1.2 -analyze indicators to determine the type of attack

avatar
Created by
Meloday

Subdecks (1)

Cards (42)

    • Malware - Malicious software, gathers information ie: keystrokes, controlled over a botnet, show advertisements, viruses or worms with malware, your computer must run a program, use links or pop-ups
    • Virus - Malware that reproduces itself, needs a user to start the process, reproduces through file systems or the network, and may or may not cause problems.
    • Virus types:
    • program viruses (part of an application)
    • boot sector viruses (starts in the boot sector of OS)
    • script viruses (operating system and browser-based)
    • macro viruses (common in Microsoft Office, similar to script virus)
    • fileless virus - a stealth attack, doesn't install or save on the system, good for avoiding anti-virus detection, operates in the memory could be in the registry
    • Worms - Malware that self-replicates, doesn't need you to do anything, uses network as transmission medium, spreads quickly, signatures can be stopped at the IDS/IPS or Firewall
    • Wannacry worm - 2017, installed crypto-malware, smbV1 used to infect vulnerable systems and installed double pulsar to encrypt user data
    • Crypto-malware - A new generation of ransomware, malware encrypts the data files
    • Protect against ransomware - Always have a backup, offline and not on the same system
    • Trojan Horse - Software that pretends to be something else, doesn't replicate, circumvents anti-virus
    • PUP - Potentially Unwanted Program, undesired program often installed along with other software, can hijack your browser
    • RAT - Remote Administration Tool or Remote Access Trojan, controls the device (ie: DarkComet RAT)
    • Rootkit - Originally a Unix technique, modifies core system files in part of the kernel, invisible to antivirus software
    • Zeus/Zbot malware - Kernel driver famous for cleaning out bank accounts, combined with Necurs rootkit, Necurs ensures Zbot can't be deleted and denies any termination process
    • Secure boot with UEFI - Protects against rootkits in the BIOS
    • Adware - Pop-up ads everywhere, cause performance issues
    • Spyware - Malware that spies on you; advertising, identity theft, and affiliate fraud; often a trojan, can capture browser surfing habits, keylogger
    • Logic Bomb - Often used by someone with a grudge; time bombs, user event, difficult to identify, many logic bombs delete themselves
    • Spraying Attack - Common passwords, used only a few times to prevent lockout before moving to the next account; hidden from alarms and detection
    • Brute Force - Every possible password combination until the hash is matched, can take some time, a strong hash algorithm slows things down, most accounts will lockout, more common for an attacker to check for the hash offline
    • Dictionary attack - Using common words, password crackers can substitute letters
    • Rainbow tables - Pre-built set of hashes, contains pre-calculated hash chains, speed increased over previous password attacks, rainbow tables are application or OS-specific
    • Salt - Random data added to a password before hashing takes place
    • Birthday attack - 23 students have 50% of 2 students having the same birthday, for 30 there's a 70% chance, hash collisions happen when different input gives an output that uses the same hash.
    • MD5 hash - Has hashing collisions.
    • Downgrade Attack - Force the system to use a weaker encryption method