malware and social engineering

malware components

1. propagation mechanism- how it spreads

2. payload- malicious action the malware performs

virus

spread by human action

worm

spread by themselves

trojan horse

disguise themselves as beneficial software but carries hidden malicious software

adware

displays advertisements

some mechanisms include changing the default search engine, displaying pop ups, or replacing legit ads with other ads

spyware

gathers info without the user’s knowledge or consent

--techniques include logging keystrokes, monitoring web browsing, and searching hard drvies and cloud storage

ransomware

blocks access until ransom is paid

cryptomalware

takes over user’s system capacity and uses it to mine cryptocurrency

scareware

designed to look like a legit warning but is a scam

preventing malware

• anti malware software

• security patches

• education

backdoor

provide workaround access

-mechanisms include hardcoded accounts, default passwords, and unknown access channels

logic bomb

deliver a triggered payload

rootkit

escalates user privileges. Payloads can include backdoors, botnet agents, adware/spyware

user mode rootkits: run w normal user privileges, are easy to write and difficult to detect

kernel mode rootkit: run with system privileges, are difficult to write and easy to detect

fileless viruses

only stay in memory to avoid detection

what is a common command and control mechanism for botnets?

IRC

Developers wishing to sign their code must have a _____.

digital certificate

hacktivist

seek to use hacking tools to advance political and social agendas

white hats

authorized- operates with permission and good intent

grey hats

semi authorized- operate without permission but with good intent

black hats

unauthorized- operate illegally with malicious intent

HR practices to control insider threats

• perform background checks to uncover past legal issues

• give users only the permissions that they need

• require multiple users to carry out sensitive operations

• mandatory vacations for critical staff

Shadow IT

exposes the organization to risk from the use of unapproved technology services

advanced persistent threats (APTs)

• well funded and highly skilled

• typically government sponsored

• have access to zero days and other sophisticated weapons

• work methodically to gain access to a target

social engineering tactics

• authority

• intimidation

• consensus

• scarcity

• urgency

• familiarity

pharming

use fake websites to capture credentials

pretexting attack

impersonate a consumer

watering hole attack

• users trust the websites they visit, to some extent

• browser and add ons often have vulnerabilities

• users are conditioned to click “ok” on security warnings