InfoSec Part 2

Question 1

What is malware?

Answer 1

Bad as in, software that is intended to:
Disable computer systems
Disrupt operations
Steal data
A program that must be executed to have any impact

Question 2

Keylogger

Answer 2

Logs your keystrokes (recording passwords, intellectual property)

Question 3

Bot

Answer 3

Waiting for the command signal to do something on a computer
Remote control and allows cybercriminal to do anything they want

Question 4

Ransomware

Answer 4

Encrypt your data and demand a ransom payment if you want it back

Question 5

Types of systems targeted by malware … and which platform suffered nearly half of malware infections as of mid-2021?

Answer 5

Computers (Windows, Macintosh OS X, Linux)
Mobile devices (Android, iOS, etc.)
50% of all malware infections occur on Android phones

Question 6

Trojans – what are they, and how do they compromise systems?

Answer 6

Hidden malware (utility software, game, bogus software updates)
No need for vulnerabilities

Question 7

Banking Trojans

Answer 7

Stealing financial info
Spoofing
Keylogger
Man-in-the-middle
TrickBot, Panda, Kronos, Zeus, etc.

Question 8

Remote Access Trojans

Answer 8

RAT Explosion
Read messages, monitor GPS location, record audio from mic, take pictures, etc.
Broad range of targets
Access
Modular, flexible

Question 9

Fake Antivirus Trojans

Answer 9

Simulate the activity of antivirus software or parts of the OS security modules
Designed to extort money from users in return for the detection and removal of threats that are nonexistent
Repeated pop ups to make the user worry and pay for fake antivirus software

Question 10

Viruses – what are they, and how do they propagate?

Answer 10

Hides itself inside host file. Self -replicating malware

Payloads - (Key-loggers, File destruction, None)

Question 11

What is a macro? What is a macro virus?

Answer 11

Script capability in Office apps and others
Written code full of malware

Question 12

Worms – what are they, and how do they propagate?

Answer 12

Stand-alone malware
- No “useful program”
- No infected host file
Self-propagating via network
Exploits vulnerabilities to invade systems
Similar payloads

Question 13

Why is Email a powerful attack vector?

Answer 13

Ubiquitous (everyone has one)
Distribute as attachments, links
Large threat

Question 14

What is phishing?

Answer 14

A scam by which an email user is duped into revealing personal or confidential info which the scammer can use illicitly

Question 15

What three key scam techniques are used in a phishing attack?

Answer 15

Seems legit — spoofing
Sense of urgency
Call to action

Question 16

What is spoofing? How is it used in phishing?

Answer 16

Message claims to be legit, but isn’t
Graphics are legit because attackers use graphics from the real site
Link looks legit, but it’s just text so it means nothing; hover over the link
Used in phishing to collect private data and deliver malware payload
Gain your trust
Fan the flames of urgency
So that you will take action now!

Question 17

How can one avoid phishing scams?

Answer 17

Be suspicious of urgent requests
Be suspicious of requests for personal info
Check with the sender
Call them
Don’t use contact info on the phish
Don’t use links in an email
Type into a browser instead!
Employee training

Question 18

How is spear phishing different from phishing? Consider the target and methods used.

Answer 18

Spear phishing is a targeted attack
Researched the target
Carefully crafted email
Apparently valid source
Personalized
Nicknames
Habits, preferences
Recent purchases
Recent promotions or job changes

Question 19

What is Malvertising?

Answer 19

Using online advertising to promote malware

Question 20

Drive-by Downloads

Answer 20

No interaction required
Exploits client vulnerability: OS, browser, plugin
Process:
Page loaded
Fingerprint analyzed
Vulnerabilities exploited
Malware downloaded & installed
Victim compromised

Question 21

How can one defend against web-based malware?

Answer 21

Minimize use of Admin account
Keep OS, browser, plugins up-to-date
Minimize the attack surface
Be careful with popups!
Use an ad blocker!

Question 22

Cables

Answer 22

Weaponized to inject a payload

Question 23

USB Keylogger

Answer 23

Computers trust keyboards
Device pretended to be keyboard, plug it in, and gains access
Streams data to the Cloud so the attacker can watch live when talking
Smart logger: activated on user activity
Can inject keystrokes remotely

Question 24

Biohacking

Answer 24

implants technology within your body
RFID emulator chips
Works with NFC capable smartphone sand certain commercial access control systems and door locks and USB contactless readers
Swipe hand at door lock and it opens up
Uses: car keys, passwords, office keys, ID badge, NFC touchless payments in stores

Question 25

What is a Man-in-the-Middle (MitM) attack?

Answer 25

An attack where the attacker sits between two communicating hosts and transparently captures, monitors, and relays all communication between the hosts

Question 26

How can an attacker execute an MitM attack against open WiFi hotspot users?

Answer 26

WiFi Pineapple Will intercept in the middle of your device and the access point Can present a registration screen to collect personal info prior to letting you into their “free hotspot” Hackers can intercept data, deliver webpages to your machine that possibly contain attacks

Question 27

How can one defend against this threat?

Answer 27

Switch off Wifi on mobile phone and just use cellular Tether notebook to phone’s cellular service VPN: encrypt your data from your point to the in-point

Question 28

What is the “vulnerability” being exploited in a Denial of Service (DoS) attack?

Answer 28

Heavy reliance on servers e-Commerce Communications Enterprise applications Capacity Servers have maximum capacity Exceeding maximums -> problems

Question 29

How does DoS attack harm the victim?

Answer 29

Overwhelms the target server with service requests Deny service to regular customers Attack consumers all server capacity Nothing left for regular customers Customers frustrated, go elsewhere “The straw that broke the camel’s back”

Question 30

How does a DDoS attack work?

Answer 30

Distributed denial of services Attack comes from every direction at once

Question 31

Botnets of Zombies

Answer 31

Lays silent until Command & Control tells them what to do

Question 32

Command & Control Network

Answer 32

Lets cybercriminal control the Botnet to make it do their will

Question 33

How frequently do DDoS attacks occur?

Answer 33

2013: 11% attacked 11-50 times/month 2021: 70% attacked 20-50 times/month

Question 34

Roughly what is the cost of a typical DDoS attack to a small business?

Answer 34

Costs up to $120,000 Up to $2 million for LARGER companies

Question 35

Why is data classification a necessary step in risk management?

Answer 35

Data is an asset Protection based on value Tangible Intangible . . . consider CIA UF classifications Open Sensitive Restricted

Question 36

What three factors can be used to quantify IT security risk? How are they used together to estimate risk?

Answer 36

Multi-disciplinary Wide variety of skills and people Types of risks Estimate the risk 1. Asset value 2. Threat likelihood 3. Threat severity

Question 37

Be able to explain the three ways that an organization can respond to IT security risk.

Answer 37

Accept the risk Refuse the risk Mitigate the risk (minimize) Technical measures, training, policy, insurance

Question 38

Defense in depth – how does the castle metaphor apply to information security?

Answer 38

Multiple layers of defense Get notified if one of the layers goes down

Question 39

Human vulnerabilities – what measures are suggested for addressing them?

Answer 39

Education/Awareness Training - “An ounce of prevention is worth a pound of cure” - Training courses - Hands-on, e.g. simulated phishing HR practices - Hiring - Exit procedures

Question 40

Endpoint Protection

Answer 40

User computer have unpatched operating systems and applications Patching Anti-malware Firewall

Question 41

Intrusion Detection

Answer 41

Monitors network, looking for certain packets of data going in and out and can notify someone of a problem

Question 42

Vulnerability Scanning

Answer 42

Identify systems that need to be patched Scan Notify Remediate Repeat Report

Question 43

Penetration Testing

Answer 43

Internal (IT Team) External security consultants Social engineering and technological Disaster Recovery Testing Perform restore and verify systems work Simulated disasters

Question 44

Physical vulnerabilities – be able to briefly describe the steps an organization can take to protect mobile devices ... and to protect USB flash drives.

Answer 44

Corporate endpoints BYOD and mobile USB flash drives Disposal Equipment disposal

Question 45

Corporate endpoints

Answer 45

Inventory control Hard drive encryption

Question 46

BYOD and mobile

Answer 46

Encryption Mobile device management

Question 47

USB flash drives

Answer 47

Encryption Ban them!

Question 48

Disposal

Answer 48

Shred documents Records management vendor

Question 49

Equipment Disposal

Answer 49

DBAN Keep your hard drive Copier vendor data security options

Question 50

What’s the “fastest and cheapest bang for your buck” when it comes to information security?

Answer 50

User education training to counteract those threats Educate users about computer security

Question 51

Be able to briefly explain the importance of password complexity.

Answer 51

Brute force attacks Dictionary attacks Complex enough - Length - Uppercase, lowercase, numbers, symbols - Not ‘words’ - Passphrases Expiration

Question 52

What is a ‘passphrase’ and why might this be a better approach than a complex password?

Answer 52

20 letter phrase that is easy to remember, but too long for an attacker to enter Combination of words/phrases that the user would remember

Question 53

What is MFA? Be able to briefly explain how it works and how it can improve IT security

Answer 53

Multi-factor authentication Something you know (password) and something you have (key fob/app on phone) Ex. Duo Push UF app

Question 54

What are the principles of least privilege and role-based access controls? Be able to explain how these concepts can be used to improve an organization’s IT security.

Answer 54

Security rights — ACL (Access Control List) Access to read/edit certain things Principle of Least Privilege “User given no more privilege than is necessary to perform a job” Role based access controls Your role is different than that of the supervisor