Week 11.0 Analyze indicators of Malicious activities

Overview

This module deeply explores the entire spectrum of cyber threats, attack techniques, and malicious behaviors that target modern information systems. Learners begin by understanding Malware Classification, gaining the ability to differentiate between various types of malicious software based on how they operate, spread, and impact systems.

The course examines traditional and modern forms of malware, starting with Computer Viruses, which attach themselves to legitimate files and spread through user interaction. It then covers Computer Worms and Fileless Malware, explaining how worms self-propagate across networks without user involvement, while fileless malware lives only in memory, making it extremely difficult to detect.

Students also study Spyware and Keyloggers, which quietly capture user activity such as keystrokes or browsing habits, leading to data theft or credential compromise. The module expands into Backdoors and Remote Access Trojans (RATs), both of which allow attackers to take covert control of systems. This is followed by Rootkits, advanced tools that hide the presence of attackers by modifying system processes at low levels.

A critical threat area covered is Ransomware, Crypto-Malware, and Logic Bombs. Learners see how ransomware encrypts data for ransom, crypto-malware hijacks computing resources for unauthorized cryptocurrency mining, and logic bombs trigger malicious actions when specific conditions are met.

To understand how attackers operate, the module explores Tactics, Techniques, and Procedures (TTPs) used by threat actors, along with Indicators of Compromise (IoCs) that help identify malicious activity. Learners review common Malicious Activity Indicators, such as unusual network traffic, unexpected file changes, or unauthorized user accounts.

The training expands into broader threat categories beginning with Physical Attacks.