Part 1 - Attacks, Threats and Vulnerabilites Flashcards
What are influence campaigns, propaganda, disinformation, and hoaxes all part of?
Hybrid warfare
Dumpster diving
Tailgating
Pharming
Hybrid Warfare
While influence campaigns, propaganda, disinformation, and hoaxes have been around for many centuries, they have expanded largely due to the Internet and, specifically, social media. The Internet has provided the opportunity to widely disseminate information, and social media has provided the opportunity for it to spread. Hybrid warfare often includes a combination of these methods. Pharming is incorrect because pharming redirects victims to a bogus website, even if the user correctly entered the intended site. To accomplish this, the attacker employs another attack, such as DNS cache poisoning. Dumpster diving is incorrect because Dumpster diving occurs when intruders scavenge for discarded equipment and documents in the garbage. Tailgating is incorrect. A common example of tailgating is an attacker following an authorized person physically, hoping that the person holds open a secure door to grant access. Many high-security facilities employ mantraps to provide entrance control and prevent tailgating.
Of the following, which can most easily be thought of as a very large set of precomputed hash values for every possible combination of characters that is able to reverse cryptographic hash functions?
Brute force
Dictionary
RAT
Rainbow table
Rainbow Table
A rainbow table can most easily be thought of as a very large set of precomputed hash values for every possible combination of characters that is able to reverse cryptographic hash functions. If an attacker has enough resources to store an entire rainbow table in memory, a successful attack on the hashed passwords can occur with great efficiency. RAT is incorrect because a remote access Trojan (RAT) installed on a system allows a remote attacker to take control of the targeted system. This approach is similar to remote control programs that allow you to personally access your computer and control it even if you are not sitting at the keyboard. Dictionary is incorrect. Imagine trying every word in the dictionary to gain access to a system. This is a dictionary attack. Dictionary attacks can use different and custom dictionaries. Such files can even contain lists of passwords that are not typically found in a traditional dictionary, such as 1234 and abcde. Brute force is incorrect. Brute force attacks are quite capable of defeating passwords. Unlike a simple dictionary attack, a brute force attack relies on cryptanalysis capable of performing exhaustive key searches. Against short passwords, a brute force attack is quick and can crack a password more quickly than can a dictionary attack.
Bob, a security analyst, has recently discovered a cryptographic method of attack against a secure hash. What type of attack has he identified?
Skimming
Downgrade
Birthday
Password spraying
Birthday
A birthday attack is a cryptographic method of attack against a secure hash. It is based on what is known as the birthday paradox. Downgrade is incorrect because a downgrade attack is often a result of security configurations not being updated. Often this stems from the desire to maintain backward compatibility. Password spraying is incorrect. Password spraying is an attack that attempts to access a large number of user accounts with a very small number of commonly used passwords. Skimming is incorrect because skimming involves copying data from an ATM or other card by using a specialized terminal and cloning by encoding the stolen data onto a blank card.
Recently, a company has been facing issues from malicious USB drop attacks. What mitigations can be implemented in Windows and your company to prevent unknowing users from spreading malware as a result of plugging in malicious media?
Apply a rootkit
User education
Enable Turn off AutoPlay
Enable CryptoLocker
User Education
Enable Turn off AutoPlay
A USB drop attack occurs when an attacker drops a USB flash drive loaded with malware in a public place in the hopes that a target will pick it up and, out of curiosity, plug it into a system to see what’s on it. Once the drive is plugged in, the malware can automatically run and infect the system. This can be mitigated by enabling Turn off AutoPlay in the Windows Local Group Policy Editor AutoPlay Policies settings (see the figure). This effectively stops programs contained on removable media from automatically running when inserted into the system. Educating users on the dangers involved with malicious USB flash drives and cables, as well as other removable media is paramount in any company policy. Enable CryptoLocker is incorrect because CryptoLocker is an example of crypto-malware that attempts to encrypt a user’s data. It generates encryption keys and stores the private key on a command-and-control server. Thereafter, the user’s data is held for ransom payment. If the user does not pay, the malware threatens to delete the private key, which is required to unencrypt the files and thus restore access. Apply a rootkit is incorrect. A rootkit is a piece of software that can be installed and hidden on a computer mainly to compromise the system and gain escalated privileges, such as administrative rights.
Enabling Turn off AutoPlay setting in the Windows Local Group Policy Editor
What is pharming?
A combination of faming and phishing. Pharming does not require the user to be tricked into clicking a link. I redirects victims from a legitimate site to a bogus websit.
Social engineering techniques first and foremost are about this?
Eliciting information
A persons personal information is used without authorization to deceive or commit a crime
Identity fraud
A phishing attack where the threat actor may use well researched and carefully crafted emails requesting payment
invoice scam
this attack involves coordinated actions that seek to affect the development, actions and behavior of a targeted population, social media has increased their reach.
influence campaigns
Social engineering combines influence with manipulation. What are the 6 principles of influence
authority, intimidation, consensus/social proof, scarcity and urgency, familiarity/liking, trust
Why is the principle of authority effective?
We feel an obligation to comply with authority. the expertise of an IT security administrator or chief information officer could compel you to divulge your password.
Why is the principle of Intimidation effective?
Authority plays to our sense of duty, people with authority are in a position to abuse that power. It plays of fear of getting in trouble or fired.
Why is the principle of consensus/social proof effective?
People trust like minded people such as friends and family members, they believe what others around them believe, ambiguous requests or situations are more likely to be acted on with the belief that others are doing the same thing.
Why are they principles scarcity and urgency effective?
We tend to want or value something more if we believe it is less available. Scarcity works when the victim desires something and in turn will act with a sense of urgency. Dreadful consequences will occur unless action is taken immediately.
Why is the principle familiarity/liking effective?
People tend to comply with requests from those whom they like or have common ground with, social engineers who can get you to like them find that you will be helpful because you to want to be liked.
