Scribd Logo
Upload

Welcome to Scribd!

  • IOC and Type of Malware 1 1

    Uploaded by

    ALEJANDRO GUTIERREZ
    28 views12 pages

    Original Title

    IOC-and-Type-of-Malware-1-1

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    28 views12 pages

    IOC and Type of Malware 1 1

    Uploaded by

    ALEJANDRO GUTIERREZ

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 12

    CompTIA Security+ 501

    CompTIA Security+
    SY0-501

    Instructor: Ron Woerner, CISSP, CISM

    CompTIA Security+

    Domain 1 – Threats, Attacks and


    Vulnerabilities (21%)

    Cybrary Instructor: Ron Woerner 1


    CompTIA Security+ 501

    CompTIA Security+
    Domain 1 –
    Threats, Attacks and Vulnerabilities

    1.1 Given a scenario, analyze


    indicators of compromise and
    determine the type of malware

    1.1 Analyze IOC and Type of Malware

    ● Viruses ● Adware
    ● Spyware
    ● Crypto-malware
    ● Bots
    ● Ransomware ● RAT
    ● Worm ● Logic bomb
    ● Trojan ● Backdoor
    ● Rootkit
    ● Keylogger

    Cybrary Instructor: Ron Woerner 2


    CompTIA Security+ 501

    Risk & Threat Definitions


    NIST Information Security Glossary | Cybrary Glossary
    ● Risk: NIST | Cybrary
    ● Threat: NIST | Cybrary
    ● Impact: NIST | Cybrary
    ● Vulnerability: NIST | Cybrary
    ● Exploit: NIST | Cybrary
    ● Risk Assessment: NIST | Cybrary
    ● Risk Management: NIST | Cybrary

    Malware attacks
    ● Delivery – How it gets to the target
    ● Propagation – How malware spreads
    ● Payload – What malware does once it’s there
    ● Indicators of Compromise (IoC) – An artifact observed
    on a network or in an operating system that with high
    confidence indicates a computer intrusion.

    Cybrary Instructor: Ron Woerner 3


    CompTIA Security+ 501

    Types of Malware
    ● Viruses ● Adware
    ● Crypto-malware ● Spyware
    ● Ransomware ● Bots
    ● Worm ● RAT
    ● Trojan ● Logic bomb
    ● Rootkit ● Backdoor
    ● Keylogger

    Viruses
    Definition: A program intended to damage a computer system.
    Types:
    ● Armored Virus: A virus that is protected in a way that makes disassembling
    it difficult. The difficulty makes it “armored” against antivirus programs that
    have trouble getting to, and understanding, its code.
    ● Companion virus: A virus that creates a new program that runs in the place
    of an expected program of the same name.
    ● Macro virus: A software exploitation virus that works by using the macro
    feature included in many applications, such as Microsoft Office.
    ● Multipartite virus: A virus that attacks a system in more than one way.

    Cybrary Instructor: Ron Woerner 4


    CompTIA Security+ 501

    Viruses
    Definition: A program intended to damage a computer system.
    Types:
    ● Phage virus: A virus that modifies and alters other programs and databases.
    ● Polymorphic virus: Viruses the changes form or mutates in order to avoid
    detection.
    ● Retrovirus: A virus that attacks or bypasses the antivirus software installed
    on a computer.
    ● Stealth virus: A virus that attempts to avoid detection by anti-virus software
    and from the operating system by remaining in memory.

    Crypto-malware & Ransomware


    ● Malware that uses cryptography as part of the attack
    ● Prevents users from accessing their system or
    personal files through encryption and demands
    ransom payment in order to regain access.
    ● Ransomware authors order that payment be sent via
    cryptocurrency, online payment systems, or credit
    card.

    ● Examples: CryptoLocker, WannaCry, Locky, zCrypt,


    NotPetya

    Cybrary Instructor: Ron Woerner 5


    CompTIA Security+ 501

    Rootkit
    ● A clandestine computer program designed to
    provide continued privileged access to a computer
    while actively hiding its presence.
    ● Software program that has the ability to obtain
    administrator or root-level access and hide from the
    operating system.

    ● Examples: NTRootkit, Zeus, Stuxnet, Knark, Adore

    Trojan / Trojan Horse


    ● A harmful piece of software that looks legitimate or is
    included with legitimate applications.
    ● Any application that masquerades as one thing in order
    to get past scrutiny and then does something malicious.
    ○ One of the major differences between Trojan horses and
    viruses is that Trojan horses tend not to
    replicate themselves

    ● Examples: BackOrifice, Stuxnet, Zeus

    Cybrary Instructor: Ron Woerner 6


    CompTIA Security+ 501

    Worms
    ● Use the network to replicate copies of themselves to systems
    or devices automatically and without user intervention.
    ● To spread, worms either exploit a vulnerability on the target
    system or use social engineering to trick users into executing.
    ● A worm takes advantage of file-transport or information-
    transport features on the system, allowing it to travel unaided.

    Examples: ILoveYou, MyDoom, StormWorm, Anna Kournikova, Slammer

    Logic or Time bomb


    ● Any code that is hidden within an application and
    causes something unexpected to happen based on
    some criteria being met.
    For example:
    ○ A programmer could create a program that always
    makes sure her name appears on the payroll roster; if
    it doesn’t, then key files begin to be erased.
    ○ Backdoor is created during certain times

    Cybrary Instructor: Ron Woerner 7


    CompTIA Security+ 501

    Keylogger / Keystroke Loggers


    ● Software programs or hardware devices that track
    the activities from input devices
    ○ Keys pressed of a keyboard
    ○ Mouse clicks
    ○ Screen recorders or scrapers

    ● Keyloggers are a form of spyware where users are unaware


    their actions are being tracked
    ● Keylogger software typically stores your keystrokes in a small
    file, which is either accessed later or automatically emailed to
    the person monitoring your actions

    Bots / Botnets
    ● Bot: An automated software program (network robot)
    that collects information on the web. In its malicious form,
    a bot is a compromised computer being controlled remotely
    ● Bots are also known as “zombie computers” due to their ability to operate
    under remote direction without their owners’ knowledge.

    ● Botnet: A network of compromised computers under the control of a


    malicious actor.
    ● The attackers that control botnets are referred to as “bot herders”
    or “bot masters.”

    Cybrary Instructor: Ron Woerner 8


    CompTIA Security+ 501

    Backdoor

    ● An undocumented way of accessing a system,


    bypassing the normal authentication mechanisms.

    ● An opening left in a program application (usually by the


    developer) that allows additional access to systems or
    data. These should be closed when the system is
    moved to production.

    RATs (Remote Access Trojans or


    Remote Administration Tools)
    ● Software that remotely gives a person full control a tech device.
    ● Programs that provide the capability to allow covert surveillance or the ability
    to gain unauthorized access to a victim PC.
    ● Provide the capability for an attacker to gain unauthorized remote access to
    the victim machine via specially configured communication protocols or
    backdoors created upon infection
    ○ Often mimic similar behaviors of keylogger applications by allowing the automated collection
    of input data

    ● Examples: SubSeven, Back Orifice, ProRat, Turkojan, and Poison-Ivy

    Cybrary Instructor: Ron Woerner 9


    CompTIA Security+ 501

    Spyware / Adware
    ● Applications that covertly monitors online behavior
    without the user’s knowledge or permission.
    ● Collected data is relayed to outside parties, often for use in
    advertising
    ● Otherwise, does not harm the infected computer, user or data.
    ● There is a line between illegal spyware and legitimate data collection.

    Advanced Persistent Threat (APT)


    ● A set of stealthy and continuous computer hacking processes,
    often orchestrated by a person or persons targeting a specific entity.
    ● Usually targets either private organizations, states, or both for business or
    political motives.
    ● APT processes require a high degree of covertness over a long period of time.
    ○ The "advanced" process signifies sophisticated techniques using malware to exploit
    vulnerabilities in systems.
    ○ The "persistent" process suggests that an external command and control system is
    continuously monitoring and extracting data from a specific target.
    ○ The "threat" process indicates human involvement in orchestrating the attack

    Cybrary Instructor: Ron Woerner 10


    CompTIA Security+ 501

    Exam Preparation
    In your role as a security administrator, a user
    contacts you suspecting that his computer is infected.
    Yesterday he loaded a freeware program to help him
    perform a valid job function. What type of malicious
    software is most likely the cause of the infection?
    A. Rootkit
    B. Ransomware
    C. Trojan
    D. Worm

    Exam Preparation
    What type of malicious software is
    deliberately installed by an authorized user
    and sits dormant until some event invokes its
    malicious payload?

    A. Logic bomb
    B. Spyware
    C. Trojan horse
    D. Armored virus

    Cybrary Instructor: Ron Woerner 11


    CompTIA Security+ 501

    CompTIA Security+
    Domain 1 –
    Threats, Attacks and Vulnerabilities

    1.1 Given a scenario, analyze


    indicators of compromise and
    determine the type of malware

    Cybrary Instructor: Ron Woerner 12

    You might also like