Cybersecurity Threats and Malware Types

Questions and Answers

What type of attack allows an attacker to monitor user activity and intercept sensitive data such as payment details?

• DNS spoofing
• Email hijacking
• IP spoofing
• Fraudulent Wi-Fi (correct)

In which type of attack does an attacker impersonate a legitimate organization's email address to deceive users?

• Email hijacking (correct)
• IP spoofing
• HTTPS spoofing
• DNS spoofing

What attack technique involves redirecting users to a malicious website while masquerading it as a legitimate site?

• DNS spoofing (correct)
• Fraudulent Wi-Fi
• HTTPS spoofing
• IP spoofing

What does an attacker do in IP spoofing to mislead users?

Alter an IP address to impersonate a legitimate site (B)

How can HTTPS be misused by attackers during a spoofing attempt?

To make a malicious site appear legitimate (C)

How does fileless malware operate without being detected by antivirus programs?

It modifies legitimate files like WMI and PowerShell. (D)

What primary function do rootkits provide once injected into a system?

Provide remote administrative access to the attacker. (A)

Which of the following groups is primarily motivated by personal or financial gain through cyber threats?

Criminal Groups (D)

What type of cyber threat is characterized by an employee abusing their access to company resources?

Malicious Insiders (A)

Which motive is least likely associated with individual hackers?

Corporate espionage (A)

How does cyber terrorism primarily differ from typical criminal hacks?

It aims to disrupt or destroy critical infrastructure. (B)

The term 'cracker' is most commonly used to refer to which of the following activities?

People involved in breaking into computer systems. (C)

Which of the following is NOT a reported source of cyber threats?

Game Developers (C)

What motivates thrill-seeker hackers in their actions?

The challenge and achievement of breaking into systems (D)

What is a primary characteristic of white-hat hackers?

They hack with the owner's knowledge to identify security flaws. (D)

Which type of hacker typically reports vulnerabilities after unauthorized access?

Gray hat hackers (A)

What is the primary intent of red hat hackers?

To combat black hat hackers using aggressive tactics (D)

Which technique involves an authorized user facilitating access for an unauthorized person?

Piggybacking (B)

What distinguishes blue hat hackers from other hacker types?

They are typically outsiders and act out of personal motivations. (B)

Which of the following best describes a supply chain attack?

An attack that infects legitimate applications through compromised development processes. (D)

What is the primary threat posed by a Man-in-the-Middle (MitM) attack?

Interception of communication, allowing eavesdropping and impersonation. (C)

In what manner do gray hat hackers operate compared to white-hat hackers?

They hack systems without permission but work to enhance security afterward. (B)

What common tactic is used in vishing attacks?

Phone calls to trick individuals into disclosing sensitive data. (D)

Which method is typically used by red hat hackers against malicious hackers?

Aggressive and retaliatory tactics. (D)

What differentiates smishing from traditional phishing attacks?

Smishing uses text messages to deceive victims. (C)

What is the consequence of supply chain attacks for software vendors?

Their applications and updates can become infected with malware without their knowledge. (D)

Flashcards

Fileless Malware

A type of malware that doesn't need to be installed on a device. Instead, it uses existing system components like PowerShell or Windows Management Instrumentation (WMI) to execute malicious tasks. This makes it difficult to detect because these components are legitimate.

Rootkit

Software that hides its presence on a computer system and gives attackers remote, administrative access. It can infect the kernel, firmware or applications, even starting the operating system in a compromised state.

Nation States

A country that uses cyberattacks to achieve its goals. These attacks can be aimed at disrupting communications, causing chaos, or damaging infrastructure.

Cyber Terrorism

Individuals or groups that use cyberattacks to achieve political objectives. This can involve disrupting critical infrastructure, threatening national security, or causing economic damage.

Criminal Groups

Organized groups that use cyberattacks for financial gain. They use phishing, spam, malware and spyware to steal information, extort money, or run scams.

Malicious Insiders

An individual who has access to a company's systems and abuses their privileges to steal information or damage systems. This can be an employee, contractor, or even an outsider who's compromised a privileged account.

Hackers

Individuals who target organizations with cyberattacks for various reasons, such as personal gain, revenge, or political activism. They often create innovative attack techniques to improve their skills and reputation in the hacking community.

Fraudulent Wi-Fi

An attacker creates a fake Wi-Fi network with the same name as a legitimate one, luring users to connect. They can then eavesdrop on network traffic, capturing data like login credentials and payment information.

Email Hijacking

An attacker impersonates a legitimate organization like a bank, sending fraudulent emails that trick users into revealing sensitive information or transferring money.

DNS Spoofing

An attacker manipulates the Domain Name System (DNS) to redirect users to a fake website that looks legitimate. This allows them to steal credentials or serve malware.

IP Spoofing

An attacker disguises their IP address as a legitimate website to trick users into believing they are interacting with the real website.

HTTPS Spoofing

An attacker uses HTTPS (secure protocol) to make a malicious website look legitimate, tricking browsers into thinking it's safe.

Thrill-seeker Hackers

Hackers who gain unauthorized access to computers or networks for the thrill of the challenge. They do not intend to cause harm or steal data.

White-hat Hackers

Computer professionals who legally break into systems with the owner's permission to identify and fix security vulnerabilities.

Grey Hat Hackers

Hackers who operate in a grey area, sometimes hacking without permission but often reporting vulnerabilities afterward. Their intentions can be unclear.

Red Hat Hackers

Hackers who actively combat black-hat hackers, sometimes using aggressive or retaliatory tactics, even if they involve illegal methods.

Blue Hat Hackers

Hackers driven by revenge or a desire to cause harm to a specific target. Their motivation often stems from personal vendettas.

Phishing

A type of social engineering attack where attackers use email to trick victims into revealing sensitive information or granting access to systems.

Spear Phishing

A type of phishing attack that targets specific individuals or organizations with personalized emails designed to seem legitimate.

Whaling

A type of spear phishing attack that specifically targets high-value individuals, such as CEOs, with highly personalized emails.

Vishing

A type of social engineering attack where attackers use phone calls to deceive victims into revealing sensitive information or granting access to systems.

Smishing

A type of social engineering attack where attackers use text messages to deceive victims into revealing sensitive information or granting access to systems.

Tailgating

A type of physical security breach where an unauthorized individual gains entry to a secure location by following an authorized user.

Piggybacking

A type of physical security breach where an unauthorized individual gains access to a secure location by pretending to be an authorized user.

Supply Chain Attacks

A type of cyber attack that targets software developers and vendors by infecting legitimate applications and distributing malware through supply chain channels.

Man-in-the-Middle Attack

A type of cyber attack where an attacker intercepts communication between two parties, such as a user and an application, to eavesdrop on data, steal information, and impersonate the parties involved.

Wi-Fi Eavesdropping

A specific type of Man-in-the-Middle attack where an attacker sets up a fake Wi-Fi network to intercept user traffic and steal data.

Study Notes

Fileless Malware

• Fileless malware avoids installing software on the OS.
• It modifies native files like WMI and PowerShell to create malicious functions.
• Difficult to detect as antivirus cannot identify the compromised files, which are recognized as legitimate.

Rootkits

• Rootkits inject malicious software into applications, firmware, OS kernels, or hypervisors.
• Provides remote administrative access to a computer.
• Allows attackers to start the OS within a compromised environment.
• Enables complete control of the computer and deployment of additional malware.

Common Sources of Cyber Threats

• Nation States: Hostile countries launch cyberattacks against companies and institutions to disrupt communications, cause disorder, and inflict damage.
• Cyber Terrorism: Terrorists conduct attacks aimed at destroying/abusing critical infrastructure, threatening national security, disrupting economies, and harming citizens.
• Criminal Groups: Organized hacker groups break into systems for economic gain using phishing, spam, spyware, and malware for extortion, theft, and scams.
• Malicious Insiders: Legitimate employees exploit privileges to steal information or damage systems for personal/economic gain. Insiders can be employees, contractors, suppliers, partners, or outsiders impersonating compromised accounts.
• Hackers: Individuals target organizations using various attack techniques, motivated by personal gain, revenge, financial gain, or political activity. Hackers often develop new threats to enhance their criminal capabilities and status.

Hackers and Crackers

• Popular press often uses "hacker" for anyone breaking into systems, but the definition is more nuanced.
• "Hacker" and "cracker" terms aren't widely used.

Hackers (Categories)

• Computer Enthusiasts: Enjoy learning programming languages and computer systems.
• Unauthorized Access: Gaining unauthorized access to computers/networks, often for the challenge.

Types of Hackers

• Thrill-seeker hackers: Access systems for the challenge, with minimal/no damage.
• White-hat hackers: Computer professionals who break into systems with owner knowledge to expose and fix security flaws. (Refer to heroes in Westerns).
• Intent: Help organizations, improve cybersecurity
• Methods: Use legal, authorized methods to test systems
• Goal: Strengthen security by identifying vulnerabilities
• Examples: Certified Ethical Hackers (CEHs), penetration testers
• Gray-hat hackers: Mix of ethical and unethical actions.
• Intent: Often a mix of both ethical and unethical actions.
• Methods: May hack systems without permission, but report vulnerabilities afterwards.
• Goal: Improve security, but hacking is unauthorized.
• Example: Hacker discovers a flaw, reports it to the company for potential reward.
• Red-hat hackers: Actively combat black hat hackers.
• Intent: Actively combat malicious hackers
• Methods: Use aggressive or retaliatory tactics against malicious hackers
• Goal: Protect systems, sometimes using illegal methods, like launching counter-attacks or destroying malicious hackers' infrastructure.
• Example: Hacker retaliating against cybercriminals by hacking their systems.
• Blue-hat hackers: Driven by revenge or to harm a specific target.
• Intent: Revenge, harm a target
• Methods: Target individuals/organizations without extensive hacking knowledge.
• Goal: Harm or embarrass a personal enemy.
• Example: Outsider motivated by personal vendettas

Social Engineering Attacks

• Phishing: Fraudulent emails to many users or targeted individuals ("spear phishing" or "whaling").
• Vishing (voice phishing): Imposters use phones to trick targets into disclosing data or granting access.
• Smishing (SMS phishing): Attackers use text messages to deceive victims.
• Piggybacking: Authorized user provides physical access to another individual, who benefits
• Tailgating: Unauthorized individual follows authorized user into a location to exploit physical access.

Supply Chain Attacks

• Focus on infecting legitimate applications via source code, build processes, or software updates.
• Purpose: Distribute malware; vulnerabilities exist in network protocols, server infrastructure, and coding techniques.
• Trust in vendors compromised without their knowledge.

Types of Supply Chain Attacks

• Build tools/development pipelines compromised.
• Code signing procedures/developer accounts compromised.
• Malicious code sent as updates to hardware/firmware.
• Malicious code preinstalled on physical devices

Man-in-the-Middle (MitM) Attacks

• Intercepts communication between two endpoints (user and application).
• Allows eavesdropping, stealing data, and impersonation.

Examples of MitM Attacks

• Wi-Fi eavesdropping: Attacker creates a fake Wi-Fi network to intercept data.
• Email hijacking: Spoofed email addresses trick users to reveal info or transfer money.
• DNS spoofing: Malicious DNS directs users to fake websites for data theft.
• IP spoofing: Attacker impersonates a website to deceive users.
• HTTPS spoofing: Attacker creates a fake secure connection to mask malicious websites.

Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks

• Malicious attacks overwhelm a system's resources, preventing legitimate users from accessing it.