IoT and OT Attacks and Countermeasures Flashcards
Bob has recently installed smart CCTV devices outside his home. These smart CCTV devices send alerts to his mobile over the Internet whenever the camera encounters suspicious activity. When Bob was at his workspace, he received a cautionary MMS alert via email related to CCTV displaying footage of unusual activity.
Which of the following component of IoT technology collected the incident data from CCTV devices and forwarded the information to Bob in the above scenario?
Gateways: an example of an intelligent IoT device deployed at the network edge.
Joseph, a professional hacker, targeted an employee of an organization to intrude and gain access to the network. He initiated the attack using sniffers to capture packets and authentication tokens between the employee and the server he was communicating with. After intercepting the messages, he started continuously sending the intercepted messages to the server.
Identify the type of attack performed by Joseph in the above scenario.
Replay attack: A replay attack occurs when a cybercriminal eavesdrops on a secure network communication, intercepts it, and then fraudulently delays or resends it to misdirect the receiver into doing what the hacker wants.
Don, a professional hacker, targeted the server of an e-commerce giant to disrupt its services to customers. To achieve this, Don gathered all the vulnerable IoT devices across different locations and created an army of bots to use against the target server. Upon receiving instructions from Don, the bots flooded the target with numerous requests making the target server unavailable to legitimate users.
Identify the type of attack performed by Don in the above scenario.
DDoS attack: An attacker converts the devices into an army of botnets to target a specific system or server, making it unavailable to provide services.
Which of the following countermeasures helps security professionals in securing an IoT device from malicious activity?
Monitor traffic on port 48101
Which of the following levels of the Purdue Model contains control systems such as DCSs, SCADA software, HMIs, real-time software, and other supervisory systems to control the physical processes?
Level 2 (Control Systems/Area Supervisory Controls): This layer carries out supervising, monitoring, and controlling the physical process using DCSs, SCADA software, Human–Machine Interfaces (HMIs), real-time software, and other supervisory control systems such as engineering works and PLC line control.
Alice, a professional hacker, targeted a manufacturing plant to disrupt their operations. She sent a fraudulent email to an employee with an attachment containing a malicious file that appears to be legitimate production and sales report. Soon after the employee downloaded the attachment, it injected malware, started damaging the resources, and started spreading itself to other systems connected to the network.
Identify the type of attack launched by Alice in the above scenario.
Spear Phishing: Attackers send fake emails containing malicious links or attachments, seemingly originated from legitimate or well-known sources to the victim. When the victim clicks on the link or downloads the attachment, it injects malware, starts damaging the resources, and spreads itself to other systems.
Which of the following countermeasures helps security specialists defend against OT hacking?
Use purpose-built sensors to discover the vulnerabilities in the network inactively
Which of the following layers of the IoT architecture is responsible for delivering services to respective users from different sectors such as building, industrial, manufacturing, automobile, security, and healthcare?
Application Layer: This layer is responsible for the delivery of services to the relevant users from different sectors, including building, industrial, etc.
Which of the following layers in the IoT system has security issues such as insecure API, lack of encryption in communication channels, lack of authentication, and lack of storage security?
Mobile: Insecure API, lack of communication channels encryption, authentication, lack of security
James is a professional hacker attempting to gain access to an industrial system through a remote control device. In this process, he used a specially designed radio transceiver device to sniff radio commands and inject arbitrary code into the firmware of the remote controllers to maintain persistence.
Which of the following attacks is performed by James in the above scenario?
Malicious reprogramming attack;
an application security threat that cannot be efficiently controlled by conventional antivirus software alone. Malicious code describes a broad category of system security terms that includes attack scripts, viruses, worms, Trojan horses, backdoors and malicious active content.
