Lesson 4: Identifying Social Engineering and Malware

Question 1

Social Engineering Principles

Answer 1

Familiarity/Liking

Consensus/Social Proof – the influence that the actions and attitudes of the people around us (either in real life or online) have on our own behavior. i.e. exploiting polite behavior to slip into a building while someone holds the door for them.

Authority and Intimidation

Scarcity and Urgency – creating a false sense of urgency can disturb people’s ordinary decision-making process.

Question 2

Tailgaiting

Answer 2

entering a secure area without authorization by following close behind the person that has been allowed to open the door or checkpoint.

Question 3

Piggy Backing

Answer 3

means that the attacker enters a secure area with an employee’s permission. i.e. “I’ve forgotten my keys”

Question 4

Impersonation

Answer 4

pretending to be someone else

Question 5

Identity Fraud

Answer 5

an attacker would use specific details of someone’s identity.

Question 6

Vishing

Answer 6

conducted through a voice channel.

Question 7

SMiShing

Answer 7

using SMS (Simple message service) as the attack vector.

Question 8

Pharming

Answer 8

is a passive means of redirecting users from a legitimate website to a malicious one. Redirecting a genuine site to the malicious one by corrupting the user’s internet name resolution.

Question 9

Typosquatting

Answer 9

using a very similar name to get a user to accidentally visit the site, hoping that the user will not notice the difference.

Question 10

Water hole attack

Answer 10

It relies on the circumstance that a group of targets may use an unsecure third-party website.

Question 11

Credential Harvesting

Answer 11

is a campaign specifically designed to steal account credentials.

Question 12

Viruses and worm

Answer 12

these represent some of the first types of malware and spread without any authorization from the user by being concealed within the executable code of another process.

Question 13

Virus

Answer 13

Virus is a type of malware designed to replicate and spread from computer to computer, usually by “infecting” executable applications or program code.

Question 14

Trojan

Answer 14

malware concealed within an installer package for software that appears to be legitimate. This type of malware does not seek any type of consent for installation and is actively designed to operate secretly.

Question 15

Potentially unwanted programs (PUPs)/Potentially unwanted applications (PUAs)

Answer 15

software installed alongside a package selected by the user or perhaps bundled with a new computer system. Sometimes called Grayware

Question 16

Memory resident

Answer 16

when the host file is executed, the virus creates a new process for itself in memory. The malicious process remains in memory, even if the host process is terminated

Question 17

Non-resident/file infector

Answer 17

the virus is contained within a host executable file and runs with the host process. The virus will try to infect other process images on persistent storage and perform other payload actions. It then passes control back to the host program.

Question 18

Boot

Answer 18

the virus code is written to the disk boot sector or the partition table of a fixed disk or USB media, and executes as a memory resident process when the OS starts or the media is attached to the computer

Question 19

Script and macro viruses

Answer 19

the malware uses the programming features available in local scripting engines. for the OS and/or browser, such as PowerShell, Windows Management Instrumentation (WMI), JavaScript, Microsoft Office documents with Visual Basic for Applications (VBA) code enabled, or PDF documents with JavaScript enabled.

Question 20

worm

Answer 20

is memory-resident malware that can run without user intervention and replicate over network resources. a worm can execute by exploiting a vulnerability in a process when the user browses a website, runs a vulnerable server application, or is connected to an infected file share

Question 21

Fileless malware

Answer 21

Fileless malware does not write its code to disk. The malware uses memory resident techniques to run in its own process, within a host process or dynamic link library (DLL), or within a scripting host.

Question 22

Rootkit

Answer 22

modifies core system files (part of the kernel), can be invisible to the OS.

Question 23

crypto-malware

Answer 23

is a class of ransomware attempts to encrypt data files on any fixed, removable, and network drives.

Question 24

Cuckoo

Answer 24

is packaged software that aims to provide a turnkey sandbox solution