ISC 3 - Security & Confidentiality Flashcards
What is a replay attack?
a type of man-in-the-middle (MITM) attack in which a cybercriminal eavesdrops on secure network communications, intercepts it, and then “replays” the message at a later time to the intended target to gain access to the network and the data that is behind the firewall
What is a return-oriented attack?
a technique that uses pieces of legitimate original system code (each a gadget) in a sequence to perform operations useful to the attacker. Each gadget ends with a “return” instruction causing the next gadget to execute and carry out complex operations
What type of attack is race conditions?
an attacker exploits a system or application that relies on a specific sequence of operations. By forcing the application to perform two or more operations out of order or simultaneously, an attacker may gain unauthorized access or execute a fraudulent act
What are covert channels?
mechanisms used to transmit data using methods not originally intended for data transmission by the system designer. They violate the entity’s security policy but do not exceed the entity’s access authorization, so they can communicate data in small parts
What are state-sponsored actors?
funded, directed, or sponsored by a nation. Known to steal and exfiltrate intellectual property, sensitive information, and even funds to further their nation’s espionage causes.
What is a hacktivist?
a type of hacker operating to promote social causes or political agendas
What is an insider?
an employee that either organically developed into a person with malicious intentions or intentionally infiltrated an organization to achieve nefarious objectives
What is an Advanced Persistent Threat (ATP)?
a hacking ring; could be sponsored by state governments or operate
What is malware?
consists of software or firmware intended to perform unauthorized processes that have an adverse impact on the confidentiality, integrity, or availability of an information system. Examples: viruses, worms, Trojan horses, adware, spyware, and other code-based programs that infect a host
What are rogue mobile apps?
malicious apps that appear legitimate. A fraudulent party creates a mobile application that is installed by a victim unsuspectingly and that app then steals information, gives the attacker unauthorized access, or executes some other malicious act
What is spear phishing?
a social engineering attack in which employees in a corporate entity are targeted by posing as a legitimate department or employee, such as HR or the IT director. The goal is to obtain confidential information such as usernames, passwords, or personal data that can be used for exploitation
What is DNS spoofing?
a spoofing attack that involves a perpetrator modifying the domain-name-to-IP address mapping known as the Domain Name System (DNS).
What is a mobile code?
any software program designed to move from computer to computer to “infect” other applications by altering them in some way to include a version of the code. A virus is malicious mobile code, and a polymorphic virus is when the code mutates by changing its structure to avoid detection.
What is a SQL injection?
an application attack in which an attacker injects malicious SQL code into existing SQL code on a company’s website to gain unauthorized access to a company’s data
What is buffer overflow?
a type of cyberattack in which attackers overload a program’s buffer, the temporary storage, with more input than it is designed to hold.
What is a cover channel?
a storage channel used to transmit data outside of the security policy
What is a distributed-denial-of-service attack (DDOS)?
multiple attackers or compromised devices are working in unison to flood an organization’s network, congesting it with large volumes of traffic that are greater than the bandwidth it was designed to handle
What is the Visual, Agile, and Simple Threat (VAST) model?
the goal is to integrate threat management into a programming environment on a scalable basis; a threat modeling methodology
What is ransomware?
an attack, typically malware, that locks a user or a company’s operating systems, applications, and ability to access data unless a ransom is paid
What is business email compromise (BEC)?
often used to affect the flow of payments
What is a watering hole attack?
fraudsters identify websites of suppliers, customers, or regulatory entities that are known to be used by several companies or even entire industries
What are cloud malware injection attacks?
specific to cloud computing-based systems in which an attacker gains access to the cloud environment and then injects malware so that data can be stolen, services disrupted, or further access gained.
What are escalated cyber attacks?
IoT devices, like smart refrigerators, are used as an attack base to infect more machines, or as an entry point for access into a connected network
What is device spoofing?
attackers create an illegitimate or phony device and introduce it to a company’s network, posing as an actual device to gain information or access to that network
What is location tracking?
a cybersecurity risk associated with mobile devices; involves a threat actor using GPS (Global Positioning System) technology to locate people, devices, or other assets.
What are the threat modeling phases?
Identify assets, identify threats, perform reduction analysis, analyze the impact of an attack, develop countermeasures and controls, and review and evaluate
