Comptia Security+ Guide To Network Security Fundamentals, Sixth Edition
Comptia Security+ Guide To Network Security Fundamentals, Sixth Edition
Comptia Security+ Guide To Network Security Fundamentals, Sixth Edition
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use
as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for
classroom use. 1
Objectives
2.1 Define malware
2.2 List the different types of malware
2.3 Identify payloads of malware
2.4 Describe the types of psychological social
engineering attacks
2.5 Explain physical social engineering attacks
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain
product or service or otherwise on a password-protected website for classroom use.
Jobs - Who Needs to Understand Malware
• Malware analysts
Analyze malware
• Incident responders
Detect security events, mitigate damage, document
• Forensic analysts
Investigate security events (for possible legal action)
• Threat intelligence analysts
Determine threats to an organization
• All infosec professionals
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 3
Jobs - Who Needs to Understand Social
Engineering Attacks
System administrators
A favorite target of attackers
Executives, senior leaders
Also favorite targets
All employees
Incident responders
Detect security events, mitigate damage, document
Threat intelligence analysts
Determine threats to an organization
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 4
Brian Krebs – “Scrap Value of a Hacked PC”
https://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/
© Cengage Learning 2015 5
Insecurity of Systems
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 7
Attacks Using Malware (2 of 2)
• Malware can be classified by the using the primary attributes that the
malware possesses:
• Circulation - spreading rapidly to other systems in order to impact a
large number of users
• Infection - how it embeds itself into a system
• Concealment - avoid detection by concealing its presence from
scanners
• Payload capabilities - what actions the malware performs
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 8
Malware Types
• Differentiated and classified by behavior
– Not by any genetic traits, unlike biological
viruses
• Many pieces of malware exhibit multiple traits
• Hijacker, Trojan, Downloader, Dropper, Rootkit,
Backdoor, Spammer, Stealer, Botnet, Scareware,
Malware Construction Kit, Virus, Worm
– Peter Szor, The Art of Computer Virus Research
and Defense
© Cengage Learning 2015 9
Virus (1 of 6)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 10
Virus (2 of 6)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 11
Virus (3 of 6)
• Most viruses today go to great lengths to avoid detection (called an armored virus)
• Some armored virus infection techniques include:
• Swiss cheese infection - viruses inject themselves into executable code
- Virus code is “scrambled” to make it more difficult to detect
• Split infection - virus splits into several parts
- Parts placed at random positions in host program
- The parts may contain unnecessary “garbage” doe to mask their true purpose
• Mutation – some viruses can mutate or change
- An oligomorphic virus changes its internal code to one of a set of number of
predefined mutations whenever executed
- A polymorphic virus completely changes from its original form when executed
- A metamorphic virus can rewrite its own code and appear different each time it
is executed
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 12
Virus (4 of 6)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 13
Virus (5 of 6)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 14
© Cengage Learning 2015
Virus (6 of 6)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 17
Worm (2 of 2)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 18
© Cengage Learning 2015
Trojans
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 20
Ransomware (1 of 3)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 21
Ransomware (2 of 3)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 22
Ransomware (3 of 3)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 23
Crypto-malware (1 of 2)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 24
Crypto-malware (2 of 2)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 25
Concealment (1 of 2)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 26
Concealment (2 of 2)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 27
Payload Capabilities
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 28
Collect Data (1 of 6)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 29
Collect Data (2 of 6)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 30
Collect Data (3 of 6)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 31
Collect Data (4 of 6)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 32
Collect Data (5 of 6)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 33
Collect Data (6 of 6)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 34
Collect Data
• PUP – Potentially Unwanted Program
– Technically legal
– Often installed along with another program
• E.g. SourceForge DevShare bundling program
– Sometimes installed at the PC/tablet/smartphone
factory
• Economics thereof
– PUPs often monetize through adware-like
behavior
© Cengage Learning 2015 35
Delete Data
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 36
Modify System Security
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 37
Launch Attacks (1 of 2)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 38
Launch Attacks (2 of 2)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 39
Zero-Day Vulnerabilities
• A previously unknown vulnerability
• The software vendor has no patch (because the
vendor is unaware of the vulnerability)
• The most powerful and valuable attack available
– No defense exists
– Often undetectable
• Often very valuable, highly prized
– Bounty programs
– Zerodium, Hacking Team
© Cengage Learning 2015 40
Social Engineering Attacks
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 41
Psychological Approaches
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 42
Impersonation
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 43
Phishing (1 of 2)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 44
Phishing (2 of 2)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 45
Vishing (Voice Phishing)
© Cengage Learning 2015 46
Spam (1 of 2)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 47
Spam (2 of 2)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 48
Kaspersk y: Percentage of spam in global email traffic
2016 Q4 to 2017 Q1
© Cengage Learning 2015
Spam -
How Successful Is It?
• RX Limited and Paul LeRoux
– 2003 – 2012
– Network of American doctors and pharmacies
– Estimated at least $200 Million in prescription
sales
– 1,000 employees at 10 call centers in Israel and
the Philippines
– Domain registrar ABSystems
– https://magazine.atavist.com/the-mastermind
© Cengage Learning 2015 50
Hoaxes
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 51
Watering Hole Attack
• Watering hole attack - a malicious attack that is
directed toward a small group of specific individuals
who visit the same website
• Examples:
– 2014 – CrowdStrike alleges Russian gov’t campaign
against Western oil and gas companies, energy
investment firms
– 2012 – Council on Foreign Relations website –
Adobe Flash, IE 6-8 zero day
– Political dissident websites
© Cengage Learning 2015 52
© Cengage Learning 2015
Physical Procedures
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 54
Dumpster Diving (1 of 2)
• Dumpster diving
• Digging through trash to find useful information
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 55
Dumpster Diving (2 of 2)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 56
Tailgating
• Tailgating
• Following behind an authorized individual through an access door
• An employee could conspire with an unauthorized person to allow him
to walk in with him (called piggybacking)
• Watching an authorized user enter a security code on a keypad is
known as shoulder surfing
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 57
Development of Exploits
© Cengage Learning 2015 58
Learn More
CNIT 126 – Practical Malware Analysis, taught
by Sam Bowne
Virus Bulletin newsletter:
https://www.virusbulletin.com/newsletter/
Kaspersky Lab SecureList
https://securelist.com/
© Cengage Learning 2015 59
Chapter Summary (1 of 2)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 60
Chapter Summary (2 of 2)
© 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 61