Risk - Attackers and types of attacks

Question 1

Bots

Answer 1

are a system with malware controlled by a botnet.
 The system is compromised by an attack or the user installing a remote access trojan (game or application with a hidden payload).
 They often use IRC, HTTP, or HTTPS.
 Some are dormant until activated.
 Others are actively sending data from the system (Credit card/bank information for instance).
 Active bots can also can be used to send spam emails.

Question 2

Botnets

Answer 2

Botnets is a C&C (Command and Control) network, controlled by people (bot-herders).
 There can often be 1,000s or even 100,000s of bots in a botnet.

Question 3

Phishing

Answer 3

Phishing (Social engineering email attack):
 Click to win, Send information to get your inheritance …
 Sent to hundreds of thousands of people; if just 0.02% follow the instructions they have 200 victims.

Question 4

Spear Phishing:

Answer 4

Targeted phishing, not just random spam, but targeted at specific individuals.
Sent with knowledge about the target (person or company); familiarity increases success.

Question 5

Whale Phishing (Whaling):

Answer 5

Spear phishing targeted at senior leadership of an organization.
 This could be: “Your company is being sued if you don’t fill out the attached documents (with trojan in them) and return them to us within 2 weeks”.

Question 6

Vishing (Voice Phishing):

Answer 6

Attacks over automated VOIP (Voice over IP) systems, bulk spam similar to phishing.
 These are: “Your taxes are due”, “Your account is locked” or “Enter your PII to prevent this” types of calls.