Chapter 4 Questions
You are writing a security awareness blog for company CEOs subscribed to your threat platform. Why are backdoors and Trojans different ways of classifying and identifying malware risks?
A Trojan means a malicious program masquerading as something else; a backdoor is a covert means of accessing a host or network. A Trojan need not necessarily operate a backdoor and a backdoor can be established by exploits other than using Trojans. The term remote access trojan (RAT) is used for the specific combination of Trojan and backdoor.
Is Cuckoo a type of malware or a security product?
Cuckoo is a security product designed to analyze malware as it runs in an isolated sandbox environment.
Your company manages marketing data and private information for many high-profile clients. You are hosting an open day for prospective employees. With the possibility of social engineering attacks in mind, what precautions should employees take when the guests are being shown around the office?
Employees should specifically be wary of shoulder surfing attempts to observe passwords and the like.
Your CEO calls to request market research data immediately be forwarded to her personal email address. You recognize her voice, but a proper request form has not been filled out and use of third-party email is prohibited. She states that normally she would fill out the form and should not be an exception, but she urgently needs the data to prepare for a round table at a conference she is attending. What type of social engineering techniques could this use, or is it a false alarm?
If social engineering, this is spear phishing (the attack uses specific detail) over a voice channel (vishing). It is possible that it uses deep fake technology for voice mimicry. The use of a sophisticated attack for a relatively low-value data asset seems unlikely, however. A fairly safe approach would be to contact the CEO back on a known mobile number.
You are investigating a business email compromise (BEC) incident. The email account of a developer has been accessed remotely over webmail. Investigating the developer's workstation finds no indication of a malicious process, but you do locate an unknown USB extension device attached to one of the rear ports. Is this the most likely attack vector, and what type of malware would it implement?
It is likely that the USB device implements a hardware-based keylogger. This would not necessarily require any malware to be installed or leave any trace in the file system.
A purchasing manager is browsing a list of products on a vendor's website when a window opens claiming that anti-malware software has detected several thousand files on his computer that are infected with viruses. Instructions in the official-looking window indicate the user should click a link to install software that will remove these infections. What type of social engineering attempt is this, or is it a false alarm?
This is a social engineering attempt utilizing a watering hole attack and/or malvertising.
The help desk takes a call and the caller states that she cannot connect to the e-commerce website to check her order status. She would also like a user name and password. The user gives a valid customer company name but is not listed as a contact in the customer database. The user does not know the correct company code or customer ID. Is this likely to be a social engineering attempt, or is it a false alarm?
This is likely to be a social engineering attempt. The help desk should not give out any information or add an account without confirming the caller's identity.
You are troubleshooting a user's workstation. At the computer, an app window displays on the screen claiming that all of your files are encrypted. The app window demands that you make an anonymous payment if you ever want to recover your data. What type of malware has infected the computer?
This is some type of ransomware, but it will take more investigation whether it is actually crypto-malware or not.
You are recommending different antivirus products to the CEO of small travel services firm. The CEO is confused, because they had heard that Trojans represent the biggest threat to computer security these days. What explanation can you give?
While antivirus (A-V) remains a popular marketing description, all current security products worthy of consideration will try to provide protection against a full range of malware and potentially unwanted program (PUP) threats.
A user's computer is performing extremely slowly. Upon investigating, you find that a process named n0tepad.exe is utilizing the CPU at rates of 80-90%. This is accompanied by continual small disk reads and writes to a temporary folder. Should you suspect malware infection and is any particular class of indicated?
Yes, this is malware as the process name is trying to masquerade as a legitimate process. It is not possible to conclusively determine the type without more investigation, but you might initially suspect a crypto-miner/crypto-jacker.
