Module 2: The History of Cybersecurity

Ace your homework & exams now with Quizwiz!

ransomware

A malicious attack where threat actors encrypt an organization's data and demand payment to restore access. -type of malware

spear phishing

A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source

social engineering

A manipulation technique that exploits human error to gain private information, access, or valuables

What is a firewall?

A security barrier that prevents unauthorized access to or from private networks

watering hole attack

A threat actor attacks a website frequently visited by a specific group of users.

Social media phishing

A threat actor collects detailed information about their target from social media sites. Then, they initiate an attack.

physical social engineering

A threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.

Business Email Compromise (BEC)

A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage.

what is one way that the Morris worm helped shape the security industry?

It led to the development of computer response teams

Computer Virus

Malicious code written to interfere with computer operations and cause damage to data and software

viruses

Malicious code written to interfere with computer operations and cause damage to data and software. A virus needs to be initiated by a user, who transmits the virus via a malicious attachment or file download. when someone opens the malicious attachment or download, the virus hides itself in other files in the now infected system. When the infected files are opened, it allows the virus to insert its own code to damage and/or destroy data in the system.

Worms

Malware that can duplicate and spread itself across systems on its own. In contrast to a virus, a worm does not need to be downloaded by a user. Instead, it self-replicates and spreads from an already infected computer to other devices on the same network.

spyware

Malware that's used to gather and sell information without consent. Spyware can be used to access devices. This allows threat actors to collect personal data, such as private emails, texts, voice and image recordings, and locations.

Security Architecture and Engineering

Optimizes data security by ensuring effective tools, systems, and processes are in place

asset security

Secures digital and physical assets. It's also related to the storage, maintenance, retention, and destruction of data

Malware

Software designed to harm devices or networks

vishing

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Morris Worm

The first network worm to infest the Internet; deployed in 1988 by Robert T. Morris - about 6000 computers were affected, representing 1-% of the internet at the time

phishing

The use of digital communications to trick people into revealing sensitive data or deploying malicious software

Security and risk management

defines security goals and objectives, risk mitigation, compliance, business continuity, and the law

communication and network security

manage and secure physical networks and wireless communications

smishing

the use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source.

USB baiting

threat actor strategically leaves a malware USB stick for an employee to find and install, to unknowingly infect a network.

whaling

A form of spear phishing. Threat actors target company executives to gain access to sensitive data

Computer Emergency Response Team (CERT)

A group of people integrated at the organization with clear lines of reporting and responsibilities for standby support in case of an information systems emergency. This group will act as an efficient corrective control, and should also act as a single point of contact for all incidents and issues related to information systems.

Reasons why social engineering attacks are effective include:

Authority- threat actors impersonate individuals with power. This is because people, in general, have conditioned to respect and follow authority figures Intimidation- Threat actors use bullying tactics. This includes persuading and intimidating victims into doing what they're told Consensus/Social proof- Because people sometimes do things that they believe many others are doing, threat actors use others' trust to pretend they are legitimate. For example, a threat actor might try to gain access to private data by telling an employee that other people at the company have given them access to that data in the past Scarcity- A tactic used to imply that goods or services are in limited supply. Familiarity- Threat actors establish a fake emotional connection with users that can be exploited. Trust- Threat actors establish an emotional relationship with users that can be exploited over time. They use this relationship to develop trust and gain personal information. Urgency- A threat actor persuades others to respond quickly and without questioning


Related study sets

Fundamental of Procedures - Isotonic exercises

View Set

Types of Life Insurance Policies

View Set

Networking Essentials 1.0 Chapter 1

View Set