As I mentioned, I am preparing for the CompTIA Security+ exam and making many notes on this page for future reference. The second sub-topic was named: Given a scenario, analyze potential indicators to determine the type of attack. 

This sub-topic will contain a lot of material about Malware, password attacks, physical attacks, AI, supply-chain attacks, cloud-based vs. on-premises attacks, and cryptographic attacks. 

Malware

Ransomware

Malware that takes over a computer and then demands a ransom. Quite a widespread malware type these days. I still remember the NotPetya debacle and how it ripped throughout the world. Andy Greenberg wrote a fascinating article about it in Wired magazine. The best way to fight this type of malware is to have a good backup strategy.

Trojans

Malware that pretends to be legitimate software. An unsuspecting individual might run it, thus providing a path into his machine. There is also another type of Trojan. Remote access Trojans (RATs) that come with remote access to systems capabilities. The best way to fight this type of malware is to provide security awareness. For example, encourage users not to download untrusted software. Antimalware tools are also a great hedge against Trojans.

Worms

With a Trojan, you need user interaction. But unfortunately, worms can spread themselves without it. Worms can apply in a variety of ways. For example, email attachments, network file shares, etc. The most known worm is called Stuxnet. The worm targeted the Iranian nuclear program and copied itself to thumb drives to bypass air-gapped computers. Once inside the nuclear facilities, it destroyed centrifuges and caused damage that slow downed the Iranian nuclear program.

Potentially Unwanted Programs (PUPs)

Not as dangerous as other types of malware but is still annoying to the user. PUPs get installed unbeknownst to the user. It’s easy to remove them with antivirus or antimalware software. User awareness helps to prevent accidental installs of PUPs.

Fileless virus

These types of viruses are similar to other viruses. Infection methods are spam emails and malicious websites. Once they enter the system, they inject themselves into memory (RAM) and continue their malicious activity. The most important feature of this virus is the ability to survive throughout restart. Companies and people can combat Fileless viruses in various ways. For example, having an excellent antimalware program, software update policy, and IPS.

Command and Control

C&C servers are the most crucial aspect of the botnet. They give instructions to bots, and they control them.

Bots

Bots are remotely controlled computers by malicious actors. Bad people can use them for nefarious purposes. People who use these computers don’t know they are infected and controlled. The control of these computers happens thanks to C&C servers.

However, it’s not the only way to control a botnet. The peer-to-peer botnet control model is harder to deal with it. C&C servers are a single point of failure. P2P is not.

There are various tools to deal with botnets. For example, NDR constantly monitors the traffic on a network level. EDR can help as well.