Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security+ > 2.4 Given a scenario, analyze indicators of malicious activity > Flashcards

2.4 Given a scenario, analyze indicators of malicious activity Flashcards

1
Q

Physical attacks

A
  • Brute force
  • Radio frequency identification
    (RFID) cloning
  • Environmental
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Brute Force Attacks in physical attack

A

● Forcible entry
● Tampering with security devices
● Confronting security personnel
● Ramming a barrier with a vehicle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Brute Force attack

A

Type of attack where access to a system is gained by simply trying all of the possibilities until you break through.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Access Badges

A

● Use of Radio Frequency Identification (RFID) or Near Field
Communication (NFC) for access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Some of the different methods used by attackers to bypass organization surveillance systems

A
  • Visual Obstruction: blocking, spraying, placing sticker, positioning objects
  • Blinding Sensors and Cameras : overwhelming the sensor or camera with a sudden burst of light

Interfering with Acoustics : Jamming or playing loud music to disrupt the microphone’s functionality

Interfering with Electromagnetic: (EMI) : involves jamming the signals that surveillance system relies on to
monitor the environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Access Badge Cloning

A

Copying the data from an RFID or NFC card or badge onto another card or device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How does an attacker clone an access badge ?

A

■ Step 1: Scanning
● Scanning or reading the targeted individual’s access badge

■ Step 2: Data Extraction
● Attackers extract the relevant authentication credentials from the card,
such as a unique identifier or a set of encrypted data

■ Step 3: Writing to a new card or device
● Attacker will then transfers the extracted data onto a blank RFID or NFC
card or another compatible device

■ Step 4: Using the cloned access badge
● Attackers gain unauthorized access to buildings, computer systems, or
even make payments using a cloned NFC-enabled credit card

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How can you stop access badge cloning?

A

■ Implement advanced encryption in your card-based authentication systems
■ Implement Multi-Factor Authentication (MFA)
■ Regularly update your security protocols
■ Educate your users
■ Implement the use of shielded wallets or sleeves with your RFID access badges
■ Monitor and audit your access logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Malware

A

Malicious software designed to infiltrate computer systems and potentially
damage them without user consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Threat Vector

A

Method used to infiltrate a victim’s machine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Attack Vector

A

Combines both method of gaining unauthorized access and infection process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Examples of Threat Vector

A

○ Unpatched software
○ USB drive installation
○ Phishing campaign

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Types of Malware Attacks

A

■ Viruses
■ Worms
■ Trojans
■ Ransomware
■ Spyware
■ Rootkits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Viruses

A

Attach to clean files, spread, and corrupt host file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Worms

A

● Standalone programs replicating and spreading to other computers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Trojans

A

● Disguise as legitimate software, grant unauthorized access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Ransomware

A

● Encrypts user data, demands ransom for decryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Zombies and Botnets

A

● Compromised computers remotely controlled in a network for malicious
purposes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Rootkits

A

Designed to gain administrative level control over a given computer system
without being detected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Backdoors and Logic Bombs

A

Backdoors allow unauthorized access, logic bombs execute malicious actions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Keyloggers

A

● Record keystrokes, capture passwords or sensitive information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

■ Spyware and Bloatware

A

● Spyware monitors and gathers user/system information,
bloatware
consumes resources without value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Malware Techniques and Infection Vectors

A

■ Evolving from file-based tactics to modern fileless techniques
■ Multi-stage deployment, leveraging system tools, and obfuscation techniques

Fileless Malware is used to create a process in the system memory without
relying on the local file system of the infected host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Indications of Malware Attack

A

■ Recognizing signs like the following
● Account lockouts
● Concurrent session utilization
● Blocked content
● Impossible travel
● Resource consumption
● Inaccessibility
● Out-of-cycle logging
● Missing logs
● Documented attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

10 Different Types of Viruses

A

Boot Sector
Macro
Program
Multipartite
Encrypted
Polymorphic
Metamorphic
Stealth
Armored
Hoax

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Boot Sector Virus

A

● One that is stored in the first sector of a hard drive and is then loaded
into memory whenever the computer boots up

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Macro Virus

A

● Form of code that allows a virus to be embedded inside another
document so that when that document is opened by the user, the virus is
executed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Program Virus

A

● Try to find executables or application files to infect with their malicious
code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Multipartite Virus

A

● Combination of a boot sector type virus and a program virus
It can install itself in a program where it can be run every time the
computer starts up

30
Q

Encrypted Virus

A

● Designed to hide itself from being detected by encrypting its malicious
code or payloads to avoid detection by any antivirus software

31
Q

Polymorphic Virus

A

Advanced version of an encrypted virus, but instead of just encrypting the
contents it will actually change the viruses code each time it is executed

32
Q

Metamorphic Virus

A

● Able to rewrite themselves entirely before it attempts to infect a given file

33
Q

Stealth

A

Technique used to prevent the virus from being detected by the anti-virus
software

34
Q

Armored

A

● Have a layer of protection to confuse a program or a person who’s trying
to analyze it

35
Q

Hoax

A

● Form of technical social engineering that attempts to scare our end users

36
Q

○ Worm

A

Able to self-replicate and spread throughout your network without a user’s
consent or their action

37
Q

Worms are dangerous for two reasons

A

■ Infect your workstation and other computing assets
■ Cause disruptions to your normal network traffic since they are constantly trying
to replicate and spread themselves across the network
○ Worms are best known for spreading far and wide over the internet in a relative short
amount of time

38
Q

Trojans

A

Piece of malicious software Claims that it will perform some needed or desired function for you

39
Q

Remote Access Trojan (RAT)

A

■ Widely used by modern attackers because it provides the attacker with remote control of a victim machine
like a backdoor in our modern networks

40
Q

Trojans are commonly used today by attackers to

A
  • exploit a vulnerability in your
    workstation and then
  • conducting data exfiltration to steal your sensitive documents,
  • creating backdoors to maintain persistence on your systems,
  • and other malicious
    activities
41
Q

How can we protect ourselves and our organizations against ransomware?

A

■ Always conduct regular backups
■ Install software updates regularly
■ Provide security awareness training to your users
■ Implement Multi-Factor Authentication (MFA)

42
Q

What should you do if you find yourself or your organization as the victim of a
ransomware attack?

A

■ Never pay the ransom
■ If you suspect ransomware has infected your machine, you should disconnect it from the network
■ Notify the authorities
■ Restore your data and systems from known good backups

43
Q

Command and Control Node

A

Computer responsible for managing and coordinating the activities of other
nodes or devices within a network

44
Q

Botnets are used

A

■ as pivot points
■ disguise the real attacker
■ to host illegal activities
■ to spam others by sending out phishing campaigns and other malware
- to combine processing power to break through different
types of encryption schemes
○ Attackers usually only use about 20-25% of any zombie’s power

45
Q

Most common use for a botnet is to conduct

A

a DDoS (Distributed Denial-of-Service)
attack
■ Distributed Denial-of-Service (DDoS) Attack
● Occurs when many machines target a single victim and attack them at the
exact same time

46
Q

different rings of permissions throughout the system

A

Ring 3 (Outermost Ring)
● Where user level permissions are used

■ Ring 0 (Innermost or Highest Permission Levels)
● Operating in Ring 0 is called “kernel mode”
● Kernel Mode: Allows a system to control access to things like device drivers, your
sound card, your video display or monitor, and other similar things

47
Q

DLL Injection

A

● Technique used to run arbitrary code within the address space of another
process by forcing it to load a dynamic-link library

48
Q

Dynamic Link Library (DLL)

A

● Collection of code and data that can be used by multiple programs
simultaneously to allow for code reuse and modularization in software development

49
Q

Shim

A

● Piece of software code that is placed between two components and that
intercepts the calls between those components and can be used redirect
them

50
Q

How To detect Rootkits

A

To detect them, the best way is to boot from an external device and then scan
the internal hard drive to ensure that you can detect those rootkits using a good
anti-malware scanning solution from a live boot Linux distribution

51
Q

Logic Bombs

A

Malicious code that’s inserted into a program, and the malicious code will only
execute when certain conditions have been met

52
Q

Keyloggers can be either software-based or hardware-based

A

■ Software Keyloggers
● Malicious programs that get installed on a victim’s computer
■ Hardware Keyloggers
● Physical devices that need to be plugged into a computer
● These will resemble a USB drive or they can be embedded within a
keyboard cable itself

53
Q

To protect your organization from keyloggers, ensure the following

A

■ Perform regular updates and patches
■ Rely on quality antivirus and antimalware solutions
■ Conduct phishing awareness training for your users
■ Implement multi-factor authentication systems
■ Encrypt keystrokes being sent to your systems
■ Perform physical checks of your desktops, laptops, and servers

54
Q

Spyware can get installed on a system in several different ways

A

● Bundled with other software
● Installed through a malicious website
● Installed when users click on a deceptive pop-up advertisement

55
Q

To help protect yourself against spyware,

A

you should only use reputable antivirus
and anti-spyware tools that are regularly updated detect and remove any
potential threats

56
Q

To remove bloatware, you can either do the following

A

● Do a manual removal process
● Use bloatware removal tools to uninstall the unwanted applications
● Perform a clean operating system installation

57
Q

How does this modern malware work?

A

Stage 1 Dropper or Downloader
- to retrieve additional portions of the malware code and to trick the user into activating it

Stage 2: Downloader
○ Downloads and installs a remote access Trojan to conduct
command and control on the victimized system

  • “Actions on Objectives” Phase : Threat actors will execute primary objectives
  • Concealment : Used to help the threat actor prolong unauthorized access
58
Q

Dropper:

A

Specific malware type designed to initiate or run other malware.

59
Q

Downloader

A

○ Retrieve additional tools post the initial infection facilitated by a
dropper

60
Q

Shellcode

A

○ Broader term that encompasses lightweight code meant to
execute an exploit on a given target

61
Q

“Actions on Objectives” Phase

A

○ Threat actors will execute primary objectives to meet core
objectives like
■ data exfiltration
■ file encryption

62
Q

Concealment

A

○ Used to help the threat actor prolong unauthorized access to a
system by
■ hiding tracks
■ erasing log files
■ hiding any evidence of malicious activity

63
Q

“Living off the Land”

A

■ A strategy adopted by many Advanced Persistent Threats
and criminal organizations
■ the threat actors try to exploit the standard tools to
perform intrusions

64
Q

Indications of Malware Attacks:
Account Lockouts

A

Malware, especially those designed for credential theft or brute force
attacks, can trigger multiple failed login attempts that would result in a
user’s account being locked out

65
Q

Indications of Malware Attacks:
Concurrent Session Utilization

A

● If you notice that a single user account has multiple simultaneous or
concurrent sessions open, especially from various geographic locations

66
Q

Indications of Malware Attacks:
Blocked Content

A

● If there is a sudden increase in the amount of blocked content alerts you
are seeing from your security tools

67
Q

Indications of Malware Attacks:
Impossible Travel

A

● Refers to a scenario where a user’s account is accessed from two or more
geographically separated locations in an impossibly short period of time

68
Q

Indications of Malware Attacks:
Resource Consumption

A

● If you are observing any unusual spikes in CPU, memory, or network
bandwidth utilization that cannot be linked back to a legitimate task

69
Q

Indications of Malware Attacks:
Resource Inaccessibility

A

● Ransomware
○ Form of malware that encrypts user files to make them
inaccessible to the user
● If a large number of files or critical systems suddenly become inaccessible
or if users receive messages demanding payment to decrypt their data

70
Q

Indications of Malware Attacks:
Out-of-Cycle Logging

A

● If you are noticing that your logs are being generated at odd hours or
during times when no legitimate activities should be taking place (such as
in the middle of the night when no employees are actively working)

71
Q

Missing Logs

A

● If you are conducting a log review as a cybersecurity analyst and you see that there are gaps in your logs or if the logs have been cleared without any authorized reason

72
Q

Indications of Malware Attacks:
Published or Documented Attacks

A

● If a cybersecurity research or reporter published a report that shows that
your organization’s network has been infected as part of a botnet or other
malware-based attack

Security+ (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions