

A computer worm is a type of malware that spreads copies of itself from computer to computer. A worm can replicate itself without any human interaction, and it does not need to attach itself to a software program in order to cause damage.

Question 4

Potentially unwanted programs (PUPs)

Answer 4

A potentially unwanted program (PUP) is a program that may be unwanted, despite the possibility that users consented to download it. PUPs include spyware, adware and dialers, and are often downloaded in conjunction with a program that the user wants.

Question 5

Fileless virus

Answer 5

While not considered a traditional virus, fileless malware does work in a similar way—it operates in memory. Without being stored in a file or installed directly on a machine, fileless infections go straight into memory and the malicious content never touches the hard drive.

Question 6

Command and control

Answer 6

A command-and-control [C&C] server is a computer controlled by an attacker or cybercriminal which is used to send commands to systems compromised by malware and receive stolen data from a target network.

Question 7

Bots

Answer 7

How do bots work? Typically, bots operate over a network. Bots that can communicate with one another will use internet-based services to do so – such as instant messaging, interfaces like Twitterbots or through Internet Relay Chat (IRC). Bots are made from sets of algorithms which help them to carry out their tasks.

Question 8

Cryptomalware

Answer 8

A silent threat, crypto-malware is often disguised as legitimate software that, once downloaded, embeds malicious code into various applications and programs. This code will run in the background and mine for currency any time the victim uses their device.

Question 9

Logic bombs

Answer 9

A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files (such as a salary database trigger), should they ever be terminated from the company.

Question 10

Spyware

Answer 10

Spyware is a kind of malware that monitors and tracks your device and internet activity to gather information for third parties. It works underground or attaches to your device’s operating system. This way, you hardly even know that they are there.

Question 11

Keyloggers

Answer 11

Keyloggers are built for the act of keystroke logging — creating records of everything you type on a computer or mobile keyboard. These are used to quietly monitor your computer activity while you use your devices as normal.

Question 12

Remote access Trojan (RAT)

Answer 12

Remote Access Trojans (RATs) use the victim’s access permissions and infect computers to give cyberattackers unlimited access to the data on the PC. Cybercriminals can use RATs to exfiltrate confidential information.

Question 13

Rootkit

Answer 13

A rootkit is a malicious software bundle designed to give unauthorized access to a computer or other software. Rootkits are hard to detect and can conceal their presence within an infected system. Hackers use rootkit malware to remotely access your computer, manipulate it, and steal data.

Question 14

Backdoor

Answer 14

A backdoor is a malware type that negates normal authentication procedures to access a system. As a result, remote access is granted to resources within an application, such as databases and file servers, giving perpetrators the ability to remotely issue system commands and update malware.

Question 15

Password attacks Spraying

Answer 15

Password Spraying Attack is a type of brute force attack where a malicious actor attempts the same password on many accounts before moving on to another one and repeating the process. This is effective because many users use simple, predictable passwords, such as “password123.”

Question 16

Password attacks Dictionary

Answer 16

dictionary attack is simple in theory. It is based on a simple assumption: users don’t want to or cannot memorize long, random sequences of characters, and therefore they pick existing words, typically from an existing language. You can, therefore, take a dictionary or a word list and hash them.

Question 17

Password attacks Brute force

Answer 17

A brute force attack uses trial-and-error to guess login info, encryption keys, or find a hidden web page. Hackers work through all possible combinations hoping to guess correctly.

Question 18

Password attacks Brute force

- Offline

Answer 18

the offline mode of the attack requires the attacker to steal the password file first, but enables an unconstrained guessing of passwords, free of any application or network related rate limitations.

Question 19

Password attacks Brute force Online

Answer 19

In the online mode of the attack, the attacker must use the same login interface as the user application.

Question 20

Password attacks Rainbow table

Answer 20

The rainbow table itself refers to a precomputed table that contains the password hash value for each plain text character used during the authentication process. If hackers gain access to the list of password hashes, they can crack all passwords very quickly with a rainbow table.

During a network attack, the rainbow table compares its hashes to the hashes in the database to crack the code and gain access to information.

Question 21

Password attacks Plaintext/unencrypted

Answer 21

In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms.

Question 22

Physical attacks-Malicious Universal

Answer 22

Malicious universal attacks

It basically doesn’t matter where the thing lies or resides, this system of the attack surface, but it’s universally applicable. So there things like Gates, locks, doors, all the things that we should be aware of from a physical security standpoint.

Question 23

Physical attacks-Serial Bus (USB) cable

Answer 23

USB cable designed to infect connected devices with malware. This malicious cable works by injecting keystrokes onto your computer upon being plugged into a USB-friendly device.

Question 24

Physical attacks-Malicious flash drive

Answer 24

In the most basic of USB drop attacks, the user clicks on one of the files on the drive. This unleashes a malicious code that automatically activates upon viewing and can download further malware from the Internet.

Question 25

Physical attacks-Card cloning

Answer 25

Cloning is a type of credit card theft in which the thief makes a digital copy of the credit card information using a concealed or disguised electronic scanner. Security improvements—such as the use of chip cards—have helped disrupt this type of theft.

Question 26

Physical attacks-

Answer 26

Skimming is an illegal practice used by identity thieves to capture credit card information from a cardholder surreptitiously. Fraudsters often use a device called a skimmer that can be installed at gas pumps or ATM machines to collect card data. Some machines act like point-of-sale technology.

Question 27

Adversarial artificial intelligence (AI)
- Tainted training data for
machine learning (ML)

Answer 27

One of the known techniques to compromise machine learning systems is to target the data used to train the models. Called data poisoning, this technique involves an attacker inserting corrupt data in the training dataset to compromise a target machine learning model during training.

Question 28

Adversarial artificial intelligence (AI)
- Security of machine
learning algorithms

Answer 28

In security, machine learning continuously learns by analyzing data to find patterns so we can better detect malware in encrypted traffic, find insider threats, predict where “bad neighborhoods” are online to keep people safe when browsing, or protect data in the cloud by uncovering suspicious user behavior.

Question 29

Supply-chain attacks

Answer 29

Image result for supply chain attacks examples
A supply chain attack is a type of cyberattack that targets a trusted third-party vendor who offers services or software vital to the supply chain.

Question 30

Cloud-based vs. on-premises attacks

Answer 30

Essentially, the fundamental difference between cloud vs on-premise software is where it resides. On-premise software is installed locally, on your business’ computers and servers, where cloud software is hosted on the vendor’s server and accessed via a web browser.

Question 31

Cryptographic attacks

Answer 31

cryptographic attack is a method for circumventing the security of a cryptographic system by finding a weakness in a code, cipher, cryptographic protocol or key management scheme. This process is also called “cryptanalysis”. See also Category:Computer security exploits, Category:Malware.

Question 32

Cryptographic attacks-Birthday

Answer 32

The birthday attack is the cryptographic attack type that cracks the algorithms of mathematics by finding matches in the hash function. The method relies upon the birthday paradox through which the chance of sharing one birthday by two people is quite higher than it appears.

Question 33

Cryptographic attacks-Collision

Answer 33

In computer science, a hash collision or clash is when two pieces of data in a hash table share the same hash value. The hash value in this case is derived from a hash function which takes a data input and returns a fixed length of bits.

Question 34

Cryptographic attacks-Downgrade

Answer 34

A downgrade attack, also called a bidding-down attack or version rollback attack, is a form of cryptographic attack on a computer system or communications protocol that makes it abandon a high-quality mode of operation (e.g. an encrypted connection) in favor of an older, lower-quality mode of operation (e.g. cleartext) …