Cyber Attack Awareness

Questions and Answers

Denial of service (DoS) attack is any type of attack that causes a complete or partial system ______.

outage

An attacker could send a maliciously formatted file to a server that causes it to ______.

overload

A DDoS attack is a DoS attack that comes from more than one source at the same ______.

time

The machines used in DDoS attacks are collectively known as ______.

botnets

According to research, tens of millions of computers are likely to be infected with ______ programs worldwide.

botnet

An attacker could send a large number of page requests to a web server in a short ______ of time, overloading it.

space

A similar impact is observed with ticket sales websites where a spike in user demand can ______ systems.

overload

Often, cyber attacks are not technical, but rather an exploitation of how humans interact with the system in a flawed and ______ way.

vulnerable

In this lesson, we have selected common types of cyber attacks. This is a representative sample to provide you with a few illustrative examples, rather than a ______ list.

comprehensive

Let's examine these in ______ depth.

greater

Roll-over the color-coded types of threats and ______.

attacks

Go to the Fortinet Threat Map Screen shot of the online Fortinet Threat map showing ______ around the globe.

attacks

Watch the attack details that scroll at the bottom of the screen. Figure out where most ______ are happening right now, before your eyes.

attacks

This is a sub-set of ______. Select . to view the legend of types of ______ displayed. Select i to learn more.

data, attacks

Go to the Bitdefender Cyberthreat Real-Time Map Screen shot of the online Bitdefender Threat map showing ______ around the world.

attacks

View the live ______ happening across the map for the selected country locations.

attacks

Check out the various instances of ______, threats, and attacks.

spam

Notice that there is an 'attack country' and 'target country'. This is the end of the lesson.

Be sure to select the 'I've checked it out' box to take a mini quiz to check your understanding of this lesson.

You will be presented with three descriptions to then identify the correct type of ______ that it represents. This is required for lesson completion.

cyber attack

the ______ barked

dog

the ______ meowed

cat

______ attack is the practice of sending messages that appear to be from trusted sources with the goal of gaining personal information or influencing users to do something. It combines social engineering and technical trickery. Unsuspecting users open the email and may provide protected information or download malware. EXAMPLE An attacker could send an email with a file attachment or a link to a fake website that loads malware onto a target's computer.

Phishing

______ attacks are a very targeted type of phishing activity. Attackers take the time to conduct research into targets and create messages that are personal and relevant, and thus likely more effective. EXAMPLE An attacker collects a target's details from social media and calls the target pretending to be a representative from the bank. The attacker advises the account is compromised and asks the target to transfer money to a "safe" bank account. The attack is convincing because of the attacker's apparently legitimate knowledge.

Spear phishing

______ is a catch-all term for malicious software. It is any software designed to perform in a detrimental manner to a targeted user without the user's informed consent. It often triggers secretly when a user runs a program or downloads a file, which can often be unintentional. Once active, malware can block access to data and programs, steal information, and make systems inoperable. EXAMPLE Within the various types of malware, you will find examples related to their function, such as keyloggers (which captures a victim's keystrokes) or ransomware (which holds a victim's files captive in exchange for a ransom payment).

Malware

A MitM attack occurs when hackers insert themselves in the communications between a client and a server. This allows hackers to see what’s being sent and received by both sides. EXAMPLE An attacker could set up a "free" WiFi hot spot in a popular public location. Anyone who connects to that WiFi network could have their communications examined by the attacker, who may redirect victims to fake log-in screens or insert advertisements over webpages.

Man in the middle (MitM) attack

DNS is one of the core protocols used on the internet. Basically, the DNS protocol allows a computer to resolve a domain to an IP address, which allows a user to, for example, reach BMW’s main website by typing “bmw.com” instead of writing an IP address that is hard to remember. DNS is used almost everywhere. As a core protocol of the internet, lots of attack vectors directly target DNS, including DNS spoofing, domain hijacking, and cache poisoning (just to name a few). EXAMPLE In 2016, the DNS service provided by a company called Dyn was attacked. This resulted in major outages across most of the US, leaving millions of Americans unable to access or use internet services.

Domain name system (DNS) attack

SQL allows users to query databases. SQL injection is the placement of malicious code in SQL queries, usually via web page input. A successful attack allows common commands to be run. This can include deleting the database itself. SQL injection is one of the most common web hacking techniques. EXAMPLE In the UK, two teenagers managed to target TalkTalk's website in 2015 to steal hundreds of thousands of customer records from a database that was remotely accessible.

Structured query language (SQL) injection

______ person, organization, or country is immune to the dangers of cyber attacks.

No

Cyber attacks are ______ in number and constantly evolving.

increasing

______ attacks on organizations are commonly reported in the news.

DoS

Phishing attacks are the most effective on a personal basis.

phishing

Malware attacks are increasing in number and constantly evolving.

malware

What is a DoS attack?

A DoS attack is any type of attack that causes a complete or partial system outage.

Give an example of a DoS attack.

An attacker could send a maliciously formatted file to a server that causes it to overload.

What is a DDoS attack?

A DDoS attack is a DoS attack that comes from more than one source at the same time.

Give an example of a DDoS attack.

An attacker could send a large number of page requests to a web server in a short space of time, overloading it.

What are the machines collectively known as in DDoS attacks?

The machines used in DDoS attacks are collectively known as 'botnets'.

What is a MitM attack?

A MitM attack occurs when hackers insert themselves in the communications between a client and a server.

Give an example of a MitM attack.

An attacker could set up a 'free' WiFi hot spot in a popular public location.

What is the goal of phishing attacks?

The goal of phishing attacks is to gain personal information or influence users to do something.

What is a representative sample of types of cyber attacks?

A representative sample of types of cyber attacks is provided to give illustrative examples, rather than a comprehensive list.

How are cyber attacks often carried out?

Cyber attacks are often carried out by exploiting how humans interact with the system in a flawed and vulnerable way.

What is the purpose of a DDoS attack?

To overwhelm a target system or network with a flood of internet traffic.

What is the difference between a DoS attack and a DDoS attack?

A DoS attack is carried out using a single source, while a DDoS attack is carried out using multiple sources.

What is phishing?

The practice of sending messages that appear to be from trusted sources with the goal of gaining personal information or influencing users to do something.

What is malware?

Malware is a catch-all term for malicious software that is designed to perform in a detrimental manner to a targeted user without the user's informed consent.

What is a MitM attack?

A MitM (Man-in-the-Middle) attack occurs when hackers insert themselves in the communications between a client and a server, allowing them to intercept and manipulate the data being sent.

What is DNS?

DNS (Domain Name System) is a core protocol used on the internet that allows a computer to resolve a domain name to an IP address.

What are some examples of DNS attacks?

DNS spoofing, domain hijacking, and cache poisoning are examples of DNS attacks.

What is the purpose of a DoS attack?

To disrupt or disable a target system or network by overwhelming it with a flood of internet traffic.

What is the main difference between a DoS attack and a DDoS attack?

A DoS attack is carried out using a single source, while a DDoS attack is carried out using multiple sources.

What is the goal of phishing attacks?

The goal of phishing attacks is to gain personal information or influence users to take certain actions, such as providing sensitive information or downloading malware.

What is a phishing attack?

A phishing attack is the practice of sending messages that appear to be from trusted sources with the goal of gaining personal information or influencing users to do something.

What is a spear phishing attack?

A spear phishing attack is a very targeted type of phishing activity where attackers conduct research into targets and create personal and relevant messages to increase effectiveness.

What is malware?

Malware is a catch-all term for malicious software that is designed to perform in a detrimental manner to a targeted user without their informed consent.

What is a Man in the Middle (MitM) attack?

A Man in the Middle (MitM) attack occurs when hackers insert themselves in the communications between a client and a server to intercept and examine the sent and received data.

What is a DNS attack?

A DNS attack targets the domain name system and includes techniques such as DNS spoofing, domain hijacking, and cache poisoning to disrupt or manipulate the resolution of domain names.

What is an SQL injection attack?

An SQL injection attack is the placement of malicious code in SQL queries, usually via web page input, to manipulate or gain unauthorized access to databases.

What are the types of cyber attacks impacting organizations and individuals today?

Common types of cyber attacks impacting organizations and individuals today include DoS attacks, phishing attacks, and malware attacks.

What is the purpose of the Kaspersky Cyberthreat Real-Time Map?

The Kaspersky Cyberthreat Real-Time Map provides real-time visualizations and statistics of cyber attacks occurring around the world.

What is a DDoS attack?

A DDoS attack is a distributed denial of service attack where multiple sources overwhelm a target with a flood of internet traffic, causing a disruption or outage.

What is the impact of cyber attacks on organizations and individuals?

Cyber attacks can have significant impacts on organizations and individuals, including data breaches, financial losses, and disruption of services.