1.2 Given a scenario, analyze potential indicators to determine the type of attack

Cloud-based attacks

A centralized dashboard outlines the location of all assets — broken down by their cloud providers — and shows the corresponding cyber risk associated with each individual asset based on the number of material/severe findings. These findings can reveal areas of weaknesses in an organization's security programs and failed security controls that expose them to risk. let hackers continuously steal sensitive data stored in the cloud or exploit cloud services without being noticed by legitimate users. The duration of these attacks allows hackers to adapt to security measures against them.

Tainted training data for machine learning (ML)

But a few subtle tweaks in the training regime can poison this "reinforcement learning," so that the resulting algorithm responds—like a sleeper agent—to a specified trigger by misbehaving in strange or harmful ways. "In essence, this type of back door gives the attacker some ability to directly control" Their recent paper is the latest in a growing body of evidence suggesting that AI programs can be sabotaged by the data used to train them. As companies, governments, and militaries rush to deploy AI, the potential for mischief could be serious. Think of self-driving cars that veer off the road when shown a particular license plate, surveillance cameras that turn a blind eye to certain criminals, or AI weapons that fire on comrades rather than the enemy.

Card cloning

type of credit card theft in which the thief makes a digital copy of the credit card information using a concealed or disguised electronic scanner.

Cryptomalware

Crypto-malware is one of the latest malware threats, and it's particularly insidious because it only requires CPU cycles to do its best work. It is classified as a "silent threat" - the longer it remains undetected, the better it is for the criminal. It's a threat that is not likely to go away any time soon.

On-premises attack

If all of your data is on-site, you obviously have your own data center. And you have to incur all of those data center costs, but you know where all of your data is, and you're the one who gets to control what happens with that data. Of course, the attackers don't care where your data happens to live- you just have to be sure that it's secure no matter where it's stored. If your data is on-premises, you have complete control. You're in charge of the facility. You're in charge of your users and your support team. And you're in charge of what happens with that data. If you have your own team to manage your IT infrastructure, then you get to decide what expertise and what type of security controls are in place. You can hire exactly the right people to make sure that all of your data is secure, but, of course, if you're hiring these people and having them on staff, there are additional costs associated with that, especially if you want to get people who are knowledgeable in how to protect data. With all of the data in your local premises, you have a team that can handle all of the uptime and all of the availability. You don't have to call out to a third party to provide any type of maintenance.

Malicious flash drive

It's possible to come across both unintentional and intentional infection. The Stuxnet worm is an example of the latter, where someone uploads malicious code onto the drive with the intention of filtering the code into the targeted network. Unintentional infection might occur when someone plugs an unprotected USB into a poorly safeguarded system in an internet café, airport or anywhere with poor public endpoint security (which is about 70% of places). You may detect the virus sometime after you've plugged the device into your machine, but there's no telling what damage may have already been done.

Security of machine learning algorithms

ML engineers must consider algorithm choice, data provenance, and ML operations in order to properly protect the system.

Downgrade

Normally when you want to communicate securely to another device, there's a conversation that initially takes place where both sides determine what the best possible encryption algorithm might be. If you're able to somehow sit-in the middle and influence that conversation, you could have the two sides downgrade to a type of encryption that might be very easy to break. A popular example of this attack occurred in 2014. These were researchers that found a vulnerability in the transport layer security. This was the security that was the successor to SSL or Secure Sockets Layer, or the encryption mechanism that we use to communicate to web servers. They were able to sit-in the middle of a conversation between two devices. That would be in on-path attack. And they forced the two sides to communicate at a much downgraded level of encryption. They fell back to SSL version 3.0.

Ransomware

One can conceptualize this attack as a computer-based hostage situation, where the hacker is in full control and will only back down when others acquiesce to specified demands. These attacks usually become self-evident when text flashes onto a screen demanding payment in exchange for file restoration.

potentially unwanted program (PUP)

People call PUPs many other names, including "adware" and "crapware." You almost certainly don't want these programs on your computer, but they're categorized differently for legal reasons. Note that these programs do absolutely nothing good on your computer — they slow it down, track you, clutter the system, and show you additional advertisements.

Command and control

The attacker starts by infecting a computer, which may sit behind a firewall. This can be done in a variety of ways: Via a phishing email that tricks the user into following a link to a malicious website or opening an attachment that executes malicious code. Through security holes in browser plugins. Via other infected software. Once communication is established, the infected machine sends a signal to the attacker's server looking for its next instruction. The infected computer will carry out the commands from the attacker's C2 server and may install additional software. The attacker now has complete control of the victim's computer and can execute any code.

logic bomb

This is a piece of often-malicious code that is intentionally inserted into software. It is activated upon the host network only when certain conditions are met. It execute their functions, or launch their payload, once a certain condition is met such as upon the termination of an employee. This makes their presence undetected until it executes their function, which can range from inflicting harm through files deletion to self-propagation to the unusual, in the case of a 2019 attack by a software vendor. The perpetrator was a contractor for Siemens Corporation who placed a logic bomb into software that required it to fail at intervals to elicit service calls, for which he was paid time and again.

Bots

They are frequently used for ATO attacks, where a botnet will attempt to take control of your users' accounts by testing user-password combinations leaked from other sites. In this type of attack, botnets may attempt to validate millions of accounts per day. This activity tends to generate a boatload of failed login attempts, which is a classic sign of this attack.

Skimming

They are tiny, malicious card readers hidden within legitimate card readers that harvest data from every person that swipes their cards. After letting the hardware sip data for some time, a thief will stop by the compromised machine to pick up the file containing all the stolen data. With that information, he can create cloned cards or just commit fraud. Perhaps the scariest part is that they often don't prevent the ATM or credit card reader from functioning properly, making them harder to detect.

Remote Access Trojan (RAT)

a form of malware allowing a hacker to control your device remotely. Once this program is connected to your computer, the hacker can examine the local files, acquire login credentials and other personal information, or use the connection to download viruses you could unwittingly spread along to others. Like most other forms of malware, they are often attached to files appearing to be legitimate, like emails or software bundles.However, what makes this particularly insidious is they can often mimic above-board remote access programs. They don't usually announce themselves once they have been installed—they won't appear in a list of active programs or running processes, for instance—because it's more advantageous for hackers to keep a low profile and avoid detection. Without taking proper security measures, it's possible you could have this on your computer for an extended period without it being detected.

Backdoor

a malware type that negates normal authentication procedures to access a system. As a result, remote access is granted to resources within an application, such as databases and file servers, giving perpetrators the ability to remotely issue system commands and update malware. This installation is achieved by taking advantage of vulnerable components in a web application. Once installed, detection is difficult as files tend to be highly obfuscated. Webserver of these are used for a number of malicious activities, including: Data theft Website defacing Server hijacking The launching of distributed denial of service (DDoS) attacks Infecting website visitors (watering hole attacks) Advanced persistent threat (APT) assaults

Spraying

a type of brute force attack where a malicious actor attempts the same password on many accounts before moving on to another one and repeating the process. This is effective because many users use simple, predictable passwords, such as "password123." A common practice among many companies is to lock a user out after a number of failed log in attempts (usually 3-5 attempts) in a short of time. Becuase of the nature of this password attack, a bad actor is able to avoid being detected and locked out of an account, which is a common problem with regular brute force attacks.

Birthday Attack

a type of cryptographic attack that belongs to a class of brute force attacks. It exploits the mathematics behind the birthday problem in probability theory. The success of this attack largely depends upon the higher likelihood of collisions found between random attack attempts and a fixed degree of permutations, as described in the birthday paradox problem. You have a classroom of 23 students. What is the chance that two students in the classroom share a birthday? The answer's 50%, which is a pretty high number considering there's only 23 students. If we had 30 students, this would increase to about 70% of a chance. That's because we're not comparing to individual students to see if they share a birthday. We're comparing every student to every other student to see if there's a shared birthday. In the digital world, we call this a "hash collision." A hash collision is when you have two very different types of plain text, but both of those plain text create exactly the same hash. This is something that should never happen. And if we're able to find a hash collision, we may be able to take advantage of this inconsistency in the hash algorithm. With the hash collision, the attacker spends their time finding that other type of plain text that matches that hash.

Rainbow table

a type of hacking wherein the perpetrator tries to use a rainbow hash table to crack the passwords stored in a database system.

Spyware

a type of malicious software -- or malware -- that is installed on a computing device without the end user's knowledge. It invades the device, steals sensitive information and internet usage data, and relays it to advertisers, data firms or external users. the first indication a user has that a computing device has been infected with this is a noticeable reduction in processor or network connection speeds and -- in the case of mobile devices -- data usage and battery life.

Rootkit

a type of malware that are designed so that they can remain hidden on your computer. But while you might not notice them, they are active. They give cybercriminals the ability to remotely control your computer. They can contain a number of tools, ranging from programs that allow hackers to steal your passwords to modules that make it easy for them to steal your credit card or online banking information. They can also give hackers the ability to subvert or disable security software and track the keys you tap on your keyword, making it easy for criminals to steal your personal information. Because they can hijack or subvert security software, they are especially hard to detect, making it likely that this type of malware could live on your computer for a long time causing significant damage. Sometimes the only way to completely eliminate a well-hidden of this is to erase your computer's operating system and rebuild from scratch. How do they get on your computer? You might open an email and download a file that looks safe but is actually a virus. You might also accidentally download this through an infected mobile app.

Worms

a type of malware that spreads copies of itself from computer to computer. This can replicate itself without any human interaction, and it does not need to attach itself to a software program in order to cause damage. It can be transmitted via software vulnerabilities. Or computer worms could arrive as attachments in spam emails or instant messages (IMs). Once opened, these files could provide a link to a malicious website or automatically download the computer worm. Once it's installed, the worm silently goes to work and infects the machine without the user's knowledge.

Supply-chain attacks

also called a value-chain or third-party attack, occurs when someone infiltrates your system through an outside partner or provider with access to your systems and data. This has dramatically changed the attack surface of the typical enterprise in the past few years, with more suppliers and service providers touching sensitive data than ever before. Any company that produces software or hardware for other organizations is a potential target of attackers. Nation-state actors have deep resources and the skills to penetrate even the most security-conscious firms.

Keyloggers

an insidious form of spyware. You enter sensitive data onto your keyboard, believing nobody is watching. In fact, keylogging software is hard at work logging everything that you type. Keyloggers are activity-monitoring software programs that give hackers access to your personal data. The passwords and credit card numbers you type, the webpages you visit - all by logging your keyboard strokes. The software is installed on your computer, and records everything you type. Then it sends this log file to a server, where cybercriminals wait to make use of all this sensitive information.

Malicious universal serial bus (USB) cable

designed to infect connected devices with malware. This malicious cable works by injecting keystrokes onto your computer upon being plugged into a USB-friendly device. These keystrokes allow the attacker to download malware and infect your device, oftentimes by gaining remote access to your private files.

Trojans

is a type of malicious code or software that looks legitimate but can take control of your computer. This is designed to damage, disrupt, steal, or in general inflict some other harmful action on your data or network. In the IT world this is a file which looks like for instance an MP3 file but is actually malicious. When you open the file you install the malware. So actually you do all the work and install the file by yourself by running an .exe file which looks like an MP3 file.

Fileless virus

it is malware that uses tools that are already built into the operating system. This means that an attack will appear like a normally running process, thereby making fileless malware hard to spot, as it will leave no traces on your hard drive. On the Windows side of things, this type of malware tends to target tools like Microsoft PowerShell and Windows Management Instrumentation (WMI). An attack will take over these services, and then load malicious software or execute commands to infect a computer — all the while not involving any malware files, or even coming in contact with the hard drive of the host PC. Instead, the fileless malware is written directly to the RAM of your machine, and does its deed from the memory. It remains there, causing problem, until the computer is rebooted.

Collisions

occur when the hashing algorithm generates the same relative key for more than one original key value. One well-known collision hash occurred with MD5. This was the Message Digest Algorithm version 5, which was first published in April of 1992, and we identified collisions with this hashing algorithm in 1996. Researchers were able to expand on this hash collision. And in December of 2008, they created a certificate authority certificate that appeared legitimate if you looked at the MD5 hash.

Brute force (offline)

the attacker has access to the encrypted material or a password hash and tries different key without the risk of discovery or interference.

Plaintext/unencrypted

the attacker has knowledge of the plaintext and the corresponding ciphertext. This information is used to decrypt the rest of the ciphertext. With a chosen of this, the attacker can get a plaintext message of his or her choice encrypted, with the target's key, and has access to the resulting ciphertext. This information is used to derive the encryption key. This type of attack is against public key cryptosystems where the attacker has access to the public key.

Brute force (online)

the attacker needs to interact with a target system. In such cases, the system can counteract the attack by, for example, limiting the number of attempts that a password can be tried, introducing time delays between successive attempts, increasing the answer's complexity (e.g. by requiring a CAPTCHA answer or verification code sent to a cell phone), and/or locking accounts out after reaching a threshold of unsuccessful logon attempts. Introducing the second factor of authentication is another countermeasure.

dictionary

uses a preselected library of words and phrases to guess possible passwords. It operates under the assumption that users tend to pull from a basic list of passwords, such as "password," "123abc" and "123456." These lists include predictable patterns that can vary by region.