2.4 Scenarios and Indicators of malicious activity

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/39

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

40 Terms

1
New cards

Ransomware (Malware attack)

Encrypts files and demands payment for decryption ( WannaCry Encrypting hospital systems)

2
New cards

Trojan (Malware attack)

Malware disguised as legitimate software (Fake flash player installer that installs backdoor)

3
New cards

Worm (Malware Attacks)`

Self Replicating malware that spreads without user input (ILOVEYOU worm spreading via email)

4
New cards

Spyware (Malware attack)

Secretly monitors and collects user data (Keylogger sending typed data to attacker)

5
New cards

Bloatware (Malware attack)

Unwanted software preinstalled or bundled (Trail antivirus slowing down systems)

6
New cards

Virus (malware attack)

infects and spreads by attaching to files or programs (Melissa virus in word documents)

7
New cards

Keylogger (Malware attack)

Records keystrokes to capture sensitive data, works synonymous with spyware (Example, capturing passwords typed into websites)

8
New cards

Logic Bomb (Malware attack)

Malicious code triggered by specific conditions
(Code that deletes files if user is fired, or a action is trigger)

9
New cards

Rootkit (Malware Attack)

Hides malware or attacker presence on system (Kernel mode rootkit hiding backdoors)

10
New cards

Brute Force ( Physical attack)

Repeatedly tries passwords or PINs, forcing to login (Using a login automation tool to sign in)

11
New cards

RFID cloning (Physical Attack, Radio Frequency identification)

Copies RFID chip data to a fake card (Cloning badge access badge or credit card information)

12
New cards

Environmental (Physical Attack)

Damage from temperature, humidity, power, etc (Server overheating due to a AC failure)

13
New cards

DDoS (Network attack)

Overloads service with excessive traffic (Bot net flooding a website) (Denial of distributed service)

14
New cards

Amplified DDOS ( Network )

Attack magnified using protocols like NTP or DNS (A small request, resulting in a massive response, flooding the target)

15
New cards

Reflected DDos (Network)

Spoofed request responses flood the victim (Sending spoofed ping requests to many devices)

16
New cards

DNS attacks (Network Attack)

Exploit DNS to redirect or intercept traffic (Poisoning DNS to reroute bank users to fake sites)

17
New cards

Wireless (Network attacks)

Exploits wireless protocols or encryption (Cracking a WPA2 key using handshake capture)

18
New cards

On Path (Network Attacks)

intercepts communication between two parties (Man in the middle attack capturing credentials over public wifi)

19
New cards

Credential replay (Network attacks)

Reuses stolen credentials to access system (Using sniffed cookies to access accounts)

20
New cards

Malicious Code (Network Attack)

General term for code that’s used to harm (Like a JS injected into a login page)

21
New cards

Buffer Overflow (Application Attacks)

Overwrites memory to execute attacker code

(Input overflow app memory buffer)

22
New cards

Injection (Application Attacks)

Injects code into apps or systems (SQLi or command injection in input fields)

23
New cards

Replay (Application attacks)

Captures and reuses valid data packets (Reusing a login request to gain access)


24
New cards

Privilege Escalation (Application Attacks)

Gains higher level permissions (User exploiting bug to become admin)

25
New cards

Forgery (Application Attacks)

Faking a request or message as legitimate (CSRF attack forging a user action)

26
New cards

Directory Traversal (Application attack)

Accessing files outside allowed directory (using linux to access ../../etc/passwd to read system files)

27
New cards

Downgrade (Cryptographic attacks)

Forces use of weak encryption (TLS downgrade to insecure version)

28
New cards

Collision (Cryptographic attacks)

Two inputs producing same hash output (MD5 producing same hash for different files, therefore colliding)

29
New cards

Birthday (Cryptographic attacks)

Probability based hash collision attack (Two file having the same SHA1 hash)

30
New cards

Spraying (Password Attacks)

Trying a few common passwords on many accounts (Trying “Password123” on all users or accounts)

31
New cards

Brute Force password (Password)

Trying all combinations to crack a password (Example, cracking 6 character PIN via tools/automation)

32
New cards

Account Lockout (Indicator)

Too many login attempts, therefore the user is locked out after failed attempts

33
New cards

Concurrent Session Usage (Indicator)

Account accessed from multiple locations, like being logged in from the US and in China at once

34
New cards

Blocked Content (Indiciator)

Security tool prevents malicious data, like a firewall blocking a malicious domain

35
New cards

Impossible Travel (Indicator)

Logins from distant locations in unrealistic time, like a login from US and then 2 minutes later, a login from Russia. Similar to congruent session.

36
New cards

Resource consumption (Indicator)

Unusually use of CPU, Ram, ETC, could be a crypto mining malware spiking CPU usage

37
New cards

Resource inaccessibility (Indicator)

System or service becomes unreachable, like a DDoS attack making a public website inaccessible.

38
New cards

Out OF cycle logging (indicator)

Unexpected or off schedule log entries, like a log appearing during off hours or maintenance window.

39
New cards

Published/Documented (Indicator)

Known indiactors listed by threat intel, IOC from MITRE ATT&CK used in alerts

40
New cards

Missing Logs (indicator)

Expected logs, not recording, like a SIEM showing gaps in log records, possibly an intent to conceal identity.