midterm 2 Flashcards

1
Q

What is the G7 24/7 Cybercrime Network?

A

๐Ÿ”น A network for international cooperation in investigating and prosecuting high-tech crimes.
๐Ÿ”น Provides 24/7 contact points for cybercrime incidents.
๐Ÿ”น Facilitates freezing and production requests for digital evidence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the ITU (International Telecommunication Union)?

A

๐Ÿ”น Established in 1865 to manage global communication networks.
๐Ÿ”น Sectors: Radiocommunications, Standardization, and Development.
๐Ÿ”น Operates the ITU Cybersecurity Programme to enhance global cyber resilience.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the role of the United Nations in cybersecurity?

A

/UN Internet Governance Forum โ€“ Discusses global internet policies.
/UN Group of Governmental Experts (GGE) โ€“ Addresses international cybersecurity issues.
/Cyber Defence Committee (NATO collaboration) โ€“ Strengthens cybersecurity policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What cybersecurity policies does the OECD support?

A

/Digital security legal instruments developed since the 1990s.
//Key recommendations:
//Cryptography Policy (1997)
//Digital Security Risk Management (2015)
//Security of Critical Activities (2019)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the Budapest Convention on Cybercrime

A

/Adopted in 2001, aims to harmonize cybercrime laws across countries. /Promotes international cooperation for cybercrime investigations.
/Sets legal standards for criminal procedures and digital evidence handling.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the Global Cybersecurity Index (GCI)?

A

/Measures cybersecurity preparedness across nations.
/Assessment based on Legal, Technical, Organizational, Capacity Building, and Cooperation measures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the African Unionโ€™s approach to cybersecurity?

A

/African Union Convention on Cybersecurity and Personal Data Protection.
/Establishes legal and regulatory frameworks for data protection and cybercrime.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are National Cybersecurity Strategies?

A

/Key areas include:
/Governance
/Risk management
/Critical infrastructure protection
/nternational cooperation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the legal solutions for cybersecurity?

A

/Criminalization โ€“ Defining cybercrime laws.
/Incident reporting & information sharing โ€“ Ensuring response coordination.
/Institutional arrangements โ€“ Creating dedicated cybersecurity agencies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the Global Cybersecurity Index (GCI)?

A

/A global ranking system that measures countriesโ€™ cybersecurity preparedness.
/Developed by the International Telecommunication Union (ITU).
/Evaluates legal, technical, and organizational measures in cybersecurity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the Five GCI Assessment Pillars?

A

/Legal Measures โ€“ Laws and regulations on cybersecurity and cybercrime.
/Technical Measures โ€“ National CSIRTs, cybersecurity standards, and risk management.
/Organizational Measures โ€“ Cyber strategies, policies, and coordination.
/Capacity Building โ€“ Cybersecurity education, training, and awareness.
/Cooperation โ€“ International partnerships and incident response collaboration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why is the GCI important?

A

/Helps countries identify strengths & weaknesses in cybersecurity.
/Encourages international cooperation in fighting cyber threats.
/Provides benchmarking data for governments to improve security policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does a high GCI score indicate?

A

/A country has strong legal, technical, and organizational cybersecurity frameworks.
/It actively trains personnel, promotes awareness, and engages in international collaboration.
/Examples of high-ranking countries: U.S., U.K., Singapore, Estonia.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How can countries improve their GCI ranking?

A

/Strengthen cybercrime laws and enforcement.
/Develop national cybersecurity strategies.
/Create and fund CSIRTs (Computer Security Incident Response Teams).
/Enhance international cooperation in cybersecurity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What was the biggest shift in cyberthreats observed in 2023?

A

A surge in attacks targeting identities, focusing on logging in rather than hacking in.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What technique saw a 100% increase in 2023 for compromising identities?

A

A type of malware designed to steal credentials and sensitive data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What cyberattack method saw a drop despite remaining common?

A

Ransomware attacks on enterprises.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What was the most common impact of cyberattacks in 2023?

A

Data theft and leaks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

How are attackers acquiring credentials on the dark web?

A

Through infostealer malware that collects and sells login data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is adversary-in-the-middle (AitM) phishing?

A

A method where attackers intercept traffic between a user and a website to steal credentials and bypass MFA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Why is identity abuse becoming a preferred attack vector?

A

Itโ€™s harder for defenders to distinguish between legitimate and malicious identity use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What were the top two initial access vectors in 2023?

A

Valid accounts (30%) and phishing (30%).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

How are attackers obtaining valid credentials?

A

Through infostealers, phishing, and dark web marketplaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What percentage of cloud assets for sale on the dark web are account credentials?

A

90%.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What exploit saw widespread abuse in 2023 for data extortion?

A

MOVEit vulnerability (CVE-2023-34362).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What attack vector saw an increase in Europe?

A

Exploitation of public-facing applications and credential abuse.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What was the most successful ransomware group in 2023?

A

BlackCat (ALPHV).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What common Microsoft Office vulnerability was exploited for malware delivery?

A

CVE-2017-11882 (Equation Editor flaw).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is the best defense against credential-based attacks?

A

Implementing multi-factor authentication (MFA) and strong password policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

How can organizations mitigate security misconfigurations?

A

Regular penetration testing and proper asset management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is the principle of least privilege?

A

Limiting user access rights to only what is necessary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What attack vector does session hijacking exploit?

A

Security misconfigurations allowing concurrent user sessions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

How can organizations prevent adversary-in-the-middle phishing?

A

Using phishing-resistant MFA (e.g., FIDO2 security keys).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What AI-related security risk is expected to grow?

A

AI-powered phishing attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Why are patch management and vulnerability scanning critical?

A

They prevent attackers from exploiting known security flaws.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

How can organizations reduce cloud-based attacks?

A

Strengthening IAM (Identity and Access Management) policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What is one key indicator that AI will become a major attack vector?

A

When a single AI technology reaches 50% market share.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Why is SQL injection dangerous?

A

It allows attackers to bypass authentication, delete data, and exfiltrate confidential information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What is SQL injection (SQLi)?

A

A type of cyberattack where attackers insert malicious SQL queries into a database to manipulate or extract sensitive data.

40
Q

What are common SQL injection defenses?

A

Using prepared statements, parameterized queries, and web application firewalls (WAFs).

41
Q

What is CL0P?

A

A ransomware group known for data extortion attacks and targeting file transfer software vulnerabilities.

42
Q

How did CL0P exploit MOVEit?

A

They used the SQL injection flaw to gain unauthorized access, steal data, and extort victims.

43
Q

How is data extortion different from traditional ransomware?

A

Traditional ransomware encrypts files, while data extortion steals and threatens to leak them.

44
Q

What is data extortion?

A

A cybercrime tactic where attackers steal sensitive data and demand a ransom to prevent its exposure.

45
Q

What industries were most affected by data extortion in 2023?

A

Healthcare, finance, and government sectors.

46
Q

What is a zero-day vulnerability?

A

A software flaw unknown to developers but exploited by hackers before a fix is available.

47
Q

Why was MOVEit (CVE-2023-34362) considered a zero-day attack?

A

Because it was exploited before the vendor released a security patch.

48
Q

What is the best defense against zero-day vulnerabilities?

A

Regular security updates, network monitoring, and threat intelligence.

49
Q

What is Managed File Transfer (MFT)?

A

A secure way to transfer large files between businesses or within an organization.

50
Q

Why was MOVEit targeted?

A

It handles sensitive business data, making it valuable for cybercriminals.

51
Q

How can organizations secure MFT solutions?

A

By implementing encryption, multi-factor authentication (MFA), and security patches.

52
Q

What is authentication bypass?

A

A vulnerability that allows unauthorized access to a system without valid credentials.

53
Q

How was authentication bypass used in the MOVEit attack?

A

Attackers used SQL injection to bypass login mechanisms and gain access.

54
Q

How can authentication bypass be prevented?

A

Strong authentication controls, MFA, and input validation.

55
Q

What is a threat actor?

A

Any individual, group, or entity that poses a cybersecurity risk.

56
Q

What kind of threat actors exploited MOVEit?

A

Cybercriminal gangs like CL0P, nation-state actors, and ransomware groups.

57
Q

What is an example of a nation-state threat actor?

A

APT28 (Fancy Bear), which is linked to Russian cyber espionage.

58
Q

What is Kerberoasting?

A

A Windows Active Directory attack that steals service account credentials by requesting and cracking Kerberos tickets offline.

59
Q

How does Kerberoasting work?

A

An attacker requests a Kerberos service ticket, extracts it from memory, and brute-forces the NTLM hash offline.

60
Q

Why is Kerberoasting effective?

A

It exploits weak service account passwords without needing direct network access.

61
Q

How can organizations prevent Kerberoasting?

A

Use strong passwords, Managed Service Accounts (MSA), and monitor Kerberos ticket requests.

62
Q

What is the Equation Editor flaw?

A

A Microsoft Office vulnerability that allows attackers to execute malicious code by opening a Word document.

63
Q

How is the Equation Editor flaw exploited?

A

Attackers embed hidden code in a Word file, which executes automatically when opened.

64
Q

What types of attacks use the Equation Editor flaw?

A

Phishing, malware delivery, and remote code execution (RCE) attacks.

65
Q

How can the Equation Editor flaw be prevented?

A

Apply Microsoft patches, disable Equation Editor, and filter email attachments.

66
Q

How does SQL injection work?

A

Hackers manipulate input fields to execute unauthorized database commands.

67
Q

What is MOVEit?

A

A secure file transfer software used by businesses and government agencies.

68
Q

What was the vulnerability in MOVEit?

A

A SQL injection flaw that let attackers steal sensitive data without authentication.

69
Q

What happened in the MOVEit attacks?

A

Attackers stole data from banks, healthcare, and government organizations and demanded ransom.

70
Q

How can organizations protect against MOVEit exploits?

A

Apply security patches, disable unnecessary SQL functions, and implement Zero Trust.

71
Q

What is Fancy Bear?

A

A Russian state-sponsored hacking group (APT28) linked to the GRU (military intelligence).

72
Q

What are Fancy Bearโ€™s main targets?

A

Governments, NATO, journalists, and political organizatio

73
Q

Name a major attack by Fancy Bear.

A

2016 U.S. Election Hack โ€“ DNC email breach and leaks via WikiLeaks.

74
Q

How can organizations defend against Fancy Bear?

A

Use phishing-resistant MFA, monitor APT activity, and apply software patches.

75
Q

What is Kerberos?

A

A secure authentication protocol that uses tickets instead of passwords for user verification.

76
Q

What methods does Fancy Bear use?

A

Spear-phishing, zero-day exploits, malware (X-Agent, X-Tunnel), and disinformation campaigns.

77
Q

What are the three main components of Kerberos?

A

/Key Distribution Center (KDC) โ€“ The brain of Kerberos, responsible for authentication.
/Ticket Granting Service (TGS) โ€“ Issues service tickets for access.
/Authentication Server (AS) โ€“ Verifies user identity.

78
Q

What is a Ticket Granting Ticket (TGT)?

A

A special Kerberos ticket issued after login that allows a user to request access to network resources.

79
Q

How does a user get a TGT?

A

The user enters their username and password, which is sent to the Authentication Server (AS), and if correct, a TGT is issued.

80
Q

What is a Service Ticket (TGS Ticket)?

A

A ticket that allows users to access specific services (e.g., file shares, printers) without re-entering credentials.

81
Q

What happens when a user logs into a Kerberos system?

A

/The user enters their credentials.
/The KDC issues a Ticket Granting Ticket (TGT).
/When the user requests access to a service, the TGT is exchanged for a Service Ticket.
/The Service Ticket is presented to the resource server, granting access.

82
Q

How long does a Kerberos ticket last?

A

TGTs typically last 8โ€“10 hours before expiring, requiring renewal.

83
Q

What happens when a Kerberos ticket expires?

A

The user must request a new TGT by re-authenticating or using an automatic renewal system.

84
Q

How does Kerberoasting exploit Kerberos tickets?

A

Attackers request a Service Ticket for a service account and then crack its password hash offline.

85
Q

How can organizations detect Kerberoasting?

A

Monitor Kerberos ticket requests for unusual activity, like multiple service ticket requests from one user.

86
Q

How can organizations prevent Kerberoasting?

A

/Use long, complex passwords for service accounts.
/Implement Managed Service Accounts (MSA) to eliminate password exposure.
/Monitor Kerberos logs for abnormal ticket activity.

87
Q

How is spear-phishing different from regular phishing?

A

Spear-phishing targets specific individuals or organizations, while phishing is a general mass email attack.

88
Q

What is an example of a spear-phishing attack?

A

A hacker impersonates a CEO and emails an employee, asking for login credentials or bank details.

89
Q

How can you prevent spear-phishing attacks?

A

/Verify email senders.
/Avoid clicking on unexpected links or attachments.
/Use email security filters and Multi-Factor Authentication (MFA).

90
Q

What is X-Agent?

A

A remote access Trojan (RAT) used by Fancy Bear to steal passwords, capture keystrokes, and exfiltrate data.

91
Q

How does X-Agent infect a system?

A

Through phishing emails, malicious downloads, or software exploits.

92
Q

What operating systems does X-Agent target?

A

Primarily Windows, macOS, and Linux.

93
Q

What is X-Tunnel?

A

A backdoor malware that allows hackers to bypass network firewalls and move data covertly.

94
Q

What does X-Tunnel do?

A

It creates an encrypted tunnel between the infected system and a hackerโ€™s remote server.

95
Q

How can you defend against X-Tunnel?

A

/Monitor network traffic for unusual connections.
/Use strong endpoint protection.
/Segment networks to prevent lateral movement.