Vectors of Infection

00:01

Hey, guys, Welcome to another episode of the S S C P Exam prep series.

00:06

I'm Euros Peter Simple in. This is going to be the second lesson in the seventh to me.

00:12

So far in this domain, we've taken a look at the C I A triad and how it applies the Mount Code. And now, finally, in this lesson, we will take a look at vectors of infection. So we'll look at the different paths that malware takes to trying to break into your system and network.

00:32

Let's go

00:33

started.

00:34

The vector is where Malko ood comes from. Its how an infection happens. It's the process that malware takes to inflict damage on yourself, any applications or systems or in your networking organization. Now there

00:51

are tons and tons of different methods or vectors off infection.

00:57

But there's a few that are more common than others. There's a fuel, and I have a really high rate of success. Unfortunately, on the first is social engineering. This is simply where an attacker tricks of victim into doing things or giving information.

01:15

There are several different kinds of social engineering. The 1st 1 is baiting. So this is how you attract victims by dangling something in front of them and somewhere to the whole carrot on a stick with a horse, where you give them an opportunity that we ruined. Great for them. And so

01:34

as a result, victims come after this opportunity, and then you can manipulate them however you want.

01:40

There's also a fishing, which is a combination of phone fishing, which is which uses a room interactive response. Ivy our system to create a legitimate sounding copy off a bank or some other organization that uses the ivy. Our system. If that computer automated voice

02:00

you know that says hello, your account has been hacked,

02:04

please call this number immediately to speak with our fraud department. This and then from there, they try to trick you into giving passwords. Now there's also pretexting. This is the social engineering attack in person where someone tries to impersonate on authority figure.

02:21

It also would pro quo, which is a request for information in exchange for

02:27

compensation. Now, this is kind of considered fishing in the sense that you are tricking an individual to give you information for money.

02:37

Anders Tailgating is when you fall someone into a restricted area It's like you wait outside the door and you're waiting for someone to walk on, open the door and walk in. And then when they do that, you just a weight on that door and then you follow them on it.

02:53

Manipulating file extensions is another successful way that Attackers can use to in in fact, your system or computer. The problem file extensions is that they could be up to 255 characters long, which is a problem because when file names are really, really long,

03:14

they get

03:15

abbreviated with three dots on, thus concealing the true extension off the file. Now, with file extensions on Lee, the last file extension actually counts everything else Can Maur left be considered part off the following? So in the first example, we have a spreadsheet dot

03:34

excellent ***

03:36

about docks.

03:37

Now this is a longer soft word document,

03:38

but if you weren't paying attention, you might think it's an Excel spreadsheet. Now. Ln a lot of computers, common, viable extensions are hidden by default.

03:50

So in the case off this happening, where the extensions are hidden, you would just see spread. She got SLX *** and think it's a mugger. Soft spreadsheet.

04:01

Now you might say, Oh, you know, Hey, look, the icon. It has a little blue w instead of, you know, the green for my Result XL. But a final icons can be changed to very, very easily,

04:12

so it's very important to be careful with a long file extensions and double file extensions. Make sure you have file extensions showing for every single document. And remember, only the last file extension is the one that truly counts.

04:27

Insider threats. Insider threats are members that belong to your organization who want to do you harm. This is one of the most difficulty vectors of infection to pick up one specifically because you're getting attacked from the inside out. So common insider threat patterns

04:46

remote access it on times

04:48

unneeded copying of material and working weird hours without authorization and without for good reason.

04:57

Countermeasures definitely include monitoring logs. You want to control all kinds of access and data downloads and want to protect critical information as much as possible

05:08

when it comes to insider threats. If you see something, you should say something because it's so easy to overlook members of your organization who might try to be doing you harm. They are the epitome of a wolf in sheep's clothing

05:24

fishing, the attempt to acquire sensitive information by masquerading as a trustworthy. And

05:30

now there's two common types are general fishing and spear fishing, and most fishing is done through email.

05:39

So in these two examples, we're gonna look at fishing and spearfishing. The names have been blotted out to protect the innocent.

05:47

So in the top left, email is an example of a common phishing attack. This is general fishing, a CZ. You can see the whole. The whole email has been very, very generalized. A CZ you can see. It starts out with dear customer. No, no, one specific

06:08

dear customer.

06:09

And without anything, she says. Here's the invoice for this amount of money. Hey, let's let's pay this morning

06:15

Now you might be expecting an invoice. You might not, but this should set off some alarms. Usually, if you're receiving an invoice from a company or organization, you've done business with them before, so they will most likely use your first name

06:31

or they will sign it with someone. We're with the name that you recognize

06:35

also, as you can see from The data is dated September 28th 2018 on the invoices due on October 2nd 2018.

06:47

So you only have a couple they used to pay it, and that's just set off. Flags to the goal is that want you to panic and pay it immediately. So we're really you really have usually 15 30 days. You know, plenty of time to paint in boys. You shouldn't have to pay it right away like that.

07:05

The second type of fishing is spear fishing. Now this beer phishing email is directed to the payroll manager, often organization, and it's signed by an employee. So it says, Hi, blank.

07:21

I changed my bank account, and I'd like to change my paycheck. You know, direct deposit details. Can the change to be effective

07:29

for the current pay? Be now. This is a spear phishing attack because it is directly be is being sent directly to someone who is in charge of managing direct deposit details I sent to the payroll manager pretending that it's from another employee within the same organization.

07:48

Bots.

07:49

Baht net is an army of compromised machines that are under the command and control off a Bott. Master

07:57

s o. The way this works is bots. In fact, computers and you have different pieces off hardware and software, and they can do d bidding they These pieces of malware do the bidding off the baht master and therefore these.

08:16

These computers are now under the control of the Bader master, and they can be used for many different things. Things such as the da's spyware, I then the theft and where

08:30

email, spamming and fishing.

08:31

So the way to get around this is to data monitoring an anomaly detection. If you see something weird on your Internet or you on your network, you might want to step up your defenses and be prepared for something that could happen.

08:50

In today's lecture, we discussed factors of infection.

08:56

Quiz time.

08:56

What kind of file is the following document?

09:00

Is it a a tax file?

09:01

Be spreadsheet file,

09:03

Sea executed, Will file or d pdf file.

09:09

If you said d pdf file, then you are correct. Remember, with file extensions on Lee, the last file extension counts. The rest of them are treated as being part of the file name and is always file extensions could be up to 255 characters.