Lesson 4: Identifying Social Engineering and Malware
An individual receives a text message that appears to be a warning from a well-known order fulfillment company, informing them that the carrier has tried to deliver his package twice, and that if the individual does not contact them to claim it, the package will not be delivered. Analyze the scenario and select the social engineering technique being used.
A. SMiShing SMiShing attempts use short message service (SMS) text communications as the vector.
A user's PC is infected with a virus that appears to be memory resident and loads anytime it is booted from an external universal serial bus (USB) thumb drive. Examine the following options and determine which describes the infection type.
B. Boot virus With a boot virus, code is written to the disk boot sector or the partition table of a fixed disk or USB media. The code executes as a memory resident process when the OS starts.
A system administrator has just entered their credentials to enter a secure server room. As the administrator is entering the door, someone is walking up to the door with their hands full of equipment and appears to be struggling to move items around while searching for their credentials. The system administrator quickly begins to assist by getting items out of the person's hands, and they walk into the room together. This person is not an employee, but someone attempting to gain unauthorized access to the server room. What type of social engineering has occurred?
B. Consensus/social proof Consensus/social proof revolves around the belief that without an explicit instruction to behave in a certain way, people will follow social norms. It is typically polite to assist someone with their hands full.
An employee calls IT personnel and states that they received an email with a PDF document to review. After the PDF was opened, the system has not been performing correctly. An IT admin conducted a scan and found a virus. Determine the two classes of viruses the computer most likely has. (Select all that apply.)
B. Macro C. Script Both a macro and script virus can use a PDF as a vector. The user stated that a PDF file was recently opened. A macro virus is executed when an application is executed. Executable objects can also be embedded or attached within other file types such as Microsoft Word and Rich Text Format. A script virus typically targets vulnerabilities in an interpreter. Scripts are powerful languages used to automate operating system functions and add interactivity to web pages and are executed by an interpreter rather than self-executing. PDF documents have become a popular vector for script viruses.
Which of the following depict ways a malicious attacker can gain access to a target's network? (Select all that apply.)
B. Phishing C. Shoulder surfing Phishing and shoulder surfing are social engineering attacks. Phishing occurs when an attacker sends a legitimate-looking, spoofed email to a user of the spoofed site to trick the user into revealing private information. Shoulder surfing is used to obtain someone's password or PIN by observing a user typing it on the keyboard. Social engineering is malicious behavior meant to get users to reveal confidential information.
A tech concludes that a user's PC is infected with a virus that appears to be a memory resident and loads anytime the operating system is restarted. Examine the options and determine which describes the infection type.
B. Written to the partition table of a fixed disk. With a boot virus, code is written to the disk boot sector or the partition table of a fixed disk or USB media. The code executes as a memory resident process when the OS starts.
A gaming company decides to add software on each title it releases. The company's objective is to require the CD to be inserted during use. This software will gain administrative rights, change system files, and may hide from detection without the knowledge or consent of the user. Consider the malware characteristics and determine which may be used. (Select all that apply)
C. Rootkit D. Trojans A rootkit is characterized by its ability to hide itself by changing core system files and programming interfaces and to escalate privileges. The gaming company accomplished this. Trojans cannot conceal their presence entirely and will surface as a running process or service. While a rootkit is a type of Trojan, or spyware, it differs in its ability to hide itself.
Before leaving for lunch, an employee receives a phone call, but there is no one on the line. Distracted by the odd interruption, the employee forgets to log out of the computer. Earlier that day, a person from the building across the street watched the employee entering login credentials using high-powered binoculars. Which form of social engineering is being used in this situation?
C. Shoulder surfing Shoulder surfing is stealing a password by watching the user type it. Although the attacker was not looking over the employee's shoulder, the login credentials were obtained through observation.
Analyze the following attacks to determine which best illustrates a pharming attack.
D. A customer enters the correct URL address of their bank, which should point to the IP address 172.1.24.4. However, the browser goes to 168.254.1.1, which is a fake site designed to look exactly like the real bank site. Pharming is a means of redirecting users from a legitimate website to a malicious one that relies on corrupting the way the victim's computer performs IP address resolution. This is illustrated in the bank customer scenario.
A hacker is able to install a keylogger on a user's computer. What is the hacker attempting to do in this situation?
D. Steal confidential information Keyloggers actively attempt to steal confidential information by recording the keystrokes of a user.
Which situation would require keyboard encryption software be installed on a computer?
D. To protect against spyware Keyboard encryption software is used to protect against keyloggers, which record keystrokes for the purpose of stealing data. Keyloggers are spyware.
An employee is having coffee at an outdoor coffee shop and is not taking precautions against someone watching their screen while working on a company project. A person a few tables over watches the employee enter their credentials and then takes photos of the work they are completing with their smartphone. Which form of social engineering is being used in this situation?
Shoulder surfing Shoulder surfing is stealing a password by watching the user type it. Although the attacker was not looking over the employee's shoulder, the login credentials were obtained through observation.
