Section 1.0 Threats, Attacks, and Vulnerabilities - 21% Flashcards
Malicious software - Can be very bad
Malware
Gather Information - Keystrokes
Malware
Participate in a Group - Controlled over the internet
Malware
Show you some kind of advertising - Big Money
Malware
Viruses, Crypto…, Ransomware, Worms, Trojan Horse, Rootkit, Keylogger, Adware, Spyware, Botnet are types of :
Malware
Virus and Worms - Encrypt your data, Ruin your day.
Malware
How to get”Working together” - A worm takes advantage of a vulneravility, installs “something” that includes a remote access backdoor, Bot may be installed later:
Malware
How to get “You must run” some sort of program from: Email link, unknown link, web page pop-up, by download, worm.
Malware
How to get “Causes” Operating System Vulnerable, OS without currents updates, Suspicious application, Infected Application, Adobe Flash vulnerability of the moment.
Malware
It’s a type of Malware that can reproduce itself (It doesn’t have you to click anything, It needs you to execute a program).
Virus
Reproduces through file system or the network (Just running a program can spread it).
Virus
May and may not cause a problem ( Some are invisible, some are annoying).
Virus
Anti-… is very common, thousands of new “it” are created every week, your signature file has to be update to prevent it.
Virus
Types of ( Program “…” - Part of the application, Boot sector “….” Who needs an OS?, Script “…” - Operating System and browser-based, Macro “…” - Common in Microsoft Office.
“…” Viruses
It’s a type of malware that self-replicates (Doesn’t need you to do anything, uses the network as a transmission medium/way/path, It self propagates and spreads quickly.
Worms
It’s a pretty bad thing that can take over(take control) many system very quickly.
Worms
Firewalls and Intrusion Detection Systems (IDS)/Intrusion Prevention Systems (IPS) can mitigate/reduce many infestation of it, but doesn’t help much once the “it” gets inside.
Worms
1 - Can replicate itself. 2 - Can reproduce itself.
1 - Worms, 2 - Virus
Your data is valuable/worth money (Personal Data: Family picutre and videos, important documents).
Ransomware and Crypto-Malware
Your data is valuable/worth money (Organization Data: Planning Documents, Employee personally Identifiable Information - PII, FInancial Information, Company Private Data.
Ransomware and Crypto-Malware
The bad guys want your money, they’ll take your computer in the meantime (kidnapping).
Ransomware
Probable they will ask for a fake sum of money, locks your computer “ By the police”.
Ransomware
It may be avoided, a security professional may be able to remove these kinds of malware, it refers to kidnapping of data.
Ransomware
Is a new generation of ransomware
Crypto-malware
Your data is unavailable/inaccessible until you provide cash.
Crypto-malware
Your data will be encrypted by a malware ( Pictures, music, movies, documents, etc) OS remains functional, You can see, but you can’t touch/open/execute.
Crypto-malware
You MUST pay to release your data from it, impossible to trace.
Crypto-malware
An unfortunate use of public-key “….”graphy.
Crypto-malware
Types of protection: Offline Backup, Operational System Updated, Applications Updated, Anti-virus and anti-malware signatures updated (lalest versions).
Crypto-malware
Remain the Greek history, used to capture the city of Troy. But this version is digital.
Trojan Horse
Software that pretends to be something else, it wants to conquer or take control of your computer, it doesn’t care much about replicating.
Trojan Horse
Malware that circumvents/avoid your existing security, anti-virus may catch it when it runs.
Trojan Horse
The betters types of it are built to avoid and disable anti-virus (AV).
Trojan Horse
Once it’s inside it has free reign/control/domain to give permission to others inside your OS.
Trojan Horse
It’s a vulnerability of some softwares and OS, “Why go through normal authentication methods?
Backdoor
It can be created by malwares and used by another malware who takes advantage of it.
Backdoors
Bad softwares has it as part of the App, old linux kernel has it as well.
Backdoor
Remote administration tools, the ultimate backdoor, administrative control of a device.
Remote Access Trojans (RATs)
A malware will install the server/service/host, bad guys connect with the client software.
Remote Access Trojans (RATs)
Control the device remotely (Key logging, Screen recording, screenshots, copy files) Can embed/insert more malware.
Remote Access Trojans (RATs)
Originally a UNIX techinique, the “root”…
Rootkits
Modifies core system files, Part of the kernel
Rootkits
Can be invisble to the OS, you won’t see it in Task Manager,Also Invisible to traditional Anti-Virus (Av), if you can’t see it, you can’t stop it.
Rootkits
Zeus and Zbot are types of it, they can be combined with Necurs who make sure that you won’t be able to delete Zbot.
Rootkits
Common message “Erro terminating process: Access Denied” when you try to stop a Windows process.
Rootkits
It can be recognised and finded by unusual comportements and scanning the computers with anti-malwares.
Rootkits
A security boot with UEFI and establishing a security parameter in the BIOS can avoid be infected by it. Specific removers are developed after it has been discovered.
Rootkits
Your keystrokes contain valuable information ( Web sites logins, passwords, email messages). It saves everything of your inputs and send to bad guys.
Keylogger
It can circumvents encryption protections, your keystrokes are in the clear.
Keylogger
Can capture Clipboard logging, screen logging, instant messaging, search engine queries.
Keylogger
It’s usually installed with others malwares to capture your inputs, to avoid it you have to keep your AV updated, blocking unauthorized communication, sacanning for exfiltration attempt “unauthorized copying, transfer or retrieval of data from a computer or server”, reviewing firewall rules.
Keylogger
Your computer as a big advertisement, Pop-ups with Pop-ups.
Adware
Can cause downgrade of performance in your computer, especially when over the network.
Adware
It’s usually installed accidentally, may be included in other softwares installations as part of the app.
Adware
Some softwares will claim that they can remove “it”, especially if you learned about it from a Pop-up.
Adware
Type of malware that will trick you into installing peer to peer, fake security software, motivated to monitoring what you are browsing, capturing surfing habits. Keylogger is a type of it.
Spyware
Type of malware that aims to monitor your activity on the internet, with an objective to advertising, identity theft, affiliate fraud.
Spyware
These two things exist because of money. What you are looking on the internet is valuable, your time using your computer and bandwidth is incredibly vulnerable, your account details is incredibly valuable.
Adware and Spyware
Another name for Robot Networks
Botnets
Once your machine is infected, it becomes a bot, you may even know
Botnets
How does it get on your computer?
• Trojan Horse (I just saw a funny video of you! Click here.)
You run a program or click an ad you THOUGHT was legit, but…
• OS or application vulnerability
• A day in the life of a bot
• Sit around. Check in with the mother ship. Wait for instructions.
Botnets
A group of bots working together
• Nothing good can come from this
Botnets
DDoS (Disturbed Denial of Service) The power of many
Botnets