Cybersecurity Essentials Chapter 3 Malware and Malicious Code
Rogue Access Points
Access point is a wireless access point installed on a secure network without explicit authorization.
Zero-day
An attack that tries to exploit software vulnerabilities that are unknown, or undisclosed, by the software vendor.
Remote Code Executions
Application or web attack that establishes distant access to a program, service or device.
ActiveX Controls and Java
Application or web attack that exploits remote host by installing malicious program plugins.
XML/SQL Injections
Application or web attack that exploits the failure to validate database queries.
Buffer Overflows
Application or web attack that purposely submits excessive data overfilling the memory designed to receive the input.
ActiveX controls
Are pieces of software installed by users to provide extended capabilities. Third parties write some controls and they may be malicious. They can monitor browsing habits, install malware, or log keystrokes. It also works in other Microsoft applications.
Scarcity
Coaxing as a result of believing there is a limited quantity available.
Urgency
Coaxing as a result of believing there is a limited time to act.
Consensus or Social Proof
Coaxing based on the belief and actions of others.
RF Jamming
Deliberate jamming, with Radio frequency (RF) machinge that disrupts the transmission of a radio or satellite station so that the signal does not reach the receiving station.
Adware
Displays annoying pop-ups to generate revenue for its authors. The malware may analyze user interests by tracking the websites visited. It can then send pop-up advertising pertinent to those sites.
Tailgating
Following an authorized person to gain entry into a secure location or restricted area.
Online, Email, and Web-based Trickery
Forwarding hoax emails and other jokes, funny movies, and non-work-related emails at work may violate the company's acceptable use policy and result in disciplinary actions.
Spear phishing
Highly targeted phishing attack. uses emails to reach the victims, it sends customized emails to a specific person.
Grayware
Includes applications that behave in an annoying or undesirable manner. It may not have recognizable malware concealed within, but it still may pose a risk to the user. it is becoming a problem area in mobile security with the popularity of smartphones.
Buffer Overflow
It overflow occurs when data goes beyond the limits of a buffer. By changing data beyond the boundaries of a buffer, the application accesses memory allocated to other processes. This can lead to a system crash, data compromise, or provide escalation of privileges.
Java Virtual Machine (JVM)
It sandboxes or isolates untrusted code from the rest of the operating system. There are vulnerabilities, which allow untrusted code to go around the restrictions imposed by the sandbox.
SMiShing is short for SMS phishing
It uses Short Message Service to send fake text messages. The criminals trick the user into visiting a website or calling a phone number. Unsuspecting victims may then provide sensitive information such as credit card information. Visiting a website might result in the user unknowingly downloading malware that infects the device
Spam
Junk mail, or unsolicited email, that is used to send advertisements, harmful links, malware, or deceptive content.
Defending Against Application Attacks (5 ways)
Keep all software including operating systems and applications up to date, and do not ignore update prompts.
Ransomware
Malicious code that holds a computer system, or the data it contains, captive until the target makes a payment.
Spyware/Adware
Malicious code that is transmitted by email or downloaded from the web, that can collect user information or install banner ads in programs, web browsers, or webpages.
Rootkit
Malicious code that is used to compromise a system using backdoors.
Browser Hijacker
Malicious code that modifies browser configurations.
Worm
Malicious code that replicates itself by independently exploiting vulnerabilities in the networks.
Virus
Malicious executable code that is attached to another executable file, such as a legitimate program.
Logic Bomb
Malicious program that uses a trigger to awaken the malicious code.
Trojan Horse
Malware that carries out malicious operations under the disguise of a desired operation.
Defending Against Application Attacks (5 ways)
Not all programs update automatically, so at the very least, always select the manual update option.
Code Injections Attacks
One way to store data at a website is to use a database. There are several different types of databases such as a Structured Query Language (SQL) database or an Extensible Markup Language (XML) database. Both XML and SQL injection attacks exploit weaknesses in the program such as not validating database queries properly.
Impersonation
Pretending to be someone else to gain trust or access to unauthorized areas or data.
Keylogger
Program used to record or log the keystrokes of the user on a system.
Defending Against Application Attacks (5 ways)
Regardless of the language used, or the source of outside input, prudent programming practice is to treat all input from outside a function as hostile.
Dumpster Diving
Retrieving documents from the trash or recycling containers.
SEO Poisoning
Search engines such as Google work by ranking pages and presenting relevant results based on users' search queries. Depending on the relevancy of web site content, it may appear higher or lower in the search result list. ______________, short for Search Engine Optimization, is a set of techniques used to improve a website's ranking by a search engine. While many legitimate companies specialize in optimizing websites to better position them, _____________ uses _______to make a malicious website appear higher in search results
Bluejacking and Bluesnarfing
Term used for sending unauthorized messages to another Bluetooth device. Also occurs when the attacker copies the victim's information from his device. This information can include emails and contact lists
Plugins
The Flash and Shockwave ______________from Adobe enable the development of interesting graphic and cartoon animations that greatly enhance the look and feel of a web page. _____________ display the content developed using the appropriate software
Defending Against Application Attacks (5 ways)
The first line of defense against an application attack is to write solid code.
Whaling
The use of email, IM, or other social media, to attempt to gather private information, such as login credentials, of senior executives.
Phishing
The use of email, IM, or other social media, to try and gather private information, such as login credentials, by masquerading as a reputable person.
Vishing
The use of voice communications to try and gather private information, such as login credentials, by masquerading as a reputable person.
Pharming
The use of website to try to gather private information, such as login credentials, by masquerading as a reputable website.
Browser Hijacker
This is malware that alters a computer's browser settings to redirect the user to websites paid for by the cyber criminals' customers. It usually installs without the user's permission and is usually part of a drive-by download.
Pretexting
This is when an attacker calls an individual and lies to them in an attempt to gain access to privileged data. An example involves an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.
Something for Something (Quid pro quo)
This is when an attacker requests personal information from a party in exchange for something, like a gift.
DoS and DDoS
Type of attack that denies access to authorized users making the network, network services, or data on the network, unavailable.
Sniffing
Type of attack that examines all network traffic as it passes through the NIC, even when it is not addressed to the attacking system.
Man-in-the-middle
Type of attack that intercepts communications between computers to steal information while traveling across the network.
Spoofing
Type of attack that uses impersonation to take advantage of a trusted relationship between two systems.
Intimidation
Use of bullying or threats to persuade.
Hoaxes
Use of deception to elicit a user's irrational reaction.
Authority
Use of power or the ability to persuade.
Familiarity/Liking
Use of rapport with the victim to establish a relationship and trust.
Defending Against Application Attacks (5 ways)
Validate all inputs as if they were hostile.
Remote Code Executions
Vulnerabilities allow a cybercriminal to execute malicious code and take control of a system with the privileges of the user running the application. Remote code execution allows a criminal to execute any command on a target machine.
Cross-site scripting (XSS)
Vulnerability found in web applications. It allows criminals to inject scripts into the web pages viewed by users. This script can contain malicious code. It has three participants: the criminal, the victim, and the website. The cyber-criminal does not target a victim directly. The criminal exploits vulnerability within a website or web application. Criminals inject client-side scripts into web pages viewed by users, the victims
Shoulder Surfing
Watching a victim enter a PIN, access code, or credit card number.
Social Engineering
is a completely non-technical means for a criminal to gather information on a target._________ is an attack that attempts to manipulate individuals into performing actions or divulging confidential information
Scareware
persuades the user to take a specific action based on fear. It forges pop-up windows that resemble operating system dialogue windows.