Malware

Question 1

What is the weakest link principle?

Answer 1

The weakest link in a security chain is responsible for failure of security systems

Question 2

What is malware (malicious software)?

Answer 2

Any software design to cause harm to computer systems, networks, or users

Question 3

What can malware do if it infiltrates a system?

Answer 3

• Steal sensitive data
• Disrupt system operations
• Allow unauthorised access to device

Question 4

What types of malware are there?

Answer 4

• Viruses
• Worms
• Trojans
• Ransonware
• Zombies
• Bonets

Question 5

What is a virus?

Answer 5

A malicious executable code attached to another executable file

Question 6

How can viruses be prevented?

Answer 6

Using antivirus and avoiding untrustworthy files

Question 7

What are worms?

Answer 7

Self replicating malware that doesn’t require a host to run

Question 8

How do worms spread?

Answer 8

Copy themselves and send themselves to several devices across the network

Question 9

What allows worms to spread?

Answer 9

Network vulnerabilities, email attachments or malicious links

Question 10

How do you prevent computer worms?

Answer 10

Regular updates and using a firewall

Question 11

What are Trojans?

Answer 11

Malware disguised as legitimate software

Question 12

How can Trojans be prevented?

Answer 12

Being cautious with emails and downloads

Question 13

What is ransomware?

Answer 13

Infects computer, encrypts files and locks system for a ransom

Question 14

How can ransomware be prevented?

Answer 14

backup files and avoid suspicious links

Question 15

What is a zombie?

Answer 15

A computer that has been compromised and controlled by hackers

Question 16

How are zombies spread?

Answer 16

Can be spread by any malware i.e. trojans, worms

Question 17

How to prevent computer becoming a zombie?

Answer 17

Regular updates, monitor unusual activity, strong authentication firewalls

Question 18

What is a botnet?

Answer 18

A network of zombies controlled remotely

Question 19

What is the impact of zombies?

Answer 19

Can send spam emails, steal sensitive data or launch DDoS attacks

Question 20

What is a DDoS attack?

Answer 20

A hacker makes a website or other services inaccessible by flooding it with requests from many different devices

Question 21

How do malware gain access?

Answer 21

• phishing emails
• Exploiting weak systems
• Manipulating victims
• Fake websites or ads
• Hidden within software

Question 22

What are the effects of malware?

Answer 22

• Data theft
• System damage
• Loss of privacy
• Financial loss
• performance issues
• Reputation damage to organisations

Question 23

Other than malware, what other methods are used to gain personal information?

Answer 23

• Phishing
• Social engineering
• Grooming
• Deepfakes
• Online stalking

Question 24

What is phishing?

Answer 24

Spam emails containing malicious hyperlinks that convince victims to give personal information

Question 25

What is social engineering?

Answer 25

'hacking without code': perpetrator gains trust of victim by collecting data on them and convincing them to share personal information

Question 26

How can social engineers find data on victims?

Answer 26

- Dumpster diving for documents that haven't been shredded - Motoring social media - Spying on someones screen in public

Question 27

What is grooming?

Answer 27

Gaining trust of someone over time by being nice to them, then asking the victim to reveal information about themselves

Question 28

What is threat modelling?

Answer 28

A technique within the security lifecycle to analyse a system's security and privacy

Question 29

What are the 5 key phases of threat modelling?

Answer 29

- Asset identification - Threat analysis - Vulnerability analysis - Risk Assessment - Risk communication

Question 30

What is asset identification?

Answer 30

Determining what you're trying to protect

Question 31

What is threat analysis?

Answer 31

Identifying potential attacks that could compromise the assets

Question 32

What is vulnerability assets?

Answer 32

Pinpoint weaknesses in the setup - technical and organisational

Question 33

What is Risk assessment?

Answer 33

Evaluate the likelihood and impact of threats

Question 34

What is risk communication?

Answer 34

Share findings with stakeholders

Question 35

What are non-intentional threat agents?

Answer 35

things/individuals that cause natural or accidental damage

Question 36

What are malicious threat agents?

Answer 36

An individual or group that implements a threat with malicious intent

Question 38

What is DREAD?

Answer 38

A risk assessment model that evaluates threats based on five criteria