Cyber Security: Internet Worms and Attacks

Questions and Answers

Which Internet worm, released in 1988, could be one of the first real Internet crime cases?

• the Slammer worm
• the Jester worm
• the Morris worm (correct)
• the Code Red worm

How did the Slammer worm infect the victim’s computer?

• It entered through the victim's Outlook address book software and then replicated itself by sending infected emails to the first 50 contacts.
• It collected keystrokes, screenshots, and network traffic from open ports.
• It 'slammed' shut a computer by not allowing any user to log in.
• It exploited a buffer-overflow vulnerability in computers running Microsoft SQL Server or SQL Server Desktop Engine. (correct)

Which brand-name attack group consists of Russian hackers who have launched major issues to Ukraine via numerous attacks over the past couple of years?

• Lazarus Group
• Sandworm (correct)
• Shadow Brokers
• Equation Group

Which term refers to conduct against a site with software that is vulnerable to a specific exploit?

specific target attack (B)

What are individuals called who do not have the technical expertise to develop scripts but can run scripts developed by others?

script kiddies (D)

Which equation describes the operational model of security?

Protection = Prevention + (Detection + Response) (D)

Which of the following is NOT one of the three operational tenets revealed in secure deployments?

data encryption (B)

Which term describes the hacking of computers and systems used by a telephone company for its operations?

telecommunications hacking (B)

Which term refers to a network traffic management device that connects different network segments together?

Gateway (A)

What is the main purpose of an SSL accelerator?

To deliver SSL/TLS encryption/decryption at scale (A)

Which wireless technology allows devices to establish communication at close proximity?

Near Field Communication (NFC) (A)

802.11a operates in which frequency spectrum?

5GHz (B)

What type of system can a host-based IDS monitor?

Activity on a specific host (B)

What device is used primarily for managing or storing encryption keys?

Hardware Security Module (HSM) (C)

Which Windows Server feature ensures that only digitally signed anti-malware programs load post Secure Boot?

Early Launch Anti-Malware (ELAM) (D)

Which command is used in a Linux system to modify file permissions?

chmod (C)

Which term describes a general class of software designed for malicious purposes?

Malware (C)

What type of attack does SYN flooding represent?

Denial-of-Service (DoS) attack (B)

What process involves determining the risks associated with a system?

Risk assessment (C)

Which guideline is important when designing incident response procedures?

Include appropriate business personnel (A)

Which term represents a list of identified risks correlated to a system?

Risk register (B)

Which term describes the cognitive model used by the threat intelligence community to analyze events?

Diamond Model (D)

Which type of classification includes categories like High, Medium, Low, Confidential, Private, and Public?

information classification (D)

Which document establishes a uniform set of rules for partnerships?

memorandum of understanding (MOU) (D)

What is the main reason social engineering is often successful?

People have a basic desire to be helpful. (A)

How is pharming typically executed?

By modifying local host files to redirect users to fake websites. (B)

What practice describes the act of monitoring someone's sensitive information entry?

Shoulder surfing (A)

Which technique is primarily used in social engineering to gather sensitive information?

Masquerading as a trusted entity in digital communication. (B)

What is the correct mechanism to ensure data integrity?

using one-way hash functions and digital signatures (C)

What type of keys can be used only once after generation?

Session keys (C)

What term refers to the arranged set of algorithms for secure communication?

cipher suite (A)

In physical security, what does layered access refer to?

Employing various barriers to prevent unauthorized access to assets. (B)

What is the term used to describe the technique of concealing a message within a file?

Steganography (B)

What is the concept of implicit deny in firewall rules?

Denying all traffic unless explicitly allowed by a rule. (B)

What is transport encryption primarily used to protect?

Data in motion (A)

Which term describes the interface between a virtual machine and the host hardware?

Hypervisor (A)

Flashcards

Morris Worm

An internet worm released in 1988, considered one of the first major internet crime cases.

Slammer Worm Infection

Exploits a buffer-overflow vulnerability in Microsoft SQL Server or SQL Server Desktop Engine to infect computers.

Lazarus Group

A Russian hacking group, associated with attacks against Ukraine.

Specific Target Attack

A cyber attack against a specific site with software vulnerabilities.

Script Kiddies

Individuals who lack technical expertise but use scripts created by others to launch attacks.

Security Operational Model

Prevention = Protection + (Detection x Response).

Security Design Tenets

Least privilege, separation of privilege, and defense in depth.

Telecom Hacking

Hacking of computer systems that manage telephone services.

Information Classification

A system for categorizing information based on sensitivity and access needs.

Memorandum of Understanding (MOU)

A document outlining agreement terms between partners.

Organizational Goals

High level statements of what an organization plans to achieve.

Policy Recommendations

Suggestions for improving a particular policy.

Social Engineering Success

Exploiting human psychology to gain access to sensitive information.

Pharming

Redirecting users to fraudulent websites by altering system files.

Shoulder Surfing

Directly viewing someone entering sensitive information.

Dumpster Diving

Searching through trash for discarded information.

Social Engineering Role-Taking

The attacker acts as a trusted entity to manipulate the user.

Masquerading in Social Engineering

Impersonating trusted entities to extract information.

Data Integrity

Ensuring data accuracy, consistency, and trustworthiness.

Cryptographic Modules

Groups of algorithms used for security.

Transport Encryption

Protecting data during transmission or transit.

Salted Hashes

Adding random data to passwords before hashing to strengthen passwords.

One-Time Keys

Keys designed for use in one specific operation/transaction.

Network traffic management device

A device that manages and directs network traffic, connecting different network segments.

SSL accelerator

A device that handles SSL/TLS encryption/decryption to reduce server load.

Near Field Communication (NFC)

A wireless technology enabling short-range communication between devices.

802.11a frequency spectrum

Operates in the 5 GHz spectrum using OFDM.

Wireless network marking

Early method of marking wireless networks using chalk.

Host-based IDS

Monitors activity on a specific computer.

Banner grabbing

Gathering information from service banners.

Hardware Security Module (HSM)

Device for managing and storing encryption keys.

Early Launch Anti-Malware (ELAM)

Windows feature ensuring only signed anti-malware loads after Secure Boot.

Linux permissions command

Modifying file and directory permissions.

Network vulnerability scanner

Probes for weaknesses and misconfigurations in network connections.

Malware

Software designed for harmful purposes.

Denial-of-Service (DoS) attack

Overloads a server, making it unavailable.

Network traffic capture

Examining all network data on a network interface card (NIC).

Tracert command

Shows the network path a packet takes from source to destination.

Study Notes

Internet Worm Attacks

• Morris worm (1988) is considered one of the first major Internet crime cases.
• Slammer worm exploited a vulnerability in Microsoft SQL Server.

Attack Groups

• Lazarus Group is a Russian hacking group associated with attacks on Ukraine.
• Sandworm is another Russian hacking group with a history of disruptive attacks.

Attack Techniques

• Target of opportunity attack exploits readily available vulnerabilities in a system.
• Specific target attack is directed at a particular target with a specific vulnerability.
• Script kiddies are individuals without advanced skills who use pre-made scripts for attacks.

Security Models

• The operational model of security is Prevention = Protection + (Detection x Response).
• Secure deployments rely on least privilege, separation of privilege, and defense in depth.

Specific Security Terms

• Telephony hacking refers to unauthorized access to a phone network.
• Separation of concern is a design concept to isolate components preventing interference.
• Information classification uses categories like High, Medium, Low, Confidential, Private, and Public.

Agreements & Policies

• Memorandums of Understanding (MOUs) outline partnership terms.
• Service Level Agreements (SLAs) define agreed-upon performance.
• Policies are high-level statements of goals, and recommendations detail specific actions.

Social Engineering

• Social engineering exploits human psychology to gain unauthorized access.
• Social engineering works because people want to be helpful.
• Pharming redirects users to fake websites by modifying host files.
• Shoulder surfing is directly observing a user entering information.

Data Security & Cryptography

• Integrity is provided by using two-way hash functions and digital signatures.
• Crytographic service providers (CSPs) are groups of algorithms.
• Transport encryption protects data in transit.
• Salted hashes are a way to protect against rainbow table attacks.
• One-time keys are used only once.
• Steganography hides messages within other files.

System Security

• Bootdisks boot a device with a different OS.
• LiveCDs enable running an OS from an optical drive without a hard drive.
• Layered access controls offer multiple levels of protection from perimeter systems and internal.
• Key management tracks who has access to keys.

Network Security and Virtualization

• Hypervisors manage virtual machines on the host machine.
• Spanning trees prevent loops in network switching.
• Firewalls utilize implicit deny rules to block traffic not explicitly permitted.
• SSL Accelerators provide SSL/TLS encryption capabilities on a broader level than the web server itself
• Switches connect network segments.
• Near-field communication (NFC) allows short-range device communication.
• 802.11a operates in a 5 GHz spectrum.

Intrusion Detection and Protection

• Host-based IDSs monitor activity on a specific host.
• Banner grabbing gathers information from a service display.
• Hardware security modules (HSMs) manage encryption keys.
• Secure boot ensures only trusted anti-malware programs load.
• chmod modifies permissions in a Linux system.
• Network scanners probe for system weaknesses.

Malware

• Malware is malicious software.
• SYN flooding is a denial-of-service attack.
• Packet sniffing examines all network traffic.

Network Tools & Analysis

• Tracert provides a network route trace.
• Wireshark analyzes and replays network traffic.
• Network protocols and communications.

Cloud Computing Security

• Platform as a Service (PaaS) is a set of multiple software offerings in the cloud.
• VPNs allow connections in and out of a virtual private cloud.

Risk Management

• Qualitative risk assessment subjectively evaluates impact.
• Tangible impacts are measurable effects.
• Risk mitigations are methods to counter risks.
• Risk register is a list of project risks.

Incident Response

• Include business personnel in incident response efforts.
• Incident response is a layered process.
• Threat Diamond is used in threat intel.
• Isolation/separation prevents access to vulnerable systems.

Evidence & Forensics

• Competent evidence is strong and convincing.
• Strategic intelligence gathering targets specific data.

Description

Test your knowledge on internet worm attacks, notable hacking groups, and various attack techniques. This quiz also covers security models and specific security terms relevant to today's cyber threats. Enhance your understanding of cybersecurity concepts and practices.