Cybersecurity Chapter 3: Threats and Attacks

Questions and Answers

What is the primary function of ransomware?

• To display annoying advertisements to users.
• To hold a computer system or data hostage until a payment is made. (correct)
• To encrypt personal files for backup purposes.
• To steal personal information without the user's knowledge.

How does a backdoor typically gain access to a system?

• By using legitimate credentials provided by the user.
• By creating strong security protocols to protect the system.
• By directly accessing hardware components without software.
• By bypassing normal authentication mechanisms. (correct)

What is the main characteristic that distinguishes worms from viruses?

• Worms can replicate and spread independently across networks. (correct)
• Worms require user participation to activate.
• Worms attach themselves to other executable files.
• Worms only execute on specific dates or times.

Which type of malware collects information about a user's activities?

Spyware (B)

What is the primary characteristic of adware?

To display unwanted advertisements. (B)

Which of the following best describes a Trojan horse?

Malicious code disguised as a legitimate application. (A)

What method does scareware often use to manipulate users?

Creating fear through deceptive pop-ups. (C)

What triggers the activation of a logic bomb?

A specific event or condition, such as date or program execution. (A)

Which term describes unsolicited emails that can lead to harmful links or malware?

Spam (C)

Which type of malware attaches to non-executable files such as images or games?

Trojan horse (A)

What is the objective of phishing attacks?

To gather login credentials or account information deceitfully. (A)

What is a primary function of viruses in cybersecurity?

To spread by attaching themselves to executable files. (B)

What often happens as a result of installing spyware on a computer?

User activity can be tracked and exploited. (A)

How do worms typically affect computer networks?

They replicate and consume network resources. (D)

Which of these statements about malware types is true?

Logic bombs activate based on specific triggers. (B)

Which malware type remains inactive until a specific trigger occurs?

Logic Bomb (B)

What is the primary goal of spear phishing?

To target a specific individual with customized emails (C)

What characterizes vishing compared to traditional phishing?

It involves voice communication technology (A)

Which method does pharming employ to deceive users?

Creating a fake website that mimics a legitimate one (D)

Whaling is a form of phishing that specifically targets which group?

High profile individuals within an organization (B)

How does SEO poisoning manipulate search engine behavior?

By making malicious websites appear higher in results (A)

What is the function of a browser hijacker?

To alter browser settings to redirect users (B)

Which of the following best describes the presentation of malicious plugins?

They enhance functionality but may carry risks (C)

What is a major risk associated with drive-by downloads?

They often install malware without user permission (B)

What is the primary method used in social engineering attacks?

Manipulating individuals into divulging information (C)

Which of the following describes the action of an attacker calling someone and lying to gain access to private data?

Pretexting (A)

What distinguishes quid pro quo social engineering from other types?

It involves an exchange of personal information for a reward (D)

Which two terms refer to the practice of a criminal gaining unauthorized access by following an authorized person?

Piggybacking and Tailgating (C)

How do shoulder surfing and dumpster diving typically differ in their methods?

Shoulder surfing relies on physical closeness while dumpster diving involves scavenging waste (C)

Which attack aims to disrupt network services to users or applications?

Denial-of-Service (DoS) attack (D)

In the context of social engineering, what does impersonation typically involve?

Pretending to be someone else to extract information (B)

What consequence could arise from forwarding non-work-related emails at work?

Potential disciplinary actions (A)

What is grayware primarily associated with?

Mobile security threats (C)

SMiShing involves which of the following actions?

Sending fake SMS messages to trick users (C)

How is a rogue access point typically installed?

On a secure network without authorization (B)

What does RF jamming primarily disrupt?

Wireless signal transmission (B)

Which statement about WEP is correct?

It aims to secure WLAN with encryption. (D)

What is the primary advantage of WPA2 over WEP?

More resilient encryption methods (D)

Bluesnarfing allows an attacker to do what?

Copy sensitive information from the victim's device (B)

What is a potential result of visiting a malicious link in a SMS?

Downloading malware to the device (D)

What is a major vulnerability of WPA2?

It is susceptible to packet analysis. (B)

What can be an effective first step in securing a WLAN?

Change default configuration settings to enable security features. (A)

How can organizations detect rogue access points?

Using WLAN tools like NetStumbler. (C)

What is cross-site scripting (XSS) primarily concerned with?

Injecting scripts into web applications. (A)

What is a key characteristic of code injection attacks?

They exploit weaknesses in database query validation. (C)

What occurs during a buffer overflow?

Data overwrites allocated memory of other processes. (D)

What is one way to allow guests internet access securely?

Implementing a guest policy for Internet access. (A)

What role does a VPN play in WLAN access for authorized employees?

It allows secure remote access over the WLAN. (C)

Flashcards

Malware

Harmful software designed to damage or disrupt a computer system.

Virus

Malware that attaches itself to other programs and then replicates.

Worm

Self-replicating malware that spreads through networks, often slowing them down.

Trojan Horse

Malware masquerading as a legitimate program, giving it access to a system.

Logic Bomb

Malware activated by a specific event, such as a date or file deletion.

Ransomware

Software that holds a computer system or data hostage until a payment is made.

Backdoor

A hidden way of accessing a computer system bypassing normal security measures, introduced by a malicious actor.

Rootkit

Software that modifies the operating system to create a backdoor for attackers to gain remote access.

Spam

Unsolicited email, often used for advertising, but can carry harmful links or malware.

Spyware

Software that tracks user activity, gathers information, and can modify system settings.

Adware

Software that displays annoying ads to generate revenue for its creators, often tracking user browsing habits.

Scareware

Software designed to trick the user into taking action based on fear, usually through fake dialog boxes.

Phishing

A fraudulent attempt to obtain confidential information, like login credentials, by impersonating a reputable entity.

Phishing

A type of attack that tries to trick people into doing something they shouldn't, like installing malware or giving away personal info. It usually involves misleading emails.

Spear Phishing

A very targeted phishing attack. The attackers send highly customized emails to specific people, making them seem more legitimate.

Vishing

Phishing done over the phone. Attackers might pretend to be a trusted company or person.

Pharming

Attackers pretend to be a real website to trick users.

Whaling

Phishing attack targeting high-level people in a company, like CEOs.

Plugins

Software add-ons that often enhance web pages. But sometimes these plugins can contain hidden malware.

SEO Poisoning

Using SEO techniques to trick search results so that malicious websites appear higher in search rankings.

Browser Hijacker

Malware that changes your browser settings to redirect you to unwanted sites.

Social Engineering

A non-technical attack that manipulates individuals into performing actions or divulging confidential information.

Pretexting

A social engineering attack where an attacker lies to gain access to privileged data.

Quid Pro Quo

A social engineering attack where an attacker requests information in exchange for something.

Shoulder Surfing

Stealing sensitive information by watching someone, often in close proximity, enter their PINs or passwords.

Dumpster Diving

Stealing sensitive information from discarded documents.

Impersonation

A social engineering attack where an attacker pretends to be someone else.

Hoaxes

A social engineering attack that spreads false information with the intention to deceive..

Piggybacking

Following an authorized person to gain access to a secure area.

Tailgating

Gaining entry to a secured area by following someone who has already gained access.

Denial-of-Service (DoS) Attack

A network attack that interrupts network services for users, devices or applications by overwhelming the system.

Grayware

Software that's not malware, but can still be harmful.

SMiShing

Phishing attacks using SMS text messages.

Rogue Access Point

Unauthorized wireless access point on a network.

RF Jamming

Disrupting wireless signals intentionally.

Bluejacking

Sending unwanted messages to Bluetooth devices.

Bluesnarfing

Stealing info from a Bluetooth device.

WEP

Outdated wireless security protocol; easily hacked.

WPA2

Improved wireless security protocol replacing WEP.

WPA2 vulnerability

Attackers can analyze network traffic between an access point and a user to crack passwords offline using packet sniffers.

Wireless Security Features

Basic security features like authentication and encryption that protect wireless networks.

Access Point Placement

Strategically placing access points outside the firewall or in a DMZ to limit potential network exposures.

Rogue Access Points

Unauthorized access points that can be detected using WLAN tools.

Guest Policy

A policy that defines how guests can connect to a network while visiting.

VPN for WLAN

A secure connection method for employees using wireless networks.

Cross-site scripting (XSS)

A web application vulnerability allowing attackers to inject malicious scripts into web pages.

SQL Injection

Exploiting weaknesses in database programs by improperly validating database queries.

Buffer Overflow

An attack where attackers manipulate data to go beyond allocated memory limits.

Study Notes

Chapter 3: Cybersecurity Threats, Vulnerabilities, and Attacks

• Cybersecurity threats, vulnerabilities, and attacks are the central focus of cybersecurity specialists.
• The chapter covers various cyberattacks launched by cybercriminals.
• Malware and malicious code threats are explained.
• Deception techniques, including social engineering, are discussed.
• The chapter details attacks on wired and wireless networks.
• Application vulnerabilities are also explored.
• Understanding these threats helps organizations identify vulnerabilities and develop defenses against attacks.

3.1 Malware and Malicious Code

• Cybercriminals use malware to target user devices.
• Viruses are malicious executable code attached to legitimate programs.
• Worms are malicious code that replicates independently.
• Trojan horses are malware that masquerade as legitimate programs.
• Logic bombs are malicious programs triggered by specific events.
• Ransomware holds computer systems or data captive demanding payment.
• Backdoors and rootkits are malicious programs that bypass normal security.

3.2 Deception

• Social engineering is a non-technical method to gather information.
• Social engineers manipulate individuals for actions or disclosures.
• Pretexting involves creating false scenarios to extract information.
• Quid pro quo involves requesting information in exchange for something.
• Shoulder surfing and dumpster diving involve observing or accessing discarded information.
• Impersonation is pretending to be someone else to gain access.
• HOAX messages are false or misleading information.
• Piggybacking and tailgating involves following authorized people to gain access.
• Online, emails, and web-based trickery involves deceiving users online.

3.3 Attacks

• Denial-of-Service (DoS) attacks interrupt network services.
• Sniffing involves eavesdropping on network traffic.
• Spoofing involves impersonation to trick systems into trusting false identities.
• Man-in-the-middle (MitM) attacks intercept communications to steal information or manipulate messages.
• Zero-day attacks exploit software vulnerabilities unknown to vendors.
• Keyboard logging records keystrokes to steal sensitive information.
• Grayware are applications that behave undesirably.
• SMiShing involves using SMS messages for phishing attacks.
• Rogue access points are unauthorized wireless access points.
• RF jamming interrupts transmissions

3.4 Chapter Summary

• Cybersecurity threats, vulnerabilities, and attacks are crucial aspects of cybersecurity.
• Types of attacks, vulnerabilities, and deceptive techniques are covered.
• Understanding the threats and vulnerabilities is crucial for network defenses.

Email and Browser Attacks

• Email is a major vulnerability for users and organizations
• Spam is unsolicited email often used for advertising.
• Spyware tracks user activity and collects information.
• Adware displays pop-up advertisements.
• Scareware tricks users into action through fear-based pop-ups.
• Phishing is a form of fraud, used to obtain user credentials.
• Spear phishing targets specific individuals.
• Vishing uses voice communication for phishing.
• Pharming impersonates legitimate websites.
• Whaling targets high-profile individuals.
• Plugins such as Flash and Shockwave can be used for malicious activities
• SEO poisoning uses SEO techniques to make malicious websites more visible.
• Browser hijackers redirect users to malicious sites.

Wireless and Mobile Attacks

• Grayware includes applications acting undesirably.
• SMiShing is SMS phishing through fake text messages.
• Rogue access points are unauthorized wireless access points.
• RF jamming interrupts wireless signals.
• Bluejacking sends unauthorized messages via Bluetooth.
• Bluesnarfing copies information from a Bluetooth device.
• Authentication and encryption settings should be changed from default.
• Wireless devices should be placed outside the firewall or DMZ.
• Tools exist to help find rogue points.
• Guest network policies are important.

Application Attacks

• Cross-site scripting (XSS) allows injecting malicious scripts into web pages.
• Code injection involves using vulnerabilities in databases to perform malicious actions
• Buffer overflows exploit memory vulnerabilities in applications.
• Remote code execution attacks allow executing malicious commands.
• ActiveX controls have the potential to install malicious code.
• Java controls, through their JVM interpreter, can be vulnerable.
• Keeping software up-to-date and writing good code are essential protections.