DDoS & Malicious Code Attacks | CompTIA Security+ SY0-601 | 1.4c

In this video you will learn about DDoS attacks such as: network DDoS, application DDoS, & operational technology. You will also learn about malicious code attacks such as: PowerShell, Python, Bash, & Visual Basic for Applications.

Distributed Denial-of-Service (DDoS)

A DDoS attack is a cyber attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network.  Denial of service is typically accomplished by flooding the targeted machine or resource with an overabundant amount of requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.[1]  In a distributed denial-of-service attack, the incoming traffic flooding the victim originates from many different sources.  This effectively makes it impossible to stop the attack simply by blocking a single source.[2]  There are 3 types of DDoS attacks you need to be concerned with in regards to the CompTIA Security+ SY0-601 certification exam:[3]

  • Network DDoS:  aim to target network infrastructure resources such as bandwidth, CPU, & memory utilization of the underlying network infrastructure.
  • Application DDoS:  target the resources of Layer 7 applications & often leverages known vulnerabilities against specific software.
  • Operational Technology (OT):  hardware & software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events.[4]  Threat actors are always trying to find ways to launch DoS attacks against OT environments and critical infrastructure.[3]

Malicious Code or Script Execution

Malicious code is the kind of harmful computer code or web script designed to create system vulnerabilities leading to back doors, security breaches, information & data theft, and other potential damages to files and computing systems.  It’s a type of threat that may not be blocked by antivirus software on its own.  Not all antivirus protection can treat certain infections caused by malicious code, which is different from malware.  Malware specifically refers to malicious software, but malicious code includes website scripts that can exploit vulnerabilities in order to upload malware.[5]  Some of the malicious code or script languages that attackers have used to perform enumeration, create exploits, & employ post exploitation techniques are:

  • PowerShell:  a task automation & configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language.
  • Python:  an interpreted high-level general-purpose programming language designed to emphasize code readability with its use of significant indentation.
  • Bash:  a Unix shell command processor that typically runs in a text window where the user types commands that cause actions.  Bash can also read & execute commands from a file, called a shell script.
  • Visual Basic for Applications (VBA):  an event-driven programming capability in Microsoft operating systems and applications.  When code is written using VBA, the code is compiled to a Microsoft proprietary pseudocode.  Applications such as Excel, Word, PowerPoint, & Outlook store this code as a separate stream in COM Structured Storage files (such as: .xls, .doc, .docx, & .pptx).  Attackers can use VBA to create malicious macros & embed them in Excel, Word, & PowerPoint documents.  These malicious macros can steal sensitive information, install keyloggers & Trojans, and perform other nefarious activities.[3]

References

  1. Understanding Denial-of-Service Attacks. US-CERT.
  2. What is a DDoS Attack? – DDoS Meaning. Kaspersky.
  3. Santos, O.; Taylor, R.; Mlodziannowski, J. CompTIA Security+ SY0-601 Cert Guide.
  4. Operational Technology (OT). Gartner Glossary.
  5. What is Malicious Code? Kaspersky.