Chapter 6 Comparing Threats, Vulnerabilities, and Common Attacks Flashcards
Script kiddies use existing computer scripts or code to launch attacks. They typically have very little expertise or sophistication, and very little funding.
hacktivist launches attacks as part of an activist movement or to further a cause.
Insiders (such as employees of a company) have legitimate access to an organization’s internal resources. They sometimes become malicious insiders out of greed or revenge.
Competitors sometimes engage in attacks to gain proprietary information about another company.
Organized crime is an enterprise that employs a group of individuals working together in criminal activities. Their primary motivation is money.
Some attackers are organized and sponsored by a nation-state or government.
An advanced persistent threat (APT) is a targeted attack against a network. An APT group has both the capability and intent to launch sophisticated and targeted attacks. They are sponsored by a nation state and often have a significant amount of resources and funding.
A common method attackers often use before launching an attack is to gather information from open-source intelligence, including any information available via web sites and social media.
Malware includes several different types of malicious code, including viruses, worms, logic bombs, backdoors, Trojans, ransomware, rootkits, and more.
A virus is malicious code that attaches itself to a host application. The code runs when the application is launched.
A worm is self-replicating malware that travels throughout a network without user intervention.
A logic bomb executes in response to an event, such as a day, time, or condition. Malicious insiders have planted logic bombs into existing systems, and these logic bombs have delivered their payload after the employee left the company.
Backdoors provide another way of accessing a system. Malware often inserts backdoors into systems, giving attackers remote access to systems.
A Trojan appears to be one thing, such as pirated software or free antivirus software, but is something malicious. A remote access Trojan (RAT) is a type of malware that allows attackers to take control of systems from remote locations.
Drive-by downloads often attempt to infect systems with Trojans.
Ransomware is a type of malware that takes control of a user’s system or data. Criminals attempt to extort payment as ransom combined to return control to the user. Crypto-malware is ransomware that encrypts the user’s data. Attackers demand payment to decrypt the data.
Spyware is software installed on user systems without the user’s knowledge or consent and it monitors the user’s activities. It sometimes includes a keylogger that records user keystrokes.
A botnet is a group of computers called zombies controlled through a command-and-control server. Attackers use malware to join computers to botnets. Bot herders launch attacks through botnets.
Rootkits take root-level or kernel-level control of a system. They hide their processes to avoid detection. They can remove user privileges and modify system files.
Social engineering is the practice of using social tactics to gain information or trick users into performing an action they wouldn’t normally take.
Social engineering attacks can occur in person, over the phone, while surfing the Internet, and via email. Many social engineers attempt to impersonate others.
Shoulder surfing is an attempt to gain unauthorized information through casual observation, such as looking over someone’s shoulder, or monitoring screens with a camera. Screen filters can thwart shoulder surfing attempts.
A hoax is a message, often circulated through email, that tells of impending doom from a virus or other security threat that simply doesn’t exist.
Tailgating is the practice of one person following closely behind another without showing credentials. Mantraps help prevent tailgating.
Dumpster divers search through trash looking for information. Shredding or burning documents reduces the risk of dumpster diving.
Watering hole attacks discover sites that a targeted group visits and trusts. Attackers then modify these sites to download malware.
When the targeted group visits the modified site, they are more likely to download and install infected files.
Spam is unwanted or unsolicited email. Attackers often use spam in different types of attacks.
Phishing is the practice of sending email to users with the purpose of tricking them into revealing sensitive information, installing malware, or clicking on a link.
Spear phishing and whaling are types of phishing. Spear phishing targets specific groups of users and whaling targets high-level executives.
Vishing is a form of phishing that uses voice over the telephone and often uses Voice over IP (VoIP). Some vishing attacks start with a recorded voice and then switch over to a live person.
Antivirus software can detect and block different types of malware, such as worms, viruses, and Trojans. Antivirus software uses signatures to detect known malware.
When downloading signatures manually, hashes can verify the integrity of signature files.
Antivirus software typically includes a file integrity checker to detect files modified by a rootkit.
Data execution prevention (DEP) prevents code from executing in memory locations marked as nonexecutable. The primary purpose of DEP is to protect a system from malware.
Advanced malware tools monitor files and activity within the network.
Anti-spam software attempts to block unsolicited email. You can configure a spam filter to block individual email addresses and email domains.
Security-related awareness and training programs help users learn about new threats and security trends, such as new viruses, new phishing attacks, and zero-day exploits. Zero-day exploits take advantage of vulnerabilities that are not known by trusted sources.
Social engineers and other criminals employ several psychology-based principles to help increase the effectiveness of their attacks.
They are authority, intimidation, consensus, scarcity, urgency, familiarity, and trust.
Another method used to detect rootkits is to boot into safe mode, or have the system scanned before it boots, but this isn’t always successful.
Attackers who have successfully installed a rootkit on a user’s system might log on to the user’s computer remotely, using a backdoor installed by the rootkit.
Some social engineers often attempt to impersonate others. The goal is to convince an authorized user to provide some information, or help the attacker defeat a security control.
Another method used to reduce shoulder surfing is to use a screen filter placed over the monitor.
A pharming attack is another type of attack that manipulates the DNS name resolution process. It either tries to corrupt the DNS server or the DNS client.
Many current DNS servers use Domain Name System Security Extensions (DNSSEC) to protect the DNS records and prevent DNS poisoning attacks.
Three attacks against DNS services are DNS poisoning, pharming, and DDoS.
A DNS poisoning attack attempts to modify or corrupt DNS results.
An amplification attack is a type of DDoS attack. It typically uses a method that significantly increases the amount of traffic sent to, or requested from, a victim. As an example, a smurf attack spoofs the source address of a directed broadcast ping packet to flood a victim with ping replies.
The smurf attack spoofs the source IP. If the source IP address isn’t changed, the computer sending out the broadcast ping will get flooded with the ICMP replies.
A birthday attack is named after the birthday paradox in mathematical probability theory.
Rainbow table attacks are a type of attack that attempts to discover the password from the hash. A rainbow table is a huge database of precomputed hashes.
