Week 10

Question 1

Planning Principles

Answer 1

Risk Analysis
Comprehensive
Security
Defence in depth
Minimum Permissions

Question 2

What is Malware?

Answer 2

– A general name for evil software
– software intentionally designed to cause damage to
a computer, server, client, or computer network

Question 3

Difference between Vulnerability-Specific and Universal Malware

Answer 3

– Vulnerability-specific malware requires a specific
vulnerability to be effective.
– Universal malware does not require a specific
vulnerability to be effectivere

Question 4

What is Riskware?

Answer 4

• Usually offers some benefit at a “cost”
  – Compromises security
  – Acts illegally
• Riskware might
  – Block another application
  – Be used as a backdoor for other malware.
  – Indicate the presence of other malware.

Question 5

What is Social Engineering?

Answer 5

Tricking the victim into doing something against his
or her interests

Question 6

What is Fraud?

Answer 6

Lying to the user to get the user to do something
against his or her financial self-interest

Question 7

What is Spam?

Answer 7

– Unsolicited
commercial e-mail
– Often fraudulent

Question 8

What are E-Mail Attachments used for?

Answer 8

– link to a Website with
Malware
– This may complete
the fraud or download
software to the victim

Question 9

What are Phishing Attacks?

Answer 9

– Sophisticated social
engineering attacks

– authentic-looking e-
mail or Website

Question 10

What do Phishers do?

Answer 10

• Phishers
  – decide which business to target
  – how to get e-mail addresses for the customers of
  that business.
  – use the same mass-mailing and address collection
  techniques as spammers
• Phisher targets
  – Banking e.g. Bank of Ireland
  – Payment services e.g. paypal
  – Social media e.g. Facebook
  – Government e.g. Revenue

Question 11

Credit Card Number Theft

Answer 11

– Performed by “carders”
– Make purchases with stolen credit card

Question 12

Identity Theft

Answer 12

– Collecting enough data to impersonate
the victim in large financial transactions
– Can cause greater harm than carding
– May take a long time to restore the victim’s credit
rating

Question 13

What is vandalism/sabotage?

Answer 13

Deliberate damage to hardware, software and/or
data, including companies’ websites

Question 14

Why are Disgruntled and Ex-Employees dangerous?

Answer 14

– Extensive access to systems, with privileges
– Knowledge about how systems work
– Knowledge about how to avoid detection

Question 15

What is a Logic Bomb?

Answer 15

– Destructive computer program that activates at a
certain time or in reaction to a specific event

Question 16

What is a Back Door

Answer 16

Section of program code that allows a user to
circumvent security procedures and gain full access
to the system

Question 17

What is hacking?

Answer 17

Hacking is intentionally using a computer
resource
– totally without authorisation
– or in excess of authorisation

Question 18

What is Ransomware?

Answer 18

• Ransomware became
  one of the most
  common forms of
  malware. It works by
  – Infecting your O/S
  – Encrypting all data
  – Demanding a ransom
  in a digital currency
  – Typically, you have
  24 hours to pay.

Question 19

Ransomware Sequence

Answer 19

• Distribution Campaign : phishing emails and
  websites trick users to download a dropper.
• Malicious Code Infection : The dropper
  downloads an executable to install ransomware
• Malicious Payload Staging ransomware
  embeds itself in the system.
• Scanning : ransomware finds content to encrypt.
• Encryption Files and folder are encrypted
• Payday : A ransom note with instructions on how
  to pay the ransom. Victims are usually given a
  few days to pay the ransom or price will increase.

Question 20

What is a Denial of Service (DOS) Attack?

Answer 20

– Install bots in devices e.g. IOT