Security+ 1 Flashcards
Propagation Mechanism : the way a malware object spreads …
Payload : malicious action the malware performs …
any type of malware can contain anytype of payload
virus : spread by user interaction
worms can be mitigated by updating OS and app patches (ex : Stuxnet)
trojans : application control provides useful mitigation
Virus etc …
RAT (Remote Access Trojans) : provide backdoors to hacked systems …
adware can : change default search engine, display pop-up ads, replace legitimate ads with other ads …
spyware can : log keystrokes, monitor web browsing, search HDD’s and cloud storage …
preventing malware techniques : anti-malware software, security patches, user education …
backdoor mechanisms : hardcoded accounts, default passwords, unknown access channels …
RAT etc …
backdoors, botnet agents, adware/spyware, and can be used for good purposes like antitheft mechanisms … user mode : run with normal user privileges and easy to write and difficult to detect … Kernel mode : run with system privileges and are difficult to write and easy to detect …
Rootkit Payloads :
Signature Detection : identifying viruses by detecting known code patterns from a database … Polymorphic Virus change their own code to avoid signature detection and use encryption with a different key on each infected system …
Signature Detection Etc …
designed to be very difficult to reverse engineer and analyze. It is overly large, because it contains a large amount of misleading logic in order to foil attempts to figure out its mission … can write virus in assembly language, blocks use of system debuggers, and prevents sandboxing …
Armored Virus
command and control network relay orders, communication must be indirect and redundant by — IRC, twitter, peer to peer within the botnet attackers dont communicate with infected systems directly as risk to being cut off by security analysts … Steps : Infect Systems, covert those systems to bots, and those bots infect others, they then reach out to command and control network the attacker owns and receive instructions, then execute those instructions by usually delivering spam or DoS across the internet …
Botnet Command and Control Through :
well funded and highly skilled, typically govt. sponsored, have access to zero days and other weapons, work methodically to gain access to a target … to defend against an APT attack try : build a strong security foundation, implement strong encryption, use rigorous monitoring …
Hacktivist : seek to use hacking tools to advance political and social agendas …
Nation-states sponsor highly sophisticated APT groups …
APTs (Advanced Persistent Threats) etc …
privilege escalation attacks can take normal user privileges and transform them into super user accounts … perform background checks, use separation of duties principle (using multiple users to carry out sensitive operations) to thwart these types of attacks
Insider Threat
Threat Intelligence : set of activities that an organization undertakes to educate itself about changes in cybersecurity threat landscape, and adapt security controls based upon that info.
Open Source Intelligence : gathering info from freely available public sources, ex : security websites. news media, social media, govt. sponsored security analysis centers, security researchers …
Threat/Open Source Intelligence
search the web for valid email addresses at targets domain then use those email addresses to send out spearfishing attacks …
Email Harvesting