Leonardo Aniello Flashcards
(69 cards)
1
Q
What are the three objectives for information and information systems?
A
- Confidentiality
- Integrity
- Availability
2
Q
What is contained in the model of Computer Security?
A
- Asset
- Hardware
- Software
- Data
- Communication facilities and networks
3
Q
What are types of asset vulenerabilities?
A
- Corrupted systems
- Leaky systems
- Unavailable or very slow
4
Q
What is an Active Attack?
A
An attempt to alter assets or affect their operation
5
Q
What is a passive attack?
A
An attempt to learn or make use of information from the system that does not affect assets
6
Q
What is an inside attack?
A
Initiated by an entity inside the security perimeter. The insider is authorised to access system resources but uses them in a malicious way
7
Q
What is an outside attack?
A
Initiated from outside the perimeter. by an unauthorised or illegitimate user of the system
8
Q
What is a Risk?
A
A measure of the extent to which an asset is threatened by a potential circumstance
9
Q
What are the types of countermeasures to deal with a security threat/attack?
A
- Detection
- Prevention
- Mitigation
- Recovery
10
Q
What are cybercriminals interested in?
A
Illegal profits
11
Q
What are the typical attacks of cybercriminals?
A
- Money theft
- Personal document ransom
- Data breaches
- Distributed Denial of Service (DDos)
- Cryptojacking
12
Q
What are cybercriminals attack vectors? (How they attack)
A
- Malware
- Social Engineering/Email
- Social media
- Botnet
13
Q
What are Nation States interested in?
A
- High quality Intelligence
- Sabotage activities/crucial infrastructures
- Subversion e.g. political election
- Generally, engage in cyberwarfare activities
14
Q
What are the typical attacks of Nation States?
A
- Influence campaigns
- Data breaches
- DDoS
- Advanced Persistence Threats (APT)
15
Q
What are the attack vectors of Nation States?
A
Same as Cybercriminals but more advanced
16
Q
What is Cyberwarfare?
A
It refers to the activity of fighting a cyberwar, often including the weapons and methods that are used in the cyber space
17
Q
Why is cyberwarfare attractive?
A
- Cost effectiveness, speed of light (almost)
- No causalities but can disrupt adversary
- Hard to detect and neutralize for the victim
- Exploitable vulnerabilities increase with technological evolution
- Anonymity
- Plausible deniability
- Cyber Deterrence
18
Q
What is Advanced Persistent Threat (APT)?
A
A long-term pattern of targeted, sophisticated attacks
19
Q
What are Hacktivists motivated by?
A
Political, religious, social ideologies
20
Q
What are the typical attacks of Hacktivists?
A
- Web defacements
- Data breaches
- DDoS
21
Q
What are the attack vectors of Hacktivists?
A
Same as Cybercriminals, but generally less advanced
22
Q
What principles of hackers’ ethics do Hacktivists share?
A
- Libertarian and anarchist in nature
- Conceptualised as opponents of the power elite, that use technology to promote their own agendas
- Act of civil disobedience
23
Q
What is the culture of Hacktivists?
A
- Conspiracy theorising
- Obsession with privacy and secrecy
- Membership fluidity
- Culture of humour and creativity
24
Q
What are Insider Threats?
A
They are people with legitimate access to valuable resources that commit intentional attacks e.g. disgruntled employees
25
What are the different types of insider threats?
- Publish information on the web
- Install a malware
- Steal and sell information
26
What is Cyber-attack Life Cycle Models?
Empirical models representing the sequence of steps that cyber attacks go through
27
What is Lockheed Martin's Kill Chain Model?
Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command & Control
Actions on Objectives
28
What is the Reconnaissance stage of the Kill Chain Model?
- Target research and selection
- What information did attackers gather? How?
29
What is the Weaponization stage of the Kill Chain Model?
- Development of required cyber weapons
- What cyber weapons have been used? How did the attacks obtain them?
30
What is the Delivery stage of the Kill Chain Model?
- Delivery of the payload to the target
- How did the attackers deliver the cyber weapon(s) to the intended target
- What was delivered, from where, to where and how?
31
What is the Exploitation stage of the Kill Chain Model?
- Execution of the payload e.g. through the exploit
- How were cyber weapons activated?
32
What is the Installation stage of the Kill Chain Model?
- Ensure payload persistence within the target
- How did the attackers gain persistence inside the target
33
What is the Command & Control stage of the Kill Chain Model?
- Establish a communication channel with an external command and control (C2) server
- How did the attacks establish a communication channel to control the cyber weapons installed inside the target
34
What is the Actions on Objectives stage of the Kill Chain Model?
- Execution of desired actions within the target, based on commands from C2
- What did the attackers do to achieve their goals?
35
How are the different ways money theft is done?
- From end users (Credit Card details)
- From enterprises
- From financial institutions
- New trends (cryptocurrency wallets)
36
What is Zeus?
- Famous banking trojan horse
- Target Windows OS
- Man-in-the-browser attack
- Capture credentials
37
What is Business Email Compromise (BEC)?
- Recent form of scam - known as "CEO fraud" or "whaling"
- Request money transfer pretending to be CEO/senior manager
- Rely on the target of the scam being physically distant from subject of the scam
38
How does Personal document ransom work?
- Attacker sends an email with subject referring to an invoice/bill, with an attachment the user is lured to open
- The attachment usually is a PDF, office document or script file
- When executed the attachment either: prompts user to execute a macro or launches PowerShell to download and execute final payload etc
- Once installed, the ransomware begins encrypting specific types of files, which will be decrypted only by paying a ransom
- A message is displayed to explain what just happened and how to pay
39
What is cryptojacking?
- Malicious cryptomining
- Designed to stay hidden from users
40
What is usually stolen in data breaches?
- Names, email addresses, telephone numbers
- Encrypted/unencrypted security questions/answers
- Dates of birth
- Hashed passwords
41
What happens to data stolen in Data Breaches?
- Public disclosure (Hacktivists, Nation States and Cybercriminals)
- Private Intelligence (Nation States)
- Sold on the black market
42
What is the purpose of a Denial-of-Service (DoS) Cyber Attack?
Aim at making a service unavailable to its intended users
43
How does a DoS attack work?
- Service disruption is usually accomplished by overloading its resources
- The overloading is commonly due to service request flooding
44
What is the difference between Distributed DoS (DDoS) attack and a DoS attack?
When traffic is generated by many different sources, we talk about DDoS
45
How do Botnets contributed to DDoSes?
- Large groups of computers networked together that used their combined computer power to cause DDoS attacks
- Usually, these groups are built from vulnerable systems with no concern for who their owners are
- A botnet is commonly controlled by a Command&Control (C&C) infrastructure
46
Why are IoT devices used to form botnets?
Security is often not a priority for the device manufacturer
46
What is an influence campaign?
- Series of cyber-attacks and releases of information aimed to influence thinking and choices of a large number of persons
- Use massive amount of bots in social media platforms
47
What are Web defacements?
- Change the appearance of a web site
- Mostly by Hacktivists
- Still a widespread phenomenon
- Targets chosen based on:
Ease to hack
Expected media attention
48
What is a supply chain attack?
The adversary compromises the weakest link in the supply chain and reach the target from there
49
What are the essentials of UK Cyber Security?
Main goal: Protection against the most common cyber threats, not effective against advanced attacks
50
What are the basic requirements to protect the IT Infrasctructure?
- Firewalls
- Secure configuration
- Security update management
- User access control
- Malware protection
51
What are the requirements that apply to all devices within the scope?
- Accept incoming connections via Internet from untrusted hosts
- Establish outbound connections via Internet
- Control the flow of data between these devices and the Internet
52
What is the goal of a Firewall?
They aim to make sure that only secure and necessary network services can be accessed from the internet
53
What are the requirements of a Firewall?
- Block all inbound connections by default
- Every inbound rule that accepts connections must be motivated and documented
- Remove or disable unnecessary firewall rules quickly, when they are no longer needed
54
What is the aim of a Secure configuration?
It aims to ensure that computers and network devices are properly configured to reduce vulnerabilities and provide only the services required to fulfil their role
55
What are the requirements of a Secure configuration?
- Remove/disable unnecessary software
- Disable auto-run features
- Change default/guessable passwords
- Ensure users are authenticated before allowing them access to organisational data or services
56
What is the aim of Security update management?
To ensure that devices and software are not vulnerable to known security issues for which fixes are available
57
What are the requirements of Security update management?
- All software must be licensed and supported, otherwise removed
- Have automatic software updates enabled where possible
- Make sure updates are applied within 14 days from released
58
What is the aim of User access control?
To ensure that user accounts are assigned to authorised individuals only and provide access to only those assets the user needs to carry out their role
59
What are the requirements of User access control?
- Setup a process to create and approve a new user account
- Always authenticate user before granting access to applications/devices
- Remove/disable accounts when no longer required
- Remove/disable special access privileges when no longer required
- Implement MFA, where available
- Use separate accounts to perform administrative activities only
60
What is the aim of Malware Protection?
To restrict execution of known malware and untrusted software, from causing damage or accessing data
61
What are the requirements of Malware Protection?
- Anti-malware software
Updated
Prevent Malware from running
Prevent connections to malicious websites over the internet
- Application whitelisting
62
What is Fragmentation?
- Split data into multiple pieces, stored in diverse locations
- Harder for an attacker to collect all the fragments
63
What is a Data Backup?
- Frequently make copies of data
- Keep backup data on different, separate devices
64
What is Privacy protection?
Sanitize information to remove PII
65
What do Intrusion Detection/ Prevention Systems (ID/PS) do in Network monitoring?
- Observe/record all traffic on a given network
- Detect block malicious traffic
- Signature-based vs anomaly-based
- Alert on suspicious traffic
66
What are Honeypots?
A decoy to lure attacker, simulate a real system but in reality its isolated
67
What is Pentesting?
An authorised simulated attack, aimed at assessing the security of a system
68
What are the Phases of Penetration Testing
- Pre-engagement interactions (goal definition)
- Intelligence Gathering
- Threat Modelling
- Vulnerability Analysis
- Exploitation
- Post Exploitation
