threats and attacks on endpoints Flashcards
What is Malware?
Malware is a software that enters a computer system without the user’s knowledge or consent and then performs an unwanted and harmful action.
Which is true about Malware?
a) Malware is most often used as the general term to refer to a wide variety of damaging software programs.
b) Malware is continually evolving to avoid detection by improved security measures.
c) One attempt at classifying the diverse types of malware can be to examine the primary action that the malware performs.
d) All of the above.
d) All of the above.
What is Imprison?
Some types of malware attempt to take away the freedom of the user to do what they want.
What types of malware imprison?
Types of malware that imprison are ransomware and cryptomalware.
What is randomware?
Ransomware prevents a user’s endpoint device from properly and fully functioning until a fee is paid.
Some ransomware pretends to come from a law enforcement agency while others pretend to come from a software vendor and displays a fictitious warning that a license has expired.
What is cryptomalware?
Cryptomalware is a type of malware that imprisons users and encrypts all files on the device so that none of them can be opened.
The cost for the key to unlock the cryptomalware increases every few hours or days.
New variant of cryptomalware encrypt all files on any network or attached device connected to that computer.
What type of malware launches?
Malware that infects a computer to launch attacks on other computers includes a virus, worm, and bot.
What is a virus?
There are two types of viruses: a file-based and fileless.
What is a file-based virus?
A file-based virus is malicious code that is attached to a file that reproduces itself on the same computer without any human intervention.
What is an armored file-based virus?
An armored file-based virus goes to great lengths to avoid detection. Techniques include split infection and mutation.
What is a fileless virus?
A fileless virus does not attach itself to a file but instead takes advantage of native services and processes that are part of the OS to avoid detection and carry out its attacks. It does not infect a file, instead the code is loaded directly in the computer’s random access memory (RAM).
What are some advantages of a fileless virus over a file-based virus:
Easy to infect, expensive to control, persistent, difficult to detect and to defend against.
What is a worm?
A worm is a malicious program that uses a computer network to replicate (sometimes called a network virus).
Designed to enter a computer through the network and then take advantage of a vulnerability in an application or an OS on the host computer.
Today’s worms can leave behind a payload on the systems they infect and cause harm, much like a virus.
Actions that worms have performed include deleting files on the computer or allowing the computer to be remotely controlled by an attacker.
What is a bot?
Another type of malware allows the infected computer to be placed under the remote control of an attacker for the purpose of launching attacks.
The infected robot computer is known as a bot or zombie.
When hundreds, thousands, or even millions of bot computers are gathered into a logical computer network, they create a botnet under the control of a bot herder.
Infected bot computers receive instructions through a command and control (C&C) structure from the bot herders.
What are two common types of snooping?
Spyware and keyloggers.
What is spyware?
Spyware is tracking software that is deployed without the consent or control of the user.
What is keylogger?
A keylogger silently captures and stores each keystroke that a user types on the computer’s keyboard.
The threat actor can then search the captured text for any useful information such as passwords, credit card numbers or personal information.
A keylogger can be a software program or a small hardware device.