1.0 Attacks, Threats, and Vulnerabilities
1.2 Type of Attacks
Malware
Ransomware - Malware that will lock down/encrypt a system and extort the victim often for money.
Trojans - Malware that conceals itself as harmless software.
Worms - Malware that is able to replicate itself through a network automatically.
Potentially Unwanted Programs (PUPs) - Software the user does not want, often paired with software the user does want.
Fileless Virus - Scripted malware stored entirely in memory.
Command and Control - Attacker has established remote access to a victim host and is able to control the system or pull data.
Bots - Automated malware
Crypto Malware - Malware that turns the victim system into a cryptocoin mining rig.
Logic Bombs - Malware programmed to trigger on a specific event, often left behind by a disgruntled former employee.
Spyware - Malware used to gather data from the victim.
Keyloggers - Malware used to record the victim’s keystrokes.
Remote Access Trojan (RAT) - Malware that gives the attacker remote admin access to a victim’s system.
Rootkit - Malware that is embedded into the OS, can be hard to detect/remove.
Backdoor - Covert way to bypass the normal authentication process.
Password Attacks
Spraying - Brute force attack that uses a list of usernames and default passwords to try to access accounts.
Dictionary - Brute force attack that uses common dictionary words to try to access accounts.
Brute Force - Attempting to authenticate an account repeatedly with the hopes of guessing the password
Offline - Uses hashed data to try to brute force a password without risk of discovery.
Online - Brute force attack that is often set to slow drip attempts to try to stay under the radar.
Rainbow Table - A precomputed table used for hashing, typically used in conjunction with cracking a password.
Plaintext/Unencrypted - Passwords stored as is without hashing or encryption.
Physical Attacks
Malicious USB Cable - Malicious cable that performs an unexpected, unwanted function. Can be GPS tracker, audio eavesdropping , data exfiltration, ect.
Malicious Flash Drive - USB flash drive pre-programmed with unexpected, unwanted function. Can be used to inject malware or scripts.
Card Cloning - A thief makes a copy of a card in order to use it/steal from the victim.
Skimming - A false card reader used to steal card info.
Adversarial Artificial Intelligence
Technique that attempts to exploit Machine learning systems using model information/vulnerabilities. Four common goals are evasion, poisoning, model stealing (extraction), and inference.
Tainted Training Data - Feeding ML/AI known bad data.
Security of ML/AI Algorithms - Securing algorithms against attacks.
Supply Chain Attacks - Attack vector that uses a trusted 3rd party as an access point.
Cloud-based vs. On-premises attacks
Cloud - Centralized within the cloud, lower cost, allows use of what cloud security providers have, lower cost
On-prem - Complete control over data, higher cost
Cryptographic Attacks
Birthday - Attacker exploits a hash that matches what should be a unique hash.
Collision - Hash Collision is when different data shares a hash that should be unique.
Downgrade - Exploit vulnerabilities to have machines use easier to crack encryption methods.