1.1_ Cybersecurity Mindset Flashcards
Defining Cybersecurity Defining Attack Strategies Website Attacks Server Attacks Database Attacks NIST Cybersecurity Framework
What are the two concepts cybersecurity is centered on?
- Threat assessment- what can happen A structured process of identifying the risks posed to a group
- Risk mitigation (what are you going to do about it) Systematic reduction of the impact and/or likely occurrence of a negative
Explain:
Social Engineering
The act of deceiving an individual into revealing sensitive information, obtaining unauthorized access, or committing fraud by gaining confidence and trust.
Example: An attacker calls and claims to be from your internet provider (this is an example of vishing, or voice phishing) and asks you questions about your account, aiming to trick you into giving account information or login credentials (credential reuse).
Explain:
Phishing
A technique for attempting to acquire sensitive data, such as credit card numbers, usernames, or passwords, through fraudulent solicitation (e.g., email). The perpetrator pretends to be a reputable business or person.
Example: During the World Cup in Russia, scammers sent out phishing emails to fans offering free trips, in order to access personal information.
Explain:
Man-in-middle attack (MitM)
An attack where the adversary positions themself between the user and the system so that they can intercept and alter data traveling between them.
Example:
We download and update software daily. A remote hacker can use the lack of integrity verification (e.g., hash value) of downloads or update information to manipulate a software package with an MitM attack.
Explain:
Stolen Hardware
A hacker can simply steal a computer and use the saved credentials to login.
Explain:
Brute Force Attack
A hacker can use a brute force attack to continuously attempt username and password combinations.
Explain:
Code-injection
A hacker can use a code-injection attack in which malicious code is directly injected into the username or password fields.
Explain:
Faulty Session Management
A hacker can exploit faulty session management when developers incorrectly implement code used to maintain login and logouts.
Explain:
Malware
Hardware, software, or firmware meant to perform an unauthorized process that will compromise the confidentiality, integrity, or availability of a system (e.g., a virus, worm, Trojan horse, or other code-based entity that infects a host).
Example: In May of 2017, the WannaCry worm spread rapidly across a number of computer networks, infecting Windows computers. It encrypts files on the machine’s hard drive and demands a ransom payment in Bitcoin in exchange for decryption.
Explain:
Default Credentials
Database management systems often come with default credentials, which might be left unchanged.
Explain:
Unpatched Database
Database management systems might be unpatched against publicly known vulnerabilities.
What does Lack of Segregation mean?
The database might be set up to let a client look at another client’s data.
What is the NIST Cybersecuirty framework?
IDENTIFY > PROTECT > DETECT > RESPOND> RECOVER
Explain:
Packet sniffer
Software that monitors network traffic on wired or wireless networks and captures packets. Packet sniffers are used by network managers to monitor and analyze traffic, but hackers also use them.
Example: A user downloads a file from the internet. The file is a packet sniffer that, when installed on the network, can record and transmit any data to a hacker’s command and control server.
Explain:
Code injection:
Type of attack that injects code that is then interpreted and executed by the target application.
Example: HTML injections are used to change a website or to steal personal identifiable information (PII). HTML injections can occur via a website link, data, or input fields on web forms.
