2.4 Given a scenario, analyze indicators of malicious activity

Malware attacks

A category of malicious software designed to disrupt, damage, or gain unauthorized access to computer systems.

Ransomware

A type of malware that encrypts a user's files and demands a ransom payment to restore access.

Trojan

A type of malware disguised as legitimate software that tricks users into executing it.

Worm

A self-replicating malware that spreads across networks without human intervention.

Spyware

Malware that secretly monitors user activity and collects sensitive information.

Bloatware

Unwanted software that comes pre-installed on a device, consuming system resources.

Virus

A type of malware that attaches itself to legitimate programs and spreads to other files when executed.

Keylogger

A type of spyware that records keystrokes, capturing sensitive information like passwords.

Logic bomb

A piece of malicious code that triggers under certain conditions, causing harm to systems.

Rootkit

A type of malware that allows unauthorized access and control of a computer while hiding its presence.

Physical attacks

Attacks that involve tangible methods to compromise a system's security, such as tampering with hardware or using brute force.

Brute force

A method used to gain access by systematically trying all possible combinations of passwords or encryption keys until the correct one is found.

Radio Frequency Identification (RFID) cloning

The process of copying the data from an RFID tag to create a duplicate tag that can be used to gain unauthorized access.

Environmental attacks

Security breaches that exploit vulnerabilities related to physical environments, such as extreme temperatures or moisture that can

Network attacks

Attacks that focus on disrupting and compromising network resources and services.

Distributed denial-of-service (DDoS)

A type of attack where multiple compromised devices are used to flood a target with traffic, overwhelming it and making it unavailable.

Amplified DDoS attacks

A DDoS attack that uses amplification techniques to increase the volume of traffic sent to a target.

Reflected DDoS attacks

Attacks that exploit vulnerabilities in third-party servers to redirect traffic to a target, increasing its load.

Domain Name System (DNS) attacks

Attacks that compromise the domain name system to redirect users to malicious sites or disrupt services.

Wireless attacks

Security breaches that exploit vulnerabilities in wireless networks to gain unauthorized access or data.

On-path attacks

Attacks where an attacker intercepts communications between two parties, often to eavesdrop or alter the data.

Credential replay

An attack method where captured credentials are reused to gain unauthorized access to systems or accounts.

Malicious code

Software designed with harmful intent to disrupt, damage, or gain unauthorized access to computer systems.

Application Attacks

Malicious activities targeting software applications to exploit vulnerabilities.

Injection

An attack where an attacker inserts malicious code into a program or application to manipulate its behavior.

Buffer Overflow

An attack where more data is written to a buffer than it can hold, potentially leading to arbitrary code execution or system crashes.

Replay

An attack that involves capturing data sent over a network and then re-sending it to trick the system into performing an unauthorized action.

Privilege Escalation

An attack that allows an unauthorized user to gain elevated access to resources that are normally protected from the user.

Forged Requests

An attack where the attacker makes requests that appear to be from a legitimate source to manipulate the system.

Directory Traversal

An attack that allows an attacker to access files and directories that are stored outside the web document root.

Cryptographic Attack

A method aimed at exploiting weaknesses in cryptographic algorithms or protocols to gain unauthorized access to sensitive information.

Downgrade Attack

A type of cryptographic attack that forces a device to revert to an older, less secure version of a protocol, making it easier to exploit.

Collision Attack

A cryptographic attack that finds two different inputs that produce the same hash output, compromising the integrity of the hash function.

Birthday Attack

A type of collision attack that exploits the mathematics behind the birthday problem to find hash collisions more efficiently than brute force.

Spraying Password Attack

A method of password cracking where an attacker attempts to access multiple accounts using a common password, rather than targeting a single account with multiple passwords.

Brute Force Password Attack

An attack method where an attacker systematically attempts all possible combinations of passwords until the correct one is found.

Account lockout

A security feature that prevents further attempts to access an account after a specified number of failed login attempts.

Concurrent session usage

The use of a single account in multiple active sessions simultaneously, which can indicate potential unauthorized access.

Blocked content

Content that is restricted or unable to be accessed due to policies or security settings, often indicating suspicious activity.

Impossible travel

A behavioral indicator where a user is logged in from geographically distant locations in a short period of time, suggesting compromised credentials.

Resource consumption

Unusual or unexpected usage of system resources, which may indicate that a system is compromised or under a malicious attack.

Resource inaccessibility

The inability to access devices or data, potentially signifying that an attacker is attempting to restrict user access.

Out-of-cycle logging

Logs that are generated outside of the expected logging schedule, possibly indicating unauthorized activity on a system.

Published/documented

Indicators that are formally shared or disclosed, often through reports, pointing to known threats or vulnerabilities.

Missing logs

The absence of expected log data, which can indicate tampering or malicious activity aimed at concealing actions.