Lesson 4: Identifying Social Engineering and Malware Flashcards
Social Engineering Principles
Familiarity/Liking
Consensus/Social Proof – the influence that the actions and attitudes of the people around us (either in real life or online) have on our own behavior. i.e. exploiting polite behavior to slip into a building while someone holds the door for them.
Authority and Intimidation
Scarcity and Urgency – creating a false sense of urgency can disturb people’s ordinary decision-making process.
Tailgaiting
entering a secure area without authorization by following close behind the person that has been allowed to open the door or checkpoint.
Piggy Backing
means that the attacker enters a secure area with an employee’s permission. i.e. “I’ve forgotten my keys”
Impersonation
pretending to be someone else
Identity Fraud
an attacker would use specific details of someone’s identity.
Vishing
conducted through a voice channel.
SMiShing
using SMS (Simple message service) as the attack vector.
Pharming
is a passive means of redirecting users from a legitimate website to a malicious one. Redirecting a genuine site to the malicious one by corrupting the user’s internet name resolution.
Typosquatting
using a very similar name to get a user to accidentally visit the site, hoping that the user will not notice the difference.
Water hole attack
It relies on the circumstance that a group of targets may use an unsecure third-party website.
Credential Harvesting
is a campaign specifically designed to steal account credentials.
Viruses and worm
these represent some of the first types of malware and spread without any authorization from the user by being concealed within the executable code of another process.
Virus
Virus is a type of malware designed to replicate and spread from computer to computer, usually by “infecting” executable applications or program code.
Trojan
malware concealed within an installer package for software that appears to be legitimate. This type of malware does not seek any type of consent for installation and is actively designed to operate secretly.
Potentially unwanted programs (PUPs)/Potentially unwanted applications (PUAs)
software installed alongside a package selected by the user or perhaps bundled with a new computer system. Sometimes called Grayware
Memory resident
when the host file is executed, the virus creates a new process for itself in memory. The malicious process remains in memory, even if the host process is terminated
Non-resident/file infector
the virus is contained within a host executable file and runs with the host process. The virus will try to infect other process images on persistent storage and perform other payload actions. It then passes control back to the host program.
Boot
the virus code is written to the disk boot sector or the partition table of a fixed disk or USB media, and executes as a memory resident process when the OS starts or the media is attached to the computer
Script and macro viruses
the malware uses the programming features available in local scripting engines. for the OS and/or browser, such as PowerShell, Windows Management Instrumentation (WMI), JavaScript, Microsoft Office documents with Visual Basic for Applications (VBA) code enabled, or PDF documents with JavaScript enabled.
worm
is memory-resident malware that can run without user intervention and replicate over network resources. a worm can execute by exploiting a vulnerability in a process when the user browses a website, runs a vulnerable server application, or is connected to an infected file share
Fileless malware
Fileless malware does not write its code to disk. The malware uses memory resident techniques to run in its own process, within a host process or dynamic link library (DLL), or within a scripting host.
Rootkit
modifies core system files (part of the kernel), can be invisible to the OS.
crypto-malware
is a class of ransomware attempts to encrypt data files on any fixed, removable, and network drives.
Cuckoo
is packaged software that aims to provide a turnkey sandbox solution