Cybersecurity Attack Phases and Strategies

Questions and Answers

Which keys are essential for generating a digital ID?

• Two private keys
• Public key and identity information
• Private key and public key (correct)
• Digital signature and timestamp

What indicates a valid user during the verification process?

• Identification of the sender's IP address
• A mismatch in the hash values
• Absence of a digital signature
• A match in the hash values (correct)

What component is NOT included in the signature value during PDF implementation?

• Signer’s public key certificate
• Timestamp (time of signing)
• Sender’s IP address (correct)
• Digital signature (signed message digest)

In the verification algorithm, which key is used to decrypt the received signature?

Sender's public key (B)

What occurs if the received message's hash does not match the decrypted signature hash?

The signature is invalid (B)

What is the purpose of the digital signature in relation to message authenticity?

To ensure data integrity and non-repudiation (D)

What does the digital signature generation algorithm produce when encrypting the hash with the sender's private key?

A unique signature (B)

What computational resources are required for cryptographic mechanisms like digital signatures?

CPU time and memory (C)

What role does the Service Provider (SP) play in identity federation?

The SP relies on the IdP for user authentication. (A)

What is a key purpose of trust relationships in identity federation?

To allow the IdP to trust the SP's claims about user identity. (B)

How does Single Sign-On (SSO) enhance the user experience in identity federation?

SSO allows users to access multiple services with a single login. (A)

Which protocol is known for enabling delegated access using tokens?

OAuth (A)

What is the initial step in the identity federation process?

User Authentication (C)

Which of the following is a widely-used standard for exchanging authentication data?

SAML (C)

What happens after the IdP successfully authenticates the user?

The IdP generates a token containing the user's identity information. (B)

What does the SP do with the token provided by the IdP?

It validates the token with the IdP before granting access. (A)

What is the primary goal of cyber-terrorists?

To expose secrets and disrupt political agendas (C)

What advantage do insider threats have over external threats?

Access to sensitive information and assets (B)

Which group is characterized by individuals who hack to demonstrate their abilities?

Script Kiddies (C)

Which type of malware requires user intervention to execute?

Trojan (B)

What defines nation-states in the context of cybersecurity?

They are usually sponsored by a government and well-funded (C)

What is the main purpose of reconnaissance in a cyber attack?

To gather information on existing infrastructure (B)

What is the primary function of spyware?

To collect information without user consent (A)

Which of the following best describes the term 'target' in cybersecurity?

A system or network that vulnerabilities have been found in (A)

Which of the following malware types is known to encrypt user data and demand payment for decryption?

Ransomware (B)

What type of threats do internal threats pose compared to external threats?

They are within the organization and can maneuvre more freely (A)

How does a virus typically trigger its malicious activity?

When an infected file is opened and executed (A)

Which of the following types of targets could be compromised in a cyber attack?

Chemical, Automotive, and Telecommunications industries (C)

What characteristic differentiates a worm from other types of malware?

Can replicate itself without user action (A)

What is a rootkit primarily used for?

Providing remote access to attackers (B)

In which step of a security attack does the attacker exfiltrate data?

Exfiltration (C)

What can adware potentially be bundled with to enhance its harmful nature?

Spyware (D)

What phase in the cyber attack methodology involves launching the attack after preparation?

Weaponisation (B)

Which method is utilized for intrusion detection when comprehensive data is lacking?

Logical approach (D)

During which phase of a cyber attack does an organization experience operational disruptions such as network outages?

Exploitation (A)

What type of cyber attack is illustrated by the 2016 Indian debit card breach?

Data Breach (D)

What security objective is violated when unauthorized alterations are made to a message?

Integrity (D)

What is the result of a website being unavailable for legitimate users?

Violation of availability (C)

Which of the following consequences is likely after a significant cyber attack on an organization?

Reputation damage (A)

What concept is violated when an attacker pretends to be an authentic user?

Authenticity (D)

Study Notes

Identity Providers and Service Providers

• Identity Providers (IdPs) can be organizations, social media platforms (e.g., Google, Facebook), or dedicated services like Microsoft Azure AD.
• Service Providers (SPs) are entities offering services users seek to access, relying on IdPs for user authentication.
• Trust relationships between IdPs and SPs are established through digital certificates or shared cryptographic keys.

Single Sign-On (SSO)

• Identity federation typically features SSO, permitting users to log in once for access to multiple services.
• SSO functions across different domains and organizations, enhancing user convenience.

Standards and Protocols

• SAML (Security Assertion Markup Language) facilitates authentication and authorization data exchange between IdPs and SPs using XML.
• OAuth allows third-party services to exchange tokens for access, supporting delegated permissions.
• OpenID Connect, built on OAuth 2.0, simplifies federated authentication with its user-friendly protocol.

Identity Federation Process

• User Authentication: Users attempting to access an SP are redirected to the IdP for verification.
• Token Generation: After authenticating the user, the IdP issues a token with identity information and attributes.
• Token Exchange: The user returns to the SP with the token, which the SP verifies with the IdP before granting access.
• Access Granted: Verification success leads to seamless service access without separate logins.

Digital Signatures

• Digital signatures prevent denial of sent messages and protect against message tampering.
• Signer uses a private key to sign documents; receivers use the corresponding public key for verification.
• A digital ID consists of a protected file with a private key, public key, and personal identity information.

Digital Signature Implementation

• The hashing algorithm produces a unique hash for each message, encrypted with the sender's private key as a signature.
• Upon receipt, the message is hashed again; the signature is decrypted using the sender's public key to verify integrity.

Cyber Threats

• Cyber-terrorists: Target sensitive information to cause disruption; pose significant risks to information systems.
• Insider threats: Employees with access to assets may exploit vulnerabilities against their organization.
• Script Kiddies: Non-expert users seeking to exploit systems for fun or challenge.
• Nation-states: Funded entities engaged in espionage, capable of sophisticated attacks on information systems.

Attack Categories

• External Threats: Involve attackers breaching networks from outside.
• Internal Threats: Concern people who already have access, posing risks from within.

Motivations for Cyber Attacks

• Data theft, service disruption, or exploiting vulnerabilities in targeted sectors such as government, energy, and healthcare.
• Preparatory reconnaissance is essential to identify potential targets and vulnerabilities.

Types of Malware

• Trojan: Legitimate software carrier that often distributes other malware.
• Virus: Attaches to files or applications, executing when these are opened, causing system disruption.
• Worm: Self-replicating across networks without user intervention, potentially impairing network performance.
• Ransomware: Encrypts data, demanding ransom for decryption, often employing social engineering tactics.
• Spyware: Collects user information without consent and operates covertly.
• Rootkit: Provides remote access to systems, challenging to detect and remove.
• Adware: Displays advertisements; generally less harmful but may collude with spyware.

Security Threats and Attacks

• Security attacks exploit system vulnerabilities; can be initiated by insiders or external actors.
• Common attack phases include reconnaissance, scanning, exploitation, and data exfiltration.

Managing Cyber Crime

• Prioritize security risk management, real-time intrusion detection, and forensic analysis post-attack.
• Employ logical or statistical methods to handle uncertainty in attack situations.

Consequences of Cyber Attacks

• Organizations suffer from reputational damage, loss of customer trust, legal penalties, and operational disruptions.
• Critical information at risk includes customer data, design documents, and proprietary assets.

Security Objectives Violated in Attacks

• Confidentiality: Breached by unauthorized communication exposure.
• Integrity: Violated through unauthorized message alterations.
• Availability: Affected by Denial of Service attacks rendering resources inaccessible.
• Authenticity: Spoofing attacks impersonate legitimate users.
• Authorization: Elevation of privilege breaches user permissions.
• Repudiation: Involves falsely denying actions taken by users.

Description

This quiz covers the various phases of a cybersecurity attack, including reconnaissance, weaponisation, and exploitation. It also delves into handling uncertainty in attacks through security risk management and intrusion detection. Test your knowledge on the methods used by botnets and the logical approaches for forensic analysis.