Mobile Device Security: Malware and Attacks

Questions and Answers

What is the primary goal of a mobile malware that aims to send messages on victim's phones?

To steal personal information from the victim's device

To install additional malware on the device

To crash the victim's phone

To generate revenues for hackers (correct)

What is a vulnerability of smartphone browsers and web-supported apps?

Lack of antivirus software

Limited storage capacity

Vulnerability to scripting attacks (correct)

Insufficient battery life

What is an example of how hackers can exploit non-obvious devices in corporate networks?

Via ransomware attacks

Through phishing emails

By accessing a printer's inbuilt memory function (correct)

Using diversion theft

What is the name of the malware that was discovered in September 2017?

BlueBorne

What is the purpose of the 'Weeping Angel' malware?

To spy on people in a room by recording their conversations

What could be a consequence of a data manipulation attack on a bank?

Customer balances would be incorrectly calculated

What was the result of the hackers' tweet on the Associated Press's Twitter account?

The Dow dropped by 150 points

What type of attack involves installing backdoors in network devices?

Backdoor attack

What is a potential motive for hackers to launch a data manipulation attack on a company?

To bring down a competitor

What type of data can be compromised by data manipulation attacks?

Healthcare, financial, and government data

What is the success rate of spear phishing attacks?

70%

What is the primary goal of a water holing attack?

To infect a group of people with malware

What is the main tactic used in baiting attacks?

Leaving infected storage devices in public places

What is the purpose of a rootkit virus in a baiting attack?

To infect computers when they boot

What is the name of the attack strategy that involves infecting a website or network used by a specific group of people?

Water holing

What do attackers typically gain from an external reconnaissance?

Insight into user behavior

What is the primary goal of extortion attacks?

To demand money or ransom

What was the purpose of the Mirai attack?

To commandeer large networks of IoT devices to generate vast illegitimate traffic

What is the name of the ransomware attack that requires a payment of $300 within 72 hours?

WannaCry

Why are IoT devices vulnerable to attacks?

Because manufacturers have not prioritized their security and users often leave them with default security configurations

What is the term for holding computer files for ransom?

Ransomware

What is a potential consequence of the backdoor being discovered in the firewall?

It will likely lead to more extensive use of similar backdoors by hackers

What is the current trend in hacking techniques?

They are becoming more sophisticated

What type of attack was the Mirai attack?

A type of distributed denial of service (DDoS) attack

Why are backdoors similar to the one discovered in the firewall a threat?

Because they are hard to find and can be extensively used by hackers

What happens to the money after 7 days in WannaCry ransomware attacks?

It becomes double and permanently locked

What was the consequence of the failed extortion attempt in the Ashley Madison incident?

The user data of millions of people was exposed

What did the hacker do with the user data in the United Arab Emirates bank incident?

Released the data to the public

What is a characteristic of data manipulation attacks?

It is difficult to detect

Why do hackers prefer to negotiate with owners of valuable data?

Because they can negotiate for more money

What is the main reason behind the high success rate of baiting in social engineering?

Human nature to be greedy or curious

What is quid pro quo commonly used for in social engineering attacks?

Offering technical assistance in exchange for access

What is the primary goal of tailgating in social engineering attacks?

Gaining physical access to a restricted area

What is the key difference between internal and external reconnaissance?

Internal reconnaissance is done onsite, while external is done remotely

What is the purpose of internal reconnaissance in social engineering attacks?

To identify vulnerabilities in an organization's network

What makes quid pro quo attacks less successful compared to other social engineering tactics?

They have a low success rate due to low-level attackers

What is the primary goal of baiting attacks in social engineering?

To exploit human nature and gain access to a restricted area

How do attackers often carry out quid pro quo attacks?

By calling victims and claiming to be from technical support

What is the primary characteristic of tailgating attacks in social engineering?

They involve an attacker gaining unauthorized access to a restricted area

Why are internal reconnaissance attacks often aided by software tools?

To interact with the target systems and find vulnerabilities