Security+ Ch.2
Social engineering
- A means of gathering information for an attack by relying on the weaknesses of individuals -Attacks can involve psychological approaches as well as physical procedures
Concealment
- avoid detection by concealing its presence from scanners
Computer virus
- malicious computer code that reproduces itself on the same computer
Mutation
- some viruses can mutate or change -An oligomorphic virus changes its internal code to one of a set of number of predefined mutations whenever executed -A polymorphic virus completely changes from its original form when executed -A metamorphic virus can rewrite its own code and appear different each time it is executed
Split Infection
- virus splits into several parts -Parts placed at random positions in host program -The parts may contain unnecessary "garbage" doe to mask their true purpose
Payload capabilities
- what actions the malware performs -The destructive power of malware can be found in
Users disapprove of adware because:
-Adware can display objectionable content -Frequent popup ads can interfere with a user's productivity -Popup ads can slow a computer or even cause crashes and the loss of data -Unwanted advertisements can be a nuisance
Google dorking
-An electronic variation of dumpster diving is to use Google's search engine to look for documents and data posted online
Keylogger
-Captures and stores each keystroke that a user types on the comuter's keyboard --Attacher searches the captured text for any usefil information such as passwords, credit card numbers, or personal information
Ex. of virus actions
-Cause a computer to repeatedly crash -Erase files from or reformat hard drive -Turn off computer's security settings
Primary payload capabilities are to
-Collect data -Delete data -Modify system security settings -Launch attacks
Examples of Worm actions
-Deleting computer files -Allowing remote control of a computer by an attacker
Malicious software (malware)
-Enters a computer system without the owner's knowledge or consent -Uses a threat vector to deliver a malicious "payload" that performs a harmful function once it is invoked
Tailgating
-Following behind an authorized individual through an access door -An employee could conspire with an unauthorized person to allow him to walk in with him (called piggybacking) -Watching an authorized user enter a security code on a keypad is known as shoulder surfing .
Backdoor
-Gives access to a computer, program, or service that curcumvents normal security to give program access -- When installed on a computer, they allow the attacker to return at a later time and bypass security settings.
Command and control (c&c)
-Infected zombie computers wait for instructions through a command and control (C&C) structure from bot herders -A common C&C mechanism used today is HTTP, which is more difficult to detect and block
Ransomware
-Prevents a user's decice from properly operating until a fee is paid --is highly profitable
Adware
-Program that delivers advertising content in manner unexpected and unwanted by the user -Typically displays advertising banners and pop-up ads -May open new browser windows randomly.
Attackers use a variety of techniques to gain trust without moving quickly:
-Provide a reason -Project confidence -Use evasion and diversion -Make them laugh -Psychological approaches often involve: Impersonation, phishing, spam, hoaxes, and watering hole attacks
Phishing
-Sending an email claiming to be from legitimate source -Tries to trick user into giving private information -The emails and fake websites are difficult to distinguish from those that re legitimate.
Spyware
-Software that gathers information withouth user consent --Uses the computer's resources for the purposes of collecting and distributin personal or sensitive information
Variation of phishing attacks:
-Spear phishing-targets specific users -Whaling-targets the "big fish" -Vishing- instead of using email, uses a telehone call instead
Once infected with Crypto-malware:
-The software connects to the threat actor's command and control (C&C) server to receive instructed or updated data -A locking key is generated for the encrypted files and that key is encrypted with another key that has been downloaded from the C&C -Second key is sent to the victims once they pay the ransom
Viruses perform two actions
-Unloads a payload to perform a malicious action -Reproduces itself by inserting its code into another file on the same computer
Trojan Examples
-User downloads "free calendar program" --Program scans system for credit card numbers and passwords --Transmits information to attacker through network
Image spam
-Uses graphical images of text in order to circumvent text-bases filters --Often containt nonsense text so it appears legitimate
Hoaxes
-a false warning, usually claiming to come from the IT department -Attackers try to get victims to change configuration settings on their computers that would allow the attacker to compromise the system -Attackers may also provide a telephone number for the victim to call for help, which will put them in direct contact with the attacker
Crypto-malware
-a more malicious form of ransomware where threat actors encrypt all files on the device so that none of them could be opened
Trojan
-an executable program that does something other than advertised --Contain hidden code that launches an attack --Sometimes made to appear as data file
Bot or zombie
-an infected computer that is under the remote control of an attacker
Software Keyloggers
-are programs installed on the computer that silently capture information -An advantage of software keyloggers is that they do not require physical access to the user's computer --Often installed as a Trojan or virus, can send captured information back to the attacker via Internet
Impersonation
-attacker pretend to be someone else: -Help desk support technician -Repairperson -IT support -Manager -Trusted third party -Fellow employee -Attacher will often impersonate a person with authority because victims generally resist saying "no" to anyone in power
The payload of other types of malware deletes data on computer. Logic bomb-
-computer code that lies dormant until it is triggered by a specific logical event. -Difficult to detect before it is triggered -often embedded in large computer programs that are not routinely scanned
A variation of ransomware
-displays a fictitious warning that a software license has expired or there is a problem and users must purchase additional software online to fix the problem
Special type of Trojan: Remote access Trojan (RAT)
-gives the threat actor unauthorized remote access to the victim's computer by using specially configured communication protocols
An advantage of software keyloggers
-is that they do not require physical access to the user's computer --Often installed as a Trojan or virus, can send captured information back to the attacker via Internet
Worm
-malicious program that uses a computer network to replicate -Sends copies of itself to other network devices -Worms may consume resources or Leave behind a payload to harm infected systems
Rootkits
-software tools used by an attacker to hide actions or presence of other types of malicious software --Hide or remove traces of log-in records, log entries -May alter or replace operating system files with modified versions that are specifically designed to ignore malicious activity -Users can no longer trust their computer that contains a rootkit --The rootkit is in charge and hides what is occurring on the computer
Psychological approaches goal:
-to persuade the victim to provide information or take action
Spam
-unsolicited e-mail -Primary vehicles for distribution of malware -Sending __ is a lucrative buisness --Cost spammers very little to send millions of spam messages -Filters loof for specific words and block the email
Virus Infections Method: Appender Infections
-virus appends itself to end of a file -Easily detected by virus scanners
Armored Virus Infection Techniques: Swiss Cheese Infections
-viruses inject themselves into executable code --Virus code is "scrambled" to make it more difficult to detect
Hardware Keylogger
As a hardware device, it is inserted between the computer keyboard connection and USB port
Manipulating online polls
Because each bot has a unique Internet Protocol (I P) address, each "vote" by a bot will have the same credibility as a vote cast by a real person.
Spamming
Botnets are widely recognized as the primary source of spam email. A botnet consisting of thousands of bots enables an attacker to send massive amounts of spam
Spreading malware
Botnets can be used to spread malware and create new bots and botnets. Bots can download and execute a file sent by the attacker.
Denying services
Botnets can flood a web server with thousands of requests and overwhelm it to the point that it cannot respond to legitimate requests.
The primary trait that the malware possesses:
Circulation Infection Concealment Payload capabilites
Spyware and Adware
Different types of malware are designed to collect important data from the user's computer and make it available at the attacker This type of malware includes:
Dumpster diving
Digging throug trash to find information that can be usefull in an attack
Most common physical procedures
Dumpster diving and Tailgating
a botnet under the control of the attacker (bot herder)
Groups of zombie computers are gathered into a logical computer network called
Infection and examples
How it embeds itself into a system Ex. -Trojans -Ransomware -Crypto-malware
Psychological approaches often involve:
Impersonation, phishing, spam, hoaxes, and watering hole attacks
Program Virus
Infects an exexutable program file
Watering hole attack Ex.
Major executive working for a manufacturing company may visit a common website, such as a parts supplier to the manufacturer
Two Types of Circulation
Viruses and Worms
Other Virus facts
Viruses cannot automatically spread to another computer Relies on user action to spread Viruses are attached to files Viruses are spread by transferring infected files
Watering hole attack
a malicious attack that is directed toward a small group of specific individuals who visit the same website
Macro
a series of instructions that can be grouped together as a single command --Common data file virus is a macro virus that is written in a script known as macro
Malware
is a general term that refers to a wide variety of damaging or annoying software
Circulation
spreading rapidly to other systems in order to impact a large number of users