2.4 Flashcards
An overview of malware, viruses and worms, spyware and bloatware, other malware types, physical attacks, denial of service, DNS attacks, wireless attacks, on-path attacks, replay attacks, malicious code, application attacks, cryptographic attacks, password attacks, indicators of compromise
Software doing bad things to your system
Malware
A download that happens automatically without the user clicking on or opening anything
Drive-by download
A type of malware that encrypts or exfiltrates your computer’s data, and then asks for a sum of money to return or not expose the data
Ransomware
If you log into your computer and find that your files are encrypted, what type of malware is your computer infected with? Besides the encryption, your computer works normally.
Ransomware
True/False
Keep your backups online so that you can quickly restore them.
False
Keep your backups offline so that attackers can’t access them
4 ways to protect against ransomware
Have an offline backup
Keep your OS updated
Keep your applications patched
Keep your antimalware signatures up-to-date
A type of malware that replicates itself via user intervention (ex. clicking a link, running an executable)
Virus
A type of virus that runs as part of an application
Program virus
A type of virus that automatically runs as the system boots
Boot sector virus
A type of virus that runs as part of a script on a browser
Script virus
A type of virus commonly found in Microsoft Office files as part of a small application embedded within the file
Macro virus
A type of virus that never writes any software or malicious code to your storage drives. It operates in memory, but is never installed in a file or application.
Fileless virus
A type of malware that self-replicates without human intervention. This malware can attack at any time and move freely within your network once it gets in.
Worm
What are the 2 main technologies that stop worm infections?
Firewalls and IPS/IDS
A type of malware that monitors your browsing, takes screen captures, and may log your keystrokes. This data is sometimes used for advertising, identity theft, or affiliate fraud.
Spyware
4 ways to protect against spyware
Maintain your antimalware signatures
Research what you’re installing
Keep a backup!
Run antimalware scans
A type of malware that might be benign other than the fact it takes up storage and memory, and reduces performance. It’s something that you don’t need and don’t expect, often forcibly bundled with other apps.
This malware can open your system to exploits, even if it doesn’t damage your device on its own.
Bloatware
3 ways to remove bloatware
Manually remove it
Use the built-in uninstaller
Third-party uninstallers and cleaners (always have a backup!)
A type of spyware that logs your keystrokes and sends them to the attacker
Often includes clipboard logging, screen logging, instant messaging, and search engine queries
Keylogger
A type of malware that performs an action after a predefined event has happened (ex. date and time or user event)
This malware is usually left by someone with a grudge. Because they are created by a person, they are very difficult to identify with malware signatures. There are NO KNOWN SIGNATURES.
Logic bomb
3 ways to prevent a logic bomb
Processes and procedures to protect configurations from being changed (formal change control)
Electronic monitoring (alert on changes, HIDS)
Constant auditing
A type of malware that modifies the core system files in a way that is invisible to the OS. Essentially, to becomes a part of the kernel/OS of the machine. Because of this, it’s invisible to antivirus.
It has full run of your computer.
Rootkit
3 ways to find and remove rootkits
Look for unusual symptoms (identify with antimalware software)
Use a remover specific to the type of rootkit
Secure boot with UEFI
How can a secure boot help identify and remove a rootkit?
The secure boot will search for a OS signature, and verify that the kernel of the OS hasn’t changed before the system is booted. Even if the rootkit has been installed, the secure boot will stop the rootkit from running once the computer boots up for real.
A type of physical attack where the attacker gains physical access to the device that they want to break into. They do this by forcing doors open or breaking windows.
Brute force
A type of physical attack where attackers make copies of access badges or key fobs of authorized personnel. They can read one card/fob and then immediately copy it to another in a matter of seconds, without the authorized individual knowing.
RFID cloning
How is RFID cloning mitigated?
MFA
The attacker might have the badge, but they likely don’t have other information
A type of physical attack where the attacker attacks everything supporting the technology. Cutting off power, interfering with HVAC (Heating, Ventilation, AC) or humidity controls, taking down fire suppression, etc.
Environmental attack
A type of attack where the attacker causes a service or device to fail, preventing authorized users from accessing it
DoS
A DoS attack where the cause is unintentional, often performed by legitimate individuals. This can happen through a programming error, accidentally downloading something too large/complex for a device to handle, or by a piece of equipment breaking (ex. a water line breaking in the IT dept)
“Friendly” DoS
A type of attack where the attacker causes a service or device to fail by enlisting a large number of computers to take up the resources of that device.
DDoS
A type of threat where the attacker has comparatively fewer resources than the victim
Asymmetric threat
What kind of attack is often called an asymmetric threat?
DDoS
The attacker by themself often has fewer resources than the network they attempt to bring down. But with the help of a botnet, they can be successful.
A method of carrying out a DDoS attack in which the attacker sends a query to a server, and spoofs their IP address so the response of that query will be sent to the victim.
Both the query and response are relatively the same size and are of the same protocol.
DDoS reflection
A method of carrying out a DDoS attack in which the attacker sends a query to a server, and spoofs their IP address so the response of that query will be sent to the victim.
The response is much larger than the original query, meaning that the attacker doesn’t have to expend many resources in exchange for a large attack.
DDoS amplification
Which 3 protocols can be abused to perform DDoS amplification?
NTP, DNS, ICMP