1.2Given a scenario, analyze potential indicators to determine the type of attack. Flashcards
Ransomware
Ransomware is a type of malware from cryptovirology that threatens to publish the victim’s personal data or perpetually block access to it unless a ransom is paid.
Trojans
Trojan viruses are a type of malware that invade your computer disguised as a real, operational programs.
Worms
A computer worm is a type of malware that spreads copies of itself from computer to computer. A worm can replicate itself without any human interaction, and it does not need to attach itself to a software program in order to cause damage.
Potentially unwanted programs (PUPs)
A potentially unwanted program (PUP) is a program that may be unwanted, despite the possibility that users consented to download it. PUPs include spyware, adware and dialers, and are often downloaded in conjunction with a program that the user wants.
Fileless virus
While not considered a traditional virus, fileless malware does work in a similar way—it operates in memory. Without being stored in a file or installed directly on a machine, fileless infections go straight into memory and the malicious content never touches the hard drive.
Command and control
A command-and-control [C&C] server is a computer controlled by an attacker or cybercriminal which is used to send commands to systems compromised by malware and receive stolen data from a target network.
Bots
How do bots work? Typically, bots operate over a network. Bots that can communicate with one another will use internet-based services to do so – such as instant messaging, interfaces like Twitterbots or through Internet Relay Chat (IRC). Bots are made from sets of algorithms which help them to carry out their tasks.
Cryptomalware
A silent threat, crypto-malware is often disguised as legitimate software that, once downloaded, embeds malicious code into various applications and programs. This code will run in the background and mine for currency any time the victim uses their device.
Logic bombs
A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files (such as a salary database trigger), should they ever be terminated from the company.
Spyware
Spyware is a kind of malware that monitors and tracks your device and internet activity to gather information for third parties. It works underground or attaches to your device’s operating system. This way, you hardly even know that they are there.
Keyloggers
Keyloggers are built for the act of keystroke logging — creating records of everything you type on a computer or mobile keyboard. These are used to quietly monitor your computer activity while you use your devices as normal.
Remote access Trojan (RAT)
Remote Access Trojans (RATs) use the victim’s access permissions and infect computers to give cyberattackers unlimited access to the data on the PC. Cybercriminals can use RATs to exfiltrate confidential information.
Rootkit
A rootkit is a malicious software bundle designed to give unauthorized access to a computer or other software. Rootkits are hard to detect and can conceal their presence within an infected system. Hackers use rootkit malware to remotely access your computer, manipulate it, and steal data.
Backdoor
A backdoor is a malware type that negates normal authentication procedures to access a system. As a result, remote access is granted to resources within an application, such as databases and file servers, giving perpetrators the ability to remotely issue system commands and update malware.
Password attacks Spraying
Password Spraying Attack is a type of brute force attack where a malicious actor attempts the same password on many accounts before moving on to another one and repeating the process. This is effective because many users use simple, predictable passwords, such as “password123.”
Password attacks Dictionary
dictionary attack is simple in theory. It is based on a simple assumption: users don’t want to or cannot memorize long, random sequences of characters, and therefore they pick existing words, typically from an existing language. You can, therefore, take a dictionary or a word list and hash them.
Password attacks Brute force
A brute force attack uses trial-and-error to guess login info, encryption keys, or find a hidden web page. Hackers work through all possible combinations hoping to guess correctly.
Password attacks Brute force
- Offline
the offline mode of the attack requires the attacker to steal the password file first, but enables an unconstrained guessing of passwords, free of any application or network related rate limitations.
Password attacks Brute force Online
In the online mode of the attack, the attacker must use the same login interface as the user application.
Password attacks Rainbow table
The rainbow table itself refers to a precomputed table that contains the password hash value for each plain text character used during the authentication process. If hackers gain access to the list of password hashes, they can crack all passwords very quickly with a rainbow table.
During a network attack, the rainbow table compares its hashes to the hashes in the database to crack the code and gain access to information.
Password attacks Plaintext/unencrypted
In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms.
Physical attacks-Malicious Universal
Malicious universal attacks
It basically doesn’t matter where the thing lies or resides, this system of the attack surface, but it’s universally applicable. So there things like Gates, locks, doors, all the things that we should be aware of from a physical security standpoint.
Physical attacks-Serial Bus (USB) cable
USB cable designed to infect connected devices with malware. This malicious cable works by injecting keystrokes onto your computer upon being plugged into a USB-friendly device.
Physical attacks-Malicious flash drive
In the most basic of USB drop attacks, the user clicks on one of the files on the drive. This unleashes a malicious code that automatically activates upon viewing and can download further malware from the Internet.
Physical attacks-Card cloning
Cloning is a type of credit card theft in which the thief makes a digital copy of the credit card information using a concealed or disguised electronic scanner. Security improvements—such as the use of chip cards—have helped disrupt this type of theft.
Physical attacks-
Skimming is an illegal practice used by identity thieves to capture credit card information from a cardholder surreptitiously. Fraudsters often use a device called a skimmer that can be installed at gas pumps or ATM machines to collect card data. Some machines act like point-of-sale technology.
Adversarial artificial intelligence (AI) - Tainted training data for machine learning (ML)
One of the known techniques to compromise machine learning systems is to target the data used to train the models. Called data poisoning, this technique involves an attacker inserting corrupt data in the training dataset to compromise a target machine learning model during training.
Adversarial artificial intelligence (AI)
- Security of machine
learning algorithms
In security, machine learning continuously learns by analyzing data to find patterns so we can better detect malware in encrypted traffic, find insider threats, predict where “bad neighborhoods” are online to keep people safe when browsing, or protect data in the cloud by uncovering suspicious user behavior.
Supply-chain attacks
Image result for supply chain attacks examples
A supply chain attack is a type of cyberattack that targets a trusted third-party vendor who offers services or software vital to the supply chain.
Cloud-based vs. on-premises attacks
Essentially, the fundamental difference between cloud vs on-premise software is where it resides. On-premise software is installed locally, on your business’ computers and servers, where cloud software is hosted on the vendor’s server and accessed via a web browser.
Cryptographic attacks
cryptographic attack is a method for circumventing the security of a cryptographic system by finding a weakness in a code, cipher, cryptographic protocol or key management scheme. This process is also called “cryptanalysis”. See also Category:Computer security exploits, Category:Malware.
Cryptographic attacks-Birthday
The birthday attack is the cryptographic attack type that cracks the algorithms of mathematics by finding matches in the hash function. The method relies upon the birthday paradox through which the chance of sharing one birthday by two people is quite higher than it appears.
Cryptographic attacks-Collision
In computer science, a hash collision or clash is when two pieces of data in a hash table share the same hash value. The hash value in this case is derived from a hash function which takes a data input and returns a fixed length of bits.
Cryptographic attacks-Downgrade
A downgrade attack, also called a bidding-down attack or version rollback attack, is a form of cryptographic attack on a computer system or communications protocol that makes it abandon a high-quality mode of operation (e.g. an encrypted connection) in favor of an older, lower-quality mode of operation (e.g. cleartext) …
