Cybersecurity: Phishing and Malware

Questions and Answers

Which of the following scenarios BEST exemplifies a spear phishing attack?

• Leaving a USB drive labeled 'Company Bonus Info' in the company parking lot.
• Creating a fake social media profile to befriend employees and gather information.
• Targeting the CEO of a company with a personalized email containing details about their recent travel, aiming to steal their credentials. (correct)
• Sending out a mass email disguised as a bank notification to thousands of recipients.

A user downloads what appears to be a legitimate PDF document from an unknown website, but shortly after, their computer begins exhibiting unusual behavior. What type of malware is MOST likely responsible?

• Trojan (correct)
• Adware
• Worm
• Spyware

Which ransomware type encrypts files on a system, rendering them inaccessible until a ransom is paid?

• Locker Ransomware
• Spyware
• Crypto Ransomware (correct)
• Adware

An attacker calls an IT help desk, impersonating a senior executive and claiming they are locked out of their account before tricking the IT staff into resetting the executive's password and providing temporary credentials. Which social engineering technique is being employed?

Impersonation (A)

An employee receives an email that appears to be from a colleague. It includes a link to a document that the 'colleague' claims to have updated. Upon clicking the link, the employee's machine becomes infected with malware. This attack is BEST described as...

Clone Phishing (A)

What is the PRIMARY goal of employee cybersecurity awareness training?

To equip employees with the ability to identify and avoid potential cyber threats. (B)

Which type of malware is designed to automatically replicate and spread to other computers across a network, without any action from the user?

Worm (B)

A cybercriminal leaves a USB drive labeled 'Company Salary Report' in a public area of a company, hoping an employee will plug it into their computer. This is an example of what type of social engineering attack?

Baiting (B)

Which security measure primarily mitigates unauthorized access by requiring users to provide multiple verification factors?

Multi-Factor Authentication (MFA) (A)

In the context of cybersecurity, what is the primary goal of an Incident Response Plan (IRP) following a detected data breach?

To identify and remove threats, isolate affected systems, and restore normal operations (B)

Which of the following scenarios is the MOST representative example of a 'Negligent Insider' threat?

An employee unknowingly downloads malware from an unsecured website, compromising sensitive data. (A)

What is the primary purpose of performing regular risk assessments and security audits as part of a risk management plan?

To identify vulnerabilities and improve security measures (C)

Which technique involves an attacker taking control of an active user's session to bypass authentication and gain unauthorized access?

Session hijacking (B)

Which of the following is NOT a typical cause of a data breach?

Regular software updates (A)

What is the primary goal of having a backup and disaster recovery plan in the context of cybersecurity risk management?

To ensure business continuity and data restoration after a disruptive event (B)

Which of these strategies can help mitigate the risk of data breaches caused by phishing attacks?

Employee training on identifying phishing emails (D)

Flashcards

Phishing

Impersonating trusted entities to steal sensitive information.

Email Phishing

Fake emails with malicious links or attachments.

Spear Phishing

Targeted phishing attacks using personal details.

Malware

Malicious software designed to harm systems and steal data.

Ransomware

Malware that encrypts files and demands ransom.

Locker Ransomware

Locks users out of their system.

Crypto Ransomware

Encrypts files and demands payment.

Social Engineering

Psychological manipulation to steal sensitive information.

Unauthorized Access

Gaining unauthorized entry to systems or data.

Data Breach

An attack that exposes sensitive information.

Insider Threat

Threats originating from within an organization.

Password Cracking

Using force or guesswork to discover passwords.

Session Hijacking

Taking control of an active user's session.

Exploiting Software Vulnerabilities

Attacking systems by exploiting known weaknesses.

Insider Threat (Definition)

Employees, contractors, or partners misusing access.

Malicious Insiders

Intentional harm caused by insiders.

Study Notes

• Cybersecurity threats can be mitigated by implementing a variety of common preventative measures and response strategies

Phishing

• Aims to steal sensitive information by impersonating trusted entities
• Techniques include email phishing, spear phishing, smishing, vishing, clone phishing, and whaling
• Email Phishing: Uses fake emails with malicious links or attachments
• Spear Phishing: Targets attacks using personal details
• Smishing: Employs fraudulent SMS messages
• Vishing: Uses phone scams posing as legitimate calls
• Clone Phishing: Replicates real emails with altered links
• Whaling: Targets high-level executives

Malware

• Malicious software is designed to harm systems and steal data
• Various forms of it exist, including viruses, worms, trojans, spyware and adware
• Viruses: Attach to files and spread
• Worms: Spread automatically without user action
• Trojans: Are disguised as legitimate software
• Spyware: Secretly collects user data
• Adware: Displays unwanted ads and collects data

Unauthorized Access

• Involves gaining entry to systems without permission, leading to data breaches
• Techniques used include password cracking, session hijacking, and exploiting software vulnerabilities
• Password Cracking: Uses brute force or guessing passwords to gain access
• Session Hijacking: Takes over active user sessions
• Exploiting Software Vulnerabilities: Hacks weak systems to gain access

Data Breach

• The exposure of sensitive data is often due to cyberattacks or human error
• Common causes include phishing, malware, social engineering, software vulnerabilities, and insider threats

Insider Threat

• Presents security risks from employees, contractors, or partners misusing access
• Two types: malicious insiders (intentional harm) and negligent insiders (careless mistakes)
• Compromised insiders have had accounts hacked and used for attacks

Ransomware Attack

• Malware that encrypts files and demands ransom
• Types include Locker Ransomware and Crypto Ransomware
• Locker Ransomware prevents users from accessing their system
• Crypto Ransomware encrypts files and demands payment

Social Engineering

• Psychological manipulation used to steal sensitive information
• Techniques include phishing, pretexting, impersonation, and baiting
• Pretexting creates false scenarios to gain access
• Impersonation involves posing as trusted individuals
• Baiting uses tempting offers to deploy malware

Common Preventive Measures

• Apply to all threats
• Employee training and awareness programs
• Multi-factor authentication (MFA)
• Access control and encryption
• Regular software updates
• Network security and monitoring
• Email filtering and safe downloads

Common Response Strategies

• To use when an attack happens
• Incident response plan (IRP) implementation
• Isolate affected systems
• Identify and remove threats
• Report to authorities
• Communicate with stakeholders

Common Risk Management Plans

• Long-term strategies to mitigate risk
• Regular risk assessments and security audits
• Backup and disaster recovery planning
• Cyber insurance coverage
• Continuous threat monitoring

Description

Explore cybersecurity threats, focusing on phishing techniques such as email phishing, spear phishing, smishing, vishing, clone phishing, and whaling. Learn about malware types, including viruses, worms, trojans, spyware and adware, and how they compromise systems and data.