Malware

Question 1

Malware

Answer 1

broad term used to describe any type of malicious software designed to infiltrate, damage, or gain unauthorized access to computer systems or networks.

Question 2

Identifying Ransomware:

Answer 2

Encrypted files with a ransom note demanding payment in exchange for decryption keys.

Question 3

Identifying Trojans:

Answer 3

Unexpected or unauthorized access, changes in system settings, or suspicious network activity.

Question 4

Identifying Worms:

Answer 4

Rapid self-replication and spreading across a network or multiple systems.

Question 5

Identifying Potentially Unwanted Programs (PUPs):

Answer 5

Unwanted toolbars, adware, or browser extensions installed without user consent.

Question 6

Identifying Fileless Virus:

Answer 6

Unusual or suspicious processes running in memory without traditional executable files.

Question 7

Identifying Command and Control (C2):

Answer 7

Communication with external C2 servers, often via unusual or non-standard network ports.

Question 8

Identifying Bots:

Answer 8

A network of compromised devices (botnet) controlled by a central command center.

Question 9

Identifying Cryptomalware:

Answer 9

Encrypted files with a ransom demand or ransom payment address.

Question 10

Identifying Logic Bombs:

Answer 10

Unexpected system or application behavior triggered by specific conditions or dates.

Question 11

Identifying Spyware:

Answer 11

Unusual network traffic, unauthorized access to sensitive data, or suspicious system activity.

Question 12

Identifying Keyloggers:

Answer 12

Unauthorized access to sensitive data or evidence of keystroke recording.

Question 13

Identifying Remote Access Trojan (RAT)

Answer 13

Suspicious or unauthorized remote access or control of a system.

Question 14

Identifying Rootkit:

Answer 14

Concealed processes or files, unusual system behavior, or unauthorized access.

Question 15

Identifying Backdoor:

Answer 15

Unauthorized access, unusual network traffic, or the presence of hidden pathways.

Question 16

Password Attacks

Answer 16

Password attacks are attempts by malicious actors to gain unauthorized access to a system or account by guessing or cracking passwords.

Question 17

Identifying Password Spraying:

Answer 17

Multiple login attempts with the same password against multiple user accounts.

Question 18

Identifying Dictionary Attack:

Answer 18

Repeated login attempts using words from a dictionary or common passwords.

Question 19

Identifying Brute Force Attack (Online):

Answer 19

Continuous and rapid login attempts without delay between each attempt.

Question 20

Identifying Brute Force Attack (Offline):

Answer 20

Theft or possession of hashed password data (e.g., from a database breach).

Question 21

Identifying Rainbow Table Attack:

Answer 21

Rapid password cracking with the use of precomputed rainbow tables.

Question 22

Identifying Plaintext/Unencrypted Password Attack:

Answer 22

Passwords stored in plaintext format.

Question 23

Physical Attacks:

Answer 23

• Malicious USB Cable
• Malicious Flash Drive
• Card Cloning
• Skimming

Question 24

Identifying Malicious USB Cable:

Answer 24

The presence of a suspicious or unknown USB cable connected to a device, computer, or network.

Question 25

Identifying Malicious Flash Drive:

Answer 25

Discovery of unknown or unverified USB flash drives in the organization, especially in public areas or near workstations.

Question 26

Identifying Card Cloning:

Answer 26

Unusual or unauthorized transactions on payment cards or access control systems.

Question 27

Identifying Skimming:

Answer 27

Suspicious or unusual devices attached to card readers, ATMs, or payment terminals.

Question 28

Adversarial Artificial Intelligence (AI):

Answer 28

- Unusual Model Behavior - Misclassification or Misbehavior - Anomalies in Model Confidence - Increased False Positives/Negatives

Question 29

Identifying Unusual Model Behavior:

Answer 29

If an AI model exhibits unexpected or erratic behavior, it could be an indicator of an adversarial AI attack. Adversaries may manipulate inputs to exploit vulnerabilities in the model.

Question 30

Identifying Misclassification or Misbehavior:

Answer 30

Frequent misclassification of inputs or outputs that do not align with the model's intended behavior may indicate adversarial interference.

Question 31

Identifying Anomalies in Model Confidence:

Answer 31

If the model's confidence scores fluctuate widely or show inconsistencies, it could suggest adversarial attempts to undermine the model's accuracy.

Question 32

Identifying Increased False Positives/Negatives:

Answer 32

A noticeable increase in false positives or false negatives in AI-based security systems, such as intrusion detection or spam filters, might indicate adversarial attacks.

Question 33

Tainted Training Data for Machine Learning (ML):

Answer 33

- Data Inconsistencies - Unusual Model Performance - Unexpected Bias - Data Source Anomalies

Question 34

Identifying Data Inconsistencies:

Answer 34

Analyze the training data for inconsistencies, inaccuracies, or anomalies that could indicate tampering or poisoning.

Question 35

Identifying Unusual Model Performance:

Answer 35

If the ML model exhibits poor or erratic performance, it may be a sign of tainted training data.

Question 36

Identifying Unexpected Bias:

Answer 36

Check for unexpected biases or discriminatory behavior in the ML model, which can be introduced through malicious data manipulation.

Question 37

Identifying Data Source Anomalies

Answer 37

Investigate the sources of training data for any signs of compromise, such as unauthorized access or alterations.

Question 38

Security of Machine Learning Algorithms:

Answer 38

- Model Evasion - Unauthorized Access - Model Stealing - Abnormal Resource Usage

Question 39

Supply-Chain Attacks:

Answer 39

- Unusual Network Activity - Unauthorized Access - Vendor Alerts

Question 40

Identifying Unusual Network Activity:

Answer 40

An increase in network traffic or unusual data transfers between systems within your supply chain may indicate a supply-chain attack.

Question 41

Identifying Unauthorized Access:

Answer 41

Suspicious login attempts or unauthorized access to systems or applications within your supply chain can be indicative of an attack.

Question 42

Identifying Vendor Alerts:

Answer 42

Notifications or alerts from your suppliers or vendors about a security breach or compromise on their end may signal a supply-chain attack.

Question 43

Cloud-Based vs. On-Premises Attacks:

Answer 43

- Anomalous Cloud Activity - On-Premises Intrusion - Logs and Alerts

Question 44

Identifying Anomalous Cloud Activity:

Answer 44

In a cloud-based attack, you might observe unusual or unauthorized activities in your cloud services, such as accessing sensitive data, changing configurations, or spinning up new instances.

Question 45

Identifying On-Premises Intrusion:

Answer 45

In an on-premises attack, signs may include unusual system or network activity, unauthorized access to physical premises, or signs of tampering with hardware or servers.

Question 46

Identifying Logs and Alerts:

Answer 46

Monitor logs and security alerts from both cloud-based and on-premises systems to detect suspicious activities and breaches.

Question 47

Cryptographic Attacks:

Answer 47

- Birthday Cryptographic Attack - Collision Cryptographic Attack - Downgrade Cryptographic Attack

Question 48

Identifying Birthday Cryptographic Attack:

Answer 48

- A sudden increase in collisions in hash functions or unexpected hash collisions in your system logs. - Difficulty in verifying data integrity or authenticity due to hash collisions.

Question 49

Identifying Collision Cryptographic Attack:

Answer 49

- Instances where two different inputs produce the same cryptographic hash. - Repeated failures in verifying digital signatures or certificates.

Question 50

Identifying Downgrade Cryptographic Attack:

Answer 50

- Errors or issues with the negotiation of cryptographic protocols during secure communications. - Unexpectedly weak encryption algorithms being used in secure connections.