9 19 2024 - rtji0/Arthur-Tech-Journal GitHub Wiki

9-19-2024

Quiz Review

  • Restricted access datacenter security buffer - Access control vestibule

  • Keywords - job as a janitor to steal info from trash

  • Microwave - Infrared is short range

Malware Attacks

  • Software designed to interfere with a computer's normal functions, used to commit harmful and unlawful action

  • Any device with a MAC address needs to be protected

Kidnap

  • Ransomware - malicious software used to extort money from the user in exchange for the endpoint device to be restored to a normal working state

  • Blocking Ransomware - locks out computer from use

  • Locking Ransomware - encrypts certain files on a computer so that they can't be used

xgfj

Ransomware is considered to be the most serious malware threat for the following reasons:

− Low barrier to entry

− Pervasive attacks

− High impact

Eavesdrop

  • Keylogger - a tool that silently captures and stores each keystroke a user types on a computer keyboard, passwords, credit card info, etc

  • Can be a program or small hardware device

  • Spyware - tracking software installed without the knowledge or consent of the user

fgnxdf

Masquerade

  • Trojan - exe program that masquerades as performing a benign or basic activity but it's primary function is malicious

  • Remote access trojan (RAT) - similar to a torjan but gives the threat agent unauthorized remote access by using specially configures communication protocols

  • Leaves an opening for unrestricted access to the victims computer

Launch

  • Infects a computer to launch attacks on other computers such as virus, worm, bloatware, or bot

  • File based virus and fileless virus

  • A fileless virus does not attach itself to a file but instead takes advantage of native services and processes that are part of the OS to avoid detection and carry out its attacks

  • Loaded directly on RAM (random access memory) rather than a file

  • Easy to infect, extensive control, persistent, difficult to detect, difficult to defend against

  • A worm is a malicious program that uses a computer network to replicate (sometimes called a network virus)

  • Bloatware - unnecessary software installed on a device without the user's consent

  • Windows 10 candy crush type shit

Sidestep

  • Logic bomb - added to a legitimate program and lies dormant until a specific logic event triggers it

  • Rootkit - malware that can hide its presence and the presence of other malware on the device

  • Accesses "lower layers" of the OS

  • Backdoor - gives access to a computer, program, or service that circumvents any normal security protections

Indicator of attack (IOA)

  • Acc. lockout - account that is not accessible by its intended login, likely taken over

  • Concurrent session usage - multiple instances of one account being used at once

  • Blocked content - data not longer accessible

  • Impossible travel - accessing a resource that is not possible due to geography ie checks email in NY then in LA five minutes later

  • Resource consumption - processing capabilities or memory that are depleted with no explanation

  • Resource Inaccessibility - large scale attacks can block system resources from access

  • Out-of-cycle logging - false or otherwise incorrect log records that do not correspond to real events can be evidence of an IoA

  • Published/documented - evidence from external sources of a current attack can be used to identify an attack

  • Missing Logs - Log files that have mysteriously gone missing or deleted are evidence of a potential attack