Targeted attack Show A type of threat in which threat actors actively pursue and compromise a target entity's infrastructure while maintaining anonymity. Opportunistic attack An attack in which the threat actor is almost always trying to make money as fast as possible and with minimal effort. Insider A threat agent who has authorized access to an organization and either intentionally or unintentionally carries out an attack. Coompetitor A threat agent who carries out attacks on behalf of an organization and target competing companies. Hacker Any threat agent who uses technical knowledge to bypass security, exploit a vulnerability, and gain access to protected information. or A person who commits crimes through gaining unauthorized acces to computer systems. Nation state A sovereign state threat agent may wage an all out war on a target and have significant resources for the attack. Internal threat A threat from authorized individuals(insiders) who exploit assigned privileges and inside information to carry out an attack. External threat A threat from individuals or groups not associated with the organization, who seek to gain unauthorized access to data. Persistent threat A threat that seeks to gain access to a network and remain there undetected. Non-persistent threat A threat that focuses on getting into a system and stealing information. It is usually a one time event, so the attacker is not concerned with detection.. Open-Source Intelligence (OSINT) Information that is readily available to the public and doesn't require any type of malicious activity to obtain. White hat A skilled hacker who uses skills and knowledge for defensive purposes only. The white hat hacker interacts only with systems for which express access permission is given. Black hat A skilled acker who uses skills and knowledge for illegal or malicious purposes. Gray hat A skilled hacker who falls in the middle of white hat and black hat hackers. The gray hat may cross the line of what is ethical, but usually has good intentions and isn't malicious like a black hat hacker. How do persistent and non persistent threats differ? persistent-plans on going back in over and over. What protections can you implement against organized crime threat actors? -proper user security training Which method can you use to access an application or operating system for troubleshooting? ... Which methodologies can you use to defend a network? -layering Malware Software designed to take over or damage a computer without the user's knowledge or approval. Virus A program that attempts to damage a computer system and replicate itself to other computer systems. Worm A self replicating malware program. Trojan horse A malicious program that is disguised as legitimate or desirable software. zombie A computer that is infected with malware and is controlled by a command and control center called a zombie master. Botnet A group of zombie computers that are commanded from a central control infrastructure. Rootkit A set of programs that allows attackers to maintain hidden, administrator level access to a computer. logic bomb Malware designed to execute only under predefined conditions. It is dormant until the predefined condition is met. spyware Software installed without a user's personal preferences and sends pop-up ads that match those preferences. Adware Malware that monitors a user's personal preferences and sends pop-up ads that match those prefernces. Ransomware Malware that denies access to a computer system until the user pays a ransom. Scareware A scam to fool a user into thinking there is some form of malware on the system. Crimeware Malware designed to perpetrate identify theft. It allows a hacker access to online accounts at financial services, such as banks and online retailers. Crypto-malware Ransom that encrypts files until a ransom is paid. Remote Access Trojan (RAT) Malware that includes a back door to allow a hacker administrative control over the target computer. Cracker A person actively engaged in developing and distributing worms, Trojans, and viruses; engaging in probing and reconnaissance activities; creating toolkits so that others can hack known vulnerabilities; and/or cracking protective measures. Script Kiddy A less skilled hacker who often relies on automated tools or scripts written by crackers to scan systems and exploit weaknesses. Potentially unwanted program (PUP) A PUP is a software inadvertently installed that contains adware, installs toolbars, or has some other objective. Fileless virus A fileless virus uses legitimate programs to infect a computer. What is the difference between a virus and a worm? worm-wants to harm the computer without the users knowledge. Which types of malware typically use email to spread? fileless virus How are Trojans and botnets related? ... What does it mean for software to be quarantined? Moves the infected files to a secure folder where it cannot open or run normally. Why is it a good practice to show file extensions? ... What must you do to ensure that you are protected from the latest virus variations? keep your antivirus program up to date with latest patches. A collection of zombie computers have been set up to collect personal information. Which type of malware do the zombie computers represent? botnet Which kind of virus operates only in memory and usually exploits a trusted application
like PowerShell to circumvent traditional endpoint security solutions? fileless virus Which of the following describes a logic bomb? -A program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it is found. -A type of malicious code similar to a virus whose primary purpose is to duplicate itself and spread while not necessarily intentionally damaging or destroying resources. -A program that appears to be a legitimate application, utility, game, or screensaver that performs malicious activities surreptitiously. A program that performs a malicious activity at a specific time or after a triggering event. A type of malware that prevents the system from being used until the victim pays the attacker money is known as what? -Denial-of-service attack (DoS attack) ransomware Which kind of malware provides an attacker with administrative control over a target computer through a backdoor? -Potentially
Unwanted Program (PUP) Remote Access Trojan (RAT) Which of the following are characteristics of a rootkit? (Select two.) -Uses cookies saved on the hard drive to track user preferences. -resides below regular antivirus software detection Which of the following best describes spyware? -It monitors the actions you take on your machine and sends the information back to its originating source. -It monitors user actions that denote personal preferences and then sends pop-ups and ads to the user that match their tastes. -It is a program that attempts to damage a computer system and replicate itself to other computer systems. -It is a malicious program disguised as legitimate software. It monitors the actions you take on your machiine and sends the information back to its originating source. Which of the following is a program that appears to be a legitimate application, utility, game, or screensaver, but performs malicious activities surreptitiously? -Outlook Express trojan horse zero day vulnerability Zero-day is a software vulnerability that is unknown to the vendor. In 2001, a worm
exploited vulnerabilities in Microsoft Internet Information Services (IIS) to infect over 250,000 systems in under nine hours. What was this worm called? Code Red You have installed antivirus software on the computers on your network. You update the definition and engine files and configure the software to update those files every day. -Enable chassis intrusion detection. -schedule regular full system scans footprinting footprinting uses social engineering to obtain as much information as possible about an organization. Social engineering Social engineering is an attack involving human interaction to obtain information or access. pretexting pretexting is a fictitious scenario to persuade someone to perform an action or give information. Elicitation
Elicitation is a technique to extract information from a target without arousing suspicion. preloading preloading is influencing a target's thoughts, opinions, and emotions before something happens. SMiShing SmiShing, or SMS phishing, is doing phishing through an SMS message. In other words, tricking a user to download a virus, Trojan horse, or malware onto a cell phone. Impersonation Impersonation is pretend to be somebody else and approaching a target to extract information. SPIM SPIM is similar to spam, but the malicious link is sent to the target over instant message to deceive the target. Hoax A hoax is a type of malicious email with some type of urgent or alarming message to deceive the target. Hacktivist A hacktivist is a hacker with a political motive. Script Kiddie a less skilled hacker that often relies on automated tools or scripts written by crackers to scan systems at random to find and exploit weaknesses. White hat hacker A white hat hacker is a professional who helps companies find the vulnerabilities in their security. Also known as an ethical hacker. Cybercriminal A person ( or team of individuals) who use technology to steal sensitive information for a profit. Cybercriminals are often associated with large organized crime syndicates such as the mafia. What is social engineering? ... What are the phases of a social engineering attack? ... What is pretexting and how is it used in social engineering ? doing research on your target and creating a fictitious scenario. What are some of the most common social engineering techniques? pretexting How are attackers different in their motivations and approaches? ... How are motivation techniques effective in convincing targets to comply with with a hackers desires? ... What are elicitation techniques and how are they effective for social engineering? ... How do hackers use interview and interrogation techniques for social engineering? interview- target talks, attacker
listens. Data loss The loss of files and documents either accidentally or through malicious acts. Data breach The exposure of confidential or protected data, either accidentally or through malicious acts. Data Exfiltration The unauthorized transfer of information or files from a computer. Identity theft A crime in which an attacker commits fraud by using someone else's name or existing accounts to obtain money or to purchase items. Availability loss Loss of access to computer resources due to the network being overwhelmed or crashing. An employee stealing company data could be an example of which kind of threat actor? internal threat Which of the following is the BEST definition of the term hacker? A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization. Which of the following threat actors seeks to defame, shed light on, or cripple an organization or government? Hacktivist The IT manager in your organization proposes taking steps to deflect a potential threat actor. The proposal includes the
following: Which type of threat actor do these steps guard against? Insider A script kiddie is a threat actor who lacks knowledge and sophistication. Script kiddie attacks often seek to exploit well-known vulnerabilities in systems. What is the BEST defense against script kiddie attacks? Keep systems up to date and use standard security practices A hacker scans hundreds of IP addresses randomly on the internet until they find an exploitable target. What kind of attack is this? opportunistic attack Match the general attack with the appropriate description. (each strategy may be used once, more than
once, or not at all). stealing information= exploitation Preparing a computer to perform additional tasks in the attack= staging crashing systems- exploitation gathering system defenses to gain unauthorized access= reconnaissance penetrating system defenses to gain unauthorized access= breaching configuring additional rights to do more than breach the system= escalating privileges Match the general defense methodology on the left with the appropriate description
on the right. Each methodology can be used once, more than once, or not at all. -Diversifying layers of defense. -Giving users only the access they need to do their job and nothing more. -Implementing multiple security measures to protect the same asset. -Eliminating single points of failure. Giving groups only the access they need to do their job and nothing more. -The constant change in personal habits and passwords to prevent anticipated events and exploitation=randomness -Diversifying layers of defense.= variety -Giving users only the access they need to do their job and nothing more.=principle of least privilege -Implementing multiple security measures to protect the same asset.=layering Eliminating single points of failure= layering Giving groups only the access they need to do their job and nothing more.=principle of least privilege Which of the following is the BEST example of the principle of least privilege? -Wanda has been given access to the files that she needs for her job. In which phase of an attack does the attacker gather information about the target? reconnaissance
Ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in? -Research phase developmental phase Social engineers are master manipulators. Which of the following are tactics they might use? Shoulder surfing, eavesdropping, and keylogging Moral obligation, ignorance, and threatening Eavesdropping, ignorance, and threatening Moral obligation, ignorance, and threatening Any attack involving human interaction of some kind is referred to as what? -An opportunistic attack social engineering An organization's receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering? -Persuasive authority Which of the following is a common social engineering attack? -Distributing hoax virus-information emails Distributing hoax virus information emails Which of the following BEST describes an inside attacker? -An unintentional threat actor. This is the most common threat. An unintentional threat actor. This is the most common threat. Which of the following are examples of social engineering attacks? (Select three.) -Keylogger keylogger Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique? -Impersonation elicitation Having a legitimate reason for approaching someone to ask for sensitive information is called what? impersonation Jason is at home, attempting to access the website for his music store. When he goes to the website, it has a simple form asking for a name, email, and phone number. This is not the music store website. Jason is sure the website has been hacked. How did the attacker accomplish this hack? -DNS cache poisoning DNS cache poisoning Every ACME computer comes with the same account created at the factory. Which kind of vulnerability is this? -Weak
passwords default accounts and passwords In healthcare, regulations often dictate that important systems remain unpatched to maintain compliance. Which kind of vulnerability does this introduce? -Weak passwords inherent vulnerabilities Which security control, if not applied, can allow an attacker to bypass other security controls? -Updating firmware or software physical access control A user is able to access privileged administrative features with an account that is not granted administrator rights. Which type of vulnerability is this? -Backdoor account privilege escalation The root account has all privileges and no barriers. Which of the following is another name for the root account? -User account super user A wireless access point configured to use Wired Equivalent Privacy (WEP) is an example of which kind of vulnerability? -Unpatched software weak security configurations Sometimes, an attacker's goal is to prevent access to a system rather than to gain access. This form of attack is often called a denial-of-service attack and causes which impact? -Identity theft availability loss When confidential or protected data is exposed, either intentionally or accidentally, it is considered to be which of the following? -Data loss data breach DNS tunneling is a common method that allows an attacker to accomplish which attack? -Availability loss data exfiltration Which impact of vulnerabilities occurs when an attacker uses information gained from a data breach to commit fraud by doing things like opening new accounts with the victim's information? -Identity theft identity theft What type of attack is targeted against a smaller group?Targeted attacks are aimed at one person or a specific, small group of people. Back in the day, virus writers were trying to spread their malware to as many computer users as possible to make a name for themselves.
How do spear phishing attacks differ from standard phishing attacks quizlet?Phishing attacks pretends to be from a company the user does business with or from another seemingly trustworthy source. However, it is really an attacker. Spear phishing attacks are when the attacker personalizes the email message to a particular person. How do viruses and worms propagate using social engineering?
Which of the following is most likely to be a part of a phishing attack?The most common indicators of a phishing attempt usually involve tone, grammar and urgency in an email message and subject line. Major warning signs in an email are: An unfamiliar greeting. Grammar errors and misspelled words.
Why do cyber attackers commonly use social engineering attacks?Social engineering is a popular tactic among attackers because it is often easier to exploit people than it is to find a network or software vulnerability. Hackers will often use social engineering tactics as a first step in a larger campaign to infiltrate a system or network and steal sensitive data or disperse ...
|