Untitled Quiz

Questions and Answers

What are the three main categories of network security threats, which can jeopardize the confidentiality, integrity, and availability of information and systems?

• Security, Integrity, and Accessibility
• Privacy, Confidentiality, and Safety
• Confidentiality, Integrity, and Availability (correct)

What is the term for malicious software designed to harm or exploit computer systems?

• Virus
• Malware (correct)
• Software

Which type of malware replicates itself and spreads from one computer to another?

• Worm
• Virus (correct)
• Trojan Horse

What is the term for a self-replicating malware that spreads through networks without the need for user interaction?

Worm (A)

Which of these is NOT a common characteristic of computer worms?

User Interaction Required (A)

What is the term for a type of malicious software that disguises itself as a legitimate program to trick users into downloading or executing it?

Trojan Horse (A)

Trojans do not self-replicate like viruses or worms.

True (A)

Which type of malware encrypts files on a victim's system and demands a ransom for their release?

Ransomware (B)

What is a network of compromised computers or devices controlled by a single entity, often referred to as a "botmaster"?

Botnet (B)

What is the term "bot" short for?

Robot (C)

Which of the following is NOT a type of malicious activity commonly associated with botnets?

Software updates (C)

What type of software automatically delivers advertisements, often bundled with free software?

Adware (A)

Which of the following is a key characteristic of adware?

Intrusive advertising (C)

What is the term for malicious software designed to gather information about an individual or organization without their knowledge or consent?

Spyware (B)

Which of the following is NOT a common method employed by spyware?

Database encryption (B)

What is the term for a collection of malicious software tools that grant unauthorized access to a computer system without detection?

Rootkit (B)

Which type of rootkit operates at the kernel level of the operating system, offering more extensive control and making detection more challenging?

Kernel-mode rootkit (A)

What is the term for malware that operates without the need for traditional files to be written to disk, often exploiting legitimate system tools?

Fileless malware (B)

What is the key characteristic of fileless malware that makes it hard to detect?

Direct execution in memory (B)

What is the practice of delivering malicious software through online advertising?

Malvertising (A)

Which of these is a common consequence of malvertising?

Data theft (B)

What is a common method used by malware to spread to other devices without user interaction, known as "drive-by downloads"?

Exploiting vulnerabilities (A)

What type of malware is often used to launch massive Distributed Denial of Service (DDoS) attacks, targeting servers or networks with excessive traffic to disrupt service?

Botnets

What does "C&C" stand for in the context of botnets?

Command and Control

What is it called when a botnet is used to steal banking credentials, enabling unauthorized access to financial accounts?

Banking Trojans

Which of these is NOT a recommended practice to help prevent malware infections?

Using outdated software (C)

What is a key preventive measure to help avoid adware and other malicious software?

Reading installation prompts carefully (A)

What is a common way to help prevent malware from spreading through networks?

Using a firewall (A)

Regularly backing up your data can help mitigate the impact of ransomware attacks.

True (A)

What is the term for a malware that targets the BIOS or UEFI firmware, allowing attackers to remain persistent even after a system is reinstalled?

Firmware rootkits

Educating yourself and others about malware threats and best practices is an essential part of cybersecurity.

True (A)

What type of malware exploits vulnerabilities in web browsers or user systems to automatically download malware without interaction?

Malvertising

Restricting user privileges on systems can reduce the impact of certain malware that exploits administrator privileges.

True (A)

What is the term for a type of malware that locks the user out of their device or operating system, demanding a ransom for access restoration?

Locker ransomware

Which of these is considered one of the first known examples of a worm that spread through the internet?

Morris Worm (B)

Ransomware attacks are often classified separately from Trojans even though they typically enter systems using a Trojan method.

True (A)

The ILOVEYOU Worm spread primarily by using malicious email attachments, causing damage by overwriting files and stealing passwords.

True (A)

Mirai is a notable example of a botnet that specifically targeted insecure IoT devices such as cameras and routers.

True (A)

Conficker is a botnet that exploited vulnerabilities in Windows operating systems to create one of the largest ever recorded botnets.

True (A)

Zeus botnet primarily focused on stealing banking credentials, using a wide range of cybercriminal activities for financial gain.

True (A)

Adware is always malicious and harmful, often bundled with free software without the user's knowledge.

False (B)

Many antivirus and anti-malware programs are capable of detecting and removing adware from systems.

True (A)

Adware is often installed alongside other software without user consent, typically through "bundled" installations, making it important to read installation prompts carefully.

True (A)

Malicious variants of adware can compromise user privacy and security by collecting sensitive data and potentially redirecting users to harmful websites.

True (A)

To avoid adware, users should always download free software from trusted sources and use ad blockers or reputable security software.

True (A)

Spyware is a type of software that monitors user activity, gathers information, and even takes control of webcams or microphones without user consent.

True (A)

Which of these is NOT a common use of spyware?

System patching (B)

Some spyware tracks user behavior to show relevant advertisements, which can be considered an unethical and often intrusive practice.

True (A)

Rootkits are designed to hide their presence and the presence of other malware, making them particularly elusive and dangerous.

True (A)

User-mode rootkits operate at a lower level of the operating system, making them easier to detect and remove compared to kernel-mode rootkits.

True (A)

Bootkits are a type of kernel-mode rootkit that embeds itself in the system's boot process, launching before the operating system even starts, making detection even more challenging.

True (A)

Firmware rootkits can target the firmware of hardware components, such as the BIOS or UEFI, allowing attackers to remain persistent even after the operating system is reinstalled.

True (A)

Fileless malware operates directly in the system's memory without leaving traditional files on the disk, which can make it difficult to identify and remove using traditional antivirus tools.

True (A)

Fileless malware often leverages built-in system tools, such as PowerShell or WMI, providing a way for it to blend in with normal processes.

True (A)

Fileless malware's ability to avoid writing files to disk makes it more challenging to detect using traditional methods like file scanning.

True (A)

Some fileless malware can maintain persistence by exploiting legitimate services or processes, allowing it to re-establish itself after a reboot.

True (A)

While fileless malware commonly targets Windows systems, there are also variations that exploit similar features in other operating systems.

True (A)

Malvertising refers to the delivery of malicious software through online advertising, often taking advantage of weaknesses in web browsers or user systems.

True (A)

Malvertising can lead to the automatic download of malware without user interaction, known as "drive-by downloads," or redirect users to malicious websites.

True (A)

The malware delivered through malvertising can vary, including ransomware, spyware, adware, and Trojans, and the intent often focuses on stealing personal information or financial gain.

True (A)

Malvertising can have negative consequences for users, businesses, and advertisers, leading to data theft, financial losses, and reputational damage.

True (A)

Using antivirus software and keeping it updated is an essential way to help protect your system from malware.

True (A)

Practicing safe browsing habits involves being cautious with email attachments and links, verifying the legitimacy of websites, and avoiding suspicious downloads.

True (A)

It's important to be wary of public Wi-Fi networks, as they can be vulnerable to malware attacks, and using a VPN can help protect your connection.

True (A)

Regularly backing up your crucial data is a good practice to help minimize the potential impact of malware attacks, such as ransomware.

True (A)

Enabling pop-up blockers can help reduce the risk of encountering malicious pop-ups that could potentially lead to adware or other malware downloads.

True (A)

Educating yourself and others about the different types of malware threats and how to protect against them is an important step in enhancing cybersecurity awareness.

True (A)

Limiting user privileges on systems can help prevent malware from exploiting administrator privileges to gain unauthorized access to sensitive areas.

True (A)

Checking permissions for installed apps can help prevent malware from accessing sensitive data or performing malicious actions on your system.

True (A)

Flashcards

Computer Virus

A program that replicates itself and spreads to other computers, often infecting software, operating systems, and files.

Virus Replication

A virus's ability to make copies of itself and spread to other files or systems.

Virus Activation

When a virus becomes active and performs its harmful actions, triggered by a specific condition.

Virus Payload

The action a virus performs when activated, ranging from displaying messages to damaging or deleting data.

File Infector Virus

A virus that attaches itself to executable files and activates when launched.

Macro Virus

A virus embedded in documents (like Word or Excel) using macro language.

Boot Sector Virus

A virus that infects the boot sector and executes every time a computer starts.

Polymorphic Virus

A virus that changes its code each time it infects a new host, making detection harder.

Multipartite Virus

A virus that can spread through files and boot sectors.

Worm

Malware that self-replicates and spreads to other computers without user intervention.

Worm Self-Replication

Worms create copies and spread themselves to other devices.

Worm Exploitation

Worms use vulnerabilities in software or systems to spread.

Trojan (Malware)

Malicious software disguises itself as a legitimate file or application, tricking users into downloading and executing it.

Trojan Deception

Trojans trick users into downloading them by disguising as legitimate software or files.

Ransomware

Malware that denies access to a system or data until a ransom is paid.

Ransomware Encryption

Ransomware encrypts files to prevent user access.

Botnet

A network of compromised devices controlled by a single entity.

Botnet Control

A botnet is remotely controlled by a botmaster.

Malvertising

Delivering malicious software through online advertising.

Adware

Software that automatically displays advertisements, often bundled with free software.

Spyware

Software that collects information about a user without their knowledge.

Rootkit

A collection of tools that allow unauthorized access to a computer system without detection.

Fileless Malware

Malware that operates in memory without creating files on the disk.

Study Notes

Network Security Threats

• Network security threats encompass attacks compromising confidentiality, integrity, and availability of information and systems.
• Common types of network security threats include malware, viruses, worms, Trojans, ransomware, botnets, adware, spyware, and rootkits.

Malware

• Malware refers to malicious software designed to harm or exploit systems.
• Different types of malware include:
  • Malvertising
  • Viruses
  • Worms
  • Fileless malware
  • Rootkits
  • Spyware
  • Adware
  • Trojans
  • Ransomware
  • Botnets

Viruses

• Viruses are programs designed to replicate and spread from one computer to another.
• They infect applications, operating systems, and files often without user awareness.

Characteristics of Computer Viruses

• Replication: Viruses make copies of themselves to spread to other files or systems.
• Activation: Viruses remain dormant until a specific condition is met, activating and executing harmful actions.
• Payload: The action viruses perform upon activation. This can range from displaying messages to damaging or deleting data.

Types of Computer Viruses

• File Infector Virus: Attaches itself to executable files and activates upon launch.
• Macro Virus: Programs embedded in documents (e.g., Word, Excel) using macro language and spreads upon opening.
• Boot Sector Virus: Infects the boot sector of storage devices, executing every time a computer starts.
• Polymorphic Virus: Continuously changes its code to avoid detection by antivirus software.
• Multipartite Virus: Can spread in multiple ways (e.g., through files and boot sectors).

Effects of Computer Viruses

• Data Loss: Viruses corrupt or delete files, resulting in the loss of crucial data.
• Performance Issues: Increased CPU usage or slow system performance due to virus operations in the background.
• Unauthorized Access: Viruses can create backdoors, risking sensitive data to cybercriminals.
• Network Spread: Viruses spread through networks, impacting multiple connected systems.

Worms

• Worms are malicious software that self-replicates and spreads to other computers without user intervention.
• Unlike viruses, worms don't need a host file to spread. They exploit system vulnerabilities to propagate.

Key Characteristics of Computer Worms

• Self-replication: Worms create copies and spread to other devices (often over networks).
• Exploitation of Vulnerabilities: Worms leverage software or operating system weaknesses (e.g., open ports, unsecured network shares) to access new systems.
• Network Propagation: Worms often spread rapidly across networks by scanning for vulnerable devices and exploiting them.
• No User Interaction Required: Worms can spread automatically without user action, making them dangerous.
• Payloads: Some worms carry payloads performing malicious actions (e.g., installing backdoors, stealing data, encrypting files).

Examples of Notable Computer Worms

• Morris Worm (1988): Distributed via the internet, causing significant slowdowns.
• ILOVEYOU Worm (2000): Spread via deceptive email attachments, causing widespread damage.
• Conficker (2008): A highly prolific worm exploiting Windows vulnerabilities, creating a large botnet.
• WannaCry (2017): A ransomware worm that exploited a Windows vulnerability, encrypting files and demanding ransom payments.

Trojans

• Trojans are malicious software disguised as legitimate applications or files. They trick users into downloading or executing them.
• Trojans do not self-replicate; they rely on users to unleash their payloads.

Key Characteristics of Trojans

• Deceptive Appearance: Trojans often masquerade as harmless software (e.g., games, utilities, updates).
• Payload Delivery: Once executed, Trojans can carry out various malicious activities, including stealing sensitive information (passwords, credit card details), gaining remote access, or installing additional malware.

Types of Trojans

• Backdoor Trojans: Allow remote access to a system, enabling attackers to take control.
• Banking Trojans: Target financial institutions and compromise online banking credentials.
• Ransomware: Encrypts files and demands ransom; often classified as a Trojan but sometimes standalone.
• Trojans that Download Other Malware: Install additional malicious software on an infected system.

Ransomware

• Ransomware is malicious software designed to deny access to a computer system or data until a ransom is paid.

How Ransomware Works

• Infection Vectors: Ransomware spreads through phishing emails, malicious downloads, or software vulnerabilities.
• Encryption: Malware encrypts files on the victim's device or network, making them inaccessible.
• Payment & Decryption: Attackers demand payment (often cryptocurrency) in exchange for a decryption key; there's no guarantee a key or access will be restored.

Types of Ransomware

• Crypto Ransomware: Encrypts files and demands ransom for the decryption key.
• Locker Ransomware: Locks the user out of the device or operating system, demanding a ransom for restoration.
• Scareware: Pretends to be legitimate software (e.g., antivirus), claiming infection and demanding payment.

Botnets

• Botnets are networks of compromised computers or devices controlled by a single entity (botmaster).
• Each compromised device is referred to as a "bot," a software allowing the malicious actor to control the infected devices 

Key Characteristics of Botnets

• Infection: Devices join a botnet through malware (e.g., malicious downloads, phishing).
• Control: Infected devices are remotely controlled by the botmaster using command-and-control (C&C) servers.
• Functions: Receive commands, update themselves, or spread to other devices.

Types of Botnets

• DDoS (Distributed Denial of Service) Attacks: Overwhelm a target server or network with traffic to disrupt service.
• Spam Distribution: Distribute massive amounts of spam emails.
• Data Theft: Extract sensitive information (e.g., login credentials, financial details).
• Cryptojacking: Use infected devices' processing power for unauthorized cryptocurrency mining.

Notable Botnets

Mirai: Exploited insecure devices (like cameras and routers) to launch DDoS attacks. Conficker: One of the largest botnets, exploiting Windows operating system vulnerabilities. Zeus: Primarily focused on stealing banking credentials and engaged in various cybercriminal activities.

Adware

• Adware, short for "advertising-supported software," automatically displays advertisements.
• It's often bundled with free software, potentially displaying unwanted ads, pop-ups, or redirecting web traffic to advertising websites.
• Can be intrusive and may track user behavior.

Spyware

• Spyware is malicious software designed to collect information about an individual or organization without their knowledge or consent.
• It can monitor user activity, collect sensitive data, and potentially compromise privacy and security.
• Forms include:
  • Data Theft: Capture personal information (passwords, credit card numbers, etc.)
  • Surveillance: Monitor user behavior (browsing habits, keystrokes, etc.), capture audio/video
  • Targeted Advertising: Serve targeted ads, raising consent and privacy concerns
  • Network Exploitation: Access additional systems via vulnerabilities to spread further

Rootkits

• Rootkits are malicious software tools that allow unauthorized users to control a computer system undetected.
• Designed to hide its presence and the presence of other malicious software, making it highly dangerous.

Types of Rootkits

• User-mode Rootkits: Modify standard executables, libraries, and applications to gain access.
• Kernel-mode Rootkits: Offer more extensive control over the operating system by modifying core functions.
• Bootkits: Embed themselves in the system's boot process to launch before the operating system starts, making detection difficult.
• Firmware Rootkits: Target firmware (BIOS/UEFI) to persist even after reinstalling the operating system.

Fileless Malware

• Fileless malware operates in memory, not writing files to the disk. It often exploits legitimate system tools, making detection and analysis challenging.
• Key Characteristics:
  • Memory-based Execution: Runs directly from memory.
  • Use of Legitimate Tools: Leverages built-in tools (e.g., PowerShell, WMI).
  • Stealthy Operations: Avoids file scanning detection methods.
  • Persistence: Maintains its presence after reboots.
  • Targeting Specific Platforms: Can be targeted at specific platforms (e.g. Windows).

Malvertising

• Malvertising is the practice of delivering malicious software through online advertising.
• This can happen when legitimate ad networks accidentally serve malicious ads or when malicious actors intentionally create and distribute harmful advertisements.

Preventing Malware

• Use antivirus software
• Keep software updated
• Be cautious with email attachments and links
• Download from trusted sources
• Use a firewall
• Practice safe browsing
• Be wary of public Wi-Fi
• Regularly back up data
• Enable pop-up blockers
• Educate yourself and others
• Limit user privileges
• Check permissions for installed apps