Professional Documents
Culture Documents
Sy0 601 04
Sy0 601 04
Lesson 4 NT
C E
Identifying Social Engineering and
L Malware
N A
SIO
S
OFE
P R
C I S
A
E R
Topic 4A N T
C E
Compare and Contrast Social Engineering
L
Techniques N A
S IO
ES
O F
P R
C I S
A
CompTIA Security+ Lesson 4 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 2
Syllabus Objectives Covered
CompTIA Security+ Lesson 4 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 5
Impersonation and Trust
• Impersonation
E R
• Pretend to be Tsomeone else
E N
• Use the persona to charm or to
L C
intimidate
• A
Exploit situations where
IO N
identity-proofing is difficult
S S • Pretexting
F E • Using a scenario with
S P • Trust
C I • Obtain or spoof data that
A supports the identity claim
CompTIA Security+ Lesson 4 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 6
Dumpster Diving and Tailgating
• Dumpster diving
E R
• Steal documents and media from trash
N T
• Tailgating
C E
• Access premises covertly
A L
• Follow someone else through a door
IO N
• Piggy backing
S S
•
E
Access premises without authorization, but with the knowledge of an
employee F
• R O
Get someone to hold a door open
S P
C I
A
CompTIA Security+ Lesson 4 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 7
Identity Fraud and Invoice Scams
• Identity fraud
E R
• Impersonation with convincing detail and stolen or spoofed
N T proofs
• Identity fraud versus identity theft
C E
• Invoice scams
A L
IO N
• Spoofing supplier details to submit invoices with false account details
• Credential theft and misuse
S S
• Credential harvesting
F E
• Shoulder surfing
• Lunchtime attack R
O
S P
I
AC
CompTIA Security+ Lesson 4 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 8
Phishing, Whaling, and Vishing
A L
• Spear phishing
IO N
• Highly targeted/tailored attack
S S • Whaling
F E • Targeting senior management
R O • Vishing
C I • SMiShing
A • Using text messaging
CompTIA Security+ Lesson 4 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 9
Spam, Hoaxes, and Prepending
• Spam
E R
• Unsolicited email
N T
• Email address harvesting
C E
• Spam over Internet messaging (SPIM)
• Hoaxes A L
• Delivered as spam or malvertising IO N
•
S
Fake A-V to get user to install remote desktop software S
• Phone-based scams
F E
• Prepending
R O
• P
Tagging email subject line
• Can be usedIS
• Can beA
C by threat actor as a consensus or urgency technique
added by mail systems to warn users
CompTIA Security+ Lesson 4 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 10
Pharming and Credential Harvesting
•
A
direct intrusion
Attacks focused on obtaining multiple credentials for single
company
CompTIA Security+ Lesson 4 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 11
Influence Campaigns
CompTIA Security+ Lesson 4 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 16
Computer Worms and Fileless Malware
CompTIA Security+ Lesson 4 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 17
Spyware, Adware, and Keyloggers
• Tracking cookies
E R
• Adware (PUP/grayware)
N T
• E
Changes to browser settings
C
L
• Spyware (malware)
A
IO N
• Log all local activity
P RO • Keylogger
A
Screenshot used with permission from ActualKeylogger.com.
CompTIA Security+ Lesson 4 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 18
Backdoors and Remote Access Trojans
Screenshot used with permission
from Wikimedia Commons by
CCAS4.0 International.
• Backdoor malware
E R
• Remote access trojan (RAT)
N T
• Bots and botnets
C E
• Command & control (C2 or
A L
C&C)
IO N
• Backdoors from
S S
misconfiguration and
F E
unauthorized software
R O
S P
C I
A
CompTIA Security+ Lesson 4 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 19
Rootkits
CompTIA Security+ Lesson 4 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 21
Malware Indicators
CompTIA Security+ Lesson 4 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 22
Process Analysis
Screenshot: Process Explorer docs.microsoft.com/en-us/sysinternals. • Signature-based detection is
failing to identify modern APT-
E R
style tools
N T
• Network and host behavior
C E
L
anomalies drive detection
A
IO N
methods
• Running process analysis
S S
F E • Process Explorer
• Logging activity
P RO • System Monitor
CI S • Network activity
A
CompTIA Security+ Lesson 4 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 23
E R
Lesson 4 N T
C E
Summary L
N A
S IO
ES
O F
P R
C I S
A
CompTIA Security+ Lesson 4 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 24