Chapter 6 Comparing Threats, Vulnerabilities, and Common Attacks Flashcards

1
Q

Script kiddies use existing computer scripts or code to launch attacks. They typically have very little expertise or sophistication, and very little funding.

A

hacktivist launches attacks as part of an activist movement or to further a cause.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Insiders (such as employees of a company) have legitimate access to an organization’s internal resources. They sometimes become malicious insiders out of greed or revenge.

A

Competitors sometimes engage in attacks to gain proprietary information about another company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Organized crime is an enterprise that employs a group of individuals working together in criminal activities. Their primary motivation is money.

A

Some attackers are organized and sponsored by a nation-state or government.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An advanced persistent threat (APT) is a targeted attack against a network. An APT group has both the capability and intent to launch sophisticated and targeted attacks. They are sponsored by a nation state and often have a significant amount of resources and funding.

A

A common method attackers often use before launching an attack is to gather information from open-source intelligence, including any information available via web sites and social media.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Malware includes several different types of malicious code, including viruses, worms, logic bombs, backdoors, Trojans, ransomware, rootkits, and more.

A

A virus is malicious code that attaches itself to a host application. The code runs when the application is launched.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A worm is self-replicating malware that travels throughout a network without user intervention.

A

A logic bomb executes in response to an event, such as a day, time, or condition. Malicious insiders have planted logic bombs into existing systems, and these logic bombs have delivered their payload after the employee left the company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Backdoors provide another way of accessing a system. Malware often inserts backdoors into systems, giving attackers remote access to systems.

A

A Trojan appears to be one thing, such as pirated software or free antivirus software, but is something malicious. A remote access Trojan (RAT) is a type of malware that allows attackers to take control of systems from remote locations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Drive-by downloads often attempt to infect systems with Trojans.

A

Ransomware is a type of malware that takes control of a user’s system or data. Criminals attempt to extort payment as ransom combined to return control to the user. Crypto-malware is ransomware that encrypts the user’s data. Attackers demand payment to decrypt the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Spyware is software installed on user systems without the user’s knowledge or consent and it monitors the user’s activities. It sometimes includes a keylogger that records user keystrokes.

A

A botnet is a group of computers called zombies controlled through a command-and-control server. Attackers use malware to join computers to botnets. Bot herders launch attacks through botnets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Rootkits take root-level or kernel-level control of a system. They hide their processes to avoid detection. They can remove user privileges and modify system files.

A

Social engineering is the practice of using social tactics to gain information or trick users into performing an action they wouldn’t normally take.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Social engineering attacks can occur in person, over the phone, while surfing the Internet, and via email. Many social engineers attempt to impersonate others.

A

Shoulder surfing is an attempt to gain unauthorized information through casual observation, such as looking over someone’s shoulder, or monitoring screens with a camera. Screen filters can thwart shoulder surfing attempts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A hoax is a message, often circulated through email, that tells of impending doom from a virus or other security threat that simply doesn’t exist.

A

Tailgating is the practice of one person following closely behind another without showing credentials. Mantraps help prevent tailgating.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Dumpster divers search through trash looking for information. Shredding or burning documents reduces the risk of dumpster diving.

A

Watering hole attacks discover sites that a targeted group visits and trusts. Attackers then modify these sites to download malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When the targeted group visits the modified site, they are more likely to download and install infected files.

A

Spam is unwanted or unsolicited email. Attackers often use spam in different types of attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Phishing is the practice of sending email to users with the purpose of tricking them into revealing sensitive information, installing malware, or clicking on a link.

A

Spear phishing and whaling are types of phishing. Spear phishing targets specific groups of users and whaling targets high-level executives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Vishing is a form of phishing that uses voice over the telephone and often uses Voice over IP (VoIP). Some vishing attacks start with a recorded voice and then switch over to a live person.

A

Antivirus software can detect and block different types of malware, such as worms, viruses, and Trojans. Antivirus software uses signatures to detect known malware.

17
Q

When downloading signatures manually, hashes can verify the integrity of signature files.

A

Antivirus software typically includes a file integrity checker to detect files modified by a rootkit.

18
Q

Data execution prevention (DEP) prevents code from executing in memory locations marked as nonexecutable. The primary purpose of DEP is to protect a system from malware.

A

Advanced malware tools monitor files and activity within the network.

19
Q

Anti-spam software attempts to block unsolicited email. You can configure a spam filter to block individual email addresses and email domains.

A

Security-related awareness and training programs help users learn about new threats and security trends, such as new viruses, new phishing attacks, and zero-day exploits. Zero-day exploits take advantage of vulnerabilities that are not known by trusted sources.

20
Q

Social engineers and other criminals employ several psychology-based principles to help increase the effectiveness of their attacks.

A

They are authority, intimidation, consensus, scarcity, urgency, familiarity, and trust.

21
Q

Another method used to detect rootkits is to boot into safe mode, or have the system scanned before it boots, but this isn’t always successful.

A

Attackers who have successfully installed a rootkit on a user’s system might log on to the user’s computer remotely, using a backdoor installed by the rootkit.

22
Q

Some social engineers often attempt to impersonate others. The goal is to convince an authorized user to provide some information, or help the attacker defeat a security control.

A

Another method used to reduce shoulder surfing is to use a screen filter placed over the monitor.

23
Q

A pharming attack is another type of attack that manipulates the DNS name resolution process. It either tries to corrupt the DNS server or the DNS client.

A

Many current DNS servers use Domain Name System Security Extensions (DNSSEC) to protect the DNS records and prevent DNS poisoning attacks.

24
Q

Three attacks against DNS services are DNS poisoning, pharming, and DDoS.

A

A DNS poisoning attack attempts to modify or corrupt DNS results.

25
Q

An amplification attack is a type of DDoS attack. It typically uses a method that significantly increases the amount of traffic sent to, or requested from, a victim. As an example, a smurf attack spoofs the source address of a directed broadcast ping packet to flood a victim with ping replies.

A

The smurf attack spoofs the source IP. If the source IP address isn’t changed, the computer sending out the broadcast ping will get flooded with the ICMP replies.

26
Q

A birthday attack is named after the birthday paradox in mathematical probability theory.

A

Rainbow table attacks are a type of attack that attempts to discover the password from the hash. A rainbow table is a huge database of precomputed hashes.