Ch6: Comparing Threats, Vulnerabilities, and Common Attacks Flashcards
Script kiddie
An attacker who uses existing computer scripts to launch attacks, typically with very little expertise, sophistication, and funding
Hacktivist
launches attacks as part of an activist movement or to further a cause
Insider
Anyone who has legitimate access to an organization’s internal resources, such as an employee
Organized crime elements are…
typically motivated by greed and money but often use sophisticated techniques
APTs
Advanced Persistent Threats are sponsored by governments and they launch sophisticated, targeted attacks
DoS attack
A denial-of-service attack is an attack from a single source that attempts to disrupt the services provided by another system
DDoS attack
A distrubuted denial-of-service attack includes multiple computers attacking a single target. DDoS attacks typically include sustained, abnormally high network traffic
Malware
includes a wide variety of malicious code including viruses, worms, Trojans, ransomware, and more
Virus
a malicious program that attaches itself to an application and runs when the application is started
Worm
a self-replicating program that doesn’t need user interaction to run
Logic bomb
executes in response to an event, such as when a specific application is executed or a specific time arrives
Backdoor
A backdoor provides another way to access a system
Trojan
A Trojan appears to be something useful but includes a malicious component, such as installing a backdoor on a user’s system. Many Trojans are delivered via drive-by-downloads. They can also infect systems from fake AV software, pirated software, games, or infected USBs
Ransomware
a type of malware that takes control of a user’s system or data. Criminals then attempt to extort payment from the victim. Ransomware often includes threats of damaging a user’s system or data if the victim does not pay the ransom.
Crypto-malware
Ransomware that encrypts the user’s data
Keyloggers
capture a user’s keystrokes and store them in a file, which can be automatically sent to an attacker or manually retrieved
Spyware
monitors a user’s computer and often includes a keylogger
Rootkit
A group of programs that has system-level or kernel access and can modify system files and system access. Rootkits hide their running processes to avoid detection with hooking techniques. Tools that can inspect RAM can discover these hidden hooked processes
Social engineering
uses social tactics to trick users into giving up information or performing actions they wouldn’t normally take
Shoulder surfing
Looking over someone’s shoulder to gain information. Screen filters help prevent shoulder surfing by obscuring the view for people unless they are directly in front of the monitor
Dumpster diving
Searching through trash for information
Spam
unwanted email
Phishing
malicious spam (clicking on email links to install malware)
Spear phishing
Attack that targets a specific group of users. It could target employees of a company or customers of a company. Digital signatures can help reduce successful spear phishing
Whaling
Phishing targeting high-level executives
Vishing
A form of phishing that uses the phone system or VoIP. Some vishing attempts are fully automated. Others start automated but an attacker takes over at some point during the call
AV software
Antivirus software detects and removes malware, such as viruses, Trojans, and worms
Signature-based AV software
detects known malware based on signature definitions
Heuristic-based AV software
detects previously unknown malware based on behavior
__ users helps prevent incidents…
Educating users about new viruses, phishing attacks, and 0day exploits helps prevent incidents
Zero-day exploits
take advantage of vulnerabilities that aren’t known by trusted sources, such as OS vendors and AV vendors
Social engineers are effective because…
they use psychology-based techniques to overcome users’ objections
Two techniques that encourage immediate action are
scarcity and urgency