Cybersecurity Chapter 3: Threats and Attacks

Questions and Answers

What is the primary function of ransomware?

To display annoying advertisements to users.

To hold a computer system or data hostage until a payment is made. (correct)

To encrypt personal files for backup purposes.

To steal personal information without the user's knowledge.

How does a backdoor typically gain access to a system?

By using legitimate credentials provided by the user.

By creating strong security protocols to protect the system.

By directly accessing hardware components without software.

By bypassing normal authentication mechanisms. (correct)

What is the main characteristic that distinguishes worms from viruses?

Worms can replicate and spread independently across networks. (correct)

Worms require user participation to activate.

Worms attach themselves to other executable files.

Worms only execute on specific dates or times.

Which type of malware collects information about a user's activities?

Spyware

What is the primary characteristic of adware?

To display unwanted advertisements.

Which of the following best describes a Trojan horse?

Malicious code disguised as a legitimate application.

What method does scareware often use to manipulate users?

Creating fear through deceptive pop-ups.

What triggers the activation of a logic bomb?

A specific event or condition, such as date or program execution.

Which term describes unsolicited emails that can lead to harmful links or malware?

Spam

Which type of malware attaches to non-executable files such as images or games?

Trojan horse

What is the objective of phishing attacks?

To gather login credentials or account information deceitfully.

What is a primary function of viruses in cybersecurity?

To spread by attaching themselves to executable files.

What often happens as a result of installing spyware on a computer?

User activity can be tracked and exploited.

How do worms typically affect computer networks?

They replicate and consume network resources.

Which of these statements about malware types is true?

Logic bombs activate based on specific triggers.

Which malware type remains inactive until a specific trigger occurs?

Logic Bomb

What is the primary goal of spear phishing?

To target a specific individual with customized emails

What characterizes vishing compared to traditional phishing?

It involves voice communication technology

Which method does pharming employ to deceive users?

Creating a fake website that mimics a legitimate one

Whaling is a form of phishing that specifically targets which group?

High profile individuals within an organization

How does SEO poisoning manipulate search engine behavior?

By making malicious websites appear higher in results

What is the function of a browser hijacker?

To alter browser settings to redirect users

Which of the following best describes the presentation of malicious plugins?

They enhance functionality but may carry risks

What is a major risk associated with drive-by downloads?

They often install malware without user permission

What is the primary method used in social engineering attacks?

Manipulating individuals into divulging information

Which of the following describes the action of an attacker calling someone and lying to gain access to private data?

Pretexting

What distinguishes quid pro quo social engineering from other types?

It involves an exchange of personal information for a reward

Which two terms refer to the practice of a criminal gaining unauthorized access by following an authorized person?

Piggybacking and Tailgating

How do shoulder surfing and dumpster diving typically differ in their methods?

Shoulder surfing relies on physical closeness while dumpster diving involves scavenging waste

Which attack aims to disrupt network services to users or applications?

Denial-of-Service (DoS) attack

In the context of social engineering, what does impersonation typically involve?

Pretending to be someone else to extract information

What consequence could arise from forwarding non-work-related emails at work?

Potential disciplinary actions

What is grayware primarily associated with?

Mobile security threats

SMiShing involves which of the following actions?

Sending fake SMS messages to trick users

How is a rogue access point typically installed?

On a secure network without authorization

What does RF jamming primarily disrupt?

Wireless signal transmission

Which statement about WEP is correct?

It aims to secure WLAN with encryption.

What is the primary advantage of WPA2 over WEP?

More resilient encryption methods

Bluesnarfing allows an attacker to do what?

Copy sensitive information from the victim's device

What is a potential result of visiting a malicious link in a SMS?

Downloading malware to the device

What is a major vulnerability of WPA2?

It is susceptible to packet analysis.

What can be an effective first step in securing a WLAN?

Change default configuration settings to enable security features.

How can organizations detect rogue access points?

Using WLAN tools like NetStumbler.

What is cross-site scripting (XSS) primarily concerned with?

Injecting scripts into web applications.

What is a key characteristic of code injection attacks?

They exploit weaknesses in database query validation.

What occurs during a buffer overflow?

Data overwrites allocated memory of other processes.

What is one way to allow guests internet access securely?

Implementing a guest policy for Internet access.

What role does a VPN play in WLAN access for authorized employees?

It allows secure remote access over the WLAN.

Study Notes

Chapter 3: Cybersecurity Threats, Vulnerabilities, and Attacks

• Cybersecurity threats, vulnerabilities, and attacks are the central focus of cybersecurity specialists.
• The chapter covers various cyberattacks launched by cybercriminals.
• Malware and malicious code threats are explained.
• Deception techniques, including social engineering, are discussed.
• The chapter details attacks on wired and wireless networks.
• Application vulnerabilities are also explored.
• Understanding these threats helps organizations identify vulnerabilities and develop defenses against attacks.

3.1 Malware and Malicious Code

• Cybercriminals use malware to target user devices.
• Viruses are malicious executable code attached to legitimate programs.
• Worms are malicious code that replicates independently.
• Trojan horses are malware that masquerade as legitimate programs.
• Logic bombs are malicious programs triggered by specific events.
• Ransomware holds computer systems or data captive demanding payment.
• Backdoors and rootkits are malicious programs that bypass normal security.

3.2 Deception

• Social engineering is a non-technical method to gather information.
• Social engineers manipulate individuals for actions or disclosures.
• Pretexting involves creating false scenarios to extract information.
• Quid pro quo involves requesting information in exchange for something.
• Shoulder surfing and dumpster diving involve observing or accessing discarded information.
• Impersonation is pretending to be someone else to gain access.
• HOAX messages are false or misleading information.
• Piggybacking and tailgating involves following authorized people to gain access.
• Online, emails, and web-based trickery involves deceiving users online.

3.3 Attacks

• Denial-of-Service (DoS) attacks interrupt network services.
• Sniffing involves eavesdropping on network traffic.
• Spoofing involves impersonation to trick systems into trusting false identities.
• Man-in-the-middle (MitM) attacks intercept communications to steal information or manipulate messages.
• Zero-day attacks exploit software vulnerabilities unknown to vendors.
• Keyboard logging records keystrokes to steal sensitive information.
• Grayware are applications that behave undesirably.
• SMiShing involves using SMS messages for phishing attacks.
• Rogue access points are unauthorized wireless access points.
• RF jamming interrupts transmissions

3.4 Chapter Summary

• Cybersecurity threats, vulnerabilities, and attacks are crucial aspects of cybersecurity.
• Types of attacks, vulnerabilities, and deceptive techniques are covered.
• Understanding the threats and vulnerabilities is crucial for network defenses.

Email and Browser Attacks

• Email is a major vulnerability for users and organizations
• Spam is unsolicited email often used for advertising.
• Spyware tracks user activity and collects information.
• Adware displays pop-up advertisements.
• Scareware tricks users into action through fear-based pop-ups.
• Phishing is a form of fraud, used to obtain user credentials.
• Spear phishing targets specific individuals.
• Vishing uses voice communication for phishing.
• Pharming impersonates legitimate websites.
• Whaling targets high-profile individuals.
• Plugins such as Flash and Shockwave can be used for malicious activities
• SEO poisoning uses SEO techniques to make malicious websites more visible.
• Browser hijackers redirect users to malicious sites.

Wireless and Mobile Attacks

• Grayware includes applications acting undesirably.
• SMiShing is SMS phishing through fake text messages.
• Rogue access points are unauthorized wireless access points.
• RF jamming interrupts wireless signals.
• Bluejacking sends unauthorized messages via Bluetooth.
• Bluesnarfing copies information from a Bluetooth device.
• Authentication and encryption settings should be changed from default.
• Wireless devices should be placed outside the firewall or DMZ.
• Tools exist to help find rogue points.
• Guest network policies are important.

Application Attacks

• Cross-site scripting (XSS) allows injecting malicious scripts into web pages.
• Code injection involves using vulnerabilities in databases to perform malicious actions
• Buffer overflows exploit memory vulnerabilities in applications.
• Remote code execution attacks allow executing malicious commands.
• ActiveX controls have the potential to install malicious code.
• Java controls, through their JVM interpreter, can be vulnerable.
• Keeping software up-to-date and writing good code are essential protections.

Description

Explore the various cybersecurity threats and vulnerabilities prevalent in today's digital landscape. This chapter covers critical topics such as malware, deception techniques, and network attacks, providing insights that help organizations bolster their defenses against cybercriminals. Understand the implications of different attack vectors and learn how to identify and mitigate risks.