M1 - Cybersecurity Threats and Attacks

Questions and Answers

What type of attack involves creating a fake identity or scenario to elicit urgent responses?

• Pretexting (correct)
• Vishing
• Phishing
• Spear Phishing

What is the primary risk associated with foreign-sourced attacks?

• Physical threats to devices
• Malware on personal computers
• Loss of encryption
• Surveillance using products sold by governments (correct)

Which phase of a cyberattack involves gaining higher-level access?

• Covering Tracks
• Gaining Access
• Reconnaissance
• Escalation of Privileges (correct)

Which attack involves the use of telephony systems with spoofed caller IDs?

Vishing (B)

What is a primary concern with cloud computing in terms of data security?

Compliance violations (C)

Which of the following best describes 'watering hole attacks'?

Identifying and exploiting weaknesses in frequently visited websites (A)

Which of these is a methodology used for threat modeling that includes risk analysis?

PASTA (A)

What is the impact of improperly managed Internet of Things (IoT) devices?

Device mismanagement and increased vulnerabilities (B)

Which of the following refers to an attack that entails reworking network devices without authorization?

Tampering (B)

What is an example of social engineering that involves manipulating trust through electronic communications?

Spear phishing (D)

What technique does an attacker use in a denial of service attack?

Congesting the system with large volumes of traffic (D)

Which type of attack uses an intermediary to intercept communications?

Man-in-the-Middle attack (A)

What is the primary goal of an SQL injection attack?

To gain unauthorized access to a web server (D)

Which of the following is NOT a characteristic of social engineering attacks?

Using technical vulnerabilities in software (D)

In a reverse shell attack, what is the attacker's primary strategy?

Initiating communication from inside the target's network (D)

What type of malware is characterized by mutating to avoid detection?

Polymorphic virus (D)

Which attack method involves taking advantage of a system performing operations out of order?

Race condition (C)

What is an example of a network-based attack?

Denial of Service (DoS) (B)

What is spoofing primarily concerned with?

Creating false identities and impersonating others (B)

Which of the following is a common internal threat agent?

Insiders (B)

Flashcards

Network-Based Attacks

A type of attack that uses the infrastructure of a network to disrupt operations.

Covert Channels

A covert channel uses data transmission methods that were not originally intended for such, often disguised to appear as legitimate network traffic.

Buffer Overflows

An overflow in a program's buffer, where the attacker inputs more data than intended, leading to potential code injection.

Denial of Service (DoS)

Flooding a system's network with traffic, congesting it and making it unresponsive to service requests.

Replay Attacks

A cybercriminal intercepts and replays a captured communication at a later time, impersonating a legitimate user.

Port Scanning

Scanning for open ports on a network, often targeting TCP (port 80) for HTTP traffic.

Reverse Shell Attacks

Starting communication behind a firewall, allowing the attacker to bypass it.

Return-Oriented Attacks

Taking parts of legitimate code and using them in a sequence to perform unintended actions.

Spoofing

Impersonating someone by using a fake IP address, domain, or email.

SQL Injection

Exploiting vulnerabilities in web applications to gain unauthorized access to a web server by injecting malicious SQL code.

Rogue Mobile App

A type of malware that appears legitimate but secretly performs malicious actions.

Phishing

A social engineering attack that uses authentic-looking emails to trick users into revealing personal information or visiting fake websites.

Spear Phishing

A specialized type of phishing attack targeting specific employees.

Piggybacking

A physical security attack where an unauthorized person follows someone into a restricted area.

Tampering

A security attack where an attacker tampers with physical infrastructure, such as cabling or adding unauthorized devices.

Embedded Software Code

An attack involving malicious code embedded within software or firmware sold to a company.

Pharming

A cybersecurity attack involving manipulating a victim's computer to direct them to a fake website, often to steal personal information.

Reconnaissance

The first stage of a cyberattack, where attackers gather information about their target.

PASTA

A threat modeling methodology that involves breaking down a system into smaller components to identify vulnerabilities.

VAST

A threat modeling methodology that uses a visual approach to identify and analyze potential threats in a system.

Study Notes

Cybersecurity Threats and Attacks

• Cybersecurity protects an organization's IT infrastructure and data from malicious actors through technology, internal controls, and best practices.

Threat Agents

• Attacker/Hacker: Individuals seeking unauthorized access.
• Adversary: Motivated to attack due to conflict or incentive.
• Government/State-Sponsored: Funded by nation-states.
• Hacktivist: Driven by social or political causes.
• Insider: Someone with authorized access to systems.
• External Threats: Attacks originating outside the organization.

Cyberattack Types

• Network-Based Attacks: Exploit network infrastructure.
  • Backdoors/Trapdoors: Secret access points.
  • Covert Channels: Non-intended data transmission methods.
  • Buffer Overflows: Injecting malicious code by exceeding buffer capacity.
  • Denial-of-Service (DoS): Overwhelm a system with traffic.
  • Distributed Denial-of-Service (DDoS): DoS attacks from multiple sources.
  • Man-in-the-Middle (MITM): Attacker intercepts communication.
  • Replay Attacks: Attacker replays intercepted communications.
  • Port Scanning: Identify open ports.
  • Reverse Shell Attacks: Bypass firewalls.
  • Return-Oriented Attacks: Combine legitimate code sequences.
  • Spoofing: Impersonation (e.g., IP, MAC, DNS, hyperlink).
• Application-Based Attacks: Target application vulnerabilities.
  • SQL Injection: Inject malicious SQL code into applications.
  • Cross-Site Scripting (XSS): Inject malicious scripts into websites.
  • Race Condition: Exploit timing vulnerabilities.
  • Mobile Code (Malicious): Self-replicating from computer to computer.
• Host-Based Attacks: Target a single host.
  • Brute-Force Attacks: Systematically try passwords.
  • Keystroke Logging: Record keystrokes.
  • Malware: Unauthorized software (viruses, worms, Trojans, adware, spyware).
  • Rogue Mobile Apps: Malicious applications disguised as legitimate ones.
• Social Engineering Attacks: Exploit human psychology.
  • Phishing: Deceptive emails/messages.
  • Spear Phishing: Targeted phishing attacks.
  • Business Email Compromise (BEC): Targets executives.
  • Pretexting: Create a fake scenario.
  • Vishing: Phishing over the phone.
• Physical (On-Premises) Attacks: Exploit physical access.
  • Piggybacking: Following someone into a restricted area.
  • Tampering: Physically altering equipment.
  • Theft: Unauthorized removal of assets.
• Supply Chain Attacks: Exploit vulnerabilities in the supply chain.
  • Embedded Software Code: Malicious software within hardware/software.
  • Foreign-Sourced Attacks: Malicious code disguised as legitimate products.
  • Watering Hole Attacks: Target websites used by multiple organizations.

Cyberattack Stages

• Reconnaissance: Gathering information.
• Gaining Access: Entering the target system.
• Privilege Escalation: Increasing access level.
• Maintaining Access: Staying in the system.
• Network Exploitation and Exfiltration: Malicious activity.
• Covering Tracks: Hiding the attack.

Risks in Different Technologies

• Cloud Computing: Additional exposure, malware, compliance violations, data/control loss, visibility loss, multi-cloud management, intellectual property theft.
• Mobile Technologies: Malware, lack of updates/encryption, physical threats, unsecured Wi-Fi, location tracking.
• Internet of Things (IoT): Device mismanagement, spoofing, escalated cyberattacks, expanded footprint, information theft, outdated firmware, malware, network attacks.

Threat Modeling Methodologies

• PASTA (Process for Attack Simulation and Threat Analysis): Define objectives, scope, decomposition, threat/vulnerability analysis, attack modeling/simulation, and risk analysis.
• VAST (Visual, Agile, and Simple Threat): Flexible model for scaling threat analysis.
• STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial-of-Service, Elevation of Privilege): Categorizes various threats.