Chapter 6 Comparing Threats, Vulnerabilities, and Common Attacks Flashcards
Script kiddies use existing computer scripts or code to launch attacks. They typically have very little expertise or sophistication, and very little funding.
hacktivist launches attacks as part of an activist movement or to further a cause.
Insiders (such as employees of a company) have legitimate access to an organization’s internal resources. They sometimes become malicious insiders out of greed or revenge.
Competitors sometimes engage in attacks to gain proprietary information about another company.
Organized crime is an enterprise that employs a group of individuals working together in criminal activities. Their primary motivation is money.
Some attackers are organized and sponsored by a nation-state or government.
An advanced persistent threat (APT) is a targeted attack against a network. An APT group has both the capability and intent to launch sophisticated and targeted attacks. They are sponsored by a nation state and often have a significant amount of resources and funding.
A common method attackers often use before launching an attack is to gather information from open-source intelligence, including any information available via web sites and social media.
Malware includes several different types of malicious code, including viruses, worms, logic bombs, backdoors, Trojans, ransomware, rootkits, and more.
A virus is malicious code that attaches itself to a host application. The code runs when the application is launched.
A worm is self-replicating malware that travels throughout a network without user intervention.
A logic bomb executes in response to an event, such as a day, time, or condition. Malicious insiders have planted logic bombs into existing systems, and these logic bombs have delivered their payload after the employee left the company.
Backdoors provide another way of accessing a system. Malware often inserts backdoors into systems, giving attackers remote access to systems.
A Trojan appears to be one thing, such as pirated software or free antivirus software, but is something malicious. A remote access Trojan (RAT) is a type of malware that allows attackers to take control of systems from remote locations.
Drive-by downloads often attempt to infect systems with Trojans.
Ransomware is a type of malware that takes control of a user’s system or data. Criminals attempt to extort payment as ransom combined to return control to the user. Crypto-malware is ransomware that encrypts the user’s data. Attackers demand payment to decrypt the data.
Spyware is software installed on user systems without the user’s knowledge or consent and it monitors the user’s activities. It sometimes includes a keylogger that records user keystrokes.
A botnet is a group of computers called zombies controlled through a command-and-control server. Attackers use malware to join computers to botnets. Bot herders launch attacks through botnets.
Rootkits take root-level or kernel-level control of a system. They hide their processes to avoid detection. They can remove user privileges and modify system files.
Social engineering is the practice of using social tactics to gain information or trick users into performing an action they wouldn’t normally take.
Social engineering attacks can occur in person, over the phone, while surfing the Internet, and via email. Many social engineers attempt to impersonate others.
Shoulder surfing is an attempt to gain unauthorized information through casual observation, such as looking over someone’s shoulder, or monitoring screens with a camera. Screen filters can thwart shoulder surfing attempts.
A hoax is a message, often circulated through email, that tells of impending doom from a virus or other security threat that simply doesn’t exist.
Tailgating is the practice of one person following closely behind another without showing credentials. Mantraps help prevent tailgating.
Dumpster divers search through trash looking for information. Shredding or burning documents reduces the risk of dumpster diving.
Watering hole attacks discover sites that a targeted group visits and trusts. Attackers then modify these sites to download malware.
When the targeted group visits the modified site, they are more likely to download and install infected files.
Spam is unwanted or unsolicited email. Attackers often use spam in different types of attacks.
Phishing is the practice of sending email to users with the purpose of tricking them into revealing sensitive information, installing malware, or clicking on a link.
Spear phishing and whaling are types of phishing. Spear phishing targets specific groups of users and whaling targets high-level executives.