Common attacks and their effectiveness

Question 1

What is phishing?

Answer 1

The use of digital communications to trick people into revealing sensitive data or deploying malicious software

Question 2

What are the most common types of phishing?

Answer 2

Business Email Compromise (BEC), Spear Phishing, Whaling, Vishing, and smishing

Question 3

What is business email compromise (BEC)?

Answer 3

When a threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage

Question 4

What is Spear Phishing?

Answer 4

A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source

Question 5

What is whaling?

Answer 5

A form of spear phishing. Threat actors target company executives to gain access to sensitive data.

Question 6

What is vishing?

Answer 6

A form of spear phishing. Threat actors target company executives to gain access to sensitive data

Question 7

What is smishing?

Answer 7

The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source

Question 8

What is malware?

Answer 8

A software designed to harm devices or networks. Malware is primarily used to obtain money, or sometimes an advantage that can be used against a person, an organization, or a territory

Question 9

What are some of the most common types of malware attacks today?

Answer 9

Viruses, worms, ransomware, and spyware

Question 10

What are viruses?

Answer 10

Malicious code written to interfere with computer operations and cause damage to data and software. When a user opens/downloads the malicious attachmetns, the virus hides itself in other files and when the infected file is open. The virus can now insert its own code to damage/destroy the system

Question 11

What are worms?

Answer 11

Malware that can duplicate and spread itself across systems on its own. A worm does not need to be downloaded/opened, it self-replicates from an already infected computer to other devices on the same network

Question 12

What is ransomware?

Answer 12

A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access

Question 13

What is spyware?

Answer 13

Malware that’s used to gather and sell information without consent.

Question 14

What is social engineering?

Answer 14

A manipulation technique that exploits human error to gain private information, access, or valuables.

Question 15

What are the most common types of social engineering?

Answer 15

Social media phishing, watering hole attack, USB baiting, and physical social engineering

Question 16

What is social media phishing?

Answer 16

A threat actors collects detailed information about their target from social media sites.

Question 17

What is a watering hole attack?

Answer 17

A threat actor collects detailed information about their target from social media sites

Question 18

What is USB baiting?

Answer 18

A threat actor strategically leaves a malware USB stick for an employee to find and install, to unknowingly infect a network

Question 19

What is physical social engineering?

Answer 19

A threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

Question 20

Why are social engineering attacks so effective?

Answer 20

Authority, intimidation, Consensus/Social proof, scarcity, Familiarity, trust, and urgency

Question 21

What is authority?

Answer 21

Threat actors impersonate individuals with power. This is because people, in general, have been conditioned to respect and follow authority figures.

Question 22

What is intimidation?

Answer 22

Threat actors use bullying tactics. This includes persuading and intimidating victims into doing what they’re told.

Question 23

What is consensus/social proof?

Answer 23

Because people sometimes do things that they believe many others are doing, threat actors use others’ trust to pretend they are legitimate. For example, a threat actor might try to gain access to private data by telling an employee that other people at the company have given them access to that data in the past.

Question 24

What is scarcity?

Answer 24

A tactic used to imply that goods or services are in limited supply

Question 25

What is familiarity?

Answer 25

Threat actors establish a fake emotional connection with users that can be exploited.

Question 26

What is trust?

Answer 26

Threat actors establish an emotional relationship with users that can be exploited over time. They use this relationship to develop trust and gain personal information.

Question 27

What is Urgency?

Answer 27

A threat actor persuades others to respond quickly and without questioning