Understanding Cyber Threats

Questions and Answers

What is the primary goal of an attacker who uses cyber threats to infiltrate and steal data, such as personal, financial, and login information?

• To enhance the organization's data management practices.
• To compromise sensitive information and gain unauthorized access. (correct)
• To improve the security posture of the targeted organization.
• To disrupt the operational activities of an organization.

Which of the following scenarios exemplifies a threat involving an attacker?

• An attacker tricking an employee into revealing sensitive information. (correct)
• An employee accidentally deleting critical company data.
• A server experiencing a sudden power failure due to a natural disaster.
• Data loss due to a faulty storage device within the organization.

In the context of information security, what characterizes an unintentional threat source?

• An unskilled administrator causing a security breach through negligence. (correct)
• A disgruntled employee deliberately sabotaging a company's database.
• A cyber-terrorist launching a large-scale disruption of computer networks.
• A natural event, such as a fire, causing physical damage to computer systems.

Which type of threat is carried out by individuals who use various tools to break into a network to disrupt services?

Structured external threat (C)

What is the most common motive behind unstructured external threats, often carried out by unskilled attackers?

Curiosity to access networks using freely available tools. (C)

A security analyst discovers that a disgruntled employee has intentionally modified sensitive financial records within the company's database. What type of threat actor is this employee classified as?

Insider Threat (C)

A group of skilled hackers, supported by their government, infiltrates a foreign nation's infrastructure to gather sensitive intelligence. Which threat actor category does this group belong to?

State-Sponsored Hackers (A)

What type of threat actor is primarily motivated by religious or political beliefs to create fear through widespread disruption of computer networks?

Cyber Terrorists (A)

How are 'Criminal Syndicates' categorized among the various types of threat actors?

Groups focused on organized, planned, and prolonged criminal activities, such as money laundering. (A)

What characteristic distinguishes 'Suicide Hackers' from other threat actors?

They are not worried about facing jail terms for their actions. (C)

Which attribute of a threat actor mainly determines the financial and technical capabilities they can utilize in launching an attack?

Resources/funding (D)

If attackers inject malware into cloud resources to access user data, how would that be categorized in terms of threat vectors?

Cloud (B)

What is the MOST accurate description of a 'threat vector' in the context of cybersecurity?

The medium through which an attacker gains access to a system by exploiting vulnerabilities. (C)

In what way do attackers exploit the 'Supply Chain' to compromise a target system?

They take advantage of vulnerabilities in resources provided by third-party vendors. (A)

What is the MOST common initial purpose of 'Malware programmers' when they design and deploy malware?

To damage or disable computer systems for theft or fraud. (B)

Which action best describes a system's vulnerability to malware through untrusted sites and freeware?

Visiting untrusted sites and freeware platforms. (B)

What is the primary function of a 'Crypter' in the context of malware operations?

To conceal the existence of malware. (B)

Which component of malware is responsible for performing the intended malicious actions, such as deleting or modifying files, once the malware is activated?

Payload (D)

Which type of malware is characterized by its ability to provide attackers with complete control over a victim's system from a remote location?

Remote Access Trojans (B)

What distinguishes ‘Backdoor Trojans’ from other malware types?

Their method of bypassing standard security authentication to provide unauthorized access. (C)

How do attackers typically deploy 'Botnet Trojans' to compromise numerous computers across a wide geographical area?

By distributing infected files via phishing, SEO hacking, and URL redirection. (A)

What type of Trojan is explicitly designed to target point-of-sale equipment to acquire credit card data?

Point-of-Sale Trojans (D)

Which action illustrates the process of creating a virus using a batch file?

Creating a batch file that replicates itself and deletes system files. (B)

What is the distinguishing characteristic that classifies Emotet as an advanced threat?

It evades detection by changing its identifying features and acting as a downloader. (B)

Which characteristic is unique to a virus?

It requires a host file to replicate and spread (C)

You notice that the color settings of your operating system are changing automatically, and unfamiliar pop-up messages appear on your screen. What type of malware infections is indicated by such changes?

Trojan (A)

Which of the following describes the replication stage in the virus lifecycle?

When a virus replicates itself within a target system and spreads. (D)

What is the main sign that your computer has fallen prey to a 'Sparse Infector' Virus?

It infrequently infects files that meet the length requirements. (B)

Which functionality defines a ‘Logic Bomb’ virus?

It is triggered by a certain response such as a date to execute the trigger. (C)

What action is indicated by a ‘Terminate and Stay Resident (TSR)’ virus?

remaining permanently in memory during an entire work session. (C)

An information security analyst suspects that a system has been infected with a PUA. What is the initial step to detect the PUA?

Check the system for a changed default homepage. (C)

If a system exhibits indications of a new toolbar or browser add-on installation without your consent, which action can you take?

Check all browser plug-ins. (A)

An employee reports their computer slows down when browsing with an unusual amount of advertisements, what does this indicate?

Adware. (D)

In which action do ‘Potentially Unwanted Applications or Applications (PUAs)’ use personal assets?

Performing personal cryptomining. (D)

Which of the following activities characterizes keyloggers?

Recording every keystroke a user types on the keyboard. (B)

Which aspect is not one that a keylogger can help monitor?

Physical hardware components. (B)

When a user has their computer used for unwanted distributed tasks, what indicates this?

A bot. (A)

A large number of computers connecting and working toward goals is what?

A botnet. (A)

Why is employing Fileless Malware most preferred compared to alternative programs?

Exceedingly difficult to recognize and avoid. (D)

How does fileless malware propagate through phishing emails?

Inserting malicious links that exploit the security. (D)

What represents when a threat is executed due to unauthorized operations?

A vulnerability. (B)

What leads security holes, network instructions, and potential loss of data?

Insecure configuration. (D)

Which of the following actions represents the MOST direct realization of a threat?

A hacker successfully exploiting a vulnerability to steal sensitive data. (D)

Among the categories of threat sources, what is MOST exemplified by a natural disaster?

Natural, since it's a naturally occurring event. (B)

Which of the following correctly matches a threat actor with their typical motivation?

Cyber terrorists: creating fear through large-scale disruption of computer networks (A)

Which factor primarily differentiates 'Structured external threats' from 'Unstructured external threats'?

The attacker's skill level, tools, and motivation. (A)

What action best represents the role of a 'downloader' in a malware attack?

Installing additional malicious modules from a remote server. (A)

What role does a 'Dropper' typically fulfill within a malware operation?

Concealing other malware files and performing the covered installation. (D)

In the context of cybersecurity, how do attackers MOST commonly employ 'Black Hat SEO' techniques?

To manipulate search engine rankings and direct users to malicious websites. (B)

How does social engineered click-jacking primarily function to compromise a user's system?

Tricking users into clicking on seemingly innocent webpages. (B)

What is the MOST common delivery method used by attackers employing 'Spam Emails' to distribute malware?

Including malicious attachments that, when opened, execute the malware. (C)

What is the likely outcome of a web server that permits directory listing?

Sensitive information disclosure (C)

Which of the following is a PRIMARY indication that a computer might be infected with a Trojan?

Unfamiliar pop-up messages suddenly appear (C)

What potential risk is introduced by a USB drive?

Spread of autorun malware (C)

What is the MOST significant characteristic of a 'Remote Access Trojan' (RAT)?

Its capacity to provide an attacker with complete control over a victim's system. (C)

If a technician suspects a computer is infected with eBanking trojan, how would they investigate?

Find the system in the command and control (D)

What is 'Disk Overwrite' and how is it implemented?

A stealth technique: It can cause changes and cause damage. (A)

Which method do Sparse infector viruses use?

To minimize the probability of discovery. (C)

Which activity defines a 'Logic Bomb' virus with respect to trigger?

By the launch of an application. (A)

An analyst discovers a system with a program persistently running from memory, maintaining control over the infected computer, What specific kind of infection is indicated?

Terminate and Stay Resident (TSR) (B)

An employee encounters a program displaying aggressive ads, Which action should they take?

Use anti-spyware tools (B)

How do Cryptomining-based PUAs MOST directly impact an infected system?

By secretly mining cryptocurrency. (C)

What is the PRIMARY function of a PUA classified as Adware?

Generate pop-up ads. (C)

In the context of cyber threats, which activity is MOST characteristic of the 'data exfiltration' impact caused due to vulnerabilities?

An attacker secretly copying sensitive data from a compromised system. (B)

What distinguishes 'Zero-day vulnerabilities' from most other types of software vulnerabilities?

The software vendor doesn't know (A)

Which of the following actions is MOST effective in mitigating the potential risks associated with default passwords on network devices?

Changing the default passwords to strong, unique passwords during the initial setup. (B)

How does the characteristic of 'System Sprawl' MOST directly contribute to increased network vulnerability?

By increasing the number of systems that don't (A)

Which statement BEST describes how 'Legacy Platform Vulnerabilities' increase an organization's security risk?

They lead to more expensive data breaches (C)

What describes "Improper Certificate and Key Management?"

Vulnerabilities that lead to data exfiltration (B)

If a software vendor releases a patch to fix bugs, what is the primary goal?

To prevent exploitations and reduce the probability of threats. (C)

When deploying network devices, Which action has the MOST value?

Disabling default settings. (C)

Which situation indicates the potential danger of third-party risks to an organization?

Access to protected services. (A)

An organization suffers reputational damage due to a vulnerability. Which MOST describes that result?

Deter customers. (B)

What should a user do when they receive an email from an unknown user? (choose all that apply)

Not run attachment. (B), Checking the attachment before opening. (C)

Which of the following actions exemplifies a 'Hardware or Software Misconfiguration' that could lead to security vulnerabilities?

Configuring a web server to display directory listings. (D)

In cybersecurity, what scenario is described as a 'Threat'?

A potential event that could exploit a vulnerability and cause harm to a system. (A)

In cybersecurity, what factor is MOST linked with 'Intent/Motivation' when attempting to identify a Threat Actor?

Political or personal goals associated. (A)

What is a 'Threat Vector'?

A medium through exploitation can gain access. (A)

In a cloud environment, Which action is the threat vector?

Injecting malware into cloud resources to access user data. (D)

What best characterizes the attack surface that Malware seeks?

They may target any system. (A)

If a system's firewall suddenly shows unauthorized changes, Which malware is indicated?

Trojan (B)

How do Keyloggers compromise security?

By capturing keyboard strokes. (D)

What does the use of Botnets Indicate?

Distributed tasks to goals (A)

With fileless attacks, Where will the injection take place?

The RAM (C)

Where are the exploits?

Legitimate processes (B)

In the context of cybersecurity, what factor is MOST linked with 'poor user practices'?

Careless users (C)

What is the primary distinction between structured and unstructured intentional external threats?

Structured threats are carried out by skilled attackers using advanced tools, while unstructured threats are carried out by unskilled attackers using basic tools. (B)

Which action is MOST likely to result from a misconfigured or absent firewall?

The potential for unauthorized access and sensitive data exposure. (C)

How do cyber attackers MOST effectively exploit the cloud as a threat vector?

By injecting malicious code into cloud resources to access sensitive user data. (B)

What is the MOST effective way for attackers to use Black Hat SEO (Search Engine Optimization)?

To rank malware-hosting webpages highly in search results and distribute malicious links. (B)

What is the primary goal for attackers utilizing the 'Social Engineered Click-jacking' technique?

Tricking users into clicking on what appears to be an innocent-looking webpage. (B)

To what does the term 'drive by downloads' refer?

The exploitation of browser software flaws to install malware through a website visit. (C)

What is the role of an 'Obfuscator' in the context of malware?

To conceal the malicious code of malware. (B)

What is the function of a 'Packer' in malware?

It compresses the malware file to convert the code and data of the malware into an unreadable format. (D)

What is the purpose of 'Rootkit Trojans'?

To provide attackers with full control over a victims OS. (A)

How do Remote Access Trojans (RATs) MOST commonly provide attackers with control over a victims system?

By providing attackers with full control, thereby enabling them to remotely access data. (D)

How do attackers primarily use Botnet Trojans to compromise numerous computers across a wide geographical area?

By tricking regular computer users into downloading Trojan-infected files via phishing or SEO hacking. (A)

What is the primary function of a 'FAT Virus'?

Attacking the File Allocation Table. (C)

Which statement accurately describes how a 'Stealth' or 'Tunneling' virus operates?

It actively alters and corrupts service call interrupts to hide from antivirus programs. (B)

How does a computer virus use 'programming languages' to its advantage?

Programming languages are used to develop the virus code. (C)

Which of the following is true of a 'Computer Worm'?

A worm spreads more rapidly than a virus. (B)

Why is 'Stealth' a key attribute cited for fileless malware?

Fileless malware exploits legitimate system tools. (D)

Which factor MOST makes fileless malware attacks difficult to detect?

Fileless malware operates without creating or modifying files. (D)

How are 'Default Passwords' categorized as a network security vulnerability?

Devices are vulnerable to attacks, such as brute force. (B)

In the context of cyber threats, how does 'data exfiltration' mostly occur due to vulnerabilities?

Through the unauthorized retrieval and transmission of sensitive information. (D)

Which of the following is the MOST accurate description of an 'application flaw'?

A weakness in the design or implementation of applications. (A)

Flashcards

What is a Threat?

A potential occurrence of an undesirable event that can damage and disrupt an organization's activities.

Examples of Threats

Stealing sensitive data, causing a server shutdown, tricking employees for information, infecting systems with malware, spoofing identities.

Natural Threats

Threats caused by natural events like fires, floods and power failures.

Unintentional Threats

Threats due to unintentional human errors within an organization (negligence, untrained staff).

Intentional Threats

Deliberate attacks from insiders or external actors seeking to harm an organization.

Internal Threats

Threats from insiders seeking to harm the organization.

External Threats

Attacks exploiting network vulnerabilities without insider assistance.

Structured External Threats

Implemented by technically skilled attackers using tools for disrupting services.

Unstructured External Threats

Implemented by unskilled attackers (script kiddies) mainly out of curiosity.

Black Hats

Individuals with extraordinary computing skills who perform illegal activities, also known as crackers.

White Hats

Security analysts use hacking skills for defensive purposes with permission.

Gray Hats

Individuals alternately working offensively and defensively to help and harm.

Suicide Hackers

Want to cause infrastructure damage for a cause and don't worry about punishments.

Script Kiddies

Unskilled hackers use scripts/tools made by others to compromise systems.

Cyber Terrorists

Those seeking disruption driven by religious or political beliefs on a large scale.

State-Sponsored Hackers

Govt hired hackers, penetrating systems & stealing info from other governments

Hacktivist

Promote a political agenda by hacking, website defacement or disable website.

Hacker Teams

Skilled hackers work to research and create state-of-the-art technolgies

Industrial Spies

Individuals involved in stealing critical intel and/or spying on competitor organizations

Insiders

Someone with critical assests and privileged access inside an organization

Criminal Syndicates

Organized groups plan sophisticated cyber attacks

Organized Hackers

Miscreants or hardened criminals use rented devices or botnets pilfer money from victims.

Threat Vectors

Medium through attacker gains access to system by exploiting identification vulnerabilities

Direct Access

Gaining physical access to the target system and performing malicious actitivies

Removable Media

Devices like usb, printers, phones used to run automatically malware on system.

Wireless

Cracking authentication or spoof to gain access target network.

Email

Phishing, malicious links, malicious attachments to gain sensitive info or malware.

Cloud

Service implementation module to virtual machine inititates execution of malicious code

Ransomware/Malware

Advantage of unpatched vulnerabilities can inject ransomware into the target system.

Supply Chain

Compromise target by exploiting vulnerabilities with various resources by vendor.

Business Partners

Third-party organizations to gain access by use of supply chain to gain access.

Introduction to Malware

Malicious software damages, disables computer systems, or gives limited or full control to it's creator to be malicious

Malware Delivery Methods

Instant messaging, email attachments, untrusted sites, wireless networks to gain access

Black Hat SEO.

Rank malware or pages highly in search results.

Social Engineered Click-jacking.

Trick users into clicking on innocent-looking webpages

Spear-Phishing Sites

Used to create imitations of banks, steal pwd's, crdt card number, account info + other sensative info

Exploit

Contain the code to take advantage of bug or vulnerabilities in digital system

Injector

hide or prevent malware removal that's available into other vulnerable running processes

Obfuscator

A program concealing malicious code via various techniques, difficult to find or remove as result

Packer

Compress malware file in unreadable format that contains compression techniques

Payload

performs desired activity in malware when activate used for deleting/modifying files, degrades performance

What is a Trojan?

program which the malicious or harmful code is contained inside

Ransomware

Malware that restricts access to files and folders and demands payment

Computer Worms

programs that independently replicate, execute, and spread across the network independently

Fileless Malware

exploits legitimate system tools (installed by default) and hence, difficult to identify and be blocked

What is Vulnerability?

The existence of a weakness that can exploited

Misconfigurations or Weak Configurations

Weak configuration due to human error used to launch attacks from breaking network.

Default Installations/Configurations

The high the rate of attacks by attackers via default or installed software.

Application Flaws

exploit vulnerabilities such as tampering and unauthorized access in programs

Poor Patch Management

small piece of software that designed to fix problems, security vulnerabilities

Design Flaws

logical flaws in functionality of a system the attackers are by passing

Study Notes

What is a Threat?

• A threat refers to a possible undesirable occurrence which can eventually inflict harm and disrupt the operational as well as functional tasks of a firm.
• Cyber threats help attackers break into systems and pilfer data including personal details, financial data and sign-in information.

Examples of Threats

• An attacker might try to steal sensitive data belonging to an organization.
• A server could be forced to shut down by attackers.
• Attackers can try to trick staff into revealing private details.
• An attacker could unleash malware on a system.
• An attacker may assume an authorized person's identity to access a system.
• An attacker could alter information travelling through a network, or tamper with it.
• An attacker could alter data on a database server from a remote location.
• An attacker could conduct URL redirection, or URL forwarding.
• An attacker executing privilege elevation for unauthorized access.
• An attacker may launch denial-of-service (DoS) attacks with the aim of rendering resources inaccessible.
• An attacker can listen in on unauthorized communication channels.

Threat Sources

• Threat sources can be natural, unintentional, or intentional.

Natural Threats

• Natural factors such as fires, floods, power outages, lightning, meteors and earthquakes are potential threats to the assets of an organization.
• These natural threats may trigger severe physical harm to computer systems.

Unintentional Threats

• Unintentional errors within an organization have the potential to become threats.
• Insider-originating security breaches and operator error, unskilled administrators or lazy staff, negligence, and accidents can be examples of unintentional threats.

Intentional Threats

• Most computer and Internet-related crimes are insiders or internal attacks.
• These dangers are posed intentionally or unintentionally by internal parties like disgruntled or negligent staff, which impact the organization.
• Privileged users of the network carry out the most of these attacks.

External Threats

• External attacks happen by making use of flaws present in a system without the support of staff members.
• The capability to perform an external attack varies based on the gravity of the detected network flaws.

Structured External Threats

• Structured external threats are carried out by proficient attackers using various tools for gaining access into networks while wanting to break services.
• Motivations include criminal payoffs, racism, politics, inciting terrorism.
• Distributed ICMP floods and performing spoofing & executing attacks from different sources all at once are examples of such attacks.

Unstructured External Threats

• Unstructured external threats are carried out by unskilled script kiddies who may want to become hackers.
• Untrained attacker make use of free online tools to target network attacks as well as cause a website or other public domain online to crash.
• Security measures such as port scanning and address sweeping utilities can easily eliminate this type of threat.

Threat Actors/Agents

• Black hats, white hats, gray hats, suicide hackers, and script kiddies are types of threat actors/agents.

Black Hats

• Black hats use extraordinary computing skills for carrying out illegal acts or with malicious intent.
• They are often involved in criminal activities.
• Black hats are also referred to as crackers.

White Hats

• White hats or penetration testers utilize their hacking skills for defensive reasons.
• Nowadays, almost all firms hire security analysts who possess expertise in counter measures against hacking, to secure their networks.
• They have consent from system owners.

Gray Hats

• Individuals possessing varied experience and expertise that may work offensively and defensively but at any time could have their own agenda.
• Gray hats may assist hackers detect system vulnerabilities and at the same time assist vendors enhance their products through checking limitations and making them more secure.

Suicide Hackers

• Suicide hackers aim to degrade vital infrastructure due to some cause, and not afraid of facing punishment.
• Suicide hackers are similar to suicide bombers that sacrifice their life for an attack and not concerned with the consequences of their actions.

Script Kiddies

• Script kiddies, not formally educated or trained, make use of tools and scripts to infiltrate a system due to lack of ability.
• Their main goal is to gain popularity or prove their own technical skills and not concerned with the quantity, or quality the attack.
• Other categories of threat actors/agents include cyber terrorists, state-sponsored hackers, industrial spies, insiders, hacker teams, criminal syndicates, and hacktivists.

Cyber Terrorists

• Motivated by religious or political beliefs, cyber terrorists have a wide array of skills and create fear through large-scale disruption of computer networks.

State-sponsored hackers

• Skilled individuals employed or contracted by the government to infiltrate, acquire top-secret information and harm other government information systems.
• A state-sponsored hacker's main goal is to spot flaws and exploit a nation's infrastructure and gather sensitive information.

Industrial Spies

• Industrial spies are individuals that perform corporate espionage through illegally spying on competitors stealing critical information like formulas and trade secrets.
• These threat actors utilize advanced persistent threats (APTs) for penetrating networks where they are able to can remain undetected for prolonged time periods.
• Social engineering is used at times to steal information such as marketing strategies, which leads to devastating financial losses for a targeted business.

Insiders

• An insider is any employee with access to an organization’s critical assets with privileged authorization to be there.
• An insider threat happens from the use of privileged access that intentionally result in harm or violate the regulation system.
• Disgruntled staff members can cause potential insider threats.

Hacker Teams

• A team or group of skilled hackers having their own resources for synergy while researching state-of-the-art technologies.
• Hacker teams also identify system flaws, develop advanced tools and implement the attacks accordingly.

Criminal Syndicates

• Groups or any community who intentionally perform illegal embezzlement with organized planning and cyber attacks.
• The most important goal of criminal syndicates is to generate income using complicated cyber-attacks and perform money laundering.

Hacktivist

• In the form of activism, hacktivists infiltrate computer systems for government organizations or corporate entities as an act to demonstrate social or political awareness.
• Their objective is to deface, and disable websites, and promote a political agenda.
• Gaining unauthorized access from government agencies by hacking is an example of when information hacktivists disclose information to the public.

Organized Hackers

• A group of hackers implementing hierarchical strategies that have an efficient plan organized.
• Organized hackers perform cyber attacks that will ultimately pilfer finances from victims while swindling trade secrets also covertly penetrating target locations without being discovered or detected for a lot longer.

Attributes of Threat Actors

• Internal, external, level of sophistication, resources or funding, and intent or motivation are several attributes of threat actors.

Internal Attributes

• Internal threat actors are usually trusted insiders with authorized permission to access resources.

External Attributes

• External threat groups have no authorization to directly engage network assets.

Level of sophistication

• Threat actors possess high levels of intelligence with sophisticated attacks that target less-sophisticated targets.

Resources or funding

• Identifies how a threat actor can financially support or execute attack with required software/equipment.

Intent/motivation

• Highly motivated actors will possibly launch attacks connected to their goals and objectives.
• A threat vector is a path or route an attacker uses to gain access or compromise a system.
• Direct access, removable media, wireless, email, cloud, ransomware, supply chain, and business partners are examples of threat vectors.

Via Direct Access

• An attacker obtains immediate and physical access to the systems with various types of software such as keyloggers being directly downloaded.

Via Removable Media

• Devices like USB drives & printers being plugged inside organizations may contain malware that may automatically run, steal, copy or corrupt.

Via Wireless

• An intruder may also crack wireless network security to exploit login identifications while also spoof them in gaining access.

Via E-mail

• Attackers trick user to disclose information within system and also to infect the system through attachments.

Via Cloud

• Attackers are able to inject malware into cloud systems as well to get access to user information, using virtualization while deceiving users. Therefore, cloud services/data become exploited using weak credentials.

Via Ransomware/Malware

• When targeting security flaws in computer softwares ransomware attacks can happen, therefore file-less malware is launched to cause further infiltration.

Via Supply Chain

• Attackers target vulnerabilities found in third party sellers through the vendor.

Via Business Partners

• Attackers access customer data using supply-chain attacks that can impact an organization.

Introduction to Malware

• Malware is malicious software that damages or disables computers or gives the Malware creator full control to commit fraud.
• Malware programs develop and use malware to track visited websites or slow down system performances.

Ways for Malware to Enter System

• Malware can enter an IT system via applications messengers, downloads from internet, portable hardware devices, Email Attachments and wireless networks.

Autorun.inf file

• Autorun.ini file is used to turn off Autoplay on windows 10 and mitigate infection

Common techniques attackers use to distribute malware on the web

• Drive-by downloads, social engineering, spam are all techniques used to commit black hat Search Engine Optimizations SEO.

Components of Malware

• Crypter, Downloader, Dropper, Exploit, Injector, Obfuscator, Packer Payload are different components of malware.

Crypter Component

• Used by attacker to evade detection and protect the malware.

Downloader Component

• Used to download other malware after first initial access has been gained.

Dropper Component

• Attackers embed other files inside a dropper.

Exploit Component

• Used by attacker gain access to a system or device by breaching system's security vulnerabilities.

Injector Component

• Used to inject exploits and available codes into malware, and other such methods.

Obfuscator Component

• Concelaing malicious codes of malware creating difficulties in detective measures.

Packer Component

• Technique compresses the malware file to convert code and data into unreadable format.

Payload Component

• Part of malware that causes to compromise system security.

Types of Malware

• Trojans, viruses, ransomware and fileless malware are examples of malware.

What is a Trojan?

• Trojans get activated when a user performs certain actions.
• Trojans create a covert communication channel between a computer victim and the attacker for transferring data.

Indications of what happens when a Trojan is Attacking

• Computer starts acting erratically.

Types of Trojans

• Remote Access Trojans, backdoors, botnets, rootkits, E-Banking Trojans, point of sale Trojans and Service Protocol Trojans.

Remote Access Trojans

• Remote Access Trojan can take full control of victim system.

Backdoor Trojans

• Backdoor programs pass standard authentication which provides backdoor access at any time.

Botnet Trojans

• Infect large number of computers and can get control via control center.

Rootkit Trojans

• Rootkit Trojans give full control on root device to attacker.

E-Banking Trojans

• Steal account information, used for online banking

Point-Of-Sale Trojans

• Attacks POS and payment equipment such as credit card/debit card readers to grab sensitive data.

Service Protocol Trojans

• Trojans can take advantage of service protocols such as HTTP to attack.

Creating a Trojan

• Trojan horse construction kits help attackers to construct them, however are dangerous and if not coded write can backfire.

Virus

• Virus infect other programs and transform their self.

Purpose of Creating Viruses

• Causes harm on those attempting conduct and develop virus.

Indications of Attacking Virus

• Processes require resources and time by constant alerts causing constant antivirus issues.

Stages of Virus Lifecycle

• Design, replication Launch where activated, incorporate defenses, eliminate threats.
• Different types of virus exist including system or boot record, e-mail and armored.

Encrypted Virus

• Virus penetrates target system.

Polymorphic Virus

• Virus infect file will change how it replicates with different codes.

Shell Virus

• Consist of routine with host code as the source routine

Where they come from and are detected

• Viruses can be contracted by accepting infected files via email, freeware, or shareware.

Logic Bomb Virus

• If a bomb is programmed to execute on a specific date, it is referred to as a time bomb.

Web Scripting Virus

• Allows client side into web page code

How to create virus?

• Virus creates a batch file and also by using virus maker to customize it.

Characteristics of Ransomware

• A malware that holds a user system and its file hostage for ransom.

Computer Worms

• Programs replicated within the network connections to spread the payloads for installation.

Bot Command + Control

• Uses zombie commands to make other vulnerable systems.

Differnce from viruses?

• worms are specific from malware viruses attach to programs

Why Attackers Use a Botnet

• Botnets are used for malware and password/information theft.

How to build bots?

• Use to build botting applications that cause system paralysis

Fileless malware

• Infecting software, and protocols perform duties and vulnerability.

Reason for it it's attack and usage

• Stealth, system tool and easy run to attack.

Fileless Propagation?

• Memory Injection through Window Registry, and by using email in documents.

What is vulnerability?

• An existence from weakness that can be access by agents.

Common reason for existence includes

• Misconfiguration for Software to access security loopholes.
• Poor design of a networks where no technology is used for secure implementation.
• Vulnerbility exists due to weakness of protocols such HTTP.

End User Carlessness

• Affects network security with serious outcomes and data loss.

Intentional End User Actions

• Heavy data that has financial losses that leads to the company, called and end act.

Classifications of vulnerabilities

• Misconfigurations and Weak configurations. Can break into a network by the network configuration.

Misconfiguration is the most common vulnerability

• Allows attackers to break into the system and systems.

Host Misconfigurations

• Open Permissions/Unsecured Accounts.

Default configurations

• It enables a guesser to settings to break code.

Applications and security issues

• Application errors are for exploits configuration settings to the stores for exploits to configuration stores.