701 - Chapter 6 Flashcards
What is a threat actor?
Anyone who launches a cyber attack on others
Who are attackers who are directly employed by or sponsored by a government called?
Nation state attackers
Who is a threat actor type that is motivated by money?
Organized crime
What is an organized and sophisticated group of threat actors called?
In advanced persistent threat APT
This attacker uses existing computer scripts or code to launch attacks, they typically have very little expertise or sophistication and very little funding?
Unskilled attacker
This attacker launches attacks as part of an activist movement or to further cause and raise awareness for that cause?
Hactivist
This attacker has legitimate access to an organizations, internal resources, such as an employee of a company? What tool would be useful in combining an insider threat?
Insider threat… DLP tools by preventing these attackers from writing data to external media
What are the three attacker attributes?
Internal versus external… resources and funding… level of sophistication and capability
What are the ten threat actor motivations?
DATA exfiltration, disruption and chaos, financial gain, blackmail, service disruption, philosophical or political beliefs, ethical, revenge, espionage, war
What are the paths that attackers use to gain access to computers and networks called?
Threat vectors
This threat vector is frequently sent out as spam with malicious links or attachments?
Message based
This threat vector occurs by embedding, malicious code within image files or using Steganography to hide data within an image?
Image based
This threat vector involves malicious code hidden in Files such as documents or spreadsheets?
File based
This threat vector includes phone based social engineering attacks where attackers impersonate trusted individuals or organizations into revealing sensitive information or granting access to secure systems?
Voice call
This threat vector occurs when an attacker loads a virus or malware on an external device?
Removable device
This threat vector targets vulnerabilities in software applications? What types of these are especially vulnerable?
Software based… unsupported applications
This threat vector targets vulnerabilities in computer systems, such as operating systems, vulnerable applications, hardware issues, open service, ports, or default credentials?
System-based
This threat vector exploits weaknesses Through unsecured wired or wireless networks or vulnerable Bluetooth connections or even eavesdropping on traffic?
Network based
This threat vector targets the relationships between organizations and their managed service providers, vendors or suppliers?
Supply chain
What is the term for all of the threat vectors that an organization is exposed to other words all the way that attacker might come after them?
The attack surface
What refers to any unauthorized system or application within an organization, including cloud services? And why does this increase risk for an organization?
Shadow IT… because these systems aren’t always well managed
What is the term for a wide range of software that has malicious intent called?
Malware
What are some symptoms that your system is infected with malware?
It is running slower, starting unknown processes, sending out email without user action, rebooting randomly
True or false virus and malware are the same thing?
False a virus is a specific type of malware, and there are many other types of malware
This malware type is malicious code that attaches itself to a host application and executes when the host application executes?
A virus
This malware type is self replicating and travels through a network without assistance of a host application or user interaction? What is one of the significant problems caused by this malware type?
A worm… they consume network bandwidth which can negatively impact the performance of the network
This malware type is a string of code embedded into an application or script that will execute in response to an event or date and time?
Logic bomb
The malware type appears is something beneficial, but actually it’s something malicious? What are the typical ways that this malware gets onto a system?
A Trojan horse… drive-by downloads, fake antivirus software, pirated software, browser extensions
This is a type of malware that allows attackers to control systems from remote locations and is often delivered via drive-by, downloads or malicious attachments and emails?
A remote access Trojan RAT
This type of malware will capture a users key strokes? What is one method that can stop it?
Key loggers… two factor authentication
This type of malware is installed on user systems without their awareness or consent , and it’s purpose is often to monitor the users, computer and their activity?
Spyware
This type of malware gains administrative access on the system to provide the attacker with admin privileges, and can be difficult to find because it hides its running processes to avoid detection?
Rootkit
What makes root kits so dangerous?
They have system level or kernel access and can modify system files and system access
With a root kit, what technique is used to intercept calls to the operating system, It’s events or messages, and uses these to control the systems behavior?
Hooking
What kind of tool can help find a rootkits hidden hooked processes?
Tools that can inspect RAM
This is a type of malware that allows the attacker to take control of a computer and data, locking out its users until the user pays the fee to unlock it? More and more, attackers are increasingly targeting who with this?
Ransomware… hospitals, cities, and other large organizations
This type of malware describes programs a user may not want even if they consented to downloading them?
Bloatware
What are five potential indicators of a malware attack?
Extra traffic, #DATA exfiltration, encrypted traffic, traffic to specific IPs, outgoing spam
What is the practice of using social tactics to gain information called?
Social engineering
What are the four ways that social engineering attacks can occur?
In person, over the phone, while surfing the Internet, via email
What can help prevent shoulder surfing and how do they work?
Screen filters by obscuring peoples view, unless they are directly in front of the monitor
What is the social engineering attack where the attacker attempts to act as somebody else? And what is a good way to prevent this attack?
Impersonation… identity verification
What is the social engineering attack where the attacker looks over the Persians shoulder to gain information?
Shoulder surfing
What is the social engineering attack where the attacker provides false information to their Target in order to influence them to take an action or disclose information? What is an example of this?
Disinformation… hoaxes
What is the social engineering attack where the attacker follows closely behind another person without showing credentials? What is used to prevent this attack?
Tailgating and piggybacking … an access control vestibule/mantrap or a turnstile
What is the social engineering attack where the attacker searches through trash or recycling containers to gain information from discarded documents? What prevents this?
Dumpster diving… shredding or burning papers instead of throwing them away
What is the social engineering attack where the attacker attempts to discover which websites a group of people are likely to visit and then will infect those websites with malware that can then infect the visitors?
A watering hole attack
What is the social engineering attack where the attacker seeks to exploit the trust and authority of high-level executives or other key personnel within an organization?
Business email compromise BEC
What are some ways to defend against a BEC attack?
Implement strong email security measures, provide employee training on how to recognize and respond to suspicious emails, establish clear procedures for verifying and authorizing sensitive request
What is the social engineering attack where the attacker buys a domain name that is similar name to a legitimate domain name?
Typosquatting
What are three reasons why an attacker may attempt typosquatting?
Hosting a malicious website for drive-by malware, earning ad revenue, reselling the domain name for a large profit
What is the social engineering attack where the attacker pose as a well-known and trusted company or brand to deceive their targets? What is an example of this?
Brand impersonation… a fake website or email that closely resembles a popular retailer bank or technology company
What is the social engineering attack where the attacker gathers information without asking for it directly? How did they do this?
Elicitation… they start by gaining trust and building rapport and then use techniques to gather information
What is the social engineering attack where the attacker makes up a convincing story or scenario to manipulate a Target into providing sensitive information or granting access to restricted systems or areas? How do you defend against this attack?
Pre-texting… educate employees about the risks and tactics associated with social engineering, Verifying the identity of an individual requesting information, implementing strict policies and procedures for handling sensitive information and access request
What is unwanted or unsolicited email called?
Spam
What is unwanted messages over instant messaging IM channels? What is one challenge with it?
Spam over instant messaging SPIM… it bypasses typical antivirus and spam filters
What is the practice of sending email to users with the purpose of tricking them into revealing personal information or clicking on a link?
Phishing
What is a more targeted form of fishing that targets specific groups of users or even a single user? What can deter it?
Spearfishing… using digital signatures for email signing
What is a form of spearfishing that attempts to Target high-level executives?
Whaling
What is an attack that uses the phone system to trick users into giving up personal and financial information? What technology is often used for this type of attack?
Vishing …VOIP…
What is the form of fishing that uses text instead of email?
Smishing
What is the form of fishing that uses text instead of email?
Smishing
What kind of software detect and removes malware such as viruses Trojans and worms?
Antivirus software
What are the two methods that antivirus software uses to detect malware?
Signature based to detect known malware and heuristic based to detect previously unknown malware
What can identify changes to system files? And how do they work and what kind of infection can they detect?
File integrity monitors… They calculate hashes on the system files as a baseline, and then periodically recheck the hashed values of those files to see if they are different… root kit infections
What makes social engineering so effective?
Because they use psychology, base techniques to overcome user objections
What techniques do social engineers use?
Authority figure, intimidation, faking, scarcity, creating a sense of urgency, establishing familiarity, creating a sense of trust
What is the evidence called that a cyber attack is happening or has happened?
Indicators of compromise
What is OSINT? And how is it used?
Open source intelligence… it is used by cyber security professionals and attackers to learn about vulnerabilities, how attackers exploit them, and how organizations can protect against the threats
