Cybersecurity attacks Flashcards
Past cyberattacks:
Give 2 examples of early malware attacks
Brain virus
Morris worm.
Explain the Brain Virus
1986- Alvi Brothers
Intention:- To track illegal copies of medical software & pirated licenses.
Operation: Once a person used a pirated copy of the software, the virus infected that computer. Then, any disk that was inserted into the computer was also infected. The virus spread to a new computer every time someone used one of the infected disks.
Effect:- Undetected, the virus spread globally within a couple of months. Although the intention was not to destroy data or hardware, the virus slowed down productivity and significantly impacted business operations.
Result:- Altered the computer industry highlighting the need for security and productivity maintenance planning.
Explain the Morris Worm
1988- Robert Morris
Intention:- A program to assess the size of the internet.
Operation: The program crawled the web and installed itself onto other computers to tally the number of computers that were connected to the internet.
Effect:- The program was flawed and failed to keep track of the computers it had already compromised and continued to re-install itself until the computers ran out of memory and crashed.
About 6,000 computers were affected, representing 10% of the internet at the time. This attack cost millions of dollars in damages due to business disruptions and the efforts required to remove the worm.
Result:- Computer Emergency Response Teams, known as CERTs®, were established to respond to computer security incidents.
CERTs Computer Emergency Response Teams still exist today, but their place in the security industry has expanded to include more responsibilities
What does ‘CERTs’ stand for?
Computer Emergency Response Teams, known as CERTs®
What was the Loveletter attack?
2000 - Onel De Guzman
Intention:- To steal internet login credentials
Operation: Spread rapidly and took advantage of people who had not developed a healthy suspicion for unsolicited emails.
Users received an email with the subject line, “I Love You.” Each email contained an attachment labeled, “Love Letter For You.”
When the attachment was opened, the malware scanned a user’s address book. Then, it automatically sent itself to each person on the list and installed a program to collect user information and passwords. Recipients would think they were receiving an email from a friend, but it was actually malware.
Effect:- Infected 45 million computers globally and is believed to have caused over $10 billion dollars in damages.
The LoveLetter attack is the first example of social engineering.
Result:- Attackers understood the power of social engineering and the number of social engineering attacks is increasing with every new social media application that allows public access to people’s data. Many people are now prioritizing convenience over privacy. The trade-off of this evolving shift is that these tools may lead to increased vulnerability, if people do not use them appropriately
What is Social Engineering?
Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables.
What was the Equifax Breach?
2017- Not named
Intention:- To steal Equifax customer records (PII). Equifax is a credit report agency
Operation: Infiltration data breach
Effect:- Over 143 million customer records were stolen, and the breach affected approximately 40% of all Americans. The records included personally identifiable information including social security numbers, birth dates, driver’s license numbers, home addresses, and credit card numbers. From a security standpoint, the breach occurred due to multiple failures on Equifax’s part. It wasn’t just one vulnerability that the attackers took advantage of, there were several. The company failed to take the actions needed to fix multiple known vulnerabilities in the months leading up to the data breach. In the end, Equifax settled with the U.S. government and paid over $575 million dollars to resolve customer complaints and cover required fines.
Result:- companies to the financial impact of a breach and the need to implement preventative measures. Due to other data breaches before and after the Equifax breach resulting in the large settlement with the U.S. government.
What is Phishing?
The use of digital communications to trick people into revealing sensitive data or deploying malicious software.
Name some common types of phishing attacks today?
Business Email Compromise (BEC): A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage.
Spear phishing: A malicious email attack that targets a specific user or group of users. Seemingly to originate from a trusted source.
Whaling: A form of spear phishing. Threat actors target company executives to gain access to sensitive data.
Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.
Smishing: The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source.
What is smishing?
The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source.
What is BEC?
Business Email Compromise (BEC):
A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage
What is vishing?
The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.
What is Spear phishing?
A malicious email attack that targets a specific user or group of users. Seemingly to originate from a trusted source.
What is Whaling?
A form of spear phishing. Threat actors target company executives to gain access to sensitive data.
What is Malware?
Software designed to harm devices or networks.
Name some common types of Malware attacks
Viruses
Worms
Ransomware
Spyware
What is Spyware?
Malware that’s used to gather and sell information without consent. Spyware can be used to access devices. This allows threat actors to collect personal data, such as private emails, texts, voice and image recordings, and locations.
What is a virus?
Malicious code written to interfere with computer operations and cause damage to data and software. A virus needs to be initiated by a user (i.e., a threat actor), who transmits the virus via a malicious attachment or file download. When someone opens the malicious attachment or download, the virus hides itself in other files in the now infected system. When the infected files are opened, it allows the virus to insert its own code to damage and/or destroy data in the system.
Example of Malware
What is a worm?
Malware that can duplicate and spread itself across systems on its own. In contrast to a virus, a worm does not need to be downloaded by a user. Instead, it self-replicates and spreads from an already infected computer to other devices on the same network.
What is Ransomware?
A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access.
Example of malware
Name some common types of Social Engineering attacks
Social media phishing
Watering hole attack
USB baiting
Physical social Engineering
What is USB baiting?
A threat actor strategically leaves a malware USB stick for an employee to find and install, to unknowingly infect a network.
Physical social engineering: A threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.
What is Social Media Phishing?
A threat actor collects detailed information about their target from social media sites. Then, they initiate an attack.
What is a Watering hole attack?
A threat actor attacks a website frequently visited by a specific group of users.
What is Physical Social Engineering?
A threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.
Why are social engineering attacks effective?
People are generally trusting and conditioned to respect authority.
Attacks are increasing with every new social media application that allows public access to people’s data.
Reasons why social engineering attacks are effective include:
*Authority: Threat actors impersonate individuals with power. This is because people, in general, have been conditioned to respect and follow authority figures.
*Intimidation: Threat actors use bullying tactics. This includes persuading and intimidating victims into doing what they’re told.
*Consensus/Social proof: Because people sometimes do things that they believe many others are doing, threat actors use others’ trust to pretend they are legitimate. For example, a threat actor might try to gain access to private data by telling an employee that other people at the company have given them access to that data in the past.
*Scarcity: A tactic used to imply that goods or services are in limited supply.
*Familiarity: Threat actors establish a fake emotional connection with users that can be exploited.
*Trust: Threat actors establish an emotional relationship with users that can be exploited over time. They use this relationship to develop trust and gain personal information.
*Urgency: A threat actor persuades others to respond quickly and without questioning.
Threat actor types
APT Advanced Persistent Threats
Insider threats
Hacktivists
APT Advanced Persistent Threats
Threat actors that have significant expertise in accessing an organisation’s network without authorisation.
Research their targets in advance and can remain undetected for an extended period of time.
Intentions and motivations can include:
*Damaging critical infrastructure:
i.e. the power grid and natural resources
*Gaining access to intellectual property:
i.e. trade secrets or patents
Insider threats
Threat actors that abuse their authorised access to obtain data that may harm an organisation.
Intentions and motivations can include:
*Sabotage
*Corruption
*Espionage
*Unauthorized data access or leaks
Hacktivists
Threat actors, driven by political agenda. Abuse technology to accomplish their goals, which may include:
*Demonstrations
*Propaganda
*Social change campaigns
*Fame
What is a Hacker?
A hacker is: any person who uses computers to gain access to computer systems, networks, or data.
They can be beginner or advanced technology professionals who use their skills for a variety of reasons.
What are the 3 main types of hackers?
There are three main categories of hackers:
Authorized hackers, also called ethical hackers.
Semi-authorised hackers-also called researchers.
Unauthorized hackers, also called unethical hackers.
Note: There are multiple hacker types that fall into one or more of these three categories.
What is an Authorized hacker?
Also called ethical hackers.
They follow a code of ethics and adhere to the law to conduct organizational risk evaluations.
They are motivated to safeguard people and organizations from malicious threat actors.
What is a Semi-authorised hacker?
Semi-authorized hackers are considered researchers.
They search for vulnerabilities but don’t take advantage of the vulnerabilities they find.
What is an Unauthorized hacker?
Also called unethical hackers.
They are malicious threat actors who do not follow or respect the law.
Their goal is to collect and sell confidential data for financial gain.
