CompTIA Security+ (SY0-701) Study Guide PDF
Document Details
Uploaded by VitVargKW
CompTIA
Tags
Related
- CompTIA Security+ (SY0-701) section 2.pdf
- CompTIA+Security++(SY0-701)+Study+GuideCourseUdemy.pdf
- CompTIA Security+ SY0-701 Exam Questions PDF
- CompTIA Security+ (SY0-701) Study Guide PDF
- CompTIA Security+ Guide to Network Security Fundamentals PDF
- CompTIA Security+ Exam Prep: Data Sources for Investigations PDF
Summary
This document provides introductory study notes from a course called "CompTIA Security+ (SY0-701)", focusing on security concepts, as well as potential resources and recommendations for preparing for the exam.
Full Transcript
CompTIA Security+ (SY0-701) (Study Notes) CompTIA Security+ (SY0-701) Study Notes Introduction Introduction ○...
CompTIA Security+ (SY0-701) (Study Notes) CompTIA Security+ (SY0-701) Study Notes Introduction Introduction ○ CompTIA Security+ (SY0-701) certification is considered an intermediate level information technology certification and an entry level cyber security certification that focuses on your ability to assess the security posture of an enterprise environment ○ This certification is designed for information technology professionals or aspiring cybersecurity professionals who have already earned their CompTIA A+ and Network+ certifications, but this is a recommendation from CompTIA and not a strict requirement If you have the equivalent of 1-2 years of working with hardware, software, and networks, then you will do fine in this course ○ This course is designed as a full textbook replacement, but if you would like to get a textbook to study from as well, we recommend the official CompTIA Security+ Student Guide available directly from CompTIA ○ CompTIA Security+ (SY0-701) certification exam consists of five domains or areas of knowledge 12% of General Security Concepts 22% of Threats, Vulnerabilities, and Mitigations 18% of Security Architecture 28% of Security Operations 1 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) 20% of Security Program Management and Oversight ○ When taking the CompTIA Security+ certification exam at the testing center or online using the web proctoring service, you are going to have 90 minutes to answer up to 90 questions You’re going to be answering multiple-choice questions, but you may get a few multiple-select questions where they ask you to pick 2 or 3 correct answers for a single question You will also get a handful of performance-based questions ○ To pass the Security+ certification exam, you must score at least 750 points out of 900 on their 100 to 900 point scale ○ To take the exam, you do have to pay an exam fee to cover the cost of testing, and you do that by buying an exam voucher How do you sign up and schedule your exam? CompTIA Store ○ You can do this by going to store.comptia.org and buying it from their web store ○ The price does vary depending on which country you will be taking your exam from since CompTIA uses region based pricing Dion Training ○ You can go to diontraining.com/vouchers and purchase your voucher directly from us, because we are a certified Platinum Level CompTIA Delivery Partner ○ You’ll save an extra 10% or so off the regular CompTIA price ○ We’ll give you free access to our searchable video library as a bonus for buying your voucher from us 2 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) ○ 4 tips for success in this course Turn on closed captioning Control the playback speed Join our FB or Discord group facebook.com/groups/diontraining diontraining.com/discord Download and print the study guide Exam Tips ○ There will be no trick questions Always be on the lookout for distractors or red herrings At least one of the four listed possible answer choices that are written to try and distract you from the correct answer ○ Pay close attention to words in bold, italics, or all uppercase ○ Answer the questions based on CompTIA Security+ knowledge In cybersecurity, there really is no 100% correct answers in the real world because everything is situational When in doubt, choose the answer that is correct for the highest number of situations ○ Understand the key concepts of the test questions ○ Do not memorize the terms word for word, try to understand them instead ○ During the exam, the answers will be from multiple-choice style questions 3 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Fundamentals of Security Objectives: 1.1 - Compare and contrast various types of security controls 1.2 - Summarize fundamental security concepts Fundamentals of Security ○ Information Security Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction ○ Information Systems Security Protecting the systems (e.g., computers, servers, network devices) that hold and process critical data ○ CIA Triad Confidentiality Ensures information is accessible only to authorized personnel (e.g., encryption) Integrity Ensures data remains accurate and unaltered (e.g., checksums) Availability Ensures information and resources are accessible when needed (e.g., redundancy measures) ○ Non-Repudiation Guarantees that an action or event cannot be denied by the involved parties (e.g., digital signatures) 4 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) ○ CIANA Pentagon An extension of the CIA triad with the addition of non-repudiation and authentication ○ Triple A’s of Security Authentication Verifying the identity of a user or system (e.g., password checks) Authorization Determining actions or resources an authenticated user can access (e.g., permissions) Accounting Tracking user activities and resource usage for audit or billing purposes ○ Security Control Categories Technical Managerial Operational Physical ○ Security Control Types Preventative Deterrent Detective Corrective Compensating Directive ○ Zero Trust Model Operates on the principle that no one should be trusted by default 5 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) To achieve zero trust, we use the control plane and the data plane Control Plane ○ Adaptive identity, threat scope reduction, policy-driven access control, and secured zones Data Plane ○ Subject/system, policy engine, policy administrator, and establishing policy enforcement points Threats and Vulnerabilities ○ Threat Anything that could cause harm, loss, damage, or compromise to our information technology systems Can come from the following Natural disasters Cyber-attacks Data integrity breaches Disclosure of confidential information ○ Vulnerability Any weakness in the system design or implementation Come from internal factors like the following Software bugs Misconfigured software Improperly protected network devices Missing security patches Lack of physical security 6 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) ○ Where threats and vulnerabilities intersect, that is where the risk to your enterprise systems and networks lies If you have a threat, but there is no matching vulnerability to it, then you have no risk The same holds true that if you have a vulnerability but there’s no threat against it, there would be no risk ○ Risk Management Finding different ways to minimize the likelihood of an outcome and achieve the desired outcome Confidentiality ○ Confidentiality Refers to the protection of information from unauthorized access and disclosure Ensure that private or sensitive information is not available or disclosed to unauthorized individuals, entities, or processes ○ Confidentiality is important for 3 main reasons To protect personal privacy To maintain a business advantage To achieve regulatory compliance ○ To ensure confidentiality, we use five basic methods Encryption Process of converting data into a code to prevent unauthorized access Access Controls By setting up strong user permissions, you ensure that only authorized personnel can access certain types data 7 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Data Masking Method that involves obscuring specific data within a database to make it inaccessible for unauthorized users while retaining the real data's authenticity and use for authorized users Physical Security Measures Ensure confidentiality for both physical types of data, such as paper records stored in a filing cabinet, and for digital information contained on servers and workstations Training and Awareness Conduct regular training on the security awareness best practices that employees can use to protect their organization’s sensitive data Integrity ○ Integrity Helps ensure that information and data remain accurate and unchanged from its original state unless intentionally modified by an authorized individual Verifies the accuracy and trustworthiness of data over the entire lifecycle ○ Integrity is important for three main reasons To ensure data accuracy To maintain trust To ensure system operability ○ To help us maintain the integrity of our data, systems, and networks, we usually utilize five methods Hashing Process of converting data into a fixed-size value 8 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Digital Signatures Ensure both integrity and authenticity Checksums Method to verify the integrity of data during transmission Access Controls Ensure that only authorized individuals can modify data and this reduces the risk of unintentional or malicious alterations Regular Audits Involve systematically reviewing logs and operations to ensure that only authorized changes have been made, and any discrepancies are immediately addressed Availability ○ Availability Ensure that information, systems, and resources are accessible and operational when needed by authorized users ○ As cybersecurity professionals, we value availability since it can help us with the following Ensuring Business Continuity Maintaining Customer Trust Upholding an Organization's Reputation ○ To overcome the challenges associated with maintaining availability, the best strategy is to use redundancy in your systems and network designs Redundancy Duplication of critical components or functions of a system with the 9 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) intention of enhancing its reliability ○ There are various types of redundancy you need to consider when designing your systems and networks Server Redundancy Involves using multiple servers in a load balanced or failover configuration so that if one is overloaded or fails, the other servers can take over the load to continue supporting your end users Data Redundancy Involves storing data in multiple places Network Redundancy Ensures that if one network path fails, the data can travel through another route Power Redundancy Involves using backup power sources, like generators and UPS systems Non-repudiation ○ Non-repudiation Focused on providing undeniable proof in the world of digital transactions Security measure that ensures individuals or entities involved in a communication or transaction cannot deny their participation or the authenticity of their actions ○ Digital Signatures Considered to be unique to each user who is operating within the digital domain Created by first hashing a particular message or communication that you want to digitally sign, and then it encrypts that hash digest with the user’s private key using asymmetric encryption 10 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) ○ Non-repudiation is important for three main reasons To confirm the authenticity of digital transactions To ensure the integrity of critical communications To provide accountability in digital processes Authentication ○ Authentication Security measure that ensures individuals or entities are who they claim to be during a communication or transaction ○ 5 commonly used authentication methods Something you know (Knowledge Factor) Relies on information that a user can recall Something you have (Possession Factor) Relies on the user presenting a physical item to authenticate themselves Something you are (Inherence Factor) Relies on the user providing a unique physical or behavioral characteristic of the person to validate that they are who they claim to be Something you do (Action Factor) Relies on the user conducting a unique action to prove who they are Somewhere you are (Location Factor) Relies on the user being in a certain geographic location before access is granted ○ Multi-Factor Authentication System (MFA) Security process that requires users to provide multiple methods of identification to verify their identity 11 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) ○ Authentication is critical to understand because of the following To prevent unauthorized access To protect user data and privacy To ensure that resources are accessed by valid users only Authorization ○ Authorization Pertains to the permissions and privileges granted to users or entities after they have been authenticated ○ Authorization mechanisms are important to help us with the following To protect sensitive data To maintain the system integrity in our organizations To create a more streamlined user experience Accounting ○ Accounting Security measure that ensures all user activities during a communication or transaction are properly tracked and recorded ○ Your organization should use a robust accounting system so that you can create the following Create an audit trail Provides a chronological record of all user activities that can be used to trace changes, unauthorized access, or anomalies back to a source or point in time Maintain regulatory compliance Maintains a comprehensive record of all users’ activities 12 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Conduct forensic analysis Uses detailed accounting and event logs that can help cybersecurity experts understand what happened, how it happened, and how to prevent similar incidents from occurring again Perform resource optimization Organizations can optimize system performance and minimize costs by tracking resource utilization and allocation decisions Achieve user accountability Thorough accounting system ensures users’ actions are monitored and logged , deterring potential misuse and promoting adherence to the organization’s policies ○ To perform accounting, we usually use different technologies like the following Syslog Servers Used to aggregate logs from various network devices and systems so that system administrators can analyze them to detect patterns or anomalies in the organization’s systems Network Analysis Tools Used to capture and analyze network traffic so that network administrators can gain detailed insights into all the data moving within a network Security Information and Event Management (SIEM) Systems Provides us with a real-time analysis of security alerts generated by various hardware and software infrastructure in an organization 13 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Security Control Categories ○ 4 Broad Categories of Security Controls Technical Controls Technologies, hardware, and software mechanisms that are implemented to manage and reduce risks Managerial Controls Sometimes also referred to as administrative controls Involve the strategic planning and governance side of security Operational Controls Procedures and measures that are designed to protect data on a day-to-day basis Are mainly governed by internal processes and human actions Physical Controls Tangible, real-world measures taken to protect assets Security Control Types ○ 6 Basic Types of Security Controls Preventive Controls Proactive measures implemented to thwart potential security threats or breaches Deterrent Controls Discourage potential attackers by making the effort seem less appealing or more challenging Detective Controls Monitor and alert organizations to malicious activities as they occur or 14 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) shortly thereafter Corrective Controls Mitigate any potential damage and restore our systems to their normal state Compensating Controls Alternative measures that are implemented when primary security controls are not feasible or effective Directive Controls Guide, inform, or mandate actions Often rooted in policy or documentation and set the standards for behavior within an organization Gap Analysis ○ Gap Analysis Process of evaluating the differences between an organization's current performance and its desired performance ○ Conducting a gap analysis can be a valuable tool for organizations looking to improve their operations, processes, performance, or overall security posture ○ There are several steps involved in conducting a gap analysis Define the scope of the analysis Gather data on the current state of the organization Analyze the data to identify any areas where the organization's current performance falls short of its desired performance Develop a plan to bridge the gap 15 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) ○ 2 Basic Types of Gap Analysis Technical Gap Analysis Involves evaluating an organization's current technical infrastructure identifying any areas where it falls short of the technical capabilities required to fully utilize their security solutions Business Gap Analysis Involves evaluating an organization's current business processes Identifying any areas where they fall short of the capabilities required to fully utilize cloud-based solutions Plan of Action and Milestones (POA&M) Outlines the specific measures to address each vulnerability Allocate resources Set up timelines for each remediation task that is needed Zero Trust ○ Zero Trust demands verification for every device, user, and transaction within the network, regardless of its origin ○ To create a zero trust architecture, we need to use two different planes Control Plane Refers to the overarching framework and set of components responsible for defining, managing, and enforcing the policies related to user and system access within an organization Control Plane typically encompasses several key elements ○ Adaptive Identity Relies on real-time validation that takes into account the user's behavior, device, location, and more 16 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) ○ Threat Scope Reduction Limits the users’ access to only what they need for their work tasks because this reduces the network’s potential attack surface Focused on minimizing the "blast radius" that could occur in the event of a breach ○ Policy-Driven Access Control Entails developing, managing, and enforcing user access policies based on their roles and responsibilities ○ Secured Zones Isolated environments within a network that are designed to house sensitive data Data Plane Ensures the policies are properly executed Data plane consists of the following ○ Subject/System Refers to the individual or entity attempting to gain access ○ Policy Engine Cross-references the access request with its predefined policies ○ Policy Administrator Used to establish and manage the access policies ○ Policy Enforcement Point Where the decision to grant or deny access is actually execute 17 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Threat Actors Objectives: 1.2 - Summarize fundamental security concepts 2.1 - Compare and contrast common threat actors and motivations 2.2 - Explain common threat vectors and attack surfaces Threat Actors ○ Threat Actor Motivations Data Exfiltration Blackmail Espionage Service Disruption Financial Gain, Philosophical/Political Beliefs Ethical Reasons Revenge Disruption/Chaos War ○ Threat Actor Attributes Internal vs. External Threat Actors Differences in resources and funding Level of sophistication ○ Types of Threat Actors Unskilled Attackers Limited technical expertise, use readily available tools 18 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Hacktivists Driven by political, social, or environmental ideologies Organized Crime Execute cyberattacks for financial gain (e.g., ransomware, identity theft) Nation-state Actor Highly skilled attackers sponsored by governments for cyber espionage or warfare Insider Threats Security threats originating from within the organization ○ Shadow IT IT systems, devices, software, or services managed without explicit organizational approval ○ Threat Vectors and Attack Surfaces Message-based Image-based File-based Voice Calls Removable Devices Unsecured Networks ○ Deception and Disruption Technologies Honeypots Decoy systems to attract and deceive attackers Honeynets Network of decoy systems for observing complex attacks Honeyfiles Decoy files to detect unauthorized access or data breaches 19 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Honeytokens Fake data to alert administrators when accessed or used Threat Actor Motivations ○ There is a difference between the intent of the attack and the motivation that fuels that attack Threat Actors Intent Specific objective or goal that a threat actor is aiming to achieve through their attack Threat Actors Motivation Underlying reasons or driving forces that pushes a threat actor to carry out their attack ○ Different motivations behind threat actors Data Exfiltration Unauthorized transfer of data from a computer Financial Gain Achieved through various means, such as ransomware attacks, or through banking trojans that allow them to steal financial information in order to gain unauthorized access into the victims' bank accounts Blackmail Attacker obtains sensitive or compromising information about an individual or an organization and threatens to release this information to the public unless certain demands are met Service Disruption Some threat actors aim to disrupt the services of various organizations, either to cause chaos, make a political statement, or to demand a ransom 20 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Philosophical or Political Beliefs Attacks that are conducted due to the philosophical or political beliefs of the attackers is known as hacktivism Common motivation for a specific type of threat actor known as a hacktivist Ethical Reasons Contrary to malicious threat actors, ethical hackers, also known as Authorized hackers, are motivated by a desire to improve security Revenge It can also be a motivation for a threat actor that wants to target an entity that they believe has wronged them in some way Disruption or Chaos Creating and spreading malware to launching sophisticated cyberattacks against the critical infrastructure in a populated city Espionage Spying on individuals, organizations, or nations to gather sensitive or classified information War Cyber warfare can be used to disrupt a country's infrastructure, compromise its national security, and to cause economic damage Threat Actor Attributes ○ 2 Most Basic Attributes of a Threat Actor Internal Threat Actors Individuals or entities within an organization who pose a threat to its security 21 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) External Threat Actors Individuals or groups outside an organization who attempt to breach its cybersecurity defenses ○ Resources and funding available to the specific threat actor Tools, skills, and personnel at the disposal of a given threat actor ○ Level of sophistication and capability of the specific threat actor Refers to their technical skill, the complexity of the tools and techniques they use, and their ability to evade detection and countermeasures In the world of cybersecurity, we usually classify the lowest skilled threat actors as "script kiddies" Script Kiddie ○ Individual with limited technical knowledge ○ use pre-made software or scripts to exploit computer systems and networks Nation-state actors, Advanced Persistent Threats and others have high levels of sophistication and capabilities and possess advanced technical skills Use sophisticated tools and techniques Unskilled Attackers ○ Unskilled Attacker (Script Kiddie) Individual who lacks the technical knowledge to develop their own hacking tools or exploits These low-skilled threat actors need to rely on scripts and programs that have been developed by others ○ How do these unskilled attackers cause damage? One way is to launch a DDoS attack 22 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) An unskilled attacker can simply enter in the IP address of the system they want to target, and then click a button to launch an attacker against that target Hacktivists ○ Hacktivists Individuals or groups that use their technical skills to promote a cause or drive social change instead of for personal gain ○ Hacktivism Activities in which the use of hacking and other cyber techniques is used to promote or advance a political or social cause ○ To accomplish their objectives, hacktivists use a wide range of techniques to achieve their goals Website Defacement Form of electronic graffiti and is usually treated as an act of vandalism Distributed Denial of Service (DDoS) Attacks Attempting to overwhelm the victim's systems or networks so that they cannot be accessed by the organization's legitimate users Doxing Involves the public release of private information about an individual or organization Leaking of Sensitive Data Releasing sensitive data to the public at large over the internet ○ Hacktivists are primarily motivated by their ideological beliefs rather than trying to achieve financial gains 23 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) ○ Most well-known hacktivist groups is known as “Anonymous” Anonymous Loosely affiliated collective that has been involved in numerous high-profile attacks over the years for targeting organizations that they perceive as acting unethically or against the public interest at large Organized Crime ○ Organized cybercrime groups are groups or syndicates that have banded together to conduct criminal activities in the digital world Sophisticated and well structured Use resources and technical skills for illicit gain ○ In terms of their technical capabilities, organized crime groups possess a very high level of technical capability and they often employ advanced hacking techniques and tools Custom Malware Ransomware Sophisticated Phishing Campaigns ○ These criminal groups will engage in a variety of illicit activities to generate revenue for their members Data Breaches Identity Theft Online Fraud Ransomware Attacks ○ Unlike hacktivists or nation state actors, organized cybercrime groups are not typically driven by ideological or political objectives These groups may be hired by other entities, including governments, to conduct cyber operations and attacks on their behalf 24 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Money, not other motivations is the objective of their attacks even if the attack takes place in the political sphere Nation-state Actor ○ Nation-state Actor Groups or individuals that are sponsored by a government to conduct cyber operations against other nations, organizations, or individuals ○ Sometimes, these threat actors attempt what is known as a false flag attack False Flag Attack Attack that is orchestrated in such a way that it appears to originate from a different source or group than the actual perpetrators, with the intent to mislead investigators and attribute the attack to someone else ○ Nation-state actors possess advanced technical skills and extensive resources, and they are capable of conducting complex, coordinated cyber operations that employ a variety of techniques such as Creating custom malware Using zero-day exploits Becoming an advanced persistent threats ○ Advanced Persistent Threat (APT) Term that used to be used synonymously with a nation-state actor because of their long-term persistence and stealth A prolonged and targeted cyberattack in which an intruder gains unauthorized access to a network and remains undetected for an extended period while trying to steal data or monitor network activities rather than cause immediate damage These advanced persistent threats are often sponsored by a nation-state or its proxies, like organized cybercrime groups 25 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) ○ What motivates a nation-state actor? Nation-state actors are motivated to achieve their long-term strategic goals, and they are not seeking financial gain Insider Threats ○ Insider Threats Cybersecurity threats that originate from within the organization Will have varying levels of capabilities ○ Insider threats can take various forms Data Theft Sabotage Misuse of access privileges ○ Each insider threat is driven by different motivations Some are driven by financial gain and they want to profit from the sale of sensitive organizational data to others Some may be motivated by revenge and are aiming to harm the organization due to some kind of perceived wrong levied against the insider Some may take actions as a result of carelessness or a lack of awareness of cybersecurity best practices ○ Remember Insider threat refers to the potential risk posed by individuals within an organization who have access to sensitive information and systems, and who may misuse this access for malicious or unintended purposes To mitigate the risk of an insider threat being successful, organizations should implement the following Zero-trust architecture 26 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Employ robust access controls Conduct regular audits Provide effective employee security awareness programs Shadow IT ○ Shadow IT Use of information technology systems, devices, software, applications, and services without explicit organizational approval IT-related projects that are managed outside of, and without the knowledge of, the IT department ○ Why does Shadow IT exist? An organization's security posture is actually set too high or is too complex for business operations to occur without be negatively affected ○ Bring Your Own Devices (BYOD) Involves the use of personal devices for work purposes Threat Vectors and Attack Surfaces ○ Threat Vector Means or pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload or carry out an unwanted action ○ Attack Surface Encompasses all the various points where an unauthorized user can try to enter data to or extract data from an environment Can be minimized by Restricting Access 27 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Removing unnecessary software Disabling unused protocols ○ Think of threat vector as the "how" of an attack, whereas the attack surface is the "where" of the attack ○ Several different threat vectors that could be used to attack your enterprise networks Messages Message-based threat vectors include threats delivered via email, simple message service (SMS text messaging), or other forms of instant messaging Phishing campaigns are commonly used as part of a message-based threat vector when an attacker impersonates a trusted entity to trick its victims into revealing their sensitive information to the attacker Images Image-based threat vectors involve the embedding of malicious code inside of an image file by the threat actor Files The files, often disguised as legitimate documents or software, can be transferred as email attachments, through file-sharing services, or hosted on a malicious website Voice Calls Vhishing ○ Use of voice calls to trick victims into revealing their sensitive information to an attacker 28 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Removable Devices One common technique used with removable devices is known as baiting ○ Baiting Attacker might leave a malware-infected USB drive in a location where their target might find it, such as in the parking lot or the lobby of the targeted organization Unsecure Networks Unsecure networks includes wireless, wired, and Bluetooth networks that lack the appropriate security measures to protect these networks If wireless networks are not properly secured, unauthorized individuals can intercept the wireless communications or gain access to the network Wired networks tend to be more secure than their wireless networks, but they are still not immune to threats ○ Physical access to the network infrastructure can lead to various attacks MAC Address Cloning VLAN Hopping By exploiting vulnerabilities in the Bluetooth protocol, an attacker can carry out their attacks using techniques like the BlueBorne or BlueSmack exploits ○ BlueBorne Set of vulnerabilities in Bluetooth technology that can allow an attacker to take over devices, spread malware, or even establish an on-path attack to intercept communications without any user interaction 29 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) ○ BlueSmack Type of Denial of Service attack that targets Bluetooth-enabled devices by sending a specially crafted Logical Link Control and Adaptation Protocol packet to a target device Outsmarting Threat Actors ○ One of the most effective ways to learn from the different threat actors that are attacking your network is to set up and utilize deception and disruption technologies ○ Tactics, Techniques, and Procedures (TTPs) Specific methods and patterns of activities or behaviors associated with a particular threat actor or group of threat actors ○ Deceptive and Disruption Technologies Technologies designed to mislead, confuse, and divert attackers from critical assets while simultaneously detecting and neutralizing threats Honeypots Decoy system or network set up to attract potential hackers Honeynets Network of honeypots to create a more complex system that is designed to mimic an entire network of systems ○ Servers ○ Routers ○ Switches Honeyfiles Decoy file placed within a system to lure in potential attackers 30 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Honeytokens Piece of data or a resource that has no legitimate value or use but is monitored for access or use ○ Some disruption technologies and strategies to help secure our enterprise networks Bogus DNS entries Fake Domain Name System entries introduced into your system's DNS server Creating decoy directories Fake folders and files placed within a system's storage Dynamic page generation Effective against automated scraping tools or bots trying to index or steal content from your organization's website Use of port triggering to hide services Port Triggering ○ Security mechanism where specific services or ports on a network device remain closed until a specific outbound traffic pattern is detected Spoofing fake telemetry data When a system detects a network scan is being attempted by an attacker, it can be configured to respond by sending out fake telemetry or network data 31 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Physical Security Objectives: 1.2 - Summarize fundamental security concepts 2.4 - Analyze indicators of malicious activity Physical Security ○ Physical Security Measures to protect tangible assets (buildings, equipment, people) from harm or unauthorized access ○ Security Controls Fencing and Bollards Bollards ○ Short, sturdy vertical posts controlling or preventing vehicle access Fences ○ Barriers made of posts and wire or boards to enclose or separate areas Brute Force Attacks Forcible entry Tampering with security devices Confronting security personnel Ramming a barrier with a vehicle Surveillance Systems An organized strategy to observe and report activities Components ○ Video surveillance 32 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) ○ Security guards ○ Lighting ○ Sensors Access Control Vestibules Double-door system electronically controlled to allow only one door open at a time Prevents piggybacking and tailgating Door Locks Padlocks Pin and tumbler locks Numeric locks Wireless locks Biometric locks Cipher locks Electronic access control systems Access Badges Use of Radio Frequency Identification (RFID) or Near Field Communication (NFC) for access Fencing and Bollards ○ Fencing and bollards stand out as some of the most primitive tools that are employed to safeguard assets and people ○ Fence Structure that encloses an area using interconnected panels or posts In terms of physical security, fences serve several purposes Provides a visual deterrent by defining a boundary that should not be 33 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) violated by unauthorized personnel Establish a physical barrier against unauthorized entry Effectively delay intruders which helps provide our security personnel a longer window of time to react ○ Bollards Robust, short vertical posts, typically made of steel or concrete, that are designed to manage or redirect vehicular traffic ○ Fencing is considered to be more adaptable and well-suited for safeguarding large perimeters around the entire building ○ Bollards are really designed to counter vehicular threats in a specific area instead Attacking with Brute Force ○ Brute Force Type of attack where access to a system is gained by simply trying all of the possibilities until you break through ○ In terms of physically security, brute force focuses on the following Forcible Entry Act of gaining unauthorized access to a space by physically breaking or bypassing its barriers, such as windows, doors, or fences Use high-strength doors with deadbolt locks, metal frames, or a solid core Tampering with security devices Involves manipulating security devices to create new vulnerabilities that can be exploited To protect against tampering with security devices, have redundancy in physical security measures 34 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Confronting security personnel Involves the direct confrontation or attack of your organization's security personnel Security personnel should undergo rigorous conflict resolution and self-defense training to mitigate risks Ramming barriers with vehicles Uses a car, truck, or other motorized vehicle to ram into the organization's physical security barriers, such as a fence, a gate, or even the side of your building Install bollards or reinforced barriers to prevent vehicles from driving into your facilities Surveillance Systems ○ Surveillance System Organized strategy or setup designed to observe and report activities in a given area ○ Surveillance is often comprised of four main categories Video Surveillance Can include the following ○ Motion detection ○ Night vision ○ Facial recognition Remote access Provides real-time visual feedback A wired solution security camera is physically cabled from the device back to the central monitoring station 35 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) A wireless solution relies on Wi-Fi to send its signal back to the central monitoring station Pan-Tilt-Zoom (PTZ) System ○ Can move the camera or its angle to better detect issues during an intrusion Best places to have cameras ○ Data center ○ Telecommunications closets ○ Entrance or exit areas Cameras should be configured to record what they’re observing Security Guards Flexible and adaptable forms of surveillance that organizations use Helps to reassure your staff or your customers that they are safe Lighting Proper lighting is crucial for conducting effective surveillance using both video and security guards If you create well-lit areas, this can deter criminals, reduce shadows and hiding spots, and enhance the quality of your video recordings Sensors Devices that detect and respond to external stimuli or changes in the environment There are four categories of sensors ○ Infrared Sensors Detect changes in infrared radiation that is often emitted by warm bodies like humans or animals 36 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) ○ Pressure Sensors Activated whenever a specified minimum amount of weight is detected on the sensor that is embedded into the floor or a mat ○ Microwave Sensors Detect movement in an area by emitting microwave pulses and measuring their reflection off moving objects ○ Ultrasonic Sensors Measures the reflection of ultrasonic waves off moving objects Bypassing Surveillance Systems ○ Some of the different methods used by attackers to bypass your organization's surveillance systems Visual Obstruction Blocking the camera’s line of sight Can involve the following ○ spraying paint or foam onto the camera lens ○ placing a sticker or tape over the lens ○ positioning objects like balloons or umbrellas in front of the camera to block its view Blinding Sensors and Cameras Involves overwhelming the sensor or camera with a sudden burst of light to render it ineffective for a limited period of time Interfering with Acoustics Acoustic systems are designed to listen to the environment to detect if 37 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) someone is in the area or to eavesdrop on their conversations Jamming or playing loud music to disrupt the microphone’s functionality Interfering with Electromagnetic Electromagnetic Interference (EMI) ○ Involves jamming the signals that surveillance system relies on to monitor the environment Attacking the Physical Environment Exploit the environment around the surveillance equipment to compromise their functionality ○ Physical tampering, like cutting wires or physically disabling devices, is an effective strategy to bypass surveillance systems ○ Modern systems are equipped with countermeasures to help protect surveillance systems Access Control Vestibules ○ Access Control Vestibules Double-door system that is designed with two doors that are electronically controlled to ensure that only one door can be open at a given time ○ These access control vestibules can also help prevent piggybacking and tailgating Piggybacking Involves two people working together with one person who has legitimate access intentionally allows another person who doesn't have proper authorization to enter a secure area with them Tailgating Occurs whenever an unauthorized person closely follows someone through the access control vestibule who has legitimate access into the 38 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) secure space without their knowledge or consent The key difference between Piggybacking and Tailgating Piggybacking uses social engineering to gain consent of the person with legitimate access Tailgating doesn’t use or obtain the consent of the person with legitimate access. ○ Access control vestibules are usually integrated with electronic badges and operated by a security guard at the entrance to a secure facility or office building Badges contain RFID (Radio-Frequency Identification) NFC (Near-field Communication) Magnetic strips ○ Security guards are often at access control vestibules because they provide Visual deterrent Assistance Check identity Response Door Locks ○ Door Locks Critical physical security control measure designed to restrict and regulate access to specific spaces or properties, preventing unauthorized intrusions and safeguarding sensitive data and individuals ○ Types of Door Locks Traditional Padlocks Easily defeated and offer minimal protection 39 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Basic Door Locks Vulnerable to simple techniques like lock picking Modern Electronic Door Locks Utilize various authentication methods for enhanced security Authentication Methods ○ Identification Numbers Require entry of a unique code, providing a balance of security and convenience ○ Wireless Signals Utilize technologies like NFC, Wi-Fi, Bluetooth, or RFID for unlocking ○ Biometrics Rely on physical characteristics like fingerprints, retinal scans, or facial recognition for authentication Biometric Challenges False Acceptance Rate (FAR) ○ Occurs when the system erroneously authenticates an unauthorized user ○ Lower FAR by increasing scanner sensitivity False Rejection Rate (FRR) ○ Denies access to an authorized user. Adjusting sensitivity can increase FRR Crossover Error Rate (CER) ○ A balance between FAR and FRR for optimal authentication effectiveness 40 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) ○ Some electronic door locks use multiple factors, such as an identification number and fingerprint, to increase security ○ Cipher Locks Mechanical locks with numbered push buttons, requiring a correct combination to open Commonly used in high-security areas like server rooms ○ Secure entry areas in office buildings, often using electronic access systems with badges and PINs for authentication Access Badge Cloning ○ Radio Frequency Identification (RFID) and Near Field Communication (NFC) are popular technologies used for contactless authentication in various applications ○ Access Badge Cloning Copying the data from an RFID or NFC card or badge onto another card or device ○ How does an attacker clone an access badge? Step 1: Scanning Scanning or reading the targeted individual’s access badge Step 2: Data Extraction Attackers extract the relevant authentication credentials from the card, such as a unique identifier or a set of encrypted data Step 3: Writing to a new card or device Attacker will then transfers the extracted data onto a blank RFID or NFC card or another compatible device Step 4: Using the cloned access badge Attackers gain unauthorized access to buildings, computer systems, or even make payments using a cloned NFC-enabled credit card 41 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) ○ Access badge cloning is common because of its Ease of execution Ability to be stealthy when conducting the attack Potentially widespread use in compromising physical security ○ How can you stop access badge cloning? Implement advanced encryption in your card-based authentication systems Implement Multi-Factor Authentication (MFA) Regularly update your security protocols Educate your users Implement the use of shielded wallets or sleeves with your RFID access badges Monitor and audit your access logs 42 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Social Engineering Objectives: 2.2 - Explain common threat vectors and attack surfaces 5.6 - Given a scenario, you must be able to implement security awareness practices Social Engineering ○ Social Engineering Manipulative strategy exploiting human psychology for unauthorized access to systems, data, or physical spaces ○ Motivational Triggers Used by Social Engineers Familiarity and Likability Consensus and Social Proof Authority and Intimidation Scarcity and Urgency ○ Social Engineering Techniques Impersonation Pretending to be someone else Includes brand impersonation, typo-squatting, and watering hole attacks Pretexting Creating a fabricated scenario to manipulate targets Impersonating trusted figures to gain trust 43 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) ○ Types of Phishing Attacks Phishing Vishing Smishing Spear Phishing Whaling Business Email Compromise ○ Frauds and Scams Deceptive practices to deceive people into parting with money or valuable information Identifying and training against frauds and scams ○ Influence Campaigns Spreading misinformation and disinformation, impacting politics, economics, etc. ○ Other Social Engineering Attacks Diversion Theft Hoaxes Shoulder Surfing Dumpster Diving Eavesdropping Baiting Piggybacking Tailgating 44 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Motivational Triggers ○ Six main types of motivational triggers that social engineers use Authority Most people are willing to comply and do what you tell them to do if they believe it is coming from somebody who is in a position of authority to make that request Urgency Compelling sense of immediacy or time-sensitivity that drives individuals to act swiftly or prioritize certain actions Social Proof Psychological phenomenon where individuals look to the behaviors and actions of others to determine their own decisions or actions in similar situations Scarcity Psychological pressure people feel when they believe a product, opportunity, or resource is limited or in short supply Likability Most people want to interact with people they like, and social engineers realize this Can be ○ Sexual attraction ○ Pretending to be a friend ○ Common interest Fear These types of attacks generally are focused on "if you don't do what I tell you, then this bad thing is going to happen to you” 45 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Impersonation ○ Four main forms of impersonation used by attackers Impersonation Attack where an adversary assumes the identity of another person to gain unauthorized access to resources or steal sensitive data Requires the attacker to collect information about the organization so that they can more easily earn the trust of their targeted users Attackers provide details to help make the lies and the impersonation more believable to a potential victim Consequences ○ Unauthorized access ○ Disruption of services ○ Complete system takeover To mitigate against these types of attacks, organizations must provide security awareness training to their employees on a regular basis so that they remain vigilant against future attacks Brand Impersonation More specific form of impersonation where an attacker pretends to represent a legitimate company or brand Attackers use the brand’s logos, language, and information to create deceptive communications or website To protect against brand impersonation, organizations should do the following ○ Educate their users about these types of threats ○ Use secure email gateways to filter out phishing emails 46 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) ○ Regularly monitor their brand's online presence to detect any fraudulent activities as soon as they occur Typosquatting Also known as URL hijacking or cybersquatting Form of cyber attack where an attacker will register a domain name that is similar to a popular website but contain some kind of common typographical errors To combat typosquatting, organizations will often do the following ○ Register common misspellings of their own domain names ○ Use services that monitor for similar domain registrations ○ Conduct user security awareness training to educate users about the risks of typosquatting Watering Hole Attacks Targeted form of cyber attack where attackers compromise a specific website or service that their target is known to use The term is a metaphor for a naturally occurring phenomenon ○ In the world of cybersecurity, the "watering hole" the attacker chooses to utilize will usually be a trusted website or online service To mitigate watering hole attacks, organizations should do the following ○ Keep their systems and software updated ○ Use threat intelligence services to stay informed about new threats ○ Employ advanced malware detection and prevention tools 47 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Pretexting ○ Pretexting Gives some amount of information that seems true so that the victim will give more information ○ Mitigation involves training the employees not to fall for pretext and not to fill in the gaps for people when they are calling Phishing Attacks ○ Different Types of Phishing Attacks Phishing Sending fraudulent emails that appear to be from reputable sources with the aim of convincing individuals to reveal personal information, such as passwords and credit card numbers Spear Phishing More targeted form of phishing that is used by cybercriminals who are more tightly focused on a specific group of individuals or organizations Has a higher success rate Whaling Form of spear phishing that targets high-profile individuals, like CEOs or CFOs Attacker isn't trying to catch the little fish in an organization, but instead they want to catch one of the executives, board members, or higher level managers in the company since the rewards are potentially much greater Often used as an initial step to compromise an executive’s account for subsequent attacks within their organization 48 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Business Email Compromise (BEC) Sophisticated type of phishing attack that usually targets businesses by using one of their internal email accounts to get other employees to perform some kind of malicious actions on behalf of the attacker Taking over a legitimate business email accounts through social engineering or cyber intrusion techniques to conduct unauthorized fund transfers, redirect payments, or steal sensitive information Vishing (Voice Phishing) Attacker tricks their victims into sharing personal or financial information over the phone Smishing (SMS Phishing) Involves the use of text messages to trick individuals into providing their personal information Preventing Phishing Attacks ○ By implementing the right strategies and providing user security awareness training, the threat of a successful phishing campaign against your organization can be mitigated effectively ○ Anti-phishing Campaign Essential user security awareness training tool that can be used to educate individuals about the risks of phishing and how to best identify potential phishing attempts Should offer remedial training for users who fell victim to simulated phishing emails 49 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) ○ To help prevent phishing your organization should regularly conduct user security awareness training that contains coverage of the various phishing techniques Phishing Spear Phishing Whaling Business Email Compromise Vishing Smishing Along with other relevant cyber threats and attacks that may affect your organization ○ There are some commonly used key indicators that are associated with phishing attacks Urgency Phishing emails often create a sense of urgency by prompting the recipient to act immediately Unusual Requests If your receive an email requesting sensitive information, such as passwords or credit card numbers, you should treat these emails with a lot of suspicion Mismatched URLs When you are looking at an HTML-based email, the words you are reading are called the display text, but the underlying URL of the weblink could be set to anything you want To check if the text-based link matches the underlying URL, you should always hover your mouse over the link in the email for a few seconds and this will reveal the actual URL that the link is connected to 50 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Strange Email Addresses If the real email address and the displayed email address don't match, then the email should be treated as suspicious and possibly part of a phishing campaign Poor Spelling or Grammar If an email has a lot of "broken English", poor grammar, or numerous spelling errors, it is likely to be part of a phishing campaign ○ Mitigation Training Report suspicious messages to protect your organization from potential phishing attacks Analyze the threat Inform all users about the threat If the phishing email was opened, conduct a quick investigation and triage the user’s system An organization should revise its security measures for every success phishing attack Frauds and Scams ○ Fraud Wrongful or criminal deception that is intended to result in financial or personal gain for the attacker One of the most common types of fraud that you will see online is known as identity fraud or identity theft Identity Fraud and Identity Theft ○ Involves the use of another person's personal information without 51 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) their authorization to commit a crime or to deceive or defraud that other person or some other third party Difference between identity fraud and identity theft ○ In identity fraud, the attacker takes the victim’s credit card number and charges items to the card ○ In identity theft, the attacker tries to fully assume the identity of their victim ○ Scams Fraudulent or deceptive act or operation Most common scam is called the invoice scam Invoice Scam ○ In which a person is tricked into paying for a fake invoice for a product or service that they did not actually order Influence Campaigns ○ Influence Campaigns Coordinated efforts to affect public perception or behavior towards a particular cause, individual, or group Are a powerful tool for shaping public opinion and behavior Foster misinformation and disinformation ○ Misinformation False or inaccurate information shared without harmful intent ○ Disinformation Involves the deliberate creation and sharing of false information with the intent to deceive or mislead ○ Remember, misinformation and disinformation can have serious consequences because 52 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) they can undermine public trust in institutions, fuel social divisions, and even influence the outcomes of elections Other Social Engineering Attacks ○ Some of the common other social engineering attacks Diversion Theft Involves manipulating a situation or creating a distraction to steal valuable items or information Hoaxes Malicious deception that is often spread through social media, email, or other communication channels Often paired with phishing attacks and impersonation attacks To prevent hoaxes people must fact check and use good critical thinking skills Shoulder Surfing Involves looking over someone's shoulder to gather personal information Includes the use of high powered cameras or closed-circuit television cameras to steal information from a distance To prevent shoulder surfing, users must be aware of their surroundings when providing any sensitive information Dumpster Diving Involves searching through trash to find valuable information Commonly used to find discarded documents containing personal or corporate information Use clean desk and clean desktop policies 53 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Eavesdropping Involves the process of secretly listening to private conversations perpetrator intercepts the communication of parties without their knowledge Prevent this by encrypting data in transit Baiting Involves leaving a malware-infected physical device, like a USB drive, in a place where it will be found by a victim, who will then hopefully use the device to unknowingly install malware on their organization's computer system To prevent baiting, train users to not use devices they find Piggybacking and Tailgating Involve an unauthorized person following an authorized person into a secure area Tailgating ○ Attacker attempts to follow an employee through an access control vestibule or access control point without their knowledge Piggybacking ○ Involves an attacker convincing an authorized employee to let them into the facility by getting the authorized employee to swipe their own access badge and allow the attacker inside the facility 54 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Malware Objective 2.4: Given a scenario, analyze indicators of malicious activity Malware ○ Malware Malicious software designed to infiltrate computer systems and potentially damage them without user consent ○ Categories Viruses Worms Trojans Ransomware Spyware Rootkits Spam ○ Threat Vector vs. Attack Vector Threat Vector Method used to infiltrate a victim's machine Examples ○ Unpatched software ○ USB drive installation ○ Phishing campaigns Attack Vector Means by which the attacker gains access and infects the system Combines both infiltration method and infection process 55 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) ○ Types of Malware Attacks Viruses Attach to clean files, spread, and corrupt host files Worms Standalone programs replicating and spreading to other computers Trojans Disguise as legitimate software, grant unauthorized access Ransomware Encrypts user data, demands ransom for decryption Zombies and Botnets Compromised computers remotely controlled in a network for malicious purposes Rootkits Hide presence and activities on a computer, operate at the OS level Backdoors and Logic Bombs Backdoors allow unauthorized access, logic bombs execute malicious actions Keyloggers Record keystrokes, capture passwords or sensitive information Spyware and Bloatware Spyware monitors and gathers user/system information, bloatware consumes resources without value ○ Malware Techniques and Infection Vectors Evolving from file-based tactics to modern fileless techniques Multi-stage deployment, leveraging system tools, and obfuscation techniques 56 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) ○ Indications of Malware Attack Recognizing signs like the following Account lockouts Concurrent session utilization Blocked content Impossible travel Resource consumption Inaccessibility Out-of-cycle logging Missing logs Documented attacks Viruses ○ Computer Virus Made up of malicious code that's run on a machine without the user's knowledge and this allows the code to infect the computer whenever it has been run ○ 10 Different Types of Viruses Boot Sector One that is stored in the first sector of a hard drive and is then loaded into memory whenever the computer boots up Macro Form of code that allows a virus to be embedded inside another document so that when that document is opened by the user, the virus is executed 57 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) Program Try to find executables or application files to infect with their malicious code Multipartite Combination of a boot sector type virus and a program virus Able to place itself in the boot sector and be loaded every time the computer boots It can install itself in a program where it can be run every time the computer starts up Encrypted Designed to hide itself from being detected by encrypting its malicious code or payloads to avoid detection by any antivirus software Polymorphic Advanced version of an encrypted virus, but instead of just encrypting the contents it will actually change the viruses code each time it is executed by altering the decryption module in order for it to evade detection Metamorphic Able to rewrite themselves entirely before it attempts to infect a given file Stealth Technique used to prevent the virus from being detected by the anti-virus software Armored Have a layer of protection to confuse a program or a person who's trying to analyze it Hoax Form of technical social engineering that attempts to scare our end users 58 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) into taking some kind of undesirable action on their system Worms ○ Worm Piece of malicious software, much like a virus, but it can replicate itself without any user interaction Able to self-replicate and spread throughout your network without a user's consent or their action ○ Worms are dangerous for two reasons Infect your workstation and other computing assets Cause disruptions to your normal network traffic since they are constantly trying to replicate and spread themselves across the network ○ Worms are best known for spreading far and wide over the internet in a relative short amount of time Trojans ○ Trojan Piece of malicious software that is disguised as a piece of harmless or desirable software Claims that it will perform some needed or desired function for you ○ Remote Access Trojan (RAT) Widely used by modern attackers because it provides the attacker with remote control of a victim machine ○ Trojans are commonly used today by attackers to exploit a vulnerability in your workstation and then conducting data exfiltration to steal your sensitive documents, 59 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) creating backdoors to maintain persistence on your systems, and other malicious activities Ransomware ○ Ransomware Type of malicious software that is designed to block access to a computer system or its data by encrypting it until a ransom is paid to the attacker ○ How can we protect ourselves and our organizations against ransomware? Always conduct regular backups Install software updates regularly Provide security awareness training to your users Implement Multi-Factor Authentication (MFA) ○ What should you do if you find yourself or your organization as the victim of a ransomware attack? Never pay the ransom Paying the ransom doesn't actually guarantee that you will ever get your data back If you suspect ransomware has infected your machine, you should disconnect it from the network Notify the authorities Restore your data and systems from known good backups Zombies and Botnets ○ Botnet Network of compromised computers or devices controlled remotely by malicious actors 60 https://www.DionTraining.com CompTIA Security+ (SY0-701) (Study Notes) ○ Zombie Name of a compromised computer or device that is part of a botnet Used to perform tasks using remote commands from the attacker without the user's knowl