Introduction to Cybersecurity Concepts

Questions and Answers

Which of the following best describes the primary goal of cybersecurity?

• Enhancing hardware performance and durability.
• Protecting computer networks, devices, and information from damage, loss, or unauthorized access. (correct)
• Developing advanced software applications.
• Maximizing network bandwidth and speed.

In the context of IT security, what does prioritizing data sensitivity involve?

• Duplicating data across multiple servers for redundancy.
• Categorizing data based on file size for efficient storage.
• Organizing data alphabetically for easy retrieval.
• Categorizing data to determine the level of protection required based on its confidentiality and importance. (correct)

What is the MOST commonly identified cause of security breaches?

• Outdated hardware
• Software vulnerabilities
• Network congestion
• Human error (correct)

The CIA Triad is a cornerstone of information security. What does the 'I' in the CIA Triad represent?

Integrity (D)

Which principle of the CIA Triad is directly threatened by a Distributed Denial of Service (DDoS) attack?

Availability (B)

The DAD Triad represents threats to cybersecurity. What does 'Alteration' refer to in this model?

Unauthorized changes to data that cannot be validated. (B)

What is the primary function of Authentication, Authorization, and Accounting (AAA) in information security?

To control resource access, enforce policies, and audit usage. (B)

A 'hacktivist' is primarily motivated by what?

Ideology (D)

Which type of threat actor is MOST likely to target critical infrastructure to incite fear and disruption?

Cyberterrorist (C)

What distinguishes a 'Grey Hat' hacker from a 'Black Hat' hacker?

Grey Hat hackers may operate both legally and illegally, while Black Hat hackers operate illegally. (C)

What is the definition of an 'attack vector' in the context of cybersecurity?

A specific method used by a threat actor to gain unauthorized access to a system, network, or facility. (C)

Which of the following is NOT considered a core component of an attack vector?

Encryption (D)

What is the primary goal of threat intelligence?

To collect and analyze information to prevent cyber threats. (D)

What does the Common Vulnerability Scoring System (CVSS) provide?

A ranking system for assessing the severity of vulnerabilities. (B)

In the Cyber Kill Chain model, what is the objective of the 'Reconnaissance' stage?

Gathering information about the target (A)

Which of the following social engineering techniques involves creating a false sense of urgency or emergency to manipulate a target?

Pretexting (A)

What is 'tailgating' in the context of physical security and social engineering?

Gaining unauthorized access by following an authorized person (B)

Which of these insider threat types is characterized by actions that include espionage, fraud and theft?

Malicious (A)

What is the purpose of 'Security awareness programs' in protecting an organization's assets?

To train employees to recognize and avoid security threats. (A)

What is the primary characteristic that distinguishes a 'worm' from a 'virus'?

Viruses require a host to spread, while worms can self-replicate and spread independently. (D)

Flashcards

What is Cybersecurity?

Protecting computer networks, devices, and information from damage, loss, or unauthorized access.

What does InfoSec include?

Tools and processes used to prevent, detect, and remediate attacks and threats to sensitive information.

What is the CIA Triad?

Confidentiality, Integrity, and Availability. Principles of information security.

What is Disclosure?

Unauthorized exposure of confidential data.

What is Alteration?

Unauthorized alterations of data that cannot be validated.

What is Denial?

Prevents authorized parties from accessing data.

What is AAA?

A security framework that controls resources, enforces policies, and audits usage.

Who are Threat Actors?

Individuals or groups attempting to steal, sabotage, or block access to systems and data.

What is an Attack Vector?

A method used by a bad actor to illegally access or inhibit a network, system, or facility.

What is a Vulnerability?

Weakness in a system that can be exploited.

What is Mechanism?

The method or tool used to carry out the attack.

What is Pathway?

The route taken to deliver the attack to the target.

What is Ransomware?

Encrypts files and demands a ransom.

What is a Trojan Horse?

Malicious software disguised as legitimate.

What are DDoS Attacks?

Overwhelms a server with traffic.

What are Zero-Day Exploits?

Attacks targeting undiscovered vulnerabilities.

What is Phishing?

Fraudulent emails trick users into revealing credentials or installing malware.

What is Spear Phishing?

Targets a specific individual, group, or organization.

What is Quid pro quo?

One thing for another (e.g. Service in return for info such as user credentials).

What is Eavesdropping?

Listening on a conversation (digitally speaking, snooping or sniffing in a network).

Study Notes

Introduction to Cybersecurity

• Cybersecurity protects computer networks, devices, and information from damage, loss, and unauthorized access.
• InfoSec includes tools and processes to prevent, detect, and remediate attacks and threats to sensitive information.
• IT security categorizes data to prioritize its sensitivity as protected (confidential, secret, top secret) or unprotected (no special security measures required).
• Information System Security protects against unauthorized access, modification, destruction, and denial of access.
• Human error causes most security breaches.
• Security awareness training for phishing and social engineering and regular secure backups for data recovery are protective measures.

Principles of Information Security

• The CIA Triad outlines the principles of information security:
  • Confidentiality ensures data is kept private.
  • Integrity prevents unauthorized data modification, keeping data free of tampering.
  • Availability ensures data is accessible to authorized users.
• The DAD Triad represents the threats to cybersecurity, the opposite of CIA:
  • Disclosure exposes confidential data to unauthorized parties.
  • Alteration leads to unauthorized changes of data, making data unvalidated.
  • Denial prevents authorized parties from accessing data through DDoS attacks.
• AAA (Authentication, Authorization, and Accounting) is a security framework that controls resources, enforces policies, and audits usage while screening users and tracking activity.

The Threat Landscape

• Threat actors are individuals or groups attempting to steal, sabotage, or block access to systems and data.
• Types of bad actors include:
  • Explorers who identify vulnerabilities out of curiosity or for recognition.
  • Hacktivists who are ideologically motivated and often use DDoS attacks.
  • Cyberterrorists who target critical infrastructure to incite fear and disruption.
  • Cybercriminals who are motivated by financial gain through phishing, identity theft, and ransomware.
  • Cyberwarriors, sponsored by the state, conduct espionage, extortion, and cyberwarfare.
• Categories of hackers:
  • White Hats are ethical hackers who perform security testing.
  • Black Hats are malicious hackers who break into systems illegally.
  • Grey Hats potentially operate legally and illegally.
  • Blue Hats are security consultants hired to test systems before release.
• Cybersecurity threats exploit vulnerabilities.
• An attack vector is a method used by a bad actor to illegally access or inhibit a network, system, or facility.
• An attack surface represents the total number of entry points (sum of vulnerabilities) exploited by an attack vector.
• Attack vector components:
  • Vulnerability is a weakness in a system that can be exploited.
  • Mechanism is the method or tool used to carry out the attack.
  • Pathway is the route taken to deliver the attack to the target.
• Common Cybersecurity Attack Vectors:
  • Pre-Exploitation includes phishing, brute-force attacks, and social engineering.
  • Post-Exploitation includes ransomware, trojan horses, DDoS attacks, and zero-day exploits.

Threat Intelligence

• Threat intelligence involves collecting and analyzing information to prevent cyber threats, providing security implications and actionable advice.
  • Internal threat intelligence is found in network logs, past incidents, and penetration testing.
  • External threat intelligence comes from government agencies, security vendors, and open-source intelligence.
  • The Common Vulnerability Scoring System (CVSS) ranks vulnerabilities on a scale of 1 to 10.

Attack Frameworks

• The Cyber Kill Chain (Lockheed Martin) is a 7-stage model describing an attack’s lifecycle.
• MITRE ATT&CK is a database of real-world attack techniques for defense strategies, providing a common taxonomy for understanding and mitigating cyberattacks.
• The stages of the Cyber Kill Chain:
  • Attacker gains information
  • Attacker creates a payload (e.g., malware)
  • Attacker delivers the payload
  • Attacker uses the payload to gain access to the target network
  • Attacker establishes a foothold in the system
  • Attacker establishes communication
  • Attacker extracts data

Social Engineering

• Social engineering uses human emotions to manipulate a target.
• Attack methods:
  • Phishing uses fraudulent emails to trick users into revealing credentials or installing malware.
    • Whale phishing targets high-level targets, such as CEOs or CFOs.
    • Spear phishing targets specific individuals, groups, or organizations.
    • Vishing & Smishing is social engineering via phone or SMS.
  • Quid pro quo offers one thing for another, such as service in return for user info.
  • Pretexting invokes an emotional response using a fabricated scenario.
  • Baiting tempts action with infected USB drives or fake rewards.
  • Scareware instills fear through misinformation.
  • Watering holes target sites the target frequents.
  • Honeypot traps attract users with something enticing.
  • Tailgating involves gaining unauthorized access by following an authorized person.
  • Shoulder surfing uses direct observation techniques.
  • Dumpster diving involves looking for information in someone else’s garbage or recycle bin.
  • Eavesdropping involves listening to conversations digitally or through sniffing a network.
  • Pharming redirects computer traffic from legitimate websites to malicious ones.

Insider Threats

• An insider threat is someone within an organization with authorized access who poses a physical or cyber threat.
• Types of insiders:
  • Negligent insiders
    • Pawn insiders are manipulated by bad actors
    • Goof insiders are deliberately careless but do not have malicious intent
  • Malicious insiders take actions including espionage, fraud, intellectual property theft, and sabotage.
    • Mole insiders secretly spy for an external entity.
    • Collaborator insiders work with outsiders to harm the organization.
    • Lone wolf insiders act alone for personal gain or revenge.
• Network actions to protect an organization’s assets:
  • Security awareness programs to train employees.
  • Monitoring & Behavioral Analytics (UEBA) to detect anomalies.

Frauds, Scams, and Influence Campaigns

• Cyber fraud uses social engineering and/or malware to defraud or take advantage of a person or organization.
• Cyber scams are a type of fraud, generally classified as petty or not as serious as cyber fraud.
• Online influence campaigns are large-scale efforts to shift public opinion:
  • Create fake user accounts
  • Create content
  • Post content
  • Real people see and share
  • Mass media amplifies message

Malware

• Symptoms of computer malware infection:
  • Degraded performance
  • Pop-up windows
  • Automatically launching or shutting down applications
  • Applications not launching
  • Accounts locked
  • Computer crashing
  • Mass emails sent from email account
  • Changes to homepage or browser settings
• A computer virus:
  • Is invoked by a user
  • Is Attached to applications
  • Is designed to spear to other devices on the network
• Types of computer viruses:
  • Resident infects apps when they are opened
  • Non-resident infects .exe files when they are not running
  • Multipartite infects many computers and remains in memory
  • Direct action accesses main memory and infects everything
  • A browser hijacker changes browser settings
  • Overwrite deletes and replaces data in files with own content
  • Web scripting attacks web browsers and injects malicious code into browsers
  • File infector overwrites files when they are opened.
  • Network cripples networks and spreads to connected devices
  • Boot sector targets master boot record and injects into the hard disk
• Types of Malware:
  • Rootkits are deeply embedded malware that’s difficult to detect.
  • A worm doesn’t need a host system and spreads to other computers without user action.
  • Keylogger records every keystroke.
  • Potentially unwanted programs (PUP) may have been unintentionally downloaded.
  • Spyware tracks computer activity and data.
  • Adware hides on a device and displays ads.
  • Dialler uses dialling features to run up phone bills.
  • Adversarial artificial intelligence is input designed to confuse neural networks.
  • Rogueware misleads target into thinking there is actual malware.
  • Botnet malware uses networks of infected devices for large-scale attacks.
  • Cryptojacking illegally uses a target’s computer to mine crypto.
• Malware Attack Vector Mechanisms
• Droppers extract files to a machine.
• A downloader is a Trojan Horse that installs itself and downloads from the internet.
• Shellcode is script-code that takes control of a computer.
• A backdoor allows unauthorized access to a computer.
• A logic bomb waits for specific conditions to execute.
• An easter egg is a hidden feature that could leave network and data exposed.