Which of the following is malware that is specifically designed to allow attackers to access a system through a backdoor?

Upgrade to remove ads

Only ₩37,125/year

• Flashcards

• Learn

• Test

• Match

• Flashcards

• Learn

• Test

• Match

Terms in this set (52)

Malware

A wide range of software that is intentionally designed to cause harm to systems and devices, networks, or users (Can gather information, provide illicit access, and many actions that the owner of the system or network will not want to occur)

Ransomware

Malware that takes over a computer and then demands a ransom

Crypto-malware

encrypts files and then holds them hostage until a ransom is paid

More types of Ransomware

Threatening to report the user to law enforcement due to pirated software or pornography or threatening to expose sensitive information or pictures from the victim's hard drive or device

Ways to defend against Ransomware attacks

- a system backup that stores files in a separate location that will not be impacted if the system were to become infected and encrypted by ransomware
- Sometimes paying the ransom has resulted in files being returned, but in other cases, the attackers demand more money
- Antivirus and antimalware providers, as well as others in the security community, provide anti-ransomware tools

Trojan

Malware that is typically disguised as legitimate software
(Named Trojan Horses because they rely on unsuspecting people running them, thus providing attackers with a path into a system or device)

Remote Access Trojan (RATs)

A trojan providing attackers with remote access to systems
- Some legitimate remote access tools are used as RATs and can make identifying whether a tool is a legitimate remote support tool or being used by an attacker
- Anti-malware tools may cause false positives when finding remote access tools that use RATs, but disabling this detection can result in malware RATs not being detected
- Security professionals combat RATs with a combination of security awareness- encourage users to not download untrusted software, and also antimalware tools that detect Trojan and RAT-like behavior and known malicious files
- RATs provide remote access and monitoring of a system for attackers

Worm

Unlike Trojans that require user interaction, worms spread themselves

How do worms spread

- Can spread via email attachments, network file shares, and other methods
- Can also self-install, rather than requiring users to click on them(makes them quite dangerous)

Stuxnet

- An attack that occurred in 2010 and is considered the first implementation of a worm as a cyberweapon
- The worm was aimed at Iranian nuclear program and copied itself through thumb drives

Rootkit

Malware that is specifically designed to allow attackers to access a system through a backdoor.

Types of techniques rootkits use to conceal detection

- Leverage filesystem drivers to ensure that users cannot see the rootkit files,
- Infect startup code in the master boot record (MBR) of a disk, allowing attacks against full-disk encryption systems.

Why is removing rootkits challenging

- Because a system infected with malware like this cannot be trusted
- Best way to detect a rootkit is to test the suspected system from a trusted system or device
- Things like integrity checking and data validation against expected responses can also be useful for rootkits
- Anti-rootkit tools often use a combination of these techniques to detect complex rootkits.

Best recommendation for removing rootkits

- To rebuild the system or restore it from a known good backup
- Common security practices such as patching, using secure configurations, and ensuring privilege management is used.

Are there such things as ethical rootkits

Yes
- Some rootkit systems are intentionally installed as part of digital rights management systems (DRM) or as anti-cheating toolkits for games.
- They can also be part of a tool used to defeat copy protection mechanisms.

Backdoor

Methods or tools that provide access that bypasses normal authentication and authorization procedures, allowing attackers access to systems, devices, or applications
- Can be hardware or software-based (mainly covering software for this exam)

When are backdoors used

- typically the tool used for Trojan and Rootkit malware attacks
- Sometimes used by software and hardware manufacturers to provide ongoing access to systems and software (Cause concern because if an attacker discovers the manufacturer backdoor, it is easy access to a system)

How can backdoors be detected

- Detecting backdoors can be done by checking for unexpected open ports and services, but there are more complex backdoor tools as well
- These tools include: web-based backdoors that require a different URL under the existing web service and backdoors that conceal their traffic by tunneling out to a remote control host using encrypted or obfuscated channels

Bot

Remotely controlled systems or devices that have a malware infection

Botnet

Groups of bots

Why are botnets used

- used by attackers who control them to perform actions that range from additional compromises and infection to denial of service attacks or acting as spam relays
- Large botnets can have up to hundreds of thousands of bots, sometimes millions

Botnet command and control system

- Operate in client-server mode, where they contact a central control system that provides command and updates and tracks how many systems are in the botnet
- Internet Relay Chat(IRC) was the old way to manage client server botnets in the past, but now recently it has been secure HTTP to prevent it from being monitored and analyzed by defenders

Peer to Peer Botnet control

connect bots to each other, making it harder to take down a single central server or handful of known Command and control IP addresses or domains

Fast-flux DNS

means that the many systems in the network of control hosts register and de-register their addresses, often every few minutes on an ongoing basis

When is Fast Flux used

- Botnets typically use fast flux DNS, which used many IP addresses that are used to answer queries for one or more fully qualified DNS names

How can Fast Flux attacks be prevented

- These types of attacks can be defended in controlled networks by forcing DNS requests to organizationally controlled DNS servers rather than allowing outbound DNS hunting because machine-generated DNS entries can be easily spotted in logs
- Taking down the domain name is the best way to defeat a fast-flux DNS based botnet or malware

How do botnets correlate to DDoS attacks

- Botnets can be used to attack servers and applications, and distributed denial-of-service attacks against applications are the most common.
- Rely on a combination of their size, which can overwhelm applications and services, and the number of systems that are in them
- Makes it nearly impossible to identify which hosts are maliciously consuming resources or sending legitimate-appearing traffic with a malicious intent

Keyloggers

programs that capture keystrokes from keyboards, although keylogger applications may also capture other input like mouse movement, touchscreen inputs, or credit card swipes from attached devices

How do Keyloggers work

- Work in ways that include capturing data from the kernel, APIs or scripts, or even directly from the memory
- Many keyloggers are aimed at acquiring passwords, so multifactor authentication can help reduce keyloggers as well

How are Keylogger attacks prevented

Preventing keyloggers focuses on ensuring malware containing keyloggers is not installed, patching systems, and the use of antimalware tools as well

Logic Bomb

Malicious code that wait for triggers to go off before activating
- Usually written by insiders
- Some malware uses this code to activate when a specific date or condition is met

Virus

Malicious programs that self-copy and self-replicate

How do viruses spread

- Require one or more infection mechanisms that they use to spread, typically paired with a search mechanism to find new places to spread to
- Viruses have trigger and payload conditions

Trigger

sets the conditions for when the virus will execute

Payload

What the virus does, delivers, or the actions it performs

How do Fileless viruses spread

- Spread via spam mail and malicious websites
- Exploit flaws in browser plug-ins and web browsers themselves.

Characteristics of fileless viruses

- Do not require local file storage because they remain memory-resident throughout their active life
- Only stored artifacts of many fileless attacks would be the artifacts of their persistence techniques.
- Fileless attacks require a vulnerability to succeed.

How can a fileless virus be prevented

- Ensuring that browsers, plug-ins, and other software that might exploited by attackers are up to date and protected
- Using anti-malware tools that can detect unexpected behavior from scripting tools like powershell can also help stop fileless files.

Spyware

Malware that is designed to obtain information about an individual, organization, or system

Characteristics of Spyware

- Many spyware packages track user's browsing habits, installed software, or similar information and report it back to central servers
- Spyware is associated with identity theft and fraud, advertising and redirection of traffic, digital rights management(DRM) monitoring, and stalkerware

Stalkerware

A type of spyware used to illicitly monitor partners in relationships

How can spyware be prevented

Spyware can be prevented using antimalware tools and user awareness to help prevent the installation of spyware

Potentially Unwanted Programs

- Programs that may not be wanted by the user but are not as dangerous as other types of malware.
- Usually installed without the user's awareness or as part of a software bundle or other installations.
- Includes adware, browser toolbars, web browser-tracking programs, and others
- Can be removed from antivirus and antimalware programs.

Malicious Code

- Code inserted in a software system or web script intended to cause undesired effects, security breaches, or damage to a system.
- Use tools like Windows Powershell, visual basic, Bash, and Python on Linux systems
- Macros on Microsoft office suite can be used by attackers as well

Why is Windows PowerShell a vulnerable target

- a popular target for attackers. Comes as default on Windows systems
- It allows remote and local execution, network access, and many other capabilities
- Attackers can perform fileless malware attacks where PowerShell scripts are executed locally once a browser or plug-in is compromised
- Defending these attacks includes using Constrained Language mode, which limits sensitive command in PowerShell, and using Window's Defender built-in application control tool

How can Windows PowerShell attacks be prevented

As a security defender, make sure to have command-line and PowerShell logging turned on to detect these types of attacks

Why is Microsoft Office vulnerable and how is it prevented

- Written in Visual Basic for Applications(VBA), office is a target for attackers through the macros embedded
- Office comes with macros disabled by default, so the best practice to prevent a macros based attack is to inform end-users not to turn it on

Why is Linux vulnerable to attacks

- Linux systems is vulnerable due to attackers using common languages and tools like Python, Perl, and Bash as part of their attack process
- These languages can be used to create persistent remote access using bind or reverse shells
- Metasploit is an example and is a tool that includes rootkits that leverage each of these languages
- These types of attacks are difficult to defend against

THINGS TO LEARN!!!

Exam lists PowerShell, Python, Bash, Macros, and Visual Basic for Applications(VBA). Make sure to have a basic understanding of how these scripting and programming languages could be used as part of an attack, and know-how you might be able to identify such an attack

Artificial inelligence

focuses on accomplishing smart tasks by combining ML, deep learning, and related techniques that are intended to emulate human intelligence.

Machine Learning

- a subset of AI. ML systems modify themselves as they evolve to become better at the task that they are set to accomplish
- Example- in a scenario where an organization deploys a network monitoring tools that studies typical network traffic to build a baseline for normal behavior. If systems are on the network are already compromised, then the baseline will include a presumption that compromised system behavior is normal.

Best steps to use as a Security Analyst for securing Artificial intelligence and machine learning

- Understand the quality and security of source data
- Work with AI and ML developers to ensure that they are working in a secure environment and that data sources, systems, and tools are maintained in a secure manner.
- Ensure that changes to AL and ML algorithms are reviewed, tested, and documented
- Encourage reviews to prevent intentional or unintentional bias in algorithms
- Engage domain experts whenever possible

Recommended textbook solutions

Engineering Electromagnetics

8th EditionJohn Buck, William Hayt

483 solutions

Operating System Concepts

9th EditionAbraham Silberschatz, Greg Gagne, Peter B. Galvin

489 solutions

Python Programming: An Introduction to Computer Science

2nd EditionJohn M Zelle

484 solutions

C++ Programming: Program Design Including Data Structures

7th EditionD. S. Malik

867 solutions

Other sets by this creator

SOC Interview

20 terms

quinandrew

SEC+ Chapter 8

85 terms

quinandrew

SEC+ Chapter 7

110 terms

quinandrew

SEC+ Chapter 6

111 terms

quinandrew

Other Quizlet sets

Electrodynamics and Electrostatics

72 terms

Andrea_Foust5

APUSH Vital Vocab Ch 23- 25

52 terms

amandamad123

Intro to Law

57 terms

holly_renae

Which kind of malware provides an attacker with administrative control over a target computer through a backdoor?

What are 4 type of malware attacks?

What type of system security malware allows for access to a computer?

Which type of malware enables a hacker to collect personal information a user enters?