Lesson 4: Identifying Social Engineering and Malware Flashcards
An individual receives a text message that appears to be a warning from a well-known order fulfillment company, informing them that the carrier has tried to deliver his package twice, and that if the individual does not contact them to claim it, the package will not be delivered. Analyze the scenario and select the social engineering technique being used.
A. SMiShing
B. Phishing
C. Vishing
D. Prepending
A
SMiShing attempts use short message service (SMS) text communications as the vector.
A system administrator has just entered their credentials to enter a secure server room. As the administrator is entering the door, someone is walking up to the door with their hands full of equipment and appears to be struggling to move items around while searching for their credentials. The system administrator quickly begins to assist by getting items out of the person’s hands, and they walk into the room together. This person is not an employee, but someone attempting to gain unauthorized access to the server room. What type of social engineering has occurred?
A. Familiarity/liking
B. Consensus/social proof
C. Authority and intimidation
D. Identity fraud
B
Consensus/social proof revolves around the belief that without an explicit instruction to behave in a certain way, people will follow social norms. It is typically polite to assist someone with their hands full.
Which situation would require keyboard encryption software be installed on a computer?
A. To set up single sign-on privileges
B. To comply with input validation practices
C. For the purpose of key management
D. To protect against spyware
D
Keyboard encryption software is used to protect against keyloggers, which record keystrokes for the purpose of stealing data. Keyloggers are spyware.
Before leaving for lunch, an employee receives a phone call, but there is no one on the line. Distracted by the odd interruption, the employee forgets to log out of the computer. Earlier that day, a person from the building across the street watched the employee entering login credentials using high-powered binoculars. Which form of social engineering is being used in this situation?
A. Vishing
B. Lunchtime attack
C. Shoulder surfing
D. Man-in-the-middle attack
C
Shoulder surfing is stealing a password by watching the user type it. Although the attacker was not looking over the employee’s shoulder, the login credentials were obtained through observation.
An employee calls IT personnel and states that they received an email with a PDF document to review. After the PDF was opened, the system has not been performing correctly. An IT admin conducted a scan and found a virus. Determine the two classes of viruses the computer most likely has. (Select all that apply.)
A. Boot sector
B. Program
C. Script
D. Trojan
B, C
Both a program and script virus can use a PDF as a vector. The user stated that a PDF file was recently opened. A program virus is executed when an application is executed. Executable objects can also be embedded or attached within other file types such as Microsoft Word and Rich Text Format.
A script virus typically targets vulnerabilities in an interpreter. Scripts are powerful languages used to automate operating system functions and add interactivity to web pages and are executed by an interpreter rather than self-executing. PDF documents have become a popular vector for script viruses.
A gaming company decides to add software on each title it releases. The company’s objective is to require the CD to be inserted during use. This software will gain administrative rights, change system files, and may hide from detection without the knowledge or consent of the user. Consider the malware characteristics and determine which may be used. (Select all that apply)
A. Spyware
B. Keylogger
C. Rootkit
D. Trojan
C, D
A rootkit is characterized by its ability to hide itself by changing core system files and programming interfaces and to escalate privileges. The gaming company accomplished this.
Trojans cannot conceal their presence entirely and will surface as a running process or service. While a rootkit is a type of Trojan or spyware, it differs in its ability to hide itself.
Spyware monitors user activity and may be installed with or without the user’s knowledge, but it cannot gain administrative privileges or hide itself.
A keylogger is also a type of spyware that records a user’s keystrokes. It occurs without a user’s knowledge, but it cannot hide itself or gain privileges.
Which of the following depict ways a malicious attacker can gain access to a target’s network?
(Select all that apply.)
A. Ethical hacking
B. Phishing
C. Shoulder surfing
D. Influence campaign
B, C
Phishing and shoulder surfing are social engineering attacks. Phishing occurs when an attacker sends a legitimate-looking, spoofed email to a user of the spoofed site to trick the user into revealing private information.
Shoulder surfing is used to obtain someone’s password or PIN by observing a user typing it on the keyboard. Social engineering is malicious behavior meant to get users to reveal confidential information.
Analyze the following attacks to determine which best illustrates a pharming attack.
A. A customer gets an email that appears to be from their insurance company. The email contains a link that takes the user to a fake site that looks just like the real insurance company site.
B. An employee gets a call from someone claiming to be in the IT department. The caller says there was a problem with the network, so they need the employee’s password in order to restore network privileges.
C. A company’s sales department often has after-hour training sessions, so they order dinner delivery online from the restaurant across the street. An attacker is able to access the company’s network by compromising the restaurant’s unsecure website.
D. A customer enters the correct URL address of their bank, which should point to the IP address 172.1.24.4. However, the browser goes to 168.254.1.1, which is a fake site designed to look exactly like the real bank site.
D
Pharming is a means of redirecting users from a legitimate website to a malicious one that relies on corrupting the way the victim’s computer performs IP address resolution. This is illustrated in the bank customer scenario.
A hacker is able to install a keylogger on a user’s computer. What is the hacker attempting to do in this situation?
A. Key management
B. Encryption
C. Obfuscation
D. Steal confidential information
D
Keyloggers actively attempt to steal confidential information by recording the keystrokes of a user.
A user’s PC is infected with a virus that appears to be a memory resident and loads anytime an external universal serial bus (USB) thumb drive is booted to. Examine the following options and determine which describes the infection type.
A. Uses a local scripting engine.
B. Written to the partition table of a disk.
C. Replicates over network resources.
D. Monitors local application activity.
B
With a boot virus, code is written to the disk boot sector or the partition table of a fixed disk or USB media. The code executes as a memory resident process when the OS starts.
