Podcast
Questions and Answers
What is the primary goal of an attacker who uses cyber threats to infiltrate and steal data, such as personal, financial, and login information?
What is the primary goal of an attacker who uses cyber threats to infiltrate and steal data, such as personal, financial, and login information?
- To enhance the organization's data management practices.
- To compromise sensitive information and gain unauthorized access. (correct)
- To improve the security posture of the targeted organization.
- To disrupt the operational activities of an organization.
Which of the following scenarios exemplifies a threat involving an attacker?
Which of the following scenarios exemplifies a threat involving an attacker?
- An attacker tricking an employee into revealing sensitive information. (correct)
- An employee accidentally deleting critical company data.
- A server experiencing a sudden power failure due to a natural disaster.
- Data loss due to a faulty storage device within the organization.
In the context of information security, what characterizes an unintentional threat source?
In the context of information security, what characterizes an unintentional threat source?
- An unskilled administrator causing a security breach through negligence. (correct)
- A disgruntled employee deliberately sabotaging a company's database.
- A cyber-terrorist launching a large-scale disruption of computer networks.
- A natural event, such as a fire, causing physical damage to computer systems.
Which type of threat is carried out by individuals who use various tools to break into a network to disrupt services?
Which type of threat is carried out by individuals who use various tools to break into a network to disrupt services?
What is the most common motive behind unstructured external threats, often carried out by unskilled attackers?
What is the most common motive behind unstructured external threats, often carried out by unskilled attackers?
A security analyst discovers that a disgruntled employee has intentionally modified sensitive financial records within the company's database. What type of threat actor is this employee classified as?
A security analyst discovers that a disgruntled employee has intentionally modified sensitive financial records within the company's database. What type of threat actor is this employee classified as?
A group of skilled hackers, supported by their government, infiltrates a foreign nation's infrastructure to gather sensitive intelligence. Which threat actor category does this group belong to?
A group of skilled hackers, supported by their government, infiltrates a foreign nation's infrastructure to gather sensitive intelligence. Which threat actor category does this group belong to?
What type of threat actor is primarily motivated by religious or political beliefs to create fear through widespread disruption of computer networks?
What type of threat actor is primarily motivated by religious or political beliefs to create fear through widespread disruption of computer networks?
How are 'Criminal Syndicates' categorized among the various types of threat actors?
How are 'Criminal Syndicates' categorized among the various types of threat actors?
What characteristic distinguishes 'Suicide Hackers' from other threat actors?
What characteristic distinguishes 'Suicide Hackers' from other threat actors?
Which attribute of a threat actor mainly determines the financial and technical capabilities they can utilize in launching an attack?
Which attribute of a threat actor mainly determines the financial and technical capabilities they can utilize in launching an attack?
If attackers inject malware into cloud resources to access user data, how would that be categorized in terms of threat vectors?
If attackers inject malware into cloud resources to access user data, how would that be categorized in terms of threat vectors?
What is the MOST accurate description of a 'threat vector' in the context of cybersecurity?
What is the MOST accurate description of a 'threat vector' in the context of cybersecurity?
In what way do attackers exploit the 'Supply Chain' to compromise a target system?
In what way do attackers exploit the 'Supply Chain' to compromise a target system?
What is the MOST common initial purpose of 'Malware programmers' when they design and deploy malware?
What is the MOST common initial purpose of 'Malware programmers' when they design and deploy malware?
Which action best describes a system's vulnerability to malware through untrusted sites and freeware?
Which action best describes a system's vulnerability to malware through untrusted sites and freeware?
What is the primary function of a 'Crypter' in the context of malware operations?
What is the primary function of a 'Crypter' in the context of malware operations?
Which component of malware is responsible for performing the intended malicious actions, such as deleting or modifying files, once the malware is activated?
Which component of malware is responsible for performing the intended malicious actions, such as deleting or modifying files, once the malware is activated?
Which type of malware is characterized by its ability to provide attackers with complete control over a victim's system from a remote location?
Which type of malware is characterized by its ability to provide attackers with complete control over a victim's system from a remote location?
What distinguishes ‘Backdoor Trojans’ from other malware types?
What distinguishes ‘Backdoor Trojans’ from other malware types?
How do attackers typically deploy 'Botnet Trojans' to compromise numerous computers across a wide geographical area?
How do attackers typically deploy 'Botnet Trojans' to compromise numerous computers across a wide geographical area?
What type of Trojan is explicitly designed to target point-of-sale equipment to acquire credit card data?
What type of Trojan is explicitly designed to target point-of-sale equipment to acquire credit card data?
Which action illustrates the process of creating a virus using a batch file?
Which action illustrates the process of creating a virus using a batch file?
What is the distinguishing characteristic that classifies Emotet as an advanced threat?
What is the distinguishing characteristic that classifies Emotet as an advanced threat?
Which characteristic is unique to a virus?
Which characteristic is unique to a virus?
You notice that the color settings of your operating system are changing automatically, and unfamiliar pop-up messages appear on your screen. What type of malware infections is indicated by such changes?
You notice that the color settings of your operating system are changing automatically, and unfamiliar pop-up messages appear on your screen. What type of malware infections is indicated by such changes?
Which of the following describes the replication stage in the virus lifecycle?
Which of the following describes the replication stage in the virus lifecycle?
What is the main sign that your computer has fallen prey to a 'Sparse Infector' Virus?
What is the main sign that your computer has fallen prey to a 'Sparse Infector' Virus?
Which functionality defines a ‘Logic Bomb’ virus?
Which functionality defines a ‘Logic Bomb’ virus?
What action is indicated by a ‘Terminate and Stay Resident (TSR)’ virus?
What action is indicated by a ‘Terminate and Stay Resident (TSR)’ virus?
An information security analyst suspects that a system has been infected with a PUA. What is the initial step to detect the PUA?
An information security analyst suspects that a system has been infected with a PUA. What is the initial step to detect the PUA?
If a system exhibits indications of a new toolbar or browser add-on installation without your consent, which action can you take?
If a system exhibits indications of a new toolbar or browser add-on installation without your consent, which action can you take?
An employee reports their computer slows down when browsing with an unusual amount of advertisements, what does this indicate?
An employee reports their computer slows down when browsing with an unusual amount of advertisements, what does this indicate?
In which action do ‘Potentially Unwanted Applications or Applications (PUAs)’ use personal assets?
In which action do ‘Potentially Unwanted Applications or Applications (PUAs)’ use personal assets?
Which of the following activities characterizes keyloggers?
Which of the following activities characterizes keyloggers?
Which aspect is not one that a keylogger can help monitor?
Which aspect is not one that a keylogger can help monitor?
When a user has their computer used for unwanted distributed tasks, what indicates this?
When a user has their computer used for unwanted distributed tasks, what indicates this?
A large number of computers connecting and working toward goals is what?
A large number of computers connecting and working toward goals is what?
Why is employing Fileless Malware most preferred compared to alternative programs?
Why is employing Fileless Malware most preferred compared to alternative programs?
How does fileless malware propagate through phishing emails?
How does fileless malware propagate through phishing emails?
What represents when a threat is executed due to unauthorized operations?
What represents when a threat is executed due to unauthorized operations?
What leads security holes, network instructions, and potential loss of data?
What leads security holes, network instructions, and potential loss of data?
Which of the following actions represents the MOST direct realization of a threat?
Which of the following actions represents the MOST direct realization of a threat?
Among the categories of threat sources, what is MOST exemplified by a natural disaster?
Among the categories of threat sources, what is MOST exemplified by a natural disaster?
Which of the following correctly matches a threat actor with their typical motivation?
Which of the following correctly matches a threat actor with their typical motivation?
Which factor primarily differentiates 'Structured external threats' from 'Unstructured external threats'?
Which factor primarily differentiates 'Structured external threats' from 'Unstructured external threats'?
What action best represents the role of a 'downloader' in a malware attack?
What action best represents the role of a 'downloader' in a malware attack?
What role does a 'Dropper' typically fulfill within a malware operation?
What role does a 'Dropper' typically fulfill within a malware operation?
In the context of cybersecurity, how do attackers MOST commonly employ 'Black Hat SEO' techniques?
In the context of cybersecurity, how do attackers MOST commonly employ 'Black Hat SEO' techniques?
How does social engineered click-jacking primarily function to compromise a user's system?
How does social engineered click-jacking primarily function to compromise a user's system?
What is the MOST common delivery method used by attackers employing 'Spam Emails' to distribute malware?
What is the MOST common delivery method used by attackers employing 'Spam Emails' to distribute malware?
What is the likely outcome of a web server that permits directory listing?
What is the likely outcome of a web server that permits directory listing?
Which of the following is a PRIMARY indication that a computer might be infected with a Trojan?
Which of the following is a PRIMARY indication that a computer might be infected with a Trojan?
What potential risk is introduced by a USB drive?
What potential risk is introduced by a USB drive?
What is the MOST significant characteristic of a 'Remote Access Trojan' (RAT)?
What is the MOST significant characteristic of a 'Remote Access Trojan' (RAT)?
If a technician suspects a computer is infected with eBanking trojan, how would they investigate?
If a technician suspects a computer is infected with eBanking trojan, how would they investigate?
What is 'Disk Overwrite' and how is it implemented?
What is 'Disk Overwrite' and how is it implemented?
Which method do Sparse infector viruses use?
Which method do Sparse infector viruses use?
Which activity defines a 'Logic Bomb' virus with respect to trigger?
Which activity defines a 'Logic Bomb' virus with respect to trigger?
An analyst discovers a system with a program persistently running from memory, maintaining control over the infected computer, What specific kind of infection is indicated?
An analyst discovers a system with a program persistently running from memory, maintaining control over the infected computer, What specific kind of infection is indicated?
An employee encounters a program displaying aggressive ads, Which action should they take?
An employee encounters a program displaying aggressive ads, Which action should they take?
How do Cryptomining-based PUAs MOST directly impact an infected system?
How do Cryptomining-based PUAs MOST directly impact an infected system?
What is the PRIMARY function of a PUA classified as Adware?
What is the PRIMARY function of a PUA classified as Adware?
In the context of cyber threats, which activity is MOST characteristic of the 'data exfiltration' impact caused due to vulnerabilities?
In the context of cyber threats, which activity is MOST characteristic of the 'data exfiltration' impact caused due to vulnerabilities?
What distinguishes 'Zero-day vulnerabilities' from most other types of software vulnerabilities?
What distinguishes 'Zero-day vulnerabilities' from most other types of software vulnerabilities?
Which of the following actions is MOST effective in mitigating the potential risks associated with default passwords on network devices?
Which of the following actions is MOST effective in mitigating the potential risks associated with default passwords on network devices?
How does the characteristic of 'System Sprawl' MOST directly contribute to increased network vulnerability?
How does the characteristic of 'System Sprawl' MOST directly contribute to increased network vulnerability?
Which statement BEST describes how 'Legacy Platform Vulnerabilities' increase an organization's security risk?
Which statement BEST describes how 'Legacy Platform Vulnerabilities' increase an organization's security risk?
What describes "Improper Certificate and Key Management?"
What describes "Improper Certificate and Key Management?"
If a software vendor releases a patch to fix bugs, what is the primary goal?
If a software vendor releases a patch to fix bugs, what is the primary goal?
When deploying network devices, Which action has the MOST value?
When deploying network devices, Which action has the MOST value?
Which situation indicates the potential danger of third-party risks to an organization?
Which situation indicates the potential danger of third-party risks to an organization?
An organization suffers reputational damage due to a vulnerability. Which MOST describes that result?
An organization suffers reputational damage due to a vulnerability. Which MOST describes that result?
What should a user do when they receive an email from an unknown user? (choose all that apply)
What should a user do when they receive an email from an unknown user? (choose all that apply)
Which of the following actions exemplifies a 'Hardware or Software Misconfiguration' that could lead to security vulnerabilities?
Which of the following actions exemplifies a 'Hardware or Software Misconfiguration' that could lead to security vulnerabilities?
In cybersecurity, what scenario is described as a 'Threat'?
In cybersecurity, what scenario is described as a 'Threat'?
In cybersecurity, what factor is MOST linked with 'Intent/Motivation' when attempting to identify a Threat Actor?
In cybersecurity, what factor is MOST linked with 'Intent/Motivation' when attempting to identify a Threat Actor?
What is a 'Threat Vector'?
What is a 'Threat Vector'?
In a cloud environment, Which action is the threat vector?
In a cloud environment, Which action is the threat vector?
What best characterizes the attack surface that Malware seeks?
What best characterizes the attack surface that Malware seeks?
If a system's firewall suddenly shows unauthorized changes, Which malware is indicated?
If a system's firewall suddenly shows unauthorized changes, Which malware is indicated?
How do Keyloggers compromise security?
How do Keyloggers compromise security?
What does the use of Botnets Indicate?
What does the use of Botnets Indicate?
With fileless attacks, Where will the injection take place?
With fileless attacks, Where will the injection take place?
Where are the exploits?
Where are the exploits?
In the context of cybersecurity, what factor is MOST linked with 'poor user practices'?
In the context of cybersecurity, what factor is MOST linked with 'poor user practices'?
What is the primary distinction between structured and unstructured intentional external threats?
What is the primary distinction between structured and unstructured intentional external threats?
Which action is MOST likely to result from a misconfigured or absent firewall?
Which action is MOST likely to result from a misconfigured or absent firewall?
How do cyber attackers MOST effectively exploit the cloud as a threat vector?
How do cyber attackers MOST effectively exploit the cloud as a threat vector?
What is the MOST effective way for attackers to use Black Hat SEO (Search Engine Optimization)?
What is the MOST effective way for attackers to use Black Hat SEO (Search Engine Optimization)?
What is the primary goal for attackers utilizing the 'Social Engineered Click-jacking' technique?
What is the primary goal for attackers utilizing the 'Social Engineered Click-jacking' technique?
To what does the term 'drive by downloads' refer?
To what does the term 'drive by downloads' refer?
What is the role of an 'Obfuscator' in the context of malware?
What is the role of an 'Obfuscator' in the context of malware?
What is the function of a 'Packer' in malware?
What is the function of a 'Packer' in malware?
What is the purpose of 'Rootkit Trojans'?
What is the purpose of 'Rootkit Trojans'?
How do Remote Access Trojans (RATs) MOST commonly provide attackers with control over a victims system?
How do Remote Access Trojans (RATs) MOST commonly provide attackers with control over a victims system?
How do attackers primarily use Botnet Trojans to compromise numerous computers across a wide geographical area?
How do attackers primarily use Botnet Trojans to compromise numerous computers across a wide geographical area?
What is the primary function of a 'FAT Virus'?
What is the primary function of a 'FAT Virus'?
Which statement accurately describes how a 'Stealth' or 'Tunneling' virus operates?
Which statement accurately describes how a 'Stealth' or 'Tunneling' virus operates?
How does a computer virus use 'programming languages' to its advantage?
How does a computer virus use 'programming languages' to its advantage?
Which of the following is true of a 'Computer Worm'?
Which of the following is true of a 'Computer Worm'?
Why is 'Stealth' a key attribute cited for fileless malware?
Why is 'Stealth' a key attribute cited for fileless malware?
Which factor MOST makes fileless malware attacks difficult to detect?
Which factor MOST makes fileless malware attacks difficult to detect?
How are 'Default Passwords' categorized as a network security vulnerability?
How are 'Default Passwords' categorized as a network security vulnerability?
In the context of cyber threats, how does 'data exfiltration' mostly occur due to vulnerabilities?
In the context of cyber threats, how does 'data exfiltration' mostly occur due to vulnerabilities?
Which of the following is the MOST accurate description of an 'application flaw'?
Which of the following is the MOST accurate description of an 'application flaw'?
Flashcards
What is a Threat?
What is a Threat?
A potential occurrence of an undesirable event that can damage and disrupt an organization's activities.
Examples of Threats
Examples of Threats
Stealing sensitive data, causing a server shutdown, tricking employees for information, infecting systems with malware, spoofing identities.
Natural Threats
Natural Threats
Threats caused by natural events like fires, floods and power failures.
Unintentional Threats
Unintentional Threats
Signup and view all the flashcards
Intentional Threats
Intentional Threats
Signup and view all the flashcards
Internal Threats
Internal Threats
Signup and view all the flashcards
External Threats
External Threats
Signup and view all the flashcards
Structured External Threats
Structured External Threats
Signup and view all the flashcards
Unstructured External Threats
Unstructured External Threats
Signup and view all the flashcards
Black Hats
Black Hats
Signup and view all the flashcards
White Hats
White Hats
Signup and view all the flashcards
Gray Hats
Gray Hats
Signup and view all the flashcards
Suicide Hackers
Suicide Hackers
Signup and view all the flashcards
Script Kiddies
Script Kiddies
Signup and view all the flashcards
Cyber Terrorists
Cyber Terrorists
Signup and view all the flashcards
State-Sponsored Hackers
State-Sponsored Hackers
Signup and view all the flashcards
Hacktivist
Hacktivist
Signup and view all the flashcards
Hacker Teams
Hacker Teams
Signup and view all the flashcards
Industrial Spies
Industrial Spies
Signup and view all the flashcards
Insiders
Insiders
Signup and view all the flashcards
Criminal Syndicates
Criminal Syndicates
Signup and view all the flashcards
Organized Hackers
Organized Hackers
Signup and view all the flashcards
Threat Vectors
Threat Vectors
Signup and view all the flashcards
Direct Access
Direct Access
Signup and view all the flashcards
Removable Media
Removable Media
Signup and view all the flashcards
Wireless
Wireless
Signup and view all the flashcards
Email
Signup and view all the flashcards
Cloud
Cloud
Signup and view all the flashcards
Ransomware/Malware
Ransomware/Malware
Signup and view all the flashcards
Supply Chain
Supply Chain
Signup and view all the flashcards
Business Partners
Business Partners
Signup and view all the flashcards
Introduction to Malware
Introduction to Malware
Signup and view all the flashcards
Malware Delivery Methods
Malware Delivery Methods
Signup and view all the flashcards
Black Hat SEO.
Black Hat SEO.
Signup and view all the flashcards
Social Engineered Click-jacking.
Social Engineered Click-jacking.
Signup and view all the flashcards
Spear-Phishing Sites
Spear-Phishing Sites
Signup and view all the flashcards
Exploit
Exploit
Signup and view all the flashcards
Injector
Injector
Signup and view all the flashcards
Obfuscator
Obfuscator
Signup and view all the flashcards
Packer
Packer
Signup and view all the flashcards
Payload
Payload
Signup and view all the flashcards
What is a Trojan?
What is a Trojan?
Signup and view all the flashcards
Ransomware
Ransomware
Signup and view all the flashcards
Computer Worms
Computer Worms
Signup and view all the flashcards
Fileless Malware
Fileless Malware
Signup and view all the flashcards
What is Vulnerability?
What is Vulnerability?
Signup and view all the flashcards
Misconfigurations or Weak Configurations
Misconfigurations or Weak Configurations
Signup and view all the flashcards
Default Installations/Configurations
Default Installations/Configurations
Signup and view all the flashcards
Application Flaws
Application Flaws
Signup and view all the flashcards
Poor Patch Management
Poor Patch Management
Signup and view all the flashcards
Design Flaws
Design Flaws
Signup and view all the flashcards
Study Notes
What is a Threat?
- A threat refers to a possible undesirable occurrence which can eventually inflict harm and disrupt the operational as well as functional tasks of a firm.
- Cyber threats help attackers break into systems and pilfer data including personal details, financial data and sign-in information.
Examples of Threats
- An attacker might try to steal sensitive data belonging to an organization.
- A server could be forced to shut down by attackers.
- Attackers can try to trick staff into revealing private details.
- An attacker could unleash malware on a system.
- An attacker may assume an authorized person's identity to access a system.
- An attacker could alter information travelling through a network, or tamper with it.
- An attacker could alter data on a database server from a remote location.
- An attacker could conduct URL redirection, or URL forwarding.
- An attacker executing privilege elevation for unauthorized access.
- An attacker may launch denial-of-service (DoS) attacks with the aim of rendering resources inaccessible.
- An attacker can listen in on unauthorized communication channels.
Threat Sources
- Threat sources can be natural, unintentional, or intentional.
Natural Threats
- Natural factors such as fires, floods, power outages, lightning, meteors and earthquakes are potential threats to the assets of an organization.
- These natural threats may trigger severe physical harm to computer systems.
Unintentional Threats
- Unintentional errors within an organization have the potential to become threats.
- Insider-originating security breaches and operator error, unskilled administrators or lazy staff, negligence, and accidents can be examples of unintentional threats.
Intentional Threats
- Most computer and Internet-related crimes are insiders or internal attacks.
- These dangers are posed intentionally or unintentionally by internal parties like disgruntled or negligent staff, which impact the organization.
- Privileged users of the network carry out the most of these attacks.
External Threats
- External attacks happen by making use of flaws present in a system without the support of staff members.
- The capability to perform an external attack varies based on the gravity of the detected network flaws.
Structured External Threats
- Structured external threats are carried out by proficient attackers using various tools for gaining access into networks while wanting to break services.
- Motivations include criminal payoffs, racism, politics, inciting terrorism.
- Distributed ICMP floods and performing spoofing & executing attacks from different sources all at once are examples of such attacks.
Unstructured External Threats
- Unstructured external threats are carried out by unskilled script kiddies who may want to become hackers.
- Untrained attacker make use of free online tools to target network attacks as well as cause a website or other public domain online to crash.
- Security measures such as port scanning and address sweeping utilities can easily eliminate this type of threat.
Threat Actors/Agents
- Black hats, white hats, gray hats, suicide hackers, and script kiddies are types of threat actors/agents.
Black Hats
- Black hats use extraordinary computing skills for carrying out illegal acts or with malicious intent.
- They are often involved in criminal activities.
- Black hats are also referred to as crackers.
White Hats
- White hats or penetration testers utilize their hacking skills for defensive reasons.
- Nowadays, almost all firms hire security analysts who possess expertise in counter measures against hacking, to secure their networks.
- They have consent from system owners.
Gray Hats
- Individuals possessing varied experience and expertise that may work offensively and defensively but at any time could have their own agenda.
- Gray hats may assist hackers detect system vulnerabilities and at the same time assist vendors enhance their products through checking limitations and making them more secure.
Suicide Hackers
- Suicide hackers aim to degrade vital infrastructure due to some cause, and not afraid of facing punishment.
- Suicide hackers are similar to suicide bombers that sacrifice their life for an attack and not concerned with the consequences of their actions.
Script Kiddies
- Script kiddies, not formally educated or trained, make use of tools and scripts to infiltrate a system due to lack of ability.
- Their main goal is to gain popularity or prove their own technical skills and not concerned with the quantity, or quality the attack.
- Other categories of threat actors/agents include cyber terrorists, state-sponsored hackers, industrial spies, insiders, hacker teams, criminal syndicates, and hacktivists.
Cyber Terrorists
- Motivated by religious or political beliefs, cyber terrorists have a wide array of skills and create fear through large-scale disruption of computer networks.
State-sponsored hackers
- Skilled individuals employed or contracted by the government to infiltrate, acquire top-secret information and harm other government information systems.
- A state-sponsored hacker's main goal is to spot flaws and exploit a nation's infrastructure and gather sensitive information.
Industrial Spies
- Industrial spies are individuals that perform corporate espionage through illegally spying on competitors stealing critical information like formulas and trade secrets.
- These threat actors utilize advanced persistent threats (APTs) for penetrating networks where they are able to can remain undetected for prolonged time periods.
- Social engineering is used at times to steal information such as marketing strategies, which leads to devastating financial losses for a targeted business.
Insiders
- An insider is any employee with access to an organization’s critical assets with privileged authorization to be there.
- An insider threat happens from the use of privileged access that intentionally result in harm or violate the regulation system.
- Disgruntled staff members can cause potential insider threats.
Hacker Teams
- A team or group of skilled hackers having their own resources for synergy while researching state-of-the-art technologies.
- Hacker teams also identify system flaws, develop advanced tools and implement the attacks accordingly.
Criminal Syndicates
- Groups or any community who intentionally perform illegal embezzlement with organized planning and cyber attacks.
- The most important goal of criminal syndicates is to generate income using complicated cyber-attacks and perform money laundering.
Hacktivist
- In the form of activism, hacktivists infiltrate computer systems for government organizations or corporate entities as an act to demonstrate social or political awareness.
- Their objective is to deface, and disable websites, and promote a political agenda.
- Gaining unauthorized access from government agencies by hacking is an example of when information hacktivists disclose information to the public.
Organized Hackers
- A group of hackers implementing hierarchical strategies that have an efficient plan organized.
- Organized hackers perform cyber attacks that will ultimately pilfer finances from victims while swindling trade secrets also covertly penetrating target locations without being discovered or detected for a lot longer.
Attributes of Threat Actors
- Internal, external, level of sophistication, resources or funding, and intent or motivation are several attributes of threat actors.
Internal Attributes
- Internal threat actors are usually trusted insiders with authorized permission to access resources.
External Attributes
- External threat groups have no authorization to directly engage network assets.
Level of sophistication
- Threat actors possess high levels of intelligence with sophisticated attacks that target less-sophisticated targets.
Resources or funding
- Identifies how a threat actor can financially support or execute attack with required software/equipment.
Intent/motivation
- Highly motivated actors will possibly launch attacks connected to their goals and objectives.
- A threat vector is a path or route an attacker uses to gain access or compromise a system.
- Direct access, removable media, wireless, email, cloud, ransomware, supply chain, and business partners are examples of threat vectors.
Via Direct Access
- An attacker obtains immediate and physical access to the systems with various types of software such as keyloggers being directly downloaded.
Via Removable Media
- Devices like USB drives & printers being plugged inside organizations may contain malware that may automatically run, steal, copy or corrupt.
Via Wireless
- An intruder may also crack wireless network security to exploit login identifications while also spoof them in gaining access.
Via E-mail
- Attackers trick user to disclose information within system and also to infect the system through attachments.
Via Cloud
- Attackers are able to inject malware into cloud systems as well to get access to user information, using virtualization while deceiving users. Therefore, cloud services/data become exploited using weak credentials.
Via Ransomware/Malware
- When targeting security flaws in computer softwares ransomware attacks can happen, therefore file-less malware is launched to cause further infiltration.
Via Supply Chain
- Attackers target vulnerabilities found in third party sellers through the vendor.
Via Business Partners
- Attackers access customer data using supply-chain attacks that can impact an organization.
Introduction to Malware
- Malware is malicious software that damages or disables computers or gives the Malware creator full control to commit fraud.
- Malware programs develop and use malware to track visited websites or slow down system performances.
Ways for Malware to Enter System
- Malware can enter an IT system via applications messengers, downloads from internet, portable hardware devices, Email Attachments and wireless networks.
Autorun.inf file
- Autorun.ini file is used to turn off Autoplay on windows 10 and mitigate infection
Common techniques attackers use to distribute malware on the web
- Drive-by downloads, social engineering, spam are all techniques used to commit black hat Search Engine Optimizations SEO.
Components of Malware
- Crypter, Downloader, Dropper, Exploit, Injector, Obfuscator, Packer Payload are different components of malware.
Crypter Component
- Used by attacker to evade detection and protect the malware.
Downloader Component
- Used to download other malware after first initial access has been gained.
Dropper Component
- Attackers embed other files inside a dropper.
Exploit Component
- Used by attacker gain access to a system or device by breaching system's security vulnerabilities.
Injector Component
- Used to inject exploits and available codes into malware, and other such methods.
Obfuscator Component
- Concelaing malicious codes of malware creating difficulties in detective measures.
Packer Component
- Technique compresses the malware file to convert code and data into unreadable format.
Payload Component
- Part of malware that causes to compromise system security.
Types of Malware
- Trojans, viruses, ransomware and fileless malware are examples of malware.
What is a Trojan?
- Trojans get activated when a user performs certain actions.
- Trojans create a covert communication channel between a computer victim and the attacker for transferring data.
Indications of what happens when a Trojan is Attacking
- Computer starts acting erratically.
Types of Trojans
- Remote Access Trojans, backdoors, botnets, rootkits, E-Banking Trojans, point of sale Trojans and Service Protocol Trojans.
Remote Access Trojans
- Remote Access Trojan can take full control of victim system.
Backdoor Trojans
- Backdoor programs pass standard authentication which provides backdoor access at any time.
Botnet Trojans
- Infect large number of computers and can get control via control center.
Rootkit Trojans
- Rootkit Trojans give full control on root device to attacker.
E-Banking Trojans
- Steal account information, used for online banking
Point-Of-Sale Trojans
- Attacks POS and payment equipment such as credit card/debit card readers to grab sensitive data.
Service Protocol Trojans
- Trojans can take advantage of service protocols such as HTTP to attack.
Creating a Trojan
- Trojan horse construction kits help attackers to construct them, however are dangerous and if not coded write can backfire.
Virus
- Virus infect other programs and transform their self.
Purpose of Creating Viruses
- Causes harm on those attempting conduct and develop virus.
Indications of Attacking Virus
- Processes require resources and time by constant alerts causing constant antivirus issues.
Stages of Virus Lifecycle
- Design, replication Launch where activated, incorporate defenses, eliminate threats.
- Different types of virus exist including system or boot record, e-mail and armored.
Encrypted Virus
- Virus penetrates target system.
Polymorphic Virus
- Virus infect file will change how it replicates with different codes.
Shell Virus
- Consist of routine with host code as the source routine
Where they come from and are detected
- Viruses can be contracted by accepting infected files via email, freeware, or shareware.
Logic Bomb Virus
- If a bomb is programmed to execute on a specific date, it is referred to as a time bomb.
Web Scripting Virus
- Allows client side into web page code
How to create virus?
- Virus creates a batch file and also by using virus maker to customize it.
Characteristics of Ransomware
- A malware that holds a user system and its file hostage for ransom.
Computer Worms
- Programs replicated within the network connections to spread the payloads for installation.
Bot Command + Control
- Uses zombie commands to make other vulnerable systems.
Differnce from viruses?
- worms are specific from malware viruses attach to programs
Why Attackers Use a Botnet
- Botnets are used for malware and password/information theft.
How to build bots?
- Use to build botting applications that cause system paralysis
Fileless malware
- Infecting software, and protocols perform duties and vulnerability.
Reason for it it's attack and usage
- Stealth, system tool and easy run to attack.
Fileless Propagation?
- Memory Injection through Window Registry, and by using email in documents.
What is vulnerability?
- An existence from weakness that can be access by agents.
Common reason for existence includes
- Misconfiguration for Software to access security loopholes.
- Poor design of a networks where no technology is used for secure implementation.
- Vulnerbility exists due to weakness of protocols such HTTP.
End User Carlessness
- Affects network security with serious outcomes and data loss.
Intentional End User Actions
- Heavy data that has financial losses that leads to the company, called and end act.
Classifications of vulnerabilities
- Misconfigurations and Weak configurations. Can break into a network by the network configuration.
Misconfiguration is the most common vulnerability
- Allows attackers to break into the system and systems.
Host Misconfigurations
- Open Permissions/Unsecured Accounts.
Default configurations
- It enables a guesser to settings to break code.
Applications and security issues
- Application errors are for exploits configuration settings to the stores for exploits to configuration stores.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.