Threat actors range from script kiddies with little expertise to well-funded nation states. Malware types include viruses, worms, Trojans, ransomware and more. Common attacks are phishing, spear phishing, whaling, and privilege escalation. Organizations block malware using tools like antivirus software, firewalls, spam filters and user education on threats.

1. Chapter 6
Comparing Threats,
Vulnerabilities, and
Common Attacks
CompTIA Security+
Get Certified Get Ahead
1

2. Introduction
• Understanding threat actors
• Determining malware types
• Recognizing common attacks
• Blocking malware and other
attacks
• Educating users

3. Threat
Actors
• Open-source intelligence
– Info freely available (such as from
web sites and social media)
• Script kiddie
– Little expertise, sophistication, or
funding
• Hacktivist
– Part of an activist movement
• Insider
– Employee (can become a malicious
insider)
• Organized crime
– Typically motivated by money
• Competitor

4. Threat
Actors
• Nation state/advanced
persistent threat (APT)
– Identify a target and persistently
attack until they gain access
– Often remain in network for months
or years
– China APT1
– Russia APT 28 (Fancy Bear)
– Russia APT 29 (Cozy Bear)

5. Determining
Malware
Types
• Viruses
– Replication mechanism
– Activation mechanism
– Payload mechanism

6. Determining
Malware
Types
• Worms
– Self replicating
• Logic bombs
– Executes in response to an event
• Backdoors
– Provides an alternate method of
access
– Many types of malware create
backdoors

7. Understanding
Malware
• Trojan Horse
– Appears to be useful but is malicious
– Pirated software, rogueware, or games
– Also infect systems via USB drives
• Drive-by downloads
– Attackers compromise a web site to gain
control of it
– Attackers install a Trojan embedded in the
web site’s code
– Attackers attempt to trick users into visiting
the site
– When users visit, the web site attempts to
download the Trojan onto the users’
systems
• Remote access Trojan (RAT)

8. Determining
Malware
Types
• Ransomware
– Takes control of user’s system
– Typically encrypts user’s data
– Attempts to extort payment

9. Determining
Malware
Types
• Keylogger
– Capture’s keystrokes
• Spyware
– Can access a user’s private data and
result in loss of confidentiality
• Adware
– Pop-ups that market products to users
– Blocked with pop-up blockers

10. Bots and
Botnets
• Bots – software robots
• Botnets
– Controlled by criminals (bot herders)
– Manage command and control centers
– Malware joins computers to robotic
network
• Zombies or clones
– Computers within botnet
– Join after becoming infected with malware

11. Determining
Malware
Types
• Rootkits
– System level or kernel access
– Can modify system files and system access
– Hide their running processes to avoid
detection with hooking techniques
– File integrity checker can detect modified
files
– Inspection of RAM can discover hooked
processes

12. Social
Engineering
• Flattery and conning
• Assuming a position of authority
• Encouraging someone to:
– Perform a risky action
– Reveal sensitive information
• Impersonating
• Tailgating

13. Social
Engineering
• Impersonating
– Such as an authorized technician
• Shoulder Surfing
– Can be in person looking at a computer
– Can be with a remote camera
• Tricking users with hoaxes

14. Social
Engineering
• Tailgating
– Closely following authorized personnel
without providing credentials
– Mitigated with mantraps
• Dumpster diving
– Searching through trash looking for
information
– Mitigated by shredding or burning papers

15. Social
Engineering
• Watering hole attack
– Attacker identifies websites trusted by
group of users
– Attacker infects these websites
– Users go to infected (but trusted) websites
– Prompted to download files

16. Recognizing
Other Attacks
• Spam – unwanted email
• Phishing – malicious spam
– Attempt to trick users into revealing
sensitive or personal information
– Links within email can also lead
unsuspecting users to install malware
– Often spoof email address with your friend’s
names
– Phishing to Validate E-mail Addresses
– Phishing to Get Money
$$$

17. Recognizing
Other Attacks
• Spear phishing
– Targets specific groups of users
– Could target employees within a company
or customers of a company
• Whaling
– Targets high-level executives
– Digital signatures provide assurances to
recipients about who sent an email
– Digital signatures can reduce the success
of spear phishing and whaling
• Vishing – Uses phone or VoIP

18. One Click Lets Them In

19. Privilege
Escalation
• Occurs when a user or process
accesses elevated rights and
permissions
• Attackers attempt to gain more
privileges
• Malware attempts to gain more
privileges
• Administrators have two accounts
– One account for regular use
– One for administrative use
– Goal is to mitigate privilege escalation
attempts

20. Blocking
Malware
• Spam filter on mail gateways
• Anti-malware software on mail
gateways
• Anti-malware software on all systems
• Block at boundaries
– Firewalls
– UTM systems

21. Blocking
Malware
• Antivirus software
– Signature-based detection
• Detects known malware based
on signature definitions
• Heuristic-based detection
– Detects unknown malware based
on behavior
• Checking file integrity with hashes
• Data execution prevention (DEP)

22. Blocking
Malware
• Advanced malware tools
– AMP
• Spam filters can block spam
– Network-based spam filters block into
network
– End-user spam filters restrict
spam on user’s system

23. Educating
Users
• Helps prevent incidents
• Educating users about
– New viruses
– Phishing attacks
– Zero-day exploits

24. Best Practices
• Don’t click on links within emails from
unknown sources
• Don’t open attachments from
unknown sources
• Be wary of free downloads from the
Internet
• Limit information you post on social
media sites
• Back up your data regularly
• Keep computer up to date with
current patches
• Keep antivirus software up to date

25. Why Social
Engineering
Works
• Authority
• Intimidation
• Consensus/Social Proof
• Scarcity
• Urgency
• Familiarity/Liking
• Trust

26. Chapter 6
Summary
• Understanding threat actors
• Determining malware types
• Recognizing common attacks
• Blocking malware and other attacks
• Educating users