Attacks, Threats, Vulnerabilities

Question 1

The Principle Behind Social Engineering.

What are they?

Answer 1

Authority

Intimidation

Consensus / Social Proof

Scarcity

Urgency

Familiarity / Liking

Trust

Question 2

The Principle Behind Social Engineering:

Explain Authority?

Answer 2

Convincing a target that they have the authority in the situation so they can act a certain way.

You are trying to entice the target that you have the authority (manager, high level person) asking them to do something.

Question 3

The Principle Behind Social Engineering:

Explain Intimidation?

Answer 3

A principle that attacker would use on a target to cause apprehension.

They will try to install fear on the target so they can they act or do what they want them to do.

Ex. Telling someone they will go to jail if they don’t do what is being told of them to do.

Question 4

The Principle Behind Social Engineering:

Explain Consensus/Social Proof?

Answer 4

Meaning that if the attacker can convince a target that others are also doing it, then they should also do it.

Ex. Monkey See Monkey do.
F.O.M.O. - Fear of missing out

Question 5

The Principle Behind Social Engineering:

Explain Scarcity?

Answer 5

Supply and demand.

When the attacker tells the target that things are in short supply and should act fast. People may want it more when things are in low supply.

Ex. There is only 2 left on this thing at this price… act now.

Question 6

The Principle Behind Social Engineering:

Explain Urgency?

Answer 6

Time…

Act now or it will be gone forever and not think about the consequences.

Ex. Cash settlement with a link that only has limited time to act

Question 7

The Principle Behind Social Engineering:

Explain Familiarity/Liking?

Answer 7

Establishing a place of comfort.

When attacker craft a thing in a way that will interest you that make you feel comfortable.

The more comfortable the target gets, the likely that they will do what the attacker is asking them to do.

Question 8

The Principle Behind Social Engineering:

Explain Trust?

Answer 8

Give the target a pathway to think that they are doing what is right at that moment.

Question 9

What are some social engineering techniques?

Answer 9

Pretexting

Impersonation

Reconnaissance

Question 10

Explain the pretexting social engineering technique?

Answer 10

When the attacker crafts a fake scenario that sounds legit.

As long as the scenario is believable, someone can fall in this trap.

Question 11

Explain the impersonation social engineering technique?

Answer 11

Preventing to be someone you are not.

Question 12

Explain the reconnaissance social engineering technique?

Answer 12

Is the process of building up information that is specific of the target. It can be both digital and in person.

Question 13

What is Spam?

Answer 13

Unsolicited emails sent to many recipients.

Mostly a nuisance but can be a security concern. (links or attachments)

Question 14

What is Spim?

Answer 14

Is like Spam but sent over SMS (text messages) or VoIP

Question 15

What is Phishing?

Answer 15

It’s a email based attack used by social engineers to induce people to give up personal info such as passwords or financial data.

Question 16

What is the CIA Triad?

Answer 16

Confidentiality / Integrity / Availability

Question 17

What does Confidentiality mean?

Answer 17

Ensures that unauthorized individuals are not able to gain access to sensitive information.

Question 18

What does integrity mean?

Answer 18

Ensures that there is no unauthorized modifications to information or system whether intentionally or unintentionally.

Question 19

What does Availability mean?

Answer 19

Ensures that information and systems are ready to meet the need of users when requested.

Question 20

What are the 3 key threats to cybersecurity programs?

Answer 20

Disclosure / Alteration / Denial

Question 21

What does Disclosure mean?

D.A.D Triad.

Answer 21

Sensitive data or systems are exposed to unauthorized individuals.

Also known as DATA LOSS.

Question 22

What does Alteration mean?

D.A.D Triad.

Answer 22

The unauthorized modification of information whether internally or unintentionally.

Question 23

What does Denial mean?

D.A.D Triad.

Answer 23

The disruption of authorized users access to information or systems.

Question 24

What is a Financial Risk?

Answer 24

the rest of monetary damage to the organization as a the results of the data breach or destruction of physical buildings.

Question 25

What is a Reputational risk?

Answer 25

When negative publicity surrounding a security breach causes the loss of trust among anyone associated with the business.

Question 26

What is Strategic Risk?

Answer 26

The risk that a company will become less effective in meeting its major goals due to the breach.

Ex. Losing laptop with the only copy of a new product or competitors gaining your info of a new product.

Question 27

What is Operational Risk?

Answer 27

Is the risk of a company to cary out its day to day functions. Things are not efficient causing slow delivery of products or processes.

Question 28

What is a Compliance risk?

Answer 28

Is the risk of running afoul of legal or regulatory requirements.

Not following the guidelines given. Example - HIPPA

Question 29

What is an invoice scam?

Answer 29

common phishing strategy in which an invoice is sent to you.

Question 30

What is P.I.I ?

Answer 30

Personal Identifiable Information.

Question 31

What is Identify Fraud ?

Answer 31

When someone identifiable information is stolen AND USED.

Question 32

What are hoaxes?

Answer 32

false info made to appear real so you can act on it.

Example: Popups

Question 33

What is watering hole?

Answer 33

Is where attacks compromise a website that many will visit frequently.

Example - Solarwinds attack.

Question 34

What is typo squatting?

Answer 34

When a cyber criminal register domain names with common typos.

Question 35

What is pharming?

Answer 35

Redirection of traffic from a legit site to a fake site by modifying the DNS servers and entries.

Question 36

What is an evil twin attack?

Answer 36

Is when rogue wifi AP that has a power signal with the same SSID that is legit. This allows attackers to monitor and analyze traffic.

Password, PII may be harvested, signal jamming may happen.

Question 37

What is blue jacking?

Answer 37

Sending of messages / images / audio or video to send via bluetooth.

Similar to spam but via bluetooth.

Question 38

What is blue snarfing?

Answer 38

stealing of data via bluetooth. This is unauthorized access through bluetooth.

Question 39

What is a physical attack?

Answer 39

USB can have malware and/or cause a power surge attack.

Question 40

What is a supply chain attack?

Answer 40

Attackers infiltrate third party software vendors so that they can cause damage to the users that use it. This is a type of a watering hole attack.

Example - SOLARWIND!

Question 41

What is a Shadow IT?

Answer 41

Use of info technology systems, devices software, applications and services without explicit IT department approval.

Question 42

What is a black hat (unauthorized) hacker?

Answer 42

Criminal hacker who attack systems for personal gain or other malicious purposes.

Question 43

What is a white hat (authorized) hacker?

Answer 43

Security experts who study and practice hacking legally for finding countermeasures against other hackers.

Question 44

What is a gray hat (un)Authorized hacker?

Answer 44

Hackers who are neither black hats nor white hats but haver characteristics of both.

Question 45

Under attacker qualities, what does intent mean?

Answer 45

The actual goal of the attacker. For instance, financial gain, political motive, gathering intelligence, etc.

Question 46

Under attacker qualities, what does sophistication mean?

Answer 46

Some attackers are clumsy and obvious, others are like cyber-ninjas.

Question 47

Under attacker qualities, what does resources mean?

Answer 47

Ranging from a teenager on their parents’ computer to the NSA.

Question 48

Under attacker qualities, what does location mean?

Answer 48

Some attacks need physical access, while others cab be conducted from from anywhere.

Question 49

Under attacker qualities, what does information mean?

Answer 49

Attackers may know nothing about your organization, or others (such as insiders) may know quite a bit.

Question 50

What is a script kiddies?

Answer 50

Less skill and knowledge, simply uses scripts. The is the lowest level attacker.

Question 51

What is an Hacktivist?

Answer 51

Hackers who attack organizations for political reasons?

Question 52

What is an Organized Criminal?

Answer 52

Criminal hackers who typically seek financial gain.

Question 53

What is a competitor?

Answer 53

Unethical business attempt attack on comepetitors.

Question 54

What is a insider attack?

Answer 54

Employees or ex-employees.

Question 55

What is a nation state / state actor?

Answer 55

Intelligence agencies, militaries and dedicated cyberwarfare organizations.

A hacker who has a license to hack.

Question 56

What is an APT?

Answer 56

Advanced persistent threat; ongoing series of sophisticated attacks; associated with nation states.

Question 57

What is a Cyber Kill Chain?

Answer 57

A model developed by Lockheed Martin. Basically a framework that has a series of distinct steps that an attacker uses during a cyberattack.

This helps us understand and combat different forms of attacks.

Question 58

What are the steps in a Cyber kill Chain?

Answer 58

Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and Control
Actions on Objectives

Question 59

Explain the reconnaissance phase in a cyber kill chain?

Answer 59

Attackers attempt to enumerate exploitable vulnerabilities and weaknesses.
Ex. Unpatched Systems / Misconfigurations /

Attackers use numerous tools ( nmap, OSINT, OpenVAS)

Question 60

Explain the weaponization phase in a cyber kill chain?

Answer 60

Attackers choose vulnerabilities to exploit. They are creating the attack to exploit the vulnerability.

Question 61

Explain the delivery phase in a cyber kill chain?

Answer 61

They start to attack you.
Ex. Malicious email attachment
Infected USB
Pharming attacks
Watering hole

Question 62

Explain the exploitation phase in a cyber kill chain?

Answer 62

Attackers start executing what they delivered to your systems.

Question 63

Explain the installation phase in a cyber kill chain?

Answer 63

Attacker installs persistence mechanisms to ensure that they can come back again and again.

Question 64

Explain the command and control phase in a cyber kill chain?

Answer 64

Lines of communication are open with attackers maybe to there c2 server and your servers.

Question 65

Explain the Actions and objectives phase in a cyber kill chain?

Answer 65

Total remote access and steal all your data at any time.