Information Technology /Security+ (SY0-701): Lesson 13: Analyze Indicators Part 2
Security+ (SY0-701): Lesson 13: Analyze Indicators Part 2
This deck covers key concepts related to botnets, malware types, attack tactics, and network security indicators. It provides definitions and explanations crucial for understanding cybersecurity threats and their mitigation.
How is a botnet controlled?
By a command and control (C2 or C&C) host or network.
Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/30
Key Terms
Term
Definition
How is a botnet controlled?
By a command and control (C2 or C&C) host or network.
Define a 'command and control (C2 or C&C)' host/network
Infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets.
Define a 'cover channel'
Subverts network security to transfer data without authorization or detection.
Once activated by a user, what permissions do a trojan malware adopt?
Inherits the privileges of that user account.
Define a 'rootkit'
Malware that runs with SYSTEM level permissions; Class of malware that modifies system files, often at the kernel level, to conceal its presence.
What is the danger of a rootkit that attacks firmware?
Can survive any attempt to remove the rootkit by reformatting a drive or reinstalling OS.
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
How is a botnet controlled? | By a command and control (C2 or C&C) host or network. |
Define a 'command and control (C2 or C&C)' host/network | Infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets. |
Define a 'cover channel' | Subverts network security to transfer data without authorization or detection. |
Once activated by a user, what permissions do a trojan malware adopt? | Inherits the privileges of that user account. |
Define a 'rootkit' | Malware that runs with SYSTEM level permissions; Class of malware that modifies system files, often at the kernel level, to conceal its presence. |
What is the danger of a rootkit that attacks firmware? | Can survive any attempt to remove the rootkit by reformatting a drive or reinstalling OS. |
Define 'ransomeware' | Malware that tries to extort money from the victim by blocking normal operation of a computer and/or encrypting the victim’s files and demanding payment. |
What are typical ways ransomware will demand payment to avoid revealing their identity? | Cryptocurrency; wire transfers; premium rate phonelines. |
Define 'crypto-ransomeware' | Crypto class of ransomware attempts to encrypt data files on any fixed, removable, and network drives. |
Define 'Cryptojacking malware' | Type of crypto-malware hijacks the resources of the host to perform cryptocurrency mining. |
Define a 'logic bomb' | A malicious program or script that is set to run under particular circumstances or in response to a defined event. |
Define a 'tactic' in terms of bad actor behavior | Behaviors such as reconnaissance, persistence, and privilege escalation are examples of tactics. |
Define a 'technique' in terms of bad actor behavior | Description of how a threat actor progresses a tactic. |
Define a 'procedure' in terms of bad actor behavior | Description of how a technique is performed. |
Define an 'indicator of compromise (IoC)' | A sign that an asset or network has been attacked or is currently under attack. |
Define a 'sheep dip' | An isolated host used to test new software and removable media for malware indicators before it is authorized on the production network. |
Define 'Impossible travel' | A potential indicator of malicious activity where authentication attempts are made from different geographical locations within a short timeframe. |
How can concurrent sessions be a sign of malicious activity? | Indicates that the threat actor has obtained the account credentials and is signed in on another workstation or over a remote access connection. |
Define a 'physical attack' in terms of cybersecurity | An attack directed against cabling infrastructure, hardware devices, or the environment of the site facilities hosting a network. |
Define an 'environmental attack' | A physical threat directed against power, cooling, or fire suppression systems. |
Define 'RFID cloning' | Making a copy of a contactless RIFD access card. |
Define 'RIFD skimming' | Using a counterfeit reader to capture card or badge details, which are then used to program a duplicate. |
Define a 'network attack' | General category for a number of strategies and techniques that used to disrupt or gain access to systems via a network vector. |
List types of network attacks | Reconnaissance; Credential harvesting; DoS; C&C; Lateral movement; Data exfiltration. |
Define a 'denial of service (DoS)' attack | Any type of physical, application, or network attack that affects the availability of a managed resource. |
How is a denial of service attack described when the target is a network host or gateway? | distributed DoS (DDoS). |
Define 'distributed DoS (DDoS)' | Use of a botnet to disrupt the normal flow of traffic of a server or service by overwhelming the target with traffic. |
What is the typical outcome of an individual client host being affected by a malware based denial of service (DoS) attack? | Might destroy a file system or engineer excessive CPU, memory, storage, or network bandwidth consumption. |
Define a 'SYN flood attack' | DoS attack where the malicious client's ACK packet is withheld from the 3-way handshake, causing a router/firewall/server to build a queue of pending connections to overwhelm the host by causing it to wait for an acknowledgement of SYN/ACK from the malicious client. |
Define a 'distributed reflected DoS (DRDoS)' | A DoS attack where the attacker sends outing packets to random third party servers using the IP address of the intended target with the goal to flood it with DNS or other traffic from the devices that were manipulated to communicate with it. |