Module 3 Flashcards

1
Q

Endpoints

A
  • Refers to a network-connected hardware device
    • Ex: Computer, smartphone, tablet, wearable fitness trackers, etc
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Malware

A
  • Malicious software that enters a computer system without the user’s knowledge or consent and then performs an unwanted and harmful action.
    • There are millions of different types of malware (hard to classify)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the malware actions used for grouping? (hint 5)

A

Imprison, Launch, Snoop, Deceive, Evade

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the two kinds of Imprison

A
  • Ransomware: Malware that prevents a user’s endpoint device from properly and fully functioning until a fee is paid.
  • Cryptomalware: Malware that encrypts all the files on the device so that none of them can be opened until a ransom is paid.
    • new variants of cryptomalware encrypt all files on any network or attached device connected to that computer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are launch attacks and what are the 3 different kinds?

A
  • Infects a computer to launch attacks on it
  • Launch attacks include: Virus, Worm, Bot
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe the two different types of viruses? Why is one better than the other?

A
  • File-Based Virus: malicious computer code that is attached to a file.
    • Ex: Appender infection, armor file-based virus, split infection, mutation
  • File-less Virus: A type of malware that takes advantage of native services and processes that are part of the OS to avoid detection and carry out its attacks.
    • Services are called living-off-the-land binaries (LOLBins).
  • Fileless is better than file based because it is harder to detect, easier to infect, Difficult to defend against
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Worm

A

Type of launch attack

  • Malicious program that uses a computer network to replicate. (network viruses)
    • A worm is designed to enter a computer through the network and then take advantage of a vulnerability in an application or an OS on the host computer. Then searches for another computer on the network with the same vulnerability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Bot

A

Type of launch attack

  • Bot: An infected computer placed under the remote control of an attacker for the purpose of launching attacks.
    • When hundreds, thousands, or even millions of bot computers are gathered into a logical computer network, they create a botnet under the control of a bot herder.
      • Infected bot computers receive instruction from a command and control (C&C) structure telling which computers to attack and how
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is “snoops” and what are the different types?

A

Category of malware that spies on its victims

  • Two types are spyware and keyloggers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is spyware and what are the different technologies used by it?

A
  • Tracking software that is deployed without the consent or control of the user.
  • Technologies:
    • Automatic download software
    • passive tracking technologies
    • system modifying software
    • tracking software
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is keylogger?

A

Hardware or software that silently captures and stores each keystroke that a user types on the computer’s keyboard.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is deceive and what are the different softwares in this category? (hint 3)

A
  • Category of malware that attempts to deceive the user and hide it’s true intentions
    • Includes: potentially unwanted programs (PUPs), Trojans, and remote access Trojans (RATs).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are Potentially Unwanted Programs (PUP)

A
  • Software that users do not want on their computer.
    • Often installed along with other programs and are overlooked in the process
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Trojan

A
  • An executable program that masquerades as performing a benign activity but also does something malicious.
    • Ex: User downloads a calendar program but also installs malware that scans the computer (malicious activity)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Remote Access Trojan (RAT)

A

Malware that infects a computer like a Trojan but also gives the threat agent unauthorized remote access to the victim’s computer by using specially configured communication protocols.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is evade and what are the 3 different types?

A
  • Category of malware that attempts to help malware or attacks evade detection.
    • Includes: backdoor, logic bomb, and rootkit
17
Q

Backdoor

A

Type of evading malware

  • Malware that gives access to a computer, program, or service that circumvents any normal security protections.
18
Q

Logic Bomb

A

Type of evading malware

  • Computer code that is typically added to a legitimate program but lies dormant and evades detection until a specific logical event triggers it.
19
Q

What are application attacks and list the different types:

A
  • Client’s web browser makes a request to the Hypertext Transport Protocol (HTTP) to a web server which may be connected to web application servers. There are multiple attack points here. Includes:
    • scripting attacks, injection attacks, request forgery attacks, and replay attacks
20
Q

Scripting

A

Type of application attack

  • An attack that takes advantage of a website that accepts user input without validating it. (cross-site scripting (XSS)
21
Q

What is a SQL Injection? What are some other types of injections?

A

Type of application attack that introduces new input to exploit a vulnerability.

  • SQL Injection: An attack that inserts statements to manipulate a database server using Structured Query Language commands.
  • eXtenssible Markup Language (XML): Markup language designed to store information
    *
22
Q

What is requested forgery and what are the two different types

A
  • Type of application attack that fabricates a request. Includes:
    • Cross-site request forgery (CSRF): An attack that takes advantage of an authentication “token” that a website sends to a user’s web browser to imitate the identity and privileges of the victim.
    • Server site request forgery (SSRF): An attack that takes advantage of a trusting relationship between web servers.
23
Q

Replay

A

Type of application attack that copies data and then uses it for an attack.

24
Q

Resource exhaustion attacks

A
  • Type of memory vulnerability attack that depletes parts of memory and interferes with the normal operation of the program in RAM to give an attacker access to the underlying OS.
    • Ex: Memory leak: memory is not freed when the program has finished using it du to programming error
25
Q

What are the two types of memory vulnerability attacks?

A
  1. Butter overflow: An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer. Extra data overflows into adjacent memory locations (hence buffer overflow
  2. Integer Overflow: Attack that changes the value of a variable to something outside the range that the programmer had intended by using an integer overflow
26
Q

What are the different kinds of improper exception handling?

A

Type of memory vulnerability

  • Improper input handling: Programming error: that does not filter or validate user input to prevent a malicious action
  • Error Handling: A programming error that does not properly trap an error condition.
  • Pointer/object dereference: A flaw that results in a pointer given a NULL instead of valid value.
  • Race condition: A situation in software that occurs when two concurrent threads of execution access a shared resource simultaneously. (time of check/time of use race condition)
27
Q

What are the 3 different attacks that threat actors use to target external software components?

A
  • Application program interface (API): a link provided by an OS, web browser, or other platform that allows a developer access to resources at a high level. (ex website asking to know your location)
  • Device driver. software that controls and operates an external hardware device that is connected to a computer.
    • Attacker is either shimming (adding small coding library that intercepts changes in device and device driver) or refactoring (changing design of existing code)
    • Dynamic-link library (DLL).: a repository of both code and data that can be used by more than one program at the same time.
28
Q

Artificial Intelligence (AI)

A
  • technology that imitates human abilities
  • Includes machine learning: teaching a technology device to learn by itself without the continual instruction of a computer programmer, or through repeated experience
29
Q

What is Adversial artificial intelligence adn what are two risks associated with it?

A
  • Exploiting the risks associated with using AI and ML in cybersecurity. Risks:
    • Security of the ML Algorithms: A risk associated with the vulnerabilities in AI-powered cybersecurity applications and their devices.
    • Tainted training data for machine learning: A risk associated with attackers can attempt to alter the training data that is used by ML.