Cybersecurity Chapter 2: Attacks and Techniques

Questions and Answers

What is the term used to describe a program written to take advantage of a known vulnerability?

• Malware
• Patch
• Update
• Exploit (correct)

Software vulnerabilities are typically introduced by errors in operating system or application code.

True (A)

What is one way to avoid the SYNful Knock vulnerability when installing a new version of IOS?

Verify the integrity of the downloaded IOS image

The goal of software updates is to stay current and avoid ________ of vulnerabilities.

exploitation

Match the following items with their corresponding information:

Vulnerability = A software or hardware defect. Exploit = A program that takes advantage of a vulnerability. Attack = The act of using an exploit against a vulnerability. Buffer Overflow = When data is written beyond the limits of a buffer.

Which major vulnerability was discovered in Cisco IOS in 2015?

SYNful Knock (B)

Hardware vulnerabilities are generally widespread and affect many different device models.

False (B)

A ________ occurs when data is written beyond the limits of a buffer.

buffer overflow

Which of the following can a buffer overflow lead to?

All of the above (D)

Which type of vulnerability occurs when the output of an event depends on ordered or timed outputs?

Race condition (D)

Creating your own security algorithms is recommended for enhanced security.

False (B)

What is malware?

Malware is any code used to steal data, bypass access controls, or cause harm to a system.

__________ holds a computer system or data captive until a payment is made.

Ransomware

Match the malware type with its description:

Spyware = Used to steal data from a system Ransomware = Holds data captive until payment is made Rootkit = Creates a backdoor Scareware = Persuades the user to take a specific action based on fear

Which of the following describes a bot?

A robot that quietly waits for commands (A)

Physical access control is not a necessary part of computer security; software protections are sufficient.

False (B)

How does scareware typically trick users?

Scareware forges pop-up windows and messages that resemble operating system dialogs, claiming the system is at risk.

A program that processes an image receives data that contains malicious content due to _______________.

Non-validated input

Which of these malware types is primarily designed to create a persistent backdoor on a system?

Rootkit (B)

Which type of malware replicates itself and can slow down networks?

Worm (B)

A computer infected by a rootkit can be cleaned with antivirus software without needing to be wiped and reinstalled.

False (B)

What is a common symptom of malware infection related to CPU usage?

Increase in CPU usage

A man-in-the-middle attack intercepts user information before relaying it to its intended ______.

destination

Which of the following methods can viruses use to spread?

All of the above (E)

Trojans can only be found in executable files.

False (B)

What is the purpose of a Man-In-The-Mobile (MitMo) attack?

To take control over a mobile device and exfiltrate user-sensitive information.

Rootkits are hard to detect because they modify system forensics and ______ tools.

monitoring

Which of these is MOST likely to be stolen during a Man-In-The-Middle attack?

Financial information (D)

Flashcards

Non-validated input

Data input that hasn't been checked for validity, allowing malicious content.

Race conditions

A vulnerability where events occur out of the intended order or timing, affecting outputs.

Weaknesses in security practices

Using homemade security algorithms instead of established libraries can create vulnerabilities.

Access-control problems

Issues managing who can physically access resources, sometimes leading to data breaches.

Malware

Malicious software designed to steal data or damage systems.

Spyware

Malware that secretly monitors user activity without consent.

Adware

Software that displays unwanted ads and may track user behavior.

Ransomware

Malware that encrypts data and demands payment to unlock it.

Scareware

Malware that tricks users into fearing for their system, prompting action.

Rootkits

Malware that provides unauthorized access to the system by creating backdoors.

Security Vulnerabilities

Defects in software or hardware that can be exploited by malicious users.

Exploit

A program designed to take advantage of a known vulnerability.

Attack

The act of using an exploit against a software or hardware vulnerability.

Software Vulnerabilities

Errors in operating system or application code leading to security risks.

Major Vulnerability Example

SYNful Knock, a vulnerability in Cisco IOS discovered in 2015.

Google Project Zero

A dedicated team for finding software vulnerabilities.

Hardware Vulnerabilities

Design flaws in hardware that can lead to security issues.

Rowhammer

An exploit created due to RAM design flaws.

Buffer Overflow

Occurs when data is written beyond a buffer's limits.

Purpose of Software Updates

To stay current and avoid exploitation of known vulnerabilities.

Virus

Malware that attaches to other files, requires activation, and can be harmless or destructive.

Trojan horse

Disguised malware that appears in non-executable files like images or games.

Worm

Self-replicating malware that spreads rapidly and can slow down networks.

Man-In-The-Middle (MitM)

An attack where an attacker intercepts communication between two parties without them knowing.

Man-In-The-Mobile (MitMo)

A variant of MitM that targets mobile devices to exfiltrate sensitive information.

CPU Usage Increase

A symptom of malware indicating higher processing demand than normal.

Slow Computer Speed

A common symptom of malware, leading to noticeable delays in operations.

Unknown Processes

Processes running on a computer that are unfamiliar or suspicious, often indicating malware.

Exfiltration

The unauthorized transfer of sensitive data from a device, often used in attacks.

Study Notes

Chapter 2: Attacks, Concepts, and Techniques

• This chapter covers security vulnerabilities, exploits, attacks, and malware.

Finding Security Vulnerabilities

• Security vulnerabilities are flaws in software or hardware.
• Malicious users exploit vulnerabilities.
• An exploit is a program designed to take advantage of a vulnerability.
• An attack is the act of using an exploit against a vulnerability.

Software Vulnerabilities

• Software vulnerabilities often arise from errors in operating systems or application code.
• Operating system vendors regularly release patches and updates to address these flaws.
• SYNful Knock (2015) was a significant vulnerability in Cisco IOS, allowing attackers to control routers, monitor network communication, and infect other devices.

Software Vulnerabilities (continued)

• Software updates aim to prevent exploitation of vulnerabilities.
• Some companies have dedicated security teams focused on discovering vulnerabilities in software, like Google's Project Zero.

Hardware Vulnerabilities

• Hardware vulnerabilities stem from design flaws.
• Rowhammer is an exploit that takes advantage of close capacitor placement in RAM memory, affecting neighboring capacitors.
• Hardware vulnerabilities are often specific to device models.
• Hardware exploits are prevalent in targeted attacks.

Categorizing Security Vulnerabilities: Software

• Buffer Overflow: Writing data beyond a buffer's allocated memory, potentially causing system crashes, data compromises, or privilege escalation.
• Non-validated Input: Programs accepting potentially malicious data without proper validation, leading to memory issues and security flaws (e.g., malicious image files with incorrect dimensions).
• Race Conditions: Event outcomes depending on the order or timing of events, when these are not properly synchronized can lead to security vulnerabilities.
• Weaknesses in Security Practices: Avoiding creating custom security algorithms and relying on pre-tested security libraries to avoid introducing new weaknesses.

Categorizing Security Vulnerabilities: Access-Control Problems

• Proper management of physical access to equipment is crucial.
• Access controls define who can access resources.
• Operating systems sometimes cannot enforce access restrictions if read or write access directly to storage devices bypass them. Protecting machines and data requires access restrictions and data encryption.

Types of Malware

• Malware is malicious software.
• Spyware: Monitors user activity.
• Adware: Displays advertisements.
• Bot: A malicious program acting under commands from a botnet.
• Ransomware: Holds systems or data hostage until a ransom is paid. It encrypts data, making it inaccessible.
• Scareware: Attempts to trick users into taking actions by using fear and posing as operating system components.
• Rootkits: Backdoor access, modifies system utilities, and are very difficult to detect. Requires a wipe and reinstall to remove.
• Virus: Self-replicating code attached to executable files. Can be harmless or destructive and can spread through various means.
• Trojan Horse: A disguised malware that conceals malicious code. Commonly disguised as benign files, often found in images, videos, audio clips.
• Worms: Self-replicating malware that spreads over networks. They often cause significant network congestion.
• Man-in-the-Middle (MitM) & Man-in-the-Mobile (MitMo): Intercepting communication between two parties without their knowledge to steal information like financial data, or capture two step authentication SMS messages.

Symptoms of Malware

• Increased CPU usage, decreased computer speed, frequent freezes/crashes, network issues, file modifications or deletions, appearance of unknown files/programs, erratic program behavior, unauthorized email sending.