Chapter 6 Comparing Threats, Vulnerabilities, and Common Attacks

Question 1

Script kiddies use existing computer scripts or code to launch attacks. They typically have very little expertise or sophistication, and very little funding.

Answer 1

hacktivist launches attacks as part of an activist movement or to further a cause.

Question 2

Insiders (such as employees of a company) have legitimate access to an organization’s internal resources. They sometimes become malicious insiders out of greed or revenge.

Answer 2

Competitors sometimes engage in attacks to gain proprietary information about another company.

Question 3

Organized crime is an enterprise that employs a group of individuals working together in criminal activities. Their primary motivation is money.

Answer 3

Some attackers are organized and sponsored by a nation-state or government.

Question 4

An advanced persistent threat (APT) is a targeted attack against a network. An APT group has both the capability and intent to launch sophisticated and targeted attacks. They are sponsored by a nation state and often have a significant amount of resources and funding.

Answer 4

A common method attackers often use before launching an attack is to gather information from open-source intelligence, including any information available via web sites and social media.

Question 5

Malware includes several different types of malicious code, including viruses, worms, logic bombs, backdoors, Trojans, ransomware, rootkits, and more.

Answer 5

A virus is malicious code that attaches itself to a host application. The code runs when the application is launched.

Question 6

A worm is self-replicating malware that travels throughout a network without user intervention.

Answer 6

A logic bomb executes in response to an event, such as a day, time, or condition. Malicious insiders have planted logic bombs into existing systems, and these logic bombs have delivered their payload after the employee left the company.

Question 7

Backdoors provide another way of accessing a system. Malware often inserts backdoors into systems, giving attackers remote access to systems.

Answer 7

A Trojan appears to be one thing, such as pirated software or free antivirus software, but is something malicious. A remote access Trojan (RAT) is a type of malware that allows attackers to take control of systems from remote locations.

Question 8

Drive-by downloads often attempt to infect systems with Trojans.

Answer 8

Ransomware is a type of malware that takes control of a user’s system or data. Criminals attempt to extort payment as ransom combined to return control to the user. Crypto-malware is ransomware that encrypts the user’s data. Attackers demand payment to decrypt the data.

Question 9

Spyware is software installed on user systems without the user’s knowledge or consent and it monitors the user’s activities. It sometimes includes a keylogger that records user keystrokes.

Answer 9

A botnet is a group of computers called zombies controlled through a command-and-control server. Attackers use malware to join computers to botnets. Bot herders launch attacks through botnets.

Question 10

Rootkits take root-level or kernel-level control of a system. They hide their processes to avoid detection. They can remove user privileges and modify system files.

Answer 10

Social engineering is the practice of using social tactics to gain information or trick users into performing an action they wouldn’t normally take.

Question 11

Social engineering attacks can occur in person, over the phone, while surfing the Internet, and via email. Many social engineers attempt to impersonate others.

Answer 11

Shoulder surfing is an attempt to gain unauthorized information through casual observation, such as looking over someone’s shoulder, or monitoring screens with a camera. Screen filters can thwart shoulder surfing attempts.

Question 12

A hoax is a message, often circulated through email, that tells of impending doom from a virus or other security threat that simply doesn’t exist.

Answer 12

Tailgating is the practice of one person following closely behind another without showing credentials. Mantraps help prevent tailgating.

Question 13

Dumpster divers search through trash looking for information. Shredding or burning documents reduces the risk of dumpster diving.

Answer 13

Watering hole attacks discover sites that a targeted group visits and trusts. Attackers then modify these sites to download malware.

Question 14

When the targeted group visits the modified site, they are more likely to download and install infected files.

Answer 14

Spam is unwanted or unsolicited email. Attackers often use spam in different types of attacks.

Question 15

Phishing is the practice of sending email to users with the purpose of tricking them into revealing sensitive information, installing malware, or clicking on a link.

Answer 15

Spear phishing and whaling are types of phishing. Spear phishing targets specific groups of users and whaling targets high-level executives.

Question 16

Vishing is a form of phishing that uses voice over the telephone and often uses Voice over IP (VoIP). Some vishing attacks start with a recorded voice and then switch over to a live person.

Answer 16

Antivirus software can detect and block different types of malware, such as worms, viruses, and Trojans. Antivirus software uses signatures to detect known malware.

Question 17

When downloading signatures manually, hashes can verify the integrity of signature files.

Answer 17

Antivirus software typically includes a file integrity checker to detect files modified by a rootkit.

Question 18

Data execution prevention (DEP) prevents code from executing in memory locations marked as nonexecutable. The primary purpose of DEP is to protect a system from malware.

Answer 18

Advanced malware tools monitor files and activity within the network.

Question 19

Anti-spam software attempts to block unsolicited email. You can configure a spam filter to block individual email addresses and email domains.

Answer 19

Security-related awareness and training programs help users learn about new threats and security trends, such as new viruses, new phishing attacks, and zero-day exploits. Zero-day exploits take advantage of vulnerabilities that are not known by trusted sources.

Question 20

Social engineers and other criminals employ several psychology-based principles to help increase the effectiveness of their attacks.

Answer 20

They are authority, intimidation, consensus, scarcity, urgency, familiarity, and trust.

Question 21

Another method used to detect rootkits is to boot into safe mode, or have the system scanned before it boots, but this isn’t always successful.

Answer 21

Attackers who have successfully installed a rootkit on a user’s system might log on to the user’s computer remotely, using a backdoor installed by the rootkit.

Question 22

Some social engineers often attempt to impersonate others. The goal is to convince an authorized user to provide some information, or help the attacker defeat a security control.

Answer 22

Another method used to reduce shoulder surfing is to use a screen filter placed over the monitor.

Question 23

A pharming attack is another type of attack that manipulates the DNS name resolution process. It either tries to corrupt the DNS server or the DNS client.

Answer 23

Many current DNS servers use Domain Name System Security Extensions (DNSSEC) to protect the DNS records and prevent DNS poisoning attacks.

Question 24

Three attacks against DNS services are DNS poisoning, pharming, and DDoS.

Answer 24

A DNS poisoning attack attempts to modify or corrupt DNS results.

Question 25

An amplification attack is a type of DDoS attack. It typically uses a method that significantly increases the amount of traffic sent to, or requested from, a victim. As an example, a smurf attack spoofs the source address of a directed broadcast ping packet to flood a victim with ping replies.

Answer 25

The smurf attack spoofs the source IP. If the source IP address isn’t changed, the computer sending out the broadcast ping will get flooded with the ICMP replies.

Question 26

A birthday attack is named after the birthday paradox in mathematical probability theory.

Answer 26

Rainbow table attacks are a type of attack that attempts to discover the password from the hash. A rainbow table is a huge database of precomputed hashes.