Chapter 3 - Cyberattacks and Cybersecurity

Business Continuity Plan

A risk-based strategy that includes an occupant emergency evacuation plan, a continuity of operations plan, and an incident management plan with an active governance process to minimize the potential impact of any security incident and to ensure business continuity in the event of a cyberattack or some form of disaster.

Data encryption

Protects data being used within an application from unauthorized access

Zero-Day Attack

A cyberattack that takes place before the security community and/or software developers become aware of and fix a security vulnerability.

Bring Your Own Device (BYOD)

A business policy that permits, and in some cases, encourages employees to use their own mobile devices (smartphones, tablets, or laptops) to access company computing resources and applications, including email, corporate databases, the corporate intranet, and the Internet.

Exploit

An attack on an information system that takes advantage of a particular system vulnerability.

Ransomware

Malware that stops you from using your computer or accessing your data until you meet certain demands, such as paying a ransom or sending photos to the attacker.

Virus

A piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner.

Worm

A harmful program that resides in the active memory of the computer and duplicates itself.

Trojan Horse

A seemingly harmless program in which malicious code is hidden.

Logic Bomb

A type of Trojan horse malware that executes when it is triggered by a specific event or at a predetermined time.

Blended Threat

A sophisticated threat that combines the features of a virus, worm, Trojan Horse, and other malicious code into a single payload.

Spam

The use of email systems to send unsolicited email to large numbers of people.

Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act

A law that specifies that it is legal to spam, provided the messages meet a few basic requirements - spammers cannot disguise their identity by using a false return address, the email must include a label specifying that it is an ad or a solicitation, and the email must include a way for recipients to indicate that they do not want future mass mailings.

Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA)

Software that generates and grades tests that humans can pass and all but the most sophisticated computer programs cannot.

Distributed Denial-of-Service Attack (DDoS)

An attack in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks.

Botnet

A large group of computers, which are controlled from one or more remote locations by hackers, without the knowledge or consent of their owners.

Zombie

A computer that is part of a botnet and that is controlled by a hacker without the knowledge or consent of the owner.

Rootkit

A set of programs that enables its user to gain administrator-level access to a computer without the end-user's consent or knowledge.

Advanced Persistent Threat (APT)

A network attack in which an intruder gains access to a network and stays there-undetected-with the intention of stealing data over a long period of time (weeks or even months).

Phishing

The act of fraudulently using email to try to get the recipient to reveal personal data.

Spear Phishing

A variation of phishing in which the phisher sends fraudulent emails to a certain organization's employees.

Smishing

Another variation of phishing that involves the user of texting.

Vishing

Similar to smishing except that the victims receive a voicemail message telling them to call a phone number or access a website.

Cyberespionage

The deployment of malware that secretly steals data in computer systems of organizations, such as government agencies, military contractors, political organizations, and manufacturing firms.

Cyberterrorism

The intimidation of government or civilian population by using information technology to disable critical national infrastructure (e.g., energy, transportation, financial, law enforcement, and emergency response) to achieve political, religious, or ideological goals.

CIA Security Triad

Refers to confidentiality, integrity, and availability of systems data.

Confidentiality

ensures only those individuals with proper authority can access sensitive data.

Integrity

ensures data can only be changed by authorized users.

Availability

ensures data can be accessed when and where needed.

Risk Assessment

The process of assessing security-related risks to an organization's computers and networks from both internal and external threats.

Reasonable Assurance

A concept in computer security that recognizes that managers must use their judgement to ensure that the cost of control does not exceed the system's benefits or the risks involved.

Disaster Recovery Plan

A documented process for recovering an organization's business information systems assets-including hardware, software, data, networks, and facilities-in the event of a disaster.

Mission-Critical Process

Business processes that are more pivotal to continued operations and goal attainment than others.

Security Policy

A policy that defines an organization's security requirements, as well as the controls and sanctions needed to meet those requirements.

Security Audit

An audit that evaluates whether an organization has a well-considered security policy in place and if it is being followed.

Firewall

A system of software and/or hardware that stands guard between an organization's internal network and the Internet.

Security dashboard software

Provides a comprehensive display of all key performance indicators related to an organization's security defenses, including threats, exposures, policy compliance, and incident alerts.

Authentication methods

An organization must authenticate users attempting to access its network.

Next-Generation Firewall (NGFW)

A hardware-or software-based network security system that is able to detect and block sophisticated attacks by filtering network traffic dependent on the packet contents.

Router

A networking device that connects multiple networks and transmits data packets between networks

Encryption

The process of scrambling messages or data in such a way that only authorized parties can read it.

Encryption Key

A value that is applied (using an algorithm) to a set of unencrypted text (plaintext) to produce encrypted text that appears as a series of seemingly random characters (ciphertext) that is unreadable to those without the encryption key needed to decipher.

Two types of encryption algorithms

Symmetric and asymmetric

Transport Layer Security (TLS)

A communications protocol or system of rules that ensures privacy between communicating applications and their users on the Internet.

Proxy server

Acts as an intermediary between a web browser and another server on the Internet

Virtual private network (VPN)

Enables remote users to securely access an organization's computing resources and share data by transmitting and receiving encrypted data over public networks, such as the Internet

Intrusion Detection System (IDS)

Software and/or hardware that monitors system and network resources and activities and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment.

Knowledge-based IDS

Contains information about specific attacks and system vulnerabilities and watches for attempts to exploit these vulnerabilities (e.g., repeated failed login attempts).

Behavior-based IDS

Models normal behavior of a system and its users based on reference information; compares current activity to this model, looking for deviations (e.g., unusual traffic at odd hours).

User roles and accounts

Used to give users authority to perform their responsibilities within an application and nothing more.

Security education

Educate end users about the importance of security so they are motivated to understand and follow security policies.

Authentication methods

Require end users to implement a security passcode that must be entered before their device accepts further input.

Antivirus Software

Software that scans for a specific sequence of bytes, known as a virus signature, that indicates the presence of a specific virus.

Virus Signature

A specific sequence of bytes that indicates to antivirus software that a specific virus is present.

Data encryption

Full-disk encryption protects storage devices and/or hard drives so they cannot be removed from a computer and plugged into another computing device

Incident notification

A key element of any response plan is to define who to notify and who not to notify in the event of a computer security incident.

Eradication

Before the IT security group begins eradication efforts, it must collect and log all possible criminal evidence and then verify all backups are current, complete, and free of malware.

Incident follow-up

An essential part of follow-up is to determine how the organization's security was compromised so that it does not happen again.

Managed Security Service Provider (MSSP)

A company that monitors, manages, and maintains computer and network security for other organizations.

Computer Forensics

A discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices in a manner that preserves the integrity of the data gathered so that it is admissible as evidence in a court of law.

Department of Homeland Security (DHS)

A large federal agency with more than 240,000 employees and a budget of almost $65 billion whose goal is to provide for a "safer, more secure America, which is resilient against terrorism and other potential threats."

U.S. Computer Emergency Readiness Team (US-CERT)

Established in 2003 to protect the nation's Internet infrastructure against cyberattacks, it serves as a clearinghouse for information on new viruses, worms, and other computer security topics.

Black Hat Hacker

Someone who violates computer or Internet security maliciously or for illegal personal gain.

Cracker

An individual who causes problems, steals data, and corrupts systems

Malicious Insider

An employee or contractor who attempts to gain financially and/or disrupt a company's information systems and business operations.

Industrial Spy

An individual who captures trade secrets and attempts to gain an unfair competitive advantage

Cybercriminal

Someone who attacks a computer system or network for financial gain

Hacktivist

An individual who hacks computers or websites in an attempt to promote a political ideology

Cyberterrorist

Someone who attempts to destroy the infrastructure components of governments, financial institutions, and other corporations, utilities, and emergency response units

Computer Fraud and Abuse Act (U.S. Code Title 18, Section 1030)

Addresses fraud and related activities in association with computers.

Fraud and Related Activity in Connection with Access Devices Statute (U.S. Code Title 18, Section 1029)

Covers false claims regarding unauthorized use of credit cards

Stored Wire and Electronic Communications and Transactional Records Access Statutes (U.S. Code Title 18, Chapter 121)

Focuses on unlawful access to stored communications to obtain, alter, or prevent authorized access to a wire or electronic communication while it is in electronic storage

USA Patriot Act (Public Law 107-56)

Defines cyberterrorism and associated penalties

about 58%

The number of global companies that have an overall security strategy is ___________?

Entering a user name and a strong end-user password at least 10 characters long including capital letters, numbers, and special characters.

Which of the following is not a multifactor authentication method?

Macro Viruses

What type of viruses have become a common and easily created form of malware that are created using applications such as Visual Basic or VB Script?

Bot Attack

Spammers can defeat the registration process of free email services by launching a coordinated attack that can sign up for thousands of untraceable email accounts. What is this type of attack known as?

Collect and log all possible criminal evidence from the system

Before the IT security group can begin an eradication effort, it must __________

Patch

Often a successful attack on an information system is due to poor system design or implementation. Once such a vulnerability is discovered, software developers quickly create and issue which of the following, in order to eliminate the problem?

USA Patriot Act

Which of the following is a federal law that provides a definition of the term cyberterrorism and under which young people primarily involved in what they consider to be minor computer pranks have been tried as cyberterrorist?

Dropper Code

Which of the following gets a rootkit installation started and can be easily activated by clicking on a link to a malicious Web site in an email or opening an infected PDF file?

Valid test results

The fundamental problem with trying to detect a rootkit is that the operating system cannot be trusted to provide which of the following?

Distributed Denial-of-Service Attack (DDoS)

What type of attack keeps the target so busy responding to a stream of automated requests that legitimate users cannot get in?