Please enable JavaScript.
Coggle requires JavaScript to display documents.
Module 1. Threats, Attacks and vulnerabilities (Lesson 1. analyze…
Module 1. Threats, Attacks and vulnerabilities
Lesson 1. analyze indicators of compromise and determine the malware
1.1 Types of malware
Malware
: short for
malicious software
It is software (or script code) designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems
without consent
.
Characteristics
Transparent
: they don't wanna be caught and they don't wanna be seen, it operates in the background.
Designed to exploit a OS or Sw vulnerability
OS and device agnostic
: it's time to destroy the myth that Macs or Linux Machine are safe. Malware can attack all types of platforms and all types of OS
Activates programmatically
: Instructions can be embedded already in the malware or get additional instructions from a control center.
Responds to commands
: that can be the commands that are, again, embedded, or commands that are coming from a commanding control center.
Often evades scanning
: that goes back to the idea of being transparent, it wants to hide in the background
Malware families
Virus
Viruses are malicious codes whose primary function is to
replicate
and
deliver its payload
Characteristics
Requires a
host
to execute and replicate, they can't operate on their own, the virus has to attach to an
existing file
(.bat, .com, .doc, .docx, .dll, .exe, .html, .mdb, .pdf, .vbs, .xls, .xlsx, .zip)
Requires
user intervention
(e.g. clicking on a link or visiting an infected website)
Types
Boot sector virus
: Infects the boot (first) sector of a drive. Loads into memory upon boot up
File infector
: Infects .com or .exe files by overriding original code. Can easily infect other executables with the same extension
Companion
: Disguises itself as a legitimate program but uses a different extension with a higher priority (e.g. good.com to emulate good.exe)
Macro virus
: Written in a macro language and is platform-independent. Infects and replicate templates and documents
How they act
Stealth virus
: Hides by
encrypting
its code. Masquerades as the original file and reports that the original file is intact.
Memory resident
: Upon execution stays resident in memory. Can infect other programs running at same time.
Armored
: Hides itself by
obfuscation
or by adding confusing or
unnecessary code
Polymorphyc
: Produces varied but
operational copies
of itself
Metamorphic
: Capable of
recompiling
itself into a new form
Worm
, variants: bot/zombie, crypto, APT, generic
Trojan
, variants: Malicious code embedded in music, video, game, greeting card and utilities
Rootkit
, variants: firmware, kernel, boot record, legitimate (anti-theft)
Spyware
, variants: adware, tracking cookies, geolocator, click fraud
Programmatic
, variants: logic bombs, backdoor
Objective
• Given an scenario, analyze indicators of compromise and determine the malware.
• Compare and contrast types of attacks.
• Explain threats actors types and attributes.
• Explain penetration testing concepts.
• Explain vulnerability scanning concepts.
• Explain the impact associated with type of vulnerabilities.
Some types of malware like ransomware will eventually come up front and center and let you know that it's there, but while is coming on your system, while it is executing it's trying to be transparent so it doesn't get caught
A strong vulnerability management program and keep systems well patched is useful in order to repel the malware
Agnostic
, in an information technology (IT) context, refers to something that is generalized so that it is interoperable among various systems.