Chapter 3: Attacks Using Malware

Question 1

Network connected hardware devices

Answer 1

Endpoints

Question 2

Malicious software that enters a computer system without the user’s knowledge or consent and then performs an unwanted and harmful action

Answer 2

Malware

Question 3

5 ways of classifying malware include …

Answer 3

1. Imprison
2. Launch
3. Snoop
4. Deceive
5. Evade

Question 4

A type of malware attack which attempts to take away the freedom of the user to do what they want on their computer

Answer 4

Imprison

Question 5

A type of malware that prevents a user’s endpoint device from properly and fully functioning until a fee is paid

Answer 5

Ransomware

Question 6

A type of malware that encrypts all the files on the device so that none of them can be opened until a ransom is paid

Answer 6

Cryptomalware

Question 7

A type of malware attack that infects a computer to launch attacks on other computers

Answer 7

Launch

Question 8

A type of malware attached to a file

Answer 8

File-based virus

Question 9

A type of malware which takes advantage of native services and processes that are part of the OS to avoid detection and carry out its attacks

Answer 9

Fileless virus (Living-off-the-land binaries/LOLBins)

Question 10

5 qualities of fileless viruses include …

Answer 10

1. Easy to infect
2. Extensive control
3. Persistent
4. Difficult to detect
5. Difficult to defend

Question 11

A type of malware which uses a computer network to replicate to other endpoints

Answer 11

Worm

Question 12

A type of launch attack where an infected computer is placed under the remote control of an attacker for the purpose of launching attacks

Answer 12

Bot

Question 13

A structure that sends instructions to infected bot computers

Answer 13

Command and control (C&C)

Question 14

A type of malware that is deployed without the consent or control of the user

Answer 14

Spyware

Question 15

Hardware or software that silently captures and stores each keystroke that a user types on a keyboard

Answer 15

Keylogger

Question 16

Software that users do not want on their computer

Answer 16

Potentially unwanted program (PUP)

Question 17

An executable program that masquerades as performing a benign activity but also does something malicious

Answer 17

Trojan

Question 18

Malware that infects a computer like a Trojan but also gives the threat agent unauthorized access to the victim’s computer by using specially configured communication protocols

Answer 18

Remote Access Trojan (RAT)

Question 19

Malware that gives access to a computer, program, or service that circumvents any normal security protections

Answer 19

Backdoor

Question 20

Computer code that is typically added to a legitimate program but lies dormant and evades detection until a specific logical event triggers it

Answer 20

Logic bomb

Question 21

Malware that can hide its presence and the presence of other malware on the computer

Answer 21

Rootkit

Question 22

An attack that takes advantage of a website that accepts user input without sanitizing it

Answer 22

Cross-site scripting (XSS)

Question 23

Attacks that introduce new input to exploit a vulnerability

Answer 23

Injections

Question 24

An attack that inserts statements to manipulate a database server using Structures Query Language commands

Answer 24

SQL injection

Question 25

A language used to view and manipulate data that is stored in a relational database

Answer 25

Structured Query Language (SQL)

Question 26

An attack that inserts statements to manipulate a database server using eXtensible Markup Language (XML)

Answer 26

XML injection

Question 27

A markup language designed to store information

Answer 27

eXtensible Markup Language (XML)

Question 28

An attack that takes advantage of an authentication “token” that a website sends to a user’s web browser to imitate the identity and privileges of the victim

Answer 28

Cross-site request forgery (CSFR) or client-side request forgery

Question 29

An attack that takes advantage of a trusting relationship between web servers

Answer 29

Server-side request forgery (SSRF)

Question 30

An attack that copies data and then uses it for an attack

Answer 30

Replay attack

Question 31

An attack that depletes parts of memory and interferes with the normal operation of the program in RAM to give an attacker access to the underlying OS

Answer 31

Resource exhaustion attacks

Question 32

A situation that occurs when, due to a programming error, memory is not freed when the program has finished using it

Answer 32

Memory leak

Question 33

An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer

Answer 33

Buffer overflow attack

Question 34

An attack that changes the value of a variable to something outside the range that the programmer had intended by using an integer overflow

Answer 34

Integer overflow attack

Question 35

A programming error that does not filter or validate user input to prevent a malicious action

Answer 35

Improper input handling

Question 36

A programming error that does not properly trap an error condition

Answer 36

Error handling

Question 37

A flaw that results in a pointer given a NULL instead of valid value

Answer 37

Pointer/object dereference

Question 38

A situation in software that occurs when two concurrent threads of execution access a shared resource simultaneously

Answer 38

Race condition

Question 39

A software check of the state of a resource before using that resource

Answer 39

Time of check/time of use

Question 40

An attack that targets vulnerabilities in an API

Answer 40

Application program interface (API) attack

Question 41

An attack that alters a device driver from its normal function

Answer 41

Device driver manipulation

Question 42

Transparently adding a small coding library that intercepts calls made by the device and changes the parameters passed between the device and device driver

Answer 42

Shimming

Question 43

Changing the design of existing code

Answer 43

Refactoring

Question 44

An attack that inserts code into a running process through a DLL to cause a program to function in a different way than intended

Answer 44

Dynamic link library (DLL) injection

Question 45

Technology that imitates human abilities

Answer 45

Artificial intelligence

Question 46

“Teaching” a technology device to “learn” through repeated experience by itself without the continual instructions of a computer programmer

Answer 46

Machine learning

Question 47

Exploiting the risks associated with using AI and ML in cybersec

Answer 47

Adversarial artificial intelligence

Question 48

A risk associated with the vulnerabilities in AI-powered cybersecurity applications and their devices

Answer 48

Security of the ML algorithm

Question 49

A risk associated with attackers can attempt to alter the training data that is used by ML

Answer 49

Tainted training data for machine learning