2.2 Flashcards

1
Q

Threat Vector and Examples

A

How an attacker gains access,
- message based, images or files sent, phishing, removable devices, unsecure networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Attack Surface

A

Where attacker gain access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Social Engineering Threat Vector -Brand impersonation

A

pretending to be cisco on twitter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Social Engineering Threat Vector- Typo Squatting aka url hijacking

A

registering gnail.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Social Engineering Threat Vector- Watering Hole

A

compromising the watering hole and waiting for users who normally would trust the website they are visiting. Waiting for someone to enter CC number in “bank’s” website

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Social Engineering Threat Vector Pretexting

A

Giving some info that seems true so the user will provide more information.
This can involve piggybacking (pretending to be someone you’re not)
It can be a form of phishing and gathering info about a person so they divulge more
could be pretending to be a company they work with over the phone etv

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Social Engineering Threat Vector Phishing

A

Impersonating a trusted entity to trick victims into revealing sensitive information about themselves

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Baiting

A

attacker leaves a malware infected USB in a location where target may find it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Spear Phishing

A

sending fraudulent email that appear to be from reputable sources but targeted toward specific users. has a high success rate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Whaling

A

a form of spear phishing that targets high profile individuals like the CEO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

BEC

A

Business Email Compromise. Phishing attack. Someone’s email is compromised and attacker takes it over to steal sensitive info, redirect payments etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Smishing

A

SMS phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Fraud (includes identity fraud and theft)

A

wrongful or criminal deception that is intended to result in financial or personal gain for the attacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Identity Fraud

A

attacker takes victims CC and tries to use it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Identity Theft

A

attacker fully assumes the identity of their bictim

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Scams

A

Deceptive act or operation

17
Q

Invoice Scam

A

a person is tricked into paying for a fake invoice for a product or service they didn’t order. (attacker uses pretexting to call a secretary and tell them toners are ready to ship out tmrw and once they say ok its on record so they have to pay for it)

18
Q

Influence Campaign

A

Coordinated efforts to affect public perception or behavior towards a particular
cause, individual, or grou

19
Q

Misinformation

A

false or inaccurate info shared without harmful intent

20
Q

Disinformation

A

deliberate creation and sharing of false information with the intent to deceive or misleadD

21
Q

diversion Theft

A

manipulating a situation or creating a distraction to steal valuable items or information

22
Q

Hoaxes

A

malicious deception that is often spread through social media, email or other channelsSho

23
Q

Shoulder Surfing

A

looking over someone’s shoulder to gather personal information

24
Q

Dumpster Diving

A

looking through trash to find valuable information

25
Q

Eavesdropping

A

listening to privately held conversations

26
Q

Piggybacking

A

attacker convinces employee to let them into facility

27
Q

Tailgating

A

attacker attempts to follow an employee through access control vestibule without employees knowledge

28
Q

Supply Chain Attacks

A

an attack that targets a weaker link in the supply chain to gain access to a primary target. Exploit vulnerabilities in suppliers or service providers to access more secure systems

29
Q

CHIPS Act of 2022

A

US funding to promote semi conductor research in the US.

30
Q

Semiconductors

A

essential components in a wide range of product from smartphones, to medical devices

31
Q

Firmware Vulnerabilities

A

Specialized software stored on hardware devices
● Can grant attackers full control, leading to unauthorized access or
takeover

32
Q

End of Life System

A

no updates or support from manufacturer

33
Q

Legacy System

A

outdated and superseded by newer alternatives

34
Q

Unsupported

A

no official support, security updates or patches

35
Q

Unpatched systems

A

devices apps or software without latest security patches