External threats

avatar
Created by
Dylan Tappenden

Subdecks (1)

Cards (105)

  • What is an external threat?
    A threat from outside an organisation
  • In this context what does threat mean?
    Threat to digital systems, devices and data
  • DDOS is more common version of denial of service, name two reasons why?
    Harder to locate source of attack
    More impactful
  • Social engineering is similar to scamming and involves tricking some into revealing sensitive info
  • What is a trojan ?
    Malware that pretends to be a legitimate piece of software
  • How does spyware operate?
    attaches itself to your operating system and runs in the background
  • Positive implications of ethical hacking:
    Can improve security
    Company will know the impact of a breach
  • Negative implications of ethical hacking:
    Could plant malware
    Must give a hackers access to private information
  • Worm is like a virus but?
    doesn't need a host file
  • Rootkit is a, and what does it do?
    Malware, creates a backdoor
  • Botnet does what?
    Allows a person to use the computer as a bot in a network of bots
  • How does ransomware lock data?
    Encryption
  • What is ransomware?
    Malware that encrypts data, asks for payment to decrypt data
  • How does ransomware primarily spread?
    Phishing
  • What are trojans?
    Malware that acts as legitimate software, but acts as malware
  • Worm vs virus
    Virus needs a host file and must be run by a user
    Worms don't need to be run and instead use built in program features
  • What is generally easier to make an effective worm, or virus?
    Virus
  • 5 types of virus (not malware, specifically virus):
    Boot sector virus- Attacks the boot sector, file system, or partition table
    Firmware virus- Attacks the devices firmware
    Macro virus- Uses MS Office macro feature maliciously
    Program virus- inserts itself in another executable
    Script virus - Attacks OS interpreter which executes scripts
  • 8 types of trojan horse:
    Remote access - provides unauthorised remote access
    Data sending - Sends threat actor sensitive data
    Destructive - destroys data
    Proxy - Use victims device as a source device to launch other attacks and activities
    FTP (file transfer protocol) - enables unauthorized file transfer
    Security software disabler - stops antivirus program or firewall from functioning
    DoS - Trojan slows or halts network
    Keylogger - Records key strokes
  • Threat actors often use amplification and reflection techniques to create DoS attacks. For example a Smurf attack is used to overwhelm a target, this is done by:
    Sending an echo request spoofed as from the victim's IP
    All requested devices send echo replies to the vicim's IP
  • IP address spoofing attacks occur when packets are sent with a false IP, to either hide the identity of the sender or pose as a legitimate user
  • Spoofing is often incorporated int other attacks
  • MAC address spoofing is used with access to an internal network, alters the address of their host to match MAC address of a target host
  • Blind spoofing is where a threat actor cannot see the traffic that is being sent between the host and the target. Used in DoS attacks
  • Non-blind spoofing is where a threat actor can see the traffic being sent from host to target.
    • Non-blind spoofing can be used to hijack a session by sending a fake session cookie
  • TCP provides:
    Reliable delivery
    Flow control
    Stateful communication