Mobile Device Security: Malware and Attacks

Questions and Answers

What is the primary goal of a mobile malware that aims to send messages on victim's phones?

• To steal personal information from the victim's device
• To install additional malware on the device
• To crash the victim's phone
• To generate revenues for hackers (correct)

What is a vulnerability of smartphone browsers and web-supported apps?

• Lack of antivirus software
• Limited storage capacity
• Vulnerability to scripting attacks (correct)
• Insufficient battery life

What is an example of how hackers can exploit non-obvious devices in corporate networks?

• Via ransomware attacks
• Through phishing emails
• By accessing a printer's inbuilt memory function (correct)
• Using diversion theft

What is the name of the malware that was discovered in September 2017?

BlueBorne (B)

What is the purpose of the 'Weeping Angel' malware?

To spy on people in a room by recording their conversations (C)

What could be a consequence of a data manipulation attack on a bank?

Customer balances would be incorrectly calculated (B)

What was the result of the hackers' tweet on the Associated Press's Twitter account?

The Dow dropped by 150 points (A)

What type of attack involves installing backdoors in network devices?

Backdoor attack (B)

What is a potential motive for hackers to launch a data manipulation attack on a company?

To bring down a competitor (D)

What type of data can be compromised by data manipulation attacks?

Healthcare, financial, and government data (D)

What is the success rate of spear phishing attacks?

70% (D)

What is the primary goal of a water holing attack?

To infect a group of people with malware (A)

What is the main tactic used in baiting attacks?

Leaving infected storage devices in public places (B)

What is the purpose of a rootkit virus in a baiting attack?

To infect computers when they boot (D)

What is the name of the attack strategy that involves infecting a website or network used by a specific group of people?

Water holing (D)

What do attackers typically gain from an external reconnaissance?

Insight into user behavior (D)

What is the primary goal of extortion attacks?

To demand money or ransom (C)

What was the purpose of the Mirai attack?

To commandeer large networks of IoT devices to generate vast illegitimate traffic (C)

What is the name of the ransomware attack that requires a payment of $300 within 72 hours?

WannaCry (D)

Why are IoT devices vulnerable to attacks?

Because manufacturers have not prioritized their security and users often leave them with default security configurations (D)

What is the term for holding computer files for ransom?

Ransomware (C)

What is a potential consequence of the backdoor being discovered in the firewall?

It will likely lead to more extensive use of similar backdoors by hackers (D)

What is the current trend in hacking techniques?

They are becoming more sophisticated (C)

What type of attack was the Mirai attack?

A type of distributed denial of service (DDoS) attack (D)

Why are backdoors similar to the one discovered in the firewall a threat?

Because they are hard to find and can be extensively used by hackers (A)

What happens to the money after 7 days in WannaCry ransomware attacks?

It becomes double and permanently locked (B)

What was the consequence of the failed extortion attempt in the Ashley Madison incident?

The user data of millions of people was exposed (B)

What did the hacker do with the user data in the United Arab Emirates bank incident?

Released the data to the public (B)

What is a characteristic of data manipulation attacks?

It is difficult to detect (A)

Why do hackers prefer to negotiate with owners of valuable data?

Because they can negotiate for more money (B)

What is the main reason behind the high success rate of baiting in social engineering?

Human nature to be greedy or curious (C)

What is quid pro quo commonly used for in social engineering attacks?

Offering technical assistance in exchange for access (B)

What is the primary goal of tailgating in social engineering attacks?

Gaining physical access to a restricted area (D)

What is the key difference between internal and external reconnaissance?

Internal reconnaissance is done onsite, while external is done remotely (A)

What is the purpose of internal reconnaissance in social engineering attacks?

To identify vulnerabilities in an organization's network (C)

What makes quid pro quo attacks less successful compared to other social engineering tactics?

They have a low success rate due to low-level attackers (B)

What is the primary goal of baiting attacks in social engineering?

To exploit human nature and gain access to a restricted area (D)

How do attackers often carry out quid pro quo attacks?

By calling victims and claiming to be from technical support (B)

What is the primary characteristic of tailgating attacks in social engineering?

They involve an attacker gaining unauthorized access to a restricted area (A)

Why are internal reconnaissance attacks often aided by software tools?

To interact with the target systems and find vulnerabilities (D)