Understanding Threat Actors

Question 1

capability, sophistication, targeted, well resourced, funded and often causing a long period of unauthorized access are hallmarks of what type of attack?

Answer 1

Advanced Persistent Threat (ATP)

Question 2

What is the technical symptom from a DDoS attack?

Answer 2

resource exhaustion (of the CPU/memory etc)

Question 3

What is the key difference between a virus and a worm

Answer 3

A virus requires the user to execute a program (or the system to do it); worms don’t

Question 4

What types of malware does the drive-by method relate to? What are the 4 basic steps of a drive-by?

Answer 4

drive-by method is associated with trojan horses and some spyware

1. attacks compromise a website
2. they install a trojan embedded in the site code
3. they trick users to the site
4. user visits site and the trojan automatically downloads

Question 5

rogue-ware is an example of what type of malware?

Answer 5

Trojan. It masquerades as software it isn’t, e.g. fake free anti-virus.

Question 6

what type of attack allows the attacker to access the victims computer at any time and take control?

Answer 6

RAT (Remote Access Trojan)

Question 7

What are the key differences between normal spyware and privacy-invasive software?

Answer 7

normal spyware involves monitoring the user’s activity and sending some information to a third party

privacy-invasive software tries to separate users from their money using data-harvesting techniques to then impersonate users.

Question 8

What is system-level access and what type of attack does it pertain to?

Answer 8

a program that has system-level access has the same permission level for access as the operating system itself.

Question 9

rootkits use what processes to enable it to control system behavior? How do they work?

Answer 9

hooked processes

they intercept calls to the operating system

Question 10

rootkits are hard to find, but some tools can detect them, where do they look?

Answer 10

in RAM

Question 11

Tailgating is a form of what?

Answer 11

Social Engineering

Question 12

Why do most email clients block images?

Answer 12

To stop beacon links from working that attempt to download an image from a server which results in the server logging your email address as valid.

Question 13

What’s the difference between spear-fishing and whaling?

Answer 13

spear fishing targets specfic groups of users or a single user

whaling targets a high-level employee like an MD or CEO

Question 14

What type of common attack can digital signatures protect against?

Answer 14

spear-fishing/whaling

Question 15

If you receive a call with a pre-recorded automated message on, what attack might be taking place?

Answer 15

Vishing attack