Module 2 - 01-1

Question 1

Define Computer Virus

Answer 1

Malicious code written to interfere with computer operations and cause damage to data and software

Question 2

Viruses are more commonly referred to as _______

Answer 2

Malware

Question 3

Define Malware

Answer 3

Software designed to harm devices or networks

Question 4

What are two examples of early malware attacks?

Answer 4

Brain Virus ;
Morris Worm

Question 5

In what year and who created the Brain Virus?

Answer 5

1986 ;
The Alvi brothers ;
Basit Farooq Alvi and
Amjad Farooq Alvi

Question 6

In what year and who created the Morris Worm?

Answer 6

1988 ;
Robert Morris

Question 7

What was the purpose of the Brain Virus?

Answer 7

To track illegal copies of medical software and prevent pirated licenses

Question 8

How did the Brain Virus cause harm?

Answer 8

Once a person used a pirated copy of the software, the virus-infected that computer. Then, any disk that was inserted into the computer was also infected. The virus spread to a new computer every time someone used one of the infected disks.

Question 9

What was the purpose of the Morris Worm?

Answer 9

To assess the size of the internet by installing itself onto computers to tally the number of computers that were connected to the internet

Question 10

How did the Morris Worm cause harm?

Answer 10

The program failed to keep track of the computers it had already compromised and continued to re-install itself until the computers ran out of memory and crashed

Question 11

What group was established after the Morris Worm?

Answer 11

Computer Emergency Response Teams (CERTs®) ;

Now commonly referred to as
Computer Security Incident Response Teams (CSIRTs)

Question 12

What does CERTs® stand for?

Answer 12

Computer Emergency Response Teams (CERTs®)

Question 13

What does CSIRTs stand for?

Answer 13

Computer Security Incident Response Teams (CSIRTs)

Question 14

What are two early attacks in the digital age that relied on the internet?

Answer 14

LoveLetter Attack ;
Equifax Breach

Question 15

In what year and who created the LoveLetter malware?

Answer 15

2000 ;
Onel De Guzman

Question 16

What was the purpose of the LoveLetter malware?

Answer 16

To steal internet login credentials

Question 17

How did the LoveLetter malware work?

Answer 17

Users received an email with the subject line, “I Love You.” Each email contained an attachment labeled, “Love Letter For You.” When the attachment was opened, the malware scanned a user’s address book. Then, it automatically sent itself to each person on the list and installed a program to collect user information and passwords.

Question 18

Define Social Engineering

Answer 18

A manipulation technique that exploits human error to gain private information, access, or valuables

Question 19

What type of manipulation technique was the LoveLetter attack?

Answer 19

Social engineering

Question 20

Define Phishing

Answer 20

The use of digital communications to trick people into revealing sensitive data or deploying malicious software

Question 21

In what year did the Equifax breach occur?

Answer 21

2017

Question 22

What happened during the Equifax breach?

Answer 22

Attackers successfully infiltrated the credit reporting agency, Equifax. Over 143 million customer records were stolen, and the breach affected approximately 40% of all Americans. The records included personally identifiable information including social security numbers, birth dates, driver’s license numbers, home addresses, and credit card numbers.

Question 23

What happened to Equifax due to the cause of the breach?

Answer 23

Equifax settled with the U.S. government and paid over $575 million dollars to resolve customer complaints and cover required fines.

Question 24

What are the most common types of Phishing attacks (5)?

Answer 24

Business Email Compromise (BEC) ;
Spear phishing ;
Whaling ;
Vishing ;
Smishing ;

Question 25

What does BEC stand for?

Answer 25

Business Email Compromise

Question 26

Define Business Email Compromise

Answer 26

A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage.

Question 27

Define Spear Phishing

Answer 27

A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source.

Question 28

Define Whaling

Answer 28

A form of spear phishing. Threat actors target company executives to gain access to sensitive data.

Question 29

Define Vishing

Answer 29

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.

Question 30

Define Smishing

Answer 30

The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source.

Question 31

What are the most common types of malware attacks (4)?

Answer 31

Viruses ;
Worms ;
Ransomware ;
Spyware

Question 32

Define Viruses

Answer 32

Malicious code written to interfere with computer operations and cause damage to data and software.
A virus needs to be initiated by a user (i.e., a threat actor), who transmits the virus via a malicious attachment or file download. When someone opens the malicious attachment or download, the virus hides itself in other files in the now infected system. When the infected files are opened, it allows the virus to insert its own code to damage and/or destroy data in the system.

Question 33

Define Worms

Answer 33

Malware that can duplicate and spread itself across systems on its own.
In contrast to a virus, a worm does not need to be downloaded by a user. Instead, it self-replicates and spreads from an already infected computer to other devices on the same network.

Question 34

Define Ransomware

Answer 34

A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access.

Question 35

Define Spyware

Answer 35

Malware that’s used to gather and sell information without consent. Spyware can be used to access devices. This allows threat actors to collect personal data, such as private emails, texts, voice and image recordings, and locations.

Question 36

What are the most common types of social engineering attacks (4)?

Answer 36

Social media phishing ;
Watering hole attack ;
USB baiting ;
Physical social engineering

Question 37

Define Social media phishing

Answer 37

A threat actor collects detailed information about their target from social media sites. Then, they initiate an attack.

Question 38

Define Watering hole attack

Answer 38

A threat actor attacks a website frequently visited by a specific group of users.

Question 39

Define USB baiting

Answer 39

A threat actor strategically leaves a malware USB stick for an employee to find and install, to unknowingly infect a network.

Question 40

Define Physical social engineering

Answer 40

A threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.

Question 41

What are the reasons why social engineering attacks are effective (7)?

Answer 41

Authority ;
Intimidation ;
Consensus/Social proof ;
Scarcity ;
Familiarity ;
Trust ;
Urgency

Question 42

Authority

Answer 42

Threat actors impersonate individuals with power. This is because people, in general, have been conditioned to respect and follow authority figures.

Question 43

Intimidation

Answer 43

Threat actors use bullying tactics. This includes persuading and intimidating victims into doing what they’re told.

Question 44

Consensus/Social proof

Answer 44

Because people sometimes do things that they believe many others are doing, threat actors use others’ trust to pretend they are legitimate. For example, a threat actor might try to gain access to private data by telling an employee that other people at the company have given them access to that data in the past.

Question 45

Scarcity

Answer 45

A tactic used to imply that goods or services are in limited supply.

Question 46

Familiarity

Answer 46

Threat actors establish a fake emotional connection with users that can be exploited.

Question 47

Trust

Answer 47

Threat actors establish an emotional relationship with users that can be exploited over time. They use this relationship to develop trust and gain personal information.

Question 48

Urgency

Answer 48

A threat actor persuades others to respond quickly and without questioning.

Question 49

A computer virus is malicious _____ that interferes with computer operations and causes damage.

Answer 49

code

Question 50

What is one way that the Morris worm helped shape the security industry?

Answer 50

It led to the development of computer response teams (CERTs).
The Morris worm helped shape the security industry because it led to the development of computer emergency response teams (CERTs), now commonly referred to as computer security incident response teams (CSIRTs).

Question 51

What were the key impacts of the Equifax breach (2)?

Answer 51

The key impacts of the Equifax breach were the fact that millions of customers’ PII was stolen and that the significant financial consequences of a breach became more apparent.

Question 52

True or False?
Social engineering, such as phishing, is a manipulation technique that relies on computer error to gain private information, access, or valuables.

Answer 52

False
Social engineering, such as phishing, is a manipulation technique that relies on human error (not computer error) to gain private information, access, or valuables.