Quiz 2

example of social engineering friendliness

"is your CEO in today?"

examples of virus actions

-Cause a computer to repeatedly crash -Erase files from or reformat hard drive -Turn off computer's security settings

3 goals of a cyberattack

-Deface electronic information (such as Web sites) to spread disinformation and propaganda -Deny service to legitimate computer users -Commit unauthorized intrusions into systems and networks that result in critical infrastructure outages and corruption of vital data

notify users by

1. pop up message with instructions - cannot bypass 2. read me file with instructions

ransomware is delivered by

1. visit a legit website, but it's infected so the browser downloads it and BOOM... on your computer 2. instructions are delivered through email, click link, & BOOM... on computer 3. attachments where malware hides in

appender infection

1.Virus appends itself to end of a file 2.Moves first three bytes of original file to virus code 3.Replaces them with a jump instruction pointing to the virus code

split infection

1.Virus splits into several parts 2.Parts placed at random positions in host program 3.Head of virus code starts at beginning of file 4.Gives control to next piece of virus code

swiss cheese infection

1.Viruses inject themselves into executable code 2.Original code transferred and stored inside virus code 3.Host code executes properly after the infection

script kiddies

Break into computers to create damage Are unskilled users Download automated hacking software from Web sites and use it to break into computers Tend to be young computer users with almost unlimited amounts of leisure time, which they can use to attack systems Lack technical skills of crackers, sometimes can be more dangerous Success in using automated software scripts fuel their desire to break into more computers Do not normally understand the technology behind what they are doing Want to bolster their egos: attacks give them sense of self-importance

backdoors

Computer code that provides a secret entrance into a computer of which the user is unaware Malware from attackers can also install backdoors

logic bombs

Computer program that lies dormant until triggered by a specific event A certain date being reached on the system calendar A person's rank in an organization dropping below a specified level

ways information can be attacked

Crackers can launch distributed denial-of-service (DDoS) attacks through the Internet Spies can use social engineering Employees can guess other user's passwords Hackers can create backdoors

botnets can be used for

DDOS and Spam

social engineering

Easiest way to attack a computer system requires almost no technical ability and is usually highly successful Social engineering relies on tricking and deceiving someone to access a system Social engineering is not limited to telephone calls or dated credentials No technical skill or abilities needed to break into a system Relies on friendliness, frustration, or helpfulness of a company employee to reveal information necessary to access a system CANNOT PUSH TOO HARD OR PEOPLE WILL BE SUSPICIOUS need to rely on trust ask for small amounts of information at a time; need to be believable rely on physical acts

cyberterrorist

Experts fear terrorists will attack the network and computer infrastructure to cause panic Using airplanes, trains, cars, and even themselves, terrorists attempt to harm innocent civilians -disrupting normal society Attacks are often unprecedented -ways not used before motivation may be defined as ideology, or attacking for the sake of their principles or beliefs One of the targets highest on the list of cyberterroristsis the Internet itself Attackers to fear the most Skill level of a cyberterrorist is very high Unlike hackers (continuously probe systems or create attacks), cyberterrorist can be dormant for several years Target may involve a small group of computers or networks that can affect a large number of users (electrical power grid, isolated attack causing a power blackout)

worms

Malicious program Exploits application or operating system vulnerability Sends copies of itself to other network devices may consume resources or leave behind a payload to harm infected systems

spies

Person hired to break into a computer and steal information Do not randomly search for unsecured computers to attack Hired to attack a specific computer that contains sensitive information Goal: break into a computer, take the information without drawing any attention to their actions motivation for being a spy: almost always financial

hacker

Person who uses advanced computer skills to attack computers, but not with a malicious intent Use their skills to expose security flaws

cracker

Person who violates system security with malicious intent Have advanced knowledge of computers and networks and the skills to exploit them Hackers (searching for security weakness) Crackers destroy data, deny legitimate users of service, or otherwise cause serious problems on computers and networks Malicious actions: do harm to any computer they can beak into

keyloggers

Program that captures user's keystrokes Information later retrieved by attacker Attacker searches for useful information like passwords, credit card numbers. and personal information

adware

Program that delivers advertising content in a way unexpected and unwanted by the user Typically displays advertising banners and pop-up ads May open new browser windows randomly Can also perform tracking of online activities

negative effects of spyware

Slows computer performance Causes system instability May install new browser menus or toolbars May place new shortcuts May hijack home page Causes increased pop-ups

5 basic attacks

Social engineering Password guessing Weak Keys Mathematical attacks Birthday attacks

rootkits

Software tools used by an attacker to hide actions or presence of other types of malicious software Hide or remove traces of log-in records, log entries May alter or replace operating system files with modified versions specifically designed to ignore malicious activity

risk acceptance

accept risk as the cost of doing business, do nothing and continue to operate as if risk did not exist

Companion virus

adds malicious copycat program to operating system

trojan

an executable program that does something other than advertised contains hidden code that launches an attack installed with user's knowledge but hides its malicious payload

how to defend against a trojan horse

antivirus tools special software that alerts you of the existence of a trojan horse program Anti-Trojan horse software that disinfects a computer containing a Trojan horse

3 types of viruses

appender infection swiss cheese infection split infection

pharming

automatically redirected to a site for surrendering personal information ex: visiting a website that's been hacked, not through email

risk management

avoidance mitigation acceptance transferrence

ransomware

been around for about 30 years;

2 types of hackers

black hat hacker white hat hacker

group of zombies

botnet

malware that makes profits

botnets, spyware, adware, keylogger, ransomware

how do viruses spread to other computers

by users transferring those files to other devices

risk mitigation

common response to threats that can be a risk to the system

botnets

computer infected by malware allows it to be remote controlled by an attacker operates in the background with no visible evidence of existence; hides actions from attacker; can remain active for years

security administrator

configures and maintains security solutions to ensure proper service levels and availability

know your enemy so you can

create a defense to neutralize attacks and minimize damage

protection against ransomware

cyberhygiene antivirus software to help protect patching your system train personnel ( don't click on unknown links) principle of least privilege backup computer on and offline

examples of worm actions

deleting computer files allowing remote control of a computer by an attacker

security engineer

designs, builds, and tests security solutions to meet policies and address business needs

security manager

develops corporate security plans and policies, provides education and awareness, and communicates with executive management about security issues

dumpster diving

digging through trash receptacles to find calendars, inexpensive hardware, memos, organizational charts, phone directories, policy and system manuals

macro viruses

executes a script

how do worms infect

exploit vulnerabilities in an application or operating system

basic methods of persuasion

flattery or insincerity, conformity, friendliness

security policies should be

flexible and adaptable without needing frequent re-writes with technology changing should remain available to staff

white hat hacker

good intentions; goal: expose weaknesses to improve security

conformity

group based behavior; this will diffuse responsibility if something goes wrong

attacker profiles (7)

hackers crackers script kiddies spies employees/insiders cyberterrorists cyber criminals

example of social engineering helpfulness

holding the door

Social engineering psychological approaches often use:

impersonation phishing spams hoaxes

goal of security

implement proper policies and educate users of those policies

program viruses

infects executable files

resident virus

infects files opened by user or operating system

boot virus

infects the Master Boot Record of the hard drive

how do viruses infect

insert their code into a file

whaling

looking for bigger targets (usually people with a lot of money)

black hat hacker

malicious intentions; goal: steal information

how to send spam

need laptop hotel- pay cash & fake ID

to avoid social engineering

need to develop strong instructions/company policies regarding passwords, who can enter the premises, and what to do when asked questioned by another employee who may reveal informaiton

can viruses be remote controlled

no

do worms need user action

no

employees/insiders

one of the largest information security threats to business "Malicious insider": someone who has or had access to network, system, and data of an organization use trusted authority to cause harm to organization 90% of "data leakage" cases => over 48% of breaches attributed to insiders often more costly than external attacks

principle of least privilege

only allow access to files needed to do your job; only allow actions on files that commensurate with your job; no one needs full range on everything

payload

part of the computer program that executes the malicious action

types of images to be sent through spam

phishing image image spam layered GIF image

impersonation

pretend to be tech support

how to remove a rootkit

reformat hard drive and reinstall operating systems

viruses

replicate themselves by spreading to another file; activates its malicious payload; to files; needs a medium to spread; cannot travel on its own; needs users action; needs an agent to spread Antivirus software defends against viruses Drawback of antivirus software is that it must be updated to recognize new viruses Updates (definition files or signature files) can be downloaded automatically from the Internet to a user's computer

phishing

send email that appears legit to surrender information

spam

send huge emails to many people goal: get information done by selling you fake stuff

insiders break in to (3)

show the company a weakness in their security to say "I'm smarter than all of you" for money

risk avoidance

simplest response, risk on an asset overwhelms gained by operating it

spyware

software that gathers information without user consent; usually used for advertising, collecting personal information; and changing computer configurations

spim

spamming with IM (instant messaging)

spear phishing

targets a specific group of people; more time consuming; ex: customized email

risk transference

transfer the risk to someone else

malware that conceals its purpose

trojans, rootkits, logic bombs, backdoors

viruses and worms are self replicating but where they replicate is different

true

how do you get information through spam

use images to bypass detection

how do worms spread to other computers

use networks to travel from one computer to another

malware that have the goal of spreading

viruses and worms

malware that infects systems

viruses and worms

vishing

voicemails

usable security

what's the point of security if people cannot use it? need usable solutions people will make shortcuts; slow work down;

can worms be remote controlled

yes

do viruses need user action

yes

example of social engineering frustration

you could be frustrated or you could frustrate someone else into giving you information

infected robot (bot) computer is called a

zombie