What are the most common endpoint threats and attack technique?

Question

Please log in or register to answer this question.

JackTerrance · Answer 1 · 2020-10-24T08:46:16+0000

The most common endpoint threats and attack techniques are:

PORTABLE EXECUTABLES
- Malware - Malicious software programs.
- Packed Files/Polymorphism - Malware that has been modified to make it harder to identify.
- Potentially Unwanted Applications (PUA) - Applications that are technically not malware, but they are not something you want to run on your machine (adware).

RANSOMWARE
- File Encryptors - The most common type of ransomware, this encrypts the victim’s files and holds them to ransom.
- Disk Encryptors and Wipers - Encrypts the victim's entire hard drive (not just the files) or wipes the hard drive completely.
DOCS AND SCRIPTS
- Weaponized Documents - Typically, a Microsoft Office program that has been crafted or modified to cause damage.
- Malicious Scripts - Malicious code often hidden in legitimate programs and websites.

EXPLOITS
- Exploit-based Attacks - Attackers use techniques to take advantage of software bugs and vulnerabilities, to gain access and control a victim's computer.

ACTIVE ATTACKS
- Credential Theft - Stealing authentication information to gain access to sensitive data.
- Privilege Escalation - Methods used by attackers to gain additional access to a system.
- Code Caves - Technique where attackers modify legitimate software to hide a malicious application.
FALSE POSITIVES
- Anti-malware solutions may incorrectly identify legitimate software as malicious, impacting the end-user's ability to work.