Cybersecurity Threats and Risks

Questions and Answers

What is the primary difference between fishing and targeted attacks?

The type of information being targeted

The level of sophistication in the attack

The motivation behind the attack

The level of personalization in the attack (correct)

What do cyber criminals use to create a credible story and build false trust in pretexting?

Gathered information about the victim's organization

Victim's work history and achievements

Personal information gathered from social media (correct)

Stolen passwords and login credentials

What is the goal of a quid pro quo social engineering method?

To gain access to sensitive information

To create a sense of urgency and panic

To reduce resistance to requests (correct)

To create a false sense of trust

What is the primary risk associated with social media usage?

Risk of extracting personal information

What is the ultimate goal of an attacker in a targeted attack?

To gain access to the victim's organizational information

What is the purpose of the attacker offering a gift card in the example of a targeted attack?

To build trust and credibility

Study Notes

Types of Cyber Attacks

• Cyber criminals use two types of attacks: fishing and targeted attacks (also known as spear fishing)
• Fishing attacks are opportunistic, while targeted attacks are personalized and appear legitimate
• Targeted attacks are more likely to be successful due to their high level of personalization

Social Media Risks

• Cyber criminals extract personal information from social media accounts
• Seemingly innocuous posts can be used as weapons against individuals

Social Engineering Methods

• Pretexting: using gathered information to create a credible story and build false trust
• Quid pro quo: offering something in exchange for something else to reduce resistance to requests

Example of a Targeted Attack

• An attacker sends an email to a victim, referencing a recent achievement (e.g. winning a "best place to work" award)
• The attacker builds trust by asking about the victim's work and offering a gift card in exchange for help
• The victim clicks on an attachment, giving the attacker access to their computer and organizational information

Types of Cyber Attacks

• Cyber criminals use two types of attacks: fishing and targeted attacks (also known as spear fishing)
• Fishing attacks are opportunistic, casting a wide net to see who bites
• Targeted attacks are personalized and appear legitimate, making them more likely to be successful

Social Media Risks

• Cyber criminals extract personal information from social media accounts
• Seemingly innocuous posts can be used as weapons against individuals
• Social media profiles can provide attackers with valuable information to build targeted attacks

Social Engineering Methods

• Pretexting: using gathered information to create a credible story and build false trust
• Quid pro quo: offering something in exchange for something else to reduce resistance to requests

Example of a Targeted Attack

• Attackers use public information to build a personalized attack
• Attackers build trust by referencing a recent achievement or event
• Attackers offer something of value (e.g. gift card) in exchange for help or information
• The goal of a targeted attack is to gain access to a victim's computer and organizational information

Description

Learn about the different types of cyber attacks, including fishing and targeted attacks, as well as the risks associated with social media and cybersecurity threats.