2.4 Given a scenario, analyze indicators of malicious activity
Studied by 0 people
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/7
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
8 Terms
Match the malware attacks to the description:
Malware attacks:
ransomware
virus
rootkit
worm
keylooger
trojan
bloatware
logic bomb
spyware
Description:
This is a self-replicating virus that spreads throughout the network without human interaction.
An application that gets installed on your PC that looks real, but is installing malware in the background
This is described as an event that’s waiting to happen whether the moment a specific user gets logged in or when an event occurs as an example.
Encrypted files that can only be retrieved by paying the attacker money for your data back.
Captures data, steals information and/or watches everything that you do in the background.
Identifies what key strokes you use, what time and if there are any spaces or deletions when typing.
Invisible to the operating system and to the task manager. Modifies core system files and hard to detect.
This kind of malware happens by human interaction in order to be spread. The user has to click on a malicious link, email or execute something in order for this to spread.
Unwanted or hidden applications installed on a new device you start for the first time by the manufacturer.
Ransomware: Encrypted files that can only be retrieved by paying the attacker money for your data back.
Virus: This kind of malware happens by human interaction in order to be spread. The user has to click on a malicious link, email or execute something in order for this to spread.
Rootkit: Invisible to the operating system and to the task manager. Modifies core system files and hard to detect.
Worm: This is a self-replicating virus that spreads throughout the network without human interaction.
Keylogger: Identifies what key strokes you use, what time and if there are any spaces or deletions when typing.
Trojan: An application that gets installed on your PC that looks real, but is installing malware in the background
Bloatware: Unwanted or hidden applications installed on a new device you start for the first time by the manufacturer.
Logic Bomb: This is described as an event that’s waiting to happen whether the moment a specific user gets logged in or when an event occurs as an example.
Spyware: Captures data, steals information and/or watches everything that you do in the background.
What is RFID cloning?
This is considered a physical attack to where you can take a RFID duplicator and quickly scan someone’s badge or key fob to your key that you have so that way you have access like they would.
What is the difference between amplified and reflective DDoS?
Amplified: This involves sending small requests to certain services like NTP, DNS, SNMP, etc that will generate much larger data as a return. The attacker uses his botnets to send these small requests to a service with the spoofed IP address to ensure the responses go to the target.
Reflective: The attacker exploits vulnerable servers to reflect traffic to the target. When the attacker sends requests with the spoofed IP address, the traffic gets reflected to the target, making it harder to determine if this is real or malicious traffic.
What is the difference between a man-in-the-middle attack and a replay attack?
Man-in-the-middle (MITM): This type attacks involves the attacker stealing information or modifying data in real time without the user knowing about it.
Replay Attack: This type of attack does involve stealing information or modifying data, but only to be used at a later time and is considered a “passive” attack because the attacker isn’t doing it in real time. The user would have no acknowledgement and the device or site the attacker is wanting to use see’s the stolen information as “valid” information as if it came from the trusted user.
What is a directory traversal attack?
A directory traversal attack is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory other than the server's root directory. The attacker looks to see if the web application accepts file path names as input such as “file=, page=, template=”. The attacker can then modify the URL with commands to see if they can gain access to restricted files that require admin access.
What is SSL striping?
This is a cryptographic attack to where an attacker is already performing a man-in-the-middle attack. The attacker strips away the “S” in “HTTPS” to make the traffic in clear text and not encrypted.
What is the difference between spraying and brute force attack?
Spraying: This is a password attack to where the attacker will try common passwords on different user accounts. When he fails the login attempt of the account, he goes to the next account using the same password to see if he can gain access without raising suspicion.
Brute Force: This is a password attack to where the attacker will try to guess the password of a user account. The attacker may have the hash of the password and will keep trying to match the hash to determine what the password is.
What does IoC stand for?
IoC stands for Indicators of Compromise. This is a term used to reference indicators that your system has been compromised whether by missing logs, account lockout, blocked content, resource consumption, etc.