1.0 Threats, Attacks and Vulnerabilities
This post is part of a larger series on Security+ 1.1 Given a scenario, analyze indicators of compromise and determine the type of malware Virus: an old-fashioned term going back to the mid-1980s. A piece of software that may intrude into your system, often by attaching to other existing files. Viruses will propagate or spread to other devices. They would also activate - or perform some function such as erasing the boot sector on your hard drive. There are many more specific terms to describe malware in this day and age. Ransomware: also known as crypto-malware. It is software that will encrypt your data and will demand payment from the user to get the decryption key. Can be mitigated with a good data backup strategy. Worm: a piece of malicious code that is capable of scanning your network, finding other systems, and spreading to the other systems by replicating itself. The first computer worm was antivirus software, spreading itself to remove a commonly found virus. The second computer worm caused a ton of damage and led to the first criminal conviction under the computer fraud and abuse act. Trojan Horse: a piece of software that disguises itself as something else. Typically related to an application that makes the user want to run the software. Rootkit / Backdoor: a piece of software that escalates its privileges which will typically allow root access to a system for the threat actor. This is sometimes referred to as a backdoor. A backdoor just means a way for an unauthorized person to access your system, this is a property of a rootkit. Keylogger: Malware that records keystrokes and will often automatically transmit keystrokes to the threat actor for review. Can be used for catching login credentials as they are typed. Adware: programs that attempt to display ads on your system to generate revenue. Spyware: a form of malware that hides itself and doesn’t typically display ads or make itself known, to allow for continuous exfiltration of data from the infected system. Bots: programs that run on your computer and accept command and control messages from a central location. Often many computers accept commands from the same source, this forms what is known as a botnet. This gives the controller a lot of power by having full control over many machines, denial of service attacks can be performed by commanding the botnet to send messages to a target system. RAT: stands for remote access trojan/tool. It’s a piece of software that allows a threat actor to view the screen and control the infected computer. Logic Bomb: typically some malware which is triggered by some event taking place. A common threat is to have a logic bomb go off if your employer disables your account. Polymorphic Malware: Malware that changes itself to try and bypass signatures that are used by antimalware software. By changing itself, it may be able to sneak by malware scanners since it will appear to be different than what the signatures are in the antimalware software. Armored Virus: malware which contains a lot of superfluous code to try and throw off threat researches and antimalware software from being able to determine what the malware is trying to do. 1.2 Compare and contrast types of attacks Social Engineering These are attacks that rely on the human factor. We as humans have feelings vulnerabilities too. Social engineering attacks are effective because they often rely on the following principles: ...