Cybersecurity Attack Phases and Strategies

Questions and Answers

Which keys are essential for generating a digital ID?

Two private keys

Public key and identity information

Private key and public key (correct)

Digital signature and timestamp

What indicates a valid user during the verification process?

Identification of the sender's IP address

A mismatch in the hash values

Absence of a digital signature

A match in the hash values (correct)

What component is NOT included in the signature value during PDF implementation?

Signer’s public key certificate

Timestamp (time of signing)

Sender’s IP address (correct)

Digital signature (signed message digest)

In the verification algorithm, which key is used to decrypt the received signature?

Sender's public key

What occurs if the received message's hash does not match the decrypted signature hash?

The signature is invalid

What is the purpose of the digital signature in relation to message authenticity?

To ensure data integrity and non-repudiation

What does the digital signature generation algorithm produce when encrypting the hash with the sender's private key?

A unique signature

What computational resources are required for cryptographic mechanisms like digital signatures?

CPU time and memory

What role does the Service Provider (SP) play in identity federation?

The SP relies on the IdP for user authentication.

What is a key purpose of trust relationships in identity federation?

To allow the IdP to trust the SP's claims about user identity.

How does Single Sign-On (SSO) enhance the user experience in identity federation?

SSO allows users to access multiple services with a single login.

Which protocol is known for enabling delegated access using tokens?

OAuth

What is the initial step in the identity federation process?

User Authentication

Which of the following is a widely-used standard for exchanging authentication data?

SAML

What happens after the IdP successfully authenticates the user?

The IdP generates a token containing the user's identity information.

What does the SP do with the token provided by the IdP?

It validates the token with the IdP before granting access.

What is the primary goal of cyber-terrorists?

To expose secrets and disrupt political agendas

What advantage do insider threats have over external threats?

Access to sensitive information and assets

Which group is characterized by individuals who hack to demonstrate their abilities?

Script Kiddies

Which type of malware requires user intervention to execute?

Trojan

What defines nation-states in the context of cybersecurity?

They are usually sponsored by a government and well-funded

What is the main purpose of reconnaissance in a cyber attack?

To gather information on existing infrastructure

What is the primary function of spyware?

To collect information without user consent

Which of the following best describes the term 'target' in cybersecurity?

A system or network that vulnerabilities have been found in

Which of the following malware types is known to encrypt user data and demand payment for decryption?

Ransomware

What type of threats do internal threats pose compared to external threats?

They are within the organization and can maneuvre more freely

How does a virus typically trigger its malicious activity?

When an infected file is opened and executed

Which of the following types of targets could be compromised in a cyber attack?

Chemical, Automotive, and Telecommunications industries

What characteristic differentiates a worm from other types of malware?

Can replicate itself without user action

What is a rootkit primarily used for?

Providing remote access to attackers

In which step of a security attack does the attacker exfiltrate data?

Exfiltration

What can adware potentially be bundled with to enhance its harmful nature?

Spyware

What phase in the cyber attack methodology involves launching the attack after preparation?

Weaponisation

Which method is utilized for intrusion detection when comprehensive data is lacking?

Logical approach

During which phase of a cyber attack does an organization experience operational disruptions such as network outages?

Exploitation

What type of cyber attack is illustrated by the 2016 Indian debit card breach?

Data Breach

What security objective is violated when unauthorized alterations are made to a message?

Integrity

What is the result of a website being unavailable for legitimate users?

Violation of availability

Which of the following consequences is likely after a significant cyber attack on an organization?

Reputation damage

What concept is violated when an attacker pretends to be an authentic user?

Authenticity

Study Notes

Identity Providers and Service Providers

• Identity Providers (IdPs) can be organizations, social media platforms (e.g., Google, Facebook), or dedicated services like Microsoft Azure AD.
• Service Providers (SPs) are entities offering services users seek to access, relying on IdPs for user authentication.
• Trust relationships between IdPs and SPs are established through digital certificates or shared cryptographic keys.

Single Sign-On (SSO)

• Identity federation typically features SSO, permitting users to log in once for access to multiple services.
• SSO functions across different domains and organizations, enhancing user convenience.

Standards and Protocols

• SAML (Security Assertion Markup Language) facilitates authentication and authorization data exchange between IdPs and SPs using XML.
• OAuth allows third-party services to exchange tokens for access, supporting delegated permissions.
• OpenID Connect, built on OAuth 2.0, simplifies federated authentication with its user-friendly protocol.

Identity Federation Process

• User Authentication: Users attempting to access an SP are redirected to the IdP for verification.
• Token Generation: After authenticating the user, the IdP issues a token with identity information and attributes.
• Token Exchange: The user returns to the SP with the token, which the SP verifies with the IdP before granting access.
• Access Granted: Verification success leads to seamless service access without separate logins.

Digital Signatures

• Digital signatures prevent denial of sent messages and protect against message tampering.
• Signer uses a private key to sign documents; receivers use the corresponding public key for verification.
• A digital ID consists of a protected file with a private key, public key, and personal identity information.

Digital Signature Implementation

• The hashing algorithm produces a unique hash for each message, encrypted with the sender's private key as a signature.
• Upon receipt, the message is hashed again; the signature is decrypted using the sender's public key to verify integrity.

Cyber Threats

• Cyber-terrorists: Target sensitive information to cause disruption; pose significant risks to information systems.
• Insider threats: Employees with access to assets may exploit vulnerabilities against their organization.
• Script Kiddies: Non-expert users seeking to exploit systems for fun or challenge.
• Nation-states: Funded entities engaged in espionage, capable of sophisticated attacks on information systems.

Attack Categories

• External Threats: Involve attackers breaching networks from outside.
• Internal Threats: Concern people who already have access, posing risks from within.

Motivations for Cyber Attacks

• Data theft, service disruption, or exploiting vulnerabilities in targeted sectors such as government, energy, and healthcare.
• Preparatory reconnaissance is essential to identify potential targets and vulnerabilities.

Types of Malware

• Trojan: Legitimate software carrier that often distributes other malware.
• Virus: Attaches to files or applications, executing when these are opened, causing system disruption.
• Worm: Self-replicating across networks without user intervention, potentially impairing network performance.
• Ransomware: Encrypts data, demanding ransom for decryption, often employing social engineering tactics.
• Spyware: Collects user information without consent and operates covertly.
• Rootkit: Provides remote access to systems, challenging to detect and remove.
• Adware: Displays advertisements; generally less harmful but may collude with spyware.

Security Threats and Attacks

• Security attacks exploit system vulnerabilities; can be initiated by insiders or external actors.
• Common attack phases include reconnaissance, scanning, exploitation, and data exfiltration.

Managing Cyber Crime

• Prioritize security risk management, real-time intrusion detection, and forensic analysis post-attack.
• Employ logical or statistical methods to handle uncertainty in attack situations.

Consequences of Cyber Attacks

• Organizations suffer from reputational damage, loss of customer trust, legal penalties, and operational disruptions.
• Critical information at risk includes customer data, design documents, and proprietary assets.

Security Objectives Violated in Attacks

• Confidentiality: Breached by unauthorized communication exposure.
• Integrity: Violated through unauthorized message alterations.
• Availability: Affected by Denial of Service attacks rendering resources inaccessible.
• Authenticity: Spoofing attacks impersonate legitimate users.
• Authorization: Elevation of privilege breaches user permissions.
• Repudiation: Involves falsely denying actions taken by users.

Description

This quiz covers the various phases of a cybersecurity attack, including reconnaissance, weaponisation, and exploitation. It also delves into handling uncertainty in attacks through security risk management and intrusion detection. Test your knowledge on the methods used by botnets and the logical approaches for forensic analysis.