Cybersecurity and Network Attacks Quiz

Questions and Answers

What is a direct consequence of fragmented packets overlapping in a network?

• Improper packet reassembly (correct)
• Reduction in packet size
• Enhanced server communication
• Increased network speed

How does a TCP SYN flood attack obstruct server functionality?

• By causing the server to reject all incoming traffic
• By leaving connections unacknowledged (correct)
• By quickly sending messages to the server
• By consuming server storage space

What type of IP addresses does a Smurf attack use to exploit networks?

• Static IP addresses
• Dynamic IP addresses
• Broadcast IP addresses (correct)
• Only private IP addresses

What is the purpose of using an unreachable source address in a TCP SYN flood attack?

To initiate connection requests without establishing a valid link (B)

What is the primary result of a successful Smurf attack on a network?

Denial of services to legitimate users (A)

What is the primary purpose of ransomware?

To encrypt data and demand payment for restoration (A)

Which of the following describes Distributed Denial-of-Service (DDoS) attacks?

Overloading a service with traffic from multiple systems (B)

What motivates many cybercriminals to commit online fraud?

Potential for financial gain (D)

Which type of cybercrime involves unauthorized copying of creative works?

Intellectual property theft (C)

What is the goal of cyberstalking?

To harass or threaten someone through digital means (C)

In what way does cryptojacking compromise a victim's system?

By using computing resources to mine cryptocurrencies without consent (A)

What type of cybercrime is often motivated by ideological or political beliefs?

Hacktivism (B)

Which of the following describes identity theft?

Stealing personal information to commit fraud (A)

What does Routine Activity Theory emphasize as a crucial factor in cybercrime?

Interaction of offenders, targets, and guardians (C)

Which of the following best describes a 'suitable target' in the context of cybercrime?

An organization with outdated security software (A)

What is a common motivation for offenders in cybercrime according to Routine Activity Theory?

Financial gain or data theft (B)

What role does a 'capable guardian' play in the context of cybercrime prevention?

Cybersecurity measures that protect vulnerable targets (D)

Which of the following is NOT a requirement for learning according to Social Learning Theory?

Intimidation (A)

Which statement describes the intersection of factors in Routine Activity Theory?

Motivated offenders, suitable targets, and the absence of guardians must coincide (C)

How does Social Learning Theory relate to criminological behavior?

It suggests that behavior is learned through observation and environmental stimuli (A)

In the context of cybercrime, which example illustrates a 'motivated offender'?

A hacker aiming for data theft (A)

What is the primary goal of a Denial of Service (DoS) attack?

To prevent legitimate users from accessing system resources (C)

Which type of attack focuses on consuming all available network bandwidth?

Volume based attacks (C)

Which of the following is an example of a protocol attack?

TCP SYN flood (D)

What characterizes application layer attacks?

They exploit OS vulnerabilities and exceptional conditions. (B)

What is a common outcome for victim organizations of DoS attacks?

Loss of access to system resources (B)

In a Volume based DoS attack, how does the attacker typically overwhelm the system?

By opening multiple pages and refreshing them (A)

What is typically exploited in protocol attacks to consume resources?

Implementation flaws in protocols (A)

Which of the following best describes a Distributed Denial of Service (DDoS) attack?

An attack that utilizes multiple systems to overwhelm a target (A)

What is the primary focus of cyber law?

Governing online activities and technology use (C)

What are cybercrime laws primarily designed to do?

Define crimes and penalties related to online activities (D)

How do cyber laws protect users in cyberspace?

By safeguarding data privacy and preventing online crimes (D)

Which of the following is NOT a role of cybercrime law?

Regulating real-world financial transactions only (D)

What aspect does cybersecurity law primarily focus on?

Protecting information technology and systems (B)

Which of the following actions is supported under cybercrime laws?

Mitigating harm from cybercrimes through established regulations (A)

What is a consequence of not having effective cyber laws?

Increased online criminal activities (A)

What does the harmonization of cyber laws aim to achieve?

Alignment of legal standards across different jurisdictions (B)

What factors does the CVSS scoring system consider when evaluating vulnerabilities?

Exploitability, impact, and ease of remediation (D)

Which term is associated with the risk assessment model defined by DREAD?

Damage potential (D)

What does STRIDE focus on in threat modeling?

Six specific threat categories (D)

Which best practice emphasizes the importance of involving different stakeholders in threat modeling?

Involve all relevant stakeholders (A)

Which of the following methodologies is primarily used for vulnerability scoring?

CVSS (C)

What is a key principle of the DREAD model?

It provides a scoring system for each criterion (B)

How should organizations approach threat modeling according to best practices?

Regularly review and refine the threat model (C)

What aspect does PASTA contribute to threat modeling methodologies?

Structured methodology for threat analysis (C)

Flashcards

Malware

Malicious software designed to harm computer systems, such as viruses, worms, trojans, ransomware, and spyware.

Ransomware

A type of malware that encrypts data and demands payment to restore access. It often targets organizations and critical infrastructure.

Identity Theft

Stealing personal information, like Social Security numbers and credit card details, to commit fraud.

DDoS attack

Overloading a network, website, or service with traffic to make it unavailable to users.

Cyberstalking

Using the internet or other digital means to harass, threaten, or stalk someone through repeated and intrusive communication.

Online Fraud

Any deceitful practice carried out over the internet to gain something of value, like financial gain or sensitive information. Examples include online scams, auction fraud, and credit card fraud.

Intellectual Property Theft

Unauthorized access to or copying of someone’s creative works, such as software, music, movies, or patents, often for illegal distribution or financial gain.

Child Exploitation

The use of digital platforms to produce, distribute, or access illegal content involving the exploitation of minors, such as child pornography.

Criminological Theory

A set of ideas and principles that explain the causes of crime, the criminal justice system, and how society responds to crime.

Routine Activity Theory

A theory that explains criminal behavior based on the intersection of a motivated offender, a suitable target, and the absence of capable guardians.

Motivated Offender (Cybercrime)

In the context of cybercrime, a motivated offender could be a hacker, cybercriminal, or malicious insider who seeks financial gain, data theft, or disruption.

Suitable Target (Cybercrime)

In the digital realm, a suitable target includes individuals or organizations with valuable data, weak security practices, or system vulnerabilities (like unpatched software or weak passwords).

Capable Guardian (Cybercrime)

Robust cybersecurity measures like firewalls, encryption, multi-factor authentication, and security awareness training can serve as capable guardians.

Social Learning Theory

A theory that posits that learning is influenced by environmental observation, cognitive retention, reproduction of learned behaviors, and reinforcement from the environment.

Social Learning & Cybercrime

In cybercrime, this theory suggests that individuals learn to engage in hacking or other malicious activities by observing others, retaining the information, practicing the techniques, and being reinforced through success or recognition.

Victim Participation Theory

A sub-theory that focuses on how a victim's actions or behaviors might contribute to their becoming a victim of crime.

Cyber Law

Legal frameworks covering online activities like internet use, software, and digital communication.

Cybercrime Law

Laws aimed at preventing and punishing cybercrime, including offenses targeting computers & data.

Harmonization of Cyber Laws

Ensuring consistency and compatibility between different cyber laws across countries.

Cybersecurity Legislation

Legal provisions for protecting systems & information from cyberattacks.

Cyber Fraud

Deception and fraud using digital means, often involving financial gain.

Cyber-Terrorism

Terrorist activities conducted through digital platforms.

Role of Cybercrime Law

Cybercrime law plays a crucial role in establishing online behavior standards, preventing harm, and facilitating international cooperation.

Denial of Service (DoS) Attack

An attack that aims to prevent legitimate users from accessing a system resource by overloading its resources with a flood of data packets.

Distributed Denial of Service (DDoS) Attack

A subcategory of DoS attack that utilizes multiple computers to overwhelm a target system.

Volume Based DoS Attack

A type of DoS attack that focuses on consuming all available network bandwidth, preventing users from accessing the target system.

Application Layer DoS Attack

A type of DoS attack that exploits weaknesses in applications or operating systems to cause server crashes or failures.

Protocol-Based DoS Attack

A type of DoS attack that exploits vulnerabilities in network protocols to consume system resources, like CPU or memory.

Fragmented Packet Attack

A type of DoS attack that uses fragmented packets to overwhelm a system's resources, causing it to become unavailable.

ICMP Flood Attack

A type of DoS attack that sends a large number of ICMP echo requests to a target system, causing it to become overwhelmed and unavailable.

TCP SYN Flood Attack

A type of DoS attack that sends a SYN packet to a server, but never responds to the server's SYN-ACK packet, causing the server to exhaust its resources.

Teardrop attack

A type of DoS attack where specially crafted packets with overlapping fragments are sent to the target, causing the network device or server to crash.

Smurf Flood attack

A type of DoS attack that involves sending ICMP echo requests with the victim's IP as the source address to a network's broadcast address. This forces all devices in the network to send ICMP echo replies to the victim, overwhelming it with traffic.

What is CVSS?

A standardized scoring system used to evaluate vulnerabilities based on factors like exploitability, impact, and ease of remediation. It assigns a numerical score to vulnerabilities, helping organizations prioritize their responses.

What is the DREAD threat model?

A risk assessment model that evaluates potential threats based on five criteria: Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability. It assigns a score to each criterion, enabling prioritization of threats based on their severity.

What is threat modeling?

The process of systematically identifying and analyzing potential security threats to a system. It involves understanding the system's architecture, identifying vulnerabilities, and assessing the likelihood and impact of threats.

What is the STRIDE threat model?

A threat modeling methodology that focuses on six specific categories of threats: Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege.

What is the PASTA threat modeling methodology?

A structured methodology for threat analysis that involves identifying assets, defining threats, analyzing vulnerabilities, and proposing mitigations. It provides a framework for systematically evaluating security risks.

Why is it important to involve all relevant stakeholders in threat modeling?

It involves representatives from various disciplines, like developers, security professionals, and business stakeholders, to ensure a comprehensive understanding of the system and its security requirements.

Why is it important to start threat modeling early in the development process?

Integrating threat modeling early in the development lifecycle allows for early identification and mitigation of security risks. This helps prevent costly fixes later in the process.

Why is continuous updating and refinement crucial in threat modeling?

Threat modeling is an iterative process that requires continuous updates and refinement to account for changes in the system and emerging threats. Regular review and updates ensure the ongoing effectiveness of security measures.

Study Notes

Introduction to Cybercrime and Threats

• Cybercrime is criminal activity targeting or using a computer, computer network, or networked device.
• Most cybercrime is financially motivated.
• Cybercrime can be committed by individuals or organizations, ranging from novice hackers to highly skilled, organized groups.
• Cybercrime includes hacking, social engineering, phishing, malware, ransomware, identity theft, and cyber espionage.
• Cybercrime poses significant risks to businesses, governments, and individuals.

Types of Cybercrimes

• Malware: Malicious software designed to damage or disrupt computer systems.
• Phishing: Social engineering attacks tricking individuals into revealing sensitive information.
• Password Attacks: Exploiting vulnerabilities in systems to gain unauthorized access.
• DDoS (Distributed Denial-of-Service): Overloading a network, website, or service with traffic to make it unavailable.
• Man-in-the-Middle: Intercepting communications between two parties without their knowledge.
• Drive-by Downloads: Malware downloaded automatically when visiting compromised websites.
• Malvertising: Malware disguised as legitimate advertisements.
• Rogue Software: Software designed to deceive users into revealing sensitive information.

Criminology of Cybercrime

• Criminology is the scientific study of crime, behavior, and the criminal justice system.
• Criminologists use various theories—Routine Activity Theory, Social Learning Theory, and Victim Participation Theory—to understand cybercrime.
• Routine Activity Theory investigates the intersection of motivated offenders, suitable targets, and the absence of capable guardians.
• Social Learning Theory explains how criminal behavior is learned through observation, retention, reproduction, and motivation.
• Victim Participation Theory examines how victims' actions or inactions contribute to their victimization.
• Cybercrime's characteristics differ from traditional crime, with a lack of robust evidence regarding actors in cyberspace.

Cybercrime Investigation

• Cybercrime investigations involve identifying, tracking, and prosecuting those performing illegal activities digitally.
• Investigations utilize digital forensics for evidence collection and analysis.
• Techniques include performing background checks, gathering information, tracking individuals, and using specialized tools and techniques.
• Obstacles include anonymity, the use of proxy servers, and the need for international cooperation.
• Investigators need legal expertise and technical skills.

Cybercrime Laws

• Cyber laws provide a legal framework for activities conducted in cyberspace, addressing issues like data privacy, intellectual property, cybercrime, and electronic commerce.
• Cyber security laws mandate information security measures.
• Cybercrime laws define the offenses and penalties for illegal activities like hacking, identity theft, and cyber-terrorism.
• Cyber crime laws address issues like the harmonization of national laws and the role of law enforcement.

Corporate Data

• Corporate data encompasses structured, unstructured, and semi-structured data.
• Valuable data includes financial statements, sales reports, customer databases, employee records, and market research data.
• Hackers often target personally identifiable information (PII) such as social security numbers and financial details, and digital infrastructure.

Cyber Threats

• Cybercriminals may use various means— such as phishing, malware, or other social engineering techniques—to attain their goals.
• Nation-state actors, or a nation's government-connected groups, conduct activities like cyber espionage.
• Insider threats originate from individuals within an organization who misuse their access.
• Hacktivists use hacking as a form of protest.
• Advanced persistent threats (APTs) are highly organized and sophisticated groups.
• Script kiddies are inexperienced or amateur hackers using automated or pre-programmed tools.

Cyber Policy

• A security policy defines and outlines rules, expectations, and methods for maintaining confidentiality and integrity of data.
• Effective security policies include a clear purpose, scope, and commitment from senior management.
• Policies are organized into program, issue-specific, and system-specific types.
• Policy elements include clear objectives, scope, management commitment, realistic policies, and up-to-date information.

Denial of Service (DoS) Attacks

• A DoS attack floods a server with data packets to overwhelm its resources, making the service unavailable.
• Classifications include volume-based (bandwidth attacks), protocol attacks (resource starvation), and application layer attacks.
• Types of DoS attacks include UDP floods, SYN floods, ICMP floods, Ping of Death, Teardrop, Land, and Nuke attacks.
• DDoS attacks involve multiple computers launching an attack, making them harder to defend against.

Cyber Threat Modeling

• Cyber threat modeling is the systematic identification and mitigation process of vulnerabilities
• It helps to determine the possible threats to assets, how and when they could be mitigated
• Benefit includes early identification of potential threats, improved understanding of security posture, cost effective risk management, and enhanced collaboration

Cyber Kill Chain

• The Cyber Kill Chain is a framework for understanding how cyber attacks occur
• It consists of stages such as Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, and Actions on Objectives
• Each stage offers a place to implement security measures to prevent attackers
• The kill chain is used to identify vulnerabilities, mitigate security risks, and anticipate threats