threats and attacks on endpoints

Question 1

What is Malware?

Answer 1

Malware is a software that enters a computer system without the user’s knowledge or consent and then performs an unwanted and harmful action.

Question 2

Which is true about Malware?

a) Malware is most often used as the general term to refer to a wide variety of damaging software programs.

b) Malware is continually evolving to avoid detection by improved security measures.

c) One attempt at classifying the diverse types of malware can be to examine the primary action that the malware performs.

d) All of the above.

Answer 2

d) All of the above.

Question 3

What is Imprison?

Answer 3

Some types of malware attempt to take away the freedom of the user to do what they want.

Question 4

What types of malware imprison?

Answer 4

Types of malware that imprison are ransomware and cryptomalware.

Question 5

What is randomware?

Answer 5

Ransomware prevents a user’s endpoint device from properly and fully functioning until a fee is paid.

Some ransomware pretends to come from a law enforcement agency while others pretend to come from a software vendor and displays a fictitious warning that a license has expired.

Question 6

What is cryptomalware?

Answer 6

Cryptomalware is a type of malware that imprisons users and encrypts all files on the device so that none of them can be opened.

The cost for the key to unlock the cryptomalware increases every few hours or days.

New variant of cryptomalware encrypt all files on any network or attached device connected to that computer.

Question 7

What type of malware launches?

Answer 7

Malware that infects a computer to launch attacks on other computers includes a virus, worm, and bot.

Question 8

What is a virus?

Answer 8

There are two types of viruses: a file-based and fileless.

Question 9

What is a file-based virus?

Answer 9

A file-based virus is malicious code that is attached to a file that reproduces itself on the same computer without any human intervention.

Question 10

What is an armored file-based virus?

Answer 10

An armored file-based virus goes to great lengths to avoid detection. Techniques include split infection and mutation.

Question 11

What is a fileless virus?

Answer 11

A fileless virus does not attach itself to a file but instead takes advantage of native services and processes that are part of the OS to avoid detection and carry out its attacks. It does not infect a file, instead the code is loaded directly in the computer’s random access memory (RAM).

Question 12

What are some advantages of a fileless virus over a file-based virus:

Answer 12

Easy to infect, expensive to control, persistent, difficult to detect and to defend against.

Question 13

What is a worm?

Answer 13

A worm is a malicious program that uses a computer network to replicate (sometimes called a network virus).

Designed to enter a computer through the network and then take advantage of a vulnerability in an application or an OS on the host computer.

Today’s worms can leave behind a payload on the systems they infect and cause harm, much like a virus.

Actions that worms have performed include deleting files on the computer or allowing the computer to be remotely controlled by an attacker.

Question 14

What is a bot?

Answer 14

Another type of malware allows the infected computer to be placed under the remote control of an attacker for the purpose of launching attacks.

The infected robot computer is known as a bot or zombie.
When hundreds, thousands, or even millions of bot computers are gathered into a logical computer network, they create a botnet under the control of a bot herder.

Infected bot computers receive instructions through a command and control (C&C) structure from the bot herders.

Question 15

What are two common types of snooping?

Answer 15

Spyware and keyloggers.

Question 16

What is spyware?

Answer 16

Spyware is tracking software that is deployed without the consent or control of the user.

Question 17

What is keylogger?

Answer 17

A keylogger silently captures and stores each keystroke that a user types on the computer’s keyboard.

The threat actor can then search the captured text for any useful information such as passwords, credit card numbers or personal information.

A keylogger can be a software program or a small hardware device.

Question 18

What malware deceives?

Answer 18

Potentially unwanted programs (PUPs), Trojans, and remote access Trojans (RATs).

Question 19

What are Potentially Unwanted Programs (PUPs)?

Answer 19

A PUP is software that the user does not want on their computer.

Question 20

What are some example of PUPs?

Answer 20

Advertising that obstructs content or interferes with web browsing, pop-up windows, pop-under windows, search engine hijacking, home page hijacking, etc.

Question 21

What is a trojan?

Answer 21

A computer Trojan is an executable program that masquerades as performing a benign activity but also does something malicious.

Question 22

What is a Remote Access Trojan (RAT)?

Answer 22

A RAT has the basic functionality of a Trojan but also gives the threat agent unauthorized remote access to the victim’s computer by using specifically configured communication protocols.

This creates an an opening to the victim’s computer, allowing the threat agent unrestricted access.

Question 23

What is malware evading?

Answer 23

This category of malware attempts to help malware or attacks evade detection.
Includes backdoor, logic bomb, and rootkit.

Question 24

What is a backdoor?

Answer 24

A backdoor gives access to a computer, program, or service that circumvents any normal security protections.

Question 25

What is a logic bomb?

Answer 25

A logic bomb is computer code that is typically added to a legitimate program but lies dormant and evades detection until a specific logical event triggers it.

Question 26

What is a roofkit?

Answer 26

A roofkit is malware that can hide its presence and the presence of other malware on the computer.

It does this by accessing “lower layers” of the OS to make alterations.

Question 27

What are application attacks?

Answer 27

Application attacks look for vulnerabilities in applications or manipulates applications in order to compromise them.

Common targets of attackers using application attacks are internet web server.

Question 28

What is scripting?

Answer 28

In cross-site scripting (XSS) attack, a website accepts user input without validating it and uses that input in a response that can be exploited.

An attacker can take advantage in an XSS attack by tricking a valid website into feeding a malicious script to another user’s web browser.

Question 29

What is an in injection?

Answer 29

Attacks called injections introduce new input to exploit a vulnerability.

One of the most common injection attacks (SQL injection) inserts statements to manipulate a database server.

SQL injection targets SQL servers by introducing malicious commands into them.

By entering crafted SQL statements as user input, information from the database can be extracted or the existing can be manipulated.

Question 30

What is request forgery?

Answer 30

Request forgery is a request that has been fabricated.

Question 31

What are the two types of request forgeries?

Answer 31

Cross-site request forgery (CSFR) and a server-site request forgery(SSRF).

Question 32

What is a Cross-Site Request Forgery?

Answer 32

CSRF takes advantage of an authentication “token” that a website sends to a user’s web browser.

If a user is currently authenticated on a website and is then tricked into loading another webpage, the new page inherits the identity and privileges of the victim, who may then perform an undesired function on the attacker’s behalf.

Question 33

What is a Server-Site Request Forgery (SSRF)?

Answer 33

• An SSRF takes advantage of a trusting relationship between web servers.
• SSRF attacks exploit how a web server processes external information received from another server.
• Some web applications are designed to read information from or write information to a specific URL
• If an attacker can modify that target URL, they can potentially extract sensitive information from the application or inject untrusted input into it.

Question 34

What are replay attacks?

Answer 34

Replay attacks are commonly used against digital identities.

After intercepting and copying data, the threat actor retransmits selected and edited portions of the copied communications later to impersonate the legitimate user.

Many digital identity replay attacks are between a user and an authentication server.

Question 35

What are attacks on software?

Answer 35

Other attacks are directly focused on vulnerabilities in the software applications.

These include:
- Exploiting memory vulnerabilities.
- Improper exception and error handling.
- External software components.

Question 36

What are memory vulnerabilities?

Answer 36

Some memory-related attacks are called resource exhaustion attacks because they “deplete” parts of memory and thus interfere with the normal operation of the program in RAM

Question 37

What are some other memory-related attacks?

Answer 37

Buffer overflow attacks and integer overflow attacks.

Question 38

What is a buffer overflow attack?

Answer 38

A buffer overflow attack occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer. This extra data overflows into the adjacent memory locations.

Question 39

What is an integer overflow attack?

Answer 39

In an integer overflow attack, an attacker changes the value of a variable to something outside the range that the programmer had intended by using an integer overflow.

Question 40

What is improper exception handling?

Answer 40

Some attacks are the result of poor coding on the part of software developers.

Question 41

What are some attacks on external software components?

Answer 41

Application program interface (API), Device driver,
Dynamic-link library (DLL)

Question 42

What is artificial intelligence (AI)?

Answer 42

The definitions of AI vary, but AI may be defined as technology that imitates human abilities.

Question 43

What is machine language (ML)?

Answer 43

ML is defines as “teaching” a technology device to “learn” by itself without the instructions of a computer programmer.

Question 44

What are some risks in AI and ML in cybersecurity (also known as adversarial artificial intelligence)?

Answer 44

The first risk is the security of ML algorithms (they could be compromised, allowing threat actors to alter algorithms and ignore attacks), another risk is tainted training data for machine learning.