Understanding Cyber Threats

Questions and Answers

Which of the following best describes a threat in the context of information security?

• The potential occurrence of an undesirable event that can damage or disrupt an organization. (correct)
• A set of policies and procedures to mitigate risks.
• A weakness in a system that can be exploited.
• An individual or group attempting to exploit vulnerabilities.

Which of the following is an example of an unintentional threat source?

• A terrorist group launching a cyberattack.
• An unskilled administrator misconfiguring a server. (correct)
• A disgruntled employee intentionally deleting files.
• A hacker exploiting a software vulnerability

Which of the following describes the actions of a 'black hat' hacker?

• Using hacking skills for defensive purposes with permission.
• Compromising systems for malicious or destructive activities. (correct)
• Aiming to bring down critical infrastructure regardless of personal consequences
• Working both offensively and defensively, sometimes assisting hackers.

Which threat actor is most likely motivated by religious or political beliefs to cause large-scale disruption?

Cyber Terrorist (B)

Which threat vector involves attackers injecting malicious code into cloud resources to access user information?

Cloud (C)

What is the primary function of malware?

To damage or disable computer systems for theft or fraud. (A)

Which of the following is a common technique attackers use to distribute malware by tricking users into clicking on seemingly harmless links?

Socially Engineered Click-jacking (B)

A software program used to conceal the existence of malware, helping it evade antivirus detection, is known as a:

Crypter (A)

Which type of malware disguises itself as a legitimate program to trick users into executing it?

Trojan (A)

Which of the following is a common symptom of a Trojan infection?

Frequent blue screens and the computer screen flips upside-down. (A)

What activity might a hacker perform using a Trojan after it has infected a system?

Delete critical operating system files. (B)

What is the primary characteristic that differentiates a virus from a worm?

A virus requires a host file to propagate, while a worm can spread independently. (C)

Which of the following actions is a typical stage in the lifecycle of a virus?

Replication. (C)

Which type of virus infects files without changing the file and directing the disk read point to the virus code instead of the actual program?

Cluster Virus (A)

Which of the follow steps is involved in creating a simple virus program?

Writing batch files which are converted to executable files to spread to other systems. (B)

A type of malware that restricts access to the computer system's files and demands an online payment to the malware creator(s) to remove the restrictions is known as what?

Ransomware (A)

All of the following are ransomware families except:

Emotet (B)

Which of the following is a characteristic of computer worms?

They independently replicate and spread across the network. (B)

Which action can a worm perform?

Exploit a vulnerability in an operating system or application by replicating itself. (C)

What function do rootkits perform on an infected system?

They hide the presence of malware and attacker activities. (A)

Which activity does a rootkit enable on a compromised system?

Masking attacker tracks and presence of other malicious applications. (B)

What characterizes Potentially Unwanted Applications (PUAs)?

They may pose risks to data security and are potentially harmful applications. (A)

Which of the following is an example of a PUA that makes use of the victims' personal assets and financial data to perform digital mining of cryptocurrencies?

Cryptomining (A)

What is a key characteristic of adware?

It generates unsolicited ads and pop-ups and tracks browsing patterns. (D)

What is the primary purpose of spyware?

Recording a user's interactions with the computer and Internet and sending such info to the remote attackers. (B)

What is the role of a keylogger?

To monitor and record every keystroke typed on the user's keyboard. (A)

What is the defining characteristic of a botnet?

A collection of compromised computers performing distributed tasks (C)

Why do attackers use botnets?

To perform distributed denial-of-service (DDoS) attacks. (D)

Which of the following is an accurate description of fileless malware?

Malware that infects the system and integrates with the processes in order to perform malicious functions. (A)

A key reason fileless malware is a threat is that it:

Exploits legitimate system tools and hence is difficult to detect, block or prevent. (C)

What is the purpose of vulnerability?

A weakness in a asset that can be exploited by threat agents. (B)

Which of the following is a common reason for the existence of vulnerabilities?

Hardware or software misconfiguration. (A)

Which vulnerability arises from the insecure transmission of user account details, such as usernames and passwords, over a network?

User account vulnerabilities (C)

Which vulnerability is defined as a flaw that is exploited by attackers before being known and addressed by software developers or security analysts?

Zero-Day Vulnerability (C)

What type of risk involves failures in third-party services or components compromising financial data, customer information, or other processes?

Third-party Risks (D)

Which of the following describes the potential impact of vulnerabilities in network device configurations?

Unauthorized Access caused by the failure to change Default settings (D)

When assessing risk, what elements are combined?

Asset, Threat, and Vulnerability (B)

Which of the following scenarios exemplifies a threat to an organization's information security?

An employee accidentally forwarding a confidential email to an unauthorized recipient. (C)

What distinguishes an 'internal' intentional threat source from an 'external' intentional threat source?

Internal threats originate from within the organization, while external threats come from outside. (B)

How do 'structured' external threats differ from 'unstructured' external threats in the context of information security?

Structured threats are implemented by technically skilled attackers, while unstructured threats are implemented by unskilled attackers. (A)

Which type of threat actor is most likely to utilize advanced persistent threats (APTs) to steal sensitive information over an extended period?

Industrial spies (D)

Which of the following attributes is most characteristic of 'insider' threat actors?

They typically have authorized access to critical assets of the organization. (A)

Which threat vector is primarily associated with attackers attempting to compromise a target by exploiting vulnerabilities in resources supplied by a third-party vendor?

Supply chain (B)

Which of the following techniques is used by attackers to increase the ranking of malicious web pages in search engine results?

Black hat Search Engine Optimization (SEO) (C)

What is the primary function of a 'crypter' in the context of malware?

To conceal the existence of malware and evade antivirus detection. (B)

Which malware component is responsible for exploiting a bug or vulnerability in a system to breach its security?

Exploit (B)

What is the key characteristic that differentiates a 'remote access trojan' (RAT) from other types of trojans?

RATs provide attackers with administrative-level access to the infected system. (B)

What actions might a hacker perform using a 'destructive trojan' after it has compromised a system?

Randomly deleting files, folders, and registry entries. (D)

What is the initial step involved in creating a simple virus program that can spread via email?

Creating a batch file with commands to copy and delete files. (D)

What security measure can be implemented to mitigate the risk associated with the Autorun.inf file?

Disabling the Autostart functionality via Group Policy Editor. (C)

Which of the following actions is a typical stage in the lifecycle of a virus AFTER it has replicated on a system?

The virus gets activated when the user performs specified action. (A)

Which of the following describes a 'sparse infector' virus?

A virus that infects less often to minimize the probability of discovery. (D)

Viruses and Worms have a set of shared characteristics, but also key distinctives that differentiate them. What is the MAIN difference between a Computer Virus and Computer Worm?

A computer virus requires a host program in order to replicate, while a computer worm does not. (D)

Which action is most likely to be performed by a computer worm?

Exploiting a vulnerability in an operating system to replicate itself. (C)

What is the primary purpose behind using a rootkit on a compromised system?

To conceal the existence of malware and attacker activities. (A)

Which of the following is a typical method to launch a Rootkit on to a computer?

Scanning for Vulnerable computers and hosting the rootkit on the web. (D)

How is Dharma ransomware typically distributed to victims?

Through email campaigns. (C)

Which of the following is a defining characteristic of computer worms?

They spread more rapidly than a virus. (D)

What functionality can a worm perform on an infected system?

Consuming network bandwidth and overloading servers. (B)

What action does a worm typically perform to spread to other systems?

Exploiting vulnerabilities in operating systems or applications. (D)

What actions do Potentially Unwanted Applications (PUAs) typically perform?

Display unsolicited advertisements and gather personal information. (D)

Which activity is commonly associated with Cryptomining PUAs?

Using victims' assets to perform digital mining of cryptocurrencies. (B)

What is a typical indication of an adware infection?

A flood of unsolicited advertisements and pop-ups. (C)

Which of the following is the main objective of spyware?

To steal login names, bank and credit card numbers and passwords. (C)

How do keyloggers primarily compromise user security?

By monitoring and recording each keystroke typed on a keyboard. (B)

What is the purpose that makes botnets so effective in supporting complex cyberattacks such as Distributed Denial of Service (DDoS)?

Botnets centrally coordinate and leverage compromised systems. (D)

What is a distinctive characteristic of fileless malware?

It resides in the system's Random Access Memory (RAM). (C)

Why are fileless malware attacks considered particularly stealthy?

They often use legitimate system tools, so that detection by anti-malware products is difficult. (C)

Which of the following represents a 'Hardware or Software Misconfiguration' vulnerability?

The insecure configuration of hardware or software in a network. (B)

What is 'Inherent Technology Weakness' in Cybersecurity?

A hardware or software is not capable of defending the network. (A)

What does an 'Unsecure protocol' represent in CyberSecurity?

Hardware and Software Misconfiguration. (C)

Which security policy vulnerability arises from the absence of documented security policies?

Unwritten Policy. (C)

What does 'The system sprawl vulnerability' arise within an organizational network?

An increased number of system or server connections without proper documentation of their maintenance. (D)

Which statement describes the key effect and impact of a data exfiltration vulnerability?

The unauthorized retrieval and transmission of sensitive data. (C)

What elements do you combine to assess the level of network risk?

Asset + Threat + Vulnerability (D)

What distinguishes 'Insecure or Poor Design of Network and Application' as a common reason for vulnerabilities?

It refers to situations where firewalls or VPNs are not securely implemented, exposing the network. (B)

Which of the following statements accurately describes a characteristic of 'End-user Carelessness' as a common reason for the existence of vulnerabilities?

It includes situations where users connect to insecure networks, leading to potential attacks from third parties. (C)

Which of the following is an example of a vulnerability related to technological configurations?

Use of HTTP, FTP, ICMP, SNMP, and SMTP. (A)

What is a key characteristic of unwritten security policies as a network security vulnerability?

They lead to challenges in implementing and enforcing security measures. (C)

How does the failure to change default settings on network devices contribute to vulnerabilities?

It makes it easier for attackers to guess the necessary settings to break into systems. (B)

Which action exemplifies unauthorized access resulting from a vulnerability?

An attacker viewing a protected database. (B)

What impact directly affects customers, sales and profit as a result of vulnerabilities?

Reputational damage. (A)

What elements combine to create Risk?

Asset, threat, and vulnerability. (B)

What distinguishes DELME's Batch Virus Maker from other tools?

It is a tool used to create a virus program that can damage the system (C)

If a program is described as a stealthy program that records user's interaction with the computer and the internet without their knowledge, what type of Potentially Unwanted Program is this?

Spyware (A)

After a system encounters slow internet, frequent system lag, and many pop-up advertisements, which of these Potentially Unwanted Applications is most-likely the culprit?

Adware (C)

A user downloads Game.exe from an email attachment labeled "Free Game!". What is MOST-likely the type of malware used in this threat vector?

Trojan (A)

For each replication in a Polymorphic Virus what process does it undergo, to avoid detection?

Modify its code for each replication to avoid detection. (B)

An organization discovers unsupported technical assets within their environment, with limited or outdated patching capabilities; which type of vulnerability is present?

Legacy Platform Vulnerabilities (B)

After performing scanning and reconnaissance, an Attacker places a rootkit by installing into corporate computers using Social Engineering tactics. What is the next objective of the attacker?

To gain remote backdoor access & then mask tracks afterward (A)

An IT auditor finds out that a server containing a web application's database had the older and not upgraded version for over 4 months. Which software management is the cause for this effect?

Poor Patch Management (A)

A software developer ships a product that encrypts user data, but uses a fast hash that easily can be cracked with enough resources. Is this an example of a design flaw?

True, this is a Design flaw in which weak encryption allows Attackers to access logical flaws. (B)

A bot refers to a program used for what?

to turn other computers into agents (B)

What is typically the first stage of fileless malware's attempt to perform malicous activity?

Leveraging existing vulnerabilities on a host (D)

What key step MUST be taken in order to make a device or system protected against attacks, from Default Passwords

Ensure to change default credentials, to prevent bruite force (A)

Flashcards

What is a Threat?

Possible occurence of an undesirable event that can eventually damage and disrupt the functional activities of an organization

Examples of Threats

Stealing sensitive data, causing server shutdowns, tricking employees, infecting systems with malware, spoofing identities

Natural Threats

Natural factors like fires and floods

Internal Threats

Crimes performed by insiders of a business such as disgruntled or negligent employees.

External Threats

External attacks performed by exploiting vulnerabilities already in place in a network without insider assistance

Structured external threats

Technically skilled attackers aiming to disrupt services using tools to gain network access.

Unstructured external threats

Unskilled attackers, often script kiddies, trying primarily to gain access to networks out of curiosity

Black Hats

Those with extraordinary computing skills, often involved in criminal activities.

White Hats

Individuals who use their hacking skills for defensive purposes and securing network and information systems. Have permission from the system owner

Gray Hats

Those who work both offensively and defensively at various times. These individuals help hackers find various vulnerabilities in a system

Suicide Hackers

Individuals who aim to bring down critical infrastructure for a "cause” and are not worried about facing jail terms or any other kind of punishment.

Script Kiddies

Unskilled hackers who compromise systems using tools and scripts developed by others.

Cyber Terrorists

Individuals motivated by religious or political beliefs to disrupt computer networks on a large scale

State-Sponsored Hackers

Individuals employed by governments to infiltrate, gain top-secret information from, and damage other governments' systems.

Hacktivist

Individuals who promote a political agenda by hacking, especially to deface or disable websites

Hacker Teams

A consortium of skilled hackers with resources and funding who work together to research state-of-the-art technologies.

Industrial Spies

Individuals who perform corporate espionage to steal information such as blueprints and formulas

Insider Threats

Trusted employees with access to critical assets who violate rules or cause harm.

Criminal Syndicates

Involved in prolonged illegal activities and embezzling money via cyber-attacks.

Organized Hackers

Miscreants who use rented devices or botnets for various cyber-attacks.

What is a Threat Vector?

A medium through which an attacker gains access to a system by exploiting identified vulnerabilities

Examples of Threat Vectors

Direct, removable media, wireless, and email

Threat Vector: Direct Access

Through direct access, the attacker gains physical access to the target system.

Threat Vector: Removable Media

Devices such as USB drives, phones, and printers when plugged into a network or system.

Threat Vector: Wireless

A corporate device implementing an unsecured wireless hotspot.

Threat Vector: Email

Attackers perform Phishing attacks with malicious attachments.

Threat Vector: Cloud

Attackers inject malware into cloud resources to gain access to user information.

Threat Vector: Ransomware/Malware

Attackers take advantage of unpatched vulnerabilities as a threat vector.

Threat Vector: Supply Chain

The attacker attempts to compromise the target by exploiting vulnerabilities in a third-party vendor.

Threat Vector: Business Partners

Third-party organizations can emerge as a threat vector to an organization.

What is Malware?

Malicious software that damages or disables computer systems.

Malware Uses

Attack browsers, Steal information, Cause hardware failure.

Malware Entry Points

Instant messenger apps, email Attachments, Untrusted sites.

Crypter Component

Software program that eludes antivirus detection, protecting malware from reverse engineering or analysis.

Downloader Component

Trojan that retrieves other malicious code/files from the internet to a device.

Dropper Component

Covert carrier of malware that can perform the installation task

Exploit Component

Part of malware with code/commands to take advantage of system bugs.

Injector Component

Injects malicious code into running processes to prevent removal.

Obfuscator Component

Conceals malicious code via techniques that make difficult for security defenses to detect/remove.

Packer Component

Compresses the malware file.

Payload

Malware part performing the desired activity to compromise security.

Malicious Code Component

Code defining malware functionality and commands for security breaches

Trojan

Malicious code hidden in an ordinary program.

Trojan Attack Indications

computer screen blinks, flips upside-down, pop-ups, and default background changes

How Hackers Use Trojans

Delete or replace critical files, steal sensitive info, and disable firewalls.

Types of Trojans

Trojans are categories based on their functioning and targets

Remote Access Trojans

Enable control over a victim's system.

Backdoor Trojans

Bypassing standard authentication or conventional security mechanisms.

Botnet Trojans

Infects many computers to create a bot-herd for control via a central C&C center.

Rootkit Trojans

Provide full control of the victim OS to the attacker. Difficult to stop as it attacks the root.

E-Banking Trojans

Intercept the account information of someone online banking before the system encrypts.

Point-of-Sale Trojans

Target POS systems and payment equipment to grab credit card and personal information.

Study Notes

What is a Threat?

• Threats are potential occurrences of undesirable events which can damage and disrupt activities in an organization.
• Attackers use cyber threats to infiltrate and steal data, such as personal information, financial data, and login credentials.

Examples of Threats

• Attackers stealing sensitive data from an organization.
• Attackers causing a server shutdown.
• Attackers tricking employees into revealing sensitive information.
• Attackers infecting systems with malware.
• Attackers spoofing the identity of authorized personnel for unauthorized access.
• Attackers modifying/tampering with transferred data over a network.
• Attackers remotely altering data in a database server.
• Attackers performing URL redirection or URL forwarding.
• Attackers performing privilege escalation for unauthorized access.
• Attackers executing denial-of-service (DoS) attacks, rendering resources unavailable.
• Attackers eavesdropping on communication channels without authorized access.

Threat Sources

• Threat sources can be natural, unintentional, or intentional.

Natural Threats

• Natural factors can threaten organizational assets.
• Fires, floods, power failures, lightning, meteor strikes, and earthquakes are natural threats.
• These cause severe physical damage to computer systems.

Unintentional Threats

• Unintentional errors can incite threats.
• Insider-originating security breaches, operator errors, negligence, unskilled administrators, lazy or untrained employees and accidents can be unintentional threats

Intentional Threats

• Internal and external threats are two sources of intentional threats.
• Internal threats includes computer and Internet-related crimes are from insiders or internal attacks.
• Disgruntled or negligent employees are internal threats that harm an organization intentionally or not, they often have privileged network access.
• External threats leverage network vulnerabilities without insider's help, and the severity of these identified network weaknesses dictates the harm caused..

External Threats Further Classified

• Structred Threats: implemented by technically skilled attackers to disrupt services.
  • Motivations include bribes, racism, terrorism, and politics.
    • Examples: distributed ICMP floods, spoofing executing attacks from multiple sources.
  • Attackers are difficult to identify
• Unstructred Threats: implemented by unskilled attackers, to access networks.
  • Untrained attackers use available online tools for network attacks or crashing public websites.
  • They are primarily motivated by curiosity, not criminal intent.
  • Prevented with port-scanning and address-sweeping tools.

Threat Actors/Agents

• Hackers and other malicious actors are categorized into Black Hats, White Hats, Gray Hats, Suicide Hackers, and Script Kiddies.

Black Hats

• They use extraordinary computing skills for illegal or malicious purposes.
• Often involved in criminal activities.

White Hats

• Penetration testers use hacking skills for defensive purposes.
• Security analysts secure networks and systems against malicious attacks with system owner’s permission.

Gray Hats

• Individuals work both offensively and defensively.
• They help hackers discover network vulnerabilities, and help vendors by checking limitations making them secure.

Suicide Hackers

• Aim to disrupt critical infrastructure for a "cause".
• Not concerned about punishment.

Script Kiddies

• Unskilled hackers use scripts, tools, and pre-made software.
• They focus on quantity over quality of attacks performed.
• They aim to gain popularity or prove technical skills.

Other Types of Threat Actors/Agents:

• Cyber Terrorists.
• State-Sponsored Hackers.
• Industrial Spies.
• Insiders.
• Hacker Teams.
• Criminal Syndicates.
• Hacktivists.
• Organized Hackers.

Cyber Terrorists

• Motivated by political/religious beliefs to create fear through large-scale network disruptions.

State-Sponsored Hackers

Skilled hackers used by governments to obtain secret information/damage systems of other governments/military organizations.

• They are detecting/exploiting nation's infrastructure and gathering intelligence

Industrial Spies

• Illegally spy on competitors focusing on designs and stealing corporate secrets.
• Often use Advanced Persistent Threats (APTs).
• May use social engineering to steal sensitive data, which result in financial loss.

Insiders

• Trusted people in an organization who has access to critical assets.
• They use privileged access to violate rules/cause harm involving data corruption.
• Disgruntled or terminated employees, or undertrained staff members are insider threats.

Hacker Teams

• Skilled hackers have own resources and search to gain vulnerabilities.
• Team of hackers also develop advanced techniques executing attacks.

Criminal Syndicates

• They engage in criminal activities, exploiting victims in various jurisdictions.
• Illegally embezzle money with cyber attacks and money-laundering.

Hacktivist

• Form of activism in which hackers break systems as an act of protest.
• They hack to raise awareness boost their reputation with a political agenda.
• They deface websites revel information perceiving a threat unauthorized access is a crime.

Organized Hackers

• Hierarchical hacker groups are organized in criminal activities.
• Using not their own devices and botnets are rented from crimeware to attacks.
• Money is stolen and re-sold for stealing data and intellectual property to covertly penetrate the target network undetected.

Attributes of Threat Actors

 - Internal, External, Level of Sophistication, Resources/Funding, Intent/Motivation

• Internal:
  • Insiders are trusted with authorized systems network and resources.
• External:
  • Outsiders who never have authorized access to systems/networks using physical resources.
• Level of Sophistication:
  • Highly sophisticated actors are more successful.
• Resources/Funding:
  • Attack support is obtained financially on software.
• Intent/Motivation:
  • High level of motivation can be launched connected to attacker political, or personal goals.

Threat Vectors

• A threat vector is the method by which an attacker gains access to a system via known vulnerability.
• Vectors: Direct Access, Removable Media, Wireless, Email, Cloud, Ransomware, Supply Chain, Business Partners

Direct Access

• Attacker gains physical access and performs malicious activities, such as OS change/Keyloggers/software worms
• Attackers download data backup media/portable devices

Removable Media

• USB drives, phones and printers is a threat when plugged in.
• Steals or corrupts files with data with malware on host systems.
• Data leakage through removable media can be difficult to prevent/detect

Wireless

• Unsecured wireless corporate hotspots is open to attack
• Attackers can use authentication credits or spoofing to gain access for the corporate network attack

Email

• Attachments may perform phishing campaigns with malware, or to get information to infect systems

Cloud

• Injecting malware to gain information of user data by decepting cloud systems.
• Accounts are exploited with weak credential, also with access to data in target cloud services

Ransomware/Malware

• Advantage can be extracted using attacks from trojans/file-less/ad/malware to exploit/infiltrate organization

Supply chain

• Vulnerabilities can exploit data or resources to use 3rd party vender.
• Introduce a solution to the use attacks.

Business Partner

• Attacks with 3rd party attacks is for accesses.
• transparency is neeed for introducing cybersecurity is needed to have a solid mutual understanding of trust on mitigating

Intro to Malware

• Malware: Malicious software that damages/disables systems and grants control theft or fraud
• Malware Used for:
  • Attack browsers, Track websites visits, slow down systems, Hardware failure, Steal personal information

Ways for Malware to Enter a System

• Instant Messenger applications; Portable hardware removable media devices; Browsers and software bugs; Untrusted sites; Downloading files Internet; Email attachments are different ways
• Installation by other malware; bluetooth wireless networks

Autorun

• Turn off autoplay to mitigate setup.exe.
• Computer Configuration > expand Admin > Windows Components > Autoplay Policies.
• "Turn off Autoplay" and enable "All Drives".

Techniques to Distribute Malware on the Web

• Black Hat SEO, social-engineering/click jacking; Spear phishing sites; malvertising; compromised websites downloads.
• Emails

Black Hat SEO

• Ranking by aggressive keyword stuffing.

Social Engineered Click-jacking

• Inject malware to execute websites to click malware.

Spear Phishing Sites

• Steal credentials, bank accounts, mimicking institutions

Malvertising

• Embedding illegitimate ads with malware advertisements on systems

Downloads/Infections, Spam

• A website is simply visiting, downloading unintentionally software.
• When using users websites that have system infections their computers perform malicious actives.
• Use emails to send viruses compromised attached

Components of Malware:

• Crypter; Downloader; Dropper; Exploit; Injector; Obfuscator; Packer; Payload
• Java, Activex, Plug installions, and pushed web servers.

Crypter

• Conceals and protects malware from detection through reverse engineering and analysis.

Downloader

• downloads malicious code and files from the Internet to an infected device
• Attackers first gain first access to intall a downloader

Dropper

• Insides drop code need and intial intall of programs to have scanners undetected.

Exploit

• Containing code that benefits digital systems and have users breach security

Injector

• Injects exploit to change malicious execution by preventing removal injection.

Obfuscator

• Concealing malware to prevent system detection from malware

Packer

• Software compresses the malware for conversion.

Payload

• Activated Malware to effect perform open of deletion and modification to port activity

Key Malware Type:

Trojan, virus, ransomware, worms and rootkits.

Characteristics Of Trojans

• Appears to be helpful/legitimate applications, can be installed/opened by unwitting users.
• When opened, the malicious code runs in the background, gives the person a connection and transfers data

Typical Indications of a Trojan Attack:

• Erratic program behavior, new/unfamiliar icons on toolabar, and performance.
• High CPU usage are all signs to know if trojan attack

How the hackers then use trojans:

• Delete/Replace programs or OS files.
• Recording victims can't see.
• Encrypt all data with the victim doesn't have control

Common Ports Used by Trojans

• Ports 20,21,22,23,23, 68, 80 to 7789

Key Trojans Examples:

• Remote access; Backdoor ; DDoS; Point of Sale; Security Software ; Distabler
• Remoted access from the use system and accounting etc. back doors to access from network computer

Back Door

• Bypasses firewalls for undetected access by hacker leveraging accesses machine networks.
• Users may be able to download it or install without knowledge.

Worms

• They replicate with code that's independent and execute connections
• Resources don’t want use human interactions the worm has a payload that install back doors.

Worm vs Virus

• Virus infects system while worm uses OS/Applications.
• Virus change or add data, worms does not modify any stored programs.
• Worm also is easier to remove than virus

LOLJax

• Is from UEFI can be to automatically inject Malware.
• It evade traditional detections and have a persistence of OS data protection and maintains

Potentially Unwanted Applications

• PUAs; are harmful for free software.
• They are covert data monitors on software and free ware types

Adware

Display advertisement, collect data.

Torrent

• Downloading Torrent compell users.

Marketing

• Browser to apps

Cryptomining

• Financial data on bitcoin

Dialers

• Contacts without consent

Spyware

• User interface without record send data to control

Spyware types

• Spy, power spying, and monitors on a computer are some spying applications

Spyware Actions

• Collect user data and send is a prime objective.

Spytech SpyAgent

• Monitor can do ever program key stroke.

KeyLoggers

Hardware and software to monitor keystroke

• Gather confidential data. like banking and pwds that is sensitive accesss.

What they do

• record activities that users monitor like websites data.

Rootkits

• Used to hide presences attack act access is guaranteed.

Common Areas of Vulnerability

End-User Carelessness and Intentional acts are common reasons vulnerabilities arise from end-user acts.

• Natural to be taken due security. Human factor easy effect serious comes losing info.
• Account info gets the bad and loss or be a 3rd party with network on attack

Act/Ends Acts

• Acts can lead to heavy information that’s financial and heavy to get from security.

Techno Vulnerables:

TCIP is insecure/OS’s need updating/Devices need lack of auth and routing.

Configuration Vulnerabilities

• User accounts, System accounts and system

Internet Service

• Default and settings:

Impact Caused Due to Vulnerabilities

• Disclosure; Privilege Escalation; Data modification.

Risk

• Is is asset and vuls it can potential

A Risk

• Is either damage and shutting down the data of business. stealing data all that

Misconfigurations

• Network and hostile misconfiguration is the human is the cause

Default Installation

• Devices and set is needed when downloading or installing the software and the systems

Application Issues

• Buffer overflows are often by data.
• Integer and improper.

Poor Patch Management

• Application, Devices or Serves Can is unpatched to do so.

Design Flaws

• Incorrect validation has data issues for logical attacks
• Data attack have the mechanisms to be hard to see so access happens

Operating System Flaws

• Attacks use malicious code with sensitive info stolen of them.

---

Classificatins

• Configuration/Operational Platform/ known vulnerabilities

---

Summary of the Module:

• Topic discussion is about network actors with examples
• It vector info includes data for threat factors. In malware distribution. Types are explained for the cyber security reasons It covers various reasons as per vulnerabilities in different categories from classification