Security Plus - Chapter 3 Flashcards
Malware
Software that is intentionally designed to cause harm to systems, devices, networks, or users. Gathers information, provides illicit access, and may take a broad range of actions that the legitimate owner of a system or network may not want to occur.
Ransomware
Malware that takes over a computer and then demands a ransom. Usually driven by phishing campaigns with unsuspecting victims installing the malware. Also installed from RDP sessions, vulnerable services, or front facing applications that are compromised.
Ransomware IoCs
- Command and control traffic and/or contact to known malicious IP addresses
- Use of legitimate tools in abnormal ways to retain control of the compromised system
- Lateral movement processes that seek to attack or gain information about other systems or devices inside the same trust boundaries
- Encryption of files
- Notices to end users of the encryption process with demands for ransom
- Data exfiltration behaviors, including large file transfers
Trojan Horse
Malware that is typically disguised as legitimate software.
Tools to Identify Trojan Horse Malware
Anti-malware
Endpoint Detection and Response
Botnets
Groups of systems that malware is installed on that are under command & control of a centralized attacker.
Worms
Malware that are automated and once inside a system can spread on its own without user interaction. They are usually embedded in vulnerable services, email attachments, work file shares, IoT devices, and phones. Can be controlled through network-level controls IPS devices, network segmentation, and firewalls.
Spyware
Malware that is designed to obtain information about an individual, organization, or system. Combated using anti-malware and user awareness.
Bloatware
Unwanted applications installed on new build computers by the manufacturers.
Viruses
Malicious programs that self-copy and self-replicate once they are activated. Viruses require an infection mechanism like copying from a thumb drive or on a network share drive. Viruses use a trigger, sets the condition for the virus to execute, and a payload, what the virus does, delivers, and the action it performs.
Keyloggers
Programs that capture keystrokes from a keyboard, mouse movements, or touchscreen inputs. They can capture data from the kernel, via APIs or scripts, or even directly from memory.
Logic Bombs
Functions or code placed inside other programs that will activate when set conditions are met.
Rootkits
Malware that is specifically designed to allow attackers access to a system through a backdoor.
