Cybersecurity: Encryption, DDOS, SSH Brute Force

Questions and Answers

Why is encryption most vital for data security?

• It renders data unreadable to unauthorized individuals. (correct)
• It speeds up data transfer rates across networks.
• It automatically updates software on devices.
• It compresses data to reduce storage space.

Which measure offers the LEAST protection against cyber attackers?

• Keeping software and antivirus programs up to date.
• Regularly backing up important files to a secure location.
• Enabling multi-factor authentication on important accounts.
• Using the same simple password for multiple accounts. (correct)

What is the primary objective of a Distributed Denial-of-Service (DDoS) attack?

• To steal sensitive user data from a targeted server.
• To secretly install malware on user computers.
• To gain unauthorized access to a website's administrative panel.
• To disrupt a service by overwhelming it with excessive traffic. (correct)

In what scenario might attackers use a DDoS attack as a diversion?

While launching other malicious activities like data breaches. (D)

What vulnerability do SSH brute force attacks primarily exploit to gain unauthorized access?

Weak or default SSH login credentials. (C)

Which outcome is LEAST likely to result from a successful SSH brute force attack?

Permanent physical damage to the server hardware. (D)

What is the main method by which Cross-Site Scripting (XSS) attacks compromise web applications?

By injecting malicious code into web applications. (B)

What is the MOST effective strategy for protecting websites from cyber attacks?

A multi-faceted approach that combines secure coding, encryption and strong authentication. (A)

What is the primary danger associated with a compromised social media account?

The potential for the account to spread malware and malicious content. (D)

What is a critical, proactive measure users can take to reduce the risk of social media attacks?

Using strong, unique passwords for each online platform. (C)

What security risk is introduced to mobile devices through jailbreaking or rooting?

It allows attackers to exploit OS weaknesses and gain elevated permissions. (C)

How do malicious apps primarily compromise mobile devices?

By gaining user access to device data, then collecting and transmitting data to unauthorized sources. (D)

In a Man-in-the-Middle (MitM) attack, what is the attacker's primary objective?

To intercept and monitor communications between two mobile devices. (D)

Why are high-profile brands and executives often targeted in social media attacks?

Their large followings amplify the impact of successful attacks. (B)

What type of network connection makes a mobile device most vulnerable to a MitM attack?

A public Wi-Fi network without encryption. (D)

What action should users take immediately if they suspect their mobile device has been compromised by a malicious app?

Immediately disconnect the device from the internet and run a full scan with a reputable security program. (A)

Which of the following is the MOST effective strategy to defend against phishing attacks?

Avoiding clicking on links in emails from unknown senders and verifying the sender's authenticity. (B)

How does SMiShing differ from traditional phishing attacks conducted via email?

SMiShing uses SMS or text messages instead of email to deliver fraudulent messages or links. (C)

What is the PRIMARY objective of spyware, and how does it typically achieve this?

To secretly gather information about a user's computer activities, often by bundling with legitimate software or Trojan horses. (B)

Which of the following password practices would be MOST effective at preventing brute-force attacks?

Using a password manager to generate and store complex, unique passwords for each account. (A)

How can deepfake profiles on social media be used to manipulate stock prices of an organization?

By impersonating company executives and spreading false information to influence investor behavior. (B)

Which of the following is the MOST critical factor in mitigating the risks associated with deepfake profiles on social media?

Implementing strict social media usage policies for employees and educating them about the risks of deepfakes. (C)

How might a cybercriminal MOST effectively use a deepfake social media profile to spread fake narratives and deceive users?

By creating a network of fake followers and engaging in coordinated disinformation campaigns through the fake profile. (C)

What is the PRIMARY purpose of cybercriminals creating deepfake profiles that impersonate legitimate users or executives of an organization?

To spread fake narratives to deceive users into divulging personal information or engaging in fraudulent activities. (D)

Flashcards

Why is encryption important?

Securing data by making it unreadable to unauthorized users, protecting sensitive information during storage and transmission.

How to avoid attackers?

Using strong, unique passwords; enabling MFA; avoiding suspicious links; keeping software updated; backing up files regularly.

DDoS Attack

A cyberattack that floods a target with excessive requests, overwhelming its capacity and disrupting service.

SSH Brute Force Attack

An attack performed to gain access by brute-forcing SSH login credentials, used to send malicious files unnoticed.

Cross-Site Scripting (XSS)

Injection of malicious code into web applications, giving the hacker access to data like sessions and cookies.

Solutions to Avoid Website Attacks

Secure coding, encryption, regular updates, strong authentication, and advanced security tools.

Multi-Factor Authentication (MFA)

Security measure requiring more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.

Brute Force Attack

Method of gaining access to a system by trying many passwords.

Cybersecurity

Protecting computer systems and networks from theft, damage, or unauthorized access.

Phishing

A cybercrime using deceptive emails to trick individuals into revealing sensitive information.

SMiShing

Using SMS (text messages) to send fraudulent messages or links to deceive users.

Spyware

Software that secretly collects information about a user's computer activity.

Strong Password

A mix of uppercase/lowercase, numbers, and symbols that are hard to guess, protecting access.

Password Manager

Tool to generate and securely store complex, unique passwords.

Deepfake Profiles

Fake social media profiles created to impersonate real people, often used for scams.

Cyber Attack

Compromise of digital accounts, systems, or sensitive data.

Malicious Links

Links or content used to spread malware or lure users to malicious sites.

Compromised Account

Gaining unauthorized control of a social media account.

Social Media Security Solutions

Collaborative efforts by users, platforms, and policymakers to ensure a safe online environment.

Jailbreaking/Rooting

Circumventing software restrictions imposed by the manufacturer on mobile operating systems.

Malicious Apps

Apps designed to steal data or harm a device.

Man-in-the-Middle (MitM)

Attack where communication is intercepted between two devices.

MitM Attack

Cyberattack where criminals intercept communications between mobile devices, often on public Wi-Fi.

Mobile Security Programs

Security programs that scan for malicious apps and alert to suspicious activities.

Study Notes

Why is Encryption Important

• Encryption secures data by making it unreadable to unauthorized users.
• It protects sensitive information during both storage and transmission.

Avoiding Attackers

• Use strong, unique passwords for every account.
• Enable multi-factor authentication, MFA.
• Avoid clicking suspicious links or downloading unknown files.
• Keep software and antivirus programs updated.
• Regularly back up important files to a secure location.

Website Attacks: DDoS

• Distributed Denial-of-Service (DDoS) attacks involve multiple compromised computer systems attacking a single target.
• The goal is to overwhelm the target, like a server or website, with excessive requests.
• This disruption of service can lead to downtime, loss of revenue, and customer trust issues.
• Attackers may also use DDoS attacks as a distraction while launching other malicious activities, such as data breaches.

Website Attacks: SSH Brute Force

• By brute-forcing SSH login credentials, an SSH Brute Force Attack can be performed to gain access.
• Exploits like these can be used to send malicious files without being noticed.
• Unlike many other tactics used by hackers, brute force attacks rely on existing vulnerabilities.

Website Attacks: Cross Site Scripting (XSS)

• Cross-Site Scripting (XSS) attacks target websites with scripting flaws.
• Malicious code is injected into web applications.
• The injected script can give the hacker access to web app data like sessions and cookies

Solutions to Avoid Attacks on Websites

• Protecting websites from cyberattacks involves using a multi-faceted approach.
• Tactics combines secure coding, encryption, regular software updates, strong authentication, and advanced security tools.
• Taking these steps creates a robust defense against potential threats, which helps ensure user data safety.

Email Attacks: Phishing

• Phishing is a cybercrime where targets are contacted by email, telephone, or text message.
• Attackers pose as legitimate institutions to trick individuals into providing sensitive data.
• Sensitive data includes personally identifiable information, banking and credit card details, and passwords.

Email Attacks: SMiShing

• SMiShing involves using Short Message Service (SMS) to send fraudulent links or text messages.
• Criminals trick users into doing things like calling them.
• Victims may provide sensitive information, such as credit card or account details.
• Accessing a website from a link might unknowingly lead to the user downloading malware, infecting their device.

Email Attacks: Spyware

• Spyware is software that allows criminals to collect users' computer activities without their knowledge.
• Spyware features include activity trackers, keystroke collection, and data capture.
• It often modifies security settings.
• This software can bundle itself with legitimate software or act as Trojan horses.
• Many shareware websites contain spyware.

Solutions to Avoid Attacks on Email

• A key way of securing emails is using strong, unique passwords.
• Strong passwords should include a mix of uppercase and lowercase letters, numbers, and special characters.
• Avoid predictable passwords.
• Password managers can help generate and store complex passwords securely.
• Strong passwords significantly hinder attackers from gaining access to email accounts via brute force or dictionary attacks.

Social Media: Deepfake Profiles

• Creating deepfake profiles is a common social media attack.
• Cybercriminals impersonate legitimate users by mimicking well-known public figures or executives.
• These deepfake profiles may manipulate stock prices, spread fake narratives, and deceive users.
• Tricks may involve encouraging users to divulge personal information, click on malicious links, or engage in fraudulent activities.

Social Media: Malicious Links and Content

• A prevalent social media attack involves gaining access to an account in order to post malicious material or spread malware.
• An attacker will impersonate the account owner to defraud others.
• Targeting high-profile figures takes advantage of large followings.

Social Media: Compromised Accounts

• A prevalent social media attack occurs when an account is compromised.
• Consequences could mean that the attacker can post malicious content.
• Consequence could mean the spread of malware or impersonation of the account owner to defraud others.
• High-profile executive and brand accounts often suffer severely because of the large followings.

Solutions to Avoid Attacks on Social Media

• A collaborative approach of social media users, platform providers, and policymakers is necessary to create a safer online environment.
• Tactics such as strong passwords, privacy settings and user education can mitigate the risks of social media attacks.

Mobile Device Attacks: Jailbreaking and Rooting

• Android and iOS devices have security issues from Jailbreaking and rooting
• Attackers can jailbreak a phone by exploiting operation system weaknesses to start rooting through data.

Mobile Device Attacks: Malicious Apps

• Requires users to download apps onto a mobile device.
• Once the malicious App is granted access to the device's data, it can collect and send data to the hacker.
• Security software can scan for malicious Apps.

Mobile Device Attacks: MitM

• Man in the Middle (MitM) attacks occur when a cybercriminal intercepts communications sending data from one mobile device to another.
• Often happens on devices used for work that connect to Company Wi-Fi.

Solutions to Avoid Attacks on Mobile Devices

• Antivirus and security software is an effective defense mechanism.
• Security applications detect and neutralize threats like malware, spyware, and phishing attacks.
• Tools often provide real-time monitoring and scanning features.

Description

Learn about encryption importance and techniques to avoid attackers. Encryption secures data by making it unreadable. Understand DDoS and SSH Brute Force website attacks, and measures to secure against them.