Week 10

Question 1

What should a good ICT strategy consider about ICT risk?

Answer 1

Must look at risk as well as the advantages of the changes.
– Need for systematic processes to allow risk be
determined
– Need for plans to deal with problems
Fail to prepare - prepare to fail

Question 2

Why is there an ICT security problem?

Answer 2

Increased convenience for users means increased convenience for people who
should not have access. The price we pay for this is increased security and
management of security.
Information systems are designed to share data and give resources to large amounts of people. networked computers are easier to access than standalone machines also.

Question 3

What are the three steps to analyse a threat environment and act

Answer 3

Plan, Protect and respond if necessary

Question 4

Describe how one can plan if they are in a threat enviornment in ICT

Answer 4

We need to consciously assess the risk in order to mitigate it.

Planning Principles:
Risk Analysis
Comprehensive
Security
Defence in depth
Minimum Permissions (dont forget to withdraw permissions)

Question 5

Describe how one can protect if they are in a threat enviornment in ICT

Answer 5

Better to protect rather than to try to fix things up afterwards.
Involves using access controls, firewalls and crytography to keep people out
Companies spend most of their security effort here daily.

Question 6

Describe how one can respond if they are in a threat enviornment in ICT

Answer 6

Even with great planning
and protection, incidents
will happen, and a
company must have a well- rehearsed plan for
responding. You can not anticipate everything.

Question 7

Define malware

Answer 7

– A general name for evil software
– software intentionally designed to cause damage to
a computer, server, client, or computer network

Question 8

Describe vulnerabilities and how they are dealth with by software providers

Answer 8

Vulnerabilities are security flaws in specific
programs. When vulnerabilities become known, then the software can up updated (patched)
to close off this vulnerability. This is why you have to keep both operating systems
and application software up to date.

Question 9

What is a zero-day vulnerability

Answer 9

zero-day vulnerability is either unknown to the software vendors or a patch has
not yet been developed. Such vulnerabilities are very dangerous.
When a new zero-day vulnerability is identified a new patch is made available as
soon as possible, out of sequence to the usual update cycle

Question 10

Whats the difference between vulnerability specific malware and universal malware

Answer 10

Vulnerability-specific malware requires a specific
vulnerability to be effective. ex: idea of climbing in through open window
Universal malware does not require a specific
vulnerability to be effective ex: vs breaking down the door.

Question 11

Describe and define riskware

Answer 11

Riskware is software that is potentially
dangerous.
Usually offers some benefit at a “cost”
– Compromises security
– Acts illegally Riskware might
– Block another application
– Be used as a backdoor for other malware.

Question 12

How can riskware be used in marketing

Answer 12

There is a grey area in riskware, where unwelcome advertisements etc may be installed on your computer, but these may not be strictly illegal.

Question 13

Define social engineering attacks

Answer 13

Tricking the victim into doing something against his or her interests ex: spam phone calls

Question 14

Define fraud attacks

Answer 14

Lying to the user to get the user to do something
against his or her financial self-interest. IT extends the range of fraud

Question 15

Define spam attacks

Answer 15

Unsolicited
commercial e-mail. Often fraudulent containing links to websites or malware. Email spam is essentially free to send, so spammers send a million emails in the
hope than a handful of people will respond or click on the link. There are spam blockers but sometimes can block actual email

Question 16

Define Phishing attacks

Answer 16

Sophisticated social
engineering attacks
with authentic-looking e-
mail or Website.
Wants user to enter
username, password,
and other sensitive
information. Link to website may look real as the text of the link does not need to be the same as the link. Phishers like spammers use mass-mailing and address collection techniques

Question 17

What types of businesses are the biggest phishing targets?

Answer 17

Financial Institutions and cryptocurrency are an obvious target.
Email and social media sites provide a lot of information of use to criminals. and Payments sites

Question 18

What are the traits of a phishing email?

Answer 18

1. The email is designed to sound serious.
   ‘urgent action required’
2. Poor spelling and grammar.
3. A mismatched or dodgy URL.
   The embedded link is not the same as the apparent link.
4. You are asked for sensitive information.

Question 19

Why is SMS not as popular for spam or phishing?

Answer 19

Because it costs more and In SMS texts you cannot conceal a different URL behind text, so a fake URL
should be more obvious.

Question 20

Define credit card theft online?

Answer 20

Credit Card Number Theft
– Performed by “carders”
– Make purchases with stolen credit card or steal from online account

Question 21

Define identity theft online

Answer 21

– Collecting enough data to impersonate
the victim in large financial transactions
– May take a long time to restore the victim’s credit
rating
- Cane involved someone opening an account in your name without you knowing

Question 22

Define corporate identity theft

Answer 22

In corporate identity theft, the attacker
impersonates an entire corporation
- Allow you order big quantities of goods etc on 30 days credit
- A lot of information about the company is public

Question 23

Define vandalism and types of theft one can face in ICT

Answer 23

Vandalism/Sabotage:
– Deliberate damage to hardware, software and/or data, including companies’ websites
ICT can also mean: Physical theft – stealing hardware and software,
Data theft – stealing sensitive information or
making unauthorised changes to computer records

Question 24

Why are disgruntled employees and en-employees dangerous

Answer 24

– Extensive access to systems, with privileges
– Knowledge about how systems work
– Knowledge about how to avoid detection
Business need to immediately withdraw network access if they dispense with the
services of an employee.

Question 25

What isnider threats do a business face?

Answer 25

Insider threats
– Unauthorised disclosure of sensitive information ex: AOLs 2005 jason smathers
– Process corruption
– Facilitation of third-party access to an organisation
– Physical sabotage
– Electronic or IT sabotage

Question 26

What are common deliberate indvidual sabotage methods

Answer 26

Logic Bomb– Destructive computer program that activates at a
certain time or in reaction to a specific event
Back door – Section of program code that allows a user to circumvent security procedures and gain full access
to the system
Physical damage – Literally wreck the system

Question 27

Define Hacking

Answer 27

Intentionally using a computers resources without authorisation or in excess of authorisation. Hackers were traditionally nerds doing it for the thrill of showing how smart they
are, now they usually just do it for the money, the tech people renting their services to criminal gangs.

Question 28

Is it a crime to write malware

Answer 28

Not usually but its a crime to release it.

Question 29

Give an example of a mega data breach

Answer 29

Yahoo 2014 500m accounts compromised

Question 30

Explain the business of cirminal Attackers and hackers

Answer 30

Crime generates funds that criminal hackers need
to increase attack sophistication.
Large and complex black markets for:
– attack programs,
– attacks-for-hire services,
– bot rentals and sales, money laundering,
Black market is accessible through the use of Tor and bitcoins
Criminal types pay for the software to break into networks etc and then sell the
data on the dark web

Question 31

Define ransomeware

Answer 31

Ransomware became one of the most common
forms of malware (half of all companies reported
it), but has declined in 2018. It works by
– Infecting your operating system
– Encrypting all your data
– Displays message Demanding you pay a ransom in a digital currency, to get system to work again
– Typically you have 24 hours to pay

Cane be installed through a deceptive link in an email or website

Question 32

What businesses report ransomware attacks the msot?

Answer 32

Manufacturing, business services, retail, healthcare.
Often doen where there are machines which have old hardware associated with them. Easier to hack an out of date computer.

Question 33

Give an example of a ransomware attack

Answer 33

HSE May 2021

Question 34

Describe the ransomware sequence of events

Answer 34

• Distribution Campaign : phishing emails and
  websites.
• Malicious Code Infection : The dropper
  downloads an executable to install ransomware
• Malicious Payload Staging ransomware
  embeds itself in the system.
• Scanning : ransomware finds content to encrypt.
• Encryption Files and folder are encrypted
• Payday : A ransom note with instructions on how
  to pay the ransom.

Question 35

Define DoS attacks

Answer 35

Denial of Service attacks - Intalling bots in devices. ex: can be done through IoT. Internet of Things (IOT) create a large number of simple devices connected to the
Internet. These can be hijacked to create flows of network traffic to targets of DOS
attacks.

Question 36

Describe when IT sabotage may be ued by terrosits

Answer 36

Cyberattacks by cyberterrorists
– Cyberattacks on utilities grids
– Financial disruption
Governments potentially have large resources to devote to IT sabotage and it may be cheaper than developing state of the art missiles and aircraft. EX: US accuses Russia of tampering with election

Question 37

What is Stunext

Answer 37

Stuxnet, the first known malware worm designed
to disrupt industrial processes.
Stuxnet seeks out and silently hijacks factory
control software written by Siemens for uranium-
enriching centrifuges. It infects the computers running that software, it can command
uranium-enriching centrifuges to spin out of control, thereby destroying them

Question 38

Based on microsofts security intelligence report what is the most frequent cause of problems with ICT security

Answer 38

– Malicious sabotage incidents accounted for less
than 50% of the total incidents that occur.
– Lost, stolen and missing equipment is often the
most frequent access point.
– Accidental disclosure via the web
– Improper disposal of records is also quite frequent.
Incompetence is the most frequent cause of problems not maliciious activity

Question 39

What does a business need to avoid accidents with IT

Answer 39

You need
* clear policies on doing things right
* ensure that these policies are actually followed
* systems that cannot be easily damaged by a single mistake
* E.g. require two steps or two people to shut down everything

Question 40

How much does Incompetence account for crashing in IS?

Answer 40

40-65% of damage to information systems arises from human error

Question 41

Give an example of risks of device theft/loss

Answer 41

People can lose devices which can be sold for alot of money
BYOD to work means user devices connect ot corporate networks - phone commmon
Portable devices present intrinsic security problems.
With online banking, Google Pay etc, losing your phone presents a lot of risks to
the individual.

Question 42

What are the four big reasons why IS systems are vulnerable?

Answer 42

Never underestimate human error.
Many computer crimes are old fashioned crime now being pursued in different
ways, theft, fraud etc.
Invasion of privacy results from the ability of IT to collate large amounts of
information and make it available throughout the world.
Physical problems