Cybersecurity Threats and Malware Types

Questions and Answers

What type of attack allows an attacker to monitor user activity and intercept sensitive data such as payment details?

DNS spoofing

Email hijacking

IP spoofing

Fraudulent Wi-Fi (correct)

In which type of attack does an attacker impersonate a legitimate organization's email address to deceive users?

Email hijacking (correct)

IP spoofing

HTTPS spoofing

DNS spoofing

What attack technique involves redirecting users to a malicious website while masquerading it as a legitimate site?

DNS spoofing (correct)

Fraudulent Wi-Fi

HTTPS spoofing

IP spoofing

What does an attacker do in IP spoofing to mislead users?

Alter an IP address to impersonate a legitimate site

How can HTTPS be misused by attackers during a spoofing attempt?

To make a malicious site appear legitimate

How does fileless malware operate without being detected by antivirus programs?

It modifies legitimate files like WMI and PowerShell.

What primary function do rootkits provide once injected into a system?

Provide remote administrative access to the attacker.

Which of the following groups is primarily motivated by personal or financial gain through cyber threats?

Criminal Groups

What type of cyber threat is characterized by an employee abusing their access to company resources?

Malicious Insiders

Which motive is least likely associated with individual hackers?

Corporate espionage

How does cyber terrorism primarily differ from typical criminal hacks?

It aims to disrupt or destroy critical infrastructure.

The term 'cracker' is most commonly used to refer to which of the following activities?

People involved in breaking into computer systems.

Which of the following is NOT a reported source of cyber threats?

Game Developers

What motivates thrill-seeker hackers in their actions?

The challenge and achievement of breaking into systems

What is a primary characteristic of white-hat hackers?

They hack with the owner's knowledge to identify security flaws.

Which type of hacker typically reports vulnerabilities after unauthorized access?

Gray hat hackers

What is the primary intent of red hat hackers?

To combat black hat hackers using aggressive tactics

Which technique involves an authorized user facilitating access for an unauthorized person?

Piggybacking

What distinguishes blue hat hackers from other hacker types?

They are typically outsiders and act out of personal motivations.

Which of the following best describes a supply chain attack?

An attack that infects legitimate applications through compromised development processes.

What is the primary threat posed by a Man-in-the-Middle (MitM) attack?

Interception of communication, allowing eavesdropping and impersonation.

In what manner do gray hat hackers operate compared to white-hat hackers?

They hack systems without permission but work to enhance security afterward.

What common tactic is used in vishing attacks?

Phone calls to trick individuals into disclosing sensitive data.

Which method is typically used by red hat hackers against malicious hackers?

Aggressive and retaliatory tactics.

What differentiates smishing from traditional phishing attacks?

Smishing uses text messages to deceive victims.

What is the consequence of supply chain attacks for software vendors?

Their applications and updates can become infected with malware without their knowledge.

Study Notes

Fileless Malware

• Fileless malware avoids installing software on the OS.
• It modifies native files like WMI and PowerShell to create malicious functions.
• Difficult to detect as antivirus cannot identify the compromised files, which are recognized as legitimate.

Rootkits

• Rootkits inject malicious software into applications, firmware, OS kernels, or hypervisors.
• Provides remote administrative access to a computer.
• Allows attackers to start the OS within a compromised environment.
• Enables complete control of the computer and deployment of additional malware.

Common Sources of Cyber Threats

• Nation States: Hostile countries launch cyberattacks against companies and institutions to disrupt communications, cause disorder, and inflict damage.
• Cyber Terrorism: Terrorists conduct attacks aimed at destroying/abusing critical infrastructure, threatening national security, disrupting economies, and harming citizens.
• Criminal Groups: Organized hacker groups break into systems for economic gain using phishing, spam, spyware, and malware for extortion, theft, and scams.
• Malicious Insiders: Legitimate employees exploit privileges to steal information or damage systems for personal/economic gain. Insiders can be employees, contractors, suppliers, partners, or outsiders impersonating compromised accounts.
• Hackers: Individuals target organizations using various attack techniques, motivated by personal gain, revenge, financial gain, or political activity. Hackers often develop new threats to enhance their criminal capabilities and status.

Hackers and Crackers

• Popular press often uses "hacker" for anyone breaking into systems, but the definition is more nuanced.
• "Hacker" and "cracker" terms aren't widely used.

Hackers (Categories)

• Computer Enthusiasts: Enjoy learning programming languages and computer systems.
• Unauthorized Access: Gaining unauthorized access to computers/networks, often for the challenge.

Types of Hackers

• Thrill-seeker hackers: Access systems for the challenge, with minimal/no damage.
• White-hat hackers: Computer professionals who break into systems with owner knowledge to expose and fix security flaws. (Refer to heroes in Westerns).
• Intent: Help organizations, improve cybersecurity
• Methods: Use legal, authorized methods to test systems
• Goal: Strengthen security by identifying vulnerabilities
• Examples: Certified Ethical Hackers (CEHs), penetration testers
• Gray-hat hackers: Mix of ethical and unethical actions.
• Intent: Often a mix of both ethical and unethical actions.
• Methods: May hack systems without permission, but report vulnerabilities afterwards.
• Goal: Improve security, but hacking is unauthorized.
• Example: Hacker discovers a flaw, reports it to the company for potential reward.
• Red-hat hackers: Actively combat black hat hackers.
• Intent: Actively combat malicious hackers
• Methods: Use aggressive or retaliatory tactics against malicious hackers
• Goal: Protect systems, sometimes using illegal methods, like launching counter-attacks or destroying malicious hackers' infrastructure.
• Example: Hacker retaliating against cybercriminals by hacking their systems.
• Blue-hat hackers: Driven by revenge or to harm a specific target.
• Intent: Revenge, harm a target
• Methods: Target individuals/organizations without extensive hacking knowledge.
• Goal: Harm or embarrass a personal enemy.
• Example: Outsider motivated by personal vendettas

Social Engineering Attacks

• Phishing: Fraudulent emails to many users or targeted individuals ("spear phishing" or "whaling").
• Vishing (voice phishing): Imposters use phones to trick targets into disclosing data or granting access.
• Smishing (SMS phishing): Attackers use text messages to deceive victims.
• Piggybacking: Authorized user provides physical access to another individual, who benefits
• Tailgating: Unauthorized individual follows authorized user into a location to exploit physical access.

Supply Chain Attacks

• Focus on infecting legitimate applications via source code, build processes, or software updates.
• Purpose: Distribute malware; vulnerabilities exist in network protocols, server infrastructure, and coding techniques.
• Trust in vendors compromised without their knowledge.

Types of Supply Chain Attacks

• Build tools/development pipelines compromised.
• Code signing procedures/developer accounts compromised.
• Malicious code sent as updates to hardware/firmware.
• Malicious code preinstalled on physical devices

Man-in-the-Middle (MitM) Attacks

• Intercepts communication between two endpoints (user and application).
• Allows eavesdropping, stealing data, and impersonation.

Examples of MitM Attacks

• Wi-Fi eavesdropping: Attacker creates a fake Wi-Fi network to intercept data.
• Email hijacking: Spoofed email addresses trick users to reveal info or transfer money.
• DNS spoofing: Malicious DNS directs users to fake websites for data theft.
• IP spoofing: Attacker impersonates a website to deceive users.
• HTTPS spoofing: Attacker creates a fake secure connection to mask malicious websites.

Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks

• Malicious attacks overwhelm a system's resources, preventing legitimate users from accessing it.

Description

This quiz explores the various types of cyber threats, focusing on fileless malware and rootkits. Gain insights into how these threats operate and their implications for cybersecurity. Test your knowledge on the origins of these cyber dangers and their impacts on technology.