Chapter 21 - OMIS 3710

What four general categories of issues can amplify a firm's vulnerability to a security breach?

Personnel issues, technology problems, procedural factors, and operational issues.

The Equifax data breach exposed the personal information of how many consumers?

It exposed data on 143 million consumers, including some in the U.K. and Canada.

What was the critical failure that led to the Equifax data breach?

The firm failed at basic maintenance, leaving an easily preventable vulnerability unpatched for two months.

In the Target hack, how did attackers compromise the company's systems?

They installed malware in Target's security and payments system.

What were the major business consequences for Target following its massive data breach?

The firm experienced its largest ever decline in transactions, falling profits, numerous lawsuits, and the CEO's ouster.

A critical procedural failure at Target involved its FireEye security software; what did the security team do wrong?

They ignored warnings from the software and had turned off the function that automatically deletes malware upon detection.

According to the 'Timeline of a Breach' chart, what percentage of breaches achieve 'Point of Entry to Compromise' within minutes?

31% of breaches achieve initial compromise within minutes.

The time from an initial security compromise to its discovery takes _ for 37% of breaches.

months

What is the estimated average cost per stolen record in a data breach?

The cost is estimated at $145 to $154 per stolen record.

What is a primary financial motivation for hackers, as seen with the sale of stolen data from the Target breach?

To sell the stolen data; 2 million Target card numbers were sold for an average of $20 each.

A data package for sale on the Deep Web that includes a credit card number, SSN, and medical information is known as a _.

kit

What term describes cybercriminals who infiltrate systems to collect data for illegal resale?

Data harvesters.

What is the role of a 'cash-out fraudster' in the cybercrime ecosystem?

They purchase stolen assets from data harvesters to use for illegal financial gain, such as buying goods with stolen cards.

What is a botnet?

A horde of surreptitiously infiltrated computers that are controlled remotely by an attacker.

An attack where a firm's systems are flooded with thousands of legitimate-seeming requests to slow or shut down the site is called a _ attack.

distributed denial of service (DDoS)

What is a ransomware attack?

A type of attack where criminals infiltrate a network, encrypt the organization's data, and demand a ransom to provide the decryption key.

What is corporate espionage in the context of cybersecurity?

The theft of intellectual property or sensitive corporate data, which may be performed by insiders, rivals, or foreign governments.

What was the Stuxnet cyberattack?

A notorious act of cyberwarfare that infiltrated Iranian nuclear facilities and reprogrammed industrial control software for uranium-enriching centrifuges.

A protester who seeks to make a political point by leveraging technology tools, often through system infiltration or damage, is known as a _.

hacktivist

Who was Edward Snowden?

A former CIA employee and NSA contractor who leaked over 1.7 million digital documents, revealing the extent of government surveillance programs.

What is XKeyscore, as revealed by the Snowden leaks?

An NSA program that allows for the collection of data on 'nearly everything a user does on the Internet'.

What is the difference between a white hat hacker and a black hat hacker?

A white hat hacker uncovers weaknesses to improve security, while a black hat hacker is a computer criminal who exploits them.

In cybersecurity, what is a 'red team'?

A group employed by a firm to act like bad actors in an attempt to uncover weaknesses before they are exploited.

What is the function of a 'blue team' in cybersecurity?

A team of defensive security professionals responsible for maintaining internal network defenses against cyberattacks and threats.

What is social engineering?

Con games that trick employees into revealing sensitive information or performing tasks that compromise a firm's security.

What are 'bad apples' in the context of information security threats?

Rogue employees who steal secrets, install malware, or otherwise intentionally harm the firm from within.

What is phishing?

A type of con executed using technology to acquire sensitive information or trick someone into installing malicious software.

What distinguishes 'spear phishing' from general phishing?

Spear phishing attacks are highly targeted, specifically aiming at a given organization or a select group of users.

In a phishing email, a _ email address or link has been altered to forge or disguise its true origin or identity.

spoofed

What are 'deepfakes'?

Sophisticated media (audio, image, video) created by AI that attempts to look or sound like a real person or event, often used in scams.

The pejorative term for an unsophisticated hacker who relies on scripts or downloaded programs is a _.

script kiddie

What is an 'evil twin' WiFi attack?

A fraudulent WiFi access point that appears to be legitimate but is set up to eavesdrop on wireless communications.

What are biometrics in the context of authentication?

The measurement and analysis of human body characteristics, such as fingerprints or facial features, for identification or authentication.

When identity is proven by presenting more than one item for proof of credentials, it is called _ authentication.

multi-factor

What is a 'passkey'?

A passwordless authentication technology, often using biometrics on a user's device to gain access to a cryptographically secure access code.

What is public-key cryptography?

A security system where two keys are generated: a public key for encryption and a private key for decryption.

_ seeks to compromise a computing system without permission.

Malware

What type of malware infects other software or files?

A virus.

A type of malware that takes advantage of a security vulnerability to automatically spread without human intervention is called a _.

worm

What is a Trojan in the context of malware?

Malware that attempts to sneak onto a system by masquerading as something legitimate or harmless.

What is spyware?

Malware that secretly monitors user actions, network traffic, or scans for files.

A _ is a hardware or software tool that records a user's keystrokes.

keylogger

What is a card skimmer?

A physical device used to illegally capture data from a credit or debit card's magnetic strip.

What is RAM scraping or storage scanning software?

Malicious code that scans a computer's memory (RAM) or storage for sensitive data like credit card numbers.

What are 'blended threats'?

Cyberattacks that combine multiple types of malware or hacking exploits in a single attack.

What does it mean for a smartphone to be 'jail-broken'?

It has had its security restrictions overridden, often to use it on an unapproved network, making it more vulnerable to malware.

_ refers to combing through a person's or business's trash to identify valuable assets or information.

Dumpster diving

What is shoulder surfing?

The act of gaining compromising information, such as a password or PIN, through direct observation as someone enters it.

What is encryption?

The process of scrambling data using a code or algorithm, thereby hiding it from those who do not have the unlocking key.

A _ attack is an attempt to break into an account by systematically trying all possible password combinations.

brute-force

What is the ISO 27000 series (ISO27k)?

A series of information security standards that provide a model for establishing and maintaining an Information Security Management System (ISMS).

Why is it said that 'compliance does not equal security'?

Because merely meeting a set of legal or framework requirements (compliance) does not guarantee a firm is fully protected against all threats.

In the context of organizational security, what are 'patches'?

Software updates that are released by vendors to plug existing security holes in their products.

A _ is a security mechanism that controls network traffic, blocking unauthorized access while permitting outward communication.

firewall

What is the purpose of an intrusion detection system (IDS)?

To monitor network use for hacking attempts and take preventive action, such as blocking traffic or sending an alert.

In cybersecurity, what is a 'honeypot'?

A tempting, bogus target system meant to lure hackers in order to study their methods or distract them from real targets.

What is the difference between blacklists and whitelists in network security?

Blacklists deny entry to specific known-bad entities (like IP addresses), while whitelists permit communication only with pre-approved entities.

What are single sign-on (SSO) tools?

Tools that offer employees one very strong password that works across multiple applications, simplifying and centralizing password management.

How can AI be used defensively in cybersecurity?

AI can be used for threat detection by monitoring network patterns, performing vulnerability audits, and adapting to new threats as they emerge.

What is Microsoft's Security Copilot?

A generative AI tool specifically trained and updated on information security issues to assist cybersecurity professionals.

Which group of hackers acts as an authorized adversary to probe for an organization's security weaknesses?

A red team.

A phishing attack that specifically targets a given organization or group of users is called _ phishing.

spear

What is the primary purpose of a CAPTCHA?

To thwart automated account setup or ticket buying attempts by bots.

The FIDO Alliance is a consortium of firms working to create standards for technology called _.

passkey

What is the goal of extortion in a cyberattack?

To demand payment from the victim under the threat of releasing stolen data, continuing an attack, or keeping systems locked.

_ are malicious pranksters in the online world.

Griefers or trolls

According to a slide, what percentage of breaches are caused by a stolen password?

80% of breaches are caused by stealing a password.