IT101 COMP SECURITY THREATS Flashcards
No —– = very vulnerable to virus infections
anti-virus software
No anti-virus software = very ——- to virus infections
vulnerable
*A technology term used when someone impersonates
*Ranges from using the name, identification card, SSS
number or any other personal information
*Get a document or credit in your behalf, without the
owner’s knowledge and permission
Identity Theft
Identity Theft
*A technology term used when someone ———-
*Ranges from using the —————- or any other personal information
*Get a document or credit in your behalf, without the
owner’s knowledge and permission
-impersonates
-name, identification card, SSS
number
*Watching someone who withdraws in an ATM machine
*Getting to know his/her PIN (Personal Identification
Number)
Shoulder Surfing
Snagging
*Also known as ———–
* The attacker can listen to your conversation on the
telephone as you give your personal information (credit
card number and other pertinent details)
Wire-tapping or Man-in-the-middle attack
*Also known as Wire-tapping or Man-in-the-middle attack
* The attacker can listen to your conversation on the
telephone as you give your personal information (credit
card number and other pertinent details)
Snagging
*Attacker goes to garbage cans or trash bins to get
cancelled checks, bank deposit slips, or credit card
statements
Dumpster Diving
- Most predominant sources of identity theft
- Theft tricks the unsuspecting victim into providing critical
information under the pretext of something legitimate
(pretending to be one who is in authority)
Social Engineering
Social Engineering
- Most ——– of identity theft
- Theft tricks the unsuspecting victim into providing critical
information under the pretext of something legitimate
(pretending to be one who is in authority)
predominant sources
- attacker recreates the website or support portal of a renowned
company and sends the link to targets via emails or social media
platforms - other person, completely unknown of the real attacker, ends up
compromising personal information and even credit card details
- Phishing
- assumed as a subset of Phishing since it requires an extra effort
from the side of the attackers - need to pay attention to the degree of uniqueness for the limited
number of users they target - the chances of users falling for the false emails are considerably
higher in the case of spear phishing
- Spear Phishing or Whaling Attack
- Old fashioned attack – using a phone
- recreate the IVR (Interactive Voice Response) system of a
company - attach it to a toll-free number and trick people into calling the
phone number and entering their details
- Vishing
- scripted scenario presented in front of the targets, used to
extract PII or some other information - seen various TV shows and movies where detectives use this
technique to get into places where they’re personally not
authorized, or extract information by tricking people
- Pretexting
- Attackers leave infected USB drives or optical disks at
public places with a hope of someone picking it up out of
curiosity and using it on their devices - Various download links, mostly containing malicious software,
are thrown in front of random people hoping someone would
click on them
Baiting
- a person takes help of an authorized person to get access to
restricted areas where RFID authentication or some other
electronic barrier is present
Tailgating
Tailgating
* Also known as ——
* a person takes help of an authorized person to get access to
restricted areas where RFID authentication or some other
electronic barrier is present
piggybacking
- involves people posing as technical support
- make random calls to a company’s employees claiming that
they’re contacting them regarding an issue - involves an exchange of something with the target, for instance,
the attacker trying to solve a victim’s genuine problem; in return,
they will as for a gift
Quid Pro Quo
- Program triggered to perform a task or mission when it
encounters some sequence of events or activities or after
a certain amount of time lapses or when a data come - Friday the 13th Virus and April Fool’s Day virus
Logic Bombs
Logic Bombs
- Program triggered to perform a task or mission when it
encounters some sequence of events or activities or after
a certain amount of time lapses or when a data come
Friday the 13th Virus and April Fool’s Day virus
*A small code that a Web server asks your web browsers
to place in the computer
* Contains pertinent information that identifies your
workstation’s IP address, login name, email address and
other information about the visited site
Cookies
Cookies
*A ——– that a Web server asks your web browsers
to place in the computer
* Contains pertinent information that identifies your
workstation’s IP address, login name, email address and
other information about the visited site
small code
*Offers products or services that usually the user don’t
need or want
*Almost tagged as commercial advertisements
*Defined as unsolicited email
Spam
Spam
*Offers products or services that usually the user don’t
need or want
*Almost tagged as commercial advertisements
*Defined as ——–
unsolicited email
- Fraudulent act
- Such as stealing account information from unsuspecting
customers, non-delivery of services and merchandise that
are ordered online, etc.
Cybercrime
Cybercrime
- Such as stealing account information from unsuspecting
customers, non-delivery of services and merchandise that
are ordered online, etc.
Fraudulent act
Cybercrime Types
- Cyber Extortion
- Cryptojacking
- Cyber Espionage
- Dark Web
Crime involving an attack or threat coupled with a demand for
money to stop the attack
Cyber Extortion
- attacks use scripts to mine cryptocurrencies within browsers
without the user’s consent - involve loading cryptocurrency mining software to the victim’s
system
Cryptojacking
- cybercriminal hacks into systems or networks to gain access to
confidential information held by a government or other
organization - gather, modify or destroy data, as well as using
network-connected devices, like webcams or closed-circuit TV
(CCTV) cameras, to spy on a targeted individual or groups and
monitoring communications, including email, text messages and
instant messages
Cyber Espionage
- Old crime as “exit scam”
- dark web administrators divert virtual currency held in
marketplace escrow accounts to their own accounts –
essentially, criminals stealing from other criminals
*Dark Web
*Dark Web
* Old crime as “———”
exit scam
*Illegal act of accessing the computer resources of some
people without their knowledge or permission
*Unauthorized access into company’s network system
*Hacker uses network or Internet connection to connect to
some other people’s computer to corrupt, change or
destroy data
Hacking
Tries to guess the password of the hapless victim
Sniffing
Hacker intercepts the data while it is transmitted or gain
access to the computer network system by posing as an
authorized user
IP Spoofing
Cybercrime Types
- Cyber Extortion
- Cryptojacking
- Cyber Espionage
*Dark Web
- Crime involving an attack or threat coupled with a demand for
money to stop the attack
- Cyber Extortion
- attacks use scripts to mine cryptocurrencies within browsers
without the user’s consent - involve loading cryptocurrency mining software to the victim’s
system
- Cryptojacking
- cybercriminal hacks into systems or networks to gain access to
confidential information held by a government or other
organization - gather, modify or destroy data, as well as using
network-connected devices, like webcams or closed-circuit TV
(CCTV) cameras, to spy on a targeted individual or groups and
monitoring communications, including email, text messages and
instant messages
- Cyber Espionage
- Old crime as “exit scam”
- administrators divert virtual currency held in
marketplace escrow accounts to their own accounts –
essentially, criminals stealing from other criminals
*Dark Web
*Dark Web
* Old crime as
“exit scam”
*Illegal act of accessing the computer resources of some
people without their knowledge or permission
*Unauthorized access into company’s network system
*Hacker uses network or Internet connection to connect to
some other people’s computer to corrupt, change or
destroy data
Hacking
Hacking Types
- Sniffing
- IP Spoofing
- Tries to guess the password of the hapless victim
- Sniffing
- Hacker intercepts the data while it is transmitted or gain
access to the computer network system by posing as an
authorized user
*IP Spoofing
- An act of attacking the mission-critical information technology
infrastructure and government network system of a particular
country - Goals: gain control to key computer network systems that control
and monitor electric power grids, telecommunication system
infrastructure, power plants and water treatment plants
Cyberterrorism
- Make full use of and derive benefit from a resource
*A software tool designed to take advantage of a flaw in a
computer system, typically for malicious purposes
Exploit
*Any program or file that is harmful to a computer user
* Computer virus, worms, Trojan horses and spyware
Malware
- Stealing, encrypting or deleting sensitive data
*Altering or hijacking core computing functions - Monitoring users’ activities without permission
Malware
Malware Types
- Virus
*Worm - Trojan Horse
- Spyware
*Ransomware
*Rootkit
*Keyloggers
- Designed to spread from host to host and has the ability to replicate
itself - Computer virus cannot reproduce and spread without
programming such file or document - A type of malicious code or program to alter the way a computer
operates and is designed to spread from one computer to another
Virus
Types of Computer Virus
*Resident Virus
* Multipartite Virus
*Direct Action Virus
*Browser Hijacker
*Overwrite Virus
*Web Scripting Virus
*Directory Virus
* Polymorphic Virus
* File Infector Virus
*Network Virus
- Lives in your RAM; can interfere with normal system operation
which can lead to corruption of files and programs
*Resident Virus
- Performing unauthorized actions in the operating system, in
folders and other programs on the computer
- Multipartite Virus
- Attacks certain file types typically .exe or .com files; replicate and
infect files in folders
*Direct Action Virus
*Bring you to different websites; hijackers open multiple
websites that may harm your computer
*Browser Hijacker
*Overwrites content of the file, losing the original
content
*Overwrite Virus
*When a link is clicked, the virus will automatically
download or direct o malicious websites
*Web Scripting Virus
- Changes file paths thus it will be difficult to locate the original
app
*Directory Virus
- Special method of encoding and encrypting, making it difficult
for antivirus to identify
- Polymorphic Virus
- Can slow down the program and produce other damaging
effects
- File Infector Virus
- Spread throughout the Local Area Network (LAN) and the Internet; replicates
through shared resources
*Network Virus
- Can self-replicate without a host program and typically spreads
without any human interaction or directives from the malware
authors - Often uses parts of the operating system that are automatic and
invisible to the users
Worm
Types of Worms
*Internet Worms
*Email Worms
*Instant Messaging Worm
*File-sharing Worms
- Can replicate themselves onto any computer being
used to access the website in question
*Distributed to other connected computers through the
Internet and LAN connections
*Internet Worms
*Have double extensions (eg. .mp4.exe; docx.exe;
pdf.exe)
*When victims click on the attachment, copies of the
same infected file will automatically be sent to
addresses from their contacts
*Body — might contain a link to fool the users to click;
taken to another website that will automatically start
downloading malicious software to the computer
*Email Worms
Accompanied by short messages to trick the victim into thinking
of something
* If clicked, the exact same message will be sent to their contacts
* Can be solved by changing the password
*Instant Messaging Worm
- File sharing and peer-to-peer file transfers are still used by
millions of users - Unknowingly exposing the computer to the threat
- Once downloaded and opened, an executable file (hidden) may
be discreetly installed
*File-sharing Worms
- Often disguised as legitimate software
- Employed by cyber-thieves and hackers trying to gain access to
users’ system - Users are tricked in some form of social engineering into loading
and executing Trojans on their systems - Once activated, cybercriminals can steal, spay and gain backdoor
access to your system
Trojan Horse
Types Trojan Horse
*Backdoor Trojan
* Exploit
*Rootkit
*Trojan-banker
* Trojan-DDOS
* Trojan-FakeAV
*Trojan-Dropper
*Trojan-GameThief
*Trojan-IM
*Trojan-Ransom
* Trojan-SMS
* Trojan-Spy
* Trojan-Mailfinder
Trojan Horse
- Known as Trojan
- Often disguised as ——–
legitimate software
*Unwanted software that infiltrates the computing device,
stealing internet usage data and sensitive information
*A type of malware designed to gain access to or damage
the computer, often without the knowledge
*Gathers information and relays it to advertisers, data firms
or external users
Spyware
Types of Spyware
*Adware
*Tracking Cookies
* System Monitors
- Tracks browser history and downloads, with the intent
of predicting what products or services the user is
interested in
*Will display advertisements for the same or related
products or services to entice the user to click or make
a purchase
*Used for marketing purposes and can slow down the
computer
*Adware
- Track users’ web activities (search history, downloads)
for marketing purpose
*Tracking Cookies
- Can capture everything the user does in the computer
- Can record all keystrokes, emails, chat-room dialogs,
websites visited and programs run
*Often disguised as freeware
- System Monitors
*A subset of malware in which the data on the victim’s
computer is locked (encryption) and payment is
demanded before the ransomed data is unlocked
(decrypted)
*Attacks is nearly always monetary
* Payment is demanded in virtual currency (Bitcoin) so that
the cybercriminals identity will not be known
Ransomware
- Can spread and infect in email attachments, infected
software applications, infected external storage devices
and compromised websites
*Have remote desktop protocol and other approaches that
do not rely on any form of user interaction
Ransomware
*Will try and pose as security software or tech support
* Victim may receive pop-up notifications saying malware
has been discovered on the system
*Not responding may lead to more pop-ups
*Scareware
*Designed to completely lock a user out of their
computer
* The victim may see what looks to be an official
government seal, leading the victim into believing they
are the subject of an official inquiry
*After notification, the victim is given instructions on
how to pay
*Screen Lockers (Lockers)
*Attacker will gain access to and encrypt the data of the
victim, then ask for a payment to unlock the files
* There is no guarantee that the victim will get access to
their data back even if they will negotiate
*Encrypting Ransomware (Data Kidnapping)
- Attacker threatens to publish the data online if the victim does
not pay a ransom
*Doxware
- Steal data from a phone or lock it and require a ransom to return
the data or unlock the device
- Mobile ransomware
*A collection of software tools that gives a threat actor
remote access to and control over a computer or other
system
*Open a backdoor on victim systems to introduce malicious
software
*Often attempt to prevent detection of malicious software
by endpoint antivirus software
*Once installed, a rootkit gives the remote actor access to
and control over almost every aspect of the operating
system
Rootkit
*Designed to change the functionality of an operating
system
* Typically adds its own code and own data structure
* Many kernel mode rootkits exploit the fact that OSes
allow device drivers or loadable modules to execute
with the same level of system privileges as the OS
kernel
*Kernel Mode
- Executes the same way as an ordinary user program
- may be initialized like other ordinary programs during system
startup, or they may be injected into the system by a dropper
*User Mode Rootkit (Application Rootkit)
- infects the master boot record of a hard drive or other storage
device connected to the target system - able to subvert the boot process and maintain control over the
system after booting and, as a result, have been used
successfully to attack systems that use full disk encryption.
- Bootkit (Bootloader Rootkit)
*take advantage of software embedded in system
firmware and install themselves in firmware images
used by network cards, BIOS, routers or other
peripherals or devices.
*Firmware Rootkit
*Keystroke loggers or system monitor
* a type of surveillance technology used to monitor and
record each keystroke typed on a specific
computer’s keyboard
* often used as a spyware tool by cybercriminals to
steal personally identifiable information (PII), login
credentials and sensitive enterprise data.
Keyloggers
Keyloggers
*——– or ——–
* a type of surveillance technology used to monitor and
record each keystroke typed on a specific
computer’s keyboard
Keystroke loggers
system monitor
may also be used by employers to observe employees’
computer activities, parents to supervise their children’s
internet usage, users to track possible unauthorized
activity on their devices or law enforcement agencies to
analyze incidents involving computer use
Keyloggers
- serves as a connector between the computer keyboard and the
computer - designed to resemble an ordinary keyboard PS/2 connector, part
of the computer cabling or a USB adaptor, making it relatively
easy for someone who wants to monitor a user’s behavior to
hide such a device - may also come in the form of a module that is installed inside the
keyboard itself
*Hardware-based Keylogger
- does not require physical access to the user’s computer for
installation - someone who wants to monitor activity on a particular
computer, or it can be malware downloaded unwittingly and
executed as part of a rootkit or remote administration Trojan
(RAT)
*Keylogger Software
