4A Compare and Contrast Social Engineering Techniques

Question 1

Describe the Familiarity/Liking principal

Answer 1

The ability to be affable and likable and to be able to persuade other people to do something for you

Question 2

Describe the Consensus/Social Proof Principle

Answer 2

Refers to the fact that without an explicit instruction to behave in a certain way, many people will act just as they think others would act

Question 3

Describe the Authority and Intimidation

Answer 3

Impersonating someone of higher authority

Question 4

Describe the Scarcity and Urgency Principle

Answer 4

Using a sense of emergency to get someone to do something

Question 5

What is impersonation?

Answer 5

simply means pretending to be someone else. It is one of the basic social engineering techniques. Impersonation can use either a consensus/liking or intimidating approach. Impersonation is possible where the target cannot verify the attacker’s identity easily, such as over the phone or via an email message.

Question 6

What is dumpster diving?

Answer 6

refers to combing through an organization’s (or individual’s) garbage to try to find useful documents (or even files stored on discarded removable media).

Question 7

What is Tailgating?

Answer 7

a means of entering a secure area without authorization by following close behind the person that has been allowed to open the door or checkpoint

Question 8

What is piggy backing?

Answer 8

A similar situation, but means that the attacker enters a secure area with an employee’s permission, For instance, an attacker might impersonate a member of the cleaning crew and request that an employee hold the door open while they bring in a cleaning cart or mop bucket.

Question 9

What is Identity fraud?

Answer 9

a specific type of impersonation where the attacker uses specific details of someone’s identity

Question 10

What is shoulder serving?

Answer 10

When a threat actor obtains info by watching someone input passwords or pins on a computer

Question 11

What is a Lunchtime attack?

Answer 11

a user leaves a workstation unattended while logged on, an attacker can physically gain access to the system

Question 12

What is Phishing?

Answer 12

a combination of social engineering and spoofing. It persuades or tricks the target into interacting with a malicious resource disguised as a trusted one, traditionally using email as the vector

Question 13

What is spear phishing?

Answer 13

a phishing scam where the attacker has some information that makes an individual target more likely to be fooled by the attack. Each phishing message is tailored to address a specific target user

Question 14

What is whaling?

Answer 14

a spear phishing attack directed specifically against upper levels of management in the organization (CEOs and other “big fish”). Upper management may also be more vulnerable to ordinary phishing attacks because of their reluctance to learn basic security procedures

Question 15

What is Vishing?

Answer 15

a phishing attack conducted through a voice channel (telephone or VoIP, for instance). For example, targets could be called by someone purporting to represent their bank asking them to verify a recent credit card transaction and requesting their security details.

Question 16

What is SMiShing?

Answer 16

refers to using short message service (SMS) text communications as the vector

Question 17

What are Hoaxes?

Answer 17

An email alert or web pop-up will claim to have identified some sort of security problem, such as virus infection, and offer a tool to fix the problem. The tool of course will be some sort of Trojan application

Question 18

What is prepending?

Answer 18

adding text that appears to have been generated by the mail system

Question 19

What is Pharming?

Answer 19

a passive means of redirecting users from a legitimate website to a malicious one. Rather than using social engineering techniques to trick the user, pharming relies on corrupting the way the victim’s computer performs Internet name resolution, so that they are redirected from the genuine site to the malicious one

Question 20

What is Typosquatting?

Answer 20

the threat actor registers a domain name that is very similar to a real one, such as connptia.org, hoping that users will not notice the difference. These are also referred to as cousin, lookalike, or doppelganger domains.

Question 21

What is a Watering Hole Attack?

Answer 21

the threat actor does not have to risk communicating directly with the target. It relies on the circumstance that a group of targets may use an unsecure third-party website.

Question 22

What is Credential Harvesting?

Answer 22

a campaign specifically designed to steal account credentials. The attacker may have more interest in selling the database of captured logins than trying to exploit them directly

Question 23

What is a Influence campaign?

Answer 23

a major program launched by an adversary with a high level of capability, to shift public opinion on some topic

Question 24

What is a Virus/worms?

Answer 24

the first types of malware and spread without any authorization from the user by being concealed within the executable code of another process.

Question 25

What is a trojan?

Answer 25

malware concealed within an installer package for software that appears to be legitimate. This type of malware does not seek any type of consent for installation and is actively designed to operate secretly.

Question 26

What is a Potentially unwanted programs (PUPs)/Potentially unwanted applications (PUAs)?

Answer 26

software installed alongside a package selected by the user or perhaps bundled with a new computer system

Question 27

Describe a Non-resident/file infector

Answer 27

the virus is contained within a host executable file and runs with the host process. The virus will try to infect other process images on persistent storage and perform other payload actions. It then passes control back to the host program.

Question 28

Describe a Memory resident virus

Answer 28

when the host file is executed, the virus creates a new process for itself in memory. The malicious process remains in memory, even if the host process is terminated.

Question 29

What is a boot virus?

Answer 29

the virus code is written to the disk boot sector or the partition table of a fixed disk or USB media, and executes as a memory resident process when the OS starts or the media is attached to the computer.

Question 30

What is a Script and macro viruses?

Answer 30

the malware uses the programming features available in local scripting engines for the OS and/or browser, such as PowerShell, Windows Management Instrumentation (WMI), JavaScript, Microsoft Office documents with Visual Basic for Applications (VBA) code enabled, or PDF documents with JavaScript enabled.

Question 31

What are cookies?

Answer 31

A cookie is a plaintext file, not malware, but if permitted by browser settings, third-party cookies can be used to record pages visited, the user's IP address and various other metadata, such as search queries and information about the browser software.

Question 32

What is adware?

Answer 32

a class of PUP/grayware that performs browser reconfigurations, such as allowing tracking cookies, changing default search providers, opening sponsor's pages at startup, adding bookmarks, and so on. Adware may be installed as a program or as a browser extension/plug-in

Question 33

What is a bot?

Answer 33

an automated script or tool that performs some malicious activity.

Question 34

What is a Rootkit?

Answer 34

Malware able to execute without requiring any authorization using SYSTEM privileges

Question 35

What is Crypto-malware?

Answer 35

hijacks the resources of the host to perform cryptocurrency mining. This is referred to as crypto-mining or cryptojacking.

Question 36

What is the other type of crypto-malware?

Answer 36

class of ransomware attempts to encrypt data files on any fixed, removable, and network drives

Question 37

What is a logic bomb?

Answer 37

types of malware do not trigger automatically. Having infected a system, they wait for a pre-configured time or date (time bomb) or a system or user event

Question 38

What are some indicators of malware?

Answer 38

Antivirus Notifications Sandbox Execution Resource Consumption