Chapter 3 - Cyberattacks and Cybersecurity
CAPTCHA
(completely automated public turing test to tell computers and humans apart) Software that generates and grades tests that humans can pass and all but the most sophisticated computer programs cannot.
Bring Your Own Device (BYOD)
A business policy that permits, and in some cases, encourages employees to use their own mobile devices (smartphones, tablets, or laptops) to access company computing resources and applications, including email, corporate databases, the corporate intranet, and the Internet.
transport layer security (tls)
A communications protocol or system of rules that ensures privacy between communicating applications and their users on the Internet.
managed security service provider (mssp)
A company that monitors, manages, and maintains computer and network security for other organizations.
zombie
A computer that is part of a botnet and that is controlled by a hacker without the knowledge or consent of the owner.
reasonable assurance
A concept in computer security that recognizes that managers must use their judgment to ensure that the cost of control does not exceed the system's benefits or the risks involved.
zero-day exploit
A cyberattack that takes place before the security community and/or software developers become aware of and fix a security vulnerability.
computer forensics
A discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices in a manner that preserves the integrity of the data gathered so that it is admissible as evidence in a court of law.
disaster recovery plan
A documented process for recovering an organization's business information system assets—including hardware, software, data, networks, and facilities—in the event of a disaster.
next-generation firewall (ngfw)
A hardware- or software-based network security system that is able to detect and block sophisticated attacks by filtering network traffic dependent on the packet contents.
worm
A harmful program that resides in the active memory of the computer and duplicates itself.
Department of Homeland Security (DHS)
A large federal agency with more than 240,000 employees and a budget of almost $65 billion whose goal is to provide for a "safer, more secure America, which is resilient against terrorism and other potential threats."
Botnet
A large group of computers, which are controlled from one or more remote locations by hackers, without the knowledge or consent of their owners.
Controlling the Assault of Non-solicited Pornography and Marketing (can-spam) act
A law that specifies that it is legal to spam, provided the messages meet a few basic requirements—spammers cannot disguise their identity by using a false return address, the email must include a label specifying that it is an ad or a solicitation, and the email must include a way for recipients to indicate that they do not want future mass mailings.
Advanced Persistent Threat (APT)
A network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time (weeks or even months).
virus
A piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner.
Business Continuity Plan
A risk-based strategy that includes an occupant emergency evacuation plan, a continuity of operations plan, and an incident management plan with an active governance process to minimize the potential impact of any security incident and to ensure business continuity in the event of a cyberattack or some form of disaster.
trojan horse
A seemingly harmless program in which malicious code is hidden.
rootkit
A set of programs that enables its user to gain administrator-level access to a computer without the end user's consent or knowledge.
Blended Threat
A sophisticated threat that combines the features of a virus, worm, Trojan horse, and other malicious code into a single payload.
virus signature
A specific sequence of bytes that indicates to antivirus software that a specific virus is present.
logic bomb
A type of Trojan horse malware that executes when it is triggered by a specific event or at a predetermined time.
encryption key
A value that is applied (using an algorithm) to a set of unencrypted text (plaintext) to produce encrypted text that appears as a series of seemingly random characters (ciphertext) that is unreadable by those without the encryption key needed to decipher it.
spear phishing
A variation of phishing in which the phisher sends fraudulent emails to a certain organization's employees.
Computer Fraud and Abuse Act (U.S. Code Title 18, Section 1030)
Addresses fraud and related activities in association with computers, including the following: - Accessing a computer without authorization or exceeding authorized access - Transmitting a program, code, or command that causes harm to a computer - Trafficking of computer passwords - Threatening to cause damage to a protected computer
distributed denial-of-service (ddos) attack
An attack in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks.
exploit
An attack on an information system that takes advantage of a particular system vulnerability.
Malicious insider
An employee or contractor who attempts to gain financially and/or disrupt a company's information systems and business operations
security audit
An evaluation of whether an organization has a well-considered security policy in place and if it is being followed.
Industrial spy
An individual who captures trade secrets and attempts to gain an unfair competitive advantage
Cracker
An individual who causes problems, steals data, and corrupts systems
Hacktivist
An individual who hacks computers or websites in an attempt to promote a political ideology
security policy
An organization's security requirements, as well as the controls and sanctions needed to meet those requirements.
smishing
Another variation of phishing that involves the use of texting.
Macro Viruses
Attackers use an application macro language (such as Visual Basic or VBScript) to create programs that infect documents and templates. After an infected document is opened, the virus is executed and infects the user's application templates. It can embed itself in all future documents created with the application
mission-critical process
Business processes that are more pivotal to continued operations and goal attainment than others.
____________ is a discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer system, networks, and storage devices in a manner that preserves the integrity of data gathered so that it is admissible as evidence in a court of law.
Computer forensics
Fraud and Related Activity in Connection with Access Devices Statute (U.S. Code Title 18, Section 1029)
Covers false claims regarding unauthorized use of credit cards
_____________________ involves the deployment of malware that secretly steals data in the computer systems of organizations that can be used to gain an unfair competitive advantage for the perpetrator.
Cyberespionage
USA Patriot Act (Public Law 107-56)
Defines cyberterrorism and associated penalties
Which of the following is not a multifactor authentication method?
Entering a user name and a strong end-user password at least 10 characters long including capital letters, numbers, and special characters
u.s. computer emergency readiness team (us-cert)
Established in 2003 to protect the nation's Internet infrastructure against cyberattacks, it serves as a clearinghouse for information on new viruses, worms, and other computer security topics.
A(n) ___________ is an attack on an information system that takes advantage of a particular system vulnerability.
Exploit
A router is a hardware or software based network security system that is able to detect and block sophisticated attacks by filtering network traffic dependent on the packet contents.
False
After virus eradication, you can use a previous backup to restore an infected computer.
False
Computer forensics is such a new field that there is little training or certification processes available.
False
In the event of a successful cyberattack, the best way to give out specific information is through use of online discussion groups, email, and other systems connected to the compromised system. True or False?
False
The business recovery plan is the documented process to recover an organization's business information system assets including hardware, software, data, networks, and facilities in the event of a disaster. True or False?
False
Trojan horse has become an umbrella term for many types of malicious code.
False
Stored Wire and Electronic Communications and Transactional Records Access Statutes (U.S. Code Title 18, Chapter 121)
Focuses on unlawful access to stored communications to obtain, alter, or prevent authorized access to a wire or electronic communication while it is in electronic storage
What type of viruses have become a common and easily created form of malware that are created using applications such as Visual Basic or VB Script?
Macro viruses
ransomware
Malware that stops you from using your computer or accessing your data until you meet certain demands, such as paying a ransom or sending photos to the attacker.
CIA security triad
Refers to confidentiality, integrity, and availability.
vishing
Similar to smishing except that the victims receive a voice-mail message telling them to call a phone number or access a website.
intrusion detection system (ids)
Software and/or hardware that monitors system and network resources and activities and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment.
Antivirus Software
Software that scans for a specific sequence of bytes, known as a virus signature, that indicates the presence of a specific virus.
Cybercriminal
Someone who attacks a computer system or network for financial gain
Cyberterrorist
Someone who attempts to destroy the infrastructure components of governments, financial institutions, and other corporations, utilities, and emergency response units
Black hat hacker
Someone who violates computer or Internet security maliciously or for illegal personal gain (in contrast to a white hat hacker who is someone who has been hired by an organization to test the security of its information systems)
Which type of exploit is defined as the sending of fraudulent emails to an organization's employees designed to look like they came from high-level executives from within the organization?
Spear phishing
phishing
The act of fraudulently using email to try to get the recipient to reveal personal data.
cyberespionage
The deployment of malware that secretly steals data in the computer systems of organizations, such as government agencies, military contractors, political organizations, and manufacturing firms.
Cyberterrorism
The intimidation of government or civilian population by using information technology to disable critical national infrastructure (e.g., energy, transportation, financial, law enforcement, and emergency response) to achieve political, religious, or ideological goals.
risk assessment
The process of assessing security-related risks to an organization's computers and networks from both internal and external threats.
encryption
The process of scrambling messages or data in such a way that only authorized parties can read it.
spam
The use of email systems to send unsolicited email to large numbers of people.
A virtual private network (VPN) enables remote users to securely access an organization's collection of computing and storage devices and share data remotely transmitting and receiving data over public networks such as the Internet. True or False?
True
Employees and contract workers must be educated about the importance of security so that they will be motivated to understand and follow the security policies.
True
Rootkit is a set of programs that enables its users to gain administrator-level access to a computer without the end user's consent or knowledge.
True
The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act states that it is legal to spam, provided the messages meet a few basic requirements.
True
The cost to repair the worldwide damage done by a computer worm has exceeded $1 billion on more than one occassion.
True
The worldwide financial services industry spent over $27 billion on IT security and fraud prevention in 2015. True or False?
True
Which of the following is a partnership between the Department of Homeland Security and the public and private sectors, estalished in 2003 to protect the Nation's Internet infrastructure against cyberattacks?
U.S. Computer Emergency Readiness Team
Vulnerability Equities Process (VEP)
U.S. agencies are not allowed to withhold "major" cybersecurity vulnerabilities from the companies affected by them, with few exceptions. Critics argue that this policy is not transparent (for instance, it is not clear what triggers the VEP or how many cybersecurity vulnerabilities have been disclosed to affected organizations). Under VEP, the Federal Bureau of Investigation (FBI) found an exception that allowed it to refuse to reveal the vulnerability that enabled it to hack into the iPhone of the San Bernardino shooter who killed 14 people in late 2015. In addition, because the VEP is an executive branch administrative policy—not a law or executive order—it can be overturned at any time by the president.
Which of the following is a federal law that provides a definition of the term cyberterrorism and under which young people primarily involved in what they consider to be minor computer pranks have been tried as cyberterrorist?
USA Patriot Act
______________ is an exploit in which victims receive a voice-mail message telling them to call a phone number or access a website.
Vishing
The number of global companies that have an overall security strategy is ___________?.
about 58%
A(n) ___________________ is a sophisticated threat that combines the features of a virus, worm, Trojan horse, and other malicious code into a single payload.
blended threat
Spammers can defeat the registration process of free email services by launching a coordinated attack that can sign up for thousands of untraceable email accounts. What is this type of attack known as?
bot attack
Before the IT security group can begin an eradication effort, it must:
collect and log all possible criminal evidence from the system
A(n) ___________________ is an attack in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks.
distributed denial-of-service
_________________ is the process of scrambling messages or data in such a way that only authorized parties can read it.
encryption
A(n) _____________ is an individual who hacks computers or websites in an attempt to promote a political ideology.
hacktivist
The computer security triad consists of ?.
integrity, confidentiality, and availability
________________ is the process of assessing security-related risks to an organization's computers and networks from both internal and external threats.
integrity, confidentiality, and availability
Software and/or hardware that monitors system and network resources and activities, and notifies network security personnel when it identifies network traffic that attempts to circumvent the security measures of a networked computer environment is known as which of the following?
intrusion detection system
Many organizations outsource their network security operations to a company that monitors, manages, and maintains computer network and security for them. This type of company is known as which of the following?
managed security service provider
A(n) ___________ is a company that monitors, manages, and maintains computer and network security for other organizations.
managed security service provider (MSSP)
A(n) ____________ is a hardware- or software-based network security system that is able to detect and block sophisticated attacks by filtering network traffic depend on the contents of data packets.
next-generation firewall
Often a successful attack on an information system is due to poor system design or implementation. Once such a vulnerability is discovered, software developers quickly create and issue which of the following, in order to eliminate the problem?
patch
Which of the following concepts recognizes that managers must use their judgment to ensure that the control does not exceed the system's benefits or the risks invloved?
reasonable assurance
What exploit is characterized as the abuse of email systems to send unsolicited email to large numbers of people?
spam
A piece of programming code, usually defined as something else, that causes a computer to behave in an unexpected and usually undesirable manner is known as which of the following?
virus
Antivirus software scans for a specific sequence of bytes known as a(n) ___________ that indicates the presence of a specific virus.
virus signature
A(n) ____________________ is an attack that takes place before the security community and/or software developers become aware of and fix a security vulnerability.
zero-day