Module 1.2 – Given a scenario, analyse potential indicators to determine the type of attack.
| Malware | A blanker term for software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. |
| Virus | Software that can reproduce itself |
| Programme Virus | Virus which is bundled with an application |
| Boot Sector Virus | Virus that installs in the boot sector so it executes with the OS |
| Script Virus | Script based virus which runs as an OS script or a Macros |
| Fileless Virus | Virus which doesn’t install or save as a file and instead operates in the memory |
| Worm | Malware which utilises exploits to self-replicate |
| Ransomware | Malware which holds a system captive until a ransom is paid |
| Crypto-Malware | Ransomware but uses cryptography to encrypt files. The decryption key is provided once the ransom is paid. |
| Trojan Horse | Software which injects by convincing the user and anti-viruses that its something else |
| PUP | Potentially Unwanted Programme |
| RAT | Remote Administration Tool – provides the attacker administrative rights to the device |
| Rootkit | Malware which modifies kernel |
| Adware | Malware which shows adverts |
| Spyware | Malware which spys on you (e.g. keyloggers, browser monitoring) |
| Bot | Infected host which reports to a C&C for instructions |
| Botnet | Large collection of bots which executes instructions provided by C&C. |
| Logic Bomb | Malware which only executes once a logical condition is met |
| Time Bomb | Type of Logic Bomb which executes once a certain date or time is met |
| Tripwire | Monitoring system which monitors and alters if certain changes are madePlai |
| Plaintext Password | Un-encrypted password (plain text) |
| Hashing | A method of password protection where via an algorithm a password is represented as a fixed-length string of text |
| Spraying Attack | When attacker uses common passwords to attempt password to an account then moves from to avoid account lockout |
| Brute Force Attack | Attack attempting every single password combination until a match is made. |
| Online Brute Force | Brute force to log into a website using every combination |
| Offline Brute Force | Brute force to log in but compares against stolen hashes |
| Dictionary Attack | Access access attack using a dictionary of common words |
| Rainbow Table Attack | Pre-built optimised set of hashes |
| Salting | A bit of random additional data added to a password before hashing. |
| Malicious USB Cable | USB cable with additional electronics that is identified by Windows as a HID. Can perform inputs as a HID. |
| Malicious flash drive | Flash Drive with additional electronics that is identified by Windows as a HID. Can perform inputs as a HID and often holds hidden files which are executed. |
| Skimming | Stealing credit card information during a normal transaction |
| Card Cloning | Cloning a card with magnetic stripe |
| Poisoned AI | Artificial intelligence which has been poisoned with bad input (e.g. twitter training AI) |
| Evasion attack | Evading AI by knowing and therefore predicting it’s behaviours |
| Supply Chain Attack | Attack which originates from the supply chain |
| Cryptographic Attack | Decrypting encrypted data |
| Birthday Attack | Allows Brute Force if hash collision is found |
| Hash Collision | When two different plaintext passwords equal the same hash |
| Downgrade Attack | – Most computers agree an encryption method when communicating – Downgrade attack happens when the victim system is forced to downgrade security |
| What are the 9 types of Malware? | 1. Virus 2. Crypto-Malware 3. Ransomware |
| Difference between Virus and Worm | Viruses use a programme to execute where a Virus exploits vulnerabilities |
| What’s a key characteristic of a Worm? | Spreads very fast |
| What are the two common types of Data? | 1. Personal Data 2. Organisational Data |
| How do you protect against ransomware? (4) | 1. Backups 2. Keep OS up to date 3. Keep Anti-virus up to date 4. Keep apps up to date |
| What type of malware is installed via Trojan Horse? | 1. Potentially Unwanted Programme (PUP) 2. Backdoor 3. RAT |
| What can a RAT do? | As it has administrative privileges pretty much anything |
| What is the key advantage of a rootkit? | Very difficult to detect |
| How can you prevent and remove rootkits? | 1. Look for unusual anti-malware results 2. Remover tool specific for rootkits 3. Secure boot with UEFI to secure BIOS |
| What are the two common ways adware is installed? | 1. Packaged with other downloads 2. Funnily enough with adware removers |
| How do you protect against adware/spyware? | 1. Maintain anti-virus definitions 2. Backups 3. Always know what your installing 4. Anti-malware removal tools |
| What can botnets do? | 1. DDoS 2. Replay Spam 3. Proxy Traffic |
| Why are Logic bombs difficult to deal with? | 1. Difficult to identify pre-activation 2. Difficult to recover from once activated |
| Who is usually responsible for deploying a logic bomb? | Disgruntled employee |
| What usually happens to a logic bomb post activation? | It deletes itself |
| How can you secure passwords? | Hashing |
| What is the key advantage of hashing? | Cannot be reversed |
| Why do you salt passwords? | To protect against has comparison attacks (e.g. rainbow table) |
| How can you protect against supplier attacks? | 1. Use reputable companies 2. Maintain small supplier base 3. Strict controls over policies/procedures |