Attacks & Viruses
- Virus User intervention is needed to spread
- Macros: User intervention is needed to spread
- Worm: Self-replicating malware, so does not require user intervention OR another application to act as host for it to replicate
- Trojans: are hosted within the application & looks harmless
- Armored virus: attempts to trick the antivirus program into believing its location is somewhere other than where it really is on the system to protect itself from antivirus programs & making it more difficult to trace. | it Prevents attempts by analysts from examining its code by using various methods to make tracing, disassembling, and reverse engineering more difficult.
- Phishing: Email – Lure victim to commit some action
- Spam: Email - Advertisement
- Vishing: Call/Voice mgs
- Spear Phasing: Targeting a group or Known victims
- Whaling: Targeting big shots
- Smishing: it’s SMS phishing – Lure victims through Text message for immediate actions like send Bank details, download malware, etc
- Spim: Target victims using Instant messaging (IM) services, SMS, Social Media, websites. – Usually unwanted advertisement through instant message
- Hoax: Dupe, deliberately tricking to gain an advantage, wasting time, getting information, Wasting time over something that doesn’t exist, Hoaxes sent to us in email, posting on FB, etc.
Phishing à Smishing | Spam à Spim
Bluetooth Attack
- Blue Jacking, hackers can send unwanted text messages, images, or sounds to other Bluetooth enabled.
- Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection | often between phones, desktops, laptops, and PDAs. With bluesnarfing, thieves wirelessly connect to some early Bluetooth-enabled mobile devices without the owner's knowledge to download and/or alter phonebooks, calendars, or worse.
- Bluebugging is a type of cyber attack done on the Bluetooth-enabled devices. The attack allows the hacker to access the cell commands and infiltrates the phone Bluebugging goes beyond bluejacking or bluesnarfing, allowing thieves to take full control of a device.
- Wardriving is the act of searching for Wi-Fi wireless networks, usually from a moving vehicle
- Wardialing, the practice of dialing many phone numbers hoping to find a modem.
- Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi network
- War chalking is the act of making chalk marks on outdoor surfaces (walls, sidewalks, buildings, sign posts, trees) to indicate the existence of an open wireless network connection, usually offering an Internet connection so that others can benefit from the free wireless access.
Evil Twin: Creating another wireless network that is impersonating wireless networks. An evil twin, in the context of network security, is a rogue or fake wireless access point (WAP) that appears as a genuine hotspot offered by a legitimate provider.
Rouge Access Point: A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle attack.
To prevent the installation of rogue access points, organizations can install wireless intrusion prevention systems to monitor the radio spectrum for unauthorized access points.
Network Attacks
Pharming | DNS Cache Poisoning | Domain Spoofing: ‘poisons’ a DNS server (or hosts file) by infusing false information into the DNS server, resulting in a user’s request being redirected elsewhere.
Smurf Attack: A smurf attack involves sending PING requests to a broadcast address. | A smurf attack is a type of network security breach in which a network connected to the Internet is swamped with replies to ICMP echo (PING) requests. A smurf attacker sends PING requests to an Internet broadcast address. These are special addresses that broadcast all received messages to the hosts connected to the subnet. Each broadcast address can support up to 255 hosts, so a single PING request can be multiplied 255 times. The return address of the request itself is spoofed to be the address of the attacker’s victim. All the hosts receiving the PING request reply to this victim’s address instead of the real sender’s address.
Domain Hijacking, The DNS will be unavailable, but DNS poisoning will redirect web browsers to malicious URLs.
DNS Tunnelling is a method of cyber-attack that encodes the data of other programs or protocols in DNS queries and responses. DNS tunneling often includes data payloads that can be added to an attacked DNS server and used to control a remote server and applications.
The threats and vulnerabilities are then evaluated in a Risk assessment and the necessary actions taken to resolve and vulnerabilities.
Botnet/Zombies: Software running on infected computers called zombies is often known as a botnet. | DoS & DDoS can be launched by Botnets | Most bots are written to run in the background with no visible evidence of their presence. | Zombie is a computer that’s connected to the internet, that has been compromised by a hacker, computer virus, etc, and can be used to perform malicious activity under remote direction. – Often used to spread email spam & launch DoS attacks
DDoS: Multiple computers(Can be Zombies) attacking a single target in an organized attempt to deplete its resources.
Rootkit: is a collection of tools (programs) that enable administrator-level access to a computer or computer network. | it usually hides and undetected when scanned.
A ‘Bootkit’ is a rootkit that infects the Master Boot Record. Bootkits are an advanced form of rootkits that take the basic functionality of a rootkit and extend it with the ability to infect the master boot record (MBR) or volume boot record (VBR) so that the bootkit remains active even after a system reboot. Bootkits are designed to not only load from the master boot record but also remain active in the system memory from protected mode through the launch of the operating system and during the computer’s active state.
MBR infection is malware that is installed into the Master Boot Record (MBR) of a hard disk. Reinstalling the operating system does not remove the malware from the MBR.
IV Attack: if IVs(Initialization Vectors) are reused with the same key, by examining the repeating result, it was easy for attackers to crack the secret key. This is known as an IV attack.
Session replay attacks, also known as, playback attacks or replay attacks, are network attacks that maliciously “repeat” or “delay” a valid data transmission. A hacker can do this by intercepting a session and stealing a user's unique session ID
A Pass-the-Hash (PtH) attack is a technique whereby an attacker captures a password hash (as opposed to the password characters) and then simply passes it through for authentication
SSL stripping is a technique by which a website is downgraded from https to http
Impersonation is where a person, computer, software application, or service pretends to be someone or something it’s not.
Zero-Day: The vulnerability is undocumented and unknown.
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.
Dumpster diving is looking for treasure in someone
else’s trash. (A dumpster is a large trash container.)
RAT: Remote Access Trojan, malicious software that allows an attacker to gain unauthorized access to a victim's computer over the internet. RATs are typically installed without user consent and remain hidden to avoid detection
Watering hole is a computer attack strategy in which
an attacker guesses or observes which websites an organization often uses and
infects one or more of them with malware.
Data exfiltration occurs when malware and/or a
malicious actor carries out an unauthorized data transfer from a computer. It
is also commonly called data extrusion or data exportation. Data exfiltration
is also considered a form of data theft. [Ex filter-Transfer Secretly]
Passive Reconnaissance: Attacker Reviews data & publicly available information to gather information & intelligence about target organization (No Technical info gathering activities, No vulnerability scanners used)
Brute-force attacks attempt to gain unauthorized
access to a single account by guessing the password. | Tries with multiple
passwords to break down a target user.
Password spraying is
an attack that attempts to access a large number of accounts
(usernames) with a few commonly used passwords. | Tries with multiple users
with single password
Threat Actors
- Script Kiddie: a person who uses existing computer scripts or codes to hack into computers, lacking the expertise to write their own.
- Hacktivism is the act of misusing a computer system or network for a socially or politically motivated reason. | Hacks to bring political or social change
- APT (Advance Persistence Threat): The criminal operators have a specific objective and are skilled, motivated, organized and well-funded (Enemy Countries).
- Insider Threat: People within an organization such as employee, Formal employee, contractors, business associates
- Advanced Persistent Threat: Coordinated + Sophisticated + Highly skilled
Shadow IT is the use of information technology
systems, devices, software, applications, and services without explicit IT
department approval. | In big organizations, shadow IT refers to information
technology systems deployed by departments other than the central IT
department, to work around the shortcomings of the central information systems.
Pivoting refers to a method used by penetration
testers that uses the compromised system to attack other systems on the same
network
Pass-the-Hash (PtH) attack is a technique whereby an
attacker captures a password hash (as opposed to the password characters) and
then simply passes it through for authentication and potentially lateral access
to other networked systems.
Credential stuffing—uses previously-known password-username
pairs, trying them against multiple websites. Exploits the fact that many users
have the same username and password across different systems.
VM Escape: virtual machine escape is the process of a
program breaking out of the virtual machine on which it is running and
interacting with the host operating system. A virtual machine is a
"completely isolated guest operating system installation within a normal
host operating system
Entrapment: The process in which a law enforcement
officer or a government agent persuades or encourages or induces a person to
commit a crime when the potential criminal expresses a desire not to go ahead.
Entrapment is a valid legal defence in criminal prosecution.
Enticement is when the person would have committed
(or intended to commit the crime) anyway.
Tailgating: Someone being so close to you when you
enter a building that they are able to come in right behind you without needing
to use a key, a card, or any other security device.
