Chapter 6 Comparing Threats, Vulnerabilities, and Common Attacks Flashcards
What is a threat actor?
An attacker - anyone who launches a cyberattack on others
What is open-source intelligence?
Any information that is available via web sites and social media
How do attackers exploit open-source intelligence?
They use the information to gather intel and strategize their attack
A ____ ____ is an attacker who uses existing computer scripts or code to launch attacks.
Script kiddie
A _____ launches attacks as part of an activist movement or to further a cause
Hactivist
An _____ is anyone who has legitimate access to an organization’s internal resources.
Insider
What are some common security issues caused by insider threats?
Loss of confidentiality, integrity, and availability of an organization’s assets
True or False: Competitors can also engage in attacks
True
What does APT stand for and what is it?
Advanced Persistent Threat
A targeted attack against a network. Often sponsored by governments
What does DoS stand for and what is it?
Denial of Service
From one attacker against one target
What does DDoS stand for and what is it?
Distributed Denial of Service
From two or more attackers against a single target
What is the difference between DoS and DDoS?
DoS is a single attacker to a single target. DDoS is two or more attackers/computers to a single target
_____ attacks often include sustained, abnormally high network traffic on the network interface card of the attacked computer
DDoS
_____ and _____ attacks often attempt to overload an application or service on a computer.
DoS DDoS
A ____ is a malicous code that attaches itself to a host application.
Virus
Note: The host application must be executed to run, and the malicious code executes when the host application is executed
True or False: A virus does not try to replicate by finding other host applications to infect with the malicious code
False
A ____ is a self-replicating malware that travels throughout a network without assistance of a host application or user interaction.
Worm
A ___ resides in memory and can use different transport protocols to travel over the network
Worm
True or False: Worms do not consume significant bandwidth
False
____ can replicate themselves hundreds of times and spread to all the systems in the network.
Worms
What are some types of malware?
- Trojans
- Viruses
- Worms
- Rootkits
- Ransomware
- Spyware
- Logic bombs
A ____ is a string of code embedded into an application or script that will execute in response to an event.
Logic bomb
A ____ provides another way of accessing a system
Backdoor
Malware often installs _____ on systems to bypass normal authentication methods.
Backdoors
A ____ looks like something beneficial, but it’s actually something malicious.
Trojan/Trojan horse
What are some forms that trojan horses can come in?
- Pirated software
- Useful utility software i.e. fake antivirus software
- Game
What is a drive by download?
When web services include malicious code that attempts to download and install itself on users computers after the user visits
_______ masquerades as a free antivirus porgram
Rogueware/scareware
What does RAT stand for and what is it?
Remote access trojan
A type of malware that allows attackers to take control of systems from remote locations; often delivered by drive-by downloads
True or False: Some RATs automatically collect and log keystrokes, usernames and passwords, incoming and outgoing email, chat sessions, and browser history as well as take screenshots.
True
____ is a type of Trojan
Ransomware
_____ is when attackers encrypt the user’s data or take control of the computer and lock out the user. They they demand that the user pay a ransom to regain access to the data or computer.
Ransomware
True or False: Many organizations indicate that ransomware attacks continue to grow and are becoming one of the greatest cyber threats
True
Ransomware that encrypts the user’s data is sometimes called ______
crypto-malware
_____ is when the user doesn’t pay the ransom to decrypt the files and the attacker threatens to publish the files along with the victim’s credentials.
Doxing
A ____ attempts to capture a user’s keystrokes.
Keylogger
True or False: A keylogger is only software and never hardware
False
You can purchase a USB keylogger to plug into a computer and plug the keyboard into the USB keylogger to record al keystrokes and store them within memory on the USB device
____ is software installed on users’ systems without their awareness or consent
Spyware
______ purpose is often to monitor the user’s computer and the user’s activity and sends to a third party
Spyware
True or False: If spyware can access a user’s private data, it results in a loss of integrity
False
Confidentiality is what is lost
True or False: Some examples of spyware activity are changing a user’s home page, redirecting web browsers, and installing additional software within the browser.
True
______ _____ ______ tries to separate users from their money using data-harvesting techniques
Privacy invasion software
True or False: Privacy invasion software attempts to gather information to impersonate users, empty bank accounts, and steal identities.
True
True or False: Spyware often includes a keylogger
True
What was the primary intent of adware?
To learn a user’s habits for the purpose of targeted advertising
____ are software robots
Bots
______ are a combination of robots and network
Botnets
Describe what a botnet is/does
Where multiple computers act as software robots and function together in a network often for malicious purposes
___ ____ are criminals who manage botnets
Bot herders
Bot herders use _____ ____ _____ software to control infected computers
Command and Control
True or False: Users are often unaware of activity being run on computers infected with command and control software
True
A ____ is a group of programs that hides the fact that the system has been infected or compromised by malicious code
Rootkit
True or False: Rootkits often modify the internal OS processes such as Windows Registry
True
Rootkits use _____ techniques to intercept calls to the operating system
Hooking
Another method used to detect rootkits is to ______
Boot into safe mode
____ ____ is the practice of using social tactics to gain information.
Social engineering
Some methods used in social engineering are:
- Flattery and conning
- Assuming a position of authority
- Encouraging someone to perform a risky action
- Encouraging someone to reveal sensitive information
- Impersonating someone, such as an authorized technician
- Tailgating or closely following authorized personnel without providing credentials
True or False: Social engineering tactics can occur in person, over the phone, while surfing the Internet, and via email.
True
_____ _____ methods are useful to prevent the success of impersonation attacks.
Identity verification
____ ____ is simply looking over the shoulder of someone to gain information
Shoulder surfing
What is one way to prevent should surfing?
To position monitors and other types of screens so that unauthorized personnel cannot see them.
A ____ ___ is another method to reduce shoulder surfing
Screen filter
A ___ is a message, often circulated through email, that tells of impending doom from a virus or other security threat that simply doesn’t exist
Hoax
______ is the practice of one person following closely behind another without showing credentials.
Tailgating
_____ ____ is the practice of searching through trash or recycling containers to gain information from discarded documents.
Dumpster diving
A ____ ___ ___ attempts to discover which web sites a group of people are likely to visit and then infects those web sites with malware that can infect the visitors
Watering hole attack
___ is unwanted or unsolicited email
Spam
____ can include malicious links, malicious code, or malicious attachments
Spam
True or False: Laws require companies to include the ability to opt out of receiving emails from them
True
True or False: Malicious attackers may include opt-out instructions in spam e-mail to confirm the email address is valid
True
____ is the practice of sending email to users with the purpose of tricking them into revealing personal information or clicking on a link.
Phishing
True or False: Legitimate companies do not ask you to revalidate your credentials via email
True
A ____ is a link included in an email email that links to an image stored on an Internet server.
Beacon
Note: This is one reason why most email programs won’t display images by default
_____ _____ is a targeted form of phishing.
Spear phishing
True or False: The use of digital signatures is one solution used to deter spear phishing via email
True
______ is a form of spear phishing that attempts to target high-level executives.
Whaling
Attackers consider high-level executives ____
Whales
True or False: With successful whaling, attackers gain confidential company information that they might not be able to get anywhere else.
True
______ attacks use the phone system to trick users into giving up personal and financial information.
Vhishing
True or False: When a vhishing attack uses VoIP it can spoof caller ID making it appear as if the call is coming from within the organization
True
Which of the following is not a common security control to protect against malware?
- Spam filtering gateway
- Anti-malware on mail gateways
- All systems (workstations and servers) have anti-malware software installed on them
- Boundaries or Firewalls for traffic monitoring of malware
- Auto scripts to modify windows registry
Auto scripts to modify windows registry
Viruses and other malware have known patterns. ____ ____ (also called data definition files) define the patterns, and the antivirus software scans files for matching patterns.
Signature files
A _______ virus is not harmful to the system while it is in quarantine, but it’s still available for analysis.
Quarantined
______ _____ detection attempts to detect viruses that were previously unknown and do not have signatures.
Heuristic based
True or False: Heuristic-based analysis runs questionable code in a sandbox or virtualized environment specifically designed to protect the live environment, while it observes the code’s behavior.
True
Some antivirus scanners use ____ ____ ____ to detect modified system files.
File integrity checkers
True or False: A file integrity checker calculates hashes on system files as a baseline. It then periodically recalculates the hashes on these files and compares them with the hashes in the baseline. If the hashes are ever different, it indicates the system files have been modified.
True
The Microsoft File Checksum Integrity Verifier _____ tool can verify the integrity of all files within a folder, or a group of nested folders.
fciv.exe
____ ____ _____ is a security feature that prevents code from executing in memory regions marked as nonexecutable.
Data execution prevention (DEP)
What is the primary purpose of DEP?
To protect a system from malware
True or False: Encrypted data is being sent out of the network is a serious red flag and indicates malware is collecting data and sending it to an attacker.
True
True or False: Trained users provide a significant risk to any organization and are often one of the largest vulnerabilities.
False
Untrained users are the ones who provide a significant risk