Chapter 6 Threats, vulnerabilities & attacks. Flashcards

1
Q

An attack by a nation state/government which is highly organized? what are they called and their goals?

A

State actors, advanced persistent threat. They have specific goals, propaganda, information seeking, secrets etc. Not really money.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Hacktivist primary reason

A

Activism, further a cause

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Black vs white vs grey hat

A

Black - unauthorized hacker committing crime
White - authorized hacker, pen tester
grey semi authorized, good intentions but may cross a line like a hacktivist.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an insider threat?

A

someone who has access to internal resources which could lead to data exfiltration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Motivations of a competitor?

A

economic gain/competition/stealing propriety information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Unauthorized applications or actions within a company are called

A

Shadow IT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define a virus

A

malicious code that attaches itself to an application, must be executed in order to run. Tries to replicate and attach to other files. At some point delivers its payload. May delete files, reboot, join botnet etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define a worm

A

Travels through a network, doesn’t need an application or user interaction (like viruses do), resides in memory, consumes network bandwidth, self-replicating.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the hallmark of a logic bomb?

A

executes depending on a certain condition that is met.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Hall mark of a trojan and what is a RAT?

A

Appears to be something useful or enticing but is actually something else. Includes a malicious component, such as installing a backdoor. RAT is a remote access trojan, allows attackers to control from a remote location, or send keylogs to remote locations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What about spyware? what does it do

A

it can monitor users information and behaviours, may include a keylogger and send this information, used for impersonation, advertising etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Hallmarks of a rootkit? how does it avoid detection?

A

Hides in the system, avoids detection, access to the root/kernal installs hooks into memory prevents antivirus software making calls to the OS, they hide their processes in RAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A trojan that locks people out of their resources? why?

A

Ransomware, cryptomalware. To demand a ransom usually.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define hallmarks PUP

A

potentially unwanted programs. may be legit, maybe not, some may be malware, spyware etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How might fileless viruses work?

A

running in memory, might work via memory code injections, script-based techniques such as powershell, registry manipulation, may be embedded in other files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are indicators of malware?

A

Increased network traffic (to specific unknown IPs), data exfiltration (may be encrypted, may not), outgoing spam,

17
Q

Common hallmarks of social engineering?

A

Flattery, authority, impersonation, tailgating, using a I know someone/common grounds. Shoulder surfing can be apart of it

18
Q

What is a Hoax?

A

often through email, impending doom, can be very damaging, waste time, aren’t real. Ï have these naked pictures of you, send me bitcoin”

19
Q

Water hole attack?

A

in a common place, can be a website, cafe,

20
Q

Typosquatting, pretexting, prepending

A

changing the URL to look similar, pretexting - adding a pretext to a situation to try and elicit information/request, prepending is the same

21
Q

Invoice scams

A

Trick you into paying a fake invoice

22
Q

Credential harvesting

A

techniques used to gather credentials, fake login page etc. Key loggers

23
Q

OSIT gathering: social engineering what is it?

A

reconnaissance,

24
Q

Hybrid warfare?

A

Use of social media (or other means) to spread misinformation (may be used by state actors? propaganda?)

25
Q

You see a large amount of encrypted data leaving the network, is this cause for concern and why?

A

Yes, it may be being encrypted to bypass DLP software, it is a sign of an infection/attack

26
Q

Spear phishing vs whaling

A

Spear phishing involves the direct targeting of people, or a specific group, possibly a workforce, impersonating the CEO etc. Whaling targets someone high up, such as the CFO

27
Q

What does a file integrity monitor do?

A

checks that the integrity ( or baseline ) of files hasn’t changed. It first calculates their hashes at baseline and periodically recalculates the hashes. Many times this can help detect rootkits.

28
Q

What is a good piece of software for checking virus / malware activity?

A

Cuckoo sandbox, run in a sandbox, see what it does over time.

29
Q

Steps of social engineering that work well?

A

Authority, intimidation, consensus (does every testimony say its safe?), scarcity (limited quantity of an item that is running out), urgency similar, may have a countdown timer for this limited product. Familiarity (who is endorsing it, or does this person have a mutual friend?), trust (we are experienced, from XYZ company).

30
Q

OSINT of threat searching?

A

OSINT - Open source, includes threat databases such as TAXII (trusted automated exchange of indicator information), NVD (national vulnerability database), CVE (Common vulnerabilities and exposures), STIX (structured threat information exchange), AIO (Automated indicator sharing - which uses both TAXII and STIX), Dark web, public & private information centres, IoC (indicators of compromise, alerts from antivirus etc), Predictive analysis, Threat maps, file/code repositories,

31
Q

Additional resources for finding out threats?

A

Vendors, conferences, journal articles, industry groups, RFC and social media

32
Q

What is malware?

A

includes malicious ware/code, viruses, worms, logic bombs, backdoors, trojans, ransomware, rootkits & more.

33
Q

What is a virus?

A

Malicious code - attaches itself to a host application. Runs when host runs.

34
Q

Define a worm?

A

self-replicating malware (doesn’t need host), travels throughout network without user intervention

35
Q

A trojan?

A

Appears to be one thing, is actually another.

36
Q

What virus is commonly known to use powershell scripts? what is one other thing they do?

A

Fileless virus, hides in memory.

37
Q

Hoax?

A

something circulated, impending doom, doesn’t actually exist.

38
Q
A