Week 1 Flashcards

Question

Ransomware

Answer 1

What is ransomware? Ransomware is a type of malware that restricts access to a computer system and demands that a ransom be paid. Personal files are encrypted and the user is locked out. The malware then informs the user that in order to decrypt the files, or unlock the computer to regain access to the files, a payment would have to be made to one of several banking services, often overseas. An example of ransomware is CryptoLocker. CryptoLocker encrypts certain files on the computer’s drives using a public key.

Answer 2

Spyware and Adware are types of Trojans. Spyware monitors what happens on a target computer. An example of spyware is the Internet Optimizer.The Internet Optimizer redirects Internet Explorer error pages out to other websites’ advertising pages. Adware monitors user actions and displays pop-up ads on the user’s screen. Grayware Grayware is another general term that describes applications that are behaving improperly but without serious consequences.

Answer 3

A rootkit is a type of software designed to gain administrator-level control over a computer system without being detected. It is used to perform malicious operations on a target computer at a later date without the knowledge of the administrators or users of that computer. Rootkits can target the UEFI/BIOS, boot loader, kernel, and more. Rootkits are difficult to detect because they are activated before the operating system has fully booted. Sony spyware rootkit example. To track users who might be illegally copying and distributing copies of CDs. Used a rootkit on audio CDs sold in 2005 that can conceal its existence to users. The Federal Trade Commission ruled in 2007 that Sony had violated Federal laws and had to reimburse consumers upto $150.

Answer 4

Software that can “infect” other programs by modifying them The modification includes injecting the original program with a routine to make copies of the virus program, which can then go on to infect other programs Typical hosts for viruses in a computer are: EXE files in Windows Machine Book sectors of disk partitions. Script files for system administrators BAT files in Windows and SH files in Unix. Documents that are allowed to contain macros Word, Excel, Access database, etc. Could also be fileless. Can directly inject themselves into the memory. No local storage is needed.

Answer 5

A worm is much like a virus, except that it self-replicates, whereas a virus does not. It does this in an attempt to spread to other computers. Programs that can replicate themselves and send copies from computer to computer across network connections In addition to propagation the worm usually performs some unwanted function Worms take advantage of security holes in operating systems and applications, including backdoors. Actively seek out more machines to infect and each machine that is infected serves as an automated launching pad for attacks on other machines A network worm: Exhibits the same characteristics as a computer virus May attempt to determine if a system has previously been infected before copying itself

Answer 6

Also know as a zombie or drone Program that secretly takes another Internet-attached computer, then uses it to launch attacks that are difficult to trace to the bot’s creator A botnet is a collection of bots capable of coordinating attacks

Answer 7

Keylogger Captures keystrokes on the infected machine to allow an attacker to monitor this sensitive information Spyware Subverts the compromised machine to allow monitoring of a wide range of activity on the system May include monitoring the history and content of browsing activity Redirecting certain Web page request to fake sites controlled by the attacker Dynamically modifying data exchanged between the browser and certain Web sites of interest

Answer 8

Phishing Exploits social engineering to leverage user’s trust by masquerading as communications from a trusted source Spam e-mail may direct a user to a fake Web site controlled by the attacker, or to complete some enclosed form and return to an e-mail accessible to the attacker, which is used to gather a range of private, personal information on the user Spear-phishing E-mail claiming to be from a trusted source, however, the recipients are carefully researched by the attacker and each e-mail is carefully crafted to suit its recipient specifically, often quoting a range of information to convince them of its authenticity

Answer 9

Review Slide 53 Week 1

Answer 10

Review Slide 20 Week1

Answer 11

Security has always been a major business concern Physical assets are protected with locks, barriers, guards. Information assets are protected with passwords, coding, certificates, encryption. Computers and Internet have redefined the nature of information security Laws and enforcement in cyber crime Slow to catch-up Breaking into a computer is now a federal crime in the U.S. New laws against cyberborder crimes, yet difficult to enforce, sentences are typically very light

Answer 12

Computer security increasingly important More sophisticated tools for breaking in Viruses, worms, credit card theft, identity theft leave firms with liabilities to customers Incidents are escalating at increasing rate Computer Emergency Response Team (CERT) was formed at Carnegie Mellon University with US DoD support responds and raises awareness of computer security issues, www.cert.org Worldwide annual information security losses may be $2 trillion

Answer 13

Security issues can impact consumer confidence 70% of all email sent worldwide was spam in 2006. Today ??? New laws on data privacy and financial information include Sarbanes-Oxley Act (SOX) and Health Insurance Portability and Accountability Act (HIPPA)

Answer 14

Organizations vulnerable due to dependency on computing and widely available Internet access to its computers and networks Business loss potential due to security breaches $3.92 million average loss per incident of data breach Cost per lost record is $150 Time to identify and contain a breach – 279 days Most impacted country – USA, Highest industry average - Healthcare Reduced consumer confidence as a result of publicity Loss of income if systems offline Costs associated with strong laws against unauthorized disclosures (California: $250K for each such incident) Protecting organizations’ data and application software Value of data and applications far exceeds cost of networks Firms may spend about $1500/employee on security awareness

Answer 15

Financial Risk Ex: Cost of rebuilding a datacenter after being physically destroyed. Cost of contracting experts for incident response and forensic analysis. Loss of assets and revenue Reputational Risk Loss of goodwill among customers, employees, suppliers and other stakeholders. Loss of brand value, image, reputation Identity Theft Exposure of PII (Personally Identifiable Information) Ex: SSN, bank accounts, Credit card data, Driver’s license numbers, passport data, and similar sensitive identifiers.

Answer 16

Strategic Risk: Potential that an organization will become less effective in meeting its goals after a breach Ex: Stolen laptop containing new development plans or a new prototype of an initiative. What if competitors get a copy of these plans? Operational Risk: Organization's ability to carry out day to day operations. May lead to developing manual work-arounds to handle operations that could be quicker and better handled using automated systems. Ex: Customers unable to login to a bank website after it has been shut off due to a denial-of-service attack. Compliance Risk HIPAA compliance – requires health-care providers to protect the CIA triad of personal health information (PHI). If patient records are stolen, HIPAA compliance has been violated. Can lead to sanctions and heavy fines.