Chapter Twelve: Information Systems
steps for how a virus infects a digital device in the correct order
- the virus arrives via email attachment, file download, or by visiting a website that has been infected - an action such as running or opening a file activates th virus - the infection spreads to other computer via infected email, files, or contact with infected web sites - the payload or the component of a virus that executes the malicious activity hits the computer and other infected devices
What percentage of malicious attachments are masked as Microsoft Office files?
38%
recently, TechJury compiled a list of cybersecurity statistics that show the impact of different malware and network attacks. what percentage of cyberattacks are aimed at small businesses?
43%
what percentage of cyberattacks at aimed at small businesses?
43%
what percentage of daily email attachments are harmful for their intended recipient?
85%
what percentage of cyberattacks are launched with a phishing email?
91%
before data security strategies are created, which questions must be answered?
Am I reducing the risk in the most cost-effective way? is this the highest priority security risk? What is the risk I am reducing?
Security risk can be calculated using the following calculation: Risk = Threat x Vulnerability x ______
Asset
a hacker uses software to infect computers, including laptops, desktops, tablets, and internet of things devices. turning each computer into a zombie.
Bot
A group of computers under the control of a hacker is referred to as a_________
Botnet
a group of computers under the control of a hacker
Botnet
Cyberattacks that originate and are executed by foreign governments is called state-sponsored ________
Cyberwarfare
A hacker launches an attack on a network that is designed to interrupt or stop network traffic by flooding it with too many requests. this would be considered a___________
DoS attack
one method organizations are using to deal with the increase in cybersecurity threats and the decrease in the effectiveness of traditional security means is through the use of behavior science in their data and network security policies. One of these methods is called UEBA.
It is true of cybersecurity that observes and records the conduct of computer and network users UEBA uses a variety of different tactics to create a map of pattern behavior including machine learning, statistical analysis, and artificial intelligence UEBA stands for user and entity behavior analytics
The technology that provides a type of firewall protection by hiding internal IP addresses is called___
NAT I(network address transition)
as reported by Andrei Ene, Tiny Banker______(TBT) is one of the worst malware attacks in the last ten years
Trojan
A program that appears legitimate, but executes are unwanted activity when activated is called a_____
Trojan horse virus
the following statements about computer viruses are true?
Viruses can destroy programs or alter the operations of a computer or network a computer virus is software that infects computers and is created using computer code
Developed by cisco and used by firewalls, routers, and computers that are part of a network and are connected to the internet, network ___ translation provides a type of firewall protection by hiding internal IP addresses
address
you are speaking with a friend about how to protect yourself from phishing scams. your friend (who works win cybersecurity) gives you some advice about what to do if you receive a phishing message. which of the following statements would be considered good advice?
banks and credit card companies will never ask you to provide personal information via email messages if you receive a suspicious message, contact the institution that the message was allegedly sent from contact US-CERT
According to Norton, which of the following steps should be taken to defend against rootkits?
be aware of phishing emails don't ignore software updates watch out for drive-by-downloads
Tips to avoid falling victim to a social engineering attack includes which of the following?
be mindful of web searches to make sure you are landing on legitimate sites make sure to research the facts contained in an email message slow down and think about the scenario
One method organization are using to deal with the increase in cybersecurity threats and the decrease in the effectiveness of traditional security means is through the use of______ science in their data and network security policies
behavioral
A________ hat hacker breaks into computer systems with the intent of causing damage or stealing data
black
what type of hacker breaks into computer systems with the intent of causing damaging or stealing data?
black hat hackers
true statements about the state-sponsored cyberwarfare
can be used to send warnings or create conflict between countries, attacks can be directly launched by a foreign government or by a group or individual who has been paid by to execute the attack, originate and are executed by foreign governments
which of the following are considered cybercrimes?
computer hacking, digital identity theft, Trojan horse viruses
Rootkits are typically used to allow hackers to do which of the following?
create a backdoor into a computer remotely control the operations of a computer
According to the Federal Emergency Management Agency which of the following are steps businesses can take to help protect systems, data, and information from natural disasters?
create a business's continuity plan, store data in different areas across the United States, Utilize off-site cloud storage
The deliberate misuse of computers and networks, _____ use malicious code to modify the normal operations of a computer or network.
cyberattack
a deliberate misuse of computers and networks via the internet that uses malicious code to modify the normal operations of a computer or network is called a_____
cyberattack
A crime in which a computer is the object of the crime or is used to commit a criminal offense is called___
cybercrime
reasons a government may choose to get involved in state-sponsored cyberwarfare?
cyberwarfare is often difficult to trace and identify, Cyberwarfare is relatively inexpensive when compared to traditional warfare, Cyberwarefare can cause widespread damage to IT infrastructure
Malware is designed to do which of the following?
destroy data, steal information, incapacitate networks and computers
A DDoS attack is when computers that have been infected by a virus act as "zombies" and work together to send out illegitimate messages creating huge volumes of network traffic. the acronym DDoS stands for______
distributed denial of service
when a hacker gains unauthorized access and control of a network of computers that are connected to the internet
distributed denial of service attack
computer viruses are not frequently disguised as attachments of funny images, greeting cards, or audio and video files
false
Hardware or software used to keep a computer secure from outside threats such as hackers and viruses by allowing or blocking internet traffic is called a______
firewall
Personal software____ are typically included with the operating system and can be configured based on user preference
firewall
what's true about how a trojan infects a computer system
hackers are Trojans to create a backdoor into a user's system which allows them to spy on the computers activities, Trojans are commonly used by hackers to gain access to systems and devices, Trojans are designed using some sort of social engineering tactic
A form of spyware that records all actions typed on a keyboard is called a _______
keystroke logger
true statements about packet sniffers
legitimate sniffers are used for routine examination and problem detection unauthorized sniffers are used to steal information
Malware is short for________
malicious software
Businesses need to take steps to protect computer systems, data, and information from_____
natural disasters
what's true about Trojan malware
often found attached to free downloads and apps, similar to viruses but do not replicate themselves, often used to find passwords & destroy data or to bypass firewalls
social engineering hacks are designed to get a victim to divulge which of the following types of information?
passwords and account information
Activities where white-hat hackers are paid to hack into private networks and applications is referred to as______
penetration testing
The illegitimate use of an email message that appears to be from an established organization such as a bank, financial institution, or insurance company is referred to as______
phishing
which of the following statements correctly describes phishing
phishing is the illegitimate use of an email message that appears to be from an established organization such as a bank phishing scams use legitimate looking email messages to con a user into giving up private information
There are multiple ways ransomware attacks can be launched. which of the following are methods of a ransomware attack can be launched?
phishing, trojan horse
malware that encrypts a computers data, forcing the victim to purchase a decryption code, is called____
ransomware
one version of this type of malware encrypts a victim's data until a payment is made. another version threatens to make public a victim's personal data unless a payment is made. this type of malware is called____
ransomware
true statements about ransomware attacks
ransomware is malware that makes a computers data inaccessible until a ransom is paid ransomware attacks invade computers via Trojan Horse Viruses, worms, or by a user opening a legitimate looking email one of the most popular methods used in ransomware attacks is through phishing
Specialized hardware or software that capture packets transmitted over a network are called packet _____.
sniffers
The use of computers and digital technology to manipulate people so they divulge confidential information such as usernames, passwords account information is called________
social engineering
true statements about keystroke loggers
software based keystroke loggers are often Trojan that is installed without the user's knowledge can be hardware devices and software applications keystroke loggers can record passwords and confidential information
Unlike phishing which does not have a specific target and is designed to reach the maximum amount of people, __________ phishing is precise type of attack
spear
what's true about spear phishing attacks
spear phishing attacks are designed to steal data and some attacks may also be designed to install malicious software on a device spear phishing is a type of email scam that is directly toward a specific person or organization
According to National Institute for Standards ________, once a cybersecurity risk assessment has been conducted and the various questions in the risk assessment have been answered, an organization will be able to decide what to protect
technology
Mohammed is experiencing issues with his work computer. He speaks to the IT department, and they identify various symptoms of a computer virus. Symptoms of a computer virus include:
the operating system may not launch properly, unexpected error messages, critical files may be automatically deleted
true statements about white hat hackers
use the same techniques and tools that are used by illegitimate hackers, the goal of white hat hackers is to find gaps in network security and to test security defenses
which of the following statements about computer virsuses are true?
viruses can destroy programs or alter operations of a computer or network; A computer virus is software that infects computers and is created using computer code
computer experts that attempts to hack into a network to ensure that it is protected against intrusions are called_____
white hat hackers
many organizations hire computer experts who test the security measures of an organizations information systems to ensure they are protected against intrusions. these experts use a variety of techniques including hacking, penetration testing, and vulnerability testing. these types of experts are known as______ hackers
white-hat
Malware is short for malicious software and is designed to steal information, destroy data, impact the operations of a computer or network, or frustrate the user. common types of malware include:
worms, viruses, Trojans