Bangeter actors_attacks-80.pdf
Bangeter actors_attacks-80.pdf
Bangeter actors_attacks-80.pdf
Fichier Détails
Cartes-fiches | 18 |
---|---|
Langue | English |
Catégorie | Technique |
Niveau | Université |
Crée / Actualisé | 19.06.2019 / 01.07.2021 |
Lien de web |
https://card2brain.ch/box/20190619_bangeter_actorsattacks80_pdf
|
Intégrer |
<iframe src="https://card2brain.ch/box/20190619_bangeter_actorsattacks80_pdf/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
Créer ou copier des fichiers d'apprentissage
Avec un upgrade tu peux créer ou copier des fichiers d'apprentissage sans limite et utiliser de nombreuses fonctions supplémentaires.
Connecte-toi pour voir toutes les cartes.
What is malware?
Malware (short for malicious software) is software designed to infiltrate or damge a computer system without the owner's being informed or giving consent.
Once malware has compromised a system, an attacker can (sometimes fulliy) control the system.
What are typical areas where malware can be used?
Typical areas of malware usage:
- Cybercrime
- Espionage
- Disruption
- Cyber war
- Lawful interception
What is the difference between targeted and non targeted malware use?
Opportunistic /non-targeted attacks (~cybercrim): Attack on a large weakly targeted population, often oppertunistic. Even if success rate is low, the absolute number of successful infections and the resulting revenue might be high.
Targeted attacks (~espionage): Attacks that are targeted at few individuals.
What is meant by the tearm infection vector?
Infection vector: refers to the means and techniqyes for delivering a piece of malware onto the victime machine.
Name some examples of technical vulnrabilities.
There are may differen types of technical vulnerabilities:
- Misconfiguration of firewall, Web server, etc...
- Weak passwords allow login, and take over
- Etc...
- Software vulnerabilities are particularly interesting, since they allow for very powerfull attacks. They may be deployed via different infection vectors.
What is a software vulnerability?
What is meant by the terms (software) exploit and patch?
The malicious data / code that triggers a vulnerability is called a (software) exploit.
A patch is a software update that removes a known software vulnerability.
What is the live cycle of a zoro-day vulnrability? At which phase is it the most dangerous?
Why do most cybercriminals not use zero-day exploits?
- Zero-day exploits are hard to find / expensive (they are typically used by espionage / nation state actors)
- Cybercriminals rather use "other day" vulnerabilities, i.e. fresh known vulnerabilities which are able to compromise unpatched systems.
Microsoft patch tuesday -> exploit wednesday :D
What are the 6 steps of a drive by download?
- Attacker compromises a legitimate "good" website. Attacker inserts malicious code in "good" website e.g. an IFRAME
- User visits the "good" website. The users browser or plugin vulnerable
- User is silently redirected to the 'bad' website through the hidden IFRAME. Attacker can now identify os version and vulnerabilities.
- Malicious code is downloaded to the user.
- Leveraging the vulnerabilities the malicious code is installed on the user's computer.
- Malicious software takes advantege of the user's system.
ZEUS used the drive by download technique
What is a watering-hole attack?
Watering-hole attacks use drive by download as an infiction vector, by preparing a website that is known to be visited by your target audience (and are thus semi-targeted)
E.g. if you know that employees of the targeted company X often order pizzas from www.tonis-pizza-lausanne.ch they'll use the pizza site for the drive by downloads.
Name some document types that are used as malicious documments.
Microsoft office documents
- may contain VBA macros
- VBA is a powerful programming language, which gives attacker logs of possiblities to drop and execute malicious pauload.
- Payload is either embedded in document (dropper) or downloaded from the internet (downloader)
PDF dockuments
- may contain scripts e.g. JavaScript.
Document attacks are the most prevalent infection vector. Malicious documents do not make use of exploits.
- may
What is social engineering?
Social engineering is tricking the human into performing an action that allows for the execution of malware
Some examples:
- Get person to open attachment / file
- Make them run a program or script
- Get them to plug in a usb device
- etc...
What is the difference between phishing and spearphishing?
Phishing is non targeted: Mail is sent to many users in the hope that a small subset of users fall for the trick and install the malware.
Spearphishing is targeted either against a individual person or a small group. The email is crafted in a specific personalized way to make them interact with attacker.
What is a payload and what types of activities does it carry out?
payload: In information security, the term pauload generally refers to the part of malicious code that performs the destructive operations.
activities of payloads:
- execute malicious activity ("effective payload")
- Information theft, modification, store information
- Abuse computing resources
- Communicate with command and control server
- Update
- Exfiltrate data
- Propagate
- Anti-forensics, e.g. hiding ("rootkit" techniques) and self defense technique
Name some examples of malicious activities?
- Information theft
- Key logging
- Take screenshots
- Email addresses
- Information storage and modifaction
- Store ilegal data, software, etc..
- HTML injection into browser to proactively harvest data
- Modify payment info in e-banking transactions, so called "transaction generators"
- Abuse of computing resources
- Proxy
- Sending spam
- Click fraud
- Propagation
- Copy malware to network shares, USB sticks
- Network based spreading via remote exploits, open ports etc..
- Email malware to recipients in address book etc...
Most current malware does not propagate, too noisy and hard to control (see morisworm)
Early malware did this so called
-
- 1 / 18
-