AY Honor Cybersecurity Answer Key

Network security is the practice of securing a computer network from intruders, whether targeted attackers or opportunistic malware.

Application security focuses on keeping software and devices free of threats. A compromised application could provide access to the data its designed to protect. Successful security begins in the design stage, well before a program or device is deployed.

Information security protects the integrity and privacy of data, both in storage and in transit. Which also includes data protection measures, such as the General Data Protection Regulation or GDPR, that secure your most sensitive data from unauthorized access, exposure, or theft.

Operational security includes the processes and decisions for handling and protecting data assets. The permissions users have when accessing a network and the procedures that determine how and where data may be stored or shared all fall under this umbrella.

Cloud security - specifically, true confidential computing that encrypts cloud data at rest (in storage), in motion (as it travels to, from and within the cloud) and in use (during processing) to support customer privacy, business requirements and regulatory compliance standards.

Disaster recovery and business continuity define how an organization responds to a cyber-security incident or any other event that causes the loss of operations or data. Disaster recovery policies dictate how the organization restores its operations and information to return to the same operating capacity as before the event. Business continuity is the plan the organization falls back on while trying to operate without certain resources.

End-user education addresses the most unpredictable cyber-security factor: people. Anyone can accidentally introduce a virus to an otherwise secure system by failing to follow good security practices. Teaching users to delete suspicious email attachments, not plug in unidentified USB drives, and various other important lessons is vital for the security of any organization.

Any crime that is committed using a computer network or combinations of systems is considered a cybercrime. Cybercrime can include computer-related crimes if the computer is part of a network. But, a computer-related crime typically refers to a crime committed on a stand-alone computer. A cybercrime is committed when a malicious actor uses a network or computer system to conduct criminal activity. Because cybercrime entails so many facets of computer and network systems it is challenging to fight. In our daily digital connected lives, we are constant targets of cybercriminals. By utilizing good personal cybersecurity practices, we can mitigate many cybercrime attacks. As cybercriminals become more organized and begin to automate their attack methods we are being bombarded with constant attacks. The preferred victims of cybercriminals are people age 60 or above. The number of losses is those that were reported, many incidents go unreported. These losses will rise as senior fraud scams continue to increase.

A cyberattack is any offensive maneuver that targets computer information systems, infrastructures, computer networks, or personal computer devices. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyberwarfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, society, or organizations, and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyberweapon. A cyberattack may steal, alter, or destroy a specified target by hacking into a susceptible system. Cyberattacks can range from installing spyware on a personal computer to attempting to destroy the infrastructure of entire nations. Legal experts are seeking to limit the use of the term to incidents causing physical damage, distinguishing it from the more routine data breaches and broader hacking activities. Cyberattacks have become increasingly sophisticated and dangerous. Cybercriminals use a variety of methods to launch a cyber-attack.

Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. It is also sometimes considered an act of Internet terrorism where terrorist activities, including acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, and other malicious software and hardware methods and programming scripts. Cyberterrorism is a controversial term. Some authors opt for a very narrow definition, relating to deployment by known terrorist organizations of disruption attacks against information systems for the primary purpose of creating alarm, panic, or physical disruption. Other authors prefer a broader definition, which includes cybercrime. Participating in a cyberattack affects the terror threat perception, even if it isn't done with a violent approach. By some definitions, it might be difficult to distinguish which instances of online activities are cyberterrorism or cybercrime. Cyberterrorism can be also defined as the intentional use of computers, networks, and public internet to cause destruction and harm for personal objectives. Experienced cyberterrorists, who are very skilled in terms of hacking can cause massive damage to government systems and might leave a country in fear of further attacks. The objectives of such terrorists may be political or ideological since this can be considered a form of terror.

Malware is a term used to describe malicious software, including spyware, ransomware, viruses, and worms. Malware breaches a network through a vulnerability, typically when a user clicks a dangerous link or email attachment that then installs risky software. Once inside the system, malware can do the following:

• Blocks access to key components of the network (ransomware)
• Installs malware or additional harmful software
• Covertly obtains information by transmitting data from the hard drive (spyware)
• Disrupts certain components and renders the system inoperable

A Structured Query Language (SQL) injection occurs when an attacker inserts malicious code into a server that uses SQL and forces the server to reveal information it normally would not. An attacker can exploit a vulnerability to take control of a victim's database. Many databases are designed to obey commands written in the Structured Query Language (SQL), and many websites that take information from users send that data to SQL databases. In a SQL injection attack, a hacker will, for instance, write some SQL commands into a web form that's asking for name and address information; if the web site and database aren't programmed correctly, the database might try to execute those commands.

Social engineering is a tactic that adversaries use to trick you into revealing sensitive information. They can solicit a monetary payment or gain access to your confidential data. Social engineering can be combined with any of the threats listed above to make you more likely to click on links, download malware, or trust a malicious source.

Phishing is the practice of sending fraudulent emails that resemble emails from reputable sources. The aim is to steal sensitive data like credit card numbers and login information. It’s the most common type of cyber-attack. You can help protect yourself through education or a technology solution that filters malicious emails. Phishing attacks rely on scenarios like the following three situations:

• Distracted Users — While routinely checking emails a user opens an email or clicks a link without thinking.
• Fooled by a Spoofed Email — The recipient of the email is fooled by a cybercriminal impersonating a person or company that the user is familiar with. A simple request like clicking on a link or sending money may be completely normal if the email was really from someone known by the user, and not from a cybercriminal.
• Consumer hurrying to get a Discount — Users sometimes rush to click on a deal that is too good to pass up. In the excitement of the moment, they are fooled by clicking a link on a malicious website or in email.

People, not system vulnerabilities are often at the center of phishing attacks. Some 90% of all phishing attacks are initiated through email. Bad actors will leverage phishing attacks to steal users’ passwords and login information. Their goal is to gain access to financial accounts.

Spear-phishing is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim, often for malicious reasons. This is achieved by acquiring personal details on the victim such as their friends, hometown, employer, locations they frequent, and what they have recently bought online. The attackers then disguise themselves as a trustworthy friend or entity to acquire sensitive information, typically through email or other online messaging. This is the most successful form of acquiring confidential information on the internet, accounting for 91% of attacks.

Spear-phishing can easily be confused with phishing because they are both online attacks on users that aim to acquire confidential information. Phishing is a broader term for any attempt to trick victims into sharing sensitive information such as passwords, usernames, and credit card details for malicious reasons. The attackers often disguise themselves as a trustworthy entity and make contact with their target via email, social media, phone calls (often called “vishing” for voice-phishing), and even text messages (often called “smishing” for SMS-phishing).

Unlike spear-phishing attacks, phishing attacks are not personalized to their victims, and are usually sent to masses of people at the same time. The goal of phishing attacks is to send a spoofed email (or other communication) that looks as if it is from an authentic organization to a large number of people, banking on the chances that someone will click on that link and provide their personal information or download malware. Spear-phishing attacks target a specific victim, and messages are modified to specifically address that victim, purportedly coming from an entity that they are familiar with and containing personal information. Spear-phishing requires more thought and time to achieve than phishing. Spear-phishing attackers try to obtain as much personal information about their victims as possible to make the emails that they send look legitimate and to increase their chance of fooling recipients. Because of the personal level of these emails, it is more difficult to identify spear-phishing attacks than to identify phishing attacks conducted at a wide scale. This is why spear-phishing attacks are becoming more prevalent.

An insider threat is a security risk that originates within the targeted organization. This doesn’t mean that the actor must be a current employee or officer in the organization. They could be a consultant, former employee, business partner, or board member.

A man-in-the-middle attack is a type of cyber threat where a cybercriminal intercepts communication between two individuals in order to steal data. For example, on an unsecure Wi-Fi network, an attacker could intercept data being passed from the victim’s device and the network. Two common points of entry for MitM attacks:

• On unsecure public Wi-Fi, attackers can insert themselves between a visitor’s device and the network. Without knowing, the visitor passes all information through the attacker.
• Once malware has breached a device, an attacker can install software to process all of the victim’s information.

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination.

An advanced persistent threat (APT) is a broad term used to describe an attack campaign in which an intruder, or team of intruders, establishes an illicit, long-term presence on a network in order to mine highly sensitive data.

The targets of these assaults, which are very carefully chosen and researched, typically include large enterprises or governmental networks. The consequences of such intrusions are vast, and include:

• Intellectual property theft (e.g., trade secrets or patents)
• Compromised sensitive information (e.g., employee and user private data)
• The sabotaging of critical organizational infrastructures (e.g., database deletion)
• Total site takeovers

Romance scams occur when a criminal adopts a fake online identity to gain a victim’s affection and trust. The scammer then uses the illusion of a romantic or close relationship to manipulate and/or steal from the victim. The criminals who carry out romance scams are experts at what they do and will seem genuine, caring, and believable. Con artists are present on most dating and social media sites. The scammer’s intention is to establish a relationship as quickly as possible, endear himself to the victim, and gain trust. Scammers may propose marriage and make plans to meet in person, but that will never happen. Eventually, they will ask for money. Scam artists often say they are in the building and construction industry and are engaged in projects outside the U.S. That makes it easier to avoid meeting in person—and more plausible when they ask for money for a medical emergency or unexpected legal fee. If someone you meet online needs your bank account information to deposit money, they are most likely using your account to carry out other theft and fraud schemes.

Cryptojacking is malicious cryptomining that happens when cybercriminals hack into both business and personal computers, laptops, and mobile devices to install software. This software uses the computer’s power and resources to mine for cryptocurrencies or steal cryptocurrency wallets owned by unsuspecting victims. The code is easy to deploy, runs in the background, and is difficult to detect.

With just a few lines of code, hackers can hijack the resources of any computer and leave unsuspecting victims with slower computer response times, increased processor usage, overheating computer devices, and higher electricity bills. Hackers use these resources to both steal cryptocurrency from other digital wallets and to allow hijacked computers to do the work so they can mine valuable coins.

The core idea behind cryptojacking is that hackers use business and personal computer and device resources to do their mining work for them. Cybercriminals siphon the currency they either earn or steal into their own digital wallet by using these hijacked computers. These hijacked computers are compromised by a slowing down of CPU function and using more electricity for processing.

Zero-day exploits are vulnerabilities in software that have yet to be fixed. The name arises because once a patch is released, each day represents fewer and fewer computers open to attack as users download their security updates. Techniques for exploiting such vulnerabilities are often bought and sold on the dark web and are sometimes discovered by government agencies that controversially may use them for their own hacking purposes, rather than releasing information about them for the common benefit.

DNS tunneling utilizes the DNS protocol to communicate non-DNS traffic over port 53. It sends HTTP and other protocol traffic over DNS. There are various, legitimate reasons to utilize DNS tunneling. However, there are also malicious reasons to use DNS Tunneling VPN services. They can be used to disguise outbound traffic as DNS, concealing data that is typically shared through an internet connection. For malicious use, DNS requests are manipulated to exfiltrate data from a compromised system to the attacker’s infrastructure. It can also be used for command and control callbacks from the attacker’s infrastructure to a compromised system.

A self-replicating program that attaches itself to clean file and spreads throughout a computer system, infecting files with malicious code.

A type of malware that is disguised as legitimate software. Cybercriminals trick users into uploading Trojans onto their computer where they cause damage or collect data.

A program that secretly records what a user does, so that cybercriminals can make use of this information. For example, spyware could capture credit card details.

Malware which locks down a user’s files and data, with the threat of erasing it unless a ransom is paid.

Advertising software which can be used to spread malware.

Networks of malware infected computers which cybercriminals use to perform tasks online without the user’s permission.

A computer worm is a type of malware that spreads copies of itself from computer to computer. A worm can replicate itself without any human interaction, and it does not need to attach itself to a software program in order to cause damage.

Dridex is a financial trojan with a range of capabilities. Affecting victims since 2014, it infects computers though phishing emails or existing malware. Capable of stealing passwords, banking details and personal data which can be used in fraudulent transactions, it has caused massive financial losses amounting to hundreds of millions.

Emotet is a Trojan that is primarily spread through spam emails (malspam). The infection may arrive either via malicious script, macro-enabled document files, or malicious link. Emotet emails may contain familiar branding designed to look like a legitimate email. Emotet may try to persuade users to click the malicious files by using tempting language about “Your Invoice,” “Payment Details,” or possibly an upcoming shipment from well-known parcel companies.

Keep Your Software Up to Date One of the most important cyber security tips to mitigate ransomware is patching outdated software, both operating system, and applications. This helps remove critical vulnerabilities that hackers use to access your devices. Here are a few quick tips to get you started:

• Turn on automatic system updates for your device
• Make sure your desktop web browser uses automatic security updates
• Keep your web browser plugins like Flash, Java, etc. updated

Anti-virus (AV) protection software has been the most prevalent solution to fight malicious attacks. AV software blocks malware and other malicious viruses from entering your device and compromising your data. Use anti-virus software from trusted vendors and only run one AV tool on your device.

Using a firewall is also important when defending your data against malicious attacks. A firewall helps screen out hackers, viruses, and other malicious activity that occurs over the Internet and determines what traffic is allowed to enter your device. Windows and Mac OS X comes with their respective firewalls, aptly named Windows Firewall and Mac Firewall. Your router should also have a firewall built in to prevent attacks on your network.

Passwords are important in keeping hackers out of your data. According to the National Institute of Standards and Technology’s (NIST) 2017 new password policy framework, you should consider:

• Dropping the crazy, complex mixture of upper-case letters, symbols, and numbers. Instead, opt for something more user-friendly but with at least eight characters and a maximum length of 64 characters.
• Don’t use the same password twice.
• The password should contain at least one lowercase letter, one uppercase letter, one number, and four symbols but not the following &%#@_.
• Choose something that is easy to remember and never leave a password hint out in the open or make it publicly available for hackers to see
• Reset your password when you forget it. But, change it once per year as a general refresh.

To make it easier to manage your passwords, it is best to us password management tool or password account vault.

Two-factor or multi-factor authentication is a service that adds additional layers of security to the standard password method of online identification. Without two-factor authentication, you would normally enter a username and password. But, with two-factor, you would be prompted to enter one additional authentication method such as a Personal Identification Code, another password or even fingerprint. With multi-factor authentication, you would be prompted to enter more than two additional authentication methods after entering your username and password.

In a phishing scheme attempt, the attacker poses as someone or something the sender is not to trick the recipient into divulging credentials, clicking a malicious link, or opening an attachment that infects the user’s system with malware, trojan, or zero-day vulnerability exploit. This often leads to a ransomware attack. In fact, 90% of ransomware attacks originate from phishing attempts.

A few important cyber security tips to remember about phishing schemes include:

• Don’t open email from people you don’t know
• Know which links are safe and which are not. Hover over a link to discover where it directs to.
• Be suspicious of the emails sent to you in general. Look and see where it came from and if there are grammatical errors.
• Malicious links can come from friends who have been infected too.

Personal Identifiable Information (PII) is any information that can be used by a cybercriminal to identify or locate an individual. PII includes information such as name, address, phone numbers, data of birth, Social Security Number, IP address, location details, or any other physical or digital identity data. Your credit card information should be protected by companies if they follow the PCI DSS standards.

In the new “always-on” world of social media, you should be very cautious about the information you include online. It is recommended that you only show the very minimum about yourself on social media. Consider reviewing your privacy settings across all your social media accounts, particularly Facebook. Adding your home address, birthdate, or any other PII information will dramatically increase your risk of a security breach. Hackers use this information to their advantage.

Mobile device is now a target to more than 1.5 million new incidents of mobile malware. Here are some quick tips for mobile device security:

• Create a Difficult Mobile Passcode. Not Your Birthdate or Bank PIN.
• Install Apps from Trusted Sources.
• Keep Your Device Updated. Hackers Use Vulnerabilities in Unpatched Older Operating Systems.
• Avoid sending PII or sensitive information over text message or email.
• Leverage Find my iPhone or the Android Device Manager to prevent loss or theft.
• Perform regular mobile backups using iCloud or Enabling Backup & Sync from Android.

Backing up your data regularly is an overlooked step in personal online security. The top IT and security managers follow a simple rule called the 3-2-1 backup rule. Essentially, you will keep three copies of your data on two different types of media (local and external hard drive) and one copy in an off-site location (cloud storage).

If you become a victim of ransomware or malware, the only way to restore your data is to erase your systems and restore with a recently performed backup.

Don’t use a public Wi-Fi without using a Virtual Private Network (VPN). By using a VPN, the traffic between your device and the VPN server is encrypted. This meansit’s much more difficult for a cybercriminal to obtain access to your data on your device. Use your cell network if you don’t have a VPN when security is important.

It’s more important than ever for consumers to safeguard their online accounts and monitor their credit reports. A credit freeze is the most effective way for you to protect your personal credit information from cyber criminals right now. Essentially, it allows you to lock your credit and use a personal identification number (PIN) that only you will know. You can then use this PIN when you need to apply for credit.

This is a must. You should set a strong password on your phone to make it difficult for would-be attackers to gain access to the sensitive information and services on your phone if they get their hands on it. Many phones do not require any password by default and even if you enable password or pin protection the default length may be too short. It is best to look into your phone’s settings, enable pin or password protection and make sure it is as long and complex as you can manage.

Add substantial security to your device by logging in to your mobile device with your finger or thumbprint. Your fingerprints are far more complex than any password that you can remember and are difficult to spoof. It will also be much more convenient for you since you can log in to your device with literally the touch of a button. Be aware that most devices will still require a backup password in case something happens to the scanner or your finger. The good news is that you won’t have to use it often, so you can make it very long and complex and you can save it someplace safe in case you need it. Ideally, we recommend you store it in a secure password manager.

When you are not using your Wi-Fi connection or your Bluetooth connection your phone, it is still broadcasting information and even attempt to make connections with other devices over those interfaces. Criminals can use this information to track where you are or to gain access to your device. While you’re walking around the mall, an attacker can use these connections to steal information about you, implant malware on your device, run up a bill using your services or even let burglars know you are out of the house. Fortunately, most mobile devices make it easy to disable these wireless services and stop the unnecessary broadcasting. When you don’t need them, it is best to turn them off. The same can be true of your cellular connection. You phone is most secure when it is in airplane mode. If you don’t need to be reachable for a stretch of time, just “go all-in” with airplane mode.

Apps are almost exclusively developed by third parties. This means that you can’t necessarily trust that an App is legitimate just because it comes from the Apple store or Google Play store. Those companies try to do as much screening as possible, but there are still apps out there that include malware; if you download the wrong app you are essentially inviting an attacker onto your device. It is best to do some research and make sure that the apps you download are trustworthy. It is recommended that you avoid downloading apps that do not come from your device’s official store unless you know what you’re getting. It’s also very important that you delete apps you no longer need and disable any app services that you do not need for the apps you do have installed.

A service is an application that provides data storage/manipulation, communication, etc. Examples include:

• Email services
• Bluetooth (as a communication service)
• File sharing services
• Printing
• Instant messaging
• Voice over internet protocol (VOIP)
• Wi-Fi
• Location-based services (GPS, GLONASS, etc.)

Having unused services running introduces risks:

• A service can have known vulnerabilities that can be exploited to run malicious code on your device.
• An unused service can be collecting information from you without your knowledge or permission.
• Unused services can sap resources from a device. Have you ever had your device perform slower than usual? One cause of this could be from extra unused services that are using up your system’s resources.

Location-based services, such as GPS, are present in most cellphones. Other devices, such as tablets, laptops and even desktop computers, may also have location-based services. They provide a way for applications to calculate where a device is. Some location services use GPS, others use different means such as Wi-Fi access point mapping. Reasons to turn off location-based services if you aren’t using them:

• The unused service will drain the battery and may use cellular data.
• The unused service may introduce a security risk due to a vulnerability, leading to unexpected exposure of your information.
• Other apps on the device may be using location-based services to spy on you. This data will be sold and used for all sorts of purposes, including targeted marketing and advertising campaigns. You have no control over who has access to this data.

The plug you use to charge your mobile device could provide more than just power. It could also be a high-speed data link, which means that anything can be transmitted over that line. This includes personal data that could be removed from your device or malware that could be installed on your device. This data can be exchanged in an instant without your knowledge or permission.

You should only plug your devices in to physical connections you trust. We recommend that you steer clear of plugging directly into any USB socket you find in a public place like an airport or rental car. There is no way to tell if tampering has occurred within those outlets. If you need to charge your mobile device in public, plug it into the USB port of your trusted laptop device or use the adaptor that came with your cable and plug directly into an electrical outlet. In most cases, those adapters will not allow data to be transmitted to your device, only power.

Most mobile devices have a built-in service that you can enable that will allow you to erase all of the data on your phone from a remote location. Why, would I want to do that, you ask? Well, it’s a last-ditch effort to protect your personal data and accounts if you have lost your phone and think you will never get it back.

When you activate a wiping service, all the data, apps, call records, texts, etc. on the phone will be completely erased the second the phone connects to a cellular tower or internet connection. Ideally this will happen before the thief who stole your phone cracks your password (this is also why you should make sure your password is a good one)

This is a very important security step, especially if you may use a remote wiping service. Backups will allow you to easily recover your data if it is lost or if your mobile device is stricken with ransomware, which is all the rage in the cybercriminal world right now.

Fortunately, most mobile devices will constantly backup your data to a local computer, or “the cloud” (if you enable cloud services and also pay for a sufficient amount of storage space). These are both really convenient and effective options that usually don’t cost much. Check with the manufacturer to look up how to do that for each of your devices.