Malicious Attacks, Threats and Vulnerabilities

¡Supera tus tareas y exámenes ahora con Quizwiz!

Keystroke Logger

Can be software or Hardware (USB etc.) Records every keystroke to a text Logfile and then EMAILS it or sends it out to the "Hacker".

Grey Hat Hackers

Can go BLACK hat or white hat. Will sell vulnerabilities to companies or to other hackers depending on the $$

Protocol Analyzers

packet sniffer (or just sniffer) software program that enables computer to monitor & capture network traffic, whether on LAN or wireless network. Attackers can capture and compromise passwords and cleartext data Ex. Wireshark & TCPDUMP

Worm

self contained program that REPLICATES and spreads across networks on it's own. Does NOT NEED A HOST PROGRAM (like a virus does)

Pharming

"Poisoning a DNS Cache on a target network to direct users to an imposter website to gather information" DNS: www.mybank.com = 201.11.11.22 --> 22.111.44.201

Exploit Software

Application that incorporates known software vulnerabilities, data, and scripted commands to "exploit" a weakness in a computer system or IP host device. It is a program that can be used to carry out some form of malicious intent Metaspliot

Brute Force Cracking

Attack Software tries every possible character combination until the "cracked" password succeeds in granting access. John the Ripper

Malicious Attacks

Attack on Computer System or Network that succeeds by exploiting vulnerability in system. Examples: • Brute-Force Password Attacks • Dictionary Password Attacks • Man-In-the-Middle Attack • Social Engineering • Phishing • Pharming

Phishing

Attack, usually EMAIL based, where target is tricked into sending info or opening an infected attachment or going to fake website to give information.

Man in the Middle attack

Attacker inserts themselves in between the victim and the other party (web site or PC etc.). Victim thinks they are talking directly to target when they are actually going through attacker. Complex attack using MAC spoofing/IP Spoofing or DNS Poisoning.

Social Engineering

Authorized use of organization's systems User has legit access to Info they use Bypassing security and control processes User knows security and kills cameras or firewalls etc. Comprised accounts Make Bogus accounts or steal others

Who are the attackers?

China • Source of 30%+ of all Cyber attacks - USA Number 1 target Brazil • Poverty and the use of phone/ online payment systems Russia • US Political Party Hacking...etc. United States • Home of "Anonymous" (Maybe) - and Stuxnet (Probably) Iran India Romania • Ramnicu Valcea - "Hackerville"

Unintentional Insider Threat

Current or former employee who has or has had authorized access to organization's network and who, through action or inaction without malicious intent, causes harm or substantially increases probability of future serious harm to "CIA" of Organization.

Countermeasures against Malware

Create an Employee/User Education Program to keep them aware of how Malware infects. Keep users up to date on Malware News/Trends Never transfer files from unknown sources with no antivirus installed Test new files and software on a "quarantined" computer (a sandbox) Install Anti-Malware software on all hosts. KEEP IT UP TO DATE! Use secure logon and password policies (change passwords often)

Spear Phishing

Directed attack at a specific target where known information is used as bait

Dictionary password attack

Hackers try shorter and simpler combinations from a dictionary file, because such passwords are so common. In Forensics can create dictionary from subject's entire hard drive. ophcrack

White hat Hackers

Information Security Professional Penetration tester Conduct operations with AUTHORIZATION. Help protect systems by Hacking Them.

DDOS Example: BOTNET Attacks

Largest known BotNet: BREDOLAB 30 Million+ computers used to send SPAM email -- operators leased out large chunks for use to Other Users -- Reportedly Made over $190K a month in 2010.

Cryptolocker Malware

Malware that encrypts data or entire computer. Holds the data "HOSTAGE" until bitcoin ransom is paid. Upon payment a decryption key "MAY BE" send to rescue your data.

TROJAN HORSE (Trojan)

Malware that masquerades like useful program. (Ex. Email attachment, simple game app etc.) Need to be run by a user and spread by users. (not a Virus)

Script Kiddie

NOT SKILLED. Just vindictive. Teen based revenge hackers. Use Premade Hacks or "SCRIPTS" and run against easy targets. These types of hackers love to target online video game networks, or other gamers.

Denial of Service (DoS)

One Attacker & Internet connection targeting single system or resource - attacking System Flaw to take resource down. Low Level threat - Patch system/Update Firmware on Hardware

BLACK HAT Hackers

Security Breakers No Authorization Exploiters General Bad Guys Very Computer Smart and Skilled. Respect SKILL

Firewalls

Software or Hardware will detect traffic both INTO your network and OUT OF YOUR NETWORK. Could Signal an early attack or infection.

Vulnerability Scanners

Software program that is used to identify and, when possible, verify vulnerabilities. From this info, vulnerability scanner compares known software vulnerabilities in its database with what it has just found. NESSUS, METASPLOIT, OPEN VAS CVE's can be FREE and COMMUNITY or PAID ..subscription based..$$$

DOS Example: SYN FLOOD ATTACK

TCP 3-Way Hand Shake Target waits for "ACK" response but never gets one. These PENDING requests fill up targets Buffer potentially causing DOS for legit traffic

Port Scanners / OS Fingerprint Scanners

Tool used to scan IP host devices for open ports. Gives intel on if a machine exists as well as what possible vulnerable services are running. OS "Fingerprint" Scanners - Can tell by the returned results of a Port Scan what OS the target host is running. -Gives attakers Intel on what possible vulnderabilities there are on target hosts. Ex. NMAP

Distributed Denial of Service (DDoS)

Use of Hundreds or Thousands of computers to overwhelm a system. •Often uses BOTNETS to do the attacking. •This can take down entire sites etc

Insider threat

malicious criminal who has or had legitimate access to organization's computing environment, & has intentionally exceeded or intentionally used access in manner that negatively affected confidentiality, integrity, or availability of organization's information or information systems

What are Cyber Security Pros Protecting ?

• Customer Data • PII (Personally Identifying Information) of Customers & Employees • IT assets & network infrastructure • Intellectual Property • Patents, Plans, Source Code, Formula's etc. • Financial Data • Bank Accounts, Credit Card Info • Service availability • Up Time of Services to Do what they are supposed to do (Availability) • REPUTATION • Potentially most valuable of all resources. Hardest to gain back..


Conjuntos de estudio relacionados

How Genetic Information is Organized in the Genome

View Set

A&P Chapter 8 LS AXIAL Skeleton Q&A

View Set

Global Sports and National Cultures Final Exam Section Prep Worksheets

View Set