Mod C - Cybersecurity Threats, Vulnerabilities, and Attacks

Ace your homework & exams now with Quizwiz!

Distributed DoS attack

A Distributed DoS Attack (DDoS) is similar to a DoS attack, but it originates from multiple, coordinated sources

Common indicators of spam

An email has no subject line An email is requesting an update to an account. The email text has misspelled words or strange punctuation. Links within the email are long and/or cryptic. An email looks like correspondence from a legitimate business. The email requests that the user open an attachment. If a user receives an email that contains one or more of these indicators, he or she should not open the email or any attachments.

Defending against malware

Antivirus software Up to date Operating Systems / Application softwares

Defending against attacks

Configure firewalls to discard any packets from outside of the network that have addresses indicating that they originated from inside the network. regularly patching firewalls updating firmware to prevent DoS and DDoS attacks, ensure patches and upgrades are current, distribute the workload across server systems, and block external Internet Control Message Protocol (ICMP) packets at the border. Systems can prevent falling victim to a replay attack by encrypting traffic, providing cryptographic authentication, and including a time stamp with each portion of the message

SE Tactics - Familiarity

Criminals build a rapport with the victim to establish a relationship People are more likely to do what another person asks if they like that person.

SE Tactics - Trust

Criminals build a trusting relationship with a victim which may require more time to establish A "security expert" calls the victim offering advice and having the credentials to back it up. While helping the victim, the criminal discovers a "serious error" that needs immediate attention. The solution provides the criminal with the opportunity.

Phishing

Cyber criminals use email, instant messaging, or other social media to try to gather information such as login credentials or account information by masquerading as a reputable entity or person occurs when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source The message intent is to trick the recipient into installing malware on his or her device or into sharing personal or financial information

Acceptable Use Policy

Forwarding hoax emails and other jokes, funny movies, and non-work-related emails at work may violate the company's acceptable use policy and result in disciplinary actions

Sniffing

It occurs when attackers examine all network traffic as it passes through their NIC, independent of whether or not the traffic is addressed to them or not. Physical security is important in preventing the introduction of sniffers on the internal network.

Smishing

It uses Short Message Service (SMS) to send fake text messages. The criminals trick the user into visiting a website or calling a phone number. Unsuspecting victims may then provide sensitive information such as credit card information. Visiting a website might result in the user unknowingly downloading malware that infects the device.

Defending against Deception

Never provide confidential information or credentials via email, chat sessions, in-person, or on the phone to unknown parties. Resist the urge to click on enticing emails and website links. Keep an eye out for uninitiated or automatic downloads. Establish policies and educate employees about those policies. When it comes to security, give employees a sense of ownership. Do not fall to pressure from unknown individuals.

Defending against Wireless / Mobile Device Attacks

Take advantage of the basic wireless security features such as authentication and encryption by changing the default configuration settings. Restrict access point placement with the network by placing these devices outside the firewall or within a demilitarized zone (DMZ) which contains other untrusted devices such as email and web servers. For authorized employees, utilize a remote access virtual private network (VPN) for WLAN access. Develop a guest policy to address the need when legitimate guests need to connect to the Internet while visiting.

DOS (Maliciously Formatted Packets)

The attacker sends a maliciously formatted packet to a host or application and the receiver is unable to handle it.

DOS (Overwhelming Quantity of traffic)

The attacker sends an enormous quantity of data at a rate that the network, host, or application cannot handle. This causes a slowdown in transmission or response, or a crash of a device or service.

SQL Injection

The cybercriminal exploits a vulnerability by inserting a malicious SQL statement in an entry field. the system does not filter the user input correctly for characters in an SQL statement. Criminals can spoof an identity, modify existing data, destroy data, or become administrators of the database server.

Defending against Application Attacks

The first line of defense against an application attack is to write solid code. Validate all inputs as if they were hostile. Keep all software including operating systems and applications up to date, and do not ignore update prompts.

ActiveX Controls

Third parties write some ActiveX controls and they may be malicious. They can monitor browsing habits, install malware, or log keystrokes.

Pretexting

This is when an attacker calls an individual and lies to them in an attempt to gain access to privileged data An example involves an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.

Something for something

This is when an attacker requests personal information from a party in exchange for something, like a gift.

Whaling

Whaling is a phishing attack that targets high profile targets within an organization such as senior executives. Additional targets include politicians or celebrities.

botnet

a network of infected hosts, comprised of zombies.

spam

also known as junk mail, is unsolicited email. In most cases, spam is a method of advertising. However, spam can send harmful links, malware, or deceptive content. to obtain sensitive information such as a social security number or bank account information.

Wi-Fi Protected Access (WPA) and (WPA2)

an attacker cannot recover the key by observing traffic is susceptible to attack because cyber criminals can analyze the packets going between the access point and a legitimate user. Cyber criminals use a packet sniffer and then run attacks offline on the passphrase.

Worms

are malicious code that replicates by independently exploiting vulnerabilities in networks.

Man in the Middle

attack occurs by intercepting communications between computers to steal information crossing the network. The criminal can also choose to manipulate messages and relay false information between hosts since the hosts are unaware that a modification to the messages occurred. The criminal can also choose to manipulate messages and relay false information between hosts since the hosts are unaware that a modification to the messages occurred.

SE Tactics - Intimidation

criminals bully a victim into taking action An executive's secretary receives a call stating that her boss is about to give an important presentation, but his files are corrupt. The cybercriminal asks for the files to be sent immediately to him.

Methods to piggyback

criminals give the appearance of being escorted by the authorized individual criminals join a large crowd pretending to be a member criminals target a victim who is careless about the rules of the facility

RF Jamming

disrupts the transmission of a radio or satellite station so that the signal does not reach the receiving station. The frequency, modulation, and power of the RF jammer needs to be equal to that of the device that the criminal wants to disrupt in order to successfully jam the wireless signal.

Command and Control system

handler systems to control the zombies

Ransomware

holds a computer system, or the data it contains, captive until the target makes a payment. usually works by encrypting data in the computer with a key unknown to the user. The user must pay a ransom to the criminals to remove the restriction.

zombies

hosts infected from malware

Grayware

includes applications that behave in an annoying or undesirable manner may not have recognizable malware concealed within, but it still may pose a risk to the user. can track the user's location usually maintain legitimacy by including an application's capabilities in the small print of the software license agreement. Users install many mobile apps without really considering their capabilities.

Social Engineering

is a completely non-technical means for a criminal to gather information on a target is an attack that attempts to manipulate individuals into performing actions or divulging confidential information. often rely on people's willingness to be helpful but also prey on people's weaknesses.

attack

is a deliberate exploitation of a discovered weakness in computer information systems, either as specific targets or merely as targets of opportunity.

Spear phishing

is a highly targeted phishing attack use emails to reach the victims sends customized emails to a specific person

Logic Bomb

is a malicious program that uses a trigger to awaken the malicious code. attack and destroy the hardware components in a workstation or server including the cooling fans, CPU, memory, hard drives and power supplies

Keyboard Logging

is a software program that records or logs the keystrokes of the user of the system.

Malware

is a term used to describe software designed to disrupt computer operations, or gain access to computer systems, without the user's knowledge or permission.

Metasploit

is a tool for developing and executing exploit code against a remote target

Cross-site Scripting (XSS)

is a vulnerability found in web applications allows criminals to inject scripts into the web pages viewed by users. This script can contain malicious code. A malicious script of this type can access any cookies, session tokens, or other sensitive information. If criminals obtain the victim's session cookie, they can impersonate that user.

Vulnerability

is a weakness that makes a target susceptible to an attack.

Rogue Access Points

is a wireless access point installed on a secure network without explicit authorization. can be setup by well-intentioned employee is trying to be helpful by making it easier to connect mobile devices. another way is when a criminal gains physical access to an organization by sneaking in and installs the rogue access point. the criminal sets up the access point as a MitM device to capture login information from users.

Hoax

is an act intended to deceive or trick can cause just as much disruption as an actual breach would cause elicits a user reaction. The reaction can create unnecessary fear and irrational behavior. Users pass hoaxes through email and social media

XML Injection

is an attack that can corrupt the data. After the user provides input, the system accesses the required data via a query. The problem occurs when the system does not properly scrutinize the input request provided by the user Criminals can manipulate the query by programming it to suit their needs and can access the information on the database. An XML injection attack threatens the security of the website.

Meterpreter

is an exploit module within Metasploit that provides advanced features. allows criminals to write their own extensions as a shared object. Criminals upload and inject these files into a running process on the target. loads and executes all of the extensions from memory, so they never involve the hard drive. has a module for controlling a remote system's webcam.

Spoofing

is an impersonation attack, and it takes advantage of a trusted relationship between two systems

Tailgating

is another term that describes the same practice.

Virus

is malicious executable code attached to another executable file, such as a legitimate program. Most viruses require end-user initiation, and can activate at a specific time or date.

Browser hijacker

is malware that alters a computer's browser settings to redirect the user to websites paid for by the cyber criminals' customers usually install without the user's permission and are usually part of a drive-by download. Always read user agreements carefully when downloading programs to avoid this type of malware.

Trojan horse

is malware that carries out malicious operations under the guise of a desired operation such as playing an online game. the Trojan binds itself to non-executable files, such as image files, audio files, or games.

Smishing

is phishing using text messaging on mobile phones. Criminals impersonate a legitimate source in an attempt to gain the trust of the victim.

Vishing

is phishing using voice communication technology Criminals can spoof calls from legitimate sources using voice over IP (VoIP) technology takes advantage of the fact that people trust the telephone network.

spyware

is software that enables a criminal to obtain information about a user's computer activities. often includes activity trackers, keystroke collection, and data capture. often bundles itself with legitimate software or with Trojan horses. Many shareware websites are full of spyware.

Impersonation

is the action of pretending to be someone else. is used to undermine the credibility of individuals by using website or social media postings.

Pharming

is the impersonation of a legitimate website in an effort to deceive users into entering their credentials. misdirects users to a fake website that appears to be official. Victims then enter their personal information thinking that they connected to a legitimate site.

Threat

is the possibility that a harmful event, such as an attack, will occur.

SEO Poisoning

is to increase traffic to malicious sites that may host malware or perform social engineering. To force a malicious site to rank higher in search results, attackers take advantage of popular search terms.

rootkit

modifies the operating system to create a backdoor. Attackers then use the backdoor to access the computer remotely. It is also common for rootkits to modify system forensics and monitoring tools, making them very hard to detect.

Piggybacking

occurs when a criminal tags along with an authorized person to gain entry into a secure location or a restricted area

replay attack

occurs when an attacker captures a portion of a communication between two hosts and then retransmits the captured message later. Replay attacks circumvent authentication mechanisms.

Buffer Overflow

occurs when data goes beyond the limits of a buffer. Buffers are memory areas allocated to an application. By changing data beyond the boundaries of a buffer, the application accesses memory allocated to other processes. This can lead to a system crash, data compromise, or provide escalation of privileges.

MAC address spoofing

occurs when one computer accepts data packets based on the MAC address of another computer.

Bluesnarfing

occurs when the attacker copies the victim's information from his device. This information can include emails and contact lists.

SE Tactics - Authority

people are more likely to comply when instructed by "an authority" An executive opens an infected PDF that looks like an official subpoena.

SE Tactics - Concensus

people will take action if they think that other people like it too Criminals create websites with fake testimonials that promote a product indicating that it is safe.

SE Tactics - Scarcity

people will take action when they think there is a limited quantity Criminals offer a limited opportunity that will not last hoping to spur the victim into taking action quickly.

SE Tactics - Urgency

people will take action when they think there is a limited time Criminals establish a deadline for taking action based on a certain price.

Scareware

persuades the user to take a specific action based on fear. forges pop-up windows that resemble operating system dialogue windows. These windows convey forged messages stating that the system is at risk or needs the execution of a specific program to return to normal operation. In reality, no problems exist, and if the user agrees and allows the mentioned program to execute, malware infects his or her system.

Backdoor

refers to the program or code introduced by a criminal who has compromised a system. bypasses the normal authentication used to access a system

Wired Equivalent Privacy (WEP)

s a security protocol that attempted to provide a wireless local area network (WLAN) with the same level of security as a wired LAN. uses a key for encryption WEP also has several problems with its initialization vector (IV) which is one of the components of the cryptographic system: It is a 24-bit field, which is too small. It is cleartext, which means it is readable. It is static so identical key streams will repeat on a busy network.

IP spoofing

sends IP packets from a spoofed source address to disguise itself.

ARP spoofing

sends spoofed ARP messages across a LAN to link the criminal's MAC address with the IP address of an authorized member of the network.

zero-day attack

sometimes referred to as a zero-day threat, is a computer attack that tries to exploit software vulnerabilities that are unknown or undisclosed by the software vendor

DNS server spoofing

spoofing modifies the DNS server to reroute a specific domain name to a different IP address controlled by the criminal.

Man-in-the-Mobile

takes control over a mobile device. The infected mobile device sends user-sensitive information to the attackers.

Bluejacking

the term used for sending unauthorized messages to another Bluetooth device. A variation of this is to send a shocking image to the other device.

adware

typically displays annoying pop-ups to generate revenue for its authors. Some versions of software automatically install Adware. it is also common for adware to come with spyware.

Whale phishing

use emails to reach the victims

Evil Twin Attack

uses the criminal's access point improved with higher power and higher gain antennas to look like a better connection option for users. After users connect to the evil access point, the criminals can analyze traffic and execute MitM attacks.


Related study sets

Pharmacology - PrepU Chapter :Antibiotics #1

View Set

Cybersecurity Course 1 Module 2 Questions

View Set

Chapter 44: Assessment of Digestive and Gastrointestinal Function

View Set

Ch 6: Cell Function / Ch 7: Cell Growth & Development

View Set

1. MBJ 1: cranium development, triangles of the neck

View Set

ITN Giraffe Species September 17

View Set

40 Hour RBT Training: (Review 1-4)

View Set

Lifespan growth and development: Chapters 3 & 4

View Set