Determine type of attack via indicators Flashcards
What is Malware
Software that does something bad. Overlap occurs within malware classification
What is Ransomware
Malware that attempts to extort money from victim.
What is Trojans
Malware concealed within an installer package for software that appears to be legitimate.
What is Worms
Memory-resident malware that can run without user intervention and replicate over network resources. It activates when something is accessed.
What is Potentially unwanted programs (PUPs)
Software installed alongside a package selected by the user or perhaps bundled with a new computer system. Also known as Greyware. Not malicious but you don’t want it.
What is Fileless virus/Fileless malware
The virus itself is not written to the disk. Uses shellcode. Look up in more detail before the test
What is Command and control
An infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets.
What is Bots
An automated script or tool that performs some malicious activity.
What is Cryptomalware
The crypto-malware class of ransomware attempts to encrypt data files on any fixed, removable, and network drives. If the attack is successful, the user will be unable to access the files without obtaining the private encryption key, which is held by the attacker. If successful, this sort of attack is extremely difficult to mitigate, unless the user has up to date backups of the encrypted files.
What is Logic bombs
A trap that activates when a condition is met.
What is Spyware
Malware that can perform adware-like tracking, but also monitor local application activity, take screenshots, and activate recording devices, such as a microphone or webcam. Another spyware technique is perform DNS redirection to pharming sites.
What is Keyloggers
Spyware that actively attempts to steal confidential information by recording keystrokes.
What is Remote access Trojan (RAT)
Backdoor malware that mimics the functionality of legitimate remote control programs, but is designed specifically to operate covertly.
What isRootkit
Malware running with System level privileges is referred to as a rootkit.
What is Backdoor
Any type of access method to a host that circumvents the usual authentication method and gives the remote user administrative control.
What is Password attacks
A broad term covering attacks to capture passwords
What is Spraying
Trying multiple common passwords.
What is Dictionary
Uses a list or dictionary to generate possible passwords
What is Brute force
Tries every possible combination within the size.
What is Offline attack
An attack that does not interact with the authentication protocol directly. Hacked database of passwords or might interact with user computers to get data to launch another attack to figure out passwords.
What is Online attack
An attack wherein the attacker interacts with authentication service directly.
What is Rainbow tables
The attacker uses a precomputed lookup table of all possible passwords and their matching hashes.
What is Plaintext/unencrypted
Its just written out and easy to steal.
What is Physical attacks
An attack that occurs irl. A flashdrive left in a parking lot with malicious code.
What is Malicious universal serial bus (USB) cable
A USB cable infected with malware or physically modified to imply malware.
What is Malicious flash drive
A flash drive cable infected with malware or physically modified to imply malware.
What is Card cloning
Making one or more copies of an existing card.
What is Skimming
Using a counterfeit card reader to capture card details, which are then used to program a duplicate.
What is Adversarial artificial intelligence (AI)
Using AI to identify vulnerabilities and attack vectors to circumvent security systems.
What is Tainted training data for machine learning (ML)
An attacker inserting corrupt data in the training dataset to compromise a target machine learning model during training.
What is Security of machine learning algorithms
Machine learning can be applied in various ways in security, for instance, in malware analysis, to make predictions, and for clustering security events. It can also be used to detect previously unknown attacks with no established signature.
What is Supply-chain attacks
The goal is to access source codes, build processes, or update mechanisms by infecting legitimate apps to distribute malware.
What is Cloud-based vs. on-premises attacks
Cloud-based services must be integrated within regular security policies and procedures and audited for compliance. Where indicators of on-premises attacks are found in local application logs and network traffic, indicators of cloud-based attacks are found in API logs and metrics.
What is Cryptographic attacks
Circumventing the security of a cryptographic system by finding a weakness in a code, cipher, cryptographic protocol or key management scheme.
What is Birthday
a type of brute force attack aimed at exploiting collisions in hash functions.
What is Collision
Where a function produces the same hash value for two different plaintexts.
What is Downgrade
Used to facilitate a man-in-the-middle attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths. For example, rather than use TLS 1.3, as the server might prefer, the client requests the use of SSL.