Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 2 Attacks, Concepts and Techniques (Analyzing a Cyberattack…
Chapter 2 Attacks, Concepts and Techniques
Analyzing a Cyberattack
-
-
-
Symptoms of Malware
There is an increase in CPU usage.
There is a decrease in computer speed.
The computer freezes or crashes often
There is a decrease in Web browsing speed.
There are unexplainable problems with network connections.
Files are modified.
Files are deleted.
There is a presence of unknown files, programs, or desktop icons.
There are unknown processes running.
Programs are turning off or reconfiguring themselves.
Email is being sent without the user’s knowledge or consent.
Methods of Infiltration
Social Engineering
Social engineering is an access attack that attempts to manipulate individuals into performing actions or divulging confidential information.
Pretexting - This is when an attacker calls an individual and lies to them in an attempt to gain access to privileged data. An example involves an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.
-
Something for Something (Quid pro quo) - This is when an attacker requests personal information from a party in exchange for something, like a free gift.
Wi-Fi Password Cracking
Wi-Fi password cracking is the process of discovering the password used to protect a wireless network.
-
Brute-force attacks – The attacker tries several possible passwords in an attempt to guess the password. Because brute-force attacks take time, complex passwords take much longer to guess. A few password brute-force tools include Ophcrack, L0phtCrack, THC Hydra, RainbowCrack, and Medusa.
Network sniffing – By listening and capturing packets sent on the network, an attacker may be able to discover the password if the password is being sent unencrypted (in plain text). If the password is encrypted, the attacker may still be able to reveal it by using a password cracking tool.
Phishing
Phishing is when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source.
The message intent is to trick the recipient into installing malware on their device, or into sharing personal or financial information.
Spear phishing is a highly targeted phishing attack. Spear phishing emails are customized to a specific person. The attacker researches the target’s interests before sending the email. For example, an attacker learns the target is interested in cars, and has been looking to buy a specific model of car. The attacker joins the same car discussion forum where the target is a member, forges a car sale offering and sends email to the target. The email contains a link for pictures of the car. When the target clicks on the link, malware is installed on the target’s computer.
-
Denial of Service
DoS
A DoS attack results in some sort of interruption of network service to users, devices, or applications.
Overwhelming Quantity of Traffic - This is when a network, host, or application is sent an enormous quantity of data at a rate which it cannot handle. This causes a slowdown in transmission or response, or a crash of a device or service.
Maliciously Formatted Packets - This is when a maliciously formatted packet is sent to a host or application and the receiver is unable to handle it. For example, an attacker forwards packets containing errors that cannot be identified by the application, or forwards improperly formatted packets. This causes the receiving device to run very slowly or crash.
DDoS
A Distributed DoS Attack (DDoS) is similar to a DoS attack but originates from multiple, coordinated sources.
An attacker builds a network of infected hosts, called a botnet. The infected hosts are called zombies. The zombies are controlled by handler systems.
The zombie computers constantly scan and infect more hosts, creating more zombies. When ready, the hacker instructs handler systems to make the botnet of zombies carry out a DDoS attack.
SEO Poisoning
SEO, short for Search Engine Optimization, is a set of techniques used to improve a website’s ranking by a search engine.
a malicious user could use SEO to make a malicious website appear higher in search results. This technique is called SEO poisoning.
The most common goal of SEO poisoning is to increase traffic to malicious sites that may host malware or perform social engineering.
-