2.4 Flashcards
Explain common social engineering attacks, threats, and vulnerabilities (7 cards)
An attacker emailed many employees of a target company (that supports government organizations) with no success in gaining remote access through online social engineering. The attacker then scopes the company’s corporate office to find an easy to manipulate employee. How may the attacker plan on infiltrating the office? (Select all that apply.)
~Tailgate into the offices
~Impersonate and employee
~Become an insider threat
~Spoof the software token
TAILGATE INTO THE OFFICE & IMPERSONATE AN EMPLOYEE
*The attacker can manipulate a person and use other social engineering techniques to tailgate right through the front doors of the offices.
*The attacker can impersonate an employee by stealing an access card to scan or briefly show as having access to the building. Impersonation can occur in combination with a tailgating situation.
-An insider threat is an employee or other person with immediate access to internal components of the company or organization. However, the attacker will need to pass a background check to become an employee.
-Spoofing is an attack where the threat actor can masquerade as a trusted user or computer. An attacker can also obtain a logical token or software token to spoof.
After carrying out a campaign to gather data via e-mail and other electronic means, what else can an attacker do to gather personal information about a company owner without being in that person’s presence?
~Go dumpster-diving behind the corporate offices
~Use a structures query language (SQL) injection attack
~Shoulder surf after delivering food to the target
~Initiate a distributed denial of service (DDoS) attack
GO DUMPSTER-DIVING BEHIND CORPORATE OFFICES
*Dumpster diving refers to combing through an organization’s (or an individual’s) garbage to find useful documents. Attackers may even find files stored on discarded removable media.
-A shoulder surfing attack means that the threat actor learns a password or PIN (or other secure information) by watching the user type it.
-A denial of service (DoS) attack would flood a server with bogus requests. Distributed DoS (DDoS) means that the attacks launch from multiple compromised systems referred to as a botnet to a target.
-In an SQL injection attack, the threat actor modifies SQL functions by adding code to some input accepted by the app, causing it to execute the attacker’s own set of SQL queries or parameters.
An employee receives a phone call from someone in the IT department informing them that their computer has a virus. In a panic, the employee quickly follows the instructions from the caller to grant remote access to their workstation. Unfortunately, the employee notices that the application used for remote access is not the same as the application used in the past when someone from IT has remotely worked on their workstation. What kind of attack has the user just experienced?
~Vishing
~Brute-force
~Phishing
~SQL Injection
VISHING
*Vishing occurs through a voice channel, like a telephone or Voice over Internet Protocol (VoIP). For example, someone purporting to represent the victim’s bank could call, asking them to verify a recent purchase by requesting their security details.
-Brute-force is a password attack. An attacker uses an application to try every possible alphanumeric combination to crack encrypted passwords.
-A Structured Query Language (SQL) injection attack occurs when a threat actor modifies basic SQL functions by adding code to some input accepted by an application, causing it to execute the attacker’s own set of SQL queries or parameters.
-Phishing is an email-based social engineering attack. The attacker sends an email from a supposedly reputable source to elicit a victim’s private information.
A systems administrator is auditing the settings of a group of web servers. The administrator notices that a few of the servers also have file services and database roles installed and are not in line with the documented configuration of the company’s standard web servers. What vulnerability are these systems experiencing?
~End of Life OS
~Unprotected System
~Unpatched System
~Non-compliant system
NON-COMPLIANT SYSTEM
*A non-compliant system is a system whose configuration is different from its secure baseline. The sysadmin should only configure these servers as web servers. However, they have other features installed that increase the overall attack surface of the systems.
-A legacy or end of life (EOL) system is where the software vendor no longer provides support or fixes for problems. An EOL operating system (OS) is a risk since the vendor does not mitigate discovered vulnerabilities.
-An unpatched system is one that its owner has not updated with the current operating system and application patches.
-An unprotected system is one or more required security controls (antivirus or firewall, for example) that are missing or misconfigured.
An employee receives an email from what looks to be the IT department informing the employee has a compromised password. In a panic, the employee clicks the provided web link in the email, enters their old password, and then enters a new password. The employee noticed that this is not how the IT department has had them change their password in the past. What kind of attack has the user just experienced?
~Phishing
~Brute-force
~SQL Injection
~Vishing
PHISHING
*Phishing is an email-based social engineering attack. The attacker sends an email from a supposedly reputable source to elicit a victim’s private information.
-Vishing occurs through a voice channel, like a telephone or Voice over Internet Protocol (VoIP). For example, someone purporting to represent the victim’s bank could call, asking them to verify a recent purchase by requesting their security details.
-Brute-force is a password attack. An attacker uses an application to try every possible alphanumeric combination to crack encrypted passwords.
-A Structured Query Language (SQL) injection attack occurs when a threat actor modifies basic SQL functions by adding code to some input accepted by an application, causing it to execute the attacker’s own set of SQL queries or parameters.
After a recent data breach, a company’s IT department has concluded that the breach started with a laptop that accessed the Wi-Fi to gain access to its resources. The company uses a passphrase and media access control (MAC) address filtering to restrict access to Wi-Fi. What type of attack gained access to the company’s wireless network?
~Phishing
~Spoofing
~Denial of Service
~On-path
SPOOFING
*Spoofing is an attack where the threat actor can masquerade as a trusted resource. It can mean cloning a valid MAC or IP address or using a false digital certificate. The attacker obtained the passphrase and spoofed a valid MAC address to gain access.
-On-path is an attack where the threat actor makes an independent connection between two victims and can read and possibly modify traffic between them.
-A denial of service (DoS) attack causes a service at a given host to fail or become unavailable by bombarding it with spoofed requests.
-Phishing is an email-based social engineering attack. The attacker sends an email from a supposedly reputable source to elicit private information from the victim.
An IT support desk intern is learning about fundamental security concerns that any support desk should look to remediate. What can be a security vulnerability when it comes to managing multiple endpoints? (Select all that apply.)
~Underperfoming system
~Unprotected system
~Unpatched System
~End of LIfe OS
END OF LIFE, UNPATCHED SYSTEM, & UNPROTECTED SYSTEM
*An unpatched system is one that its owner has not updated with the current operating system (OS) and application patches.
-An unprotected system is one or more required security controls (antivirus or firewall, for example) that are missing or misconfigured.
-A legacy or end of life (EOL) system is where the software vendor no longer provides support or fixes for problems. EOL operating systems are a risk since the vendor does not mitigate discovered vulnerabilities.
-Though an underperforming system may be due to an infection, this likely is just a limitation in hardware resources.