Cybersecurity Flashcards
unwelcomed attempts to steal, expose, alter, disable or detroy information thorugh unauthorized access to copmuter systems
cyber attacks
how do cybercriminals get into a system?
-Internal threats
-external threats
-malware
-social engineering
-software vulnerabilities
careless, ignorant, negligent behavior
using insecure wifi
-sending info to wrong party or storing it incorreclty
misplace or lost computing or storage hardware
without approvale, trusted parties, such as an employee or contractor shares sensitive customer data or properitary copmany technology
-associated with disgruntled employees
malicious behavior
information security attack associated with: social engineering, malicious software, software vulnerabilities
external threats
software designde to disrupt computer operation, gather sensitive informaion, or gain unauthorized access to computer systems
malicious software
art of manipulating people into performing actions or divulging info that can harm the secuirty of their systems
Social engineering
errors in software or desgin weaknesses that can be exploited to gain access or install malicious software
software vulnerabilities
What are some types of malware
spyware
ntnets
viruses
worms
trojan horse
to gather information
spyware
take over many computers for use in proxy attacks. can sometimes swamp a network
botnets
Infect a software and when run it infects other software, carries payload that causes harm
virsues
propagate through the network without user action and carries payload to cause harm, can swamp network
worms
invites users to run seemingly legitinate software that in-turn installs malicious code
trojan horse
Restricts access to the infected computer system in some way for the restrictions to be removed
Ransomware
sometimes try to take advantage of the critical nature of data and data access
ransomware
lying to and deceiving legitimiate users
tricking them into divulging restricted information or granting unauthorized access
social engineering
falling for a phishing attack is an example of
social engineering
targeted toward a specific individual, organization or business
spear phishing
inappropiate use of backdoors is an example of
software vulnerabilites
code designed into software programs to allow access to the the application by
circumventing password protection
bugs in code is an example of
software vulnerabilites
unintentionally created flaw in code
bugs in code
attacks that exploit a vulnerability a developer has NOT had time to address and patch
zero-day attack
the method hackers use to attack systems with a perviously unidentified vulnerability
zero-day exploit
what was the heartbleed bug?
zero-day vulnerability in the open SSL encryption library used to secure traffic between web servers and computers
used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution
SQL injection attack
what are the goals of cybercriminals
-steal time
-steal data
-steal money
-wreak havoc
unauthorized use of a machine’s computing ability
steal time
what are examples of steal time
cryptojacking: using your machine for calculations needed for bitcoin mining without your consent
- making a “bot” of your machine: using malware youve installed to make your machine part of a”botnet” used ot launch a distributed denial of service (dos) atttack
unauthorized access to data- where it’s gathered, transmitted or at rest
steal data
in equifax, criminals accessed a system through a web-application vulnerability that was known and for a correction had been availabile for 2 months, this is an example of
steal data
using stole credentials
steal money
log into the vicitims bank account and create electronic funds transfers to the perp’s account is an example of
steal money
using ransomware
steal money
with cryptolocker trojan, encrypted files on the affected system and demanded ransom in the forms of bitcoin, this is an example
steal money
denial-of-service attack
wreak havoc
This attack is meant to shut down a machine, network, or online service making inaccessible to its intended users
DoS attack
distributed denial of service attack (DDos)
wreak havoc
using botnets, the incoming traffic flooding the victim originates from many different sources
distributed denial of service attack
gain control of systems
wreak havoc
software aimed at controlling systems to damage them or to gain control of infrastructure
wreak havoc- gain control of systems
targets supervisory control and data acquisitoin
stuxnet
targets industrial control systems, those of electrical substations
industroyer
with it in general, tools have become more capable and availabe, the barrier to entry into the market has ___
lowered
web-based attack platforms
malware kits
set of defenses put in place to counter threats to technology infrastructure and data resources
cybersecurity
may extend beyond the enterprise and affect the selection of partners
scope
cybersecurity is part of
IT risk management
the process of identifying and measuring IT risks and devising the optimal risk mitigation strategyu
cybersecurity
the cost of data breaches involving customer information can be wide-reaching
investigation and remediation
-notification
-identify theft and credit monitoring
associated w the exploited vulnerability
investigation and remediation
impacted consumers via mail
notifxation
companies hit with a data breach will subsidize identity theft protection and credit monitoring for affected custoners
identity theft and credit monitoring
disruptions in normal business operations if services are down or denided
-credit card companies may reuse to provide card services
- due to defecting customers
lost business
cybersecurity risks are hard to assess in the ___ of an attack
absence
security is a ___-
negative deliverable
security is recurring investment in a ____
never-ending arms race
it departments may not be able to fully fund comprehensive security solutions by themselves becaues:
- departments have limited budgets
- most security problems are NOT IT, they people problems
balancing three principles designed to guyide cybersecurity policies
confidentiality, integrity, availability
indivduals must be able to consume information when and where needed
availabiity
sensitive information should be accesed only by authorized people
confidentiality
focuses on ensuring data hasn;t been tampered with and that it can be trusted as authentic and reliable
integrity
by making data available, thers risk to exposing it to
unauthorized access and unapproved modifications
the process of ranking security threats and matching them to appropriate repsonses
cost/benefit analysis
designed to manage the trae-off between the degree of desired security and the investment necessary to achieve it
Cybersecurity
countermeasures to put in place to mitigate the risk of a successful cyber attack
threat prevention
use multiple tools to put as many roadblocks as possible to hinder the attacker- this is a key security
defense in depth
IT professionals install detection software
- training and policies
malware
prevention is practically impossible because attacks can come from anywhere
- repsonse involves worldwide cooperation of network and hosting organizations
distributed denial of service attacks
once vulnerability is discovered
disclosure should be done in a responsible manner
should be notified first in the case of properietary software
developer
should be delayed in order to allow time for a mitigation method
public disclosure
to reduce ignorance and indifference
-part of onboarding but must be reinfornced periodically
trainign
check compliance with polices
-look for suspicious activities
user activity and behavior monitoring
prevent supply chain attack that seeks to damage an organization by targeting less-secure elements in the supply netowrk after identifying a weakest link
intervention with suppliers and customers
based on the premise that legitimate use looks different from illegitimate use
behavioral anomaly detection
serves as a trap for attackers- deception mechanism to lure hackers into a vulnerable system
honey pot
responding to a potential damaging on-going cyber attack is
crisis management
capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident
business continuity plan
meeting to discuss simulated emergency situation
-practice incident repsonse plans
tabletop exercise
meeting to discuss simulated emergency situation
-practice incident repsonse plans
tabletop exercise
cybercriminals who infiltrate systems and collect data for illegal resale
harvesters
criminals who purchase assets from data harvesters to be used for illegeal financial gain
cash-out fraudsters
hordes of surreptitiously infilitrated copmuters, linked and controlled remotely aka zombie works
otnets
attack where firms computer systems are flooded with thousands of seemingly llegitimate requests, the sheer volume of which will slow or shut down the sites use
distributed denial of service (DDoS)
someone who uncovers computer weakness without explotiing them
white hat hackers
computer criminals
black hat hackers
attacks that are so new that they havent been clearly indentified, so they havent made it into software screening systems
zero-day exploits
system that acts as a control for network traffic, blocking unauthorized traffic while permitting acceptable use
firewalls
system that monitors network use for potential hacking attemps.
intrusion detection system
highly restrictive programs that permit communication only with approved entities in an approved manner
whitelists
