site_logo

Previous Next


  1. Security+ Practice Tests
  2. Security+ Cram Notes
  3. Network+ Practice Tests

Systems and Security : Attacks, Threats, and Vulnerabilities

1.2 Malware attacks

Password attacks

1. Spraying
2. Dictionary
3. Brute force Offline/Online
4. Rainbow table
5. Plaintext/unencrypted

1. Spraying: Password spraying is a technique used by attackers to try a few commonly used passwords against many different accounts, rather than trying many different passwords against a single account. This approach is designed to avoid account lockouts and detection by intrusion detection systems.

2. Dictionary: A dictionary attack is a type of password attack that uses a pre-compiled list of common passwords, known as a dictionary, to attempt to crack a password. The attacker systematically tries each password in the dictionary until the correct one is found.

3. Brute Force: Brute force is a type of password attack that involves trying every possible combination of characters until the correct password is found. This approach is time-consuming and computationally intensive, but can be effective if the password is short or not complex.

1. Offline: An offline password attack involves cracking a password without being connected to the target system. This is typically done by acquiring a copy of the password file or hash and using a cracking tool to try to determine the original password.

2. Online: An online password attack involves attempting to crack a password by connecting to the target system and attempting to authenticate using different passwords. This type of attack is often used to try to gain access to an account without the user's knowledge.

4. Rainbow Table: A rainbow table is a pre-computed table of hashes and their corresponding passwords, used to speed up password cracking. This approach can be effective if the hashes were not properly salted, which adds random data to the password before it is hashed, making it more difficult to crack.

Note: Salting is a technique used in cryptography to enhance the security of password storage and authentication. It involves adding random data, known as a salt, to a password before it is hashed (encrypted). The salt is then stored along with the hashed password, and is used during the authentication process to verify the user's password.

The purpose of salting is to make it more difficult for an attacker to perform dictionary attacks or rainbow table attacks, which are techniques used to crack encrypted passwords by comparing the hashes of millions of words or pre-computed hashes to the hashed password. By adding a unique salt to each password, it becomes much more difficult for an attacker to generate a matching hash, as they would need to pre-compute hashes for each possible salt value.

Salting is an important aspect of secure password storage and should be implemented in conjunction with other security measures, such as using strong encryption algorithms and regularly monitoring systems for signs of compromise.

5. Plaintext/Unencrypted: A plaintext or unencrypted password attack involves accessing a password in its original, unencrypted form. This can occur if the password is stored in clear text in a file or database, or if it is transmitted over the network without being encrypted.

Physical attacks

1. Malicious Universal Serial Bus (USB) cable
2. Malicious flash drive
3. Card cloning
4. Skimming

1. Malicious Universal Serial Bus (USB) Cable: A malicious USB cable is a hardware device that appears to be a normal USB cable, but has been modified to contain malicious software or hardware components. When the cable is connected to a computer, the attacker can remotely access the computer and install malware or steal sensitive information.

2. Malicious Flash Drive: A malicious flash drive is a removable storage device that has been infected with malware. When the flash drive is connected to a computer, the malware is automatically executed and can spread to other systems on the network.

3. Card Cloning: Card cloning is a type of physical attack that involves using a device, such as a skimming device, to steal the information from the magnetic strip of a credit or debit card. The attacker can then use this information to create a duplicate card and steal money from the victim's bank account.

4. Skimming: Skimming is a type of physical attack that involves using a device, such as a card skimmer, to steal the information from the magnetic strip of a credit or debit card. The attacker can then use this information to create a duplicate card and steal money from the victim's bank account. Skimming devices can be placed on ATMs, gas pumps, and other card readers to steal information from unsuspecting users.

Note: A card skimmer is a type of malicious device used to steal credit card or debit card information from unsuspecting victims. Card skimmers are usually placed on ATMs, gas pumps, or other payment terminals, and they capture the magnetic stripe data from a user's card as it is being inserted into the machine. The captured data can then be used to make fraudulent purchases or to clone the victim's card.

There are various types of card skimmers, including internal skimmers that are hidden inside the payment terminal, external skimmers that are placed over the card slot, and Bluetooth skimmers that can wirelessly transmit the stolen data to the attacker.

To protect against card skimming, individuals should be wary of unusual devices or attachments on payment terminals, cover the keypad when entering their PIN, and regularly check their bank and credit card statements for unauthorized transactions. Additionally, merchants and organizations should regularly inspect their payment terminals for signs of tampering, implement encryption and other security measures to protect card data, and promptly report any suspicious activity to the authorities.

Previous Next




simulationexams.com ad

certexams.com ad