Cybersecurity Threats and Best Practices

Questions and Answers

Which of the following is the primary goal of ransomware attacks?

• To gain unauthorized access to valuable data by exploiting human interactions.
• To disrupt network services with overwhelming traffic.
• To steal personal information through deceptive emails.
• To encrypt a victim's data and demand payment for decryption. (correct)

What is the main characteristic that distinguishes spear phishing from regular phishing?

• Spear phishing targets a wide range of individuals, while regular phishing targets specific individuals.
• Spear phishing is highly tailored and convincing, often appearing from trusted sources, while regular phishing is generic. (correct)
• Spear phishing uses text messages, while regular phishing uses malicious websites.
• Spear phishing uses phone calls, while regular phishing uses emails.

In a 'vishing' attack, what method do attackers primarily use to extract sensitive information?

• Fake URLs in text messages.
• Malicious email attachments.
• Phone calls under false pretenses. (correct)
• Compromised USB drives.

What is the primary method used in 'smishing' attacks to compromise personal data?

Sending text messages with urgent requests and malicious links. (D)

How do 'baiting' tactics in cybersecurity typically entice their victims?

By promising goods or information, often through infected physical media. (C)

What is the main objective of attackers using 'pretexting' as a phishing variant?

To obtain personal information under false pretenses. (C)

In the context of cybersecurity, what is the main characteristic of 'injection attacks'?

They involve sending untrusted data to an interpreter as part of a command or query. (D)

How does SQL injection primarily threaten database security?

By inserting malicious SQL statements into input fields to manipulate a database. (B)

What is the primary action performed during a 'code injection' attack?

Injecting malicious code into a vulnerable application for server execution. (A)

How does an OS command injection attack allow an attacker to gain control over a system?

By executing shell commands through manipulated input forms processed by application servers. (D)

What is the main purpose of a 'man-in-the-middle' (MitM) attack?

To intercept communications between two parties and steal or manipulate information. (D)

What does a supply chain attack primarily target?

Compromising software or hardware before they reach the consumer. (D)

What is the definition of an insider threat?

A threat that arises from individuals within an organization who misuse their access to systems and data. (B)

What are Advanced Persistent Threats (APTs) known for?

Complex, stealthy, and prolonged attacks aimed at specific targets. (B)

How do viruses spread and cause damage?

By attaching themselves to clean files and infecting other clean files. (D)

What distinguishes worms from viruses in terms of their propagation method?

Worms self-replicate without human intervention, while viruses attach to files. (D)

What is the main purpose of cryptojacking?

To hijack computer resources to mine cryptocurrency. (A)

What is a common vulnerability found in Internet of Things (IoT) devices that makes them susceptible to attacks?

Insecure firmware and weak authentication protocols. (A)

When businesses rely on cloud computing, what are the most common security issues that lead to unauthorized access and data breaches?

Misconfigurations and inadequate access controls. (D)

What is the primary goal of nation-state cyber activities?

Espionage, sabotage, or influencing global political landscapes. (A)

Why are APTs considered particularly dangerous compared to other cyber threats?

They are executed over extended periods and often target national governments. (C)

Which of the following is a characteristic of Highly Targeted attacks?

Attackers spend considerable time and resources to target specific entities or sectors. (D)

What is the term for when APTs move laterally through a network to establish footholds in different parts of an organization's digital infrastructure?

Lateral Movement (C)

What is multi-factor authentication?

Using multiple verification methods. (B)

What factor is least suggestive that a website is reliable?

The website uses the colours blue, green and red. (D)

Which of the following is NOT a reason that closing unused accounts improve your Cybersecurity posture?

Closing unused accounts improves your ability to backup data. (B)

Why should you be careful who you meet online?

Strangers on the internet can be dangerous e.g. Catfishing. (D)

Which of the following best describes the 'principle of least privilege' in the context of access controls?

Granting employees access only to the resources necessary for their job functions. (C)

What is the main purpose of implementing User and Entity Behavior Analytics (UEBA) in an organization?

Detecting anomalous behavior patterns that may indicate malicious activity or policy violations. (A)

What is one measure that isn't included in strategies to prevent cyberattacks?

Frequent Data Deletion (A)

How do viruses attach to files to infect other files?

Attaching themselves to clean files. (B)

How does leveraging encryption as a security measure address the confidentiality of your data?

Rendering data unreadable to unauthorised users. (B)

How would you describe the benefit of keeping your software and system OS updated to safeguard your online security?

Patches security vulnerabilities for the latest version. (A)

You receive an email with an attachment from an unknown sender. The email claims that the attachment contains important information about a recent transaction you made. What should you do?

Report the email as SPAM and delete, do not download. (A)

You receive an email from a legitimate company, the email requests that you click a link in order to reset your password. What should you do?

Do not click the link. Instead manually visit the website and change your password. (D)

Which of the following factors describe a strong password?

Includes at least one number, symbol, uppercase and lowercase letter. (B)

You are at a local library using their internet connection. Without changing any settings you decide to log into your online banking with your default settings. What is the vulnerability?

Hackers may be operating on the unsecure wireless network. (A)

How can you ensure that links are legitimate when navigating the internet, despite modern techniques to shorten links?

You should check that links are legitimate by manually visiting the website. (C)

Flashcards

Cybersecurity

Standards and practices to protect applications, data, networks, and systems.

Malware

Harmful software used to access a system's data.

Social Engineering

Exploiting human interactions to gain unauthorized access.

Ransomware

Encrypting data and demanding payment for decryption.

DDoS

Overloading systems with internet traffic to disrupt services.

Phishing

Deceiving victims using malicious email attachments or URLs.

Spear Phishing

Highly tailored phishing messages targeting specific individuals.

Vishing

Using phone calls to extract sensitive information.

Smishing

Using text messages with urgent requests to compromise data

Baiting

Enticing victims with promises of goods or information.

Pretexting

Obtaining personal information under false pretenses.

Injection Attacks

Sending untrusted data to an interpreter to execute unintended commands.

SQL Injection

Manipulating SQL statements to affect a database.

Code Injection

Injecting malicious code into a vulnerable application.

OS Command Injection

Executing shell commands to perform operations on a computer system.

Man-in-the-Middle attack

Attacks that intercept communications to steal or manipulate data.

Supply Chain Attacks

Compromising software/hardware before reaching the consumer.

Insider Threats

Threats from within an organization, malicious or accidental.

Advanced Persistent Threats (APTs)

Complex, stealthy attacks aimed at specific targets over long periods.

Cryptojacking

Hijacking computer resources to mine cryptocurrency.

IoT Attacks

Attacks targeting devices connected through the internet.

Cloud Security

Vulnerabilities like misconfigurations that lead to unauthorized access.

Nation-state Cyber Activities

Espionage, sabotage, or influencing global political landscapes.

Highly Targeted

Tailoring tactics based on the vulnerabilities and value of targets.

Long-term engagement

Involve long durations with stealing data or awaiting the right moment.

Use of advanced malware

Often involve complex malware and spear-phishing attacks.

Evasion techniques

Sophisticated methods to evade detection, including encryption.

Lateral movement

Move laterally to establish footholds in the organization's digital infrastructure.

Study Notes

Unit 3: Cybersecurity

• Cybersecurity involves standards and practices used by organizations to protect applications, data, programs, networks, and systems from cyberattacks and unauthorized access.

Main topics

• Common cybersecurity threats
• Best practices for online security
• Strategies for safeguarding personal and professional information

Common Cybersecurity Threats

• Malware: Harmful software like spyware, viruses, ransomware, and worms used by cyberattackers to access system data.
• Social engineering: Exploitation of human interactions to gain unauthorized access to information and systems.
• Phishing: Tricking users to divulge sensitive data, often through malicious links.
• Ransomware attacks: Encrypting a victim's data and demanding payment for decryption keys.
• Distributed denial of service (DDoS) attacks: Overloading systems with internet traffic to disrupt services.
• Spam, scam
• Phishing intends to deceive the victim by using malicious email attachments, fake URLs, or malicious websites pretending to be legitimate, to induce the victim to provide desired information to the attacker.

Phishing Variants

• Spear phishing targets individuals with tailored convincing messages, impersonating colleagues or trusted sources, e.g., posing as tech support for VPN complications.
• Vishing involves phone calls to extract sensitive data by impersonating legitimate entities like banks, alerting victims about suspicious transactions to coax personal account verification, leading to financial theft.
• Smishing is the use of text messages disguised as urgent requests to trick people into clicking malicious links compromising personal data.
• Baiting involves enticing victims with goods or information, such as distributing USB drives with malware hidden within purportedly important work-related data.
• Pretexting involves attackers using false pretenses to obtain personal information, e.g., posing as surveyors to exploit trust and gain confidential data for business or security audits.

Injection Attacks

• Injection attacks occur across platforms, especially web applications an attacker sends untrusted data to an interpreter, which executes unintended commands or accesses data without authorization.
• SQL injection is the insertion of malicious SQL statements into input fields to manipulate a database, potentially disclosing, modifying, or deleting data.
• Code injection involves injecting malicious code into a vulnerable application, which is then executed by a server.
• OS command injection happens when an attacker inputs shell commands into a command-line interface to perform functions on a system, often gaining control of the operating system.
• Man-in-the-middle (MitM) attacks intercept communications between two parties to steal or manipulate information.
• Supply chain attacks compromise software or hardware before they reach the consumer.

Additional Threats

• Insider threats: Arise from within an organization, either accidental or malicious, bypassing traditional security.
• Advanced persistent threats (APTs): Complex, stealthy attacks targeting specific data or disruption, and they are undetected for long periods.
• Viruses and worms are malware that can spread uncontrollably, damaging core system functions and data, with worms self-replicating and exploiting vulnerabilities in the network.
• Cryptojacking is a stealthy threat that hijacks computer resources to mine cryptocurrency.
• Internet of Things attacks: IoT devices' lack of security makes them vulnerable, utilizing insecure firmware, weak authentication, and unsecured network services.
• Nation-state cyber activities target espionage, sabotage, or influencing global political landscapes.
• Insider threats arise from individuals abusing their access to systems and data within an organization, whether maliciously or through negligence.

Characteristics of APTs

• Highly targeted: Attackers focus on specific entities, tailoring their tactics based on the target’s vulnerabilities and value.
• Long-term engagement: APTs seek sustained access to a network, potentially lasting years, to continually steal data or await the opportune moment to act.
• The use of advanced malware: This includes complex malware and spear-phishing attacks to establish initial access and ensure continued presence within the target's infrastructure.
• Evasion techniques: Sophisticated methods like encryption, kill switches, and zero-day exploits are employed to avoid detection.
• Lateral movement: APTs moves through the compromised digital infrastructure to establish footholds in different parts of an organization.

Best Practices for Online Security

• Use a secure internet connection.
• Choose strong passwords.
• Enable multi-factor authentication.
• Keep software and operating systems updated.
• Check that websites look reliable.
• Review privacy settings and understand privacy policies.
• Be careful of suspicious links and where you click.
• Make sure your devices are secure.
• Backup data regularly and close unused accounts.
• Be careful what you download and post, and be careful who you meet online.
• Use a good antivirus and keep it updated.
• Double-check online information.

Strategies for Safeguarding Information

• Behavioral analytics: Use user and entity behavior analytics (UEBA) to detect anomalous behavior patterns indicating malicious activity or policy violations.
• Access controls: Apply the principle of least privilege and regularly review access permissions to ensure that employees only have access to the resources necessary for their job functions.
• Regular audits and training: Conduct comprehensive security audits and provide ongoing security awareness training.
• For nation-state threats: Strengthen national cybersecurity policies, enhance international cooperation and develop counter-cyber espionage strategies.