What are the most common endpoint threats and attack technique?
The most common endpoint threats and attack techniques are:
PORTABLE EXECUTABLES
Malware - Malicious software programs.
Packed Files/Polymorphism - Malware that has been modified to make it harder to identify.
Potentially Unwanted Applications (PUA) - Applications that are technically not malware, but they are not something you want to run on your machine (adware).
RANSOMWARE
File Encryptors - The most common type of ransomware, this encrypts the victim’s files and holds them to ransom.
Disk Encryptors and Wipers - Encrypts the victim's entire hard drive (not just the files) or wipes the hard drive completely.
DOCS AND SCRIPTS
Weaponized Documents - Typically, a Microsoft Office program that has been crafted or modified to cause damage.
Malicious Scripts - Malicious code often hidden in legitimate programs and websites.
EXPLOITS
ACTIVE ATTACKS
Credential Theft - Stealing authentication information to gain access to sensitive data.
Privilege Escalation - Methods used by attackers to gain additional access to a system.
Code Caves - Technique where attackers modify legitimate software to hide a malicious application.
FALSE POSITIVES