2.3 Cyber Attacks Flashcards

1
Q

2.3.1 Malware

A

Cybercriminals use many different types of malicious software, or malware, to carry out attacks. Malware is any code that can be used to steal data, bypass access controls or cause harm to or compromise a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

VIRUS

A

A virus is a type of computer program that, when executed, replicates and attaches itself to other files, such as legitimate programs, by inserting its own code into the file. Some viruses are harmless yet others can be destructive, such as those that modify or delete data. Most viruses require end-user interaction to initiate activation, and can be written to act on a specific date or time.

Viruses can be spread through removable media such as USB flash drives, internet downloads, and email attachments. The simple act of opening a file or executing an infected program can trigger a virus. Once a virus is active, it will usually infect other programs on the computer or other computers on the network. Viruses mutate to avoid detection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

WORMS

A

A worm is a malicious software program that replicates by independently exploiting vulnerabilities in networks. Unlike a virus, which requires a host program to run, worms can run by themselves. Other than the initial infection of the host, they do not require user participation and can spread very quickly over the network, usually slowing it down.

Worms share similar patterns: they exploit system vulnerabilities, they have a way to propagate themselves, and they all contain malicious code (payload) that causes damage to computer systems or networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

TROJAN HORSE

A

A Trojan horse is malware that carries out malicious operations by masking its true intent. It might appear legitimate but is, in fact, very dangerous. Trojans exploit the privileges of the user who runs them.

Unlike viruses, Trojans do not self-replicate but often bind themselves to non-executable files, such as image, audio, or video files, that act as a decoy to harm the systems of unsuspecting users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

2.3.2 Logic Bombs

A

A logic bomb is a malicious program that waits for a trigger, such as a specified date or database entry, to set off malicious code. Until this trigger event happens, the logic bomb will remain inactive.

Once activated, a logic bomb implements malicious code that causes harm to a computer in various ways. It can sabotage database records, erase files, and attack operating systems or applications.

Cybersecurity specialists have recently discovered logic bombs that attack and destroy the hardware components in a device or server, including cooling fans, central processing units (CPU), memory, hard drives, and power supplies. The logic bomb overdrives these components until they overheat or fail.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

2.3.3 Ransomware

A

This malware is designed to hold a computer system or the data it contains captive until a payment is made.

Ransomware usually works by encrypting your data so that you cannot access it. According to ransomware claims, once the ransom is paid via an untraceable payment system, the cybercriminal will supply a program that decrypts the files or sends an unlock code. In reality, many victims do not gain access to their data even after they have paid.

Some versions of ransomware take advantage of specific system vulnerabilities. Ransomware is often spread through phishing emails that encourage you to download a malicious attachment, or through a software vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

2.3.4 Denial of Service Attacks

A

Denial of service (DoS) attacks are a type of network attack that is relatively simple to conduct, even for an unskilled attacker. These attacks are a major risk as they usually result in some sort of interruption to network services, causing a significant loss of time and money. Even operational technologies, which consist of hardware or software that controls physical devices or processes in buildings, factories or utility providers, are vulnerable to DoS attacks, which can cause system shutdown, in extreme circumstances.

Overwhelming quantity of traffic
This is when a network, host, or application is sent an enormous amount of data at a rate which it cannot handle. This causes a slowdown in transmission or response, or causes the device or service to crash.

Maliciously formatted packets
A packet is a collection of data that flows between a source and a destination computer or application over a network, such as the internet. When a maliciously formatted packet is sent, the receiver will be unable to handle it.

For example, if an attacker forwards packets containing errors or improperly formatted packets that cannot be identified by an application, this will cause the receiving device to run very slowly or crash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

2.3.5 Domain Name System

A

There are many essential technical services needed for a network to operate — such as routing, addressing, and domain naming. These are prime targets for attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

DOMAIN REPUTATION

A

The Domain Name System (DNS) is used by DNS servers to translate a domain name, such as www.cisco.com, into a numerical IP address so that computers can understand it. If a DNS server does not know an IP address, it will ask another DNS server.

An organization needs to monitor its domain reputation, including its IP address, to help protect against malicious external domains. Domain reputation is used to classify emails as spam or potential security threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

DNS SPOOFING

A

DNS spoofing or DNS cache poisoning is an attack in which false data is introduced into a DNS resolver cache — the temporary database on a computer’s operating system that records recent visits to websites and other internet domains.

These attacks exploit a weakness in the DNS caching software that causes DNS servers to redirect traffic for a legitimate domain to the IP address of an illicit server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

DOMAIN HIJACKING

A

When an attacker wrongfully gains control of a target’s DNS information, they can make unauthorized changes to it. This is known as domain hijacking.

The most common way of hijacking a domain name is to change the administrator’s contact email address through social engineering or by hacking into the administrator’s email account. The administrator’s email address can be easily found via the WHOIS record for the domain, which is of public record.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

UNIFORM RESOURCE LOACTOR (URL) REDIRACTION

A

A uniform resource locator (URL) is a unique identifier for finding a specific resource on the Internet. Redirecting a URL commonly happens for legitimate purposes.

For example, you have logged into an eLearning portal to begin this course. If you log out of the portal and return to it another time, the portal will redirect you back to the login page.

It is this type of functionality that attackers can exploit. Instead of taking you to the eLearning login page, they can redirect you to a malicious site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

2.3.6 Layer 2 Attacks

A

Layer 2 refers to the data link layer in the Open Systems Interconnection (OSI) data communication model.

This layer is used to move data across a linked physical network. IP addresses are mapped to each physical device address (also known as media access control (MAC) address) on the network, using a procedure called address resolution protocol (ARP).

In its simplest terms, the MAC address identifies the intended receiver of an IP address sent over the network, and ARP resolves IP addresses to MAC addresses for transmitting data.

Attackers often take advantage of vulnerabilities in Layer 2 security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

SPOOFING

A

Spoofing, or poisoning, is a type of impersonation attack that takes advantage of a trusted relationship between two systems.

-MAC address spoofing occurs when an attacker disguises their device as a valid one on the network and can therefore bypass the authentication process.
-ARP spoofing sends spoofed ARP messages across a LAN. This links an attacker’s MAC address to the IP address of an authorized device on the network.
-IP spoofing sends IP packets from a spoofed source address in order to disguise the packet origin.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

MAC FLOODING

A

Devices on a network are connected via a network switch by using packet switching to receive and forward data to the destination device. MAC flooding compromises the data transmitted to a device. An attacker floods the network with fake MAC addresses, compromising the security of the network switch.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

2.3.8 Man-in-the-Middle and Man-in-the-Mobile Attacks

A

Attackers can intercept or modify communications between two devices to steal information from or to impersonate one of the devices.

17
Q

Man-in-the-Middle (MitM)

A

A MitM attack, also known as an on-path attack, happens when a cybercriminal takes control of an intermediate device without the user’s knowledge. With this level of access, an attacker can intercept, manipulate, and relay false information between the sender and the intended destination.

18
Q

Man-in-the-Mobile (MitMo)

A

A variation of man-in-the-middle, MitMo is a type of attack used to take control over a user’s mobile device. When infected, the mobile device is instructed to exfiltrate user-sensitive information and send it to the attackers.

ZeuS is one example of a malware package with MitMo capabilities. It allows attackers to quietly capture two-step verification SMS messages sent to users.

19
Q

2.3.9 Zero-Day Attacks

A

A zero-day attack, or zero-day, threat exploits software vulnerabilities before they become known or before they are disclosed by the software vendor.

A network is extremely vulnerable to attack between the time an exploit is discovered (zero hour) and the time it takes for the software vendor to develop and release a patch that fixes the vulnerability.

Defending against such fast-moving attacks requires network security professionals to adopt a more sophisticated and holistic view of any network architecture.

20
Q

2.3.10 Keyboard Logging

A

As the name suggests, keyboard logging or keylogging refers to recording or logging every key struck on a computer’s keyboard.

Cybercriminals log keystrokes via software installed on a computer system or through hardware devices that are physically attached to a computer. The keylogger software sends the log file to the criminal. Because it has recorded all keystrokes, this log file can reveal usernames, passwords, websites visited, and other sensitive information.

Many anti-spyware suites can detect and remove unauthorized key loggers.

21
Q

2.3.12 Defending Against Attacks

A

Organizations can take several steps to defend against various attacks. These include the following:

Configure firewalls to remove any packets from outside the network that have addresses indicating that they originated from inside the network.
Ensure patches and upgrades are current.
Distribute workloads across multiple server systems.
Network devices use Internet Control Message Protocol (ICMP) packets to send error and control messages, such as whether or not a device can communicate with another on the network. To prevent DoS and DDoS attacks, organizations can block external ICMP packets with their firewalls.