midterm 2

Question 1

What is the G7 24/7 Cybercrime Network?

Answer 1

🔹 A network for international cooperation in investigating and prosecuting high-tech crimes.
🔹 Provides 24/7 contact points for cybercrime incidents.
🔹 Facilitates freezing and production requests for digital evidence.

Question 2

What is the ITU (International Telecommunication Union)?

Answer 2

🔹 Established in 1865 to manage global communication networks.
🔹 Sectors: Radiocommunications, Standardization, and Development.
🔹 Operates the ITU Cybersecurity Programme to enhance global cyber resilience.

Question 3

What is the role of the United Nations in cybersecurity?

Answer 3

/UN Internet Governance Forum – Discusses global internet policies.
/UN Group of Governmental Experts (GGE) – Addresses international cybersecurity issues.
/Cyber Defence Committee (NATO collaboration) – Strengthens cybersecurity policies.

Question 4

What cybersecurity policies does the OECD support?

Answer 4

/Digital security legal instruments developed since the 1990s.
//Key recommendations:
//Cryptography Policy (1997)
//Digital Security Risk Management (2015)
//Security of Critical Activities (2019)

Question 5

What is the Budapest Convention on Cybercrime

Answer 5

/Adopted in 2001, aims to harmonize cybercrime laws across countries. /Promotes international cooperation for cybercrime investigations.
/Sets legal standards for criminal procedures and digital evidence handling.

Question 6

What is the Global Cybersecurity Index (GCI)?

Answer 6

/Measures cybersecurity preparedness across nations.
/Assessment based on Legal, Technical, Organizational, Capacity Building, and Cooperation measures.

Question 7

What is the African Union’s approach to cybersecurity?

Answer 7

/African Union Convention on Cybersecurity and Personal Data Protection.
/Establishes legal and regulatory frameworks for data protection and cybercrime.

Question 8

What are National Cybersecurity Strategies?

Answer 8

/Key areas include:
/Governance
/Risk management
/Critical infrastructure protection
/nternational cooperation

Question 9

What are the legal solutions for cybersecurity?

Answer 9

/Criminalization – Defining cybercrime laws.
/Incident reporting & information sharing – Ensuring response coordination.
/Institutional arrangements – Creating dedicated cybersecurity agencies.

Question 10

What is the Global Cybersecurity Index (GCI)?

Answer 10

/A global ranking system that measures countries’ cybersecurity preparedness.
/Developed by the International Telecommunication Union (ITU).
/Evaluates legal, technical, and organizational measures in cybersecurity.

Question 11

What are the Five GCI Assessment Pillars?

Answer 11

/Legal Measures – Laws and regulations on cybersecurity and cybercrime.
/Technical Measures – National CSIRTs, cybersecurity standards, and risk management.
/Organizational Measures – Cyber strategies, policies, and coordination.
/Capacity Building – Cybersecurity education, training, and awareness.
/Cooperation – International partnerships and incident response collaboration.

Question 12

Why is the GCI important?

Answer 12

/Helps countries identify strengths & weaknesses in cybersecurity.
/Encourages international cooperation in fighting cyber threats.
/Provides benchmarking data for governments to improve security policies.

Question 13

What does a high GCI score indicate?

Answer 13

/A country has strong legal, technical, and organizational cybersecurity frameworks.
/It actively trains personnel, promotes awareness, and engages in international collaboration.
/Examples of high-ranking countries: U.S., U.K., Singapore, Estonia.

Question 14

How can countries improve their GCI ranking?

Answer 14

/Strengthen cybercrime laws and enforcement.
/Develop national cybersecurity strategies.
/Create and fund CSIRTs (Computer Security Incident Response Teams).
/Enhance international cooperation in cybersecurity.

Question 15

What was the biggest shift in cyberthreats observed in 2023?

Answer 15

A surge in attacks targeting identities, focusing on logging in rather than hacking in.

Question 16

What technique saw a 100% increase in 2023 for compromising identities?

Answer 16

A type of malware designed to steal credentials and sensitive data.

Question 17

What cyberattack method saw a drop despite remaining common?

Answer 17

Ransomware attacks on enterprises.

Question 18

What was the most common impact of cyberattacks in 2023?

Answer 18

Data theft and leaks.

Question 19

How are attackers acquiring credentials on the dark web?

Answer 19

Through infostealer malware that collects and sells login data.

Question 20

What is adversary-in-the-middle (AitM) phishing?

Answer 20

A method where attackers intercept traffic between a user and a website to steal credentials and bypass MFA.

Question 21

Why is identity abuse becoming a preferred attack vector?

Answer 21

It’s harder for defenders to distinguish between legitimate and malicious identity use.

Question 22

What were the top two initial access vectors in 2023?

Answer 22

Valid accounts (30%) and phishing (30%).

Question 23

How are attackers obtaining valid credentials?

Answer 23

Through infostealers, phishing, and dark web marketplaces.

Question 24

What percentage of cloud assets for sale on the dark web are account credentials?

Answer 24

90%.

Question 25

What exploit saw widespread abuse in 2023 for data extortion?

Answer 25

MOVEit vulnerability (CVE-2023-34362).

Question 26

What attack vector saw an increase in Europe?

Answer 26

Exploitation of public-facing applications and credential abuse.

Question 27

What was the most successful ransomware group in 2023?

Answer 27

BlackCat (ALPHV).

Question 28

What common Microsoft Office vulnerability was exploited for malware delivery?

Answer 28

CVE-2017-11882 (Equation Editor flaw).

Question 29

What is the best defense against credential-based attacks?

Answer 29

Implementing multi-factor authentication (MFA) and strong password policies.

Question 30

How can organizations mitigate security misconfigurations?

Answer 30

Regular penetration testing and proper asset management.

Question 31

What is the principle of least privilege?

Answer 31

Limiting user access rights to only what is necessary.

Question 32

What attack vector does session hijacking exploit?

Answer 32

Security misconfigurations allowing concurrent user sessions.

Question 33

How can organizations prevent adversary-in-the-middle phishing?

Answer 33

Using phishing-resistant MFA (e.g., FIDO2 security keys).

Question 34

What AI-related security risk is expected to grow?

Answer 34

AI-powered phishing attacks.

Question 35

Why are patch management and vulnerability scanning critical?

Answer 35

They prevent attackers from exploiting known security flaws.

Question 36

How can organizations reduce cloud-based attacks?

Answer 36

Strengthening IAM (Identity and Access Management) policies.

Question 37

What is one key indicator that AI will become a major attack vector?

Answer 37

When a single AI technology reaches 50% market share.

Question 38

Why is SQL injection dangerous?

Answer 38

It allows attackers to bypass authentication, delete data, and exfiltrate confidential information.

Question 39

What is SQL injection (SQLi)?

Answer 39

A type of cyberattack where attackers insert malicious SQL queries into a database to manipulate or extract sensitive data.

Question 40

What are common SQL injection defenses?

Answer 40

Using prepared statements, parameterized queries, and web application firewalls (WAFs).

Question 41

What is CL0P?

Answer 41

A ransomware group known for data extortion attacks and targeting file transfer software vulnerabilities.

Question 42

How did CL0P exploit MOVEit?

Answer 42

They used the SQL injection flaw to gain unauthorized access, steal data, and extort victims.

Question 43

How is data extortion different from traditional ransomware?

Answer 43

Traditional ransomware encrypts files, while data extortion steals and threatens to leak them.

Question 44

What is data extortion?

Answer 44

A cybercrime tactic where attackers steal sensitive data and demand a ransom to prevent its exposure.

Question 45

What industries were most affected by data extortion in 2023?

Answer 45

Healthcare, finance, and government sectors.

Question 46

What is a zero-day vulnerability?

Answer 46

A software flaw unknown to developers but exploited by hackers before a fix is available.

Question 47

Why was MOVEit (CVE-2023-34362) considered a zero-day attack?

Answer 47

Because it was exploited before the vendor released a security patch.

Question 48

What is the best defense against zero-day vulnerabilities?

Answer 48

Regular security updates, network monitoring, and threat intelligence.

Question 49

What is Managed File Transfer (MFT)?

Answer 49

A secure way to transfer large files between businesses or within an organization.

Question 50

Why was MOVEit targeted?

Answer 50

It handles sensitive business data, making it valuable for cybercriminals.

Question 51

How can organizations secure MFT solutions?

Answer 51

By implementing encryption, multi-factor authentication (MFA), and security patches.

Question 52

What is authentication bypass?

Answer 52

A vulnerability that allows unauthorized access to a system without valid credentials.

Question 53

How was authentication bypass used in the MOVEit attack?

Answer 53

Attackers used SQL injection to bypass login mechanisms and gain access.

Question 54

How can authentication bypass be prevented?

Answer 54

Strong authentication controls, MFA, and input validation.

Question 55

What is a threat actor?

Answer 55

Any individual, group, or entity that poses a cybersecurity risk.

Question 56

What kind of threat actors exploited MOVEit?

Answer 56

Cybercriminal gangs like CL0P, nation-state actors, and ransomware groups.

Question 57

What is an example of a nation-state threat actor?

Answer 57

APT28 (Fancy Bear), which is linked to Russian cyber espionage.

Question 58

What is Kerberoasting?

Answer 58

A Windows Active Directory attack that steals service account credentials by requesting and cracking Kerberos tickets offline.

Question 59

How does Kerberoasting work?

Answer 59

An attacker requests a Kerberos service ticket, extracts it from memory, and brute-forces the NTLM hash offline.

Question 60

Why is Kerberoasting effective?

Answer 60

It exploits weak service account passwords without needing direct network access.

Question 61

How can organizations prevent Kerberoasting?

Answer 61

Use strong passwords, Managed Service Accounts (MSA), and monitor Kerberos ticket requests.

Question 62

What is the Equation Editor flaw?

Answer 62

A Microsoft Office vulnerability that allows attackers to execute malicious code by opening a Word document.

Question 63

How is the Equation Editor flaw exploited?

Answer 63

Attackers embed hidden code in a Word file, which executes automatically when opened.

Question 64

What types of attacks use the Equation Editor flaw?

Answer 64

Phishing, malware delivery, and remote code execution (RCE) attacks.

Question 65

How can the Equation Editor flaw be prevented?

Answer 65

Apply Microsoft patches, disable Equation Editor, and filter email attachments.

Question 66

How does SQL injection work?

Answer 66

Hackers manipulate input fields to execute unauthorized database commands.

Question 67

What is MOVEit?

Answer 67

A secure file transfer software used by businesses and government agencies.

Question 68

What was the vulnerability in MOVEit?

Answer 68

A SQL injection flaw that let attackers steal sensitive data without authentication.

Question 69

What happened in the MOVEit attacks?

Answer 69

Attackers stole data from banks, healthcare, and government organizations and demanded ransom.

Question 70

How can organizations protect against MOVEit exploits?

Answer 70

Apply security patches, disable unnecessary SQL functions, and implement Zero Trust.

Question 71

What is Fancy Bear?

Answer 71

A Russian state-sponsored hacking group (APT28) linked to the GRU (military intelligence).

Question 72

What are Fancy Bear’s main targets?

Answer 72

Governments, NATO, journalists, and political organizatio

Question 73

Name a major attack by Fancy Bear.

Answer 73

2016 U.S. Election Hack – DNC email breach and leaks via WikiLeaks.

Question 74

How can organizations defend against Fancy Bear?

Answer 74

Use phishing-resistant MFA, monitor APT activity, and apply software patches.

Question 75

What is Kerberos?

Answer 75

A secure authentication protocol that uses tickets instead of passwords for user verification.

Question 76

What methods does Fancy Bear use?

Answer 76

Spear-phishing, zero-day exploits, malware (X-Agent, X-Tunnel), and disinformation campaigns.

Question 77

What are the three main components of Kerberos?

Answer 77

/Key Distribution Center (KDC) – The brain of Kerberos, responsible for authentication. /Ticket Granting Service (TGS) – Issues service tickets for access. /Authentication Server (AS) – Verifies user identity.

Question 78

What is a Ticket Granting Ticket (TGT)?

Answer 78

A special Kerberos ticket issued after login that allows a user to request access to network resources.

Question 79

How does a user get a TGT?

Answer 79

The user enters their username and password, which is sent to the Authentication Server (AS), and if correct, a TGT is issued.

Question 80

What is a Service Ticket (TGS Ticket)?

Answer 80

A ticket that allows users to access specific services (e.g., file shares, printers) without re-entering credentials.

Question 81

What happens when a user logs into a Kerberos system?

Answer 81

/The user enters their credentials. /The KDC issues a Ticket Granting Ticket (TGT). /When the user requests access to a service, the TGT is exchanged for a Service Ticket. /The Service Ticket is presented to the resource server, granting access.

Question 82

How long does a Kerberos ticket last?

Answer 82

TGTs typically last 8–10 hours before expiring, requiring renewal.

Question 83

What happens when a Kerberos ticket expires?

Answer 83

The user must request a new TGT by re-authenticating or using an automatic renewal system.

Question 84

How does Kerberoasting exploit Kerberos tickets?

Answer 84

Attackers request a Service Ticket for a service account and then crack its password hash offline.

Question 85

How can organizations detect Kerberoasting?

Answer 85

Monitor Kerberos ticket requests for unusual activity, like multiple service ticket requests from one user.

Question 86

How can organizations prevent Kerberoasting?

Answer 86

/Use long, complex passwords for service accounts. /Implement Managed Service Accounts (MSA) to eliminate password exposure. /Monitor Kerberos logs for abnormal ticket activity.

Question 87

How is spear-phishing different from regular phishing?

Answer 87

Spear-phishing targets specific individuals or organizations, while phishing is a general mass email attack.

Question 88

What is an example of a spear-phishing attack?

Answer 88

A hacker impersonates a CEO and emails an employee, asking for login credentials or bank details.

Question 89

How can you prevent spear-phishing attacks?

Answer 89

/Verify email senders. /Avoid clicking on unexpected links or attachments. /Use email security filters and Multi-Factor Authentication (MFA).

Question 90

What is X-Agent?

Answer 90

A remote access Trojan (RAT) used by Fancy Bear to steal passwords, capture keystrokes, and exfiltrate data.

Question 91

How does X-Agent infect a system?

Answer 91

Through phishing emails, malicious downloads, or software exploits.

Question 92

What operating systems does X-Agent target?

Answer 92

Primarily Windows, macOS, and Linux.

Question 93

What is X-Tunnel?

Answer 93

A backdoor malware that allows hackers to bypass network firewalls and move data covertly.

Question 94

What does X-Tunnel do?

Answer 94

It creates an encrypted tunnel between the infected system and a hacker’s remote server.

Question 95

How can you defend against X-Tunnel?

Answer 95

/Monitor network traffic for unusual connections. /Use strong endpoint protection. /Segment networks to prevent lateral movement.