Sy0 601 04

E R
Lesson 4 NT
C E
Identifying Social Engineering and
L Malware
N A
SIO
S
OFE
P R
C I S
A
E R
Topic 4A N T
C E
Compare and Contrast Social Engineering
L
Techniques N A
S IO
ES
O F
P R
C I S
A
CompTIA Security+ Lesson 4 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 2
Syllabus Objectives Covered
• 1.1 Compare and contrast different types of social engineering

E R
techniques
N T
C E
A L
IO N
S S
F E
R O
S P
C I
A
Social Engineering
• “Hacking the human”

E R
• Purposes of social engineering
N T
• Reconnaissance and eliciting information
C E
• Intrusion and gaining unauthorized access
A L
• Many possible scenarios
IO N
• Persuade a user to run a malicious file
S S
•
E
Contact a help desk and solicit information
F
•
O
Gain access to premises and install a monitoring device
R
S P
C I
A
Social Engineering Principles
• Reasons for effectiveness

E R
• Familiarity/liking
N T
• Establish trust
C E
• Make request seem reasonable and natural
A L
• Consensus/social proof
IO N
• Exploit polite behaviors
S S
•
E
Establish spoofed testimonials or contacts
F
• O
Authority and intimidation
R to refuse
• Exploit lackIS
P
• Make the target afraid
of knowledge or awareness
• Scarcity A
andCurgency
• Rush the target into a decision
Impersonation and Trust
• Impersonation
E R
• Pretend to be Tsomeone else
E N
• Use the persona to charm or to
L C
intimidate
• A
Exploit situations where
IO N
identity-proofing is difficult
S S • Pretexting
F E • Using a scenario with
R O convincing additional detail
S P • Trust
C I • Obtain or spoof data that
A supports the identity claim
Dumpster Diving and Tailgating
• Dumpster diving
E R
• Steal documents and media from trash
N T
• Tailgating
C E
• Access premises covertly
A L
• Follow someone else through a door
IO N
• Piggy backing
S S
•
E
Access premises without authorization, but with the knowledge of an
employee F
• R O
Get someone to hold a door open
S P
C I
A
Identity Fraud and Invoice Scams
• Identity fraud
E R
• Impersonation with convincing detail and stolen or spoofed
N T proofs
• Identity fraud versus identity theft
C E
• Invoice scams
A L
IO N
• Spoofing supplier details to submit invoices with false account details
• Credential theft and misuse
S S
• Credential harvesting
F E
• Shoulder surfing
• Lunchtime attack R
O
S P
I
AC
Phishing, Whaling, and Vishing
• Trick target into using a malicious

E R
resource
N T
and sites C E
• Spoof legitimate communications
A L
• Spear phishing
IO N
• Highly targeted/tailored attack
S S • Whaling
F E • Targeting senior management
R O • Vishing
S P • Using a voice channel
C I • SMiShing
A • Using text messaging
Spam, Hoaxes, and Prepending
• Spam
E R
• Unsolicited email
N T
• Email address harvesting
C E
• Spam over Internet messaging (SPIM)
• Hoaxes A L
• Delivered as spam or malvertising IO N
•
S
Fake A-V to get user to install remote desktop software S
• Phone-based scams
F E
• Prepending
R O
• P
Tagging email subject line
• Can be usedIS
• Can beA
C by threat actor as a consensus or urgency technique
added by mail systems to warn users
Pharming and Credential Harvesting
• Passive techniques have less risk of detection

E R
• Pharming
N T
• Redirection by DNS spoofing
C E
• Typosquatting
A L
•
•
Use cousin domains instead of redirection
Make phishing messages more convincing
IO N
• Watering hole
S S
• Target a third-party site
F E
• O
Customer, supplier, hobbies, social media...
R
• Credential harvesting
S P
C I
• Attacks focused on obtaining credentials for sale rather than
•
A
direct intrusion
Attacks focused on obtaining multiple credentials for single
company
Influence Campaigns
• Sophisticated threat actors using multiple resources to change

E R
opinions on a mass scale
N T
• Soft power
C E
• Leveraging diplomatic and cultural assets
A L
• Hybrid warfare
IO N
•
S
Use of espionage, disinformation, and hacking
S
• Social media E
F bot accounts
•
O
Use of hacked accounts
Spread rumor and R
and
•
S P reinforce messaging
I
AC
E R
Topic 4B N T
C E
Analyze Indicators of Malware-based
L Attacks
N A
S IO
S
O FE
P R
C I S
A
Syllabus Objectives Covered
• 1.2 Given a scenario, analyze potential indicators to determine the

E R
type of attack
N T
• 4.1 Given a scenario, use the appropriate tool to assess
C E
organizational security (Cuckoo only)
A L
IO N
S S
F E
R O
S P
C I
A
Malware Classification
• Classification by vector or infection method

E R
• Viruses and worms
N T
• Spread within code without authorization
C E
• Trojans
A L
• A malicious program concealed within aN benign one
• S IO
Potentially unwanted programs/applications (PUPs/PAPs)
• Pre-installed “bloatware” orE S alongside another app
installed
O F but installation may be covert
• Not completely concealed,
P R
• Also called grayware
• S
Classification Iby payload
AC
Computer Viruses
• Rely on some sort of host file or

E R
media
N T
• Non-resident/file infector
C E
• Memory resident
A L
•
•
Boot
Script/macro IO N
• Multipartite S S
• Polymorphic F E
• Vector for delivery R O
S P
C I
A Screenshot used with permission from Microsoft.
Computer Worms and Fileless Malware
• Early computer worms

E R
• Propagate in memory/over network links
N T
• Consume bandwidth and crash process
C E
• Fileless malware
A L
• Exploiting remote execution and memory
IO
• May run from an initial script or Trojan
N residence to deliver payloads
• Persistence via the registry S

S
F
• Use of shellcode to create
E
backdoors and download additional tools
R
• “Living off the land”
O
exploitation of built-in scripting tools
• S
Advanced persistent
P threat (APT)/advanced volatile threat (AVT)/
I
AC characteristics (LOC)
low observable
Spyware, Adware, and Keyloggers
• Tracking cookies
E R
• Adware (PUP/grayware)
N T
• E
Changes to browser settings
C
L
• Spyware (malware)
A
IO N
• Log all local activity
S S • Use of recording devices and

screenshots
F E • Redirection
P RO • Keylogger
CI S • Software and hardware
A
Screenshot used with permission from ActualKeylogger.com.
Backdoors and Remote Access Trojans
Screenshot used with permission
from Wikimedia Commons by
CCAS4.0 International.
• Backdoor malware
E R
• Remote access trojan (RAT)
N T
• Bots and botnets
C E
• Command & control (C2 or
A L
C&C)
IO N
• Backdoors from
S S
misconfiguration and
F E
unauthorized software
R O
S P
C I
A
Rootkits
• Local administrator versus SYSTEM/root privileges

E R
• Replace key system files and utilities
N T
• Purge log files
C E
• Firmware rootkits
A L
IO N
S S
F E
R O
S P
C I
A
Ransomware, Crypto-Malware, and Logic
Bombs
• Ransomware
E R
• Nuisance (lock out user by
N T
replacing shell)
C E
• Crypto-malware
A L
• High impact ransomware
(encrypt data files or drives) IO N
• Cryptomining/crypojacking S S
• Hijack resources to mineF E
cryptocurrency
R O
• Logic bombs
S P
I
AC Image by Wikimedia Commons.
Malware Indicators
• Browser changes or overt ransomware notification

E R
• Anti-virus notifications
N T
• Endpoint protection platforms and next-gen A-V
C E
• Behavior-based analysis
A L
• Sandbox execution
IO N
• Cuckoo
S S
• Resource utilization/consumption
F E
• O
Task Manager and top
R
• P
File system changes
• Registry IS
• Temp A C
files
Process Analysis
Screenshot: Process Explorer docs.microsoft.com/en-us/sysinternals. • Signature-based detection is
failing to identify modern APT-
E R
style tools
N T
• Network and host behavior
C E
L
anomalies drive detection
A
IO N
methods
• Running process analysis
S S
F E • Process Explorer
• Logging activity
P RO • System Monitor
CI S • Network activity
A
E R
Lesson 4 N T
C E
Summary L
N A
S IO
ES
O F
P R
C I S
A

Sy0 601 04

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Sy0 601 04

Uploaded by

Copyright:

Available Formats

E R

• 1.1 Compare and contrast different types of social engineering

• “Hacking the human”

• Reasons for effectiveness

R O convincing additional detail

• Trick target into using a malicious

S P • Using a voice channel

• Passive techniques have less risk of detection

• Sophisticated threat actors using multiple resources to change

• 1.2 Given a scenario, analyze potential indicators to determine the

• Classification by vector or infection method

• Rely on some sort of host file or

• Early computer worms

• Persistence via the registry S

S S • Use of recording devices and

CI S • Software and hardware

• Local administrator versus SYSTEM/root privileges

• Browser changes or overt ransomware notification

You might also like