COMPTIA SECURITY + WEEK 2 CHAPTER 3 & 4 Flashcards
What is malware?
A wide range of software intentionally designed to cause harm to systems, networks, or users.
Malware can gather information, provide illicit access, and take unwanted actions on a system.
Name three types of malware.
- Ransomware
- Trojan
- Worm
Other types include spyware, bloatware, virus, keylogger, logic bomb, and rootkit.
What is ransomware?
Malware that takes over a computer and demands a ransom for access to data.
It can encrypt files and hold them hostage until payment is made.
What are indicators of compromise (IoCs) for ransomware?
- Command and control traffic
- Use of legitimate tools in abnormal ways
- Lateral movement processes
- Encryption of files
- Ransom notices
- Data exfiltration behaviors
These indicators help in identifying ransomware attacks.
What is a Trojan?
Malware disguised as legitimate software that provides attackers a path into a system.
The term comes from the Trojan horse myth, where the malware relies on user interaction to install.
What are common indicators of compromise for Trojans?
- Signatures for specific malware
- Command and control hostnames
- Newly created folders or files
Remote Access Trojans (RATs) provide attackers with remote access to systems.
What are botnets?
Groups of systems under central command, with individual systems referred to as bots.
They often utilize command and control techniques for coordinated attacks.
How do worms spread?
Worms spread themselves, often through automated means without user interaction.
They can spread via email attachments, network shares, and vulnerable devices.
What is the significance of the Stuxnet worm?
Recognized as the first implementation of a worm as a cyber weapon aimed at the Iranian nuclear program.
It utilized advanced techniques to cause physical damage to industrial systems.
What is spyware?
Malware designed to obtain information about an individual, organization, or system.
It can track browsing habits, installed software, or sensitive data.
What are common IoCs for spyware?
- Remote-access indicators
- Known software file fingerprints
- Malicious processes disguised as system processes
- Injection attacks against browsers
Spyware can use techniques from other types of malware.
What is bloatware?
Unwanted applications installed on systems by manufacturers.
While not typically malicious, it can take up resources and create vulnerabilities.
What differentiates spyware from bloatware?
Spyware’s primary intention is to gather information about the user, while bloatware consists of unwanted programs.
Bloatware may not have malicious intent but can still pose risks.
What are the mitigation practices for Trojans?
- Awareness practices
- Control of software acquisition
- Anti-malware and EDR tools
These practices help prevent the installation and execution of Trojans.
What is a command and control (C&C) system?
A system that allows attackers to communicate with and control compromised systems.
C&C systems often use encrypted connections to avoid detection.
What is the primary intention of spyware?
To gather information about the user, their use of the system and Internet, and the configuration of the system.
What distinguishes bloatware from spyware?
Bloatware is simply unwanted programs, while spyware is designed to collect user data.
Define computer viruses.
Malicious programs that self-copy and self-replicate once activated.
What are the two main types of viruses based on their memory usage?
- Memory-resident viruses
- Non-memory-resident viruses
What type of virus resides inside the boot sector of a drive?
Boot sector viruses.
How do macro viruses spread?
Using macros or code inside word processing software or other tools.
True or False: Fileless viruses require local file storage.
False.
What is an example of a method to prevent fileless virus attacks?
Using antimalware tools that can detect unexpected behavior from scripting tools.
What are IoCs related to viruses?
- File hashes and signatures
- Exfiltration activity
- Process names
- Command and control traffic
What is the standard practice for removing malware from an infected machine?
Wiping the drive and restoring it from a known good backup.
Define keyloggers.
Programs that capture keystrokes from a keyboard and other input.
What security measure can limit the impact of a keylogger?
Use of multifactor authentication.
What are common IoCs for keyloggers?
- File hashes and signatures
- Exfiltration activity
- Process names
- Known reference URLs
What activates a logic bomb?
Set conditions being met.
What is a common technique for analyzing malware?
- Online analysis tools
- Sandbox tools
- Manual code analysis
What are rootkits designed to do?
Allow attackers to access a system through a backdoor.
What makes rootkit detection challenging?
The infected system cannot be trusted.
What is a common method for preventing rootkits?
Using normal security practices like patching and secure configurations.
What is the role of command and control domains in malware?
They are used for communication between malware and the attacker.
What does bloatware typically do?
Takes up resources like disk space, memory, and CPU cycles.
What is the most effective tool in preventing malware attacks?
Awareness.
Fill in the blank: _______ is malware that encrypts files and holds them for ransom.
Ransomware
List the types of malware mentioned.
- Ransomware
- Trojans
- Worms
- Spyware
- Bloatware
- Viruses
- Keyloggers
- Logic bombs
- Rootkits
What are common indicators of malicious activity associated with malware?
- Command and control traffic patterns
- IP addresses
- Hostnames
- Domains
- Unexpected use of system utilities
What is a common technique for malware removal?
Reinstallation of a system or restoration from a known good backup.
What is social engineering?
The practice of manipulating people through strategies to accomplish desired actions.
What are common human vectors in social engineering?
- Phishing
- Vishing
- Smishing
- Misinformation/disinformation
- Impersonation
- Business email compromise
- Pretexting
- Watering hole
- Brand impersonation
- Typosquatting
What principle of social engineering relies on obeying authority figures?
Authority
What principle relies on scaring or bullying an individual?
Intimidation
What is consensus-based social engineering also known as?
Social proof
What principle of social engineering makes something look more desirable?
Scarcity
What is the focus of familiarity-based attacks?
Targeting individuals based on liking the impersonator or organization.
What principle creates a feeling that an action must be taken quickly?
Urgency
True or False: Social engineering attacks often rely on multiple principles at once.
True
What is phishing?
Fraudulent acquisition of information, often focused on credentials and sensitive personal information.
What is spear phishing?
Phishing that targets specific individuals or groups in an organization.
What does whaling refer to in phishing?
Phishing aimed at senior employees like CEOs and CFOs.
What are common defenses against phishing?
- Awareness training
- Filtering using reputation tools
- Keyword and text pattern matching
What is vishing?
Phishing accomplished via voice or voicemail messages.
What is smishing?
Phishing conducted via SMS (text) messages.
What is the difference between misinformation and disinformation?
- Misinformation: Incorrect information often resulting from getting facts wrong.
- Disinformation: Intentionally provided incorrect information to serve goals.
What does the acronym MDM stand for?
Misinformation, Disinformation, and Malinformation
What is impersonation in social engineering?
Pretending to be someone else to manipulate a target.
What is Business Email Compromise (BEC)?
Using apparently legitimate email addresses to conduct scams and attacks.
What are common methods for creating legitimate appearing emails in BEC?
- Using compromised accounts
- Sending spoofed emails
- Using common fake but similar domain techniques
- Using malware
What is pretexting?
Using a made-up scenario to justify approaching an individual.
What are watering hole attacks?
Attacks using websites frequently visited by targets.
What is brand impersonation?
Phishing attacks that appear to be from a legitimate brand.
What is typosquatting?
Using misspelled URLs to conduct attacks by redirecting users.
What is a brute-force attack?
Iterating through passwords until finding one that works.
What is a password spraying attack?
A form of brute-force attack that uses a single password against many accounts.
What is a brute-force attack?
A process that involves trying different variations until it succeeds.
What are password spraying attacks?
A form of brute-force attack that attempts to use a single password or small set of passwords against many accounts.
When is a password spraying attack particularly effective?
When the attacker knows that a target uses a specific default password or a set of passwords.
What are common candidates for a password spraying attack?
- Common chants for fans
- Names of well-known players
- Other common terms related to the team
What is a dictionary attack?
A form of brute-force attack that uses a list of words for their attempts.
What is John the Ripper?
A popular open source password cracking tool with built-in word lists.
What types of password attacks are focused on in the SY0-701 Exam Outline?
- Spraying
- Brute force
What differentiates online attacks from offline attacks?
Online attacks occur against a live system, while offline attacks occur against a compromised or captured password store.
What are rainbow tables?
An easily searchable database of precomputed hashes using the same hashing methodology as the captured password file.
What is a hash?
A one-way cryptographic function that takes an input and generates a unique and repeatable output.
What is the significance of hash collisions?
They lead to new hashing algorithms being designed and used.
How do rainbow tables operate?
They use computational power to create a database where hashes and the value that created them can be looked up.
What can be used against a captured password file?
A password cracker.
What is the purpose of password assessment tools?
To periodically test for weak and easily cracked passwords.
What best practices should be followed for password storage?
- Use strong password hashing mechanisms
- Use salt and pepper
- Verify passwords at login without storing them
What is OWASP’s Password Storage Cheat Sheet used for?
To learn about secure password storage practices.
What do social engineering techniques focus on?
Human reactions and psychology to gather information and perform attacks.
What are some types of social engineering attacks?
- Phishing
- Impersonation
- Misinformation
- Disinformation
What is pretexting?
A technique used with impersonation to provide a believable reason for an action or request.
What is business email compromise?
A technique used to make malicious emails appear legitimate.
What are watering hole attacks?
Attacks that focus on sites that targets frequently visit.
What do typosquatters rely on?
Users who make typos while entering URLs.
How can passwords be acquired and cracked?
Through online and offline attacks, brute-force attacks, and improper storage methods.
What makes password attacks easier for attackers?
Unencrypted or plain-text passwords and improper storage methods like MD5 hashes.
