Cyber 160 Module 3~ Threats and Attacks and Endpoints Flashcards
**
network connected hardware devices
endpoint
software that enters a computer system without the users knowledge or consent and then performs, unwanted and harmful actions
malware
imprison
prevents a user endpoint device from properly and fully functioning until a fee is paid
ransomware
imprison
type of ransomware that encrypts all the files on the devices so that none of them can be opened
cryptoware
imprison
malicious computer code that is attached to a file
Ex: user might send an infected email to another user and once the virus reaches the computer it begins to infect it
file-based virus
launch
does not attatch to a file, takes advantage of native services and proccesses that are part of the operating system to avoid detection and carry out it’s attacks
fileless virus
launch
uses a computer network to replicate
net virus or worm
launch
infected computer placed under the remote control of an attacker for the purpose of launching attacks
zombie or bot
launch
a structure that sends instructions to infected bot computers
command and control (C&C)
launch
tracking software that’s developed without the consent or control of the user
spyware
snoop
silently caputres and stores each keystroke that a user types on the computer keyboard
keylogger
snoop
software that users do not want on their comptuer that comes pre-installed
Ex: pop-up windows
potentially unwanted programs (PUPs)
deceive
executable program that masquerades as performing a kind activity but also does something malicious
trojan
deceive
basic functionality of a trojan but also gives the threat agaent unauthorized remote access to the victim’s computer by using specially configured command protocols
remote access trojan (rat)
deceiver
computer code that is typically added to a legitimate program but lies dormant and evades detection until a specific logical event triggers it
logic bomb
evade
fives access to a computer program or seervice that cirumvents any normal security protectections ; allows attacker to return and bypass securtiy settings
backdoor
evade
hides its presence and the presence of other malware on the computer
rootkit
evade
attack takes advtage of a website that accepts user input without validating
cross-site scripting (xss)
inserts statements to manipulate a database server using structured querty language command and targets SQL servers by introducing malicous commands into them
SQL injection
attack that introduces new input to exploit a vulnerability
injection
language used to view and manipulate data thats stored in a relational database
Structured Query Language
markup language designed to store information
eXtensible Markup Language
inserts statemnet to manipulate a database server using extensible Markup Language (XML)
XML injection
takes advantage of an unauthentication “token” that a website sends to a user’s web browser while pretending to be an authroized user
cross site request forgery (CSRF)
takes advantave of an authentication “token” that a website sends to a user’s web browser to imitate the identity and privillege of the victim
client-side request forgery
takes advantage of a trusting relationship between web servers to gain access to sensitive data or inject harmful data
server- side request forgery (SSRF)
attack that copies data and the uses it for an attack; later threat actor retransmits selected and edited portions of coppied command to later impersonate the legitimate user
replay
depletes part of memory and thus interferes with normal operatings of the program in RAM
resource exhaustion attacks
due to a programming error, memory is not freed when the program has finsihed being used
memory leak
proccess attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer
buffer overflow attack
attackers change the value of a variable to something outside the range the programmer had inteded by using an integer overflow
Ex: withdrawing $1 from an account getting a balance of $0 could cause a balance of $4,234,432,567
integer over flow attack
programming error that doesn’t filter or validate user input to prevent a malicious action
improper input handling
programming error that does not properly trap an error condition
error handling
flaw that results in a pointer given a NULL instead of valid value
project/object derference
when two concurrent threads of execution access on a shared resource simultaneously
race condition
software check of the state of a resource before using that resource
time of check / time of use
attack that targets vulnerabilities is an API
application program interface (API) attack
link provided by operating system, web browser or other platform that allows a developer access to resources at a high level
application program interface (API)
software that controls and operates an external hardware device thats connected to a computer
device driver
attack that alters a device driver from its normal function
device driver manipulation
changing the design of exhisitng code
refactoring
storage of both code and data that can be used by more than one program at the same time
Dynamic- Link Library (DLL)
attack that inserts code into a running proccess through a DLL to cause a program to function in a different way then intended
DLL injection
exploiting the risks associated with using AI and ML in cyber security
adversial artificial intelligence
risks associated with the vulnerabilities in AI- powered cybersercuirty applications and their devices
security of ML algortithms
risks associated wihth attackers can attempt to alter the trainnig data thats used by ML and can attempt to alter ttraining data used by machine learning to produce false negative and cloak themselves
tainted training data for machine learning