Malware Types and Methods

Questions and Answers

What characterizes a pure insider threat?

They have limited access and are associated with the organization.

They rely on physical security measures to infiltrate the network.

They typically work outside the organization to gain access.

They are fully embedded in the system and can cause significant disruption. (correct)

Which of the following is NOT a type of insider threat?

Insider fraud

Outsider malware (correct)

Insider theft

Insider IT sabotage

What is a common reason for insider threats due to personal factors?

Contractual obligations

Corporate restructuring

Personal anger or frustration (correct)

Technological upgrades

What is malware primarily designed to do?

Disrupt normal functioning and steal data

Which behavior is a potential indicator of an insider threat?

Copying material out of scope

What access does an insider associate typically have?

Limited access to the security network or system

Which of the following is a characteristic of insider fraud?

Using IT to commit identity fraud

What is a typical entry point for malware into an organization?

Phishing emails or pirated software

What does a hash value match indicate in the context of user verification?

A successfully verified user

Which component is NOT part of a digital ID?

Message digest

What is the role of the public key in the verification algorithm?

To decrypt the received signature

What happens if the received message is tampered with during transit?

The signature becomes invalid

What information does a public key certificate combine?

Public key and identity information

What does the digital signature consist of in PDF implementations?

Digital signature and timestamp

What is required for a message to be considered authentic?

It must be integral initially

Which resource is NOT commonly required by cryptographic mechanisms?

Network bandwidth

What is the primary function of a firewall in network security?

To control data that enters or leaves the network

Which of the following describes a bot in the context of DDoS attacks?

An infected computer that sends requests to a target host

What is a botnet?

A group of infected computers working together under an attacker's control

Which type of firewall specifically examines the headers of packets?

Packet filter firewall

What happens to a server when it receives a deluge of requests during a DDoS attack?

The server exhausts its memory and stops accepting requests

What is the role of an access control list in a firewall?

To define the rules for data packet inspection

Why must data entering the intranet be scrutinized?

To prevent harmful data from the untrusted Internet

Which of the following statements best defines network security?

Activities to protect data and network integrity

What is the primary purpose of non-repudiation in legal and compliance contexts?

To ensure action attribution to specific individuals

Which authentication methods enhance user identification reliability?

Multi-factor authentication and biometrics

What mechanism is essential for ensuring users perform only authorized actions?

Role-based access control (RBAC)

How does policy enforcement help maintain accountability?

By providing a framework that mandates user adherence to defined behaviors

Why is accountability important during an incident response?

It ensures parties are held accountable for their actions related to the incident.

What is a potential consequence of failing to maintain accountability in compliance with regulations?

Legal consequences and fines.

Which of the following methods helps organizations manage permissions effectively?

Attribute-based access control (ABAC)

What role does logging and monitoring play in policy enforcement?

It enables the organization to track and ascertain adherence to policies.

What is a characteristic of a Trojan in malware?

It pretends to be legitimate software.

Which type of malware is designed to collect information from the user's system without consent?

Spyware

Which type of malware does NOT require user intervention to spread?

Worm

Which of the following describes ransomware?

It demands a ransom to decrypt the user's data.

What is a rootkit primarily used for?

To provide remote access to a malicious entity.

What is the primary purpose of a virus in malware?

To attack and damage other files and applications.

Which step is NOT part of the attack methodology described?

Data Decryption

What does adware primarily do?

Displays advertisements on the user's device.

Study Notes

Insider Threats

• Insider threats involve individuals with legitimate access to a network who may misuse their privileges.
• Difficult to detect due to established trust within the organization.
• Have greater knowledge of the network and can bypass external defenses.

Types of Insider Threats

• Pure Insider: Fully embedded employees with potential to cause significant disruption.
• Insider Associate: Contractors or temporary staff with limited access.
• Insider Affiliate: Individuals related to staff members within the system.
• Outside Affiliate: Unaffiliated individuals using deception to access the network.

Key Insider Threat Activities

• Insider IT Sabotage: Misuse of authorized access to disrupt systems.
• Insider Theft: Utilizing IT systems to steal company intellectual property.
• Insider Fraud: Committing identity fraud using company IT resources.

Motivations for Insider Threats

• Personal Factors: Anger, ideology, ego-related issues, personal problems.
• Organizational Factors: Lack of security policies, poor training, and easy access to confidential information.

Behavioral Indicators of Insider Threats

• Evidence of unwanted access and remote connections during odd hours.
• Disregarding company protocols and attempting to access out-of-scope materials.

Malware Overview

• Malware disrupts normal system functions, can steal or delete data, and cause performance issues.
• Delivered through phishing, infected downloads, and compromised software.

Types of Malware

• Trojan: Disguised as legitimate software, requires user action to activate.
• Virus: Attaches to files and activates upon file execution, aiming to disrupt functionality.
• Worm: Self-replicating malware that spreads without user intervention, leading to network issues.
• Ransomware: Encrypts data and demands ransom, often using social engineering tactics.
• Spyware: Collects user data secretly and sends it to threat actors.
• Rootkit: Provides remote access to attackers, designed to remain undetected.
• Adware: Delivers intrusive advertisements; often combined with spyware.

Security Attacks

• Conducted via various threat vectors, targeting individuals or organizations.
• Can be initiated by insiders or outsiders exploiting system vulnerabilities.

Steps in an Attack Process

• Involves reconnaissance, access escalation, data exfiltration, and potential obfuscation.

Digital Signatures

• Provides authentication and non-repudiation, ensuring only the legitimate sender can create a signature.
• Based on a pair of public-private keys, combining identity information and digital signatures for verification.

Application of Cryptography

• Relies on computational resources to maintain security features like encryption and hashing.
• Aims to protect information from unauthorized access.

Network Security

• Essential to safeguarding network availability and protecting data integrity and confidentiality.
• Differentiates between trusted (intranet) and untrusted (internet) zones.

DDoS (Distributed Denial of Service) Attacks

• Utilizes botnets to overwhelm a target with excessive traffic, leading to service unavailability.

Firewall Functionality

• Acts as a barrier between trusted and untrusted networks, controlling data flow.
• Configured with access control lists to regulate permissions based on set rules.

User Identification and Authentication

• Strong mechanisms ensure accountability and traceability of user actions through MFA and biometrics.

Access Control and Permissions

• Role-based (RBAC) and attribute-based (ABAC) controls limit user activities to authorized actions.

Policy Enforcement

• Organizations enforce security policies to ensure compliance, documenting violations for accountability.

Incident Response

• Critical for documenting actions around security incidents to identify responsible parties.
• Relies on robust systems to track incidents effectively.

Compliance and Legal Requirements

• Regulations (e.g. GDPR, HIPAA) mandate tracking and auditing user activities to avoid legal penalties.
• Accountability demonstrates adherence to compliance regulations through detailed activity records.

Description

This quiz covers various types of malware, including Trojans and viruses, and their methods of operation. Explore how these malicious software entities can act independently or be controlled from a command and control server, causing harm to the user's device. Test your knowledge of how malware performs reconnaissance and tricks users into infection.