Cybersecurity Introduction and Goals

Questions and Answers

Which type of attack involves injecting malicious data into a web application to manipulate the application and fetch information?

• Phishing
• Injection attacks (correct)
• DNS Spoofing
• Session Hijacking

DNS Spoofing involves sending a large number of requests to a server to cause it to crash.

False (B)

What type of attack involves stealing cookies to gain access to user data?

Session Hijacking

A _______ attack attempts to steal sensitive information by masquerading as a trustworthy entity in electronic communication.

phishing

Which attack uses a trial and error method by generating a large number of guesses to obtain actual data?

Brute force (C)

A denial of service attack uses multiple compromised systems to overwhelm a target server.

False (B)

Match the following attack types with their descriptions:

DNS Spoofing = Redirects traffic to a false IP address Phishing = Steals information by posing as trustworthy Dictionary Attack = Uses a list of common passwords Denial of Service = Renders system unavailable

Which of these is NOT a category of Denial of Service (DoS) attacks?

Session-based attacks (B)

Which of the following best describes the primary motivation of cybercriminals?

Generating profits through illegal activities (A)

Hacktivists are primarily motivated by financial gain.

False (B)

What are the three broad ways that cybercriminals use computers to do cybercrimes?

Cybercriminals use computers as a target, a weapon, or an accessory.

A state-sponsored attacker's objectives are aligned with the political, commercial, or ________ interests of their country.

military

Match the attacker type with their primary objective:

Cyber Criminals = Financial gain Hacktivists = Promote a cause State-sponsored attackers = National interests

What does Dan Lohrmann describe as 'digital disobedience'?

Hacktivism (D)

State-sponsored attackers often operate with limited resources.

False (B)

Attackers attempt to destroy, expose, alter, disable, steal, or gain ________ access to an asset.

unauthorized

What type of insider threat is typically associated with revenge against an organization?

Malicious Threats (A)

Accidental threats are intentional actions taken by employees to harm an organization's data.

False (B)

What is an example of a negligent threat?

Sharing work on public cloud applications despite strict organizational policies.

Malicious insider threats can sometimes be disguised by __________ through financial incentives or extortion.

outsiders

Match the insider threat type with its description:

Malicious = Insider seeks revenge against the organization Accidental = Threat caused by unintentional actions Negligent = Failure to follow policies leading to potential risks

Which of the following best describes a negligent threat?

Accidental data sharing (C)

Accidental threats can be considered malicious if they result in data breaches.

False (B)

What might motivate an employee to engage in a malicious insider threat?

Dissatisfaction with the organization.

Which type of attack allows an attacker to intercept the connection between a client and a server?

Man in the middle attack (D)

A Trojan horse disguises itself as a reliable application to execute malicious code.

True (A)

What is a virus in terms of computer security?

A self-replicating malicious software program that spreads without the knowledge of the user.

A _______ is a malware that primarily spreads by replicating itself to uninfected computers.

worm

Match the following types of attacks with their descriptions:

Virus = Spreads through computer files without user awareness Worm = Replicates itself to spread to other computers Trojan horse = Misleading application that runs malicious code Backdoor = Bypasses normal authentication processes

What is the purpose of a bot in network services?

To perform automatic tasks or interact with users (B)

File Inclusion attacks enable attackers to execute files that should remain secured or access unauthorized files.

True (A)

Define a backdoor in the context of computer security.

A method to bypass normal authentication processes for access.

Who sent the first electronic message, and what was it intended to say?

Charley Kline, 'login' (C)

The program 'Creeper' was the first antivirus software created.

False (B)

What message did the program 'Creeper' print?

I'M THE CREEPER: CATCH ME IF YOU CAN.

In 1970's, the first computer worm was named _____ and the first antivirus software was named _____.

Creeper, Reaper

Match the following individuals to their contributions:

Leonard Kleinrock = First electronic message Robert Thomas = First computer worm (Creeper) Ray Tomlinson = Inventor of email and Reaper Charley Kline = Sent the message 'login'

What concern has the increase in cyber-attacks highlighted in organizations?

The endangerment of the global economy (B)

The origin of cybersecurity is directly associated with the development of the first email.

False (B)

What key action do organizations need to take regarding their sensitive data?

Protect it

What was the primary purpose of the Morris worm?

To test the size of the internet (B)

The CIA triad stands for Confidentiality, Integrity, and Accountability.

False (B)

Who caught Marcus Hess before he could sell military secrets?

Clifford Stoll

The objectives of Cybersecurity include protecting information from being stolen, compromised, or __________.

attacked

Match the following terms with their descriptions:

Confidentiality = Protecting information from unauthorized access Integrity = Ensuring data is accurate and unaltered Availability = Ensuring data is accessible to authorized users Cyber incident = Any event that impacts the security of information systems

Which hacker is known for hacking into 400 military computers in 1986?

Marcus Hess (D)

The Computer Emergency Response Team was established following the first known internet worm incident.

True (A)

With every new development in technology, there comes an aspect of __________.

vulnerability

Flashcards

Cyber-attack

A malicious attempt to compromise computer systems or networks.

Cybersecurity

Protecting systems and data from digital attacks.

Sensitive data

Information that must be protected from unauthorized access.

Creeper

The first computer worm that spread across ARPANET.

Reaper

The first antivirus software designed to delete Creeper.

ARPANET

The precursor to the modern internet, a network of computers.

Historical message 'login'

First electronic message sent that crashed the system.

Security breaches

Unauthorized access to or misuse of data or systems.

Vulnerability in Cybersecurity

A weakness in a system that can be exploited by hackers.

Morris Worm

The first infamous network virus created by Robert Morris in 1988.

Computer Fraud and Abuse Act

A U.S. law that penalized unauthorized access to computer systems.

Computer Emergency Response Team (CERT)

A non-profit organization that addresses cybersecurity threats.

CIA Triad

A model that focuses on confidentiality, integrity, and availability of data.

Confidentiality in Cybersecurity

Ensuring that sensitive information is accessed only by authorized users.

Integrity in Cybersecurity

Ensuring that information is accurate and unaltered during storage or transmission.

Availability in Cybersecurity

Ensuring that data is accessible to authorized users when needed.

Injection Attacks

Manipulating web applications by injecting data to gain unauthorized access.

SQL Injection

A type of injection attack where SQL code is inserted to manipulate databases.

DNS Spoofing

Introducing false data into a DNS resolver to redirect traffic to the attacker.

Session Hijacking

Stealing a user's session cookies to gain unauthorized access to their data.

Phishing

An attack that disguises as a trustworthy entity to steal sensitive information.

Brute Force Attack

A trial-and-error method used to guess passwords or encryption keys.

Denial of Service

An attack aimed at making a server or network unavailable by overwhelming it with traffic.

Dictionary Attacks

Using a list of commonly used passwords to guess and access accounts.

Cyber Criminals

Individuals or groups committing cybercrime for profit by stealing data.

Malicious Activities

Actions intended to destroy, expose, alter, or steal data.

Hacktivists

Hackers promoting social or political change through cyber activities.

State-sponsored Attackers

Hackers acting on behalf of government interests, often for political reasons.

Cybercrime Techniques

Methods used by cybercriminals to execute their attacks.

Digital Disobedience

Hacking for a cause to challenge injustices, characteristic of hacktivism.

Vulnerabilities

Weaknesses in systems that attackers can exploit.

Economic Motive in Cybercrime

Using cyber tactics to steal data for financial gain.

URL Interpretation Attack

An attack altering URL components to access unauthorized web pages.

File Inclusion Attack

An attack that allows access to unauthorized files on a web server.

Man in the Middle Attack

An attack intercepting communication between client and server.

Virus

Malicious software that replicates by embedding itself in other programs.

Worm

A self-replicating malware that spreads to uninfected computers.

Trojan Horse

A deceptive program that appears benign but executes harmful actions.

Backdoor

A method allowing bypassing of normal security for access.

Bot

An automated program that interacts with network services.

Insider Threat

A security risk that comes from within the organization, typically from employees or former employees.

Malicious Insider Threat

Intentional harm caused by insiders seeking revenge or personal gain, often unhappy employees.

Accidental Insider Threat

Unintentional actions by employees that compromise data security, such as deleting files.

Negligent Insider Threat

Threats caused by employees who ignore or violate security policies, risking data safety.

Dissatisfied Employees

Employees who may act maliciously due to feeling wronged by the organization.

Financial Incentives

Monetary gain that can motivate insiders to compromise security.

Third Parties

External individuals or organizations that can also pose an insider threat, including contractors.

Confidential Data Sharing

The unauthorized sharing of sensitive information that goes against company policy.

Study Notes

Cybersecurity Introduction

• Cybersecurity encompasses people, processes, and technologies to reduce threats, vulnerabilities, and international engagement.
• It involves incident response, resiliency, and recovery policies.
• Cybersecurity protects internet-connected systems (hardware, software, data) from cyberattacks.
• It includes systems security, network security, and application/information security.
• Cybersecurity protects networks, devices, programs, and data from unauthorized access, theft, damage, and modification.
• Cybersecurity is a fundamental function to protect critical business operations.

Cybersecurity Goals

• The objective of cybersecurity is to protect information from theft, compromise, or attack.
• Three key goals measure cybersecurity: confidentiality, integrity, and availability.
• Confidentiality ensures that information is protected from unauthorized access.
• Integrity ensures the accuracy and reliability of information.
• Availability ensures authorized users can access information when needed.

Tools for Confidentiality

• Encryption transforms information into an unreadable format (cipher text) for unauthorized users.
• Access control defines rules and policies to limit access to resources (system, physical, or virtual).
• Authentication verifies a user's identity through credentials.

Tools for Integrity

• Backups create copies of data for restoration in case of loss or destruction.
• Checksums verify data integrity by generating a unique numerical value.

Tools for Availability

• Physical protections safeguard information technology assets in secure locations.
• Computational redundancies provide failover systems for continuous operations.

Types of Cyber Attacks and Attackers

• Cyberattacks exploit computer systems and networks to gain malicious access to data and systems.
• Web-based attacks target websites and applications.
• System-based attacks target computer hardware and software.
• Attackers include individuals and groups with various motivations (profit, political, etc) including cybercriminals, hacktivists, state-sponsored attackers, and insider threats.

Insider Threats

• Insider threats are security risks originating from within an organization.
• Categories include malicious (deliberate harm), accidental (unintentional errors), and negligent (failure to follow procedure).

Cybersecurity as a necessity

• Cybersecurity is critical to protect sensitive data and operations of all businesses, from online transactions to critical national infrastructure.
• Cybersecurity efforts are crucial to maintain stable information flow, maintain confidentiality, and provide data to authorized users.