1.2 Attack Types

Question 1

Define Ransomware

Answer 1

Denying one access to their data until a ransom is paid

Question 2

Define Trojan

Answer 2

Malicious software disguised as a valid program to trick users into installing it

Question 3

Define Worm

Answer 3

Malware that can spread without any human interaction

Question 4

What is the difference between a virus and a worm?

Answer 4

Virus requires human interaction to be installed, a worm is able to install and spread itself

Question 5

Define Potentially unwanted programs (PUPs)

Answer 5

Programs that aren’t necessarily harmful, but cause unwanted annoyances, like pop-up ads, alternate internet search engines

Question 6

How do fileless viruses evade detection?

Answer 6

By running as a valid process, such as Flash, JavaScript, or PowerShell, modify registry to add to start-up programs/processes

Question 7

Define Fileless virus

Answer 7

A virus that runs in memory but is never installed to the hard drive and evades detection by anti-virus programs with this technique

Question 8

Define Command and Control

Answer 8

Server that controls the bots established in a botnet

Question 9

Define Bots/Botnet

Answer 9

Infecting multiple computers with a virus to launch complex attacks coming from multiple locations, such as a DDoS (Distributed Denial of Service) attack

Question 10

Define Crypto-malware

Answer 10

Type of ransomware that encrypts ones data until a ransom is paid to get the decryption key

Question 11

How to protect against crypto-malware attacks (other than anti-virus/malware)?

Answer 11

Keep system backups on device inaccessible from the computer/server

Question 12

Define Logic Bomb

Answer 12

Malware designed to take action in the future based on a date or action

Question 13

Define Spyware

Answer 13

Malware that forwards information, such as keystrokes or internet browsing history, to a threat actor

Question 14

Define Keylogger and its attack advantage (2)

Answer 14

1. Malware that can send typed input, clipboard data and screenshots to an attacker
2. bypasses encryption so can get passwords

Question 15

Define Remote access trojan (RAT)

Answer 15

Malware that allows complete remote control of a system

Question 16

Define Rootkit

Answer 16

Malware that embeds in the kernel of the OS and is very difficult to remove or detect

Question 17

What is the best way to protect against Rootkits?

Answer 17

UEFI BIOS secure boot to prevent boot if kernel has been modified

Question 18

Define Backdoor

Answer 18

Creation of an opening in the system to bypass security and allow installation of other malware or remote system access

Question 19

Define Password attack - Spraying

Answer 19

To avoid account lockout, just a few common passwords from a list are tried before moving on

Question 20

Define Password attack - Dictionary

Answer 20

Sub-type of brute force attack that uses a pre-defined list of common words to find a password match

Question 21

Define Password Attack - Offline vs Online

Answer 21

1. An online password attack has limited potential since actively trying username/passwords is limited to a certain number of failed attempts before the account is locked out
2. Offline password attacks are done by obtaining the files containing usernames/passwords and then cracking those with equipment offline or separate from the live website or organization

Question 22

Define Password attack - Brute force

Answer 22

Trying every possible combination of letters, numbers and characters until the password match is found

Question 23

Define Password attack - Rainbow tables

Answer 23

A dictionary that stores the hashed result of the plaintext password, instead of the plaintext

Question 24

Define Password attack - Plaintext/unencrypted

Answer 24

Passwords stored as plaintext, if compromised, every password in that file or database are compromised

Question 25

Malicious USB cable

Answer 25

Normal looking USB cable that has additional electronics inside allowing it to compromise any system that it is plugged into

Question 26

Malicious flash drive

Answer 26

1. Same capabilities as malicious USB cable
2. Also can have malware embedded in normal looking files that executes upon opening the file

Question 27

Card cloning

Answer 27

Copying the magnetic strip of a card onto a new card that an attacker can use

Question 28

True/False: Chips on cards can be cloned

Answer 28

False

Question 29

Skimming

Answer 29

Obtaining card information from the magnetic strip when a card is swiped or from the system that has the magnetic strip reader

Question 30

Adversarial AI - Tainted training data for machine learning (ML)

Answer 30

Providing invalid data to an AI system to influence its learning process so that it produces a malicious output, also called “poisoning”

Question 31

Adversarial AI - Security of machine learning algorithms

Answer 31

If AI data has personal information, attackers can figure out how to manipulate the AI to obtain that information

Question 32

Supply-chain attacks

Answer 32

Exploitation of vendors used by an organization for attacks

Question 33

2 Examples of Supply-chain attacks

Answer 33

1. Compromising equipment before vendor delivers it to the organization
2. Compromising security credentials vendor uses to access the organization

Question 34

Advantage of using on-premises infrastructure

Answer 34

Complete control and knowledge of the security of stored data

Question 35

Advantages of using cloud-based infrastructure (2)

Answer 35

1. Advantages of large-scale, higher, security that may be out of budget or skill for an organization to implement
2. Implementing changes is much since it usually involves just spinning up a virtual device

Question 36

Cryptographic attack - Birthday

Answer 36

A brute force attack to break encryption due to hash collisions

Question 37

Cryptographic attack - Collision

Answer 37

When a hashing algorithm produces the same hash for at least 2 different inputs

Question 38

How to prevent birthday/collision based attacks

Answer 38

Use longer hashes

Question 39

Cryptographic attack - Downgrade

Answer 39

A man-in-the-middle attack that influences the encryption level chosen between 2 end devices for the transport of data to be a lower, less secure encryption so that it can be more easily broken and intercept the communication