1.2

Question 1

Malware

Answer 1

Malicious software –
These can be very bad
* Gather information
–Keystrokes
* Participate in a group
–Controlled over the ‘net
* Show you advertising
–Big money
* Viruses and worms
–Encrypt your data
–Ruin your da

Question 2

Ransomware

Answer 2

• The attackers want your money
  –They’ll take your computer in the meantime
• May be a fake ransom
  –Locks your computer “by the police”
• The ransom may be avoided
  –A security professional may be able to removethese kinds of malware

Question 3

Trojan

Answer 3

Doesn’t really care much about replicating
* Circumvents your existing security
–Anti-virus may catch it when it runs
–The better Trojans are built to avoid and disable AV
* Once it’s inside it has free reign
–And it may open the gates for other programs

Question 4

Worms

Answer 4

Malware that self-replicates–Doesn’t need you to do anything
–Uses the network as a transmission medium–Self-propagates and spreads quickly
* Worms are pretty bad things
–Can take over many systems very quickly
* Firewalls and IDS/IPS can mitigate many worm infestations
–Doesn’t help much once the worm gets inside

Question 5

PUP

Answer 5

A Potentially Unwanted Program (PUP) is identified by antivirus/anti-malware as potentially undesirable software, often installed along with other software. Examples include an overly aggressive browser toolbar, a backup utility displaying ads, and a browser search engine hijacker. Detection and removal of PUPs are crucial for maintaining a secure computing environment. Users should rely on reputable security software and exercise caution during software installations to mitigate the risks associated with PUPs.

Question 6

Fileless virus:

Answer 6

A type of malware that operates without leaving traditional files on a system, making it challenging to detect using standard antivirus methods. It leverages scripts and memory-resident components to carry out malicious activities.

Question 7

Command and control

Answer 7

: A mechanism used by malware to communicate with a remote server or entity, allowing attackers to issue commands, receive instructions, and control compromised systems.

Question 8

Bots:

Answer 8

Software applications that run automated tasks over the internet. In the context of cybersecurity, bots can be malicious and operate as part of a botnet, controlled by a command and control server.

Question 9

Cryptomalware:

Answer 9

Malicious software that encrypts files on a victim’s system, rendering them inaccessible until a ransom is paid. It is a type of ransomware that focuses on encrypting rather than stealing data.

Question 10

Logic bombs:

Answer 10

Malicious code intentionally inserted into software or systems to execute a harmful action when specific conditions are met, such as a particular date or event.

Question 11

Spyware:

Answer 11

Software designed to secretly gather information about a user’s activities and transmit it to a third party without the user’s knowledge or consent.

Question 12

Keyloggers:

Answer 12

Malicious programs that record keystrokes on a computer, capturing sensitive information such as passwords and credit card numbers.

Question 13

Remote access Trojan (RAT)

Answer 13

: A type of malware that allows unauthorized access and control of a victim’s computer from a remote location. It enables attackers to perform various malicious activities.

Question 14

Rootkit:

Answer 14

Malicious software that provides privileged access to a computer while hiding its presence from detection. Rootkits often modify the operating system to maintain persistent control.

Question 15

Backdoor:

Answer 15

A hidden or unauthorized access point in a computer system that allows remote control or unauthorized access. Backdoors can be exploited by attackers to gain entry without detection.

Question 16

Spraying:

Answer 16

In this attack, the attacker attempts to gain access by trying a few commonly used passwords against many accounts. It’s a low and slow approach to avoid detection.

Question 17

Dictionary

Answer 17

: This attack involves systematically trying every word in a dictionary or a list of common passwords to gain unauthorized access.

Question 18

Brute Force (Offline):

Answer 18

In an offline brute force attack, the attacker attempts to guess the password by systematically trying all possible combinations. This is done by trying different passwords without any network interaction.

Question 19

Brute Force (Online):

Answer 19

In an online brute force attack, the attacker systematically tries different passwords by interacting with the target system, often exploiting vulnerabilities that allow multiple login attempts.

Question 20

Rainbow Table:

Answer 20

Rainbow table attacks use precomputed tables with hashed passwords. By comparing the hash of the stolen password with entries in the table, attackers can quickly find the original password.

Question 21

Plaintext/Unencrypted:

Answer 21

This is not a specific attack but a vulnerability. Storing passwords in plaintext or unencrypted form makes it easier for attackers to gain access by directly reading the passwords from the system.

Question 22

Malicious Universal Serial Bus (USB) Cable:

Answer 22

Attackers may use specially crafted USB cables to exploit vulnerabilities in devices when connected. This could involve injecting malware or executing unauthorized commands.

Question 23

Malicious Flash Drive:

Answer 23

Attackers can use infected or specially crafted USB flash drives to introduce malware, steal data, or compromise systems when the drive is connected to a target device.

Question 24

Card Cloning:

Answer 24

In card cloning attacks, criminals use devices to surreptitiously copy data from credit or debit cards. This stolen information is then used to create unauthorized copies of the cards.

Question 25

Skimming:

Answer 25

Skimming involves the use of a malicious device, often discreetly attached to legitimate card readers, to capture and record information from credit or debit cards as users swipe or insert them.

Question 26

Tainted Training Data for Machine Learning (ML):

Answer 26

In this type of attack, adversaries inject malicious or manipulated data into the training dataset used to train machine learning models. By doing so, they aim to influence the model's behavior, leading to inaccurate predictions or biased outcomes.

Question 27

Security of Machine Learning Algorithms:

Answer 27

Ensuring the security of machine learning algorithms involves protecting them from various threats, including adversarial attacks. This includes implementing measures to detect and mitigate attacks aimed at manipulating input data or exploiting vulnerabilities in the algorithm itself.

Question 28

Supply-Chain Attacks

Answer 28

Supply-chain attacks involve targeting vulnerabilities in the supply chain, which includes the processes and systems that deliver products or services. Attackers exploit weaknesses in the supply chain to compromise the final product or service and, consequently, the end users. This can include injecting malicious code into software during development, compromising hardware components, or infiltrating distribution channels. Supply-chain attacks pose a significant threat as they can impact a large number of users and organizations by exploiting trust in the supply chain.

Question 29

Cloud-based vs. On-Premises Attacks:

Answer 29

Cloud-based attacks target vulnerabilities within cloud computing environments, where data and applications are hosted on remote servers. These attacks may exploit misconfigurations, insecure application programming interfaces (APIs), or other weaknesses in cloud infrastructure. On the other hand, on-premises attacks target vulnerabilities within an organization's physical, in-house infrastructure. Both types of attacks aim to compromise data, disrupt services, or gain unauthorized access, but they differ in the environment they target. Organizations need to implement specific security measures for both cloud-based and on-premises environments, considering factors like data encryption, access controls, and regular security assessments to protect against evolving threats in each context.

Question 30

Birthday Attack:

Answer 30

Description: A birthday attack exploits the probability of two different inputs producing the same hash value in a hash function. Despite the name, it does not necessarily involve birthdays but refers to the probability of a collision (two inputs producing the same hash) increasing as more inputs are processed. Impact: Successful birthday attacks could compromise the integrity and security of cryptographic hash functions.

Question 31

Collision Attack:

Answer 31

Description: Collision attacks aim to find two different inputs that produce the same hash value in a hash function. When successful, this undermines the integrity of the hash function, as distinct inputs should ideally result in distinct hash values. Impact: Collision attacks can be particularly problematic for digital signatures and certificate authorities.

Question 32

Downgrade Attack:

Answer 32

Description: In a downgrade attack, an attacker manipulates the communication between two parties to force the use of weaker cryptographic algorithms or protocols. This is often done when stronger security measures are available but not enforced. Impact: Downgrade attacks can weaken the overall security of a system, as attackers can exploit vulnerabilities in older or less secure cryptographic algorithms.