w2ch4

Questions and Answers

Why is it easy for an insider attacker to steal sensitive information?

Because they are no longer assigned to the same role in the organization

Because they are not familiar with the IT policies

Because their role is not reflected in the IT policies after being fired or reassigned (correct)

Because they are not experienced network administrators

What is the purpose of an internal intrusion detection system (IDS) in an organization?

To prevent external attacks

To scan and gather information about the network

To detect and prevent insider attacks (correct)

To keep a log of firewall activities

What is the result of a cyber attack on an organization?

Only loss of reputation

Neither financial loss nor loss of reputation

Both financial loss and loss of reputation (correct)

Only financial loss

How can external attacks be traced?

By analyzing firewall logs

What type of attack is performed by amateur attackers?

Unstructured attack

What is the characteristic of a structured attack?

It is performed by highly skilled and experienced attackers

Why do unstructured attacks occur?

To test a tool available over the internet

What is the main difference between an insider attack and an external attack?

The location of the attacker

What type of individuals usually perform sophisticated cyber attacks?

Professional criminals

What motivates people to commit cyber crimes for quick and easy money?

Financial gain

What is the primary reason why cyber crimes are on the rise?

Low-risk and high-reward business

What type of cyber crime is motivated by revenge?

Cyber terrorism

Why do some individuals commit cyber crimes just for fun?

To test their skills

What motivates some individuals to commit cyber crimes for recognition?

To prove their skills

What is a major factor that motivates individuals to commit cyber crimes?

Anonymity in cyber space

What is the primary goal of hacking?

To gather information on users and steal data

What is the result of a URL injection attack?

Visitors are forced to participate in a DDoS attack

Why do some individuals commit cyber crimes despite being respectable citizens?

Strong sense of anonymity

What is cross-site scripting (XSS) used for?

To inject malicious code into trustworthy web pages

What is a traditional view of hackers?

A lone rogue programmer highly skilled in coding

What can a malicious hacker do due to weaknesses in IT infrastructure?

Do a URL injection attack

What is the common association of hacking with illegal activity?

Data theft and corruption

What can be the result of a visitor's action on a webpage infected with XSS?

The visitor's device is infected with malware

What devices can be misused by hackers?

Computers, smart phones, tablets, and networks

What is the common way spywares are downloaded into a host computer?

While downloading freeware from the internet

What is the primary function of a keylogger-type spyware?

To sniff banking passwords and sensitive information

What is the main difference between a virus and a worm?

A virus requires human intervention, while a worm does not

How do Trojan horses typically spread to a host computer?

By pretending to be a useful software or file

What is the primary characteristic of a worm?

It can replicate itself without human intervention

What is the effect of a worm on a network?

It consumes the network resources like space and bandwidth

What is the primary function of a virus?

To replicate itself and occupy memory space on the host computer

What is required to activate a virus in a host computer?

Human intervention through executing the executable file

What is the primary goal of an IP address spoofing attack in a DoS attack?

To overwhelm the target with network traffic

What is the purpose of ARP in a LAN?

To resolve an IP address to its physical MAC address

What is the result of a successful ARP spoofing attack?

The attacker can steal or modify data meant for the legitimate IP address owner

What is the main difference between IP address spoofing and ARP spoofing attacks?

IP address spoofing targets IP addresses, while ARP spoofing targets MAC addresses

What is the common use of IP address spoofing attacks?

To overwhelm a target with network traffic

What is the purpose of an attacker in an ARP spoofing attack?

To sniff private traffic between two hosts

What is the target of an IP address spoofing attack?

An IP address

What is the goal of an attacker in spoofing a computer or device's IP address?

To gain access to a network that authenticates users based on their IP address

What is the primary goal of a Trojan horse?

To create a backdoor in the host computer

What is the main difference between a rootkit and other types of malware?

Rootkits target the BIOS layer

What is the primary goal of ransomware?

To encrypt data and ask for ransom

What is the result of a Denial-of-Service (DoS) attack?

The user's internet traffic is disrupted

What is the primary function of a rootkit?

To make other malware undetectable

What is the common association of Trojans?

Creating backdoors and botnets

What is the primary target of a ransomware attack?

The user's data

What is the result of a successful rootkit infection?

The malware becomes undetectable

What is the goal of a phishing attack?

To trick a user into divulging personal information

What is a common characteristic of phishing emails?

They create a sense of urgency

What type of cyber attack involves tricking a user into installing malware?

Phishing attack

What is the primary goal of a cyber espionage attack?

To steal sensitive information

What type of malware is used to capture a user's keystrokes?

Spyware

What is the primary function of a worm?

To spread from computer to computer

What type of cyber attack involves an attacker claiming to be a wealthy Nigerian prince?

Phishing attack

What is a common way spyware is downloaded onto a host computer?

Through a infected website

What type of malware is designed to track the cookies of a host computer?

Spyware

Which type of malware can replicate itself without human intervention?

Worm

What is the primary function of a Trojan Horse?

To pretend to be useful software

What is the effect of a worm on a network?

It slows down the network's performance

What is required to activate a virus in a host computer?

Executable file (.exe)

What type of malware is typically downloaded into a host computer while downloading freeware?

Spyware

What is the primary function of a keylogger-type spyware?

To sniff banking passwords

What is the main difference between a virus and a worm?

A worm can replicate itself without human intervention

What is the primary goal of whaling?

To steal sensitive information from a high-ranking official

What is the purpose of Adware?

To force advertising on the user's computer

What is the primary function of Spyware?

To steal sensitive information from the target machine

What is the purpose of Malware?

To perform unwanted tasks in the host computer

What is the primary function of a Virus?

To replicate itself and spread to other computers

What is the primary characteristic of a Worm?

It is a self-replicating program that spreads to other computers

What is the result of a Worm on a network?

It slows down the network

What is the primary function of a Keylogger-type Spyware?

To record keystrokes on the target computer

What was the primary goal of the Stuxnet virus in the Natanz nuclear facility?

To slow down or speed up the centrifuges, causing them to wear out prematurely.

What was the result of the fake Twitter message sent by the Syrian Electronic Army?

A loss of $136 billion in the US stock market.

How did the hackers gain access to the Associated Press' Twitter account?

By sending a phishing email.

What type of attack is characterized by the use of a fake tweet message to cause financial loss?

Social engineering attack.

What is the primary function of a spyware?

To steal sensitive information.

What is the difference between a virus and a worm?

A virus requires human interaction to spread, while a worm does not.

What is the primary goal of an IP address spoofing attack?

To launch a Denial of Service (DoS) attack.

What is the result of a successful ARP spoofing attack?

The attacker can intercept and modify packets on the network.

What is the main reason for insider attacks in an organization?

When an employee is fired or assigned a new role without a change in IT policies

What is the primary difference between an insider attack and an external attack?

Whether the attacker is within or outside the organization

What type of attack is usually performed by individuals who are trying to test a tool readily available over the internet?

Unstructured attack

What can be used to trace external attacks?

Firewall logs

What is the primary goal of an internal intrusion detection system (IDS) in an organization?

To detect and prevent insider attacks

What is the result of a cyber attack on an organization?

Both financial loss and loss of reputation

What type of attack is performed by highly skilled and experienced individuals?

Structured attack

What is the primary motivation behind a structured attack?

The motives are clear in the mind of the attacker

What is the primary objective of a cyber attack?

To gain unauthorized access to a computer system or its data.

What is the primary goal of a phishing attack?

To trick the victim into doing a certain action

What is the main difference between white hat hackers and grey hat hackers?

Grey hat hackers publicly exploit vulnerabilities

What is a common phishing scam?

The Nigerian prince scam

What type of cyber attack is performed by an individual with authorized system access?

Insider attack

What is the primary goal of grey hat hackers?

To raise awareness about vulnerabilities for the common good

What is the motive of an insider attack?

Revenge or greed

What is the purpose of an attachment or link in a phishing email?

To install malware

What did Romanion Hacker TinKode aka Razvan Cernaianu exploit in PayPal's system?

A vulnerability in the chargeback process

What is the result of a successful insider attack?

Compromised confidentiality, integrity, or availability of the system

Why are phishing attacks often successful?

Because the emails appear legitimate

What is the primary motivation behind cyber espionage?

Politically, economically, or socially motivated

What is the primary advantage of an insider attack?

The attacker has access to the network

What type of hackers are hired by organizations to test and discover potential holes in their security defenses?

White hat hackers

What is a typical feature of phishing emails?

They create a sense of urgency

What is a common characteristic of cyber attacks?

They take many forms

What is the common good that grey hat hackers attempt to achieve?

Raising awareness about vulnerabilities

What is the difference between white hat hackers and black hat hackers?

White hat hackers have different motivations than black hat hackers

What is the objective of a cyber attack that involves the installation of viruses or malware?

To install malicious code on the system

What is the goal of a phishing attack?

To capture login credentials

What is the result of the exploit found by TinKode in PayPal's system?

Users can double their money

What is the purpose of a phishing email that appears to be from a trusted source?

To trick the victim into performing a certain action

What is the result of a cyber attack that involves changes to the characteristics of a computer system's hardware, firmware, or software?

The system becomes less secure

What is the primary characteristic of grey hat hackers?

They exploit vulnerabilities without intending to do harm

What is the result of continuously doubling the amount of Rs. 1000 using the loophole?

Endless doubling

How did the Stuxnet virus infect the Natanz nuclear facility?

Through a third-party utility

What was the result of the fake tweet message sent via the hacked Twitter account of Associated Press?

A loss of $136 billion in the US stock market

What was the method used to hack the Twitter account of Associated Press?

Phishing email

What was the purpose of the Stuxnet virus?

To slow down or speed up the centrifuges and wear them out prematurely

What was the result of the Stuxnet virus on the nuclear facility?

The facility suffered significant damage

Who claimed responsibility for the AP hack?

The Syrian Electronic Army

What was installed in the computer after clicking the link in the phishing email?

A spyware

What is the primary function of a keylogger-type spyware?

To sniff banking passwords

What is the main difference between a virus and a worm?

A virus requires human intervention, while a worm does not

How do Trojan horses typically spread to a host computer?

By pretending to be useful software

What is the effect of a worm on a network?

It consumes network resources and forces the network to choke

What is required to activate a virus in a host computer?

Executable file (.exe) execution

What is the primary function of a virus?

To delete or append a file

How are spywares commonly downloaded into a host computer?

While downloading freeware from the internet

What is the primary characteristic of a worm?

It can replicate itself

What is the goal of a malicious hacker in a URL injection attack?

To force visitors to be part of a DDoS attack

What is the main reason for insider attacks in an organization?

When an employee is fired or assigned new roles in an organization

What is cross-site scripting (XSS) used for?

To inject malicious code into a trustworthy webpage

What is the primary association of hacking with illegal activity?

Hacking is often a malicious act

What is the primary goal of installing an internal intrusion detection system (IDS) in an organization?

To prevent insider attacks

What is the main difference between structured and unstructured attacks?

The level of maturity of the attacker

What devices can be misused by hackers?

Computers, smart phones, tablets, and networks

Who is usually responsible for tracing external attacks?

Experienced network/security administrator

What is the result of a visitor's action on a webpage infected with XSS?

The visitor is infected with malicious code

What is the result of a successful external attack on an organization?

Financial loss and reputation loss

What is the traditional view of hackers?

A lone rogue programmer

What can be the result of a DDoS attack?

The website is disrupted or shut down

What type of attacks are performed by amateur attackers?

Unstructured attacks

What is the primary goal of hacking?

To cause damage to or corrupt systems

What is the primary characteristic of a structured attack?

Performer is highly skilled and experienced

What is the primary purpose of an external attacker?

To scan and gather information

What is the primary goal of an IP address spoofing attack in a DoS attack?

To overwhelm the target with network traffic

What is the purpose of Address Resolution Protocol (ARP)?

To resolve an IP address to its physical MAC address

What can an attacker do by spoofing a computer or device's IP address?

Gain access to a network that authenticates users based on their IP address

What is the result of a successful ARP spoofing attack?

The attacker can steal or modify data meant for the owner of the IP address

What type of attack often involves caller ID spoofing?

Fraud attacks

What is the primary goal of an IP address spoofing attack?

To hide the attacker's true identity

What is the target of an IP address spoofing attack in a DoS attack?

The owner of the real IP address

What is the common use of IP address spoofing attacks?

To launch a DoS attack

What is the main difference between white hat hackers and grey hat hackers?

Grey hat hackers publicly exploit vulnerabilities, while white hat hackers do not.

What is the primary goal of grey hat hackers?

To raise awareness about vulnerabilities for the common good.

What was the result of Romanion Hacker TinKode aka Razvan Cernaianu's actions on PayPal?

A user could double their money on every attempt.

What is the characteristic of a grey hat hacker?

They attempt to violate standards and principles without intending to do harm or gain financially.

What is the main difference between a white hat hacker and a black hat hacker?

White hat hackers are hired by organizations to test and discover potential holes in their security defenses, while black hat hackers are motivated by malicious intentions.

What is the role of a white hat hacker in an organization?

To test and discover potential holes in the organization's security defenses.

What is the primary purpose of PayPal's encryption techniques?

To ensure secure money transfer between users.

What is the goal of grey hat hackers when they exploit a vulnerability?

To raise awareness about the vulnerability for the common good.

Study Notes

Insider Attacks

• Insider attacks occur when an employee or insider uses their access to sensitive information to steal or crash the network.
• The reasons for insider attacks include when an employee is fired or assigned new roles, and their role is not reflected in the IT policies.
• Insider attacks can be prevented by planning and installing an internal intrusion detection system (IDS) in the organization.

External Attacks

• External attacks occur when an attacker is either hired by an insider or an external entity to the organization.
• The organization which is a victim of cyber attack faces financial loss and loss of reputation.
• External attacks can be traced out by analyzing firewall logs and installing Intrusion Detection Systems.

Classification of Cyber Attacks

• Cyber attacks can be classified as structured and unstructured attacks based on the level of maturity of the attacker.
• Unstructured attacks are performed by amateurs who don't have any predefined motives and try to test tools available over the internet.
• Structured attacks are performed by highly skilled and experienced people with clear motives and access to sophisticated tools.

Reasons for Cyber Attacks

• Money is a major motivator for committing cyber crime.
• Revenge, fun, recognition, and anonymity are also reasons for committing cyber crime.
• Anonymity in the cyber world makes it easier to commit crimes and get away with them.

Types of Malware

• Virus: a malicious code written to damage/harm the host computer by deleting or appending files, occupying memory space, slowing down performance, or formatting the host machine.
• Worms: a class of virus that can replicate themselves and spread over the network without human intervention.
• Trojan horse: a malicious code that is installed in the host machine by pretending to be useful software.

Spoofing Attacks

• IP address spoofing attacks: an attacker sends IP packets from a spoofed IP address to hide their true identity.
• ARP spoofing attacks: an attacker sends spoofed ARP messages to link their own MAC address with a legitimate IP address.
• URL injection: a malicious hacker injects malicious code into a trustworthy web page through weaknesses in IT infrastructure.
• Cross-site scripting (XSS) attack: a malicious hacker injects malicious code into a trustworthy web page, which springs into action when a user performs a certain action.

Hacking and Hackers

• Hacking is the act of compromising digital devices and networks through unauthorized access to an account or computer system.
• Hacking is not always malicious, but it is commonly associated with illegal activity and data theft.
• A traditional view of hackers is a lone rogue programmer, but this narrow view does not cover the true technical nature of hacking.

Malware and Cyber Attacks

• Malware can be downloaded onto a host computer while downloading freeware or free application programs from the internet
• Types of malware include:
  • Virus: malicious code that can damage/harm the host computer, replicate itself, slow down computer performance, and format the host machine
  • Worms: a class of virus that can replicate themselves and spread over a network without human intervention
  • Trojan horse: malicious code that pretends to be useful software, damages the host computer, and creates a backdoor for remote control
  • Rootkits: malware that infects a PC on a deeper level, making them undetectable, and can enslave computers into a botnet
  • Ransomware: type of malware that encrypts data and demands a ransom to restore access
  • Spyware: malware that steals sensitive information from the target machine
  • Adware: malware used for forced advertising
• Cyber attacks include:
  • Denial-of-service (DoS/DDoS) attacks: flooding a user's internet connection with useless information to disrupt their internet use
  • Whaling: targeting high-value individuals, such as CEOs or politicians, with personalized phishing attacks
  • Phishing attacks: tricking victims into providing personal information or performing a certain action
  • Cyber espionage: government involvement in cyber trespassing for political, economic, or social motives
• Examples of malware attacks and infections include:
  • Stuxnet, a virus believed to be developed by the US, which attacked Iran's nuclear facility at Natanz
  • A fake tweet message that cost $136 billion in losses within seconds
  • A phishing attack that led to a hack of Associated Press's Twitter account, causing a stock market crash

Cyber Attacks

• A cyber attack is an attack initiated from a computer against a website, computer system, or individual computer that compromises the confidentiality, integrity, or availability of the computer or information stored on it.

Classification of Cyber Attacks

• Cyber attacks can be classified into two categories: Insider Attack and External Attack.
• Insider Attack: An attack to the network or computer system by someone with authorized system access, often motivated by revenge or greed.
• External Attack: An attack by an external entity, often hired by an insider, that can be traced through firewall logs and prevented by Intrusion Detection Systems.

Types of Cyber Attacks

• Structured Attacks: Performed by highly skilled and experienced individuals with clear motives.
• Unstructured Attacks: Performed by amateurs who lack predefined motives and often test readily available tools on random companies.
• Cyber Espionage: Government-initiated cyber trespassing for political, economic, or social reasons.

Various Types of Cyber Attacks

• Phishing Attacks: Malicious hackers trick victims into taking a certain action, often by sending emails that appear to be from a trustworthy source.
• Grey Hat Hackers: Individuals who violate standards and principles without intending to do harm or gain financially, often to raise awareness about vulnerabilities.

Famous Cyber Attacks

• Paypal Attack: Romanion hacker TinKode exploited a loophole in the chargeback process, allowing users to double their money endlessly.
• Stuxnet Attack: A virus developed by the US (believed to be) attacked Iran's nuclear facility at Natanz, speeding up or slowing down centrifuges and sending false signals about the health and status of the nuclear plant.
• AP Twitter Hack: A fake tweet message sent via a hacked Twitter account of Associated Press, USA, caused a $136 billion loss within seconds by reporting false information about the White House and President Barack Obama.

Insider Attack

• Insider attacks occur when an employee with access to the organization's network and systems misuses their privileges to steal sensitive information or crash the network.
• The reason for insider attacks is often due to a lack of reflection of role changes in IT policies, creating a vulnerability window for the attacker.
• Insider attacks can be prevented by planning and installing an internal intrusion detection system (IDS) in the organization.

External Attack

• External attacks occur when an attacker is hired by an insider or an external entity to attack the organization.
• The attacker scans and gathers information about the organization, and the organization faces financial loss and loss of reputation as a result.
• External attacks can be traced by carefully analyzing firewall logs, and Intrusion Detection Systems can be installed to keep an eye on external attacks.

Types of Cyber Attacks

• Cyber attacks can be classified as structured and unstructured attacks based on the level of maturity of the attacker.
• Unstructured attacks are performed by amateurs who don't have any predefined motives and try to test tools available on the internet.
• Structured attacks are performed by highly skilled and experienced people with clear motives.

Malware

• Virus: a malicious code written to damage or harm the host computer, which can be spread via email attachments, pen drives, digital images, etc.
• Worms: a class of virus that can replicate themselves and spread through the network, consuming network resources.
• Trojan horse: a malicious code installed in the host machine by pretending to be useful software, which can be used to commit fraud.

Spoofing Attacks

• IP address spoofing attacks: an attacker sends IP packets from a spoofed IP address to hide their true identity, often used in DoS attacks.
• ARP spoofing attacks: an attacker sends spoofed ARP messages to link their own MAC address with a legitimate IP address, allowing them to steal or modify data.

Cross-Site Scripting (XSS) Attack

• XSS attack: a malicious hacker injects malicious code into a trustworthy web page, which springs into action when a user performs a certain action, infecting the user.
• XSS attack is often used to redirect users to different websites or to steal sensitive information.

Hacking and Hackers

• Hacking: the act of compromising digital devices and networks through unauthorized access, often associated with illegal activity and data theft.
• White hat hackers: hired by organizations to test and discover potential holes in their security defenses.
• Grey hat hackers: sit between the good and bad guys, attempting to violate standards and principles but without intending to do harm or gain financially.

Famous Cyber Attacks

• Paypal hack: a Romanian hacker exploited a loophole in the code of the chargeback process of PayPal, allowing users to double their money in every attempt.

Description

This quiz covers the threats and risks of insider attacks in organizations, including reasons and consequences. It also discusses the importance of IT policies in preventing such attacks.