Chapter 6 Threats, vulnerabilities & attacks. Flashcards
An attack by a nation state/government which is highly organized? what are they called and their goals?
State actors, advanced persistent threat. They have specific goals, propaganda, information seeking, secrets etc. Not really money.
Hacktivist primary reason
Activism, further a cause
Black vs white vs grey hat
Black - unauthorized hacker committing crime
White - authorized hacker, pen tester
grey semi authorized, good intentions but may cross a line like a hacktivist.
What is an insider threat?
someone who has access to internal resources which could lead to data exfiltration
Motivations of a competitor?
economic gain/competition/stealing propriety information
Unauthorized applications or actions within a company are called
Shadow IT
Define a virus
malicious code that attaches itself to an application, must be executed in order to run. Tries to replicate and attach to other files. At some point delivers its payload. May delete files, reboot, join botnet etc.
Define a worm
Travels through a network, doesn’t need an application or user interaction (like viruses do), resides in memory, consumes network bandwidth, self-replicating.
What is the hallmark of a logic bomb?
executes depending on a certain condition that is met.
Hall mark of a trojan and what is a RAT?
Appears to be something useful or enticing but is actually something else. Includes a malicious component, such as installing a backdoor. RAT is a remote access trojan, allows attackers to control from a remote location, or send keylogs to remote locations.
What about spyware? what does it do
it can monitor users information and behaviours, may include a keylogger and send this information, used for impersonation, advertising etc.
Hallmarks of a rootkit? how does it avoid detection?
Hides in the system, avoids detection, access to the root/kernal installs hooks into memory prevents antivirus software making calls to the OS, they hide their processes in RAM
A trojan that locks people out of their resources? why?
Ransomware, cryptomalware. To demand a ransom usually.
Define hallmarks PUP
potentially unwanted programs. may be legit, maybe not, some may be malware, spyware etc.
How might fileless viruses work?
running in memory, might work via memory code injections, script-based techniques such as powershell, registry manipulation, may be embedded in other files.