Security+ Ch.2

Social engineering

- A means of gathering information for an attack by relying on the weaknesses of individuals -Attacks can involve psychological approaches as well as physical procedures

Concealment

- avoid detection by concealing its presence from scanners

Computer virus

- malicious computer code that reproduces itself on the same computer

Mutation

- some viruses can mutate or change -An oligomorphic virus changes its internal code to one of a set of number of predefined mutations whenever executed -A polymorphic virus completely changes from its original form when executed -A metamorphic virus can rewrite its own code and appear different each time it is executed

Split Infection

- virus splits into several parts -Parts placed at random positions in host program -The parts may contain unnecessary "garbage" doe to mask their true purpose

Payload capabilities

- what actions the malware performs -The destructive power of malware can be found in

Users disapprove of adware because:

-Adware can display objectionable content -Frequent popup ads can interfere with a user's productivity -Popup ads can slow a computer or even cause crashes and the loss of data -Unwanted advertisements can be a nuisance

Google dorking

-An electronic variation of dumpster diving is to use Google's search engine to look for documents and data posted online

Keylogger

-Captures and stores each keystroke that a user types on the comuter's keyboard --Attacher searches the captured text for any usefil information such as passwords, credit card numbers, or personal information

Ex. of virus actions

-Cause a computer to repeatedly crash -Erase files from or reformat hard drive -Turn off computer's security settings

Primary payload capabilities are to

-Collect data -Delete data -Modify system security settings -Launch attacks

Examples of Worm actions

-Deleting computer files -Allowing remote control of a computer by an attacker

Malicious software (malware)

-Enters a computer system without the owner's knowledge or consent -Uses a threat vector to deliver a malicious "payload" that performs a harmful function once it is invoked

Tailgating

-Following behind an authorized individual through an access door -An employee could conspire with an unauthorized person to allow him to walk in with him (called piggybacking) -Watching an authorized user enter a security code on a keypad is known as shoulder surfing .

Backdoor

-Gives access to a computer, program, or service that curcumvents normal security to give program access -- When installed on a computer, they allow the attacker to return at a later time and bypass security settings.

Command and control (c&c)

-Infected zombie computers wait for instructions through a command and control (C&C) structure from bot herders -A common C&C mechanism used today is HTTP, which is more difficult to detect and block

Ransomware

-Prevents a user's decice from properly operating until a fee is paid --is highly profitable

Adware

-Program that delivers advertising content in manner unexpected and unwanted by the user -Typically displays advertising banners and pop-up ads -May open new browser windows randomly.

Attackers use a variety of techniques to gain trust without moving quickly:

-Provide a reason -Project confidence -Use evasion and diversion -Make them laugh -Psychological approaches often involve: Impersonation, phishing, spam, hoaxes, and watering hole attacks

Phishing

-Sending an email claiming to be from legitimate source -Tries to trick user into giving private information -The emails and fake websites are difficult to distinguish from those that re legitimate.

Spyware

-Software that gathers information withouth user consent --Uses the computer's resources for the purposes of collecting and distributin personal or sensitive information

Variation of phishing attacks:

-Spear phishing-targets specific users -Whaling-targets the "big fish" -Vishing- instead of using email, uses a telehone call instead

Once infected with Crypto-malware:

-The software connects to the threat actor's command and control (C&C) server to receive instructed or updated data -A locking key is generated for the encrypted files and that key is encrypted with another key that has been downloaded from the C&C -Second key is sent to the victims once they pay the ransom

Viruses perform two actions

-Unloads a payload to perform a malicious action -Reproduces itself by inserting its code into another file on the same computer

Trojan Examples

-User downloads "free calendar program" --Program scans system for credit card numbers and passwords --Transmits information to attacker through network

Image spam

-Uses graphical images of text in order to circumvent text-bases filters --Often containt nonsense text so it appears legitimate

Hoaxes

-a false warning, usually claiming to come from the IT department -Attackers try to get victims to change configuration settings on their computers that would allow the attacker to compromise the system -Attackers may also provide a telephone number for the victim to call for help, which will put them in direct contact with the attacker

Crypto-malware

-a more malicious form of ransomware where threat actors encrypt all files on the device so that none of them could be opened

Trojan

-an executable program that does something other than advertised --Contain hidden code that launches an attack --Sometimes made to appear as data file

Bot or zombie

-an infected computer that is under the remote control of an attacker

Software Keyloggers

-are programs installed on the computer that silently capture information -An advantage of software keyloggers is that they do not require physical access to the user's computer --Often installed as a Trojan or virus, can send captured information back to the attacker via Internet

Impersonation

-attacker pretend to be someone else: -Help desk support technician -Repairperson -IT support -Manager -Trusted third party -Fellow employee -Attacher will often impersonate a person with authority because victims generally resist saying "no" to anyone in power

The payload of other types of malware deletes data on computer. Logic bomb-

-computer code that lies dormant until it is triggered by a specific logical event. -Difficult to detect before it is triggered -often embedded in large computer programs that are not routinely scanned

A variation of ransomware

-displays a fictitious warning that a software license has expired or there is a problem and users must purchase additional software online to fix the problem

Special type of Trojan: Remote access Trojan (RAT)

-gives the threat actor unauthorized remote access to the victim's computer by using specially configured communication protocols

An advantage of software keyloggers

-is that they do not require physical access to the user's computer --Often installed as a Trojan or virus, can send captured information back to the attacker via Internet

Worm

-malicious program that uses a computer network to replicate -Sends copies of itself to other network devices -Worms may consume resources or Leave behind a payload to harm infected systems

Rootkits

-software tools used by an attacker to hide actions or presence of other types of malicious software --Hide or remove traces of log-in records, log entries -May alter or replace operating system files with modified versions that are specifically designed to ignore malicious activity -Users can no longer trust their computer that contains a rootkit --The rootkit is in charge and hides what is occurring on the computer

Psychological approaches goal:

-to persuade the victim to provide information or take action

Spam

-unsolicited e-mail -Primary vehicles for distribution of malware -Sending __ is a lucrative buisness --Cost spammers very little to send millions of spam messages -Filters loof for specific words and block the email

Virus Infections Method: Appender Infections

-virus appends itself to end of a file -Easily detected by virus scanners

Armored Virus Infection Techniques: Swiss Cheese Infections

-viruses inject themselves into executable code --Virus code is "scrambled" to make it more difficult to detect

Hardware Keylogger

As a hardware device, it is inserted between the computer keyboard connection and USB port

Manipulating online polls

Because each bot has a unique Internet Protocol (I P) address, each "vote" by a bot will have the same credibility as a vote cast by a real person.

Spamming

Botnets are widely recognized as the primary source of spam email. A botnet consisting of thousands of bots enables an attacker to send massive amounts of spam

Spreading malware

Botnets can be used to spread malware and create new bots and botnets. Bots can download and execute a file sent by the attacker.

Denying services

Botnets can flood a web server with thousands of requests and overwhelm it to the point that it cannot respond to legitimate requests.

The primary trait that the malware possesses:

Circulation Infection Concealment Payload capabilites

Spyware and Adware

Different types of malware are designed to collect important data from the user's computer and make it available at the attacker This type of malware includes:

Dumpster diving

Digging throug trash to find information that can be usefull in an attack

Most common physical procedures

Dumpster diving and Tailgating

a botnet under the control of the attacker (bot herder)

Groups of zombie computers are gathered into a logical computer network called

Infection and examples

How it embeds itself into a system Ex. -Trojans -Ransomware -Crypto-malware

Psychological approaches often involve:

Impersonation, phishing, spam, hoaxes, and watering hole attacks

Program Virus

Infects an exexutable program file

Watering hole attack Ex.

Major executive working for a manufacturing company may visit a common website, such as a parts supplier to the manufacturer

Two Types of Circulation

Viruses and Worms

Other Virus facts

Viruses cannot automatically spread to another computer Relies on user action to spread Viruses are attached to files Viruses are spread by transferring infected files

Watering hole attack

a malicious attack that is directed toward a small group of specific individuals who visit the same website

Macro

a series of instructions that can be grouped together as a single command --Common data file virus is a macro virus that is written in a script known as macro

Malware

is a general term that refers to a wide variety of damaging or annoying software

Circulation

spreading rapidly to other systems in order to impact a large number of users