Malware Types and social engineering techniques

Question 1

Viruses and Worms

Answer 1

Types of malicious software (malware) that can replicate themselves and spread across a network.
Virus- needs a host file or program to spread
Worm- can spread independently by actively searching for vulnerable systems on the network to infect

Question 2

Adware/Spyware

Answer 2

Adware- “adware” is a type of malware that displays unwanted advertisements

Spyware- secretly monitors a user’s activity and collects personal information without their knowledge

Question 3

Rootkit

Answer 3

a type of malware designed to give hackers access to and control over a target device

Question 4

Botnet

Answer 4

a network of private computers infected with malicious software and controlled as a group without the owners’ knowledge, e.g., to send spam messages.

Question 5

Keylogger

Answer 5

a computer program that records every keystroke made by a computer user, especially in order to gain fraudulent access to passwords and other confidential information

Question 6

Ransomware

Answer 6

a type of malicious software designed to block access to a computer system until a sum of money is paid.

Question 7

Trojan

Answer 7

a type of malware that disguises itself as a legitimate program or file to gain access to a device

Question 8

Antivirus and anti-malware

Answer 8

Antivirus and anti-malware are both computer programs that protect devices from malware.

Antivirus: Originally designed to detect and remove viruses, antivirus software scans for known malware patterns and removes or blocks suspicious activity.

Anti-Malware: Can detect and remove a wider range of malicious software, including viruses, spyware, and ransomware. Anti-malware uses techniques to detect new and more sophisticated malware strains.

Question 9

Phishing

Answer 9

Uses fraudulent emails or websites to trick victims into sharing sensitive data.

Question 10

Vishing

Answer 10

Uses voice calls or voicemails to trick victims into sharing sensitive data.

Question 11

Whaling

Answer 11

Whaling attacks, often referred to as CEO fraud or executive phishing, are sophisticated cyberthreats targeting an organization’s high-profile individuals.

Question 12

Shoulder Surfing

Answer 12

a social engineering attack where a person steals a victim’s personal information by looking over their shoulder or listening to them

Question 13

Tailgating

Answer 13

a security breach that occurs when someone gains access to a restricted area by following an authorized person

Question 14

Impersonation

Answer 14

a cyber security tactic where a malicious actor pretends to be someone else to steal data or funds

Question 15

Dumpster Diving

Answer 15

a cybercrime where hackers search through trash to find sensitive information, such as bank statements, credit card numbers, or passwords

Question 16

Evil Twin

Answer 16

a cyberattack where a hacker creates a fake Wi-Fi network that looks like a legitimate one to trick users into connecting

Question 17

Distributed denial of service (DDoS)

Answer 17

a cybercrime that involves flooding a website or network with traffic to make it inaccessible or degrade its performance

Question 18

Denial of service (DoS)

Answer 18

a cyber-attack that attempts to make a network resource or machine unavailable to its intended users

Question 19

Zero-day attack

Answer 19

a cyber attack that exploits a software, hardware, or firmware vulnerability that is unknown to the vendor or antivirus companies

Question 20

On-path attack

Answer 20

a cyberattack where an attacker intercepts and modifies communication between two parties

Question 21

Spoofing

Answer 21

a cybercrime where a person or program impersonates another entity to gain access to sensitive information or systems

Question 22

Brute-force attack
Dictionary attack

Answer 22

Brute Force: An attacker uses automated software to try every possible combination of letters, numbers, and symbols until they crack the password

Dictionary: An attacker uses a wordlist of common words and phrases to try and crack a password

Question 23

Structured Query Language (SQL) injection

Answer 23

a type of cyber attack that uses malicious SQL statements to exploit vulnerabilities in a web application’s code

Question 24

Cross-site scripting (XSS)

Answer 24

a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites

Question 25

Insider threat

Answer 25

a potential for someone within an organization to harm its security, either intentionally or accidentally

Question 26

Social-engineering vulnerabilities

Answer 26

Non-compliant systems.
Unpatched systems.
Unprotected systems:
Missing antivirus.
Missing firewall.
End-of-life operating systems.
Bring your own device (BYOD).