Cybersecurity Threats: Trojans and Phishing Attacks

Questions and Answers

What is the origin of the term 'Trojan horse'?

• A type of malware discovered in the 1990s
• A wooden structure used in a Greek myth (correct)
• A software designed for system protection
• A strategy used in modern cyber warfare

How do Trojan horses typically infect a computer?

• Via software updates that contain malicious code
• By scanning the system for vulnerabilities
• By directly accessing the network server
• Through official-looking emails with attachments (correct)

What happens to the malicious code in a Trojan horse after clicking on the attachment?

• It is immediately detected and removed by antivirus software
• It only operates when the computer is restarted
• It executes and resides undetected until triggered (correct)
• It causes the computer to shut down instantly

What occurs when a Trojan horse activates its malicious code?

It might delete itself or return to a dormant state (A)

What does spyware primarily do?

Collects personal information without consent (D)

Which of the following behaviors is NOT associated with a Trojan horse?

Destroying files immediately upon infection (C)

Which of these is an example of a Trojan horse?

Sub7 by Mobman (B)

What kind of data does spyware specifically target?

Personal information and browsing history (A)

What is the primary advantage of using a rainbow table compared to dealing with plaintext dictionaries?

It is significantly faster for identifying hashed passwords. (C)

Which method of gathering targeted information about a victim is NOT mentioned as part of the plaintext wordlist creation process?

Collecting physical mail correspondence. (A)

What feature makes brute force attacks particularly time-consuming and resource-intensive?

The need to check all permutations of a string. (A)

What characteristic of passwords makes them particularly weak against brute force attacks?

Passwords shorter than 8 characters. (D)

Which type of attack combines wordlists and brute forcing techniques to crack passwords?

Hybrid or combinatorial attack. (D)

What is a characteristic of brute force attacks when applied to software systems?

They are easily detectable and mitigable. (B)

Why is it often necessary to cycle through different password lengths in brute force attacks?

Due to the unknown length of passwords. (A)

What is NOT a limitation of brute force attacks described in the content?

They can handle passwords of any length without restrictions. (A)

Which individuals are primarily targeted by phishing attacks due to their access to sensitive information?

Chief Executive Officers and similar roles (D)

What unique method has the 'rock-phish' gang adapted to enhance their phishing attacks?

Separating attack elements with redundancy to evade detection (B)

What is the purpose of the long URL included in the phishing email?

To make the phishing site appear genuine (D)

What mechanism does the 'rock-phish' gang use to resolve variations of the phishing URL?

Wildcard DNS (A)

How does the 'rock-phish' gang manage access to the fake bank websites?

Mapping compromised machines to specific names with a controlled server (C)

What is the maximum number of fake bank websites that can be accessed simultaneously from a backend server according to the 'rock-phish' strategy?

20 (D)

What part of the URL determines which bank site is reached in the phishing attack?

The URL path after the main '/' (D)

Which of the following best describes the strategy of redundancy in the context of the 'rock-phish' gang's attacks?

Establishing back-up phishing sites to evade take-downs (D)

What is a primary use of JavaScript computational challenges like captcha?

To differentiate between normal users and bots (C)

What is one of the main functions of a Web Application Firewall (WAF)?

To manage IP reputation and block malicious traffic (C)

What is the main goal of a Man in the Middle (MITM) attack?

To steal personal information (B)

During which phase of a MITM attack is user traffic intercepted?

Interception (A)

What is a common method used to launch a passive MITM attack?

Setting up malicious WiFi hotspots (C)

What kind of information is typically targeted during a MITM attack?

Personal information like login credentials (B)

Which of the following is an outcome of a successful MITM attack?

Identity theft and unauthorized fund transfers (D)

How does an attacker during a MITM attack make it seem like a normal exchange of information?

By impersonating one of the involved parties (D)

What type of cyber-attacks are typically a response to certain political actions or positions taken by governments?

Protests Against Political Actions (B)

Which of the following is NOT a motivation for politically motivated cyber-attacks?

Attracting media attention (A)

Which group is identified as a potential perpetrator of political cyber-attacks?

State-sponsored actors (C)

What recent shift in cyber-attack mitigation strategies has been recognized by researchers?

Understanding SPEC conflicts (A)

Which category of politically motivated attacks involves responses to the passage of unpopular legislation?

Protests Against Laws or Public Documents (B)

What kind of actions might be classified as 'Protests Against Political Actions'?

Defacing candidate websites (A)

What is a common example of a more serious attack categorized under political cyber-attacks?

The attack on India's Bhabha Atomic Research Center (B)

Which statement accurately reflects the nature of politically motivated cyber-attacks?

They often arise from societal disagreements. (C)

Flashcards are hidden until you start studying

Study Notes

Trojan Horse Attacks

• Trojan horse attacks are malware that disguises itself as legitimate software to gain access to a user's computer.
• Trojans can be spread through email attachments, downloads, or even malicious websites. They can steal personal information, compromise sensitive data, or take control of the infected computer.
• Some notable Trojans include Netbus, Sub7, Back Orifice, Y3K Remote Administration Tool, Beast, Bifrost Trojan, DarkComet, Blackhole exploit kit, Gh0st RAT, and MegaPanzer BundesTrojaner.

Spyware

• Spyware is software that collects personal information from users' computers without their knowledge or consent.
• This information may include browsing history, passwords, credit card details, and other sensitive data.
• Attackers use this information for malicious purposes, such as identity theft, financial fraud, or targeted advertising.

Phishing Attacks

• Phishing is a type of social engineering attack that attempts to trick users into revealing sensitive information.
• Attackers may use emails, websites, or other means to impersonate legitimate organizations or individuals.
• Phishing attacks often involve fake websites that look similar to real websites to deceive users.

Brute Force Attacks

• Brute force attacks are a method of cracking passwords by trying every possible combination of characters until the correct password is found.
• These attacks require significant time and processing power, making them less effective against complex passwords.
• While brute force attacks are generally effective against weak passwords, longer and more complex passwords are more resistant to this type of attack.

Hybrid/Combinatorial Attacks

• Hybrid/combinatorial attacks combine the techniques of wordlists and brute force attacks to create more efficient and effective hacking strategies.
• These attacks leverage a combination of wordlists containing common passwords and brute force methods to target specific password combinations.

Mitigating HTTP Attacks

• HTTP attacks can be mitigated by implementing security measures such as CAPTCHA challenges, which require users to solve simple puzzles to prevent automated attacks.
• Web Application Firewalls (WAFs) can also be used to monitor and block malicious traffic.

Man In The Middle (MITM) Attacks

• MITM attacks involve an attacker intercepting communication between a user and an online application to steal sensitive information like login credentials, account details, and credit card numbers.
• Attackers often create malicious Wi-Fi hotspots to intercept traffic passively.
• Mitigation strategies for MITM attacks include using secure protocols like HTTPS, and verifying the authenticity of websites before entering sensitive information.

Motivations for Cyber Attacks: SPEC Conflicts

• Cyber-attacks are often driven by complex social, political, economic, and cultural factors, known as SPEC conflicts.
• Political cyber-attacks can be motivated by protests against political actions, laws, or public documents.
• Cybercriminals leverage SPEC conflicts to exploit vulnerabilities and achieve their objectives.