CYBERSEC QUIZ 2

avatar
Created by
Chelsey Acosta

Subdecks (4)

Cards (65)

  • Botnets - A collection of software robots, or 'bots’, that creates an army of infected computers (known as ‘zombies’) which are remotely controlled by the originator
  • What Botnets can do?
    Send spam emails with viruses attached
    Spread all types of malware
    ❖ Can employ your computer as part of a denial-of-service attack against other systems.
  • Botnet ~ RoBOT NETwork
  • A distributed denial-of-service (DDoS) attack transpires when a malicious user lets a network of zombie computers to sabotage a specific website or server
  • The attack happens when the malicious user tells all the zombie computers to contact a specific website or server over and over again. That increase in the volume of traffic overloads the website or server causing it to be slow for the legitimate users to the point that the website or server shuts down completely (DDOS)
  • What you can do (DDOS)
    • Install and maintain antivirus software
    • Install an appropriate firewall and configure it to restrict traffic coming into and leaving your computer
    • Be cautious if you notice that your Internet connection is unusually slow or you cannot access certain sites (and that your Internet connection is actually not down); and
    • Avoid opening email attachments especially if they are from people you don't know. Applying email filters may help you manage unwanted emails.
  • Hacking is a term used to describe actions taken by someone to gain unauthorized access to a computer system
  • Hacking - The process by which cybercriminals gain access to your compter
  • What Hacking can do?
    • Find weaknesses (or pre-existing bugs) in your security settings and exploit them in order to access your information. N
    • Install a trojan horse, providing a back door for the hackers to enter and search for your information.
  • Malware - Malicious software that infects computer, such as computer viruses, worms, trojan horses, spyware, and adware.
  • What can Malware do

    Intimidate you with scareware which is usually a pop-up message that tells you your computer has a security problem or other false information

    Reformat the hard drive of your computer causing you to lose all your information;
    Alter or delete files;
    Steal sensitive information;
    Send emails on your behalf; and
    ❖ Take control of your computer and software running on it.
  • DDOS is a cybercrime in which the attacker floods a server with internet traffic to prevent users from accessing connected online services and sites.
  • Pharming -common type of online fraud.
  • Pharming
    A means to point you to a malicious and illegitimate website by redirecting a legitimate URL. Even if the URL is entered correctly, it can still be redirected to a fake website.
  • What can Pharming do?
    Convince you that the site is real and legitimate by spoofing or looking almost identical to the actual site down to the smallest details. You may enter personal information and unknowingly give it to someone with malicious intent.
  • Phishing - Fake emails, text messages, and websites are created to look as if they are from authentic companies. They are sent by criminals to steal personal and financial information from you. This is also known as ‘spoofing
  • Phishing sends fraudulent emails to steal personal information or install malware on a victim's computer. Pharming is a type of DNS hijacking that redirects users from legitimate to fake websites.
  • What does Phishing Do?
    Trick you into giving them information by asking you to update, validate, or confirm your account. It is often presented in a manner that seems official and intimidating in order to encourage you to take some sort of an action.
    Provides cybercriminals with your username and passwords so that they can access your accounts (your online bank account, shopping accounts, etc.) to steal your credit card numbers.
  • Wired equivalent privacy is meant to protect Wi-Fi transmissions by encrypting the data so outsiders who are not inside the encrypted network will not be able to read the messages or data contained within
  • Wi-Fi Protected Access. Introduced in 2003, this protocol was the Wi-Fi Alliance's replacement for WEP. It shared similarities with WEP but offered improvements in how it handled security keys and the way users are authorized.
  • Because WEP is an out-of-date Wi-Fi encryption method, it has the following drawbacks: Threat actors are able to easily guess the static key and therefore gain access to the confidential messages.
  • WPA2 offers strong encryption and is considered secure for most home and business networks. It is an improved version of the WPA wireless security protocol.
  • WPA3 is the latest and most secure of the Wi-Fi Protected Access security protocols. WPA3 adds extra security to both personal and enterprise modes. It addresses the KRACK (key reinstallation attacks) vulnerability discovered in WPA2 in 2017.
  • The key reinstallation attack (Krack) vulnerability allows a malicious actor to read encrypted network traffic on a Wi-Fi-protected access II (WPA2) router, and send traffic back to the network.
  • Krack can affect both personal (home users and small businesses) and enterprise networks. Any devices that are connected to the network, i.e., laptops, smartphones, smart devices, and even an installed USB’s key can be read by the attacker. A malicious actor could use this vulnerability to steal sensitive information and also insert malware or ransomware that would make a website unsafe to visit.
  • Krack is a specific vulnerability that affects WPA2. Discovered in 2017, KRACK (Key Reinstallation Attacks) exploits a weakness in the handshake process between devices and the router.
  • What to do (KRACK)
    To help protect yourself, keep all software, operating systems, and routers upto-date with the latest patches (updates)
  • ‘security’ is defined as the quality or state of being secure, i.e., to be free from danger.
  • Krack does not divulge Wi-Fi passwords to attackers, nor does it permit a malicious device to be connected to the network. Krack is unable to compromise Virtual Private Networks (VPN) or HTTPS protocols used by online shopping and banking sites